teutat3s/os
2
0
Fork 0
forked from pub-solar/os
Code Pull requests Activity

Initial teutat3s commit

Browse source
This commit is contained in:
teutat3s 2021-06-06 15:22:44 +02:00
parent ddcf369f41
commit 6c40b31e79
Signed by: teutat3s
GPG key ID: 4FA1D3FA524F22C1
39 changed files with 1352 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

211
flake.lock
View file

@ -15,11 +15,11 @@
"pre-commit-hooks-nix": "pre-commit-hooks-nix" "pre-commit-hooks-nix": "pre-commit-hooks-nix"
}, },
"locked": { "locked": {
"lastModified": 1619088868, "lastModified": 1620750556,
"narHash": "sha256-l9db+HpNIkY41MonGE8z4pbkjBa5BdzJTG5AxV7V7Lw=", "narHash": "sha256-J+z8oduu9u1FZ8spSowrgyAmtnBUIUDImqfQCZ58heo=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "hercules-ci-agent", "repo": "hercules-ci-agent",
"rev": "08f953a263518a3af0ca28cd887020ff3465bdf5", "rev": "f62ce85aed4c4a7fca9e5da2b00340bbcdc92f88",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -35,11 +35,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1613595894, "lastModified": 1622060422,
"narHash": "sha256-MOk/7rCAUB5Lf4GL+HimvyAAZXYEw8gWsq5nW4PPQQA=", "narHash": "sha256-hPVlvrAyf6zL7tTx0lpK+tMxEfZeMiIZ/A2xaJ41WOY=",
"owner": "LnL7", "owner": "LnL7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "5c3146b75d5d478f0693d0ea6c83f1da8382ff56", "rev": "007d700e644ac588ad6668e6439950a5b6e2ff64",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -93,11 +93,11 @@
"utils": "utils_2" "utils": "utils_2"
}, },
"locked": { "locked": {
"lastModified": 1621354376, "lastModified": 1622484894,
"narHash": "sha256-b597Jj8B1Nq4NX/Gl/+bYGKqJxpSfUtr1Nmp9m1DND8=", "narHash": "sha256-n3Vn4H1muqDcoMtXS59c0ZZthSJ11gFAodfo1LSQvj8=",
"owner": "divnix", "owner": "divnix",
"repo": "digga", "repo": "digga",
"rev": "5ef9b8cabbc10c9b4fe5534107224c7241c63b3d", "rev": "0cbc8bd4defee8fddc0c582556267bd2c1c02704",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -138,6 +138,22 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1606424373,
"narHash": "sha256-oq8d4//CJOrVj+EcOaSXvMebvuTkmBJuT5tzlfewUnQ=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "99f1c2157fba4bfe6211a321fd0ee43199025dbf",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"locked": { "locked": {
"lastModified": 1620759905, "lastModified": 1620759905,
@ -153,6 +169,36 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils_2": {
"locked": {
"lastModified": 1610051610,
"narHash": "sha256-U9rPz/usA1/Aohhk7Cmc2gBrEEKRzcW4nwPWMPwja4Y=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "3982c9903e93927c2164caa727cd3f6a0e6d14cc",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"locked": {
"lastModified": 1619345332,
"narHash": "sha256-qHnQkEp1uklKTpx3MvKtY6xzgcqXDsz5nLilbbuL+3A=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "2ebf2558e5bf978c7fb8ea927dfaed8fefab2e28",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"home": { "home": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -160,11 +206,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1616724076, "lastModified": 1622938142,
"narHash": "sha256-SwbPXLjN2sLy4NL/GhodiJrdkIVZwGGTGiCN3JxH1cU=", "narHash": "sha256-eNA2HPZI/iO4MCi/FCs+nRuFbpuMplM93Aj6YA2XCyY=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "fedfd430f96695997b3eaf8d7e82ca79406afa23", "rev": "7591c8041d290d4bb99679e9fed2d8061a8f0435",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -175,11 +221,11 @@
}, },
"latest": { "latest": {
"locked": { "locked": {
"lastModified": 1619400530, "lastModified": 1622984109,
"narHash": "sha256-7ZO7B+b9i1wFbHw62EFT+iwuBBpXeA/fcHlR63Z4J0w=", "narHash": "sha256-geVjAIToERcsjmHQo2tdD0UaLNk+k68nI5XCRmE3tHM=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e8dc8adab655eb27957859c62bef11484b53f639", "rev": "690496c4e545e68482b5c162a03f0a4f97d35373",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -215,11 +261,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1614785451, "lastModified": 1622810282,
"narHash": "sha256-TPw8kQvr2UNCuvndtY+EjyXp6Q5GEW2l9UafXXh1XmI=", "narHash": "sha256-4wmvM3/xfD0hCdNDIXVzRMfL4yB1J+DjH6Zte2xbAxk=",
"owner": "nmattia", "owner": "nmattia",
"repo": "naersk", "repo": "naersk",
"rev": "e0fe990b478a66178a58c69cf53daec0478ca6f9", "rev": "e8061169e1495871b56be97c5c51d310fae01374",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -228,6 +274,68 @@
"type": "github" "type": "github"
} }
}, },
"neovim-flake": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"dir": "contrib",
"lastModified": 1622951124,
"narHash": "sha256-UbAiCtoQ1T+Uv3p6Nf3ORd4BS/3g8biQyLi3uO9pBXI=",
"owner": "neovim",
"repo": "neovim",
"rev": "b3e3ab0567a1a3c2f97de943ef9d7b24c0008979",
"type": "github"
},
"original": {
"dir": "contrib",
"owner": "neovim",
"repo": "neovim",
"type": "github"
}
},
"neovim-nightly": {
"inputs": {
"flake-compat": "flake-compat_3",
"neovim-flake": "neovim-flake",
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1622968938,
"narHash": "sha256-ms8m1Iyy4eDMUzyQVNwvxlfUxiXIi2994IstzdM66pE=",
"owner": "nix-community",
"repo": "neovim-nightly-overlay",
"rev": "c67067465cbfec02720e0b1308d6fe565bc22e1b",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "neovim-nightly-overlay",
"type": "github"
}
},
"nix-dram": {
"inputs": {
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1620663773,
"narHash": "sha256-Nfc2g9xUCPYBFKE5O7OdrDpCVspwk64S8EbsDYoY38c=",
"owner": "dramforever",
"repo": "nix-dram",
"rev": "86485e22621b17bcc4472889eedbd562498bb5a2",
"type": "github"
},
"original": {
"owner": "dramforever",
"repo": "nix-dram",
"type": "github"
}
},
"nixlib": { "nixlib": {
"locked": { "locked": {
"lastModified": 1620519687, "lastModified": 1620519687,
@ -245,11 +353,11 @@
}, },
"nixos": { "nixos": {
"locked": { "locked": {
"lastModified": 1615797423, "lastModified": 1622797669,
"narHash": "sha256-5NGDZXPQzuoxf/42NiyC9YwwhwzfMfIRrz3aT0XHzSc=", "narHash": "sha256-xIyWeoYExzF0KNaKcqfxEX58fN4JTIQxTJWbsAujllc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "266dc8c3d052f549826ba246d06787a219533b8f", "rev": "1ca6b0a0cc38dbba0441202535c92841dd39d1ae",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -260,11 +368,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1615652054, "lastModified": 1622521809,
"narHash": "sha256-jqXKU8Ovpi7MmPRqGf2FB3QOPcZtGwO2MFc0AYiOPjg=", "narHash": "sha256-7XcqrtrHDeaasKzg/ruroLsC2fb6Fi3aenCrv1+xVLk=",
"owner": "nixos", "owner": "nixos",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "31f61b90ddb9257b94888ee17ccf96236e180c76", "rev": "b2186d6c3cdc58fb3a8def0f608bcae61138cc6f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -304,13 +412,59 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_3": {
"locked": {
"lastModified": 1622797669,
"narHash": "sha256-xIyWeoYExzF0KNaKcqfxEX58fN4JTIQxTJWbsAujllc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1ca6b0a0cc38dbba0441202535c92841dd39d1ae",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1620340338,
"narHash": "sha256-Op/4K0+Z9Sp5jtFH0s/zMM4H7VFZxrekcAmjQ6JpQ4w=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "63586475587d7e0e078291ad4b49b6f6a6885100",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1622984109,
"narHash": "sha256-geVjAIToERcsjmHQo2tdD0UaLNk+k68nI5XCRmE3tHM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "690496c4e545e68482b5c162a03f0a4f97d35373",
"type": "github"
},
"original": {
"id": "nixpkgs",
"type": "indirect"
}
},
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1615921934, "lastModified": 1622977420,
"narHash": "sha256-nURGM869KKA1+c1SHHsXKYcPXhHIuxWBjNXjJ90OzRQ=", "narHash": "sha256-7ftFD75ACb7R9YFwcLxOMhYYYuFyW8Yyqccq0DCIvek=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "faf862e8cf009edfa38ecc61188f7a6ace293552", "rev": "3c7f52ed2f37964fe83a4b2ba0bc9db1f1cde5af",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -358,8 +512,11 @@
"home": "home", "home": "home",
"latest": "latest", "latest": "latest",
"naersk": "naersk_2", "naersk": "naersk_2",
"neovim-nightly": "neovim-nightly",
"nix-dram": "nix-dram",
"nixos": "nixos", "nixos": "nixos",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_5",
"nur": "nur", "nur": "nur",
"pkgs": "pkgs" "pkgs": "pkgs"
} }

2
flake.nix
View file

@ -84,6 +84,8 @@
base = [ core users.nixos users.root ]; base = [ core users.nixos users.root ];
pubsolaros = [ core base-user users.root ]; pubsolaros = [ core base-user users.root ];
anonymous = [ pubsolaros users.nixos ]; anonymous = [ pubsolaros users.nixos ];
teutat3s = [ base users.teutat3s ];
dumpyourvms = [ teutat3s graphical ];
}; };
}; };

14
hosts/con/.config/sway/config.d/applications.conf Normal file
View file

@ -0,0 +1,14 @@
assign [app_id="firefox"] $ws2
# seahorse
for_window [title="seahorse"] floating enabled
# NetworkManager
for_window [title="Network Connections"] floating enabled
# thunderbird
for_window [title="New Task:*"] floating enabled
for_window [title="Edit Task:*"] floating enabled
for_window [title="New Event:*"] floating enabled
for_window [title="Edit Event:*"] floating enabled

6
hosts/con/.config/sway/config.d/autostart.conf Normal file
View file

@ -0,0 +1,6 @@
# Autostart applications
#
# Example:
# exec swayidle
#exec qMasterPassword

5
hosts/con/.config/sway/config.d/custom-keybindings.conf Normal file
View file

@ -0,0 +1,5 @@
# switch keyboard input language
bindsym $mod+tab exec swaymsg input "1:1:AT_Translated_Set_2_keyboard" xkb_switch_layout next
bindsym $mod+Shift+F2 exec chromium --enable-features=UseOzonePlatform --ozone-platform=wayland

35
hosts/con/.config/sway/config.d/input-defaults.conf Normal file
View file

@ -0,0 +1,35 @@
### Input configuration
#
# You can get the names of your inputs by running: swaymsg -t get_inputs
# Read `man 5 sway-input` for more information about this section.
input "type:keyboard" {
xkb_layout us,de
xkb_model pc105
xkb_options altwin:swap_alt_win
}
input "type:touchpad" {
tap enabled
natural_scroll enabled
}
# Touchpad controls
#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad
# Screen brightness controls
bindsym XF86MonBrightnessUp exec "brightnessctl -d intel_backlight set +10%; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {print $4}')"
bindsym XF86MonBrightnessDown exec "brightnessctl -d intel_backlight set 10%-; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ { print $4}')"
# Keyboard backlight brightness controls
bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
# Pulse Audio controls
bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume
bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume
bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound
# Media player controls
bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"

41
hosts/con/.config/sway/config.d/screens.conf Normal file
View file

@ -0,0 +1,41 @@
### Output configuration
#
# Example configuration:
#
# output HDMI-A-1 resolution 1920x1080 position 1920,0
#
# You can get the names of your outputs by running: swaymsg -t get_outputs
set $main_screen eDP-1
set $displayport DP-1
set $hmdi HDMI-A-1
output $main_screen
output $displayport scale 2
output $hdmi scale 1
output $main_screen pos 0 0
output $displayport pos 0 -1200
output $hdmi pos 1920 0
#bindswitch lid:on output $main_screen disable
#bindswitch lid:off output $main_screen enable
bindsym $mod+Shift+x output $main_screen toggle
# TODO when using more monitors
## Manual management of external displays
# Set the shortcuts and what they do
#set $mode_display HDMI (i) top, (j) left, (k) bottom, (l) right, (o) off
#mode "$mode_display" {
# bindsym i output HDMI-A-1 enable; output HDMI-A-1 pos 0 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 1080, mode "default"
# bindsym j output HDMI-A-1 enable; output HDMI-A-1 pos 0 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 1920 0, mode "default"
# bindsym k output HDMI-A-1 enable; output HDMI-A-1 pos 0 900 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 0, mode "default"
# bindsym l output HDMI-A-1 enable; output HDMI-A-1 pos 1440 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 0, mode "default"
# bindsym o output HDMI-A-1 disable, mode "default"
#
# # back to normal: Enter or Escape
# bindsym Return mode "default"
# bindsym Escape mode "default"
#}
## Declare here the shortcut to bring the display selection menu
#bindsym $mod+x mode "$mode_display"

1
hosts/con/.gitattributes vendored Normal file
View file

@ -0,0 +1 @@
secrets/** filter=git-crypt-18DAE600A6BBE705 diff=git-crypt-18DAE600A6BBE705

26
hosts/con/default.nix Normal file
View file

@ -0,0 +1,26 @@
{ config, pkgs, lib, ... }:
with lib;
let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in
{
config = {
home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
home.sessionVariables = {
DOCKER_BUILDKIT = "1";
};
# Custom device sway configs
xdg.configFile = mkIf psCfg.sway.enable {
"sway/config.d/10-applications.conf".source = ./.config/sway/config.d/applications.conf;
"sway/config.d/autostart.conf".source = ./.config/sway/config.d/autostart.conf;
"sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
"sway/config.d/input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
"sway/config.d/screens.conf".source = ./.config/sway/config.d/screens.conf;
};
};
networking.hosts = {
"127.0.0.1" = [ "virtrex.test" "expo.test" "proxy.test" ];
};
};
}

BIN
hosts/con/secrets/keyfile.bin Normal file
View file

Binary file not shown.

6
hosts/dumpyourvms.nix Normal file
View file

@ -0,0 +1,6 @@
{ suites, ... }:
{
imports = [
./dumpyourvms
] ++ suites.dumpyourvms;
}

14
hosts/dumpyourvms/.config/sway/config.d/applications.conf Normal file
View file

@ -0,0 +1,14 @@
assign [app_id="firefox"] $ws2
# seahorse
for_window [title="seahorse"] floating enabled
# NetworkManager
for_window [title="Network Connections"] floating enabled
# thunderbird
for_window [title="New Task:*"] floating enabled
for_window [title="Edit Task:*"] floating enabled
for_window [title="New Event:*"] floating enabled
for_window [title="Edit Event:*"] floating enabled

6
hosts/dumpyourvms/.config/sway/config.d/autostart.conf Normal file
View file

@ -0,0 +1,6 @@
# Autostart applications
#
# Example:
# exec swayidle
#exec qMasterPassword

3
hosts/dumpyourvms/.config/sway/config.d/custom-keybindings.conf Normal file
View file

@ -0,0 +1,3 @@
# switch keyboard input language
bindsym $mod+tab exec swaymsg input "1452:628:Apple_Inc._Apple_Internal_Keyboard_/_Trackpad" xkb_switch_layout next

34
hosts/dumpyourvms/.config/sway/config.d/input-defaults.conf Normal file
View file

@ -0,0 +1,34 @@
### Input configuration
#
# You can get the names of your inputs by running: swaymsg -t get_inputs
# Read `man 5 sway-input` for more information about this section.
input "type:keyboard" {
xkb_layout us,de
xkb_model pc105
}
input "type:touchpad" {
tap enabled
natural_scroll enabled
}
# Touchpad controls
#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad
# Screen brightness controls
bindsym XF86MonBrightnessUp exec "brightnessctl -d gmux_backlight set +10%; notify-send $(brightnessctl -d gmux_backlight i | awk '/Current/ {print $4}')"
bindsym XF86MonBrightnessDown exec "brightnessctl -d gmux_backlight set 10%-; notify-send $(brightnessctl -d gmux_backlight i | awk '/Current/ { print $4}')"
# Keyboard backlight brightness controls
bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
# Pulse Audio controls
bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume
bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume
bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound
# Media player controls
bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"

41
hosts/dumpyourvms/.config/sway/config.d/screens.conf Normal file
View file

@ -0,0 +1,41 @@
### Output configuration
#
# Example configuration:
#
# output HDMI-A-1 resolution 1920x1080 position 1920,0
#
# You can get the names of your outputs by running: swaymsg -t get_outputs
set $main_screen eDP-1
set $displayport DP-1
set $hmdi HDMI-A-1
output $main_screen scale 2
output $displayport scale 2
output $hdmi scale 1
output $main_screen pos 0 0
output $displayport pos 0 -1080
output $hdmi pos 1440 0
#bindswitch lid:on output $main_screen disable
#bindswitch lid:off output $main_screen enable
bindsym $mod+Shift+x output $main_screen toggle
# TODO when using more monitors
## Manual management of external displays
# Set the shortcuts and what they do
#set $mode_display HDMI (i) top, (j) left, (k) bottom, (l) right, (o) off
#mode "$mode_display" {
# bindsym i output HDMI-A-1 enable; output HDMI-A-1 pos 0 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 1080, mode "default"
# bindsym j output HDMI-A-1 enable; output HDMI-A-1 pos 0 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 1920 0, mode "default"
# bindsym k output HDMI-A-1 enable; output HDMI-A-1 pos 0 900 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 0, mode "default"
# bindsym l output HDMI-A-1 enable; output HDMI-A-1 pos 1440 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 0, mode "default"
# bindsym o output HDMI-A-1 disable, mode "default"
#
# # back to normal: Enter or Escape
# bindsym Return mode "default"
# bindsym Escape mode "default"
#}
## Declare here the shortcut to bring the display selection menu
#bindsym $mod+x mode "$mode_display"

1
hosts/dumpyourvms/.gitattributes vendored Normal file
View file

@ -0,0 +1 @@
secrets/** filter=git-crypt-18DAE600A6BBE705 diff=git-crypt-18DAE600A6BBE705

21
hosts/dumpyourvms/consul-agent-ca.pem Normal file
View file

@ -0,0 +1,21 @@
-----BEGIN CERTIFICATE-----
MIIDbzCCAxSgAwIBAgIRAMK20/fFF0YVThq8xm/YvBswCgYIKoZIzj0EAwIwgbkx
CzAJBgNVBAYTAlVTMQswCQYDVQQIEwJDQTEWMBQGA1UEBxMNU2FuIEZyYW5jaXNj
bzEaMBgGA1UECRMRMTAxIFNlY29uZCBTdHJlZXQxDjAMBgNVBBETBTk0MTA1MRcw
FQYDVQQKEw5IYXNoaUNvcnAgSW5jLjFAMD4GA1UEAxM3Q29uc3VsIEFnZW50IENB
IDI1ODgxOTUyODQyOTMwNjIxMjY4NDgwMTUxODE3OTM2NjUxNzc4NzAeFw0xOTEx
MDYwMDI3MzVaFw0yNDExMDQwMDI3MzVaMIG5MQswCQYDVQQGEwJVUzELMAkGA1UE
CBMCQ0ExFjAUBgNVBAcTDVNhbiBGcmFuY2lzY28xGjAYBgNVBAkTETEwMSBTZWNv
bmQgU3RyZWV0MQ4wDAYDVQQREwU5NDEwNTEXMBUGA1UEChMOSGFzaGlDb3JwIElu
Yy4xQDA+BgNVBAMTN0NvbnN1bCBBZ2VudCBDQSAyNTg4MTk1Mjg0MjkzMDYyMTI2
ODQ4MDE1MTgxNzkzNjY1MTc3ODcwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAAQE
SZ2kc9rKUNX3czze+rFR/bZdLx3JEYrpcSXKkpv1wr68E1Jqhi/8Dm8b62Ei/Bc6
ZhoJvtB2Shtl+6LbjccUo4H6MIH3MA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8E
BTADAQH/MGgGA1UdDgRhBF9hZjo4MzoyZTpiOToyZTozMzo5MDplOTpkMjpiNzpj
NjpjYzpkYToxODoyYTphNzpjMzo5ZTozMTpmNTpkZTo4Mzo4YzozMDo0Mjo3OTo4
ZDo0ZDpmZDozMjo2NzpiYjBqBgNVHSMEYzBhgF9hZjo4MzoyZTpiOToyZTozMzo5
MDplOTpkMjpiNzpjNjpjYzpkYToxODoyYTphNzpjMzo5ZTozMTpmNTpkZTo4Mzo4
YzozMDo0Mjo3OTo4ZDo0ZDpmZDozMjo2NzpiYjAKBggqhkjOPQQDAgNJADBGAiEA
zKCV25P6HqFEa1iUVQnsNAp/WHUwxNlR0OctZSdiuIkCIQDiRK03ZYSK/hmY9kXV
42nj6kO8MexfiYN4IE4URmzYnA==
-----END CERTIFICATE-----

75
hosts/dumpyourvms/default.nix Normal file
View file

@ -0,0 +1,75 @@
{ config, pkgs, lib, ... }:
with lib;
let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in
{
imports = [
./hardware-configuration.nix
];
config = {
pub-solar.x-os.keyfile = "/home/teutat3s/flk/hosts/dumpyourvms/secrets/keyfile.bin";
# fix backlight for keyboard and brightness, adjust function key binding
boot.kernelParams = [ "acpi_backlight=video" "hid_apple.fnmode=2" ];
boot.loader.efi.canTouchEfiVariables = true;
hardware = {
cpu.intel.updateMicrocode = true;
facetimehd.enable = true;
};
networking = import ./networking.nix;
security.pki.certificateFiles = [ ./consul-agent-ca.pem ];
services.unbound = import ./unbound.nix;
# Radeon driver seems to work better than amdgpu with Radeon R9 M370X
services.xserver.videoDrivers = [ "radeon" ];
# Thunderbolt tools
services.hardware.bolt.enable = true;
services.udev.extraRules =
# Disable XHC1 wakeup signal to avoid resume getting triggered some time
# after suspend. Reboot required for this to take effect.
''SUBSYSTEM=="pci", KERNEL=="0000:00:14.0", ATTR{power/wakeup}="disabled"'';
services.printing.enable = true;
services.printing.drivers = [ pkgs.brlaser ];
home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
# Custom device sway configs
xdg.configFile = mkIf psCfg.sway.enable {
"sway/config.d/10-applications.conf".source = ./.config/sway/config.d/applications.conf;
"sway/config.d/autostart.conf".source = ./.config/sway/config.d/autostart.conf;
"sway/config.d/10-custom-keybindings.conf".source = ./.config/sway/config.d/custom-keybindings.conf;
"sway/config.d/input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
"sway/config.d/screens.conf".source = ./.config/sway/config.d/screens.conf;
};
};
users.users.teutat3s = {
extraGroups = [ "unbound" ];
};
# WLAN frequency compliance (e.g. check for radar with DFS)
hardware.firmware = with pkgs; [ wireless-regdb ];
boot.extraModprobeConfig = ''
options cfg80211 ieee80211_regdom="DE"
'';
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment?
};
}

37
hosts/dumpyourvms/hardware-configuration.nix Normal file
View file

@ -0,0 +1,37 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
#(modulesPath + "/hardware/network/broadcom-43xx.nix")
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/17bbb016-d27c-47da-8805-58c6395891e8";
fsType = "ext4";
};
boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/c100b9a7-99d7-44d9-b7c2-3892a5f233c4";
fileSystems."/boot/efi" =
{
device = "/dev/disk/by-uuid/06B8-5414";
fsType = "vfat";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/02fa042f-7310-4be6-a615-524d5d7dc909"; }];
# high-resolution display
hardware.video.hidpi.enable = lib.mkDefault true;
}

52
hosts/dumpyourvms/networking.nix Normal file
View file

@ -0,0 +1,52 @@
{
hosts = {
"10.0.0.42" = [ "nomad.service.consul" ];
"10.0.0.48" = [ "consul.service.consul" ];
"10.0.0.49" = [ "vault.service.consul" ];
};
wireguard.enable = true;
wg-quick.interfaces = {
wg0 = {
address = [ "5.0.0.6/32" ];
privateKeyFile = "/etc/wireguard/wg0.privatekey";
peers = [
{
publicKey = "l0DJLicCrcrixNP6zAWTXNSEaNM2jML253BXEZ1KpiU=";
allowedIPs = [ "5.0.0.16/32" "10.0.0.0/24" "10.88.88.0/24" ];
endpoint = "85.88.23.16:51820";
persistentKeepalive = 25;
}
];
};
wg1 = {
address = [ "10.13.0.1/32" ];
privateKeyFile = "/etc/wireguard/wg1.privatekey";
mtu = 1412;
peers = [
{
publicKey = "XS3TTIMU7Jp3JJANBpE14RsVDJk6/VUvZgjQgQP8kAs=";
allowedIPs = [ "10.13.0.100/32" "192.168.188.0/24" ];
endpoint = "[2a00:6020:409d:bb00:dea6:32ff:fe85:3306]:51820";
persistentKeepalive = 25;
}
];
};
wg2 = {
address = [ "10.6.6.4/32" ];
privateKeyFile = "/etc/wireguard/wg2.privatekey";
peers = [
{
publicKey = "nYMmaCIW8lZ7SokivN8HXxYDch+SS1G7ab1SC9meDAw=";
presharedKeyFile = "/etc/wireguard/wg2.presharedkey";
allowedIPs = [ "10.6.6.1/32" "10.1.1.0/24" ];
endpoint = "85.88.23.127:51820";
persistentKeepalive = 16;
}
];
};
};
}

BIN
hosts/dumpyourvms/secrets/keyfile.bin Normal file
View file

Binary file not shown.

54
hosts/dumpyourvms/unbound.nix Normal file
View file

@ -0,0 +1,54 @@
{
enable = true;
localControlSocketPath = "/run/unbound/unbound.ctl";
settings = {
server = {
cache-max-ttl = 14400;
cache-min-ttl = 1200;
aggressive-nsec = true;
prefetch = false;
rrset-roundrobin = true;
use-caps-for-id = true;
do-ip6 = false;
hide-identity = true;
hide-version = true;
do-not-query-localhost = false;
tls-cert-bundle = "/etc/ssl/certs/ca-certificates.crt";
};
# fritz.box stub zone
stub-zone = {
name = "fritz.box";
stub-addr = "192.168.178.1";
};
# DNS over DLS forwarding
forward-zone = {
name = ".";
forward-tls-upstream = true;
forward-addr = [
"5.1.66.255@853#dot.ffmuc.net"
"185.150.99.255@853#dot.ffmuc.net"
"145.100.185.18@853#dnsovertls3.sinodun.com"
"89.233.43.71@853#unicast.censurfridns.dk"
"94.130.110.185@853#ns1.dnsprivacy.at"
"2001:678:e68:f000::@853#dot.ffmuc.net"
"2001:678:ed0:f000::@853#dot.ffmuc.net"
"2001:610:1:40ba:145:100:185:18@853#dnsovertls3.sinodun.com"
"2a01:3a0:53:53::0@853#unicast.censurfridns.dk"
"2a01:4f8:c0c:3c03::2@853#ns1.dnsprivacy.at"
"2a01:4f8:c0c:3bfc::2@853#ns2.dnsprivacy.at"
"2001:610:1:40ba:145:100:185:15@853#dnsovertls.sinodun.com"
"2001:610:1:40ba:145:100:185:16@853#dnsovertls1.sinodun.com"
"2a04:b900:0:100::38@853#getdnsapi.net"
"145.100.185.15@853#dnsovertls.sinodun.com"
"145.100.185.16@853#dnsovertls1.sinodun.com"
"185.49.141.37@853#getdnsapi.net"
];
};
};
}

6
hosts/ryzensun/.config/sway/config.d/autostart.conf Normal file
View file

@ -0,0 +1,6 @@
# Autostart applications
#
# Example:
# exec swayidle
exec qMasterPassword

30
hosts/ryzensun/.config/sway/config.d/input-defaults.conf Normal file
View file

@ -0,0 +1,30 @@
### Input configuration
#
# You can get the names of your inputs by running: swaymsg -t get_inputs
# Read `man 5 sway-input` for more information about this section.
input * {
xkb_layout us,de
xkb_options ctrl:nocaps
natural_scroll disabled
}
# Touchpad controls
#bindsym XF86TouchpadToggle exec $HOME/Workspace/ben/toggletouchpad.sh # toggle touchpad
# Screen brightness controls
bindsym XF86MonBrightnessUp exec "brightnessctl -d intel_backlight set +10%; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ {print $4}')"
bindsym XF86MonBrightnessDown exec "brightnessctl -d intel_backlight set 10%-; notify-send $(brightnessctl -d intel_backlight i | awk '/Current/ { print $4}')"
# Keyboard backlight brightness controls
bindsym XF86KbdBrightnessDown exec "brightnessctl -d smc::kbd_backlight set 10%-; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
bindsym XF86KbdBrightnessUp exec "brightnessctl -d smc::kbd_backlight set +10%; notify-send $(brightnessctl -d smc::kbd_backlight i | awk '/Current/ { print $4}')"
# Pulse Audio controls
bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. up' #increase sound volume
bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%; exec pactl set-sink-mute @DEFAULT_SINK@ 0 && notify-send 'Vol. down' #decrease sound volume
bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ toggle && notify-send 'Mute sound' # mute sound
# Media player controls
bindsym XF86AudioPlay exec "playerctl play-pause; notify-send 'Play/Pause'"
bindsym XF86AudioNext exec "playerctl next; notify-send 'Next'"
bindsym XF86AudioPrev exec "playerctl previous; notify-send 'Prev.'"

33
hosts/ryzensun/.config/sway/config.d/screens.conf Normal file
View file

@ -0,0 +1,33 @@
### Output configuration
#
# Example configuration:
#
# output HDMI-A-1 resolution 1920x1080 position 1920,0
#
# You can get the names of your outputs by running: swaymsg -t get_outputs
set $main_screen HDMI-A-1
output $main_screen scale 2
#bindswitch lid:on output $main_screen disable
#bindswitch lid:off output $main_screen enable
bindsym $mod+Shift+x output $main_screen toggle
# TODO when using more monitors
## Manual management of external displays
# Set the shortcuts and what they do
#set $mode_display HDMI (i) top, (j) left, (k) bottom, (l) right, (o) off
#mode "$mode_display" {
# bindsym i output HDMI-A-1 enable; output HDMI-A-1 pos 0 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 1080, mode "default"
# bindsym j output HDMI-A-1 enable; output HDMI-A-1 pos 0 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 1920 0, mode "default"
# bindsym k output HDMI-A-1 enable; output HDMI-A-1 pos 0 900 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 0, mode "default"
# bindsym l output HDMI-A-1 enable; output HDMI-A-1 pos 1440 0 bg ~/Pictures/wallpapers/active.png fill; output eDP-1 pos 0 0, mode "default"
# bindsym o output HDMI-A-1 disable, mode "default"
#
# # back to normal: Enter or Escape
# bindsym Return mode "default"
# bindsym Escape mode "default"
#}
## Declare here the shortcut to bring the display selection menu
#bindsym $mod+x mode "$mode_display"

1
hosts/ryzensun/.gitattributes vendored Normal file
View file

@ -0,0 +1 @@
secrets/** filter=git-crypt-18DAE600A6BBE705 diff=git-crypt-18DAE600A6BBE705

17
hosts/ryzensun/default.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, pkgs, lib, ... }:
with lib;
let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in
{
imports = [
./virtualisation
];
config.home-manager.users."${psCfg.user.name}".xdg.configFile = mkIf psCfg.sway.enable {
"sway/config.d/autostart.conf".source = ./.config/sway/config.d/autostart.conf;
"sway/config.d/input-defaults.conf".source = ./.config/sway/config.d/input-defaults.conf;
"sway/config.d/screens.conf".source = ./.config/sway/config.d/screens.conf;
};
}

77
hosts/ryzensun/virtualisation/create-service.nix Normal file
View file

@ -0,0 +1,77 @@
{ config, pkgs, lib, vm, ... }:
let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
varsFile = "${xdg.dataHome}/libvirt/OVMF_VARS_${vm.name}.fd";
generateXML = import ./generate-xml.nix;
in
{
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
Restart = "no";
};
script =
let
networkXML = pkgs.writeText "network.xml" (import ./network-xml.nix { inherit config; inherit pkgs; inherit lib; });
machineXML = pkgs.writeText "${vm.name}.xml" (generateXML { inherit config; inherit pkgs; inherit lib; inherit vm; varsFile = varsFile; });
in
''
echo "Checking if ${vm.name} is already running"
if [[ $(${pkgs.libvirt}/bin/virsh list --all | grep "${vm.name}" | ${pkgs.gawk}/bin/awk '{ print $3 " " $4 }' ) != 'shut off' ]]; then
echo "Domain ${vm.name} is already running or in an inconsistent state:"
${pkgs.libvirt}/bin/virsh list --all
exit 0
fi
NET_TMP_FILE="/tmp/network.xml"
NETUUID="$(${pkgs.libvirt}/bin/virsh net-uuid 'default' || true)"
(sed "s/UUID/$NETUUID/" '${networkXML}') > $NET_TMP_FILE
${pkgs.libvirt}/bin/virsh net-define $NET_TMP_FILE
${pkgs.libvirt}/bin/virsh net-start 'default' || true
VARS_FILE=${varsFile}
if [ ! -f "$VARS_FILE" ]; then
cp /run/libvirt/nix-ovmf/OVMF_VARS.fd $VARS_FILE
fi
TMP_FILE="/tmp/${vm.name}.xml"
UUID="$(${pkgs.libvirt}/bin/virsh domuuid '${vm.name}' || true)"
(sed "s/UUID/$UUID/" '${machineXML}') > $TMP_FILE
USB_DEV=$(${pkgs.usbutils}/bin/lsusb | grep 046d:c52b | grep 'Bus 001' | cut -b 18)
LINE_NUMBER=$(cat $TMP_FILE | grep -n -A 1 0xc52b | tail -n 1 | cut -b 1,2,3)
sed -i "''${LINE_NUMBER}s/\(.\{33\}\)./\1''${USB_DEV}/" $TMP_FILE
USB_BUS=$(${pkgs.usbutils}/bin/lsusb | grep 046d:c328 | cut -b 7)
USB_DEV=$(${pkgs.usbutils}/bin/lsusb | grep 046d:c328 | cut -b 18)
LINE_NUMBER=$(cat $TMP_FILE | grep -n -A 1 0xc328 | tail -n 1 | cut -b 1,2,3)
sed -i "''${LINE_NUMBER}s/.*/<address bus=\"''${USB_BUS}\" device=\"''${USB_DEV}\" \/>/" $TMP_FILE
# TODO: Set correct pci address too
${pkgs.libvirt}/bin/virsh define $TMP_FILE
${pkgs.libvirt}/bin/virsh start '${vm.name}'
'';
preStop =
''
${pkgs.libvirt}/bin/virsh shutdown '${vm.name}'
let "timeout = $(date +%s) + 10"
while [ "$(${pkgs.libvirt}/bin/virsh list --name | grep --count '^${vm.name}$')" -gt 0 ]; do
if [ "$(date +%s)" -ge "$timeout" ]; then
# Meh, we warned it...
${pkgs.libvirt}/bin/virsh destroy '${vm.name}'
else
# The machine is still running, let's give it some time to shut down
sleep 0.5
fi
done
${pkgs.libvirt}/bin/virsh net-destroy 'default' || true
'';
}

43
hosts/ryzensun/virtualisation/default.nix Normal file
View file

@ -0,0 +1,43 @@
{ config, pkgs, lib, ... }:
with lib;
let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
createService = import ./create-service.nix;
in
{
options.pub-solar.virtualisation.rx5700xt = mkEnableOption "Use the bigger GPU for guests";
config = mkIf psCfg.virtualisation.enable {
boot.extraModprobeConfig = "softdep amdgpu pre: vfio vfio_pci" + (if psCfg.virtualisation.rx5700xt
then "\noptions vfio-pci ids=1002:731f,1002:ab38"
else "\noptions vfio-pci ids=1002:699f,1002:aae0");
systemd.user.services = {
vm-windows = createService {
inherit config;
inherit pkgs;
inherit lib;
vm = {
name = "windows";
disk = "/dev/disk/by-id/ata-SanDisk_SDSSDA240G_162402455603";
id = "http://microsoft.com/win/10";
gpu = true;
mountHome = false;
};
};
vm-manjaro = createService {
inherit config;
inherit pkgs;
inherit lib;
vm = {
name = "manjaro";
disk = "/dev/disk/by-id/ata-KINGSTON_SM2280S3G2240G_50026B726B0265CE";
id = "https://manjaro.org/download/#i3";
gpu = true;
mountHome = true;
};
};
};
};
}

246
hosts/ryzensun/virtualisation/generate-xml.nix Normal file
View file

@ -0,0 +1,246 @@
{ config, pkgs, lib, vm, varsFile, ... }:
let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
home = config.home-manager.users."${psCfg.user.name}".home;
in
''
<domain type='kvm'>
<name>${vm.name}</name>
<uuid>UUID</uuid>
<metadata>
<libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
<libosinfo:os id="${vm.id}"/>
</libosinfo:libosinfo>
</metadata>
<memory unit='KiB'>33554432</memory>
<currentMemory unit='KiB'>33554432</currentMemory>
<vcpu placement='static'>12</vcpu>
<cputune>
<vcpupin vcpu='0' cpuset='6'/>
<vcpupin vcpu='1' cpuset='7'/>
<vcpupin vcpu='2' cpuset='8'/>
<vcpupin vcpu='3' cpuset='9'/>
<vcpupin vcpu='4' cpuset='10'/>
<vcpupin vcpu='5' cpuset='11'/>
<vcpupin vcpu='6' cpuset='18'/>
<vcpupin vcpu='7' cpuset='19'/>
<vcpupin vcpu='8' cpuset='20'/>
<vcpupin vcpu='9' cpuset='21'/>
<vcpupin vcpu='10' cpuset='22'/>
<vcpupin vcpu='11' cpuset='23'/>
</cputune>
<resource>
<partition>/machine</partition>
</resource>
<os>
<type arch='x86_64' machine='pc-q35-4.2'>hvm</type>
<loader readonly='yes' type='pflash'>/run/libvirt/nix-ovmf/OVMF_CODE.fd</loader>
<nvram>${varsFile}</nvram>
<boot dev='hd'/>
</os>
<features>
<acpi/>
<apic/>
<hyperv>
<relaxed state='on'/>
<vapic state='on'/>
<spinlocks state='on' retries='8191'/>
<vendor_id state='on' value='wahtever'/>
</hyperv>
<kvm>
<hidden state='on'/>
</kvm>
<vmport state='off'/>
</features>
<cpu mode='custom' match='exact' check='full'>
<model fallback='forbid'>EPYC-IBPB</model>
<vendor>AMD</vendor>
<topology sockets='1' dies='1' cores='6' threads='2'/>
<feature policy='require' name='x2apic'/>
<feature policy='require' name='tsc-deadline'/>
<feature policy='require' name='hypervisor'/>
<feature policy='require' name='tsc_adjust'/>
<feature policy='require' name='clwb'/>
<feature policy='require' name='umip'/>
<feature policy='require' name='stibp'/>
<feature policy='require' name='arch-capabilities'/>
<feature policy='require' name='ssbd'/>
<feature policy='require' name='xsaves'/>
<feature policy='require' name='cmp_legacy'/>
<feature policy='require' name='perfctr_core'/>
<feature policy='require' name='clzero'/>
<feature policy='require' name='wbnoinvd'/>
<feature policy='require' name='amd-ssbd'/>
<feature policy='require' name='virt-ssbd'/>
<feature policy='require' name='rdctl-no'/>
<feature policy='require' name='skip-l1dfl-vmentry'/>
<feature policy='require' name='mds-no'/>
<feature policy='require' name='pschange-mc-no'/>
<feature policy='disable' name='monitor'/>
<feature policy='disable' name='svm'/>
<feature policy='require' name='topoext'/>
</cpu>
<clock offset='utc'>
<timer name='rtc' tickpolicy='catchup'/>
<timer name='pit' tickpolicy='delay'/>
<timer name='hpet' present='no'/>
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<pm>
<suspend-to-mem enabled='no'/>
<suspend-to-disk enabled='no'/>
</pm>
<devices>
<emulator>${pkgs.qemu}/bin/qemu-system-x86_64</emulator>
<disk type='block' device='disk'>
<driver name='qemu' type='raw'/>
<source dev='${vm.disk}'/>
<backingStore/>
<target dev='vdb' bus='virtio'/>
<address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
</disk>
<controller type='usb' index='0' model='qemu-xhci' ports='15'>
<address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
</controller>
<controller type='sata' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
</controller>
<controller type='pci' index='0' model='pcie-root'/>
<controller type='pci' index='1' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='1' port='0x10'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/>
</controller>
<controller type='pci' index='2' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='2' port='0x11'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
</controller>
<controller type='pci' index='3' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='3' port='0x12'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/>
</controller>
<controller type='pci' index='4' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='4' port='0x13'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/>
</controller>
<controller type='pci' index='5' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='5' port='0x14'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x4'/>
</controller>
<controller type='pci' index='6' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='6' port='0x15'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x5'/>
</controller>
<controller type='pci' index='7' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='7' port='0x16'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x6'/>
</controller>
<controller type='pci' index='8' model='pcie-to-pci-bridge'>
<model name='pcie-pci-bridge'/>
<address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
</controller>
<controller type='pci' index='9' model='pcie-root-port'>
<model name='pcie-root-port'/>
<target chassis='9' port='0x17'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x7'/>
</controller>
<controller type='virtio-serial' index='0'>
<address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>
</controller>
${if vm.mountHome then ''
<filesystem type='mount' accessmode='mapped'>
<source dir='/home/${psCfg.user.name}'/>
<target dir='/media/home'/>
<address type='pci' domain='0x0000' bus='0x07' slot='0x00' function='0x0'/>
</filesystem>
'' else ""}
<interface type='network'>
<mac address='52:54:00:44:cd:ac'/>
<source network='default'/>
<model type='rtl8139'/>
<address type='pci' domain='0x0000' bus='0x08' slot='0x01' function='0x0'/>
</interface>
<serial type='pty'>
<target type='isa-serial' port='0'>
<model name='isa-serial'/>
</target>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
</console>
<input type='tablet' bus='usb'>
<address type='usb' bus='0' port='1'/>
</input>
<input type='mouse' bus='ps2'/>
<input type='keyboard' bus='ps2'/>
<graphics type='spice' autoport='yes' listen='127.0.0.1'>
<listen type='address' address='127.0.0.1'/>
<image compression='off'/>
</graphics>
<video>
<model type='cirrus' vram='16384' heads='1' primary='yes'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
</video>
<hostdev mode='subsystem' type='usb' managed='yes'>
<source>
<vendor id='0x046d'/>
<product id='0xc328'/>
<address bus='1' device='2'/>
</source>
<address type='usb' bus='0' port='4'/>
</hostdev>
<hostdev mode='subsystem' type='usb' managed='yes'>
<source>
<vendor id='0x046d'/>
<product id='0xc52b'/>
<address bus='1' device='4'/>
</source>
<address type='usb' bus='0' port='5'/>
</hostdev>
${if vm.gpu then ''
<hostdev mode='subsystem' type='pci' managed='yes'>
<driver name='vfio'/>
<source>
<address domain='0x0000' bus='0x0b' slot='0x00' function='0x0'/>
</source>
<rom bar='on' file='/etc/nixos/devices/chocolatebar/virtualisation/${
if psCfg.virtualisation.rx5700xt
then "rx5700xt"
else "rx550"
}.rom'/>
<address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x0' multifunction='on'/>
</hostdev>
<hostdev mode='subsystem' type='pci' managed='yes'>
<driver name='vfio'/>
<source>
<address domain='0x0000' bus='0x0b' slot='0x00' function='0x1'/>
</source>
<address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x1'/>
</hostdev>
'' else ""}
<redirdev bus='usb' type='spicevmc'>
<address type='usb' bus='0' port='2'/>
</redirdev>
<redirdev bus='usb' type='spicevmc'>
<address type='usb' bus='0' port='3'/>
</redirdev>
<memballoon model='virtio'>
<address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/>
</memballoon>
<shmem name='scream-ivshmem'>
<model type='ivshmem-plain'/>
<size unit='M'>2</size>
<address type='pci' domain='0x0000' bus='0x08' slot='0x02' function='0x0'/>
</shmem>
</devices>
</domain>
''

19
hosts/ryzensun/virtualisation/network-xml.nix Normal file
View file

@ -0,0 +1,19 @@
{ config, pkgs, lib, ... }:
''
<network>
<name>default</name>
<uuid>UUID</uuid>
<forward mode='nat'>
<nat>
<port start='1024' end='65535'/>
</nat>
</forward>
<bridge name='virbr0' stp='on' delay='0'/>
<mac address='52:54:00:bd:a0:73'/>
<ip address='192.168.122.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.122.2' end='192.168.122.254'/>
</dhcp>
</ip>
</network>
''

8
users/teutat3s/.config/git/config.nix Normal file
View file

@ -0,0 +1,8 @@
{ config, pkgs, ... }:
let
in
pkgs.lib.mkAfter ''[includeIf "gitdir:~/CodeRoom/greenbaum.cloud/"]
path = ~/.config/git/config_greenbaum.cloud
[includeIf "gitdir:~/CodeRoom/git.b12f.io/"]
path = ~/.config/git/config_git.b12f.io''

7
users/teutat3s/.config/git/config_git.b12f.io.nix Normal file
View file

@ -0,0 +1,7 @@
{ config, pkgs, ... }:
let
in
''[user]
name = teutat3s
email = teutates@mailbox.org
signingkey = 4FA1D3FA524F22C1''

7
users/teutat3s/.config/git/config_greenbaum.cloud.nix Normal file
View file

@ -0,0 +1,7 @@
{ config, pkgs, ... }:
let
in
''[user]
name = jhonas
email = wernery@greenbaum.cloud
signingkey = 924889A86D0B0FEB''

26
users/teutat3s/default.nix Normal file
View file

@ -0,0 +1,26 @@
{ config, pkgs, lib, ... }:
let
psCfg = config.pub-solar;
in
{
imports = [
./home.nix
];
config = {
pub-solar = {
# These are your personal settings
# The only required settings are `name` and `password`,
# The rest is used for programs like git
user = {
name = "teutat3s";
fullName = "teutat3s";
email = "10206665+teutat3s@users.noreply.github.com";
gpgKeyId = "18DAE600A6BBE705";
password = "$6$guLp1v0G0TxGThXX$y7YeEcYjFpN6gutLCbvAkqppOVLYZjfo4DxofrMm6a9MIjVoKKaY20UzityJsHbQU4THIFfj8gLWVOjyjL.P2.";
};
sway.v4l2loopback.enable = false;
};
};
}

76
users/teutat3s/home.nix Normal file
View file

@ -0,0 +1,76 @@
{ config, home-manager, lib, pkgs, ... }:
with lib;
let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in
{
imports = [
./session-variables.nix
];
config = {
pub-solar.graphical.alacritty.settings.font.size = 12;
pub-solar.graphical.alacritty.settings.key_bindings = [
{ key = "V"; mods = "Control|Super"; action = "Paste"; }
{ key = "C"; mods = "Control|Super"; action = "Copy"; }
];
services.kbfs.enable = true;
services.keybase.enable = true;
services.yubikey-agent.enable = true;
home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
xdg.configFile."git/config".text = import ./.config/git/config.nix { inherit config; inherit pkgs; };
xdg.configFile."git/config_greenbaum.cloud".text = import ./.config/git/config_greenbaum.cloud.nix { inherit config; inherit pkgs; };
xdg.configFile."git/config_git.b12f.io".text = import ./.config/git/config_git.b12f.io.nix { inherit config; inherit pkgs; };
home.packages = with pkgs; [
AusweisApp2
consul
keybase-gui
nomad
thunderbird
vault
veracrypt
waypoint
];
systemd.user.services.yubikey-agent = {
Unit = {
Description = "Seamless ssh-agent for YubiKeys";
Documentation = [ "https://filippo.io/yubikey-agent" ];
};
Service = {
ExecStart = "${pkgs.yubikey-agent}/bin/yubikey-agent -l %t/yubikey-agent/yubikey-agent.sock";
ExecReload = "/bin/kill -HUP $MAINPID";
IPAddressDeny = "any";
RestrictAddressFamilies = "AF_UNIX";
RestrictNamespaces = "yes";
RestrictRealtime = "yes";
RestrictSUIDSGID = "yes";
LockPersonality = "yes";
SystemCallFilter = "@system-service ~@privileged @resources";
SystemCallErrorNumber = "EPERM";
SystemCallArchitectures = "native";
NoNewPrivileges = "yes";
KeyringMode = "private";
UMask = "0177";
RuntimeDirectory = "yubikey-agent";
};
Install = {
WantedBy = [ "sway-session.target" ];
};
};
programs.zsh = {
initExtra = import ./zshrc.nix pkgs;
};
# xdg.configFile."wallpaper.jpg".source = ./assets/wallpaper.jpg;
};
#services.mopidy.configuration = mkIf config.pub-solar.audio.enable (builtins.readFile ../../secrets/mopidy.conf);
};
}

12
users/teutat3s/session-variables.nix Normal file
View file

@ -0,0 +1,12 @@
{ config, pkgs, ... }:
let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in
{
home-manager = pkgs.lib.setAttrByPath [ "users" psCfg.user.name ] {
home.sessionVariables = {
DRONE_SERVER = "https://drone.greenbaum.cloud";
};
};
}

86
users/teutat3s/zshrc.nix Normal file
View file

@ -0,0 +1,86 @@
pkgs:
''
bindkey "^[[1;3D" backward-word
bindkey "^[[1;3C" forward-word
bindkey "^[p" backward-word
bindkey "^[n" forward-word
# make cursor jump to slash, period, dash, underscore, dollar sign, equals sign
# by default: export WORDCHARS='*?_-.[]~=/&;!#$%^(){}<>'
export WORDCHARS='*?[]~&;!#$%^(){}'
# Alt+Backspace stops at /
bindkey "^[^?" backward-kill-word
backward-kill-dir () {
local WORDCHARS=''${WORDCHARS/\/}
zle backward-kill-word
}
zle -N backward-kill-dir
bindkey '^[^?' backward-kill-dir
# git aliases
alias ga="git add"
alias gau="git add --update"
alias gb="git branch"
alias gbd="git branch --delete"
alias gc="git commit"
alias gcm="git commit --message"
alias gco="git checkout"
alias gcob="git checkout -b"
alias gd="git diff"
alias gm="git merge"
alias gma="git merge --abort"
alias gmc="git merge --continue"
alias gp="git pull"
alias gs="git status"
# misc aliases
alias zshconfig="vim ~/.zshrc"
alias zshhistory="vim $XDG_DATA_HOME/zsh/zsh_history"
alias zshsource="source ~/.zshrc"
alias tp="triton profile set"
alias tt="triton"
alias ttco="triton-compose"
alias tf="terraform"
alias dstart="sudo systemctl start docker"
alias dstop="sudo systemctl stop docker"
alias lvstart="sudo systemctl start libvirtd"
alias lvstop="sudo systemctl stop libvirtd"
alias wg-up="sudo systemctl start wg-quick@wg0.service"
alias wg-down="sudo systemctl stop wg-quick@wg0.service"
# Helper function for docker on triton
ttdo () {
if [[ "$1" == "set" ]]; then
if [[ -n "$2" ]]; then
triton profile set "$2"
fi
source ~/CodeRoom/greenbaum.cloud/triton-docker.env.sh
elif [[ "$1" == "unset" ]]; then
eval "$(triton env --unset)" && unset TRITON_CNS_SEARCH_DOMAIN_PRIVATE TRITON_CNS_SEARCH_DOMAIN_PUBLIC
elif [[ "$1" == "env" ]]; then
env | grep "DOCKER\|TRITON\|SDC"
else
/usr/bin/docker $@
fi
}
# remove @machine from prompt
DEFAULT_USER=$(whoami)
# autocomplete cd ..
zstyle ':completion:*' special-dirs true
autoload -U +X bashcompinit && bashcompinit
complete -o nospace -C ${pkgs.consul}/bin/consul consul
complete -o nospace -C ${pkgs.nomad}/bin/nomad nomad
complete -o nospace -C ${pkgs.vault}/bin/vault vault
complete -o nospace -C ${pkgs.terraform_0_15}/bin/terraform terraform
complete -o nospace -C ${pkgs.waypoint}/bin/waypoint waypoint
complete -C '${pkgs.awscli2}/bin/aws_completer' ${pkgs.awscli2}/bin/aws
''