schmittlauch/nixconfigs
2
0
Fork 0
Code Issues 1 Pull requests Releases Wiki Activity

[treewide] reformat all files with nixfmt-rfc-style

Browse source
This commit is contained in:
Trolli Schmittlauch 2024-03-16 17:18:20 +01:00
parent 3a31c21ae2
commit 2bdff39416
17 changed files with 653 additions and 531 deletions
Download patch file Download diff file Expand all files Collapse all files

169
common/default.nix
View file

@ -1,20 +1,22 @@
{ config, pkgs, lib, ... }: {
config,
pkgs,
lib,
...
}:
let let
inputs = config.inputInjection.flake-inputs; inputs = config.inputInjection.flake-inputs;
unstable = inputs.nixos-unstable; unstable = inputs.nixos-unstable;
in in
{ {
imports = imports = [
[ ./packages.nix
./packages.nix ./nitrokey.nix
./nitrokey.nix ];
];
services.davfs2.enable = true; services.davfs2.enable = true;
# exfat support # exfat support
#boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ]; #boot.extraModulePackages = [ config.boot.kernelPackages.exfat-nofuse ];
@ -38,11 +40,10 @@ in
# Some programs need SUID wrappers, can be configured further or are # Some programs need SUID wrappers, can be configured further or are
# started in user sessions. # started in user sessions.
programs.bash.enableCompletion = true; programs.bash.enableCompletion = true;
programs.wireshark = programs.wireshark = {
{ enable = true;
enable = true; package = pkgs.wireshark;
package = pkgs.wireshark; };
};
programs.adb.enable = true; programs.adb.enable = true;
@ -59,79 +60,88 @@ in
# Open ports in the firewall. # Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ];
networking.firewall.allowedTCPPortRanges = [{ from = 1714; to = 1764; }]; networking.firewall.allowedTCPPortRanges = [
networking.firewall.allowedUDPPortRanges = [{ from = 1714; to = 1764; }]; # for KDE connect {
from = 1714;
to = 1764;
}
];
networking.firewall.allowedUDPPortRanges = [
{
from = 1714;
to = 1764;
}
]; # for KDE connect
# FIXME: kdeconnect module # FIXME: kdeconnect module
# Or disable the firewall altogether. # Or disable the firewall altogether.
# networking.firewall.enable = false; # networking.firewall.enable = false;
networking.networkmanager = { networking.networkmanager = {
enable = true; enable = true;
# FIXME: move into own file, use SOPS for secrets # FIXME: move into own file, use SOPS for secrets
ensureProfiles.profiles = { ensureProfiles.profiles = {
"37C3" = { "37C3" = {
connection = { connection = {
id = "37C3"; id = "37C3";
type = "wifi"; type = "wifi";
interface-name = "wlan0"; interface-name = "wlan0";
}; };
wifi = { wifi = {
mode = "infrastructure"; mode = "infrastructure";
ssid = "37C3"; ssid = "37C3";
}; };
wifi-security = { wifi-security = {
auth-alg = "open"; auth-alg = "open";
key-mgmt = "wpa-eap"; key-mgmt = "wpa-eap";
}; };
"802-1x" = { "802-1x" = {
anonymous-identity = "37C3"; anonymous-identity = "37C3";
eap = "ttls;"; eap = "ttls;";
identity = "37C3"; identity = "37C3";
password = "37C3"; password = "37C3";
phase2-auth = "pap"; phase2-auth = "pap";
altsubject-matches = "DNS:radius.c3noc.net"; altsubject-matches = "DNS:radius.c3noc.net";
ca-cert = "${builtins.fetchurl { ca-cert = "${builtins.fetchurl {
url = "https://letsencrypt.org/certs/isrgrootx1.pem"; url = "https://letsencrypt.org/certs/isrgrootx1.pem";
sha256 = "sha256:1la36n2f31j9s03v847ig6ny9lr875q3g7smnq33dcsmf2i5gd92"; sha256 = "sha256:1la36n2f31j9s03v847ig6ny9lr875q3g7smnq33dcsmf2i5gd92";
}}"; }}";
}; };
ipv4 = { ipv4 = {
method = "auto"; method = "auto";
}; };
ipv6 = { ipv6 = {
addr-gen-mode = "default"; addr-gen-mode = "default";
method = "auto"; method = "auto";
};
}; };
}; };
}; };
};
services.avahi.enable = true; services.avahi.enable = true;
# Enable CUPS to print documents. # Enable CUPS to print documents.
services.printing = services.printing = {
{ enable = true;
enable = true; drivers = [ pkgs.hplip ];
drivers = [ pkgs.hplip ]; };
};
# scanners # scanners
hardware.sane = hardware.sane = {
{ enable = true;
enable = true; extraBackends = [ pkgs.hplip ];
extraBackends = [ pkgs.hplip ]; };
};
# Enable sound. # Enable sound.
hardware.pulseaudio = { hardware.pulseaudio = {
enable = true; enable = true;
# decouple pulseaudio application and sink volumes # decouple pulseaudio application and sink volumes
daemon.config = { flat-volumes = "no"; }; daemon.config = {
flat-volumes = "no";
};
# C3D2 hq music # C3D2 hq music
zeroconf.discovery.enable = true; zeroconf.discovery.enable = true;
zeroconf.publish.enable = true; zeroconf.publish.enable = true;
}; };
# Bluetooth # Bluetooth
hardware.bluetooth = { hardware.bluetooth = {
enable = true; enable = true;
@ -141,7 +151,6 @@ in
package = pkgs.pulseaudioFull; package = pkgs.pulseaudioFull;
}; };
# FIXME: at some point, hide GUI and sound (desktop vs. server) behind an option # FIXME: at some point, hide GUI and sound (desktop vs. server) behind an option
# Enable the X11 windowing system. # Enable the X11 windowing system.
services.xserver.enable = true; services.xserver.enable = true;
@ -160,8 +169,8 @@ in
# dconf required for several Gnome applications # dconf required for several Gnome applications
programs.dconf.enable = true; programs.dconf.enable = true;
programs.firefox.enable = true; # enables support for automatically setting additionsl nativeMessagingHosts programs.firefox.enable = true; # enables support for automatically setting additionsl nativeMessagingHosts
# Flatpak support # Flatpak support
services.flatpak.enable = true; services.flatpak.enable = true;
@ -171,7 +180,18 @@ in
users.users.spiollinux = { users.users.spiollinux = {
isNormalUser = true; isNormalUser = true;
uid = 1000; uid = 1000;
extraGroups = [ "vboxusers" "wheel" "networkmanager" "scanner" "lp" "wireshark" "dialout" "cdrom" "input" "adbusers" ]; extraGroups = [
"vboxusers"
"wheel"
"networkmanager"
"scanner"
"lp"
"wireshark"
"dialout"
"cdrom"
"input"
"adbusers"
];
shell = pkgs.zsh; shell = pkgs.zsh;
}; };
@ -184,11 +204,10 @@ in
nixpkgs.config.whitelistedLicenses = [ pkgs.lib.licenses.virtualbox-puel ]; nixpkgs.config.whitelistedLicenses = [ pkgs.lib.licenses.virtualbox-puel ];
users.extraGroups.vboxusers.members = [ "spiollinux" ]; users.extraGroups.vboxusers.members = [ "spiollinux" ];
programs.zsh = programs.zsh = {
{ enable = true;
enable = true; autosuggestions.enable = true;
autosuggestions.enable = true; };
};
# profile sync daemon # profile sync daemon
services.psd.enable = true; services.psd.enable = true;
@ -208,13 +227,17 @@ in
nixpkgs.flake = inputs.nixpkgs; nixpkgs.flake = inputs.nixpkgs;
}; };
nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry; nixPath = lib.mapAttrsToList (key: value: "${key}=${value.to.path}") config.nix.registry;
# keep build-time deps around for offline-rebuilding # keep build-time deps around for offline-rebuilding
settings = { settings = {
# keep around all inputs necessary for offline-rebuilding the system # keep around all inputs necessary for offline-rebuilding the system
keep-outputs = true; keep-outputs = true;
keep-derivations = true; keep-derivations = true;
trusted-users = [ "spiollinux" ]; trusted-users = [ "spiollinux" ];
experimental-features = [ "nix-command" "flakes" "repl-flake" ]; experimental-features = [
"nix-command"
"flakes"
"repl-flake"
];
# use all cores for building # use all cores for building
cores = 0; cores = 0;
}; };
@ -254,6 +277,4 @@ in
# stop NetworkManager from managing virtual interfaces # stop NetworkManager from managing virtual interfaces
networking.networkmanager.unmanaged = [ "interface-name:ve-*" ]; networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
} }

20
common/nitrokey.nix
View file

@ -1,11 +1,13 @@
{ pkgs, lib, ...}: { pkgs, lib, ... }:
{ {
hardware.nitrokey.enable = true; hardware.nitrokey.enable = true;
environment.systemPackages = [ pkgs.pynitrokey ]; environment.systemPackages = [ pkgs.pynitrokey ];
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ nixpkgs.config.allowUnfreePredicate =
"nrfutil" pkg:
"pc-ble-driver-py" builtins.elem (lib.getName pkg) [
"pc-ble-driver" "nrfutil"
"pypemicro" "pc-ble-driver-py"
]; "pc-ble-driver"
"pypemicro"
];
} }

169
common/packages.nix
View file

@ -1,89 +1,98 @@
{ lib, pkgs, config, ... }: {
lib,
pkgs,
config,
...
}:
{ {
# take overlays from flake # take overlays from flake
nixpkgs.overlays = lib.attrValues config.inputInjection.flake-inputs.self.overlays; nixpkgs.overlays = lib.attrValues config.inputInjection.flake-inputs.self.overlays;
# List packages installed in system profile. # List packages installed in system profile.
environment.systemPackages = with pkgs; [ environment.systemPackages =
wget with pkgs;
vim [
vimPlugins.vim-nix wget
vimPlugins.pathogen vim
tmux vimPlugins.vim-nix
htop vimPlugins.pathogen
zsh tmux
btrfs-progs htop
git zsh
python3 btrfs-progs
man-pages git
dnsutils python3
netcat-openbsd man-pages
ntfs3g dnsutils
file netcat-openbsd
multipath-tools ntfs3g
strace file
ltrace multipath-tools
valgrind strace
testdisk ltrace
rsync valgrind
pv testdisk
exfat rsync
iotop pv
cifs-utils exfat
dstat iotop
lsof cifs-utils
macchanger dstat
borgbackup lsof
macchanger
borgbackup
# for debugging WLAN failures: # for debugging WLAN failures:
ethtool ethtool
trace-cmd trace-cmd
# NetworkManager stuff # NetworkManager stuff
networkmanager-openconnect networkmanager-openconnect
networkmanager-vpnc networkmanager-vpnc
networkmanager-openvpn networkmanager-openvpn
plasma5Packages.kdeGear.akonadi-mime # for KOrganizer plasma5Packages.kdeGear.akonadi-mime # for KOrganizer
] ]
++ (with plasma5Packages; with kdeGear; [ ++ (
#akonadi with plasma5Packages;
#akonadi-calendar with kdeGear;
#akonadi-contacts [
#akonadi-import-wizard #akonadi
#akonadi-mime #akonadi-calendar
#akonadi-notes #akonadi-contacts
#akonadi-search #akonadi-import-wizard
#akonadiconsole #akonadi-mime
#akregator #akonadi-notes
#kaddressbook #akonadi-search
#kalarm #akonadiconsole
#kalarmcal #akregator
#kcalutils #kaddressbook
#kcontacts #kalarm
#kdav #kalarmcal
#kdepim-addons #kcalutils
#kcontacts
#kdav
#kdepim-addons
#kdepim-runtime #kdepim-runtime
#kidentitymanagement #kidentitymanagement
#kldap #kldap
#kmail #kmail
#kmailtransport #kmailtransport
#kmbox #kmbox
#kmime #kmime
#kontact #kontact
#kontactinterface #kontactinterface
#korganizer #korganizer
#kpimtextedit #kpimtextedit
#libkdepim #libkdepim
#libksieve #libksieve
#mailcommon #mailcommon
#messagelib #messagelib
#pimcommon #pimcommon
#pim-sieve-editor #pim-sieve-editor
# for some Flatpak packkages # for some Flatpak packkages
accountsservice accountsservice
]); ]
);
} }

186
flake.nix
View file

@ -19,94 +19,118 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nur.url = "github:nix-community/NUR"; nur.url = "github:nix-community/NUR";
# TODO: possible make this a flake as well # TODO: possible make this a flake as well
mysecrets = { mysecrets = {
flake = false; flake = false;
url = "git+ssh://gitea@git.orlives.de:2342/schmittlauch/home-manager_secrets.git"; url = "git+ssh://gitea@git.orlives.de:2342/schmittlauch/home-manager_secrets.git";
}; };
}; };
outputs = outputs =
{ self, nixpkgs, nur, lanzaboote, utils, home-manager, treefmt-nix, ... }@inputs: {
let self,
# FIXME: allow different systems nixpkgs,
systems = utils.lib.system; nur,
# necessary to make the top-level inputs available to system configuration lanzaboote,
# inspired by https://jade.fyi/blog/flakes-arent-real/ utils,
inputInjection = {pkgs, lib, ...}: { home-manager,
options.inputInjection = lib.mkOption { treefmt-nix,
type = with lib.types; attrsOf unspecified; ...
default = {}; }@inputs:
};
config.inputInjection = {
flake-inputs = inputs;
};
};
defaultModules = system: [
inputInjection
];
mkSystem = system: extraModules:
nixpkgs.lib.nixosSystem rec {
modules = (defaultModules system) ++ extraModules;
inherit system;
specialArgs = {inherit system;};
};
mkHomeManager = confName: user: system: # unfortunately, home-manager configs are still system-specific
# FIXME: this is thus still linux-x86_64 specific
home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.${system};
modules = [
{
imports = [
nur.hmModules.nur
# TODO: $name can be utilised to conditionally load other config files
./home/home.nix
];
# extends the home config
home.username = user;
home.homeDirectory = "/home/${user}";
}
];
# Optionally use extraSpecialArgs
# to pass through arguments to home.nix
extraSpecialArgs = {
inherit inputs system;
};
};
treefmtConf = {pkgs, ...}:{
projectRootFile = "flake.nix";
programs.nixfmt-rfc-style.enable = true;
};
in
{
overlays.default = import ./packages;
nixosConfigurations = {
thinknix = mkSystem systems.x86_64-linux [ ./hosts/thinknix inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t440s lanzaboote.nixosModules.lanzaboote ];
framenix = mkSystem systems.x86_64-linux [ ./hosts/framenix inputs.nixos-hardware.nixosModules.framework-13-7040-amd lanzaboote.nixosModules.lanzaboote ];
};
homeConfigurations.spiollinux = mkHomeManager "spiollinux" "spiollinux" systems.x86_64-linux;
} // utils.lib.eachDefaultSystem(system:
let let
nixpkgs = import inputs.nixpkgs { # FIXME: allow different systems
inherit system; systems = utils.lib.system;
overlays = nixpkgs.lib.attrValues self.overlays; # necessary to make the top-level inputs available to system configuration
# inspired by https://jade.fyi/blog/flakes-arent-real/
inputInjection =
{ pkgs, lib, ... }:
{
options.inputInjection = lib.mkOption {
type = with lib.types; attrsOf unspecified;
default = { };
};
config.inputInjection = {
flake-inputs = inputs;
};
};
defaultModules = system: [ inputInjection ];
mkSystem =
system: extraModules:
nixpkgs.lib.nixosSystem rec {
modules = (defaultModules system) ++ extraModules;
inherit system;
specialArgs = {
inherit system;
};
};
mkHomeManager =
confName: user: system: # unfortunately, home-manager configs are still system-specific
# FIXME: this is thus still linux-x86_64 specific
home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.${system};
modules = [
{
imports = [
nur.hmModules.nur
# TODO: $name can be utilised to conditionally load other config files
./home/home.nix
];
# extends the home config
home.username = user;
home.homeDirectory = "/home/${user}";
}
];
# Optionally use extraSpecialArgs
# to pass through arguments to home.nix
extraSpecialArgs = {
inherit inputs system;
};
};
treefmtConf =
{ pkgs, ... }:
{
projectRootFile = "flake.nix";
programs.nixfmt-rfc-style.enable = true;
};
in
{
overlays.default = import ./packages;
nixosConfigurations = {
thinknix = mkSystem systems.x86_64-linux [
./hosts/thinknix
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-t440s
lanzaboote.nixosModules.lanzaboote
];
framenix = mkSystem systems.x86_64-linux [
./hosts/framenix
inputs.nixos-hardware.nixosModules.framework-13-7040-amd
lanzaboote.nixosModules.lanzaboote
];
}; };
nixpkgs_unstable = import inputs.nixos-unstable { homeConfigurations.spiollinux = mkHomeManager "spiollinux" "spiollinux" systems.x86_64-linux;
inherit system; }
overlays = nixpkgs.lib.attrValues self.overlays; // utils.lib.eachDefaultSystem (
}; system:
pkgs = inputs.nixpkgs.legacyPackages.${system}; let
pkgs_unstable = inputs.nixos-unstable.legacyPackages.${system}; nixpkgs = import inputs.nixpkgs {
treefmtEval = treefmt-nix.lib.evalModule pkgs_unstable treefmtConf; inherit system;
in { overlays = nixpkgs.lib.attrValues self.overlays;
devShells.default = pkgs.mkShell { };
buildInputs = []; nixpkgs_unstable = import inputs.nixos-unstable {
}; inherit system;
formatter = treefmtEval.config.build.wrapper; overlays = nixpkgs.lib.attrValues self.overlays;
checks.formatting = treefmtEval.config.build.check self; };
# expose nixpkgs with overlay; TODO: figure out role of config pkgs = inputs.nixpkgs.legacyPackages.${system};
#legacyPackages = nixpkgs; pkgs_unstable = inputs.nixos-unstable.legacyPackages.${system};
}); treefmtEval = treefmt-nix.lib.evalModule pkgs_unstable treefmtConf;
in
{
devShells.default = pkgs.mkShell { buildInputs = [ ]; };
formatter = treefmtEval.config.build.wrapper;
checks.formatting = treefmtEval.config.build.check self;
# expose nixpkgs with overlay; TODO: figure out role of config
#legacyPackages = nixpkgs;
}
);
} }

425
home/home.nix
View file

@ -1,4 +1,10 @@
{ pkgs, inputs, config, system, ... }: {
pkgs,
inputs,
config,
system,
...
}:
with pkgs; with pkgs;
let let
@ -45,7 +51,6 @@ let
logseq logseq
# for Hibiscus banking software # for Hibiscus banking software
jameica jameica
#ToDo: which of these drivers is actually used? #ToDo: which of these drivers is actually used?
@ -53,21 +58,20 @@ let
chromedriver chromedriver
]; ];
graphicsApps = [ graphicsApps =
inkscape [
darktable inkscape
hugin darktable
luminanceHDR hugin
exiftool luminanceHDR
gimp exiftool
xournal gimp
] xournal
++ ( ]
with gimpPlugins; [ ++ (with gimpPlugins; [
fourier fourier
lqrPlugin lqrPlugin
] ]);
);
multimediaApps = [ multimediaApps = [
mpv mpv
@ -127,39 +131,40 @@ let
nix-output-monitor nix-output-monitor
]; ];
kdeTools = with plasma5Packages; with kdeGear; [ kdeTools =
okular with plasma5Packages;
gwenview with kdeGear;
yakuake [
kmail okular
kontact gwenview
korganizer yakuake
akonadi-mime #for KOrganizer kmail
kaddressbook kontact
kdeconnect korganizer
dolphin akonadi-mime # for KOrganizer
spectacle kaddressbook
kate kdeconnect
kleopatra dolphin
qdirstat spectacle
ark kate
kwalletmanager kleopatra
ktouch qdirstat
kcharselect ark
konversation kwalletmanager
okteta ktouch
krdc kcharselect
skanlite konversation
akonadiconsole okteta
tokodon # mastodon client krdc
] skanlite
++ ( akonadiconsole
with kdeFrameworks; [ tokodon # mastodon client
]
++ (with kdeFrameworks; [
networkmanager-qt networkmanager-qt
kcrash kcrash
breeze-gtk breeze-gtk
] ]);
);
devTools = [ devTools = [
curl curl
@ -182,39 +187,36 @@ let
cabal2nix cabal2nix
]; ];
latexApps = [ latexApps = [
texmaker texmaker
kile kile
biber biber
# customize texlive installation # customize texlive installation
( (texlive.combine {
texlive.combine { inherit (texlive)
inherit (texlive) scheme-medium
scheme-medium
xetex xetex
luatex luatex
unicode-math unicode-math
fontspec fontspec
collection-binextra collection-binextra
collection-fontsrecommended collection-fontsrecommended
collection-latex collection-latex
collection-latexextra collection-latexextra
collection-latexrecommended collection-latexrecommended
collection-langgerman collection-langgerman
moderncv moderncv
fontawesome5 fontawesome5
academicons academicons
acronym acronym
ccicons ccicons
fontawesome fontawesome
biblatex biblatex
logreq logreq
koma-script koma-script
; ;
} })
)
]; ];
pythonApps = with python3Packages; [ pythonApps = with python3Packages; [
@ -228,7 +230,6 @@ let
mypy mypy
]; ];
fonts = [ fonts = [
comic-neue comic-neue
source-sans-pro source-sans-pro
@ -237,9 +238,7 @@ let
ubuntu_font_family ubuntu_font_family
twemoji-color-font twemoji-color-font
open-sans open-sans
(iosevka-bin.override { (iosevka-bin.override { variant = "curly-slab"; })
variant = "curly-slab";
})
config.nur.repos.schmittlauch.vollkorn config.nur.repos.schmittlauch.vollkorn
# TODO: humor-sans # TODO: humor-sans
]; ];
@ -248,15 +247,14 @@ let
superTuxKart superTuxKart
#hedgewars #hedgewars
]; ];
in in
{ {
nixpkgs.overlays = (import ./overlays.nix); nixpkgs.overlays = (import ./overlays.nix);
nixpkgs.config = { nixpkgs.config = {
clementine.spotify = false; clementine.spotify = false;
vim = vim = {
{ gui = "gtk3"; gui = "gtk3";
python = true; python = true;
multibyteSupport = true; multibyteSupport = true;
}; };
@ -273,18 +271,16 @@ in
++ kdeTools ++ kdeTools
++ fonts ++ fonts
++ nixHelpers ++ nixHelpers
++ games ++ games;
;
programs.home-manager.enable = true; programs.home-manager.enable = true;
home.stateVersion = "22.11"; home.stateVersion = "22.11";
programs.direnv = programs.direnv = {
{ enable = true;
enable = true; nix-direnv.enable = true;
nix-direnv.enable = true; enableZshIntegration = true;
enableZshIntegration = true; };
};
# programs.vim = # programs.vim =
# { enable = true; # { enable = true;
@ -292,34 +288,32 @@ in
programs.bat.enable = true; programs.bat.enable = true;
services.gpg-agent = services.gpg-agent = {
{ enable = true;
enable = true; #enableSshSupport = true;
#enableSshSupport = true; pinentryFlavor = "qt";
pinentryFlavor = "qt"; };
};
programs.ssh = programs.ssh = {
{ enable = true;
enable = true; # ssh host config
# ssh host config matchBlocks = import "${inputs.mysecrets}/ssh_hosts.nix";
matchBlocks = };
import "${inputs.mysecrets}/ssh_hosts.nix";
};
programs.tmux = { programs.tmux = {
enable = true; enable = true;
keyMode = "vi"; keyMode = "vi";
extraConfig = extraConfig =
# for direnv not messing up the environment # for direnv not messing up the environment
''set-option -g update-environment "DIRENV_DIFF DIRENV_DIR DIRENV_WATCHES" ''
set-environment -gu DIRENV_DIFF set-option -g update-environment "DIRENV_DIFF DIRENV_DIR DIRENV_WATCHES"
set-environment -gu DIRENV_DIR set-environment -gu DIRENV_DIFF
set-environment -gu DIRENV_WATCHES set-environment -gu DIRENV_DIR
set-environment -gu DIRENV_LAYOUT set-environment -gu DIRENV_WATCHES
set-environment -gu DIRENV_LAYOUT
bind-key -T copy-mode-vi 'v' send -X begin-selection
bind-key -T copy-mode-vi 'y' send -X copy-selection-and-cancel''; bind-key -T copy-mode-vi 'v' send -X begin-selection
bind-key -T copy-mode-vi 'y' send -X copy-selection-and-cancel'';
terminal = "screen-256color"; terminal = "screen-256color";
}; };
@ -334,120 +328,135 @@ in
fonts.fontconfig.enable = true; fonts.fontconfig.enable = true;
programs.git = programs.git =
let contacts = import "${inputs.mysecrets}/contacts.nix"; let
contacts = import "${inputs.mysecrets}/contacts.nix";
in in
{ {
enable = true; enable = true;
includes = [ includes =
{ [
condition = "gitdir:~/Seafile/Studium/"; {
contents = { condition = "gitdir:~/Seafile/Studium/";
user.name = contacts.realName; contents = {
user.email = contacts.uniMail; user.name = contacts.realName;
}; user.email = contacts.uniMail;
} };
{ }
condition = "gitdir:~/src/nixpkgs/"; {
contents = { condition = "gitdir:~/src/nixpkgs/";
user.name = "Trolli Schmittlauch"; contents = {
user.email = contacts.nixosMail; user.name = "Trolli Schmittlauch";
}; user.email = contacts.nixosMail;
} };
] }
# set default name for several other common locations ]
++ map # set default name for several other common locations
(dir: { ++
condition = "gitdir:${dir}"; map
contents = { (dir: {
user.name = "Trolli Schmittlauch"; condition = "gitdir:${dir}";
user.email = contacts.mainMail; contents = {
}; user.name = "Trolli Schmittlauch";
}) [ "~/src/" "~/bin/" "~/tmp/" "~/nixconfigs/" ]; user.email = contacts.mainMail;
};
})
[
"~/src/"
"~/bin/"
"~/tmp/"
"~/nixconfigs/"
];
extraConfig = { extraConfig = {
credential.helper = "cache"; credential.helper = "cache";
push.default = "simple"; push.default = "simple";
init.defaultBranch = "mainline"; init.defaultBranch = "mainline";
diff.tool = "vimdiff"; diff.tool = "vimdiff";
merge.tool = "vimdiff"; merge.tool = "vimdiff";
core.excludesfile = toString (pkgs.writeText ".gitignore_global" '' core.excludesfile = toString (
# Direnv stuff pkgs.writeText ".gitignore_global" ''
.direnv # Direnv stuff
.envrc .direnv
# Editor files # .envrc
################ # Editor files #
*~ ################
*.swp *~
*.swo *.swp
''); *.swo
''
);
core.whitespace = "-blank-at-eol,blank-at-eof,space-before-tab"; core.whitespace = "-blank-at-eol,blank-at-eof,space-before-tab";
}; };
lfs.enable = true; lfs.enable = true;
}; };
# shell config # shell config
programs.zsh = { programs.zsh = {
enable = true;
syntaxHighlighting.enable = true;
history.ignoreSpace = true;
initExtra = ''
# Uncomment following line if you want red dots to be displayed while waiting for completion
COMPLETION_WAITING_DOTS="true"
### Fix slowness of pastes with zsh-syntax-highlighting.zsh
pasteinit() {
OLD_SELF_INSERT=''${''${(s.:.)widgets[self-insert]}[2,3]}
zle -N self-insert url-quote-magic # I wonder if you'd need `.url-quote-magic`?
}
pastefinish() {
zle -N self-insert $OLD_SELF_INSERT
}
zstyle :bracketed-paste-magic paste-init pasteinit
zstyle :bracketed-paste-magic paste-finish pastefinish
# automatic rehash of path completion
zstyle ':completion:*' rehash true
eval "$(${pkgs.thefuck}/bin/thefuck --alias)"
## helper functions
nixify() {
if [ ! -e ./.envrc ]; then
echo "eval \"$(lorri direnv)\"" > .envrc
direnv allow
fi
if [ ! -e shell.nix ]; then
cat > shell.nix <<'EOF'
with import <nixpkgs> {};
mkShell {
buildInputs = [
bashInteractive
];
}
EOF
${"EDITOR:-vim"} default.nix
fi
}
binpath() {
realpath $(${pkgs.which}/bin/which $1)
}
'';
oh-my-zsh = {
enable = true; enable = true;
syntaxHighlighting.enable = true; theme = "bira";
history.ignoreSpace = true; plugins = [
initExtra = '' "git"
# Uncomment following line if you want red dots to be displayed while waiting for completion "python"
COMPLETION_WAITING_DOTS="true" "systemd"
### Fix slowness of pastes with zsh-syntax-highlighting.zsh "gpg-agent"
pasteinit() { ];
OLD_SELF_INSERT=''${''${(s.:.)widgets[self-insert]}[2,3]}
zle -N self-insert url-quote-magic # I wonder if you'd need `.url-quote-magic`?
}
pastefinish() {
zle -N self-insert $OLD_SELF_INSERT
}
zstyle :bracketed-paste-magic paste-init pasteinit
zstyle :bracketed-paste-magic paste-finish pastefinish
# automatic rehash of path completion
zstyle ':completion:*' rehash true
eval "$(${pkgs.thefuck}/bin/thefuck --alias)"
## helper functions
nixify() {
if [ ! -e ./.envrc ]; then
echo "eval \"$(lorri direnv)\"" > .envrc
direnv allow
fi
if [ ! -e shell.nix ]; then
cat > shell.nix <<'EOF'
with import <nixpkgs> {};
mkShell {
buildInputs = [
bashInteractive
];
}
EOF
${EDITOR:-vim} default.nix
fi
}
binpath() {
realpath $(${pkgs.which}/bin/which $1)
}
'';
oh-my-zsh = {
enable = true;
theme = "bira";
plugins = [ "git" "python" "systemd" "gpg-agent"];
};
};
home.shellAliases = {
ip = "ip --color";
ipb = "ip --color --brief";
ll = "ls -l";
wavesynth = "nix-shell -p sox --run 'play -n synth brownnoise synth pinknoise mix synth 0 0 0 15 40 80 trapezium amod 0.2 20'";
vim = "nvim";
};
home.sessionVariables = {
EDITOR = "nvim";
}; };
};
home.shellAliases = {
ip = "ip --color";
ipb = "ip --color --brief";
ll = "ls -l";
wavesynth = "nix-shell -p sox --run 'play -n synth brownnoise synth pinknoise mix synth 0 0 0 15 40 80 trapezium amod 0.2 20'";
vim = "nvim";
};
home.sessionVariables = {
EDITOR = "nvim";
};
} }

17
home/overlays.nix
View file

@ -1,9 +1,9 @@
[ [
( (self: super: rec {
self: super: myVim =
rec { with super;
myVim = with super; neovim.override { configure = { neovim.override {
configure = {
packages.myVimPackage = with pkgs.vimPlugins; { packages.myVimPackage = with pkgs.vimPlugins; {
# loaded on start # loaded on start
start = [ start = [
@ -25,8 +25,7 @@
]; ];
}; };
customRC = builtins.readFile ./vimrc; customRC = builtins.readFile ./vimrc;
};}; };
} };
) })
] ]

11
hosts/framenix/default.nix
View file

@ -1,4 +1,10 @@
{ config, lib, pkgs, system, ...}: {
config,
lib,
pkgs,
system,
...
}:
let let
unstable = config.inputInjection.flake-inputs.nixos-unstable.legacyPackages.${system}; unstable = config.inputInjection.flake-inputs.nixos-unstable.legacyPackages.${system};
in in
@ -22,7 +28,7 @@ in
# try newer kernels # try newer kernels
boot.kernelPackages = pkgs.linuxPackages_latest; boot.kernelPackages = pkgs.linuxPackages_latest;
boot.kernelParams = [ boot.kernelParams = [
# temporary workaround for white flickering graphics artefacts # temporary workaround for white flickering graphics artefacts
"amdgpu.sg_display=0" "amdgpu.sg_display=0"
# powersave # powersave
@ -65,4 +71,3 @@ in
pkgs.framework-tool pkgs.framework-tool
]; ];
} }

21
hosts/framenix/hardware-configuration.nix
View file

@ -1,18 +1,27 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
imports = config,
[ (modulesPath + "/installer/scan/not-detected.nix") lib,
]; pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction

25
hosts/framenix/storage.nix
View file

@ -1,17 +1,25 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
fsOptions = [ "noatime" "ssd" "compress=zstd" ]; fsOptions = [
"noatime"
"ssd"
"compress=zstd"
];
in in
{ {
boot.initrd.luks = { boot.initrd.luks = {
devices = devices =
# allow discards on all devices # allow discards on all devices
builtins.mapAttrs (name: val: val // {allowDiscards = true;}) builtins.mapAttrs (name: val: val // { allowDiscards = true; }) {
{
"system".device = "/dev/disk/by-uuid/1838cdc5-9b0b-4c46-9f23-9465549eeb92"; "system".device = "/dev/disk/by-uuid/1838cdc5-9b0b-4c46-9f23-9465549eeb92";
"cryptswap".device = "/dev/disk/by-uuid/ded7d649-ab3a-42ee-ae4a-f8c4ba029e9c"; "cryptswap".device = "/dev/disk/by-uuid/ded7d649-ab3a-42ee-ae4a-f8c4ba029e9c";
}; };
reusePassphrases = true; reusePassphrases = true;
}; };
fileSystems = { fileSystems = {
@ -37,7 +45,10 @@ in
services.fstrim.enable = true; services.fstrim.enable = true;
services.btrfs.autoScrub = { services.btrfs.autoScrub = {
enable = true; enable = true;
fileSystems = [ "/" "/home" ]; fileSystems = [
"/"
"/home"
];
}; };
boot.tmp.useTmpfs = true; boot.tmp.useTmpfs = true;

4
hosts/framenix/swap.nix
View file

@ -1,7 +1,5 @@
{ {
swapDevices = swapDevices = [ { device = "/dev/disk/by-uuid/24c47f3d-0d3e-4575-92a2-174b5a6b6086"; } ];
[ { device = "/dev/disk/by-uuid/24c47f3d-0d3e-4575-92a2-174b5a6b6086"; }
];
zramSwap = { zramSwap = {
enable = true; enable = true;

9
hosts/thinknix/default.nix
View file

@ -1,4 +1,9 @@
{ config, lib, pkgs, ...}: {
config,
lib,
pkgs,
...
}:
{ {
imports = [ imports = [
../../common ../../common
@ -10,7 +15,6 @@
./secureboot.nix ./secureboot.nix
]; ];
hardware.trackpoint = { hardware.trackpoint = {
enable = true; enable = true;
sensitivity = 180; sensitivity = 180;
@ -19,7 +23,6 @@
networking.hostName = "thinknix"; networking.hostName = "thinknix";
# This value determines the NixOS release with which your system is to be # This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database # compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you # servers. You should change this only after NixOS release notes say you

26
hosts/thinknix/hardware-configuration.nix
View file

@ -1,20 +1,28 @@
{ config, lib, pkgs, modulesPath, ... }: {
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; boot.initrd.availableKernelModules = [
"xhci_pci"
"ehci_pci"
"ahci"
"usb_storage"
"sd_mod"
"rtsx_pci_sdmmc"
];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = []; boot.extraModulePackages = [ ];
nix.settings.max-jobs = lib.mkDefault 4; nix.settings.max-jobs = lib.mkDefault 4;
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
# modesetting is always better than intel (legacy) # modesetting is always better than intel (legacy)
services.xserver.videoDrivers = [ "modesetting" ]; services.xserver.videoDrivers = [ "modesetting" ];
} }

14
hosts/thinknix/secureboot.nix
View file

@ -1,11 +1,14 @@
{ config, lib, pkgs, ...}: {
{ config,
lib,
pkgs,
...
}:
{
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
# UEFI secure boot # UEFI secure boot
environment.systemPackages = [ environment.systemPackages = [ pkgs.sbctl ];
pkgs.sbctl
];
# Lanzaboote currently replaces the systemd-boot module. # Lanzaboote currently replaces the systemd-boot module.
# This setting is usually set to true in configuration.nix # This setting is usually set to true in configuration.nix
# generated at installation time. So we force it to false # generated at installation time. So we force it to false
@ -16,5 +19,4 @@
enable = true; enable = true;
pkiBundle = "/etc/secureboot"; pkiBundle = "/etc/secureboot";
}; };
} }

37
hosts/thinknix/storage.nix
View file

@ -1,19 +1,28 @@
{ config, lib, pkgs, ...}: {
config,
lib,
pkgs,
...
}:
let let
fsOptions = [ "noatime" "ssd" "space_cache" "compress=zstd" ]; fsOptions = [
"noatime"
"ssd"
"space_cache"
"compress=zstd"
];
in in
{ {
# encrypted partitions # encrypted partitions
boot.initrd.luks = { boot.initrd.luks = {
devices = devices =
# allow discards on all devices # allow discards on all devices
builtins.mapAttrs (name: val: val // {allowDiscards = true;}) builtins.mapAttrs (name: val: val // { allowDiscards = true; }) {
{
"system".device = "/dev/disk/by-uuid/85154131-b2a8-4ef5-9d74-47429cb267ef"; "system".device = "/dev/disk/by-uuid/85154131-b2a8-4ef5-9d74-47429cb267ef";
"cryptswap".device = "/dev/disk/by-uuid/ac586df6-6332-4809-beb1-f51906a2adaa"; "cryptswap".device = "/dev/disk/by-uuid/ac586df6-6332-4809-beb1-f51906a2adaa";
"ssd2".device = "/dev/disk/by-uuid/cadd4e1f-3642-4faa-8d4e-37dd85465df1"; "ssd2".device = "/dev/disk/by-uuid/cadd4e1f-3642-4faa-8d4e-37dd85465df1";
}; };
reusePassphrases = true; reusePassphrases = true;
}; };
fileSystems = { fileSystems = {
@ -57,16 +66,20 @@ in
services.fstrim.enable = true; services.fstrim.enable = true;
services.btrfs.autoScrub = { services.btrfs.autoScrub = {
enable = true; enable = true;
fileSystems = [ "/" "/home" ]; fileSystems = [
"/"
"/home"
];
}; };
boot.tmp.useTmpfs = true; boot.tmp.useTmpfs = true;
fileSystems."/tmp".fsType = "tmpfs"; fileSystems."/tmp".fsType = "tmpfs";
services.smartd = services.smartd = {
{ enable = true;
enable = true; devices = [
devices = [{ device = "/dev/sda"; } { device = "/dev/sdb"; }]; { device = "/dev/sda"; }
}; { device = "/dev/sdb"; }
];
};
} }

4
hosts/thinknix/swap.nix
View file

@ -1,7 +1,5 @@
{ {
swapDevices = [ swapDevices = [ { device = "/dev/disk/by-uuid/bf928178-4e92-4e7e-8df2-18fbd658eecf"; } ];
{ device = "/dev/disk/by-uuid/bf928178-4e92-4e7e-8df2-18fbd658eecf"; }
];
zramSwap = { zramSwap = {
enable = true; enable = true;

46
nixos/Hash2PubTestbed.nix
View file

@ -1,10 +1,15 @@
{ config, pkgs, experimentUid ? 1000, ... }: {
config,
pkgs,
experimentUid ? 1000,
...
}:
let let
projectDir = "/home/spiollinux/Seafile/Studium/Semester11/INF-PM-FP-ANW"; projectDir = "/home/spiollinux/Seafile/Studium/Semester11/INF-PM-FP-ANW";
projectPath = builtins.toPath projectDir; projectPath = builtins.toPath projectDir;
projectMount = "/mnt/project"; projectMount = "/mnt/project";
shell = (import (projectDir + "/Hash2Pub/default.nix") {}).shell; shell = (import (projectDir + "/Hash2Pub/default.nix") { }).shell;
simulationSetupScript = pkgs.writeShellScriptBin "simulationSetup" '' simulationSetupScript = pkgs.writeShellScriptBin "simulationSetup" ''
# make cabal-install work offline # make cabal-install work offline
mkdir $HOME/.cabal mkdir $HOME/.cabal
@ -12,25 +17,30 @@ let
# run simulation script within the shell # run simulation script within the shell
${pkgs.nix}/bin/nix-shell ${shell.drvPath} --command "cd ${projectMount} && bash ./build/simulationrunner.sh 2>&1" ${pkgs.nix}/bin/nix-shell ${shell.drvPath} --command "cd ${projectMount} && bash ./build/simulationrunner.sh 2>&1"
''; '';
instanceData = builtins.fromJSON (builtins.readFile "${projectDir}/simulationData/inputs/generated/instances_sample.json"); instanceData = builtins.fromJSON (
builtins.readFile "${projectDir}/simulationData/inputs/generated/instances_sample.json"
);
in in
{ {
privateNetwork = true; privateNetwork = true;
ephemeral = true; ephemeral = true;
bindMounts = { bindMounts = {
"${projectMount}" = { hostPath = projectDir; isReadOnly = false; }; "${projectMount}" = {
hostPath = projectDir;
isReadOnly = false;
};
}; };
config = { config = {
networking = { networking = {
firewall.enable = false; firewall.enable = false;
interfaces.lo.ipv6.addresses = interfaces.lo.ipv6.addresses = builtins.map (inst: {
builtins.map (inst: {address = inst.ip; prefixLength = 0;}) instanceData; address = inst.ip;
extraHosts = prefixLength = 0;
pkgs.lib.concatMapStringsSep "\n" (inst: "${inst.ip} ${inst.hostname}") instanceData; }) instanceData;
extraHosts = pkgs.lib.concatMapStringsSep "\n" (inst: "${inst.ip} ${inst.hostname}") instanceData;
}; };
# avoid permission problems with project builds # avoid permission problems with project builds
users.users.experimentor = { users.users.experimentor = {
@ -39,12 +49,14 @@ in
}; };
# adjust open file limits # adjust open file limits
security.pam.loginLimits = [{ security.pam.loginLimits = [
domain = "*" {
; type = "-" domain = "*";
; item = "nofile" type = "-";
; value = "50000" item = "nofile";
;}]; value = "50000";
}
];
environment.systemPackages = [ environment.systemPackages = [
pkgs.netcat pkgs.netcat
@ -55,7 +67,7 @@ in
pkgs.iftop pkgs.iftop
(pkgs.writeShellScriptBin "doSimulation" '' (pkgs.writeShellScriptBin "doSimulation" ''
su experimentor -c "${simulationSetupScript}/bin/simulationSetup" su experimentor -c "${simulationSetupScript}/bin/simulationSetup"
'') '')
pkgs.tcpdump pkgs.tcpdump
]; ];
}; };

1
packages/default.nix
View file

@ -8,5 +8,4 @@ final: prev: {
}) })
]; ];
}); });
} }