fixes and new stuff
This commit is contained in:
parent
fa021cc190
commit
bd128d43b0
|
@ -109,7 +109,6 @@
|
||||||
netcat-openbsd = super.libressl.nc;
|
netcat-openbsd = super.libressl.nc;
|
||||||
})
|
})
|
||||||
(import ./overlays/qmk-udev-rules.nix)
|
(import ./overlays/qmk-udev-rules.nix)
|
||||||
(import ./overlays/sane-backends.nix)
|
|
||||||
(import ./overlays/logisim.nix)
|
(import ./overlays/logisim.nix)
|
||||||
(import ./overlays/fzf-kak.nix)
|
(import ./overlays/fzf-kak.nix)
|
||||||
(import ./overlays/prometheus-fritzbox-exporter.nix)
|
(import ./overlays/prometheus-fritzbox-exporter.nix)
|
||||||
|
@ -161,7 +160,7 @@
|
||||||
pkgFiles = builtins.attrNames (builtins.readDir ./pkgs);
|
pkgFiles = builtins.attrNames (builtins.readDir ./pkgs);
|
||||||
toPackage = file: {
|
toPackage = file: {
|
||||||
name = builtins.replaceStrings [".nix"] [""] file;
|
name = builtins.replaceStrings [".nix"] [""] file;
|
||||||
value = pkgs.callPackage ./pkgs/${file} {};
|
value = pkgs.callPackage ./pkgs/${file} {inherit inputs;};
|
||||||
};
|
};
|
||||||
in
|
in
|
||||||
builtins.listToAttrs (builtins.map toPackage pkgFiles);
|
builtins.listToAttrs (builtins.map toPackage pkgFiles);
|
||||||
|
|
|
@ -1,6 +1,4 @@
|
||||||
{
|
{
|
||||||
lib,
|
|
||||||
pkgs,
|
|
||||||
modulesPath,
|
modulesPath,
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
|
@ -15,97 +13,16 @@
|
||||||
|
|
||||||
# === Internal drive ===
|
# === Internal drive ===
|
||||||
fileSystems."/" = {
|
fileSystems."/" = {
|
||||||
device = "zroot/safe/root";
|
device = "/dev/disk/by-label/root";
|
||||||
fsType = "zfs";
|
fsType = "ext4";
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nix" = {
|
|
||||||
device = "zroot/local/nix";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/var/log/journal" = {
|
|
||||||
device = "zroot/safe/journal";
|
|
||||||
fsType = "zfs";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
fileSystems."/boot" = {
|
fileSystems."/boot" = {
|
||||||
device = "/dev/disk/by-uuid/8BB2-9DCB";
|
device = "/dev/disk/by-label/esp";
|
||||||
fsType = "vfat";
|
fsType = "vfat";
|
||||||
};
|
};
|
||||||
|
|
||||||
# === Swap ===
|
swapDevices = [
|
||||||
swapDevices = [{device = "/dev/disk/by-uuid/efc7e294-1c18-4dd9-aca5-f868eb9c47fc";}];
|
{device = "/dev/disk/by-label/swap";}
|
||||||
|
];
|
||||||
}
|
}
|
||||||
// (
|
|
||||||
# === External drives ===
|
|
||||||
let
|
|
||||||
cryptsetup = "${pkgs.cryptsetup}/bin/cryptsetup";
|
|
||||||
unlockLuksService = label: keyfile:
|
|
||||||
lib.attrsets.recursiveUpdate {
|
|
||||||
description = "Unlock luks encrypted device '${label}'";
|
|
||||||
bindsTo = ["dev-${label}.device"];
|
|
||||||
after = ["dev-${label}.device"];
|
|
||||||
serviceConfig = {
|
|
||||||
Type = "oneshot";
|
|
||||||
RemainAfterExit = true;
|
|
||||||
ExecStart = ''
|
|
||||||
${cryptsetup} luksOpen --key-file ${keyfile} /dev/${label} ${label}opened
|
|
||||||
'';
|
|
||||||
ExecStop = ''
|
|
||||||
${cryptsetup} luksClose ${label}opened
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
disks = {
|
|
||||||
FRA = "8ae45289-82ed-4cf1-9d68-a0e26e5d9bb5";
|
|
||||||
BER = "85ce2e58-72fc-4a66-a376-565bb4fc39a1";
|
|
||||||
HND = "4a3765fc-155e-453d-a348-d1782447bcfe";
|
|
||||||
LEJ = "5e3c2c1e-73f6-43e6-b8f3-71c923cbeb6d";
|
|
||||||
};
|
|
||||||
in {
|
|
||||||
# Unlock all luks devices and import the zfs pools if necessary
|
|
||||||
systemd.services."luks-open-FRA" =
|
|
||||||
unlockLuksService "FRA" "/root/keys/fra" {};
|
|
||||||
systemd.services."luks-open-BER" = unlockLuksService "BER" "/root/keys/ber" {
|
|
||||||
serviceConfig.ExecStartPost = "${pkgs.zfs}/bin/zpool import zBER";
|
|
||||||
};
|
|
||||||
systemd.services."luks-open-HND" = unlockLuksService "HND" "/root/keys/hnd" {
|
|
||||||
serviceConfig.ExecStartPost = "${pkgs.zfs}/bin/zpool import zHND";
|
|
||||||
};
|
|
||||||
systemd.services."luks-open-LEJ" =
|
|
||||||
unlockLuksService "LEJ" "/root/keys/lej" {};
|
|
||||||
|
|
||||||
systemd.mounts = [
|
|
||||||
{
|
|
||||||
what = "/dev/mapper/FRAopened";
|
|
||||||
where = "/srv/fra";
|
|
||||||
type = "ext4";
|
|
||||||
wantedBy = ["default.target"];
|
|
||||||
requires = ["luks-open-FRA.service"];
|
|
||||||
after = ["luks-open-FRA.service"];
|
|
||||||
}
|
|
||||||
{
|
|
||||||
what = "/dev/mapper/vg_lej-lv_lej";
|
|
||||||
where = "/srv/lej";
|
|
||||||
type = "ext4";
|
|
||||||
wantedBy = ["default.target"];
|
|
||||||
requires = ["luks-open-LEJ.service"];
|
|
||||||
after = ["luks-open-LEJ.service"];
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
# Add udev rules for every disk
|
|
||||||
services.udev.customRules = [
|
|
||||||
{
|
|
||||||
name = "85-rename-and-unlock-disks";
|
|
||||||
rules = lib.concatStringsSep "\n" (lib.attrsets.mapAttrsToList
|
|
||||||
(alias: uuid: ''
|
|
||||||
SUBSYSTEM=="block", ENV{ID_FS_UUID}=="${uuid}", SYMLINK+="${alias}", TAG+="systemd"
|
|
||||||
'')
|
|
||||||
disks);
|
|
||||||
}
|
|
||||||
];
|
|
||||||
}
|
|
||||||
)
|
|
||||||
|
|
31
hosts/cerithium-telescopium.nix
Normal file
31
hosts/cerithium-telescopium.nix
Normal file
|
@ -0,0 +1,31 @@
|
||||||
|
{
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
imports = [
|
||||||
|
../hardware/intel-nuc.nix
|
||||||
|
];
|
||||||
|
config = {
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
networking.hostName = "cerithium-telescopium";
|
||||||
|
networking.networkmanager.enable = true;
|
||||||
|
|
||||||
|
users.extraUsers.kodi.isNormalUser = true;
|
||||||
|
|
||||||
|
services.cage = {
|
||||||
|
enable = true;
|
||||||
|
program = "${pkgs.kodi-wayland}/bin/kodi-standalone";
|
||||||
|
user = "kodi";
|
||||||
|
};
|
||||||
|
|
||||||
|
# This value determines the NixOS release from which the default
|
||||||
|
# settings for stateful data, like file locations and database versions
|
||||||
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
# this value at the release version of the first install of this system.
|
||||||
|
# Before changing this value read the documentation for this option
|
||||||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
system.stateVersion = "23.11"; # Did you read the comment?
|
||||||
|
};
|
||||||
|
}
|
34
hosts/chrysomallon-squamiferum.nix
Normal file
34
hosts/chrysomallon-squamiferum.nix
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
{
|
||||||
|
pkgs,
|
||||||
|
modulesPath,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
imports = [
|
||||||
|
(modulesPath + "/installer/netboot/netboot-minimal.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
config = {
|
||||||
|
networking.hostName = "chrysomallon-squamiferum";
|
||||||
|
networking.networkmanager.enable = true;
|
||||||
|
networking.wireless.enable = false;
|
||||||
|
networking.firewall.enable = false;
|
||||||
|
settings.ssh.openOutsideVPN = true;
|
||||||
|
|
||||||
|
users.users.nixos.openssh.authorizedKeys.keyFiles = [../users/malte/yubikey.pub];
|
||||||
|
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
# For special computers
|
||||||
|
chntpw
|
||||||
|
# For testing
|
||||||
|
# geekbench
|
||||||
|
];
|
||||||
|
|
||||||
|
# This value determines the NixOS release from which the default
|
||||||
|
# settings for stateful data, like file locations and database versions
|
||||||
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
# this value at the release version of the first install of this system.
|
||||||
|
# Before changing this value read the documentation for this option
|
||||||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
system.stateVersion = "23.11"; # Did you read the comment?
|
||||||
|
};
|
||||||
|
}
|
|
@ -75,6 +75,7 @@
|
||||||
${point "time" faunus-ater}
|
${point "time" faunus-ater}
|
||||||
${point "todo" faunus-ater}
|
${point "todo" faunus-ater}
|
||||||
${point "support" faunus-ater}
|
${point "support" faunus-ater}
|
||||||
|
${point "config" faunus-ater}
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -24,7 +24,6 @@ in {
|
||||||
./deck.nix
|
./deck.nix
|
||||||
./radicale.nix
|
./radicale.nix
|
||||||
./restic.nix
|
./restic.nix
|
||||||
./scanner.nix
|
|
||||||
./taskserver.nix
|
./taskserver.nix
|
||||||
./wakeup.nix
|
./wakeup.nix
|
||||||
./darkman.nix
|
./darkman.nix
|
||||||
|
|
|
@ -1,29 +0,0 @@
|
||||||
{pkgs, ...}: let
|
|
||||||
# TODO: Can I specify this in a better way?
|
|
||||||
device = "gt68xx";
|
|
||||||
|
|
||||||
scan-a4 = pkgs.writeShellApplication {
|
|
||||||
name = "scan-a4";
|
|
||||||
runtimeInputs = with pkgs; [
|
|
||||||
sane-backends
|
|
||||||
imagemagick
|
|
||||||
];
|
|
||||||
text = ''
|
|
||||||
if [[ -z $1 ]]; then
|
|
||||||
echo "Missing filename"
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
scanimage --device-name ${device} \
|
|
||||||
-x 210 \
|
|
||||||
-y 297 \
|
|
||||||
-o /tmp/last-scan.png \
|
|
||||||
--resolution 150 || exit 2
|
|
||||||
convert /tmp/last-scan.png "$1" || exit 3
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
in {
|
|
||||||
hardware.sane.enable = true;
|
|
||||||
|
|
||||||
environment.systemPackages = [scan-a4];
|
|
||||||
}
|
|
|
@ -1,22 +0,0 @@
|
||||||
self: super: {
|
|
||||||
sane-backends-old = super.sane-backends;
|
|
||||||
sane-backends =
|
|
||||||
(super.sane-backends.override {
|
|
||||||
extraFirmware = [
|
|
||||||
{
|
|
||||||
src = super.fetchurl {
|
|
||||||
url = "www.meier-geinitz.de/sane/gt68xx-backend/firmware/sbfw.usb";
|
|
||||||
sha256 = "12hnacivpy153alfjyr7k92y90nmb5d7z1ca7aix5w7wi0w4jdjv";
|
|
||||||
};
|
|
||||||
name = "sbfw.usb";
|
|
||||||
backend = "gt68xx";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
})
|
|
||||||
.overrideAttrs (old: {
|
|
||||||
patches = (old.patches or []) ++ [../patches/gt68xx.conf.patch];
|
|
||||||
});
|
|
||||||
libreoffice-fresh = super.lib.recursiveUpdate super.libreoffice-fresh (super.libreoffice-fresh.libreoffice.override {
|
|
||||||
sane-backends = self.sane-backends-old;
|
|
||||||
});
|
|
||||||
}
|
|
42
pkgs/netboot.nix
Normal file
42
pkgs/netboot.nix
Normal file
|
@ -0,0 +1,42 @@
|
||||||
|
{
|
||||||
|
writeShellApplication,
|
||||||
|
pixiecore,
|
||||||
|
nix,
|
||||||
|
iptables,
|
||||||
|
inputs,
|
||||||
|
build ? inputs.self.nixosConfigurations.chrysomallon-squamiferum.config.system.build,
|
||||||
|
...
|
||||||
|
}: let
|
||||||
|
netboot = writeShellApplication {
|
||||||
|
name = "netboot";
|
||||||
|
runtimeInputs = [pixiecore];
|
||||||
|
text = ''
|
||||||
|
exec pixiecore boot \
|
||||||
|
${build.kernel}/bzImage \
|
||||||
|
${build.netbootRamdisk}/initrd \
|
||||||
|
--cmdline "init=${build.toplevel}/init loglevel=4" \
|
||||||
|
--dhcp-no-bind \
|
||||||
|
--debug \
|
||||||
|
--port 64172 \
|
||||||
|
--status-port 64172 \
|
||||||
|
"$@"
|
||||||
|
'';
|
||||||
|
}; in writeShellApplication {
|
||||||
|
name = "run-netboot-server";
|
||||||
|
runtimeInputs = [
|
||||||
|
netboot
|
||||||
|
nix
|
||||||
|
iptables
|
||||||
|
];
|
||||||
|
text = ''
|
||||||
|
# Open required firewall ports
|
||||||
|
sudo iptables -w -I nixos-fw -p udp -m multiport --dports 67,69,4011 -j ACCEPT
|
||||||
|
sudo iptables -w -I nixos-fw -p tcp -m tcp --dport 64172 -j ACCEPT
|
||||||
|
|
||||||
|
sudo netboot || echo "Closed netboot"
|
||||||
|
|
||||||
|
# Close ports
|
||||||
|
sudo iptables -w -D nixos-fw -p udp -m multiport --dports 67,69,4011 -j ACCEPT
|
||||||
|
sudo iptables -w -D nixos-fw -p tcp -m tcp --dport 64172 -j ACCEPT
|
||||||
|
'';
|
||||||
|
}
|
Loading…
Reference in a new issue