diff options
Diffstat (limited to 'sys')
-rw-r--r-- | sys/atuin.nix | 308 | ||||
-rw-r--r-- | sys/default.nix | 11 | ||||
-rw-r--r-- | sys/hoshi.nix | 65 | ||||
-rw-r--r-- | sys/mbp.nix | 123 |
4 files changed, 507 insertions, 0 deletions
diff --git a/sys/atuin.nix b/sys/atuin.nix new file mode 100644 index 000000000000..724f146cda5b --- /dev/null +++ b/sys/atuin.nix @@ -0,0 +1,308 @@ +{ config, pkgs, lib, ... }: + +let + publicInboxCss = pkgs.runCommand "216light.css" {} '' + unpackFile ${pkgs.public-inbox.src} + cp */contrib/css/216light.css $out + ''; + + cgitCss = pkgs.runCommand "cgit-extra.css" { + licenseHeader = '' + /* + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License v2 as published + * by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * See <https://www.gnu.org/licenses/>. + */ + + ''; + + # Adapted from + # <https://git.causal.agency/src/plain/www/git.causal.agency/custom.css>, + # distributed as a Larger Work under a Secondary License, + # as permitted by the terms of the + # Mozilla Public License Version 2.0. + extraCss = '' + * { line-height: 1.25em; } + + article { + font-family: sans-serif; + max-width: 70ch; + margin-left: auto; + margin-right: auto; + } + + div#cgit { + margin: auto; + font-family: monospace; + -moz-tab-size: 4; + tab-size: 4; + display: table; + } + + div#cgit table#header { + margin-left: auto; + margin-right: auto; + } + div#cgit table#header td.logo { + display: none; + } + div#cgit table#header td.main { + font-size: 1em; + font-weight: bold; + } + div#cgit table#header td.sub { + border-top: none; + } + div#cgit table.tabs { + margin-left: auto; + margin-right: auto; + border-bottom: none; + } + div#cgit div.content { + border-bottom: none; + min-width: 108ch; + } + div#cgit div.content div#summary { + display: table; + margin-left: auto; + margin-right: auto; + } + div#cgit div.notes { + border: none; + background: transparent; + padding: 0; + } + div#cgit table.list { + margin-left: auto; + margin-right: auto; + } + div#cgit table.list th a { + color: inherit; + } + div#cgit table.list tr:nth-child(even) { + background: inherit; + } + div#cgit table.list tr:hover { + background: inherit; + } + div#cgit table.list tr.nohover-highlight:hover:nth-child(even) { + background: inherit; + } + div#cgit div.footer { + font-size: 1em; + margin-top: 0; + } + + div#cgit table.blob td.linenumbers:nth-last-child(3) { + display: none; + } + + div#cgit table.blob td.linenumbers a:target { + color: goldenrod; + text-decoration: underline; + outline: none; + } + ''; + passAsFile = [ "licenseHeader" "extraCss" ]; + } '' + cat $licenseHeaderPath ${pkgs.cgit-pink}/cgit/cgit.css $extraCssPath > $out + ''; + +in + +{ + imports = [ + ../modules/server + ../modules/server/acme + ../modules/server/bitfolk + ../modules/server/cgit + ../modules/server/dns + ../modules/server/ftp + ../modules/server/git-http-backend + ../modules/server/irc + ../modules/server/mail + ../modules/server/nginx + ../modules/server/nixpk.gs + ../modules/server/spectrum + ../modules/server/tor + ../modules/server/xmpp + ../modules/users + ]; + + nixpkgs.hostPlatform.system = "x86_64-linux"; + + fileSystems = { + "/" = { device = "rpool/root"; fsType = "zfs"; neededForBoot = true; }; + "/boot" = { device = "/dev/disk/by-partlabel/boot"; fsType = "ext4"; }; + "/nix" = { device = "rpool/nix"; fsType = "zfs"; neededForBoot = true; }; + "/var" = { device = "rpool/var"; fsType = "zfs"; }; + + "/home/qyliss" = { device = "rpool/home/qyliss"; fsType = "zfs"; }; + "/root" = { device = "rpool/home/root"; fsType = "zfs"; }; + }; + + boot.zfs.devNodes = "/dev"; + + swapDevices = [ + { device = "/dev/disk/by-uuid/49f18b74-5f6e-4e61-b569-f7cc9dc5c600"; } + ]; + + nix.settings.max-jobs = 2; + + boot.loader.grub.configurationLimit = 2; + boot.loader.grub.extraGrubInstallArgs = [ "--fonts=" ]; + boot.loader.grub.font = null; + boot.loader.grub.splashImage = null; + + boot.swraid.enable = false; + boot.supportedFilesystems = [ "zfs" ]; + + networking.hostName = "atuin"; + networking.hostId = "238d1961"; + networking.domain = "qyliss.net"; + networking.interfaces.eth0 = { + ipv4.addresses = [ + { address = "85.119.82.108"; prefixLength = 21; } + ]; + ipv6.addresses = [ + { address = "2001:ba8:1f1:f0bc::2"; prefixLength = 64; } + ]; + }; + networking.defaultGateway = "85.119.80.1"; + networking.defaultGateway6 = { address = "2001:ba8:1f1:f0bc::1"; }; + + boot.kernelParams = [ "console=hvc0" "zfs.zfs_arc_max=356515840" ]; + + networking.nat.enable = true; + networking.nat.externalInterface = "eth0"; + networking.nat.internalInterfaces = [ "wg0" ]; + + networking.firewall.allowedUDPPorts = with config; [ + networking.wireguard.interfaces.wg0.listenPort + ]; + + networking.wireguard.interfaces = { + wg0 = { + ips = [ "10.172.171.1" ]; + listenPort = 51820; + privateKeyFile = "/var/lib/wireguard/wg0/private"; + peers = [ + { + publicKey = "oQZ3fcb9LsnQj8sDYLHf1+hodnW4XEhsM0rNBgHROz8="; + allowedIPs = [ "10.172.171.2/32" ]; + } + { + publicKey = "lu4ZxYq7qpkmIt8z0Q/wb5Y0Wc3fa0ui9wOWn/+xYxI="; + allowedIPs = [ "10.172.171.3/32" ]; + } + { + publicKey = "ugHG/NOqM/9hde9EmWpu7XsCpjT3WQbjLK99IGHtdjQ="; + allowedIPs = [ "10.13.12.0/24" ]; + endpoint = "95.216.98.55:51820"; + } + ]; + }; + }; + + security.acme.certs."qyliss.net" = { + webroot = "/var/lib/acme/acme-challenge"; + extraDomainNames = [ "git.qyliss.net" ]; + }; + + users.groups.acme.members = [ "nginx" ]; + + services.cgit-qyliss.instances.qyliss = { + package = pkgs.cgit-pink; + vhost = "git.qyliss.net"; + config = pkgs.writeText "cgit.conf" '' + clone-prefix=https://git.qyliss.net + css=/cgit.css + enable-blame=1 + enable-commit-graph=1 + enable-follow-links=1 + enable-git-config=1 + enable-index-owner=0 + logo= + remove-suffix=1 + root-desc=Alyssa Ross's personal Git repositories + root-title=git.qyliss.net + snapshots=all + about-filter=${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh + source-filter=${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py + virtual-root=/ + + scan-path=/home/qyliss/git + ''; + }; + + services.git-http-backend.instances.qyliss = { + vhost = "git.qyliss.net"; + projectRoot = "/home/qyliss/git"; + }; + + networking.hosts."127.0.0.1" = [ "git.qyliss.net" "spectrum-os.org" ]; + + services.nginx.virtualHosts."spectrum-os.org" = { + forceSSL = true; + useACMEHost = "spectrum-os.org"; + + locations = { + "/".root = "/home/spectrum/www"; + + "= /git/cgit.css".alias = cgitCss.outPath; + + "= /lists/archives/public-inbox.css".alias = publicInboxCss.outPath; + + "/lists/archives".proxyPass = "http://unix:/run/public-inbox-httpd.sock:/lists/archives"; + "= /lists/archives".return = "301 /lists/archives/"; + }; + + extraConfig = '' + rewrite ^/lists/postorius(/.*)?$ /lists/mailman3$1 permanent; + ''; + }; + + services.nginx.virtualHosts.default = { + serverName = null; + default = true; + forceSSL = true; + useACMEHost = "qyliss.net"; + + locations."/".return = "https://alyssa.is/"; + locations."/dns-query".proxyPass = "http://[::1]:4448/"; + }; + + services.nginx.virtualHosts."git.qyliss.net" = { + forceSSL = true; + useACMEHost = "qyliss.net"; + + locations = { + "= /cgit.css".alias = cgitCss.outPath; + }; + }; + + users.groups.spectrum.members = [ "qyliss" ]; + system.activationScripts.spectrum-home = lib.stringAfter [ "users" ] '' + install -g spectrum -m 2775 -d /home/spectrum + install -g spectrum -m 0775 -d /home/spectrum/git + ''; + + environment.systemPackages = with pkgs; [ cgit-pink git ]; + + services.postgresql.package = pkgs.postgresql_13; + + services.tor.settings.AccountingMax = "50 GBytes"; + services.tor.settings.AccountingStart = "day 12:00"; + services.tor.settings.ORPort = [ + { addr = "[2001:ba8:1f1:f0bc::2]"; port = 143; } + ]; + + system.stateVersion = "18.03"; +} diff --git a/sys/default.nix b/sys/default.nix new file mode 100644 index 000000000000..204165ca1e69 --- /dev/null +++ b/sys/default.nix @@ -0,0 +1,11 @@ +let + nixos = import ../modules; + buildSystem = configuration: (nixos { inherit configuration; }).system; + +in + +{ + atuin = buildSystem ./atuin.nix; + hoshi = buildSystem ./hoshi.nix; + mbp = buildSystem ./mbp.nix; +} diff --git a/sys/hoshi.nix b/sys/hoshi.nix new file mode 100644 index 000000000000..c31435863ade --- /dev/null +++ b/sys/hoshi.nix @@ -0,0 +1,65 @@ +{ pkgs, ... }: + +{ + imports = [ + ../modules/nixos-hardware/common/cpu/amd + ../modules/nixos-hardware/common/pc/ssd + ../modules/workstation/audio + ../modules/workstation/hardware/bluetooth + ../modules/workstation/physical + ]; + + nixpkgs.hostPlatform.system = "x86_64-linux"; + + hardware.enableRedistributableFirmware = true; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + boot.initrd.availableKernelModules = + [ "amdgpu" "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + + boot.kernelModules = [ "kvm-amd" ]; + + boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/3b86ddac-b0c6-41a5-a562-6a38271e3e0f"; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/b1e9177d-897a-4721-9e9a-b85566a40dea"; + fsType = "btrfs"; + options = [ "compress=zstd,subvol=@.qyliss" ]; + }; + + fileSystems."/home" = { + device = "/dev/disk/by-uuid/b1e9177d-897a-4721-9e9a-b85566a40dea"; + fsType = "btrfs"; + options = [ "compress=zstd,subvol=@home" ]; + }; + + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/b1e9177d-897a-4721-9e9a-b85566a40dea"; + fsType = "btrfs"; + options = [ "compress=zstd,subvol=@nix" ]; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/A6C9-8FC2"; + fsType = "vfat"; + }; + + networking.hostName = "hoshi"; + + # Not enough memory for 24 core builds of webkitgtk. + nix.settings.cores = 12; + + programs.sway.extraConfig = '' + output HDMI-A-1 pos 0 0 scale 2 + output DP-1 scale 2 + ''; + + system.stateVersion = "23.05"; + + users.users.qyliss.password = "helloworld"; + + hardware.opengl.enable = true; + hardware.opengl.extraPackages = with pkgs; [ libGL ]; +} diff --git a/sys/mbp.nix b/sys/mbp.nix new file mode 100644 index 000000000000..021b3ff96985 --- /dev/null +++ b/sys/mbp.nix @@ -0,0 +1,123 @@ +{ lib, pkgs, ... }: + +{ + imports = [ + ../modules/nixos-apple-silicon/apple-silicon-support + ../modules/persistence + ../modules/workstation/audio + ../modules/workstation/hardware/bluetooth + ../modules/workstation/physical + ]; + + nixpkgs.hostPlatform.system = "aarch64-linux"; + + hardware.enableRedistributableFirmware = true; + + boot.loader.systemd-boot.enable = true; + + boot.initrd.postDeviceCommands = '' + mkdir /mnt + mount /dev/mapper/root /mnt + for subvol in var/tmp @ tmp; do + btrfs subvolume delete "/mnt/$subvol" + btrfs subvolume create "/mnt/$subvol" + done + umount /mnt + ''; + + boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/dc106480-a643-4f32-a63d-931f53e8baae"; + + boot.kernelPatches = [ + # Causes gnulib tests to fail. + { + name = "revert-asahi-libwebp-hack.patch"; + patch = pkgs.fetchpatch { + url = "https://github.com/AsahiLinux/linux/commit/081abc5fa701738699705a6c0a41c824df77cb37.patch"; + revert = true; + hash = "sha256-ZUfjjmRGpT/N/fkjYUB12pFshICJadGytysSoBvXZq0="; + }; + } + + { + name = "drm-fix.patch"; + patch = pkgs.fetchpatch { + url = "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=e0f04e41e8eedd4e5a1275f2318df7e1841855f2"; + hash = "sha256-rQXDlsUQxQr9na0jW0CfQRK+4rVsmInCkxHfLx5Qn7g="; + }; + } + ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/e5821c99-7507-421d-9280-de09a055d926"; + fsType = "btrfs"; + options = [ "subvol=@" ]; + }; + + fileSystems."/tmp" = { + device = "/dev/disk/by-uuid/e5821c99-7507-421d-9280-de09a055d926"; + fsType = "btrfs"; + options = [ "subvol=tmp" ]; + }; + + fileSystems."/var/tmp" = { + device = "/dev/disk/by-uuid/e5821c99-7507-421d-9280-de09a055d926"; + fsType = "btrfs"; + options = [ "subvol=var/tmp" ]; + }; + + fileSystems."/home" = { + device = "/dev/disk/by-uuid/e5821c99-7507-421d-9280-de09a055d926"; + fsType = "btrfs"; + options = [ "subvol=persist/safe/home" ]; + }; + + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/e5821c99-7507-421d-9280-de09a055d926"; + fsType = "btrfs"; + options = [ "subvol=persist/local/nix" ]; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/472D-1D13"; + fsType = "vfat"; + }; + + fileSystems."/persist" = { + device = "/dev/disk/by-uuid/e5821c99-7507-421d-9280-de09a055d926"; + fsType = "btrfs"; + options = [ "subvol=persist" ]; + neededForBoot = true; + }; + + fileSystems."/srv" = { + device = "/dev/disk/by-uuid/e5821c99-7507-421d-9280-de09a055d926"; + fsType = "btrfs"; + options = [ "subvol=persist/safe/srv" ]; + }; + + fileSystems."/var/lib/machines" = { + device = "/dev/disk/by-uuid/e5821c99-7507-421d-9280-de09a055d926"; + fsType = "btrfs"; + options = [ "subvol=persist/safe/var/lib/machines" ]; + }; + + fileSystems."/var/lib/portables" = { + device = "/dev/disk/by-uuid/e5821c99-7507-421d-9280-de09a055d926"; + fsType = "btrfs"; + options = [ "subvol=persist/safe/var/lib/portables" ]; + }; + + networking.hostName = "mbp"; + + users.users.qyliss.hashedPassword = "$y$j9T$qdvgrHPyvZpqjUQXuagxD1$dq5yygUTVhVqpgG9.zWaihmtED437Cl.fllqJBEWSo4"; + + hardware.opengl.enable = false; + + services.xserver.xkbOptions = "compose:ralt"; + + programs.sway.extraConfig = '' + output Unknown-1 scale 2 + ''; + + system.stateVersion = "23.11"; +} |