diff options
| author | Griffin Smith <grfn@gws.fyi> | 2021-04-11T21·53-0400 |
|---|---|---|
| committer | glittershark <grfn@gws.fyi> | 2021-04-12T14·45+0000 |
| commit | 6266c5d32f9ff651fcfc3a4cc0c68e89da56ca65 (patch) | |
| tree | 5be3967585787c4456e17cb29423770217fdcede /users/glittershark/system/system | |
| parent | 968effb5dc1a4617a0dceaffc70e986abe300c6e (diff) | |
refactor(users/glittershark): Rename to grfn r/2485
Rename my //users directory and all places that refer to glittershark to grfn, including nix references and documentation. This may require some extra attention inside of gerrit's database after it lands to allow me to actually push things. Change-Id: I4728b7ec2c60024392c1c1fa6e0d4a59b3e266fa Reviewed-on: https://cl.tvl.fyi/c/depot/+/2933 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in> Reviewed-by: lukegb <lukegb@tvl.fyi> Reviewed-by: glittershark <grfn@gws.fyi>
Diffstat (limited to 'users/glittershark/system/system')
24 files changed, 0 insertions, 1037 deletions
diff --git a/users/glittershark/system/system/.skip-subtree b/users/glittershark/system/system/.skip-subtree deleted file mode 100644 index e69de29bb2..0000000000 --- a/users/glittershark/system/system/.skip-subtree +++ /dev/null diff --git a/users/glittershark/system/system/configuration.nix b/users/glittershark/system/system/configuration.nix deleted file mode 100644 index eae567015b..0000000000 --- a/users/glittershark/system/system/configuration.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ config, pkgs, ... }: - -let machine = throw "Pick a machine from ./machines"; in -{ - imports = - [ - /etc/nixos/hardware-configuration.nix - ./modules/common.nix - machine - ]; -} diff --git a/users/glittershark/system/system/default.nix b/users/glittershark/system/system/default.nix deleted file mode 100644 index 6592eddc08..0000000000 --- a/users/glittershark/system/system/default.nix +++ /dev/null @@ -1,77 +0,0 @@ -args @ { depot, pkgs, ... }: - -rec { - chupacabra = import ./machines/chupacabra.nix; - - chupacabraSystem = (depot.third_party.nixos { - configuration = chupacabra; - }).system; - - mugwump = import ./machines/mugwump.nix; - - mugwumpSystem = (depot.third_party.nixos { - configuration = mugwump; - }).system; - - roswell = import ./machines/roswell.nix; - - roswellSystem = (depot.ops.nixos.nixosFor ({ ... }: { - imports = [ - ./machines/roswell.nix - "${pkgs.home-manager.src}/nixos" - ]; - - home-manager.users.grfn = { config, lib, ... }: { - imports = [ ../home/machines/roswell.nix ]; - lib.depot = depot; - _module.args.pkgs = lib.mkForce - (import pkgs.path - (lib.filterAttrs (n: v: v != null) config.nixpkgs)); - }; - })).system; - - yeren = import ./machines/yeren.nix; - - yerenSystem = (depot.ops.nixos.nixosFor yeren).system; - - iso = import ./iso.nix args; - - # Build chupacabra in CI - meta.targets = [ - "chupacabraSystem" - "mugwumpSystem" - "roswellSystem" - "yerenSystem" - - "iso" - ]; - - rebuilder = - let - depotPath = "/home/grfn/code/depot"; - - caseFor = hostname: '' - ${hostname}) - echo "Rebuilding NixOS for //users/glittershark/nixos/${hostname}" - system=$(nix-build -E '(import ${depotPath} {}).users.glittershark.system.system.${hostname}' --no-out-link) - ;; - ''; - in pkgs.writeShellScriptBin "rebuilder" '' - set -ue - if [[ $EUID -ne 0 ]]; then - echo "Oh no! Only root is allowed to rebuild the system!" >&2 - exit 1 - fi - - case $HOSTNAME in - ${caseFor "chupacabra"} - *) - echo "$HOSTNAME is not a known NixOS host!" >&2 - exit 1 - ;; - esac - - nix-env -p /nix/var/nix/profiles/system --set $system - $system/bin/switch-to-configuration switch - ''; -} diff --git a/users/glittershark/system/system/iso.nix b/users/glittershark/system/system/iso.nix deleted file mode 100644 index 256aee6a5e..0000000000 --- a/users/glittershark/system/system/iso.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ depot, lib, pkgs, ... }: - -let - configuration = { ... }: { - imports = [ - "${pkgs.path}/nixos/modules/installer/cd-dvd/installation-cd-minimal-new-kernel.nix" - "${pkgs.path}/nixos/modules/installer/cd-dvd/channel.nix" - ]; - - networking.networkmanager.enable = true; - networking.useDHCP = false; - networking.firewall.enable = false; - networking.wireless.enable = lib.mkForce false; - }; -in (depot.third_party.nixos { - inherit configuration; -}).config.system.build.isoImage diff --git a/users/glittershark/system/system/machines/bumblebee.nix b/users/glittershark/system/system/machines/bumblebee.nix deleted file mode 100644 index 0fec214092..0000000000 --- a/users/glittershark/system/system/machines/bumblebee.nix +++ /dev/null @@ -1,23 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - imports = [ - ../modules/reusable/battery.nix - ]; - - networking.hostName = "bumblebee"; - - powerManagement = { - enable = true; - cpuFreqGovernor = "powersave"; - powertop.enable = true; - }; - - # Hibernate on low battery - laptop.onLowBattery = { - enable = true; - action = "hibernate"; - thresholdPercentage = 5; - }; - - services.xserver.xkbOptions = "caps:swapescape"; -} diff --git a/users/glittershark/system/system/machines/chupacabra.nix b/users/glittershark/system/system/machines/chupacabra.nix deleted file mode 100644 index 974e3c34e3..0000000000 --- a/users/glittershark/system/system/machines/chupacabra.nix +++ /dev/null @@ -1,142 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - ../modules/common.nix - ../modules/laptop.nix - ../modules/tvl.nix - ../modules/fcitx.nix - ../modules/rtlsdr.nix - ../../../../../ops/modules/v4l2loopback.nix - ../modules/desktop.nix - ../modules/development.nix - ]; - - hardware.enableRedistributableFirmware = true; - - networking.hostName = "chupacabra"; - - powerManagement = { - enable = true; - powertop.enable = true; - cpuFreqGovernor = "powersave"; - }; - - laptop.onLowBattery = { - enable = true; - action = "hibernate"; - thresholdPercentage = 5; - }; - - boot = { - blacklistedKernelModules = [ "nouveau" "intel" ]; - extraModulePackages = [ ]; - - initrd = { - availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - kernelModules = [ ]; - - luks.devices = { - "cryptroot".device = "/dev/disk/by-uuid/c2fc7ce7-a45e-48a1-8cde-be966ef601db"; - "cryptswap".device = "/dev/disk/by-uuid/3b6e2fd4-bfe9-4392-a6e0-4f3b3b76e019"; - }; - }; - - kernelModules = [ "kvm-intel" ]; - kernelParams = [ "acpi_rev_override" ]; - - kernel.sysctl = { - "kernel.perf_event_paranoid" = -1; - "vm.swappiness" = 1; - }; - }; - - services.thermald.enable = true; - - hardware.cpu.intel.updateMicrocode = true; - - # Intel-only graphics - hardware.nvidiaOptimus.disable = true; - services.xserver.videoDrivers = [ "intel" ]; - - # Nvidia Optimus (hybrid) - currently not working - # services.xserver.videoDrivers = [ "intel" "nvidia" ]; - # boot.blacklistedKernelModules = [ "nouveau" "bbswitch" ]; - # boot.extraModulePackages = [ pkgs.linuxPackages.nvidia_x11 ]; - # hardware.bumblebee.enable = true; - # hardware.bumblebee.pmMethod = "none"; - - systemd.services.disable-usb-autosuspend = { - description = "Disable USB autosuspend"; - wantedBy = [ "multi-user.target" ]; - serviceConfig = { Type = "oneshot"; }; - unitConfig.RequiresMountsFor = "/sys"; - script = '' - echo -1 > /sys/module/usbcore/parameters/autosuspend - ''; - }; - - # From hardware-configuration.nix - - fileSystems."/" = - { device = "/dev/mapper/cryptroot"; - fsType = "ext4"; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/3492-9E3A"; - fsType = "vfat"; - }; - - swapDevices = - [ { device = "/dev/disk/by-uuid/caa7e2ff-475b-4024-b29e-4f88f733fc4c"; } - ]; - - # High-DPI console - console.font = lib.mkDefault "${pkgs.terminus_font}/share/consolefonts/ter-u28n.psf.gz"; - - # from nixos-hardware TODO sort this around - services.tlp.enable = true; - services.fstrim.enable = lib.mkDefault true; - - # Intel cpu stuff - hardware.opengl.extraPackages = with pkgs; [ - vaapiIntel - vaapiVdpau - libvdpau-va-gl - intel-media-driver - ]; - - services.udev.extraRules = '' - # UDEV rules for Teensy USB devices - ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", ENV{ID_MM_DEVICE_IGNORE}="1" - ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789A]?", ENV{MTP_NO_PROBE}="1" - SUBSYSTEMS=="usb", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789ABCD]?", MODE:="0666" - KERNEL=="ttyACM*", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="04[789B]?", MODE:="0666" - ''; - - # Necessary to get steam working - hardware.opengl.driSupport32Bit = true; - - nix = { - maxJobs = lib.mkDefault 12; - binaryCaches = [ "ssh://grfn@172.16.0.5" ]; - trustedBinaryCaches = [ "ssh://grfn@172.16.0.5" ]; - buildMachines = [ - { - hostName = "172.16.0.4"; - sshUser = "griffin"; - sshKey = "/home/grfn/.ssh/id_rsa"; - system = "x86_64-darwin"; - maxJobs = 8; # 16 cpus - } - { - hostName = "172.16.0.3"; - sshUser = "griffin"; - sshKey = "/home/grfn/.ssh/id_rsa"; - system = "x86_64-darwin"; - maxJobs = 4; - } - ]; - }; -} diff --git a/users/glittershark/system/system/machines/mugwump.nix b/users/glittershark/system/system/machines/mugwump.nix deleted file mode 100644 index 77c4dda9a5..0000000000 --- a/users/glittershark/system/system/machines/mugwump.nix +++ /dev/null @@ -1,279 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: - -with lib; - -{ - imports = [ - ../modules/common.nix - (modulesPath + "/installer/scan/not-detected.nix") - ]; - - networking.hostName = "mugwump"; - - boot = { - loader.systemd-boot.enable = true; - - kernelModules = [ "kvm-intel" ]; - extraModulePackages = [ ]; - - initrd = { - availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; - kernelModules = [ - "uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1" - ]; - - postDeviceCommands = pkgs.lib.mkBefore '' - mkdir -m 0755 -p /key - sleep 2 - mount -n -t vfat -o ro `findfs UUID=9048-A9D5` /key - ''; - - luks.devices."cryptroot" = { - device = "/dev/disk/by-uuid/803a9028-339c-4617-a213-4fe138161f6d"; - keyFile = "/key/keyfile"; - preLVM = false; - }; - }; - }; - - fileSystems = { - "/" = { - device = "/dev/mapper/cryptroot"; - fsType = "btrfs"; - }; - "/boot" = { - device = "/dev/disk/by-uuid/7D74-0E4B"; - fsType = "vfat"; - }; - }; - - networking.interfaces = { - enp0s25.useDHCP = false; - wlp2s0.useDHCP = false; - }; - - networking.firewall.enable = true; - networking.firewall.allowedTCPPorts = [ 22 80 443 ]; - - security.sudo.extraRules = [{ - groups = ["wheel"]; - commands = [{ command = "ALL"; options = ["NOPASSWD"]; }]; - }]; - - nix.gc.dates = "monthly"; - - services.fail2ban = { - enable = true; - ignoreIP = [ - "172.16.0.0/16" - ]; - }; - - services.openssh = { - allowSFTP = false; - passwordAuthentication = false; - permitRootLogin = "no"; - }; - - services.grafana = { - enable = true; - port = 3000; - domain = "metrics.gws.fyi"; - rootUrl = "https://metrics.gws.fyi"; - dataDir = "/var/lib/grafana"; - analytics.reporting.enable = false; - - provision = { - enable = true; - datasources = [{ - name = "Prometheus"; - type = "prometheus"; - url = "http://localhost:9090"; - }]; - }; - }; - - security.acme.email = "root@gws.fyi"; - security.acme.acceptTerms = true; - - services.nginx = { - enable = true; - statusPage = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - - virtualHosts = { - "metrics.gws.fyi" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:${toString config.services.grafana.port}"; - }; - }; - }; - }; - - services.ddclient = { - enable = true; - domains = [ "home.gws.fyi" ]; - interval = "1d"; - zone = "gws.fyi"; - protocol = "cloudflare"; - username = "root@gws.fyi"; - quiet = true; - }; - - systemd.services.ddclient.serviceConfig = { - EnvironmentFile = "/etc/secrets/cloudflare.env"; - DynamicUser = lib.mkForce false; - ExecStart = lib.mkForce ( - let runtimeDir = - config.systemd.services.ddclient.serviceConfig.RuntimeDirectory; - in pkgs.writeShellScript "ddclient" '' - set -eo pipefail - - ${pkgs.gnused}/bin/sed -i -s s/password=/password=$CLOUDFLARE_API_KEY/ /run/${runtimeDir}/ddclient.conf - exec ${pkgs.ddclient}/bin/ddclient \ - -file /run/${runtimeDir}/ddclient.conf \ - -login=$CLOUDFLARE_EMAIL \ - ''); - }; - - security.acme.certs."metrics.gws.fyi" = { - dnsProvider = "cloudflare"; - credentialsFile = "/etc/secrets/cloudflare.env"; - webroot = mkForce null; - }; - - services.prometheus = { - enable = true; - exporters = { - node = { - enable = true; - openFirewall = false; - - enabledCollectors = [ - "processes" - "systemd" - "tcpstat" - "wifi" - "textfile" - ]; - - extraFlags = [ - "--collector.textfile.directory=/var/lib/prometheus/node-exporter" - ]; - }; - - nginx = { - enable = true; - openFirewall = true; - sslVerify = false; - constLabels = [ "host=mugwump" ]; - }; - - blackbox = { - enable = true; - openFirewall = true; - configFile = pkgs.writeText "blackbox-exporter.yaml" (builtins.toJSON { - modules = { - https_2xx = { - prober = "http"; - http = { - method = "GET"; - fail_if_ssl = false; - fail_if_not_ssl = true; - preferred_ip_protocol = "ip4"; - }; - }; - }; - }); - }; - }; - - scrapeConfigs = [{ - job_name = "node"; - scrape_interval = "5s"; - static_configs = [{ - targets = ["localhost:${toString config.services.prometheus.exporters.node.port}"]; - }]; - } { - job_name = "nginx"; - scrape_interval = "5s"; - static_configs = [{ - targets = ["localhost:${toString config.services.prometheus.exporters.nginx.port}"]; - }]; - } { - job_name = "blackbox"; - metrics_path = "/probe"; - params.module = ["https_2xx"]; - scrape_interval = "5s"; - static_configs = [{ - targets = [ - "https://gws.fyi" - "https://windtunnel.ci" - "https://app.windtunnel.ci" - "https://metrics.gws.fyi" - ]; - }]; - relabel_configs = [{ - source_labels = ["__address__"]; - target_label = "__param_target"; - } { - source_labels = ["__param_target"]; - target_label = "instance"; - } { - target_label = "__address__"; - replacement = "localhost:${toString config.services.prometheus.exporters.blackbox.port}"; - }]; - }]; - }; - - systemd.services."prometheus-fail2ban-exporter" = { - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" "fail2ban.service" ]; - serviceConfig = { - User = "root"; - Type = "oneshot"; - ExecStart = pkgs.writeShellScript "prometheus-fail2ban-exporter" '' - set -eo pipefail - mkdir -p /var/lib/prometheus/node-exporter - exec ${pkgs.python3.withPackages (p: [ - p.prometheus_client - ])}/bin/python ${pkgs.fetchurl { - url = "https://raw.githubusercontent.com/jangrewe/prometheus-fail2ban-exporter/11066950b47bb2dbef96ea8544f76e46ed829e81/fail2ban-exporter.py"; - sha256 = "049lsvw1nj65bbvp8ygyz3743ayzdawrbjixaxmpm03qbrcfmwc4"; - }} - ''; - }; - - path = with pkgs; [ fail2ban ]; - }; - - systemd.timers."prometheus-fail2ban-exporter" = { - wantedBy = [ "multi-user.target" ]; - timerConfig.OnCalendar = "minutely"; - }; - - virtualisation.docker.enable = true; - - services.buildkite-agents = listToAttrs (map (n: rec { - name = "mugwump-${toString n}"; - value = { - inherit name; - enable = true; - tokenPath = "/etc/secrets/buildkite-agent-token"; - privateSshKeyPath = "/etc/secrets/buildkite-ssh-key"; - runtimePackages = with pkgs; [ - docker - nix - gnutar - gzip - ]; - }; - }) (range 1 1)); - - users.users."buildkite-agent-mugwump-1".extraGroups = [ "docker" ]; - users.users."buildkite-agent-mugwump-2".extraGroups = [ "docker" ]; -} diff --git a/users/glittershark/system/system/machines/roswell.nix b/users/glittershark/system/system/machines/roswell.nix deleted file mode 100644 index 4b0cdec95d..0000000000 --- a/users/glittershark/system/system/machines/roswell.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ depot, config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ - ../modules/common.nix - "${modulesPath}/installer/scan/not-detected.nix" - "${modulesPath}/virtualisation/amazon-image.nix" - ]; - - ec2.hvm = true; - - networking.hostName = "roswell"; - - users.users.grfn.openssh.authorizedKeys.keys = [ - depot.users.glittershark.keys.main - ]; -} diff --git a/users/glittershark/system/system/machines/yeren.nix b/users/glittershark/system/system/machines/yeren.nix deleted file mode 100644 index 7bb06716f7..0000000000 --- a/users/glittershark/system/system/machines/yeren.nix +++ /dev/null @@ -1,125 +0,0 @@ -{ depot, modulesPath, config, lib, pkgs, ... }: - -{ - imports = [ - (modulesPath + "/installer/scan/not-detected.nix") - ../modules/common.nix - ../modules/laptop.nix - ../modules/xserver.nix - ../modules/fonts.nix - ../modules/sound.nix - ../modules/tvl.nix - ../modules/development.nix - ../modules/work/kolide.nix - ]; - - networking.hostName = "yeren"; - - system.stateVersion = "21.03"; - - boot = { - initrd = { - availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; - kernelModules = [ ]; - - luks.devices = { - "cryptroot".device = "/dev/disk/by-uuid/dcfbc22d-e0d2-411b-8dd3-96704d3aae2e"; - "cryptswap".device = "/dev/disk/by-uuid/48b8a8fd-559c-4759-a617-56f221cfaaec"; - }; - }; - - kernelPackages = pkgs.linuxPackages_latest; - - kernelModules = [ "kvm-intel" ]; - blacklistedKernelModules = [ "psmouse" ]; - extraModulePackages = [ - config.boot.kernelPackages.digimend - ]; - kernelParams = [ - "i915.preliminary_hw_support=1" - ]; - - # https://bbs.archlinux.org/viewtopic.php?pid=1933643#p1933643 - extraModprobeConfig = '' - options snd-intel-dspcfg dsp_driver=1 - ''; - }; - - fileSystems = { - "/" = { - device = "/dev/mapper/cryptroot"; - fsType = "btrfs"; - }; - - "/boot" = { - device = "/dev/disk/by-uuid/53A9-248B"; - fsType = "vfat"; - }; - }; - - swapDevices = [{ device = "/dev/mapper/cryptswap"; }]; - - services.xserver = { - exportConfiguration = true; - extraConfig = '' - Section "Device" - Identifier "Intel Graphics" - Driver "intel" - Option "TripleBuffer" "true" - Option "TearFree" "true" - Option "DRI" "true" - Option "AccelMethod" "sna" - EndSection - ''; - }; - - hardware.firmware = with pkgs; [ - alsa-firmware - sof-firmware - ]; - - hardware.opengl.extraPackages = with pkgs; [ - vaapiIntel - vaapiVdpau - libvdpau-va-gl - intel-media-driver - ]; - - services.fprintd = { - enable = true; - package = pkgs.fprintd-tod; - }; - - systemd.services.fprintd.environment.FP_TOD_DRIVERS_DIR = - "${pkgs.libfprint-2-tod1-goodix}/usr/lib/libfprint-2/tod-1"; - - security.pam.loginLimits = [ - { - domain = "grfn"; - type = "soft"; - item = "nofile"; - value = "65535"; - } - ]; - - security.pam.services = { - login.fprintAuth = true; - sudo.fprintAuth = true; - i3lock.fprintAuth = false; - i3lock-color.fprintAuth = false; - lightdm.fprintAuth = true; - lightdm-greeter.fprintAuth = true; - }; - - hardware.opengl.driSupport32Bit = true; - - hardware.pulseaudio.extraConfig = '' - load-module module-remap-source source_name=KompleteAudio6_1 source_properties=device.description=KompleteAudio6Input1 master=alsa_input.usb-Native_Instruments_Komplete_Audio_6_458E0FFD-00.multichannel-input remix=no channels=1 master_channel_map=front-left channel_map=mono - load-module module-remap-source source_name=KompleteAudio6_2 source_properties=device.description=KompleteAudio6Input2 master=alsa_input.usb-Native_Instruments_Komplete_Audio_6_458E0FFD-00.multichannel-input remix=no channels=1 master_channel_map=front-right channel_map=mono - load-module module-remap-sink sink_name=KompleteAudio6_12 sink_properties=device.description=KompleteAudio6_12 remix=no master=alsa_output.usb-Native_Instruments_Komplete_Audio_6_458E0FFD-00.analog-surround-21 channels=2 master_channel_map=front-left,front-right channel_map=front-left,front-right - ''; - - services.fwupd.enable = true; - - services.tailscale.enable = true; -} diff --git a/users/glittershark/system/system/modules/common.nix b/users/glittershark/system/system/modules/common.nix deleted file mode 100644 index 0eab590660..0000000000 --- a/users/glittershark/system/system/modules/common.nix +++ /dev/null @@ -1,78 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - - depot = import ../../../../.. {}; - -in - -with lib; - -{ - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - networking.useDHCP = false; - networking.networkmanager.enable = true; - - i18n = { - defaultLocale = "en_US.UTF-8"; - }; - - time.timeZone = "America/New_York"; - - environment.systemPackages = with pkgs; [ - wget - vim - zsh - git - w3m - libnotify - file - lm_sensors - dnsutils - depot.users.glittershark.system.system.rebuilder - htop - ]; - - services.openssh.enable = true; - - programs.ssh.startAgent = true; - - networking.firewall.enable = mkDefault false; - - users.mutableUsers = true; - programs.zsh.enable = true; - environment.pathsToLink = [ "/share/zsh" ]; - users.users.grfn = { - isNormalUser = true; - initialPassword = "password"; - extraGroups = [ - "wheel" - "networkmanager" - "audio" - "docker" - ]; - shell = pkgs.zsh; - }; - - nixpkgs.config.allowUnfree = true; - - nix = { - trustedUsers = [ "grfn" ]; - autoOptimiseStore = true; - distributedBuilds = true; - - gc = { - automatic = true; - dates = mkDefault "weekly"; - options = "--delete-older-than 30d"; - }; - }; - - services.udev.packages = with pkgs; [ - yubikey-personalization - ]; - - services.pcscd.enable = true; -} diff --git a/users/glittershark/system/system/modules/desktop.nix b/users/glittershark/system/system/modules/desktop.nix deleted file mode 100644 index 3adbd9d9b0..0000000000 --- a/users/glittershark/system/system/modules/desktop.nix +++ /dev/null @@ -1,19 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - ./xserver.nix - ./fonts.nix - ./sound.nix - ./kernel.nix - ]; - - programs.nm-applet.enable = true; - - users.users.grfn.extraGroups = [ - "audio" - "video" - ]; - - services.geoclue2.enable = true; -} diff --git a/users/glittershark/system/system/modules/development.nix b/users/glittershark/system/system/modules/development.nix deleted file mode 100644 index bfa0e22cff..0000000000 --- a/users/glittershark/system/system/modules/development.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - virtualisation.docker.enable = true; - users.users.grfn.extraGroups = [ "docker" ]; -} diff --git a/users/glittershark/system/system/modules/fcitx.nix b/users/glittershark/system/system/modules/fcitx.nix deleted file mode 100644 index 812f598f9f..0000000000 --- a/users/glittershark/system/system/modules/fcitx.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - i18n.inputMethod = { - enabled = "fcitx"; - fcitx.engines = with pkgs.fcitx-engines; [ - cloudpinyin - ]; - }; -} diff --git a/users/glittershark/system/system/modules/fonts.nix b/users/glittershark/system/system/modules/fonts.nix deleted file mode 100644 index babe30d427..0000000000 --- a/users/glittershark/system/system/modules/fonts.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - fonts = { - fonts = with pkgs; [ - nerdfonts - noto-fonts-emoji - twitter-color-emoji - ]; - - fontconfig.defaultFonts.emoji = ["Twitter Color Emoji"]; - }; -} diff --git a/users/glittershark/system/system/modules/kernel.nix b/users/glittershark/system/system/modules/kernel.nix deleted file mode 100644 index 5c5ff85515..0000000000 --- a/users/glittershark/system/system/modules/kernel.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib.versions; -let - inherit (pkgs) stdenvNoCC; - kernelRelease = config.boot.kernelPackages.kernel.version; - mj = major kernelRelease; - mm = majorMinor kernelRelease; - patched-linux-ck = stdenvNoCC.mkDerivation { - name = "linux-ck"; - src = builtins.fetchurl { - name = "linux-ck-patch-${mm}-ck1.xz"; - # example: http://ck.kolivas.org/patches/5.0/5.4/5.4-ck1/patch-5.4-ck1.xz - url = "http://ck.kolivas.org/patches/${mj}.0/${mm}/${mm}-ck1/patch-${mm}-ck1.xz"; - sha256 = "14lfpq9hvq1amxrl0ayfid1d04kd35vwsvk1ppnqa87nqfkjq47c"; - }; - - unpackPhase = '' - ${pkgs.xz}/bin/unxz -kfdc $src > patch-${mm}-ck1 - ''; - - installPhase = '' - cp patch-${mm}-ck1 $out - ''; - }; -in -{ - boot.kernelPackages = pkgs.linuxPackages_5_11.extend (self: super: { - kernel = super.kernel.override { - ignoreConfigErrors = true; - kernelPatches = super.kernel.kernelPatches ++ [{ - name = "linux-ck"; - patch = patched-linux-ck; - }]; - argsOverride = { - modDirVersion = super.kernel.modDirVersion + "-ck1"; - }; - }; - }); -} diff --git a/users/glittershark/system/system/modules/laptop.nix b/users/glittershark/system/system/modules/laptop.nix deleted file mode 100644 index 8c09f3a442..0000000000 --- a/users/glittershark/system/system/modules/laptop.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - imports = [ - ./reusable/battery.nix - ]; - - laptop.onLowBattery.enable = true; - - services.logind.extraConfig = '' - HandlePowerKey=hibernate - ''; -} diff --git a/users/glittershark/system/system/modules/reusable/README.org b/users/glittershark/system/system/modules/reusable/README.org deleted file mode 100644 index 34d9bfdcb7..0000000000 --- a/users/glittershark/system/system/modules/reusable/README.org +++ /dev/null @@ -1,2 +0,0 @@ -This directory contains things I'm eventually planning on contributing upstream -to nixpkgs diff --git a/users/glittershark/system/system/modules/reusable/battery.nix b/users/glittershark/system/system/modules/reusable/battery.nix deleted file mode 100644 index ca92e0c3f6..0000000000 --- a/users/glittershark/system/system/modules/reusable/battery.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; -{ - options = { - laptop.onLowBattery = { - enable = mkEnableOption "Perform action on low battery"; - - thresholdPercentage = mkOption { - description = "Threshold battery percentage on which to perform the action"; - default = 8; - type = types.int; - }; - - action = mkOption { - description = "Action to perform on low battery"; - default = "hibernate"; - type = types.enum [ "hibernate" "suspend" "suspend-then-hibernate" ]; - }; - }; - }; - - config = - let cfg = config.laptop.onLowBattery; - in mkIf cfg.enable { - services.udev.extraRules = concatStrings [ - ''SUBSYSTEM=="power_supply", '' - ''ATTR{status}=="Discharging", '' - ''ATTR{capacity}=="[0-${toString cfg.thresholdPercentage}]", '' - ''RUN+="${pkgs.systemd}/bin/systemctl ${cfg.action}"'' - ]; - }; -} diff --git a/users/glittershark/system/system/modules/rtlsdr.nix b/users/glittershark/system/system/modules/rtlsdr.nix deleted file mode 100644 index ce58ebb0dc..0000000000 --- a/users/glittershark/system/system/modules/rtlsdr.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - - environment.systemPackages = with pkgs; [ - rtl-sdr - ]; - - services.udev.packages = with pkgs; [ - rtl-sdr - ]; - - # blacklist for rtl-sdr - boot.blacklistedKernelModules = [ - "dvb_usb_rtl28xxu" - ]; -} diff --git a/users/glittershark/system/system/modules/sound.nix b/users/glittershark/system/system/modules/sound.nix deleted file mode 100644 index 15c8dd5e3f..0000000000 --- a/users/glittershark/system/system/modules/sound.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - # Enable sound. - sound.enable = true; - hardware.pulseaudio.enable = true; - nixpkgs.config.pulseaudio = true; - - environment.systemPackages = with pkgs; [ - pulseaudio-ctl - paprefs - pasystray - pavucontrol - ]; - - hardware.pulseaudio.package = pkgs.pulseaudioFull; -} diff --git a/users/glittershark/system/system/modules/tvl.nix b/users/glittershark/system/system/modules/tvl.nix deleted file mode 100644 index 905ec8ced5..0000000000 --- a/users/glittershark/system/system/modules/tvl.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - nix = { - buildMachines = [{ - hostName = "whitby.tvl.fyi"; - sshUser = "grfn"; - sshKey = "/root/.ssh/id_rsa"; - system = "x86_64-linux"; - maxJobs = 64; - supportedFeatures = ["big-parallel" "kvm" "nixos-test" "benchmark"]; - }]; - - extraOptions = '' - builders-use-substitutes = true - ''; - - binaryCaches = [ - "https://cache.nixos.org" - "ssh://nix-ssh@whitby.tvl.fyi" - ]; - trustedBinaryCaches = [ - "https://cache.nixos.org" - "ssh://nix-ssh@whitby.tvl.fyi" - ]; - binaryCachePublicKeys = [ - "cache.tvl.fyi:fd+9d1ceCPvDX/xVhcfv8nAa6njEhAGAEe+oGJDEeoc=" - ]; - }; - - programs.ssh.knownHosts.whitby = { - hostNames = [ "whitby" "whitby.tvl.fyi" "49.12.129.211"]; - publicKeyFile = pkgs.writeText "whitby.pub" '' - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILNh/w4BSKov0jdz3gKBc98tpoLta5bb87fQXWBhAl2I - ''; - }; -} diff --git a/users/glittershark/system/system/modules/work/kolide.deb b/users/glittershark/system/system/modules/work/kolide.deb deleted file mode 100644 index a319a5806f..0000000000 --- a/users/glittershark/system/system/modules/work/kolide.deb +++ /dev/null Binary files differdiff --git a/users/glittershark/system/system/modules/work/kolide.nix b/users/glittershark/system/system/modules/work/kolide.nix deleted file mode 100644 index 29ee0a0d7c..0000000000 --- a/users/glittershark/system/system/modules/work/kolide.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ config, lib, pkgs, ... }: - -let - deb = ./kolide.deb; - - kolide = pkgs.runCommand "kolide-data" { - buildInputs = [ pkgs.binutils-unwrapped ]; - } '' - cp ${deb} ./kolide.deb - ar x kolide.deb - mkdir result - tar xzf data.tar.gz -C result - patchelf \ - --set-interpreter ${pkgs.glibc}/lib/ld-linux-x86-64.so.2 \ - --set-rpath "${lib.makeLibraryPath (with pkgs; [ - zlib - ])}" \ - result/usr/local/kolide-k2/bin/osqueryd - mv result $out - ''; - -in { - systemd.services."launcher.kolide-k2" = { - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" "syslog.service" ]; - description = "The Kolide Launcher"; - serviceConfig = { - ExecStart = '' - ${kolide}/usr/local/kolide-k2/bin/launcher \ - -config \ - ${pkgs.writeText "launcher.flags" '' - with_initial_runner - control - autoupdate - root_directory /var/lib/kolide - osqueryd_path ${kolide}/usr/local/kolide-k2/bin/osqueryd - enroll_secret_path ${kolide}/etc/kolide-k2/secret - control_hostname k2control.kolide.com - update_channel stable - transport jsonrpc - hostname k2device.kolide.com - ''} - ''; - StateDirectory = "kolide"; - Restart = "on-failure"; - RestartSec = 3; - }; - }; -} diff --git a/users/glittershark/system/system/modules/xserver.nix b/users/glittershark/system/system/modules/xserver.nix deleted file mode 100644 index 35ee44112e..0000000000 --- a/users/glittershark/system/system/modules/xserver.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, pkgs, ... }: -{ - # Enable the X11 windowing system. - services.xserver = { - enable = true; - layout = "us"; - - libinput.enable = true; - - displayManager = { - defaultSession = "none+i3"; - }; - - windowManager.i3.enable = true; - }; -} |