From 9248259708bd6ade5e334a2cdfb29d2a20acb0dd Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Mon, 3 Oct 2022 17:15:36 +0200 Subject: ... --- _sources/generated.json | 46 +++++++--------- _sources/generated.nix | 32 +++++------ accounts/gkleen@sif/systemd.nix | 2 +- flake.lock | 48 ++++++++-------- flake.nix | 21 +++---- hosts/sif/default.nix | 18 +++--- hosts/surtr/vpn/default.nix | 4 +- hosts/vidhar/borg/default.nix | 6 +- hosts/vidhar/network/dhcp/default.nix | 58 ++++++++++++++----- hosts/vidhar/network/dsl.nix | 8 +-- hosts/vidhar/prometheus/default.nix | 7 ++- installer-profiles/cd-dvd.nix | 7 +++ installer-profiles/netboot.nix | 7 +++ installer-profiles/nfsroot.nix | 95 ++++++++++++++++++++++++++++++++ installer/default.nix | 2 +- modules/netns.nix | 14 ++--- modules/zfssnap/default.nix | 2 +- nvfetcher.toml | 4 -- overlays/fast-cli.nix | 34 ------------ overlays/postfix-mta-sts-resolver.nix | 1 + overlays/urxvt/52-osc.pl | 41 -------------- overlays/urxvt/default.nix | 21 ------- overlays/worktime/default.nix | 2 +- shell.nix | 10 ---- system-profiles/build-server/default.nix | 14 +++-- system-profiles/openssh/default.nix | 2 +- user-profiles/feeds/module.nix | 2 +- user-profiles/mpv/default.nix | 2 +- user-profiles/utils.nix | 2 +- 29 files changed, 274 insertions(+), 238 deletions(-) create mode 100644 installer-profiles/cd-dvd.nix create mode 100644 installer-profiles/netboot.nix create mode 100644 installer-profiles/nfsroot.nix delete mode 100644 overlays/fast-cli.nix delete mode 100644 overlays/urxvt/52-osc.pl delete mode 100644 overlays/urxvt/default.nix diff --git a/_sources/generated.json b/_sources/generated.json index dcbde8b1..3f08cb6a 100644 --- a/_sources/generated.json +++ b/_sources/generated.json @@ -1,6 +1,7 @@ { "afew": { "cargoLocks": null, + "date": "2021-05-30", "extract": null, "name": "afew", "passthru": null, @@ -20,6 +21,7 @@ }, "emacs-scratch_el": { "cargoLocks": null, + "date": "2015-09-10", "extract": null, "name": "emacs-scratch_el", "passthru": null, @@ -37,27 +39,9 @@ }, "version": "0077334cc299aa7885f804d88f52cdb1b35caf71" }, - "fast-cli": { - "cargoLocks": null, - "extract": null, - "name": "fast-cli", - "passthru": null, - "pinned": false, - "src": { - "deepClone": false, - "fetchSubmodules": false, - "leaveDotGit": false, - "name": null, - "owner": "gesquive", - "repo": "fast-cli", - "rev": "v0.2.10", - "sha256": "sha256-j7/3Llc3jTeJGpOH3Aexm9qcNscuk0mbi4ZCCyzC3+s=", - "type": "github" - }, - "version": "v0.2.10" - }, "lesspipe": { "cargoLocks": null, + "date": null, "extract": null, "name": "lesspipe", "passthru": null, @@ -72,6 +56,7 @@ }, "mpv-autosave": { "cargoLocks": null, + "date": "2020-10-22", "extract": null, "name": "mpv-autosave", "passthru": null, @@ -90,6 +75,7 @@ }, "mpv-chapterskip": { "cargoLocks": null, + "date": "2022-09-08", "extract": null, "name": "mpv-chapterskip", "passthru": null, @@ -109,6 +95,7 @@ }, "mpv-createchapter": { "cargoLocks": null, + "date": "2020-09-05", "extract": null, "name": "mpv-createchapter", "passthru": null, @@ -128,6 +115,7 @@ }, "mpv-mpris": { "cargoLocks": null, + "date": null, "extract": null, "name": "mpv-mpris", "passthru": null, @@ -147,6 +135,7 @@ }, "mpv-reload": { "cargoLocks": null, + "date": "2022-01-27", "extract": null, "name": "mpv-reload", "passthru": null, @@ -166,6 +155,7 @@ }, "postfix-mta-sts-resolver": { "cargoLocks": null, + "date": null, "extract": null, "name": "postfix-mta-sts-resolver", "passthru": null, @@ -180,6 +170,7 @@ }, "postfwd": { "cargoLocks": null, + "date": null, "extract": null, "name": "postfwd", "passthru": null, @@ -194,6 +185,7 @@ }, "psql-versioning": { "cargoLocks": null, + "date": "2020-02-18", "extract": null, "name": "psql-versioning", "passthru": null, @@ -212,20 +204,22 @@ }, "smartprom": { "cargoLocks": null, + "date": null, "extract": null, "name": "smartprom", "passthru": null, "pinned": false, "src": { "name": null, - "sha256": "sha256-VbpFvDBygJswUfmufVjo/xXxDDmXLq/0D9ln8u+139E=", + "sha256": "sha256-l2Mg/WQZ34a6SEcftIroZglgMS6faNFTRnhPgyZNt+I=", "type": "url", - "url": "https://github.com/matusnovak/prometheus-smartctl/archive/refs/tags/v2.1.0.tar.gz" + "url": "https://github.com/matusnovak/prometheus-smartctl/archive/refs/tags/v2.2.0.tar.gz" }, - "version": "2.1.0" + "version": "2.2.0" }, "uhk-agent": { "cargoLocks": null, + "date": null, "extract": null, "name": "uhk-agent", "passthru": null, @@ -240,6 +234,7 @@ }, "v4l2loopback": { "cargoLocks": null, + "date": "2022-08-05", "extract": null, "name": "v4l2loopback", "passthru": null, @@ -259,6 +254,7 @@ }, "xcompose": { "cargoLocks": null, + "date": "2022-09-14", "extract": null, "name": "xcompose", "passthru": null, @@ -270,10 +266,10 @@ "name": null, "owner": "kragen", "repo": "xcompose", - "rev": "150c47fabb9f45e81138f71347dc75f69b5dd987", - "sha256": "sha256-XQ0ZuXGvDLz9fJ0yGHtgL4wl9Jx3SG30cGBM2b947iY=", + "rev": "cd8d3e622f547ec9f83d7f64f51d4a27ee812681", + "sha256": "sha256-fkl2lDv/DdrqPjVsEUKSRD3BNGwTjTsA0ovI8akFI6U=", "type": "github" }, - "version": "150c47fabb9f45e81138f71347dc75f69b5dd987" + "version": "cd8d3e622f547ec9f83d7f64f51d4a27ee812681" } } \ No newline at end of file diff --git a/_sources/generated.nix b/_sources/generated.nix index a77cb5d8..e472a8e8 100644 --- a/_sources/generated.nix +++ b/_sources/generated.nix @@ -13,6 +13,7 @@ leaveDotGit = true; sha256 = "sha256-Ipt/EvksMFihSo6t2aoQkjuxAEYdY6P4f1fhLJuGl3g="; }); + date = "2021-05-30"; }; emacs-scratch_el = { pname = "emacs-scratch_el"; @@ -24,17 +25,7 @@ fetchSubmodules = false; sha256 = "sha256-FUkKJ+1COGzgllzzv51yUIjMZI6slOFVExdwWl2ZEBA="; }); - }; - fast-cli = { - pname = "fast-cli"; - version = "v0.2.10"; - src = fetchFromGitHub ({ - owner = "gesquive"; - repo = "fast-cli"; - rev = "v0.2.10"; - fetchSubmodules = false; - sha256 = "sha256-j7/3Llc3jTeJGpOH3Aexm9qcNscuk0mbi4ZCCyzC3+s="; - }); + date = "2015-09-10"; }; lesspipe = { pname = "lesspipe"; @@ -55,6 +46,7 @@ leaveDotGit = false; sha256 = "sha256-yxA8wgzdS7SyKLoNTWN87ShsBfPKUflbOu4Y0jS2G3I="; }; + date = "2020-10-22"; }; mpv-chapterskip = { pname = "mpv-chapterskip"; @@ -66,6 +58,7 @@ fetchSubmodules = false; sha256 = "sha256-OTrLQE3rYvPQamEX23D6HttNjx3vafWdTMxTiWpDy90="; }); + date = "2022-09-08"; }; mpv-createchapter = { pname = "mpv-createchapter"; @@ -77,6 +70,7 @@ fetchSubmodules = false; sha256 = "sha256-rPtG7mgf7tOY8Ih4Bz1tpd4MwXOxJmngjY+s70zWX+g="; }); + date = "2020-09-05"; }; mpv-mpris = { pname = "mpv-mpris"; @@ -99,6 +93,7 @@ fetchSubmodules = false; sha256 = "sha256-+DoKPIulQA3VSeXo8DjoxnPwDfcuCO5YHpXmB+M7EWk="; }); + date = "2022-01-27"; }; postfix-mta-sts-resolver = { pname = "postfix-mta-sts-resolver"; @@ -127,13 +122,14 @@ leaveDotGit = false; sha256 = "sha256-j+njRssJHTdNV3FbcA3MdUmzCaJxuYBrC0qwtK3HoyY="; }; + date = "2020-02-18"; }; smartprom = { pname = "smartprom"; - version = "2.1.0"; + version = "2.2.0"; src = fetchurl { - url = "https://github.com/matusnovak/prometheus-smartctl/archive/refs/tags/v2.1.0.tar.gz"; - sha256 = "sha256-VbpFvDBygJswUfmufVjo/xXxDDmXLq/0D9ln8u+139E="; + url = "https://github.com/matusnovak/prometheus-smartctl/archive/refs/tags/v2.2.0.tar.gz"; + sha256 = "sha256-l2Mg/WQZ34a6SEcftIroZglgMS6faNFTRnhPgyZNt+I="; }; }; uhk-agent = { @@ -154,16 +150,18 @@ fetchSubmodules = true; sha256 = "sha256-c6g63jW+a+v/TxLD9NnQGn/aUgivwVkxzP+hZ65w2/o="; }); + date = "2022-08-05"; }; xcompose = { pname = "xcompose"; - version = "150c47fabb9f45e81138f71347dc75f69b5dd987"; + version = "cd8d3e622f547ec9f83d7f64f51d4a27ee812681"; src = fetchFromGitHub ({ owner = "kragen"; repo = "xcompose"; - rev = "150c47fabb9f45e81138f71347dc75f69b5dd987"; + rev = "cd8d3e622f547ec9f83d7f64f51d4a27ee812681"; fetchSubmodules = false; - sha256 = "sha256-XQ0ZuXGvDLz9fJ0yGHtgL4wl9Jx3SG30cGBM2b947iY="; + sha256 = "sha256-fkl2lDv/DdrqPjVsEUKSRD3BNGwTjTsA0ovI8akFI6U="; }); + date = "2022-09-14"; }; } diff --git a/accounts/gkleen@sif/systemd.nix b/accounts/gkleen@sif/systemd.nix index 819c1ff6..2fba0404 100644 --- a/accounts/gkleen@sif/systemd.nix +++ b/accounts/gkleen@sif/systemd.nix @@ -48,7 +48,7 @@ in { Type = "oneshot"; WorkingDirectory = "~"; ExecStart = toString (pkgs.writers.writePython3 "sync-keepass" { - libraries = with pkgs.python3Packages; [ dateutil ]; + libraries = with pkgs.python3Packages; [ python-dateutil ]; } '' import json import subprocess diff --git a/flake.lock b/flake.lock index 7a0dd9c1..e76b90cb 100644 --- a/flake.lock +++ b/flake.lock @@ -59,11 +59,11 @@ }, "flake-utils_2": { "locked": { - "lastModified": 1649676176, - "narHash": "sha256-OWKJratjt2RW151VUlJPRALb7OU2S5s+f0vLj4o1bHM=", + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "owner": "numtide", "repo": "flake-utils", - "rev": "a4b154ebbdc88c8498a5c7b01589addc9e9cb678", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", "type": "github" }, "original": { @@ -80,11 +80,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1662759269, - "narHash": "sha256-lt8bAfEZudCQb+MxoNKmenhMTXhu3RCCyLYxU9t5FFk=", + "lastModified": 1664573442, + "narHash": "sha256-AovlSIuJfMf8n9QLNUVtsCul+NVHIoen7APH2fLls3k=", "owner": "nix-community", "repo": "home-manager", - "rev": "9f7fe353b613d0e45d7a5cdbd1f13c96c15803dd", + "rev": "a7f0cc2d7b271b4a5df9b9e351d556c172f7e903", "type": "github" }, "original": { @@ -121,11 +121,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1663071011, - "narHash": "sha256-HjPb5iEwKwyNpnkn4Wo2hptAU5TAmfXd30mxemXPBtg=", + "lastModified": 1664729105, + "narHash": "sha256-jriM5XldII1rs3v4EWPqHYZdmyRxqE6pRUlINxNwVE8=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0caf7675ec9b90ab9ad309d7a993a13798eeaa26", + "rev": "15ffd20e8c26a23e95293d15dcb25237aa44cb1c", "type": "github" }, "original": { @@ -137,11 +137,11 @@ }, "nixpkgs-22_05": { "locked": { - "lastModified": 1662864125, - "narHash": "sha256-AtjyEFK7Zp9+hOOUNO1/YZRADV/wC94R3yeKN8saUK4=", + "lastModified": 1664201777, + "narHash": "sha256-cUW9DqELUNi1jNMwVSbfq4yl5YGyOfeu+UHUUImbby0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e6f053b6079c16e7df97531e3e0524ace1304d4d", + "rev": "00f877f4927b6f7d7b75731b5a1e2ae7324eaf14", "type": "github" }, "original": { @@ -162,11 +162,11 @@ ] }, "locked": { - "lastModified": 1654975372, - "narHash": "sha256-wkNZ16akgKViuZzE/IM+bux4uaJ04KIwUeexH8gBjgw=", + "lastModified": 1664550666, + "narHash": "sha256-eXfMRd9uItEp3PsYI31FSVGPG9dVC6yF++65ZrGwW8A=", "owner": "berberman", "repo": "nvfetcher", - "rev": "d4b237c10f14f72f8266b0f658faad822e491e55", + "rev": "9763ad40d59a044e90726653d9253efaeeb053b2", "type": "github" }, "original": { @@ -179,11 +179,11 @@ "pypi-deps-db": { "flake": false, "locked": { - "lastModified": 1663059297, - "narHash": "sha256-JaD4mhUOLJRNaepE50fOUfaSYRNwMhobyj8HGIxosiQ=", + "lastModified": 1664698977, + "narHash": "sha256-Jqeg42mhfge4CJ/cHJTEpxY7RWAaVoxG7tgc9LTeVsQ=", "owner": "DavHau", "repo": "pypi-deps-db", - "rev": "8aa6ec60bf7ed12c1e1705a2f28be63d8eee4386", + "rev": "b4f1bfd3534e076a9a790df2c88226abc5bc8278", "type": "github" }, "original": { @@ -212,11 +212,11 @@ "nixpkgs-22_05": "nixpkgs-22_05" }, "locked": { - "lastModified": 1662870301, - "narHash": "sha256-O+ABD+WzEBLVH6FwxKCIpps0hsR6b5dpYe6fB3e3Ju8=", + "lastModified": 1664204020, + "narHash": "sha256-LAey3hr8b9EAt3n304Wt9Vm4uQFd8pSRtLX8leuYFDs=", "owner": "Mic92", "repo": "sops-nix", - "rev": "20929e1c5722a6db2f2dbe4cd36d4af0de0a9df0", + "rev": "912f9ff41fd9353dec1f783170793699789fe9aa", "type": "github" }, "original": { @@ -243,11 +243,11 @@ }, "utils_2": { "locked": { - "lastModified": 1653893745, - "narHash": "sha256-0jntwV3Z8//YwuOjzhV2sgJJPt+HY6KhU7VZUL0fKZQ=", + "lastModified": 1659877975, + "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", "owner": "numtide", "repo": "flake-utils", - "rev": "1ed9fb1935d260de5fe1c2f7ee0ebaae17ed2fa1", + "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index defcd864..43825563 100644 --- a/flake.nix +++ b/flake.nix @@ -157,7 +157,10 @@ # systemsSelector = "x86_64-linux"; # systems = filter (system: !(isNull (builtins.match systemsSelector system))) nixpkgs.lib.systems.flakeExposed; - systems = nixpkgs.lib.systems.flakeExposed; + systems = + let + disallowedSystems = ["armv5tel-linux"]; + in filter (system: !(elem system disallowedSystems)) nixpkgs.lib.systems.flakeExposed; nixpkgsPackages = localSystem: (makeOverridable (import (nixpkgs.outPath + "/pkgs/top-level"))) { inherit localSystem; }; forAllSystems = f: mapAttrs f (genAttrs systems nixpkgsPackages); forAllUsers = genAttrs (unique (map accountUserName (attrNames self.nixosModules.accounts))); @@ -167,20 +170,18 @@ overlayPaths = nixImport rec { dir = ./overlays; _import = (path: _name: dir + "/${path}"); }; - installerProfiles = system: - let nixpkgs-path = nixpkgs.outPath; - in mapAttrs (name: {path, output}: { profile = mkSystemProfile nixpkgs-path path "installer-${name}"; inherit output; }) - { cd-dvd = { path = "nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"; output = out: out.config.system.build.isoImage; }; - netboot = { path = "nixos/modules/installer/netboot/netboot-minimal.nix"; output = out: (self.legacyPackages.${system}.symlinkJoin { name = "netboot"; paths = with out.config.system.build; [ netbootRamdisk kernel netbootIpxeScript ]; preferLocalBuild = true; }); }; - }; + installerProfiles = nixImport rec { + dir = ./installer-profiles; + _import = path: name: mkSystemProfile dir path "installer-${name}"; + }; installerConfig = if pathExists ./installer.nix then "installer.nix" else (if pathExists ./installer then "installer" else null); mkInstallerForSystem = system: (lib.systems.elaborate system).isLinux; installers = - let mkInstallers = system: mapAttrs (mkInstaller system) (installerProfiles system); - mkInstaller = system: name: {profile, output}: let mkOutput = output; in rec { config = mkNixosConfiguration [profile { config = { nixpkgs.system = system; }; }] ./. installerConfig "installer"; output = mkOutput config; }; + let mkInstallers = system: mapAttrs (mkInstaller system) installerProfiles; + mkInstaller = system: name: profile: mkNixosConfiguration [profile { config = { nixpkgs.system = system; }; }] ./. installerConfig "installer"; in forAllSystems (system: _systemPkgs: optionalAttrs (!(isNull installerConfig) && mkInstallerForSystem system) (mkInstallers system)); - installerNixosConfigurations = listToAttrs (concatLists (mapAttrsToList (system: mapAttrsToList (profile: { config, ... }: nameValuePair ("installer-${system}-${profile}") config)) installers)); + installerNixosConfigurations = listToAttrs (concatLists (mapAttrsToList (system: mapAttrsToList (profile: config: nameValuePair ("installer-${system}-${profile}") config)) installers)); # packages = forAllSystems (system: systemPkgs: composeManyExtensions (attrValues self.overlays) self.legacyPackages.${system} systemPkgs); diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix index b4713736..b38a387c 100644 --- a/hosts/sif/default.nix +++ b/hosts/sif/default.nix @@ -290,7 +290,7 @@ in { services = { udev.packages = with pkgs; [ uhk-agent ]; - + # tinc.yggdrasil.enable = true; uucp = { @@ -313,9 +313,9 @@ in { fprintd.enable = true; blueman.enable = true; - + colord.enable = true; - + vnstat.enable = true; upower.enable = true; @@ -468,8 +468,8 @@ in { hardware = { bluetooth = { - enable = true; - package = pkgs.bluezFull; + enable = true; + package = pkgs.bluez; settings = { General = { Enable = "Source,Sink,Media,Socket"; @@ -510,12 +510,14 @@ in { daemonCPUSchedPolicy = "idle"; daemonIOSchedClass = "idle"; - buildServers.vidhar = { + buildServers.vidhar = let + vidhar = flake.nixosConfigurations.vidhar; + in { address = "vidhar.yggdrasil"; - systems = ["x86_64-linux" "i686-linux"]; + systems = [vidhar.config.nixpkgs.system] ++ vidhar.config.nix.settings.extra-platforms; + supportedFeatures = vidhar.config.nix.settings.system-features; maxJobs = 12; speedFactor = 4; - supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"]; }; }; diff --git a/hosts/surtr/vpn/default.nix b/hosts/surtr/vpn/default.nix index cad3b5b4..7f3065f7 100644 --- a/hosts/surtr/vpn/default.nix +++ b/hosts/surtr/vpn/default.nix @@ -143,9 +143,9 @@ in { serviceConfig = { Type = "oneshot"; RemainAfterExit = true; - ExecStop = "${pkgs.iproute}/bin/ip netns exec vpn ip link delete upstream"; + ExecStop = "${pkgs.iproute2}/bin/ip netns exec vpn ip link delete upstream"; }; - path = with pkgs; [ iproute procps ]; + path = with pkgs; [ iproute2 procps ]; script = '' ip netns exec vpn sysctl \ net.ipv6.conf.all.forwarding=1 \ diff --git a/hosts/vidhar/borg/default.nix b/hosts/vidhar/borg/default.nix index 650c91ee..79c75c4d 100644 --- a/hosts/vidhar/borg/default.nix +++ b/hosts/vidhar/borg/default.nix @@ -57,7 +57,7 @@ let buildInputs = with pkgs; [makeWrapper]; - python = inpPython.withPackages (ps: with ps; [humanize tqdm dateutil xdg python-unshare pyprctl halo]); + python = inpPython.withPackages (ps: with ps; [humanize tqdm python-dateutil xdg python-unshare pyprctl halo]); buildPhase = '' substitute $src copy \ @@ -74,7 +74,7 @@ let copy wrapProgram $out/bin/copy \ - --prefix PATH : ${makeBinPath (with pkgs; [utillinux borgbackup])}:${config.security.wrapperDir} + --prefix PATH : ${makeBinPath (with pkgs; [util-linux borgbackup])}:${config.security.wrapperDir} ''; }); @@ -93,7 +93,7 @@ let ''; postInstall = '' wrapProgram $out/bin/borgsnap \ - --prefix PATH : ${makeBinPath (with pkgs; [utillinux borgbackup])}:${config.security.wrapperDir} + --prefix PATH : ${makeBinPath (with pkgs; [util-linux borgbackup])}:${config.security.wrapperDir} ''; providers.python-unshare = "nixpkgs"; diff --git a/hosts/vidhar/network/dhcp/default.nix b/hosts/vidhar/network/dhcp/default.nix index 067dc6d6..e14b15ac 100644 --- a/hosts/vidhar/network/dhcp/default.nix +++ b/hosts/vidhar/network/dhcp/default.nix @@ -1,4 +1,7 @@ { flake, config, pkgs, lib, ... }: + +with lib; + { config = { services.kea = { @@ -23,7 +26,7 @@ { name = "ipxe"; test = "option[77].hex == 'iPXE'"; next-server = "10.141.0.1"; - boot-file-name = "netboot.ipxe"; + boot-file-name = "installer-x86_64-linux/netboot.ipxe"; only-if-required = true; } { name = "uefi-64"; @@ -146,7 +149,7 @@ pools = [ { pool = "10.141.2.128 - 10.141.2.254"; } ]; reservations = []; } - ]; + ]; }; }; # dhcp6 = { @@ -195,16 +198,16 @@ }; systemd.services.kea-dhcp-ddns-server = { - preStart = let + preStart = let configLines = [ "" - ] ++ lib.mapAttrsToList (k: v: + ] ++ mapAttrsToList (k: v: "\"${k}\": ${builtins.toJSON v}" ) config.services.kea.dhcp-ddns.settings; config-template = pkgs.writeText "dhcp-ddns.conf" '' {"DhcpDdns": { - ${lib.concatStringsSep ",\n " configLines} + ${concatStringsSep ",\n " configLines} }} ''; in '' @@ -212,8 +215,8 @@ ''; serviceConfig = { - ExecStart = lib.mkForce '' - ${pkgs.kea}/bin/kea-dhcp-ddns -c "''${RUNTIME_DIRECTORY}/dhcp-ddns.conf" ${lib.escapeShellArgs config.services.kea.dhcp-ddns.extraArgs} + ExecStart = mkForce '' + ${pkgs.kea}/bin/kea-dhcp-ddns -c "''${RUNTIME_DIRECTORY}/dhcp-ddns.conf" ${escapeShellArgs config.services.kea.dhcp-ddns.extraArgs} ''; LoadCredential = [ "knot-tsig.json.frag:${config.sops.secrets."kea-knot-tsig.json.frag".path}" @@ -226,26 +229,53 @@ sopsFile = ./knot-tsig.json.frag; }; - systemd.services."installer-atftpd" = { - description = "TFTP Server for PXE Booting NixOS Installer"; + systemd.services."pxe-atftpd" = { + description = "TFTP Server for PXE Booting"; after = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; serviceConfig.ExecStart = let - installerBuild = flake.nixosConfigurations.installer-x86_64-linux-netboot.config.system.build; ipxe = pkgs.ipxe.override { additionalTargets = { "bin-i386-efi/ipxe.efi" = "i386-ipxe.efi"; }; }; - tftpRoot = pkgs.runCommandLocal "installer-netboot" {} '' + tftpRoot = pkgs.runCommandLocal "netboot" {} '' mkdir -p $out install -m 0444 -t $out \ - ${installerBuild.netbootRamdisk}/initrd \ - ${installerBuild.kernel}/bzImage \ - ${installerBuild.netbootIpxeScript}/netboot.ipxe \ ${ipxe}/ipxe.efi ${ipxe}/i386-ipxe.efi ${ipxe}/undionly.kpxe + + ${concatMapStringsSep "\n" (system: + let + installerBuild = (flake.nixosConfigurations.${"installer-${system}-nfsroot"}.extendModules { + modules = [ + ({ ... }: { config.nfsroot.storeDevice = "vidhar:nix-store"; }) + ]; + }).config.system.build; + in '' + mkdir -p $out/installer-${system} + install -m 0444 -t $out/installer-${system} \ + ${installerBuild.initialRamdisk}/initrd \ + ${installerBuild.kernel}/bzImage \ + ${installerBuild.netbootIpxeScript}/netboot.ipxe + '' + ) ["x86_64-linux"]} ''; in "${pkgs.atftp}/sbin/atftpd --daemon --no-fork --bind-address=10.141.0.1 ${tftpRoot}"; }; + + services.nfs.server = { + enable = true; + createMountPoints = true; + exports = '' + /export/nix-root 10.141.0.0/24(ro) + ''; + }; + + fileSystems = { + "/export/nix-root" = { + device = "/nix/store"; + options = [ "bind" ]; + }; + }; }; } diff --git a/hosts/vidhar/network/dsl.nix b/hosts/vidhar/network/dsl.nix index a5f4daf2..461e74d2 100644 --- a/hosts/vidhar/network/dsl.nix +++ b/hosts/vidhar/network/dsl.nix @@ -11,7 +11,7 @@ in { default = "dsl"; }; }; - + config = { networking.vlans = { telekom = { @@ -19,7 +19,7 @@ in { interface = "eno2"; }; }; - + services.pppd = { enable = true; peers.telekom.config = '' @@ -40,7 +40,7 @@ in { }; systemd.services."pppd-telekom" = { stopIfChanged = true; - + serviceConfig = lib.mkForce { Type = "notify"; PIDFile = "/run/pppd/${pppInterface}.pid"; @@ -62,7 +62,7 @@ in { "ppp/ip-up" = { text = '' #!${pkgs.runtimeShell} - ${pkgs.iproute}/bin/ip route add default via "$5" dev "${pppInterface}" metric 512 + ${pkgs.iproute2}/bin/ip route add default via "$5" dev "${pppInterface}" metric 512 ''; mode = "0555"; }; diff --git a/hosts/vidhar/prometheus/default.nix b/hosts/vidhar/prometheus/default.nix index 7ac86c30..8e5ff0ea 100644 --- a/hosts/vidhar/prometheus/default.nix +++ b/hosts/vidhar/prometheus/default.nix @@ -61,9 +61,12 @@ in { }; apcupsd.enable = true; systemd = { - enable = true; + enable = false; # TODO extraFlags = [ - "--collector.unit-whitelist=(dhcpcd-dsl|pppd-telekom|corerad|ndppd)\.service" + "--systemd.collector.unit-include=(dhcpcd-dsl|pppd-telekom|corerad|ndppd)\.service" + "--systemd.collector.enable-restart-count" + "--systemd.collector.enable-file-descriptor-size" + "--systemd.collector.enable-ip-accounting" ]; }; blackbox = { diff --git a/installer-profiles/cd-dvd.nix b/installer-profiles/cd-dvd.nix new file mode 100644 index 00000000..45291bad --- /dev/null +++ b/installer-profiles/cd-dvd.nix @@ -0,0 +1,7 @@ +{ flakeInputs, ... }: + +{ + imports = [ + "${flakeInputs.nixpkgs.outPath}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" + ]; +} diff --git a/installer-profiles/netboot.nix b/installer-profiles/netboot.nix new file mode 100644 index 00000000..28e8084d --- /dev/null +++ b/installer-profiles/netboot.nix @@ -0,0 +1,7 @@ +{ flakeInputs, ... }: + +{ + imports = [ + "${flakeInputs.nixpkgs.outPath}/nixos/modules/installer/netboot/netboot-minimal.nix" + ]; +} diff --git a/installer-profiles/nfsroot.nix b/installer-profiles/nfsroot.nix new file mode 100644 index 00000000..9db415a8 --- /dev/null +++ b/installer-profiles/nfsroot.nix @@ -0,0 +1,95 @@ +{ config, pkgs, lib, flakeInputs, ... }: + +with lib; + +let + cfg = config.nfsroot; +in { + imports = [ + "${flakeInputs.nixpkgs.outPath}/nixos/modules/profiles/minimal.nix" + "${flakeInputs.nixpkgs.outPath}/nixos/modules/profiles/all-hardware.nix" + "${flakeInputs.nixpkgs.outPath}/nixos/modules/profiles/base.nix" + "${flakeInputs.nixpkgs.outPath}/nixos/modules/profiles/installation-device.nix" + ]; + + options = { + nfsroot = { + storeDevice = mkOption { + type = types.str; + }; + }; + }; + + config = { + # Don't build the GRUB menu builder script, since we don't need it + # here and it causes a cyclic dependency. + boot.loader.grub.enable = false; + + # !!! Hack - attributes expected by other modules. + environment.systemPackages = [ pkgs.grub2_efi ] + ++ (if pkgs.stdenv.hostPlatform.system == "aarch64-linux" + then [] + else [ pkgs.grub2 pkgs.syslinux ]); + + fileSystems."/" = mkImageMediaOverride + { fsType = "tmpfs"; + options = [ "mode=0755" ]; + }; + + # In stage 1, mount a tmpfs on top of /nix/store (the squashfs + # image) to make this a live CD. + fileSystems."/nix/.ro-store" = mkImageMediaOverride + { fsType = "nfs4"; + device = cfg.storeDevice; + options = [ "ro" ]; + neededForBoot = true; + }; + + fileSystems."/nix/.rw-store" = mkImageMediaOverride + { fsType = "tmpfs"; + options = [ "mode=0755" ]; + neededForBoot = true; + }; + + fileSystems."/nix/store" = mkImageMediaOverride + { fsType = "overlay"; + device = "overlay"; + options = [ + "lowerdir=/nix/.ro-store" + "upperdir=/nix/.rw-store/store" + "workdir=/nix/.rw-store/work" + ]; + + depends = [ + "/nix/.ro-store" + "/nix/.rw-store/store" + "/nix/.rw-store/work" + ]; + }; + + boot.initrd.availableKernelModules = [ "nfs" "nfsv4" "overlay" ]; + boot.initrd.supportedFilesystems = [ "nfs" "nfsv4" "overlay" ]; + + boot.initrd.network.enable = true; + boot.initrd.network.flushBeforeStage2 = false; # otherwise nfs dosen't work + networking.useDHCP = true; + + + system.build.netbootIpxeScript = pkgs.writeTextDir "netboot.ipxe" '' + #!ipxe + # Use the cmdline variable to allow the user to specify custom kernel params + # when chainloading this script from other iPXE scripts like netboot.xyz + kernel ${pkgs.stdenv.hostPlatform.linux-kernel.target} init=${config.system.build.toplevel}/init initrd=initrd ${toString config.boot.kernelParams} ''${cmdline} + initrd initrd + boot + ''; + + boot.postBootCommands = + '' + # nixos-rebuild also requires a "system" profile and an + # /etc/NIXOS tag. + touch /etc/NIXOS + ${config.nix.package}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system + ''; + }; +} diff --git a/installer/default.nix b/installer/default.nix index d77266ca..f882b22d 100644 --- a/installer/default.nix +++ b/installer/default.nix @@ -11,7 +11,7 @@ rulesetFile = ./ruleset.nft; }; }; - + services.openssh = { enable = true; staticHostKeys = false; diff --git a/modules/netns.nix b/modules/netns.nix index d4f07feb..dca3c0db 100644 --- a/modules/netns.nix +++ b/modules/netns.nix @@ -1,6 +1,6 @@ { pkgs, config, lib, ... }: -with lib; +with lib; let cfg = config.networking.namespaces; @@ -56,12 +56,12 @@ let wants = ["network.target"]; conflicts = ["shutdown.target"]; - path = with pkgs; [ iproute config.systemd.package ]; + path = with pkgs; [ iproute2 config.systemd.package ]; serviceConfig = { SyslogIdentifier = "netns container ${containerName}"; Type = "notify"; - + RestartForceExitStatus = "133"; SuccessExitStatus = "133"; @@ -114,7 +114,7 @@ let --capability=CAP_SYS_TTY_CONFIG,CAP_NET_ADMIN,CAP_NET_RAW,CAP_SYS_ADMIN \ --ephemeral \ --network-namespace-path=/run/netns/${containerCfg.netns} \ - ${containerInit} "${containerCfg.config.system.build.toplevel}/init" + ${containerInit} "${containerCfg.config.system.build.toplevel}/init" ''; }; in { @@ -133,13 +133,13 @@ in { assertions = [ { assertion = cfg.containers != {} -> cfg.enable; message = "netns containers require netns@ service template"; } ]; - + systemd.services = { "netns@" = mkIf cfg.enable { description = "%I network namspace"; before = [ "network-pre.target" ]; wants = [ "network-pre.target" ]; - path = with pkgs; [ iproute utillinux ]; + path = with pkgs; [ iproute2 util-linux ]; serviceConfig = { Type = "oneshot"; RemainAfterExit = true; @@ -149,7 +149,7 @@ in { umount /var/run/netns/"$1" mount --bind /proc/self/ns/net /var/run/netns/"$1" ''} %I"; - ExecStop = "${pkgs.iproute}/bin/ip netns del %I"; + ExecStop = "${pkgs.iproute2}/bin/ip netns del %I"; }; }; } // mapAttrs' mkContainerService cfg.containers; diff --git a/modules/zfssnap/default.nix b/modules/zfssnap/default.nix index f3e2f9c2..42cdf46f 100644 --- a/modules/zfssnap/default.nix +++ b/modules/zfssnap/default.nix @@ -11,7 +11,7 @@ let buildInputs = with pkgs; [makeWrapper]; - python = pkgs.python39.withPackages (ps: with ps; [pyxdg pytimeparse dateutil]); + python = pkgs.python39.withPackages (ps: with ps; [pyxdg pytimeparse python-dateutil]); buildPhase = '' substitute $src zfssnap \ diff --git a/nvfetcher.toml b/nvfetcher.toml index cb460076..ccdd78dd 100644 --- a/nvfetcher.toml +++ b/nvfetcher.toml @@ -34,10 +34,6 @@ src.git = "https://github.com/umlaeute/v4l2loopback" fetch.github = "umlaeute/v4l2loopback" git.fetchSubmodules = true -[fast-cli] -src.github = "gesquive/fast-cli" -fetch.github = "gesquive/fast-cli" - [xcompose] src.git = "https://github.com/kragen/xcompose" fetch.github = "kragen/xcompose" diff --git a/overlays/fast-cli.nix b/overlays/fast-cli.nix deleted file mode 100644 index a318eada..00000000 --- a/overlays/fast-cli.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ prev, sources, ... }: { - fast-cli = prev.buildGoModule rec { - pname = "fast-cli"; - - inherit (sources.fast-cli) version src; - vendorSha256 = "sha256-XM/5kUau0JBMxN0UpX6QNI31i8/+HNFvgFUFtlJsBh0="; - - preBuild = let - goMod = prev.writeText "go.mod" '' - module github.com/gesquive/fast-cli - - go 1.17 - - require ( - github.com/dustin/go-humanize v0.0.0-20170228161531-259d2a102b87 - github.com/fatih/color v1.4.1 - github.com/gesquive/cli v0.2.0 - github.com/inconshreveable/mousetrap v1.0.0 - github.com/mattn/go-colorable v0.0.8-0.20170210172801-5411d3eea597 - github.com/mattn/go-isatty v0.0.2-0.20170307163044-57fdcb988a5c - github.com/spf13/cobra v0.0.0-20170531045452-8d4ce3549a0b - github.com/spf13/pflag v1.0.0 - golang.org/x/sys v0.0.0-20170213225739-e24f485414ae - ) - ''; - in '' - install -v -m 0644 ${goMod} ./go.mod - ''; - - ldflags = [ - "-X main.version=${prev.lib.removePrefix "v" version}" - ]; - }; -} diff --git a/overlays/postfix-mta-sts-resolver.nix b/overlays/postfix-mta-sts-resolver.nix index a06dace5..d8b1ff00 100644 --- a/overlays/postfix-mta-sts-resolver.nix +++ b/overlays/postfix-mta-sts-resolver.nix @@ -24,5 +24,6 @@ ]; _.pyparsing.buildInputs.add = with final.python310Packages; [ flit-core ]; + _.idna.buildInputs.add = with final.python310Packages; [ flit-core ]; }; } diff --git a/overlays/urxvt/52-osc.pl b/overlays/urxvt/52-osc.pl deleted file mode 100644 index 3292e8c4..00000000 --- a/overlays/urxvt/52-osc.pl +++ /dev/null @@ -1,41 +0,0 @@ -#! perl - -=head1 NAME - -52-osc - Implement OSC 32 ; Interact with X11 clipboard - -=head1 SYNOPSIS - - urxvt -pe 52-osc - -=head1 DESCRIPTION - -This extension implements OSC 52 for interacting with system clipboard - -Most code stolen from: -http://ailin.tucana.uberspace.de/static/nei/*/Code/urxvt/ - -=cut - -use MIME::Base64; -use Encode; - -sub on_osc_seq { - my ($term, $op, $args) = @_; - return () unless $op eq 52; - - my ($clip, $data) = split ';', $args, 2; - if ($data eq '?') { - # my $data_free = $term->selection(); - # Encode::_utf8_off($data_free); # XXX - # $term->tt_write("\e]52;$clip;".encode_base64($data_free, '')."\a"); - } - else { - my $data_decoded = decode_base64($data); - Encode::_utf8_on($data_decoded); # XXX - $term->selection($data_decoded, $clip =~ /c|^$/); - $term->selection_grab(urxvt::CurrentTime, $clip =~ /c|^$/); - } - - () -} diff --git a/overlays/urxvt/default.nix b/overlays/urxvt/default.nix deleted file mode 100644 index 77a2c51f..00000000 --- a/overlays/urxvt/default.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ final, prev, ... }: { - rxvt_unicode-with-plugins = prev.rxvt-unicode.override { - configure = { availablePlugins, ... }: { - plugins = [ final.urxvt_osc_52 ] ++ builtins.attrValues availablePlugins; - }; - }; - urxvt_osc_52 = prev.stdenv.mkDerivation { - name = "rxvt_unicode-osc_52-0"; - src = ./52-osc.pl; - unpackPhase = '' - cp $src 52-osc - ''; - buildPhase = '' - sed -i 's|#! perl|#! ${final.perl}/bin/perl|g' 52-osc - ''; - installPhase = '' - mkdir -p $out/lib/urxvt/perl - cp 52-osc $out/lib/urxvt/perl - ''; - }; -} diff --git a/overlays/worktime/default.nix b/overlays/worktime/default.nix index a8ee15e3..20c0b90f 100644 --- a/overlays/worktime/default.nix +++ b/overlays/worktime/default.nix @@ -5,7 +5,7 @@ phases = [ "buildPhase" "checkPhase" "installPhase" ]; - python = prev.python39.withPackages (ps: with ps; [pyxdg dateutil uritools requests configparser tabulate]); + python = prev.python39.withPackages (ps: with ps; [pyxdg python-dateutil uritools requests configparser tabulate]); buildInputs = [ python ]; buildPhase = '' diff --git a/shell.nix b/shell.nix index 05ba992b..6ada761e 100644 --- a/shell.nix +++ b/shell.nix @@ -1,21 +1,11 @@ { pkgs ? import {}, deploy-rs, nvfetcher }: let - nixWithFlakes = pkgs.symlinkJoin { - name = "nix-with-flakes"; - paths = [ pkgs.nixFlakes ]; - buildInputs = [ pkgs.makeWrapper ]; - postBuild = '' - wrapProgram $out/bin/nix --add-flags '--option experimental-features "nix-command flakes"' - ''; - }; - tai64dec = pkgs.writeShellScriptBin "tai64dec" '' echo $((16#$(${pkgs.daemontools}/bin/tai64n <<<"" | ${pkgs.coreutils}/bin/tail -c +2 | ${pkgs.coreutils}/bin/head -c 16))) ''; in pkgs.mkShell { name = "nixos"; nativeBuildInputs = with pkgs; [ - nixWithFlakes sops wireguard-tools gup diff --git a/system-profiles/build-server/default.nix b/system-profiles/build-server/default.nix index 20b23a31..ee99e02f 100644 --- a/system-profiles/build-server/default.nix +++ b/system-profiles/build-server/default.nix @@ -1,8 +1,12 @@ -{ customUtils, flake, config, lib, ... }: +{ customUtils, flake, config, lib, pkgs, ... }: -{ +with lib; + +let + disallowedSystems = ["armv5tel-linux" config.nixpkgs.system] ++ optional (systems.elaborate config.nixpkgs.system).isx86_64 "i686-linux"; +in { imports = with flake.nixosModules.systemProfiles; [ openssh ]; - + config = { users.groups.nix-ssh-builder = {}; users.users.nix-ssh-builder = { @@ -30,8 +34,10 @@ users.users.nix-ssh-builder.openssh.authorizedKeys.keys = let - importKeys = dir: lib.attrValues (customUtils.mapFilterAttrs (_: v: v != null) (n: v: lib.nameValuePair n (if v == "directory" then importKeys' dir n else null)) (builtins.readDir dir)); + importKeys = dir: attrValues (customUtils.mapFilterAttrs (_: v: v != null) (n: v: nameValuePair n (if v == "directory" then importKeys' dir n else null)) (builtins.readDir dir)); importKeys' = dir: host: builtins.readFile (dir + "/${host}/public"); in importKeys ./clients; + + boot.binfmt.emulatedSystems = mkDefault (filter (system: (systems.elaborate system).emulatorAvailable pkgs && !(elem system disallowedSystems)) systems.flakeExposed); }; } diff --git a/system-profiles/openssh/default.nix b/system-profiles/openssh/default.nix index 47908682..3d04d9b5 100644 --- a/system-profiles/openssh/default.nix +++ b/system-profiles/openssh/default.nix @@ -88,7 +88,7 @@ in { }; environment.systemPackages = mkIf cfg.enable (with pkgs; [ - rxvt_unicode.terminfo alacritty.terminfo + alacritty.terminfo ]); }; } diff --git a/user-profiles/feeds/module.nix b/user-profiles/feeds/module.nix index 9b1ef594..63e827eb 100644 --- a/user-profiles/feeds/module.nix +++ b/user-profiles/feeds/module.nix @@ -75,7 +75,7 @@ let phases = [ "buildPhase" "checkPhase" "installPhase" "fixupPhase" ]; - python = pkgs.python39.withPackages (ps: with ps; [ configparser dateutil html2text ]); + python = pkgs.python39.withPackages (ps: with ps; [ configparser python-dateutil html2text ]); nativeBuildInputs = with pkgs; [ makeWrapper ]; diff --git a/user-profiles/mpv/default.nix b/user-profiles/mpv/default.nix index 33b0ffaf..0c87b6e7 100644 --- a/user-profiles/mpv/default.nix +++ b/user-profiles/mpv/default.nix @@ -53,7 +53,7 @@ install -m 0644 mpris.so $out/share/mpv/scripts/${passthru.scriptName} ''; - nativeBuildInputs = with pkgs; [ pkgconfig glib mpv ]; + nativeBuildInputs = with pkgs; [ pkg-config glib mpv ]; passthru.scriptName = "mpris.so"; })) diff --git a/user-profiles/utils.nix b/user-profiles/utils.nix index c5042d41..41fb312b 100644 --- a/user-profiles/utils.nix +++ b/user-profiles/utils.nix @@ -21,7 +21,7 @@ home.packages = with pkgs; [ autossh usbutils pciutils exa silver-searcher pwgen unzip magic-wormhole qrencode tty-clock dnsutils openssl sshfs psmisc - mosh tree vnstat file pv bc fast-cli zip nmap aspell + mosh tree vnstat file pv bc zip nmap aspell aspellDicts.de aspellDicts.en borgbackup man-pages rsync socat inetutils yq cached-nix-shell persistent-nix-shell rage smartmontools hdparm -- cgit v1.2.3