diff options
| -rw-r--r-- | _sources/generated.json | 19 | ||||
| -rw-r--r-- | _sources/generated.nix | 13 | ||||
| -rw-r--r-- | accounts/gkleen@sif/default.nix | 23 | ||||
| -rw-r--r-- | accounts/gkleen@sif/ssh-hosts.nix | 4 | ||||
| -rw-r--r-- | accounts/gkleen@sif/xmonad/xmonad.hs | 51 | ||||
| -rw-r--r-- | flake.nix | 1 | ||||
| -rw-r--r-- | hosts/sif/default.nix | 11 | ||||
| -rw-r--r-- | hosts/surtr/dns/zones/email.bouncy.soa | 4 | ||||
| -rw-r--r-- | hosts/surtr/email/default.nix | 7 | ||||
| -rw-r--r-- | hosts/vidhar/dns/zones/yggdrasil.soa | 3 | ||||
| -rw-r--r-- | hosts/vidhar/network/default.nix | 26 | ||||
| -rw-r--r-- | hosts/vidhar/network/dhcp/default.nix | 70 | ||||
| -rw-r--r-- | hosts/vidhar/network/ruleset.nft | 19 | ||||
| -rw-r--r-- | installer-profiles/nfsroot.nix | 28 | ||||
| -rw-r--r-- | installer/ruleset.nft | 4 | ||||
| -rw-r--r-- | nvfetcher.toml | 4 | ||||
| -rw-r--r-- | user-profiles/mpv/default.nix | 46 | 
17 files changed, 242 insertions, 91 deletions
| diff --git a/_sources/generated.json b/_sources/generated.json index 3f08cb6a..622886db 100644 --- a/_sources/generated.json +++ b/_sources/generated.json | |||
| @@ -153,6 +153,25 @@ | |||
| 153 | }, | 153 | }, | 
| 154 | "version": "c1219b6ac3ee3de887e6a36ae41a8e478835ae92" | 154 | "version": "c1219b6ac3ee3de887e6a36ae41a8e478835ae92" | 
| 155 | }, | 155 | }, | 
| 156 | "mpv-subselect": { | ||
| 157 | "cargoLocks": null, | ||
| 158 | "date": "2022-09-10", | ||
| 159 | "extract": null, | ||
| 160 | "name": "mpv-subselect", | ||
| 161 | "passthru": null, | ||
| 162 | "pinned": false, | ||
| 163 | "src": { | ||
| 164 | "deepClone": false, | ||
| 165 | "fetchSubmodules": false, | ||
| 166 | "leaveDotGit": false, | ||
| 167 | "name": null, | ||
| 168 | "rev": "5aa5023ff85e81efef0980202ee06e431203a9a5", | ||
| 169 | "sha256": "sha256-3B7k2Jbx1KW7hkBOkQ5P3sMtj+NfAguAfyB135hmfT4=", | ||
| 170 | "type": "git", | ||
| 171 | "url": "https://github.com/CogentRedTester/mpv-sub-select" | ||
| 172 | }, | ||
| 173 | "version": "5aa5023ff85e81efef0980202ee06e431203a9a5" | ||
| 174 | }, | ||
| 156 | "postfix-mta-sts-resolver": { | 175 | "postfix-mta-sts-resolver": { | 
| 157 | "cargoLocks": null, | 176 | "cargoLocks": null, | 
| 158 | "date": null, | 177 | "date": null, | 
| diff --git a/_sources/generated.nix b/_sources/generated.nix index e472a8e8..e8e2e784 100644 --- a/_sources/generated.nix +++ b/_sources/generated.nix | |||
| @@ -95,6 +95,19 @@ | |||
| 95 | }); | 95 | }); | 
| 96 | date = "2022-01-27"; | 96 | date = "2022-01-27"; | 
| 97 | }; | 97 | }; | 
| 98 | mpv-subselect = { | ||
| 99 | pname = "mpv-subselect"; | ||
| 100 | version = "5aa5023ff85e81efef0980202ee06e431203a9a5"; | ||
| 101 | src = fetchgit { | ||
| 102 | url = "https://github.com/CogentRedTester/mpv-sub-select"; | ||
| 103 | rev = "5aa5023ff85e81efef0980202ee06e431203a9a5"; | ||
| 104 | fetchSubmodules = false; | ||
| 105 | deepClone = false; | ||
| 106 | leaveDotGit = false; | ||
| 107 | sha256 = "sha256-3B7k2Jbx1KW7hkBOkQ5P3sMtj+NfAguAfyB135hmfT4="; | ||
| 108 | }; | ||
| 109 | date = "2022-09-10"; | ||
| 110 | }; | ||
| 98 | postfix-mta-sts-resolver = { | 111 | postfix-mta-sts-resolver = { | 
| 99 | pname = "postfix-mta-sts-resolver"; | 112 | pname = "postfix-mta-sts-resolver"; | 
| 100 | version = "1.1.4"; | 113 | version = "1.1.4"; | 
| diff --git a/accounts/gkleen@sif/default.nix b/accounts/gkleen@sif/default.nix index 2cfaa620..842f7538 100644 --- a/accounts/gkleen@sif/default.nix +++ b/accounts/gkleen@sif/default.nix | |||
| @@ -1,4 +1,7 @@ | |||
| 1 | { flake, flakeInputs, userName, pkgs, customUtils, lib, config, sources, ... }@inputs: | 1 | { flake, flakeInputs, userName, pkgs, customUtils, lib, config, sources, ... }@inputs: | 
| 2 | |||
| 3 | with lib; | ||
| 4 | |||
| 2 | let | 5 | let | 
| 3 | cfg = config.home-manager.users.${userName}; | 6 | cfg = config.home-manager.users.${userName}; | 
| 4 | xmonad = import ./xmonad pkgs.haskell.packages.ghc8107; | 7 | xmonad = import ./xmonad pkgs.haskell.packages.ghc8107; | 
| @@ -29,16 +32,18 @@ let | |||
| 29 | --prefix PATH : ${pkgs.pulseaudio}/bin | 32 | --prefix PATH : ${pkgs.pulseaudio}/bin | 
| 30 | ''; | 33 | ''; | 
| 31 | }; | 34 | }; | 
| 32 | wrapElectron = { package, bin ? package.meta.mainProgram or package.pname or (pkgs.lib.strings.nameFromURL package.name "-"), outBin ? bin }: pkgs.runCommand "${package.name}-wrapped" { buildInputs = with pkgs; [ makeWrapper ]; } '' | 35 | wrapElectron = { package, bin ? package.meta.mainProgram or package.pname or (pkgs.lib.strings.nameFromURL package.name "-"), outBin ? bin, sandbox ? true }: pkgs.runCommand "${package.name}-wrapped" { buildInputs = with pkgs; [ makeWrapper ]; } '' | 
| 33 | mkdir -p "$out/bin" | 36 | mkdir -p "$out/bin" | 
| 34 | makeWrapper ${package}/bin/${bin} $out/bin/${outBin} \ | 37 | makeWrapper ${package}/bin/${bin} $out/bin/${outBin} \ | 
| 35 | --add-flags '--force-device-scale-factor=1.6' | 38 | --add-flags '--force-device-scale-factor=1.6' \ | 
| 39 | ${optionalString (!sandbox) "--add-flags '--no-sandbox'"} | ||
| 36 | ''; | 40 | ''; | 
| 37 | 41 | ||
| 38 | wrappedChrome = wrapElectron { package = pkgs.google-chrome; outBin = "google-chrome"; }; | 42 | wrappedChrome = wrapElectron { package = pkgs.google-chrome; outBin = "google-chrome"; }; | 
| 39 | wrappedZulip = wrapElectron { package = pkgs.zulip; bin = "zulip"; outBin = "zulip"; }; | 43 | wrappedZulip = wrapElectron { package = pkgs.zulip; bin = "zulip"; outBin = "zulip"; }; | 
| 40 | wrappedElementDesktop = wrapElectron { package = pkgs.element-desktop; bin = "element-desktop"; outBin = "element"; }; | 44 | wrappedElementDesktop = wrapElectron { package = pkgs.element-desktop; bin = "element-desktop"; outBin = "element"; }; | 
| 41 | wrappedRocketChatDesktop = wrapElectron { package = pkgs.rocketchat-desktop; bin = "rocketchat-desktop"; outBin = "rocketchat"; }; | 45 | wrappedRocketChatDesktop = wrapElectron { package = pkgs.rocketchat-desktop; bin = "rocketchat-desktop"; outBin = "rocketchat"; }; | 
| 46 | wrappedYTMDesktop = wrapElectron { package = pkgs.ytmdesktop; sandbox = false; }; | ||
| 42 | in { | 47 | in { | 
| 43 | imports = with flake.nixosModules.userProfiles.${userName}; [ | 48 | imports = with flake.nixosModules.userProfiles.${userName}; [ | 
| 44 | mpv yt-dlp (args: import ./xcompose.nix (inputs // args)) | 49 | mpv yt-dlp (args: import ./xcompose.nix (inputs // args)) | 
| @@ -47,7 +52,7 @@ in { | |||
| 47 | config = { | 52 | config = { | 
| 48 | services.xserver = { | 53 | services.xserver = { | 
| 49 | displayManager.defaultSession = "none+xmonad"; | 54 | displayManager.defaultSession = "none+xmonad"; | 
| 50 | 55 | ||
| 51 | windowManager.session = [{ | 56 | windowManager.session = [{ | 
| 52 | name = "xmonad"; | 57 | name = "xmonad"; | 
| 53 | start = '' | 58 | start = '' | 
| @@ -155,7 +160,7 @@ in { | |||
| 155 | 160 | ||
| 156 | zsh.initExtra = "source ${./zshrc}"; | 161 | zsh.initExtra = "source ${./zshrc}"; | 
| 157 | zsh.dirHashes = let | 162 | zsh.dirHashes = let | 
| 158 | flakeHashes = lib.mapAttrs' (n: v: lib.nameValuePair (inputNames.${n} or n) (toString v)) flakeInputs; | 163 | flakeHashes = mapAttrs' (n: v: nameValuePair (inputNames.${n} or n) (toString v)) flakeInputs; | 
| 159 | inputNames = { | 164 | inputNames = { | 
| 160 | "nixpkgs" = "nixos"; | 165 | "nixpkgs" = "nixos"; | 
| 161 | }; | 166 | }; | 
| @@ -193,7 +198,7 @@ in { | |||
| 193 | enable = true; | 198 | enable = true; | 
| 194 | client = { | 199 | client = { | 
| 195 | enable = true; | 200 | enable = true; | 
| 196 | arguments = lib.mkForce ["-a" "\"\""]; | 201 | arguments = mkForce ["-a" "\"\""]; | 
| 197 | }; | 202 | }; | 
| 198 | }; | 203 | }; | 
| 199 | gpg-agent = { | 204 | gpg-agent = { | 
| @@ -318,7 +323,7 @@ in { | |||
| 318 | fira fira-code powerline-fonts nerdfonts pavucontrol keepassxc | 323 | fira fira-code powerline-fonts nerdfonts pavucontrol keepassxc | 
| 319 | sxiv xclip mumble pulseaudio-ctl pamixer libnotify synergy | 324 | sxiv xclip mumble pulseaudio-ctl pamixer libnotify synergy | 
| 320 | xorg.xbacklight screen-message | 325 | xorg.xbacklight screen-message | 
| 321 | ytmdesktop qt5ct playerctl evince | 326 | wrappedYTMDesktop qt5ct playerctl evince | 
| 322 | thunderbird wrappedZulip zoom-us steam steam-run wireshark | 327 | thunderbird wrappedZulip zoom-us steam steam-run wireshark | 
| 323 | virt-manager rclone cached-nix-shell xournal xmonad worktime | 328 | virt-manager rclone cached-nix-shell xournal xmonad worktime | 
| 324 | fira-code-symbols libreoffice xournalpp wrappedChrome | 329 | fira-code-symbols libreoffice xournalpp wrappedChrome | 
| @@ -403,8 +408,8 @@ in { | |||
| 403 | defaultApplications = let | 408 | defaultApplications = let | 
| 404 | filters = { | 409 | filters = { | 
| 405 | }; | 410 | }; | 
| 406 | filter = n: v: (filters.${n} or lib.id) (lib.filter (d: d != "emacs.desktop") v); | 411 | doFilter = n: v: (filters.${n} or id) (filter (d: d != "emacs.desktop") v); | 
| 407 | in lib.mapAttrs filter (cfg.lib.xdg.mimeAssociations [ | 412 | in mapAttrs doFilter (cfg.lib.xdg.mimeAssociations [ | 
| 408 | cfg.programs.zathura.package | 413 | cfg.programs.zathura.package | 
| 409 | pkgs.sxiv | 414 | pkgs.sxiv | 
| 410 | cfg.programs.emacs.package | 415 | cfg.programs.emacs.package | 
| diff --git a/accounts/gkleen@sif/ssh-hosts.nix b/accounts/gkleen@sif/ssh-hosts.nix index 24d1f18c..d041ede0 100644 --- a/accounts/gkleen@sif/ssh-hosts.nix +++ b/accounts/gkleen@sif/ssh-hosts.nix | |||
| @@ -48,6 +48,10 @@ | |||
| 48 | { user = "git"; | 48 | { user = "git"; | 
| 49 | identityFile = "~/.ssh/gkleen@sif.midgard.yggdrasil"; | 49 | identityFile = "~/.ssh/gkleen@sif.midgard.yggdrasil"; | 
| 50 | }; | 50 | }; | 
| 51 | "gitlab.ifi.lmu.de" = | ||
| 52 | { user = "git"; | ||
| 53 | identityFile = "~/.ssh/kleen@gitlab.ifi.lmu.de"; | ||
| 54 | }; | ||
| 51 | "hel".hostname = "hel.midgard.yggdrasil"; | 55 | "hel".hostname = "hel.midgard.yggdrasil"; | 
| 52 | "blackbeard" = | 56 | "blackbeard" = | 
| 53 | { hostname = "blackbeard.tcs.ifi.lmu.de"; | 57 | { hostname = "blackbeard.tcs.ifi.lmu.de"; | 
| diff --git a/accounts/gkleen@sif/xmonad/xmonad.hs b/accounts/gkleen@sif/xmonad/xmonad.hs index 830bb2dd..3dc017a9 100644 --- a/accounts/gkleen@sif/xmonad/xmonad.hs +++ b/accounts/gkleen@sif/xmonad/xmonad.hs | |||
| @@ -340,7 +340,7 @@ hostFromName h | |||
| 340 | , NS "toggl" "toggldesktop" (className =? "Toggl Desktop") centerFloat | 340 | , NS "toggl" "toggldesktop" (className =? "Toggl Desktop") centerFloat | 
| 341 | , NS "calendar" "minetime -- --force-device-scale-factor=1.6" (className =? "MineTime") centerFloat | 341 | , NS "calendar" "minetime -- --force-device-scale-factor=1.6" (className =? "MineTime") centerFloat | 
| 342 | , NS "emacs" "emacsclient -c -F \"'(title . \\\"Scratchpad\\\")\"" (className =? "Emacs" <&&> title =? "Scratchpad") centerFloat | 342 | , NS "emacs" "emacsclient -c -F \"'(title . \\\"Scratchpad\\\")\"" (className =? "Emacs" <&&> title =? "Scratchpad") centerFloat | 
| 343 | -- , NS "music" "google-play-music-desktop-player --force-device-scale-factor=1.6" (className =? "Google Play Music Desktop Player") centerFloat | 343 | , NS "music" "ytmdesktop" (className =? "youtube-music-desktop-app") centerFloat | 
| 344 | ] | 344 | ] | 
| 345 | centerFloat = customFloating $ RationalRect (1 % 16) (1 % 16) (7 % 8) (7 % 8) | 345 | centerFloat = customFloating $ RationalRect (1 % 16) (1 % 16) (7 % 8) (7 % 8) | 
| 346 | centerFloatSmall = customFloating $ RationalRect (1 % 4) (1 % 4) (1 % 2) (1 % 2) | 346 | centerFloatSmall = customFloating $ RationalRect (1 % 4) (1 % 4) (1 % 2) (1 % 2) | 
| @@ -414,10 +414,10 @@ hostFromName h | |||
| 414 | (first : rest) = filter (not . null) $ lines result | 414 | (first : rest) = filter (not . null) $ lines result | 
| 415 | notification = Notify.summary first <> Notify.body (unlines rest) <> Notify.timeout Infinite <> Notify.urgency Normal <> Notify.appName "dc" | 415 | notification = Notify.summary first <> Notify.body (unlines rest) <> Notify.timeout Infinite <> Notify.urgency Normal <> Notify.appName "dc" | 
| 416 | void $ Notify.display notification | 416 | void $ Notify.display notification | 
| 417 | synergyCompl = mkComplFunFromList' xPConfigMonospace ["mathw86"] | 417 | synergyCompl = mkComplFunFromList' xPConfigMonospace ["mathw86"] | 
| 418 | synergyStart host = safeSpawn "systemctl" ["--user", "start", "synergy-rtunnel@" ++ host ++ ".service"] | 418 | synergyStart host = safeSpawn "systemctl" ["--user", "start", "synergy-rtunnel@" ++ host ++ ".service"] | 
| 419 | synergyStop host = safeSpawn "systemctl" ["--user", "stop", "synergy-rtunnel@" ++ host ++ ".service"] | 419 | synergyStop host = safeSpawn "systemctl" ["--user", "stop", "synergy-rtunnel@" ++ host ++ ".service"] | 
| 420 | 420 | ||
| 421 | hostFromName _ = defaultHost | 421 | hostFromName _ = defaultHost | 
| 422 | 422 | ||
| 423 | -- muteRef :: IORef (Maybe (String, Notification)) | 423 | -- muteRef :: IORef (Maybe (String, Notification)) | 
| @@ -530,13 +530,13 @@ main = do | |||
| 530 | -- We can´t define per-host layout modifiers because we lack dependent types | 530 | -- We can´t define per-host layout modifiers because we lack dependent types | 
| 531 | layout' = onHost "skadhi" ( onWorkspace (wsp 1) (Full ||| withIM (1%5) (Title "Buddy List") tabbedLayout') $ | 531 | layout' = onHost "skadhi" ( onWorkspace (wsp 1) (Full ||| withIM (1%5) (Title "Buddy List") tabbedLayout') $ | 
| 532 | onWorkspace (wsp 10) Full $ | 532 | onWorkspace (wsp 10) Full $ | 
| 533 | onWorkspace (wsp 2) (Full ||| tabbedLayout') $ | 533 | onWorkspace (wsp 2) (Full ||| tabbedLayout') $ | 
| 534 | onWorkspace (wsp 5) tabbedLayout' $ | 534 | onWorkspace (wsp 5) tabbedLayout' $ | 
| 535 | onWorkspace (wsp 8) (withIM (1%5) (Title "Friends") tabbedLayout') $ | 535 | onWorkspace (wsp 8) (withIM (1%5) (Title "Friends") tabbedLayout') $ | 
| 536 | defaultLayouts | 536 | defaultLayouts | 
| 537 | ) $ | 537 | ) $ | 
| 538 | onHost "vali" ( onWorkspace (wsp 2) (Full ||| tabbedLayout' ||| combineTwo (TwoPane 0.01 0.57) Full tabbedLayout') $ | 538 | onHost "vali" ( onWorkspace (wsp 2) (Full ||| tabbedLayout' ||| combineTwo (TwoPane 0.01 0.57) Full tabbedLayout') $ | 
| 539 | onWorkspace (wsp 3) workLayouts $ | 539 | onWorkspace (wsp 3) workLayouts $ | 
| 540 | defaultLayouts | 540 | defaultLayouts | 
| 541 | ) $ | 541 | ) $ | 
| 542 | onHost "hel" ( onWorkspace (wsp 1) (withIM (1 % 8) (Title "Buddy List") $ trackFloating tabbedLayout') $ | 542 | onHost "hel" ( onWorkspace (wsp 1) (withIM (1 % 8) (Title "Buddy List") $ trackFloating tabbedLayout') $ | 
| @@ -565,7 +565,7 @@ main = do | |||
| 565 | tabbedLayoutHoriz' = tabbedLayoutHoriz tabbedLeftAlways | 565 | tabbedLayoutHoriz' = tabbedLayoutHoriz tabbedLeftAlways | 
| 566 | defaultLayouts = {- spiralWithDir East CW (1 % 2) -} Dwindle R CW 1 (5 % 100) ||| tabbedLayout' ||| Full | 566 | defaultLayouts = {- spiralWithDir East CW (1 % 2) -} Dwindle R CW 1 (5 % 100) ||| tabbedLayout' ||| Full | 
| 567 | -- workLayouts = {- spiralWithDir East CW (1 % 2) -} Dwindle R CW (2 % 1) (5 % 100) ||| tabbedLayout' ||| Full | 567 | -- workLayouts = {- spiralWithDir East CW (1 % 2) -} Dwindle R CW (2 % 1) (5 % 100) ||| tabbedLayout' ||| Full | 
| 568 | workLayouts = tabbedLayout' ||| (renamed [Replace "Combined"] $ combineTwoP (TwoPane (1 % 100) (1891 % 2560)) tabbedLayout''' (Column 1.6) (ClassName "Postman" `Or` ClassName "Emacs" `Or` ClassName "jetbrains-idea-ce" `Or` (Resource "Devtools" `And` ClassName "Firefox"))) ||| Full ||| Dwindle R CW 1 (5 % 100) | 568 | workLayouts = tabbedLayout' ||| (renamed [Replace "Combined"] $ combineTwoP (TwoPane (1 % 100) (1891 % 2560)) tabbedLayout''' (Column 1.6) (ClassName "Postman" `Or` ClassName "Emacs" `Or` ClassName "jetbrains-idea-ce" `Or` (Resource "Devtools" `And` ClassName "Firefox"))) ||| Full ||| Dwindle R CW 1 (5 % 100) | 
| 569 | sqrtTwo = approxRational (sqrt 2) (1 / 2560) | 569 | sqrtTwo = approxRational (sqrt 2) (1 / 2560) | 
| 570 | xmobarPP' = xmobarPP { ppTitle = shorten 80 | 570 | xmobarPP' = xmobarPP { ppTitle = shorten 80 | 
| 571 | , ppSort = (liftM2 (.)) getSortByIndex $ return scratchpadFilterOutWorkspace | 571 | , ppSort = (liftM2 (.)) getSortByIndex $ return scratchpadFilterOutWorkspace | 
| @@ -607,7 +607,7 @@ main = do | |||
| 607 | | otherwise = return () | 607 | | otherwise = return () | 
| 608 | handle _ = return () | 608 | handle _ = return () | 
| 609 | handle shutdown $ launch myConfig =<< getDirectories | 609 | handle shutdown $ launch myConfig =<< getDirectories | 
| 610 | 610 | ||
| 611 | secs :: Int -> Int | 611 | secs :: Int -> Int | 
| 612 | secs = (* 1000000) | 612 | secs = (* 1000000) | 
| 613 | 613 | ||
| @@ -651,7 +651,7 @@ isDisabled :: String -> X Bool | |||
| 651 | isDisabled str = do | 651 | isDisabled str = do | 
| 652 | out <- runProcessWithInput "xinput" ["list", str] "" | 652 | out <- runProcessWithInput "xinput" ["list", str] "" | 
| 653 | return $ "disabled" `isInfixOf` out | 653 | return $ "disabled" `isInfixOf` out | 
| 654 | 654 | ||
| 655 | 655 | ||
| 656 | spawnKeychain :: X () | 656 | spawnKeychain :: X () | 
| 657 | spawnKeychain = do | 657 | spawnKeychain = do | 
| @@ -790,7 +790,7 @@ myKeys' conf host = Map.fromList $ | |||
| 790 | -- launch a terminal | 790 | -- launch a terminal | 
| 791 | [ ((modm, xK_Return), spawn $ (XMonad.terminal conf) ++ " -e tmux") | 791 | [ ((modm, xK_Return), spawn $ (XMonad.terminal conf) ++ " -e tmux") | 
| 792 | , ((modm .|. shiftMask, xK_Return), spawn $ XMonad.terminal conf) | 792 | , ((modm .|. shiftMask, xK_Return), spawn $ XMonad.terminal conf) | 
| 793 | 793 | ||
| 794 | -- launch dmenu | 794 | -- launch dmenu | 
| 795 | --, ((modm, xK_d ), spawn "exe=`dmenu_path | dmenu` && eval \"exec $exe\"") | 795 | --, ((modm, xK_d ), spawn "exe=`dmenu_path | dmenu` && eval \"exec $exe\"") | 
| 796 | , ((modm, xK_d ), shellPrompt "Run: " xPConfigMonospace) | 796 | , ((modm, xK_d ), shellPrompt "Run: " xPConfigMonospace) | 
| @@ -800,31 +800,31 @@ myKeys' conf host = Map.fromList $ | |||
| 800 | -- close focused window | 800 | -- close focused window | 
| 801 | , ((modm .|. shiftMask, xK_q ), kill) | 801 | , ((modm .|. shiftMask, xK_q ), kill) | 
| 802 | , ((modm .|. controlMask .|. shiftMask, xK_q ), spawn "xkill") | 802 | , ((modm .|. controlMask .|. shiftMask, xK_q ), spawn "xkill") | 
| 803 | 803 | ||
| 804 | -- Rotate through the available layout algorithms | 804 | -- Rotate through the available layout algorithms | 
| 805 | , ((modm, xK_space ), sendMessage NextLayout) | 805 | , ((modm, xK_space ), sendMessage NextLayout) | 
| 806 | 806 | ||
| 807 | -- Reset the layouts on the current workspace to default | 807 | -- Reset the layouts on the current workspace to default | 
| 808 | , ((modm .|. controlMask, xK_r ), (setLayout $ XMonad.layoutHook conf) >> refresh) | 808 | , ((modm .|. controlMask, xK_r ), (setLayout $ XMonad.layoutHook conf) >> refresh) | 
| 809 | 809 | ||
| 810 | -- Resize viewed windows to the correct size | 810 | -- Resize viewed windows to the correct size | 
| 811 | , ((modm, xK_r ), refresh) | 811 | , ((modm, xK_r ), refresh) | 
| 812 | 812 | ||
| 813 | -- Move focus to the next window | 813 | -- Move focus to the next window | 
| 814 | , ((modm, xK_t ), windows W.focusDown) | 814 | , ((modm, xK_t ), windows W.focusDown) | 
| 815 | 815 | ||
| 816 | -- Move focus to the previous window | 816 | -- Move focus to the previous window | 
| 817 | , ((modm, xK_n ), windows W.focusUp ) | 817 | , ((modm, xK_n ), windows W.focusUp ) | 
| 818 | 818 | ||
| 819 | -- Move focus to the master window | 819 | -- Move focus to the master window | 
| 820 | , ((modm, xK_m ), windows W.focusMaster ) | 820 | , ((modm, xK_m ), windows W.focusMaster ) | 
| 821 | 821 | ||
| 822 | -- Swap the focused window and the master window | 822 | -- Swap the focused window and the master window | 
| 823 | , ((modm .|. shiftMask, xK_m ), windows W.swapMaster) | 823 | , ((modm .|. shiftMask, xK_m ), windows W.swapMaster) | 
| 824 | 824 | ||
| 825 | -- Swap the focused window with the next window | 825 | -- Swap the focused window with the next window | 
| 826 | , ((modm .|. shiftMask, xK_t ), windows W.swapDown ) | 826 | , ((modm .|. shiftMask, xK_t ), windows W.swapDown ) | 
| 827 | 827 | ||
| 828 | -- Swap the focused window with the previous window | 828 | -- Swap the focused window with the previous window | 
| 829 | , ((modm .|. shiftMask, xK_n ), windows W.swapUp ) | 829 | , ((modm .|. shiftMask, xK_n ), windows W.swapUp ) | 
| 830 | 830 | ||
| @@ -845,18 +845,18 @@ myKeys' conf host = Map.fromList $ | |||
| 845 | -- , ((modm .|. controlMask, xK_Down ), withFocused $ keysMoveWindow (0, 10)) | 845 | -- , ((modm .|. controlMask, xK_Down ), withFocused $ keysMoveWindow (0, 10)) | 
| 846 | -- Shrink the master area | 846 | -- Shrink the master area | 
| 847 | , ((modm, xK_h ), sendMessage Shrink) | 847 | , ((modm, xK_h ), sendMessage Shrink) | 
| 848 | 848 | ||
| 849 | -- Expand the master area | 849 | -- Expand the master area | 
| 850 | , ((modm, xK_s ), sendMessage Expand) | 850 | , ((modm, xK_s ), sendMessage Expand) | 
| 851 | 851 | ||
| 852 | -- Push window back into tiling | 852 | -- Push window back into tiling | 
| 853 | , ((modm .|. shiftMask, xK_space ), withFocused $ windows . W.sink) | 853 | , ((modm .|. shiftMask, xK_space ), withFocused $ windows . W.sink) | 
| 854 | , ((modm, xK_BackSpace), focusUrgent) | 854 | , ((modm, xK_BackSpace), focusUrgent) | 
| 855 | , ((modm .|. shiftMask, xK_BackSpace), clearUrgents) | 855 | , ((modm .|. shiftMask, xK_BackSpace), clearUrgents) | 
| 856 | 856 | ||
| 857 | -- Increment the number of windows in the master area | 857 | -- Increment the number of windows in the master area | 
| 858 | , ((modm , xK_comma ), sendMessage (IncMasterN 1)) | 858 | , ((modm , xK_comma ), sendMessage (IncMasterN 1)) | 
| 859 | 859 | ||
| 860 | -- Deincrement the number of windows in the master area | 860 | -- Deincrement the number of windows in the master area | 
| 861 | , ((modm , xK_period), sendMessage (IncMasterN (-1))) | 861 | , ((modm , xK_period), sendMessage (IncMasterN (-1))) | 
| 862 | 862 | ||
| @@ -875,7 +875,7 @@ myKeys' conf host = Map.fromList $ | |||
| 875 | 875 | ||
| 876 | , ((modm , xK_Escape), cycleKbLayout (hKbLayouts host)) | 876 | , ((modm , xK_Escape), cycleKbLayout (hKbLayouts host)) | 
| 877 | , ((modm .|. controlMask, xK_Escape), safeSpawn "setxkbmap" $ fst (head $ hKbLayouts host) : maybeToList (snd . head $ hKbLayouts host)) | 877 | , ((modm .|. controlMask, xK_Escape), safeSpawn "setxkbmap" $ fst (head $ hKbLayouts host) : maybeToList (snd . head $ hKbLayouts host)) | 
| 878 | 878 | ||
| 879 | -- Toggle the status bar gap | 879 | -- Toggle the status bar gap | 
| 880 | -- Use this binding with avoidStruts from Hooks.ManageDocks. | 880 | -- Use this binding with avoidStruts from Hooks.ManageDocks. | 
| 881 | -- See also the statusBar function from Hooks.DynamicLog. | 881 | -- See also the statusBar function from Hooks.DynamicLog. | 
| @@ -883,10 +883,10 @@ myKeys' conf host = Map.fromList $ | |||
| 883 | , ((modm , xK_b ), sendMessage ToggleStruts) | 883 | , ((modm , xK_b ), sendMessage ToggleStruts) | 
| 884 | 884 | ||
| 885 | , ((modm .|. shiftMask, xK_p ), safeSpawn "playerctl" ["-a", "pause"]) | 885 | , ((modm .|. shiftMask, xK_p ), safeSpawn "playerctl" ["-a", "pause"]) | 
| 886 | 886 | ||
| 887 | -- Quit xmonad | 887 | -- Quit xmonad | 
| 888 | , ((modm .|. shiftMask, xK_e ), io (exitWith ExitSuccess)) | 888 | , ((modm .|. shiftMask, xK_e ), io (exitWith ExitSuccess)) | 
| 889 | 889 | ||
| 890 | -- Restart xmonad | 890 | -- Restart xmonad | 
| 891 | -- , ((modm .|. shiftMask .|. controlMask, xK_r ), void . xfork $ recompile False >>= flip when (safeSpawn "xmonad" ["--restart"])) | 891 | -- , ((modm .|. shiftMask .|. controlMask, xK_r ), void . xfork $ recompile False >>= flip when (safeSpawn "xmonad" ["--restart"])) | 
| 892 | , ((modm .|. shiftMask, xK_r ), void . liftIO $ executeFile "xmonad" True [] Nothing) | 892 | , ((modm .|. shiftMask, xK_r ), void . liftIO $ executeFile "xmonad" True [] Nothing) | 
| @@ -902,7 +902,7 @@ myKeys' conf host = Map.fromList $ | |||
| 902 | , ((modm , xK_g ), windowPrompt xPConfig Bring allWindows) | 902 | , ((modm , xK_g ), windowPrompt xPConfig Bring allWindows) | 
| 903 | ] | 903 | ] | 
| 904 | ++ | 904 | ++ | 
| 905 | 905 | ||
| 906 | -- | 906 | -- | 
| 907 | -- mod-[1..9], Switch to workspace N | 907 | -- mod-[1..9], Switch to workspace N | 
| 908 | -- | 908 | -- | 
| @@ -924,4 +924,3 @@ myKeys' conf host = Map.fromList $ | |||
| 924 | modm = XMonad.modMask conf | 924 | modm = XMonad.modMask conf | 
| 925 | 925 | ||
| 926 | brCycle = [0, 1 % 100, 1 % 10, 1 % 4, 1 % 2, 3 % 4, 1] | 926 | brCycle = [0, 1 % 100, 1 % 10, 1 % 4, 1 % 2, 3 % 4, 1] | 
| 927 | |||
| @@ -225,6 +225,7 @@ | |||
| 225 | defaults = mapAttrs (hostname: _: { | 225 | defaults = mapAttrs (hostname: _: { | 
| 226 | inherit hostname; | 226 | inherit hostname; | 
| 227 | sshUser = "root"; | 227 | sshUser = "root"; | 
| 228 | sshOpts = [ "-S" "none" ]; | ||
| 228 | 229 | ||
| 229 | profilesOrder = ["system"]; # system first | 230 | profilesOrder = ["system"]; # system first | 
| 230 | profiles = { | 231 | profiles = { | 
| diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix index b38a387c..58f99b9a 100644 --- a/hosts/sif/default.nix +++ b/hosts/sif/default.nix | |||
| @@ -38,6 +38,8 @@ in { | |||
| 38 | kernelModules = [ "dm-raid" "dm-integrity" "dm-snapshot" "dm-thin-pool" "dm-mod" "dm-crypt" ]; | 38 | kernelModules = [ "dm-raid" "dm-integrity" "dm-snapshot" "dm-thin-pool" "dm-mod" "dm-crypt" ]; | 
| 39 | }; | 39 | }; | 
| 40 | 40 | ||
| 41 | supportedFilesystems = [ "nfs" "nfs4" ]; | ||
| 42 | |||
| 41 | blacklistedKernelModules = [ "nouveau" ]; | 43 | blacklistedKernelModules = [ "nouveau" ]; | 
| 42 | 44 | ||
| 43 | # Use the systemd-boot EFI boot loader. | 45 | # Use the systemd-boot EFI boot loader. | 
| @@ -289,10 +291,6 @@ in { | |||
| 289 | ]; | 291 | ]; | 
| 290 | 292 | ||
| 291 | services = { | 293 | services = { | 
| 292 | udev.packages = with pkgs; [ uhk-agent ]; | ||
| 293 | |||
| 294 | # tinc.yggdrasil.enable = true; | ||
| 295 | |||
| 296 | uucp = { | 294 | uucp = { | 
| 297 | enable = true; | 295 | enable = true; | 
| 298 | nodeName = "sif"; | 296 | nodeName = "sif"; | 
| @@ -383,9 +381,10 @@ in { | |||
| 383 | }; | 381 | }; | 
| 384 | 382 | ||
| 385 | users = { | 383 | users = { | 
| 386 | users.gkleen.extraGroups = [ "media" "plugdev" ]; | 384 | users.gkleen.extraGroups = [ "media" "plugdev" "input" ]; | 
| 387 | groups.media = {}; | 385 | groups.media = {}; | 
| 388 | groups.plugdev = {}; | 386 | groups.plugdev = {}; | 
| 387 | groups.input = {}; | ||
| 389 | }; | 388 | }; | 
| 390 | 389 | ||
| 391 | security.rtkit.enable = true; | 390 | security.rtkit.enable = true; | 
| @@ -501,6 +500,8 @@ in { | |||
| 501 | }; | 500 | }; | 
| 502 | 501 | ||
| 503 | firmware = [ pkgs.firmwareLinuxNonfree ]; | 502 | firmware = [ pkgs.firmwareLinuxNonfree ]; | 
| 503 | |||
| 504 | keyboard.uhk.enable = true; | ||
| 504 | }; | 505 | }; | 
| 505 | 506 | ||
| 506 | sound.enable = true; | 507 | sound.enable = true; | 
| diff --git a/hosts/surtr/dns/zones/email.bouncy.soa b/hosts/surtr/dns/zones/email.bouncy.soa index abf8ef07..3f038b92 100644 --- a/hosts/surtr/dns/zones/email.bouncy.soa +++ b/hosts/surtr/dns/zones/email.bouncy.soa | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | $ORIGIN bouncy.email. | 1 | $ORIGIN bouncy.email. | 
| 2 | $TTL 3600 | 2 | $TTL 3600 | 
| 3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( | 3 | @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( | 
| 4 | 2022071002 ; serial | 4 | 2022100600 ; serial | 
| 5 | 10800 ; refresh | 5 | 10800 ; refresh | 
| 6 | 3600 ; retry | 6 | 3600 ; retry | 
| 7 | 604800 ; expire | 7 | 604800 ; expire | 
| @@ -69,7 +69,7 @@ spm IN MX 0 mailin.bouncy.email. | |||
| 69 | spm IN TXT "v=spf1 redirect=bouncy.email" | 69 | spm IN TXT "v=spf1 redirect=bouncy.email" | 
| 70 | _acme-challenge.spm IN NS ns.yggdrasil.li. | 70 | _acme-challenge.spm IN NS ns.yggdrasil.li. | 
| 71 | 71 | ||
| 72 | _mta-sts IN TXT "v=STSv1; id=2022071002" | 72 | _mta-sts IN TXT "v=STSv1; id=2022100600" | 
| 73 | _smtp._tls IN TXT "v=TLSRPTv1; rua=mailto:postmaster@bouncy.email" | 73 | _smtp._tls IN TXT "v=TLSRPTv1; rua=mailto:postmaster@bouncy.email" | 
| 74 | mta-sts IN A 202.61.241.61 | 74 | mta-sts IN A 202.61.241.61 | 
| 75 | mta-sts IN AAAA 2a03:4000:52:ada:: | 75 | mta-sts IN AAAA 2a03:4000:52:ada:: | 
| diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix index 2fe5b7f0..42b50c88 100644 --- a/hosts/surtr/email/default.nix +++ b/hosts/surtr/email/default.nix | |||
| @@ -412,6 +412,8 @@ in { | |||
| 412 | in '' | 412 | in '' | 
| 413 | mail_home = /var/lib/mail/%u | 413 | mail_home = /var/lib/mail/%u | 
| 414 | 414 | ||
| 415 | mail_plugins = $mail_plugins quota | ||
| 416 | |||
| 415 | first_valid_uid = ${toString config.users.users.dovecot2.uid} | 417 | first_valid_uid = ${toString config.users.users.dovecot2.uid} | 
| 416 | last_valid_uid = ${toString config.users.users.dovecot2.uid} | 418 | last_valid_uid = ${toString config.users.users.dovecot2.uid} | 
| 417 | first_valid_gid = ${toString config.users.groups.dovecot2.gid} | 419 | first_valid_gid = ${toString config.users.groups.dovecot2.gid} | 
| @@ -473,9 +475,10 @@ in { | |||
| 473 | result_failure = return-fail | 475 | result_failure = return-fail | 
| 474 | result_internalfail = return-fail | 476 | result_internalfail = return-fail | 
| 475 | } | 477 | } | 
| 478 | |||
| 479 | mail_plugins = $mail_plugins sieve | ||
| 476 | } | 480 | } | 
| 477 | 481 | ||
| 478 | mail_plugins = $mail_plugins quota | ||
| 479 | mailbox_list_index = yes | 482 | mailbox_list_index = yes | 
| 480 | postmaster_address = postmaster@yggdrasil.li | 483 | postmaster_address = postmaster@yggdrasil.li | 
| 481 | recipient_delimiter = | 484 | recipient_delimiter = | 
| @@ -732,7 +735,7 @@ in { | |||
| 732 | cp ${pkgs.writeText "mta-sts.txt" '' | 735 | cp ${pkgs.writeText "mta-sts.txt" '' | 
| 733 | version: STSv1 | 736 | version: STSv1 | 
| 734 | mode: enforce | 737 | mode: enforce | 
| 735 | max_age: 604800 | 738 | max_age: 2419200 | 
| 736 | mx: mailin.bouncy.email | 739 | mx: mailin.bouncy.email | 
| 737 | ''} $out/.well-known/mta-sts.txt | 740 | ''} $out/.well-known/mta-sts.txt | 
| 738 | ''; | 741 | ''; | 
| diff --git a/hosts/vidhar/dns/zones/yggdrasil.soa b/hosts/vidhar/dns/zones/yggdrasil.soa index ffa79ee1..3d9d4d83 100644 --- a/hosts/vidhar/dns/zones/yggdrasil.soa +++ b/hosts/vidhar/dns/zones/yggdrasil.soa | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | $ORIGIN yggdrasil. | 1 | $ORIGIN yggdrasil. | 
| 2 | $TTL 300 | 2 | $TTL 300 | 
| 3 | @ IN SOA vidhar.yggdrasil. root.yggdrasil.li. ( | 3 | @ IN SOA vidhar.yggdrasil. root.yggdrasil.li. ( | 
| 4 | 2022040802 ; serial | 4 | 2022101601 ; serial | 
| 5 | 300 ; refresh | 5 | 300 ; refresh | 
| 6 | 300 ; retry | 6 | 300 ; retry | 
| 7 | 300 ; expire | 7 | 300 ; expire | 
| @@ -16,6 +16,7 @@ sif IN AAAA 2a03:4000:52:ada:1:2:: | |||
| 16 | 16 | ||
| 17 | grafana.vidhar IN CNAME vidhar.yggdrasil. | 17 | grafana.vidhar IN CNAME vidhar.yggdrasil. | 
| 18 | prometheus.vidhar IN CNAME vidhar.yggdrasil. | 18 | prometheus.vidhar IN CNAME vidhar.yggdrasil. | 
| 19 | nfsroot.vidhar IN CNAME vidhar.lan.yggdrasil. | ||
| 19 | 20 | ||
| 20 | 21 | ||
| 21 | vidhar.lan IN A 10.141.0.1 | 22 | vidhar.lan IN A 10.141.0.1 | 
| diff --git a/hosts/vidhar/network/default.nix b/hosts/vidhar/network/default.nix index e69674f4..f19ea9cd 100644 --- a/hosts/vidhar/network/default.nix +++ b/hosts/vidhar/network/default.nix | |||
| @@ -1,4 +1,5 @@ | |||
| 1 | { pkgs, ... }: | 1 | { pkgs, ... }: | 
| 2 | |||
| 2 | { | 3 | { | 
| 3 | imports = [ ./dsl.nix ./bifrost ./dhcp ]; | 4 | imports = [ ./dsl.nix ./bifrost ./dhcp ]; | 
| 4 | 5 | ||
| @@ -69,5 +70,30 @@ | |||
| 69 | networkConfig.LinkLocalAddressing = "no"; | 70 | networkConfig.LinkLocalAddressing = "no"; | 
| 70 | }; | 71 | }; | 
| 71 | }; | 72 | }; | 
| 73 | |||
| 74 | services.nfs.server = { | ||
| 75 | enable = true; | ||
| 76 | createMountPoints = true; | ||
| 77 | |||
| 78 | statdPort = 4000; | ||
| 79 | lockdPort = 4001; | ||
| 80 | mountdPort = 4002; | ||
| 81 | |||
| 82 | extraNfsdConfig = '' | ||
| 83 | vers3=off | ||
| 84 | ''; | ||
| 85 | |||
| 86 | exports = '' | ||
| 87 | /srv/nfs 10.141.0.0/24(ro,async,root_squash,fsid=0) 2a03:4000:52:ada:1::/80(ro,async,root_squash,fsid=0) | ||
| 88 | /srv/nfs/nix-store 10.141.0.0/24(ro,async,root_squash) 2a03:4000:52:ada:1::/80(ro,async,root_squash) | ||
| 89 | ''; | ||
| 90 | }; | ||
| 91 | |||
| 92 | fileSystems = { | ||
| 93 | "/srv/nfs/nix-store" = { | ||
| 94 | device = "/nix/store"; | ||
| 95 | options = [ "bind" ]; | ||
| 96 | }; | ||
| 97 | }; | ||
| 72 | }; | 98 | }; | 
| 73 | } | 99 | } | 
| diff --git a/hosts/vidhar/network/dhcp/default.nix b/hosts/vidhar/network/dhcp/default.nix index e14b15ac..dfaa4c9f 100644 --- a/hosts/vidhar/network/dhcp/default.nix +++ b/hosts/vidhar/network/dhcp/default.nix | |||
| @@ -26,7 +26,7 @@ with lib; | |||
| 26 | { name = "ipxe"; | 26 | { name = "ipxe"; | 
| 27 | test = "option[77].hex == 'iPXE'"; | 27 | test = "option[77].hex == 'iPXE'"; | 
| 28 | next-server = "10.141.0.1"; | 28 | next-server = "10.141.0.1"; | 
| 29 | boot-file-name = "installer-x86_64-linux/netboot.ipxe"; | 29 | boot-file-name = "http://nfsroot.vidhar.yggdrasil/installer-x86_64-linux/netboot.ipxe"; | 
| 30 | only-if-required = true; | 30 | only-if-required = true; | 
| 31 | } | 31 | } | 
| 32 | { name = "uefi-64"; | 32 | { name = "uefi-64"; | 
| @@ -229,6 +229,40 @@ with lib; | |||
| 229 | sopsFile = ./knot-tsig.json.frag; | 229 | sopsFile = ./knot-tsig.json.frag; | 
| 230 | }; | 230 | }; | 
| 231 | 231 | ||
| 232 | services.nginx.virtualHosts."nfsroot.vidhar.yggdrasil" = { | ||
| 233 | addSSL = false; | ||
| 234 | forceSSL = false; | ||
| 235 | locations."/" = { | ||
| 236 | extraConfig = '' | ||
| 237 | autoindex on; | ||
| 238 | ''; | ||
| 239 | root = pkgs.symlinkJoin { | ||
| 240 | name = "nfsroot.vidhar.yggdrasil"; | ||
| 241 | paths = | ||
| 242 | (map (system: | ||
| 243 | let | ||
| 244 | installerBuild = (flake.nixosConfigurations.${"installer-${system}-nfsroot"}.extendModules { | ||
| 245 | modules = [ | ||
| 246 | ({ ... }: { | ||
| 247 | config.nfsroot.storeDevice = "10.141.0.1:nix-store"; | ||
| 248 | config.nfsroot.registrationUrl = "http://nfsroot.vidhar.yggdrasil/installer-${system}/registration"; | ||
| 249 | }) | ||
| 250 | ]; | ||
| 251 | }).config.system.build; | ||
| 252 | in builtins.toPath (pkgs.runCommandLocal "install-${system}" {} '' | ||
| 253 | mkdir -p $out/installer-${system} | ||
| 254 | install -m 0444 -t $out/installer-${system} \ | ||
| 255 | ${installerBuild.initialRamdisk}/initrd \ | ||
| 256 | ${installerBuild.kernel}/bzImage \ | ||
| 257 | ${installerBuild.netbootIpxeScript}/netboot.ipxe \ | ||
| 258 | ${pkgs.closureInfo { rootPaths = installerBuild.storeContents; }}/registration | ||
| 259 | '') | ||
| 260 | ) ["x86_64-linux"] | ||
| 261 | ); | ||
| 262 | }; | ||
| 263 | }; | ||
| 264 | }; | ||
| 265 | |||
| 232 | systemd.services."pxe-atftpd" = { | 266 | systemd.services."pxe-atftpd" = { | 
| 233 | description = "TFTP Server for PXE Booting"; | 267 | description = "TFTP Server for PXE Booting"; | 
| 234 | after = [ "network.target" ]; | 268 | after = [ "network.target" ]; | 
| @@ -238,44 +272,16 @@ with lib; | |||
| 238 | additionalTargets = { | 272 | additionalTargets = { | 
| 239 | "bin-i386-efi/ipxe.efi" = "i386-ipxe.efi"; | 273 | "bin-i386-efi/ipxe.efi" = "i386-ipxe.efi"; | 
| 240 | }; | 274 | }; | 
| 275 | additionalOptions = [ | ||
| 276 | "NSLOOKUP_CMD" | ||
| 277 | ]; | ||
| 241 | }; | 278 | }; | 
| 242 | tftpRoot = pkgs.runCommandLocal "netboot" {} '' | 279 | tftpRoot = pkgs.runCommandLocal "netboot" {} '' | 
| 243 | mkdir -p $out | 280 | mkdir -p $out | 
| 244 | install -m 0444 -t $out \ | 281 | install -m 0444 -t $out \ | 
| 245 | ${ipxe}/ipxe.efi ${ipxe}/i386-ipxe.efi ${ipxe}/undionly.kpxe | 282 | ${ipxe}/ipxe.efi ${ipxe}/i386-ipxe.efi ${ipxe}/undionly.kpxe | 
| 246 | |||
| 247 | ${concatMapStringsSep "\n" (system: | ||
| 248 | let | ||
| 249 | installerBuild = (flake.nixosConfigurations.${"installer-${system}-nfsroot"}.extendModules { | ||
| 250 | modules = [ | ||
| 251 | ({ ... }: { config.nfsroot.storeDevice = "vidhar:nix-store"; }) | ||
| 252 | ]; | ||
| 253 | }).config.system.build; | ||
| 254 | in '' | ||
| 255 | mkdir -p $out/installer-${system} | ||
| 256 | install -m 0444 -t $out/installer-${system} \ | ||
| 257 | ${installerBuild.initialRamdisk}/initrd \ | ||
| 258 | ${installerBuild.kernel}/bzImage \ | ||
| 259 | ${installerBuild.netbootIpxeScript}/netboot.ipxe | ||
| 260 | '' | ||
| 261 | ) ["x86_64-linux"]} | ||
| 262 | ''; | 283 | ''; | 
| 263 | in "${pkgs.atftp}/sbin/atftpd --daemon --no-fork --bind-address=10.141.0.1 ${tftpRoot}"; | 284 | in "${pkgs.atftp}/sbin/atftpd --daemon --no-fork --bind-address=10.141.0.1 ${tftpRoot}"; | 
| 264 | }; | 285 | }; | 
| 265 | |||
| 266 | services.nfs.server = { | ||
| 267 | enable = true; | ||
| 268 | createMountPoints = true; | ||
| 269 | exports = '' | ||
| 270 | /export/nix-root 10.141.0.0/24(ro) | ||
| 271 | ''; | ||
| 272 | }; | ||
| 273 | |||
| 274 | fileSystems = { | ||
| 275 | "/export/nix-root" = { | ||
| 276 | device = "/nix/store"; | ||
| 277 | options = [ "bind" ]; | ||
| 278 | }; | ||
| 279 | }; | ||
| 280 | }; | 286 | }; | 
| 281 | } | 287 | } | 
| diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft index c0da0fa6..473f8a20 100644 --- a/hosts/vidhar/network/ruleset.nft +++ b/hosts/vidhar/network/ruleset.nft | |||
| @@ -78,6 +78,7 @@ table inet filter { | |||
| 78 | counter ssh-rx {} | 78 | counter ssh-rx {} | 
| 79 | counter mosh-rx {} | 79 | counter mosh-rx {} | 
| 80 | counter dns-rx {} | 80 | counter dns-rx {} | 
| 81 | counter nfs-rx {} | ||
| 81 | counter wg-rx {} | 82 | counter wg-rx {} | 
| 82 | counter yggdrasil-gre-rx {} | 83 | counter yggdrasil-gre-rx {} | 
| 83 | counter ipv6-pd-rx {} | 84 | counter ipv6-pd-rx {} | 
| @@ -104,6 +105,7 @@ table inet filter { | |||
| 104 | counter ssh-tx {} | 105 | counter ssh-tx {} | 
| 105 | counter mosh-tx {} | 106 | counter mosh-tx {} | 
| 106 | counter dns-tx {} | 107 | counter dns-tx {} | 
| 108 | counter nfs-tx {} | ||
| 107 | counter wg-tx {} | 109 | counter wg-tx {} | 
| 108 | counter yggdrasil-gre-tx {} | 110 | counter yggdrasil-gre-tx {} | 
| 109 | counter ipv6-pd-tx {} | 111 | counter ipv6-pd-tx {} | 
| @@ -152,7 +154,7 @@ table inet filter { | |||
| 152 | 154 | ||
| 153 | 155 | ||
| 154 | ct state invalid log level debug prefix "drop invalid input: " counter name invalid-rx drop | 156 | ct state invalid log level debug prefix "drop invalid input: " counter name invalid-rx drop | 
| 155 | 157 | ||
| 156 | 158 | ||
| 157 | iifname lo counter name rx-lo accept | 159 | iifname lo counter name rx-lo accept | 
| 158 | iif != lo ip daddr 127.0.0.1/8 counter name invalid-local4-rx reject | 160 | iif != lo ip daddr 127.0.0.1/8 counter name invalid-local4-rx reject | 
| @@ -165,8 +167,9 @@ table inet filter { | |||
| 165 | iifname { lan, mgmt, dsl, yggdrasil, bifrost } tcp dport 22 counter name ssh-rx accept | 167 | iifname { lan, mgmt, dsl, yggdrasil, bifrost } tcp dport 22 counter name ssh-rx accept | 
| 166 | iifname { lan, mgmt, dsl, yggdrasil, bifrost } udp dport 60000-61000 counter name mosh-rx accept | 168 | iifname { lan, mgmt, dsl, yggdrasil, bifrost } udp dport 60000-61000 counter name mosh-rx accept | 
| 167 | 169 | ||
| 168 | iifname { lan, mgmt, dmz01, yggdrasil } tcp dport 53 counter name dns-rx accept | 170 | iifname { lan, mgmt, dmz01, yggdrasil } meta l4proto { tcp, udp } th dport 53 counter name dns-rx accept | 
| 169 | iifname { lan, mgmt, dmz01, yggdrasil } udp dport 53 counter name dns-rx accept | 171 | |
| 172 | iifname { lan, yggdrasil } tcp dport 2049 counter name nfs-rx accept | ||
| 170 | 173 | ||
| 171 | iifname { lan, mgmt, dsl } meta protocol ip udp dport 51820 counter name wg-rx accept | 174 | iifname { lan, mgmt, dsl } meta protocol ip udp dport 51820 counter name wg-rx accept | 
| 172 | iifname { lan, mgmt, dsl } meta protocol ip6 udp dport 51821 counter name wg-rx accept | 175 | iifname { lan, mgmt, dsl } meta protocol ip6 udp dport 51821 counter name wg-rx accept | 
| @@ -182,7 +185,8 @@ table inet filter { | |||
| 182 | iifname lan tcp dport { 445, 139, 5357 } counter name samba-rx accept | 185 | iifname lan tcp dport { 445, 139, 5357 } counter name samba-rx accept | 
| 183 | 186 | ||
| 184 | iifname yggdrasil tcp dport { 80, 443 } counter name http-rx accept | 187 | iifname yggdrasil tcp dport { 80, 443 } counter name http-rx accept | 
| 185 | 188 | iifname lan tcp dport 80 counter name http-rx accept | |
| 189 | |||
| 186 | iifname { lan, mgmt } udp dport 69 counter name tftp-rx accept | 190 | iifname { lan, mgmt } udp dport 69 counter name tftp-rx accept | 
| 187 | 191 | ||
| 188 | ct state {established, related} counter name established-rx accept | 192 | ct state {established, related} counter name established-rx accept | 
| @@ -209,8 +213,9 @@ table inet filter { | |||
| 209 | tcp sport 22 counter name ssh-tx | 213 | tcp sport 22 counter name ssh-tx | 
| 210 | udp sport 60000-61000 counter name mosh-tx | 214 | udp sport 60000-61000 counter name mosh-tx | 
| 211 | 215 | ||
| 212 | tcp sport 53 counter name dns-tx | 216 | meta l4proto {tcp, udp} th sport 53 counter name dns-tx | 
| 213 | udp sport 53 counter name dns-tx | 217 | |
| 218 | tcp sport 2049 counter name nfs-tx | ||
| 214 | 219 | ||
| 215 | meta protocol ip udp sport 51820 counter name wg-tx | 220 | meta protocol ip udp sport 51820 counter name wg-tx | 
| 216 | meta protocol ip6 udp sport {51821,51822} counter name wg-tx | 221 | meta protocol ip6 udp sport {51821,51822} counter name wg-tx | 
| @@ -225,7 +230,7 @@ table inet filter { | |||
| 225 | udp sport { 137, 138, 3702 } counter name samba-tx accept | 230 | udp sport { 137, 138, 3702 } counter name samba-tx accept | 
| 226 | tcp sport { 445, 139, 5357 } counter name samba-tx accept | 231 | tcp sport { 445, 139, 5357 } counter name samba-tx accept | 
| 227 | 232 | ||
| 228 | tcp sport {80,443} counter name http-tx accept | 233 | tcp sport { 80, 443 } counter name http-tx accept | 
| 229 | 234 | ||
| 230 | udp sport 69 counter name tftp-tx accept | 235 | udp sport 69 counter name tftp-tx accept | 
| 231 | udp dport 69 counter name tftp-tx accept | 236 | udp dport 69 counter name tftp-tx accept | 
| diff --git a/installer-profiles/nfsroot.nix b/installer-profiles/nfsroot.nix index 9db415a8..2688a8d0 100644 --- a/installer-profiles/nfsroot.nix +++ b/installer-profiles/nfsroot.nix | |||
| @@ -16,7 +16,17 @@ in { | |||
| 16 | nfsroot = { | 16 | nfsroot = { | 
| 17 | storeDevice = mkOption { | 17 | storeDevice = mkOption { | 
| 18 | type = types.str; | 18 | type = types.str; | 
| 19 | default = "nfsroot:nix-store"; | ||
| 19 | }; | 20 | }; | 
| 21 | |||
| 22 | registrationUrl = mkOption { | ||
| 23 | type = types.str; | ||
| 24 | default = "http://nfsroot/nix-registration"; | ||
| 25 | }; | ||
| 26 | }; | ||
| 27 | |||
| 28 | system.build = { | ||
| 29 | storeContents = mkOption {}; | ||
| 20 | }; | 30 | }; | 
| 21 | }; | 31 | }; | 
| 22 | 32 | ||
| @@ -67,14 +77,26 @@ in { | |||
| 67 | ]; | 77 | ]; | 
| 68 | }; | 78 | }; | 
| 69 | 79 | ||
| 80 | nix.extraOptions = '' | ||
| 81 | use-sqlite-wal = false | ||
| 82 | ''; | ||
| 83 | |||
| 70 | boot.initrd.availableKernelModules = [ "nfs" "nfsv4" "overlay" ]; | 84 | boot.initrd.availableKernelModules = [ "nfs" "nfsv4" "overlay" ]; | 
| 71 | boot.initrd.supportedFilesystems = [ "nfs" "nfsv4" "overlay" ]; | 85 | boot.initrd.supportedFilesystems = [ "nfs" "nfsv4" "overlay" ]; | 
| 86 | services.rpcbind.enable = mkImageMediaOverride false; | ||
| 72 | 87 | ||
| 73 | boot.initrd.network.enable = true; | 88 | boot.initrd.network.enable = true; | 
| 74 | boot.initrd.network.flushBeforeStage2 = false; # otherwise nfs dosen't work | 89 | boot.initrd.network.flushBeforeStage2 = false; # otherwise nfs doesn't work | 
| 90 | boot.initrd.postMountCommands = '' | ||
| 91 | mkdir -p /mnt-root/etc/ | ||
| 92 | cp /etc/resolv.conf /mnt-root/etc/resolv.conf | ||
| 93 | ''; | ||
| 75 | networking.useDHCP = true; | 94 | networking.useDHCP = true; | 
| 95 | networking.resolvconf.enable = false; | ||
| 76 | 96 | ||
| 77 | 97 | ||
| 98 | system.build.storeContents = [config.system.build.toplevel]; | ||
| 99 | |||
| 78 | system.build.netbootIpxeScript = pkgs.writeTextDir "netboot.ipxe" '' | 100 | system.build.netbootIpxeScript = pkgs.writeTextDir "netboot.ipxe" '' | 
| 79 | #!ipxe | 101 | #!ipxe | 
| 80 | # Use the cmdline variable to allow the user to specify custom kernel params | 102 | # Use the cmdline variable to allow the user to specify custom kernel params | 
| @@ -86,6 +108,10 @@ in { | |||
| 86 | 108 | ||
| 87 | boot.postBootCommands = | 109 | boot.postBootCommands = | 
| 88 | '' | 110 | '' | 
| 111 | # After booting, register the contents of the Nix store on NFS | ||
| 112 | # in the Nix database in the tmpfs. | ||
| 113 | ${pkgs.curl}/bin/curl ${escapeShellArg cfg.registrationUrl} | ${config.nix.package.out}/bin/nix-store --load-db | ||
| 114 | |||
| 89 | # nixos-rebuild also requires a "system" profile and an | 115 | # nixos-rebuild also requires a "system" profile and an | 
| 90 | # /etc/NIXOS tag. | 116 | # /etc/NIXOS tag. | 
| 91 | touch /etc/NIXOS | 117 | touch /etc/NIXOS | 
| diff --git a/installer/ruleset.nft b/installer/ruleset.nft index 803ce9fd..7b38a059 100644 --- a/installer/ruleset.nft +++ b/installer/ruleset.nft | |||
| @@ -60,7 +60,7 @@ table inet filter { | |||
| 60 | 60 | ||
| 61 | 61 | ||
| 62 | ct state invalid log level debug prefix "drop invalid input: " counter drop | 62 | ct state invalid log level debug prefix "drop invalid input: " counter drop | 
| 63 | 63 | ||
| 64 | 64 | ||
| 65 | iifname lo counter accept | 65 | iifname lo counter accept | 
| 66 | iif != lo ip daddr 127.0.0.1/8 counter reject | 66 | iif != lo ip daddr 127.0.0.1/8 counter reject | 
| @@ -73,7 +73,7 @@ table inet filter { | |||
| 73 | udp dport 60000-61000 counter accept | 73 | udp dport 60000-61000 counter accept | 
| 74 | 74 | ||
| 75 | 75 | ||
| 76 | ct state {established, related} counter name established-rx accept | 76 | ct state {established, related} counter accept | 
| 77 | 77 | ||
| 78 | 78 | ||
| 79 | limit name lim_reject log level debug prefix "drop input: " counter drop | 79 | limit name lim_reject log level debug prefix "drop input: " counter drop | 
| diff --git a/nvfetcher.toml b/nvfetcher.toml index ccdd78dd..7cd52c29 100644 --- a/nvfetcher.toml +++ b/nvfetcher.toml | |||
| @@ -14,6 +14,10 @@ fetch.git = "https://gist.github.com/2f71a97fb85ed42146f6d9f522bc34ef.git" | |||
| 14 | src.github = "hoyon/mpv-mpris" | 14 | src.github = "hoyon/mpv-mpris" | 
| 15 | fetch.github = "hoyon/mpv-mpris" | 15 | fetch.github = "hoyon/mpv-mpris" | 
| 16 | 16 | ||
| 17 | [mpv-subselect] | ||
| 18 | src.git = "https://github.com/CogentRedTester/mpv-sub-select" | ||
| 19 | fetch.git = "https://github.com/CogentRedTester/mpv-sub-select" | ||
| 20 | |||
| 17 | [emacs-scratch_el] | 21 | [emacs-scratch_el] | 
| 18 | src.git = "https://github.com/ffevotte/scratch.el" | 22 | src.git = "https://github.com/ffevotte/scratch.el" | 
| 19 | fetch.github = "ffevotte/scratch.el" | 23 | fetch.github = "ffevotte/scratch.el" | 
| diff --git a/user-profiles/mpv/default.nix b/user-profiles/mpv/default.nix index 0c87b6e7..9c9d077b 100644 --- a/user-profiles/mpv/default.nix +++ b/user-profiles/mpv/default.nix | |||
| @@ -7,8 +7,10 @@ | |||
| 7 | }; | 7 | }; | 
| 8 | config = { | 8 | config = { | 
| 9 | ytdl = true; | 9 | ytdl = true; | 
| 10 | sub = false; | 10 | subs-with-matching-audio = false; | 
| 11 | osd-font = "DejaVu Sans"; | 11 | audio-display = false; | 
| 12 | osd-font = "Fira Sans"; | ||
| 13 | sub-font = "Fira Sans"; | ||
| 12 | # vo = "gpu"; | 14 | # vo = "gpu"; | 
| 13 | hwdec = "auto"; | 15 | hwdec = "auto"; | 
| 14 | force-window = "yes"; | 16 | force-window = "yes"; | 
| @@ -18,8 +20,36 @@ | |||
| 18 | "vidscale=no" | 20 | "vidscale=no" | 
| 19 | "deadzonesize=0.9" | 21 | "deadzonesize=0.9" | 
| 20 | "ytdl_hook-ytdl_path=${pkgs.yt-dlp}/bin/yt-dlp" | 22 | "ytdl_hook-ytdl_path=${pkgs.yt-dlp}/bin/yt-dlp" | 
| 21 | "chapterskip-skip=sponsor;intro;endcard" | 23 | "chapterskip-skip=sponsor;intro;endcard;interact" | 
| 22 | "chapterskip-categories=sponsor>%[SponsorBlock%]: .*Sponsor.*;intro>%[SponsorBlock%]: .*Intro Animation.*;endcard>%[SponsorBlock%]: .*Endcards.*" | 24 | "chapterskip-categories=sponsor>%[SponsorBlock%]: .*Sponsor.*;intro>%[SponsorBlock%]: .*Intro Animation.*;endcard>%[SponsorBlock%]: .*Endcards.*;interact>%[SponsorBlock%]: .*Interaction Reminder.*" | 
| 25 | "sub_select-config=${pkgs.writeTextDir "sub-select.json" (builtins.toJSON [ | ||
| 26 | { | ||
| 27 | alang = "*"; | ||
| 28 | slang = "forced"; | ||
| 29 | } | ||
| 30 | { | ||
| 31 | alang = ["jpn" "ja"]; | ||
| 32 | slang = "eng?"; | ||
| 33 | blacklist = [ "sign" ]; | ||
| 34 | } | ||
| 35 | { | ||
| 36 | alang = ["jpn" "ja"]; | ||
| 37 | slang = "und"; | ||
| 38 | blacklist = [ "sign" ]; | ||
| 39 | } | ||
| 40 | { | ||
| 41 | alang = ["eng?" "deu?"]; | ||
| 42 | slang = "no"; | ||
| 43 | } | ||
| 44 | { | ||
| 45 | alang = "*"; | ||
| 46 | slang = "eng?"; | ||
| 47 | } | ||
| 48 | { | ||
| 49 | alang = "*"; | ||
| 50 | slang = "und"; | ||
| 51 | } | ||
| 52 | ])}" | ||
| 23 | ]; | 53 | ]; | 
| 24 | }; | 54 | }; | 
| 25 | scripts = [ | 55 | scripts = [ | 
| @@ -65,6 +95,14 @@ | |||
| 65 | 95 | ||
| 66 | passthru.scriptName = "chapterskip.lua"; | 96 | passthru.scriptName = "chapterskip.lua"; | 
| 67 | })) | 97 | })) | 
| 98 | (pkgs.stdenv.mkDerivation (sources.mpv-subselect // rec { | ||
| 99 | installPhase = '' | ||
| 100 | install -d $out/share/mpv/scripts | ||
| 101 | install -m 0644 sub-select.lua $out/share/mpv/scripts/${passthru.scriptName} | ||
| 102 | ''; | ||
| 103 | |||
| 104 | passthru.scriptName = "sub-select.lua"; | ||
| 105 | })) | ||
| 68 | ]; | 106 | ]; | 
| 69 | }; | 107 | }; | 
| 70 | } | 108 | } | 
