From 072510df3b74bcc2e0014ee1eab367c96974e475 Mon Sep 17 00:00:00 2001 From: Alexander Kobjolke Date: Sat, 18 Feb 2023 00:05:03 +0100 Subject: [PATCH 01/10] Create a shell alias to run emacsclient --- home/cli.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/home/cli.nix b/home/cli.nix index 5e8d247..12664e3 100644 --- a/home/cli.nix +++ b/home/cli.nix @@ -68,6 +68,9 @@ enable = true; enableAutosuggestions = true; # enableSyntaxHighlighting = true; + shellAliases = { + e = "emacsclient -c $@"; + }; oh-my-zsh = { enable = true; plugins = [ "git" ]; From d6ab6b3f48ebb8d629b2238686f74d1a09d3c288 Mon Sep 17 00:00:00 2001 From: Alexander Kobjolke Date: Sat, 18 Feb 2023 00:05:18 +0100 Subject: [PATCH 02/10] Add vterm to emacs installation --- home/cli.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/cli.nix b/home/cli.nix index 12664e3..6e3d098 100644 --- a/home/cli.nix +++ b/home/cli.nix @@ -91,6 +91,7 @@ emacs = { enable = true; package = pkgs.emacsGit; + extraPackages = epkgs: with epkgs; [ vterm ]; #package = pkgs.emacsUnstable; }; From 193639d8846e165428312ed8dcf17190c9c18b83 Mon Sep 17 00:00:00 2001 From: Alexander Kobjolke Date: Fri, 10 Mar 2023 18:31:32 +0100 Subject: [PATCH 03/10] Add initial configuration for dregil --- flake.nix | 21 +++++ home/cli.nix | 30 +++++-- hosts/dregil/default.nix | 173 +++++++++++++++++++++++++++++++++++++++ hosts/thrall/default.nix | 29 +++++-- 4 files changed, 237 insertions(+), 16 deletions(-) create mode 100644 hosts/dregil/default.nix diff --git a/flake.nix b/flake.nix index 2a55083..c225240 100644 --- a/flake.nix +++ b/flake.nix @@ -45,5 +45,26 @@ } ]; }; + + nixosConfigurations."dregil" = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ({ + nixpkgs = { + config.allowUnfree = true; + overlays = with inputs; [ emacs.overlay ]; + }; + }) + ./modules/security.nix + ./hosts/dregil + agenix.nixosModules.age + hm.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.alex = import ./home/cli.nix; + } + ]; + }; }; } diff --git a/home/cli.nix b/home/cli.nix index 6e3d098..9c0d303 100644 --- a/home/cli.nix +++ b/home/cli.nix @@ -1,8 +1,11 @@ { config, pkgs, ... }: # minimal config, suitable for servers - -{ +let + myUser = "alex"; + myName = "Alexander Kobjolke"; + myMail = "me@failco.de"; +in { imports = [ # shell config #./modules/shell @@ -10,8 +13,8 @@ programs.home-manager.enable = true; home = { - username = "alex"; - homeDirectory = "/home/alex"; + username = myUser; + homeDirectory = "/home/${myUser}"; stateVersion = "21.05"; sessionPath = [ "$HOME/.local/bin" "$HOME/.emacs.d/bin" ]; }; @@ -31,6 +34,7 @@ gotop gnumake ripgrep # better grep + pijul sqlite.dev sqlite # pass @@ -63,14 +67,22 @@ ''; }; + xdg.configFile.pijul = { + target = "pijul/config.toml"; + text = '' + [author] + name = "${myUser}" + full_name = "${myName}" + email = "${myMail}" + ''; + }; + programs = { zsh = { enable = true; enableAutosuggestions = true; # enableSyntaxHighlighting = true; - shellAliases = { - e = "emacsclient -c $@"; - }; + shellAliases = { e = "emacsclient -c $@"; }; oh-my-zsh = { enable = true; plugins = [ "git" ]; @@ -103,8 +115,8 @@ git = { enable = true; ignores = [ "*~" "*.swp" "result" "dist-newstyle" ]; - userEmail = "me@failco.de"; - userName = "Alexander Kobjolke"; + userEmail = myMail; + userName = myName; aliases = { st = "status"; }; extraConfig = { init.defaultBranch = "main"; }; }; diff --git a/hosts/dregil/default.nix b/hosts/dregil/default.nix new file mode 100644 index 0000000..ac16c1d --- /dev/null +++ b/hosts/dregil/default.nix @@ -0,0 +1,173 @@ +{ config, lib, pkgs, ... }: +let extIface = "ens3"; +in { + imports = [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + nix.package = pkgs.nixUnstable; + nix.extraOptions = '' + experimental-features = nix-command flakes ca-derivations + ''; + #nix.registry.nixpkgs.flake = nixpkgs; + + # Binary Cache for Haskell.nix + nix.settings.trusted-public-keys = + [ "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=" ]; + + #nix.binaryCaches = [ "https://hydra.iohk.io" ]; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + # boot.loader.grub.efiSupport = true; + # boot.loader.grub.efiInstallAsRemovable = true; + # boot.loader.efi.efiSysMountPoint = "/boot/efi"; + # Define on which hard drive you want to install Grub. + boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only + # boot.loader.systemd-boot.enable = true; + + # Set your time zone. + time.timeZone = "Europe/Berlin"; + + age.secrets = { + # mailPass.file = ../../secrets/mailPass.age; + # wireguard-thrall.file = ../../secrets/wireguard-thrall.age; + }; + + # The global useDHCP flag is deprecated, therefore explicitly set to false here. + # Per-interface useDHCP will be mandatory in the future, so this generated config + # replicates the default behaviour. + networking = { + hostName = "dregil"; + domain = "failco.de"; + wireless.enable = true; + useDHCP = true; + enableIPv6 = true; + firewall = { + allowedTCPPorts = [ 22 ]; + allowedUDPPorts = [ 42666 ]; + }; + + # wireguard.interfaces = { + # wg0 = { + # ips = [ "10.0.0.1/24" ]; + # listenPort = 42666; + # + # privateKeyFile = config.age.secrets.wireguard-thrall.path; + # peers = [ + # { + # # my phone + # publicKey = "9EaBSNsJW0W/xPMLJ54zr3UNK3bZ/2ULOmhV1gPfSXk="; + # allowedIPs = [ "10.0.0.2/32" ]; + # } + # { + # # my tablet + # publicKey = "NG9y+0RMDTjiG65yC4Z0ymJ0G5fe1mOhl4GyC3xAh1k="; + # allowedIPs = [ "10.0.0.3/32" ]; + # } + # ]; + # }; + # }; + }; + + security.acme = { + acceptTerms = true; + defaults.email = "alex@jakalx.net"; + }; + + security.sudo = { + enable = true; + execWheelOnly = true; + extraRules = [{ + groups = [ "wheel" ]; + commands = [{ + command = "/run/current-system/sw/bin/nixos-rebuild"; + options = [ "NOPASSWD" ]; + }]; + }]; + }; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "dvorak"; + }; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.alex = { + isNormalUser = true; + extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + shell = pkgs.zsh; + }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + wget + rsync + htop + tmux + git + #agenix.defaultPackage.x86_64-linux + restic # fast and secure backup + rclone + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + programs.neovim = { + enable = true; + defaultEditor = true; + viAlias = true; + vimAlias = true; + }; + + # enable zsh globally in order to get home.sessionPath to propagate :() + programs.zsh.enable = true; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + services.lorri.enable = true; + + # configure backup via restic to gdrive + services.restic.backups = { }; + services.keybase = { enable = true; }; + + services.syncthing = { + enable = true; + user = "alex"; + dataDir = "/home/alex/sync"; + overrideDevices = + true; # overrides any devices added or deleted through the WebUI + overrideFolders = + true; # overrides any folders added or deleted through the WebUI + folders = { + "org" = { + path = "/home/alex/org"; + devices = [ "thrall" "redmi" ]; + }; + "scan" = { + path = "/home/alex/media/scan"; + devices = [ "thrall" "redmi" ]; + }; + }; + devices = { + "redmi" = { + id = "C43WITF-2HS2UCD-X6QFM4H-SC7XQJ7-X5F73EB-7FZHMII-KQNSH5D-NMICIAW"; + }; + }; + }; + + system.stateVersion = "20.09"; # Did you read the comment? +} diff --git a/hosts/thrall/default.nix b/hosts/thrall/default.nix index 1db9143..9e898ce 100644 --- a/hosts/thrall/default.nix +++ b/hosts/thrall/default.nix @@ -55,8 +55,8 @@ in { defaultGateway = "195.90.208.1"; nameservers = [ "1.1.1.1" "8.8.8.8" ]; firewall = { - allowedTCPPorts = [ 22 80 443 5000 ]; - allowedUDPPorts = [ 42666 ]; + allowedTCPPorts = [ 22 53 80 443 5000 ]; + allowedUDPPorts = [ 53 42666 ]; }; # wireguard related config @@ -70,18 +70,27 @@ in { listenPort = 42666; postSetup = '' + ${pkgs.iptables}/bin/iptables -A FORWARD -i wg0 -j ACCEPT ${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o ${extIface} -j MASQUERADE ''; postShutdown = '' + ${pkgs.iptables}/bin/iptables -D FORWARD -i wg0 -j ACCEPT ${pkgs.iptables}/bin/iptables -t nat -D POSTROUTING -s 10.0.0.0/24 -o ${extIface} -j MASQUERADE ''; privateKeyFile = config.age.secrets.wireguard-thrall.path; - peers = [{ - # my phone - publicKey = "9EaBSNsJW0W/xPMLJ54zr3UNK3bZ/2ULOmhV1gPfSXk="; - allowedIPs = [ "10.0.0.2/32" ]; - }]; + peers = [ + { + # my phone + publicKey = "9EaBSNsJW0W/xPMLJ54zr3UNK3bZ/2ULOmhV1gPfSXk="; + allowedIPs = [ "10.0.0.2/32" ]; + } + { + # my tablet + publicKey = "NG9y+0RMDTjiG65yC4Z0ymJ0G5fe1mOhl4GyC3xAh1k="; + allowedIPs = [ "10.0.0.3/32" ]; + } + ]; }; }; }; @@ -151,6 +160,12 @@ in { # List services that you want to enable: + # depending on wireguard + services.kresd = { + enable = true; + listenPlain = [ "[::1]:53" "127.0.0.1:53" "10.0.0.1:53" ]; + }; + # Enable the OpenSSH daemon. services.openssh.enable = true; From 01aa1ae9ee453f94f027a0b1219941add220a52a Mon Sep 17 00:00:00 2001 From: Alexander Kobjolke Date: Wed, 15 Mar 2023 19:04:39 +0100 Subject: [PATCH 04/10] Remove hash --- secrets/me@failco.de-mail | 1 - 1 file changed, 1 deletion(-) delete mode 100644 secrets/me@failco.de-mail diff --git a/secrets/me@failco.de-mail b/secrets/me@failco.de-mail deleted file mode 100644 index c240f66..0000000 --- a/secrets/me@failco.de-mail +++ /dev/null @@ -1 +0,0 @@ -$6$wEpQRnG6C6N0$63CchCNtmKUOmIu.R6qLyx30fpGnpwjXhWMbwyrk4sye5g0cpmHuShQ.2UUDHkSGUKsCvAG5rBOgX7I38N89U. From 808f23e20c459783c29f91f9d9296d72725507b4 Mon Sep 17 00:00:00 2001 From: Alexander Kobjolke Date: Tue, 14 Mar 2023 23:24:26 +0100 Subject: [PATCH 05/10] dregil: Import current config into flake --- flake.lock | 54 ++++--- flake.nix | 38 ++--- hosts/dregil/configuration.nix | 166 ++++++++++++++++++++ hosts/dregil/default.nix | 191 +++--------------------- hosts/dregil/hardware-configuration.nix | 92 ++++++++++++ modules/common-system.nix | 49 ++++++ 6 files changed, 373 insertions(+), 217 deletions(-) create mode 100644 hosts/dregil/configuration.nix create mode 100644 hosts/dregil/hardware-configuration.nix create mode 100644 modules/common-system.nix diff --git a/flake.lock b/flake.lock index 618136d..11a8f76 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ ] }, "locked": { - "lastModified": 1676153903, - "narHash": "sha256-uetRyjgMiZCs6srmZ10M764Vn7F53M9mVuqnzHmyBqU=", + "lastModified": 1677969766, + "narHash": "sha256-AIp/ZYZMNLDZR/H7iiAlaGpu4lcXsVt9JQpBlf43HRY=", "owner": "ryantm", "repo": "agenix", - "rev": "ea17cc71b4e1bc5b2601f210a1c85db9453ad723", + "rev": "03b51fe8e459a946c4b88dcfb6446e45efb2c24e", "type": "github" }, "original": { @@ -67,11 +67,11 @@ ] }, "locked": { - "lastModified": 1676484851, - "narHash": "sha256-IQtPR+ObyNgh+Gc5rvfPUD3Xe7jsWk6jTMSwU6YOdHs=", + "lastModified": 1678817767, + "narHash": "sha256-P+Al3yNlM53oL+kxtU853arGO8YsfZPXjXqB1exaPKo=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "fb1cdbb0a12d7f0e0e50022c405aca7c856dd233", + "rev": "7ba9b9e2392d33071f06dcff9845b42f3096f7c3", "type": "github" }, "original": { @@ -95,7 +95,7 @@ "type": "github" } }, - "hm": { + "home-manager": { "inputs": { "nixpkgs": [ "nixpkgs" @@ -103,43 +103,58 @@ "utils": "utils" }, "locked": { - "lastModified": 1676257154, - "narHash": "sha256-eW3jymNLpdxS5fkp9NWKyNtgL0Gqtgg1vCTofKXDF1g=", + "lastModified": 1678831854, + "narHash": "sha256-7HBmLFNVD2KjovSzypIN9NfyzpWelMe8sNbUVZIRsS0=", "owner": "nix-community", "repo": "home-manager", - "rev": "2cb27c79117a2a75ff3416c3199a2dc57af6a527", + "rev": "cae54dc45c0d61c99c1dc8b04bc42f36c76f9771", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-22.11", "repo": "home-manager", "type": "github" } }, "nixpkgs": { "locked": { - "lastModified": 1676546582, - "narHash": "sha256-MJ+PXNmUyxnMTFoss7G2lEcUY2cfYZM6RudBAL5aX1k=", + "lastModified": 1678703398, + "narHash": "sha256-Y1mW3dBsoWLHpYm+UIHb5VZ7rx024NNHaF16oZBx++o=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "2fb7d749c084890192b2cd08ba264e5e4a14df1b", + "rev": "67f26c1cfc5d5783628231e776a81c1ade623e0b", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-22.11-small", + "ref": "nixos-22.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable": { + "locked": { + "lastModified": 1678654296, + "narHash": "sha256-aVfw3ThpY7vkUeF1rFy10NAkpKDS2imj3IakrzT0Occ=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "5a1dc8acd977ff3dccd1328b7c4a6995429a656b", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_2": { "locked": { - "lastModified": 1676569297, - "narHash": "sha256-2n4C4H3/U+3YbDrQB6xIw7AaLdFISCCFwOkcETAigqU=", + "lastModified": 1669542132, + "narHash": "sha256-DRlg++NJAwPh8io3ExBJdNW7Djs3plVI5jgYQ+iXAZQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ac1f5b72a9e95873d1de0233fddcb56f99884b37", + "rev": "a115bb9bd56831941be3776c8a94005867f316a7", "type": "github" }, "original": { @@ -152,8 +167,9 @@ "inputs": { "agenix": "agenix", "emacs": "emacs", - "hm": "hm", + "home-manager": "home-manager", "nixpkgs": "nixpkgs", + "nixpkgs-unstable": "nixpkgs-unstable", "snm": "snm" } }, diff --git a/flake.nix b/flake.nix index c225240..798e455 100644 --- a/flake.nix +++ b/flake.nix @@ -1,9 +1,10 @@ { inputs = { - nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11-small"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-22.11"; + nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable"; - hm = { - url = "github:nix-community/home-manager/release-22.11"; + home-manager = { + url = "github:nix-community/home-manager"; inputs.nixpkgs.follows = "nixpkgs"; }; @@ -13,8 +14,10 @@ inputs.nixpkgs-22_11.follows = "nixpkgs"; }; - emacs.url = "github:nix-community/emacs-overlay"; - emacs.inputs.nixpkgs.follows = "nixpkgs"; + emacs = { + url = "github:nix-community/emacs-overlay"; + inputs.nixpkgs.follows = "nixpkgs"; + }; # age for nix to store encrypted passwords conveniently agenix = { @@ -23,7 +26,7 @@ }; }; - outputs = { self, hm, nixpkgs, agenix, snm, ... }@inputs: { + outputs = { self, home-manager, nixpkgs, agenix, snm, ... }@inputs: { nixosConfigurations."thrall" = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ @@ -37,7 +40,7 @@ ./modules/security.nix ./hosts/thrall agenix.nixosModules.age - hm.nixosModules.home-manager + home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; @@ -46,25 +49,6 @@ ]; }; - nixosConfigurations."dregil" = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ({ - nixpkgs = { - config.allowUnfree = true; - overlays = with inputs; [ emacs.overlay ]; - }; - }) - ./modules/security.nix - ./hosts/dregil - agenix.nixosModules.age - hm.nixosModules.home-manager - { - home-manager.useGlobalPkgs = true; - home-manager.useUserPackages = true; - home-manager.users.alex = import ./home/cli.nix; - } - ]; - }; + nixosConfigurations."dregil" = import ./hosts/dregil { inherit inputs; }; }; } diff --git a/hosts/dregil/configuration.nix b/hosts/dregil/configuration.nix new file mode 100644 index 0000000..7069949 --- /dev/null +++ b/hosts/dregil/configuration.nix @@ -0,0 +1,166 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ inputs, config, pkgs, ... }: +let + nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" '' + export __NV_PRIME_RENDER_OFFLOAD=1 + export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0 + export __GLX_VENDOR_LIBRARY_NAME=nvidia + export __VK_LAYER_NV_optimus=NVIDIA_only + exec "$@" + ''; +in +{ + imports = + [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + # + ]; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "dregil"; # Define your hostname. + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Configure network proxy if necessary + # networking.proxy.default = "http://user:password@proxy:port/"; + # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; + + console = { + font = "Lat2-Terminus16"; + useXkbConfig = true; # use xkbOptions in tty. + }; + + # Enable the X11 windowing system. + services.xserver = { + enable = true; + exportConfiguration = true; + + # Configure keymap in X11 + layout = "dvorak"; + + xkbOptions = "terminate:ctrl_alt_bksp,caps:escape,compose:ralt"; + + videoDrivers = [ "nvidia" ]; # "modesetting" ]; + + displayManager.lightdm = { + enable = true; + }; + + desktopManager.xfce.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + libinput = { + enable = true; + touchpad.disableWhileTyping = true; + touchpad.naturalScrolling = true; + mouse.naturalScrolling = config.services.xserver.libinput.touchpad.naturalScrolling; + }; + }; + + fonts = { + enableDefaultFonts = true; + fonts = with pkgs; [ + noto-fonts + noto-fonts-emoji + fira-code + fira-code-symbols + nerdfonts + ]; + }; + + # Enable CUPS to print documents. + # services.printing.enable = true; + + # Enable sound. + sound.enable = true; + hardware.pulseaudio.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.alex = { + isNormalUser = true; + extraGroups = [ "wheel" # Enable ‘sudo’ for the user. + "input" + ]; + packages = with pkgs; [ + # gui tool + alacritty + firefox + jitsi-meet-electron + + # editing + helix + nil # nix language server + + # system tools + htop-vim # htop with vim bindings + erdtree # du+tree had sex + dua # ncdu but better + bat # better cat + uhk-agent + + # gaming support + bottles + ]; + }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + wget + ripgrep + git + nvidia-offload + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + programs.neovim = { + enable = true; + }; + + programs.steam = { + enable = true; + }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # Copy the NixOS configuration file and link it from the resulting system + # (/run/current-system/configuration.nix). This is useful in case you + # accidentally delete configuration.nix. + # system.copySystemConfiguration = true; + + system.nixos.tags = [ "HiDPI" "nvidia-only" ]; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "22.11"; # Did you read the comment? + +} + diff --git a/hosts/dregil/default.nix b/hosts/dregil/default.nix index ac16c1d..678c04d 100644 --- a/hosts/dregil/default.nix +++ b/hosts/dregil/default.nix @@ -1,173 +1,22 @@ -{ config, lib, pkgs, ... }: -let extIface = "ens3"; -in { - imports = [ # Include the results of the hardware scan. - ./hardware-configuration.nix +{ inputs, ... }: +let + inherit (inputs.nixpkgs-unstable.lib) nixosSystem; + + system = "x86_64-linux"; + + pkgs = import inputs.nixpkgs-unstable { + inherit system; + config = { + allowUnfree = true; + }; + }; +in +nixosSystem { + inherit system pkgs; + specialArgs = { inherit inputs; }; + modules = [ + ../../modules/security.nix + ../../modules/common-system.nix + ./configuration.nix ]; - - nix.package = pkgs.nixUnstable; - nix.extraOptions = '' - experimental-features = nix-command flakes ca-derivations - ''; - #nix.registry.nixpkgs.flake = nixpkgs; - - # Binary Cache for Haskell.nix - nix.settings.trusted-public-keys = - [ "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=" ]; - - #nix.binaryCaches = [ "https://hydra.iohk.io" ]; - - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - # boot.loader.grub.efiSupport = true; - # boot.loader.grub.efiInstallAsRemovable = true; - # boot.loader.efi.efiSysMountPoint = "/boot/efi"; - # Define on which hard drive you want to install Grub. - boot.loader.grub.device = "/dev/vda"; # or "nodev" for efi only - # boot.loader.systemd-boot.enable = true; - - # Set your time zone. - time.timeZone = "Europe/Berlin"; - - age.secrets = { - # mailPass.file = ../../secrets/mailPass.age; - # wireguard-thrall.file = ../../secrets/wireguard-thrall.age; - }; - - # The global useDHCP flag is deprecated, therefore explicitly set to false here. - # Per-interface useDHCP will be mandatory in the future, so this generated config - # replicates the default behaviour. - networking = { - hostName = "dregil"; - domain = "failco.de"; - wireless.enable = true; - useDHCP = true; - enableIPv6 = true; - firewall = { - allowedTCPPorts = [ 22 ]; - allowedUDPPorts = [ 42666 ]; - }; - - # wireguard.interfaces = { - # wg0 = { - # ips = [ "10.0.0.1/24" ]; - # listenPort = 42666; - # - # privateKeyFile = config.age.secrets.wireguard-thrall.path; - # peers = [ - # { - # # my phone - # publicKey = "9EaBSNsJW0W/xPMLJ54zr3UNK3bZ/2ULOmhV1gPfSXk="; - # allowedIPs = [ "10.0.0.2/32" ]; - # } - # { - # # my tablet - # publicKey = "NG9y+0RMDTjiG65yC4Z0ymJ0G5fe1mOhl4GyC3xAh1k="; - # allowedIPs = [ "10.0.0.3/32" ]; - # } - # ]; - # }; - # }; - }; - - security.acme = { - acceptTerms = true; - defaults.email = "alex@jakalx.net"; - }; - - security.sudo = { - enable = true; - execWheelOnly = true; - extraRules = [{ - groups = [ "wheel" ]; - commands = [{ - command = "/run/current-system/sw/bin/nixos-rebuild"; - options = [ "NOPASSWD" ]; - }]; - }]; - }; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "dvorak"; - }; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.alex = { - isNormalUser = true; - extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - shell = pkgs.zsh; - }; - - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - wget - rsync - htop - tmux - git - #agenix.defaultPackage.x86_64-linux - restic # fast and secure backup - rclone - ]; - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - programs.gnupg.agent = { - enable = true; - enableSSHSupport = true; - }; - - programs.neovim = { - enable = true; - defaultEditor = true; - viAlias = true; - vimAlias = true; - }; - - # enable zsh globally in order to get home.sessionPath to propagate :() - programs.zsh.enable = true; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - - services.lorri.enable = true; - - # configure backup via restic to gdrive - services.restic.backups = { }; - services.keybase = { enable = true; }; - - services.syncthing = { - enable = true; - user = "alex"; - dataDir = "/home/alex/sync"; - overrideDevices = - true; # overrides any devices added or deleted through the WebUI - overrideFolders = - true; # overrides any folders added or deleted through the WebUI - folders = { - "org" = { - path = "/home/alex/org"; - devices = [ "thrall" "redmi" ]; - }; - "scan" = { - path = "/home/alex/media/scan"; - devices = [ "thrall" "redmi" ]; - }; - }; - devices = { - "redmi" = { - id = "C43WITF-2HS2UCD-X6QFM4H-SC7XQJ7-X5F73EB-7FZHMII-KQNSH5D-NMICIAW"; - }; - }; - }; - - system.stateVersion = "20.09"; # Did you read the comment? } diff --git a/hosts/dregil/hardware-configuration.nix b/hosts/dregil/hardware-configuration.nix new file mode 100644 index 0000000..198484c --- /dev/null +++ b/hosts/dregil/hardware-configuration.nix @@ -0,0 +1,92 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ "dm-snapshot" "uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1" ]; + boot.initrd.luks.devices = { + root = { + device = "/dev/disk/by-uuid/bebf96d1-2a2b-412c-a5f0-f9ed5730a05f"; + preLVM = true; + allowDiscards = true; + fallbackToPassword = true; + keyFile = "/dev/sda2"; + keyFileSize = 4096; + }; + }; + boot.kernelModules = [ "kvm-intel" "nvidia" ]; + boot.extraModulePackages = [ pkgs.linuxPackages.nvidia_x11 ]; + boot.kernelParams = [ "module_blacklist=i915" ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654"; + fsType = "btrfs"; + options = [ "subvol=root" "compress=zstd" ]; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654"; + fsType = "btrfs"; + options = [ "subvol=home" "compress=zstd" ]; + }; + + fileSystems."/nix" = + { device = "/dev/disk/by-uuid/a88ac058-e704-419e-ba7d-1d0ff4b6f654"; + fsType = "btrfs"; + options = [ "subvol=nix" "compress=zstd" "noatime" ]; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/786D-42D7"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/b8c224ad-095e-4a48-b5b2-a19451fdeb95"; + } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp52s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + + hardware.video.hidpi.enable = true; + + hardware.nvidia = { + nvidiaSettings = true; + nvidiaPersistenced = true; + +# modesetting.enable = true; + package = config.boot.kernelPackages.nvidiaPackages.beta; +# prime = { +# offload.enable = true; +# +# intelBusId = "PCI:1:0:0"; +# nvidiaBusId = "PCI:1:0:0"; +# intelBusId = "0@0:2:0"; +# nvidiaBusId = "1@1:0:0"; +# }; + }; + + hardware.opengl = { + enable = true; + driSupport = true; + driSupport32Bit = true; + }; + + hardware.keyboard.uhk.enable = true; +} diff --git a/modules/common-system.nix b/modules/common-system.nix new file mode 100644 index 0000000..fb4273f --- /dev/null +++ b/modules/common-system.nix @@ -0,0 +1,49 @@ +{config, pkgs, inputs, ...}: +{ + i18n.defaultLocale = "en_US.UTF-8"; + time.timeZone = "Europe/Berlin"; + + environment.systemPackages = with pkgs; [ + wget + tmux + ripgrep + git + dua + erdtree + exa + fd + fzf + bat + ]; + + networking.firewall.enable = true; + + users.users.alex = { + isNormalUser = true; + extraGroups = [ "wheel" "input" ]; + shell = pkgs.zsh; + }; + + nix = { + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; + + registry = { + nixpkgs.flake = inputs.nixpkgs; + nixpkgs-unstable.flake = inputs.nixpkgs-unstable; + }; + + settings = { + auto-optimise-store = true; + experimental-features = [ "nix-command" "flakes" ]; + warn-dirty = false; + + # avoid unwanted garbage collection when using direnv + keep-outputs = true; + keep-derivations = true; + }; + }; +} From fcc7e04c7d62834222fa73c76646195da5a7d2ae Mon Sep 17 00:00:00 2001 From: Alexander Kobjolke Date: Wed, 15 Mar 2023 21:17:25 +0100 Subject: [PATCH 06/10] dregil: Disable kernel protection to allow hibernation --- hosts/dregil/configuration.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/hosts/dregil/configuration.nix b/hosts/dregil/configuration.nix index 7069949..f037888 100644 --- a/hosts/dregil/configuration.nix +++ b/hosts/dregil/configuration.nix @@ -2,7 +2,7 @@ # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). -{ inputs, config, pkgs, ... }: +{ inputs, config, pkgs, lib, ... }: let nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" '' export __NV_PRIME_RENDER_OFFLOAD=1 @@ -24,6 +24,9 @@ in boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + # do not protect the kernel image to allow hibernation + security.protectKernelImage = lib.mkForce false; + networking.hostName = "dregil"; # Define your hostname. # Pick only one of the below networking options. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. From 43a6e0ef78f7123bf4e892fdc81ff86b4f03b1b0 Mon Sep 17 00:00:00 2001 From: Alexander Kobjolke Date: Mon, 27 Mar 2023 21:15:51 +0200 Subject: [PATCH 07/10] dregil: Update home-manager config --- .gitignore | 1 + flake.nix | 8 ++++++- hosts/dregil/configuration.nix | 10 ++++++++- outputs/homeConfigurations/default.nix | 31 ++++++++++++++++++++++++++ 4 files changed, 48 insertions(+), 2 deletions(-) create mode 100644 .gitignore create mode 100644 outputs/homeConfigurations/default.nix diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..fcfc4a1 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +result* diff --git a/flake.nix b/flake.nix index 798e455..6faf123 100644 --- a/flake.nix +++ b/flake.nix @@ -19,6 +19,11 @@ inputs.nixpkgs.follows = "nixpkgs"; }; +# simplex-chat = { +# url = "github:simplex-chat/simplex-chat"; +# inputs.nixpkgs.follows = "nixpkgs"; +# }; + # age for nix to store encrypted passwords conveniently agenix = { url = "github:ryantm/agenix"; @@ -26,7 +31,7 @@ }; }; - outputs = { self, home-manager, nixpkgs, agenix, snm, ... }@inputs: { + outputs = { home-manager, nixpkgs, agenix, snm, ... }@inputs: { nixosConfigurations."thrall" = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ @@ -50,5 +55,6 @@ }; nixosConfigurations."dregil" = import ./hosts/dregil { inherit inputs; }; + homeConfigurations = import ./outputs/homeConfigurations inputs; }; } diff --git a/hosts/dregil/configuration.nix b/hosts/dregil/configuration.nix index f037888..3974771 100644 --- a/hosts/dregil/configuration.nix +++ b/hosts/dregil/configuration.nix @@ -71,6 +71,7 @@ in fonts = { enableDefaultFonts = true; fonts = with pkgs; [ + corefonts noto-fonts noto-fonts-emoji fira-code @@ -110,7 +111,8 @@ in uhk-agent # gaming support - bottles + lutris + #inputs.simplex-chat.packages."x86_64-linux"."exe:simplex-chat" ]; }; @@ -123,6 +125,12 @@ in nvidia-offload ]; + # adjust channels to nixpkgs used on this system via this flake + environment.etc."nix/inputs/nixpkgs".source = inputs.nixpkgs-unstable.outPath; + nix.nixPath = [ + "nixpkgs=${inputs.nixpkgs-unstable}" + ]; + # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; diff --git a/outputs/homeConfigurations/default.nix b/outputs/homeConfigurations/default.nix new file mode 100644 index 0000000..4fe9a2a --- /dev/null +++ b/outputs/homeConfigurations/default.nix @@ -0,0 +1,31 @@ +inputs: with inputs; +let + pkgs = import nixpkgs-unstable { + system = "x86_64-linux"; + config.allowUnfree = true; + overlays = []; + }; +in +{ + "alex@dregil" = home-manager.lib.homeManagerConfiguration { + inherit pkgs; + modules = [ + { + programs.home-manager.enable = true; + + home = { + username = "alex"; + homeDirectory = "/home/alex"; + stateVersion = "22.11"; + + packages = with pkgs; [ + lutris + ]; + }; + + # do not show home-manager notifications + news.display = "silent"; + } + ]; + }; +} From e5e845e20ff3fc3e687bf2cab16d013ff2605a33 Mon Sep 17 00:00:00 2001 From: Alexander Kobjolke Date: Tue, 28 Mar 2023 02:10:29 +0200 Subject: [PATCH 08/10] redmi: Add nix-on-droid config --- flake.lock | 152 +++++++++++++++++++++++++++++++++++++++- flake.nix | 12 ++++ hosts/redmi/default.nix | 45 ++++++++++++ 3 files changed, 208 insertions(+), 1 deletion(-) create mode 100644 hosts/redmi/default.nix diff --git a/flake.lock b/flake.lock index 11a8f76..24ce5ed 100644 --- a/flake.lock +++ b/flake.lock @@ -116,6 +116,76 @@ "type": "github" } }, + "home-manager_2": { + "inputs": { + "nixpkgs": [ + "nix-on-droid", + "nixpkgs" + ], + "utils": "utils_2" + }, + "locked": { + "lastModified": 1663932797, + "narHash": "sha256-IH8ZBW99W2k7wKLS+Sat9HiKX1TPZjFTnsPizK5crok=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "de3758e31a3a1bc79d569f5deb5dac39791bf9b6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "nix-formatter-pack": { + "inputs": { + "nixpkgs": [ + "nix-on-droid", + "nixpkgs" + ], + "nmd": "nmd", + "nmt": "nmt" + }, + "locked": { + "lastModified": 1666720474, + "narHash": "sha256-iWojjDS1D19zpeZXbBdjWb9MiKmVVFQCqtJmtTXgPx8=", + "owner": "Gerschtli", + "repo": "nix-formatter-pack", + "rev": "14876cc8fe94a3d329964ecb073b4c988c7b61f5", + "type": "github" + }, + "original": { + "owner": "Gerschtli", + "repo": "nix-formatter-pack", + "type": "github" + } + }, + "nix-on-droid": { + "inputs": { + "home-manager": "home-manager_2", + "nix-formatter-pack": "nix-formatter-pack", + "nixpkgs": [ + "nixpkgs" + ], + "nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap", + "nmd": "nmd_2" + }, + "locked": { + "lastModified": 1670198918, + "narHash": "sha256-oNlUhAM0/a3pDdCMmBWA+CLrDAIYJqAAMyrDp8fNSM4=", + "owner": "t184256", + "repo": "nix-on-droid", + "rev": "b00cb5e7e2a47d85a019119069b153cda4002d0a", + "type": "github" + }, + "original": { + "owner": "t184256", + "ref": "release-22.11", + "repo": "nix-on-droid", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1678703398, @@ -132,6 +202,22 @@ "type": "github" } }, + "nixpkgs-for-bootstrap": { + "locked": { + "lastModified": 1669834992, + "narHash": "sha256-YnhZGHgb4C3Q7DSGisO/stc50jFb9F/MzHeKS4giotg=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "596a8e828c5dfa504f91918d0fa4152db3ab5502", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "596a8e828c5dfa504f91918d0fa4152db3ab5502", + "type": "github" + } + }, "nixpkgs-unstable": { "locked": { "lastModified": 1678654296, @@ -163,11 +249,60 @@ "type": "indirect" } }, + "nmd": { + "flake": false, + "locked": { + "lastModified": 1666190571, + "narHash": "sha256-Z1hc7M9X6L+H83o9vOprijpzhTfOBjd0KmUTnpHAVjA=", + "owner": "rycee", + "repo": "nmd", + "rev": "b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169", + "type": "gitlab" + }, + "original": { + "owner": "rycee", + "repo": "nmd", + "type": "gitlab" + } + }, + "nmd_2": { + "flake": false, + "locked": { + "lastModified": 1666190571, + "narHash": "sha256-Z1hc7M9X6L+H83o9vOprijpzhTfOBjd0KmUTnpHAVjA=", + "owner": "rycee", + "repo": "nmd", + "rev": "b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169", + "type": "gitlab" + }, + "original": { + "owner": "rycee", + "repo": "nmd", + "type": "gitlab" + } + }, + "nmt": { + "flake": false, + "locked": { + "lastModified": 1648075362, + "narHash": "sha256-u36WgzoA84dMVsGXzml4wZ5ckGgfnvS0ryzo/3zn/Pc=", + "owner": "rycee", + "repo": "nmt", + "rev": "d83601002c99b78c89ea80e5e6ba21addcfe12ae", + "type": "gitlab" + }, + "original": { + "owner": "rycee", + "repo": "nmt", + "type": "gitlab" + } + }, "root": { "inputs": { "agenix": "agenix", "emacs": "emacs", "home-manager": "home-manager", + "nix-on-droid": "nix-on-droid", "nixpkgs": "nixpkgs", "nixpkgs-unstable": "nixpkgs-unstable", "snm": "snm" @@ -180,7 +315,7 @@ "nixpkgs-22_11": [ "nixpkgs" ], - "utils": "utils_2" + "utils": "utils_3" }, "locked": { "lastModified": 1671659164, @@ -213,6 +348,21 @@ } }, "utils_2": { + "locked": { + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "utils_3": { "locked": { "lastModified": 1605370193, "narHash": "sha256-YyMTf3URDL/otKdKgtoMChu4vfVL3vCMkRqpGifhUn0=", diff --git a/flake.nix b/flake.nix index 6faf123..8a5a182 100644 --- a/flake.nix +++ b/flake.nix @@ -14,6 +14,11 @@ inputs.nixpkgs-22_11.follows = "nixpkgs"; }; + nix-on-droid = { + url = "github:t184256/nix-on-droid/release-22.11"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + emacs = { url = "github:nix-community/emacs-overlay"; inputs.nixpkgs.follows = "nixpkgs"; @@ -56,5 +61,12 @@ nixosConfigurations."dregil" = import ./hosts/dregil { inherit inputs; }; homeConfigurations = import ./outputs/homeConfigurations inputs; + + nixOnDroidConfigurations.default = inputs.nix-on-droid.lib.nixOnDroidConfiguration { + modules = [ + ./hosts/redmi + { nix.registry.nixpkgs.flake = nixpkgs; } { nix.nixPath = [ "nixpkgs=${nixpkgs}" ]; } + ]; + }; }; } diff --git a/hosts/redmi/default.nix b/hosts/redmi/default.nix new file mode 100644 index 0000000..9f607a0 --- /dev/null +++ b/hosts/redmi/default.nix @@ -0,0 +1,45 @@ +{ config, lib, pkgs, ... }: + +{ + # Simply install just the packages + environment.packages = with pkgs; [ + # User-facing stuff that you really really want to have + vim # or some other editor, e.g. nano or neovim + + git + mosh + openssh + wget + + # Some common stuff that people expect to have + #diffutils + #findutils + #utillinux + #tzdata + #hostname + #man + #gnugrep + #gnupg + #gnused + gnutar + #bzip2 + gzip + #xz + #zip + #unzip + ]; + + # Backup etc files instead of failing to activate generation if a file already exists in /etc + environment.etcBackupExtension = ".bak"; + + # Read the changelog before changing this value + system.stateVersion = "22.11"; + + # Set up nix for flakes + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; + + # Set your time zone + time.timeZone = "Europe/Berlin"; +} From e50f72be6ab7e027f115da58d2ca3fdb2dd9febc Mon Sep 17 00:00:00 2001 From: Alexander Kobjolke Date: Fri, 31 Mar 2023 19:10:25 +0200 Subject: [PATCH 09/10] flake: Let home-manager follow unstable --- flake.lock | 10 +++++----- flake.nix | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index 24ce5ed..cd9faaf 100644 --- a/flake.lock +++ b/flake.lock @@ -63,15 +63,15 @@ "inputs": { "flake-utils": "flake-utils", "nixpkgs": [ - "nixpkgs" + "nixpkgs-unstable" ] }, "locked": { - "lastModified": 1678817767, - "narHash": "sha256-P+Al3yNlM53oL+kxtU853arGO8YsfZPXjXqB1exaPKo=", + "lastModified": 1680257010, + "narHash": "sha256-pNMB9sdoZOXEsszLD5TS0WG5Ysj2rVRmf92uxsxH/9A=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "7ba9b9e2392d33071f06dcff9845b42f3096f7c3", + "rev": "cfec7f9501cc0e001f49d725a7cd733af7deb2ed", "type": "github" }, "original": { @@ -98,7 +98,7 @@ "home-manager": { "inputs": { "nixpkgs": [ - "nixpkgs" + "nixpkgs-unstable" ], "utils": "utils" }, diff --git a/flake.nix b/flake.nix index 8a5a182..9234096 100644 --- a/flake.nix +++ b/flake.nix @@ -5,7 +5,7 @@ home-manager = { url = "github:nix-community/home-manager"; - inputs.nixpkgs.follows = "nixpkgs"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; }; # simple mailserver @@ -21,7 +21,7 @@ emacs = { url = "github:nix-community/emacs-overlay"; - inputs.nixpkgs.follows = "nixpkgs"; + inputs.nixpkgs.follows = "nixpkgs-unstable"; }; # simplex-chat = { From dc34117014930e277e4ec4742c677a3557f85613 Mon Sep 17 00:00:00 2001 From: Alexander Kobjolke Date: Wed, 5 Apr 2023 20:52:55 +0200 Subject: [PATCH 10/10] thrall: Enable gitea service --- flake.nix | 3 ++- hosts/thrall/default.nix | 24 +++++++++++++++++++++--- 2 files changed, 23 insertions(+), 4 deletions(-) diff --git a/flake.nix b/flake.nix index 9234096..c1bf290 100644 --- a/flake.nix +++ b/flake.nix @@ -65,7 +65,8 @@ nixOnDroidConfigurations.default = inputs.nix-on-droid.lib.nixOnDroidConfiguration { modules = [ ./hosts/redmi - { nix.registry.nixpkgs.flake = nixpkgs; } { nix.nixPath = [ "nixpkgs=${nixpkgs}" ]; } + { nix.registry.nixpkgs.flake = nixpkgs; } + { nix.nixPath = [ "nixpkgs=${nixpkgs}" ]; } ]; }; }; diff --git a/hosts/thrall/default.nix b/hosts/thrall/default.nix index 9e898ce..9631cb7 100644 --- a/hosts/thrall/default.nix +++ b/hosts/thrall/default.nix @@ -189,6 +189,24 @@ in { root = "/srv/www/failco.de"; serverAliases = [ "www.failco.de" "mail.failco.de" ]; }; + + "git.failco.de" = { + forceSSL = true; + enableACME = true; + locations."/" = { proxyPass = "http://127.0.0.1:3001/"; }; + }; + }; + + services.gitea = { + enable = true; + database.type = "sqlite3"; + lfs.enable = true; + domain = "git.failco.de"; + rootUrl = "https://git.failco.de"; + httpAddress = "127.0.0.1"; + httpPort = 3001; + + settings.service.DISABLE_REGISTRATION = true; }; services.fail2ban = { @@ -226,15 +244,15 @@ in { mailserver = { enable = true; fqdn = "thrall.failco.de"; - domains = [ "failco.de" ]; + domains = [ "failco.de" "jakalx.net" ]; loginAccounts = { "me@failco.de" = { hashedPasswordFile = config.age.secrets.mailPass.path; - aliases = [ "jakalx@failco.de" ]; + aliases = [ "lx@failco.de" "alex@failco.de" ]; - catchAll = [ "failco.de" ]; + catchAll = [ "failco.de" "jakalx.net" ]; }; };