diff --git a/flake.lock b/flake.lock index 395e242..9a7be9d 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1641687203, - "narHash": "sha256-W6Xrb/l1x+E+WMVLw4q5HUnNjt3x4WQFSYJtjJtopbU=", + "lastModified": 1642190797, + "narHash": "sha256-cxeEEAtfIACnm8sV1oz0xlNp9IVk10Fxcc09ggoEZuo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "00acdb2aa817048fbe1f91ece18fe7de09762531", + "rev": "3ddd960a3b575bf3230d0e59f42614b71f9e0db9", "type": "github" }, "original": { @@ -39,11 +39,11 @@ }, "nur": { "locked": { - "lastModified": 1629143403, - "narHash": "sha256-Z57DBF3MUTqTnJyYjqEN+DNZLrVukEJJotcxYPHNR/M=", + "lastModified": 1642392502, + "narHash": "sha256-ZRgwagDhwT5eQgTSqhupXz3ugQmFat0836d5Hh8ZK4Q=", "owner": "nix-community", "repo": "NUR", - "rev": "79a06a9145c61960dd4b5c2eda67e26276976db1", + "rev": "8993a1cfc2d6ed69725788a2ccafbe8cde0510e3", "type": "github" }, "original": { @@ -62,11 +62,11 @@ }, "unstable": { "locked": { - "lastModified": 1629048390, - "narHash": "sha256-do7HuXFSKyj4ulMlRvGigNZCqOaGD9i0M3OLkFQgEAc=", + "lastModified": 1642104392, + "narHash": "sha256-m71b7MgMh9FDv4MnI5sg9MiBVW6DhE1zq+d/KlLWSC8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e41ba38114055832e5ba4a851e9c00149eef3e4a", + "rev": "5aaed40d22f0d9376330b6fa413223435ad6fee5", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index cf71d54..d1b8b77 100644 --- a/flake.nix +++ b/flake.nix @@ -14,10 +14,21 @@ }; }; - outputs = inputs: { + outputs = { self, nixpkgs, unstable, nur, home-manager, ... }@inputs: { + + # This repo's overlay plus any other overlays you use + # If you want to use packages from flakes that are not nixpkgs (such as NUR), add their overlays here. + overlays = import ./overlays // { + # Third party overlays here + }; + + overlaysModule = { + nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; + }; + nixosConfigurations = { - loft = inputs.nixpkgs.lib.nixosSystem { + loft = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ ./modules/common.nix @@ -28,9 +39,10 @@ specialArgs = { inherit inputs; }; }; - kitchen = inputs.nixpkgs.lib.nixosSystem { + kitchen = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ + self.overlaysModule ./modules/common.nix ./modules/containers.nix @@ -38,6 +50,20 @@ ]; specialArgs = { inherit inputs; }; }; + + work = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + self.overlaysModule + ./modules/containers.nix + ./modules/nix.nix + ./modules/vscode-server.nix + + ./machines/work/configuration.nix + ]; + specialArgs = { inherit inputs; }; + }; + }; homeConfigurations = { @@ -52,6 +78,8 @@ allowUnfree = true; }; + nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; + programs.home-manager.enable = true; imports = [ @@ -71,6 +99,8 @@ allowUnfree = true; }; + nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; + programs.home-manager.enable = true; imports = [ diff --git a/machines/kitchen/configuration.nix b/machines/kitchen/configuration.nix index c27d5f4..57a0844 100644 --- a/machines/kitchen/configuration.nix +++ b/machines/kitchen/configuration.nix @@ -10,32 +10,13 @@ ./hardware-configuration.nix ]; - # Auto cleanup - nix = { - package = pkgs.nixUnstable; - extraOptions = '' - experimental-features = nix-command flakes - ''; - autoOptimiseStore = true; - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; - }; - }; - - nixpkgs.config = { - allowUnfree = true; - }; - - networking.hostName = "nixos"; # Define your hostname. + networking.hostName = "kitchen-nixos"; # Define your hostname. # The global useDHCP flag is deprecated, therefore explicitly set to false here. # Per-interface useDHCP will be mandatory in the future, so this generated config # replicates the default behaviour. networking.useDHCP = false; - networking.interfaces.enp37s0.useDHCP = true; - networking.interfaces.wlp36s0.useDHCP = true; + networking.networkmanager.enable = true; # Set your time zone. time.timeZone = "America/New_York"; diff --git a/machines/loft/configuration.nix b/machines/loft/configuration.nix index 90ee687..4e1e4b7 100644 --- a/machines/loft/configuration.nix +++ b/machines/loft/configuration.nix @@ -10,24 +10,6 @@ ./hardware-configuration.nix ]; - # Auto cleanup - nix = { - package = pkgs.nixUnstable; - extraOptions = '' - experimental-features = nix-command flakes - ''; - autoOptimiseStore = true; - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; - }; - }; - - nixpkgs.config = { - allowUnfree = true; - }; - # Set your time zone. time.timeZone = "America/New_York"; @@ -42,21 +24,10 @@ # NETWORKING # ############## networking.useDHCP = false; - networking.interfaces.enp0s20u5u4.useDHCP = true; - networking.interfaces.enp4s0.useDHCP = true; - networking.interfaces.wlp5s0.useDHCP = true; + networking.networkmanager.enable = true; networking.hostName = "loft"; # Define your hostname. - networking.firewall = { - enable = true; - allowedTCPPorts = [ 80 8080 8000 443 8888 ]; - allowedTCPPortRanges = [ - { from = 1714; to = 1764; } - ]; - allowedUDPPortRanges = [ - { from = 1714; to = 1764; } - ]; - }; + networking.firewall.enable = false; # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; @@ -125,4 +96,4 @@ # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "20.09"; # Did you read the comment? -} \ No newline at end of file +} diff --git a/machines/work/configuration.nix b/machines/work/configuration.nix new file mode 100644 index 0000000..cadde05 --- /dev/null +++ b/machines/work/configuration.nix @@ -0,0 +1,61 @@ +{ lib, pkgs, config, modulesPath, ... }: + +with lib; +let + defaultUser = "michael"; + syschdemd = import ./syschdemd.nix { inherit lib pkgs config defaultUser; }; +in +{ + imports = [ + "${modulesPath}/profiles/minimal.nix" + ]; + + # WSL is closer to a container than anything else + boot.isContainer = true; + + environment.etc.hosts.enable = false; + environment.etc."resolv.conf".enable = false; + + time.timeZone = "America/New_York"; + + programs.adb.enable = true; + networking.dhcpcd.enable = false; + + # Proxychains + programs.proxychains = { + enable = true; + proxies.main = { + enable = true; + type = "http"; + host = "172.21.32.1"; + port = 1080; + }; + }; + + users.users.${defaultUser} = { + isNormalUser = true; + extraGroups = [ "wheel" "docker" ]; + shell = pkgs.zsh; + }; + + users.users.root = { + shell = "${syschdemd}/bin/syschdemd"; + # Otherwise WSL fails to login as root with "initgroups failed 5" + extraGroups = [ "root" ]; + }; + + security.sudo.wheelNeedsPassword = false; + + # Disable systemd units that don't make sense on WSL + systemd.services."serial-getty@ttyS0".enable = false; + systemd.services."serial-getty@hvc0".enable = false; + systemd.services."getty@tty1".enable = false; + systemd.services."autovt@".enable = false; + + systemd.services.firewall.enable = false; + systemd.services.systemd-resolved.enable = false; + systemd.services.systemd-udevd.enable = false; + + # Don't allow emergency mode, because we don't have a console. + systemd.enableEmergencyMode = false; +} diff --git a/machines/work/syschdemd.nix b/machines/work/syschdemd.nix new file mode 100644 index 0000000..29b7817 --- /dev/null +++ b/machines/work/syschdemd.nix @@ -0,0 +1,15 @@ +{ lib, pkgs, config, defaultUser, ... }: + +pkgs.substituteAll { + name = "syschdemd"; + src = ./syschdemd.sh; + dir = "bin"; + isExecutable = true; + + buildInputs = with pkgs; [ daemonize ]; + + inherit (pkgs) daemonize; + inherit defaultUser; + inherit (config.security) wrapperDir; + fsPackagesPath = lib.makeBinPath config.system.fsPackages; +} diff --git a/machines/work/syschdemd.sh b/machines/work/syschdemd.sh new file mode 100644 index 0000000..bf94dda --- /dev/null +++ b/machines/work/syschdemd.sh @@ -0,0 +1,26 @@ +#! @shell@ + +set -e + +sw="/nix/var/nix/profiles/system/sw/bin" +systemPath=`${sw}/readlink -f /nix/var/nix/profiles/system` + +# Needs root to work +if [[ $EUID -ne 0 ]]; then + echo "[ERROR] Requires root! :( Make sure the WSL default user is set to root" + exit 1 +fi + +if [ ! -e "/run/current-system" ]; then + /nix/var/nix/profiles/system/activate +fi + +if [ ! -e "/run/systemd.pid" ]; then + PATH=/run/current-system/systemd/lib/systemd:@fsPackagesPath@ \ + LOCALE_ARCHIVE=/run/current-system/sw/lib/locale/locale-archive \ + @daemonize@/bin/daemonize /run/current-system/sw/bin/unshare -fp --mount-proc systemd + /run/current-system/sw/bin/pgrep -xf systemd > /run/systemd.pid +fi + +userShell=$($sw/getent passwd @defaultUser@ | $sw/cut -d: -f7) +exec $sw/nsenter -t $(< /run/systemd.pid) -p -m --wd="$PWD" -- @wrapperDir@/su -s $userShell @defaultUser@ "$@" diff --git a/modules/common.nix b/modules/common.nix index 0a86359..c4b83ae 100644 --- a/modules/common.nix +++ b/modules/common.nix @@ -7,6 +7,7 @@ ./flatpak.nix ./fonts.nix ./gnome.nix + ./nix.nix ./sound.nix ]; } \ No newline at end of file diff --git a/modules/nix.nix b/modules/nix.nix new file mode 100644 index 0000000..233b2ba --- /dev/null +++ b/modules/nix.nix @@ -0,0 +1,21 @@ +{ pkgs, ... }: +{ + nix = { + extraOptions = '' + experimental-features = flakes nix-command + ''; + # this is required until nix 2.4 is released + package = pkgs.nixUnstable; + + autoOptimiseStore = true; + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; + }; + + nixpkgs.config = { + allowUnfree = true; + }; +} diff --git a/modules/vscode-server.nix b/modules/vscode-server.nix new file mode 100644 index 0000000..0ee46c8 --- /dev/null +++ b/modules/vscode-server.nix @@ -0,0 +1,7 @@ +{ + imports = [ + (fetchTarball "https://github.com/msteen/nixos-vscode-server/tarball/master") + ]; + + services.vscode-server.enable = true; +} \ No newline at end of file diff --git a/overlays/default.nix b/overlays/default.nix new file mode 100644 index 0000000..805e147 --- /dev/null +++ b/overlays/default.nix @@ -0,0 +1,3 @@ +{ + paperwm = import ./paperwm; +} \ No newline at end of file diff --git a/overlays/paperwm/default.nix b/overlays/paperwm/default.nix new file mode 100644 index 0000000..2e1dce1 --- /dev/null +++ b/overlays/paperwm/default.nix @@ -0,0 +1,13 @@ +self: super: { + gnomeExtensions = super.gnomeExtensions // { + paperwm = super.gnomeExtensions.paperwm.overrideDerivation (old: { + version = "41.0"; + src = super.fetchFromGitHub { + owner = "PaperWM-community"; + repo = "PaperWM"; + rev = "b66aaf13e8f4cdf0e2f9078fb3e75703535b822c"; + sha256 = "sha256-6AUUu63oWxRw9Wpxe0f7xvt7iilvQfhpAB8SYG4yP8Q="; + }; + }); + }; +} \ No newline at end of file diff --git a/user/environments/nixos/home.nix b/user/environments/nixos/home.nix index 860a3d4..4ccf46c 100644 --- a/user/environments/nixos/home.nix +++ b/user/environments/nixos/home.nix @@ -13,6 +13,7 @@ home.packages = with pkgs; [ firefox + foxitreader ]; } diff --git a/user/modules/dev.nix b/user/modules/dev.nix index dcd64e4..664e8c1 100644 --- a/user/modules/dev.nix +++ b/user/modules/dev.nix @@ -1,7 +1,8 @@ { config, pkgs, libs, ... }: { home.packages = with pkgs; [ + nodejs nodePackages.yarn php ]; -} \ No newline at end of file +} diff --git a/user/overlays/paperwm.nix b/user/overlays/paperwm.nix deleted file mode 100644 index ee2c3ec..0000000 --- a/user/overlays/paperwm.nix +++ /dev/null @@ -1,11 +0,0 @@ -self: super: { - gnomeExtensions = super.gnomeExtensions // { - paperwm = super.gnomeExtensions.paperwm.overrideDerivation (old: { - version = "pre-40.0"; - src = builtins.fetchGit { - url = https://github.com/paperwm/paperwm.git; - ref = "next-release"; - }; - }); - }; -} \ No newline at end of file