diff options
-rw-r--r-- | Biz/Bild/Rules.nix | 24 | ||||
-rw-r--r-- | Biz/Bild/Sources.json | 8 | ||||
-rw-r--r-- | Biz/Dev/Configuration.nix (renamed from Biz/Dev/configuration.nix) | 59 | ||||
-rw-r--r-- | Biz/Dev/Hardware.nix | 36 | ||||
-rw-r--r-- | Biz/Dev/hardware.nix | 34 | ||||
-rw-r--r-- | Biz/Keys/Ben.pub (renamed from Biz/keys/ben.pub) | 0 | ||||
-rw-r--r-- | Biz/Keys/Deploy.pub (renamed from Biz/keys/deploy.pub) | 0 | ||||
-rw-r--r-- | Biz/Keys/Nick.pub (renamed from Biz/keys/nick.pub) | 0 | ||||
-rwxr-xr-x | Biz/Lint.py (renamed from Biz/lint.py) | 0 | ||||
-rw-r--r-- | Biz/OsBase.nix | 24 | ||||
-rw-r--r-- | Biz/Packages.nix (renamed from Biz/packages.nix) | 0 | ||||
-rw-r--r-- | Biz/Users.nix (renamed from Biz/users.nix) | 6 | ||||
-rw-r--r-- | default.nix | 4 |
13 files changed, 121 insertions, 74 deletions
diff --git a/Biz/Bild/Rules.nix b/Biz/Bild/Rules.nix index 9fea5df..e6a6979 100644 --- a/Biz/Bild/Rules.nix +++ b/Biz/Bild/Rules.nix @@ -128,27 +128,5 @@ in { shellHook = ". ${./ShellHook.sh}"; }; - os = cfg: (nixos (args: lib.attrsets.recursiveUpdate cfg { - boot.cleanTmpDir = true; - networking.firewall.allowPing = true; - nix.binaryCaches = [ "https://cache.nixos.org" ]; - nix.gc.automatic = true; - nix.gc.dates = "Sunday 02:15"; - nix.optimise.automatic = true; - nix.optimise.dates = [ "Sunday 02:30" ]; - nixpkgs.overlays = overlays; - programs.mosh.enable = true; - programs.mosh.withUtempter = true; - security.acme.email = "ben@bsima.me"; - security.acme.acceptTerms = true; - security.sudo.wheelNeedsPassword = false; - services.clamav.daemon.enable = true; # security - services.clamav.updater.enable = true; # security - services.fail2ban.enable = true; # security - services.openssh.enable = true; - services.openssh.openFirewall = true; - services.openssh.forwardX11 = true; - services.openssh.passwordAuthentication = false; - system.autoUpgrade.enable = false; # 'true' breaks our nixpkgs pin - })).toplevel; + os = cfg: (nixos (args: cfg)).toplevel; } diff --git a/Biz/Bild/Sources.json b/Biz/Bild/Sources.json index d2565a7..da5e255 100644 --- a/Biz/Bild/Sources.json +++ b/Biz/Bild/Sources.json @@ -51,15 +51,15 @@ "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" }, "nixpkgs": { - "branch": "nixos-19.09", + "branch": "nixos-20.09", "description": "Nix Packages collection", "homepage": "https://github.com/NixOS/nixpkgs", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b0c285807d6a9f1b7562ec417c24fa1a30ecc31a", - "sha256": "0waapr7aqz0h1fy1fqlx981ygllh91qx9sz1l2j2h59s46cdircl", + "rev": "d105075a1fd870b1d1617a6008cb38b443e65433", + "sha256": "1jcs44wn0s6mlf2jps25bvcai1rij9b2dil6zcj8zqwf2i8xmqjh", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/b0c285807d6a9f1b7562ec417c24fa1a30ecc31a.tar.gz", + "url": "https://github.com/NixOS/nixpkgs/archive/d105075a1fd870b1d1617a6008cb38b443e65433.tar.gz", "url_template": "https://github.com/<owner>/<repo>/archive/<rev>.tar.gz" }, "regex-applicative": { diff --git a/Biz/Dev/configuration.nix b/Biz/Dev/Configuration.nix index 6664163..70c2d36 100644 --- a/Biz/Dev/configuration.nix +++ b/Biz/Dev/Configuration.nix @@ -5,6 +5,7 @@ let torrents = { from = 6000; to = 6999; }; in { networking = { + hostName = "lithium"; hosts = { "::1" = [ "localhost" "ipv6-localhost" "ipv6-loopback" ]; }; @@ -29,6 +30,24 @@ in { checkReversePath = false; }; + # The global useDHCP flag is deprecated, therefore explicitly set to false here. + # Per-interface useDHCP will be mandatory in the future, so this generated config + # replicates the default behaviour. + useDHCP = false; + interfaces.enp1s0.useDHCP = true; + interfaces.wlp0s20f0u4.useDHCP = true; + + wireless.enable = true; # Enables wireless support via wpa_supplicant. + wireless.interfaces = [ "wlp0s20f0u4" ]; + wireless.networks = { + Simanet = { + psk = "1123581321"; + }; + Simanet-5g = { + psk = "1123581321"; + priority = 1; + }; + }; }; # Use the systemd-boot EFI boot loader. @@ -36,13 +55,6 @@ in { boot.loader.efi.canTouchEfiVariables = true; boot.enableContainers = true; - boot.initrd.luks.devices = { - root = { - device = "/dev/disk/by-uuid/a0160f25-e0e3-4af0-8236-3e298eac957a"; - preLVM = true; - }; - }; - powerManagement.enable = false; time.timeZone = "America/Los_Angeles"; @@ -52,7 +64,10 @@ in { fira fira-code fira-code-symbols ]; - environment.systemPackages = [ pkgs.wemux pkgs.tmux ]; + environment.systemPackages = [ + #pkgs.wemux + pkgs.tmux + ]; nixpkgs = { config = { @@ -124,14 +139,34 @@ in { xserver = { enable = true; + autorun = true; layout = "us"; xkbOptions = "caps:ctrl_modifier"; - displayManager.sddm.enable = true; + displayManager = { + sddm = { + enable = true; + enableHidpi = true; + }; + #startx.enable = true; + session = [ + { + manage = "desktop"; + name = "home-manager"; + start = '' + ${pkgs.runtimeShell} $HOME/.hm-xsession & + waitPID=$! + ''; + } + ]; + }; desktopManager = { - kodi.enable = true; - plasma5.enable = true; + #kodi.enable = false; + #plasma5.enable = false; xterm.enable = true; }; + windowManager = { + xmonad.enable = true; + }; }; jupyter = { @@ -209,5 +244,5 @@ in { # compatible, in order to avoid breaking some software such as database # servers. You should change this only after NixOS release notes say you # should. - system.stateVersion = "17.09"; # Did you read the comment? + system.stateVersion = "20.09"; # Did you read the comment? } diff --git a/Biz/Dev/Hardware.nix b/Biz/Dev/Hardware.nix new file mode 100644 index 0000000..7f87f74 --- /dev/null +++ b/Biz/Dev/Hardware.nix @@ -0,0 +1,36 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/f08dd8f9-787c-4e2a-a0cc-7019edc2ce2b"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/C67C-D7B5"; + fsType = "vfat"; + }; + + #fileSystems."/mnt/lake" = + # { device = "/dev/disk/by-uuid/037df3ae-4609-402c-ab1d-4593190d0ee7"; + # fsType = "ext4"; + # }; + + swapDevices = [ ]; + + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + + # high-resolution display + hardware.video.hidpi.enable = lib.mkDefault true; +} diff --git a/Biz/Dev/hardware.nix b/Biz/Dev/hardware.nix deleted file mode 100644 index fc0e7a0..0000000 --- a/Biz/Dev/hardware.nix +++ /dev/null @@ -1,34 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, ... }: - -{ - imports = - [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/0d8b0e52-10de-4af2-bcd9-b36278352e77"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/9B89-85C7"; - fsType = "vfat"; - }; - - fileSystems."/mnt/lake" = - { device = "/dev/disk/by-uuid/037df3ae-4609-402c-ab1d-4593190d0ee7"; - fsType = "ext4"; - }; - - swapDevices = [ ]; - - nix.maxJobs = lib.mkDefault 4; - powerManagement.cpuFreqGovernor = "powersave"; -} diff --git a/Biz/keys/ben.pub b/Biz/Keys/Ben.pub index c661508..c661508 100644 --- a/Biz/keys/ben.pub +++ b/Biz/Keys/Ben.pub diff --git a/Biz/keys/deploy.pub b/Biz/Keys/Deploy.pub index 664a2d9..664a2d9 100644 --- a/Biz/keys/deploy.pub +++ b/Biz/Keys/Deploy.pub diff --git a/Biz/keys/nick.pub b/Biz/Keys/Nick.pub index 4dc08fb..4dc08fb 100644 --- a/Biz/keys/nick.pub +++ b/Biz/Keys/Nick.pub diff --git a/Biz/lint.py b/Biz/Lint.py index fccda57..fccda57 100755 --- a/Biz/lint.py +++ b/Biz/Lint.py diff --git a/Biz/OsBase.nix b/Biz/OsBase.nix new file mode 100644 index 0000000..0ba3fca --- /dev/null +++ b/Biz/OsBase.nix @@ -0,0 +1,24 @@ +{...}: +{ + boot.cleanTmpDir = true; + networking.firewall.allowPing = true; + nix.binaryCaches = [ "https://cache.nixos.org" ]; + nix.gc.automatic = true; + nix.gc.dates = "Sunday 02:15"; + nix.optimise.automatic = true; + nix.optimise.dates = [ "Sunday 02:30" ]; + #nixpkgs.overlays = overlays; + programs.mosh.enable = true; + programs.mosh.withUtempter = true; + security.acme.email = "ben@bsima.me"; + security.acme.acceptTerms = true; + security.sudo.wheelNeedsPassword = false; + services.clamav.daemon.enable = true; # security + services.clamav.updater.enable = true; # security + services.fail2ban.enable = true; # security + services.openssh.enable = true; + services.openssh.openFirewall = true; + services.openssh.forwardX11 = true; + services.openssh.passwordAuthentication = false; + system.autoUpgrade.enable = false; # 'true' breaks our nixpkgs pin +} diff --git a/Biz/packages.nix b/Biz/Packages.nix index ea032fe..ea032fe 100644 --- a/Biz/packages.nix +++ b/Biz/Packages.nix diff --git a/Biz/users.nix b/Biz/Users.nix index c7c4041..8a804ca 100644 --- a/Biz/users.nix +++ b/Biz/Users.nix @@ -21,12 +21,16 @@ # humans # root.openssh.authorizedKeys.keyFiles = [ ./Keys/Ben.pub ]; + root.password = "erewhon"; + ben = { description = "Ben Sima"; isNormalUser = true; home = "/home/ben"; openssh.authorizedKeys.keyFiles = [ ./Keys/Ben.pub ]; - extraGroups = [ "wheel" "networkmanager" "docker" ]; + extraGroups = [ "wheel" "docker" ]; + hashedPassword = + "$6$SGhdoRB6DhWe$elW8RQE1ebe8JKf1ALW8jGZTPCyn2rpq/0J8MV/A9y8qFMEhA.Z2eiexMgptohZAK5kcGOc6HIUgNzJqnDUvY."; }; nick = { description = "Nick Sima"; diff --git a/default.nix b/default.nix index 8f2a382..882ffa5 100644 --- a/default.nix +++ b/default.nix @@ -11,6 +11,7 @@ in rec { # Biz.Cloud = build.os { imports = [ + ./Biz/OsBase.nix ./Biz/Packages.nix ./Biz/Users.nix ./Biz/Cloud/Chat.nix @@ -29,6 +30,7 @@ in rec { # Biz.Dev = build.os { imports = [ + ./Biz/OsBase.nix ./Biz/Packages.nix ./Biz/Users.nix ./Biz/Dev/Configuration.nix @@ -41,6 +43,7 @@ in rec { # Que.Prod = build.os { imports = [ + ./Biz/OsBase.nix ./Biz/Packages.nix ./Biz/Users.nix ./Que/Host.nix @@ -63,6 +66,7 @@ in rec { # Production server for herocomics.app Hero.Prod = build.os { imports = [ + ./Biz/OsBase.nix ./Biz/Packages.nix ./Biz/Users.nix ./Hero/Service.nix |