diff options
Diffstat (limited to 'sys')
-rw-r--r-- | sys/atuin.nix | 303 | ||||
-rw-r--r-- | sys/default.nix | 11 | ||||
-rw-r--r-- | sys/eve.nix | 47 | ||||
-rw-r--r-- | sys/x220.nix | 75 |
4 files changed, 436 insertions, 0 deletions
diff --git a/sys/atuin.nix b/sys/atuin.nix new file mode 100644 index 000000000000..582478f6592e --- /dev/null +++ b/sys/atuin.nix @@ -0,0 +1,303 @@ +{ config, pkgs, lib, ... }: + +let + publicInboxCss = pkgs.runCommand "216light.css" {} '' + unpackFile ${pkgs.public-inbox.src} + cp */contrib/css/216light.css $out + ''; + + cgitCss = pkgs.runCommand "cgit-extra.css" { + licenseHeader = '' + /* + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License v2 as published + * by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * See <https://www.gnu.org/licenses/>. + */ + + ''; + + # Adapted from + # <https://git.causal.agency/src/plain/www/git.causal.agency/custom.css>, + # distributed as a Larger Work under a Secondary License, + # as permitted by the terms of the + # Mozilla Public License Version 2.0. + extraCss = '' + * { line-height: 1.25em; } + + article { + font-family: sans-serif; + max-width: 70ch; + margin-left: auto; + margin-right: auto; + } + + div#cgit { + margin: auto; + font-family: monospace; + -moz-tab-size: 4; + tab-size: 4; + display: table; + } + + div#cgit table#header { + margin-left: auto; + margin-right: auto; + } + div#cgit table#header td.logo { + display: none; + } + div#cgit table#header td.main { + font-size: 1em; + font-weight: bold; + } + div#cgit table#header td.sub { + border-top: none; + } + div#cgit table.tabs { + margin-left: auto; + margin-right: auto; + border-bottom: none; + } + div#cgit div.content { + border-bottom: none; + min-width: 108ch; + } + div#cgit div.content div#summary { + display: table; + margin-left: auto; + margin-right: auto; + } + div#cgit div.notes { + border: none; + background: transparent; + padding: 0; + } + div#cgit table.list { + margin-left: auto; + margin-right: auto; + } + div#cgit table.list th a { + color: inherit; + } + div#cgit table.list tr:nth-child(even) { + background: inherit; + } + div#cgit table.list tr:hover { + background: inherit; + } + div#cgit table.list tr.nohover-highlight:hover:nth-child(even) { + background: inherit; + } + div#cgit div.footer { + font-size: 1em; + margin-top: 0; + } + + div#cgit table.blob td.linenumbers:nth-last-child(3) { + display: none; + } + + div#cgit table.blob td.linenumbers a:target { + color: goldenrod; + text-decoration: underline; + outline: none; + } + ''; + passAsFile = [ "licenseHeader" "extraCss" ]; + } '' + cat $licenseHeaderPath ${pkgs.cgit}/cgit/cgit.css $extraCssPath > $out + ''; + +in + +{ + imports = [ + ../modules/server + ../modules/server/acme + ../modules/server/bitfolk + ../modules/server/cgit + ../modules/server/dns + ../modules/server/ftp + ../modules/server/git-http-backend + ../modules/server/irc + ../modules/server/nginx + ../modules/server/nixpk.gs + ../modules/server/spectrum + ../modules/server/tor + ../modules/server/xmpp + ../modules/users + ]; + + fileSystems = { + "/" = { device = "rpool/root"; fsType = "zfs"; neededForBoot = true; }; + "/boot" = { device = "/dev/disk/by-partlabel/boot"; fsType = "ext4"; }; + "/nix" = { device = "rpool/nix"; fsType = "zfs"; neededForBoot = true; }; + "/var" = { device = "rpool/var"; fsType = "zfs"; }; + + "/home/qyliss" = { device = "rpool/home/qyliss"; fsType = "zfs"; }; + "/root" = { device = "rpool/home/root"; fsType = "zfs"; }; + }; + + boot.zfs.devNodes = "/dev"; + + swapDevices = [ + { device = "/dev/disk/by-uuid/49f18b74-5f6e-4e61-b569-f7cc9dc5c600"; } + ]; + + nix.maxJobs = 2; + + boot.loader.grub.configurationLimit = 2; + + boot.supportedFilesystems = [ "zfs" ]; + + networking.hostName = "atuin"; + networking.hostId = "238d1961"; + networking.domain = "qyliss.net"; + networking.interfaces.eth0 = { + ipv4.addresses = [ + { address = "85.119.82.108"; prefixLength = 21; } + ]; + ipv6.addresses = [ + { address = "2001:ba8:1f1:f0bc::2"; prefixLength = 64; } + ]; + }; + networking.defaultGateway = "85.119.80.1"; + networking.defaultGateway6 = { address = "2001:ba8:1f1:f0bc::1"; }; + + networking.firewall.extraCommands = '' + iptables -t nat -A POSTROUTING -s10.100.0.0/24 -j MASQUERADE + ''; + + boot.kernelPackages = with pkgs; linuxPackagesFor (linux.override { + structuredExtraConfig = with lib.kernel; { + KERNEL_XZ = yes; + KERNEL_ZSTD = lib.mkForce no; + }; + }); + + boot.kernelParams = [ "zfs.zfs_arc_max=356515840" ]; + + networking.nat.enable = true; + networking.nat.externalInterface = "eth0"; + networking.nat.internalInterfaces = [ "wg0" ]; + + networking.firewall.allowedUDPPorts = with config; [ + networking.wireguard.interfaces.wg0.listenPort + ]; + + networking.wireguard.interfaces = { + wg0 = { + ips = [ "10.172.171.1" ]; + listenPort = 51820; + privateKeyFile = "/var/lib/wireguard/wg0/private"; + peers = [ + { + publicKey = "oQZ3fcb9LsnQj8sDYLHf1+hodnW4XEhsM0rNBgHROz8="; + allowedIPs = [ "10.172.171.2/32" ]; + } + { + publicKey = "lu4ZxYq7qpkmIt8z0Q/wb5Y0Wc3fa0ui9wOWn/+xYxI="; + allowedIPs = [ "10.172.171.3/32" ]; + } + { + publicKey = "ugHG/NOqM/9hde9EmWpu7XsCpjT3WQbjLK99IGHtdjQ="; + allowedIPs = [ "10.13.12.0/24" ]; + endpoint = "95.216.98.55:51820"; + } + ]; + }; + }; + + security.acme.certs."qyliss.net" = { + webroot = "/var/lib/acme/acme-challenge"; + extraDomainNames = [ "git.qyliss.net" ]; + }; + + users.groups.acme.members = [ "nginx" ]; + users.users.qyliss.home = "/home/qyliss"; + services.cgit.instances.qyliss = { + vhost = "git.qyliss.net"; + config = pkgs.writeText "cgit.conf" '' + clone-prefix=https://git.qyliss.net + css=/cgit.css + enable-blame=1 + enable-commit-graph=1 + enable-follow-links=1 + enable-git-config=1 + enable-index-owner=0 + logo= + remove-suffix=1 + root-desc=Alyssa Ross's personal Git repositories + root-title=git.qyliss.net + snapshots=all + about-filter=${pkgs.cgit}/lib/cgit/filters/about-formatting.sh + source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py + virtual-root=/ + + scan-path=/home/qyliss/git + ''; + }; + + services.git-http-backend.instances.qyliss = { + vhost = "git.qyliss.net"; + projectRoot = "/home/qyliss/git"; + }; + + services.nginx.virtualHosts."spectrum-os.org" = { + forceSSL = true; + useACMEHost = "spectrum-os.org"; + + locations = { + "/".root = "/home/spectrum/www"; + + "= /git/cgit.css".alias = cgitCss.outPath; + + "= /lists/archives/public-inbox.css".alias = publicInboxCss.outPath; + + "/lists/archives".proxyPass = "http://unix:/run/public-inbox-httpd.sock:/lists/archives"; + "= /lists/archives".return = "301 /lists/archives/"; + }; + }; + + services.nginx.virtualHosts.default = { + serverName = null; + default = true; + forceSSL = true; + useACMEHost = "qyliss.net"; + + locations."/".return = "https://alyssa.is/"; + locations."/dns-query".proxyPass = "http://[::1]:4448/"; + }; + + services.nginx.virtualHosts."git.qyliss.net" = { + forceSSL = true; + useACMEHost = "qyliss.net"; + + locations = { + "= /cgit.css".alias = cgitCss.outPath; + }; + }; + + users.groups.spectrum.members = [ "qyliss" ]; + system.activationScripts.spectrum-home = lib.stringAfter [ "users" ] '' + install -g spectrum -m 2775 -d /home/spectrum + install -g spectrum -m 0775 -d /home/spectrum/git + ''; + + environment.systemPackages = with pkgs; [ cgit git ]; + + services.tor.settings.AccountingMax = "50 GBytes"; + services.tor.settings.AccountingStart = "day 12:00"; + services.tor.settings.ORPort = [ + { addr = "[2001:ba8:1f1:f0bc::2]"; port = 143; } + ]; + + system.stateVersion = "18.03"; +} diff --git a/sys/default.nix b/sys/default.nix new file mode 100644 index 000000000000..670b985403b6 --- /dev/null +++ b/sys/default.nix @@ -0,0 +1,11 @@ +let + nixos = import ../modules; + buildSystem = configuration: (nixos { inherit configuration; }).system; + +in + +{ + atuin = buildSystem ./atuin.nix; + eve = buildSystem ./eve.nix; + x220 = buildSystem ./x220.nix; +} diff --git a/sys/eve.nix b/sys/eve.nix new file mode 100644 index 000000000000..95f7f2b728af --- /dev/null +++ b/sys/eve.nix @@ -0,0 +1,47 @@ +{ config, lib, pkgs, ... }: + +{ + imports = [ + ../modules/workstation/physical + ../modules/workstation/hardware/pixelbook + ]; + + hardware.enableRedistributableFirmware = true; + + boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; + boot.kernelPatches = lib.attrVals [ "eve-backlight" ] pkgs.kernelPatches; + boot.zfs.enableUnstable = true; + + boot.initrd.availableKernelModules = [ "nvme" "usb_storage" "sdhci_pci" ]; + boot.kernelModules = [ "kvm-intel" ]; + + boot.loader.grub.device = "/dev/disk/by-id/nvme-SAMSUNG_KUS040205M-B001_S3VBNY0KA60897"; + + fileSystems."/" = { fsType = "zfs"; device = "rpool/local/root"; }; + fileSystems."/tmp" = { fsType = "zfs"; device = "rpool/local/tmp"; }; + fileSystems."/nix" = { fsType = "zfs"; device = "rpool/local/nix"; }; + fileSystems."/home" = { fsType = "zfs"; device = "rpool/data/home"; }; + fileSystems."/state" = { fsType = "zfs"; device = "rpool/data/state"; }; + fileSystems."/boot" = { + fsType = "ext4"; + device = "/dev/disk/by-uuid/ecbd0da4-29f4-4a3b-adde-6c365b405863"; + }; + + # TODO: do this with ZFS + boot.cleanTmpDir = true; + + networking.hostName = "eve"; + networking.hostId = "c00b7876"; + + nix.maxJobs = 4; + + console.font = "${pkgs.terminus_font}/share/consolefonts/ter-u32n.psf.gz"; + console.earlySetup = true; + programs.sway.extraConfig = '' + output eDP-1 scale 2 + ''; + + users.users.qyliss.hashedPassword = "$5$rounds=2000000$FPrRi1TT.rCn$8MhcwE7JL8yTKI.fSRe4ZgJP3eumStDCNl5Pb.IN9i5"; + + system.stateVersion = "20.03"; +} diff --git a/sys/x220.nix b/sys/x220.nix new file mode 100644 index 000000000000..5ff041556b4c --- /dev/null +++ b/sys/x220.nix @@ -0,0 +1,75 @@ +{ pkgs, ... }: + +{ + imports = [ + ../modules/workstation/physical + ../modules/nixos-hardware/lenovo/thinkpad/x220 + ]; + + hardware.enableRedistributableFirmware = true; + + boot.initrd.availableKernelModules = + [ "ehci_pci" "ahci" "usb_storage" "sd_mod" "sdhci_pci" "i915" ]; + + boot.kernelModules = [ "kvm-intel" ]; + + boot.loader.grub.enable = false; + boot.loader.generic-extlinux-compatible.enable = true; + + boot.cleanTmpDir = true; + + networking.hostId = "008dd68a"; + + boot.supportedFilesystems = [ "zfs" ]; + + boot.zfs.requestEncryptionCredentials = true; + + fileSystems."/" = { + device = "rpool/root"; + fsType = "zfs"; + }; + + fileSystems."/home" = { + device = "rpool/home/qyliss"; + fsType = "zfs"; + }; + + fileSystems."/root" = { + device = "rpool/home/root"; + fsType = "zfs"; + }; + + fileSystems."/nix" = { + device = "rpool/nix"; + fsType = "zfs"; + }; + + fileSystems."/var" = { + device = "rpool/var"; + fsType = "zfs"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/6c2a9dd7-45b4-413a-bded-fccf682ffa36"; + fsType = "ext4"; + }; + + swapDevices = [ + { + device = "/dev/disk/by-partuuid/82326179-f409-4f28-9233-805c44a04879"; + randomEncryption = true; + } + ]; + + nix.maxJobs = 2; + powerManagement.cpuFreqGovernor = "powersave"; + + networking.hostName = "x220"; + + system.stateVersion = "18.09"; + + users.users.qyliss.hashedPassword = "$5$rounds=1000000$tySRQ3rdqbPOduux$NcW7CoffEScpmOyS0Ga9gE5ZNLt8PT6.2Gvwn91vQn7"; + + hardware.opengl.enable = true; + hardware.opengl.extraPackages = with pkgs; [ libGL ]; +} |