From 70b89988a96e1b297e873970d7c604c79015c673 Mon Sep 17 00:00:00 2001 From: Yureka Date: Sat, 21 Aug 2021 18:47:21 +0200 Subject: [PATCH] initial commit --- common/default.nix | 53 ++++++++ deploy.sh | 22 ++++ hosts/nuc/configuration.nix | 25 ++++ hosts/nuc/desktop.nix | 25 ++++ hosts/nuc/hardware-configuration.nix | 34 ++++++ hosts/nuc/mpd.nix | 18 +++ hosts/nuc/nfs-server.nix | 17 +++ hosts/nuc/pulseaudio.nix | 11 ++ hosts/nuc/spotifyd.nix | 12 ++ hosts/nuc/vnc.nix | 15 +++ hosts/nuc/webserver.nix | 9 ++ hosts/nuc/ympd.nix | 30 +++++ nix/sources-dir.nix | 14 +++ nix/sources.json | 26 ++++ nix/sources.nix | 174 +++++++++++++++++++++++++++ 15 files changed, 485 insertions(+) create mode 100644 common/default.nix create mode 100755 deploy.sh create mode 100644 hosts/nuc/configuration.nix create mode 100644 hosts/nuc/desktop.nix create mode 100644 hosts/nuc/hardware-configuration.nix create mode 100644 hosts/nuc/mpd.nix create mode 100644 hosts/nuc/nfs-server.nix create mode 100644 hosts/nuc/pulseaudio.nix create mode 100644 hosts/nuc/spotifyd.nix create mode 100644 hosts/nuc/vnc.nix create mode 100644 hosts/nuc/webserver.nix create mode 100644 hosts/nuc/ympd.nix create mode 100644 nix/sources-dir.nix create mode 100644 nix/sources.json create mode 100644 nix/sources.nix diff --git a/common/default.nix b/common/default.nix new file mode 100644 index 0000000..838bb20 --- /dev/null +++ b/common/default.nix @@ -0,0 +1,53 @@ +{ lib, pkgs, ... }: + +{ + boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; + boot.kernelParams = [ "quiet" ]; + + services.openssh.enable = true; + security.sudo.wheelNeedsPassword = false; + + nix.gc.automatic = lib.mkDefault true; + nix.gc.options = lib.mkDefault "--delete-older-than 1d"; + nix.trustedUsers = [ "root" "@wheel" ]; + + environment.variables = { + EDITOR = "vim"; # fight me :-) + + # automatically runs `nix-env -iA nixos.$package` when + # someone tries to run something that is not installed + NIX_AUTO_INSTALL = "1"; + }; + + environment.systemPackages = with pkgs; [ + alacritty.terminfo + kitty.terminfo + rxvt_unicode.terminfo + termite.terminfo + bat + bottom + exa + fd + git + htop + nload + ripgrep + rsync + tcpdump + tmux + vim + wget + jq + ]; + + programs.bash.shellAliases = { + ".." = "cd .."; + use = "nix-shell -p"; + cat = "bat --style=header"; + grep = "rg"; + ls = "exa"; + ll = "exa -l"; + la = "exa -la"; + tree = "exa -T"; + }; +} diff --git a/deploy.sh b/deploy.sh new file mode 100755 index 0000000..c19b0a8 --- /dev/null +++ b/deploy.sh @@ -0,0 +1,22 @@ +#!/usr/bin/env bash + +set -eo pipefail +cd "$(dirname "$0")" + +if ! command -v nix-build &> /dev/null +then + echo "Nix installation could not be found. Please follow the instructions linked below." + echo "https://nixos.org/manual/nix/unstable/installation/installing-binary.html#multi-user-installation" + exit +fi + +mode="${1:-switch}" +host="nuc" +target="nuc@nuc.c3h" +#host="${2:-nuc}" +#target="${3:-$host.c3h}" + +sources=$(nix-build nix/sources-dir.nix --no-out-link) + +set -x +nixos-rebuild "$mode" --target-host "$target" --use-remote-sudo -I $sources -I "nixos-config=$PWD/hosts/$host/configuration.nix" diff --git a/hosts/nuc/configuration.nix b/hosts/nuc/configuration.nix new file mode 100644 index 0000000..741c50e --- /dev/null +++ b/hosts/nuc/configuration.nix @@ -0,0 +1,25 @@ +{ ... }: + +{ + imports = [ + ./hardware-configuration.nix + ../../common + + # services + ./pulseaudio.nix + ./nfs-server.nix + ./mpd.nix + ./ympd.nix + ./spotifyd.nix + ./desktop.nix + ./vnc.nix + ./webserver.nix + ]; + + networking.hostName = "nuc"; + networking.domain = "c3h"; + + boot.loader.systemd-boot.enable = true; + + system.stateVersion = "21.05"; +} diff --git a/hosts/nuc/desktop.nix b/hosts/nuc/desktop.nix new file mode 100644 index 0000000..23ba530 --- /dev/null +++ b/hosts/nuc/desktop.nix @@ -0,0 +1,25 @@ +{ pkgs, ... }: + +{ + users.mutableUsers = false; + users.users.nuc = { + isNormalUser = true; + password = "c3h"; + extraGroups = [ "wheel" ]; + packages = with pkgs; [ chromium firefox mpv youtube-dl ]; + }; + + services.xserver = { + enable = true; + layout = "de"; + + videoDrivers = [ "modesetting" ]; + useGlamor = true; + + displayManager.lightdm.enable = true; + displayManager.autoLogin.enable = true; + displayManager.autoLogin.user = "nuc"; + + desktopManager.mate.enable = true; + }; +} diff --git a/hosts/nuc/hardware-configuration.nix b/hosts/nuc/hardware-configuration.nix new file mode 100644 index 0000000..d25690f --- /dev/null +++ b/hosts/nuc/hardware-configuration.nix @@ -0,0 +1,34 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "uas" "sd_mod" "sdhci_pci" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/ccb84984-fae9-4bfc-8c0d-3f5a98022103"; + fsType = "xfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/5DE4-9727"; + fsType = "vfat"; + }; + + fileSystems."/mnt" = + { device = "/dev/disk/by-uuid/ff18a6f9-ee3b-452c-8671-38b74508a74c"; + fsType = "btrfs"; + }; + + swapDevices = [ ]; + + powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; +} diff --git a/hosts/nuc/mpd.nix b/hosts/nuc/mpd.nix new file mode 100644 index 0000000..8bb1939 --- /dev/null +++ b/hosts/nuc/mpd.nix @@ -0,0 +1,18 @@ +{ config, ... }: + +{ + services.mpd = { + enable = true; + musicDirectory = "/mnt/Music"; + network.listenAddress = "any"; + extraConfig = '' + audio_output { + type "pulse" + name "pulse audio" + server "localhost" + } + ''; + }; + + networking.firewall.allowedTCPPorts = [ config.services.mpd.network.port ]; +} diff --git a/hosts/nuc/nfs-server.nix b/hosts/nuc/nfs-server.nix new file mode 100644 index 0000000..8a6f8ca --- /dev/null +++ b/hosts/nuc/nfs-server.nix @@ -0,0 +1,17 @@ +{ ... }: + +{ + services.nfs.server = { + enable = true; + exports = '' + /mnt 10.23.42.0/24(rw,fsid=0,insecure,no_subtree_check) + ''; + + statdPort = 4000; + lockdPort = 4001; + mountdPort = 4002; + }; + + networking.firewall.interfaces.enp3s0.allowedTCPPorts = [ 2049 4000 4001 4002 111 ]; + networking.firewall.interfaces.enp3s0.allowedUDPPorts = [ 2049 4000 4001 4002 111 ]; +} diff --git a/hosts/nuc/pulseaudio.nix b/hosts/nuc/pulseaudio.nix new file mode 100644 index 0000000..7bb6565 --- /dev/null +++ b/hosts/nuc/pulseaudio.nix @@ -0,0 +1,11 @@ +{ pkgs, ... }: + +{ + networking.firewall.allowedTCPPorts = [ 4713 ]; + sound.enable = true; + hardware.pulseaudio.enable = true; + hardware.pulseaudio.systemWide = true; + hardware.pulseaudio.package = pkgs.pulseaudio; + hardware.pulseaudio.tcp.enable = true; + hardware.pulseaudio.tcp.anonymousClients.allowedIpRanges = [ "127.0.0.0/8" "::/64" "10.23.42.0/24" ]; +} diff --git a/hosts/nuc/spotifyd.nix b/hosts/nuc/spotifyd.nix new file mode 100644 index 0000000..7cf79ce --- /dev/null +++ b/hosts/nuc/spotifyd.nix @@ -0,0 +1,12 @@ +{ ... }: + +{ + services.spotifyd = { + enable = true; + config = '' + zeroconf_port = 18572 + ''; + }; + + networking.firewall.allowedTCPPorts = [ 18572 ]; +} diff --git a/hosts/nuc/vnc.nix b/hosts/nuc/vnc.nix new file mode 100644 index 0000000..a0c1f88 --- /dev/null +++ b/hosts/nuc/vnc.nix @@ -0,0 +1,15 @@ +{ pkgs, ... }: + +{ + systemd.user.services.x11vnc = { + wantedBy = [ "graphical-session.target" ]; + requires = [ "graphical-session-pre.target" ]; + after = [ "graphical-session-pre.target" ]; + + serviceConfig = { + ExecStart = "${pkgs.x11vnc}/bin/x11vnc -rfbport 5900 -forever -shared"; + }; + }; + + networking.firewall.allowedTCPPorts = [ 5900 ]; +} diff --git a/hosts/nuc/webserver.nix b/hosts/nuc/webserver.nix new file mode 100644 index 0000000..81b963c --- /dev/null +++ b/hosts/nuc/webserver.nix @@ -0,0 +1,9 @@ +{ ... }: + +{ + services.nginx = { + enable = true; + }; + + networking.firewall.allowedTCPPorts = [ 80 ]; +} diff --git a/hosts/nuc/ympd.nix b/hosts/nuc/ympd.nix new file mode 100644 index 0000000..10aac6b --- /dev/null +++ b/hosts/nuc/ympd.nix @@ -0,0 +1,30 @@ +{ config, pkgs, ... }: + +let + # well-maintained fork + ympd = pkgs.ympd.overrideAttrs (old: { + version = "unstable-2021-05-21"; + src = pkgs.fetchFromGitHub { + owner = "SuperBFG7"; + repo = "ympd"; + rev = "9d1a3ccfb25d011890bb90fe4ff6aaed51ffa2c4"; + sha256 = "0is2fwfmacm91yq5b22184hjyhb6i49f35dik0v3vnqkk49v565c"; + }; + }); + +in { + systemd.services.ympd = { + wantedBy = [ "multi-user.target" ]; + serviceConfig = { + DynamicUser = true; + ExecStart = "${ympd}/bin/ympd --host localhost --port ${toString config.services.mpd.network.port} --webport 8062"; + }; + }; + + services.nginx.virtualHosts.default = { + locations."/ympd/" = { + proxyPass = "http://localhost:8062/"; + proxyWebsockets = true; + }; + }; +} diff --git a/nix/sources-dir.nix b/nix/sources-dir.nix new file mode 100644 index 0000000..223fc00 --- /dev/null +++ b/nix/sources-dir.nix @@ -0,0 +1,14 @@ +{ system ? builtins.currentSystem }: + +let + sources = import ./sources.nix {}; + pkgs = import sources.nixpkgs { inherit system; }; + lib = pkgs.lib; +in + pkgs.runCommand "sources" {} ( + lib.concatStringsSep "\n" ([ + "mkdir $out" + ] + ++ lib.mapAttrsToList (name: source: "ln -s ${source.outPath} $out/${name}") sources + ) + ) diff --git a/nix/sources.json b/nix/sources.json new file mode 100644 index 0000000..e3c9687 --- /dev/null +++ b/nix/sources.json @@ -0,0 +1,26 @@ +{ + "niv": { + "branch": "master", + "description": "Easy dependency management for Nix projects", + "homepage": "https://github.com/nmattia/niv", + "owner": "nmattia", + "repo": "niv", + "rev": "e0ca65c81a2d7a4d82a189f1e23a48d59ad42070", + "sha256": "1pq9nh1d8nn3xvbdny8fafzw87mj7gsmp6pxkdl65w2g18rmcmzx", + "type": "tarball", + "url": "https://github.com/nmattia/niv/archive/e0ca65c81a2d7a4d82a189f1e23a48d59ad42070.tar.gz", + "url_template": "https://github.com///archive/.tar.gz" + }, + "nixpkgs": { + "branch": "nixos-21.05", + "description": "Nix Packages collection", + "homepage": "", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a1007637cea374bd1bafd754cfd5388894c49129", + "sha256": "0qnnrn2ahlvxgamwybjafdafaj8mjs6dl91ml5b8bh1v9aj313vl", + "type": "tarball", + "url": "https://github.com/NixOS/nixpkgs/archive/a1007637cea374bd1bafd754cfd5388894c49129.tar.gz", + "url_template": "https://github.com///archive/.tar.gz" + } +} diff --git a/nix/sources.nix b/nix/sources.nix new file mode 100644 index 0000000..1938409 --- /dev/null +++ b/nix/sources.nix @@ -0,0 +1,174 @@ +# This file has been generated by Niv. + +let + + # + # The fetchers. fetch_ fetches specs of type . + # + + fetch_file = pkgs: name: spec: + let + name' = sanitizeName name + "-src"; + in + if spec.builtin or true then + builtins_fetchurl { inherit (spec) url sha256; name = name'; } + else + pkgs.fetchurl { inherit (spec) url sha256; name = name'; }; + + fetch_tarball = pkgs: name: spec: + let + name' = sanitizeName name + "-src"; + in + if spec.builtin or true then + builtins_fetchTarball { name = name'; inherit (spec) url sha256; } + else + pkgs.fetchzip { name = name'; inherit (spec) url sha256; }; + + fetch_git = name: spec: + let + ref = + if spec ? ref then spec.ref else + if spec ? branch then "refs/heads/${spec.branch}" else + if spec ? tag then "refs/tags/${spec.tag}" else + abort "In git source '${name}': Please specify `ref`, `tag` or `branch`!"; + in + builtins.fetchGit { url = spec.repo; inherit (spec) rev; inherit ref; }; + + fetch_local = spec: spec.path; + + fetch_builtin-tarball = name: throw + ''[${name}] The niv type "builtin-tarball" is deprecated. You should instead use `builtin = true`. + $ niv modify ${name} -a type=tarball -a builtin=true''; + + fetch_builtin-url = name: throw + ''[${name}] The niv type "builtin-url" will soon be deprecated. You should instead use `builtin = true`. + $ niv modify ${name} -a type=file -a builtin=true''; + + # + # Various helpers + # + + # https://github.com/NixOS/nixpkgs/pull/83241/files#diff-c6f540a4f3bfa4b0e8b6bafd4cd54e8bR695 + sanitizeName = name: + ( + concatMapStrings (s: if builtins.isList s then "-" else s) + ( + builtins.split "[^[:alnum:]+._?=-]+" + ((x: builtins.elemAt (builtins.match "\\.*(.*)" x) 0) name) + ) + ); + + # The set of packages used when specs are fetched using non-builtins. + mkPkgs = sources: system: + let + sourcesNixpkgs = + import (builtins_fetchTarball { inherit (sources.nixpkgs) url sha256; }) { inherit system; }; + hasNixpkgsPath = builtins.any (x: x.prefix == "nixpkgs") builtins.nixPath; + hasThisAsNixpkgsPath = == ./.; + in + if builtins.hasAttr "nixpkgs" sources + then sourcesNixpkgs + else if hasNixpkgsPath && ! hasThisAsNixpkgsPath then + import {} + else + abort + '' + Please specify either (through -I or NIX_PATH=nixpkgs=...) or + add a package called "nixpkgs" to your sources.json. + ''; + + # The actual fetching function. + fetch = pkgs: name: spec: + + if ! builtins.hasAttr "type" spec then + abort "ERROR: niv spec ${name} does not have a 'type' attribute" + else if spec.type == "file" then fetch_file pkgs name spec + else if spec.type == "tarball" then fetch_tarball pkgs name spec + else if spec.type == "git" then fetch_git name spec + else if spec.type == "local" then fetch_local spec + else if spec.type == "builtin-tarball" then fetch_builtin-tarball name + else if spec.type == "builtin-url" then fetch_builtin-url name + else + abort "ERROR: niv spec ${name} has unknown type ${builtins.toJSON spec.type}"; + + # If the environment variable NIV_OVERRIDE_${name} is set, then use + # the path directly as opposed to the fetched source. + replace = name: drv: + let + saneName = stringAsChars (c: if isNull (builtins.match "[a-zA-Z0-9]" c) then "_" else c) name; + ersatz = builtins.getEnv "NIV_OVERRIDE_${saneName}"; + in + if ersatz == "" then drv else + # this turns the string into an actual Nix path (for both absolute and + # relative paths) + if builtins.substring 0 1 ersatz == "/" then /. + ersatz else /. + builtins.getEnv "PWD" + "/${ersatz}"; + + # Ports of functions for older nix versions + + # a Nix version of mapAttrs if the built-in doesn't exist + mapAttrs = builtins.mapAttrs or ( + f: set: with builtins; + listToAttrs (map (attr: { name = attr; value = f attr set.${attr}; }) (attrNames set)) + ); + + # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/lists.nix#L295 + range = first: last: if first > last then [] else builtins.genList (n: first + n) (last - first + 1); + + # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L257 + stringToCharacters = s: map (p: builtins.substring p 1 s) (range 0 (builtins.stringLength s - 1)); + + # https://github.com/NixOS/nixpkgs/blob/0258808f5744ca980b9a1f24fe0b1e6f0fecee9c/lib/strings.nix#L269 + stringAsChars = f: s: concatStrings (map f (stringToCharacters s)); + concatMapStrings = f: list: concatStrings (map f list); + concatStrings = builtins.concatStringsSep ""; + + # https://github.com/NixOS/nixpkgs/blob/8a9f58a375c401b96da862d969f66429def1d118/lib/attrsets.nix#L331 + optionalAttrs = cond: as: if cond then as else {}; + + # fetchTarball version that is compatible between all the versions of Nix + builtins_fetchTarball = { url, name ? null, sha256 }@attrs: + let + inherit (builtins) lessThan nixVersion fetchTarball; + in + if lessThan nixVersion "1.12" then + fetchTarball ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; })) + else + fetchTarball attrs; + + # fetchurl version that is compatible between all the versions of Nix + builtins_fetchurl = { url, name ? null, sha256 }@attrs: + let + inherit (builtins) lessThan nixVersion fetchurl; + in + if lessThan nixVersion "1.12" then + fetchurl ({ inherit url; } // (optionalAttrs (!isNull name) { inherit name; })) + else + fetchurl attrs; + + # Create the final "sources" from the config + mkSources = config: + mapAttrs ( + name: spec: + if builtins.hasAttr "outPath" spec + then abort + "The values in sources.json should not have an 'outPath' attribute" + else + spec // { outPath = replace name (fetch config.pkgs name spec); } + ) config.sources; + + # The "config" used by the fetchers + mkConfig = + { sourcesFile ? if builtins.pathExists ./sources.json then ./sources.json else null + , sources ? if isNull sourcesFile then {} else builtins.fromJSON (builtins.readFile sourcesFile) + , system ? builtins.currentSystem + , pkgs ? mkPkgs sources system + }: rec { + # The sources, i.e. the attribute set of spec name to spec + inherit sources; + + # The "pkgs" (evaluated nixpkgs) to use for e.g. non-builtin fetchers + inherit pkgs; + }; + +in +mkSources (mkConfig {}) // { __functor = _: settings: mkSources (mkConfig settings); }