felix/nixos
1
0
Fork 0
mirror of https://github.com/Stunkymonkey/nixos.git synced 2025-05-24 09:54:40 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

initial commit

Browse source
This commit is contained in:
Felix Buehler 2020-11-16 21:14:46 +01:00
commit 7517f318dc
55 changed files with 1401 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

3
.gitignore vendored Normal file
View file

@ -0,0 +1,3 @@
configuration.nix
vars-uuids.nix
vars-backup.nix

27
README.md Normal file
View file

@ -0,0 +1,27 @@
# My personal NixOS-configuration
work in progress...
get internet
`wpa_passphrase "<SSID>" > /etc/wpa_supplicant.conf`
`systemctl restart wpa_supplicant`
install git
`nix-env -iA nixos.git`
get this repo
`git clone https://github.com/Stunkymonkey/nixos.git`
`cd nixos`
link to correct host
`ln -s <host>.nix configuration.nix`
set password for luks
`vim /tmp/password`
enter password
`head -c <#char> /tmp/password > /tmp/passwd`
install
`bash install-<hostname>.sh`
wait + enter password
`reboot`

82
backup.nix Normal file
View file

@ -0,0 +1,82 @@
{ config, lib, pkgs, ... }:
let
cfg = import ./vars-backup.nix;
borgbackupMonitor = { config, pkgs, lib, ... }: with lib; {
key = "borgbackupMonitor";
_file = "borgbackupMonitor";
config.systemd.services = {
"notify-problems@" = {
enable = true;
serviceConfig.User = "felix";
environment.SERVICE = "%i";
script = ''
export $(cat /proc/$(${pkgs.procps}/bin/pgrep -x "sway" -u "$USER")/environ |grep -z '^DBUS_SESSION_BUS_ADDRESS=')
${pkgs.libnotify}/bin/notify-send -u critical "$SERVICE FAILED!" "Run journalctl -u $SERVICE for details"
'';
};
} // flip mapAttrs' config.services.borgbackup.jobs (name: value:
nameValuePair "borgbackup-job-${name}" {
unitConfig.OnFailure = "notify-problems@%i.service";
preStart = lib.mkBefore ''
# waiting for internet after resume-from-suspend
until /run/wrappers/bin/ping google.com -c1 -q >/dev/null; do :; done
'';
}
);
# forces backup after boot in case server was powered off during scheduled event
config.systemd.timers = flip mapAttrs' config.services.borgbackup.jobs (name: value:
nameValuePair "borgbackup-job-${name}" {
timerConfig.Persistent = true;
}
);
};
in
{
# notification
imports = [
borgbackupMonitor
];
services.borgbackup.jobs.thinkman = {
paths = [
"/"
"/etc/nixos/"
"/home/"
];
exclude = [
"/nix"
"/root/.cache/"
"**/.Trash"
"/tmp/*"
"/var/lock/*"
"/var/run/*"
"/var/tmp/*"
"/home/*/tmp"
"/home/*/todo"
"/home/*/.cache"
"/home/*/.gvfs"
"/home/*/.thumbnails"
"/home/*/.local/share/Trash"
];
extraCreateArgs = "--one-file-system --exclude-caches --keep-exclude-tags --stats";
encryption = {
mode = "repokey-blake2";
passCommand = "cat /root/.borg_password";
};
environment.BORG_RSH = "ssh -o 'StrictHostKeyChecking=no' -i /root/.ssh/backup_ed25519 -p 23";
repo = "${cfg.borg.user}@${cfg.borg.host}:${cfg.borg.dir}";
compression = "auto,zstd";
doInit = false;
startAt = "daily";
prune.keep = {
last = 1;
within = "3d";
daily = 7;
weekly = 4;
monthly = 6;
yearly = 2;
};
};
}

45
core.nix Normal file
View file

@ -0,0 +1,45 @@
{ config, pkgs, lib, ... }:
{
# Packages
environment.systemPackages = with pkgs; [
bandwhich
bind # dig
borgbackup
cryptsetup
docker-compose
file
fzf
gettext
git
gitAndTools.delta
gnufdisk
gptfdisk
htop
inetutils
jq
killall
lsof
mosh
multipath-tools #-> kpartx
mtr
nix-index
nmap
nmon
pciutils
pv
reptyr
rsync
screen
stress-ng
usbutils
tmux
vim
wget
whois
zip
unzip
];
time.timeZone = "Europe/Berlin";
services.timesyncd.enable = true;
}

9
default.nix Normal file
View file

@ -0,0 +1,9 @@
{ config, lib, pkgs, ... }:
{
imports = [
./modules.nix
./network.nix
./users.nix
];
}

12
disks-home.nix Normal file
View file

@ -0,0 +1,12 @@
{ config, lib, pkgs, ... }:
#FIXME: komplett anpassen
let
uuids = import ./vars-uuids.nix;
in
{
fileSystems."/home" = {
device = "/dev/disk/by-uuid/${uuids.fs.home}";
fsType = "ext4";
};
}

12
disks-srv.nix Normal file
View file

@ -0,0 +1,12 @@
{ config, lib, pkgs, ... }:
let
uuids = import ./vars-uuids.nix;
in
{
# FS
fileSystems."/srv" = {
device = "/dev/disk/by-uuid/${uuids.fs.srv}";
fsType = "ext4";
};
}

32
disks.nix Normal file
View file

@ -0,0 +1,32 @@
{ config, lib, pkgs, ... }:
#FIXME: komplett anpassen
let
uuids = import ./vars-uuids.nix;
in
{
boot.initrd.luks.devices."luks-drive" = {
name = "luks-drive";
device = "/dev/disk/by-partuuid/${uuids.luks.root}";
preLVM = true;
allowDiscards = true;
};
# FS
fileSystems."/" = {
device = "/dev/disk/by-uuid/${uuids.fs.root}";
fsType = "ext4";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/${uuids.fs.boot}";
fsType = "vfat";
};
# Swap
swapDevices = [
{
device = "/dev/disk/by-uuid/${uuids.fs.swap}";
}
];
}

8
extra/3d-printing.nix Normal file
View file

@ -0,0 +1,8 @@
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
meshlab
cura
openscad
];
}

7
extra/android.nix Normal file
View file

@ -0,0 +1,7 @@
{ config, pkgs, ... }:
{
programs.adb.enable = true;
environment.systemPackages = with pkgs; [
scrcpy
];
}

7
extra/arch-linux.nix Normal file
View file

@ -0,0 +1,7 @@
{ config, lib, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
pacman
];
environment.etc."makepkg.conf".source = "${pkgs.pacman}/etc/makepkg.conf";
}

13
extra/avahi.nix Normal file
View file

@ -0,0 +1,13 @@
{ config, pkgs, lib, ... }:
{
services.avahi = {
enable = true;
nssmdns = true;
publish = {
enable = true;
addresses = true;
workstation = true;
userServices = true;
};
};
}

19
extra/bluetooth-audio.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, lib, pkgs, ... }:
{
hardware.bluetooth = {
enable = true;
package = pkgs.bluezFull;
config = {
General = {
Enable = "Source,Sink,Media,Socket";
};
};
};
hardware.pulseaudio = {
enable = true;
extraModules = [ pkgs.pulseaudio-modules-bt ];
package = pkgs.pulseaudioFull;
};
services.blueman.enable = true;
}

10
extra/clean.nix Normal file
View file

@ -0,0 +1,10 @@
{ config, lib, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
baobab
#dupeguru
jdupes
kondo
];
}

119
extra/default.nix Normal file
View file

@ -0,0 +1,119 @@
{ config, lib, pkgs, ... }:
let
unstable = import <nixos-unstable> { config = { allowUnfree = true; }; };
in
{
imports = [
./fonts.nix
];
programs.gnome-disks.enable = true;
services.udisks2.enable = true;
# test if working
#xdg.mime.enable = true;
# make gnome settings persistent
programs.dconf.enable = true;
# gnome services
services.dbus.packages = [ pkgs.gnome3.dconf ];
services.udev.packages = [ pkgs.gnome3.gnome-settings-daemon ];
services.gnome3.gnome-keyring.enable = true;
services.gnome3.glib-networking.enable = true;
# enable trash & network-mount in nautilus
services.gvfs.enable = true;
environment.systemPackages = with pkgs; [
#mime-types
xdg_utils
adwaita-qt
arc-icon-theme
arc-kde-theme
arc-theme
evince
firefox-wayland
#geary
ghostwriter
(gimp-with-plugins.override { plugins = with gimpPlugins; [ resynthesizer ]; })
glib
gnome3.adwaita-icon-theme
gnome3.eog
gnome3.file-roller
gnome3.gnome-calendar
gnome3.gnome-system-monitor
gnome3.nautilus
gnome3.nautilus-python
gnome3.simple-scan
keepassxc
keychain
konsole
libnotify
libreoffice
lollypop
unstable.newsflash
numix-cursor-theme
numix-icon-theme
numix-icon-theme-circle
polkit_gnome
qgnomeplatform
rhythmbox
simple-scan
#spotify
socat
tdesktop
thunderbird
typora
virtmanager
vlc
mpv-with-scripts
wayvnc
zathura
zeal
# TODO sort them in different files
pdfgrep
physlock
#symlinks
];
# Enable firmware update daemon
services.fwupd.enable = true;
programs.wireshark.enable = true;
programs.wireshark.package = pkgs.wireshark;
services.accounts-daemon.enable = true;
environment.interactiveShellInit = ''
if test `tty` = /dev/tty1; then
exec sway
fi
'';
# services.xserver = {
# enable = true;
# layout = "us";
# xkbOptions = "eurosign:e";
# libinput.enable = true;
# libinput.naturalScrolling = true;
#
# startDbusSession = true;
# updateDbusEnvironment = true;
#
# desktopManager = {
# xterm.enable = false;
# gnome3.enable = false;
# };
#
# displayManager = {
# sessionData.sessionNames = [ "sway" "none+i3" ];
# defaultSession = "sway";
# gdm.enable = true;
# gdm.wayland = true;
# lightdm.enable = false;
# };
# };
}

14
extra/desktop-development.nix Normal file
View file

@ -0,0 +1,14 @@
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
arduino
bless # hex editor
chromium
dbeaver
filezilla
fritzing
insomnia
#jetbrains.idea-community
sublime3
];
}

52
extra/development.nix Normal file
View file

@ -0,0 +1,52 @@
{ config, pkgs, ... }:
let
unstable = import <nixos-unstable> { config = { allowUnfree = true; }; };
in
{
environment.systemPackages = with pkgs; [
# rust
unstable.cargo
unstable.clippy # lint
cargo-flamegraph
cargo-outdated
# general
clang
cmake
cvs
dfeet
direnv
entr
git
gnumake
go
hugo
meson
ninja
patchelf
pkg-config
(python3.withPackages (ps: with ps; [
nltk # language-toolkit
tqdm # progressbar in pandas
jupyter # notebooks
Keras # machine learning
tensorflow-build_2 # machine learning
transformers # machine learning
numpy
pandas
matplotlib
scipy
scikitlearn
pillow
]))
ripgrep
rustfmt
unstable.rustc
shellcheck
sloccount
topgrade
valgrind
vimPlugins.YouCompleteMe
ycmd
woeusb
];
}

8
extra/docker.nix Normal file
View file

@ -0,0 +1,8 @@
{ config, pkgs, ... }:
{
virtualisation.docker.enable = true;
environment.systemPackages = with pkgs; [
docker_compose
];
}

12
extra/filesystem.nix Normal file
View file

@ -0,0 +1,12 @@
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
davfs2
fuse3
hfsprogs
mtpfs
nfs-utils
ntfs3g
sshfs
];
}

29
extra/fonts.nix Normal file
View file

@ -0,0 +1,29 @@
{ config, pkgs, ... }:
{
fonts = {
fontconfig.defaultFonts = {
monospace = [ "Ubuntu Mono" ];
sansSerif = [ "Ubuntu" ];
serif = [ "DejaVu Serif" ];
};
fonts = with pkgs; [
cantarell-fonts # gnome default
dina-font
fira
fira-mono
fira-code
fira-code-symbols
font-awesome
liberation_ttf
#mplus-outline-fonts
noto-fonts
noto-fonts-cjk
noto-fonts-emoji
proggyfonts
ubuntu_font_family
joypixels
#unifont # unicode
];
};
}

22
extra/gaming.nix Normal file
View file

@ -0,0 +1,22 @@
{ config, lib, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
blobby
discord
minecraft
minetest
openttd
superTuxKart
steam
SDL
SDL2
wine
winetricks
];
programs.steam.enable = true;
hardware.opengl.driSupport32Bit = true;
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
hardware.pulseaudio.support32Bit = true;
}

14
extra/hardware-base.nix Normal file
View file

@ -0,0 +1,14 @@
{ config, lib, pkgs, ... }:
{
services.smartd.enable = true;
environment.systemPackages = with pkgs; [
dmidecode
f3
hdparm
lm_sensors
pciutils
smartmontools
testdisk
];
}

15
extra/intel-video.nix Normal file
View file

@ -0,0 +1,15 @@
{ config, pkgs, ... }:
{
nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
hardware.opengl = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver # LIBVA_DRIVER_NAME=iHD
vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
vaapiVdpau
libvdpau-va-gl
];
};
}

5
extra/intel.nix Normal file
View file

@ -0,0 +1,5 @@
{ config, lib, pkgs, ... }:
{
hardware.cpu.intel.updateMicrocode = true;
}

9
extra/kvm.nix Normal file
View file

@ -0,0 +1,9 @@
{ config, lib, pkgs, ... }:
{
boot.kernelModules = [
"kvm-amd"
"kvm-intel"
];
virtualisation.libvirtd.enable = true;
}

24
extra/location.nix Normal file
View file

@ -0,0 +1,24 @@
{ config, lib, pkgs, ... }:
{
location.provider = "geoclue2";
services.geoclue2.enable = true;
services.geoclue2.enableDemoAgent = true;
services.geoclue2.appConfig."gammastep" = {
desktopID = "gammastep";
isAllowed = true;
isSystem = false;
# Empty list allows all users
users = [ ];
};
services.geoclue2.appConfig."gammastep-indicator" = {
desktopID = "gammastep-indicator";
isAllowed = true;
isSystem = false;
# Empty list allows all users
users = [ ];
};
}

26
extra/media.nix Normal file
View file

@ -0,0 +1,26 @@
{ config, lib, pkgs, ... }:
let
unstable = import <nixos-unstable> { config = { allowUnfree = true; }; };
in
{
environment.systemPackages = with pkgs; [
audacity
chromaprint # music-brainz fingerprint
ffmpeg
gallery-dl
graphviz
handbrake
imagemagick
image_optim
inkscape
unstable.puddletag # audio tagging
mp3val
#mediaelch
unstable.mediaelch
picard
projectm
shotwell
soundkonverter
youtube-dl
];
}

15
extra/meeting.nix Normal file
View file

@ -0,0 +1,15 @@
{ config, lib, pkgs, ... }:
let
unstable = import <nixos-unstable> { config = { allowUnfree = true; }; };
in
{
environment.systemPackages = with pkgs; [
element-desktop
mumble
unstable.nheko
pidgin
skypeforlinux
signal-desktop
teamspeak_client
];
}

22
extra/networkdecrypt.nix Normal file
View file

@ -0,0 +1,22 @@
{ pkgs, ... }:
{
boot.initrd.network = {
enable = true;
ssh = {
enable = true;
port = 2222;
hostKeys = [
/etc/secrets/initrd/ssh_host_ed25519_key
];
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFx6OLwL9MbkD3mnMsv+xrzZHN/rwCTgVs758SCLG0h felix@thinkman"
];
};
postCommands = ''
echo 'cryptsetup-askpass' >> /root/.profile
'';
};
}

7
extra/nix.nix Normal file
View file

@ -0,0 +1,7 @@
{ config, lib, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
nixpkgs-fmt
nix-prefetch-git
];
}

19
extra/power.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, lib, pkgs, ... }:
{
environment.systemPackages = [
config.boot.kernelPackages.cpupower
pkgs.powertop
pkgs.s-tui
];
powerManagement = {
cpuFreqGovernor = lib.mkDefault "powersave";
powertop.enable = true;
};
services = {
thermald.enable = true;
upower.enable = true;
};
}

6
extra/presentation.nix Normal file
View file

@ -0,0 +1,6 @@
{ config, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
pdfpc
];
}

10
extra/printer.nix Normal file
View file

@ -0,0 +1,10 @@
{ config, lib, pkgs, ... }:
{
services.printing.enable = true;
services.printing.drivers = with pkgs; [
gutenprint
hplip
];
programs.system-config-printer.enable = true;
}

25
extra/screen-sharing.nix Normal file
View file

@ -0,0 +1,25 @@
{ config, lib, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
remmina
teamviewer
];
services.pipewire.enable = true;
xdg.portal = {
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
xdg-desktop-portal-wlr
];
gtkUsePortal = true;
};
# for firefox
environment.sessionVariables = {
MOZ_ENABLE_WAYLAND = "1";
XDG_CURRENT_DESKTOP = "sway";
XDG_SESSION_TYPE = "wayland";
};
}

7
extra/security.nix Normal file
View file

@ -0,0 +1,7 @@
{ config, lib, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
aircrack-ng
lynis
];
}

11
extra/sound.nix Normal file
View file

@ -0,0 +1,11 @@
{ config, pkgs, ... }:
{
sound.enable = true;
hardware.pulseaudio.enable = true;
environment.systemPackages = with pkgs; [
noisetorch
pavucontrol
playerctl
];
}

9
extra/ssh.nix Normal file
View file

@ -0,0 +1,9 @@
{ config, ... }:
{
services.openssh.enable = true;
# WARNING: if you remove this, then you need to assign a password to your user, otherwise
# `sudo` won't work. You can do that either by using `passwd` after the first rebuild or
# by setting an hashed password in the `users.users.felix` block as `initialHashedPassword`.
security.sudo.wheelNeedsPassword = false;
}

12
extra/sync.nix Normal file
View file

@ -0,0 +1,12 @@
{ config, pkgs, ... }:
let
unstable = import <nixos-unstable> { config = { allowUnfree = true; }; };
in
{
environment.systemPackages = with pkgs; [
nextcloud-client
unstable.syncthing
magic-wormhole
vdirsyncer
];
}

6
extra/systemd-user.nix Normal file
View file

@ -0,0 +1,6 @@
{ config, ... }:
{
systemd.user.extraConfig = ''
DefaultEnvironment="PATH=/run/current-system/sw/bin"
'';
}

15
extra/systemduefi.nix Normal file
View file

@ -0,0 +1,15 @@
{ config, lib, pkgs, ... }:
{
boot = {
loader = {
timeout = 1;
systemd-boot = {
enable = true;
configurationLimit = 10;
consoleMode = "keep";
editor = true;
};
};
};
}

12
extra/tex.nix Normal file
View file

@ -0,0 +1,12 @@
{ config, pkgs, ... }:
let
unstable = import <nixos-unstable> { config = { allowUnfree = true; }; };
in
{
environment.systemPackages = with pkgs; [
unstable.jabref
biber
texlive.combined.scheme-full
texstudio
];
}

10
extra/theme.nix Normal file
View file

@ -0,0 +1,10 @@
{ config, lib, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
gtk-engine-murrine
gtk_engines
gsettings-desktop-schemas
lxappearance
];
programs.qt5ct.enable = true;
}

10
extra/thunderbolt.nix Normal file
View file

@ -0,0 +1,10 @@
{ config, pkgs, ... }:
let
unstable = import <nixos-unstable> { config = { allowUnfree = true; }; };
in
{
environment.systemPackages = with pkgs; [
thunderbolt
];
services.hardware.bolt.enable = true;
}

8
extra/webcam.nix Normal file
View file

@ -0,0 +1,8 @@
{ config, lib, pkgs, ... }:
{
environment.systemPackages = with pkgs; [
fswebcam
gnome3.cheese
];
}

26
hardware/raspberrypi4.nix Normal file
View file

@ -0,0 +1,26 @@
{ config, pkgs, lib, ... }:
{
# Boot
boot.loader.grub.enable = false;
boot.loader.raspberryPi.enable = true;
boot.loader.raspberryPi.version = 4;
boot.loader.raspberryPi.firmwareConfig = "
# Disable the ACT LED.
dtparam=act_led_trigger=none
dtparam=act_led_activelow=off
# Disable the PWR LED.
dtparam=pwr_led_trigger=none
dtparam=pwr_led_activelow=off
# Disable SD-Card pools
dtparam=sd_pool_once=on";
# Kernel configuration
boot.kernelPackages = pkgs.linuxPackages_rpi4;
boot.kernelParams = [ "cma=64M" "console=tty0" ];
# Enable additional firmware (such as Wi-Fi drivers).
hardware.enableRedistributableFirmware = true;
#swapDevices = [{ device = "/swapfile"; size = 1024; }];
}

20
hardware/t14.nix Normal file
View file

@ -0,0 +1,20 @@
{ config, lib, ... }:
{
boot = {
# acpi_call makes tlp work for newer thinkpads
kernelModules = [ "acpi_call" ];
extraModulePackages = with config.boot.kernelPackages; [ acpi_call ];
# Force use of the thinkpad_acpi driver for backlight control.
# This allows the backlight save/load systemd service to work.
kernelParams = [ "acpi_backlight=native" ];
# video driver
initrd.kernelModules = [ "i915" ];
};
services.fstrim.enable = lib.mkDefault true;
# Special power management settings for ThinkPads
services.tlp.enable = true;
}

136
helpers.sh Normal file
View file

@ -0,0 +1,136 @@
#!/bin/sh
ask_if_sure(){
while true; do
read -p "reinstall & ERASE ALL DATA? [y/n] " yn
case $yn in
[Yy]* ) break;;
[Nn]* ) exit 1;;
* ) echo "Please answer yes or no.";;
esac
done
}
blk_wait(){
local dev="${1?}"
while ! [ -b "${dev}" ]; do
sleep 0.1
done
}
blk_info_partuuid(){
local dev="${1?}"
printf '/dev/disk/by-partuuid/%s' "$(blkid -o value -s PARTUUID "${dev}")"
}
blk_info_uuid(){
local dev="${1?}"
printf '/dev/disk/by-uuid/%s' "$(blkid -o value -s UUID "${dev}")"
}
# Write into /tmp/password your password (without a trailing newline!)
# So you won't get asked for a password during installation
#
# If you want to get asked for every password, just remove this function
cryptsetup(){
command cryptsetup $* --key-file /tmp/passwd -q
}
install_os(){
local folder="${1?}"
nixos-install --cores 0 --max-jobs auto --root "${folder}"
}
luks_close(){
local drive="${1?}"
if cryptsetup status "${drive}" &>/dev/null; then
cryptsetup close "${drive}"
fi
}
lvm_remove_lv(){
local lv="${1?}"
if lvs "${lv}"; then
lvremove -f "${lv}"
fi
}
lvm_remove_vg(){
local vg="${1?}"
if vgs "${vg}"; then
vgremove "${vg}"
fi
}
lvm_remove_pv(){
local pv="${1?}"
if pvs "${pv}"; then
pvremove "${pv}"
fi
}
macro_replace(){
local macro="${1?}"
local value="${2?}"
local file="${3?}"
sed -i "s%${macro}%${value}%g" "${file}"
}
mp_mount(){
local src="${1?}"
local dst="${2?}"
local fstype="${3:-}"
mkdir -p "${CHROOT_BASE?}${dst}"
mount ${fstype:+-t} ${fstype:+"${fstype}"} "${src}" "${CHROOT_BASE?}${dst}"
}
mp_umount(){
local mountpoint="${1?}"
if mountpoint "${CHROOT_BASE}${mountpoint}" &>/dev/null; then
umount -R "${CHROOT_BASE}${mountpoint}"
fi
if [ -d "${CHROOT_BASE}${mountpoint}" ]; then
rmdir "${CHROOT_BASE}${mountpoint}"
fi
! [ -e "${CHROOT_BASE}${mountpoint}" ]
}
parttable_clear(){
local drive="${1?}"
while ! sgdisk -Z "${drive}" &>/dev/null; do
sleep 0.1
done
}
zero_blockdev(){
local dev="${1?}"
blkdiscard "${dev}"
}
zero_overwrite(){
local fsdev="${1?}"
local MBs="${2:-10}"
dd if=/dev/zero of="${fsdev}" bs=1M count="${MBs}" conv=sync
}
# Helper.sh
zfs_pool_destroy(){
local pool="${1?}"
if zpool status "${pool}" &>/dev/null; then
zpool destroy "${pool}"
fi
}

88
install-serverle.sh Normal file
View file

@ -0,0 +1,88 @@
#!/usr/bin/env bash
set -eux -o pipefail
BASE="$(dirname "$(readlink -f "$0")")"
. "${BASE}/helpers.sh"
export HOST=serverle
export DRIVE_ROOT=/dev/disk/by-id/usb-Seagate_Expansion_2HC015KJ-0\:0
export NIXOS_FILES="${NIXOS_FILES:-$PWD}"
export CHROOT_BASE="/mnt/newroot-${HOST}"
export DRIVE_ROOT_LUKS=/dev/mapper/luks-root
PARTSEP="-part"
ask_if_sure
mp_umount /
################################################################################################
echo "Starting Root SSD"
lvm_remove_lv /dev/vg_root/lv_root
lvm_remove_lv /dev/vg_root/lv_srv
lvm_remove_vg vg_root
lvm_remove_pv "${DRIVE_ROOT_LUKS}"
luks_close "$(basename "${DRIVE_ROOT_LUKS}")"
#zero_blockdev "${DRIVE_ROOT}" # trim support is not available on external drives
parttable_clear "${DRIVE_ROOT}"
# ROOT SSD SETUP
sgdisk \
-o "${DRIVE_ROOT}" \
-n 1:2048:4095 -c 1:"BIOS Boot Partition" -t 1:ef02 \
-n 2:4096:823295 -c 2:"EFI System Partition" -t 2:ef00 \
--largest-new=3 -c 3:"Crypt" -t 3:8309 \
-p
cryptsetup luksFormat "${DRIVE_ROOT}${PARTSEP}3"
cryptsetup luksOpen --allow-discards "${DRIVE_ROOT}${PARTSEP}3" "$(basename "${DRIVE_ROOT_LUKS}")"
pvcreate "${DRIVE_ROOT_LUKS}"
vgcreate vg_root "${DRIVE_ROOT_LUKS}"
lvcreate -L 50GiB -n lv_root vg_root
mkfs.ext4 -L "${HOST}-root" /dev/vg_root/lv_root
lvcreate -L 250GiB -n lv_srv vg_root
mkfs.ext4 -L "${HOST}-srv" /dev/vg_root/lv_srv
lvcreate -L 4GiB -n lv_swap vg_root
mkswap -L "${HOST}-swap" /dev/vg_root/lv_swap
zero_overwrite "${DRIVE_ROOT}${PARTSEP}2"
mkfs.vfat -n "${HOST}-boot" "${DRIVE_ROOT}${PARTSEP}2"
mp_mount /dev/vg_root/lv_root /
mp_mount /dev/vg_root/lv_srv /srv
mp_mount "${DRIVE_ROOT}${PARTSEP}2" /boot
mkdir -p /etc/secrets/initrd
ssh-keygen -t ed25519 -N "" -f "/etc/secrets/initrd/ssh_host_ed25519_key"
mkdir -p "${CHROOT_BASE}/etc/nixos/"
rsync -avH "${NIXOS_FILES}/" "${CHROOT_BASE}/etc/nixos/"
mkdir -p "${CHROOT_BASE}/etc/secrets/initrd"
rsync -avH "/etc/secrets/" "${CHROOT_BASE}/etc/secrets/"
cat >> "${CHROOT_BASE}/etc/nixos/vars-uuids.nix" <<END
{
fs = {
root = "$(blkid -o value -s UUID "/dev/vg_root/lv_root")";
boot = "$(blkid -o value -s UUID "${DRIVE_ROOT}${PARTSEP}2")";
srv = "$(blkid -o value -s UUID "/dev/vg_root/lv_srv")";
swap = "$(blkid -o value -s UUID "/dev/vg_root/lv_swap")";
};
luks = {
root = "$(blkid -o value -s PARTUUID "${DRIVE_ROOT}${PARTSEP}3")";
};
}
END
install_os "${CHROOT_BASE}"

86
install-thinkman.sh Normal file
View file

@ -0,0 +1,86 @@
#!/usr/bin/env bash
set -eux -o pipefail
BASE="$(dirname "$(readlink -f "$0")")"
. "${BASE}/helpers.sh"
export HOST=thinkman
export DRIVE_ROOT=/dev/disk/by-id/nvme-Samsung_SSD_970_EVO_1TB_S5H9NS0NB16097P
export NIXOS_FILES="${NIXOS_FILES?}"
export CHROOT_BASE="/mnt/newroot-${HOST}"
export DRIVE_ROOT_LUKS=/dev/mapper/luks-root
PARTSEP="-part"
ask_if_sure
mp_umount /
################################################################################################
echo "Starting Root SSD"
lvm_remove_lv /dev/vg_root/lv_root
lvm_remove_lv /dev/vg_root/lv_home
lvm_remove_vg vg_root
lvm_remove_pv "${DRIVE_ROOT_LUKS}"
luks_close "$(basename "${DRIVE_ROOT_LUKS}")"
zero_blockdev "${DRIVE_ROOT}"
parttable_clear "${DRIVE_ROOT}"
# ROOT SSD SETUP
sgdisk \
-o "${DRIVE_ROOT}" \
-n 1:2048:4095 -c 1:"BIOS Boot Partition" -t 1:ef02 \
-n 2:4096:823295 -c 2:"EFI System Partition" -t 2:ef00 \
--largest-new=3 -c 3:"Crypt" -t 3:8309 \
-p
cryptsetup luksFormat "${DRIVE_ROOT}${PARTSEP}3"
cryptsetup luksOpen --allow-discards "${DRIVE_ROOT}${PARTSEP}3" "$(basename "${DRIVE_ROOT_LUKS}")"
pvcreate "${DRIVE_ROOT_LUKS}"
vgcreate vg_root "${DRIVE_ROOT_LUKS}"
lvcreate -L 50GiB -n lv_root vg_root
mkfs.ext4 -L "${HOST}-root" /dev/vg_root/lv_root
lvcreate -L 100GiB -n lv_home vg_root
mkfs.ext4 -L "${HOST}-home" /dev/vg_root/lv_home
lvcreate -L 10GiB -n lv_swap vg_root
mkswap -L "${HOST}-swap" /dev/vg_root/lv_swap
zero_overwrite "${DRIVE_ROOT}${PARTSEP}2"
mkfs.vfat -n "${HOST}-boot" "${DRIVE_ROOT}${PARTSEP}2"
mp_mount /dev/vg_root/lv_root /
mp_mount /dev/vg_root/lv_home /home
mp_mount "${DRIVE_ROOT}${PARTSEP}2" /boot
mkdir -p ${CHROOT_BASE}/etc/secrets/initrd
ssh-keygen -t ed25519 -N "" -f "${CHROOT_BASE}/etc/secrets/initrd/ssh_host_ed25519_key"
ssh-keygen -t rsa -N "" -f "${CHROOT_BASE}/etc/secrets/initrd/ssh_host_rsa_key"
mkdir -p "${CHROOT_BASE}/etc/nixos/"
rsync -avH "${NIXOS_FILES}/" "${CHROOT_BASE}/etc/nixos/"
cat >> "${CHROOT_BASE}/etc/nixos/vars-uuids.nix" <<END
{
fs = {
root = "$(blkid -o value -s UUID "/dev/vg_root/lv_root")";
boot = "$(blkid -o value -s UUID "${DRIVE_ROOT}${PARTSEP}2")";
home = "$(blkid -o value -s UUID "/dev/vg_root/lv_home")";
swap = "$(blkid -o value -s UUID "/dev/vg_root/lv_swap")";
};
luks = {
root = "$(blkid -o value -s PARTUUID "${DRIVE_ROOT}${PARTSEP}3")";
};
}
END
install_os "${CHROOT_BASE}"

31
modules.nix Normal file
View file

@ -0,0 +1,31 @@
{ config, lib, pkgs, ... }:
{
# Enable all firmware modules, so that bluetooth and wifi modules can load
# https://github.com/NixOS/nixpkgs/issues/85377#issuecomment-616424682
hardware.enableRedistributableFirmware = true;
hardware.enableAllFirmware = true;
nixpkgs.config.allowUnfree = true;
boot.initrd = {
availableKernelModules = [
"ahci"
"e1000e"
"ehci_pci"
"nvme"
"sd_mod"
"uas"
"usbhid"
"usb_storage"
"xhci_pci"
];
kernelModules = [
"dm-snapshot"
"e1000e"
"nvme"
];
};
}

15
network.nix Normal file
View file

@ -0,0 +1,15 @@
{ config, lib, pkgs, ... }:
{
networking.networkmanager = {
enable = true;
unmanaged = [
"interface-name:br-*" # Ignore docker compose network bridges
"interface-name:docker?" # Ignore docker default bridge
"interface-name:veth*" # Ignore docker compose network devices
"interface-name:virbr?" # Ignore libvirt default bridge
];
};
}

25
serverle.nix Normal file
View file

@ -0,0 +1,25 @@
{ config, ... }:
{
imports = [
./default.nix
./core.nix
./disks.nix
./disks-srv.nix
./users.nix
./extra/networkdecrypt.nix
./extra/ssh.nix
./extra/avahi.nix
./hardware/raspberrypi4.nix
];
networking.hostName = "serverle";
#environment.noXlibs = true;
# Nix
nix.gc.automatic = true;
nix.gc.options = "--delete-older-than 30d";
system.stateVersion = "20.09";
system.autoUpgrade.enable = true;
system.autoUpgrade.channel = https://nixos.org/channels/nixos-20.09;
}

55
sway.nix Normal file
View file

@ -0,0 +1,55 @@
{ config, lib, pkgs, ... }:
let
unstable = import <nixos-unstable> { config = { allowUnfree = true; }; };
in
{
programs.light.enable = true;
environment.systemPackages = with pkgs; [
polkit_gnome
];
environment.pathsToLink = [ "/libexec" ];
#programs.wshowkeys.enable = true;
programs.sway = {
enable = true;
wrapperFeatures = {
gtk = true;
base = true;
};
extraPackages = with pkgs; [
alacritty
brightnessctl
dmenu
gammastep
grim
unstable.i3status-rust
mako
slurp
swayidle
swaylock
wdisplays
wf-recorder
wl-clipboard
wofi
xwayland
unstable.wshowkeys
];
extraSessionCommands =
''
export XDG_SESSION_TYPE=wayland
export XDG_CURRENT_DESKTOP=sway
export SDL_VIDEODRIVER=wayland
export QT_QPA_PLATFORM=wayland
export QT_WAYLAND_DISABLE_WINDOWDECORATION="1"
export _JAVA_AWT_WM_NONREPARENTING=1
export CLUTTER_BACKEND=wayland
export SAL_USE_VCLPLUGIN=gtk3
export MOZ_ENABLE_WAYLAND=1
export MOZ_USE_XINPUT2=1
'';
};
}

57
thinkman.nix Normal file
View file

@ -0,0 +1,57 @@
{ config, pkgs, lib, ... }:
{
imports = [
./backup.nix
./core.nix
./default.nix
./disks.nix
./disks-home.nix
./sway.nix
./extra/3d-printing.nix
./extra/android.nix
./extra/arch-linux.nix
./extra/avahi.nix
./extra/bluetooth-audio.nix
./extra/clean.nix
./extra/default.nix
./extra/desktop-development.nix
./extra/development.nix
./extra/docker.nix
./extra/filesystem.nix
./extra/gaming.nix
./extra/hardware-base.nix
./extra/intel-video.nix
./extra/intel.nix
./extra/kvm.nix
./extra/location.nix
./extra/media.nix
./extra/meeting.nix
./extra/nix.nix
./extra/power.nix
./extra/presentation.nix
./extra/printer.nix
./extra/screen-sharing.nix
./extra/sound.nix
./extra/sync.nix
./extra/systemd-user.nix
./extra/systemduefi.nix
./extra/tex.nix
./extra/theme.nix
./extra/thunderbolt.nix
./extra/webcam.nix
./hardware/t14.nix
];
networking.hostName = "thinkman";
# Use latest kernel
boot.kernelPackages = pkgs.linuxPackages_latest;
# Nix
nix.gc.automatic = true;
nix.gc.options = "--delete-older-than 30d";
system.stateVersion = "20.09";
system.autoUpgrade.enable = true;
system.autoUpgrade.channel = https://nixos.org/channels/nixos-20.09;
}

23
users.nix Normal file
View file

@ -0,0 +1,23 @@
{ config, pkgs, lib, ... }:
{
users.users.felix = {
isNormalUser = true;
home = "/home/felix";
group = "felix";
extraGroups = [
"wheel"
"adbusers"
"audio"
"docker"
"input"
"libvirtd"
"networkmanager"
"video"
];
openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFx6OLwL9MbkD3mnMsv+xrzZHN/rwCTgVs758SCLG0h felix@thinkman" ];
};
users.groups.felix = {
gid = 1000;
};
}