-
Notifications
You must be signed in to change notification settings - Fork 0
/
default.nix
179 lines (148 loc) · 4.64 KB
/
default.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
# This module imports every other module in the repo root directory.
# REPLACES hologram-base
# REPLACES hologram-openssh
# TODO https://gitlab.com/simple-nixos-mailserver/nixos-mailserver
{ config, pkgs, lib, ... }:
with lib;
let
bootstrap-devenv = pkgs.writeScriptBin "bootstrap-devenv" ''
#!/usr/bin/env bash
set -euo pipefail
REPO_URL=github.com/majewsky/devenv
REPO_SHORT_URL=gh:majewsky/devenv
export GOPATH=/x
# clone devenv repo into the (not yet populated) repo tree
REPO_PATH="$GOPATH/src/$REPO_URL"
if [ ! -d "$REPO_PATH/.git" ]; then
git clone "https://$REPO_URL" "$REPO_PATH"
# this remote URL will become valid as soon as the devenv is installed
git -C "$REPO_PATH" remote set-url origin "$REPO_SHORT_URL"
fi
# run setup script for devenv
"$REPO_PATH/install.sh"
# add the devenv repo to the rtree index (if not done yet)
rtree get "$REPO_SHORT_URL" > /dev/null
'';
in {
imports = [
./archlinux-mirror.nix
./borgbackup-sender.nix
./gitconfig.nix
./gitea.nix
./grafana.nix
./hardening.nix
./jitsi-meet.nix
./ldap-client.nix
./ldap-server.nix
./matrix-synapse.nix
./monitoring.nix
./nextcloud.nix
./nginx.nix
./nginx-minimal-logging.nix
./plain-websites.nix
./prometheus.nix
./static-websites.nix
./workstation.nix
./workstation-headless.nix
./workstation-wireless.nix
/nix/my/unpacked/generated-basic.nix # supplies config.my.machineID and config.networking.hostName (among others)
];
options.my = {
machineID = mkOption {
description = "machine ID (appears in autogenerated IP addresses etc.)";
type = types.ints.u8;
};
};
config = {
############################################################################
# package overrides (copy-pasted from j03, thx!)
nixpkgs.config.packageOverrides = pkgs: {
channels = {
# It seems like numeric channel names are not updated correctly to
# /nix/var/nix/profiles/per-user/root/channels/
# when using:
# nixos-rebuild switch --upgrade
# however this works:
# nix-channel --update
## nix-channel --add https://nixos.org/channels/nixos-unstable nixos-unstable
unstable = import <nixos-unstable>
{ config = config.nixpkgs.config; };
## nix-channel --add https://nixos.org/channels/nixos-18.09 nixos-eighteen-nine
# nix1809 = import <nixos-eighteen-nine>
# { config = config.nixpkgs.config; };
};
};
############################################################################
# basic setup for interactive use
system.autoUpgrade.enable = mkDefault (!config.my.workstation.enabled); # auto-upgrade only on servers
nix = {
gc = {
automatic = mkDefault true;
options = "--delete-older-than 3d";
};
package = pkgs.nixFlakes;
extraOptions = ''
experimental-features = nix-command flakes
'';
};
environment.systemPackages = with pkgs; [
age # for decrypting the secrets in this repo
bootstrap-devenv
dnsutils # dig(1), host(1)
file
gnumake
gofu
gptfdisk
jq
lsof
moreutils # vidir(1), ts(1), sponge(1), etc.
nmap # ncat(1)
openssl # for the openssl(1) utility tool
pinfo
psmisc # killall(1)
pwgen
pv
ripgrep
rsync
strace
sqlite-interactive
tcpdump
traceroute
tree
unixtools.xxd
units
(if config.my.workstation.enabled then vimHugeX else vim)
wget
zsh
];
i18n = {
defaultLocale = "de_DE.UTF-8";
extraLocaleSettings.LC_MESSAGES = "C";
supportedLocales = [ "de_DE.UTF-8/UTF-8" "en_US.UTF-8/UTF-8" ];
};
time.timeZone = "Europe/Berlin";
services.timesyncd.servers = [ "ptbtime1.ptb.de" ];
boot.tmp.useTmpfs = true;
services.openssh.enable = true;
users.users.stefan = {
isNormalUser = true;
uid = 1001;
extraGroups = ["wheel"];
shell = pkgs.zsh;
openssh.authorizedKeys.keyFiles = [ /nix/my/unpacked/ssh-keys ];
};
programs.screen.enable = true;
programs.zsh = {
# make zsh work as a login shell; cf. https://github.com/NixOS/nixpkgs/issues/20548
enable = true;
# use my own prompt
promptInit = "";
};
# limit disk usage of persistent syslog
services.journald.extraConfig = ''
SystemMaxUse=512M
'';
# nixos-manual-html.drv is frequently causing autoupgrade on my smaller VMs to die to OOM
documentation.nixos.enable = config.my.workstation.enabled;
};
}