diff options
Diffstat (limited to 'machines/profpatsch')
-rw-r--r-- | machines/profpatsch/base-workstation.nix | 96 | ||||
-rw-r--r-- | machines/profpatsch/base.nix | 2 | ||||
-rw-r--r-- | machines/profpatsch/haku.nix | 64 | ||||
-rw-r--r-- | machines/profpatsch/lib.nix | 2 | ||||
-rw-r--r-- | machines/profpatsch/shiki.nix | 88 |
5 files changed, 167 insertions, 85 deletions
diff --git a/machines/profpatsch/base-workstation.nix b/machines/profpatsch/base-workstation.nix index ad7d6140..82dee85d 100644 --- a/machines/profpatsch/base-workstation.nix +++ b/machines/profpatsch/base-workstation.nix @@ -1,4 +1,4 @@ -# A base configuration that still assumes a workstation +# A base configuration for Thinkpads. { pkgs, lib, ... }: let myPkgs = import ./pkgs.nix { inherit pkgs lib myLib; }; @@ -14,6 +14,9 @@ in { config = { + ########### + # Hardware + boot.loader = { grub.enable = true; grub.version = 2; @@ -34,13 +37,76 @@ in { i18n = { consoleFont = "lat9w-16"; consoleKeyMap = "neo"; - # TODO: kinda broken? - # inputMethod = { - # enabled = "fcitx"; - # fcitx.engines = with pkgs.fcitx-engines; [ mozc ]; - # }; }; + # Enables drivers, acpi, power management + vuizvui.hardware.thinkpad.enable = true; + + ################### + # Graphical System + + services.xserver = { + + enable = true; + layout = "de"; + xkbVariant = "neo"; + xkbOptions = "altwin:swap_alt_win"; + serverFlagsSection = '' + Option "StandbyTime" "10" + Option "SuspendTime" "20" + Option "OffTime" "30" + ''; + + # otherwise xterm is enabled, creating an xterm that spawns the window manager. + desktopManager.xterm.enable = false; + + windowManager.xmonad = { + enable = true; + enableContribAndExtras = true; + }; + + displayManager = { + sessionCommands = with pkgs; '' + #TODO add as nixpkg + export PATH+=":$HOME/scripts" #add utility scripts + export EDITOR=emacsclient + export TERMINAL=${lilyterm-git}/bin/lilyterm + + ${xorg.xset}/bin/xset r rate 250 35 + + set-background & + # TODO xbindkeys user service file + ${lib.getBin xbindkeys}/bin/xbindkeys + # synchronize clipboards + ${lib.getBin autocutsel}/bin/autocutsel -s PRIMARY & + ''; + }; + + synaptics = { + enable = true; + minSpeed = "0.6"; + maxSpeed = "1.5"; + accelFactor = "0.015"; + twoFingerScroll = true; + vertEdgeScroll = false; + }; + + }; + + fonts.fontconfig = { + enable = true; + defaultFonts = { + monospace = [ "Source Code Pro" "DejaVu Sans Mono" ]; # TODO does not work + sansSerif = [ "Liberation Sans" ]; + }; + ultimate = { + enable = true; + substitutions = "combi"; + preset = "ultimate4"; + }; + }; + + programs.ssh.startAgent = false; ########### @@ -53,6 +119,7 @@ in { # of utmost necessity for me to function basePkgs = [ silver-searcher # file content searcher, > ack > grep + lr # list recursively, ls & find replacement dos2unix # text file conversion manpages # system manpages (not included by default) mkpasswd # UNIX password creator @@ -62,7 +129,12 @@ in { traceroute # trace ip routes wirelesstools # iwlist (wifi scan) ]; - in basePkgs; + # minimal set of gui applications + guiPkgs = [ + lilyterm-git # terminal emulator, best one around + dmenu # minimal launcher + ]; + in basePkgs ++ guiPkgs; # friendly user shell programs.fish.enable = true; @@ -77,15 +149,7 @@ in { # bounded journal size services.journald.extraConfig = "SystemMaxUse=50M"; - services.xserver = { - # otherwise xterm is enabled, creating an xterm that spawns the window manager. - desktopManager.xterm.enable = false; - - windowManager.xmonad = { - enable = true; - enableContribAndExtras = true; - }; - }; + vuizvui.programs.fish.fasd.enable = true; ######## # Users diff --git a/machines/profpatsch/base.nix b/machines/profpatsch/base.nix index a44f36d6..e91a7b12 100644 --- a/machines/profpatsch/base.nix +++ b/machines/profpatsch/base.nix @@ -42,6 +42,8 @@ in tmux # detachable terminal multiplexer wget # the other URL file fetcher myPkgs.vim # slight improvement over vi + lr # list recursively, ls & find replacement + xe # xargs with a modern interface ]; i18n = { diff --git a/machines/profpatsch/haku.nix b/machines/profpatsch/haku.nix index 8b81378b..866fc05b 100644 --- a/machines/profpatsch/haku.nix +++ b/machines/profpatsch/haku.nix @@ -5,6 +5,18 @@ let myPkgs = import ./pkgs.nix { inherit pkgs lib myLib; }; warpspeedPort = 1338; + ethernetInterface = "enp0s20"; + wireguard = { + port = 6889; + interface = "wg0"; + internalNetwork = + let genIp = cidr: lastByte: "10.42.0.${toString lastByte}/${toString cidr}"; + in { + addr = genIp 32; + range = genIp 24 0; + server = genIp 24 1; + }; + }; myKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNMQvmOfon956Z0ZVdp186YhPHtSBrXsBwaCt0JAbkf/U/P+4fG0OROA++fHDiFM4RrRHH6plsGY3W6L26mSsCM2LtlHJINFZtVILkI26MDEIKWEsfBatDW+XNAvkfYEahy16P5CBtTVNKEGsTcPD+VDistHseFNKiVlSLDCvJ0vMwOykHhq+rdJmjJ8tkUWC2bNqTIH26bU0UbhMAtJstWqaTUGnB0WVutKmkZbnylLMICAvnFoZLoMPmbvx8efgLYY2vD1pRd8Uwnq9MFV1EPbkJoinTf1XSo8VUo7WCjL79aYSIvHmXG+5qKB9ed2GWbBLolAoXkZ00E4WsVp9H philip@nyx"; @@ -69,6 +81,7 @@ in "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCUgS0VB5XayQobQfOi0tYeqpSSCXzftTKEyII4OYDhuF0/CdXSqOIvdqnWQ8933lPZ5234qCXCniIlRJpJQLBPJdJ7/XnC6W37asuft6yVYxTZnZat8edCuJETMvwZJZNttxHC04k3JPf9RMj25luICWabICH5XP9Mz3GoWSaOz7IOm7jiLQiF3UtiFOG06w76d3UfcIVbqjImwWv8nysphi9IQfL0XgC24zNE6LSeE7IN5xTOxoZxORQGsCEnFNCPevReNcSB0pI9xQ1iao7evaZkpzT4D4iQ/K7Ss8dsfFWN30NPMQS5ReQTUKtmGn1YlgkitiYTEXbMjkYbQaQr daniel@shadow" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtfWeIH7YZpWUUOZ3oC5FB2/J+P3scxm29gUQdVij/K0TuxW1yN/HtcvrO1mwSshS6sNZ2N6/Kb6+kuGyx1mEnaFt87K5ucxC7TNqiURh4eeZE1xX7B5Ob8TVegrBxoe+vcfaoyxn7sUzgF719H0aYC7PP6p3AIbhq3hRLcvY26u9/gZ39H79A71wCunauvpcnpb+rqyJMN6m2YoeOcoloe7wUDI8Xw5dUetHpNKn9k1vzS16CdwP4pAKI8aBtdNK7ZojVMe9LfBG8HHPr9K+cwcaxQuXkFBJzrfrtBCfQwrgWppsu/W/kGBs1ybku2bOFI5UXJBnsraXQqr1NLIfL phj@phj-X220" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDj8dla7nOE7RSho2/9LAn+DANYkB1BmMoNryzTQ5mUJWukf5coCc+aNJcXYeu5dSTEicW2qQuD8mt8SDI5Qzv4oSpIYEsd0j4eW/BlC5XYd+4jS7Hfk/a1mJjMG7jdvOUtK3lLtrKaHxVUUjqdxKzzFBZlPov6FgHSJ//h1HxreV/Y0jL94qSvK39FZde5xlV/wQBvpglrMNu7FFWqyeKrOZ7U8D70scFliIuPok/02iQ31P+ncUfV3XrFyJodQq8J3hYEorGVKp3nNM1zaLlg8uqHk18Zt0GFnEAClBrC13yjM0jpMvaMyuXMaWuKeqsBZeUyaSo1j6BNsW/bFjiJ thomas-glamsch@gmx.de" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCneS9f0u6sITEzKULgIK7LGKskPpyXlQoSLB6aYAS9ZUkZXHh97XwIQqv20/edsAwpKhSSw//n08bvlYjpUSDAg9V/iZzdEV1M7fxek1c0rxtFxbeCds5K67JV+wGEusVyQdtmVzyshBBg+Mk/66E3KgqMyjCyGPk/0qWaj6187DOxerbXI5QkO7lCPIa5jP2YR4yzmFomcGb4PqpPlWfOcjjEjtpenQkhy7iS0ukfkQ9jhIcppuvkZ9A8PL/ccHDNVg0YKNJbsviB5MwKm/6drK87fprP9SP0i7QZsdKhaaW3rQtzCiWup4Avwx91VfeLvef8JJnmDrx+tR7azdGCiiRQvLakT2aIyMSTcDG41PYsesFvqBhRidSgzdZ4I2jjT1iHL4XREQVSjB5voAFdXHrndZj9PT8mTMo1RsdM1YMspHD1ohn2a3YkzKHD6g1n0UM379lyJ2mBEA1w+Nb48s60Mecuy2MlFgN6MbwYXifJkm806nI09ExEfgan8JvWOUQLgCDtp4mGt62vYMmBb5UqyUpvTcPbxoAbpHx+LEAD9Q0OE8S8WGnmkXxnnP2fL1fkcL1wjwvDbW0q9ezl9SrMfxcd+n46kbkYnSJ8HwZSZPX3wn2FAqIAKR+46BSsXW5FTo0xwR9wEjaBC7/6PxcxmAivGJZzYUZ0cjCCOw== lisanne.wolters@gmx.net" ]; }; }; @@ -111,15 +124,54 @@ in }; networking = { + nat = { + enable = true; + externalInterface = ethernetInterface; + internalInterfaces = [ wireguard.interface ]; + }; + hostName = "haku"; firewall = { - allowedTCPPorts = - [ 80 443 - ]; - allowedTCPPortRanges = - # rtorrent - [{ from = 6881; to = 6889; }]; + allowedTCPPorts = [ + 80 443 + 6882 + 1337 2342 4223 + 60100 + ]; + allowedUDPPorts = [ + wireguard.port + 60100 + ]; + # forward wireguard connections to ethernet device (VPN) + extraCommands = '' + iptables -t nat -A POSTROUTING -s ${wireguard.internalNetwork.range} -o ${ethernetInterface} -j MASQUERADE + '' + # drop every other kind of forwarding, except from wg0 to epn (and bridge wg) + + '' + iptables -P FORWARD DROP + iptables -A FORWARD -i ${wireguard.interface} -o ${ethernetInterface} -j ACCEPT + iptables -A FORWARD -o ${wireguard.interface} -i ${ethernetInterface} -j ACCEPT + iptables -A FORWARD -i ${wireguard.interface} -o ${wireguard.interface} -j ACCEPT + ''; }; + + wireguard.interfaces.${wireguard.interface} = { + ips = [ wireguard.internalNetwork.server ]; + listenPort = wireguard.port; + privateKeyFile = "/root/keys/wg/vpn.priv"; + + peers = [ + { # shiki (TODO: factor out) + publicKey = "x3ko/R8PLzcyjVjqot9qmGBb3NrG/4JvgRkIOQMEsUA="; + allowedIPs = [ (wireguard.internalNetwork.addr 2) ]; + } + { # mushu + publicKey = "Stx6N4/JurtAuYX+43WPOCLBqheE99O6WRvxW+sd3jw="; + allowedIPs = [ (wireguard.internalNetwork.addr 3) ]; + } + ]; + }; + nameservers = [ "62.210.16.6" "62.210.16.7" diff --git a/machines/profpatsch/lib.nix b/machines/profpatsch/lib.nix index 745fc156..ae730824 100644 --- a/machines/profpatsch/lib.nix +++ b/machines/profpatsch/lib.nix @@ -6,7 +6,7 @@ rec { philip = rec { name = "philip"; - extraGroups = [ "wheel" "networkmanager" ]; + extraGroups = [ "wheel" "networkmanager" "docker" "vboxuser" "libvirtd" ]; uid = 1000; createHome = true; home = "/home/philip"; diff --git a/machines/profpatsch/shiki.nix b/machines/profpatsch/shiki.nix index f916905d..4d66f81e 100644 --- a/machines/profpatsch/shiki.nix +++ b/machines/profpatsch/shiki.nix @@ -51,12 +51,17 @@ in { support32Bit = true; }; # steam - hardware.opengl.driSupport32Bit = true; - # needed by some games (TODO: general module for games) - # hardware.opengl.driSupport32Bit = true; + hardware.opengl.driSupport32Bit = true; - vuizvui.hardware.thinkpad.enable = true; + # TODO: kinda broken? + # i18n = { + # inputMethod = { + # enabled = "fcitx"; + # Japanese input + # fcitx.engines = with pkgs.fcitx-engines; [ mozc ]; + # }; + # }; ###### # Nix @@ -110,8 +115,10 @@ in { # wifiAndEthernet = { # interfaces = [ "wlp3s0" "enp0s25" ]; # driverOptions = { - # miimon = "100"; + # # how often to check for link failures, i.e. ethernet down (ms) + # miimon = "500"; # primary = "enp0s25"; + # primary_reselect = "always"; # mode = "active-backup"; # }; # }; @@ -137,7 +144,6 @@ in { wpa_supplicant_gui # configure wireless connections ]; xPkgs = [ - dmenu # simple UI menu builder dunst # notification daemon (interfaces with libnotify) # TODO: replace by xscreensaver or i3lock alock # lock screen @@ -156,6 +162,7 @@ in { # myPkgs.fast-init # fast-init of haskell projects gitAndTools.git-annex # version controlled binary file storage gitAndTools.git-dit # decentral issue tracking for git + gitAndTools.git-hub # lightweight GitHub integration # TODO: move to user config go @@ -166,7 +173,7 @@ in { pkgs.vuizvui.profpatsch.nix-http-serve # serve nix builds and rebuild on reloads pkgs.vuizvui.profpatsch.nman # open man pages in temporary nix shell pkgs.vuizvui.profpatsch.warpspeed # trivial http file server - pkgs.vuizvui.profpatsch.nix-gen # generate nix expressions + # pkgs.vuizvui.profpatsch.nix-gen # generate nix expressions pkgs.vuizvui.profpatsch.watch-server # restart server on code change pkgs.vuizvui.profpatsch.until # restart until cmd succeeds myPkgs.execlineb-with-builtins @@ -192,7 +199,6 @@ in { gimp # graphics inkscape # vector graphics libreoffice # a giant ball of C++, that sometimes helps with proprietary shitformats - lilyterm-git # terminal emulator, best one around myPkgs.mpv # you are my sun and my stars, and you play my stuff. pass # standard unix password manager picard # jean-luc, music tagger @@ -204,8 +210,14 @@ in { youtube-dl # download videos zathura # pdf viewer ]; - userScripts = with pkgs.vuizvui.profpatsch; [ + userScripts = with pkgs.vuizvui.profpatsch; + let + di-notify = pkgs.writers.writeBashBin "display-infos-notify" '' + ${pkgs.libnotify}/bin/notify-send "$(${display-infos}/bin/display-infos)" + ''; + in [ display-infos # show time & battery + di-notify # same, but pipe to libnotify show-qr-code # display a QR code backlight # adjust laptop backlight ]; @@ -224,6 +236,8 @@ in { redshift # increases screen warmth at night (so i don’t have to feel cold) # pdfjam is the best CLI pdf modification suite (texlive.combine { inherit (texlive) scheme-small pdfjam; }) + # move script/nix-cache-binary to here + cdb ]; in systemPkgs ++ xPkgs ++ guiPkgs ++ programmingTools ++ documentation @@ -242,63 +256,16 @@ in { LidSwitchIgnoreInhibited=no ''; + # TMP + + vuizvui.services.guix.enable = true; ################### # Graphical System services.xserver = { - enable = true; - layout = "de"; - xkbVariant = "neo"; - xkbOptions = "altwin:swap_alt_win"; - serverFlagsSection = '' - Option "StandbyTime" "10" - Option "SuspendTime" "20" - Option "OffTime" "30" - ''; - - synaptics = { - enable = true; - minSpeed = "0.6"; - maxSpeed = "1.5"; - accelFactor = "0.015"; - twoFingerScroll = true; - vertEdgeScroll = false; - }; - - videoDrivers = [ "intel" ]; - - displayManager = { - sessionCommands = with pkgs; '' - #TODO add as nixpkg - export PATH+=":$HOME/scripts" #add utility scripts - export EDITOR=emacsclient - export TERMINAL=${lilyterm}/bin/lilyterm - - ${xorg.xset}/bin/xset r rate 250 35 - - set-background & - # TODO xbindkeys user service file - ${lib.getBin xbindkeys}/bin/xbindkeys - # synchronize clipboards - ${lib.getBin autocutsel}/bin/autocutsel -s PRIMARY & - ''; - }; - }; - fonts.fontconfig = { - enable = true; - defaultFonts = { - monospace = [ "Source Code Pro" "DejaVu Sans Mono" ]; # TODO does not work - sansSerif = [ "Liberation Sans" ]; - }; - ultimate = { - enable = true; - substitutions = "combi"; - preset = "ultimate4"; - }; - }; fonts.fonts = with pkgs; [ unfreeAndNonDistributablePkgs.corefonts source-han-sans-japanese @@ -328,9 +295,6 @@ in { }; }; - # TODO: base config? - vuizvui.programs.fish.fasd.enable = true; - vuizvui.user.profpatsch.programs.scanning = { enable = true; #remoteScanners = '' |