diff --git a/.gitignore b/.gitignore index 65d0dbf..457e126 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,2 @@ /result -/roles/wireless.nix hardware-configuration.nix diff --git a/configuration.nix b/configuration.nix index f8e17da..feebf21 100644 --- a/configuration.nix +++ b/configuration.nix @@ -16,7 +16,9 @@ ./roles/dev.nix ./roles/mail.nix ./roles/vpn.nix - ./roles/wireless.nix + ./roles/network.nix + ./roles/private.nix + ./roles/work.nix ]; networking.useDHCP = false; @@ -27,6 +29,10 @@ services.openssh.enable = true; networking.firewall.enable = true; + nixpkgs.config.permittedInsecurePackages = [ + "openssl-1.0.2u" + ]; + system.stateVersion = "20.03"; # We can stay here } diff --git a/dotfiles/alacritty.yml b/dotfiles/alacritty.yml index 98f5b2f..b0ff6de 100644 --- a/dotfiles/alacritty.yml +++ b/dotfiles/alacritty.yml @@ -35,3 +35,6 @@ window: env: TERM: xterm-256color + +key_bindings: + - { key: Escape, mods: Control, action: ToggleViMode } diff --git a/dotfiles/certs/NetzmarktCA.crt b/dotfiles/certs/NetzmarktCA.crt new file mode 100644 index 0000000..1f5d38e --- /dev/null +++ b/dotfiles/certs/NetzmarktCA.crt @@ -0,0 +1,44 @@ +-----BEGIN CERTIFICATE----- +MIIHrjCCBZagAwIBAgIJAJwE8QiSIPupMA0GCSqGSIb3DQEBCwUAMIHpMQswCQYD +VQQGEwJERTEPMA0GA1UECBMGQmF5ZXJuMREwDwYDVQQHEwhFcmxhbmdlbjEwMC4G +A1UEChQnTmV0em1hcmt0IEludGVybmV0c2VydmljZSBHbWJIICYgQ28uIEtHMRAw +DgYDVQQLEwdUZWNobmlrMTMwMQYDVQQDFCpOZXR6bWFya3QgSW50ZXJuZXRzZXJ2 +aWNlIEdtYkggJiBDby4gS0cgQ0ExFTATBgNVBCkTDE5ldHptYXJrdCBDQTEmMCQG +CSqGSIb3DQEJARYXaG9zdG1hc3RlckBuZXR6bWFya3QuZGUwHhcNMTUxMTIwMTIy +NTAwWhcNMjUxMTE3MTIyNTAwWjCB6TELMAkGA1UEBhMCREUxDzANBgNVBAgTBkJh +eWVybjERMA8GA1UEBxMIRXJsYW5nZW4xMDAuBgNVBAoUJ05ldHptYXJrdCBJbnRl +cm5ldHNlcnZpY2UgR21iSCAmIENvLiBLRzEQMA4GA1UECxMHVGVjaG5pazEzMDEG +A1UEAxQqTmV0em1hcmt0IEludGVybmV0c2VydmljZSBHbWJIICYgQ28uIEtHIENB +MRUwEwYDVQQpEwxOZXR6bWFya3QgQ0ExJjAkBgkqhkiG9w0BCQEWF2hvc3RtYXN0 +ZXJAbmV0em1hcmt0LmRlMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA +yPeH1i0beXEdMvyNATA9zc4CLCajROCVgypJ3+7sZ6wuNWxUbdSFQMm8v94h7BEL +bCPJ6TT1B96GA4nfC0yOz1RhiUdLDJ8jv9Y1NEIBujBU2tvL2/93+dkMT/xZ2APj +IPcYfdTUuWuK3y/WC+/OZ7ZKgCkQdXjy+tJagHBiYnYSIugSlwe7ToAg8gy/PmkO +f7af5jtIVkRWyTtYI6paYzXmcgjafFptWPcb8bJX9MnCycB5/Af4VwHZszKf4Gmw +Om/KvlzUHClBpCYUa/rLTmd8AyjAYJMpQ3yd4JBlsf5ao1ZeWFvCJjQHPiJYvLVD +vApcUaXkbkWbGODC8YS8d4r5pwoEWeUwxomNVDElIIoQOM3Agi6ms0Hfp9/S+lK/ +i9IgQXNOXTtjkLZRImUmjDk//QOoNjBh9z+g62YGaThDTgxlf4J7RD/HqTmLSKjE +UwlWGduVTsUQR5uKs/tD5hsc5dpE3UI+n1J8PWlXcKfJnEjfgYPJ7jTDpBB6Oozj +JtH7DkdOhHPZkZQzIuOLNtxqlgNSYHv7VNSmr3LvRTQto9x5NnGgMgliyKuI1aBt +p+gSnOezGMSQobRBH0cvXVk7dWm+BeZtTmU03SsAFIfhVAnAisWfbHWD6GDUQ/9m +F1SWMMJgCT/xSL43Md1riQV5/0mciHlhUxl0xKMBcTECAwEAAaOCAVUwggFRMB0G +A1UdDgQWBBT1WEHH26TJcfvJRGFcGaWzrbKS6DCCASAGA1UdIwSCARcwggETgBT1 +WEHH26TJcfvJRGFcGaWzrbKS6KGB76SB7DCB6TELMAkGA1UEBhMCREUxDzANBgNV +BAgTBkJheWVybjERMA8GA1UEBxMIRXJsYW5nZW4xMDAuBgNVBAoUJ05ldHptYXJr +dCBJbnRlcm5ldHNlcnZpY2UgR21iSCAmIENvLiBLRzEQMA4GA1UECxMHVGVjaG5p +azEzMDEGA1UEAxQqTmV0em1hcmt0IEludGVybmV0c2VydmljZSBHbWJIICYgQ28u +IEtHIENBMRUwEwYDVQQpEwxOZXR6bWFya3QgQ0ExJjAkBgkqhkiG9w0BCQEWF2hv +c3RtYXN0ZXJAbmV0em1hcmt0LmRlggkAnATxCJIg+6kwDAYDVR0TBAUwAwEB/zAN +BgkqhkiG9w0BAQsFAAOCAgEAgALHwsIX7HgBysOPlkdmY+Bl9OvXpjJWrIiowl8U +6YBwWDhA7CBsnkgpPfzdT3yWpzBFLKh+8DcnWOJ7G9AH4/Ypx2YgoQSxH/XQSqgd +ojrP9YrzIo1If2+5uLIP8k4OyBOsR7ZG0zWCLMrvI+xkoirx/FKhiwR5ircmjvLG +GYrkJVdreTx9duNHvSSIocOmf5BYa+FcElyit5EipPajupeDJLOb2MUpLES6YJX4 +q7jVcNLQpE/8L0BrT9SLwRce+mxYHu5PJ9uZDtYAgTOxVoh6xAcjC+llPo52PPse +DGtCwDRrMqAJWzljZCDq7juU1BG/3C46rZV0T1sDaxscSFhUNdptQYt5prCKdvoY +vg8G8ADldbJqnp5JlHkzsgcSP6Tj5h1ZAs99w3u7AtZfaX1no1/qTqObkyjZhMn9 +OVsYDTGLBCdEvS74YzPgZfSQt5jinR4THnybb0qm4Iluy8C3QHylHvTNbzksEpwp +UdJL1pIAX6TD66B/KAXRg3fyn9mZnCilhCezbIx6NS5ZuZw6aQAUiOTV/eoQX/4V +jH0v9cA6Yk/4pCoeQlHRJfIdBUsBvnTrzI6yszqKi56me113mD8SbS3f6AAiyiHf +LNs/3aF+4/CmK7BsuelDgZASSx1Lol1UMqcKIbiTHr024V4LPUlQQQhwWVTCVxba +k00= +-----END CERTIFICATE----- diff --git a/dotfiles/certs/vcenter.netzmarkt.lan.crt b/dotfiles/certs/vcenter.netzmarkt.lan.crt new file mode 100644 index 0000000..f6d0b6f --- /dev/null +++ b/dotfiles/certs/vcenter.netzmarkt.lan.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEDTCCAvWgAwIBAgIJAMjDX/Mpgd+WMA0GCSqGSIb3DQEBCwUAMIGRMQswCQYD +VQQDDAJDQTESMBAGCgmSJomT8ixkARkWAm5tMRMwEQYKCZImiZPyLGQBGRYDbGFu +MQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEaMBgGA1UECgwRdm0w +MjAuaHYubW5ldC5sYW4xGzAZBgNVBAsMElZNd2FyZSBFbmdpbmVlcmluZzAeFw0x +NzA0MTgwODAxMDRaFw0yNzA0MTYwODAxMDRaMIGRMQswCQYDVQQDDAJDQTESMBAG +CgmSJomT8ixkARkWAm5tMRMwEQYKCZImiZPyLGQBGRYDbGFuMQswCQYDVQQGEwJV +UzETMBEGA1UECAwKQ2FsaWZvcm5pYTEaMBgGA1UECgwRdm0wMjAuaHYubW5ldC5s +YW4xGzAZBgNVBAsMElZNd2FyZSBFbmdpbmVlcmluZzCCASIwDQYJKoZIhvcNAQEB +BQADggEPADCCAQoCggEBALoAMLvSM2IwLF5FVTtulCzuFPARSlOpVQjcMZ7gP5XA +PdpsyNiL0C4K68tuN78ZxTU1p+/agW+PpU1oKlkUddUOoSaLbRAYW/xj3gBJ0uc7 +s0X6kuluw5f5B8RuTpnkhXTpQqVLBPsB1d02aS0OndRv4SNxZAVqwguGVw5UB2uv +r9SSp1RhYK9qyP+EGABLzrD+qjsIhpSxSs9I7Up+D3MDi3WethqlDFPVXlEfD32Q +NsNRLdAL6dd+GWFE3h82MaxfXhpUJHGcw5Wsz50/09I1Qfq6Hqkb7B6OLRAEz7gD +slocjv2sXPxMvLXIdJOZlEveattI16L7XqDVu6AlDF0CAwEAAaNmMGQwHQYDVR0O +BBYEFO8TgXPcRudSgtHFjCwHh0wPwqIrMB8GA1UdEQQYMBaBDmVtYWlsQGFjbWUu +Y29thwR/AAABMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgEAMA0G +CSqGSIb3DQEBCwUAA4IBAQAIZkCrG1OB36JsLnyQG4WYbFIYkg9yu/fYpdwwThng +GGy1z0qMEsTvCidUaIb8eMf/IIy/5VmDFLNtoiuhJcvfMoCOUnqykHZi9NN3Rloz +laS7JIV06+bFHjBnlR/15xF/Jr0hx8qclUzsYgYE2RAB3ET6Z4GiWaCmuGX7Uwh8 +kt+bRz344bhEbdDrUioyk1qon3oaIhLc7jarr235JOfCnTZFLn/3kJzdcxHsTEIn +Q9MAQz5BO2G6NnEMuH1gAizVK9Xdfv4ePHCWVKkn+OKbKgVPOY/iJ4Ayk1Ya4Npq +B1hUaVxHPdq+PipXll4tShnmc6BM6tYyrJhOWBkiRSQS +-----END CERTIFICATE----- diff --git a/dotfiles/sway/status.toml b/dotfiles/sway/status.toml index 40b527a..97cb93b 100644 --- a/dotfiles/sway/status.toml +++ b/dotfiles/sway/status.toml @@ -96,7 +96,7 @@ block = "backlight" [[block]] block = "battery" -device = "BAT1" +device = "BAT0" interval = 10 format = "{percentage}% {time}" diff --git a/hardware/xps15-sphere.nix b/hardware/xps15-sphere.nix new file mode 100644 index 0000000..7be2449 --- /dev/null +++ b/hardware/xps15-sphere.nix @@ -0,0 +1,47 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, ... }: + +let + unstable = import { config.allowUnfree = true; }; +in { + imports = + [ + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "tank/work/nixos"; + fsType = "zfs"; + }; + + fileSystems."/home" = + { device = "tank/work/home"; + fsType = "zfs"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/DC7B-5E2D"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + nix.maxJobs = lib.mkDefault 12; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + + # custom + boot.kernelPackages = unstable.linuxPackages_latest; + boot.loader.systemd-boot.enable = true; + networking.hostId = "eff291c4"; + networking.hostName = "sphere"; + networking.interfaces.enp0s20f0u1.useDHCP = true; + powerManagement.powertop.enable = true; + services.tlp.enable = true; + +} diff --git a/packages/cloudstation.nix b/packages/cloudstation.nix new file mode 100644 index 0000000..3148b34 --- /dev/null +++ b/packages/cloudstation.nix @@ -0,0 +1,97 @@ +{ stdenv +, autoPatchelfHook +, dbus_libs +, dpkg +, fetchurl +, fontconfig +, freetype +, glib +, libICE +, libSM +, xorg +, openssl_1_0_2 +, openssl +, libX11 +, makeWrapper +, sqlite +, wrapQtAppsHook +, xkeyboard_config +, zlib +, curl +}: + +stdenv.mkDerivation rec { + name = "cloudstation"; + version = "4.3.3"; + release = "4469"; + + src = fetchurl { + url = "https://global.download.synology.com/download/Tools/CloudStationDrive/${version}-${release}/Ubuntu/Installer/x86_64/synology-cloud-station-drive-${release}.x86_64.deb"; + sha256 = "0v84yb70knmmjzp7lyn6jgy5bnfsfd47wmqh29phybqg4zk3d47j"; + }; + + nativeBuildInputs = [ + dpkg + autoPatchelfHook + makeWrapper + wrapQtAppsHook + ]; + buildInputs = [ + dbus_libs + fontconfig + freetype + glib + libICE + libSM + libX11 + sqlite + stdenv.cc.cc.lib + zlib + openssl_1_0_2 + xorg.libxcb + curl + ]; + + ldpath = stdenv.lib.makeLibraryPath [ + dbus_libs + fontconfig + freetype + glib + libICE + libSM + libX11 + sqlite + stdenv.cc.cc.lib + zlib + openssl_1_0_2 + openssl + xorg.libxcb + curl + ]; + + unpackPhase = '' + dpkg-deb -x $src . + find + ''; + + installPhase = '' + mkdir -p $out/bin + cp -R opt $out + chmod +x $out/opt/Synology/CloudStation/lib/* + + #ln -s $out/opt/Synology/CloudStation/bin/launcher $out/bin/cloudstation + makeWrapper \ + $out/opt/Synology/CloudStation/bin/launcher \ + $out/bin/cloudstation \ + --set QT_PLUGIN_PATH $out/opt/Synology/CloudStationBackup/lib/plugins/platforms \ + --set QT_XKB_CONFIG_ROOT ${xkeyboard_config}/share/X11/xkb \ + --set LD_LIBRARY_PATH $out/opt/Synology/CloudStation/lib:${ldpath} + ''; + + meta = with stdenv.lib; { + homepage = "https://www.synology.com/de-de/support/download/RS815#utilities"; + description = "Synology Cloud Station Drive"; + platforms = platforms.linux; + maintainers = with maintainers; [ foosinn ]; + }; +} diff --git a/packages/oc311.nix b/packages/oc311.nix new file mode 100644 index 0000000..770bb27 --- /dev/null +++ b/packages/oc311.nix @@ -0,0 +1,29 @@ +with import {}; + +stdenv.mkDerivation { + name = "oc311"; + version = "3.11"; + src = fetchurl { + url = "https://artifacts-openshift-release-3-11.svc.ci.openshift.org/zips/openshift-origin-client-tools-v3.11.0-8aa4c38-492-linux-64bit.tar.gz"; + sha256 = "e8fde584995657e359ddaa5b25e70af2bde4cd494322c712a8cd46bfef00f07f"; + }; + + nativeBuildInputs = [ + autoPatchelfHook + ]; + + unpackPhase = '' + tar xvpzf $src --strip-components=1 + ''; + + installPhase = '' + install -m 755 -D oc $out/bin/oc3 + ''; + + meta = with stdenv.lib; { + homepage = "https://www.odk.io"; + description = "openshift311 client"; + platforms = platforms.linux; + maintainers = with maintainers; [ foosinn ]; + }; +} diff --git a/packages/oc46.nix b/packages/oc46.nix new file mode 100644 index 0000000..b24c8ee --- /dev/null +++ b/packages/oc46.nix @@ -0,0 +1,29 @@ +with import {}; + +stdenv.mkDerivation rec { + name = "oc46"; + version = "4.6"; + src = fetchurl { + url = "https://mirror.openshift.com/pub/openshift-v4/clients/oc/${version}/linux/oc.tar.gz"; + sha256 = "60de3dbb6cf085a201c5b9490a6d5066248bfd5d3c42486a8fd43abdbdb731e6"; + }; + + nativeBuildInputs = [ + autoPatchelfHook + ]; + + unpackPhase = '' + tar xvpzf $src + ''; + + installPhase = '' + install -m 755 -D oc $out/bin/oc + ''; + + meta = with stdenv.lib; { + homepage = "https://www.odk.io"; + description = "openshift 4.6 client"; + platforms = platforms.linux; + maintainers = with maintainers; [ foosinn ]; + }; +} diff --git a/packages/openshift-install-4.5.nix b/packages/openshift-install-4.5.nix new file mode 100644 index 0000000..4c59399 --- /dev/null +++ b/packages/openshift-install-4.5.nix @@ -0,0 +1,30 @@ +with import {}; + +stdenv.mkDerivation rec { + name = "openshift-install-4.5"; + version = "4.5.0-0"; + release = "2020-10-03-012432"; + src = fetchurl { + url = "https://github.com/openshift/okd/releases/download/${version}.okd-${release}/openshift-install-linux-${version}.okd-${release}.tar.gz"; + sha256 = "f497193e8918840a4fd3267839affdc91ec166c5fd2ae3fdc64f498b5fc56f55"; + }; + + nativeBuildInputs = [ + autoPatchelfHook + ]; + + unpackPhase = '' + tar xvpzf $src + ''; + + installPhase = '' + install -m 755 -D openshift-install $out/bin/openshift-install + ''; + + meta = with stdenv.lib; { + homepage = "https://www.odk.io"; + description = "openshift 4.5 installer"; + platforms = platforms.linux; + maintainers = with maintainers; [ foosinn ]; + }; +} diff --git a/roles/admin.nix b/roles/admin.nix index dfeb70d..7c976a9 100644 --- a/roles/admin.nix +++ b/roles/admin.nix @@ -1,8 +1,12 @@ { pkgs, options, ...}: -{ +let + unstable = import {}; +in { environment.systemPackages = with pkgs; [ kubectl + cryptsetup + unstable.kubernetes-helm # podman conmon diff --git a/roles/base.nix b/roles/base.nix index 2c36d0d..54a7eb5 100644 --- a/roles/base.nix +++ b/roles/base.nix @@ -5,6 +5,7 @@ let in { environment.systemPackages = with pkgs; [ bash + bash-completion bat direnv fd @@ -18,7 +19,9 @@ in { ripgrep tcpdump tmux + wget z-lua + unzip unstable.starship (import ../packages/neovim.nix) ]; @@ -46,28 +49,21 @@ in { } starship_precmd_user_func=set_win_title - pw() { - len=''${1:-$(( $RANDOM % 24 + 8 ))} - tr -dc a-zA-Z0-9 < /dev/urandom | head -c $len - echo - } - cdg() { - gitroot=$(until [ -d .git ]; do [ "$PWD" == "/" ] && exit 1; cd ..; done; echo $PWD) - if [ $? == 0 ]; then -precmd_user_func = "title" - cd $gitroot - else - echo "gitroot not found." - return 1 - fi - } - . "$(fzf-share)/key-bindings.bash" . "$(fzf-share)/completion.bash" . <(z --init bash) . <(direnv hook bash) + . ${pkgs.bash-completion}/etc/profile.d/bash_completion.sh - if [[ -z $DISPLAY ]] && [[ $(tty) = /dev/tty1 ]]; then + for script in "$HOME"/dotfiles/bashrc/*.sh; do + . "$script" + done + + if [[ -z $DISPLAY ]] \ + && [[ $(tty) = /dev/tty1 ]] \ + && [[ "$USER" = "stefan" ]] \ + && [[ -x /run/current-system/sw/bin/startsway ]] + then exec startsway fi ''; diff --git a/roles/desktop.nix b/roles/desktop.nix index 1c77b8a..74d4640 100644 --- a/roles/desktop.nix +++ b/roles/desktop.nix @@ -69,7 +69,7 @@ in { hicolor-icon-theme numix-icon-theme - alacritty + unstable.alacritty imv inkscape libreoffice diff --git a/roles/dev.nix b/roles/dev.nix index 915bb95..00f83ad 100644 --- a/roles/dev.nix +++ b/roles/dev.nix @@ -1,31 +1,24 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. { config, lib, pkgs, ... }: let unstable = import {}; in { environment.systemPackages = with pkgs; [ - arduino - avrdude - pkgsCross.avr.avrlibc - pkgsCross.avr.libcCross - pkgsCross.avr.buildPackages.gcc8 - pkgsCross.avr.buildPackages.binutils - + gnumake go python37 python37Packages.pyls-black python37Packages.pyls-isort python37Packages.pyls-mypy rustup + unstable.golangci-lint unstable.gopls unstable.rust-analyzer emacs sops tig + ltrace openssl pkg-config nasm cmake zlib gcc binutils-unwrapped ]; diff --git a/roles/embedded.nix b/roles/embedded.nix new file mode 100644 index 0000000..f998876 --- /dev/null +++ b/roles/embedded.nix @@ -0,0 +1,14 @@ +{ config, lib, pkgs, ... }: + +let + unstable = import {}; +in { + environment.systemPackages = with pkgs; [ + arduino + avrdude + pkgsCross.avr.avrlibc + pkgsCross.avr.libcCross + pkgsCross.avr.buildPackages.gcc8 + pkgsCross.avr.buildPackages.binutils + ]; +} diff --git a/roles/network.nix b/roles/network.nix new file mode 100644 index 0000000..20dd4a5 --- /dev/null +++ b/roles/network.nix @@ -0,0 +1,15 @@ +{ config, lib, pkgs, ... }: + +let + unstable = import { config.allowUnfree = true; }; + cloudstation = pkgs.libsForQt5.callPackage (import ../packages/cloudstation.nix) {}; +in { + + networking.networkmanager.enable = true; + users.users.stefan.extraGroups = [ "networkmanager" ]; + + environment.systemPackages = with pkgs; [ + networkmanagerapplet + networkmanager-vpnc + ]; +} diff --git a/roles/work.nix b/roles/work.nix new file mode 100644 index 0000000..a0b64cb --- /dev/null +++ b/roles/work.nix @@ -0,0 +1,29 @@ +{ config, lib, pkgs, ... }: + +let + unstable = import { config.allowUnfree = true; }; + cloudstation = pkgs.libsForQt5.callPackage (import ../packages/cloudstation.nix) {}; +in { + + security.pki.certificateFiles = [ + ../dotfiles/certs/NetzmarktCA.crt + ../dotfiles/certs/vcenter.netzmarkt.lan.crt + ]; + + networking.extraHosts = '' + 35.234.109.94 fsi.thomann.de + ''; + + environment.systemPackages = with pkgs; [ + (import ../packages/oc311.nix) + (import ../packages/oc46.nix) + (import ../packages/openshift-install-4.5.nix) + astroid + cloudstation + drone-cli + nagstamon + python37Packages.pyqt5_with_qtmultimedia # required for nagstamon + unstable.slack + unstable.velero + ]; +}