From ddcc8c65e30a9ca3b56e25466e749cb100b28510 Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sat, 22 Oct 2022 19:33:45 +0200 Subject: ... --- _sources/generated.json | 19 +++++++++ _sources/generated.nix | 13 +++++++ accounts/gkleen@sif/default.nix | 23 ++++++----- accounts/gkleen@sif/ssh-hosts.nix | 4 ++ accounts/gkleen@sif/xmonad/xmonad.hs | 51 ++++++++++++------------- flake.nix | 1 + hosts/sif/default.nix | 11 +++--- hosts/surtr/dns/zones/email.bouncy.soa | 4 +- hosts/surtr/email/default.nix | 7 +++- hosts/vidhar/dns/zones/yggdrasil.soa | 3 +- hosts/vidhar/network/default.nix | 26 +++++++++++++ hosts/vidhar/network/dhcp/default.nix | 70 ++++++++++++++++++---------------- hosts/vidhar/network/ruleset.nft | 19 +++++---- installer-profiles/nfsroot.nix | 28 +++++++++++++- installer/ruleset.nft | 4 +- nvfetcher.toml | 4 ++ user-profiles/mpv/default.nix | 46 ++++++++++++++++++++-- 17 files changed, 242 insertions(+), 91 deletions(-) diff --git a/_sources/generated.json b/_sources/generated.json index 3f08cb6a..622886db 100644 --- a/_sources/generated.json +++ b/_sources/generated.json @@ -153,6 +153,25 @@ }, "version": "c1219b6ac3ee3de887e6a36ae41a8e478835ae92" }, + "mpv-subselect": { + "cargoLocks": null, + "date": "2022-09-10", + "extract": null, + "name": "mpv-subselect", + "passthru": null, + "pinned": false, + "src": { + "deepClone": false, + "fetchSubmodules": false, + "leaveDotGit": false, + "name": null, + "rev": "5aa5023ff85e81efef0980202ee06e431203a9a5", + "sha256": "sha256-3B7k2Jbx1KW7hkBOkQ5P3sMtj+NfAguAfyB135hmfT4=", + "type": "git", + "url": "https://github.com/CogentRedTester/mpv-sub-select" + }, + "version": "5aa5023ff85e81efef0980202ee06e431203a9a5" + }, "postfix-mta-sts-resolver": { "cargoLocks": null, "date": null, diff --git a/_sources/generated.nix b/_sources/generated.nix index e472a8e8..e8e2e784 100644 --- a/_sources/generated.nix +++ b/_sources/generated.nix @@ -95,6 +95,19 @@ }); date = "2022-01-27"; }; + mpv-subselect = { + pname = "mpv-subselect"; + version = "5aa5023ff85e81efef0980202ee06e431203a9a5"; + src = fetchgit { + url = "https://github.com/CogentRedTester/mpv-sub-select"; + rev = "5aa5023ff85e81efef0980202ee06e431203a9a5"; + fetchSubmodules = false; + deepClone = false; + leaveDotGit = false; + sha256 = "sha256-3B7k2Jbx1KW7hkBOkQ5P3sMtj+NfAguAfyB135hmfT4="; + }; + date = "2022-09-10"; + }; postfix-mta-sts-resolver = { pname = "postfix-mta-sts-resolver"; version = "1.1.4"; diff --git a/accounts/gkleen@sif/default.nix b/accounts/gkleen@sif/default.nix index 2cfaa620..842f7538 100644 --- a/accounts/gkleen@sif/default.nix +++ b/accounts/gkleen@sif/default.nix @@ -1,4 +1,7 @@ { flake, flakeInputs, userName, pkgs, customUtils, lib, config, sources, ... }@inputs: + +with lib; + let cfg = config.home-manager.users.${userName}; xmonad = import ./xmonad pkgs.haskell.packages.ghc8107; @@ -29,16 +32,18 @@ let --prefix PATH : ${pkgs.pulseaudio}/bin ''; }; - wrapElectron = { package, bin ? package.meta.mainProgram or package.pname or (pkgs.lib.strings.nameFromURL package.name "-"), outBin ? bin }: pkgs.runCommand "${package.name}-wrapped" { buildInputs = with pkgs; [ makeWrapper ]; } '' + wrapElectron = { package, bin ? package.meta.mainProgram or package.pname or (pkgs.lib.strings.nameFromURL package.name "-"), outBin ? bin, sandbox ? true }: pkgs.runCommand "${package.name}-wrapped" { buildInputs = with pkgs; [ makeWrapper ]; } '' mkdir -p "$out/bin" makeWrapper ${package}/bin/${bin} $out/bin/${outBin} \ - --add-flags '--force-device-scale-factor=1.6' + --add-flags '--force-device-scale-factor=1.6' \ + ${optionalString (!sandbox) "--add-flags '--no-sandbox'"} ''; - + wrappedChrome = wrapElectron { package = pkgs.google-chrome; outBin = "google-chrome"; }; wrappedZulip = wrapElectron { package = pkgs.zulip; bin = "zulip"; outBin = "zulip"; }; wrappedElementDesktop = wrapElectron { package = pkgs.element-desktop; bin = "element-desktop"; outBin = "element"; }; wrappedRocketChatDesktop = wrapElectron { package = pkgs.rocketchat-desktop; bin = "rocketchat-desktop"; outBin = "rocketchat"; }; + wrappedYTMDesktop = wrapElectron { package = pkgs.ytmdesktop; sandbox = false; }; in { imports = with flake.nixosModules.userProfiles.${userName}; [ mpv yt-dlp (args: import ./xcompose.nix (inputs // args)) @@ -47,7 +52,7 @@ in { config = { services.xserver = { displayManager.defaultSession = "none+xmonad"; - + windowManager.session = [{ name = "xmonad"; start = '' @@ -155,7 +160,7 @@ in { zsh.initExtra = "source ${./zshrc}"; zsh.dirHashes = let - flakeHashes = lib.mapAttrs' (n: v: lib.nameValuePair (inputNames.${n} or n) (toString v)) flakeInputs; + flakeHashes = mapAttrs' (n: v: nameValuePair (inputNames.${n} or n) (toString v)) flakeInputs; inputNames = { "nixpkgs" = "nixos"; }; @@ -193,7 +198,7 @@ in { enable = true; client = { enable = true; - arguments = lib.mkForce ["-a" "\"\""]; + arguments = mkForce ["-a" "\"\""]; }; }; gpg-agent = { @@ -318,7 +323,7 @@ in { fira fira-code powerline-fonts nerdfonts pavucontrol keepassxc sxiv xclip mumble pulseaudio-ctl pamixer libnotify synergy xorg.xbacklight screen-message - ytmdesktop qt5ct playerctl evince + wrappedYTMDesktop qt5ct playerctl evince thunderbird wrappedZulip zoom-us steam steam-run wireshark virt-manager rclone cached-nix-shell xournal xmonad worktime fira-code-symbols libreoffice xournalpp wrappedChrome @@ -403,8 +408,8 @@ in { defaultApplications = let filters = { }; - filter = n: v: (filters.${n} or lib.id) (lib.filter (d: d != "emacs.desktop") v); - in lib.mapAttrs filter (cfg.lib.xdg.mimeAssociations [ + doFilter = n: v: (filters.${n} or id) (filter (d: d != "emacs.desktop") v); + in mapAttrs doFilter (cfg.lib.xdg.mimeAssociations [ cfg.programs.zathura.package pkgs.sxiv cfg.programs.emacs.package diff --git a/accounts/gkleen@sif/ssh-hosts.nix b/accounts/gkleen@sif/ssh-hosts.nix index 24d1f18c..d041ede0 100644 --- a/accounts/gkleen@sif/ssh-hosts.nix +++ b/accounts/gkleen@sif/ssh-hosts.nix @@ -48,6 +48,10 @@ { user = "git"; identityFile = "~/.ssh/gkleen@sif.midgard.yggdrasil"; }; + "gitlab.ifi.lmu.de" = + { user = "git"; + identityFile = "~/.ssh/kleen@gitlab.ifi.lmu.de"; + }; "hel".hostname = "hel.midgard.yggdrasil"; "blackbeard" = { hostname = "blackbeard.tcs.ifi.lmu.de"; diff --git a/accounts/gkleen@sif/xmonad/xmonad.hs b/accounts/gkleen@sif/xmonad/xmonad.hs index 830bb2dd..3dc017a9 100644 --- a/accounts/gkleen@sif/xmonad/xmonad.hs +++ b/accounts/gkleen@sif/xmonad/xmonad.hs @@ -340,7 +340,7 @@ hostFromName h , NS "toggl" "toggldesktop" (className =? "Toggl Desktop") centerFloat , NS "calendar" "minetime -- --force-device-scale-factor=1.6" (className =? "MineTime") centerFloat , NS "emacs" "emacsclient -c -F \"'(title . \\\"Scratchpad\\\")\"" (className =? "Emacs" <&&> title =? "Scratchpad") centerFloat - -- , NS "music" "google-play-music-desktop-player --force-device-scale-factor=1.6" (className =? "Google Play Music Desktop Player") centerFloat + , NS "music" "ytmdesktop" (className =? "youtube-music-desktop-app") centerFloat ] centerFloat = customFloating $ RationalRect (1 % 16) (1 % 16) (7 % 8) (7 % 8) centerFloatSmall = customFloating $ RationalRect (1 % 4) (1 % 4) (1 % 2) (1 % 2) @@ -414,10 +414,10 @@ hostFromName h (first : rest) = filter (not . null) $ lines result notification = Notify.summary first <> Notify.body (unlines rest) <> Notify.timeout Infinite <> Notify.urgency Normal <> Notify.appName "dc" void $ Notify.display notification - synergyCompl = mkComplFunFromList' xPConfigMonospace ["mathw86"] + synergyCompl = mkComplFunFromList' xPConfigMonospace ["mathw86"] synergyStart host = safeSpawn "systemctl" ["--user", "start", "synergy-rtunnel@" ++ host ++ ".service"] synergyStop host = safeSpawn "systemctl" ["--user", "stop", "synergy-rtunnel@" ++ host ++ ".service"] - + hostFromName _ = defaultHost -- muteRef :: IORef (Maybe (String, Notification)) @@ -530,13 +530,13 @@ main = do -- We canĀ“t define per-host layout modifiers because we lack dependent types layout' = onHost "skadhi" ( onWorkspace (wsp 1) (Full ||| withIM (1%5) (Title "Buddy List") tabbedLayout') $ onWorkspace (wsp 10) Full $ - onWorkspace (wsp 2) (Full ||| tabbedLayout') $ + onWorkspace (wsp 2) (Full ||| tabbedLayout') $ onWorkspace (wsp 5) tabbedLayout' $ onWorkspace (wsp 8) (withIM (1%5) (Title "Friends") tabbedLayout') $ defaultLayouts ) $ onHost "vali" ( onWorkspace (wsp 2) (Full ||| tabbedLayout' ||| combineTwo (TwoPane 0.01 0.57) Full tabbedLayout') $ - onWorkspace (wsp 3) workLayouts $ + onWorkspace (wsp 3) workLayouts $ defaultLayouts ) $ onHost "hel" ( onWorkspace (wsp 1) (withIM (1 % 8) (Title "Buddy List") $ trackFloating tabbedLayout') $ @@ -565,7 +565,7 @@ main = do tabbedLayoutHoriz' = tabbedLayoutHoriz tabbedLeftAlways defaultLayouts = {- spiralWithDir East CW (1 % 2) -} Dwindle R CW 1 (5 % 100) ||| tabbedLayout' ||| Full -- workLayouts = {- spiralWithDir East CW (1 % 2) -} Dwindle R CW (2 % 1) (5 % 100) ||| tabbedLayout' ||| Full - workLayouts = tabbedLayout' ||| (renamed [Replace "Combined"] $ combineTwoP (TwoPane (1 % 100) (1891 % 2560)) tabbedLayout''' (Column 1.6) (ClassName "Postman" `Or` ClassName "Emacs" `Or` ClassName "jetbrains-idea-ce" `Or` (Resource "Devtools" `And` ClassName "Firefox"))) ||| Full ||| Dwindle R CW 1 (5 % 100) + workLayouts = tabbedLayout' ||| (renamed [Replace "Combined"] $ combineTwoP (TwoPane (1 % 100) (1891 % 2560)) tabbedLayout''' (Column 1.6) (ClassName "Postman" `Or` ClassName "Emacs" `Or` ClassName "jetbrains-idea-ce" `Or` (Resource "Devtools" `And` ClassName "Firefox"))) ||| Full ||| Dwindle R CW 1 (5 % 100) sqrtTwo = approxRational (sqrt 2) (1 / 2560) xmobarPP' = xmobarPP { ppTitle = shorten 80 , ppSort = (liftM2 (.)) getSortByIndex $ return scratchpadFilterOutWorkspace @@ -607,7 +607,7 @@ main = do | otherwise = return () handle _ = return () handle shutdown $ launch myConfig =<< getDirectories - + secs :: Int -> Int secs = (* 1000000) @@ -651,7 +651,7 @@ isDisabled :: String -> X Bool isDisabled str = do out <- runProcessWithInput "xinput" ["list", str] "" return $ "disabled" `isInfixOf` out - + spawnKeychain :: X () spawnKeychain = do @@ -790,7 +790,7 @@ myKeys' conf host = Map.fromList $ -- launch a terminal [ ((modm, xK_Return), spawn $ (XMonad.terminal conf) ++ " -e tmux") , ((modm .|. shiftMask, xK_Return), spawn $ XMonad.terminal conf) - + -- launch dmenu --, ((modm, xK_d ), spawn "exe=`dmenu_path | dmenu` && eval \"exec $exe\"") , ((modm, xK_d ), shellPrompt "Run: " xPConfigMonospace) @@ -800,31 +800,31 @@ myKeys' conf host = Map.fromList $ -- close focused window , ((modm .|. shiftMask, xK_q ), kill) , ((modm .|. controlMask .|. shiftMask, xK_q ), spawn "xkill") - + -- Rotate through the available layout algorithms , ((modm, xK_space ), sendMessage NextLayout) - + -- Reset the layouts on the current workspace to default , ((modm .|. controlMask, xK_r ), (setLayout $ XMonad.layoutHook conf) >> refresh) - + -- Resize viewed windows to the correct size , ((modm, xK_r ), refresh) -- Move focus to the next window , ((modm, xK_t ), windows W.focusDown) - + -- Move focus to the previous window , ((modm, xK_n ), windows W.focusUp ) - + -- Move focus to the master window , ((modm, xK_m ), windows W.focusMaster ) - + -- Swap the focused window and the master window , ((modm .|. shiftMask, xK_m ), windows W.swapMaster) - + -- Swap the focused window with the next window , ((modm .|. shiftMask, xK_t ), windows W.swapDown ) - + -- Swap the focused window with the previous window , ((modm .|. shiftMask, xK_n ), windows W.swapUp ) @@ -845,18 +845,18 @@ myKeys' conf host = Map.fromList $ -- , ((modm .|. controlMask, xK_Down ), withFocused $ keysMoveWindow (0, 10)) -- Shrink the master area , ((modm, xK_h ), sendMessage Shrink) - + -- Expand the master area , ((modm, xK_s ), sendMessage Expand) - + -- Push window back into tiling , ((modm .|. shiftMask, xK_space ), withFocused $ windows . W.sink) , ((modm, xK_BackSpace), focusUrgent) , ((modm .|. shiftMask, xK_BackSpace), clearUrgents) - + -- Increment the number of windows in the master area , ((modm , xK_comma ), sendMessage (IncMasterN 1)) - + -- Deincrement the number of windows in the master area , ((modm , xK_period), sendMessage (IncMasterN (-1))) @@ -875,7 +875,7 @@ myKeys' conf host = Map.fromList $ , ((modm , xK_Escape), cycleKbLayout (hKbLayouts host)) , ((modm .|. controlMask, xK_Escape), safeSpawn "setxkbmap" $ fst (head $ hKbLayouts host) : maybeToList (snd . head $ hKbLayouts host)) - + -- Toggle the status bar gap -- Use this binding with avoidStruts from Hooks.ManageDocks. -- See also the statusBar function from Hooks.DynamicLog. @@ -883,10 +883,10 @@ myKeys' conf host = Map.fromList $ , ((modm , xK_b ), sendMessage ToggleStruts) , ((modm .|. shiftMask, xK_p ), safeSpawn "playerctl" ["-a", "pause"]) - + -- Quit xmonad , ((modm .|. shiftMask, xK_e ), io (exitWith ExitSuccess)) - + -- Restart xmonad -- , ((modm .|. shiftMask .|. controlMask, xK_r ), void . xfork $ recompile False >>= flip when (safeSpawn "xmonad" ["--restart"])) , ((modm .|. shiftMask, xK_r ), void . liftIO $ executeFile "xmonad" True [] Nothing) @@ -902,7 +902,7 @@ myKeys' conf host = Map.fromList $ , ((modm , xK_g ), windowPrompt xPConfig Bring allWindows) ] ++ - + -- -- mod-[1..9], Switch to workspace N -- @@ -924,4 +924,3 @@ myKeys' conf host = Map.fromList $ modm = XMonad.modMask conf brCycle = [0, 1 % 100, 1 % 10, 1 % 4, 1 % 2, 3 % 4, 1] - diff --git a/flake.nix b/flake.nix index 43825563..2f86bb44 100644 --- a/flake.nix +++ b/flake.nix @@ -225,6 +225,7 @@ defaults = mapAttrs (hostname: _: { inherit hostname; sshUser = "root"; + sshOpts = [ "-S" "none" ]; profilesOrder = ["system"]; # system first profiles = { diff --git a/hosts/sif/default.nix b/hosts/sif/default.nix index b38a387c..58f99b9a 100644 --- a/hosts/sif/default.nix +++ b/hosts/sif/default.nix @@ -38,6 +38,8 @@ in { kernelModules = [ "dm-raid" "dm-integrity" "dm-snapshot" "dm-thin-pool" "dm-mod" "dm-crypt" ]; }; + supportedFilesystems = [ "nfs" "nfs4" ]; + blacklistedKernelModules = [ "nouveau" ]; # Use the systemd-boot EFI boot loader. @@ -289,10 +291,6 @@ in { ]; services = { - udev.packages = with pkgs; [ uhk-agent ]; - - # tinc.yggdrasil.enable = true; - uucp = { enable = true; nodeName = "sif"; @@ -383,9 +381,10 @@ in { }; users = { - users.gkleen.extraGroups = [ "media" "plugdev" ]; + users.gkleen.extraGroups = [ "media" "plugdev" "input" ]; groups.media = {}; groups.plugdev = {}; + groups.input = {}; }; security.rtkit.enable = true; @@ -501,6 +500,8 @@ in { }; firmware = [ pkgs.firmwareLinuxNonfree ]; + + keyboard.uhk.enable = true; }; sound.enable = true; diff --git a/hosts/surtr/dns/zones/email.bouncy.soa b/hosts/surtr/dns/zones/email.bouncy.soa index abf8ef07..3f038b92 100644 --- a/hosts/surtr/dns/zones/email.bouncy.soa +++ b/hosts/surtr/dns/zones/email.bouncy.soa @@ -1,7 +1,7 @@ $ORIGIN bouncy.email. $TTL 3600 @ IN SOA ns.yggdrasil.li. root.yggdrasil.li. ( - 2022071002 ; serial + 2022100600 ; serial 10800 ; refresh 3600 ; retry 604800 ; expire @@ -69,7 +69,7 @@ spm IN MX 0 mailin.bouncy.email. spm IN TXT "v=spf1 redirect=bouncy.email" _acme-challenge.spm IN NS ns.yggdrasil.li. -_mta-sts IN TXT "v=STSv1; id=2022071002" +_mta-sts IN TXT "v=STSv1; id=2022100600" _smtp._tls IN TXT "v=TLSRPTv1; rua=mailto:postmaster@bouncy.email" mta-sts IN A 202.61.241.61 mta-sts IN AAAA 2a03:4000:52:ada:: diff --git a/hosts/surtr/email/default.nix b/hosts/surtr/email/default.nix index 2fe5b7f0..42b50c88 100644 --- a/hosts/surtr/email/default.nix +++ b/hosts/surtr/email/default.nix @@ -412,6 +412,8 @@ in { in '' mail_home = /var/lib/mail/%u + mail_plugins = $mail_plugins quota + first_valid_uid = ${toString config.users.users.dovecot2.uid} last_valid_uid = ${toString config.users.users.dovecot2.uid} first_valid_gid = ${toString config.users.groups.dovecot2.gid} @@ -473,9 +475,10 @@ in { result_failure = return-fail result_internalfail = return-fail } + + mail_plugins = $mail_plugins sieve } - mail_plugins = $mail_plugins quota mailbox_list_index = yes postmaster_address = postmaster@yggdrasil.li recipient_delimiter = @@ -732,7 +735,7 @@ in { cp ${pkgs.writeText "mta-sts.txt" '' version: STSv1 mode: enforce - max_age: 604800 + max_age: 2419200 mx: mailin.bouncy.email ''} $out/.well-known/mta-sts.txt ''; diff --git a/hosts/vidhar/dns/zones/yggdrasil.soa b/hosts/vidhar/dns/zones/yggdrasil.soa index ffa79ee1..3d9d4d83 100644 --- a/hosts/vidhar/dns/zones/yggdrasil.soa +++ b/hosts/vidhar/dns/zones/yggdrasil.soa @@ -1,7 +1,7 @@ $ORIGIN yggdrasil. $TTL 300 @ IN SOA vidhar.yggdrasil. root.yggdrasil.li. ( - 2022040802 ; serial + 2022101601 ; serial 300 ; refresh 300 ; retry 300 ; expire @@ -16,6 +16,7 @@ sif IN AAAA 2a03:4000:52:ada:1:2:: grafana.vidhar IN CNAME vidhar.yggdrasil. prometheus.vidhar IN CNAME vidhar.yggdrasil. +nfsroot.vidhar IN CNAME vidhar.lan.yggdrasil. vidhar.lan IN A 10.141.0.1 diff --git a/hosts/vidhar/network/default.nix b/hosts/vidhar/network/default.nix index e69674f4..f19ea9cd 100644 --- a/hosts/vidhar/network/default.nix +++ b/hosts/vidhar/network/default.nix @@ -1,4 +1,5 @@ { pkgs, ... }: + { imports = [ ./dsl.nix ./bifrost ./dhcp ]; @@ -69,5 +70,30 @@ networkConfig.LinkLocalAddressing = "no"; }; }; + + services.nfs.server = { + enable = true; + createMountPoints = true; + + statdPort = 4000; + lockdPort = 4001; + mountdPort = 4002; + + extraNfsdConfig = '' + vers3=off + ''; + + exports = '' + /srv/nfs 10.141.0.0/24(ro,async,root_squash,fsid=0) 2a03:4000:52:ada:1::/80(ro,async,root_squash,fsid=0) + /srv/nfs/nix-store 10.141.0.0/24(ro,async,root_squash) 2a03:4000:52:ada:1::/80(ro,async,root_squash) + ''; + }; + + fileSystems = { + "/srv/nfs/nix-store" = { + device = "/nix/store"; + options = [ "bind" ]; + }; + }; }; } diff --git a/hosts/vidhar/network/dhcp/default.nix b/hosts/vidhar/network/dhcp/default.nix index e14b15ac..dfaa4c9f 100644 --- a/hosts/vidhar/network/dhcp/default.nix +++ b/hosts/vidhar/network/dhcp/default.nix @@ -26,7 +26,7 @@ with lib; { name = "ipxe"; test = "option[77].hex == 'iPXE'"; next-server = "10.141.0.1"; - boot-file-name = "installer-x86_64-linux/netboot.ipxe"; + boot-file-name = "http://nfsroot.vidhar.yggdrasil/installer-x86_64-linux/netboot.ipxe"; only-if-required = true; } { name = "uefi-64"; @@ -229,6 +229,40 @@ with lib; sopsFile = ./knot-tsig.json.frag; }; + services.nginx.virtualHosts."nfsroot.vidhar.yggdrasil" = { + addSSL = false; + forceSSL = false; + locations."/" = { + extraConfig = '' + autoindex on; + ''; + root = pkgs.symlinkJoin { + name = "nfsroot.vidhar.yggdrasil"; + paths = + (map (system: + let + installerBuild = (flake.nixosConfigurations.${"installer-${system}-nfsroot"}.extendModules { + modules = [ + ({ ... }: { + config.nfsroot.storeDevice = "10.141.0.1:nix-store"; + config.nfsroot.registrationUrl = "http://nfsroot.vidhar.yggdrasil/installer-${system}/registration"; + }) + ]; + }).config.system.build; + in builtins.toPath (pkgs.runCommandLocal "install-${system}" {} '' + mkdir -p $out/installer-${system} + install -m 0444 -t $out/installer-${system} \ + ${installerBuild.initialRamdisk}/initrd \ + ${installerBuild.kernel}/bzImage \ + ${installerBuild.netbootIpxeScript}/netboot.ipxe \ + ${pkgs.closureInfo { rootPaths = installerBuild.storeContents; }}/registration + '') + ) ["x86_64-linux"] + ); + }; + }; + }; + systemd.services."pxe-atftpd" = { description = "TFTP Server for PXE Booting"; after = [ "network.target" ]; @@ -238,44 +272,16 @@ with lib; additionalTargets = { "bin-i386-efi/ipxe.efi" = "i386-ipxe.efi"; }; + additionalOptions = [ + "NSLOOKUP_CMD" + ]; }; tftpRoot = pkgs.runCommandLocal "netboot" {} '' mkdir -p $out install -m 0444 -t $out \ ${ipxe}/ipxe.efi ${ipxe}/i386-ipxe.efi ${ipxe}/undionly.kpxe - - ${concatMapStringsSep "\n" (system: - let - installerBuild = (flake.nixosConfigurations.${"installer-${system}-nfsroot"}.extendModules { - modules = [ - ({ ... }: { config.nfsroot.storeDevice = "vidhar:nix-store"; }) - ]; - }).config.system.build; - in '' - mkdir -p $out/installer-${system} - install -m 0444 -t $out/installer-${system} \ - ${installerBuild.initialRamdisk}/initrd \ - ${installerBuild.kernel}/bzImage \ - ${installerBuild.netbootIpxeScript}/netboot.ipxe - '' - ) ["x86_64-linux"]} ''; in "${pkgs.atftp}/sbin/atftpd --daemon --no-fork --bind-address=10.141.0.1 ${tftpRoot}"; }; - - services.nfs.server = { - enable = true; - createMountPoints = true; - exports = '' - /export/nix-root 10.141.0.0/24(ro) - ''; - }; - - fileSystems = { - "/export/nix-root" = { - device = "/nix/store"; - options = [ "bind" ]; - }; - }; }; } diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft index c0da0fa6..473f8a20 100644 --- a/hosts/vidhar/network/ruleset.nft +++ b/hosts/vidhar/network/ruleset.nft @@ -78,6 +78,7 @@ table inet filter { counter ssh-rx {} counter mosh-rx {} counter dns-rx {} + counter nfs-rx {} counter wg-rx {} counter yggdrasil-gre-rx {} counter ipv6-pd-rx {} @@ -104,6 +105,7 @@ table inet filter { counter ssh-tx {} counter mosh-tx {} counter dns-tx {} + counter nfs-tx {} counter wg-tx {} counter yggdrasil-gre-tx {} counter ipv6-pd-tx {} @@ -152,7 +154,7 @@ table inet filter { ct state invalid log level debug prefix "drop invalid input: " counter name invalid-rx drop - + iifname lo counter name rx-lo accept iif != lo ip daddr 127.0.0.1/8 counter name invalid-local4-rx reject @@ -165,8 +167,9 @@ table inet filter { iifname { lan, mgmt, dsl, yggdrasil, bifrost } tcp dport 22 counter name ssh-rx accept iifname { lan, mgmt, dsl, yggdrasil, bifrost } udp dport 60000-61000 counter name mosh-rx accept - iifname { lan, mgmt, dmz01, yggdrasil } tcp dport 53 counter name dns-rx accept - iifname { lan, mgmt, dmz01, yggdrasil } udp dport 53 counter name dns-rx accept + iifname { lan, mgmt, dmz01, yggdrasil } meta l4proto { tcp, udp } th dport 53 counter name dns-rx accept + + iifname { lan, yggdrasil } tcp dport 2049 counter name nfs-rx accept iifname { lan, mgmt, dsl } meta protocol ip udp dport 51820 counter name wg-rx accept iifname { lan, mgmt, dsl } meta protocol ip6 udp dport 51821 counter name wg-rx accept @@ -182,7 +185,8 @@ table inet filter { iifname lan tcp dport { 445, 139, 5357 } counter name samba-rx accept iifname yggdrasil tcp dport { 80, 443 } counter name http-rx accept - + iifname lan tcp dport 80 counter name http-rx accept + iifname { lan, mgmt } udp dport 69 counter name tftp-rx accept ct state {established, related} counter name established-rx accept @@ -209,8 +213,9 @@ table inet filter { tcp sport 22 counter name ssh-tx udp sport 60000-61000 counter name mosh-tx - tcp sport 53 counter name dns-tx - udp sport 53 counter name dns-tx + meta l4proto {tcp, udp} th sport 53 counter name dns-tx + + tcp sport 2049 counter name nfs-tx meta protocol ip udp sport 51820 counter name wg-tx meta protocol ip6 udp sport {51821,51822} counter name wg-tx @@ -225,7 +230,7 @@ table inet filter { udp sport { 137, 138, 3702 } counter name samba-tx accept tcp sport { 445, 139, 5357 } counter name samba-tx accept - tcp sport {80,443} counter name http-tx accept + tcp sport { 80, 443 } counter name http-tx accept udp sport 69 counter name tftp-tx accept udp dport 69 counter name tftp-tx accept diff --git a/installer-profiles/nfsroot.nix b/installer-profiles/nfsroot.nix index 9db415a8..2688a8d0 100644 --- a/installer-profiles/nfsroot.nix +++ b/installer-profiles/nfsroot.nix @@ -16,7 +16,17 @@ in { nfsroot = { storeDevice = mkOption { type = types.str; + default = "nfsroot:nix-store"; }; + + registrationUrl = mkOption { + type = types.str; + default = "http://nfsroot/nix-registration"; + }; + }; + + system.build = { + storeContents = mkOption {}; }; }; @@ -67,14 +77,26 @@ in { ]; }; + nix.extraOptions = '' + use-sqlite-wal = false + ''; + boot.initrd.availableKernelModules = [ "nfs" "nfsv4" "overlay" ]; boot.initrd.supportedFilesystems = [ "nfs" "nfsv4" "overlay" ]; + services.rpcbind.enable = mkImageMediaOverride false; boot.initrd.network.enable = true; - boot.initrd.network.flushBeforeStage2 = false; # otherwise nfs dosen't work + boot.initrd.network.flushBeforeStage2 = false; # otherwise nfs doesn't work + boot.initrd.postMountCommands = '' + mkdir -p /mnt-root/etc/ + cp /etc/resolv.conf /mnt-root/etc/resolv.conf + ''; networking.useDHCP = true; + networking.resolvconf.enable = false; + system.build.storeContents = [config.system.build.toplevel]; + system.build.netbootIpxeScript = pkgs.writeTextDir "netboot.ipxe" '' #!ipxe # Use the cmdline variable to allow the user to specify custom kernel params @@ -86,6 +108,10 @@ in { boot.postBootCommands = '' + # After booting, register the contents of the Nix store on NFS + # in the Nix database in the tmpfs. + ${pkgs.curl}/bin/curl ${escapeShellArg cfg.registrationUrl} | ${config.nix.package.out}/bin/nix-store --load-db + # nixos-rebuild also requires a "system" profile and an # /etc/NIXOS tag. touch /etc/NIXOS diff --git a/installer/ruleset.nft b/installer/ruleset.nft index 803ce9fd..7b38a059 100644 --- a/installer/ruleset.nft +++ b/installer/ruleset.nft @@ -60,7 +60,7 @@ table inet filter { ct state invalid log level debug prefix "drop invalid input: " counter drop - + iifname lo counter accept iif != lo ip daddr 127.0.0.1/8 counter reject @@ -73,7 +73,7 @@ table inet filter { udp dport 60000-61000 counter accept - ct state {established, related} counter name established-rx accept + ct state {established, related} counter accept limit name lim_reject log level debug prefix "drop input: " counter drop diff --git a/nvfetcher.toml b/nvfetcher.toml index ccdd78dd..7cd52c29 100644 --- a/nvfetcher.toml +++ b/nvfetcher.toml @@ -14,6 +14,10 @@ fetch.git = "https://gist.github.com/2f71a97fb85ed42146f6d9f522bc34ef.git" src.github = "hoyon/mpv-mpris" fetch.github = "hoyon/mpv-mpris" +[mpv-subselect] +src.git = "https://github.com/CogentRedTester/mpv-sub-select" +fetch.git = "https://github.com/CogentRedTester/mpv-sub-select" + [emacs-scratch_el] src.git = "https://github.com/ffevotte/scratch.el" fetch.github = "ffevotte/scratch.el" diff --git a/user-profiles/mpv/default.nix b/user-profiles/mpv/default.nix index 0c87b6e7..9c9d077b 100644 --- a/user-profiles/mpv/default.nix +++ b/user-profiles/mpv/default.nix @@ -7,8 +7,10 @@ }; config = { ytdl = true; - sub = false; - osd-font = "DejaVu Sans"; + subs-with-matching-audio = false; + audio-display = false; + osd-font = "Fira Sans"; + sub-font = "Fira Sans"; # vo = "gpu"; hwdec = "auto"; force-window = "yes"; @@ -18,8 +20,36 @@ "vidscale=no" "deadzonesize=0.9" "ytdl_hook-ytdl_path=${pkgs.yt-dlp}/bin/yt-dlp" - "chapterskip-skip=sponsor;intro;endcard" - "chapterskip-categories=sponsor>%[SponsorBlock%]: .*Sponsor.*;intro>%[SponsorBlock%]: .*Intro Animation.*;endcard>%[SponsorBlock%]: .*Endcards.*" + "chapterskip-skip=sponsor;intro;endcard;interact" + "chapterskip-categories=sponsor>%[SponsorBlock%]: .*Sponsor.*;intro>%[SponsorBlock%]: .*Intro Animation.*;endcard>%[SponsorBlock%]: .*Endcards.*;interact>%[SponsorBlock%]: .*Interaction Reminder.*" + "sub_select-config=${pkgs.writeTextDir "sub-select.json" (builtins.toJSON [ + { + alang = "*"; + slang = "forced"; + } + { + alang = ["jpn" "ja"]; + slang = "eng?"; + blacklist = [ "sign" ]; + } + { + alang = ["jpn" "ja"]; + slang = "und"; + blacklist = [ "sign" ]; + } + { + alang = ["eng?" "deu?"]; + slang = "no"; + } + { + alang = "*"; + slang = "eng?"; + } + { + alang = "*"; + slang = "und"; + } + ])}" ]; }; scripts = [ @@ -65,6 +95,14 @@ passthru.scriptName = "chapterskip.lua"; })) + (pkgs.stdenv.mkDerivation (sources.mpv-subselect // rec { + installPhase = '' + install -d $out/share/mpv/scripts + install -m 0644 sub-select.lua $out/share/mpv/scripts/${passthru.scriptName} + ''; + + passthru.scriptName = "sub-select.lua"; + })) ]; }; } -- cgit v1.2.3