From da1590543b29c856410126e8e2c5a1570a5bcb85 Mon Sep 17 00:00:00 2001 From: Michael Thomas Date: Tue, 14 Sep 2021 17:10:09 -0400 Subject: [PATCH 01/14] Update config --- user/machines/loft/home.nix | 1 + user/modules/dev.nix | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/user/machines/loft/home.nix b/user/machines/loft/home.nix index 24f89e4..eb460cb 100644 --- a/user/machines/loft/home.nix +++ b/user/machines/loft/home.nix @@ -17,6 +17,7 @@ fortune google-chrome firefox + foxitreader ]; } diff --git a/user/modules/dev.nix b/user/modules/dev.nix index dcd64e4..664e8c1 100644 --- a/user/modules/dev.nix +++ b/user/modules/dev.nix @@ -1,7 +1,8 @@ { config, pkgs, libs, ... }: { home.packages = with pkgs; [ + nodejs nodePackages.yarn php ]; -} \ No newline at end of file +} From c1576716ece4540c55834a07380b39712c63fbf7 Mon Sep 17 00:00:00 2001 From: Michael Thomas Date: Mon, 22 Nov 2021 17:44:50 -0500 Subject: [PATCH 02/14] Disable loft firewall for dev --- machines/loft/configuration.nix | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) diff --git a/machines/loft/configuration.nix b/machines/loft/configuration.nix index 90ee687..054a204 100644 --- a/machines/loft/configuration.nix +++ b/machines/loft/configuration.nix @@ -47,16 +47,7 @@ networking.interfaces.wlp5s0.useDHCP = true; networking.hostName = "loft"; # Define your hostname. - networking.firewall = { - enable = true; - allowedTCPPorts = [ 80 8080 8000 443 8888 ]; - allowedTCPPortRanges = [ - { from = 1714; to = 1764; } - ]; - allowedUDPPortRanges = [ - { from = 1714; to = 1764; } - ]; - }; + networking.firewall.enable = false; # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; @@ -125,4 +116,4 @@ # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "20.09"; # Did you read the comment? -} \ No newline at end of file +} From 300792a6223d0f71d34a719a339cf35dcabfaa29 Mon Sep 17 00:00:00 2001 From: Michael Thomas Date: Wed, 1 Dec 2021 18:51:36 -0500 Subject: [PATCH 03/14] Update to NixOS 21.11 --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 87c20ab..ead7175 100644 --- a/flake.nix +++ b/flake.nix @@ -9,7 +9,7 @@ }; }; - nixpkgs.url = "github:nixos/nixpkgs/nixos-21.05"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-21.11"; unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nur.url = "github:nix-community/NUR"; }; From 6f365c4dab7f9c5b98d3211065db28ce4a63e8ef Mon Sep 17 00:00:00 2001 From: Michael Thomas Date: Mon, 17 Jan 2022 03:26:57 +0000 Subject: [PATCH 04/14] Add nix package config --- modules/nix.nix | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 modules/nix.nix diff --git a/modules/nix.nix b/modules/nix.nix new file mode 100644 index 0000000..cb995c0 --- /dev/null +++ b/modules/nix.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: +{ + nix.extraOptions = '' + experimental-features = nix-command + ''; + # this is required until nix 2.4 is released + nix.package = pkgs.nixUnstable; +} From 0c955ab2ccaf188c6e8766052b2750d49bbf7a0c Mon Sep 17 00:00:00 2001 From: Michael Thomas Date: Mon, 17 Jan 2022 03:27:09 +0000 Subject: [PATCH 05/14] Add support for vscode development server --- modules/vscode-server.nix | 7 +++++++ 1 file changed, 7 insertions(+) create mode 100644 modules/vscode-server.nix diff --git a/modules/vscode-server.nix b/modules/vscode-server.nix new file mode 100644 index 0000000..0ee46c8 --- /dev/null +++ b/modules/vscode-server.nix @@ -0,0 +1,7 @@ +{ + imports = [ + (fetchTarball "https://github.com/msteen/nixos-vscode-server/tarball/master") + ]; + + services.vscode-server.enable = true; +} \ No newline at end of file From 28132b678310129d4328cd61c78b1758557150ff Mon Sep 17 00:00:00 2001 From: Michael Thomas Date: Mon, 17 Jan 2022 03:28:24 +0000 Subject: [PATCH 06/14] Add nodejs to dev environment --- user/modules/dev.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/user/modules/dev.nix b/user/modules/dev.nix index dcd64e4..664e8c1 100644 --- a/user/modules/dev.nix +++ b/user/modules/dev.nix @@ -1,7 +1,8 @@ { config, pkgs, libs, ... }: { home.packages = with pkgs; [ + nodejs nodePackages.yarn php ]; -} \ No newline at end of file +} From e95897a160f4cc152a774fc8af1ea0941378e2d1 Mon Sep 17 00:00:00 2001 From: Michael Thomas Date: Mon, 17 Jan 2022 03:28:40 +0000 Subject: [PATCH 07/14] Init work machine --- flake.nix | 12 +++++++ machines/work/configuration.nix | 59 +++++++++++++++++++++++++++++++++ machines/work/syschdemd.nix | 15 +++++++++ machines/work/syschdemd.sh | 26 +++++++++++++++ modules/common.nix | 1 + 5 files changed, 113 insertions(+) create mode 100644 machines/work/configuration.nix create mode 100644 machines/work/syschdemd.nix create mode 100644 machines/work/syschdemd.sh diff --git a/flake.nix b/flake.nix index cf71d54..edb8b17 100644 --- a/flake.nix +++ b/flake.nix @@ -38,6 +38,18 @@ ]; specialArgs = { inherit inputs; }; }; + + work = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./modules/nix.nix + ./modules/containers.nix + + ./machines/work/configuration.nix + ]; + specialArgs = { inherit inputs; }; + }; + }; homeConfigurations = { diff --git a/machines/work/configuration.nix b/machines/work/configuration.nix new file mode 100644 index 0000000..f005e01 --- /dev/null +++ b/machines/work/configuration.nix @@ -0,0 +1,59 @@ +{ lib, pkgs, config, modulesPath, ... }: + +with lib; +let + defaultUser = "michael"; + syschdemd = import ./syschdemd.nix { inherit lib pkgs config defaultUser; }; +in +{ + imports = [ + "${modulesPath}/profiles/minimal.nix" + ]; + + # WSL is closer to a container than anything else + boot.isContainer = true; + + environment.etc.hosts.enable = false; + environment.etc."resolv.conf".enable = false; + + programs.adb.enable = true; + networking.dhcpcd.enable = false; + + # Proxychains + programs.proxychains = { + enable = true; + proxies.main = { + enable = true; + type = "http"; + host = "172.21.32.1"; + port = 1080; + }; + }; + + users.users.${defaultUser} = { + isNormalUser = true; + extraGroups = [ "wheel" "docker" ]; + shell = pkgs.zsh; + }; + + users.users.root = { + shell = "${syschdemd}/bin/syschdemd"; + # Otherwise WSL fails to login as root with "initgroups failed 5" + extraGroups = [ "root" ]; + }; + + security.sudo.wheelNeedsPassword = false; + + # Disable systemd units that don't make sense on WSL + systemd.services."serial-getty@ttyS0".enable = false; + systemd.services."serial-getty@hvc0".enable = false; + systemd.services."getty@tty1".enable = false; + systemd.services."autovt@".enable = false; + + systemd.services.firewall.enable = false; + systemd.services.systemd-resolved.enable = false; + systemd.services.systemd-udevd.enable = false; + + # Don't allow emergency mode, because we don't have a console. + systemd.enableEmergencyMode = false; +} diff --git a/machines/work/syschdemd.nix b/machines/work/syschdemd.nix new file mode 100644 index 0000000..29b7817 --- /dev/null +++ b/machines/work/syschdemd.nix @@ -0,0 +1,15 @@ +{ lib, pkgs, config, defaultUser, ... }: + +pkgs.substituteAll { + name = "syschdemd"; + src = ./syschdemd.sh; + dir = "bin"; + isExecutable = true; + + buildInputs = with pkgs; [ daemonize ]; + + inherit (pkgs) daemonize; + inherit defaultUser; + inherit (config.security) wrapperDir; + fsPackagesPath = lib.makeBinPath config.system.fsPackages; +} diff --git a/machines/work/syschdemd.sh b/machines/work/syschdemd.sh new file mode 100644 index 0000000..bf94dda --- /dev/null +++ b/machines/work/syschdemd.sh @@ -0,0 +1,26 @@ +#! @shell@ + +set -e + +sw="/nix/var/nix/profiles/system/sw/bin" +systemPath=`${sw}/readlink -f /nix/var/nix/profiles/system` + +# Needs root to work +if [[ $EUID -ne 0 ]]; then + echo "[ERROR] Requires root! :( Make sure the WSL default user is set to root" + exit 1 +fi + +if [ ! -e "/run/current-system" ]; then + /nix/var/nix/profiles/system/activate +fi + +if [ ! -e "/run/systemd.pid" ]; then + PATH=/run/current-system/systemd/lib/systemd:@fsPackagesPath@ \ + LOCALE_ARCHIVE=/run/current-system/sw/lib/locale/locale-archive \ + @daemonize@/bin/daemonize /run/current-system/sw/bin/unshare -fp --mount-proc systemd + /run/current-system/sw/bin/pgrep -xf systemd > /run/systemd.pid +fi + +userShell=$($sw/getent passwd @defaultUser@ | $sw/cut -d: -f7) +exec $sw/nsenter -t $(< /run/systemd.pid) -p -m --wd="$PWD" -- @wrapperDir@/su -s $userShell @defaultUser@ "$@" diff --git a/modules/common.nix b/modules/common.nix index 0a86359..c4b83ae 100644 --- a/modules/common.nix +++ b/modules/common.nix @@ -7,6 +7,7 @@ ./flatpak.nix ./fonts.nix ./gnome.nix + ./nix.nix ./sound.nix ]; } \ No newline at end of file From 039cd98dd693cf29ba55190398850ee768d3e647 Mon Sep 17 00:00:00 2001 From: Michael Thomas Date: Mon, 17 Jan 2022 05:04:14 +0000 Subject: [PATCH 08/14] Update work flake --- flake.nix | 3 ++- modules/nix.nix | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/flake.nix b/flake.nix index edb8b17..e79abc6 100644 --- a/flake.nix +++ b/flake.nix @@ -42,8 +42,9 @@ work = inputs.nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ - ./modules/nix.nix ./modules/containers.nix + ./modules/nix.nix + ./modules/vscode-server.nix ./machines/work/configuration.nix ]; diff --git a/modules/nix.nix b/modules/nix.nix index cb995c0..b40a5bd 100644 --- a/modules/nix.nix +++ b/modules/nix.nix @@ -1,7 +1,7 @@ { pkgs, ... }: { nix.extraOptions = '' - experimental-features = nix-command + experimental-features = flakes nix-command ''; # this is required until nix 2.4 is released nix.package = pkgs.nixUnstable; From a8b3f865b76567f390ebeb4378b95c072c0309c1 Mon Sep 17 00:00:00 2001 From: Michael Thomas Date: Mon, 17 Jan 2022 05:04:30 +0000 Subject: [PATCH 09/14] Update inputs to latest --- flake.lock | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/flake.lock b/flake.lock index 395e242..9a7be9d 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1641687203, - "narHash": "sha256-W6Xrb/l1x+E+WMVLw4q5HUnNjt3x4WQFSYJtjJtopbU=", + "lastModified": 1642190797, + "narHash": "sha256-cxeEEAtfIACnm8sV1oz0xlNp9IVk10Fxcc09ggoEZuo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "00acdb2aa817048fbe1f91ece18fe7de09762531", + "rev": "3ddd960a3b575bf3230d0e59f42614b71f9e0db9", "type": "github" }, "original": { @@ -39,11 +39,11 @@ }, "nur": { "locked": { - "lastModified": 1629143403, - "narHash": "sha256-Z57DBF3MUTqTnJyYjqEN+DNZLrVukEJJotcxYPHNR/M=", + "lastModified": 1642392502, + "narHash": "sha256-ZRgwagDhwT5eQgTSqhupXz3ugQmFat0836d5Hh8ZK4Q=", "owner": "nix-community", "repo": "NUR", - "rev": "79a06a9145c61960dd4b5c2eda67e26276976db1", + "rev": "8993a1cfc2d6ed69725788a2ccafbe8cde0510e3", "type": "github" }, "original": { @@ -62,11 +62,11 @@ }, "unstable": { "locked": { - "lastModified": 1629048390, - "narHash": "sha256-do7HuXFSKyj4ulMlRvGigNZCqOaGD9i0M3OLkFQgEAc=", + "lastModified": 1642104392, + "narHash": "sha256-m71b7MgMh9FDv4MnI5sg9MiBVW6DhE1zq+d/KlLWSC8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e41ba38114055832e5ba4a851e9c00149eef3e4a", + "rev": "5aaed40d22f0d9376330b6fa413223435ad6fee5", "type": "github" }, "original": { From 9f301190bedc3c3237e7749796367659f1f1ad33 Mon Sep 17 00:00:00 2001 From: Michael Thomas Date: Mon, 17 Jan 2022 05:08:17 +0000 Subject: [PATCH 10/14] Finish modularizing nix config --- machines/kitchen/configuration.nix | 18 ------------------ machines/loft/configuration.nix | 18 ------------------ modules/nix.nix | 23 ++++++++++++++++++----- 3 files changed, 18 insertions(+), 41 deletions(-) diff --git a/machines/kitchen/configuration.nix b/machines/kitchen/configuration.nix index c27d5f4..b185314 100644 --- a/machines/kitchen/configuration.nix +++ b/machines/kitchen/configuration.nix @@ -10,24 +10,6 @@ ./hardware-configuration.nix ]; - # Auto cleanup - nix = { - package = pkgs.nixUnstable; - extraOptions = '' - experimental-features = nix-command flakes - ''; - autoOptimiseStore = true; - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; - }; - }; - - nixpkgs.config = { - allowUnfree = true; - }; - networking.hostName = "nixos"; # Define your hostname. # The global useDHCP flag is deprecated, therefore explicitly set to false here. diff --git a/machines/loft/configuration.nix b/machines/loft/configuration.nix index 90ee687..a0b5c89 100644 --- a/machines/loft/configuration.nix +++ b/machines/loft/configuration.nix @@ -10,24 +10,6 @@ ./hardware-configuration.nix ]; - # Auto cleanup - nix = { - package = pkgs.nixUnstable; - extraOptions = '' - experimental-features = nix-command flakes - ''; - autoOptimiseStore = true; - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; - }; - }; - - nixpkgs.config = { - allowUnfree = true; - }; - # Set your time zone. time.timeZone = "America/New_York"; diff --git a/modules/nix.nix b/modules/nix.nix index b40a5bd..233b2ba 100644 --- a/modules/nix.nix +++ b/modules/nix.nix @@ -1,8 +1,21 @@ { pkgs, ... }: { - nix.extraOptions = '' - experimental-features = flakes nix-command - ''; - # this is required until nix 2.4 is released - nix.package = pkgs.nixUnstable; + nix = { + extraOptions = '' + experimental-features = flakes nix-command + ''; + # this is required until nix 2.4 is released + package = pkgs.nixUnstable; + + autoOptimiseStore = true; + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; + }; + + nixpkgs.config = { + allowUnfree = true; + }; } From 661a612d16ac49e0be43704b8a3a835d324f10de Mon Sep 17 00:00:00 2001 From: Michael Thomas Date: Mon, 17 Jan 2022 05:10:38 +0000 Subject: [PATCH 11/14] Add timezone to work config --- machines/work/configuration.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/machines/work/configuration.nix b/machines/work/configuration.nix index f005e01..cadde05 100644 --- a/machines/work/configuration.nix +++ b/machines/work/configuration.nix @@ -16,6 +16,8 @@ in environment.etc.hosts.enable = false; environment.etc."resolv.conf".enable = false; + time.timeZone = "America/New_York"; + programs.adb.enable = true; networking.dhcpcd.enable = false; From a3576c89f69ebd70e193402083fb504ead952e64 Mon Sep 17 00:00:00 2001 From: Michael Thomas Date: Mon, 17 Jan 2022 05:10:47 +0000 Subject: [PATCH 12/14] Update kitchen hostname --- machines/kitchen/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/machines/kitchen/configuration.nix b/machines/kitchen/configuration.nix index b185314..0970b27 100644 --- a/machines/kitchen/configuration.nix +++ b/machines/kitchen/configuration.nix @@ -10,7 +10,7 @@ ./hardware-configuration.nix ]; - networking.hostName = "nixos"; # Define your hostname. + networking.hostName = "kitchen-nixos"; # Define your hostname. # The global useDHCP flag is deprecated, therefore explicitly set to false here. # Per-interface useDHCP will be mandatory in the future, so this generated config From 59e015cc97860eb8e008e571162c0441699264bc Mon Sep 17 00:00:00 2001 From: Michael Thomas Date: Tue, 18 Jan 2022 12:53:37 -0500 Subject: [PATCH 13/14] Add paperwm overlay --- flake.nix | 23 ++++++++++++++++++++--- overlays/default.nix | 3 +++ overlays/paperwm/default.nix | 13 +++++++++++++ user/overlays/paperwm.nix | 11 ----------- 4 files changed, 36 insertions(+), 14 deletions(-) create mode 100644 overlays/default.nix create mode 100644 overlays/paperwm/default.nix delete mode 100644 user/overlays/paperwm.nix diff --git a/flake.nix b/flake.nix index e79abc6..d1b8b77 100644 --- a/flake.nix +++ b/flake.nix @@ -14,10 +14,21 @@ }; }; - outputs = inputs: { + outputs = { self, nixpkgs, unstable, nur, home-manager, ... }@inputs: { + + # This repo's overlay plus any other overlays you use + # If you want to use packages from flakes that are not nixpkgs (such as NUR), add their overlays here. + overlays = import ./overlays // { + # Third party overlays here + }; + + overlaysModule = { + nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; + }; + nixosConfigurations = { - loft = inputs.nixpkgs.lib.nixosSystem { + loft = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ ./modules/common.nix @@ -28,9 +39,10 @@ specialArgs = { inherit inputs; }; }; - kitchen = inputs.nixpkgs.lib.nixosSystem { + kitchen = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ + self.overlaysModule ./modules/common.nix ./modules/containers.nix @@ -42,6 +54,7 @@ work = inputs.nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ + self.overlaysModule ./modules/containers.nix ./modules/nix.nix ./modules/vscode-server.nix @@ -65,6 +78,8 @@ allowUnfree = true; }; + nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; + programs.home-manager.enable = true; imports = [ @@ -84,6 +99,8 @@ allowUnfree = true; }; + nixpkgs.overlays = nixpkgs.lib.attrValues self.overlays; + programs.home-manager.enable = true; imports = [ diff --git a/overlays/default.nix b/overlays/default.nix new file mode 100644 index 0000000..805e147 --- /dev/null +++ b/overlays/default.nix @@ -0,0 +1,3 @@ +{ + paperwm = import ./paperwm; +} \ No newline at end of file diff --git a/overlays/paperwm/default.nix b/overlays/paperwm/default.nix new file mode 100644 index 0000000..2e1dce1 --- /dev/null +++ b/overlays/paperwm/default.nix @@ -0,0 +1,13 @@ +self: super: { + gnomeExtensions = super.gnomeExtensions // { + paperwm = super.gnomeExtensions.paperwm.overrideDerivation (old: { + version = "41.0"; + src = super.fetchFromGitHub { + owner = "PaperWM-community"; + repo = "PaperWM"; + rev = "b66aaf13e8f4cdf0e2f9078fb3e75703535b822c"; + sha256 = "sha256-6AUUu63oWxRw9Wpxe0f7xvt7iilvQfhpAB8SYG4yP8Q="; + }; + }); + }; +} \ No newline at end of file diff --git a/user/overlays/paperwm.nix b/user/overlays/paperwm.nix deleted file mode 100644 index ee2c3ec..0000000 --- a/user/overlays/paperwm.nix +++ /dev/null @@ -1,11 +0,0 @@ -self: super: { - gnomeExtensions = super.gnomeExtensions // { - paperwm = super.gnomeExtensions.paperwm.overrideDerivation (old: { - version = "pre-40.0"; - src = builtins.fetchGit { - url = https://github.com/paperwm/paperwm.git; - ref = "next-release"; - }; - }); - }; -} \ No newline at end of file From 05622e6127a173d9a65c28b4d939f9752e801bdd Mon Sep 17 00:00:00 2001 From: Michael Thomas Date: Tue, 18 Jan 2022 12:57:35 -0500 Subject: [PATCH 14/14] Switch networking to networkmanager --- machines/kitchen/configuration.nix | 3 +-- machines/loft/configuration.nix | 4 +--- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/machines/kitchen/configuration.nix b/machines/kitchen/configuration.nix index 0970b27..57a0844 100644 --- a/machines/kitchen/configuration.nix +++ b/machines/kitchen/configuration.nix @@ -16,8 +16,7 @@ # Per-interface useDHCP will be mandatory in the future, so this generated config # replicates the default behaviour. networking.useDHCP = false; - networking.interfaces.enp37s0.useDHCP = true; - networking.interfaces.wlp36s0.useDHCP = true; + networking.networkmanager.enable = true; # Set your time zone. time.timeZone = "America/New_York"; diff --git a/machines/loft/configuration.nix b/machines/loft/configuration.nix index 1dcc820..4e1e4b7 100644 --- a/machines/loft/configuration.nix +++ b/machines/loft/configuration.nix @@ -24,9 +24,7 @@ # NETWORKING # ############## networking.useDHCP = false; - networking.interfaces.enp0s20u5u4.useDHCP = true; - networking.interfaces.enp4s0.useDHCP = true; - networking.interfaces.wlp5s0.useDHCP = true; + networking.networkmanager.enable = true; networking.hostName = "loft"; # Define your hostname. networking.firewall.enable = false;