pederbs/config
pederbs
/
config
2
1
Fork 0
Code Issues Pull Requests Releases Activity
config/configuration.nix

499 lines
12 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{ config, pkgs, lib, ... }:
{
#nixpkgs.overlays = overlays;
nixpkgs.config.allowUnfreePredicate = (pkg: true);
nixpkgs.config.allowUnfree = true;
system.autoUpgrade.enable = true; # daily nixos-rebuild switch, no reboot by default
nix.distributedBuilds = true;
# useful when the builder has a faster internet connection than i do
nix.extraOptions = ''
experimental-features = nix-command flakes
builders-use-substitutes = true
'';
nix.buildMachines = [
/**/
{
system = "x86_64-linux"; # can be a list
hostName = "rocm.pbsds.net";
sshUser = "pbsds";
maxJobs = 2;
speedFactor = 2;
#supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
#mandatoryFeatures = [ ];
}
/**/
/**/
{
system = "x86_64-linux"; # can be a list
hostName = "isvegg.pvv.ntnu.no";
sshUser = "pederbs";
maxJobs = 1;
speedFactor = 1;
#supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
#mandatoryFeatures = [ ];
}
/**/
];
# deduplicate with hardlinks, expensive. Alternative: nix-store --optimise
nix.settings.auto-optimise-store = true;
#nix.optimize.automatic = true; # periodic optimization
nix.gc = {
automatic = true;
dates = "weekly";
options = "--delete-older-than 30d";
};
# How to override package used by module
# https://github.com/NixOS/nixpkgs/issues/55366
imports = [
./hardware-configuration.nix # results of hardware scan
./profiles/nas # add NAS services
./profiles/websites
./profiles/code-remote
./users
<nixos-unstable/nixos/modules/services/misc/jellyfin.nix>
<nixos-unstable/nixos/modules/services/web-apps/invidious.nix>
];
disabledModules = [
"services/misc/jellyfin.nix"
"services/web-apps/invidious.nix"
];
services.jellyfin.package = pkgs.unstable.jellyfin;
services.invidious.package = pkgs.unstable.invidious;
nixpkgs.overlays = [
(import ./overlays)
];
# Allow unstable packages.
nixpkgs.config.packageOverrides = pkgs: {
unstable = import <nixos-unstable> {
config = config.nixpkgs.config;
};
};
# enable opengl (headless)
hardware.opengl.enable = true;
#hardware.opengl.extraPackages = [ pkgs.mesa.drivers ];
hardware.opengl.extraPackages = with pkgs; [ mesa.drivers vaapiIntel libvdpau-va-gl vaapiVdpau intel-ocl ];
# run/build weird binaries
boot.binfmt.emulatedSystems = [
"wasm32-wasi"
"x86_64-windows"
"aarch64-linux"
"riscv64-linux"
];
# Bootloader
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda";
boot.loader.grub.useOSProber = true;
# Virtualization
#services.docker.enable = true;
virtualisation = {
podman.enable = true;
podman.dockerCompat = true; # alias docker to podman
oci-containers.backend = "podman";
};
# Networking
networking = {
# Enable networking
networkmanager.enable = true;
#wireless.enable = true; # Enables wireless support via wpa_supplicant.
hostName = "noximilien"; # Define your hostname.
domain = "pbsds.net";
interfaces.eno1.ipv4.addresses = [
{ address = "192.168.1.9"; prefixLength = 24; }
];
nameservers = [
"192.168.1.254"
"8.8.8.8"
];
defaultGateway = {
address = "192.168.1.254";
interface = "eno1";
};
#useDHCP = true;
# Configure network proxy if necessary
#proxy.default = "http://user:password@proxy:port/";
#proxy.noProxy = "127.0.0.1,localhost,internal.domain";
};
# Open ports in the firewall.
#networking.firewall.allowedTCPPorts = [ ... ];
#networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = false; # default is true, TEMP
# NFS mounts
fileSystems = let
mkMount = mountpoint: server: subdir: {
"${mountpoint}${subdir}" = {
device = "${server}${subdir}";
fsType = "nfs";
#options = [ "nfsvers=4.2" ];
};
};
# TODO: combine nameValuePair and listToAttrs
joinSets = sets: builtins.foldl' (l: r: l // r) {} sets;
in joinSets (
(map (mkMount "/mnt/reidun" "192.168.1.3:/Reidun/shared") [
""
"/Backups"
"/Comics"
"/Downloads"
"/Games"
"/Games/Installable"
"/Games/Portable"
"/Games/ROMs"
"/ISO"
"/Images"
"/Images/Collections"
"/Images/Memes"
"/Images/Pictures"
"/Images/Wallpapers"
"/Music"
"/Music/Albums"
"/Music/Kancolle"
"/Music/OST"
"/Music/Old"
"/Music/Touhou"
"/Music/Vocaloid"
"/Music/dojin.co"
"/Various"
"/Various/Zotero"
"/Various/resilio"
"/Video"
"/Video/Anime"
"/Video/Concerts"
"/Video/Documentaries"
"/Video/Movies"
"/Video/Musicvideos"
"/Video/Series"
"/Video/Talks"
"/Work"
"/Work/Documents"
#"/Work/FL Studio" # broken, maybe due to the space?
"/Work/Programming"
"/Work/School"
"/pub"
]) ++ (map (mkMount "/mnt/meconium" "192.168.1.3:/Meconium" ) [
""
"/beets_music"
])
);
# Time zone and internationalisation properties.
time.timeZone = "Europe/Oslo";
i18n.defaultLocale = "en_US.utf8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "nb_NO.utf8";
LC_IDENTIFICATION = "nb_NO.utf8";
LC_MEASUREMENT = "nb_NO.utf8";
LC_MONETARY = "nb_NO.utf8";
LC_NAME = "nb_NO.utf8";
LC_NUMERIC = "nb_NO.utf8";
LC_PAPER = "nb_NO.utf8";
LC_TELEPHONE = "nb_NO.utf8";
LC_TIME = "nb_NO.utf8";
};
services.xserver = {
# Configure X11 keymap
layout = "no";
xkbVariant = "";
};
console.keyMap = "no";# Configure console keymap
# Installed system packages
# $ nix search FOOBAR
environment.systemPackages = with pkgs; [
lsof
lshw
htop
file
tmux
#parallel # already provided by moreutils
pwgen
git
nmap
rsync
bind.dnsutils
graphviz
dialog
cowsay
gnused
gnumake
coreutils-full
moreutils
binutils
diffutils
findutils
usbutils
bash-completion
curl
wget
strace
zip
unrar
unzip
atool
p7zip
bzip2
gzip
atool
micro
aspell
aspellDicts.en
aspellDicts.nb
vimv
dos2unix
#rmate # TODO: add to nixpkgs
pandoc
cargo
cargo-edit
sqlite
#sshuttle
visidata
weston
cage
vimix-gtk-themes
flat-remix-icon-theme
xclip
feh
sshfs
glances
zenith
fzf
tealdeer #tldr
entr
axel aria
bat
xe # xargs alternative
sd # sed alternative
fd # find alternative
silver-searcher # `ag`
ripgrep
jq
yq
htmlq
sysz
du-dust # du alternative
ncdu # Disk usage analyzer with an ncurses interface
gh
hub
nix-output-monitor
nix-prefetch
nix-top
#nix-index
nix-tree
nixfmt
alejandra
];
# TODO: make this root only?
programs.bash.shellInit = ''
if command -v fzf-share >/dev/null; then
source "$(fzf-share)/key-bindings.bash"
source "$(fzf-share)/completion.bash"
fi
'';
# TODO: make this root only?
programs.bash.shellAliases = {
ed = "micro"; # TODO: ${EDITOR:-micro}
};
environment.variables = {
EDITOR = "micro";
};
programs.dconf.enable = true;
# System fonts
# Nice to have when X-forwading on headless machines
fonts.fonts = with pkgs; [
noto-fonts # includes Cousine
noto-fonts-cjk
noto-fonts-emoji
noto-fonts-extra
dejavu_fonts
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
#programs.mtr.enable = true;
#programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
#};
# OpenSSH
services.openssh.enable = true;
services.openssh.forwardX11 = true;
# AutoSSH reverse tunnels
services.autossh.sessions = let
mkSshSession = user: name: host: rport: monitoringPort: {
user = user; # local user
name = "ssh-reverse-tunnel-${name}-${toString rport}";
monitoringPort = monitoringPort;
extraArguments = lib.concatStringsSep " " [
"-N" # no remote command
"-o ServerAliveInterval=10" # check if still alive
"-o ServerAliveCountMax=3" # check if still alive
"-o ExitOnForwardFailure=yes" # reverse tunnel critical
"-R ${toString rport}:127.0.0.1:22" # reverse tunnel
host
];
};
in [
#(mkSshSession "pbsds" "p7pi" "pi@p7.pbsds.net" 10023 20000) # no mutual signature algorithm
(mkSshSession "pbsds" "pbuntu" "pbsds@pbuntu.pbsds.net -p 23" 10023 20002)
(mkSshSession "pbsds" "hildring" "pederbs@hildring.pvv.ntnu.no" 25775 20004)
];
# auto domain update
# TODO: use the dyndns endpoint + curl instead
/**/
systemd.services.domeneshop-updater = {
description = "domene.shop domain updater";
#after = [ "something?.service" ];
#wants = [ "something?.service" ];
serviceConfig = let
env = pkgs.python3.withPackages (ps: with ps; [ pkgs.python3Packages.domeneshop httpx toml ]);
prog = pkgs.writeScript "domain-updater.py" ''
#!${env}/bin/python
from domeneshop import Client
import os, httpx, pprint, toml
def get_pub_ip() -> str:
for endpoint, getter in {
"http://myip.tf": lambda resp: resp.text,
"https://ipinfo.io/json": lambda resp: resp.json()["ip"],
"https://api.ipify.org": lambda resp: resp.text,
"http://ip.42.pl/raw": lambda resp: resp.text,
}.items():
resp = httpx.get(endpoint)
if not resp.is_success: continue
try:
return resp.json()["ip"]
except:
pass
else:
raise Exception("Could not find external IP")
# https://www.domeneshop.no/admin?view=api
with open("/var/lib/secrets/domeneshop.toml") as f:
c = toml.load(f)
DOMENESHOP_TOKEN = os.environ.get("DOMENESHOP_TOKEN", c["secrets"]["DOMENESHOP_TOKEN"])
DOMENESHOP_SECRET = os.environ.get("DOMENESHOP_SECRET", c["secrets"]["DOMENESHOP_SECRET"])
IP_ADDRESS = get_pub_ip() # TODO: both ipv4 and ipv6
DOMAINS = {
"pbsds.net": {
"olavtr": ["A"],
},
}
client = Client(DOMENESHOP_TOKEN, DOMENESHOP_SECRET)
for domain in client.get_domains():
if domain["domain"] not in DOMAINS:
continue
RECORDS = DOMAINS[domain["domain"]]
for record in client.get_records(domain["id"]):
if record["host"] in RECORDS \
and record["type"] in RECORDS[record["host"]]:
print("Found: ", end="")
pprint.pprint(record)
if record["data"] != IP_ADDRESS:
record["data"] = IP_ADDRESS
print("Push: ", end="")
pprint.pprint(record)
client.modify_record(domain_id=domain["id"], record_id=record.pop("id"), record=record)
else:
print("Nothing done")
RECORDS[record["host"]].remove(record["type"])
for k, v in list(RECORDS.items()):
if not v: RECORDS.pop(k)
if not RECORDS: DOMAINS.pop(domain["domain"])
if DOMAINS:
print("ERROR: The following records were not found:")
pprint.pprint(DOMAINS)
exit(1)
else:
print("Success")
'';
in {
User = "domeneshop";
Group = "domeneshop";
DynamicUser = true;
ExecStart = prog;
PrivateTmp = true;
};
};
systemd.timers.domeneshop-updater = let interval = "1d"; in {
description = "Update domene.shop every ${interval}";
wantedBy = [ "timers.target" ];
timerConfig = {
OnBootSec = "5m";
OnUnitInactiveSec = interval;
Unit = "domeneshop-updater.service";
};
};
/**/
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.05"; # Did you read the comment?
}
Reference in New Issue View Git Blame Copy Permalink