Merge branch 'b12f' into b12f-master

This commit is contained in:
teutat3s 2021-09-01 19:12:50 +02:00
commit 3f4d3cf240
Signed by untrusted user: teutat3s
GPG key ID: 4FA1D3FA524F22C1
41 changed files with 990 additions and 52 deletions

View file

@ -24,6 +24,14 @@ charset = unset
indent_style = unset indent_style = unset
indent_size = unset indent_size = unset
[*.rom]
end_of_line = unset
insert_final_newline = unset
trim_trailing_whitespace = unset
charset = unset
indent_style = unset
indent_size = unset
[*.py] [*.py]
indent_size = 4 indent_size = 4

View file

@ -206,21 +206,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": {
"locked": {
"lastModified": 1623875721,
"narHash": "sha256-A8BU7bjS5GirpAUv4QA+QnJ4CceLHkcXdRp4xITDB0s=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "f7e004a55b120c02ecb6219596820fcd32ca8772",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home": { "home": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -261,7 +246,9 @@
"naersk": { "naersk": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"latest" "digga",
"deploy",
"nixpkgs"
] ]
}, },
"locked": { "locked": {
@ -299,25 +286,6 @@
"type": "github" "type": "github"
} }
}, },
"nix-dram": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1628492639,
"narHash": "sha256-ffF/oEhLs/stAsXXobruKHyH9jnMC2rt/SM3ASrs2U8=",
"owner": "dramforever",
"repo": "nix-dram",
"rev": "fba426108ea6bdeb1e362bac9da06cbd33726f41",
"type": "github"
},
"original": {
"owner": "dramforever",
"repo": "nix-dram",
"type": "github"
}
},
"nixos": { "nixos": {
"locked": { "locked": {
"lastModified": 1628203131, "lastModified": 1628203131,
@ -374,22 +342,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs": {
"locked": {
"lastModified": 1626556499,
"narHash": "sha256-c2ueMT7fi/yvCNq3nGLEC2v5GklS7eHpB1240LRSW9Y=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b59c06dc92f8d03660eb4155754d93a6c34cda83",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1626378135, "lastModified": 1626378135,
@ -459,7 +411,6 @@
"home": "home", "home": "home",
"latest": "latest", "latest": "latest",
"naersk": "naersk_2", "naersk": "naersk_2",
"nix-dram": "nix-dram",
"nixlib": [ "nixlib": [
"digga", "digga",
"nixlib" "nixlib"

View file

@ -51,6 +51,10 @@
# PubSolarOS additions # PubSolarOS additions
nix-dram.url = "github:dramforever/nix-dram"; nix-dram.url = "github:dramforever/nix-dram";
# b12f additions
b12f-nix-fonts.url = "git+https://git.b12f.io/b12f/nix-fonts?ref=main";
b12f-nix-fonts.inputs.nixpkgs.follows = "latest";
}; };
outputs = outputs =
@ -65,6 +69,7 @@
, nvfetcher , nvfetcher
, deploy , deploy
, nix-dram , nix-dram
, b12f-nix-fonts
, ... , ...
} @ inputs: } @ inputs:
digga.lib.mkFlake digga.lib.mkFlake
@ -83,6 +88,7 @@
nvfetcher.overlay nvfetcher.overlay
deploy.overlay deploy.overlay
nix-dram.overlay nix-dram.overlay
b12f-nix-fonts.overlay
./pkgs/default.nix ./pkgs/default.nix
]; ];
}; };
@ -128,6 +134,8 @@
base = [ core users.nixos users.root ]; base = [ core users.nixos users.root ];
pubsolaros = [ core base-user users.root ]; pubsolaros = [ core base-user users.root ];
anonymous = [ pubsolaros users.nixos ]; anonymous = [ pubsolaros users.nixos ];
b12f = [ pubsolaros users.ben ];
biolimo = [ b12f graphical ];
}; };
}; };
}; };

6
hosts/biolimo.nix Normal file
View file

@ -0,0 +1,6 @@
{ suites, ... }:
{
imports = [
./biolimo
] ++ suites.biolimo;
}

View file

@ -0,0 +1,6 @@
# Autostart applications
#
# Example:
# exec swayidle
exec keepassxc

View file

@ -0,0 +1,19 @@
# Touchpad controls
#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad
# Screen brightness controls
bindsym XF86MonBrightnessUp exec "brightnessctl -d intel_backlight set +10%; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {print $4}')"
bindsym XF86MonBrightnessDown exec "brightnessctl -d intel_backlight set 10%-; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ { print $4}')"
# Keyboard backlight brightness controls
bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
# Pulse Audio controls
bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume
bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume
bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound
# Media player controls
bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"

View file

@ -0,0 +1,9 @@
input "1739:0:Synaptics_TM3288-011" {
dwt enabled
tap enabled
middle_emulation enabled
}
input * {
xkb_layout us(intl),de
xkb_options ctrl:nocaps
}

View file

@ -0,0 +1,21 @@
set $internal eDP-1
set $middle "Hewlett Packard HP E231 3CQ4290S5J"
set $standup "Hewlett Packard HP E231 3CQ4251F33"
output $internal {
scale 1.3
pos 0 500
}
output $middle {
scale 1
# 1969 is the 1.3 scaled width of the internal monitor
pos 1969 0
}
output $standup {
scale 1
transform 270
pos 3889 0
}

1
hosts/biolimo/.gitattributes vendored Normal file
View file

@ -0,0 +1 @@
secrets/** filter=git-crypt-4406E80E13CD656C diff=git-crypt-4406E80E13CD656C

View file

@ -0,0 +1,96 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
];
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
# networking.hostName = "nixos"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Set your time zone.
# time.timeZone = "Europe/Amsterdam";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.jane = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# };
# List packages installed in system profile. To search, run:
# $ nix search wget
# environment.systemPackages = with pkgs; [
# wget vim
# firefox
# ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment?
}

28
hosts/biolimo/default.nix Normal file
View file

@ -0,0 +1,28 @@
{ config, pkgs, lib, ... }:
with lib;
let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in
{
imports = [
./configuration.nix
];
config = {
pub-solar.x-os.keyfile = "/etc/nixos/hosts/biolimo/secrets/keyfile.bin";
hardware.cpu.intel.updateMicrocode = true;
networking.firewall.allowedTCPPorts = [
5000
];
home-manager.users."${psCfg.user.name}".xdg.configFile = mkIf psCfg.sway.enable {
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
"sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
"sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
"sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
};
};
}

View file

@ -0,0 +1,36 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/abc3fe04-368e-46eb-8c7a-3a829bb2deab";
fsType = "ext4";
};
boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/aed21f8d-8e15-4f43-8710-460cb36d488b";
fileSystems."/boot/efi" =
{
device = "/dev/disk/by-uuid/3B67-0CAB";
fsType = "vfat";
};
swapDevices = [ ];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
# high-resolution display
hardware.video.hidpi.enable = lib.mkDefault true;
}

Binary file not shown.

View file

@ -0,0 +1,6 @@
# Autostart applications
#
# Example:
# exec swayidle
exec keepassxc

View file

@ -0,0 +1,19 @@
# Touchpad controls
#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad
# Screen brightness controls
bindsym XF86MonBrightnessUp exec "brightnessctl -d intel_backlight set +10%; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {print $4}')"
bindsym XF86MonBrightnessDown exec "brightnessctl -d intel_backlight set 10%-; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ { print $4}')"
# Keyboard backlight brightness controls
bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
# Pulse Audio controls
bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume
bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume
bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound
# Media player controls
bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"

View file

@ -0,0 +1,9 @@
input "1739:0:Synaptics_TM3288-011" {
dwt enabled
tap enabled
middle_emulation enabled
}
input * {
xkb_layout us(intl),de
xkb_options ctrl:nocaps
}

View file

@ -0,0 +1,21 @@
set $internal eDP-1
set $middle DP-4
set $standup DP-5
output $internal {
scale 1.3
pos 0 500
}
output $middle {
scale 1
# 1969 is the 1.3 scaled width of the internal monitor
pos 1969 0
}
output $standup {
scale 1
transform 270
pos 3889 0
}

1
hosts/chocolatebar/.gitattributes vendored Normal file
View file

@ -0,0 +1 @@
secrets/** filter=git-crypt-4406E80E13CD656C diff=git-crypt-4406E80E13CD656C

View file

@ -0,0 +1,28 @@
{ config, pkgs, lib, ... }:
with lib;
let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in
{
imports = [
./virtualisation
];
config = {
pub-solar.virtualisation.enable = true;
hardware.cpu.amd.updateMicrocode = true;
hardware.opengl.extraPackages = with pkgs; [
rocm-opencl-icd
rocm-opencl-runtime
];
home-manager.users."${psCfg.user.name}".xdg.configFile = mkIf psCfg.sway.enable {
"sway/config.d/10-autostart.conf".source = ./.config/sway/config.d/autostart.conf;
"sway/config.d/10-input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
"sway/config.d/10-screens.conf".source = ./.config/sway/config.d/screens.conf;
};
};
}

Binary file not shown.

Binary file not shown.

Binary file not shown.

Binary file not shown.

View file

@ -0,0 +1,78 @@
{ config, pkgs, lib, vm, ... }:
let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
varsFile = "${xdg.dataHome}/libvirt/OVMF_VARS_${vm.name}.fd";
generateXML = import ./generate-xml.nix;
in
{
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
Restart = "no";
};
script =
let
networkXML = pkgs.writeText "network.xml" (import ./network-xml.nix { inherit config; inherit pkgs; inherit lib; });
machineXML = pkgs.writeText "${vm.name}.xml" (generateXML { inherit config; inherit pkgs; inherit lib; inherit vm; varsFile = varsFile; });
in
''
echo "Checking if ${vm.name} is already running"
STATUS=$(${pkgs.libvirt}/bin/virsh list --all | grep "${vm.name}" | ${pkgs.gawk}/bin/awk '{ print $3 " " $4 }' )
if [[ $STATUS != "shut off" && $STATUS != "" ]]; then
echo "Domain ${vm.name} is already running or in an inconsistent state:"
${pkgs.libvirt}/bin/virsh list --all
exit 0
fi
NET_TMP_FILE="/tmp/network.xml"
NETUUID="$(${pkgs.libvirt}/bin/virsh net-uuid 'default' || true)"
(sed "s/UUID/$NETUUID/" '${networkXML}') > $NET_TMP_FILE
${pkgs.libvirt}/bin/virsh net-define $NET_TMP_FILE
${pkgs.libvirt}/bin/virsh net-start 'default' || true
VARS_FILE=${varsFile}
if [ ! -f "$VARS_FILE" ]; then
cp /run/libvirt/nix-ovmf/OVMF_VARS.fd $VARS_FILE
fi
TMP_FILE="/tmp/${vm.name}.xml"
UUID="$(${pkgs.libvirt}/bin/virsh domuuid '${vm.name}' || true)"
(sed "s/UUID/$UUID/" '${machineXML}') > $TMP_FILE
USB_DEV=$(${pkgs.usbutils}/bin/lsusb | grep 046d:c52b | grep 'Bus 001' | cut -b 18)
LINE_NUMBER=$(cat $TMP_FILE | grep -n -A 1 0xc52b | tail -n 1 | cut -b 1,2,3)
sed -i "''${LINE_NUMBER}s/\(.\{33\}\)./\1''${USB_DEV}/" $TMP_FILE
USB_BUS=$(${pkgs.usbutils}/bin/lsusb | grep 046d:c328 | cut -b 7)
USB_DEV=$(${pkgs.usbutils}/bin/lsusb | grep 046d:c328 | cut -b 18)
LINE_NUMBER=$(cat $TMP_FILE | grep -n -A 1 0xc328 | tail -n 1 | cut -b 1,2,3)
sed -i "''${LINE_NUMBER}s/.*/<address bus=\"''${USB_BUS}\" device=\"''${USB_DEV}\" \/>/" $TMP_FILE
# TODO: Set correct pci address too
${pkgs.libvirt}/bin/virsh define $TMP_FILE
${pkgs.libvirt}/bin/virsh start '${vm.name}'
'';
preStop =
''
${pkgs.libvirt}/bin/virsh shutdown '${vm.name}'
let "timeout = $(date +%s) + 10"
while [ "$(${pkgs.libvirt}/bin/virsh list --name | grep --count '^${vm.name}$')" -gt 0 ]; do
if [ "$(date +%s)" -ge "$timeout" ]; then
# Meh, we warned it...
${pkgs.libvirt}/bin/virsh destroy '${vm.name}'
else
# The machine is still running, let's give it some time to shut down
sleep 0.5
fi
done
${pkgs.libvirt}/bin/virsh net-destroy 'default' || true
'';
}

View file

@ -0,0 +1,52 @@
{ config, pkgs, lib, ... }:
with lib;
let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
createService = import ./create-service.nix;
isolateAnyGPU = psCfg.virtualisation.isolateGPU != null;
in
{
options.pub-solar.virtualisation.isolateGPU = mkOption {
description = "Which GPU to isolate for virtualisation guests";
type = with types; nullOr (enum [ "rx5700xt" "rx550x" ]);
default = null;
};
config = mkIf psCfg.virtualisation.enable {
boot.extraModprobeConfig = mkIf isolateAnyGPU (concatStringsSep "\n" [
"softdep amdgpu pre: vfio vfio_pci"
(if psCfg.virtualisation.isolateGPU == "rx5700xt"
then "options vfio-pci ids=1002:731f,1002:ab38"
else "options vfio-pci ids=1002:699f,1002:aae0"
)
]);
systemd.user.services = {
vm-windows = createService {
inherit config;
inherit pkgs;
inherit lib;
vm = {
name = "windows";
disk = "/dev/disk/by-id/ata-SanDisk_SDSSDA240G_162402455603";
id = "http://microsoft.com/win/10";
gpu = true;
mountHome = false;
};
};
vm-manjaro = createService {
inherit config;
inherit pkgs;
inherit lib;
vm = {
name = "manjaro";
disk = "/dev/disk/by-id/ata-KINGSTON_SM2280S3G2240G_50026B726B0265CE";
id = "https://manjaro.org/download/#i3";
gpu = true;
mountHome = true;
};
};
};
};
}

View file

@ -0,0 +1,242 @@
{ config, pkgs, lib, vm, varsFile, ... }:
let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
home = config.home-manager.users."${psCfg.user.name}".home;
in
''
<domain type='kvm'>
<name>${vm.name}</name>
<uuid>UUID</uuid>
<metadata>
<libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
<libosinfo:os id="${vm.id}"/>
</libosinfo:libosinfo>
</metadata>
<memory unit='KiB'>33554432</memory>
<currentMemory unit='KiB'>33554432</currentMemory>
<vcpu placement='static'>12</vcpu>
<cputune>
<vcpupin vcpu='0' cpuset='6'/>
<vcpupin vcpu='1' cpuset='7'/>
<vcpupin vcpu='2' cpuset='8'/>
<vcpupin vcpu='3' cpuset='9'/>
<vcpupin vcpu='4' cpuset='10'/>
<vcpupin vcpu='5' cpuset='11'/>
<vcpupin vcpu='6' cpuset='18'/>
<vcpupin vcpu='7' cpuset='19'/>
<vcpupin vcpu='8' cpuset='20'/>
<vcpupin vcpu='9' cpuset='21'/>
<vcpupin vcpu='10' cpuset='22'/>
<vcpupin vcpu='11' cpuset='23'/>
</cputune>
<resource>
<partition>/machine</partition>
</resource>
<os>
<type arch='x86_64' machine='pc-q35-4.2'>hvm</type>
<loader readonly='yes' type='pflash'>/run/libvirt/nix-ovmf/OVMF_CODE.fd</loader>
<nvram>${varsFile}</nvram>
<boot dev='hd'/>
</os>
<features>
<acpi/>
<apic/>
<hyperv>
<relaxed state='on'/>
<vapic state='on'/>
<spinlocks state='on' retries='8191'/>
<vendor_id state='on' value='wahtever'/>
</hyperv>
<kvm>
<hidden state='on'/>
</kvm>
<vmport state='off'/>
</features>
<cpu mode='custom' match='exact' check='full'>
<model fallback='forbid'>EPYC-IBPB</model>
<vendor>AMD</vendor>
<topology sockets='1' dies='1' cores='6' threads='2'/>
<feature policy='require' name='x2apic'/>
<feature policy='require' name='tsc-deadline'/>
<feature policy='require' name='hypervisor'/>
<feature policy='require' name='tsc_adjust'/>
<feature policy='require' name='clwb'/>
<feature policy='require' name='umip'/>
<feature policy='require' name='stibp'/>
<feature policy='require' name='arch-capabilities'/>
<feature policy='require' name='ssbd'/>
<feature policy='require' name='xsaves'/>
<feature policy='require' name='cmp_legacy'/>
<feature policy='require' name='perfctr_core'/>
<feature policy='require' name='clzero'/>
<feature policy='require' name='wbnoinvd'/>
<feature policy='require' name='amd-ssbd'/>
<feature policy='require' name='virt-ssbd'/>
<feature policy='require' name='rdctl-no'/>
<feature policy='require' name='skip-l1dfl-vmentry'/>
<feature policy='require' name='mds-no'/>
<feature policy='require' name='pschange-mc-no'/>
<feature policy='disable' name='monitor'/>
<feature policy='disable' name='svm'/>
<feature policy='require' name='topoext'/>
</cpu>
<clock offset='utc'>
<timer name='rtc' tickpolicy='catchup'/>
<timer name='pit' tickpolicy='delay'/>
<timer name='hpet' present='no'/>
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<pm>
<suspend-to-mem enabled='no'/>
<suspend-to-disk enabled='no'/>
</pm>
<devices>
<emulator>${pkgs.qemu}/bin/qemu-system-x86_64</emulator>
<disk type='block' device='disk'>
<driver name='qemu' type='raw'/>
<source dev='${vm.disk}'/>
<backingStore/>
<target dev='vdb' bus='virtio'/>
<address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
</disk>
<controller type='usb' index='0' model='qemu-xhci' ports='15'>
<address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
</controller>
<controller type='sata' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
</controller>
<controller type='pci' index='0' model='pcie-root'/>
<controller type='pci' index='1' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='1' port='0x10'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/>
</controller>
<controller type='pci' index='2' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='2' port='0x11'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
</controller>
<controller type='pci' index='3' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='3' port='0x12'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/>
</controller>
<controller type='pci' index='4' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='4' port='0x13'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/>
</controller>
<controller type='pci' index='5' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='5' port='0x14'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x4'/>
</controller>
<controller type='pci' index='6' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='6' port='0x15'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x5'/>
</controller>
<controller type='pci' index='7' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='7' port='0x16'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x6'/>
</controller>
<controller type='pci' index='8' model='pcie-to-pci-bridge'>
<model name='pcie-pci-bridge'/>
<address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
</controller>
<controller type='pci' index='9' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='9' port='0x17'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x7'/>
</controller>
<controller type='virtio-serial' index='0'>
<address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>
</controller>
${if vm.mountHome then ''
<filesystem type='mount' accessmode='mapped'>
<source dir='/home/${psCfg.user.name}'/>
<target dir='/media/home'/>
<address type='pci' domain='0x0000' bus='0x07' slot='0x00' function='0x0'/>
</filesystem>
'' else ""}
<interface type='network'>
<mac address='52:54:00:44:cd:ac'/>
<source network='default'/>
<model type='rtl8139'/>
<address type='pci' domain='0x0000' bus='0x08' slot='0x01' function='0x0'/>
</interface>
<serial type='pty'>
<target type='isa-serial' port='0'>
<model name='isa-serial'/>
</target>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
</console>
<input type='tablet' bus='usb'>
<address type='usb' bus='0' port='1'/>
</input>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<graphics type='spice' autoport='yes' listen='127.0.0.1'>
<listen type='address' address='127.0.0.1'/>
<image compression='off'/>
</graphics>
<video>
<model type='cirrus' vram='16384' heads='1' primary='yes'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
</video>
<hostdev mode='subsystem' type='usb' managed='yes'>
<source>
<vendor id='0x046d'/>
<product id='0xc328'/>
<address bus='1' device='2'/>
</source>
<address type='usb' bus='0' port='4'/>
</hostdev>
<hostdev mode='subsystem' type='usb' managed='yes'>
<source>
<vendor id='0x046d'/>
<product id='0xc52b'/>
<address bus='1' device='4'/>
</source>
<address type='usb' bus='0' port='5'/>
</hostdev>
${if vm.gpu && psCfg.virtualisation.isolateGPU != null then ''
<hostdev mode='subsystem' type='pci' managed='yes'>
<driver name='vfio'/>
<source>
<address domain='0x0000' bus='0x0b' slot='0x00' function='0x0'/>
</source>
<rom bar='on' file='/etc/nixos/owners/b12f/devices/chocolatebar/virtualisation/${psCfg.virtualisation.isolateGPU}.rom'/>
<address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x0' multifunction='on'/>
</hostdev>
<hostdev mode='subsystem' type='pci' managed='yes'>
<driver name='vfio'/>
<source>
<address domain='0x0000' bus='0x0b' slot='0x00' function='0x1'/>
</source>
<address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x1'/>
</hostdev>
'' else ""}
<redirdev bus='usb' type='spicevmc'>
<address type='usb' bus='0' port='2'/>
</redirdev>
<redirdev bus='usb' type='spicevmc'>
<address type='usb' bus='0' port='3'/>
</redirdev>
<memballoon model='virtio'>
<address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/>
</memballoon>
<shmem name='scream-ivshmem'>
<model type='ivshmem-plain'/>
<size unit='M'>2</size>
<address type='pci' domain='0x0000' bus='0x08' slot='0x02' function='0x0'/>
</shmem>
</devices>
</domain>
''

View file

@ -0,0 +1,19 @@
{ config, pkgs, lib, ... }:
''
<network>
<name>default</name>
<uuid>UUID</uuid>
<forward mode='nat'>
<nat>
<port start='1024' end='65535'/>
</nat>
</forward>
<bridge name='virbr0' stp='on' delay='0'/>
<mac address='52:54:00:bd:a0:73'/>
<ip address='192.168.122.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.122.2' end='192.168.122.254'/>
</dhcp>
</ip>
</network>
''

Binary file not shown.

Binary file not shown.

View file

@ -0,0 +1,31 @@
account hello@benjaminbaedorf.eu
host mail.hosting.de
port 587
protocol smtp
auth on
from hello@benjaminbaedorf.eu
user hello@benjaminbaedorf.eu
tls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
account benjamin.baedorf@rwth-aachen.de
host mail.rwth-aachen.de
port 587
protocol smtp
auth on
from benjamin.baedorf@rwth-aachen.de
user bb564306@rwth-aachen.de
tls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
account b.baedorf@openproject.com
host smtp.mailbox.org
port 465
protocol smtp
auth on
from b.baedorf@openproject.com
user b.baedorf@openproject.com
tls on
tls_trust_file /etc/ssl/certs/ca-certificates.crt
account default : hello@benjaminbaedorf.eu

View file

@ -0,0 +1,24 @@
# vim: filetype=muttrc
set from = "Benjamin Bädorf <b.baedorf@openproject.com>"
set sendmail = "msmtp -a b.baedorf@openproject.com"
set signature = "~/.config/mutt/b.baedorf@openproject.com.signature"
set pgp_default_key="DB94333951EC9A362B33FBA5069CA2D117AB5CCF"
set imap_user = b.baedorf@openproject.com
set imap_pass = `secret-tool lookup service smtp host smtp.mailbox.org user b.baedorf@openproject.com`
set folder = imaps://imap.mailbox.org:993
set spoolfile = "+INBOX"
set postponed = "+Drafts"
set record = "+Sent"
set trash = "+Trash"
mbox-hook = "+Archive"
unmailboxes *
mailboxes +INBOX \
+Drafts \
+Sent \
+Archive \
+Trash

View file

@ -0,0 +1,19 @@
--
Benjamin Bädorf
Senior Frontend Engineer
OpenProject GmbH
Karl-Liebknecht-Str. 5
10178 Berlin
E: b.baedorf@openproject.com
GPG: DB94 3339 51EC 9A36 2B33 FBA5 069C A2D1 17AB 5CC
T: +49 9599 899 22
M: +49 151 2266 2777
I: www.openproject.org
Amtsgericht Berlin-Charlottenburg HRB 117935
Geschäftsführer Niels Lindenthal
UStID DE211309779

View file

@ -0,0 +1,21 @@
# vim: filetype=muttrc
set from = "Benjamin Bädorf <benjamin.baedorf@rwth-aachen.de>"
set sendmail = "msmtp -a benjamin.baedorf@rwth-aachen.de"
set signature = "~/.config/mutt/hello@benjaminbaedorf.eu.signature"
set pgp_default_key="4332E0D02B214D31376C366E4406E80E13CD656C"
set mbox_type = Maildir
set folder = ~/Mail
set spoolfile = "+benjamin.baedorf\@rwth-aachen.de/INBOX"
set postponed = "+benjamin.baedorf\@rwth-aachen.de/Drafts"
set record = "+benjamin.baedorf\@rwth-aachen.de/Sent"
set trash = "+benjamin.baedorf\@rwth-aachen.de/Trash"
mbox-hook = "+benjamin.baedorf\@rwth-aachen.de/Journal"
unmailboxes *
mailboxes +benjamin.baedorf\@rwth-aachen.de/INBOX \
+benjamin.baedorf\@rwth-aachen.de/Drafts \
+benjamin.baedorf\@rwth-aachen.de/Sent \
+benjamin.baedorf\@rwth-aachen.de/Journal \
+benjamin.baedorf\@rwth-aachen.de/Trash

View file

@ -0,0 +1,21 @@
# vim: filetype=muttrc
set from = "Benjamin Bädorf <hello@benjaminbaedorf.eu>"
set sendmail = "msmtp -a hello@benjaminbaedorf.eu"
set signature = "~/.config/mutt/hello@benjaminbaedorf.eu.signature"
set pgp_default_key="4332E0D02B214D31376C366E4406E80E13CD656C"
set mbox_type = Maildir
set folder = ~/Mail
set spoolfile = "+hello\@benjaminbaedorf.eu/INBOX"
set postponed = "+hello\@benjaminbaedorf.eu/Drafts"
set record = "+hello\@benjaminbaedorf.eu/Sent"
set trash = "+hello\@benjaminbaedorf.eu/Trash"
mbox-hook = "+hello\@benjaminbaedorf.eu/Archive"
unmailboxes *
mailboxes +hello\@benjaminbaedorf.eu/INBOX \
+hello\@benjaminbaedorf.eu/Drafts \
+hello\@benjaminbaedorf.eu/Sent \
+hello\@benjaminbaedorf.eu/Archive \
+hello\@benjaminbaedorf.eu/Trash

View file

@ -0,0 +1,7 @@
--
Benjamin Bädorf
Software Engineer
E: hello@benjaminbaedorf.eu
GPG: 4332 E0D0 2B21 4D31 376C 366E 4406 E80E 13CD 656C

View file

@ -0,0 +1,49 @@
[general]
pythonfile = $XDG_CONFIG_HOME/offlineimap/functions.py
metadata = $XDG_DATA_HOME/offlineimap
accounts = BBEU, RWTH
[Account BBEU]
localrepository = LocalBBEU
remoterepository = RemoteBBEU
[Repository LocalBBEU]
type = Maildir
localfolders = ~/Mail/hello@benjaminbaedorf.eu
[Repository RemoteBBEU]
type = IMAP
remotehost = mail.hosting.de
remoteuser = hello@benjaminbaedorf.eu
remotepasseval = get_secret("service", "smtp", "host", "mail.hosting.de", "user", "hello@benjaminbaedorf.eu")
sslcacertfile = /etc/ssl/certs/ca-certificates.crt
[Account RWTH]
localrepository = LocalRWTH
remoterepository = RemoteRWTH
[Repository LocalRWTH]
type = Maildir
localfolders = ~/Mail/benjamin.baedorf@rwth-aachen.de
[Repository RemoteRWTH]
type = IMAP
remotehost = mail.rwth-aachen.de
remoteuser = bb564306@rwth-aachen.de
remotepasseval = get_secret("service", "smtp", "host", "mail.rwth-aachen.de", "user", "bb564306@rwth-aachen.de")
sslcacertfile = /etc/ssl/certs/ca-certificates.crt
[Account OPGmail]
localrepository = LocalOPGmail
remoterepository = RemoteOPGmail
[Repository LocalOPGmail]
type = Maildir
localfolders = ~/Mail/b.baedorf@openproject.com
[Repository RemoteOPGmail]
type = IMAP
remotehost = imap.gmail.com
remoteuser = b.baedorf@openproject.com
remotepasseval = get_secret("service", "smtp", "host", "smtp.gmail.com", "user", "b.baedorf@openproject.com")
sslcacertfile = /etc/ssl/certs/ca-certificates.crt

1
users/ben/.gitattributes vendored Normal file
View file

@ -0,0 +1 @@
secrets/** filter=git-crypt-4406E80E13CD656C diff=git-crypt-4406E80E13CD656C

37
users/ben/default.nix Normal file
View file

@ -0,0 +1,37 @@
{ config, pkgs, lib, ... }:
let
psCfg = config.pub-solar;
in
{
imports = [
./home.nix
];
config = {
pub-solar = {
# These are your personal settings
# The only required settings are `name` and `password`,
# The rest is used for programs like git
user = {
name = "ben";
password = "$6$LO2YoaHwuRQhUoSz$iHw9avM887eJg9cIty2nmG4Ibkol3YpviEhYpivVQP31VrnihFz/6LyugxD7X4VmXx9nxvcYIZnN90rlGxwjT.";
fullName = "Benjamin Bädorf";
email = "hello@benjaminbaedorf.eu";
gpgKeyId = "4406E80E13CD656C";
};
email.enable = true;
uhk.enable = true;
};
networking.hosts = {
"127.0.0.1" = [
"openproject.local"
"saas-1.openproject.local"
"transmission.local"
];
};
fonts.fonts = lib.attrValues pkgs.b12f.fonts;
};
}

50
users/ben/home.nix Normal file
View file

@ -0,0 +1,50 @@
{ config, pkgs, lib, ... }:
with lib;
let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in
{
imports = [
./session-variables.nix
];
home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
home.packages = with pkgs; [
dogecoin
];
programs.ssh = {
enable = true;
matchBlocks = {
"git.b12f.io" = {
hostname = "git.b12f.io";
port = 2222;
user = "git";
};
"aur.archlinux.org" = {
user = "aur";
};
};
};
xdg.configFile."mutt/accounts.muttrc".text = ''
source ./hello@benjaminbaedorf.eu.muttrc
macro index <f1> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/hello@benjaminbaedorf.eu.muttrc<enter><change-folder>!<enter>'
macro index <f2> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/benjamin.baedorf@rwth-aachen.de.muttrc<enter><change-folder>!<enter>'
macro index <f3> '<sync-mailbox><enter-command>source $XDG_CONFIG_HOME/mutt/b.baedorf@openproject.com.muttrc<enter><change-folder>!<enter>'
'';
xdg.configFile."mutt/hello@benjaminbaedorf.eu.muttrc".source = ./.config/mutt + "/hello@benjaminbaedorf.eu.muttrc";
xdg.configFile."mutt/benjamin.baedorf@rwth-aachen.de.muttrc".source = ./.config/mutt + "/benjamin.baedorf@rwth-aachen.de.muttrc";
xdg.configFile."mutt/hello@benjaminbaedorf.eu.signature".source = ./.config/mutt + "/hello@benjaminbaedorf.eu.signature";
xdg.configFile."mutt/b.baedorf@openproject.com.muttrc".source = ./.config/mutt + "/b.baedorf@openproject.com.muttrc";
xdg.configFile."mutt/b.baedorf@openproject.com.signature".source = ./.config/mutt + "/b.baedorf@openproject.com.signature";
xdg.configFile."offlineimap/config".source = ./.config/offlineimap/config;
xdg.configFile."msmtp/config".source = ./.config/msmtp/config;
# xdg.configFile."wallpaper.jpg".source = ./assets/wallpaper.jpg;
};
services.mopidy.configuration = mkIf config.pub-solar.audio.enable (builtins.readFile ./secrets/mopidy.conf);
}

Binary file not shown.

View file

@ -0,0 +1,14 @@
{ config, pkgs, ... }:
let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in
{
home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
home.sessionVariables = {
DRONE_SERVER = "https://ci.b12f.io";
RESTIC_REPOSITORY = "sftp:root@backup.b12f.io:/media/internal/backups";
RESTIC_PASSWORD_COMMAND = "secret-tool lookup restic repository-password";
};
};
}