diff options
Diffstat (limited to 'machines')
| -rw-r--r-- | machines/default.nix | 1 | ||||
| -rw-r--r-- | machines/devhell/herja.nix | 2 | ||||
| -rw-r--r-- | machines/profpatsch/base-server-options.toml | 8 | ||||
| -rw-r--r-- | machines/profpatsch/base-server.nix | 60 | ||||
| -rw-r--r-- | machines/profpatsch/base-server.toml | 31 | ||||
| -rw-r--r-- | machines/profpatsch/base-workstation.nix | 22 | ||||
| -rw-r--r-- | machines/profpatsch/base.nix | 1 | ||||
| -rw-r--r-- | machines/profpatsch/haku.nix | 314 | ||||
| -rw-r--r-- | machines/profpatsch/legosi.nix | 19 | ||||
| -rw-r--r-- | machines/profpatsch/mikiya.nix | 87 | ||||
| -rw-r--r-- | machines/profpatsch/pkgs.nix | 6 | ||||
| -rw-r--r-- | machines/profpatsch/shiki.nix | 58 | ||||
| -rw-r--r-- | machines/sternenseemann/wolfgang.nix | 1 |
13 files changed, 336 insertions, 274 deletions
diff --git a/machines/default.nix b/machines/default.nix index 8dcd8e0f..cdb02e7c 100644 --- a/machines/default.nix +++ b/machines/default.nix @@ -16,7 +16,6 @@ with import ../lib; haku = callMachine ./profpatsch/haku.nix {}; legosi = callMachine ./profpatsch/legosi.nix {}; leguin = callMachine ./profpatsch/leguin.nix {}; - # mikiya = callMachine ./profpatsch/mikiya.nix {}; }; sternenseemann = { ludwig = callMachine ./sternenseemann/ludwig.nix {}; diff --git a/machines/devhell/herja.nix b/machines/devhell/herja.nix index e5f99cd1..8db14649 100644 --- a/machines/devhell/herja.nix +++ b/machines/devhell/herja.nix @@ -31,7 +31,7 @@ enable = true; emulateWheel = true; }; - opengl = { + graphics = { enable = true; extraPackages = with pkgs; [ libvdpau-va-gl diff --git a/machines/profpatsch/base-server-options.toml b/machines/profpatsch/base-server-options.toml deleted file mode 100644 index 1adb61de..00000000 --- a/machines/profpatsch/base-server-options.toml +++ /dev/null @@ -1,8 +0,0 @@ -[module] -type = "nixos-options" -version = "0.0.1" - -[vuizvui.user.profpatsch.server.sshPort] -description = "ssh port" -type = "port" -default = 7001 diff --git a/machines/profpatsch/base-server.nix b/machines/profpatsch/base-server.nix index 26b2f005..29b4709b 100644 --- a/machines/profpatsch/base-server.nix +++ b/machines/profpatsch/base-server.nix @@ -1,50 +1,40 @@ { config, pkgs, lib, ... }: let - cfgImports = (import ../../pkgs/profpatsch/nixos-toml-modules.nix { inherit lib; }).readAnyToml ./base-server.toml - config; + cfg = config.vuizvui.user.profpatsch.server; in { - inherit (cfgImports) imports; + imports = [ ./base.nix ]; - # TODO: cannot read options from pkgs because it would lead to an infinite recursion - # in the module system, since the pkgs passed into this module already requires all options. - options = ((import ../../pkgs/profpatsch/nixos-toml-modules.nix { inherit lib; }).readAnyToml ./base-server-options.toml).options - ; + options = { + vuizvui.user.profpatsch.server.sshPort = lib.mkOption { + description = "ssh port"; + default = 7001; + type = lib.types.port; + }; + }; - config = - cfgImports.config - # TODO: how to handle a reference to pkgs? - // { - # This can’t be in base.nix, because the workstations - # have gitFull which leads to env collisions. - environment.systemPackages = [ pkgs.git ]; - }; + config = { + programs.mosh.enable = true; - # options.vuizvui.user.profpatsch.server.sshPort = lib.traceValSeqN 3 (lib.mkOption { - # description = "ssh port"; - # # TODO: replace with types.intBetween https://github.com/NixOS/nixpkgs/pull/27239 - # type = with lib.types; addCheck int (x: x >= 0 && x <= 65535); - # default = 6879; - # }); + services.openssh = { + enable = true; + listenAddresses = [{ + addr = "0.0.0.0"; + port = cfg.sshPort; + }]; + }; - # config = { + networking.enableIPv6 = false; - # programs.mosh.enable = true; + networking.firewall = { + enable = true; + allowPing = true; - # services.openssh = { - # enable = true; - # listenAddresses = [ { addr = "0.0.0.0"; port = cfg.sshPort; } ]; - # }; - - # networking.firewall = { - # enable = true; - # allowPing = true; - # allowedTCPPorts = [ cfg.sshPort ]; - # }; - - # }; + allowedTCPPorts = [ cfg.sshPort ]; + }; + }; } diff --git a/machines/profpatsch/base-server.toml b/machines/profpatsch/base-server.toml deleted file mode 100644 index 8db3f0f9..00000000 --- a/machines/profpatsch/base-server.toml +++ /dev/null @@ -1,31 +0,0 @@ -# NB: this is an experiment whether we can express configuration files as TOML; -# so far I’m not 100% sure it is a good idea :) -[module] -type = "nixos-config" -version = "0.0.1" - -[[imports]] -module = "./base.nix" - -[configVariables] -server = [ "vuizvui", "user", "profpatsch", "server" ] - -[programs.mosh] -enable = true - -[services.openssh] -enable = true - - [[services.openssh.listenAddresses]] - addr = "0.0.0.0" - port._configVariable.server = "sshPort" - -[networking] -enableIPv6 = false - -[networking.firewall] -enable = true -allowPing = true - -[[networking.firewall.allowedTCPPorts]] -_configVariable.server = "sshPort" diff --git a/machines/profpatsch/base-workstation.nix b/machines/profpatsch/base-workstation.nix index 44338a12..2e87adc1 100644 --- a/machines/profpatsch/base-workstation.nix +++ b/machines/profpatsch/base-workstation.nix @@ -24,9 +24,15 @@ in { enable = true; # for manual/temporary stuff allowedTCPPortRanges = - [{ from = 9990; to = 9999; }]; + [ + { from = 5037; to = 5037; } + # test.profpatsch.de forwarding + { from = 9999; to = 9999; } + ]; allowedUDPPortRanges = - [{ from = 9990; to = 9999; }]; + [ + { from = 5037; to = 5037; } + ]; }; }; @@ -53,15 +59,18 @@ in { enable = true; package = pkgs.vuizvui.profpatsch.tvl.users.Profpatsch.my-xmonad; }; + + # TODO: libinput? + services.libinput.enable = false; services.xserver = { enable = true; # otherwise xterm is enabled, creating an xterm that spawns the window manager. desktopManager.xterm.enable = false; - layout = "de"; - xkbVariant = "neo"; - xkbOptions = "altwin:swap_alt_win"; + xkb.layout = "de"; + xkb.variant = "neo"; + xkb.options = "altwin:swap_alt_win"; serverFlagsSection = '' Option "StandbyTime" "10" Option "SuspendTime" "20" @@ -85,9 +94,6 @@ in { ${lib.getBin autocutsel}/bin/autocutsel -s PRIMARY & ''; }; - - # TODO: libinput? - libinput.enable = false; synaptics = { enable = true; minSpeed = "0.6"; diff --git a/machines/profpatsch/base.nix b/machines/profpatsch/base.nix index e0b2fd7d..75c0aebb 100644 --- a/machines/profpatsch/base.nix +++ b/machines/profpatsch/base.nix @@ -9,6 +9,7 @@ let in { config = { + nix.package = pkgs.lix; # correctness before speed nix.settings.sandbox = true; diff --git a/machines/profpatsch/haku.nix b/machines/profpatsch/haku.nix index 9bae1fc8..9d4dc536 100644 --- a/machines/profpatsch/haku.nix +++ b/machines/profpatsch/haku.nix @@ -5,17 +5,24 @@ let myPkgs = import ./pkgs.nix { inherit pkgs lib myLib; }; hakuHostName = "haku.profpatsch.de"; + testHostName = "test.profpatsch.de"; + matrixHostName = "matrix.decentsoftwa.re"; youtube2audiopodcastPort = 1339; youtube2audiopodcastSubdir = "/halp"; sshPort = 7001; warpspeedPort = 1338; + httzipPort = 7070; + openlabToolsPort = 9099; wireguardPortUdp = 6889; tailscaleInterface = "tailscale0"; - tailscaleAddress = "100.76.60.85"; + tailscaleAddress = "100.122.12.129"; gonicPortTailscale = 4747; + whatcdResolverPortTailscale = 9093; + whatcdResolverJaegerPortTailscale = 16686; sambaPortTailscale = 445; + dentritePort = 8008; ethernetInterface = "enp0s20"; wireguard = { @@ -94,15 +101,34 @@ in # pkgs.vuizvui.profpatsch.warpspeed # trivial http file server ]; - # users.groups.data-seeding = {}; + users.groups.data-seeding = {}; + users.groups.whatcd-resolver = {}; + users.groups.openlab-tools = {}; users.users = { root.openssh.authorizedKeys.keys = [ myKey ]; - # rtorrent = { - # isNormalUser = true; - # extraGroups = [ "data-seeding" ]; - # }; + seed = { + isNormalUser = true; + extraGroups = [ "data-seeding" ]; + openssh.authorizedKeys.keys = [ myKey ]; + }; + zipped-transmission = { + isSystemUser = true; + group = "transmission"; + }; + whatcd-resolver = { + isSystemUser = true; + home = "/var/lib/whatcd-resolver"; + createHome = true; + group = "whatcd-resolver"; + }; + openlab-tools = { + isSystemUser = true; + home = "/var/lib/openlab-tools"; + createHome = true; + group = "openlab-tools"; + }; # youtube2audiopodcast = { # isSystemUser = true; @@ -124,15 +150,18 @@ in # ''; # }; - # vuizvui.services.profpatsch.gonic = { - # enable = true; - # listenAddress = "${tailscaleAddress}:${toString gonicPortTailscale}"; - # musicDir = "/data/seeding"; - # musicDirGroup = "data-seeding"; - # podcastDir = "/data/podcasts"; - # podcastDirGroup = "data-seeding"; - # scanIntervalMinutes = 10; - # }; + vuizvui.services.profpatsch.gonic = { + enable = true; + listenAddress = "${tailscaleAddress}:${toString gonicPortTailscale}"; + musicDir = "/var/lib/transmission/Downloads"; + musicDirGroup = "transmission"; + podcastDir = "/var/lib/gonic/podcasts"; + podcastDirGroup = "transmission"; + playlistsDir = "/var/lib/gonic/playlists"; + playlistsDirGroup = "transmission"; + scanIntervalMinutes = 10; + }; + systemd.services.gonic.serviceConfig.wantedBy = [ "tailscaled.target" ]; # services.samba = { # enable = true; @@ -157,16 +186,63 @@ in # systemd.services.samba-smbd.wants = [ "tailscaled.service" ]; # systemd.services.samba-smbd.after = [ "tailscaled.service" ]; - # systemd.services.warpspeed = - # let user = config.users.users.rtorrent; - # in { - # description = "internally served public files (see nginx)"; - # wantedBy = [ "default.target" ]; - # serviceConfig.WorkingDirectory = "${user.home}/public"; - # # *6: all hosts, v6 preferred - # script = ''${pkgs.vuizvui.profpatsch.warpspeed}/bin/warpspeed "*6" ${toString warpspeedPort}''; - # serviceConfig.User = config.users.users.rtorrent.name; - # }; + systemd.services.warpspeed = + let user = config.users.users.seed; + in { + description = "internally served zipped stuff (see nginx)"; + wantedBy = [ "default.target" ]; + serviceConfig.WorkingDirectory = "${user.home}/public"; + # *6: all hosts, v6 preferred + script = ''${pkgs.vuizvui.profpatsch.warpspeed}/bin/warpspeed "*6" ${toString warpspeedPort}''; + serviceConfig.User = user.name; + }; + + # TODO: this is horrible lol + systemd.services.httzip = + let user = config.users.users.zipped-transmission; + in { + description = "internally served public files (see nginx)"; + wantedBy = [ "default.target" ]; + serviceConfig.WorkingDirectory = "/var/lib/transmission/Downloads"; + script = ''${pkgs.vuizvui.profpatsch.tvl.users.Profpatsch.httzip}''; + serviceConfig.User = user.name; + }; + + + # TODO: this is horrible lol + systemd.services.whatcd-resolver = + let user = config.users.users.whatcd-resolver; + in { + description = "what?"; + wantedBy = [ "default.target" ]; + serviceConfig.WorkingDirectory = "/var/lib/whatcd-resolver"; + script = "${pkgs.vuizvui.profpatsch.writeExecline "run-whatcd-resolver-jaeger" {} [ + "envfile" "/var/lib/whatcd-resolver/whatcd-resolver-env" + pkgs.vuizvui.profpatsch.tvl.users.Profpatsch.whatcd-resolver + ]}"; + serviceConfig.User = user.name; + }; + systemd.services.whatcd-resolver-jaeger = + let user = config.users.users.whatcd-resolver; + in { + description = "what? jaeger"; + wantedBy = [ "default.target" "whatcd-resolver.service" ]; + serviceConfig.WorkingDirectory = "/var/lib/whatcd-resolver/jaeger"; + # webui: 16686, otel: 4318 + script = ''${pkgs.vuizvui.profpatsch.jaeger}/bin/jaeger-all-in-one''; + serviceConfig.User = user.name; + }; + + # TODO: this is horrible lol + systemd.services.openlab-tools = + let user = config.users.users.openlab-tools; + in { + description = "tooling for openlabs"; + wantedBy = [ "default.target" ]; + serviceConfig.WorkingDirectory = "/var/lib/openlab-tools"; + script = ''${pkgs.vuizvui.profpatsch.tvl.users.Profpatsch.openlab-tools}''; + serviceConfig.User = user.name; + }; # systemd.services.youtube2audiopodcast = # let user = config.users.users.youtube2audiopodcast; @@ -184,35 +260,74 @@ in security.acme.acceptTerms = true; security.acme.defaults.email = "mail@profpatsch.de"; - # services.nginx = { - # enable = true; - # virtualHosts.${hakuHostName} = { - # forceSSL = true; - # enableACME = true; - # locations."/pub/" = { - # proxyPass = "http://127.0.0.1:${toString warpspeedPort}/"; - # }; - # locations."${youtube2audiopodcastSubdir}/" = { - # proxyPass = "http://127.0.0.1:${toString youtube2audiopodcastPort}/"; - # }; - # locations."/".root = - # let lojbanistanSrc = pkgs.fetchFromGitHub { - # owner = "lojbanistan"; - # repo = "lojbanistan.de"; - # rev = "ef02aa8f074d0d5209839cd12ba7a67685fdaa05"; - # sha256 = "1hr2si73lam463pcf25napfbk0zb30kgv3ncc0ahv6wndjpsvg7z"; - # }; - # in pkgs.runCommandLocal "lojbanistan-www" {} '' - # mkdir $out - # echo "coi do" > $out/index.html - # ${pkgs.imagemagick}/bin/convert \ - # ${lojbanistanSrc}/design/flag-of-lojbanistan-icon.svg \ - # -define icon:auto-resize=64,48,32,16 \ - # $out/favicon.ico - # ''; - # serverAliases = [ "lojbanistan.de" ]; - # }; - # }; + services.nginx = { + enable = true; + virtualHosts.${hakuHostName} = { + forceSSL = true; + enableACME = true; + locations."/public/" = { + proxyPass = "http://127.0.0.1:${toString warpspeedPort}/"; + }; + locations."/zipped/" = { + proxyPass = "http://127.0.0.1:${toString httzipPort}/"; + }; + locations."/openlab-tools/" = { + proxyPass = "http://127.0.0.1:${toString openlabToolsPort}/"; + }; + # locations."${youtube2audiopodcastSubdir}/" = { + # proxyPass = "http://127.0.0.1:${toString youtube2audiopodcastPort}/"; + # }; + locations."/".root = + let lojbanistanSrc = pkgs.fetchFromGitHub { + owner = "lojbanistan"; + repo = "lojbanistan.de"; + rev = "ef02aa8f074d0d5209839cd12ba7a67685fdaa05"; + sha256 = "1hr2si73lam463pcf25napfbk0zb30kgv3ncc0ahv6wndjpsvg7z"; + }; + in pkgs.runCommandLocal "lojbanistan-www" {} '' + mkdir $out + echo "coi do" > $out/index.html + ${pkgs.imagemagick}/bin/convert \ + ${lojbanistanSrc}/design/flag-of-lojbanistan-icon.svg \ + -define icon:auto-resize=64,48,32,16 \ + $out/favicon.ico + ''; + serverAliases = [ "lojbanistan.de" ]; + }; + virtualHosts.${testHostName} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://shiki:9999"; + extraConfig = '' + # forward original host so we can validate mastodon http header signatures + proxy_set_header Host $host; + ''; + }; + }; + virtualHosts.${matrixHostName} = { + forceSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://localhost:${toString dentritePort}"; + extraConfig = '' + # forward original host (necessary?) + proxy_set_header Host $host; + ''; + }; + }; + virtualHosts.${"decentsoftwa.re"} = { + forceSSL = true; + enableACME = true; + locations."/.well-known/matrix/".root = pkgs.linkFarm "well-known-decentsoftwa.re-matrix" [ + { name = ".well-known/matrix/server"; + path = pkgs.writers.writeJSON "matrix-server-well-known" { + "m.server" = "matrix.decentsoftwa.re:443"; + }; + } + ]; + }; + }; networking = { hostName = "haku"; @@ -224,7 +339,7 @@ in firewall = { allowedTCPPorts = [ 80 443 - 6882 + # 6882 1337 2342 4223 60100 ]; @@ -238,20 +353,97 @@ in interfaces.${tailscaleInterface} = { allowedTCPPorts = [ gonicPortTailscale - sambaPortTailscale + whatcdResolverPortTailscale + whatcdResolverJaegerPortTailscale + # sambaPortTailscale ]; }; }; - nameservers = [ - "62.210.16.6" - "62.210.16.7" - ]; + # nameservers = [ + # "62.210.16.6" + # "62.210.16.7" + # ]; }; services.tailscale = { enable = true; - # interfaceName = tailscaleInterface; + interfaceName = tailscaleInterface; + }; + + services.transmission = { + enable = true; + user = "transmission"; + group = "transmission"; + settings = { + rpc-port = 9091; + peer-port-random-on-start = true; + peer-port-random-low = 50000; + peer-port-random-high = 50010; + }; + openFirewall = true; + openRPCPort = false; + }; + + + services.dendrite = + let database = { + connection_string = "postgresql:///dendrite?host=/run/postgresql"; + max_open_conns = 90; + max_idle_conns = 5; + conn_max_lifetime = (-1); + }; + in { + enable = true; + httpPort = 8008; + + loadCredential = [ "matrix-key:/var/lib/dendrite/matrix-key" ]; + settings.global.private_key = "$CREDENTIALS_DIRECTORY/matrix-key"; + settings.global.server_name = "decentsoftwa.re"; + settings.global.database = database; + settings.app_service_api.database = database; + settings.federation_api.database = database; + settings.key_server.database = database; + settings.media_api.database = database; + settings.mscs.database = database; + settings.relay_api.database = database; + settings.room_server.database = database; + settings.sync_api.database = database; + settings.user_api.account_database.database = database; + settings.user_api.device_database.database = database; + settings.sync_api.search.enable = true; + + settings.logging = [ { type = "std"; level = "debug"; } ]; + + # shared secret config + openRegistration = false; + environmentFile = "/var/lib/dendrite/registration_secret"; + settings.client_api.registration_shared_secret = "$REGISTRATION_SHARED_SECRET"; + }; + systemd.services.dendrite = { + after = [ "postgresql.service" ]; + serviceConfig = { + User = "dendrite"; + Group = "dendrite"; + }; + }; + + services.postgresql = { + enable = true; + enableTCPIP = false; + package = pkgs.postgresql_15; + + ensureDatabases = [ + "dendrite" + ]; + ensureUsers = [ + { + name = "dendrite"; + ensureDBOwnership = true; + } + + ]; }; }; + } diff --git a/machines/profpatsch/legosi.nix b/machines/profpatsch/legosi.nix index c86b0368..3ddf3c32 100644 --- a/machines/profpatsch/legosi.nix +++ b/machines/profpatsch/legosi.nix @@ -39,6 +39,8 @@ in { settings.min-free = 3 * 1024 * 1024 * 1024; }; + system.stateVersion = "23.11"; + vuizvui.user.profpatsch.server.sshPort = 7001; boot.loader.grub.device = "/dev/sda"; @@ -65,17 +67,6 @@ in { }; }; - interfaces.ens3 = { - # ipv6.addresses = [{ - # address = "2a01:4f8:c0c:70aa::1"; - # prefixLength = 64; - # }]; - }; - - # defaultGateway6 = { - # address = "fe80::1"; - # interface = "ens3"; - # }; }; services.tailscale = { @@ -167,6 +158,12 @@ in { index = "index.html"; root = pkgs.vuizvui.profpatsch.websiteStatic; }; + # gpg-wks-client --print-wkd-hash mail@profpatsch.de + locations."/.well-known/openpgpkey/hu".root = pkgs.linkFarm "well-known-pgp-keys" [ + { name = ".well-known/openpgpkey/hu/dizb37aqa5h4skgu7jf1xjr4q71w4paq"; + path = ./../../pkgs/profpatsch/profpatsch.de/key.asc; + } + ]; # pass the rest to the site server (TODO: make static!) locations."/notes" = { proxyPass = "http://localhost:${toString siteServerPort}"; diff --git a/machines/profpatsch/mikiya.nix b/machines/profpatsch/mikiya.nix deleted file mode 100644 index 915f1243..00000000 --- a/machines/profpatsch/mikiya.nix +++ /dev/null @@ -1,87 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - myLib = import ./lib.nix { inherit pkgs lib; }; - myPkgs = import ./pkgs.nix { inherit pkgs lib myLib; }; - - mkDevice = category: num: uuid: { - name = "mikiya-${category}-crypt-${toString num}"; - device = "/dev/disk/by-uuid/${uuid}"; - keyFile = "/root/raid.key"; - }; - - systemDevice = "/dev/disk/by-id/ata-MKNSSDCR60GB-DX_MKN1140A0000025162"; - systemPartition = "/dev/disk/by-uuid/56910867-ed83-438a-b67c-c057e662c89e"; - rootDevice = "/dev/mapper/mikiya-root"; - - raidDevices = lib.imap (mkDevice "raid") [ - "f0069e04-d058-40b3-8f13-92f11c4c2546" - ]; - - - -in { - imports = [ ./base-server.nix ]; - - config = { - - boot = { - loader.grub.device = systemDevice; - kernelModules = [ "kvm-intel" ]; - kernelParams = [ "ip=192.168.0.5" ]; - - initrd = { - network = { - enable = true; - ssh.enable = true; - ssh.authorizedKeys = myLib.authKeys; - # we wait until the root device is unlocked (by ssh) - postCommands = '' - echo "Waiting for ssh unlock of ${rootDevice} (infinitely)" - while [ ! -e ${rootDevice} ]; do sleep 1; done - ''; - }; - availableKernelModules = [ - "ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod" - # used for ethernet device(s) - "r8169" - ]; - - # decrypt root device - luks.devices.mikiya-root.device = systemPartition; - }; - - }; - - fileSystems."/" = { - device = rootDevice; - fsType = "ext4"; - options = [ "ssd" ]; - }; - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/9aa38aa7-652f-4762-a0c2-b70332b93f4d"; - fsType = "ext3"; - }; - - nix.settings.max-jobs = 4; - - vuizvui.user.profpatsch.server.sshPort = 22; - - /* - # decrypt RAID with key from root - environment.etc.crypttab.text = - let luksDevice = dev: "${dev.name} ${dev.device} ${dev.keyFile} luks"; - in concatMapStringsSep "\n" luksDevice raidDevices; - - powerManagement = { - # spin down raid drives after 30 minutes - powerUpCommand = - let driveStandby = drive: "${pkgs.hdparm}/sbin/hdparm -S 241 ${drive.device}"; - in concatMapStringsSep "\n" driveStandby raidDevices; - */ - - users.users = { inherit (myLib) philip; }; - - }; - -} diff --git a/machines/profpatsch/pkgs.nix b/machines/profpatsch/pkgs.nix index 330ed1c2..f576259b 100644 --- a/machines/profpatsch/pkgs.nix +++ b/machines/profpatsch/pkgs.nix @@ -6,15 +6,17 @@ assert withUnfree -> unfreeAndNonDistributablePkgs != null; let - mpv = pkgs.wrapMpv pkgs.mpv-unwrapped { + mpv = pkgs.mpv.override { scripts = [ (unfreeAndNonDistributablePkgs.mpvScripts.convert) + (pkgs.mpvScripts.mpris) ]; }; beets = pkgs.beets.override { enableAlternatives = true; }; - vim = pkgs.vim-full; + # vim = pkgs.vim-full; + vim = pkgs.vim; fast-init = pkgs.haskellPackages.callPackage (import "${(pkgs.fetchFromGitHub { owner = "Profpatsch"; diff --git a/machines/profpatsch/shiki.nix b/machines/profpatsch/shiki.nix index 048dd379..0569aa4b 100644 --- a/machines/profpatsch/shiki.nix +++ b/machines/profpatsch/shiki.nix @@ -28,7 +28,7 @@ in { imports = [ ./base-workstation.nix ./thinkpad.nix - # ./possehl-specific-do-not-check-in.nix + ((import ../../nixos-hardware-path.nix) + "/lenovo/thinkpad/t480") ]; config = { @@ -119,15 +119,17 @@ in { hardware.bluetooth.enable = true; services.blueman.enable = true; - i18n = { - inputMethod = { - enabled = "fcitx5"; + services.safeeyes.enable = true; + + # i18n = { + # inputMethod = { + # enabled = "fcitx5"; # TODO: broken because python 2.7 # Japanese input # fcitx.engines = with pkgs.fcitx-engines; [ mozc ]; - }; - }; + # }; + # }; ###### # Nix @@ -146,31 +148,25 @@ in { nix.settings.trusted-users = [ "@wheel" ]; nix.buildMachines = [ # access to the nix-community aarch64 build box - { - hostName = "aarch64.nixos.community"; - maxJobs = 64; - sshKey = "/root/aarch64-build-box/ssh-key"; - sshUser = "Profpatsch"; - system = "aarch64-linux"; - supportedFeatures = [ "big-parallel" ]; - } + # { + # hostName = "aarch64.nixos.community"; + # maxJobs = 64; + # sshKey = "/root/aarch64-build-box/ssh-key"; + # sshUser = "Profpatsch"; + # system = "aarch64-linux"; + # supportedFeatures = [ "big-parallel" ]; + # } # possehl analytics remote builder - { - hostName = "build01.possehl-analytics.com"; - maxJobs = 24; - sshKey = "/root/.ssh/possehl-analytics-nix-builder"; - sshUser = "nix-builder"; - system = "x86_64-linux"; - supportedFeatures = [ "kvm" "big-parallel" "nixos-test" "benchmark" ]; - } + # { + # hostName = "build01.possehl-analytics.com"; + # maxJobs = 24; + # sshKey = "/root/.ssh/possehl-analytics-nix-builder"; + # sshUser = "nix-builder"; + # system = "x86_64-linux"; + # supportedFeatures = [ "kvm" "big-parallel" "nixos-test" "benchmark" ]; + # } ]; - nix.settings.substituters = [ - "https://digitallyinduced.cachix.org" - ]; - nix.settings.trusted-public-keys = [ - "digitallyinduced.cachix.org-1:y+wQvrnxQ+PdEsCt91rmvv39qRCYzEgGQaldK26hCKE=" - ]; nix.settings.builders-use-substitutes = true; nix.settings.auto-optimise-store = true; # nix.settings.substituters = [ @@ -323,6 +319,10 @@ in { exe = pkgs.vuizvui.profpatsch.read-qr-code; name = "read-qr-code"; }) + (pkgs.vuizvui.profpatsch.binify { + exe = pkgs.vuizvui.profpatsch.read-qr-code-from-camera; + name = "read-qr-code-from-camera"; + }) backlight # adjust laptop backlight sfttime # geek time ]; @@ -448,7 +448,7 @@ in { services.avahi.enable = true; # for being able to talk to ddns printers after finding them. # disable v6 for mdns (argh) - services.avahi.nssmdns = false; + services.avahi.nssmdns4 = false; system.nssModules = [ pkgs.nssmdns ]; system.nssDatabases.hosts = (lib.mkMerge [ (lib.mkBefore [ "mdns4_minimal [NOTFOUND=return]" ]) # before resolve diff --git a/machines/sternenseemann/wolfgang.nix b/machines/sternenseemann/wolfgang.nix index 66779e4c..1d5d7ea2 100644 --- a/machines/sternenseemann/wolfgang.nix +++ b/machines/sternenseemann/wolfgang.nix @@ -8,6 +8,7 @@ let in { imports = [ + ((import ../../nixos-hardware-path.nix) + "/lenovo/thinkpad/x270") ./base-laptop.nix ./wireguard.nix ./user-lukas.nix |