Initial commit
This commit is contained in:
parent
a6a0b16300
commit
019c139a5c
13
cachix.nix
Normal file
13
cachix.nix
Normal file
@ -0,0 +1,13 @@
|
||||
|
||||
# WARN: this file will get overwritten by $ cachix use <name>
|
||||
{ pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
folder = ./cachix;
|
||||
toImport = name: value: folder + ("/" + name);
|
||||
filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key;
|
||||
imports = lib.mapAttrsToList toImport (lib.filterAttrs filterCaches (builtins.readDir folder));
|
||||
in {
|
||||
inherit imports;
|
||||
nix.settings.substituters = ["https://cache.nixos.org/"];
|
||||
}
|
13
cachix/cuda-maintainers.nix
Normal file
13
cachix/cuda-maintainers.nix
Normal file
@ -0,0 +1,13 @@
|
||||
|
||||
{
|
||||
nix = {
|
||||
settings = {
|
||||
substituters = [
|
||||
"https://cuda-maintainers.cachix.org"
|
||||
];
|
||||
trusted-public-keys = [
|
||||
"cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E="
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
@ -6,57 +6,42 @@
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
system.autoUpgrade.enable = true; # daily nixos-rebuild switch, no reboot by default
|
||||
|
||||
nix.distributedBuilds = true;
|
||||
# useful when the builder has a faster internet connection than i do
|
||||
# TODO: can i make this non-string?
|
||||
nix.extraOptions = ''
|
||||
experimental-features = nix-command flakes
|
||||
builders-use-substitutes = true
|
||||
'';
|
||||
nix.buildMachines = [
|
||||
/**/
|
||||
{
|
||||
system = "x86_64-linux"; # can be a list
|
||||
hostName = "rocm.pbsds.net";
|
||||
sshUser = "pbsds";
|
||||
maxJobs = 2;
|
||||
speedFactor = 2;
|
||||
#supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
||||
#mandatoryFeatures = [ ];
|
||||
}
|
||||
/**/
|
||||
/**/
|
||||
{
|
||||
system = "x86_64-linux"; # can be a list
|
||||
hostName = "isvegg.pvv.ntnu.no";
|
||||
sshUser = "pederbs";
|
||||
maxJobs = 1;
|
||||
speedFactor = 1;
|
||||
#supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
||||
#mandatoryFeatures = [ ];
|
||||
}
|
||||
/**/
|
||||
];
|
||||
|
||||
# TODO: move to pbsds home
|
||||
programs.ssh.extraConfig = ''
|
||||
Host *.ntnu.no *.pvv.org
|
||||
User pederbs
|
||||
'';
|
||||
|
||||
# deduplicate with hardlinks, expensive. Alternative: nix-store --optimise
|
||||
nix.settings.auto-optimise-store = true;
|
||||
#nix.optimize.automatic = true; # periodic optimization
|
||||
nix.gc = {
|
||||
automatic = true;
|
||||
dates = "weekly";
|
||||
options = "--delete-older-than 30d";
|
||||
};
|
||||
|
||||
|
||||
# How to override package used by module
|
||||
# https://github.com/NixOS/nixpkgs/issues/55366
|
||||
nix.gc.automatic = true;
|
||||
nix.gc.dates = "weekly";
|
||||
nix.gc.options = "--delete-older-than 30d";
|
||||
|
||||
imports = [
|
||||
./hardware-configuration.nix # results of hardware scan
|
||||
./cachix.nix
|
||||
|
||||
./profiles/nas # add NAS services
|
||||
./profiles/websites
|
||||
./profiles/code-remote
|
||||
./users
|
||||
./profiles/remote-builders #
|
||||
./profiles/nfs-reidun # NFS mounts
|
||||
./profiles/autossh-reverse-tunnels
|
||||
#./profiles/xrdp
|
||||
|
||||
./users
|
||||
#./users/pbsds # todo: <- make this possible
|
||||
|
||||
# How to override package used by module
|
||||
# https://github.com/NixOS/nixpkgs/issues/55366
|
||||
# TODO: move to where relevant
|
||||
<nixos-unstable/nixos/modules/services/misc/jellyfin.nix>
|
||||
<nixos-unstable/nixos/modules/services/web-apps/invidious.nix>
|
||||
];
|
||||
@ -64,20 +49,18 @@
|
||||
"services/misc/jellyfin.nix"
|
||||
"services/web-apps/invidious.nix"
|
||||
];
|
||||
services.jellyfin.package = pkgs.unstable.jellyfin;
|
||||
services.jellyfin.package = pkgs.unstable.jellyfin;
|
||||
services.invidious.package = pkgs.unstable.invidious;
|
||||
|
||||
nixpkgs.overlays = [
|
||||
(import ./overlays)
|
||||
];
|
||||
|
||||
|
||||
# TODO: remove? Move to where relevant
|
||||
nixpkgs.overlays = [ (import ./overlays) ];
|
||||
|
||||
# Allow unstable packages.
|
||||
nixpkgs.config.packageOverrides = pkgs: {
|
||||
unstable = import <nixos-unstable> {
|
||||
config = config.nixpkgs.config;
|
||||
};
|
||||
# TODO: nur
|
||||
};
|
||||
|
||||
# enable opengl (headless)
|
||||
@ -85,15 +68,19 @@
|
||||
#hardware.opengl.extraPackages = [ pkgs.mesa.drivers ];
|
||||
hardware.opengl.extraPackages = with pkgs; [ mesa.drivers vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl ];
|
||||
|
||||
|
||||
# run/build weird binaries
|
||||
boot.binfmt.emulatedSystems = [
|
||||
"wasm32-wasi"
|
||||
"wasm64-wasi"
|
||||
"x86_64-windows"
|
||||
"aarch64-linux"
|
||||
"riscv64-linux"
|
||||
#"x86_64-darwin"
|
||||
#"aarch64-darwin"
|
||||
];
|
||||
|
||||
services.thermald.enable = true;
|
||||
|
||||
# Bootloader
|
||||
|
||||
boot.loader.grub.enable = true;
|
||||
@ -106,6 +93,7 @@
|
||||
#services.docker.enable = true;
|
||||
virtualisation = {
|
||||
podman.enable = true;
|
||||
# TODO: are these default since 22.11?
|
||||
podman.dockerCompat = true; # alias docker to podman
|
||||
oci-containers.backend = "podman";
|
||||
};
|
||||
@ -117,6 +105,7 @@
|
||||
# Enable networking
|
||||
networkmanager.enable = true;
|
||||
#wireless.enable = true; # Enables wireless support via wpa_supplicant.
|
||||
#iwd.enable = true
|
||||
|
||||
hostName = "noximilien"; # Define your hostname.
|
||||
domain = "pbsds.net";
|
||||
@ -135,78 +124,15 @@
|
||||
};
|
||||
|
||||
#useDHCP = true;
|
||||
|
||||
# Configure network proxy if necessary
|
||||
#proxy.default = "http://user:password@proxy:port/";
|
||||
#proxy.noProxy = "127.0.0.1,localhost,internal.domain";
|
||||
};
|
||||
|
||||
# Open ports in the firewall.
|
||||
# firewall
|
||||
services.fail2ban.enable = true;
|
||||
networking.firewall.enable = true; # default
|
||||
#networking.firewall.allowedTCPPorts = [ ... ];
|
||||
#networking.firewall.allowedUDPPorts = [ ... ];
|
||||
# Or disable the firewall altogether.
|
||||
networking.firewall.enable = false; # default is true, TEMP
|
||||
|
||||
|
||||
# NFS mounts
|
||||
|
||||
fileSystems = let
|
||||
mkMount = mountpoint: server: subdir: {
|
||||
"${mountpoint}${subdir}" = {
|
||||
device = "${server}${subdir}";
|
||||
fsType = "nfs";
|
||||
#options = [ "nfsvers=4.2" ];
|
||||
};
|
||||
};
|
||||
# TODO: combine nameValuePair and listToAttrs
|
||||
joinSets = sets: builtins.foldl' (l: r: l // r) {} sets;
|
||||
in joinSets (
|
||||
(map (mkMount "/mnt/reidun" "192.168.1.3:/Reidun/shared") [
|
||||
""
|
||||
"/Backups"
|
||||
"/Comics"
|
||||
"/Downloads"
|
||||
"/Games"
|
||||
"/Games/Installable"
|
||||
"/Games/Portable"
|
||||
"/Games/ROMs"
|
||||
"/ISO"
|
||||
"/Images"
|
||||
"/Images/Collections"
|
||||
"/Images/Memes"
|
||||
"/Images/Pictures"
|
||||
"/Images/Wallpapers"
|
||||
"/Music"
|
||||
"/Music/Albums"
|
||||
"/Music/Kancolle"
|
||||
"/Music/OST"
|
||||
"/Music/Old"
|
||||
"/Music/Touhou"
|
||||
"/Music/Vocaloid"
|
||||
"/Music/dojin.co"
|
||||
"/Various"
|
||||
"/Various/Zotero"
|
||||
"/Various/resilio"
|
||||
"/Video"
|
||||
"/Video/Anime"
|
||||
"/Video/Concerts"
|
||||
"/Video/Documentaries"
|
||||
"/Video/Movies"
|
||||
"/Video/Musicvideos"
|
||||
"/Video/Series"
|
||||
"/Video/Talks"
|
||||
"/Work"
|
||||
"/Work/Documents"
|
||||
#"/Work/FL Studio" # broken, maybe due to the space?
|
||||
"/Work/Programming"
|
||||
"/Work/School"
|
||||
"/pub"
|
||||
]) ++ (map (mkMount "/mnt/meconium" "192.168.1.3:/Meconium" ) [
|
||||
""
|
||||
"/beets_music"
|
||||
])
|
||||
);
|
||||
|
||||
|
||||
# Time zone and internationalisation properties.
|
||||
|
||||
@ -223,18 +149,16 @@
|
||||
LC_TELEPHONE = "nb_NO.utf8";
|
||||
LC_TIME = "nb_NO.utf8";
|
||||
};
|
||||
services.xserver = {
|
||||
# Configure X11 keymap
|
||||
layout = "no";
|
||||
xkbVariant = "";
|
||||
};
|
||||
console.keyMap = "no";# Configure console keymap
|
||||
services.xserver.layout = "no";
|
||||
services.xserver.xkbVariant = "";
|
||||
console.keyMap = "no";
|
||||
|
||||
|
||||
|
||||
# Installed system packages
|
||||
# $ nix search FOOBAR
|
||||
|
||||
# TODO: prune this, make home-manager deal with the majority
|
||||
environment.systemPackages = with pkgs; [
|
||||
lsof
|
||||
lshw
|
||||
@ -262,6 +186,7 @@
|
||||
curl
|
||||
wget
|
||||
strace
|
||||
killall
|
||||
|
||||
zip
|
||||
unrar
|
||||
@ -317,6 +242,7 @@
|
||||
gh
|
||||
hub
|
||||
|
||||
cachix
|
||||
nix-output-monitor
|
||||
nix-prefetch
|
||||
nix-top
|
||||
@ -336,16 +262,12 @@
|
||||
'';
|
||||
|
||||
# TODO: make this root only?
|
||||
programs.bash.shellAliases = {
|
||||
ed = "micro"; # TODO: ${EDITOR:-micro}
|
||||
};
|
||||
environment.variables = {
|
||||
EDITOR = "micro";
|
||||
};
|
||||
programs.bash.shellAliases."ed" = "micro"; # TODO: ${EDITOR:-micro}
|
||||
environment.variables."EDITOR" = "micro";
|
||||
|
||||
# TODO: remove? Move?
|
||||
programs.dconf.enable = true;
|
||||
|
||||
|
||||
# System fonts
|
||||
# Nice to have when X-forwading on headless machines
|
||||
|
||||
@ -372,110 +294,34 @@
|
||||
services.openssh.forwardX11 = true;
|
||||
|
||||
|
||||
# AutoSSH reverse tunnels
|
||||
|
||||
services.autossh.sessions = let
|
||||
mkSshSession = user: name: host: rport: monitoringPort: {
|
||||
user = user; # local user
|
||||
name = "ssh-reverse-tunnel-${name}-${toString rport}";
|
||||
monitoringPort = monitoringPort;
|
||||
extraArguments = lib.concatStringsSep " " [
|
||||
"-N" # no remote command
|
||||
"-o ServerAliveInterval=10" # check if still alive
|
||||
"-o ServerAliveCountMax=3" # check if still alive
|
||||
"-o ExitOnForwardFailure=yes" # reverse tunnel critical
|
||||
"-R ${toString rport}:127.0.0.1:22" # reverse tunnel
|
||||
host
|
||||
];
|
||||
};
|
||||
in [
|
||||
#(mkSshSession "pbsds" "p7pi" "pi@p7.pbsds.net" 10023 20000) # no mutual signature algorithm
|
||||
(mkSshSession "pbsds" "pbuntu" "pbsds@pbuntu.pbsds.net -p 23" 10023 20002)
|
||||
(mkSshSession "pbsds" "hildring" "pederbs@hildring.pvv.ntnu.no" 25775 20004)
|
||||
];
|
||||
|
||||
|
||||
|
||||
# auto domain update
|
||||
# TODO: use the dyndns endpoint + curl instead
|
||||
|
||||
/**/
|
||||
systemd.services.domeneshop-updater = {
|
||||
description = "domene.shop domain updater";
|
||||
#after = [ "something?.service" ];
|
||||
#wants = [ "something?.service" ];
|
||||
serviceConfig = let
|
||||
env = pkgs.python3.withPackages (ps: with ps; [ pkgs.python3Packages.domeneshop httpx toml ]);
|
||||
prog = pkgs.writeScript "domain-updater.py" ''
|
||||
#!${env}/bin/python
|
||||
from domeneshop import Client
|
||||
import os, httpx, pprint, toml
|
||||
|
||||
def get_pub_ip() -> str:
|
||||
for endpoint, getter in {
|
||||
"http://myip.tf": lambda resp: resp.text,
|
||||
"https://ipinfo.io/json": lambda resp: resp.json()["ip"],
|
||||
"https://api.ipify.org": lambda resp: resp.text,
|
||||
"http://ip.42.pl/raw": lambda resp: resp.text,
|
||||
}.items():
|
||||
resp = httpx.get(endpoint)
|
||||
if not resp.is_success: continue
|
||||
try:
|
||||
return resp.json()["ip"]
|
||||
except:
|
||||
pass
|
||||
else:
|
||||
raise Exception("Could not find external IP")
|
||||
|
||||
# https://www.domeneshop.no/admin?view=api
|
||||
with open("/var/lib/secrets/domeneshop.toml") as f:
|
||||
c = toml.load(f)
|
||||
DOMENESHOP_TOKEN = os.environ.get("DOMENESHOP_TOKEN", c["secrets"]["DOMENESHOP_TOKEN"])
|
||||
DOMENESHOP_SECRET = os.environ.get("DOMENESHOP_SECRET", c["secrets"]["DOMENESHOP_SECRET"])
|
||||
IP_ADDRESS = get_pub_ip() # TODO: both ipv4 and ipv6
|
||||
DOMAINS = {
|
||||
"pbsds.net": {
|
||||
"olavtr": ["A"],
|
||||
},
|
||||
}
|
||||
|
||||
client = Client(DOMENESHOP_TOKEN, DOMENESHOP_SECRET)
|
||||
for domain in client.get_domains():
|
||||
if domain["domain"] not in DOMAINS:
|
||||
continue
|
||||
RECORDS = DOMAINS[domain["domain"]]
|
||||
for record in client.get_records(domain["id"]):
|
||||
if record["host"] in RECORDS \
|
||||
and record["type"] in RECORDS[record["host"]]:
|
||||
print("Found: ", end="")
|
||||
pprint.pprint(record)
|
||||
if record["data"] != IP_ADDRESS:
|
||||
record["data"] = IP_ADDRESS
|
||||
print("Push: ", end="")
|
||||
pprint.pprint(record)
|
||||
client.modify_record(domain_id=domain["id"], record_id=record.pop("id"), record=record)
|
||||
else:
|
||||
print("Nothing done")
|
||||
RECORDS[record["host"]].remove(record["type"])
|
||||
for k, v in list(RECORDS.items()):
|
||||
if not v: RECORDS.pop(k)
|
||||
if not RECORDS: DOMAINS.pop(domain["domain"])
|
||||
if DOMAINS:
|
||||
print("ERROR: The following records were not found:")
|
||||
pprint.pprint(DOMAINS)
|
||||
exit(1)
|
||||
else:
|
||||
print("Success")
|
||||
'';
|
||||
prog = pkgs.writeShellApplication {
|
||||
name = "domeneshop-dyndns-updater.sh";
|
||||
runtimeInputs = with pkgs; [ curl yq ];
|
||||
text = ''
|
||||
test -s /var/lib/secrets/domeneshop.toml || {
|
||||
>&2 echo "ERROR: /var/lib/secrets/domeneshop.toml not found!"
|
||||
exit 1
|
||||
}
|
||||
DOMENESHOP_TOKEN="$(tomlq .secrets.DOMENESHOP_TOKEN /var/lib/secrets/domeneshop.toml --raw-output)"
|
||||
DOMENESHOP_SECRET="$(tomlq .secrets.DOMENESHOP_SECRET /var/lib/secrets/domeneshop.toml --raw-output)"
|
||||
curl https://"$DOMENESHOP_TOKEN":"$DOMENESHOP_SECRET"@api.domeneshop.no/v0/dyndns/update?hostname=olavtr.pbsds.net
|
||||
'';
|
||||
};
|
||||
in {
|
||||
User = "domeneshop";
|
||||
Group = "domeneshop";
|
||||
DynamicUser = true;
|
||||
ExecStart = prog;
|
||||
ExecStart = "${prog}/bin/domeneshop-dyndns-updater.sh";
|
||||
PrivateTmp = true;
|
||||
};
|
||||
};
|
||||
systemd.timers.domeneshop-updater = let interval = "1d"; in {
|
||||
systemd.timers.domeneshop-updater = let interval = "5h"; in {
|
||||
description = "Update domene.shop every ${interval}";
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = {
|
||||
@ -484,7 +330,6 @@
|
||||
Unit = "domeneshop-updater.service";
|
||||
};
|
||||
};
|
||||
/**/
|
||||
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
@ -493,6 +338,7 @@
|
||||
# this value at the release version of the first install of this system.
|
||||
# Before changing this value read the documentation for this option
|
||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "22.05"; # Did you read the comment?
|
||||
system.stateVersion = "22.11"; # Did you read the comment?
|
||||
#system.stateVersion = "22.05"; # Did you read the comment?
|
||||
|
||||
}
|
||||
|
33
hardware-configuration.nix
Normal file
33
hardware-configuration.nix
Normal file
@ -0,0 +1,33 @@
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/fa5f2e24-ab42-4a5f-bf8c-be699b980457";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/5b00f5ca-f7a8-4a69-a93b-8e68d9e369e7"; }
|
||||
];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
|
||||
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
@ -1,47 +1,46 @@
|
||||
# https://nixos.wiki/wiki/Overlays
|
||||
self: super: # final: prev:
|
||||
let
|
||||
|
||||
# WARNING: this works for nixos-rebuild, but not for the nix-build trick shown on the bottom
|
||||
testing = import (fetchTarball {
|
||||
name = "pr-180823";
|
||||
url = "https://github.com/r-ryantm/nixpkgs/archive/cfe56470cb641985d43adba690d5bca5453110fe.tar.gz";
|
||||
sha256 = "0rbncjp2a99l6i4z7w2m86l40m33b3dl9qficfny47kqcfpgyx0b";
|
||||
}) {
|
||||
#config = super.config;
|
||||
};
|
||||
#testing = import (fetchTarball {
|
||||
# name = "pr-180823";
|
||||
# url = "https://github.com/r-ryantm/nixpkgs/archive/cfe56470cb641985d43adba690d5bca5453110fe.tar.gz";
|
||||
# sha256 = "0rbncjp2a99l6i4z7w2m86l40m33b3dl9qficfny47kqcfpgyx0b";
|
||||
#}) {
|
||||
# #config = prev.config;
|
||||
#};
|
||||
|
||||
overridePythonPackages = old: {
|
||||
overrides = self: super: {
|
||||
overrides = final: prev: {
|
||||
|
||||
pdoc = self.callPackage /home/pbsds/repos/nixpkgs-pdoc/pkgs/development/python-modules/pdoc {};
|
||||
#pdoc = final.callPackage /home/pbsds/repos/nixpkgs-pdoc/pkgs/development/python-modules/pdoc { };
|
||||
|
||||
domeneshop = self.callPackage /home/pbsds/repos/nixpkgs-domemeshop/pkgs/development/python-modules/domeneshop {};
|
||||
#domeneshop = final.callPackage /home/pbsds/repos/nixpkgs-domemeshop/pkgs/development/python-modules/domeneshop { };
|
||||
|
||||
shap = self.callPackage /home/pbsds/repos/nixpkgs-catboost/pkgs/development/python-modules/shap {};
|
||||
catboost = self.callPackage /home/pbsds/repos/nixpkgs-catboost/pkgs/development/python-modules/catboost {};
|
||||
analytics-python = self.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/analytics-python {};
|
||||
ffmpy = self.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/ffmpy {};
|
||||
markdown-it-py = self.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/markdown-it-py {};
|
||||
gradio = self.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/gradio {};
|
||||
#shap = final.callPackage /home/pbsds/repos/nixpkgs-catboost/pkgs/development/python-modules/shap { };
|
||||
#catboost = final.callPackage /home/pbsds/repos/nixpkgs-catboost/pkgs/development/python-modules/catboost { };
|
||||
analytics-python = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/analytics-python { };
|
||||
ffmpy = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/ffmpy { };
|
||||
markdown-it-py = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/markdown-it-py { };
|
||||
gradio = final.callPackage /home/pbsds/repos/nixpkgs-gradio/pkgs/development/python-modules/gradio { };
|
||||
|
||||
trivial-gradios = self.callPackage ./trivial-gradios {};
|
||||
trivial-gradios = final.callPackage ./trivial-gradios { };
|
||||
|
||||
};
|
||||
};
|
||||
in { # "final" and "prev"
|
||||
in final: prev: {
|
||||
|
||||
#kukkee = super.callPackage ./kukkee {};
|
||||
#rallly = super.callPackage ./rallly {};
|
||||
#kukkee = prev.callPackage ./kukkee { };
|
||||
#rallly = prev.callPackage ./rallly { };
|
||||
|
||||
#inherit (testing) polaris polaris-web;
|
||||
polaris = super.callPackage /home/pbsds/repos/nixpkgs-polaris/pkgs/servers/polaris {};
|
||||
polaris-web = super.callPackage /home/pbsds/repos/nixpkgs-polaris/pkgs/servers/polaris/web.nix {};
|
||||
#polaris = prev.callPackage /home/pbsds/repos/nixpkgs-polaris/pkgs/servers/polaris { };
|
||||
#polaris-web = prev.callPackage /home/pbsds/repos/nixpkgs-polaris/pkgs/servers/polaris/web.nix { };
|
||||
|
||||
mapcrafter = super.callPackage /home/pbsds/repos/nixpkgs-mapcrafter/pkgs/tools/games/minecraft/mapcrafter/default.nix {};
|
||||
mapcrafter-world112 = super.callPackage /home/pbsds/repos/nixpkgs-mapcrafter/pkgs/tools/games/minecraft/mapcrafter/default.nix {world="world112";};
|
||||
mapcrafter = prev.callPackage /home/pbsds/repos/nixpkgs-mapcrafter/pkgs/tools/games/minecraft/mapcrafter/default.nix { };
|
||||
mapcrafter-world112 = prev.callPackage /home/pbsds/repos/nixpkgs-mapcrafter/pkgs/tools/games/minecraft/mapcrafter/default.nix { world="world112"; };
|
||||
|
||||
#python3.pkgs = super.python3.pkgs.override overridePythonPackages;
|
||||
python3Packages = super.python3Packages.override overridePythonPackages;
|
||||
#python3.pkgs = prev.python3.pkgs.override overridePythonPackages;
|
||||
python3Packages = prev.python3Packages.override overridePythonPackages;
|
||||
|
||||
}
|
||||
|
||||
|
37
profiles/autossh-reverse-tunnels/default.nix
Normal file
37
profiles/autossh-reverse-tunnels/default.nix
Normal file
@ -0,0 +1,37 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
# AutoSSH reverse tunnels
|
||||
|
||||
services.autossh.sessions = let
|
||||
mkSshSession = {user, name, host, rport, monitoringPort}: {
|
||||
user = user; # local user
|
||||
name = "ssh-reverse-tunnel-${name}-${toString rport}";
|
||||
monitoringPort = monitoringPort;
|
||||
extraArguments = lib.concatStringsSep " " [
|
||||
"-N" # no remote command
|
||||
"-o ServerAliveInterval=10" # check if still alive
|
||||
"-o ServerAliveCountMax=3" # check if still alive
|
||||
"-o ExitOnForwardFailure=yes" # reverse tunnel critical
|
||||
"-R ${toString rport}:127.0.0.1:22" # reverse tunnel
|
||||
host
|
||||
];
|
||||
};
|
||||
in [
|
||||
#(mkSshSession {user="root"; name="p7rpi"; host="pi@p7.pbsds.net"; rport=10023; monitoringPort=20000; }) # no mutual signature algorithm
|
||||
(mkSshSession {user="root"; name="pbuntu"; host="pbsds@pbuntu.pbsds.net -p 23"; rport=10023; monitoringPort=20002; })
|
||||
(mkSshSession {user="root"; name="hildring"; host="pederbs@hildring.pvv.ntnu.no"; rport=25775; monitoringPort=20004; })
|
||||
];
|
||||
|
||||
programs.ssh.knownHosts = {
|
||||
# fetch with `ssh-keyscan`
|
||||
"[pbuntu.pbsds.net]:23".publicKey
|
||||
= "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFiAq96DANRP90fBTknL9VagN0HB8O+S6qD17iC8caE3uZ6Wq5a3gpCr/s0T/Cbf8exNYn3zpdLUUUSngN6gMeA=";
|
||||
"p7.pbsds.net".publicKey
|
||||
= "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBMn1GtMCK2T3LoSfwer0VKCTDO2DHYcf7L41YmWda4fObMZk1VJtjV7wn7EsYkpbHUwkeZCd9DcOb7aYwr0OHLU=";
|
||||
"hildring.pvv.ntnu.no".publicKey
|
||||
= "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU=";
|
||||
};
|
||||
#programs.ssh.extraConfig = ''
|
||||
#'';
|
||||
|
||||
}
|
@ -1,14 +1,24 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
# TODO:
|
||||
# * [ ] fix network sandboxing, so the container cant access localhost services on host
|
||||
# * [ ] automatically pull the repo on boot, do i need keys for that?
|
||||
# * [ ] generate a ssh key if not existing
|
||||
# * [ ] attempt to pull, otherwise print the ssh-pubkey
|
||||
# * [ ] Make vscode default to our repo
|
||||
# * [ ] customize the shit out of vscode
|
||||
|
||||
let
|
||||
domain = "${config.networking.hostName}.${config.networking.domain}";
|
||||
mkDomain = subname: "${subname}.${domain}";
|
||||
cnt = config.containers.code-server-theo.config;
|
||||
container-name = "code-server-pandoc";
|
||||
cnt = config.containers.${container-name}.config;
|
||||
in {
|
||||
networking.nat = {
|
||||
enable = true;
|
||||
internalInterfaces = ["ve-+"];
|
||||
externalInterface = "eno1"; # TODO: can i make this dynamic?
|
||||
externalInterface = "eno1"; # TODO: can i make this automatic?
|
||||
#enableIPv6 = true;
|
||||
};
|
||||
|
||||
#imports = [
|
||||
@ -18,12 +28,11 @@ in {
|
||||
# "virtualisation/nixos-containers.nix"
|
||||
#];
|
||||
|
||||
# data can be destroyed with `nixos-container destroy code-server-theo`
|
||||
containers.code-server-theo = {
|
||||
# data can be destroyed with `nixos-container destroy code-server-pandoc`
|
||||
containers.${container-name} = {
|
||||
autoStart = true;
|
||||
|
||||
# container has no network access
|
||||
#
|
||||
privateNetwork = true;
|
||||
hostAddress = "10.240.100.2";
|
||||
localAddress = "10.240.100.3";
|
||||
@ -41,7 +50,7 @@ in {
|
||||
# hostPath = "/var/lib/code-server";
|
||||
# isReadOnly = false;
|
||||
#};
|
||||
config = { config, pkgs, ... }: {
|
||||
config = { config, pkgs, lib, ... }: {
|
||||
system.stateVersion = "22.05";
|
||||
|
||||
#imports = [ <home-manager/nixos> ];
|
||||
@ -49,23 +58,54 @@ in {
|
||||
#home-manager.useGlobalPkgs = true; # brrr
|
||||
#home-manager.users.${config.services.code-server.user} = { pkgs, config, ... }: {
|
||||
# programs.git.enable = true;
|
||||
# programs.git.userName = "Theoharis Theoharis";
|
||||
# programs.git.userName = "Noximilien code-server";
|
||||
# programs.git.userEmail = "theotheo@ntnu.no";
|
||||
#};
|
||||
|
||||
systemd.services.initial-setup = {
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
# TODO: run as the correct user
|
||||
serviceConfig.User = config.services.code-server.user;
|
||||
serviceConfig.Group = config.services.code-server.group;
|
||||
# TODO: make the ssh key comment automatic
|
||||
script = ''
|
||||
test -s "$HOME/.ssh/id_rsa.pub" || {
|
||||
mkdir "$HOME/.ssh"
|
||||
echo "" | ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -a 100 -C "code-server@noximilien" -f "$HOME/.ssh/id_ed25519"
|
||||
echo
|
||||
echo "You pubkey is:"
|
||||
cat "$HOME/.ssh/id_ed25519.pub"
|
||||
echo
|
||||
exit
|
||||
}
|
||||
|
||||
#${pkgs.curl}/bin/curl "https://github.com/pbsds.keys" | grep "$(cat $HOME/.ssh/id_ed25519.pub | cut -d" " -f-2)"
|
||||
|
||||
test -d "$HOME/repos/papers" || {
|
||||
mkdir -p "$HOME/repos"
|
||||
${pkgs.git}/bin/git clone git@github.com:pbsds/papers.git
|
||||
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
||||
services.code-server = {
|
||||
enable = true;
|
||||
host = "0.0.0.0"; # container
|
||||
port = 53754;
|
||||
# if you don't care about security: https://argon2.online/
|
||||
hashedPassword = "$argon2i$v=19$m=16,t=2,p=1$MHh5UGNtU1lWR1UySnhIZw$ITg8U7Gq2CXByuOOnrKVUg";
|
||||
#user = "code-server";
|
||||
#group = "code.server";
|
||||
# a nice tool if you don't care about security: https://argon2.online/
|
||||
hashedPassword = "$argon2i$v=19$m=16,t=2,p=1$MHh5UGNtU1lWR1UySnhIZw$ITg8U7Gq2CXByuOOnrKVUg"; # hunter2
|
||||
package = pkgs.vscode-with-extensions.override {
|
||||
vscode = pkgs.code-server.overrideAttrs (old: {
|
||||
# vscode-with-extensions compatibility
|
||||
# https://github.com/NixOS/nixpkgs/pull/192889
|
||||
passthru.executableName = "code-server";
|
||||
passthru.longName = "Visual Studio Code Server";
|
||||
});
|
||||
#vscodeExtensions = vscode-extensions; [
|
||||
vscodeExtensions = with (import <nixos-unstable> {}).vscode-extensions; [
|
||||
#vscodeExtensions = with (import <nixos-unstable> {}).vscode-extensions; [
|
||||
vscodeExtensions = with pkgs.vscode-extensions; [
|
||||
shd101wyy.markdown-preview-enhanced
|
||||
sanaajani.taskrunnercode
|
||||
tomoki1207.pdf
|
||||
@ -115,6 +155,7 @@ in {
|
||||
];
|
||||
};
|
||||
extraPackages = with pkgs; [
|
||||
# based on https://github.com/pbsds/papers/blob/main/shell.nix
|
||||
(writeShellScriptBin "pandoc" ''
|
||||
export XDG_DATA_HOME=${pandoc-lua-filters}/share
|
||||
exec ${pandoc}/bin/pandoc "$@"
|
||||
@ -136,11 +177,26 @@ in {
|
||||
;
|
||||
})
|
||||
|
||||
(python310.withPackages (ps: with ps; [
|
||||
python-lsp-server
|
||||
numpy
|
||||
matplotlib
|
||||
imageio
|
||||
#(callPackage ./nix-modules/pytikz.nix { })
|
||||
#(callPackage ./nix-modules/pyrender.nix { })
|
||||
]))
|
||||
|
||||
pandoc-imagine
|
||||
haskellPackages.pandoc-crossref
|
||||
#haskellPackages.pandoc-plot
|
||||
#pandoc-plantuml-filter nodePackages.mermaid-cli
|
||||
|
||||
# tikz stuff
|
||||
imagemagick
|
||||
drawio-headless
|
||||
openscad
|
||||
#curv
|
||||
|
||||
bash
|
||||
git
|
||||
bat
|
||||
@ -148,13 +204,6 @@ in {
|
||||
boxes
|
||||
graphviz
|
||||
#python3Packages.cairosvg
|
||||
|
||||
(python3.withPackages (ps: with ps; [
|
||||
numpy
|
||||
matplotlib
|
||||
#python-lsp-server
|
||||
]))
|
||||
|
||||
];
|
||||
};
|
||||
|
||||
@ -165,6 +214,8 @@ in {
|
||||
];
|
||||
};
|
||||
|
||||
# Manually configure nameserver. Using resolved inside the container seems to fail currently
|
||||
#environment.etc."resolv.conf".text = "nameserver 8.8.8.8";
|
||||
};
|
||||
};
|
||||
|
||||
@ -174,10 +225,9 @@ in {
|
||||
locations."/" = {
|
||||
#proxyPass = "http://127.0.0.1:${toString cnt.services.code-server.port}";
|
||||
#proxyPass = "http://10.240.100.3:${toString cnt.services.code-server.port}";
|
||||
proxyPass = "http://${config.containers.code-server-theo.localAddress}:${toString cnt.services.code-server.port}";
|
||||
proxyPass = "http://${config.containers.${container-name}.localAddress}:${toString cnt.services.code-server.port}";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
}
|
||||
|
113
profiles/code-remote/default.nix.bak
Normal file
113
profiles/code-remote/default.nix.bak
Normal file
@ -0,0 +1,113 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
domain = "${config.networking.hostName}.${config.networking.domain}";
|
||||
mkDomain = subname: "${subname}.${domain}";
|
||||
cnt = config.containers.vscode-remote-test.config;
|
||||
in {
|
||||
networking.nat = {
|
||||
enable = true;
|
||||
internalInterfaces = ["ve-+"];
|
||||
externalInterface = "eno1"; # TODO: can i make this dynamic?
|
||||
};
|
||||
|
||||
#imports = [
|
||||
# "/home/pbsds/repos/nixpkgs-trees/containers-mkdir/nixos/modules/virtualisation/nixos-containers.nix"
|
||||
#];
|
||||
#disabledModules = [
|
||||
# "virtualisation/nixos-containers.nix"
|
||||
#];
|
||||
|
||||
containers.vscode-remote-test = {
|
||||
autoStart = true;
|
||||
privateNetwork = true;
|
||||
hostAddress = "10.240.100.2";
|
||||
localAddress = "10.240.100.3";
|
||||
#bindMounts."/home" = {
|
||||
# hostPath = "/var/lib/code-server";
|
||||
# isReadOnly = false;
|
||||
#};
|
||||
config = { config, pkgs, ... }: {
|
||||
system.stateVersion = "22.05";
|
||||
imports = [ <home-manager/nixos> ];
|
||||
home-manager.useUserPackages = true; # install to /etc instead of ~/.nix-profile, needed for containers
|
||||
home-manager.useGlobalPkgs = true; # brrr
|
||||
|
||||
home-manager.users.${config.services.code-server.user} = { pkgs, config, ... }: {
|
||||
programs.git.enable = true;
|
||||
programs.git.userName = "Theoharis Theoharis";
|
||||
programs.git.userEmail = "theotheo@ntnu.no";
|
||||
programs.vscode.extensions = with pkgs.vscode-extensions; [
|
||||
shd101wyy.markdown-preview-enhanced
|
||||
sanaajani.taskrunnercode
|
||||
tomoki1207.pdf
|
||||
];
|
||||
};
|
||||
|
||||
services.code-server = {
|
||||
enable = true;
|
||||
port = 53754;
|
||||
# if you don't care about security: https://argon2.online/
|
||||
hashedPassword = "$argon2i$v=19$m=16,t=2,p=1$MHh5UGNtU1lWR1UySnhIZw$ITg8U7Gq2CXByuOOnrKVUg";
|
||||
extraPackages = with pkgs; [
|
||||
(writeShellScriptBin "pandoc" ''
|
||||
export XDG_DATA_HOME=${pandoc-lua-filters}/share
|
||||
exec ${pandoc}/bin/pandoc "$@"
|
||||
'')
|
||||
|
||||
(texlive.combine {
|
||||
inherit (texlive)
|
||||
scheme-small
|
||||
titlesec
|
||||
fontaxes
|
||||
supertabular
|
||||
xtab
|
||||
# boxed quotes
|
||||
mdframed
|
||||
zref
|
||||
needspace
|
||||
soul
|
||||
atkinson
|
||||
;})
|
||||
|
||||
pandoc-imagine
|
||||
haskellPackages.pandoc-crossref
|
||||
#haskellPackages.pandoc-plot
|
||||
#pandoc-plantuml-filter nodePackages.mermaid-cli
|
||||
|
||||
bash
|
||||
bat
|
||||
gnumake
|
||||
boxes
|
||||
graphviz
|
||||
#python3Packages.cairosvg
|
||||
|
||||
(python3.withPackages (ps: with ps; [
|
||||
numpy
|
||||
matplotlib
|
||||
#python-lsp-server
|
||||
]))
|
||||
|
||||
];
|
||||
};
|
||||
|
||||
#networking.firewall = {
|
||||
# enable = true;
|
||||
# allowedTCPPorts = [ 80 ];
|
||||
#};
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts.${mkDomain "code-remote"} = {
|
||||
forceSSL = true; # addSSL = true;
|
||||
enableACME = true; #useACMEHost = acmeDomain;
|
||||
locations."/" = {
|
||||
#proxyPass = "http://127.0.0.1:${toString cnt.services.code-server.port}";
|
||||
proxyPass = "http://10.240.100.3:${toString cnt.services.code-server.port}";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
}
|
@ -16,10 +16,20 @@ in
|
||||
with builtins; {
|
||||
|
||||
imports = [
|
||||
./modules/webhook.nix
|
||||
#./modules/kukkee.nix
|
||||
<nixos-unstable/nixos/modules/services/misc/polaris.nix>
|
||||
#/home/pbsds/repos/nixpkgs-polaris/nixos/modules/services/misc/polaris.nix
|
||||
|
||||
#<nixos-unstable/nixos/modules/services/misc/polaris.nix>
|
||||
#/home/pbsds/repos/nixpkgs-trees/polaris/nixos/modules/services/misc/polaris.nix
|
||||
/home/pbsds/repos/nixpkgs/polaris-14/nixos/modules/services/misc/polaris.nix
|
||||
];
|
||||
disabledModules = [
|
||||
"services/misc/polaris.nix"
|
||||
];
|
||||
nixpkgs.overlays = [
|
||||
(final: prev: {
|
||||
polaris = prev.callPackage /home/pbsds/repos/nixpkgs/polaris-14/pkgs/servers/polaris { };
|
||||
polaris-web = prev.callPackage /home/pbsds/repos/nixpkgs/polaris-14/pkgs/servers/polaris/web.nix { };
|
||||
})
|
||||
];
|
||||
|
||||
|
||||
@ -46,6 +56,7 @@ with builtins; {
|
||||
|
||||
|
||||
services.nginx.enable = true;
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
|
||||
|
||||
# Website tunnel
|
||||
@ -219,12 +230,12 @@ with builtins; {
|
||||
services.grafana = rec {
|
||||
#enable = true;
|
||||
#addr = "127.0.0.1";
|
||||
addr = "0.0.0.0";
|
||||
port = 3000;
|
||||
domain = mkDomain "grafana";
|
||||
settings.server.http_addr = "0.0.0.0";
|
||||
settings.server.http_port = 3000;
|
||||
settings.server.domain = mkDomain "grafana";
|
||||
#rootUrl = "https://${domain}/grafana/"; # Not needed if it is `https://your.domain/`
|
||||
};
|
||||
services.nginx.virtualHosts."${config.services.grafana.domain}" = lib.mkIf config.services.grafana.enable {
|
||||
services.nginx.virtualHosts."${config.services.grafana.settings.server.domain}" = lib.mkIf config.services.grafana.enable {
|
||||
forceSSL = true; # addSSL = true;
|
||||
enableACME = true; #useACMEHost = acmeDomain;
|
||||
#locations."/grafana/" = {
|
||||
@ -258,7 +269,8 @@ with builtins; {
|
||||
|
||||
# Cryptpad
|
||||
# A collaborative office suite that is end-to-end encrypted and open-source.
|
||||
|
||||
# TODO: https://github.com/NixOS/nixpkgs/pull/180066
|
||||
/*
|
||||
services.cryptpad = {
|
||||
#enable = true; # current node version used is marked insecure
|
||||
# reference: https://github.com/xwiki-labs/cryptpad/blob/main/config/config.example.js
|
||||
@ -305,7 +317,7 @@ with builtins; {
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
|
||||
*/
|
||||
|
||||
|
||||
# Jellyfin
|
||||
@ -320,12 +332,14 @@ with builtins; {
|
||||
openFirewall = false; # I do it manually below:
|
||||
# TODO: configure initial collections and extensions
|
||||
};
|
||||
# firewall
|
||||
networking.firewall = lib.mkIf config.service.jellyfin.enable {
|
||||
# firewall - not needed?
|
||||
/*
|
||||
networking.firewall = lib.mkIf config.services.jellyfin.enable {
|
||||
# TODO: does this overwrite rules set by other stuff? should i use ++ ?
|
||||
#allowedTCPPorts = [ 8096 8920 ];
|
||||
allowedUDPPorts = [ 1900 7359 ]; # TODO: Only if behind a NAT?
|
||||
};
|
||||
*/
|
||||
services.nginx.virtualHosts.${mkDomain "jellyfin"} = lib.mkIf config.services.jellyfin.enable {
|
||||
forceSSL = true; # addSSL = true;
|
||||
enableACME = true; #useACMEHost = acmeDomain;
|
||||
@ -335,6 +349,7 @@ with builtins; {
|
||||
};
|
||||
};
|
||||
# Hardware acceleration
|
||||
# https://nixos.wiki/wiki/Jellyfin
|
||||
nixpkgs.config.packageOverrides = pkgs: {
|
||||
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
|
||||
};
|
||||
@ -345,6 +360,7 @@ with builtins; {
|
||||
vaapiIntel
|
||||
vaapiVdpau
|
||||
libvdpau-va-gl
|
||||
intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
|
||||
];
|
||||
};
|
||||
# Allow Jellyfin access to VAAPI
|
||||
@ -392,20 +408,20 @@ with builtins; {
|
||||
#user = "pbsds";
|
||||
#group = "users";
|
||||
port = 7890;
|
||||
package = pkgs.unstable.polaris; # instead of my overlay, TODO: move that overlay here
|
||||
#package = pkgs.unstable.polaris; # instead of my overlay, TODO: move that overlay here
|
||||
settings = {
|
||||
settings.reindex_every_n_seconds = 7*24*60*60; # weekly, default is 1800, i.e. hourly
|
||||
settings.album_art_pattern =
|
||||
"([Cc]over|COVER|[Ff]older|FOLDER|[Ff]ront|FRONT)\.(jpeg|JPEG|jpg|JPG|png|PNG|bmp|BMP|gif|GIF)";
|
||||
#"(?i)(cover|folder|front)\.(jpeg|jpg|png|bmp|gif)";
|
||||
mount_dirs = [
|
||||
{ source = "/mnt/reidun/Music/Albums"; name = "Albums"; }
|
||||
{ source = "/mnt/reidun/Music/dojin.co"; name = "dojin.co"; }
|
||||
{ source = "/mnt/reidun/Music/Vocaloid"; name = "Vocaloid"; }
|
||||
{ source = "/mnt/reidun/Music/Touhou"; name = "Touhou"; }
|
||||
{ source = "/mnt/reidun/Music/OST"; name = "OST"; }
|
||||
{ source = "/mnt/reidun/Music/Kancolle"; name = "Kancolle"; }
|
||||
{ source = "/mnt/reidun/Downloads/music"; name = "Downloads"; }
|
||||
{ name = "Albums"; source = "/mnt/reidun/Music/Albums"; }
|
||||
{ name = "dojin.co"; source = "/mnt/reidun/Music/dojin.co"; }
|
||||
{ name = "Vocaloid"; source = "/mnt/reidun/Music/Vocaloid"; }
|
||||
{ name = "Touhou"; source = "/mnt/reidun/Music/Touhou"; }
|
||||
{ name = "OST"; source = "/mnt/reidun/Music/OST"; }
|
||||
{ name = "Kancolle"; source = "/mnt/reidun/Music/Kancolle"; }
|
||||
{ name = "Downloads"; source = "/mnt/reidun/Downloads/music"; }
|
||||
];
|
||||
};
|
||||
};
|
||||
@ -580,42 +596,12 @@ with builtins; {
|
||||
};
|
||||
|
||||
|
||||
# Webhook
|
||||
# incoming webhook server that executes shell commands
|
||||
|
||||
/**/
|
||||
services.webhook = {
|
||||
enable = true;
|
||||
#listenHost = "0.0.0.0"; # default is "127.0.0.1"
|
||||
listenPort = 7777; # default is 8080
|
||||
urlPrefix = "spismeg"; # default is "hooks"
|
||||
#httpMethods = [ "GET" "POST" ]; # default is [ "POST" ]
|
||||
settings = [
|
||||
{
|
||||
id = "webhook-id";
|
||||
execute-command = pkgs.writeShellScript "webhook-handler.sh" ''
|
||||
echo foobar;
|
||||
'';
|
||||
}
|
||||
];
|
||||
};
|
||||
services.nginx.virtualHosts.${mkDomain "webhook"} = lib.mkIf config.services.webhook.enable {
|
||||
forceSSL = true; # addSSL = true;
|
||||
enableACME = true; #useACMEHost = acmeDomain;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString config.services.webhook.listenPort}";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
/**/
|
||||
|
||||
|
||||
# Gitea
|
||||
# Git with a cup of tea
|
||||
|
||||
services.gitea = rec {
|
||||
enable = true;
|
||||
disableRegistration = true; # disable after initial deploy
|
||||
settings.service.DISABLE_REGISTRATION = true; # disable after initial deploy
|
||||
#https://docs.gitea.io/en-us/config-cheat-sheet/
|
||||
#settings = {
|
||||
# "cron.sync_external_users" = {
|
||||
@ -645,7 +631,7 @@ with builtins; {
|
||||
httpAddress = "127.0.0.1"; # default is "0.0.0.0"
|
||||
#extraConfig
|
||||
#database.type # default is "sqlite3"
|
||||
cookieSecure = true; # default is false, only send cookies over https
|
||||
settings.session.COOKIE_SECURE = true; # default is false, only send cookies over https
|
||||
#stateDir # default is "/var/lib/gitea"
|
||||
#mailerPasswordFile # Path to a file containing the SMTP password
|
||||
#repositoryRoot # default is "${config.services.gitea.stateDir}/repositories"
|
||||
@ -1098,19 +1084,19 @@ with builtins; {
|
||||
|
||||
services.hedgedoc = {
|
||||
#enable = true; # FIXME: make it load
|
||||
configuration.host = "127.0.0.1";
|
||||
configuration.port = 44776;
|
||||
configuration.db.dialect = "sqlite";
|
||||
configuration.db.storage = "${config.services.hedgedoc.workDir}/db.hedgedoc.sqlite";
|
||||
configuration.domain = mkDomain "hedgedoc";
|
||||
configuration.allowAnonymous = true;
|
||||
configuration.allowEmailRegister = false; # default is true
|
||||
configuration.allowAnonymousEdits = false; # default is false
|
||||
configuration.protocolUseSSL = true; # https prefix
|
||||
configuration.useSSL = false; # nginx terminates ssl
|
||||
#configuration.csp = {TODO}; # content security policy
|
||||
#configuration.useCDN = true;
|
||||
#configuration.debug = true;
|
||||
settings.host = "127.0.0.1";
|
||||
settings.port = 44776;
|
||||
settings.db.dialect = "sqlite";
|
||||
settings.db.storage = "${config.services.hedgedoc.workDir}/db.hedgedoc.sqlite";
|
||||
settings.domain = mkDomain "hedgedoc";
|
||||
settings.allowAnonymous = true;
|
||||
settings.allowEmailRegister = false; # default is true
|
||||
settings.allowAnonymousEdits = false; # default is false
|
||||
settings.protocolUseSSL = true; # https prefix
|
||||
settings.useSSL = false; # nginx terminates ssl
|
||||
#settings.csp = {TODO}; # content security policy
|
||||
#settings.useCDN = true;
|
||||
#settings.debug = true;
|
||||
# there are also a metric fuckton of integration services, like github, twitter, minio, mattermost, dropbox etc.
|
||||
# there are also auth options, like ldap, saml and oauth2
|
||||
};
|
||||
@ -1118,7 +1104,7 @@ with builtins; {
|
||||
forceSSL = true; # addSSL = true;
|
||||
enableACME = true; #useACMEHost = acmeDomain;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString config.services.hedgedoc.configuration.port}";
|
||||
proxyPass = "http://127.0.0.1:${toString config.services.hedgedoc.settings.port}";
|
||||
proxyWebsockets = true;
|
||||
# TODO: proxy headers:
|
||||
# https://docs.hedgedoc.org/guides/reverse-proxy/
|
||||
@ -1186,6 +1172,7 @@ with builtins; {
|
||||
};
|
||||
|
||||
|
||||
|
||||
# vaultwarden
|
||||
# Unofficial Bitwarden compatible server written in Rust
|
||||
|
||||
|
62
profiles/nfs-reidun/default.nix
Normal file
62
profiles/nfs-reidun/default.nix
Normal file
@ -0,0 +1,62 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
|
||||
fileSystems = let
|
||||
mkMount = mountpoint: server: subdir: {
|
||||
"${mountpoint}${subdir}" = {
|
||||
device = "${server}${subdir}";
|
||||
fsType = "nfs";
|
||||
#options = [ "nfsvers=4.2" ];
|
||||
};
|
||||
};
|
||||
# TODO: combine nameValuePair and listToAttrs
|
||||
joinSets = sets: builtins.foldl' (l: r: l // r) {} sets;
|
||||
in joinSets (
|
||||
(map (mkMount "/mnt/reidun" "192.168.1.3:/Reidun/shared") [
|
||||
""
|
||||
"/Backups"
|
||||
"/Comics"
|
||||
"/Downloads"
|
||||
"/Games"
|
||||
"/Games/Installable"
|
||||
"/Games/Portable"
|
||||
"/Games/ROMs"
|
||||
"/ISO"
|
||||
"/Images"
|
||||
"/Images/Collections"
|
||||
"/Images/Memes"
|
||||
"/Images/Pictures"
|
||||
"/Images/Wallpapers"
|
||||
"/Music"
|
||||
"/Music/Albums"
|
||||
"/Music/Kancolle"
|
||||
"/Music/OST"
|
||||
"/Music/Old"
|
||||
"/Music/Touhou"
|
||||
"/Music/Vocaloid"
|
||||
"/Music/dojin.co"
|
||||
"/Various"
|
||||
"/Various/Zotero"
|
||||
"/Various/resilio"
|
||||
"/Video"
|
||||
"/Video/Anime"
|
||||
"/Video/Concerts"
|
||||
"/Video/Documentaries"
|
||||
"/Video/Movies"
|
||||
"/Video/Musicvideos"
|
||||
"/Video/Series"
|
||||
"/Video/Talks"
|
||||
"/Work"
|
||||
"/Work/Documents"
|
||||
#"/Work/FL Studio" # broken, maybe due to the space?
|
||||
"/Work/Programming"
|
||||
"/Work/School"
|
||||
"/pub"
|
||||
]) ++ (map (mkMount "/mnt/meconium" "192.168.1.3:/Meconium" ) [
|
||||
""
|
||||
"/beets_music"
|
||||
])
|
||||
);
|
||||
|
||||
}
|
94
profiles/remote-builders/default.nix
Normal file
94
profiles/remote-builders/default.nix
Normal file
@ -0,0 +1,94 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
#supportedFeatures:
|
||||
# - "kvm" - has hypervisor
|
||||
# - "nixos-test" - the same as ^? nixos?
|
||||
# - "benchmark" - has "equal" performance
|
||||
# - "big-parallel" - is beefy, for stuff like llvm
|
||||
|
||||
# TODO: get a binfmt-misc host for cross stuff
|
||||
# add noximilien, filter (hostName != fqdn)
|
||||
|
||||
remotes = [
|
||||
/**/
|
||||
{
|
||||
systems = ["x86_64-linux"];
|
||||
hostName = "rocm.pbsds.net";
|
||||
sshUser = "pbsds";
|
||||
maxJobs = 8;
|
||||
#maxJobs = 4;
|
||||
#maxJobs = 1; # at least for big-parallel
|
||||
speedFactor = 2;
|
||||
supportedFeatures = [ "kvm" "big-parallel" ];
|
||||
#supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
|
||||
#mandatoryFeatures = [ ];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDuWdqEQ5mmVjuKi6f/Q2PFxuqB3URpgTHid06Vw7we";
|
||||
proxy.user="pederbs";
|
||||
proxy.host="isvegg.pvv.ntnu.no";
|
||||
proxy.publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU=";
|
||||
}
|
||||
/**/
|
||||
{
|
||||
systems = ["x86_64-linux"];
|
||||
hostName = "isvegg.pvv.ntnu.no";
|
||||
sshUser = "pederbs";
|
||||
maxJobs = 1;
|
||||
speedFactor = 0;
|
||||
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGurF7rdnrDP/VgIK2Tx38of+bX/QGCGL+alrWnZ1Ca5llGneMulUt1RB9xZzNLHiaWIE+HOP0i4spEaeZhilfU=";
|
||||
}
|
||||
{
|
||||
systems = ["x86_64-linux"];
|
||||
hostName = "eirin.pvv.ntnu.no";
|
||||
sshUser = "pederbs";
|
||||
maxJobs = 2;
|
||||
speedFactor = 0;
|
||||
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBILGULKEzYe5kPorM0rWATv10qq6debfCuYUYqw3HWZm4Y5Pi7mVKcf8lKFNPc1DxT/dStfxxtHj/2fbezaxElk=";
|
||||
}
|
||||
{
|
||||
systems = ["x86_64-linux"];
|
||||
hostName = "demiurgen.pvv.ntnu.no";
|
||||
sshUser = "pederbs";
|
||||
maxJobs = 2;
|
||||
speedFactor = 0;
|
||||
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKw92q3eB5HZbKJN3p+80MtirqcXPu01USE9LnoGYJuDvko1udjIy4UR0wAwELqgs+r7mJyuQPeXmOZKwjHP6tM=";
|
||||
}
|
||||
/**/
|
||||
];
|
||||
|
||||
mkRemoteConfig = {
|
||||
publicKey,# fetch it with `ssh-keyscan`
|
||||
proxy ? null, # schema: { user, host, publicKey }
|
||||
... # the rest follows nix.buildMachines.<NAME> schema
|
||||
}@args:
|
||||
let
|
||||
buildMachine = lib.filterAttrs (key: _: !builtins.elem key ["publicKey" "proxy"]) args; # this should have syntactic sugar: ...@buildMachine
|
||||
in {
|
||||
nix.buildMachines = [ buildMachine ];
|
||||
programs.ssh.knownHosts.${buildMachine.hostName}.publicKey = publicKey;
|
||||
programs.ssh.extraConfig = ''
|
||||
Host ${buildMachine.hostName}
|
||||
ConnectTimeout 3
|
||||
${lib.optionalString (proxy != null) ''
|
||||
ProxyJump ${proxy.user}@${proxy.host}
|
||||
''}
|
||||
'';
|
||||
programs.ssh.knownHosts.${proxy.host or "IGNORE"} = lib.mkIf (proxy != null) { publicKey = proxy.publicKey; };
|
||||
};
|
||||
|
||||
in {
|
||||
|
||||
nix.distributedBuilds = true;
|
||||
|
||||
# TODO: Allow setting speedFactor for local builds, as local is currently fixed to 0
|
||||
# https://github.com/NixOS/nix/issues/2457
|
||||
|
||||
# useful when the builder has a faster internet connection than i do
|
||||
nix.extraOptions = ''
|
||||
builders-use-substitutes = true
|
||||
'';
|
||||
# TODO: can i make ^ non-string?
|
||||
|
||||
# TIL: this can be a list of configurations and lambdas, not just file paths
|
||||
imports = builtins.map mkRemoteConfig remotes;
|
||||
|
||||
}
|
5
profiles/todos.md
Normal file
5
profiles/todos.md
Normal file
@ -0,0 +1,5 @@
|
||||
* [ ] mv nas/default.nix nas.nix
|
||||
* [ ] mv website/default.nix website.nix
|
||||
* [ ] move each part into web-services, and import them as modules
|
||||
* [ ] make mkDomain a function
|
||||
* [ ] make ACME a function
|
@ -11,6 +11,7 @@ in {
|
||||
|
||||
imports = [
|
||||
./services/pdoc.nix
|
||||
#../services/tt-rss.nix
|
||||
];
|
||||
|
||||
|
||||
@ -22,8 +23,8 @@ in {
|
||||
domain = "gitea.noximilien.pbsds.net";
|
||||
owner = "pbsds";
|
||||
repo = "links.pbsds.net";
|
||||
rev = "fd980f4610f8027b4fc89c506542009f09504085";
|
||||
hash = "sha256-Iz/lfLkdCLJyyZ/PM9+VCkCG5lYSb9/i4x0ZhranBxc=";
|
||||
rev = "61cd605f198a22db87af087fda34c378b03d4306";
|
||||
hash = "sha256-dx19aTy8K9xkL+cO4r4huYKrlVBZMUkDcbjqxLKe8W4=";
|
||||
};
|
||||
in {
|
||||
#serverAliases = map mkDomain [ "links" ];
|
||||
|
@ -85,14 +85,15 @@ let
|
||||
{name="beautifulsoup4"; literal="bs4";}
|
||||
"hid"
|
||||
#{name="hidapi"; literal="hid";}
|
||||
"sanic"
|
||||
#"sanic" # broken build?
|
||||
"paramiko"
|
||||
"pydub"
|
||||
"aiohttp"
|
||||
"papermill"
|
||||
"rtoml"
|
||||
"redis"
|
||||
"numpy"
|
||||
"domeneshop"
|
||||
#"domeneshop"
|
||||
"munch"
|
||||
"migen"
|
||||
"amaranth"
|
||||
@ -109,7 +110,7 @@ let
|
||||
"peewee"
|
||||
"parsel"
|
||||
"pandas"
|
||||
"mutmut"
|
||||
#"mutmut" # moved to toplevel from python3Packages
|
||||
"mlflow"
|
||||
"meshio"
|
||||
#"einops" # depends on tensorflow, which is broken ATM
|
||||
@ -141,7 +142,7 @@ let
|
||||
"asyncpg" #"aiopg"
|
||||
{name="libsass"; literal="sass";}
|
||||
{name="pytorch"; literal="torch";}
|
||||
{name="pytorch-lightning"; literal="pytorch_lightning";}
|
||||
#{name="pytorch-lightning"; literal="pytorch_lightning";} # broken build?
|
||||
{name="pillow"; literal="PIL";}
|
||||
"trio"
|
||||
"tqdm"
|
||||
@ -160,6 +161,7 @@ let
|
||||
"imageio"
|
||||
"pygments"
|
||||
"trimesh"
|
||||
"shapely"
|
||||
#"faiss"
|
||||
#"geomloss"
|
||||
#"mesh_to_sdf"
|
||||
|
21
profiles/xrdp/default.nix
Normal file
21
profiles/xrdp/default.nix
Normal file
@ -0,0 +1,21 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
# https://nixos.wiki/wiki/Remote_Desktop
|
||||
services.xrdp.enable = true;
|
||||
services.xrdp.openFirewall = true; # TCP only
|
||||
|
||||
services.xserver.enable = true;
|
||||
services.xserver.virtualScreen = { x=1920; y=1080; }; # doesn't work?
|
||||
services.xserver.tty = lib.mkDefault null;
|
||||
|
||||
# https://nixos.wiki/wiki/GNOME
|
||||
|
||||
#services.xserver.displayManager.gdm.enable = true;
|
||||
services.xserver.desktopManager.gnome.enable = true;
|
||||
#services.xrdp.defaultWindowManager = "gdm";
|
||||
#services.xrdp.defaultWindowManager = "gnome-shell";
|
||||
#services.xrdp.defaultWindowManager = "gnome-session";
|
||||
services.xrdp.defaultWindowManager = "${pkgs.gnome.gnome-session}/bin/gnome-session"; # remember to `systemctl restart xrdp-sesman` if you change this
|
||||
programs.dconf.enable = true;
|
||||
}
|
@ -6,6 +6,9 @@
|
||||
./modules/jump.nix
|
||||
./modules/micro.nix
|
||||
];
|
||||
disabledModules = [
|
||||
"programs/micro.nix"
|
||||
];
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
@ -73,6 +76,7 @@
|
||||
vgmstream
|
||||
gallery-dl
|
||||
yt-dlp
|
||||
youtube-dl
|
||||
ffmpeg-full
|
||||
|
||||
git
|
||||
@ -90,7 +94,7 @@
|
||||
#tldr
|
||||
entr
|
||||
axel aria
|
||||
bat
|
||||
bat bat-extras.batman # TODO: condition on programs.bat.enable
|
||||
xe # xargs alternative
|
||||
sd # sed alternative
|
||||
fd # find alternative
|
||||
@ -100,9 +104,12 @@
|
||||
jq
|
||||
yq
|
||||
htmlq
|
||||
just
|
||||
sysz
|
||||
du-dust # du alternative
|
||||
ncdu # Disk usage analyzer with an ncurses interface
|
||||
xplr # tui file explorer
|
||||
aha
|
||||
|
||||
mesa-demos
|
||||
cage
|
||||
@ -112,10 +119,12 @@
|
||||
|
||||
librespeed-cli
|
||||
|
||||
cachix
|
||||
nix-template
|
||||
nix-output-monitor
|
||||
nixpkgs-review
|
||||
manix
|
||||
comma
|
||||
|
||||
(python3.withPackages (python-packages: with python-packages; [
|
||||
requests
|
||||
@ -176,6 +185,10 @@
|
||||
gfr = "git pull --rebase";
|
||||
gp = "git pull --rebase --autostash";
|
||||
|
||||
# bat - TODO: condition these on programs.bat.enable ?
|
||||
cat = "bat --style=plain --paging=never";
|
||||
man = "batman";
|
||||
|
||||
python = "ptpython"; # this has too many problems...
|
||||
cpython = "python";
|
||||
|
||||
@ -184,6 +197,8 @@
|
||||
http-server = "${pkgs.python3}/bin/python -m http.server";
|
||||
|
||||
manix-fzf = ''manix "" 2>/dev/null | grep '^# ' | sed 's/^# \(.*\) (.*/\1/;s/ (.*//;s/^# //' | fzf --preview="manix '{}'" | xargs manix'';
|
||||
|
||||
nixpkgs-review = ''mkdir -p /dev/shm/nixpkgs-review && ln -sfn /dev/shm/nixpkgs-review $HOME/.cache/nixpkgs-review && nixpkgs-review'';
|
||||
};
|
||||
programs.bash.enable = true;
|
||||
#programs.bash.enableCompletion = true;
|
||||
@ -212,10 +227,28 @@
|
||||
programs.exa.enable = true;
|
||||
programs.exa.enableAliases = true;
|
||||
programs.direnv.enable = true;
|
||||
programs.just.enable = true;
|
||||
#programs.mpv.bindings
|
||||
#programs.mpv.config
|
||||
|
||||
# TODO: implement programs.bat.enableAliases
|
||||
programs.bat = {
|
||||
enable = true;
|
||||
themes.railscast = builtins.readFile (pkgs.fetchFromGitHub {
|
||||
owner = "jeromedalbert";
|
||||
repo = "sublime-text-railscasttextmate-theme";
|
||||
rev = "0a4861f35e72f9ad4cc1cac42730ea563be2ffd3";
|
||||
hash = "sha256-1Ml5vqP9r6oCfLhaNGPQJXS8e7utxQQycIm3Hk9wE3w=";
|
||||
} + "/railscast-textmate.tmtheme");
|
||||
config.theme = "railscast";
|
||||
#config.style = "plain";
|
||||
config.map-syntax = [
|
||||
"poetry.toml:Toml"
|
||||
"flake.lock:Json"
|
||||
];
|
||||
# only in unstable as of 22.11:
|
||||
#extraPackages = with pkgs.bat-extras; [ batdiff batman batgrep batwatch ];
|
||||
};
|
||||
|
||||
/**/
|
||||
# TODO: upstream this
|
||||
programs.micro.enable = true;
|
||||
@ -259,13 +292,21 @@
|
||||
#xdg.desktopEntries
|
||||
|
||||
gtk.enable = true; # TODO: only if programs.dconf is enabled
|
||||
gtk.theme.name = "vimix-dark-ruby";
|
||||
gtk.theme.package = pkgs.vimix-gtk-themes;
|
||||
#gtk.theme.name = "vimix-dark-ruby"; # TODO: keep vimix as gnome-shell theme?
|
||||
#gtk.theme.package = pkgs.vimix-gtk-themes;
|
||||
gtk.theme.name = "Colloid-Dark";
|
||||
gtk.theme.package = pkgs.colloid-gtk-theme;
|
||||
gtk.iconTheme.name = "Flat-Remix-Blue-Dark";
|
||||
gtk.iconTheme.package = pkgs.flat-remix-icon-theme;
|
||||
dconf.settings."org/gnome/desktop/background" = {
|
||||
"picture-uri" = "file:///mnt/reidun/Images/Wallpapers/1575232313831.jpg";
|
||||
"picture-uri-dark" = "file:///mnt/reidun/Images/Wallpapers/1575232313831.jpg";
|
||||
};
|
||||
|
||||
# TODO: upstream?
|
||||
programs.jump.enableBash = true;
|
||||
|
||||
/** /
|
||||
programs.beets = {
|
||||
enable = true;
|
||||
settings = {
|
||||
@ -278,5 +319,6 @@
|
||||
##library = "/mnt/meconium/beets_music/data.db";
|
||||
};
|
||||
};
|
||||
/**/
|
||||
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user