commit 7517f318dc2c946609cb5a5a64d976def5a6de66 Author: Felix Buehler Date: Mon Nov 16 21:14:46 2020 +0100 initial commit diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..de58db5 --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +configuration.nix +vars-uuids.nix +vars-backup.nix diff --git a/README.md b/README.md new file mode 100644 index 0000000..5bc6df8 --- /dev/null +++ b/README.md @@ -0,0 +1,27 @@ +# My personal NixOS-configuration +work in progress... + +get internet +`wpa_passphrase "" > /etc/wpa_supplicant.conf` +`systemctl restart wpa_supplicant` + +install git +`nix-env -iA nixos.git` + +get this repo +`git clone https://github.com/Stunkymonkey/nixos.git` +`cd nixos` + +link to correct host +`ln -s .nix configuration.nix` + +set password for luks +`vim /tmp/password` +enter password +`head -c <#char> /tmp/password > /tmp/passwd` + +install +`bash install-.sh` + +wait + enter password +`reboot` diff --git a/backup.nix b/backup.nix new file mode 100644 index 0000000..398effe --- /dev/null +++ b/backup.nix @@ -0,0 +1,82 @@ +{ config, lib, pkgs, ... }: +let + cfg = import ./vars-backup.nix; + borgbackupMonitor = { config, pkgs, lib, ... }: with lib; { + key = "borgbackupMonitor"; + _file = "borgbackupMonitor"; + config.systemd.services = { + "notify-problems@" = { + enable = true; + serviceConfig.User = "felix"; + environment.SERVICE = "%i"; + script = '' + export $(cat /proc/$(${pkgs.procps}/bin/pgrep -x "sway" -u "$USER")/environ |grep -z '^DBUS_SESSION_BUS_ADDRESS=') + ${pkgs.libnotify}/bin/notify-send -u critical "$SERVICE FAILED!" "Run journalctl -u $SERVICE for details" + ''; + }; + } // flip mapAttrs' config.services.borgbackup.jobs (name: value: + nameValuePair "borgbackup-job-${name}" { + unitConfig.OnFailure = "notify-problems@%i.service"; + preStart = lib.mkBefore '' + # waiting for internet after resume-from-suspend + until /run/wrappers/bin/ping google.com -c1 -q >/dev/null; do :; done + ''; + } + ); + + # forces backup after boot in case server was powered off during scheduled event + config.systemd.timers = flip mapAttrs' config.services.borgbackup.jobs (name: value: + nameValuePair "borgbackup-job-${name}" { + timerConfig.Persistent = true; + } + ); + }; + +in +{ + # notification + imports = [ + borgbackupMonitor + ]; + + services.borgbackup.jobs.thinkman = { + paths = [ + "/" + "/etc/nixos/" + "/home/" + ]; + exclude = [ + "/nix" + "/root/.cache/" + "**/.Trash" + "/tmp/*" + "/var/lock/*" + "/var/run/*" + "/var/tmp/*" + "/home/*/tmp" + "/home/*/todo" + "/home/*/.cache" + "/home/*/.gvfs" + "/home/*/.thumbnails" + "/home/*/.local/share/Trash" + ]; + extraCreateArgs = "--one-file-system --exclude-caches --keep-exclude-tags --stats"; + encryption = { + mode = "repokey-blake2"; + passCommand = "cat /root/.borg_password"; + }; + environment.BORG_RSH = "ssh -o 'StrictHostKeyChecking=no' -i /root/.ssh/backup_ed25519 -p 23"; + repo = "${cfg.borg.user}@${cfg.borg.host}:${cfg.borg.dir}"; + compression = "auto,zstd"; + doInit = false; + startAt = "daily"; + prune.keep = { + last = 1; + within = "3d"; + daily = 7; + weekly = 4; + monthly = 6; + yearly = 2; + }; + }; +} diff --git a/core.nix b/core.nix new file mode 100644 index 0000000..2269505 --- /dev/null +++ b/core.nix @@ -0,0 +1,45 @@ +{ config, pkgs, lib, ... }: +{ + # Packages + environment.systemPackages = with pkgs; [ + bandwhich + bind # dig + borgbackup + cryptsetup + docker-compose + file + fzf + gettext + git + gitAndTools.delta + gnufdisk + gptfdisk + htop + inetutils + jq + killall + lsof + mosh + multipath-tools #-> kpartx + mtr + nix-index + nmap + nmon + pciutils + pv + reptyr + rsync + screen + stress-ng + usbutils + tmux + vim + wget + whois + zip + unzip + ]; + + time.timeZone = "Europe/Berlin"; + services.timesyncd.enable = true; +} diff --git a/default.nix b/default.nix new file mode 100644 index 0000000..5aa728d --- /dev/null +++ b/default.nix @@ -0,0 +1,9 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + ./modules.nix + ./network.nix + ./users.nix + ]; +} diff --git a/disks-home.nix b/disks-home.nix new file mode 100644 index 0000000..6c20af5 --- /dev/null +++ b/disks-home.nix @@ -0,0 +1,12 @@ +{ config, lib, pkgs, ... }: + +#FIXME: komplett anpassen +let + uuids = import ./vars-uuids.nix; +in +{ + fileSystems."/home" = { + device = "/dev/disk/by-uuid/${uuids.fs.home}"; + fsType = "ext4"; + }; +} diff --git a/disks-srv.nix b/disks-srv.nix new file mode 100644 index 0000000..6844122 --- /dev/null +++ b/disks-srv.nix @@ -0,0 +1,12 @@ +{ config, lib, pkgs, ... }: + +let + uuids = import ./vars-uuids.nix; +in +{ + # FS + fileSystems."/srv" = { + device = "/dev/disk/by-uuid/${uuids.fs.srv}"; + fsType = "ext4"; + }; +} diff --git a/disks.nix b/disks.nix new file mode 100644 index 0000000..c1efd1b --- /dev/null +++ b/disks.nix @@ -0,0 +1,32 @@ +{ config, lib, pkgs, ... }: + +#FIXME: komplett anpassen +let + uuids = import ./vars-uuids.nix; +in +{ + boot.initrd.luks.devices."luks-drive" = { + name = "luks-drive"; + device = "/dev/disk/by-partuuid/${uuids.luks.root}"; + preLVM = true; + allowDiscards = true; + }; + + # FS + fileSystems."/" = { + device = "/dev/disk/by-uuid/${uuids.fs.root}"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/${uuids.fs.boot}"; + fsType = "vfat"; + }; + + # Swap + swapDevices = [ + { + device = "/dev/disk/by-uuid/${uuids.fs.swap}"; + } + ]; +} diff --git a/extra/3d-printing.nix b/extra/3d-printing.nix new file mode 100644 index 0000000..b7457e2 --- /dev/null +++ b/extra/3d-printing.nix @@ -0,0 +1,8 @@ +{ config, pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + meshlab + cura + openscad + ]; +} diff --git a/extra/android.nix b/extra/android.nix new file mode 100644 index 0000000..c72fb82 --- /dev/null +++ b/extra/android.nix @@ -0,0 +1,7 @@ +{ config, pkgs, ... }: +{ + programs.adb.enable = true; + environment.systemPackages = with pkgs; [ + scrcpy + ]; +} diff --git a/extra/arch-linux.nix b/extra/arch-linux.nix new file mode 100644 index 0000000..2faa999 --- /dev/null +++ b/extra/arch-linux.nix @@ -0,0 +1,7 @@ +{ config, lib, pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + pacman + ]; + environment.etc."makepkg.conf".source = "${pkgs.pacman}/etc/makepkg.conf"; +} diff --git a/extra/avahi.nix b/extra/avahi.nix new file mode 100644 index 0000000..efdbeed --- /dev/null +++ b/extra/avahi.nix @@ -0,0 +1,13 @@ +{ config, pkgs, lib, ... }: +{ + services.avahi = { + enable = true; + nssmdns = true; + publish = { + enable = true; + addresses = true; + workstation = true; + userServices = true; + }; + }; +} diff --git a/extra/bluetooth-audio.nix b/extra/bluetooth-audio.nix new file mode 100644 index 0000000..9c89ed5 --- /dev/null +++ b/extra/bluetooth-audio.nix @@ -0,0 +1,19 @@ +{ config, lib, pkgs, ... }: + +{ + hardware.bluetooth = { + enable = true; + package = pkgs.bluezFull; + config = { + General = { + Enable = "Source,Sink,Media,Socket"; + }; + }; + }; + hardware.pulseaudio = { + enable = true; + extraModules = [ pkgs.pulseaudio-modules-bt ]; + package = pkgs.pulseaudioFull; + }; + services.blueman.enable = true; +} diff --git a/extra/clean.nix b/extra/clean.nix new file mode 100644 index 0000000..ad868a2 --- /dev/null +++ b/extra/clean.nix @@ -0,0 +1,10 @@ +{ config, lib, pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + baobab + #dupeguru + jdupes + kondo + ]; +} diff --git a/extra/default.nix b/extra/default.nix new file mode 100644 index 0000000..8bd0b0d --- /dev/null +++ b/extra/default.nix @@ -0,0 +1,119 @@ +{ config, lib, pkgs, ... }: +let + unstable = import { config = { allowUnfree = true; }; }; +in +{ + + imports = [ + ./fonts.nix + ]; + + programs.gnome-disks.enable = true; + services.udisks2.enable = true; + + # test if working + #xdg.mime.enable = true; + + # make gnome settings persistent + + programs.dconf.enable = true; + + # gnome services + services.dbus.packages = [ pkgs.gnome3.dconf ]; + services.udev.packages = [ pkgs.gnome3.gnome-settings-daemon ]; + services.gnome3.gnome-keyring.enable = true; + services.gnome3.glib-networking.enable = true; + # enable trash & network-mount in nautilus + services.gvfs.enable = true; + + environment.systemPackages = with pkgs; [ + #mime-types + xdg_utils + adwaita-qt + arc-icon-theme + arc-kde-theme + arc-theme + evince + firefox-wayland + #geary + ghostwriter + (gimp-with-plugins.override { plugins = with gimpPlugins; [ resynthesizer ]; }) + glib + gnome3.adwaita-icon-theme + gnome3.eog + gnome3.file-roller + gnome3.gnome-calendar + gnome3.gnome-system-monitor + gnome3.nautilus + gnome3.nautilus-python + gnome3.simple-scan + keepassxc + keychain + konsole + libnotify + libreoffice + lollypop + unstable.newsflash + numix-cursor-theme + numix-icon-theme + numix-icon-theme-circle + polkit_gnome + qgnomeplatform + rhythmbox + simple-scan + #spotify + socat + tdesktop + thunderbird + typora + virtmanager + vlc + mpv-with-scripts + wayvnc + zathura + zeal + + # TODO sort them in different files + pdfgrep + physlock + #symlinks + ]; + + # Enable firmware update daemon + services.fwupd.enable = true; + + programs.wireshark.enable = true; + programs.wireshark.package = pkgs.wireshark; + + services.accounts-daemon.enable = true; + + environment.interactiveShellInit = '' + if test `tty` = /dev/tty1; then + exec sway + fi + ''; + +# services.xserver = { +# enable = true; +# layout = "us"; +# xkbOptions = "eurosign:e"; +# libinput.enable = true; +# libinput.naturalScrolling = true; +# +# startDbusSession = true; +# updateDbusEnvironment = true; +# +# desktopManager = { +# xterm.enable = false; +# gnome3.enable = false; +# }; +# +# displayManager = { +# sessionData.sessionNames = [ "sway" "none+i3" ]; +# defaultSession = "sway"; +# gdm.enable = true; +# gdm.wayland = true; +# lightdm.enable = false; +# }; +# }; +} diff --git a/extra/desktop-development.nix b/extra/desktop-development.nix new file mode 100644 index 0000000..918ee14 --- /dev/null +++ b/extra/desktop-development.nix @@ -0,0 +1,14 @@ +{ config, pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + arduino + bless # hex editor + chromium + dbeaver + filezilla + fritzing + insomnia + #jetbrains.idea-community + sublime3 + ]; +} diff --git a/extra/development.nix b/extra/development.nix new file mode 100644 index 0000000..ff4d81c --- /dev/null +++ b/extra/development.nix @@ -0,0 +1,52 @@ +{ config, pkgs, ... }: +let + unstable = import { config = { allowUnfree = true; }; }; +in +{ + environment.systemPackages = with pkgs; [ + # rust + unstable.cargo + unstable.clippy # lint + cargo-flamegraph + cargo-outdated + # general + clang + cmake + cvs + dfeet + direnv + entr + git + gnumake + go + hugo + meson + ninja + patchelf + pkg-config + (python3.withPackages (ps: with ps; [ + nltk # language-toolkit + tqdm # progressbar in pandas + jupyter # notebooks + Keras # machine learning + tensorflow-build_2 # machine learning + transformers # machine learning + numpy + pandas + matplotlib + scipy + scikitlearn + pillow + ])) + ripgrep + rustfmt + unstable.rustc + shellcheck + sloccount + topgrade + valgrind + vimPlugins.YouCompleteMe + ycmd + woeusb + ]; +} diff --git a/extra/docker.nix b/extra/docker.nix new file mode 100644 index 0000000..295d22e --- /dev/null +++ b/extra/docker.nix @@ -0,0 +1,8 @@ +{ config, pkgs, ... }: + +{ + virtualisation.docker.enable = true; + environment.systemPackages = with pkgs; [ + docker_compose + ]; +} diff --git a/extra/filesystem.nix b/extra/filesystem.nix new file mode 100644 index 0000000..4d03097 --- /dev/null +++ b/extra/filesystem.nix @@ -0,0 +1,12 @@ +{ config, pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + davfs2 + fuse3 + hfsprogs + mtpfs + nfs-utils + ntfs3g + sshfs + ]; +} diff --git a/extra/fonts.nix b/extra/fonts.nix new file mode 100644 index 0000000..957fe2e --- /dev/null +++ b/extra/fonts.nix @@ -0,0 +1,29 @@ +{ config, pkgs, ... }: +{ + fonts = { + fontconfig.defaultFonts = { + monospace = [ "Ubuntu Mono" ]; + sansSerif = [ "Ubuntu" ]; + serif = [ "DejaVu Serif" ]; + }; + + fonts = with pkgs; [ + cantarell-fonts # gnome default + dina-font + fira + fira-mono + fira-code + fira-code-symbols + font-awesome + liberation_ttf + #mplus-outline-fonts + noto-fonts + noto-fonts-cjk + noto-fonts-emoji + proggyfonts + ubuntu_font_family + joypixels + #unifont # unicode + ]; + }; +} diff --git a/extra/gaming.nix b/extra/gaming.nix new file mode 100644 index 0000000..21fecc2 --- /dev/null +++ b/extra/gaming.nix @@ -0,0 +1,22 @@ +{ config, lib, pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + blobby + discord + minecraft + minetest + openttd + superTuxKart + steam + SDL + SDL2 + wine + winetricks + ]; + + programs.steam.enable = true; + + hardware.opengl.driSupport32Bit = true; + hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ]; + hardware.pulseaudio.support32Bit = true; +} diff --git a/extra/hardware-base.nix b/extra/hardware-base.nix new file mode 100644 index 0000000..672f020 --- /dev/null +++ b/extra/hardware-base.nix @@ -0,0 +1,14 @@ +{ config, lib, pkgs, ... }: + +{ + services.smartd.enable = true; + environment.systemPackages = with pkgs; [ + dmidecode + f3 + hdparm + lm_sensors + pciutils + smartmontools + testdisk + ]; +} diff --git a/extra/intel-video.nix b/extra/intel-video.nix new file mode 100644 index 0000000..be67722 --- /dev/null +++ b/extra/intel-video.nix @@ -0,0 +1,15 @@ +{ config, pkgs, ... }: +{ + nixpkgs.config.packageOverrides = pkgs: { + vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; + }; + hardware.opengl = { + enable = true; + extraPackages = with pkgs; [ + intel-media-driver # LIBVA_DRIVER_NAME=iHD + vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) + vaapiVdpau + libvdpau-va-gl + ]; + }; +} diff --git a/extra/intel.nix b/extra/intel.nix new file mode 100644 index 0000000..237a74b --- /dev/null +++ b/extra/intel.nix @@ -0,0 +1,5 @@ +{ config, lib, pkgs, ... }: + +{ + hardware.cpu.intel.updateMicrocode = true; +} diff --git a/extra/kvm.nix b/extra/kvm.nix new file mode 100644 index 0000000..8a3bcad --- /dev/null +++ b/extra/kvm.nix @@ -0,0 +1,9 @@ +{ config, lib, pkgs, ... }: + +{ + boot.kernelModules = [ + "kvm-amd" + "kvm-intel" + ]; + virtualisation.libvirtd.enable = true; +} diff --git a/extra/location.nix b/extra/location.nix new file mode 100644 index 0000000..7c25d45 --- /dev/null +++ b/extra/location.nix @@ -0,0 +1,24 @@ +{ config, lib, pkgs, ... }: + +{ + location.provider = "geoclue2"; + + services.geoclue2.enable = true; + services.geoclue2.enableDemoAgent = true; + services.geoclue2.appConfig."gammastep" = { + desktopID = "gammastep"; + isAllowed = true; + isSystem = false; + # Empty list allows all users + users = [ ]; + }; + + services.geoclue2.appConfig."gammastep-indicator" = { + desktopID = "gammastep-indicator"; + isAllowed = true; + isSystem = false; + # Empty list allows all users + users = [ ]; + }; + +} diff --git a/extra/media.nix b/extra/media.nix new file mode 100644 index 0000000..6ec7a18 --- /dev/null +++ b/extra/media.nix @@ -0,0 +1,26 @@ +{ config, lib, pkgs, ... }: +let + unstable = import { config = { allowUnfree = true; }; }; +in +{ + environment.systemPackages = with pkgs; [ + audacity + chromaprint # music-brainz fingerprint + ffmpeg + gallery-dl + graphviz + handbrake + imagemagick + image_optim + inkscape + unstable.puddletag # audio tagging + mp3val + #mediaelch + unstable.mediaelch + picard + projectm + shotwell + soundkonverter + youtube-dl + ]; +} diff --git a/extra/meeting.nix b/extra/meeting.nix new file mode 100644 index 0000000..0e9ecc0 --- /dev/null +++ b/extra/meeting.nix @@ -0,0 +1,15 @@ +{ config, lib, pkgs, ... }: +let + unstable = import { config = { allowUnfree = true; }; }; +in +{ + environment.systemPackages = with pkgs; [ + element-desktop + mumble + unstable.nheko + pidgin + skypeforlinux + signal-desktop + teamspeak_client + ]; +} diff --git a/extra/networkdecrypt.nix b/extra/networkdecrypt.nix new file mode 100644 index 0000000..24e7f2c --- /dev/null +++ b/extra/networkdecrypt.nix @@ -0,0 +1,22 @@ +{ pkgs, ... }: + +{ + boot.initrd.network = { + enable = true; + + ssh = { + enable = true; + port = 2222; + hostKeys = [ + /etc/secrets/initrd/ssh_host_ed25519_key + ]; + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFx6OLwL9MbkD3mnMsv+xrzZHN/rwCTgVs758SCLG0h felix@thinkman" + ]; + }; + + postCommands = '' + echo 'cryptsetup-askpass' >> /root/.profile + ''; + }; +} diff --git a/extra/nix.nix b/extra/nix.nix new file mode 100644 index 0000000..963af8a --- /dev/null +++ b/extra/nix.nix @@ -0,0 +1,7 @@ +{ config, lib, pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + nixpkgs-fmt + nix-prefetch-git + ]; +} diff --git a/extra/power.nix b/extra/power.nix new file mode 100644 index 0000000..9f9e6ea --- /dev/null +++ b/extra/power.nix @@ -0,0 +1,19 @@ +{ config, lib, pkgs, ... }: + +{ + environment.systemPackages = [ + config.boot.kernelPackages.cpupower + pkgs.powertop + pkgs.s-tui + ]; + + powerManagement = { + cpuFreqGovernor = lib.mkDefault "powersave"; + powertop.enable = true; + }; + + services = { + thermald.enable = true; + upower.enable = true; + }; +} diff --git a/extra/presentation.nix b/extra/presentation.nix new file mode 100644 index 0000000..368bff6 --- /dev/null +++ b/extra/presentation.nix @@ -0,0 +1,6 @@ +{ config, pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + pdfpc + ]; +} diff --git a/extra/printer.nix b/extra/printer.nix new file mode 100644 index 0000000..bc1437d --- /dev/null +++ b/extra/printer.nix @@ -0,0 +1,10 @@ +{ config, lib, pkgs, ... }: + +{ + services.printing.enable = true; + services.printing.drivers = with pkgs; [ + gutenprint + hplip + ]; + programs.system-config-printer.enable = true; +} diff --git a/extra/screen-sharing.nix b/extra/screen-sharing.nix new file mode 100644 index 0000000..5464809 --- /dev/null +++ b/extra/screen-sharing.nix @@ -0,0 +1,25 @@ +{ config, lib, pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + remmina + teamviewer + ]; + + services.pipewire.enable = true; + + xdg.portal = { + enable = true; + extraPortals = with pkgs; [ + xdg-desktop-portal-gtk + xdg-desktop-portal-wlr + ]; + gtkUsePortal = true; + }; + + # for firefox + environment.sessionVariables = { + MOZ_ENABLE_WAYLAND = "1"; + XDG_CURRENT_DESKTOP = "sway"; + XDG_SESSION_TYPE = "wayland"; + }; +} diff --git a/extra/security.nix b/extra/security.nix new file mode 100644 index 0000000..baf7b9e --- /dev/null +++ b/extra/security.nix @@ -0,0 +1,7 @@ +{ config, lib, pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + aircrack-ng + lynis + ]; +} diff --git a/extra/sound.nix b/extra/sound.nix new file mode 100644 index 0000000..ff2f784 --- /dev/null +++ b/extra/sound.nix @@ -0,0 +1,11 @@ +{ config, pkgs, ... }: + +{ + sound.enable = true; + hardware.pulseaudio.enable = true; + environment.systemPackages = with pkgs; [ + noisetorch + pavucontrol + playerctl + ]; +} diff --git a/extra/ssh.nix b/extra/ssh.nix new file mode 100644 index 0000000..4b723d6 --- /dev/null +++ b/extra/ssh.nix @@ -0,0 +1,9 @@ +{ config, ... }: +{ + services.openssh.enable = true; + + # WARNING: if you remove this, then you need to assign a password to your user, otherwise + # `sudo` won't work. You can do that either by using `passwd` after the first rebuild or + # by setting an hashed password in the `users.users.felix` block as `initialHashedPassword`. + security.sudo.wheelNeedsPassword = false; +} diff --git a/extra/sync.nix b/extra/sync.nix new file mode 100644 index 0000000..32605bb --- /dev/null +++ b/extra/sync.nix @@ -0,0 +1,12 @@ +{ config, pkgs, ... }: +let + unstable = import { config = { allowUnfree = true; }; }; +in +{ + environment.systemPackages = with pkgs; [ + nextcloud-client + unstable.syncthing + magic-wormhole + vdirsyncer + ]; +} diff --git a/extra/systemd-user.nix b/extra/systemd-user.nix new file mode 100644 index 0000000..beb7ae7 --- /dev/null +++ b/extra/systemd-user.nix @@ -0,0 +1,6 @@ +{ config, ... }: +{ + systemd.user.extraConfig = '' + DefaultEnvironment="PATH=/run/current-system/sw/bin" + ''; +} diff --git a/extra/systemduefi.nix b/extra/systemduefi.nix new file mode 100644 index 0000000..c7a5ae9 --- /dev/null +++ b/extra/systemduefi.nix @@ -0,0 +1,15 @@ +{ config, lib, pkgs, ... }: + +{ + boot = { + loader = { + timeout = 1; + systemd-boot = { + enable = true; + configurationLimit = 10; + consoleMode = "keep"; + editor = true; + }; + }; + }; +} diff --git a/extra/tex.nix b/extra/tex.nix new file mode 100644 index 0000000..6dc4d1e --- /dev/null +++ b/extra/tex.nix @@ -0,0 +1,12 @@ +{ config, pkgs, ... }: +let + unstable = import { config = { allowUnfree = true; }; }; +in +{ + environment.systemPackages = with pkgs; [ + unstable.jabref + biber + texlive.combined.scheme-full + texstudio + ]; +} diff --git a/extra/theme.nix b/extra/theme.nix new file mode 100644 index 0000000..c7ceabf --- /dev/null +++ b/extra/theme.nix @@ -0,0 +1,10 @@ +{ config, lib, pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + gtk-engine-murrine + gtk_engines + gsettings-desktop-schemas + lxappearance + ]; + programs.qt5ct.enable = true; +} diff --git a/extra/thunderbolt.nix b/extra/thunderbolt.nix new file mode 100644 index 0000000..01b223b --- /dev/null +++ b/extra/thunderbolt.nix @@ -0,0 +1,10 @@ +{ config, pkgs, ... }: +let + unstable = import { config = { allowUnfree = true; }; }; +in +{ + environment.systemPackages = with pkgs; [ + thunderbolt + ]; + services.hardware.bolt.enable = true; +} diff --git a/extra/webcam.nix b/extra/webcam.nix new file mode 100644 index 0000000..a82f532 --- /dev/null +++ b/extra/webcam.nix @@ -0,0 +1,8 @@ +{ config, lib, pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + fswebcam + gnome3.cheese + ]; +} diff --git a/hardware/raspberrypi4.nix b/hardware/raspberrypi4.nix new file mode 100644 index 0000000..5868f02 --- /dev/null +++ b/hardware/raspberrypi4.nix @@ -0,0 +1,26 @@ +{ config, pkgs, lib, ... }: +{ + # Boot + boot.loader.grub.enable = false; + boot.loader.raspberryPi.enable = true; + boot.loader.raspberryPi.version = 4; + boot.loader.raspberryPi.firmwareConfig = " + # Disable the ACT LED. + dtparam=act_led_trigger=none + dtparam=act_led_activelow=off + # Disable the PWR LED. + dtparam=pwr_led_trigger=none + dtparam=pwr_led_activelow=off + + # Disable SD-Card pools + dtparam=sd_pool_once=on"; + + # Kernel configuration + boot.kernelPackages = pkgs.linuxPackages_rpi4; + boot.kernelParams = [ "cma=64M" "console=tty0" ]; + + # Enable additional firmware (such as Wi-Fi drivers). + hardware.enableRedistributableFirmware = true; + + #swapDevices = [{ device = "/swapfile"; size = 1024; }]; +} diff --git a/hardware/t14.nix b/hardware/t14.nix new file mode 100644 index 0000000..02bc3af --- /dev/null +++ b/hardware/t14.nix @@ -0,0 +1,20 @@ +{ config, lib, ... }: +{ + boot = { + # acpi_call makes tlp work for newer thinkpads + kernelModules = [ "acpi_call" ]; + extraModulePackages = with config.boot.kernelPackages; [ acpi_call ]; + + # Force use of the thinkpad_acpi driver for backlight control. + # This allows the backlight save/load systemd service to work. + kernelParams = [ "acpi_backlight=native" ]; + + # video driver + initrd.kernelModules = [ "i915" ]; + }; + + services.fstrim.enable = lib.mkDefault true; + + # Special power management settings for ThinkPads + services.tlp.enable = true; +} diff --git a/helpers.sh b/helpers.sh new file mode 100644 index 0000000..fd98d4c --- /dev/null +++ b/helpers.sh @@ -0,0 +1,136 @@ +#!/bin/sh + +ask_if_sure(){ + while true; do + read -p "reinstall & ERASE ALL DATA? [y/n] " yn + case $yn in + [Yy]* ) break;; + [Nn]* ) exit 1;; + * ) echo "Please answer yes or no.";; + esac + done +} + +blk_wait(){ + local dev="${1?}" + + while ! [ -b "${dev}" ]; do + sleep 0.1 + done +} + +blk_info_partuuid(){ + local dev="${1?}" + + printf '/dev/disk/by-partuuid/%s' "$(blkid -o value -s PARTUUID "${dev}")" +} + +blk_info_uuid(){ + local dev="${1?}" + + printf '/dev/disk/by-uuid/%s' "$(blkid -o value -s UUID "${dev}")" +} + +# Write into /tmp/password your password (without a trailing newline!) +# So you won't get asked for a password during installation +# +# If you want to get asked for every password, just remove this function +cryptsetup(){ + command cryptsetup $* --key-file /tmp/passwd -q +} + +install_os(){ + local folder="${1?}" + nixos-install --cores 0 --max-jobs auto --root "${folder}" +} + +luks_close(){ + local drive="${1?}" + + if cryptsetup status "${drive}" &>/dev/null; then + cryptsetup close "${drive}" + fi +} + +lvm_remove_lv(){ + local lv="${1?}" + + if lvs "${lv}"; then + lvremove -f "${lv}" + fi +} + +lvm_remove_vg(){ + local vg="${1?}" + + if vgs "${vg}"; then + vgremove "${vg}" + fi +} + +lvm_remove_pv(){ + local pv="${1?}" + + if pvs "${pv}"; then + pvremove "${pv}" + fi +} + +macro_replace(){ + local macro="${1?}" + local value="${2?}" + local file="${3?}" + + sed -i "s%${macro}%${value}%g" "${file}" +} + +mp_mount(){ + local src="${1?}" + local dst="${2?}" + local fstype="${3:-}" + + mkdir -p "${CHROOT_BASE?}${dst}" + mount ${fstype:+-t} ${fstype:+"${fstype}"} "${src}" "${CHROOT_BASE?}${dst}" +} + +mp_umount(){ + local mountpoint="${1?}" + + if mountpoint "${CHROOT_BASE}${mountpoint}" &>/dev/null; then + umount -R "${CHROOT_BASE}${mountpoint}" + fi + + if [ -d "${CHROOT_BASE}${mountpoint}" ]; then + rmdir "${CHROOT_BASE}${mountpoint}" + fi + ! [ -e "${CHROOT_BASE}${mountpoint}" ] +} + +parttable_clear(){ + local drive="${1?}" + + while ! sgdisk -Z "${drive}" &>/dev/null; do + sleep 0.1 + done +} + +zero_blockdev(){ + local dev="${1?}" + + blkdiscard "${dev}" +} + +zero_overwrite(){ + local fsdev="${1?}" + local MBs="${2:-10}" + + dd if=/dev/zero of="${fsdev}" bs=1M count="${MBs}" conv=sync +} + +# Helper.sh +zfs_pool_destroy(){ + local pool="${1?}" + if zpool status "${pool}" &>/dev/null; then + zpool destroy "${pool}" + fi +} diff --git a/install-serverle.sh b/install-serverle.sh new file mode 100644 index 0000000..47cb891 --- /dev/null +++ b/install-serverle.sh @@ -0,0 +1,88 @@ +#!/usr/bin/env bash + +set -eux -o pipefail + +BASE="$(dirname "$(readlink -f "$0")")" +. "${BASE}/helpers.sh" + +export HOST=serverle +export DRIVE_ROOT=/dev/disk/by-id/usb-Seagate_Expansion_2HC015KJ-0\:0 + +export NIXOS_FILES="${NIXOS_FILES:-$PWD}" +export CHROOT_BASE="/mnt/newroot-${HOST}" + +export DRIVE_ROOT_LUKS=/dev/mapper/luks-root +PARTSEP="-part" + +ask_if_sure + +mp_umount / + +################################################################################################ +echo "Starting Root SSD" + +lvm_remove_lv /dev/vg_root/lv_root +lvm_remove_lv /dev/vg_root/lv_srv +lvm_remove_vg vg_root +lvm_remove_pv "${DRIVE_ROOT_LUKS}" + +luks_close "$(basename "${DRIVE_ROOT_LUKS}")" +#zero_blockdev "${DRIVE_ROOT}" # trim support is not available on external drives + +parttable_clear "${DRIVE_ROOT}" + +# ROOT SSD SETUP +sgdisk \ + -o "${DRIVE_ROOT}" \ + -n 1:2048:4095 -c 1:"BIOS Boot Partition" -t 1:ef02 \ + -n 2:4096:823295 -c 2:"EFI System Partition" -t 2:ef00 \ + --largest-new=3 -c 3:"Crypt" -t 3:8309 \ + -p + +cryptsetup luksFormat "${DRIVE_ROOT}${PARTSEP}3" +cryptsetup luksOpen --allow-discards "${DRIVE_ROOT}${PARTSEP}3" "$(basename "${DRIVE_ROOT_LUKS}")" + +pvcreate "${DRIVE_ROOT_LUKS}" +vgcreate vg_root "${DRIVE_ROOT_LUKS}" + +lvcreate -L 50GiB -n lv_root vg_root +mkfs.ext4 -L "${HOST}-root" /dev/vg_root/lv_root + +lvcreate -L 250GiB -n lv_srv vg_root +mkfs.ext4 -L "${HOST}-srv" /dev/vg_root/lv_srv + +lvcreate -L 4GiB -n lv_swap vg_root +mkswap -L "${HOST}-swap" /dev/vg_root/lv_swap + +zero_overwrite "${DRIVE_ROOT}${PARTSEP}2" +mkfs.vfat -n "${HOST}-boot" "${DRIVE_ROOT}${PARTSEP}2" + +mp_mount /dev/vg_root/lv_root / +mp_mount /dev/vg_root/lv_srv /srv +mp_mount "${DRIVE_ROOT}${PARTSEP}2" /boot + +mkdir -p /etc/secrets/initrd +ssh-keygen -t ed25519 -N "" -f "/etc/secrets/initrd/ssh_host_ed25519_key" + +mkdir -p "${CHROOT_BASE}/etc/nixos/" +rsync -avH "${NIXOS_FILES}/" "${CHROOT_BASE}/etc/nixos/" + +mkdir -p "${CHROOT_BASE}/etc/secrets/initrd" +rsync -avH "/etc/secrets/" "${CHROOT_BASE}/etc/secrets/" + +cat >> "${CHROOT_BASE}/etc/nixos/vars-uuids.nix" <> "${CHROOT_BASE}/etc/nixos/vars-uuids.nix" < { config = { allowUnfree = true; }; }; +in +{ + programs.light.enable = true; + + environment.systemPackages = with pkgs; [ + polkit_gnome + ]; + environment.pathsToLink = [ "/libexec" ]; + #programs.wshowkeys.enable = true; + + programs.sway = { + enable = true; + wrapperFeatures = { + gtk = true; + base = true; + }; + + extraPackages = with pkgs; [ + alacritty + brightnessctl + dmenu + gammastep + grim + unstable.i3status-rust + mako + slurp + swayidle + swaylock + wdisplays + wf-recorder + wl-clipboard + wofi + xwayland + unstable.wshowkeys + ]; + + + extraSessionCommands = + '' + export XDG_SESSION_TYPE=wayland + export XDG_CURRENT_DESKTOP=sway + export SDL_VIDEODRIVER=wayland + export QT_QPA_PLATFORM=wayland + export QT_WAYLAND_DISABLE_WINDOWDECORATION="1" + export _JAVA_AWT_WM_NONREPARENTING=1 + export CLUTTER_BACKEND=wayland + export SAL_USE_VCLPLUGIN=gtk3 + export MOZ_ENABLE_WAYLAND=1 + export MOZ_USE_XINPUT2=1 + ''; + }; +} diff --git a/thinkman.nix b/thinkman.nix new file mode 100644 index 0000000..209a599 --- /dev/null +++ b/thinkman.nix @@ -0,0 +1,57 @@ +{ config, pkgs, lib, ... }: +{ + imports = [ + ./backup.nix + ./core.nix + ./default.nix + ./disks.nix + ./disks-home.nix + ./sway.nix + ./extra/3d-printing.nix + ./extra/android.nix + ./extra/arch-linux.nix + ./extra/avahi.nix + ./extra/bluetooth-audio.nix + ./extra/clean.nix + ./extra/default.nix + ./extra/desktop-development.nix + ./extra/development.nix + ./extra/docker.nix + ./extra/filesystem.nix + ./extra/gaming.nix + ./extra/hardware-base.nix + ./extra/intel-video.nix + ./extra/intel.nix + ./extra/kvm.nix + ./extra/location.nix + ./extra/media.nix + ./extra/meeting.nix + ./extra/nix.nix + ./extra/power.nix + ./extra/presentation.nix + ./extra/printer.nix + ./extra/screen-sharing.nix + ./extra/sound.nix + ./extra/sync.nix + ./extra/systemd-user.nix + ./extra/systemduefi.nix + ./extra/tex.nix + ./extra/theme.nix + ./extra/thunderbolt.nix + ./extra/webcam.nix + ./hardware/t14.nix + ]; + + networking.hostName = "thinkman"; + + # Use latest kernel + boot.kernelPackages = pkgs.linuxPackages_latest; + + # Nix + nix.gc.automatic = true; + nix.gc.options = "--delete-older-than 30d"; + + system.stateVersion = "20.09"; + system.autoUpgrade.enable = true; + system.autoUpgrade.channel = https://nixos.org/channels/nixos-20.09; +} diff --git a/users.nix b/users.nix new file mode 100644 index 0000000..8731463 --- /dev/null +++ b/users.nix @@ -0,0 +1,23 @@ +{ config, pkgs, lib, ... }: +{ + users.users.felix = { + isNormalUser = true; + home = "/home/felix"; + group = "felix"; + extraGroups = [ + "wheel" + "adbusers" + "audio" + "docker" + "input" + "libvirtd" + "networkmanager" + "video" + ]; + openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFx6OLwL9MbkD3mnMsv+xrzZHN/rwCTgVs758SCLG0h felix@thinkman" ]; + }; + + users.groups.felix = { + gid = 1000; + }; +}