diff options
Diffstat (limited to 'machines')
| -rw-r--r-- | machines/aszlig/dnyarri.nix | 2 | ||||
| -rw-r--r-- | machines/aszlig/managed/brawndo.nix | 5 | ||||
| -rw-r--r-- | machines/aszlig/managed/shakti.nix | 1 | ||||
| -rw-r--r-- | machines/aszlig/managed/tyree.nix | 1 | ||||
| -rw-r--r-- | machines/default.nix | 7 | ||||
| -rw-r--r-- | machines/devhell/eir.nix (renamed from machines/devhell/eris.nix) | 36 | ||||
| -rw-r--r-- | machines/devhell/gunnr.nix | 158 | ||||
| -rw-r--r-- | machines/devhell/hildr.nix (renamed from machines/devhell/titan.nix) | 36 | ||||
| -rw-r--r-- | machines/devhell/sigrun.nix (renamed from machines/devhell/skunkworks.nix) | 17 | ||||
| -rw-r--r-- | machines/profpatsch/base-workstation.nix | 96 | ||||
| -rw-r--r-- | machines/profpatsch/base.nix | 2 | ||||
| -rw-r--r-- | machines/profpatsch/haku.nix | 64 | ||||
| -rw-r--r-- | machines/profpatsch/lib.nix | 2 | ||||
| -rw-r--r-- | machines/profpatsch/shiki.nix | 88 |
14 files changed, 383 insertions, 132 deletions
diff --git a/machines/aszlig/dnyarri.nix b/machines/aszlig/dnyarri.nix index 7e42f607..482395ee 100644 --- a/machines/aszlig/dnyarri.nix +++ b/machines/aszlig/dnyarri.nix @@ -63,7 +63,7 @@ in { # This is very ugly and I really want to avoid non-free packages on all # of my workstations. But right now I need to get rid of useless paper. nixpkgs.config.allowUnfreePredicate = pkg: let - inherit (builtins.parseDrvName pkg.name) name; + inherit (builtins.parseDrvName (pkg.name or "")) name; in name == "hplip"; nixpkgs.overlays = lib.singleton (lib.const (super: { hplip = super.hplip.override { withPlugin = true; }; diff --git a/machines/aszlig/managed/brawndo.nix b/machines/aszlig/managed/brawndo.nix index 0275a4e5..d08b7a3d 100644 --- a/machines/aszlig/managed/brawndo.nix +++ b/machines/aszlig/managed/brawndo.nix @@ -44,10 +44,7 @@ in { services = { deluge.enable = true; - printing.drivers = [ pkgs.cups-bjnp ]; - - xserver.synaptics.enable = true; - xserver.synaptics.twoFingerScroll = true; + printing.drivers = [ pkgs.cups-bjnp pkgs.cnijfilter2 ]; }; swapDevices = lib.singleton { label = "swap"; }; diff --git a/machines/aszlig/managed/shakti.nix b/machines/aszlig/managed/shakti.nix index 9e7856b8..449bbe3c 100644 --- a/machines/aszlig/managed/shakti.nix +++ b/machines/aszlig/managed/shakti.nix @@ -65,7 +65,6 @@ nix.maxJobs = 4; services.xserver.xkbOptions = "eurosign:e,caps:none"; - services.xserver.libinput.enable = true; services.deluge.enable = true; diff --git a/machines/aszlig/managed/tyree.nix b/machines/aszlig/managed/tyree.nix index 151a53ef..3768f11c 100644 --- a/machines/aszlig/managed/tyree.nix +++ b/machines/aszlig/managed/tyree.nix @@ -62,7 +62,6 @@ services.xserver.xkbOptions = "eurosign:e,caps:none"; services.xserver.wacom.enable = true; - services.xserver.libinput.enable = true; vuizvui.user.aszlig.profiles.managed.enable = true; vuizvui.user.aszlig.profiles.managed.mainUser = "bla"; diff --git a/machines/default.nix b/machines/default.nix index 1f33708f..236d2a5d 100644 --- a/machines/default.nix +++ b/machines/default.nix @@ -12,9 +12,10 @@ with import ../lib; }; }; devhell = { - eris = callMachine devhell/eris.nix {}; - skunkworks = callMachine devhell/skunkworks.nix {}; - titan = callMachine devhell/titan.nix {}; + eir = callMachine devhell/eir.nix {}; + sigrun = callMachine devhell/sigrun.nix {}; + hildr = callMachine devhell/hildr.nix {}; + gunnr = callMachine devhell/gunnr.nix {}; }; openlab = { hannswurscht = callMachine ./openlab/hannswurscht.nix {}; diff --git a/machines/devhell/eris.nix b/machines/devhell/eir.nix index e878e6e6..a76be6e5 100644 --- a/machines/devhell/eris.nix +++ b/machines/devhell/eir.nix @@ -27,6 +27,7 @@ }; hardware = { + cpu.intel.updateMicrocode = true; opengl = { enable = true; extraPackages = [ pkgs.libvdpau-va-gl pkgs.vaapiVdpau pkgs.vaapiIntel ]; @@ -54,11 +55,11 @@ # FIXME Check if this is still necessary in the future systemd.services.systemd-networkd-wait-online.enable = false; - # XXX Ensure that these are added in addition to the DHCP proviced DNS servers - systemd.network.networks."99-main".dns = [ "1.1.1.1" "8.8.8.8" ]; + # XXX Ensure that these are added in addition to the DHCP provided DNS servers + systemd.network.networks."99-main".dns = [ "1.1.1.1" "1.0.0.1" ]; networking = { - hostName = "eris"; + hostName = "eir"; wireless.iwd.enable = true; useNetworkd = true; }; @@ -73,7 +74,7 @@ }; i18n = { - consoleFont = "lat9w-16"; + consoleFont = "Lat2-Terminus16"; consoleKeyMap = "uk"; defaultLocale = "en_GB.UTF-8"; }; @@ -83,12 +84,23 @@ vuizvui.user.devhell.profiles.services.enable = true; services = { + thermald.enable = true; tftpd.enable = false; gnome3.gnome-keyring.enable = true; printing = { enable = true; drivers = [ pkgs.foo2zjs pkgs.hplip pkgs.cups-brother-hl1110 ]; }; + offlineimap = { + enable = true; + install = true; + path = [ pkgs.notmuch ]; + }; + syncthing = { + enable = true; + user = "dev"; + dataDir = "/home/dev/syncthing/"; + }; }; services.udev = { @@ -110,17 +122,10 @@ ''; }; - services.compton = { - enable = true; - extraOptions = '' - inactive-dim = 0.2; - ''; - }; - services.xserver = { enable = true; layout = "gb"; - videoDrivers = [ "intel" ]; + videoDrivers = [ "modesetting" ]; libinput = { enable = true; @@ -137,10 +142,6 @@ # duplicated in the other machine configurations. displayManager.sessionCommands = '' ${pkgs.nitrogen}/bin/nitrogen --restore & - #${pkgs.xorg.xsetroot}/bin/xsetroot -solid black - #${pkgs.networkmanagerapplet}/bin/nm-applet & - #${pkgs.pasystray}/bin/pasystray & - #${pkgs.compton}/bin/compton -f & ${pkgs.rofi}/bin/rofi & ${pkgs.xorg.xrdb}/bin/xrdb "${pkgs.writeText "xrdb.conf" '' Xft.dpi: 96 @@ -224,6 +225,8 @@ nixpkgs.config.mpv.vaapiSupport = true; + programs.light.enable = true; + environment.systemPackages = with pkgs; [ aircrackng cdrtools @@ -245,6 +248,5 @@ vdpauinfo wavemon xbindkeys - xorg.xbacklight ]; } diff --git a/machines/devhell/gunnr.nix b/machines/devhell/gunnr.nix new file mode 100644 index 00000000..25016054 --- /dev/null +++ b/machines/devhell/gunnr.nix @@ -0,0 +1,158 @@ +{ config, pkgs, lib, ... }: + +{ + vuizvui.user.devhell.profiles.base.enable = true; + vuizvui.system.kernel.bfq.enable = true; + + boot = { + loader = { + grub = { + enable = true; + version = 2; + copyKernels = true; + devices = [ "/dev/sda" "/dev/sdb" ]; + }; + }; + + zfs = { + enableUnstable = true; + requestEncryptionCredentials = true; + }; + + initrd = { + availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + kernelModules = [ "fuse" ]; + }; + + kernelParams = [ ]; + kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ ]; + blacklistedKernelModules = [ ]; + }; + + hardware = { + cpu.amd.updateMicrocode = true; + opengl = { + enable = true; + extraPackages = [ pkgs.libvdpau-va-gl pkgs.vaapiVdpau ]; + }; + }; + + fileSystems."/" = { + device = "zpool/root/nixos"; + fsType = "zfs"; + }; + + fileSystems."/home" = { + device = "zpool/home"; + fsType = "zfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-label/boot"; + fsType = "ext4"; + }; + + zramSwap.enable = true; + + # FIXME Check if this is still necessary in the future + systemd.services.systemd-networkd-wait-online.enable = false; + + networking = { + hostName = "gunnr"; + hostId = "29e6affc"; + wireless.enable = false; + useNetworkd = true; + proxy = { + default = "http://wproxy.canterbury.ac.uk:3128/"; + noProxy = "127.0.0.1,localhost"; + }; + }; + + nix = { + maxJobs = lib.mkDefault 16; + extraOptions = '' + auto-optimise-store = true + ''; + }; + + i18n = { + consoleFont = "Lat2-Terminus16"; + consoleKeyMap = "dvorak"; + defaultLocale = "en_GB.UTF-8"; + }; + + #### Machine-specific service configuration #### + + vuizvui.user.devhell.profiles.services.enable = true; + + services.zfs.autoScrub.enable = true; + + services.xserver = { + enable = true; + layout = "dvorak"; + videoDrivers = [ "modesetting" ]; + + # XXX: Factor out and make DRY, because a lot of the stuff here is + # duplicated in the other machine configurations. + displayManager.sessionCommands = '' + ${pkgs.xbindkeys}/bin/xbindkeys & + ${pkgs.nitrogen}/bin/nitrogen --restore & + ${pkgs.xscreensaver}/bin/xscreensaver -no-splash & + ${pkgs.rofi}/bin/rofi & + ${pkgs.xorg.xrdb}/bin/xrdb "${pkgs.writeText "xrdb.conf" '' + Xft.dpi: 96 + Xft.antialias: true + Xft.hinting: full + Xft.hintstyle: hintslight + Xft.rgba: rgb + Xft.lcdfilter: lcddefault + Xft.autohint: 1 + Xcursor.theme: Vanilla-DMZ-AA + Xcursor.size: 22 + *.charClass:33:48,35:48,37:48,43:48,45-47:48,61:48,63:48,64:48,95:48,126:48,35:48,58:48 + *background: #121212 + *foreground: #babdb6 + ${lib.concatMapStrings (xterm: '' + ${xterm}.termName: xterm-256color + ${xterm}*bellIsUrgent: true + ${xterm}*utf8: 1 + ${xterm}*locale: true + ${xterm}*utf8Title: true + ${xterm}*utf8Fonts: 1 + ${xterm}*utf8Latin1: true + ${xterm}*dynamicColors: true + ${xterm}*eightBitInput: true + ${xterm}*faceName: xft:DejaVu Sans Mono for Powerline:pixelsize=9:antialias=true:hinting=true + ${xterm}*faceNameDoublesize: xft:Unifont:pixelsize=12:antialias=true:hinting=true + ${xterm}*cursorColor: #545f65 + '') [ "UXTerm" "XTerm" ]} + ''}" + ''; + }; + + services.timesyncd = { + servers = [ "ntp.canterbury.ac.uk" ]; + }; + + #### Machine-specific packages configuration #### + + vuizvui.user.devhell.profiles.packages.enable = true; + + nixpkgs.config.mpv.vaapiSupport = true; + nixpkgs.config.mpv.bs2bSupport = true; + + environment.systemPackages = with pkgs; [ + cdrtools + docker + dvdplusrwtools + glxinfo + ipmitool + libva + libvdpau-va-gl + pamixer + vaapiVdpau + vdpauinfo + xbindkeys + ]; +} diff --git a/machines/devhell/titan.nix b/machines/devhell/hildr.nix index 11b7dd30..9230ca7b 100644 --- a/machines/devhell/titan.nix +++ b/machines/devhell/hildr.nix @@ -24,6 +24,7 @@ }; hardware = { + cpu.intel.updateMicrocode = true; opengl = { enable = true; extraPackages = [ pkgs.libvdpau-va-gl pkgs.vaapiVdpau pkgs.vaapiIntel ]; @@ -53,11 +54,11 @@ # FIXME Check if this is still necessary in the future systemd.services.systemd-networkd-wait-online.enable = false; - # XXX Ensure that these are added in addition to the DHCP proviced DNS servers - systemd.network.networks."99-main".dns = [ "1.1.1.1" "8.8.8.8" ]; + # XXX Ensure that these are added in addition to the DHCP provided DNS servers + systemd.network.networks."99-main".dns = [ "1.1.1.1" "1.0.0.1" ]; networking = { - hostName = "titan"; + hostName = "hildr"; wireless.enable = true; useNetworkd = true; }; @@ -67,7 +68,7 @@ cpuFreqGovernor = "powersave"; }; - virtualisation.docker.enable = true; +# virtualisation.docker.enable = true; nix = { maxJobs = lib.mkDefault 4; @@ -87,12 +88,23 @@ vuizvui.user.devhell.profiles.services.enable = true; services = { + thermald.enable = true; tftpd.enable = false; gnome3.gnome-keyring.enable = true; printing = { enable = true; drivers = [ pkgs.foo2zjs pkgs.cups-brother-hl1110 ]; }; + offlineimap = { + enable = true; + install = true; + path = [ pkgs.notmuch ]; + }; + syncthing = { + enable = true; + user = "dev"; + dataDir = "/home/dev/syncthing/"; + }; }; services.acpid = { @@ -108,17 +120,10 @@ ''; }; - services.compton = { - enable = true; - extraOptions = '' - inactive-dim = 0.2; - ''; - }; - services.xserver = { enable = true; layout = "gb"; - videoDrivers = [ "intel" ]; + videoDrivers = [ "modesetting" ]; libinput = { enable = true; @@ -136,11 +141,7 @@ displayManager.sessionCommands = '' ${pkgs.xbindkeys}/bin/xbindkeys & ${pkgs.nitrogen}/bin/nitrogen --restore & - #${pkgs.networkmanagerapplet}/bin/nm-applet & - #${pkgs.connmanui}/bin/connman-ui-gtk & ${pkgs.xscreensaver}/bin/xscreensaver -no-splash & - #${pkgs.pasystray}/bin/pasystray & - #${pkgs.compton}/bin/compton -f -c & ${pkgs.rofi}/bin/rofi & ${pkgs.xorg.xrdb}/bin/xrdb "${pkgs.writeText "xrdb.conf" '' Xft.dpi: 96 @@ -179,6 +180,8 @@ nixpkgs.config.mpv.vaapiSupport = true; + programs.light.enable = true; + environment.systemPackages = with pkgs; [ aircrackng cdrtools @@ -202,6 +205,5 @@ vdpauinfo wavemon xbindkeys - xorg.xbacklight ]; } diff --git a/machines/devhell/skunkworks.nix b/machines/devhell/sigrun.nix index dc8d6265..4fba2ffe 100644 --- a/machines/devhell/skunkworks.nix +++ b/machines/devhell/sigrun.nix @@ -28,6 +28,7 @@ }; hardware = { + cpu.intel.updateMicrocode = true; opengl = { extraPackages = [ pkgs.vaapiVdpau ]; }; @@ -63,14 +64,14 @@ { device = "/dev/disk/by-uuid/3f1835a8-5587-4963-9b6c-66ecb36059de"; } ]; - networking.hostName = "skunkworks"; + networking.hostName = "sigrun"; networking.wireless.enable = false; networking.useNetworkd = true; nix.maxJobs = 8; i18n = { - consoleFont = "lat9w-16"; + consoleFont = "Lat2-Terminus16"; consoleKeyMap = "dvorak"; defaultLocale = "en_US.UTF-8"; }; @@ -91,9 +92,20 @@ enable = true; drivers = [ pkgs.hplipWithPlugin ]; }; + thermald.enable = true; timesyncd.enable = true; resolved.enable = true; canto-daemon.enable = true; + offlineimap = { + enable = true; + install = true; + path = [ pkgs.notmuch ]; + }; + syncthing = { + enable = true; + user = "dev"; + dataDir = "/home/dev/syncthing/"; + }; }; services.xserver = { @@ -262,6 +274,5 @@ hplip nzbget slrn - twister ]; } diff --git a/machines/profpatsch/base-workstation.nix b/machines/profpatsch/base-workstation.nix index ad7d6140..82dee85d 100644 --- a/machines/profpatsch/base-workstation.nix +++ b/machines/profpatsch/base-workstation.nix @@ -1,4 +1,4 @@ -# A base configuration that still assumes a workstation +# A base configuration for Thinkpads. { pkgs, lib, ... }: let myPkgs = import ./pkgs.nix { inherit pkgs lib myLib; }; @@ -14,6 +14,9 @@ in { config = { + ########### + # Hardware + boot.loader = { grub.enable = true; grub.version = 2; @@ -34,13 +37,76 @@ in { i18n = { consoleFont = "lat9w-16"; consoleKeyMap = "neo"; - # TODO: kinda broken? - # inputMethod = { - # enabled = "fcitx"; - # fcitx.engines = with pkgs.fcitx-engines; [ mozc ]; - # }; }; + # Enables drivers, acpi, power management + vuizvui.hardware.thinkpad.enable = true; + + ################### + # Graphical System + + services.xserver = { + + enable = true; + layout = "de"; + xkbVariant = "neo"; + xkbOptions = "altwin:swap_alt_win"; + serverFlagsSection = '' + Option "StandbyTime" "10" + Option "SuspendTime" "20" + Option "OffTime" "30" + ''; + + # otherwise xterm is enabled, creating an xterm that spawns the window manager. + desktopManager.xterm.enable = false; + + windowManager.xmonad = { + enable = true; + enableContribAndExtras = true; + }; + + displayManager = { + sessionCommands = with pkgs; '' + #TODO add as nixpkg + export PATH+=":$HOME/scripts" #add utility scripts + export EDITOR=emacsclient + export TERMINAL=${lilyterm-git}/bin/lilyterm + + ${xorg.xset}/bin/xset r rate 250 35 + + set-background & + # TODO xbindkeys user service file + ${lib.getBin xbindkeys}/bin/xbindkeys + # synchronize clipboards + ${lib.getBin autocutsel}/bin/autocutsel -s PRIMARY & + ''; + }; + + synaptics = { + enable = true; + minSpeed = "0.6"; + maxSpeed = "1.5"; + accelFactor = "0.015"; + twoFingerScroll = true; + vertEdgeScroll = false; + }; + + }; + + fonts.fontconfig = { + enable = true; + defaultFonts = { + monospace = [ "Source Code Pro" "DejaVu Sans Mono" ]; # TODO does not work + sansSerif = [ "Liberation Sans" ]; + }; + ultimate = { + enable = true; + substitutions = "combi"; + preset = "ultimate4"; + }; + }; + + programs.ssh.startAgent = false; ########### @@ -53,6 +119,7 @@ in { # of utmost necessity for me to function basePkgs = [ silver-searcher # file content searcher, > ack > grep + lr # list recursively, ls & find replacement dos2unix # text file conversion manpages # system manpages (not included by default) mkpasswd # UNIX password creator @@ -62,7 +129,12 @@ in { traceroute # trace ip routes wirelesstools # iwlist (wifi scan) ]; - in basePkgs; + # minimal set of gui applications + guiPkgs = [ + lilyterm-git # terminal emulator, best one around + dmenu # minimal launcher + ]; + in basePkgs ++ guiPkgs; # friendly user shell programs.fish.enable = true; @@ -77,15 +149,7 @@ in { # bounded journal size services.journald.extraConfig = "SystemMaxUse=50M"; - services.xserver = { - # otherwise xterm is enabled, creating an xterm that spawns the window manager. - desktopManager.xterm.enable = false; - - windowManager.xmonad = { - enable = true; - enableContribAndExtras = true; - }; - }; + vuizvui.programs.fish.fasd.enable = true; ######## # Users diff --git a/machines/profpatsch/base.nix b/machines/profpatsch/base.nix index a44f36d6..e91a7b12 100644 --- a/machines/profpatsch/base.nix +++ b/machines/profpatsch/base.nix @@ -42,6 +42,8 @@ in tmux # detachable terminal multiplexer wget # the other URL file fetcher myPkgs.vim # slight improvement over vi + lr # list recursively, ls & find replacement + xe # xargs with a modern interface ]; i18n = { diff --git a/machines/profpatsch/haku.nix b/machines/profpatsch/haku.nix index 8b81378b..866fc05b 100644 --- a/machines/profpatsch/haku.nix +++ b/machines/profpatsch/haku.nix @@ -5,6 +5,18 @@ let myPkgs = import ./pkgs.nix { inherit pkgs lib myLib; }; warpspeedPort = 1338; + ethernetInterface = "enp0s20"; + wireguard = { + port = 6889; + interface = "wg0"; + internalNetwork = + let genIp = cidr: lastByte: "10.42.0.${toString lastByte}/${toString cidr}"; + in { + addr = genIp 32; + range = genIp 24 0; + server = genIp 24 1; + }; + }; myKey = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNMQvmOfon956Z0ZVdp186YhPHtSBrXsBwaCt0JAbkf/U/P+4fG0OROA++fHDiFM4RrRHH6plsGY3W6L26mSsCM2LtlHJINFZtVILkI26MDEIKWEsfBatDW+XNAvkfYEahy16P5CBtTVNKEGsTcPD+VDistHseFNKiVlSLDCvJ0vMwOykHhq+rdJmjJ8tkUWC2bNqTIH26bU0UbhMAtJstWqaTUGnB0WVutKmkZbnylLMICAvnFoZLoMPmbvx8efgLYY2vD1pRd8Uwnq9MFV1EPbkJoinTf1XSo8VUo7WCjL79aYSIvHmXG+5qKB9ed2GWbBLolAoXkZ00E4WsVp9H philip@nyx"; @@ -69,6 +81,7 @@ in "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCUgS0VB5XayQobQfOi0tYeqpSSCXzftTKEyII4OYDhuF0/CdXSqOIvdqnWQ8933lPZ5234qCXCniIlRJpJQLBPJdJ7/XnC6W37asuft6yVYxTZnZat8edCuJETMvwZJZNttxHC04k3JPf9RMj25luICWabICH5XP9Mz3GoWSaOz7IOm7jiLQiF3UtiFOG06w76d3UfcIVbqjImwWv8nysphi9IQfL0XgC24zNE6LSeE7IN5xTOxoZxORQGsCEnFNCPevReNcSB0pI9xQ1iao7evaZkpzT4D4iQ/K7Ss8dsfFWN30NPMQS5ReQTUKtmGn1YlgkitiYTEXbMjkYbQaQr daniel@shadow" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCtfWeIH7YZpWUUOZ3oC5FB2/J+P3scxm29gUQdVij/K0TuxW1yN/HtcvrO1mwSshS6sNZ2N6/Kb6+kuGyx1mEnaFt87K5ucxC7TNqiURh4eeZE1xX7B5Ob8TVegrBxoe+vcfaoyxn7sUzgF719H0aYC7PP6p3AIbhq3hRLcvY26u9/gZ39H79A71wCunauvpcnpb+rqyJMN6m2YoeOcoloe7wUDI8Xw5dUetHpNKn9k1vzS16CdwP4pAKI8aBtdNK7ZojVMe9LfBG8HHPr9K+cwcaxQuXkFBJzrfrtBCfQwrgWppsu/W/kGBs1ybku2bOFI5UXJBnsraXQqr1NLIfL phj@phj-X220" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDj8dla7nOE7RSho2/9LAn+DANYkB1BmMoNryzTQ5mUJWukf5coCc+aNJcXYeu5dSTEicW2qQuD8mt8SDI5Qzv4oSpIYEsd0j4eW/BlC5XYd+4jS7Hfk/a1mJjMG7jdvOUtK3lLtrKaHxVUUjqdxKzzFBZlPov6FgHSJ//h1HxreV/Y0jL94qSvK39FZde5xlV/wQBvpglrMNu7FFWqyeKrOZ7U8D70scFliIuPok/02iQ31P+ncUfV3XrFyJodQq8J3hYEorGVKp3nNM1zaLlg8uqHk18Zt0GFnEAClBrC13yjM0jpMvaMyuXMaWuKeqsBZeUyaSo1j6BNsW/bFjiJ thomas-glamsch@gmx.de" + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCneS9f0u6sITEzKULgIK7LGKskPpyXlQoSLB6aYAS9ZUkZXHh97XwIQqv20/edsAwpKhSSw//n08bvlYjpUSDAg9V/iZzdEV1M7fxek1c0rxtFxbeCds5K67JV+wGEusVyQdtmVzyshBBg+Mk/66E3KgqMyjCyGPk/0qWaj6187DOxerbXI5QkO7lCPIa5jP2YR4yzmFomcGb4PqpPlWfOcjjEjtpenQkhy7iS0ukfkQ9jhIcppuvkZ9A8PL/ccHDNVg0YKNJbsviB5MwKm/6drK87fprP9SP0i7QZsdKhaaW3rQtzCiWup4Avwx91VfeLvef8JJnmDrx+tR7azdGCiiRQvLakT2aIyMSTcDG41PYsesFvqBhRidSgzdZ4I2jjT1iHL4XREQVSjB5voAFdXHrndZj9PT8mTMo1RsdM1YMspHD1ohn2a3YkzKHD6g1n0UM379lyJ2mBEA1w+Nb48s60Mecuy2MlFgN6MbwYXifJkm806nI09ExEfgan8JvWOUQLgCDtp4mGt62vYMmBb5UqyUpvTcPbxoAbpHx+LEAD9Q0OE8S8WGnmkXxnnP2fL1fkcL1wjwvDbW0q9ezl9SrMfxcd+n46kbkYnSJ8HwZSZPX3wn2FAqIAKR+46BSsXW5FTo0xwR9wEjaBC7/6PxcxmAivGJZzYUZ0cjCCOw== lisanne.wolters@gmx.net" ]; }; }; @@ -111,15 +124,54 @@ in }; networking = { + nat = { + enable = true; + externalInterface = ethernetInterface; + internalInterfaces = [ wireguard.interface ]; + }; + hostName = "haku"; firewall = { - allowedTCPPorts = - [ 80 443 - ]; - allowedTCPPortRanges = - # rtorrent - [{ from = 6881; to = 6889; }]; + allowedTCPPorts = [ + 80 443 + 6882 + 1337 2342 4223 + 60100 + ]; + allowedUDPPorts = [ + wireguard.port + 60100 + ]; + # forward wireguard connections to ethernet device (VPN) + extraCommands = '' + iptables -t nat -A POSTROUTING -s ${wireguard.internalNetwork.range} -o ${ethernetInterface} -j MASQUERADE + '' + # drop every other kind of forwarding, except from wg0 to epn (and bridge wg) + + '' + iptables -P FORWARD DROP + iptables -A FORWARD -i ${wireguard.interface} -o ${ethernetInterface} -j ACCEPT + iptables -A FORWARD -o ${wireguard.interface} -i ${ethernetInterface} -j ACCEPT + iptables -A FORWARD -i ${wireguard.interface} -o ${wireguard.interface} -j ACCEPT + ''; }; + + wireguard.interfaces.${wireguard.interface} = { + ips = [ wireguard.internalNetwork.server ]; + listenPort = wireguard.port; + privateKeyFile = "/root/keys/wg/vpn.priv"; + + peers = [ + { # shiki (TODO: factor out) + publicKey = "x3ko/R8PLzcyjVjqot9qmGBb3NrG/4JvgRkIOQMEsUA="; + allowedIPs = [ (wireguard.internalNetwork.addr 2) ]; + } + { # mushu + publicKey = "Stx6N4/JurtAuYX+43WPOCLBqheE99O6WRvxW+sd3jw="; + allowedIPs = [ (wireguard.internalNetwork.addr 3) ]; + } + ]; + }; + nameservers = [ "62.210.16.6" "62.210.16.7" diff --git a/machines/profpatsch/lib.nix b/machines/profpatsch/lib.nix index 745fc156..ae730824 100644 --- a/machines/profpatsch/lib.nix +++ b/machines/profpatsch/lib.nix @@ -6,7 +6,7 @@ rec { philip = rec { name = "philip"; - extraGroups = [ "wheel" "networkmanager" ]; + extraGroups = [ "wheel" "networkmanager" "docker" "vboxuser" "libvirtd" ]; uid = 1000; createHome = true; home = "/home/philip"; diff --git a/machines/profpatsch/shiki.nix b/machines/profpatsch/shiki.nix index f916905d..4d66f81e 100644 --- a/machines/profpatsch/shiki.nix +++ b/machines/profpatsch/shiki.nix @@ -51,12 +51,17 @@ in { support32Bit = true; }; # steam - hardware.opengl.driSupport32Bit = true; - # needed by some games (TODO: general module for games) - # hardware.opengl.driSupport32Bit = true; + hardware.opengl.driSupport32Bit = true; - vuizvui.hardware.thinkpad.enable = true; + # TODO: kinda broken? + # i18n = { + # inputMethod = { + # enabled = "fcitx"; + # Japanese input + # fcitx.engines = with pkgs.fcitx-engines; [ mozc ]; + # }; + # }; ###### # Nix @@ -110,8 +115,10 @@ in { # wifiAndEthernet = { # interfaces = [ "wlp3s0" "enp0s25" ]; # driverOptions = { - # miimon = "100"; + # # how often to check for link failures, i.e. ethernet down (ms) + # miimon = "500"; # primary = "enp0s25"; + # primary_reselect = "always"; # mode = "active-backup"; # }; # }; @@ -137,7 +144,6 @@ in { wpa_supplicant_gui # configure wireless connections ]; xPkgs = [ - dmenu # simple UI menu builder dunst # notification daemon (interfaces with libnotify) # TODO: replace by xscreensaver or i3lock alock # lock screen @@ -156,6 +162,7 @@ in { # myPkgs.fast-init # fast-init of haskell projects gitAndTools.git-annex # version controlled binary file storage gitAndTools.git-dit # decentral issue tracking for git + gitAndTools.git-hub # lightweight GitHub integration # TODO: move to user config go @@ -166,7 +173,7 @@ in { pkgs.vuizvui.profpatsch.nix-http-serve # serve nix builds and rebuild on reloads pkgs.vuizvui.profpatsch.nman # open man pages in temporary nix shell pkgs.vuizvui.profpatsch.warpspeed # trivial http file server - pkgs.vuizvui.profpatsch.nix-gen # generate nix expressions + # pkgs.vuizvui.profpatsch.nix-gen # generate nix expressions pkgs.vuizvui.profpatsch.watch-server # restart server on code change pkgs.vuizvui.profpatsch.until # restart until cmd succeeds myPkgs.execlineb-with-builtins @@ -192,7 +199,6 @@ in { gimp # graphics inkscape # vector graphics libreoffice # a giant ball of C++, that sometimes helps with proprietary shitformats - lilyterm-git # terminal emulator, best one around myPkgs.mpv # you are my sun and my stars, and you play my stuff. pass # standard unix password manager picard # jean-luc, music tagger @@ -204,8 +210,14 @@ in { youtube-dl # download videos zathura # pdf viewer ]; - userScripts = with pkgs.vuizvui.profpatsch; [ + userScripts = with pkgs.vuizvui.profpatsch; + let + di-notify = pkgs.writers.writeBashBin "display-infos-notify" '' + ${pkgs.libnotify}/bin/notify-send "$(${display-infos}/bin/display-infos)" + ''; + in [ display-infos # show time & battery + di-notify # same, but pipe to libnotify show-qr-code # display a QR code backlight # adjust laptop backlight ]; @@ -224,6 +236,8 @@ in { redshift # increases screen warmth at night (so i don’t have to feel cold) # pdfjam is the best CLI pdf modification suite (texlive.combine { inherit (texlive) scheme-small pdfjam; }) + # move script/nix-cache-binary to here + cdb ]; in systemPkgs ++ xPkgs ++ guiPkgs ++ programmingTools ++ documentation @@ -242,63 +256,16 @@ in { LidSwitchIgnoreInhibited=no ''; + # TMP + + vuizvui.services.guix.enable = true; ################### # Graphical System services.xserver = { - enable = true; - layout = "de"; - xkbVariant = "neo"; - xkbOptions = "altwin:swap_alt_win"; - serverFlagsSection = '' - Option "StandbyTime" "10" - Option "SuspendTime" "20" - Option "OffTime" "30" - ''; - - synaptics = { - enable = true; - minSpeed = "0.6"; - maxSpeed = "1.5"; - accelFactor = "0.015"; - twoFingerScroll = true; - vertEdgeScroll = false; - }; - - videoDrivers = [ "intel" ]; - - displayManager = { - sessionCommands = with pkgs; '' - #TODO add as nixpkg - export PATH+=":$HOME/scripts" #add utility scripts - export EDITOR=emacsclient - export TERMINAL=${lilyterm}/bin/lilyterm - - ${xorg.xset}/bin/xset r rate 250 35 - - set-background & - # TODO xbindkeys user service file - ${lib.getBin xbindkeys}/bin/xbindkeys - # synchronize clipboards - ${lib.getBin autocutsel}/bin/autocutsel -s PRIMARY & - ''; - }; - }; - fonts.fontconfig = { - enable = true; - defaultFonts = { - monospace = [ "Source Code Pro" "DejaVu Sans Mono" ]; # TODO does not work - sansSerif = [ "Liberation Sans" ]; - }; - ultimate = { - enable = true; - substitutions = "combi"; - preset = "ultimate4"; - }; - }; fonts.fonts = with pkgs; [ unfreeAndNonDistributablePkgs.corefonts source-han-sans-japanese @@ -328,9 +295,6 @@ in { }; }; - # TODO: base config? - vuizvui.programs.fish.fasd.enable = true; - vuizvui.user.profpatsch.programs.scanning = { enable = true; #remoteScanners = '' |