{ config, pkgs, lib, ... }: { #nixpkgs.overlays = overlays; nixpkgs.config.allowUnfreePredicate = (pkg: true); nixpkgs.config.allowUnfree = true; system.autoUpgrade.enable = true; # daily nixos-rebuild switch, no reboot by default nix.distributedBuilds = true; # useful when the builder has a faster internet connection than i do nix.extraOptions = '' experimental-features = nix-command flakes builders-use-substitutes = true ''; nix.buildMachines = [ /**/ { system = "x86_64-linux"; # can be a list hostName = "rocm.pbsds.net"; sshUser = "pbsds"; maxJobs = 2; speedFactor = 2; #supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; #mandatoryFeatures = [ ]; } /**/ /**/ { system = "x86_64-linux"; # can be a list hostName = "isvegg.pvv.ntnu.no"; sshUser = "pederbs"; maxJobs = 1; speedFactor = 1; #supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; #mandatoryFeatures = [ ]; } /**/ ]; # deduplicate with hardlinks, expensive. Alternative: nix-store --optimise nix.settings.auto-optimise-store = true; #nix.optimize.automatic = true; # periodic optimization nix.gc = { automatic = true; dates = "weekly"; options = "--delete-older-than 30d"; }; # How to override package used by module # https://github.com/NixOS/nixpkgs/issues/55366 imports = [ ./hardware-configuration.nix # results of hardware scan ./profiles/nas # add NAS services ./profiles/websites ./profiles/code-remote ./users ]; disabledModules = [ "services/misc/jellyfin.nix" "services/web-apps/invidious.nix" ]; services.jellyfin.package = pkgs.unstable.jellyfin; services.invidious.package = pkgs.unstable.invidious; nixpkgs.overlays = [ (import ./overlays) ]; # Allow unstable packages. nixpkgs.config.packageOverrides = pkgs: { unstable = import { config = config.nixpkgs.config; }; }; # enable opengl (headless) hardware.opengl.enable = true; #hardware.opengl.extraPackages = [ pkgs.mesa.drivers ]; hardware.opengl.extraPackages = with pkgs; [ mesa.drivers vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl ]; # run/build weird binaries boot.binfmt.emulatedSystems = [ "wasm32-wasi" "x86_64-windows" "aarch64-linux" "riscv64-linux" ]; # Bootloader boot.loader.grub.enable = true; boot.loader.grub.device = "/dev/sda"; boot.loader.grub.useOSProber = true; # Virtualization #services.docker.enable = true; virtualisation = { podman.enable = true; podman.dockerCompat = true; # alias docker to podman oci-containers.backend = "podman"; }; # Networking networking = { # Enable networking networkmanager.enable = true; #wireless.enable = true; # Enables wireless support via wpa_supplicant. hostName = "noximilien"; # Define your hostname. domain = "pbsds.net"; interfaces.eno1.ipv4.addresses = [ { address = "192.168.1.9"; prefixLength = 24; } ]; nameservers = [ "192.168.1.254" "8.8.8.8" ]; defaultGateway = { address = "192.168.1.254"; interface = "eno1"; }; #useDHCP = true; # Configure network proxy if necessary #proxy.default = "http://user:password@proxy:port/"; #proxy.noProxy = "127.0.0.1,localhost,internal.domain"; }; # Open ports in the firewall. #networking.firewall.allowedTCPPorts = [ ... ]; #networking.firewall.allowedUDPPorts = [ ... ]; # Or disable the firewall altogether. networking.firewall.enable = false; # default is true, TEMP # NFS mounts fileSystems = let mkMount = mountpoint: server: subdir: { "${mountpoint}${subdir}" = { device = "${server}${subdir}"; fsType = "nfs"; #options = [ "nfsvers=4.2" ]; }; }; # TODO: combine nameValuePair and listToAttrs joinSets = sets: builtins.foldl' (l: r: l // r) {} sets; in joinSets ( (map (mkMount "/mnt/reidun" "192.168.1.3:/Reidun/shared") [ "" "/Backups" "/Comics" "/Downloads" "/Games" "/Games/Installable" "/Games/Portable" "/Games/ROMs" "/ISO" "/Images" "/Images/Collections" "/Images/Memes" "/Images/Pictures" "/Images/Wallpapers" "/Music" "/Music/Albums" "/Music/Kancolle" "/Music/OST" "/Music/Old" "/Music/Touhou" "/Music/Vocaloid" "/Music/dojin.co" "/Various" "/Various/Zotero" "/Various/resilio" "/Video" "/Video/Anime" "/Video/Concerts" "/Video/Documentaries" "/Video/Movies" "/Video/Musicvideos" "/Video/Series" "/Video/Talks" "/Work" "/Work/Documents" #"/Work/FL Studio" # broken, maybe due to the space? "/Work/Programming" "/Work/School" "/pub" ]) ++ (map (mkMount "/mnt/meconium" "192.168.1.3:/Meconium" ) [ "" "/beets_music" ]) ); # Time zone and internationalisation properties. time.timeZone = "Europe/Oslo"; i18n.defaultLocale = "en_US.utf8"; i18n.extraLocaleSettings = { LC_ADDRESS = "nb_NO.utf8"; LC_IDENTIFICATION = "nb_NO.utf8"; LC_MEASUREMENT = "nb_NO.utf8"; LC_MONETARY = "nb_NO.utf8"; LC_NAME = "nb_NO.utf8"; LC_NUMERIC = "nb_NO.utf8"; LC_PAPER = "nb_NO.utf8"; LC_TELEPHONE = "nb_NO.utf8"; LC_TIME = "nb_NO.utf8"; }; services.xserver = { # Configure X11 keymap layout = "no"; xkbVariant = ""; }; console.keyMap = "no";# Configure console keymap # Installed system packages # $ nix search FOOBAR environment.systemPackages = with pkgs; [ lsof lshw htop file tmux #parallel # already provided by moreutils pwgen git nmap rsync bind.dnsutils graphviz dialog cowsay gnused gnumake coreutils-full moreutils binutils diffutils findutils usbutils bash-completion curl wget strace zip unrar unzip atool p7zip bzip2 gzip atool micro aspell aspellDicts.en aspellDicts.nb vimv dos2unix #rmate # TODO: add to nixpkgs pandoc cargo cargo-edit sqlite #sshuttle visidata weston cage vimix-gtk-themes flat-remix-icon-theme xclip feh sshfs glances zenith fzf tealdeer #tldr entr axel aria bat xe # xargs alternative sd # sed alternative fd # find alternative silver-searcher # `ag` ripgrep jq yq htmlq sysz du-dust # du alternative ncdu # Disk usage analyzer with an ncurses interface gh hub nix-output-monitor nix-prefetch nix-top #nix-index nix-tree nixfmt alejandra ]; # TODO: make this root only? programs.bash.shellInit = '' if command -v fzf-share >/dev/null; then source "$(fzf-share)/key-bindings.bash" source "$(fzf-share)/completion.bash" fi ''; # TODO: make this root only? programs.bash.shellAliases = { ed = "micro"; # TODO: ${EDITOR:-micro} }; environment.variables = { EDITOR = "micro"; }; programs.dconf.enable = true; # System fonts # Nice to have when X-forwading on headless machines fonts.fonts = with pkgs; [ noto-fonts # includes Cousine noto-fonts-cjk noto-fonts-emoji noto-fonts-extra dejavu_fonts ]; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. #programs.mtr.enable = true; #programs.gnupg.agent = { # enable = true; # enableSSHSupport = true; #}; # OpenSSH services.openssh.enable = true; services.openssh.forwardX11 = true; # AutoSSH reverse tunnels services.autossh.sessions = let mkSshSession = user: name: host: rport: monitoringPort: { user = user; # local user name = "ssh-reverse-tunnel-${name}-${toString rport}"; monitoringPort = monitoringPort; extraArguments = lib.concatStringsSep " " [ "-N" # no remote command "-o ServerAliveInterval=10" # check if still alive "-o ServerAliveCountMax=3" # check if still alive "-o ExitOnForwardFailure=yes" # reverse tunnel critical "-R ${toString rport}:127.0.0.1:22" # reverse tunnel host ]; }; in [ #(mkSshSession "pbsds" "p7pi" "pi@p7.pbsds.net" 10023 20000) # no mutual signature algorithm (mkSshSession "pbsds" "pbuntu" "pbsds@pbuntu.pbsds.net -p 23" 10023 20002) (mkSshSession "pbsds" "hildring" "pederbs@hildring.pvv.ntnu.no" 25775 20004) ]; # auto domain update # TODO: use the dyndns endpoint + curl instead /**/ systemd.services.domeneshop-updater = { description = "domene.shop domain updater"; #after = [ "something?.service" ]; #wants = [ "something?.service" ]; serviceConfig = let env = pkgs.python3.withPackages (ps: with ps; [ pkgs.python3Packages.domeneshop httpx toml ]); prog = pkgs.writeScript "domain-updater.py" '' #!${env}/bin/python from domeneshop import Client import os, httpx, pprint, toml def get_pub_ip() -> str: for endpoint, getter in { "http://myip.tf": lambda resp: resp.text, "https://ipinfo.io/json": lambda resp: resp.json()["ip"], "https://api.ipify.org": lambda resp: resp.text, "http://ip.42.pl/raw": lambda resp: resp.text, }.items(): resp = httpx.get(endpoint) if not resp.is_success: continue try: return resp.json()["ip"] except: pass else: raise Exception("Could not find external IP") # https://www.domeneshop.no/admin?view=api with open("/var/lib/secrets/domeneshop.toml") as f: c = toml.load(f) DOMENESHOP_TOKEN = os.environ.get("DOMENESHOP_TOKEN", c["secrets"]["DOMENESHOP_TOKEN"]) DOMENESHOP_SECRET = os.environ.get("DOMENESHOP_SECRET", c["secrets"]["DOMENESHOP_SECRET"]) IP_ADDRESS = get_pub_ip() # TODO: both ipv4 and ipv6 DOMAINS = { "pbsds.net": { "olavtr": ["A"], }, } client = Client(DOMENESHOP_TOKEN, DOMENESHOP_SECRET) for domain in client.get_domains(): if domain["domain"] not in DOMAINS: continue RECORDS = DOMAINS[domain["domain"]] for record in client.get_records(domain["id"]): if record["host"] in RECORDS \ and record["type"] in RECORDS[record["host"]]: print("Found: ", end="") pprint.pprint(record) if record["data"] != IP_ADDRESS: record["data"] = IP_ADDRESS print("Push: ", end="") pprint.pprint(record) client.modify_record(domain_id=domain["id"], record_id=record.pop("id"), record=record) else: print("Nothing done") RECORDS[record["host"]].remove(record["type"]) for k, v in list(RECORDS.items()): if not v: RECORDS.pop(k) if not RECORDS: DOMAINS.pop(domain["domain"]) if DOMAINS: print("ERROR: The following records were not found:") pprint.pprint(DOMAINS) exit(1) else: print("Success") ''; in { User = "domeneshop"; Group = "domeneshop"; DynamicUser = true; ExecStart = prog; PrivateTmp = true; }; }; systemd.timers.domeneshop-updater = let interval = "1d"; in { description = "Update domene.shop every ${interval}"; wantedBy = [ "timers.target" ]; timerConfig = { OnBootSec = "5m"; OnUnitInactiveSec = interval; Unit = "domeneshop-updater.service"; }; }; /**/ # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.05"; # Did you read the comment? }