diff --git a/README.md b/README.md index 10e168f..959b370 100644 --- a/README.md +++ b/README.md @@ -31,8 +31,10 @@ Apple Silicon hosts require additional `--impure` flag for firmware installation - stella (Random Ryzen 3 3250U laptop) - vetus (iMac 27" 2017) - celerrime (MacBook Air M2) +- celerrime-x (MacBook Air M2 under Darwin) (Needs unifying) - rubusidaeus (Raspberry Pi 4B) + ## Modules Module example: diff --git a/common/base.nix b/common/base.nix index 49e3e1c..6a3d4d9 100644 --- a/common/base.nix +++ b/common/base.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: { nix = { @@ -8,35 +8,29 @@ ''; settings = { auto-optimise-store = true; + allowed-users = [ "root" "@wheel" ]; trusted-users = [ "root" "@wheel" ]; + sandbox = true; }; gc = { automatic = true; options = "--delete-older-than 7d"; }; - daemonCPUSchedPolicy = "idle"; - daemonIOSchedClass = "idle"; }; documentation = { doc.enable = false; info.enable = false; man.enable = true; - nixos.enable = false; }; - environment.systemPackages = with pkgs; [ - wget - curl - usbutils - pciutils - coreutils-full - killall - git - git-crypt - neovim - python3Minimal - ]; + environment.systemPackages = with pkgs; + [ wget curl git git-crypt neovim python3Minimal nixfmt ] + ++ lib.optionals pkgs.stdenv.isLinux [ + usbutils + pciutils + coreutils-full + killall + ]; - boot.tmp.cleanOnBoot = true; } diff --git a/common/remote-access.nix b/common/remote-access.nix index 36d5792..1151afe 100644 --- a/common/remote-access.nix +++ b/common/remote-access.nix @@ -1,6 +1,7 @@ -{ ... }: +{ cfg, lib, ... }: -{ +let my = import ../.; +in { services.openssh = { enable = true; settings.PasswordAuthentication = false; @@ -14,4 +15,5 @@ ''; }; + programs.ssh.startAgent = true; } diff --git a/common/user.nix b/common/user.nix index fe58c80..96203a8 100644 --- a/common/user.nix +++ b/common/user.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: let my = import ../.; in rec { @@ -12,16 +12,14 @@ in rec { uid = 1000; packages = with pkgs; [ tree - cargo - rustc neofetch # I use NixOS BTW duf htop ]; shell = pkgs.zsh; openssh.authorizedKeys.keys = [ - # Air M2 macOS - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6HY6er37FUz2tPQnwq5SUQZ5KHmMpGQA5yNlxPOyoCV+uvdx/cU8KF7jlFoyBC9xf2FvNyB8H1MZ6t2eUs4m/pVMpoBbNSTZLSxlvv2n4HuxL2Sg3qPdioJOyxDfnXA4OIZ+Tc+z4zM3ZnPJm1ccGW7W+YPhZ7GhBpl5wlMw+m06dCt8wfdDA4fuf4brnLt1ZMs4aOtVM8u4ZEtMs3IVXVUgtRH5m0RXZ94s7RkrUHhl2UOkOclhkQOiQop9RuJMjpi+iYkDYCniuGCKcKPrmi1+qicKM8KyrYGqR7FkUvzr+H8XtJXu++Kvmjcn54jDYqM4sq/MNL2rf8QaIUGLwiq2ljH2dGamElvElWZoXQBGPp4L80IEbaMVISIcvcNj+8cKW3rPvEUK5iT8jCkIOUwm1oo70YawS5VXTPLDsZif12QduTcJhVJekEaP0ZSifO52zeJksj0adwiEMJPqm7bIk5Y+9dCbQH7PtkWY4Tw3bdGNsYnTXC80MeEfrIKE=" + # celerrime-x + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6HY6er37FUz2tPQnwq5SUQZ5KHmMpGQA5yNlxPOyoCV+uvdx/cU8KF7jlFoyBC9xf2FvNyB8H1MZ6t2eUs4m/pVMpoBbNSTZLSxlvv2n4HuxL2Sg3qPdioJOyxDfnXA4OIZ+Tc+z4zM3ZnPJm1ccGW7W+YPhZ7GhBpl5wlMw+m06dCt8wfdDA4fuf4brnLt1ZMs4aOtVM8u4ZEtMs3IVXVUgtRH5m0RXZ94s7RkrUHhl2UOkOclhkQOiQop9RuJMjpi+iYkDYCniuGCKcKPrmi1+qicKM8KyrYGqR7FkUvzr+H8XtJXu++Kvmjcn54jDYqM4sq/MNL2rf8QaIUGLwiq2ljH2dGamElvElWZoXQBGPp4L80IEbaMVISIcvcNj+8cKW3rPvEUK5iT8jCkIOUwm1oo70YawS5VXTPLDsZif12QduTcJhVJekEaP0ZSifO52zeJksj0adwiEMJPqm7bIk5Y+9dCbQH7PtkWY4Tw3bdGNsYnTXC80MeEfrIKE= ivabus@celerrime-x" # Stella "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDXWPxd1uVVxEARVezy0s0LZ9fC/Mif6s218oNWDyJNqZMnAiaMwwP/mGHqCy1OXFCb8/5Kv3AM+z6sxY4mIvyXhx3lPW841HoOlJxR+JQ50qgxon/oCXjKFVMZjFptRtexgQLhubhjyINagj7T/K6UjsfC9sIG5DUJdem0O8ZD/8EqvIrkeNGP52klJM3sR4vhXMNwOIPkukNOMq+OLXgAaCXRImc53N+Whi/tCaxxr/Nen5CVGo9raAekRKaiBLKvgboXYnxzNFxiecUe7mqPbyE2bcnJ+rDC7UlwrNYGyIQ/8POjQwbanFxT4UJhS5ib6/hSpia0eYaSiutBqU3fQcIXrmTQWOrGPdrUsLHw5xGMfwnPmoDFMYHdcchU0v6QijbrHrsqVV/bikWoQF4JT7PCwOejfVowOioPghvW2u34gTyMKPkueaMk0w8Jq45V0meneyN5SbobqZX3XFze4Uz3BN8nuiZB6pFRPv0eKLqEqX8+nST9uQDBkqKTvwE= ivabus@stella" @@ -38,7 +36,11 @@ in rec { users.users.ivabus.openssh.authorizedKeys.keys; }; - programs.zsh = { enable = true; }; + environment.shells = [ pkgs.zsh ]; + programs.zsh = { + enable = true; + promptInit = ""; + }; programs.gnupg.agent.enable = true; programs.ssh.startAgent = true; diff --git a/flake.lock b/flake.lock index 4a79430..833e168 100644 --- a/flake.lock +++ b/flake.lock @@ -42,19 +42,39 @@ ] }, "locked": { - "lastModified": 1693399033, - "narHash": "sha256-yXhiMo8MnE86sGtPIHAKaLHhmhe8v9tqGGotlUgKJvY=", + "lastModified": 1693208669, + "narHash": "sha256-hHFaaUsZ860wvppPeiu7nJn/nXZjJfnqAQEu9SPFE9I=", "owner": "nix-community", "repo": "home-manager", - "rev": "f5c15668f9842dd4d5430787d6aa8a28a07f7c10", + "rev": "5bac4a1c06cd77cf8fc35a658ccb035a6c50cd2c", "type": "github" }, "original": { "owner": "nix-community", + "ref": "release-23.05", "repo": "home-manager", "type": "github" } }, + "nix-darwin": { + "inputs": { + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1692248770, + "narHash": "sha256-tZeFpETKQGbgnaSIO1AGWD27IyTcBm4D+A9d7ulQ4NM=", + "owner": "LnL7", + "repo": "nix-darwin", + "rev": "511177ffe8226c78c9cf6a92a7b5f2df3684956b", + "type": "github" + }, + "original": { + "owner": "LnL7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1692913444, @@ -73,11 +93,27 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1693377291, - "narHash": "sha256-vYGY9bnqEeIncNarDZYhm6KdLKgXMS+HA2mTRaWEc80=", + "lastModified": 1694062546, + "narHash": "sha256-PiGI4f2BGnZcedP6slLjCLGLRLXPa9+ogGGgVPfGxys=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e7f38be3775bab9659575f192ece011c033655f0", + "rev": "b200e0df08f80c32974a6108ce431d8a8a5e6547", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-23.05-darwin", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1693985761, + "narHash": "sha256-K5b+7j7Tt3+AqbWkcw+wMeqOAWyCD1MH26FPZyWXpdo=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "0bffda19b8af722f8069d09d8b6a24594c80b352", "type": "github" }, "original": { @@ -91,7 +127,8 @@ "inputs": { "apple-silicon-support": "apple-silicon-support", "home-manager": "home-manager", - "nixpkgs": "nixpkgs_2" + "nix-darwin": "nix-darwin", + "nixpkgs": "nixpkgs_3" } }, "rust-overlay": { diff --git a/flake.nix b/flake.nix index 60c2e74..3b3c6d9 100644 --- a/flake.nix +++ b/flake.nix @@ -4,15 +4,22 @@ inputs = { nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; + home-manager = { - url = "github:nix-community/home-manager"; + url = "github:nix-community/home-manager/release-23.05"; inputs.nixpkgs.follows = "nixpkgs"; }; + apple-silicon-support.url = "github:tpwrules/nixos-apple-silicon"; + + nix-darwin = { + url = "github:LnL7/nix-darwin/master"; + inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; + }; }; - outputs = - { self, nixpkgs, home-manager, apple-silicon-support, ... }@inputs: { + outputs = { self, nixpkgs, home-manager, nix-darwin, apple-silicon-support + , ... }@inputs: { # Stella = Unchartevice 6540 (Ryzen 3 3250U, 16GB RAM) nixosConfigurations."stella" = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; @@ -45,6 +52,13 @@ ]; }; + # Celerrime under macOS + darwinConfigurations."celerrime-x" = nix-darwin.lib.darwinSystem { + system = "aarch64-darwin"; + modules = + [ home-manager.darwinModules.home-manager ./machines/celerrime-x ]; + }; + # These machines will be configured later. /* # Effundam = MacBook Air M1 (server usage). Will not be added to flake.nix until thunderbolt and apfs proper support nixosConfigurations."effundam" = nixpkgs.lib.nixosSystem { diff --git a/machines/celerrime-x/default.nix b/machines/celerrime-x/default.nix new file mode 100644 index 0000000..361862c --- /dev/null +++ b/machines/celerrime-x/default.nix @@ -0,0 +1,60 @@ +{ pkgs, home, lib, ... }: { + # Cannot use "my" for a while. Need to adapt it not to be linux-only + imports = [ ../../common/base.nix ../../common/git.nix ]; + + nixpkgs.config.allowUnfree = true; + environment.systemPackages = lib.mkForce (with pkgs; [ + neofetch + + vscode + rustc + cargo + clang + llvm + lld + python3Full + gnumake + automake + autoconf + meson + ninja + picocom + screen + hyperfine + ]); + + security.pam.enableSudoTouchIdAuth = true; + + networking = { + dns = [ "1.1.1.1" "1.0.0.1" "8.8.8.8" ]; + knownNetworkServices = [ "USB 10/100/1000 LAN" "Wi-Fi" "iPhone USB" ]; + + hostName = "celerrime-x"; # ugly + computerName = "cellerime on X"; # pretty + }; + my.git.enable = true; + environment.shells = with pkgs; [ zsh ]; + programs.zsh = { + enable = true; + promptInit = ""; + }; + + users.users.ivabus.home = "/Users/ivabus"; + users.users.ivabus.openssh.authorizedKeys.keys = [ + # i should somehow reuse it from common/user.nix + # celerrime-x + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC6HY6er37FUz2tPQnwq5SUQZ5KHmMpGQA5yNlxPOyoCV+uvdx/cU8KF7jlFoyBC9xf2FvNyB8H1MZ6t2eUs4m/pVMpoBbNSTZLSxlvv2n4HuxL2Sg3qPdioJOyxDfnXA4OIZ+Tc+z4zM3ZnPJm1ccGW7W+YPhZ7GhBpl5wlMw+m06dCt8wfdDA4fuf4brnLt1ZMs4aOtVM8u4ZEtMs3IVXVUgtRH5m0RXZ94s7RkrUHhl2UOkOclhkQOiQop9RuJMjpi+iYkDYCniuGCKcKPrmi1+qicKM8KyrYGqR7FkUvzr+H8XtJXu++Kvmjcn54jDYqM4sq/MNL2rf8QaIUGLwiq2ljH2dGamElvElWZoXQBGPp4L80IEbaMVISIcvcNj+8cKW3rPvEUK5iT8jCkIOUwm1oo70YawS5VXTPLDsZif12QduTcJhVJekEaP0ZSifO52zeJksj0adwiEMJPqm7bIk5Y+9dCbQH7PtkWY4Tw3bdGNsYnTXC80MeEfrIKE=" + + # Stella + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDXWPxd1uVVxEARVezy0s0LZ9fC/Mif6s218oNWDyJNqZMnAiaMwwP/mGHqCy1OXFCb8/5Kv3AM+z6sxY4mIvyXhx3lPW841HoOlJxR+JQ50qgxon/oCXjKFVMZjFptRtexgQLhubhjyINagj7T/K6UjsfC9sIG5DUJdem0O8ZD/8EqvIrkeNGP52klJM3sR4vhXMNwOIPkukNOMq+OLXgAaCXRImc53N+Whi/tCaxxr/Nen5CVGo9raAekRKaiBLKvgboXYnxzNFxiecUe7mqPbyE2bcnJ+rDC7UlwrNYGyIQ/8POjQwbanFxT4UJhS5ib6/hSpia0eYaSiutBqU3fQcIXrmTQWOrGPdrUsLHw5xGMfwnPmoDFMYHdcchU0v6QijbrHrsqVV/bikWoQF4JT7PCwOejfVowOioPghvW2u34gTyMKPkueaMk0w8Jq45V0meneyN5SbobqZX3XFze4Uz3BN8nuiZB6pFRPv0eKLqEqX8+nST9uQDBkqKTvwE= ivabus@stella" + + # Celerrime + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCgZJjP2BRycxcR53sriaityzT24f+umMO8iz/xUvWRUJpgwA4WJyqgKwxuIhKYPUZ7e3H/vVPrt3ZqAaqoFM7OildtcXyRskwinuAxE6lhOEE69s1M3iqCXbrTM9YluMlrvf7yd4edInH0jdlCTwuZOY+yisrGU+nOpSSuJgcwlme2fv1pQtKgTQpqz1GflIaXm5415Do4okanNlfuAJXix7ic0PkaLN0gTtONqwJR1W3hkF8hnlHV49t8QvrJHgQptbVdDgd9f96+a6OL6y/6rixnEU23yuC29lWxSwrixwC0xY+/CjhMlDzXqvePG55vC4K5UQypKcvMOCLV/0z9s5m0ca5mvS9eqPDcUj2+9r7VFaL0IdZl4i7eG9JJSS4h/22Or7CdU9Dv0kiMYP3HLiihjS/lrQVEEYpEMr3DmhSnij5DeGZFmMRM2UN5ZqR7/QhkslhQg340ik6ZENjpxuQ9rQino5XRK52DoUiLHleKI/ibBHQ4LiREvX9muyM= ivabus@celerrime" + ]; + + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + + services.nix-daemon.enable = true; + nix.package = lib.mkForce pkgs.nix; +} diff --git a/machines/rubusidaeus/default.nix b/machines/rubusidaeus/default.nix index e36ced6..3ee1fcd 100644 --- a/machines/rubusidaeus/default.nix +++ b/machines/rubusidaeus/default.nix @@ -1,6 +1,12 @@ { config, pkgs, lib, ... }: -let my = import ../..; +let + my = import ../..; + ipv6_subnet = "2a05:3580:e41a:d600"; + ipv6_prefix = 64; + ipv4_gateway = "192.168.1.1"; + ipv4_address = "192.168.1.3"; + ipv4_prefix = 24; in { imports = [ my.modules ../../hardware/rpi4.nix ]; @@ -23,7 +29,23 @@ in { server = { ivabus-dev.enable = true; }; }; - networking.useDHCP = true; + networking = { + useNetworkd = false; + useDHCP = false; + interfaces = { + end0 = { + ipv6.addresses = [{ + address = "${ipv6_subnet}::1337"; + prefixLength = ipv6_prefix; + }]; + ipv4.addresses = [{ + address = ipv4_address; # Ughhhhh yep, flat network + prefixLength = ipv4_prefix; + }]; + }; + }; + defaultGateway = ipv4_gateway; # should set this things through let... + }; hardware.enableRedistributableFirmware = true; system.stateVersion = "23.05"; diff --git a/roles/devel.nix b/roles/devel.nix index 7961094..38f3b73 100644 --- a/roles/devel.nix +++ b/roles/devel.nix @@ -35,14 +35,12 @@ in { (lib.mkIf (!pkgs.stdenv.isx86_64) { boot.binfmt.emulatedSystems = [ "x86_64-linux" "i686-linux" ]; }) - # Remove CLion from builds while I'm semi-online + # Install CLion only if we are on x86_64 - /* (lib.mkIf (pkgs.stdenv.isx86_64) { - environment.systemPackages = with pkgs; [ - jetbrains.clion - ]; - }) - */ + (lib.mkIf (pkgs.stdenv.isx86_64) { + environment.systemPackages = with pkgs; [ jetbrains.clion ]; + }) + # Install vscode only if we are on x86_64 or aarch64 or aarch32 (lib.mkIf (pkgs.stdenv.isx86_64 || pkgs.stdenv.isAarch64 || pkgs.stdenv.isAarch32) { diff --git a/roles/server/ivabus-dev.nix b/roles/server/ivabus-dev.nix index 9895b3b..c3b21a6 100644 --- a/roles/server/ivabus-dev.nix +++ b/roles/server/ivabus-dev.nix @@ -15,6 +15,7 @@ in { extraConfig = '' error_page 404 /404.html; ''; + serverAliases = [ "www.ivabus.dev" ]; }; }; };