diff --git a/README.md b/README.md deleted file mode 100644 index 64e9b7e..0000000 --- a/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# Leitstelle config management - -To deploy, run `./deploy.sh switch `, where the host is nuc or bemmer. diff --git a/common/default.nix b/common/default.nix index 73f681d..838bb20 100644 --- a/common/default.nix +++ b/common/default.nix @@ -1,7 +1,7 @@ { lib, pkgs, ... }: { - boot.kernelPackages = lib.mkOverride 2000 pkgs.linuxPackages_latest; + boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; boot.kernelParams = [ "quiet" ]; services.openssh.enable = true; @@ -38,7 +38,6 @@ vim wget jq - lsof ]; programs.bash.shellAliases = { @@ -50,13 +49,5 @@ ll = "exa -l"; la = "exa -la"; tree = "exa -T"; - apt = "echo 'please use nix-env -iA nixos. instead to install packages.'"; - }; - - users.mutableUsers = false; - users.users.c3h = { - isNormalUser = true; - password = "c3h"; - extraGroups = [ "wheel" ]; }; } diff --git a/deploy.sh b/deploy.sh index 46240ad..c19b0a8 100755 --- a/deploy.sh +++ b/deploy.sh @@ -6,30 +6,17 @@ cd "$(dirname "$0")" if ! command -v nix-build &> /dev/null then echo "Nix installation could not be found. Please follow the instructions linked below." - echo "https://nixos.org/manual/nix/unstable/installation/installing-binary.html" + echo "https://nixos.org/manual/nix/unstable/installation/installing-binary.html#multi-user-installation" exit fi mode="${1:-switch}" -host="${2:-nuc}" -target="${3:-c3h@$host.c3h}" +host="nuc" +target="nuc@nuc.c3h" +#host="${2:-nuc}" +#target="${3:-$host.c3h}" -if ! [ -d "hosts/$host" ] -then - echo "Host $host does not exist. Choose from:" - ls hosts - exit -fi - -echo "deploying $host to $target" -sleep 1 +sources=$(nix-build nix/sources-dir.nix --no-out-link) set -x -system_drv=$( - nix-instantiate "" -A config.system.build.toplevel \ - -I "$(nix-build nix/sources-dir.nix --no-out-link)" \ - -I "nixos-config=$PWD/hosts/$host/configuration.nix" -) -nix-copy-closure --to $target $system_drv -system=$(ssh $target "nix-store --realise $system_drv") -ssh $target "sudo nix-env -p /nix/var/nix/profiles/system -i $system && sudo /nix/var/nix/profiles/system/bin/switch-to-configuration $mode" +nixos-rebuild "$mode" --target-host "$target" --use-remote-sudo -I $sources -I "nixos-config=$PWD/hosts/$host/configuration.nix" diff --git a/hosts/bemmer/configuration.nix b/hosts/bemmer/configuration.nix deleted file mode 100644 index e7d0951..0000000 --- a/hosts/bemmer/configuration.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ modulesPath, lib, pkgs, ... }: - -{ - imports = [ - (modulesPath + "/installer/sd-card/sd-image-aarch64.nix") - - ../../common - - # services - ../../shared-services/pulseaudio.nix - ../../shared-services/nfs-client.nix - ../../shared-services/mpd.nix - ../../shared-services/ympd.nix - ../../shared-services/spotifyd.nix - ../../shared-services/desktop.nix - ../../shared-services/vnc.nix - ../../shared-services/webserver.nix - ]; - - # We import sd-image-aarch64.nix so we can build a config.system.build.sdImage - # But it imports some modules we don't want, so disable them - disabledModules = [ - "profiles/base.nix" - "profiles/all-hardware.nix" - ]; - - networking.hostName = "bemmer"; - networking.domain = "c3h"; - networking.useDHCP = true; - - nixpkgs.system = "aarch64-linux"; - hardware.raspberry-pi."4".fkms-3d.enable = true; - boot.tmpOnTmpfs = true; # building stuff on sd-card is slow - - system.stateVersion = "21.05"; -} diff --git a/hosts/nuc/configuration.nix b/hosts/nuc/configuration.nix index 56cea2e..741c50e 100644 --- a/hosts/nuc/configuration.nix +++ b/hosts/nuc/configuration.nix @@ -3,18 +3,17 @@ { imports = [ ./hardware-configuration.nix - ../../common # services - ../../shared-services/pulseaudio.nix - ../../shared-services/nfs-client.nix - ../../shared-services/mpd.nix - ../../shared-services/ympd.nix - ../../shared-services/spotifyd.nix - ../../shared-services/desktop.nix - ../../shared-services/vnc.nix - ../../shared-services/webserver.nix + ./pulseaudio.nix + ./nfs-server.nix + ./mpd.nix + ./ympd.nix + ./spotifyd.nix + ./desktop.nix + ./vnc.nix + ./webserver.nix ]; networking.hostName = "nuc"; diff --git a/hosts/nuc/desktop.nix b/hosts/nuc/desktop.nix new file mode 100644 index 0000000..e539927 --- /dev/null +++ b/hosts/nuc/desktop.nix @@ -0,0 +1,25 @@ +{ pkgs, ... }: + +{ + users.mutableUsers = false; + users.users.c3h = { + isNormalUser = true; + password = "c3h"; + extraGroups = [ "wheel" ]; + packages = with pkgs; [ chromium firefox mpv youtube-dl ]; + }; + + services.xserver = { + enable = true; + layout = "de"; + + videoDrivers = [ "modesetting" ]; + useGlamor = true; + + displayManager.lightdm.enable = true; + displayManager.autoLogin.enable = true; + displayManager.autoLogin.user = "c3h"; + + desktopManager.mate.enable = true; + }; +} diff --git a/hosts/nuc/hardware-configuration.nix b/hosts/nuc/hardware-configuration.nix index 4355e9e..d25690f 100644 --- a/hosts/nuc/hardware-configuration.nix +++ b/hosts/nuc/hardware-configuration.nix @@ -8,28 +8,27 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "uas" "sd_mod" "sdhci_pci" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; fileSystems."/" = - { device = "/dev/disk/by-uuid/b7fc2bb6-d14d-4fbc-be7d-f81e2e30cf64"; + { device = "/dev/disk/by-uuid/ccb84984-fae9-4bfc-8c0d-3f5a98022103"; fsType = "xfs"; }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/5700-EDB1"; + { device = "/dev/disk/by-uuid/5DE4-9727"; fsType = "vfat"; }; - fileSystems."/mnt/hdd" = + fileSystems."/mnt" = { device = "/dev/disk/by-uuid/ff18a6f9-ee3b-452c-8671-38b74508a74c"; fsType = "btrfs"; }; swapDevices = [ ]; - # high-resolution display - hardware.video.hidpi.enable = lib.mkDefault true; + powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; } diff --git a/shared-services/mpd.nix b/hosts/nuc/mpd.nix similarity index 100% rename from shared-services/mpd.nix rename to hosts/nuc/mpd.nix diff --git a/hosts/nuc/nfs-server.nix b/hosts/nuc/nfs-server.nix new file mode 100644 index 0000000..8a6f8ca --- /dev/null +++ b/hosts/nuc/nfs-server.nix @@ -0,0 +1,17 @@ +{ ... }: + +{ + services.nfs.server = { + enable = true; + exports = '' + /mnt 10.23.42.0/24(rw,fsid=0,insecure,no_subtree_check) + ''; + + statdPort = 4000; + lockdPort = 4001; + mountdPort = 4002; + }; + + networking.firewall.interfaces.enp3s0.allowedTCPPorts = [ 2049 4000 4001 4002 111 ]; + networking.firewall.interfaces.enp3s0.allowedUDPPorts = [ 2049 4000 4001 4002 111 ]; +} diff --git a/shared-services/pulseaudio.nix b/hosts/nuc/pulseaudio.nix similarity index 55% rename from shared-services/pulseaudio.nix rename to hosts/nuc/pulseaudio.nix index a3b516b..7bb6565 100644 --- a/shared-services/pulseaudio.nix +++ b/hosts/nuc/pulseaudio.nix @@ -5,12 +5,7 @@ sound.enable = true; hardware.pulseaudio.enable = true; hardware.pulseaudio.systemWide = true; - hardware.pulseaudio.package = pkgs.pulseaudioFull; + hardware.pulseaudio.package = pkgs.pulseaudio; hardware.pulseaudio.tcp.enable = true; hardware.pulseaudio.tcp.anonymousClients.allowedIpRanges = [ "127.0.0.0/8" "::/64" "10.23.42.0/24" ]; - environment.variables.PULSE_SERVER = "127.0.0.1"; - hardware.pulseaudio.extraConfig = '' - unload-module module-native-protocol-unix - load-module module-native-protocol-unix auth-anonymous=1 - ''; } diff --git a/hosts/nuc/spotifyd.nix b/hosts/nuc/spotifyd.nix new file mode 100644 index 0000000..7cf79ce --- /dev/null +++ b/hosts/nuc/spotifyd.nix @@ -0,0 +1,12 @@ +{ ... }: + +{ + services.spotifyd = { + enable = true; + config = '' + zeroconf_port = 18572 + ''; + }; + + networking.firewall.allowedTCPPorts = [ 18572 ]; +} diff --git a/shared-services/vnc.nix b/hosts/nuc/vnc.nix similarity index 100% rename from shared-services/vnc.nix rename to hosts/nuc/vnc.nix diff --git a/shared-services/webserver.nix b/hosts/nuc/webserver.nix similarity index 100% rename from shared-services/webserver.nix rename to hosts/nuc/webserver.nix diff --git a/shared-services/ympd.nix b/hosts/nuc/ympd.nix similarity index 100% rename from shared-services/ympd.nix rename to hosts/nuc/ympd.nix diff --git a/modules/spotifyd.nix b/modules/spotifyd.nix deleted file mode 100644 index 2e72596..0000000 --- a/modules/spotifyd.nix +++ /dev/null @@ -1,68 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - cfg = config.services.spotifyd; - toml = pkgs.formats.toml {}; - warnConfig = - if cfg.config != "" - then lib.trace "Using the stringly typed .config attribute is discouraged. Use the TOML typed .settings attribute instead." - else id; - spotifydConf = - if cfg.settings != {} - then toml.generate "spotify.conf" cfg.settings - else warnConfig (pkgs.writeText "spotifyd.conf" cfg.config); -in -{ - options = { - services.spotifyd = { - enable = mkEnableOption "spotifyd, a Spotify playing daemon"; - - config = mkOption { - default = ""; - type = types.lines; - description = '' - (Deprecated) Configuration for Spotifyd. For syntax and directives, see - . - ''; - }; - - settings = mkOption { - default = {}; - type = toml.type; - example = { global.bitrate = 320; }; - description = '' - Configuration for Spotifyd. For syntax and directives, see - . - ''; - }; - }; - }; - - config = mkIf cfg.enable { - assertions = [ - { - assertion = cfg.config == "" || cfg.settings == {}; - message = "At most one of the .config attribute and the .settings attribute may be set"; - } - ]; - - systemd.services.spotifyd = { - wantedBy = [ "multi-user.target" ]; - after = [ "network-online.target" "sound.target" ]; - description = "spotifyd, a Spotify playing daemon"; - environment.SHELL = "/bin/sh"; - serviceConfig = { - ExecStart = "${pkgs.spotifyd}/bin/spotifyd --no-daemon --config-path ${spotifydConf}"; - Restart = "always"; - RestartSec = 12; - DynamicUser = true; - CacheDirectory = "spotifyd"; - SupplementaryGroups = ["audio"]; - }; - }; - }; - - meta.maintainers = [ maintainers.anderslundstedt ]; -} \ No newline at end of file diff --git a/nix/sources-dir.nix b/nix/sources-dir.nix index e5fa9bf..223fc00 100644 --- a/nix/sources-dir.nix +++ b/nix/sources-dir.nix @@ -9,6 +9,6 @@ in lib.concatStringsSep "\n" ([ "mkdir $out" ] - ++ lib.mapAttrsToList (name: source: "cp -r --reflink=auto ${source.outPath} $out/${name}") sources + ++ lib.mapAttrsToList (name: source: "ln -s ${source.outPath} $out/${name}") sources ) ) diff --git a/nix/sources.json b/nix/sources.json index 2b7fc09..d05993b 100644 --- a/nix/sources.json +++ b/nix/sources.json @@ -5,34 +5,22 @@ "homepage": "https://github.com/nmattia/niv", "owner": "nmattia", "repo": "niv", - "rev": "5830a4dd348d77e39a0f3c4c762ff2663b602d4c", - "sha256": "1d3lsrqvci4qz2hwjrcnd8h5vfkg8aypq3sjd4g3izbc8frwz5sm", + "rev": "e0ca65c81a2d7a4d82a189f1e23a48d59ad42070", + "sha256": "1pq9nh1d8nn3xvbdny8fafzw87mj7gsmp6pxkdl65w2g18rmcmzx", "type": "tarball", - "url": "https://github.com/nmattia/niv/archive/5830a4dd348d77e39a0f3c4c762ff2663b602d4c.tar.gz", - "url_template": "https://github.com///archive/.tar.gz" - }, - "nixos-hardware": { - "branch": "master", - "description": "A collection of NixOS modules covering hardware quirks.", - "homepage": "", - "owner": "NixOS", - "repo": "nixos-hardware", - "rev": "2a7063461c3751d83869a2a0a8ebc59e34bec5b2", - "sha256": "173ms858wni43l2p7vqjarm2bnjdhpii0zgn46750nyfff1f2184", - "type": "tarball", - "url": "https://github.com/NixOS/nixos-hardware/archive/2a7063461c3751d83869a2a0a8ebc59e34bec5b2.tar.gz", + "url": "https://github.com/nmattia/niv/archive/e0ca65c81a2d7a4d82a189f1e23a48d59ad42070.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "nixpkgs": { - "branch": "nixos-unstable", + "branch": "nixos-21.05", "description": "Nix Packages collection", "homepage": "", "owner": "NixOS", "repo": "nixpkgs", - "rev": "581d2d6c9cd5c289002203581d8aa0861963a933", - "sha256": "1qpmqj075pppa6ihmkacf491lhq7rpxlcm8cm6h18raardsr3irr", + "rev": "75c1664b444ff3be4d7828a120500dcaa5bce0d4", + "sha256": "0n5gsqh7a5s6bw3vaak5sg7rlyb9ypy7pjfc1rij8ygs4wh1b196", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/581d2d6c9cd5c289002203581d8aa0861963a933.tar.gz", + "url": "https://github.com/NixOS/nixpkgs/archive/75c1664b444ff3be4d7828a120500dcaa5bce0d4.tar.gz", "url_template": "https://github.com///archive/.tar.gz" } } diff --git a/shared-services/desktop.nix b/shared-services/desktop.nix deleted file mode 100644 index 7bb36d0..0000000 --- a/shared-services/desktop.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ pkgs, ... }: - -{ - users.users.c3h.packages = with pkgs; [ - chromium - firefox - mpv - youtube-dl - pavucontrol - dosbox - vlc - ffmpeg-full - sox - ]; - - services.xserver = { - enable = true; - layout = "de"; - - videoDrivers = [ "modesetting" ]; - useGlamor = true; - - displayManager.lightdm.enable = true; - displayManager.autoLogin.enable = true; - displayManager.autoLogin.user = "c3h"; - - desktopManager.mate.enable = true; - }; - - programs.chromium = { - enable = true; - extensions = [ - "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin - ]; - extraOpts = { - DefaultSearchProviderEnabled = true; - DefaultSearchProviderName = "DuckDuckGo"; - DefaultSearchProviderIconURL = "https://duckduckgo.com/favicon.ico"; - DefaultSearchProviderSearchURL = "https://duckduckgo.com/?q={searchTerms}"; - DefaultSearchProviderSuggestURL = "https://duckduckgo.com/ac/?q={searchTerms}&type=list"; - - DefaultBrowserSettingEnabled = false; - BlockThirdPartyCookies = true; - - BrowserSignin = 0; - SyncDisabled = true; - PasswordManagerEnabled = false; - - # Send less data to Google - SafeBrowsingProtectionLevel = 0; - UrlKeyedAnonymizedDataCollectionEnabled = false; - SafeBrowsingExtendedReportingEnabled = false; - SpellCheckServiceEnabled = false; - AdvancedProtectionAllowed = false; - }; - }; -} diff --git a/shared-services/nfs-client.nix b/shared-services/nfs-client.nix deleted file mode 100644 index 1659449..0000000 --- a/shared-services/nfs-client.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ ... }: - -{ - boot.supportedFilesystems = [ "nfs" ]; - fileSystems."/mnt/Music" = { - device = "10.23.42.126:/music"; - fsType = "nfs"; - options = [ - "nfsvers=4.1" - "noauto" - "x-systemd.automount" - "x-systemd.idle-timeout=600" - ]; - }; -} diff --git a/shared-services/spotifyd.nix b/shared-services/spotifyd.nix deleted file mode 100644 index c3ce6c4..0000000 --- a/shared-services/spotifyd.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ config, pkgs, ... }: - -{ - disabledModules = [ "services/audio/spotifyd.nix" ]; - imports = [ ../modules/spotifyd.nix ]; - - - services.spotifyd = { - enable = true; - settings.global = { - bitrate = 320; - zeroconf_port = 18572; - }; - }; - - networking.firewall.allowedTCPPorts = [ 4070 config.services.spotifyd.settings.global.zeroconf_port ]; - networking.firewall.allowedUDPPorts = [ 5353 ]; - - systemd.services.restart-spotifyd = { - serviceConfig.Type = "oneshot"; - script = '' - ${pkgs.systemd}/bin/systemctl restart spotifyd.service - ${pkgs.systemd}/bin/systemctl restart pulseaudio.service - ''; - }; - - systemd.timers.restart-spotifyd = { - wantedBy = [ "timers.target" ]; - partOf = [ "restart-spotifyd.service" ]; - timerConfig = { - OnCalendar = "*-*-* 07:00:00"; - Persistent = "True"; - Unit = "restart-spotifyd.service"; - }; - }; -}