From 6c40b31e799e8ffe2a026f26cdd649a76867f42c Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sun, 6 Jun 2021 15:22:44 +0200 Subject: [PATCH] Initial teutat3s commit --- flake.lock | 211 +++++++++++++-- flake.nix | 2 + .../.config/sway/config.d/applications.conf | 14 + .../con/.config/sway/config.d/autostart.conf | 6 + .../sway/config.d/custom-keybindings.conf | 5 + .../.config/sway/config.d/input-defaults.conf | 35 +++ hosts/con/.config/sway/config.d/screens.conf | 41 +++ hosts/con/.gitattributes | 1 + hosts/con/default.nix | 26 ++ hosts/con/secrets/keyfile.bin | Bin 0 -> 2070 bytes hosts/dumpyourvms.nix | 6 + .../.config/sway/config.d/applications.conf | 14 + .../.config/sway/config.d/autostart.conf | 6 + .../sway/config.d/custom-keybindings.conf | 3 + .../.config/sway/config.d/input-defaults.conf | 34 +++ .../.config/sway/config.d/screens.conf | 41 +++ hosts/dumpyourvms/.gitattributes | 1 + hosts/dumpyourvms/consul-agent-ca.pem | 21 ++ hosts/dumpyourvms/default.nix | 75 ++++++ hosts/dumpyourvms/hardware-configuration.nix | 37 +++ hosts/dumpyourvms/networking.nix | 52 ++++ hosts/dumpyourvms/secrets/keyfile.bin | Bin 0 -> 2070 bytes hosts/dumpyourvms/unbound.nix | 54 ++++ .../.config/sway/config.d/autostart.conf | 6 + .../.config/sway/config.d/input-defaults.conf | 30 +++ .../.config/sway/config.d/screens.conf | 33 +++ hosts/ryzensun/.gitattributes | 1 + hosts/ryzensun/default.nix | 17 ++ .../virtualisation/create-service.nix | 77 ++++++ hosts/ryzensun/virtualisation/default.nix | 43 +++ .../ryzensun/virtualisation/generate-xml.nix | 246 ++++++++++++++++++ hosts/ryzensun/virtualisation/network-xml.nix | 19 ++ users/teutat3s/.config/git/config.nix | 8 + .../.config/git/config_git.b12f.io.nix | 7 + .../.config/git/config_greenbaum.cloud.nix | 7 + users/teutat3s/default.nix | 26 ++ users/teutat3s/home.nix | 76 ++++++ users/teutat3s/session-variables.nix | 12 + users/teutat3s/zshrc.nix | 86 ++++++ 39 files changed, 1352 insertions(+), 27 deletions(-) create mode 100644 hosts/con/.config/sway/config.d/applications.conf create mode 100644 hosts/con/.config/sway/config.d/autostart.conf create mode 100644 hosts/con/.config/sway/config.d/custom-keybindings.conf create mode 100644 hosts/con/.config/sway/config.d/input-defaults.conf create mode 100644 hosts/con/.config/sway/config.d/screens.conf create mode 100644 hosts/con/.gitattributes create mode 100644 hosts/con/default.nix create mode 100644 hosts/con/secrets/keyfile.bin create mode 100644 hosts/dumpyourvms.nix create mode 100644 hosts/dumpyourvms/.config/sway/config.d/applications.conf create mode 100644 hosts/dumpyourvms/.config/sway/config.d/autostart.conf create mode 100644 hosts/dumpyourvms/.config/sway/config.d/custom-keybindings.conf create mode 100644 hosts/dumpyourvms/.config/sway/config.d/input-defaults.conf create mode 100644 hosts/dumpyourvms/.config/sway/config.d/screens.conf create mode 100644 hosts/dumpyourvms/.gitattributes create mode 100644 hosts/dumpyourvms/consul-agent-ca.pem create mode 100644 hosts/dumpyourvms/default.nix create mode 100644 hosts/dumpyourvms/hardware-configuration.nix create mode 100644 hosts/dumpyourvms/networking.nix create mode 100644 hosts/dumpyourvms/secrets/keyfile.bin create mode 100644 hosts/dumpyourvms/unbound.nix create mode 100644 hosts/ryzensun/.config/sway/config.d/autostart.conf create mode 100644 hosts/ryzensun/.config/sway/config.d/input-defaults.conf create mode 100644 hosts/ryzensun/.config/sway/config.d/screens.conf create mode 100644 hosts/ryzensun/.gitattributes create mode 100644 hosts/ryzensun/default.nix create mode 100644 hosts/ryzensun/virtualisation/create-service.nix create mode 100644 hosts/ryzensun/virtualisation/default.nix create mode 100644 hosts/ryzensun/virtualisation/generate-xml.nix create mode 100644 hosts/ryzensun/virtualisation/network-xml.nix create mode 100644 users/teutat3s/.config/git/config.nix create mode 100644 users/teutat3s/.config/git/config_git.b12f.io.nix create mode 100644 users/teutat3s/.config/git/config_greenbaum.cloud.nix create mode 100644 users/teutat3s/default.nix create mode 100644 users/teutat3s/home.nix create mode 100644 users/teutat3s/session-variables.nix create mode 100644 users/teutat3s/zshrc.nix diff --git a/flake.lock b/flake.lock index b0820712..047ab202 100644 --- a/flake.lock +++ b/flake.lock @@ -15,11 +15,11 @@ "pre-commit-hooks-nix": "pre-commit-hooks-nix" }, "locked": { - "lastModified": 1619088868, - "narHash": "sha256-l9db+HpNIkY41MonGE8z4pbkjBa5BdzJTG5AxV7V7Lw=", + "lastModified": 1620750556, + "narHash": "sha256-J+z8oduu9u1FZ8spSowrgyAmtnBUIUDImqfQCZ58heo=", "owner": "hercules-ci", "repo": "hercules-ci-agent", - "rev": "08f953a263518a3af0ca28cd887020ff3465bdf5", + "rev": "f62ce85aed4c4a7fca9e5da2b00340bbcdc92f88", "type": "github" }, "original": { @@ -35,11 +35,11 @@ ] }, "locked": { - "lastModified": 1613595894, - "narHash": "sha256-MOk/7rCAUB5Lf4GL+HimvyAAZXYEw8gWsq5nW4PPQQA=", + "lastModified": 1622060422, + "narHash": "sha256-hPVlvrAyf6zL7tTx0lpK+tMxEfZeMiIZ/A2xaJ41WOY=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "5c3146b75d5d478f0693d0ea6c83f1da8382ff56", + "rev": "007d700e644ac588ad6668e6439950a5b6e2ff64", "type": "github" }, "original": { @@ -93,11 +93,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1621354376, - "narHash": "sha256-b597Jj8B1Nq4NX/Gl/+bYGKqJxpSfUtr1Nmp9m1DND8=", + "lastModified": 1622484894, + "narHash": "sha256-n3Vn4H1muqDcoMtXS59c0ZZthSJ11gFAodfo1LSQvj8=", "owner": "divnix", "repo": "digga", - "rev": "5ef9b8cabbc10c9b4fe5534107224c7241c63b3d", + "rev": "0cbc8bd4defee8fddc0c582556267bd2c1c02704", "type": "github" }, "original": { @@ -138,6 +138,22 @@ "type": "github" } }, + "flake-compat_3": { + "flake": false, + "locked": { + "lastModified": 1606424373, + "narHash": "sha256-oq8d4//CJOrVj+EcOaSXvMebvuTkmBJuT5tzlfewUnQ=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "99f1c2157fba4bfe6211a321fd0ee43199025dbf", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-utils": { "locked": { "lastModified": 1620759905, @@ -153,6 +169,36 @@ "type": "github" } }, + "flake-utils_2": { + "locked": { + "lastModified": 1610051610, + "narHash": "sha256-U9rPz/usA1/Aohhk7Cmc2gBrEEKRzcW4nwPWMPwja4Y=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "3982c9903e93927c2164caa727cd3f6a0e6d14cc", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_3": { + "locked": { + "lastModified": 1619345332, + "narHash": "sha256-qHnQkEp1uklKTpx3MvKtY6xzgcqXDsz5nLilbbuL+3A=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "2ebf2558e5bf978c7fb8ea927dfaed8fefab2e28", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home": { "inputs": { "nixpkgs": [ @@ -160,11 +206,11 @@ ] }, "locked": { - "lastModified": 1616724076, - "narHash": "sha256-SwbPXLjN2sLy4NL/GhodiJrdkIVZwGGTGiCN3JxH1cU=", + "lastModified": 1622938142, + "narHash": "sha256-eNA2HPZI/iO4MCi/FCs+nRuFbpuMplM93Aj6YA2XCyY=", "owner": "nix-community", "repo": "home-manager", - "rev": "fedfd430f96695997b3eaf8d7e82ca79406afa23", + "rev": "7591c8041d290d4bb99679e9fed2d8061a8f0435", "type": "github" }, "original": { @@ -175,11 +221,11 @@ }, "latest": { "locked": { - "lastModified": 1619400530, - "narHash": "sha256-7ZO7B+b9i1wFbHw62EFT+iwuBBpXeA/fcHlR63Z4J0w=", + "lastModified": 1622984109, + "narHash": "sha256-geVjAIToERcsjmHQo2tdD0UaLNk+k68nI5XCRmE3tHM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e8dc8adab655eb27957859c62bef11484b53f639", + "rev": "690496c4e545e68482b5c162a03f0a4f97d35373", "type": "github" }, "original": { @@ -215,11 +261,11 @@ ] }, "locked": { - "lastModified": 1614785451, - "narHash": "sha256-TPw8kQvr2UNCuvndtY+EjyXp6Q5GEW2l9UafXXh1XmI=", + "lastModified": 1622810282, + "narHash": "sha256-4wmvM3/xfD0hCdNDIXVzRMfL4yB1J+DjH6Zte2xbAxk=", "owner": "nmattia", "repo": "naersk", - "rev": "e0fe990b478a66178a58c69cf53daec0478ca6f9", + "rev": "e8061169e1495871b56be97c5c51d310fae01374", "type": "github" }, "original": { @@ -228,6 +274,68 @@ "type": "github" } }, + "neovim-flake": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "dir": "contrib", + "lastModified": 1622951124, + "narHash": "sha256-UbAiCtoQ1T+Uv3p6Nf3ORd4BS/3g8biQyLi3uO9pBXI=", + "owner": "neovim", + "repo": "neovim", + "rev": "b3e3ab0567a1a3c2f97de943ef9d7b24c0008979", + "type": "github" + }, + "original": { + "dir": "contrib", + "owner": "neovim", + "repo": "neovim", + "type": "github" + } + }, + "neovim-nightly": { + "inputs": { + "flake-compat": "flake-compat_3", + "neovim-flake": "neovim-flake", + "nixpkgs": "nixpkgs_3" + }, + "locked": { + "lastModified": 1622968938, + "narHash": "sha256-ms8m1Iyy4eDMUzyQVNwvxlfUxiXIi2994IstzdM66pE=", + "owner": "nix-community", + "repo": "neovim-nightly-overlay", + "rev": "c67067465cbfec02720e0b1308d6fe565bc22e1b", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "neovim-nightly-overlay", + "type": "github" + } + }, + "nix-dram": { + "inputs": { + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_4" + }, + "locked": { + "lastModified": 1620663773, + "narHash": "sha256-Nfc2g9xUCPYBFKE5O7OdrDpCVspwk64S8EbsDYoY38c=", + "owner": "dramforever", + "repo": "nix-dram", + "rev": "86485e22621b17bcc4472889eedbd562498bb5a2", + "type": "github" + }, + "original": { + "owner": "dramforever", + "repo": "nix-dram", + "type": "github" + } + }, "nixlib": { "locked": { "lastModified": 1620519687, @@ -245,11 +353,11 @@ }, "nixos": { "locked": { - "lastModified": 1615797423, - "narHash": "sha256-5NGDZXPQzuoxf/42NiyC9YwwhwzfMfIRrz3aT0XHzSc=", + "lastModified": 1622797669, + "narHash": "sha256-xIyWeoYExzF0KNaKcqfxEX58fN4JTIQxTJWbsAujllc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "266dc8c3d052f549826ba246d06787a219533b8f", + "rev": "1ca6b0a0cc38dbba0441202535c92841dd39d1ae", "type": "github" }, "original": { @@ -260,11 +368,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1615652054, - "narHash": "sha256-jqXKU8Ovpi7MmPRqGf2FB3QOPcZtGwO2MFc0AYiOPjg=", + "lastModified": 1622521809, + "narHash": "sha256-7XcqrtrHDeaasKzg/ruroLsC2fb6Fi3aenCrv1+xVLk=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "31f61b90ddb9257b94888ee17ccf96236e180c76", + "rev": "b2186d6c3cdc58fb3a8def0f608bcae61138cc6f", "type": "github" }, "original": { @@ -304,13 +412,59 @@ "type": "github" } }, + "nixpkgs_3": { + "locked": { + "lastModified": 1622797669, + "narHash": "sha256-xIyWeoYExzF0KNaKcqfxEX58fN4JTIQxTJWbsAujllc=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "1ca6b0a0cc38dbba0441202535c92841dd39d1ae", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1620340338, + "narHash": "sha256-Op/4K0+Z9Sp5jtFH0s/zMM4H7VFZxrekcAmjQ6JpQ4w=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "63586475587d7e0e078291ad4b49b6f6a6885100", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { + "locked": { + "lastModified": 1622984109, + "narHash": "sha256-geVjAIToERcsjmHQo2tdD0UaLNk+k68nI5XCRmE3tHM=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "690496c4e545e68482b5c162a03f0a4f97d35373", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, "nur": { "locked": { - "lastModified": 1615921934, - "narHash": "sha256-nURGM869KKA1+c1SHHsXKYcPXhHIuxWBjNXjJ90OzRQ=", + "lastModified": 1622977420, + "narHash": "sha256-7ftFD75ACb7R9YFwcLxOMhYYYuFyW8Yyqccq0DCIvek=", "owner": "nix-community", "repo": "NUR", - "rev": "faf862e8cf009edfa38ecc61188f7a6ace293552", + "rev": "3c7f52ed2f37964fe83a4b2ba0bc9db1f1cde5af", "type": "github" }, "original": { @@ -358,8 +512,11 @@ "home": "home", "latest": "latest", "naersk": "naersk_2", + "neovim-nightly": "neovim-nightly", + "nix-dram": "nix-dram", "nixos": "nixos", "nixos-hardware": "nixos-hardware", + "nixpkgs": "nixpkgs_5", "nur": "nur", "pkgs": "pkgs" } diff --git a/flake.nix b/flake.nix index 036e3db9..11a0fd54 100644 --- a/flake.nix +++ b/flake.nix @@ -84,6 +84,8 @@ base = [ core users.nixos users.root ]; pubsolaros = [ core base-user users.root ]; anonymous = [ pubsolaros users.nixos ]; + teutat3s = [ base users.teutat3s ]; + dumpyourvms = [ teutat3s graphical ]; }; }; diff --git a/hosts/con/.config/sway/config.d/applications.conf b/hosts/con/.config/sway/config.d/applications.conf new file mode 100644 index 00000000..c528a114 --- /dev/null +++ b/hosts/con/.config/sway/config.d/applications.conf @@ -0,0 +1,14 @@ +assign [app_id="firefox"] $ws2 + +# seahorse +for_window [title="seahorse"] floating enabled + +# NetworkManager +for_window [title="Network Connections"] floating enabled + +# thunderbird +for_window [title="New Task:*"] floating enabled +for_window [title="Edit Task:*"] floating enabled +for_window [title="New Event:*"] floating enabled +for_window [title="Edit Event:*"] floating enabled + diff --git a/hosts/con/.config/sway/config.d/autostart.conf b/hosts/con/.config/sway/config.d/autostart.conf new file mode 100644 index 00000000..8ed35abb --- /dev/null +++ b/hosts/con/.config/sway/config.d/autostart.conf @@ -0,0 +1,6 @@ +# Autostart applications +# +# Example: +# exec swayidle + +#exec qMasterPassword diff --git a/hosts/con/.config/sway/config.d/custom-keybindings.conf b/hosts/con/.config/sway/config.d/custom-keybindings.conf new file mode 100644 index 00000000..e678cb75 --- /dev/null +++ b/hosts/con/.config/sway/config.d/custom-keybindings.conf @@ -0,0 +1,5 @@ +# switch keyboard input language +bindsym $mod+tab exec swaymsg input "1:1:AT_Translated_Set_2_keyboard" xkb_switch_layout next + +bindsym $mod+Shift+F2 exec chromium --enable-features=UseOzonePlatform --ozone-platform=wayland + diff --git a/hosts/con/.config/sway/config.d/input-defaults.conf b/hosts/con/.config/sway/config.d/input-defaults.conf new file mode 100644 index 00000000..11773d48 --- /dev/null +++ b/hosts/con/.config/sway/config.d/input-defaults.conf @@ -0,0 +1,35 @@ +### Input configuration +# +# You can get the names of your inputs by running: swaymsg -t get_inputs +# Read `man 5 sway-input` for more information about this section. + +input "type:keyboard" { + xkb_layout us,de + xkb_model pc105 + xkb_options altwin:swap_alt_win +} + +input "type:touchpad" { + tap enabled + natural_scroll enabled +} + +# Touchpad controls +#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad + +# Screen brightness controls +bindsym XF86MonBrightnessUp exec "brightnessctl -d intel_backlight set +10%; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {print $4}')" +bindsym XF86MonBrightnessDown exec "brightnessctl -d intel_backlight set 10%-; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ { print $4}')" + +# Keyboard backlight brightness controls +bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')" +bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')" + +# Pulse Audio controls +bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume +bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume +bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound +# Media player controls +bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'" +bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'" +bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'" diff --git a/hosts/con/.config/sway/config.d/screens.conf b/hosts/con/.config/sway/config.d/screens.conf new file mode 100644 index 00000000..3ff444e0 --- /dev/null +++ b/hosts/con/.config/sway/config.d/screens.conf @@ -0,0 +1,41 @@ +### Output configuration +# +# Example configuration: +# +# output HDMI-A-1 resolution 1920x1080 position 1920,0 +# +# You can get the names of your outputs by running: swaymsg -t get_outputs + +set $main_screen eDP-1 +set $displayport DP-1 +set $hmdi HDMI-A-1 + +output $main_screen +output $displayport scale 2 +output $hdmi scale 1 + +output $main_screen pos 0 0 +output $displayport pos 0 -1200 +output $hdmi pos 1920 0 + +#bindswitch lid:on output $main_screen disable +#bindswitch lid:off output $main_screen enable +bindsym $mod+Shift+x output $main_screen toggle + +# TODO when using more monitors +## Manual management of external displays +# Set the shortcuts and what they do +#set $mode_display HDMI (i) top, (j) left, (k) bottom, (l) right, (o) off +#mode "$mode_display" { +# bindsym i output HDMI-A-1 enable; output HDMI-A-1 pos 0 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 1080, mode "default" +# bindsym j output HDMI-A-1 enable; output HDMI-A-1 pos 0 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 1920 0, mode "default" +# bindsym k output HDMI-A-1 enable; output HDMI-A-1 pos 0 900 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 0, mode "default" +# bindsym l output HDMI-A-1 enable; output HDMI-A-1 pos 1440 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 0, mode "default" +# bindsym o output HDMI-A-1 disable, mode "default" +# +# # back to normal: Enter or Escape +# bindsym Return mode "default" +# bindsym Escape mode "default" +#} +## Declare here the shortcut to bring the display selection menu +#bindsym $mod+x mode "$mode_display" diff --git a/hosts/con/.gitattributes b/hosts/con/.gitattributes new file mode 100644 index 00000000..5a37d556 --- /dev/null +++ b/hosts/con/.gitattributes @@ -0,0 +1 @@ +secrets/** filter=git-crypt-18DAE600A6BBE705 diff=git-crypt-18DAE600A6BBE705 diff --git a/hosts/con/default.nix b/hosts/con/default.nix new file mode 100644 index 00000000..95238b8c --- /dev/null +++ b/hosts/con/default.nix @@ -0,0 +1,26 @@ +{ config, pkgs, lib, ... }: +with lib; +let + psCfg = config.pub-solar; + xdg = config.home-manager.users."${psCfg.user.name}".xdg; +in +{ + config = { + home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] { + home.sessionVariables = { + DOCKER_BUILDKIT = "1"; + }; + # Custom device sway configs + xdg.configFile = mkIf psCfg.sway.enable { + "sway/config.d/10-applications.conf".source = ./.config/sway/config.d/applications.conf; + "sway/config.d/autostart.conf".source = ./.config/sway/config.d/autostart.conf; + "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf; + "sway/config.d/input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf; + "sway/config.d/screens.conf".source = ./.config/sway/config.d/screens.conf; + }; + }; + networking.hosts = { + "127.0.0.1" = [ "virtrex.test" "expo.test" "proxy.test" ]; + }; + }; +} diff --git a/hosts/con/secrets/keyfile.bin b/hosts/con/secrets/keyfile.bin new file mode 100644 index 0000000000000000000000000000000000000000..73bc3a7a373efb61eae46b5c7f6b9bbf16e3da75 GIT binary patch literal 2070 zcmV+x2GghwUMe08FEIH4F9ZeWtV(Ncluy1WU+Hh>_VOo zV5(*$lww41{Dt|>fa2^*)gH4VBKw(m{4SsJ<4ySK41Cutf-Rx1O^Gpqv)KgYY>`3S zhX1el>!FtXH~~z^VfG^S46~=O=M}v7CqgGUtXiR{+7#&u{3x0M67NIUfsT}MFAVC$ zG3Up;uTa9V>iO_&!PGeBRy{61G zn8J1C5Be=iu+iRmur|!(esk$14_t+CMF6lBl%?E4l-|LmlM{Lp_Ccc;;wq(xS>4C3xGtitGBFXNY%tj%bsZ&f6ak& z`*@YkM`U-vs8D|OqCmiFZXz&lTE;Vk5fSOR(lNgbYZD>BGbD&%IWv~WnNIqt0|$t~ zv+w4JCiJERr#W4)d_QDh>`Wu; zzza#~Zl>9mAHDaaSf?r&%TpAtR5J|^x_tat%0|bN`ZIVUSK&y?aOdd)&7AXl!U_P( z{JrELl2~~#R{HGIX@BTzW|hel+@n;!Z`@ObuTISL>y-UExf+#tA)2R^n4<^0t#iTQ zjmnF@$ZoSre6X`fggc!?S#|9ZiqE5Hs-{MMsW?!(ek-<_ICXkDts~4l?$OjcqgQic zH)W!yL2Hekg019vg802pIVNxIXMKxauGw_o!@fq0h`rLPUP(oLk%Y($_Aga!1svbm!j?n+=tq~ZY`EE06f0OB+MBJCv2Tq zX^6o#w3LcfdUr5B2#(-$uO!ItPIXFyO}oUlEIK~f0Y|9msYiJsZOUQO7?syb)!pO@pEEV9m>ly^HU96L0k{#>Ri0Ux? ze$T1bU9Rw4dXA-W8+e5>Xpf->WCAzy3ha$UJB5<(^Zk^>sY8Gf8|8VoPIKHMs+*() zslH-q*KqR%&R5#PnE-=5O%9%ehkZZ`@&XNX2y8 zs6MHE4hyTybDFy&Yr2fhtUr2Vmy%{5tTg|{B@VpvUivkrp^JU)7r_@@2scQB&nhFg zXuRZE(8F%mvmYm>5TC`jD5*vmmi9NnTS>4M zT}e9yY;E0zdzi)xJT4FA3n0r}b#H3}!mf&YlHN%Y@{5c{I{v~T>c(lL+pvzK{R5u$ ze%MJF{1epsRPEkjbpF6 zZNB#*1dF;l7i+WVQXcG(Q?E$kfrsDk08)tn3$|fH5u22miCmJlZR|Pb5WT}YUH(^V zq6$68aTUX8?*{O|wJT;NJN7|R4|>!0!|hYMYNmHLK&ChGo`CON$~-W}jm*K2Ru z=1L{GY-gvyr{FP)ET2y_*u8(w&XRAzK`s*^T`yJ+vphK+KPsvFfM@ed!4E-H7@X` zY$&Je0;D5dBoC(@D@u}DZ=7>nqU*;1E3I;yTTnMXohDze@3twXAD_ZQ*t~SG zU?>>QHtjmVqIgiwXgvMM6j=KP=EBDo!LtFf|MQUJt`{M)BnvSA)eu^lbH+4>4W(j< zXo_O*D{NP?(F9%5C_%nyi%sVaRc3Rl=}4#5Wqr-Pec`>0Y$CB2Ou*DVu2&4u*w2?^yGVC>H>6T7_7uS_scU({a%BUzZre@<>fyFeRg}(VOS3Pc2hT|Egwa z;wq0M9pWj;UBZ1Edo+L?c-;Alj9iywf})%?!SL^Qri|Q66$0lchPH=Px7Q(0tzUQy z_UOY6JpG@cSpMR7*arn#cdVJ9zJk1IGB{n`H+n468%+p1`|y}Vwn*n$xP%Ggy^5J^ zmE`IIZ9CyNN`Ik=<%c;=glj&nsJ~A{fYJ5 z9C?lQ!<-DzPbrlpi#MqT+U_ULmtK%i2ew>SECfIK3RE0aI05twILw4_fvllUN`IAV34nr`iu z*P4!6Xe0>PG%@`zhkrvaIl&I8<|8;=Z`?`PqlAnU AkN^Mx literal 0 HcmV?d00001 diff --git a/hosts/dumpyourvms.nix b/hosts/dumpyourvms.nix new file mode 100644 index 00000000..d4d9802f --- /dev/null +++ b/hosts/dumpyourvms.nix @@ -0,0 +1,6 @@ +{ suites, ... }: +{ + imports = [ + ./dumpyourvms + ] ++ suites.dumpyourvms; +} diff --git a/hosts/dumpyourvms/.config/sway/config.d/applications.conf b/hosts/dumpyourvms/.config/sway/config.d/applications.conf new file mode 100644 index 00000000..c528a114 --- /dev/null +++ b/hosts/dumpyourvms/.config/sway/config.d/applications.conf @@ -0,0 +1,14 @@ +assign [app_id="firefox"] $ws2 + +# seahorse +for_window [title="seahorse"] floating enabled + +# NetworkManager +for_window [title="Network Connections"] floating enabled + +# thunderbird +for_window [title="New Task:*"] floating enabled +for_window [title="Edit Task:*"] floating enabled +for_window [title="New Event:*"] floating enabled +for_window [title="Edit Event:*"] floating enabled + diff --git a/hosts/dumpyourvms/.config/sway/config.d/autostart.conf b/hosts/dumpyourvms/.config/sway/config.d/autostart.conf new file mode 100644 index 00000000..8ed35abb --- /dev/null +++ b/hosts/dumpyourvms/.config/sway/config.d/autostart.conf @@ -0,0 +1,6 @@ +# Autostart applications +# +# Example: +# exec swayidle + +#exec qMasterPassword diff --git a/hosts/dumpyourvms/.config/sway/config.d/custom-keybindings.conf b/hosts/dumpyourvms/.config/sway/config.d/custom-keybindings.conf new file mode 100644 index 00000000..dfe31ce2 --- /dev/null +++ b/hosts/dumpyourvms/.config/sway/config.d/custom-keybindings.conf @@ -0,0 +1,3 @@ +# switch keyboard input language +bindsym $mod+tab exec swaymsg input "1452:628:Apple_Inc._Apple_Internal_Keyboard_/_Trackpad" xkb_switch_layout next + diff --git a/hosts/dumpyourvms/.config/sway/config.d/input-defaults.conf b/hosts/dumpyourvms/.config/sway/config.d/input-defaults.conf new file mode 100644 index 00000000..74fd8d38 --- /dev/null +++ b/hosts/dumpyourvms/.config/sway/config.d/input-defaults.conf @@ -0,0 +1,34 @@ +### Input configuration +# +# You can get the names of your inputs by running: swaymsg -t get_inputs +# Read `man 5 sway-input` for more information about this section. + +input "type:keyboard" { + xkb_layout us,de + xkb_model pc105 +} + +input "type:touchpad" { + tap enabled + natural_scroll enabled +} + +# Touchpad controls +#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad + +# Screen brightness controls +bindsym XF86MonBrightnessUp exec "brightnessctl -d gmux_backlight set +10%; notify-send $(brightnessctl -d gmux_backlight i | awk '/Current/ {print $4}')" +bindsym XF86MonBrightnessDown exec "brightnessctl -d gmux_backlight set 10%-; notify-send $(brightnessctl -d gmux_backlight i | awk '/Current/ { print $4}')" + +# Keyboard backlight brightness controls +bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')" +bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')" + +# Pulse Audio controls +bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume +bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume +bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound +# Media player controls +bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'" +bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'" +bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'" diff --git a/hosts/dumpyourvms/.config/sway/config.d/screens.conf b/hosts/dumpyourvms/.config/sway/config.d/screens.conf new file mode 100644 index 00000000..a760d4c2 --- /dev/null +++ b/hosts/dumpyourvms/.config/sway/config.d/screens.conf @@ -0,0 +1,41 @@ +### Output configuration +# +# Example configuration: +# +# output HDMI-A-1 resolution 1920x1080 position 1920,0 +# +# You can get the names of your outputs by running: swaymsg -t get_outputs + +set $main_screen eDP-1 +set $displayport DP-1 +set $hmdi HDMI-A-1 + +output $main_screen scale 2 +output $displayport scale 2 +output $hdmi scale 1 + +output $main_screen pos 0 0 +output $displayport pos 0 -1080 +output $hdmi pos 1440 0 + +#bindswitch lid:on output $main_screen disable +#bindswitch lid:off output $main_screen enable +bindsym $mod+Shift+x output $main_screen toggle + +# TODO when using more monitors +## Manual management of external displays +# Set the shortcuts and what they do +#set $mode_display HDMI (i) top, (j) left, (k) bottom, (l) right, (o) off +#mode "$mode_display" { +# bindsym i output HDMI-A-1 enable; output HDMI-A-1 pos 0 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 1080, mode "default" +# bindsym j output HDMI-A-1 enable; output HDMI-A-1 pos 0 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 1920 0, mode "default" +# bindsym k output HDMI-A-1 enable; output HDMI-A-1 pos 0 900 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 0, mode "default" +# bindsym l output HDMI-A-1 enable; output HDMI-A-1 pos 1440 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 0, mode "default" +# bindsym o output HDMI-A-1 disable, mode "default" +# +# # back to normal: Enter or Escape +# bindsym Return mode "default" +# bindsym Escape mode "default" +#} +## Declare here the shortcut to bring the display selection menu +#bindsym $mod+x mode "$mode_display" diff --git a/hosts/dumpyourvms/.gitattributes b/hosts/dumpyourvms/.gitattributes new file mode 100644 index 00000000..5a37d556 --- /dev/null +++ b/hosts/dumpyourvms/.gitattributes @@ -0,0 +1 @@ +secrets/** filter=git-crypt-18DAE600A6BBE705 diff=git-crypt-18DAE600A6BBE705 diff --git a/hosts/dumpyourvms/consul-agent-ca.pem b/hosts/dumpyourvms/consul-agent-ca.pem new file mode 100644 index 00000000..4413687f --- /dev/null +++ b/hosts/dumpyourvms/consul-agent-ca.pem @@ -0,0 +1,21 @@ +-----BEGIN CERTIFICATE----- +MIIDbzCCAxSgAwIBAgIRAMK20/fFF0YVThq8xm/YvBswCgYIKoZIzj0EAwIwgbkx +CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj +bzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw +FQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB +IDI1ODgxOTUyODQyOTMwNjIxMjY4NDgwMTUxODE3OTM2NjUxNzc4NzAeFw0xOTEx +MDYwMDI3MzVaFw0yNDExMDQwMDI3MzVaMIG5MQswCQYDVQQGEwJVUzELMAkGA1UE +CBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xGjAYBgNVBAkTETEwMSBTZWNv +bmQgU3RyZWV0MQ4wDAYDVQQREwU5NDEwNTEXMBUGA1UEChMOSGFzaGlDb3JwIElu +Yy4xQDA+BgNVBAMTN0NvbnN1bCBBZ2VudCBDQSAyNTg4MTk1Mjg0MjkzMDYyMTI2 +ODQ4MDE1MTgxNzkzNjY1MTc3ODcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQE +SZ2kc9rKUNX3czze+rFR/bZdLx3JEYrpcSXKkpv1wr68E1Jqhi/8Dm8b62Ei/Bc6 +ZhoJvtB2Shtl+6LbjccUo4H6MIH3MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8E +BTADAQH/MGgGA1UdDgRhBF9hZjo4MzoyZTpiOToyZTozMzo5MDplOTpkMjpiNzpj +NjpjYzpkYToxODoyYTphNzpjMzo5ZTozMTpmNTpkZTo4Mzo4YzozMDo0Mjo3OTo4 +ZDo0ZDpmZDozMjo2NzpiYjBqBgNVHSMEYzBhgF9hZjo4MzoyZTpiOToyZTozMzo5 +MDplOTpkMjpiNzpjNjpjYzpkYToxODoyYTphNzpjMzo5ZTozMTpmNTpkZTo4Mzo4 +YzozMDo0Mjo3OTo4ZDo0ZDpmZDozMjo2NzpiYjAKBggqhkjOPQQDAgNJADBGAiEA +zKCV25P6HqFEa1iUVQnsNAp/WHUwxNlR0OctZSdiuIkCIQDiRK03ZYSK/hmY9kXV +42nj6kO8MexfiYN4IE4URmzYnA== +-----END CERTIFICATE----- diff --git a/hosts/dumpyourvms/default.nix b/hosts/dumpyourvms/default.nix new file mode 100644 index 00000000..c1eebb60 --- /dev/null +++ b/hosts/dumpyourvms/default.nix @@ -0,0 +1,75 @@ +{ config, pkgs, lib, ... }: +with lib; +let + psCfg = config.pub-solar; + xdg = config.home-manager.users."${psCfg.user.name}".xdg; +in +{ + imports = [ + ./hardware-configuration.nix + ]; + + config = { + pub-solar.x-os.keyfile = "/home/teutat3s/flk/hosts/dumpyourvms/secrets/keyfile.bin"; + + # fix backlight for keyboard and brightness, adjust function key binding + boot.kernelParams = [ "acpi_backlight=video" "hid_apple.fnmode=2" ]; + boot.loader.efi.canTouchEfiVariables = true; + + hardware = { + cpu.intel.updateMicrocode = true; + facetimehd.enable = true; + }; + + networking = import ./networking.nix; + + security.pki.certificateFiles = [ ./consul-agent-ca.pem ]; + + services.unbound = import ./unbound.nix; + + # Radeon driver seems to work better than amdgpu with Radeon R9 M370X + services.xserver.videoDrivers = [ "radeon" ]; + + # Thunderbolt tools + services.hardware.bolt.enable = true; + + services.udev.extraRules = + # Disable XHC1 wakeup signal to avoid resume getting triggered some time + # after suspend. Reboot required for this to take effect. + ''SUBSYSTEM=="pci", KERNEL=="0000:00:14.0", ATTR{power/wakeup}="disabled"''; + + + services.printing.enable = true; + services.printing.drivers = [ pkgs.brlaser ]; + + home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] { + # Custom device sway configs + xdg.configFile = mkIf psCfg.sway.enable { + "sway/config.d/10-applications.conf".source = ./.config/sway/config.d/applications.conf; + "sway/config.d/autostart.conf".source = ./.config/sway/config.d/autostart.conf; + "sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf; + "sway/config.d/input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf; + "sway/config.d/screens.conf".source = ./.config/sway/config.d/screens.conf; + }; + }; + + users.users.teutat3s = { + extraGroups = [ "unbound" ]; + }; + + + # WLAN frequency compliance (e.g. check for radar with DFS) + hardware.firmware = with pkgs; [ wireless-regdb ]; + boot.extraModprobeConfig = '' + options cfg80211 ieee80211_regdom="DE" + ''; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "21.05"; # Did you read the comment? + }; +} diff --git a/hosts/dumpyourvms/hardware-configuration.nix b/hosts/dumpyourvms/hardware-configuration.nix new file mode 100644 index 00000000..6d2c9b64 --- /dev/null +++ b/hosts/dumpyourvms/hardware-configuration.nix @@ -0,0 +1,37 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ + #(modulesPath + "/hardware/network/broadcom-43xx.nix") + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { + device = "/dev/disk/by-uuid/17bbb016-d27c-47da-8805-58c6395891e8"; + fsType = "ext4"; + }; + + boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/c100b9a7-99d7-44d9-b7c2-3892a5f233c4"; + + fileSystems."/boot/efi" = + { + device = "/dev/disk/by-uuid/06B8-5414"; + fsType = "vfat"; + }; + + swapDevices = + [{ device = "/dev/disk/by-uuid/02fa042f-7310-4be6-a615-524d5d7dc909"; }]; + + # high-resolution display + hardware.video.hidpi.enable = lib.mkDefault true; +} diff --git a/hosts/dumpyourvms/networking.nix b/hosts/dumpyourvms/networking.nix new file mode 100644 index 00000000..f1739d41 --- /dev/null +++ b/hosts/dumpyourvms/networking.nix @@ -0,0 +1,52 @@ +{ + hosts = { + "10.0.0.42" = [ "nomad.service.consul" ]; + "10.0.0.48" = [ "consul.service.consul" ]; + "10.0.0.49" = [ "vault.service.consul" ]; + }; + + wireguard.enable = true; + wg-quick.interfaces = { + wg0 = { + address = [ "5.0.0.6/32" ]; + privateKeyFile = "/etc/wireguard/wg0.privatekey"; + + peers = [ + { + publicKey = "l0DJLicCrcrixNP6zAWTXNSEaNM2jML253BXEZ1KpiU="; + allowedIPs = [ "5.0.0.16/32" "10.0.0.0/24" "10.88.88.0/24" ]; + endpoint = "85.88.23.16:51820"; + persistentKeepalive = 25; + } + ]; + }; + wg1 = { + address = [ "10.13.0.1/32" ]; + privateKeyFile = "/etc/wireguard/wg1.privatekey"; + mtu = 1412; + + peers = [ + { + publicKey = "XS3TTIMU7Jp3JJANBpE14RsVDJk6/VUvZgjQgQP8kAs="; + allowedIPs = [ "10.13.0.100/32" "192.168.188.0/24" ]; + endpoint = "[2a00:6020:409d:bb00:dea6:32ff:fe85:3306]:51820"; + persistentKeepalive = 25; + } + ]; + }; + wg2 = { + address = [ "10.6.6.4/32" ]; + privateKeyFile = "/etc/wireguard/wg2.privatekey"; + + peers = [ + { + publicKey = "nYMmaCIW8lZ7SokivN8HXxYDch+SS1G7ab1SC9meDAw="; + presharedKeyFile = "/etc/wireguard/wg2.presharedkey"; + allowedIPs = [ "10.6.6.1/32" "10.1.1.0/24" ]; + endpoint = "85.88.23.127:51820"; + persistentKeepalive = 16; + } + ]; + }; + }; +} diff --git a/hosts/dumpyourvms/secrets/keyfile.bin b/hosts/dumpyourvms/secrets/keyfile.bin new file mode 100644 index 0000000000000000000000000000000000000000..bead2555001b28b3b6430feaf265c452072eeb13 GIT binary patch literal 2070 zcmV+x2Hipi7dGN1WdCc2@0=aC%MRuaU*GtMRyw4Y3wLsYiJe^FA*(DIE z3eK2T(xNMmX>e^V0i8-8csC$@8L#Z*or|I?=!_B9HB4elTI7ghEuaD4w>5G;OC;cn z4puQ^o)B{eNByQ)j3OnT(S^|HQmMYs=NJtZV8g8zf5;HX!LC+>pfi z8vs?~BkZP^%Bg`iOtCL!$$Ew*XWN<`$l_MF*K7=a08P=!=9i5W402c*H)u*61AJRh zc{7txW8i$4z;0J_p}s{z<>1sCaPoE5F~J1^tdu3~eoh16*X4mrjrc43TdK0xAhK){ zX(}E8tD@wY+sc&;bv${-pqtu82`y%uzd@U;rPE@F&ts~?OOT;j8-&4F3%4-0?v0!nrAB?ybo{41 z-n36+RoMB*#&ci|EjzN{UTUqD6AeipCs%GTNpao)*8QzKK(1*bY zv5uDv(u7;gBR{FCX7nl>5EXF7#9}l%?(B}8E%4kjd#5?L==oS@6;!XlHJ3m+aDegY z%e#R;3uGX%U~^g?DK-YArkNAg&N~KK0ES)3J;8j%d@Q^aRb!(9De9X0Z6}5jSC0gc zBbsuAv@`iE0OchpNY+HSh|#~+r2e(Y;7Nec-rh>hVv&U9N-j)_W&;S6RETXeScJ?g z)p;m7YC9+^=S1ZEv=m_%L6(DI|B27pg@dYb|Ifn(Vy-jL9GNhZgy0j^)$dtu^-5rL zKvedB%7q48E94Rf6Uaa-Bk+$3&M0;)5!QI}Oi?xIHUr|xI#^o46o&$_11Hkuqc#V{7QgkQV$T3DJ$Uq;JMO)j3g-v{t zl3;6S^PJ;3T0XWV{FA;0ZuCqo350IvyaR+Mh1h$r({(AcUU z7jc4j)qy!gXv-BLgiXlYg_DZ8MAGEUQy>FgTrB$z%o3r#mM(|6KguFp9J`h(lqJ=V z%lo)DUjn9Wx`jr>xpy#MHWs7w>m=EVH~(Rrbun6mq!U0gWREx7R`YvE;C;62uK6VN z&FU8J9yrE+l#oJ4R`aVx&h)v%5A}HKVhxRECkaDmXfv$Jnl#Mh+}$^;rr(`wh9)*@ z(EnU-b7O|YbZF0KImC_ZkL;#3>=SOG$MQ@Ppd90u|65OdnDa1En{O!RtcX7CGvvor zamoH0BS0N9oM;9HMz0c>XkQ}bQUKx(N{+`ta9^3G1_;#=#F#wFpbw=KPfV0?_n~zY6;9>>=`w=lC!Y z3TyF$ubFzJI)?;C+iQGRVrTCsy*&TWWzn+VFWn99Ru6xNEy9tENk_nPEDf=~Xl!}D zT8J>K8tcj$tP5q1_{ImX+lpyxA{dQ$Ts(0Gwi2*nBV~=Rl|(&vppO#P9rTU`zW*hQ zO|c+VtoL4qUwqkkg(! z@#bh%zb8BuiwK3?ltWVxFMxZFVdHfDHGW3;X+7_n#&x~UCc4KAX8Qv*$OBFa4L7Pd z(_G^tNY-F!KksK5z{wGw{wj)!6Q0jDwW8xisp`J0V#lxB(%s&Jf?3+Ix8VAtwR-~FA+5g`>pGqb} z2*YThsLg&d*o}oV-t0>6y=^a?kAHG6$~Bze-x^-kAwmY6s832S_t}y|YT%k%>71Je zd_tB22OMTFJAXq$zv&{uksYe&!+057<&$-|0eOnFO$ilYIS><;pzsFpljTjebfD3W zCe-B?b4;UbO8oEk3}x?>c+)83s-fs68|yy>VkdzYjs?@$u66;E@K~O?U|47-6KqZX AmH+?% literal 0 HcmV?d00001 diff --git a/hosts/dumpyourvms/unbound.nix b/hosts/dumpyourvms/unbound.nix new file mode 100644 index 00000000..6006efe0 --- /dev/null +++ b/hosts/dumpyourvms/unbound.nix @@ -0,0 +1,54 @@ +{ + enable = true; + localControlSocketPath = "/run/unbound/unbound.ctl"; + settings = { + server = { + cache-max-ttl = 14400; + cache-min-ttl = 1200; + aggressive-nsec = true; + prefetch = false; + rrset-roundrobin = true; + use-caps-for-id = true; + do-ip6 = false; + hide-identity = true; + hide-version = true; + do-not-query-localhost = false; + tls-cert-bundle = "/etc/ssl/certs/ca-certificates.crt"; + }; + + # fritz.box stub zone + stub-zone = { + name = "fritz.box"; + stub-addr = "192.168.178.1"; + }; + + # DNS over DLS forwarding + forward-zone = { + name = "."; + forward-tls-upstream = true; + + forward-addr = [ + "5.1.66.255@853#dot.ffmuc.net" + "185.150.99.255@853#dot.ffmuc.net" + "145.100.185.18@853#dnsovertls3.sinodun.com" + "89.233.43.71@853#unicast.censurfridns.dk" + "94.130.110.185@853#ns1.dnsprivacy.at" + + "2001:678:e68:f000::@853#dot.ffmuc.net" + "2001:678:ed0:f000::@853#dot.ffmuc.net" + "2001:610:1:40ba:145:100:185:18@853#dnsovertls3.sinodun.com" + "2a01:3a0:53:53::0@853#unicast.censurfridns.dk" + "2a01:4f8:c0c:3c03::2@853#ns1.dnsprivacy.at" + "2a01:4f8:c0c:3bfc::2@853#ns2.dnsprivacy.at" + + "2001:610:1:40ba:145:100:185:15@853#dnsovertls.sinodun.com" + "2001:610:1:40ba:145:100:185:16@853#dnsovertls1.sinodun.com" + "2a04:b900:0:100::38@853#getdnsapi.net" + + "145.100.185.15@853#dnsovertls.sinodun.com" + "145.100.185.16@853#dnsovertls1.sinodun.com" + "185.49.141.37@853#getdnsapi.net" + ]; + }; + }; +} diff --git a/hosts/ryzensun/.config/sway/config.d/autostart.conf b/hosts/ryzensun/.config/sway/config.d/autostart.conf new file mode 100644 index 00000000..626f2809 --- /dev/null +++ b/hosts/ryzensun/.config/sway/config.d/autostart.conf @@ -0,0 +1,6 @@ +# Autostart applications +# +# Example: +# exec swayidle + +exec qMasterPassword diff --git a/hosts/ryzensun/.config/sway/config.d/input-defaults.conf b/hosts/ryzensun/.config/sway/config.d/input-defaults.conf new file mode 100644 index 00000000..b37a429e --- /dev/null +++ b/hosts/ryzensun/.config/sway/config.d/input-defaults.conf @@ -0,0 +1,30 @@ +### Input configuration +# +# You can get the names of your inputs by running: swaymsg -t get_inputs +# Read `man 5 sway-input` for more information about this section. + +input * { + xkb_layout us,de + xkb_options ctrl:nocaps + natural_scroll disabled +} + +# Touchpad controls +#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad + +# Screen brightness controls +bindsym XF86MonBrightnessUp exec "brightnessctl -d intel_backlight set +10%; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {print $4}')" +bindsym XF86MonBrightnessDown exec "brightnessctl -d intel_backlight set 10%-; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ { print $4}')" + +# Keyboard backlight brightness controls +bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')" +bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')" + +# Pulse Audio controls +bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume +bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume +bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound +# Media player controls +bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'" +bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'" +bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'" diff --git a/hosts/ryzensun/.config/sway/config.d/screens.conf b/hosts/ryzensun/.config/sway/config.d/screens.conf new file mode 100644 index 00000000..37c47d1f --- /dev/null +++ b/hosts/ryzensun/.config/sway/config.d/screens.conf @@ -0,0 +1,33 @@ +### Output configuration +# +# Example configuration: +# +# output HDMI-A-1 resolution 1920x1080 position 1920,0 +# +# You can get the names of your outputs by running: swaymsg -t get_outputs + +set $main_screen HDMI-A-1 + +output $main_screen scale 2 + +#bindswitch lid:on output $main_screen disable +#bindswitch lid:off output $main_screen enable +bindsym $mod+Shift+x output $main_screen toggle + +# TODO when using more monitors +## Manual management of external displays +# Set the shortcuts and what they do +#set $mode_display HDMI (i) top, (j) left, (k) bottom, (l) right, (o) off +#mode "$mode_display" { +# bindsym i output HDMI-A-1 enable; output HDMI-A-1 pos 0 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 1080, mode "default" +# bindsym j output HDMI-A-1 enable; output HDMI-A-1 pos 0 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 1920 0, mode "default" +# bindsym k output HDMI-A-1 enable; output HDMI-A-1 pos 0 900 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 0, mode "default" +# bindsym l output HDMI-A-1 enable; output HDMI-A-1 pos 1440 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 0, mode "default" +# bindsym o output HDMI-A-1 disable, mode "default" +# +# # back to normal: Enter or Escape +# bindsym Return mode "default" +# bindsym Escape mode "default" +#} +## Declare here the shortcut to bring the display selection menu +#bindsym $mod+x mode "$mode_display" diff --git a/hosts/ryzensun/.gitattributes b/hosts/ryzensun/.gitattributes new file mode 100644 index 00000000..5a37d556 --- /dev/null +++ b/hosts/ryzensun/.gitattributes @@ -0,0 +1 @@ +secrets/** filter=git-crypt-18DAE600A6BBE705 diff=git-crypt-18DAE600A6BBE705 diff --git a/hosts/ryzensun/default.nix b/hosts/ryzensun/default.nix new file mode 100644 index 00000000..56fe0a2f --- /dev/null +++ b/hosts/ryzensun/default.nix @@ -0,0 +1,17 @@ +{ config, pkgs, lib, ... }: +with lib; +let + psCfg = config.pub-solar; + xdg = config.home-manager.users."${psCfg.user.name}".xdg; +in +{ + imports = [ + ./virtualisation + ]; + + config.home-manager.users."${psCfg.user.name}".xdg.configFile = mkIf psCfg.sway.enable { + "sway/config.d/autostart.conf".source = ./.config/sway/config.d/autostart.conf; + "sway/config.d/input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf; + "sway/config.d/screens.conf".source = ./.config/sway/config.d/screens.conf; + }; +} diff --git a/hosts/ryzensun/virtualisation/create-service.nix b/hosts/ryzensun/virtualisation/create-service.nix new file mode 100644 index 00000000..df7453f1 --- /dev/null +++ b/hosts/ryzensun/virtualisation/create-service.nix @@ -0,0 +1,77 @@ +{ config, pkgs, lib, vm, ... }: +let + psCfg = config.pub-solar; + xdg = config.home-manager.users."${psCfg.user.name}".xdg; + varsFile = "${xdg.dataHome}/libvirt/OVMF_VARS_${vm.name}.fd"; + generateXML = import ./generate-xml.nix; +in +{ + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = "yes"; + Restart = "no"; + }; + + script = + let + networkXML = pkgs.writeText "network.xml" (import ./network-xml.nix { inherit config; inherit pkgs; inherit lib; }); + machineXML = pkgs.writeText "${vm.name}.xml" (generateXML { inherit config; inherit pkgs; inherit lib; inherit vm; varsFile = varsFile; }); + in + '' + echo "Checking if ${vm.name} is already running" + if [[ $(${pkgs.libvirt}/bin/virsh list --all | grep "${vm.name}" | ${pkgs.gawk}/bin/awk '{ print $3 " " $4 }' ) != 'shut off' ]]; then + echo "Domain ${vm.name} is already running or in an inconsistent state:" + ${pkgs.libvirt}/bin/virsh list --all + exit 0 + fi + + NET_TMP_FILE="/tmp/network.xml" + + NETUUID="$(${pkgs.libvirt}/bin/virsh net-uuid 'default' || true)" + (sed "s/UUID/$NETUUID/" '${networkXML}') > $NET_TMP_FILE + + ${pkgs.libvirt}/bin/virsh net-define $NET_TMP_FILE + ${pkgs.libvirt}/bin/virsh net-start 'default' || true + + VARS_FILE=${varsFile} + if [ ! -f "$VARS_FILE" ]; then + cp /run/libvirt/nix-ovmf/OVMF_VARS.fd $VARS_FILE + fi + + TMP_FILE="/tmp/${vm.name}.xml" + + UUID="$(${pkgs.libvirt}/bin/virsh domuuid '${vm.name}' || true)" + (sed "s/UUID/$UUID/" '${machineXML}') > $TMP_FILE + + USB_DEV=$(${pkgs.usbutils}/bin/lsusb | grep 046d:c52b | grep 'Bus 001' | cut -b 18) + LINE_NUMBER=$(cat $TMP_FILE | grep -n -A 1 0xc52b | tail -n 1 | cut -b 1,2,3) + sed -i "''${LINE_NUMBER}s/\(.\{33\}\)./\1''${USB_DEV}/" $TMP_FILE + + USB_BUS=$(${pkgs.usbutils}/bin/lsusb | grep 046d:c328 | cut -b 7) + USB_DEV=$(${pkgs.usbutils}/bin/lsusb | grep 046d:c328 | cut -b 18) + LINE_NUMBER=$(cat $TMP_FILE | grep -n -A 1 0xc328 | tail -n 1 | cut -b 1,2,3) + sed -i "''${LINE_NUMBER}s/.*/
/" $TMP_FILE + + # TODO: Set correct pci address too + + ${pkgs.libvirt}/bin/virsh define $TMP_FILE + ${pkgs.libvirt}/bin/virsh start '${vm.name}' + ''; + + preStop = + '' + ${pkgs.libvirt}/bin/virsh shutdown '${vm.name}' + let "timeout = $(date +%s) + 10" + while [ "$(${pkgs.libvirt}/bin/virsh list --name | grep --count '^${vm.name}$')" -gt 0 ]; do + if [ "$(date +%s)" -ge "$timeout" ]; then + # Meh, we warned it... + ${pkgs.libvirt}/bin/virsh destroy '${vm.name}' + else + # The machine is still running, let's give it some time to shut down + sleep 0.5 + fi + done + + ${pkgs.libvirt}/bin/virsh net-destroy 'default' || true + ''; +} diff --git a/hosts/ryzensun/virtualisation/default.nix b/hosts/ryzensun/virtualisation/default.nix new file mode 100644 index 00000000..e44fdb08 --- /dev/null +++ b/hosts/ryzensun/virtualisation/default.nix @@ -0,0 +1,43 @@ +{ config, pkgs, lib, ... }: +with lib; +let + psCfg = config.pub-solar; + xdg = config.home-manager.users."${psCfg.user.name}".xdg; + createService = import ./create-service.nix; +in +{ + options.pub-solar.virtualisation.rx5700xt = mkEnableOption "Use the bigger GPU for guests"; + + config = mkIf psCfg.virtualisation.enable { + boot.extraModprobeConfig = "softdep amdgpu pre: vfio vfio_pci" + (if psCfg.virtualisation.rx5700xt + then "\noptions vfio-pci ids=1002:731f,1002:ab38" + else "\noptions vfio-pci ids=1002:699f,1002:aae0"); + + systemd.user.services = { + vm-windows = createService { + inherit config; + inherit pkgs; + inherit lib; + vm = { + name = "windows"; + disk = "/dev/disk/by-id/ata-SanDisk_SDSSDA240G_162402455603"; + id = "http://microsoft.com/win/10"; + gpu = true; + mountHome = false; + }; + }; + vm-manjaro = createService { + inherit config; + inherit pkgs; + inherit lib; + vm = { + name = "manjaro"; + disk = "/dev/disk/by-id/ata-KINGSTON_SM2280S3G2240G_50026B726B0265CE"; + id = "https://manjaro.org/download/#i3"; + gpu = true; + mountHome = true; + }; + }; + }; + }; +} diff --git a/hosts/ryzensun/virtualisation/generate-xml.nix b/hosts/ryzensun/virtualisation/generate-xml.nix new file mode 100644 index 00000000..6ec49bc5 --- /dev/null +++ b/hosts/ryzensun/virtualisation/generate-xml.nix @@ -0,0 +1,246 @@ +{ config, pkgs, lib, vm, varsFile, ... }: +let + psCfg = config.pub-solar; + xdg = config.home-manager.users."${psCfg.user.name}".xdg; + home = config.home-manager.users."${psCfg.user.name}".home; +in +'' + + ${vm.name} + UUID + + + + + + 33554432 + 33554432 + 12 + + + + + + + + + + + + + + + + /machine + + + hvm + /run/libvirt/nix-ovmf/OVMF_CODE.fd + ${varsFile} + + + + + + + + + + + + + + + + + + EPYC-IBPB + AMD + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + destroy + restart + destroy + + + + + + ${pkgs.qemu}/bin/qemu-system-x86_64 + + + + + +
+ + +
+ + +
+ + + + + +
+ + + + +
+ + + + +
+ + + + +
+ + + + +
+ + + + +
+ + + + +
+ + + +
+ + + + +
+ + +
+ + ${if vm.mountHome then '' + + + +
+ + '' else ""} + + + + +
+ + + + + + + + + + +
+ + + + + + + +