From 1061e3ca30ee16cf6bc6ffe508a8cfdd62639288 Mon Sep 17 00:00:00 2001 From: Yureka Date: Fri, 22 Oct 2021 18:47:02 +0000 Subject: [PATCH 01/28] nuc: update hardware config --- hosts/nuc/hardware-configuration.nix | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/hosts/nuc/hardware-configuration.nix b/hosts/nuc/hardware-configuration.nix index d25690f..ef0e54b 100644 --- a/hosts/nuc/hardware-configuration.nix +++ b/hosts/nuc/hardware-configuration.nix @@ -8,18 +8,18 @@ [ (modulesPath + "/installer/scan/not-detected.nix") ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "uas" "sd_mod" "sdhci_pci" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; fileSystems."/" = - { device = "/dev/disk/by-uuid/ccb84984-fae9-4bfc-8c0d-3f5a98022103"; + { device = "/dev/disk/by-uuid/b7fc2bb6-d14d-4fbc-be7d-f81e2e30cf64"; fsType = "xfs"; }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/5DE4-9727"; + { device = "/dev/disk/by-uuid/5700-EDB1"; fsType = "vfat"; }; @@ -30,5 +30,6 @@ swapDevices = [ ]; - powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; + # high-resolution display + hardware.video.hidpi.enable = lib.mkDefault true; } From e72d22c5bc2767b47c4f68b843ca3517c9c83167 Mon Sep 17 00:00:00 2001 From: Yureka Date: Fri, 22 Oct 2021 18:47:20 +0000 Subject: [PATCH 02/28] update nixpkgs --- nix/sources.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nix/sources.json b/nix/sources.json index d05993b..d23d445 100644 --- a/nix/sources.json +++ b/nix/sources.json @@ -17,10 +17,10 @@ "homepage": "", "owner": "NixOS", "repo": "nixpkgs", - "rev": "75c1664b444ff3be4d7828a120500dcaa5bce0d4", - "sha256": "0n5gsqh7a5s6bw3vaak5sg7rlyb9ypy7pjfc1rij8ygs4wh1b196", + "rev": "70904d4a9927a4d6e05c72c4aaac4370e05107f3", + "sha256": "08vvir0npyrdx85ypiannwzvyryqdw3749bghffhdsq2dgz1cx8z", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/75c1664b444ff3be4d7828a120500dcaa5bce0d4.tar.gz", + "url": "https://github.com/NixOS/nixpkgs/archive/70904d4a9927a4d6e05c72c4aaac4370e05107f3.tar.gz", "url_template": "https://github.com///archive/.tar.gz" } } From 7549ce0707ac1303b92fffa5cdfc81de78fd2405 Mon Sep 17 00:00:00 2001 From: Yureka Date: Fri, 22 Oct 2021 21:56:03 +0200 Subject: [PATCH 03/28] add some chromium policies --- hosts/nuc/desktop.nix | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/hosts/nuc/desktop.nix b/hosts/nuc/desktop.nix index e539927..f11fb04 100644 --- a/hosts/nuc/desktop.nix +++ b/hosts/nuc/desktop.nix @@ -22,4 +22,32 @@ desktopManager.mate.enable = true; }; + + programs.chromium = { + enable = true; + extensions = [ + "cjpalhdlnbpafiamejdnhcphjbkeiagm" # ublock origin + ]; + extraOpts = { + DefaultSearchProviderEnabled = true; + DefaultSearchProviderName = "DuckDuckGo"; + DefaultSearchProviderIconURL = "https://duckduckgo.com/favicon.ico"; + DefaultSearchProviderSearchURL = "https://duckduckgo.com/?q={searchTerms}"; + DefaultSearchProviderSuggestURL = "https://duckduckgo.com/ac/?q={searchTerms}&type=list"; + + DefaultBrowserSettingEnabled = false; + BlockThirdPartyCookies = true; + + BrowserSignin = 0; + SyncDisabled = true; + PasswordManagerEnabled = false; + + # Send less data to Google + SafeBrowsingProtectionLevel = 0; + UrlKeyedAnonymizedDataCollectionEnabled = false; + SafeBrowsingExtendedReportingEnabled = false; + SpellCheckServiceEnabled = false; + AdvancedProtectionAllowed = false; + }; + }; } From ab24240216c9f629017ae89181330b40a96ceb0a Mon Sep 17 00:00:00 2001 From: Yureka Date: Sat, 23 Oct 2021 00:25:25 +0200 Subject: [PATCH 04/28] move stuff to shared-services --- hosts/nuc/configuration.nix | 16 ++++++++-------- {hosts/nuc => shared-services}/desktop.nix | 0 {hosts/nuc => shared-services}/mpd.nix | 0 {hosts/nuc => shared-services}/nfs-server.nix | 0 {hosts/nuc => shared-services}/pulseaudio.nix | 1 + {hosts/nuc => shared-services}/spotifyd.nix | 0 {hosts/nuc => shared-services}/vnc.nix | 0 {hosts/nuc => shared-services}/webserver.nix | 0 {hosts/nuc => shared-services}/ympd.nix | 0 9 files changed, 9 insertions(+), 8 deletions(-) rename {hosts/nuc => shared-services}/desktop.nix (100%) rename {hosts/nuc => shared-services}/mpd.nix (100%) rename {hosts/nuc => shared-services}/nfs-server.nix (100%) rename {hosts/nuc => shared-services}/pulseaudio.nix (87%) rename {hosts/nuc => shared-services}/spotifyd.nix (100%) rename {hosts/nuc => shared-services}/vnc.nix (100%) rename {hosts/nuc => shared-services}/webserver.nix (100%) rename {hosts/nuc => shared-services}/ympd.nix (100%) diff --git a/hosts/nuc/configuration.nix b/hosts/nuc/configuration.nix index 741c50e..31e7546 100644 --- a/hosts/nuc/configuration.nix +++ b/hosts/nuc/configuration.nix @@ -6,14 +6,14 @@ ../../common # services - ./pulseaudio.nix - ./nfs-server.nix - ./mpd.nix - ./ympd.nix - ./spotifyd.nix - ./desktop.nix - ./vnc.nix - ./webserver.nix + ../../shared-services/pulseaudio.nix + ../../shared-services/nfs-server.nix + ../../shared-services/mpd.nix + ../../shared-services/ympd.nix + ../../shared-services/spotifyd.nix + ../../shared-services/desktop.nix + ../../shared-services/vnc.nix + ../../shared-services/webserver.nix ]; networking.hostName = "nuc"; diff --git a/hosts/nuc/desktop.nix b/shared-services/desktop.nix similarity index 100% rename from hosts/nuc/desktop.nix rename to shared-services/desktop.nix diff --git a/hosts/nuc/mpd.nix b/shared-services/mpd.nix similarity index 100% rename from hosts/nuc/mpd.nix rename to shared-services/mpd.nix diff --git a/hosts/nuc/nfs-server.nix b/shared-services/nfs-server.nix similarity index 100% rename from hosts/nuc/nfs-server.nix rename to shared-services/nfs-server.nix diff --git a/hosts/nuc/pulseaudio.nix b/shared-services/pulseaudio.nix similarity index 87% rename from hosts/nuc/pulseaudio.nix rename to shared-services/pulseaudio.nix index 7bb6565..cdc48fe 100644 --- a/hosts/nuc/pulseaudio.nix +++ b/shared-services/pulseaudio.nix @@ -8,4 +8,5 @@ hardware.pulseaudio.package = pkgs.pulseaudio; hardware.pulseaudio.tcp.enable = true; hardware.pulseaudio.tcp.anonymousClients.allowedIpRanges = [ "127.0.0.0/8" "::/64" "10.23.42.0/24" ]; + environment.variables.PULSE_SERVER = "127.0.0.1"; } diff --git a/hosts/nuc/spotifyd.nix b/shared-services/spotifyd.nix similarity index 100% rename from hosts/nuc/spotifyd.nix rename to shared-services/spotifyd.nix diff --git a/hosts/nuc/vnc.nix b/shared-services/vnc.nix similarity index 100% rename from hosts/nuc/vnc.nix rename to shared-services/vnc.nix diff --git a/hosts/nuc/webserver.nix b/shared-services/webserver.nix similarity index 100% rename from hosts/nuc/webserver.nix rename to shared-services/webserver.nix diff --git a/hosts/nuc/ympd.nix b/shared-services/ympd.nix similarity index 100% rename from hosts/nuc/ympd.nix rename to shared-services/ympd.nix From dda25e506c060503699e06853d55eabdebb980c1 Mon Sep 17 00:00:00 2001 From: Yureka Date: Sat, 23 Oct 2021 00:25:51 +0200 Subject: [PATCH 05/28] switch to nixos-unstable --- nix/sources.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/nix/sources.json b/nix/sources.json index d23d445..25f09a4 100644 --- a/nix/sources.json +++ b/nix/sources.json @@ -12,15 +12,15 @@ "url_template": "https://github.com///archive/.tar.gz" }, "nixpkgs": { - "branch": "nixos-21.05", + "branch": "nixos-unstable", "description": "Nix Packages collection", "homepage": "", "owner": "NixOS", "repo": "nixpkgs", - "rev": "70904d4a9927a4d6e05c72c4aaac4370e05107f3", - "sha256": "08vvir0npyrdx85ypiannwzvyryqdw3749bghffhdsq2dgz1cx8z", + "rev": "34ad3ffe08adfca17fcb4e4a47bb5f3b113687be", + "sha256": "02li241rz5668nfyp88zfjilxf0mr9yansa93fbl38hjwkhf3ix6", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/70904d4a9927a4d6e05c72c4aaac4370e05107f3.tar.gz", + "url": "https://github.com/NixOS/nixpkgs/archive/34ad3ffe08adfca17fcb4e4a47bb5f3b113687be.tar.gz", "url_template": "https://github.com///archive/.tar.gz" } } From e2efc796861a1621dcf5ec66763c306ff4bdaa7d Mon Sep 17 00:00:00 2001 From: Yureka Date: Sat, 23 Oct 2021 00:26:04 +0200 Subject: [PATCH 06/28] add nixos-hardware repo --- hosts/nuc/configuration.nix | 1 + nix/sources.json | 12 ++++++++++++ 2 files changed, 13 insertions(+) diff --git a/hosts/nuc/configuration.nix b/hosts/nuc/configuration.nix index 31e7546..47fc3ef 100644 --- a/hosts/nuc/configuration.nix +++ b/hosts/nuc/configuration.nix @@ -3,6 +3,7 @@ { imports = [ ./hardware-configuration.nix + ../../common # services diff --git a/nix/sources.json b/nix/sources.json index 25f09a4..f739c0f 100644 --- a/nix/sources.json +++ b/nix/sources.json @@ -11,6 +11,18 @@ "url": "https://github.com/nmattia/niv/archive/e0ca65c81a2d7a4d82a189f1e23a48d59ad42070.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, + "nixos-hardware": { + "branch": "master", + "description": "A collection of NixOS modules covering hardware quirks.", + "homepage": "", + "owner": "NixOS", + "repo": "nixos-hardware", + "rev": "3aabf78bfcae62f5f99474f2ebbbe418f1c6e54f", + "sha256": "10g240brgjz7qi20adwajxwqrqb5zxc79ii1mc20fasgqlf2a8sx", + "type": "tarball", + "url": "https://github.com/NixOS/nixos-hardware/archive/3aabf78bfcae62f5f99474f2ebbbe418f1c6e54f.tar.gz", + "url_template": "https://github.com///archive/.tar.gz" + }, "nixpkgs": { "branch": "nixos-unstable", "description": "Nix Packages collection", From c576495bb2ef132ddcec39a0a6bd2ebbddb5e3bc Mon Sep 17 00:00:00 2001 From: Yureka Date: Sat, 23 Oct 2021 00:26:39 +0200 Subject: [PATCH 07/28] update deploy script to support aarch64 --- deploy.sh | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/deploy.sh b/deploy.sh index c19b0a8..f425fce 100755 --- a/deploy.sh +++ b/deploy.sh @@ -11,12 +11,16 @@ then fi mode="${1:-switch}" -host="nuc" -target="nuc@nuc.c3h" -#host="${2:-nuc}" -#target="${3:-$host.c3h}" +host="${2:-nuc}" +target="${3:-$host.c3h}" + +echo "deploying $host to $target" +sleep 1 sources=$(nix-build nix/sources-dir.nix --no-out-link) set -x -nixos-rebuild "$mode" --target-host "$target" --use-remote-sudo -I $sources -I "nixos-config=$PWD/hosts/$host/configuration.nix" +system_drv=$(nix-instantiate "" -I $sources -I "nixos-config=$PWD/hosts/$host/configuration.nix" | head -n1) +nix-copy-closure --to $target $system_drv +system=$(ssh $target "nix-store --realise $system_drv") +ssh $target "sudo nix-env -p /nix/var/nix/profiles/system -i $system && sudo /nix/var/nix/profiles/system/bin/switch-to-configuration $mode" From 08cb02d7d965b895e62a438c71c4c62a0dfa5cd4 Mon Sep 17 00:00:00 2001 From: Yureka Date: Sat, 23 Oct 2021 00:26:56 +0200 Subject: [PATCH 08/28] add new host bemmer --- hosts/bemmer/configuration.nix | 43 ++++++++++++++++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 hosts/bemmer/configuration.nix diff --git a/hosts/bemmer/configuration.nix b/hosts/bemmer/configuration.nix new file mode 100644 index 0000000..62b02f7 --- /dev/null +++ b/hosts/bemmer/configuration.nix @@ -0,0 +1,43 @@ +{ modulesPath, lib, pkgs, ... }: + +{ + imports = [ + (modulesPath + "/installer/sd-card/sd-image-aarch64.nix") + + ../../common + + # services + ../../shared-services/pulseaudio.nix + #../../shared-services/nfs-server.nix + ../../shared-services/mpd.nix + ../../shared-services/ympd.nix + ../../shared-services/spotifyd.nix + ../../shared-services/desktop.nix + ../../shared-services/vnc.nix + ../../shared-services/webserver.nix + ]; + users.users.c3h = { + isNormalUser = true; + password = "c3h"; + extraGroups = [ "wheel" ]; + packages = with pkgs; [ chromium firefox mpv youtube-dl ]; + }; + + networking.hostName = "bemmer"; + networking.domain = "c3h"; + + networking.useDHCP = true; + + nixpkgs.system = "aarch64-linux"; + boot.initrd.availableKernelModules = lib.mkForce [ "vc4" "i2c_bcm2835" ]; + boot.supportedFilesystems = lib.mkForce [ "ext4" "vfat" ]; + boot.kernelPackages = pkgs.linuxPackages_rpi4; + documentation.enable = false; + + hardware.raspberry-pi."4" = { + fkms-3d.enable = true; + #audio.enable = true; + }; + + system.stateVersion = "21.05"; +} From 90f258df0539b511d6fb2b8e78f6b7189c30f406 Mon Sep 17 00:00:00 2001 From: busti Date: Sun, 24 Oct 2021 20:28:19 +0200 Subject: [PATCH 09/28] add alias for apt --- common/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/common/default.nix b/common/default.nix index 838bb20..b5a1f7f 100644 --- a/common/default.nix +++ b/common/default.nix @@ -49,5 +49,6 @@ ll = "exa -l"; la = "exa -la"; tree = "exa -T"; + apt = "echo 'please use nix-env -iA instead to install packages.'"; }; } From 035b623b426ea2e264626a917c20a378de2e7e09 Mon Sep 17 00:00:00 2001 From: Yureka Date: Sun, 24 Oct 2021 20:54:29 +0200 Subject: [PATCH 10/28] update deploy script --- deploy.sh | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/deploy.sh b/deploy.sh index f425fce..065eb2b 100755 --- a/deploy.sh +++ b/deploy.sh @@ -12,15 +12,25 @@ fi mode="${1:-switch}" host="${2:-nuc}" -target="${3:-$host.c3h}" +target="${3:-c3h@$host.c3h}" + +if ! [ -d "hosts/$host" ] +then + echo "Host $host does not exist. Choose from:" + ls hosts + exit +fi echo "deploying $host to $target" sleep 1 -sources=$(nix-build nix/sources-dir.nix --no-out-link) +tmp=$(mktemp -d) +trap 'rm -rf "$tmp"' EXIT +sources="$tmp/sources" +cp -r $(nix-build nix/sources-dir.nix --no-out-link) $tmp/sources set -x -system_drv=$(nix-instantiate "" -I $sources -I "nixos-config=$PWD/hosts/$host/configuration.nix" | head -n1) +system_drv=$(nix-instantiate "" -A config.system.build.toplevel -I $sources -I "nixos-config=$PWD/hosts/$host/configuration.nix") nix-copy-closure --to $target $system_drv system=$(ssh $target "nix-store --realise $system_drv") ssh $target "sudo nix-env -p /nix/var/nix/profiles/system -i $system && sudo /nix/var/nix/profiles/system/bin/switch-to-configuration $mode" From c7dce3b8c046174607b0b9321e27c95a769b20c0 Mon Sep 17 00:00:00 2001 From: Yureka Date: Sun, 24 Oct 2021 20:55:12 +0200 Subject: [PATCH 11/28] add nfs client --- hosts/bemmer/configuration.nix | 2 +- hosts/nuc/configuration.nix | 2 +- hosts/nuc/hardware-configuration.nix | 2 +- shared-services/nfs-client.nix | 15 +++++++++++++++ shared-services/nfs-server.nix | 17 ----------------- 5 files changed, 18 insertions(+), 20 deletions(-) create mode 100644 shared-services/nfs-client.nix delete mode 100644 shared-services/nfs-server.nix diff --git a/hosts/bemmer/configuration.nix b/hosts/bemmer/configuration.nix index 62b02f7..a01c43a 100644 --- a/hosts/bemmer/configuration.nix +++ b/hosts/bemmer/configuration.nix @@ -8,7 +8,7 @@ # services ../../shared-services/pulseaudio.nix - #../../shared-services/nfs-server.nix + ../../shared-services/nfs-client.nix ../../shared-services/mpd.nix ../../shared-services/ympd.nix ../../shared-services/spotifyd.nix diff --git a/hosts/nuc/configuration.nix b/hosts/nuc/configuration.nix index 47fc3ef..56cea2e 100644 --- a/hosts/nuc/configuration.nix +++ b/hosts/nuc/configuration.nix @@ -8,7 +8,7 @@ # services ../../shared-services/pulseaudio.nix - ../../shared-services/nfs-server.nix + ../../shared-services/nfs-client.nix ../../shared-services/mpd.nix ../../shared-services/ympd.nix ../../shared-services/spotifyd.nix diff --git a/hosts/nuc/hardware-configuration.nix b/hosts/nuc/hardware-configuration.nix index ef0e54b..4355e9e 100644 --- a/hosts/nuc/hardware-configuration.nix +++ b/hosts/nuc/hardware-configuration.nix @@ -23,7 +23,7 @@ fsType = "vfat"; }; - fileSystems."/mnt" = + fileSystems."/mnt/hdd" = { device = "/dev/disk/by-uuid/ff18a6f9-ee3b-452c-8671-38b74508a74c"; fsType = "btrfs"; }; diff --git a/shared-services/nfs-client.nix b/shared-services/nfs-client.nix new file mode 100644 index 0000000..1659449 --- /dev/null +++ b/shared-services/nfs-client.nix @@ -0,0 +1,15 @@ +{ ... }: + +{ + boot.supportedFilesystems = [ "nfs" ]; + fileSystems."/mnt/Music" = { + device = "10.23.42.126:/music"; + fsType = "nfs"; + options = [ + "nfsvers=4.1" + "noauto" + "x-systemd.automount" + "x-systemd.idle-timeout=600" + ]; + }; +} diff --git a/shared-services/nfs-server.nix b/shared-services/nfs-server.nix deleted file mode 100644 index 8a6f8ca..0000000 --- a/shared-services/nfs-server.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ ... }: - -{ - services.nfs.server = { - enable = true; - exports = '' - /mnt 10.23.42.0/24(rw,fsid=0,insecure,no_subtree_check) - ''; - - statdPort = 4000; - lockdPort = 4001; - mountdPort = 4002; - }; - - networking.firewall.interfaces.enp3s0.allowedTCPPorts = [ 2049 4000 4001 4002 111 ]; - networking.firewall.interfaces.enp3s0.allowedUDPPorts = [ 2049 4000 4001 4002 111 ]; -} From 3c80614ee47317afb39231a155ef4c9c5286529d Mon Sep 17 00:00:00 2001 From: Yureka Date: Sun, 24 Oct 2021 20:55:28 +0200 Subject: [PATCH 12/28] update bemmer config --- hosts/bemmer/configuration.nix | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/hosts/bemmer/configuration.nix b/hosts/bemmer/configuration.nix index a01c43a..349b3e1 100644 --- a/hosts/bemmer/configuration.nix +++ b/hosts/bemmer/configuration.nix @@ -16,6 +16,11 @@ ../../shared-services/vnc.nix ../../shared-services/webserver.nix ]; + + disabledModules = [ + "profiles/base.nix" + ]; + users.users.c3h = { isNormalUser = true; password = "c3h"; @@ -25,19 +30,12 @@ networking.hostName = "bemmer"; networking.domain = "c3h"; - networking.useDHCP = true; nixpkgs.system = "aarch64-linux"; boot.initrd.availableKernelModules = lib.mkForce [ "vc4" "i2c_bcm2835" ]; - boot.supportedFilesystems = lib.mkForce [ "ext4" "vfat" ]; boot.kernelPackages = pkgs.linuxPackages_rpi4; - documentation.enable = false; - - hardware.raspberry-pi."4" = { - fkms-3d.enable = true; - #audio.enable = true; - }; + hardware.raspberry-pi."4".fkms-3d.enable = true; system.stateVersion = "21.05"; } From 8ac7010414bf82645dd1832c9a9ebf47e11a9bc6 Mon Sep 17 00:00:00 2001 From: Yureka Date: Sun, 24 Oct 2021 22:43:11 +0200 Subject: [PATCH 13/28] move around users definition --- common/default.nix | 7 +++++++ hosts/bemmer/configuration.nix | 7 ------- shared-services/desktop.nix | 8 +------- 3 files changed, 8 insertions(+), 14 deletions(-) diff --git a/common/default.nix b/common/default.nix index 838bb20..3276807 100644 --- a/common/default.nix +++ b/common/default.nix @@ -50,4 +50,11 @@ la = "exa -la"; tree = "exa -T"; }; + + users.mutableUsers = false; + users.users.c3h = { + isNormalUser = true; + password = "c3h"; + extraGroups = [ "wheel" ]; + }; } diff --git a/hosts/bemmer/configuration.nix b/hosts/bemmer/configuration.nix index 349b3e1..f0548de 100644 --- a/hosts/bemmer/configuration.nix +++ b/hosts/bemmer/configuration.nix @@ -21,13 +21,6 @@ "profiles/base.nix" ]; - users.users.c3h = { - isNormalUser = true; - password = "c3h"; - extraGroups = [ "wheel" ]; - packages = with pkgs; [ chromium firefox mpv youtube-dl ]; - }; - networking.hostName = "bemmer"; networking.domain = "c3h"; networking.useDHCP = true; diff --git a/shared-services/desktop.nix b/shared-services/desktop.nix index f11fb04..dffae62 100644 --- a/shared-services/desktop.nix +++ b/shared-services/desktop.nix @@ -1,13 +1,7 @@ { pkgs, ... }: { - users.mutableUsers = false; - users.users.c3h = { - isNormalUser = true; - password = "c3h"; - extraGroups = [ "wheel" ]; - packages = with pkgs; [ chromium firefox mpv youtube-dl ]; - }; + users.users.c3h.packages = with pkgs; [ chromium firefox mpv youtube-dl ]; services.xserver = { enable = true; From 3e8b76b643f1152ae753672aa866ca038701e85c Mon Sep 17 00:00:00 2001 From: Yureka Date: Sun, 24 Oct 2021 22:56:43 +0200 Subject: [PATCH 14/28] simplify bemmer config some more --- common/default.nix | 2 +- hosts/bemmer/configuration.nix | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/common/default.nix b/common/default.nix index 3276807..3d3cd5d 100644 --- a/common/default.nix +++ b/common/default.nix @@ -1,7 +1,7 @@ { lib, pkgs, ... }: { - boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; + boot.kernelPackages = lib.mkOverride 2000 pkgs.linuxPackages_latest; boot.kernelParams = [ "quiet" ]; services.openssh.enable = true; diff --git a/hosts/bemmer/configuration.nix b/hosts/bemmer/configuration.nix index f0548de..ebe53b2 100644 --- a/hosts/bemmer/configuration.nix +++ b/hosts/bemmer/configuration.nix @@ -17,8 +17,11 @@ ../../shared-services/webserver.nix ]; + # We import sd-image-aarch64.nix so we can build a config.system.build.sdImage + # But it imports some modules we don't want, so disable them disabledModules = [ "profiles/base.nix" + "profiles/all-hardware.nix" ]; networking.hostName = "bemmer"; @@ -26,8 +29,6 @@ networking.useDHCP = true; nixpkgs.system = "aarch64-linux"; - boot.initrd.availableKernelModules = lib.mkForce [ "vc4" "i2c_bcm2835" ]; - boot.kernelPackages = pkgs.linuxPackages_rpi4; hardware.raspberry-pi."4".fkms-3d.enable = true; system.stateVersion = "21.05"; From 349bc436a448a7df1023b4954650f5f35249b389 Mon Sep 17 00:00:00 2001 From: Yureka Date: Sun, 24 Oct 2021 23:21:31 +0200 Subject: [PATCH 15/28] fix alias --- common/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/default.nix b/common/default.nix index 1d9eede..f8638ea 100644 --- a/common/default.nix +++ b/common/default.nix @@ -49,7 +49,7 @@ ll = "exa -l"; la = "exa -la"; tree = "exa -T"; - apt = "echo 'please use nix-env -iA instead to install packages.'"; + apt = "echo 'please use nix-env -iA nixos. instead to install packages.'"; }; users.mutableUsers = false; From 51a691efbf2190c7adb7ae0f48f6506c21d012f1 Mon Sep 17 00:00:00 2001 From: Yureka Date: Sun, 24 Oct 2021 23:38:49 +0200 Subject: [PATCH 16/28] fix deprecation warning use settings attribute --- shared-services/spotifyd.nix | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/shared-services/spotifyd.nix b/shared-services/spotifyd.nix index 7cf79ce..1988632 100644 --- a/shared-services/spotifyd.nix +++ b/shared-services/spotifyd.nix @@ -1,12 +1,10 @@ -{ ... }: +{ config, ... }: { services.spotifyd = { enable = true; - config = '' - zeroconf_port = 18572 - ''; + settings.zeroconf_port = 18572; }; - networking.firewall.allowedTCPPorts = [ 18572 ]; + networking.firewall.allowedTCPPorts = [ config.services.spotifyd.settings.zeroconf_port ]; } From 7a0544f69acf5d1c58c9519fedb84c27051050fb Mon Sep 17 00:00:00 2001 From: Yureka Date: Mon, 25 Oct 2021 00:12:51 +0200 Subject: [PATCH 17/28] tmpfsOnTmpfs true on bemmer --- hosts/bemmer/configuration.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/bemmer/configuration.nix b/hosts/bemmer/configuration.nix index ebe53b2..e7d0951 100644 --- a/hosts/bemmer/configuration.nix +++ b/hosts/bemmer/configuration.nix @@ -30,6 +30,7 @@ nixpkgs.system = "aarch64-linux"; hardware.raspberry-pi."4".fkms-3d.enable = true; + boot.tmpOnTmpfs = true; # building stuff on sd-card is slow system.stateVersion = "21.05"; } From 70bfccd5f6a3991671b1a83befecb94a3ebd28a3 Mon Sep 17 00:00:00 2001 From: busti Date: Sun, 24 Oct 2021 20:29:02 +0200 Subject: [PATCH 18/28] install pavucontrol and dosbox --- common/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/common/default.nix b/common/default.nix index f8638ea..3f306a0 100644 --- a/common/default.nix +++ b/common/default.nix @@ -38,6 +38,8 @@ vim wget jq + pavucontrol + dosbox ]; programs.bash.shellAliases = { From 8d654cb086304253cf254186e1419997b0f21510 Mon Sep 17 00:00:00 2001 From: busti Date: Mon, 25 Oct 2021 13:55:48 +0200 Subject: [PATCH 19/28] install vlc, sox and ffmpeg --- common/default.nix | 3 +++ 1 file changed, 3 insertions(+) diff --git a/common/default.nix b/common/default.nix index 3f306a0..f68c534 100644 --- a/common/default.nix +++ b/common/default.nix @@ -40,6 +40,9 @@ jq pavucontrol dosbox + vlc + ffmpeg-full + sox ]; programs.bash.shellAliases = { From 457f4ac1afcad149c3cc298ad27487c3b2666454 Mon Sep 17 00:00:00 2001 From: Yureka Date: Sat, 30 Oct 2021 11:37:44 +0200 Subject: [PATCH 20/28] move desktop-related programs to shared-services/desktop --- common/default.nix | 5 ----- shared-services/desktop.nix | 12 +++++++++++- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/common/default.nix b/common/default.nix index f68c534..f8638ea 100644 --- a/common/default.nix +++ b/common/default.nix @@ -38,11 +38,6 @@ vim wget jq - pavucontrol - dosbox - vlc - ffmpeg-full - sox ]; programs.bash.shellAliases = { diff --git a/shared-services/desktop.nix b/shared-services/desktop.nix index dffae62..7bb36d0 100644 --- a/shared-services/desktop.nix +++ b/shared-services/desktop.nix @@ -1,7 +1,17 @@ { pkgs, ... }: { - users.users.c3h.packages = with pkgs; [ chromium firefox mpv youtube-dl ]; + users.users.c3h.packages = with pkgs; [ + chromium + firefox + mpv + youtube-dl + pavucontrol + dosbox + vlc + ffmpeg-full + sox + ]; services.xserver = { enable = true; From 36783497699e996cd75812d7631fe2b701fa0d35 Mon Sep 17 00:00:00 2001 From: lagertonne Date: Thu, 4 Nov 2021 20:18:34 +0100 Subject: [PATCH 21/28] Fix pulseaudio so that spotifyd works okay --- shared-services/pulseaudio.nix | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/shared-services/pulseaudio.nix b/shared-services/pulseaudio.nix index cdc48fe..a3b516b 100644 --- a/shared-services/pulseaudio.nix +++ b/shared-services/pulseaudio.nix @@ -5,8 +5,12 @@ sound.enable = true; hardware.pulseaudio.enable = true; hardware.pulseaudio.systemWide = true; - hardware.pulseaudio.package = pkgs.pulseaudio; + hardware.pulseaudio.package = pkgs.pulseaudioFull; hardware.pulseaudio.tcp.enable = true; hardware.pulseaudio.tcp.anonymousClients.allowedIpRanges = [ "127.0.0.0/8" "::/64" "10.23.42.0/24" ]; environment.variables.PULSE_SERVER = "127.0.0.1"; + hardware.pulseaudio.extraConfig = '' + unload-module module-native-protocol-unix + load-module module-native-protocol-unix auth-anonymous=1 + ''; } From aaaff04b8c558d838d1e912299c29813d725c265 Mon Sep 17 00:00:00 2001 From: lagertonne Date: Thu, 4 Nov 2021 20:21:19 +0100 Subject: [PATCH 22/28] Add correct ports to fix spotify-connect detection --- shared-services/spotifyd.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/shared-services/spotifyd.nix b/shared-services/spotifyd.nix index 1988632..801c835 100644 --- a/shared-services/spotifyd.nix +++ b/shared-services/spotifyd.nix @@ -6,5 +6,6 @@ settings.zeroconf_port = 18572; }; - networking.firewall.allowedTCPPorts = [ config.services.spotifyd.settings.zeroconf_port ]; + networking.firewall.allowedTCPPorts = [ 4070 config.services.spotifyd.settings.zeroconf_port ]; + networking.firewall.allowedUDPPorts = [ 5353 ]; } From c698432f2f28f3e3cecbdf5a667acb190688363f Mon Sep 17 00:00:00 2001 From: Yureka Date: Fri, 12 Nov 2021 03:29:46 +0100 Subject: [PATCH 23/28] Revert temporary fix for "store path ... is not allowed to have references" The issue is now solved upstream: https://github.com/NixOS/nix/issues/5410 --- deploy.sh | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/deploy.sh b/deploy.sh index 065eb2b..46240ad 100755 --- a/deploy.sh +++ b/deploy.sh @@ -6,7 +6,7 @@ cd "$(dirname "$0")" if ! command -v nix-build &> /dev/null then echo "Nix installation could not be found. Please follow the instructions linked below." - echo "https://nixos.org/manual/nix/unstable/installation/installing-binary.html#multi-user-installation" + echo "https://nixos.org/manual/nix/unstable/installation/installing-binary.html" exit fi @@ -24,13 +24,12 @@ fi echo "deploying $host to $target" sleep 1 -tmp=$(mktemp -d) -trap 'rm -rf "$tmp"' EXIT -sources="$tmp/sources" -cp -r $(nix-build nix/sources-dir.nix --no-out-link) $tmp/sources - set -x -system_drv=$(nix-instantiate "" -A config.system.build.toplevel -I $sources -I "nixos-config=$PWD/hosts/$host/configuration.nix") +system_drv=$( + nix-instantiate "" -A config.system.build.toplevel \ + -I "$(nix-build nix/sources-dir.nix --no-out-link)" \ + -I "nixos-config=$PWD/hosts/$host/configuration.nix" +) nix-copy-closure --to $target $system_drv system=$(ssh $target "nix-store --realise $system_drv") ssh $target "sudo nix-env -p /nix/var/nix/profiles/system -i $system && sudo /nix/var/nix/profiles/system/bin/switch-to-configuration $mode" From 956e105dfba42a00140c349d9006dbab160c41d7 Mon Sep 17 00:00:00 2001 From: Yureka Date: Fri, 12 Nov 2021 03:29:31 +0100 Subject: [PATCH 24/28] add readme --- README.md | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 README.md diff --git a/README.md b/README.md new file mode 100644 index 0000000..64e9b7e --- /dev/null +++ b/README.md @@ -0,0 +1,3 @@ +# Leitstelle config management + +To deploy, run `./deploy.sh switch `, where the host is nuc or bemmer. From d1ebaa7a8661441d07a705a7fcfcd896ea0b0a88 Mon Sep 17 00:00:00 2001 From: Yureka Date: Sun, 12 Dec 2021 01:23:52 +0100 Subject: [PATCH 25/28] update inputs --- nix/sources.json | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/nix/sources.json b/nix/sources.json index f739c0f..2b7fc09 100644 --- a/nix/sources.json +++ b/nix/sources.json @@ -5,10 +5,10 @@ "homepage": "https://github.com/nmattia/niv", "owner": "nmattia", "repo": "niv", - "rev": "e0ca65c81a2d7a4d82a189f1e23a48d59ad42070", - "sha256": "1pq9nh1d8nn3xvbdny8fafzw87mj7gsmp6pxkdl65w2g18rmcmzx", + "rev": "5830a4dd348d77e39a0f3c4c762ff2663b602d4c", + "sha256": "1d3lsrqvci4qz2hwjrcnd8h5vfkg8aypq3sjd4g3izbc8frwz5sm", "type": "tarball", - "url": "https://github.com/nmattia/niv/archive/e0ca65c81a2d7a4d82a189f1e23a48d59ad42070.tar.gz", + "url": "https://github.com/nmattia/niv/archive/5830a4dd348d77e39a0f3c4c762ff2663b602d4c.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "nixos-hardware": { @@ -17,10 +17,10 @@ "homepage": "", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "3aabf78bfcae62f5f99474f2ebbbe418f1c6e54f", - "sha256": "10g240brgjz7qi20adwajxwqrqb5zxc79ii1mc20fasgqlf2a8sx", + "rev": "2a7063461c3751d83869a2a0a8ebc59e34bec5b2", + "sha256": "173ms858wni43l2p7vqjarm2bnjdhpii0zgn46750nyfff1f2184", "type": "tarball", - "url": "https://github.com/NixOS/nixos-hardware/archive/3aabf78bfcae62f5f99474f2ebbbe418f1c6e54f.tar.gz", + "url": "https://github.com/NixOS/nixos-hardware/archive/2a7063461c3751d83869a2a0a8ebc59e34bec5b2.tar.gz", "url_template": "https://github.com///archive/.tar.gz" }, "nixpkgs": { @@ -29,10 +29,10 @@ "homepage": "", "owner": "NixOS", "repo": "nixpkgs", - "rev": "34ad3ffe08adfca17fcb4e4a47bb5f3b113687be", - "sha256": "02li241rz5668nfyp88zfjilxf0mr9yansa93fbl38hjwkhf3ix6", + "rev": "581d2d6c9cd5c289002203581d8aa0861963a933", + "sha256": "1qpmqj075pppa6ihmkacf491lhq7rpxlcm8cm6h18raardsr3irr", "type": "tarball", - "url": "https://github.com/NixOS/nixpkgs/archive/34ad3ffe08adfca17fcb4e4a47bb5f3b113687be.tar.gz", + "url": "https://github.com/NixOS/nixpkgs/archive/581d2d6c9cd5c289002203581d8aa0861963a933.tar.gz", "url_template": "https://github.com///archive/.tar.gz" } } From c5349029ab4b71aa3b244b1060c951e9b40651dc Mon Sep 17 00:00:00 2001 From: busti Date: Tue, 18 Jan 2022 21:28:52 +0100 Subject: [PATCH 26/28] fix spotifyd service config and firewall setup --- common/default.nix | 1 + modules/spotifyd.nix | 68 ++++++++++++++++++++++++++++++++++++ shared-services/spotifyd.nix | 11 ++++-- 3 files changed, 78 insertions(+), 2 deletions(-) create mode 100644 modules/spotifyd.nix diff --git a/common/default.nix b/common/default.nix index f8638ea..73f681d 100644 --- a/common/default.nix +++ b/common/default.nix @@ -38,6 +38,7 @@ vim wget jq + lsof ]; programs.bash.shellAliases = { diff --git a/modules/spotifyd.nix b/modules/spotifyd.nix new file mode 100644 index 0000000..2e72596 --- /dev/null +++ b/modules/spotifyd.nix @@ -0,0 +1,68 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.spotifyd; + toml = pkgs.formats.toml {}; + warnConfig = + if cfg.config != "" + then lib.trace "Using the stringly typed .config attribute is discouraged. Use the TOML typed .settings attribute instead." + else id; + spotifydConf = + if cfg.settings != {} + then toml.generate "spotify.conf" cfg.settings + else warnConfig (pkgs.writeText "spotifyd.conf" cfg.config); +in +{ + options = { + services.spotifyd = { + enable = mkEnableOption "spotifyd, a Spotify playing daemon"; + + config = mkOption { + default = ""; + type = types.lines; + description = '' + (Deprecated) Configuration for Spotifyd. For syntax and directives, see + . + ''; + }; + + settings = mkOption { + default = {}; + type = toml.type; + example = { global.bitrate = 320; }; + description = '' + Configuration for Spotifyd. For syntax and directives, see + . + ''; + }; + }; + }; + + config = mkIf cfg.enable { + assertions = [ + { + assertion = cfg.config == "" || cfg.settings == {}; + message = "At most one of the .config attribute and the .settings attribute may be set"; + } + ]; + + systemd.services.spotifyd = { + wantedBy = [ "multi-user.target" ]; + after = [ "network-online.target" "sound.target" ]; + description = "spotifyd, a Spotify playing daemon"; + environment.SHELL = "/bin/sh"; + serviceConfig = { + ExecStart = "${pkgs.spotifyd}/bin/spotifyd --no-daemon --config-path ${spotifydConf}"; + Restart = "always"; + RestartSec = 12; + DynamicUser = true; + CacheDirectory = "spotifyd"; + SupplementaryGroups = ["audio"]; + }; + }; + }; + + meta.maintainers = [ maintainers.anderslundstedt ]; +} \ No newline at end of file diff --git a/shared-services/spotifyd.nix b/shared-services/spotifyd.nix index 801c835..0b8a9be 100644 --- a/shared-services/spotifyd.nix +++ b/shared-services/spotifyd.nix @@ -1,11 +1,18 @@ { config, ... }: { + disabledModules = [ "services/audio/spotifyd.nix" ]; + imports = [ ../modules/spotifyd.nix ]; + + services.spotifyd = { enable = true; - settings.zeroconf_port = 18572; + settings.global = { + bitrate = 320; + zeroconf_port = 18572; + }; }; - networking.firewall.allowedTCPPorts = [ 4070 config.services.spotifyd.settings.zeroconf_port ]; + networking.firewall.allowedTCPPorts = [ 4070 config.services.spotifyd.settings.global.zeroconf_port ]; networking.firewall.allowedUDPPorts = [ 5353 ]; } From f8686374176d7875846a0ee71a2c2890ef7d4a85 Mon Sep 17 00:00:00 2001 From: busti Date: Sat, 22 Jan 2022 17:22:02 +0100 Subject: [PATCH 27/28] automatically restart spotifyd and pulseaudio daily --- shared-services/spotifyd.nix | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/shared-services/spotifyd.nix b/shared-services/spotifyd.nix index 0b8a9be..c3ce6c4 100644 --- a/shared-services/spotifyd.nix +++ b/shared-services/spotifyd.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, pkgs, ... }: { disabledModules = [ "services/audio/spotifyd.nix" ]; @@ -15,4 +15,22 @@ networking.firewall.allowedTCPPorts = [ 4070 config.services.spotifyd.settings.global.zeroconf_port ]; networking.firewall.allowedUDPPorts = [ 5353 ]; + + systemd.services.restart-spotifyd = { + serviceConfig.Type = "oneshot"; + script = '' + ${pkgs.systemd}/bin/systemctl restart spotifyd.service + ${pkgs.systemd}/bin/systemctl restart pulseaudio.service + ''; + }; + + systemd.timers.restart-spotifyd = { + wantedBy = [ "timers.target" ]; + partOf = [ "restart-spotifyd.service" ]; + timerConfig = { + OnCalendar = "*-*-* 07:00:00"; + Persistent = "True"; + Unit = "restart-spotifyd.service"; + }; + }; } From dd18c6753a37f9a2ecf023b2e6aeda31e7e76857 Mon Sep 17 00:00:00 2001 From: Your Name Date: Thu, 16 Jun 2022 13:11:41 +0200 Subject: [PATCH 28/28] better fix for recent nix versions --- nix/sources-dir.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nix/sources-dir.nix b/nix/sources-dir.nix index 223fc00..e5fa9bf 100644 --- a/nix/sources-dir.nix +++ b/nix/sources-dir.nix @@ -9,6 +9,6 @@ in lib.concatStringsSep "\n" ([ "mkdir $out" ] - ++ lib.mapAttrsToList (name: source: "ln -s ${source.outPath} $out/${name}") sources + ++ lib.mapAttrsToList (name: source: "cp -r --reflink=auto ${source.outPath} $out/${name}") sources ) )