diff options
| -rwxr-xr-x | chip/push | 2 | ||||
| -rw-r--r-- | depo/default.nix | 1 | ||||
| -rw-r--r-- | depo/hidor-kahih/configuration.nix | 206 | ||||
| -rw-r--r-- | depo/hidor-kahih/default.nix | 25 | ||||
| -rw-r--r-- | depo/hidor-kahih/hardware.nix | 34 | ||||
| -rw-r--r-- | depo/nutin-madaj/default.nix | 16 | ||||
| -rw-r--r-- | depo/users.nix | 26 | ||||
| -rw-r--r-- | keys/ben.pub | 1 | ||||
| -rw-r--r-- | keys/dre.pub | 1 | ||||
| -rw-r--r-- | keys/nick.pub | 1 |
10 files changed, 300 insertions, 13 deletions
@@ -24,7 +24,7 @@ subprocess.run(["nix-build", "-A", f"depo.{args.depo}", "--out-link", out]) print("bilt") - +# get roun p = subprocess.run(["chip/roun", args.depo, "-i"], stdout=subprocess.PIPE) ip = p.stdout.decode() diff --git a/depo/default.nix b/depo/default.nix index 79cdca5..65e06ae 100644 --- a/depo/default.nix +++ b/depo/default.nix @@ -1,3 +1,4 @@ { nutin-madaj = import ./nutin-madaj; +hidor-kahih = import ./hidor-kahih; } diff --git a/depo/hidor-kahih/configuration.nix b/depo/hidor-kahih/configuration.nix new file mode 100644 index 0000000..514c7c0 --- /dev/null +++ b/depo/hidor-kahih/configuration.nix @@ -0,0 +1,206 @@ +{ config, lib, pkgs, ... }: + +{ + + networking = { + hostName = "lithium"; + hosts = { + "::1" = [ "localhost" "ipv6-localhost" "ipv6-loopback" ]; + }; + + firewall = { + allowedTCPPorts = [ 8096 22 8000 8443 443 500 10000 8080 8081]; + allowedTCPPortRanges = [ + { from = 3000; to = 3100; } # dev + ]; + checkReversePath = false; + }; + + }; + + time.timeZone = "America/Los_Angeles"; + + environment.systemPackages = with pkgs; [ + wget + vnstat + ]; + + fonts.fonts = with pkgs; [ + google-fonts mononoki source-code-pro fantasque-sans-mono hack-font + fira fira-code fira-code-symbols + ]; + + nixpkgs = { + config = { + allowUnfree = true; + allowBroken = true; + }; + }; + + hardware = { + opengl.enable = true; + pulseaudio = { + enable = true; + extraConfig = '' + load-module module-loopback + ''; + }; + }; + + programs = { + bash.enableCompletion = true; + command-not-found.enable = true; + gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + mosh.enable = true; + }; + + virtualisation = { + docker = { + enable = false; + liveRestore = false; + }; + libvirtd.enable = true; + virtualbox = { + host = { + enable = false; + headless = false; + addNetworkInterface = false; + }; + guest = { + enable = false; + x11 = false; + }; + }; + }; + + services = { + pcscd.enable = true; + logind = { + lidSwitch = "ignore"; + extraConfig = "IdleAction=ignore"; + }; + + openssh = { + enable = true; + forwardX11 = true; + }; + + deluge = { + enable = true; + openFilesLimit = 10240; + web.enable = true; + }; + + printing.enable = true; + + xserver = { + enable = true; + layout = "us"; + + xkbOptions = "caps:ctrl_modifier"; + + displayManager.sddm.enable = true; + + desktopManager = { + kodi.enable = true; + plasma5.enable = true; + xterm.enable = true; + }; + }; + + jupyter = { + enable = false; + port = 3099; + ip = "*"; + password = "'sha1:4b14a407cabe:fbab8e5400f3f4f3ffbdb00e996190d6a84bf51e'"; + kernels = { + python3 = let + env = (pkgs.python3.withPackages (p: with p; [ + ipykernel pandas scikitlearn numpy matplotlib sympy ipywidgets + ])); + in { + displayName = "py3"; + argv = [ + "${env.interpreter}" + "-m" + "ipykernel_launcher" + "-f" + "{connection_file}" + ]; + language = "python"; + #logo32 = "${env.sitePackages}/lib/python3.6/site-packages/ipykernel/resources/logo-32x32.png"; + #logo64 = "${env.sitePackages}/lib/python3.6/site-packages/ipykernel/resources/logo-64x64.png"; + }; + }; + }; + + emby = { + enable = true; + user = "emby"; + }; + + vnstat.enable = true; + + # security stuff + fail2ban.enable = true; + clamav = { + daemon.enable = true; + updater.enable = true; + }; + + postgresql = { + enable = true; + package = pkgs.postgresql_10; + authentication = '' + local all pprjam md5 + local all pprjam_test md5 + ''; + enableTCPIP = true; + }; + redis = { + enable = true; + }; + }; + + # Use the systemd-boot EFI boot loader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.initrd.luks.devices = [ + { + name = "root"; + device = "/dev/disk/by-uuid/a0160f25-e0e3-4af0-8236-3e298eac957a"; + preLVM = true; + } + ]; + + powerManagement.enable = false; + + nix = { + gc = { + automatic = true; + dates = "03:15"; + }; + binaryCaches = [ "https://cache.nixos.org/" ]; + nixPath = [ + "nixpkgs=/nix/var/nix/profiles/per-user/root/channels/nixos/nixpkgs" + "nixos-config=/etc/nixos/configuration.nix" + "/nix/var/nix/profiles/per-user/root/channels" + ]; + extraOptions = '' + gc-keep-outputs = true + gc-keep-derivations = true + ''; + }; + + # This value determines the NixOS release with which your system is to be + # compatible, in order to avoid breaking some software such as database + # servers. You should change this only after NixOS release notes say you + # should. + system.stateVersion = "17.09"; # Did you read the comment? + system.autoUpgrade.enable = true; + +} diff --git a/depo/hidor-kahih/default.nix b/depo/hidor-kahih/default.nix new file mode 100644 index 0000000..606ce29 --- /dev/null +++ b/depo/hidor-kahih/default.nix @@ -0,0 +1,25 @@ +/* + +hidor-kahih - main development/build server + +*/ + +let + nixpkgs = builtins.fetchTarball (import ../../pack/nixpkgs.nix); +in +import "${nixpkgs}/nixos" { + system = "x86_64-linux"; + configuration = { + nixpkgs.overlays = [ + (import ../../pack/overlay.nix) + ]; + + imports = + [ ./hardware.nix + ../users.nix + ./configuration.nix + ]; + + users.users.root.openssh.authorizedKeys.keys = [(builtins.readFile ../../keys/ben.pub)]; + }; +} diff --git a/depo/hidor-kahih/hardware.nix b/depo/hidor-kahih/hardware.nix new file mode 100644 index 0000000..fc0e7a0 --- /dev/null +++ b/depo/hidor-kahih/hardware.nix @@ -0,0 +1,34 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +{ + imports = + [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/0d8b0e52-10de-4af2-bcd9-b36278352e77"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/9B89-85C7"; + fsType = "vfat"; + }; + + fileSystems."/mnt/lake" = + { device = "/dev/disk/by-uuid/037df3ae-4609-402c-ab1d-4593190d0ee7"; + fsType = "ext4"; + }; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 4; + powerManagement.cpuFreqGovernor = "powersave"; +} diff --git a/depo/nutin-madaj/default.nix b/depo/nutin-madaj/default.nix index ffb2909..0b8f8d5 100644 --- a/depo/nutin-madaj/default.nix +++ b/depo/nutin-madaj/default.nix @@ -15,10 +15,8 @@ let url = "https://gitlab.com/simple-nixos-mailserver/nixos-mailserver/-/archive/v2.2.1/nixos-mailserver-v2.2.1.tar.gz"; sha256 = "03d49v8qnid9g9rha0wg2z6vic06mhp0b049s3whccn1axvs2zzx"; }; - benKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiNB0iF9ClawNEizBtdYucqp1tAXXRbqvlPS6PFRrtiwSl+SJD29BCLgA5rLxcmFhBHZ/iId/En7GPFEzI/gMu071J7pUI4OcW0UVZju3GNc6ZEz/a6AD2u79JiXEDHfPEdmMqAe36kkaK0KJWSQP3xsFRwJ+8F8HHbSwoCLL+GJhBgAWHQLGfKesNrDacNljNDU3CgkEnDmu8QKuSzH2k1vrr69q2u2iMSAdiStDBAWEjN5nCVrm2XB2vmFLMtXpX2n8JI+znOGzRRDc8dNXejQeDMZGyV6jfVidEIX7vdgSydGjTRKcCLVAsKY3z0gYBZ8u8EUNujgcFBnnAvytj ben@neb"; ibbPort = "3000"; fathomPort = "3030"; - in import "${nixpkgs}/nixos" { system = "x86_64-linux"; @@ -27,6 +25,9 @@ import "${nixpkgs}/nixos" { ./hardware-configuration.nix ./networking.nix + # common infra + ../users.nix + # configured modules ./git.nix ./mail.nix @@ -48,15 +49,6 @@ import "${nixpkgs}/nixos" { networking.firewall.allowedTCPPorts = [ 22 80 443 ]; - virtualisation = { - libvirtd.enable = true; - docker.enable = true; - virtualbox.guest.enable = true; - virtualbox.host.enable = true; - virtualbox.host.headless = false; - virtualbox.host.addNetworkInterface = true; - }; - # our custom apps services = { ibb = { @@ -90,6 +82,6 @@ import "${nixpkgs}/nixos" { networking.hostName = "simatime"; networking.firewall.allowPing = true; services.openssh.enable = true; - users.users.root.openssh.authorizedKeys.keys = [ benKey ]; + users.users.root.openssh.authorizedKeys.keys = [(builtins.readFile ../../keys/ben.pub)]; }; } diff --git a/depo/users.nix b/depo/users.nix new file mode 100644 index 0000000..80b7570 --- /dev/null +++ b/depo/users.nix @@ -0,0 +1,26 @@ +{ ... }: + +{ + users = { + users = { + ben = { + isNormalUser = true; + home = "/home/ben"; + openssh.authorizedKeys.keys = [(builtins.readFile ../keys/ben.pub)]; + extraGroups = [ "wheel" "networkmanager" "docker" ]; + }; + nick = { + isNormalUser = true; + home = "/home/nick"; + openssh.authorizedKeys.keys = [(builtins.readFile ../keys/nick.pub)]; + extraGroups = [ "docker" ]; + }; + dre = { + isNormalUser = true; + home = "/home/dre"; + openssh.authorizedKeys.keys = [(builtins.readFile ../keys/dre.pub)]; + extraGroups = [ "docker" ]; + }; + }; + }; +} diff --git a/keys/ben.pub b/keys/ben.pub new file mode 100644 index 0000000..cb13798 --- /dev/null +++ b/keys/ben.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiNB0iF9ClawNEizBtdYucqp1tAXXRbqvlPS6PFRrtiwSl+SJD29BCLgA5rLxcmFhBHZ/iId/En7GPFEzI/gMu071J7pUI4OcW0UVZju3GNc6ZEz/a6AD2u79JiXEDHfPEdmMqAe36kkaK0KJWSQP3xsFRwJ+8F8HHbSwoCLL+GJhBgAWHQLGfKesNrDacNljNDU3CgkEnDmu8QKuSzH2k1vrr69q2u2iMSAdiStDBAWEjN5nCVrm2XB2vmFLMtXpX2n8JI+znOGzRRDc8dNXejQeDMZGyV6jfVidEIX7vdgSydGjTRKcCLVAsKY3z0gYBZ8u8EUNujgcFBnnAvytj ben@neb diff --git a/keys/dre.pub b/keys/dre.pub new file mode 100644 index 0000000..3b131a1 --- /dev/null +++ b/keys/dre.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBaWLX6UpkiFZmS9OX8mcXIdmvxmHfP/v+8Sx9j3PCbFA+Jaj+PlCCiX/iLOL4Vgq3aQQpBg0FQWttLdCrGbTpnADfmU5TlbUk/9YEhPZG3MP1rYGtpIqmWFEWKGaiJHeW2SRVgnbJFwFKUtrsCQ/OAVENJTZ2xsn/t3xGYfCXqhs2jVctZmuhyO+Qw5KuAgIdr96+QsBVA1V/BdadDicDUgS7ixHyzECME9YT5ldj8YcsJcD4G07bfg7omF5s263BHx0sLpXKRQbIvcVcdnoAZK0JQEaz9adWaMzRuDhP+hMcsF4T2O1ZRLW4nsDRnK5N+KWO5317Jr8eVCqEpSQr aulloa@WINDOWS-DI0KOEL diff --git a/keys/nick.pub b/keys/nick.pub new file mode 100644 index 0000000..4dc08fb --- /dev/null +++ b/keys/nick.pub @@ -0,0 +1 @@ +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfSOxXJTQADjROqbaiJtjbJaHTsBtuWNvQpDvXLigl9R27VqIn7dYk2STuWglwFyrvYfU1UmjgJcJ6J2KbXGTH5mhaC04MJ4aqmOR3Ynnq7nDzmtEtn1I+K7LmpFXsFXgOTzIlzggIWflGd1pPBwgWqMoPDcSqNQFPI/+rk1JOxk3e2Mq60VTp9WM9hs0AJQEyZ+wwZ0vyrj588kQb6jQUZ7qx1UZoDzPc57zREEZbQeU1Gd9FK2bCHlKOBHYlqIftSRBGGCpuo7zobhajR0xHO9RnF0NmeLbW85XhDus8vVgBg/BTDPxHEzm5jKiCkc+i3ia0Ff9mp2zgtSdXCp5jbVZ3AYfYLi1zbPWmaSdWqFx2ntOLwWR3/RHjw6+b4KmUQ4xtQHyXOijTBCH29i7VCo7l8WL+I2mSGJ7/Wtw7NFtMpVVs8/0iKt2t12FIefzvbZoWU7vbmuO7+gQI5l+F+JE6DLWOl04vT/V98WxiHA5rbCjTT/bubs4gTeCR9qNehaoM+apitpUP8HXygnxD7EJeK6JNkdub9TY663IkiKlpnWgeoDTNSP7JF/jkU0Nt8yoR2pTyxQqMFYa37/3WKjmSHk1TgxLEmlwHQFtIkTPn8PL+VLa4ACYuWUjxS4aMRpxo9eJUHdy0Y04yKxXN8BLw7FAhytm2pTXtT4zqaQ== nicksima@gmail.com |