diff options
Diffstat (limited to 'machines')
-rw-r--r-- | machines/aszlig/dnyarri.nix | 10 | ||||
-rw-r--r-- | machines/aszlig/slylandro.nix | 21 | ||||
-rw-r--r-- | machines/devhell/herja.nix | 2 | ||||
-rw-r--r-- | machines/profpatsch/haku.nix | 293 | ||||
-rw-r--r-- | machines/profpatsch/pkgs.nix | 2 | ||||
-rw-r--r-- | machines/sternenseemann/base-laptop.nix | 10 | ||||
-rw-r--r-- | machines/sternenseemann/base.nix | 19 | ||||
-rw-r--r-- | machines/sternenseemann/wolfgang.nix | 5 |
8 files changed, 284 insertions, 78 deletions
diff --git a/machines/aszlig/dnyarri.nix b/machines/aszlig/dnyarri.nix index 64fccb9a..116ae053 100644 --- a/machines/aszlig/dnyarri.nix +++ b/machines/aszlig/dnyarri.nix @@ -22,6 +22,12 @@ in { nix.settings.max-jobs = 24; + # XXX: This machine has a pretty complicated audio setup, so until this works + # properly with PipeWire, let's stay with PulseAudio for now. + services.pipewire.enable = lib.mkOverride 90 false; + hardware.pulseaudio.enable = true; + hardware.pulseaudio.package = pkgs.pulseaudioFull; + hardware.printers.ensureDefaultPrinter = "Bunti"; hardware.printers.ensurePrinters = lib.singleton { name = "Bunti"; @@ -76,9 +82,7 @@ in { "/" = { label = "dnyarri-root"; fsType = "btrfs"; - options = [ - "autodefrag" "space_cache" "compress=zstd" "noatime" "discard=async" - ]; + options = [ "space_cache" "compress=zstd" "noatime" "discard=async" ]; }; }; diff --git a/machines/aszlig/slylandro.nix b/machines/aszlig/slylandro.nix index 85bd8bc6..c53cad05 100644 --- a/machines/aszlig/slylandro.nix +++ b/machines/aszlig/slylandro.nix @@ -28,7 +28,7 @@ vuizvui.hardware.tuxedo.pulse15.gen2.enable = true; services.xserver.dpi = 188; - services.xserver.xkbOptions = "caps:none"; + services.xserver.xkb.options = "caps:none"; networking.hostName = "slylandro"; networking.wireless.enable = lib.mkForce true; @@ -36,17 +36,6 @@ location.provider = "geoclue2"; - # XXX: Only on Slylandro for now since Dnyarri has a more complicated setup. - hardware.pulseaudio.enable = lib.mkForce false; - security.rtkit.enable = true; - services.pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - }; - # This is because the "primary" option below is only supported for the # scripted networking configuration. systemd.network.networks."40-enp1s0" = { @@ -71,9 +60,7 @@ fileSystems."/" = { device = "/dev/disk/by-uuid/87a842a8-e2c5-45b6-8e67-58fec33b5eee"; fsType = "btrfs"; - options = [ - "autodefrag" "space_cache=v2" "compress=zstd" "noatime" "discard=async" - ]; + options = [ "space_cache=v2" "compress=zstd" "noatime" "discard=async" ]; }; swapDevices = lib.singleton { @@ -83,9 +70,9 @@ services.tlp.enable = true; services.xserver.videoDrivers = [ "amdgpu" ]; - services.xserver.libinput.enable = true; - services.xserver.libinput.touchpad = { + services.libinput.enable = true; + services.libinput.touchpad = { clickMethod = "clickfinger"; sendEventsMode = "disabled-on-external-mouse"; middleEmulation = false; diff --git a/machines/devhell/herja.nix b/machines/devhell/herja.nix index e5f99cd1..8db14649 100644 --- a/machines/devhell/herja.nix +++ b/machines/devhell/herja.nix @@ -31,7 +31,7 @@ enable = true; emulateWheel = true; }; - opengl = { + graphics = { enable = true; extraPackages = with pkgs; [ libvdpau-va-gl diff --git a/machines/profpatsch/haku.nix b/machines/profpatsch/haku.nix index 026b32a7..9d4dc536 100644 --- a/machines/profpatsch/haku.nix +++ b/machines/profpatsch/haku.nix @@ -5,17 +5,24 @@ let myPkgs = import ./pkgs.nix { inherit pkgs lib myLib; }; hakuHostName = "haku.profpatsch.de"; + testHostName = "test.profpatsch.de"; + matrixHostName = "matrix.decentsoftwa.re"; youtube2audiopodcastPort = 1339; youtube2audiopodcastSubdir = "/halp"; sshPort = 7001; warpspeedPort = 1338; + httzipPort = 7070; + openlabToolsPort = 9099; wireguardPortUdp = 6889; tailscaleInterface = "tailscale0"; - tailscaleAddress = "100.76.60.85"; + tailscaleAddress = "100.122.12.129"; gonicPortTailscale = 4747; + whatcdResolverPortTailscale = 9093; + whatcdResolverJaegerPortTailscale = 16686; sambaPortTailscale = 445; + dentritePort = 8008; ethernetInterface = "enp0s20"; wireguard = { @@ -94,15 +101,34 @@ in # pkgs.vuizvui.profpatsch.warpspeed # trivial http file server ]; - # users.groups.data-seeding = {}; + users.groups.data-seeding = {}; + users.groups.whatcd-resolver = {}; + users.groups.openlab-tools = {}; users.users = { root.openssh.authorizedKeys.keys = [ myKey ]; - # rtorrent = { - # isNormalUser = true; - # extraGroups = [ "data-seeding" ]; - # }; + seed = { + isNormalUser = true; + extraGroups = [ "data-seeding" ]; + openssh.authorizedKeys.keys = [ myKey ]; + }; + zipped-transmission = { + isSystemUser = true; + group = "transmission"; + }; + whatcd-resolver = { + isSystemUser = true; + home = "/var/lib/whatcd-resolver"; + createHome = true; + group = "whatcd-resolver"; + }; + openlab-tools = { + isSystemUser = true; + home = "/var/lib/openlab-tools"; + createHome = true; + group = "openlab-tools"; + }; # youtube2audiopodcast = { # isSystemUser = true; @@ -160,16 +186,63 @@ in # systemd.services.samba-smbd.wants = [ "tailscaled.service" ]; # systemd.services.samba-smbd.after = [ "tailscaled.service" ]; - # systemd.services.warpspeed = - # let user = config.users.users.rtorrent; - # in { - # description = "internally served public files (see nginx)"; - # wantedBy = [ "default.target" ]; - # serviceConfig.WorkingDirectory = "${user.home}/public"; - # # *6: all hosts, v6 preferred - # script = ''${pkgs.vuizvui.profpatsch.warpspeed}/bin/warpspeed "*6" ${toString warpspeedPort}''; - # serviceConfig.User = config.users.users.rtorrent.name; - # }; + systemd.services.warpspeed = + let user = config.users.users.seed; + in { + description = "internally served zipped stuff (see nginx)"; + wantedBy = [ "default.target" ]; + serviceConfig.WorkingDirectory = "${user.home}/public"; + # *6: all hosts, v6 preferred + script = ''${pkgs.vuizvui.profpatsch.warpspeed}/bin/warpspeed "*6" ${toString warpspeedPort}''; + serviceConfig.User = user.name; + }; + + # TODO: this is horrible lol + systemd.services.httzip = + let user = config.users.users.zipped-transmission; + in { + description = "internally served public files (see nginx)"; + wantedBy = [ "default.target" ]; + serviceConfig.WorkingDirectory = "/var/lib/transmission/Downloads"; + script = ''${pkgs.vuizvui.profpatsch.tvl.users.Profpatsch.httzip}''; + serviceConfig.User = user.name; + }; + + + # TODO: this is horrible lol + systemd.services.whatcd-resolver = + let user = config.users.users.whatcd-resolver; + in { + description = "what?"; + wantedBy = [ "default.target" ]; + serviceConfig.WorkingDirectory = "/var/lib/whatcd-resolver"; + script = "${pkgs.vuizvui.profpatsch.writeExecline "run-whatcd-resolver-jaeger" {} [ + "envfile" "/var/lib/whatcd-resolver/whatcd-resolver-env" + pkgs.vuizvui.profpatsch.tvl.users.Profpatsch.whatcd-resolver + ]}"; + serviceConfig.User = user.name; + }; + systemd.services.whatcd-resolver-jaeger = + let user = config.users.users.whatcd-resolver; + in { + description = "what? jaeger"; + wantedBy = [ "default.target" "whatcd-resolver.service" ]; + serviceConfig.WorkingDirectory = "/var/lib/whatcd-resolver/jaeger"; + # webui: 16686, otel: 4318 + script = ''${pkgs.vuizvui.profpatsch.jaeger}/bin/jaeger-all-in-one''; + serviceConfig.User = user.name; + }; + + # TODO: this is horrible lol + systemd.services.openlab-tools = + let user = config.users.users.openlab-tools; + in { + description = "tooling for openlabs"; + wantedBy = [ "default.target" ]; + serviceConfig.WorkingDirectory = "/var/lib/openlab-tools"; + script = ''${pkgs.vuizvui.profpatsch.tvl.users.Profpatsch.openlab-tools}''; + serviceConfig.User = user.name; + }; # systemd.services.youtube2audiopodcast = # let user = config.users.users.youtube2audiopodcast; @@ -187,35 +260,74 @@ in security.acme.acceptTerms = true; security.acme.defaults.email = "mail@profpatsch.de"; - # services.nginx = { - # enable = true; - # virtualHosts.${hakuHostName} = { - # forceSSL = true; - # enableACME = true; - # locations."/pub/" = { - # proxyPass = "http://127.0.0.1:${toString warpspeedPort}/"; - # }; - # locations."${youtube2audiopodcastSubdir}/" = { - # proxyPass = "http://127.0.0.1:${toString youtube2audiopodcastPort}/"; - # }; - # locations."/".root = - # let lojbanistanSrc = pkgs.fetchFromGitHub { - # owner = "lojbanistan"; - # repo = "lojbanistan.de"; - # rev = "ef02aa8f074d0d5209839cd12ba7a67685fdaa05"; - # sha256 = "1hr2si73lam463pcf25napfbk0zb30kgv3ncc0ahv6wndjpsvg7z"; - # }; - # in pkgs.runCommandLocal "lojbanistan-www" {} '' - # mkdir $out - # echo "coi do" > $out/index.html - # ${pkgs.imagemagick}/bin/convert \ - # ${lojbanistanSrc}/design/flag-of-lojbanistan-icon.svg \ - # -define icon:auto-resize=64,48,32,16 \ - # $out/favicon.ico - # ''; - # serverAliases = [ "lojbanistan.de" ]; - # }; - # }; + services.nginx = { + enable = true; + virtualHosts.${hakuHostName} = { + forceSSL = true; + enableACME = true; + locations."/public/" = { + proxyPass = "http://127.0.0.1:${toString warpspeedPort}/"; + }; + locations."/zipped/" = { + proxyPass = "http://127.0.0.1:${toString httzipPort}/"; + }; + locations."/openlab-tools/" = { + proxyPass = "http://127.0.0.1:${toString openlabToolsPort}/"; + }; + # locations."${youtube2audiopodcastSubdir}/" = { + # proxyPass = "http://127.0.0.1:${toString youtube2audiopodcastPort}/"; + # }; + locations."/".root = + let lojbanistanSrc = pkgs.fetchFromGitHub { + owner = "lojbanistan"; + repo = "lojbanistan.de"; + rev = "ef02aa8f074d0d5209839cd12ba7a67685fdaa05"; + sha256 = "1hr2si73lam463pcf25napfbk0zb30kgv3ncc0ahv6wndjpsvg7z"; + }; + in pkgs.runCommandLocal "lojbanistan-www" {} '' + mkdir $out + echo "coi do" > $out/index.html + ${pkgs.imagemagick}/bin/convert \ + ${lojbanistanSrc}/design/flag-of-lojbanistan-icon.svg \ + -define icon:auto-resize=64,48,32,16 \ + $out/favicon.ico + ''; + serverAliases = [ "lojbanistan.de" ]; + }; + virtualHosts.${testHostName} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://shiki:9999"; + extraConfig = '' + # forward original host so we can validate mastodon http header signatures + proxy_set_header Host $host; + ''; + }; + }; + virtualHosts.${matrixHostName} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:${toString dentritePort}"; + extraConfig = '' + # forward original host (necessary?) + proxy_set_header Host $host; + ''; + }; + }; + virtualHosts.${"decentsoftwa.re"} = { + forceSSL = true; + enableACME = true; + locations."/.well-known/matrix/".root = pkgs.linkFarm "well-known-decentsoftwa.re-matrix" [ + { name = ".well-known/matrix/server"; + path = pkgs.writers.writeJSON "matrix-server-well-known" { + "m.server" = "matrix.decentsoftwa.re:443"; + }; + } + ]; + }; + }; networking = { hostName = "haku"; @@ -227,7 +339,7 @@ in firewall = { allowedTCPPorts = [ 80 443 - 6882 + # 6882 1337 2342 4223 60100 ]; @@ -241,20 +353,97 @@ in interfaces.${tailscaleInterface} = { allowedTCPPorts = [ gonicPortTailscale - sambaPortTailscale + whatcdResolverPortTailscale + whatcdResolverJaegerPortTailscale + # sambaPortTailscale ]; }; }; - nameservers = [ - "62.210.16.6" - "62.210.16.7" - ]; + # nameservers = [ + # "62.210.16.6" + # "62.210.16.7" + # ]; }; services.tailscale = { enable = true; - # interfaceName = tailscaleInterface; + interfaceName = tailscaleInterface; + }; + + services.transmission = { + enable = true; + user = "transmission"; + group = "transmission"; + settings = { + rpc-port = 9091; + peer-port-random-on-start = true; + peer-port-random-low = 50000; + peer-port-random-high = 50010; + }; + openFirewall = true; + openRPCPort = false; + }; + + + services.dendrite = + let database = { + connection_string = "postgresql:///dendrite?host=/run/postgresql"; + max_open_conns = 90; + max_idle_conns = 5; + conn_max_lifetime = (-1); + }; + in { + enable = true; + httpPort = 8008; + + loadCredential = [ "matrix-key:/var/lib/dendrite/matrix-key" ]; + settings.global.private_key = "$CREDENTIALS_DIRECTORY/matrix-key"; + settings.global.server_name = "decentsoftwa.re"; + settings.global.database = database; + settings.app_service_api.database = database; + settings.federation_api.database = database; + settings.key_server.database = database; + settings.media_api.database = database; + settings.mscs.database = database; + settings.relay_api.database = database; + settings.room_server.database = database; + settings.sync_api.database = database; + settings.user_api.account_database.database = database; + settings.user_api.device_database.database = database; + settings.sync_api.search.enable = true; + + settings.logging = [ { type = "std"; level = "debug"; } ]; + + # shared secret config + openRegistration = false; + environmentFile = "/var/lib/dendrite/registration_secret"; + settings.client_api.registration_shared_secret = "$REGISTRATION_SHARED_SECRET"; + }; + systemd.services.dendrite = { + after = [ "postgresql.service" ]; + serviceConfig = { + User = "dendrite"; + Group = "dendrite"; + }; + }; + + services.postgresql = { + enable = true; + enableTCPIP = false; + package = pkgs.postgresql_15; + + ensureDatabases = [ + "dendrite" + ]; + ensureUsers = [ + { + name = "dendrite"; + ensureDBOwnership = true; + } + + ]; }; }; + } diff --git a/machines/profpatsch/pkgs.nix b/machines/profpatsch/pkgs.nix index b54b249b..f576259b 100644 --- a/machines/profpatsch/pkgs.nix +++ b/machines/profpatsch/pkgs.nix @@ -6,7 +6,7 @@ assert withUnfree -> unfreeAndNonDistributablePkgs != null; let - mpv = pkgs.wrapMpv pkgs.mpv-unwrapped { + mpv = pkgs.mpv.override { scripts = [ (unfreeAndNonDistributablePkgs.mpvScripts.convert) (pkgs.mpvScripts.mpris) diff --git a/machines/sternenseemann/base-laptop.nix b/machines/sternenseemann/base-laptop.nix index 50cb43a8..9a4388a1 100644 --- a/machines/sternenseemann/base-laptop.nix +++ b/machines/sternenseemann/base-laptop.nix @@ -46,8 +46,7 @@ lowdown lynx zip unzip - stow - silver-searcher + ripgrep nmap ffmpeg graphicsmagick pavucontrol @@ -58,6 +57,13 @@ variables = { EDITOR = "${emacs}/bin/emacsclient"; VISUAL = "${emacs}/bin/emacsclient"; + RIPGREP_CONFIG_PATH = pkgs.writeText "ripgreprc" '' + --max-columns=150 + --max-columns-preview + --smart-case + --hidden + --glob=!.git/* + ''; }; }; diff --git a/machines/sternenseemann/base.nix b/machines/sternenseemann/base.nix index ac555e24..7eb977fc 100644 --- a/machines/sternenseemann/base.nix +++ b/machines/sternenseemann/base.nix @@ -131,5 +131,24 @@ in { GIT_PAGER = bins.less; LESS = "-R"; }; + + environment.etc."gitconfig".text = '' + [user] + email = sternenseemann@systemli.org + name = sternenseemann + [push] + default = matching + [pull] + rebase = true + [init] + defaultBranch = canon + [sendemail] + smtpEncryption = tls + smtpServer = mail.systemli.org + smtpUser = sternenseemann@systemli.org + smtpServerPort = 587 + [merge] + conflictstyle = diff3 + ''; }; } diff --git a/machines/sternenseemann/wolfgang.nix b/machines/sternenseemann/wolfgang.nix index 66779e4c..9e47e4a7 100644 --- a/machines/sternenseemann/wolfgang.nix +++ b/machines/sternenseemann/wolfgang.nix @@ -8,6 +8,7 @@ let in { imports = [ + ((import ../../nixos-hardware-path.nix) + "/lenovo/thinkpad/x270") ./base-laptop.nix ./wireguard.nix ./user-lukas.nix @@ -51,6 +52,7 @@ in { }; boot.loader.systemd-boot.enable = true; + boot.loader.systemd-boot.memtest86.enable = true; boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "wolfgang"; @@ -84,8 +86,7 @@ in { gpxsee msr-tools quasselClient - # hunspell - # (with hunspellDicts; [ de-de en-gb-large en-us ]) + anki ]; environment.variables = { |