From a9f9bd0cc5a17440cc325b3e1fb4b730357c3d24 Mon Sep 17 00:00:00 2001 From: HackENS milieu Date: Sun, 15 Jan 2023 18:34:00 +0100 Subject: [PATCH] gros menage chez hackens milieu --- hosts/milieu/configuration.nix | 2 +- hosts/milieu/hardware-configuration.nix | 2 + nur.nix | 9 --- profiles/shared-hackens/backups.nix | 11 ---- profiles/shared-hackens/default.nix | 25 +++----- .../{dns.nix => dns/default.nix} | 2 +- profiles/shared-hackens/gnome.nix | 2 + profiles/shared-hackens/graphics.nix | 10 ---- profiles/shared-hackens/hosts.nix | 3 - profiles/shared-hackens/i3.nix | 51 ---------------- profiles/shared-hackens/kde.nix | 6 -- profiles/shared-hackens/latex.nix | 4 -- profiles/shared-hackens/monitoring.nix | 59 ------------------- profiles/shared-hackens/mosquitto.nix | 30 ---------- profiles/shared-hackens/netboot-server.nix | 8 --- profiles/shared-hackens/programs.nix | 37 ++++-------- profiles/shared-hackens/result | 1 + profiles/shared-hackens/ssd.nix | 6 -- profiles/shared-hackens/syncthing.nix | 9 --- profiles/shared-hackens/system.nix | 10 ++++ profiles/shared-hackens/users.nix | 1 + profiles/shared-hackens/vim.nix | 1 - .../shared-hackens/vpn-network/default.nix | 17 ------ .../shared-hackens/vpn-network/wg-peers.nix | 22 ------- pubkeys/raito.keys | 4 +- shared/nur.nix | 14 ----- 26 files changed, 37 insertions(+), 309 deletions(-) delete mode 100644 nur.nix delete mode 100644 profiles/shared-hackens/backups.nix rename profiles/shared-hackens/{dns.nix => dns/default.nix} (95%) delete mode 100644 profiles/shared-hackens/graphics.nix delete mode 100644 profiles/shared-hackens/hosts.nix delete mode 100644 profiles/shared-hackens/i3.nix delete mode 100644 profiles/shared-hackens/kde.nix delete mode 100644 profiles/shared-hackens/latex.nix delete mode 100644 profiles/shared-hackens/monitoring.nix delete mode 100644 profiles/shared-hackens/mosquitto.nix delete mode 100644 profiles/shared-hackens/netboot-server.nix create mode 120000 profiles/shared-hackens/result delete mode 100644 profiles/shared-hackens/ssd.nix delete mode 100644 profiles/shared-hackens/syncthing.nix delete mode 100644 profiles/shared-hackens/vpn-network/default.nix delete mode 100644 profiles/shared-hackens/vpn-network/wg-peers.nix delete mode 100644 shared/nur.nix diff --git a/hosts/milieu/configuration.nix b/hosts/milieu/configuration.nix index 75192d0..6e5fe5f 100644 --- a/hosts/milieu/configuration.nix +++ b/hosts/milieu/configuration.nix @@ -8,7 +8,6 @@ imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix - ../../shared/nur.nix ../../profiles/shared-hackens ]; @@ -23,6 +22,7 @@ networking.hostName = "hackens-milieu"; # Define your hostname. + boot.kernelPackages = pkgs.linuxPackages_5_15; # The global useDHCP flag is deprecated, therefore explicitly set to false here. # Per-interface useDHCP will be mandatory in the future, so this generated config diff --git a/hosts/milieu/hardware-configuration.nix b/hosts/milieu/hardware-configuration.nix index 0891328..f3b47cf 100644 --- a/hosts/milieu/hardware-configuration.nix +++ b/hosts/milieu/hardware-configuration.nix @@ -13,6 +13,8 @@ boot.kernelModules = [ "kvm-intel" ]; boot.extraModulePackages = [ ]; + # boot.kernelParams = [ "nomodeset" ]; + fileSystems."/" = { device = "/dev/disk/by-label/nixos-root"; fsType = "btrfs"; diff --git a/nur.nix b/nur.nix deleted file mode 100644 index eee2c5e..0000000 --- a/nur.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ pkgs, config, lib, ... }: -{ - imports = [ - ../myModules - ]; - nixpkgs.config.packageOverrides = { - hackens = import ./myPkgs { inherit pkgs; }; - }; -} diff --git a/profiles/shared-hackens/backups.nix b/profiles/shared-hackens/backups.nix deleted file mode 100644 index 76f9b82..0000000 --- a/profiles/shared-hackens/backups.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ pkgs, ... }: { - # BorgBackup repositories - services.borgbackup.repos = { - hackens-desktop = { - authorizedKeys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDcKULx/AgnqBsgwRX2BfV8waq6JXIkvZHhu9Y8paofM8awq6Om56BZoA7AV45YOcJxO/eFDOxSegXXmt22s4WjIf8I049aMdsW54BNpFpC/h18cMzm5ylKVGHl1ier/WXxpBsA8YU++YdRlGHPpKnhCtYLnBzD4Q5h+05GMIHismNZP1aGpE9s01FuP8eaDDkZUba7oSpn03AA77DBw4/2ZreSbqo96Z6WwiG09KeZvxFtEIk98EQtmiExB2fwsK3/JIxIBCoZHh4SzERcslxxGgzdppd6NhhSh7g523zhiihLaTAPNXBovGm5wcKOU9uWe+pUWEbwV04E+809aVbkJOdYBCtIf8M91meqpupA8jK38uquePHEFvpNr5UmY0qUlJCoqTvoqg9XgrfJVjlPEmYknj/QjQzkA4k19y8njsyEjnYOBL6tsztg6Igl+NZXjBAPuAzxCsfHOtWw1WM5gANwqOL0V9f7+14yST3HwweqjHRj4xky6ritxK+ujfc= hackens@hackens-desktop-1" - ]; - path = "/var/backups/hackens-desktop"; - }; - }; -} diff --git a/profiles/shared-hackens/default.nix b/profiles/shared-hackens/default.nix index c89e498..17a196f 100644 --- a/profiles/shared-hackens/default.nix +++ b/profiles/shared-hackens/default.nix @@ -1,24 +1,13 @@ { pkgs, ... }: { imports = [ - ./system.nix - ./backups.nix - ./vpn-network - ./hosts.nix - ./syncthing.nix - ./programs.nix - ./audio.nix - ./mosquitto.nix - ./graphics.nix - ./monitoring.nix - ./users.nix - ./i18n.nix - ./vim.nix - ./dns.nix - ./nightworker.nix - ./ssd.nix ./aarch64.nix - ./latex.nix + ./audio.nix + ./dns ./gnome.nix - # ./netboot-server.nix # -- fix quick xyz mode. + ./i18n.nix + ./programs.nix + ./system.nix + ./users.nix + ./vim.nix ]; } diff --git a/profiles/shared-hackens/dns.nix b/profiles/shared-hackens/dns/default.nix similarity index 95% rename from profiles/shared-hackens/dns.nix rename to profiles/shared-hackens/dns/default.nix index 18680f4..a6ccd31 100644 --- a/profiles/shared-hackens/dns.nix +++ b/profiles/shared-hackens/dns/default.nix @@ -15,7 +15,7 @@ in ipv6_servers = true; require_dnssec = true; - forwarding_rules = ./dns/forwarding.txt; + forwarding_rules = ./forwarding.txt; query_log = if debugDNS then { file = "/dev/stdout"; diff --git a/profiles/shared-hackens/gnome.nix b/profiles/shared-hackens/gnome.nix index 74887ea..7144b1c 100644 --- a/profiles/shared-hackens/gnome.nix +++ b/profiles/shared-hackens/gnome.nix @@ -5,4 +5,6 @@ displayManager.gdm.enable = true; desktopManager.gnome.enable = true; }; + services.xserver.layout = "fr"; + services.autorandr.enable = true; } diff --git a/profiles/shared-hackens/graphics.nix b/profiles/shared-hackens/graphics.nix deleted file mode 100644 index 779a669..0000000 --- a/profiles/shared-hackens/graphics.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ pkgs, ... }: -{ - imports = [ ./i3.nix ]; - - # Enable the X11 windowing system. - services.xserver.enable = true; - services.xserver.layout = "fr"; - - services.autorandr.enable = true; -} diff --git a/profiles/shared-hackens/hosts.nix b/profiles/shared-hackens/hosts.nix deleted file mode 100644 index 6e5b8c3..0000000 --- a/profiles/shared-hackens/hosts.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ pkgs, ... }: -{ -} diff --git a/profiles/shared-hackens/i3.nix b/profiles/shared-hackens/i3.nix deleted file mode 100644 index b319d5e..0000000 --- a/profiles/shared-hackens/i3.nix +++ /dev/null @@ -1,51 +0,0 @@ -{ pkgs, config, lib, ... }: -{ - environment.pathsToLink = [ "/libexec" ]; - environment.sessionVariables.TERMINAL = [ "kitty" ]; - environment.variables = { - TERMINAL = "kitty"; - BROWSER = "firefox"; - }; - services.xserver = { - displayManager = lib.mkIf (!config.services.xserver.displayManager.gdm.enable) { - autoLogin = { - enable = true; - user = "hackens"; - }; - }; - - windowManager.i3 = { - enable = true; - extraSessionCommands = '' - ${pkgs.xorg.xset}/bin/xset r rate 200 50 - ''; - extraPackages = with pkgs; [ - rofi - dunst - i3status-rust - i3lock - kitty - ]; - }; - }; - - fonts.fonts = with pkgs; [ - hack-font - noto-fonts - noto-fonts-cjk - noto-fonts-emoji - liberation_ttf - fira-code - fira-code-symbols - dina-font - proggyfonts - powerline-fonts - font-awesome - ]; - - services.picom = { - enable = true; - vSync = true; - }; -} - diff --git a/profiles/shared-hackens/kde.nix b/profiles/shared-hackens/kde.nix deleted file mode 100644 index 217be99..0000000 --- a/profiles/shared-hackens/kde.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ ... }: -{ - # Enable the KDE Desktop Environment. - services.xserver.displayManager.sddm.enable = true; - services.xserver.desktopManager.plasma5.enable = true; -} diff --git a/profiles/shared-hackens/latex.nix b/profiles/shared-hackens/latex.nix deleted file mode 100644 index f8549fb..0000000 --- a/profiles/shared-hackens/latex.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ pkgs, ... }: -{ - environment.systemPackages = [ pkgs.texlive.combined.scheme-full ]; -} diff --git a/profiles/shared-hackens/monitoring.nix b/profiles/shared-hackens/monitoring.nix deleted file mode 100644 index b3244e6..0000000 --- a/profiles/shared-hackens/monitoring.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ pkgs, config, ... }: -{ - # Monitoring - services.netdata.enable = true; - systemd.services.netdata.restartTriggers = map (name: config.environment.etc."netdata/${name}.conf".source) [ - "health_alarm_notify" - "stream" - "fping" - ]; - environment.etc."netdata/stream.conf" = { - user = "netdata"; - group = "netdata"; - mode = "0600"; - text = '' - # hackens-desktop - [074e699a-4206-4e13-baa7-e4524326f1e0] - enabled = yes - default history = 3600 - default memory mode = dbengine - health enabled by default = auto - allow from = 192.168.1.117, 2001:470:1f13:21d:49fd:1d82:d2ff:d868 - - # hackens-openwrt - [cab3fe1e-576b-420d-b301-84308e44f340] - enabled = yes - default history = 3600 - default memory mode = dbengine - health enabled by default = auto - allow from = 192.168.1.1, 2001:470:1f13:21d::1 - ''; - }; - environment.etc."netdata/health_alarm_notify.conf" = { - user = "netdata"; - group = "netdata"; - mode = "0600"; - text = '' - # External tools - nc="${pkgs.netcat}/bin/nc" - - # IRC configuration - SEND_IRC="YES" - DEFAULT_RECIPIENT_IRC="#hackens-status" - IRC_NETWORK="ens.wtf" - IRC_NICKNAME="hackens" - IRC_REALNAME="hackENS netdata monitoring" - ''; - }; - environment.etc."netdata/fping.conf" = { - user = "netdata"; - group = "netdata"; - mode = "0600"; - text = '' - fping="${pkgs.fping}/bin/fping" - hosts="hackens.org hack.ens.fr sas.eleves.ens.fr argonaut.ens.wtf clipper.ens.fr merle.eleves.ens.fr" - ''; - }; - services.smartd.enable = true; - services.smartd.extraOptions = [ "-A /var/log/smartd/" ]; # For netdata. -} diff --git a/profiles/shared-hackens/mosquitto.nix b/profiles/shared-hackens/mosquitto.nix deleted file mode 100644 index 42dd8b0..0000000 --- a/profiles/shared-hackens/mosquitto.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ ... }: -let - port = 1883; -in -{ - services.mosquitto = { - enable = true; - logType = [ "all" ]; - listeners = [ - { - address = "0.0.0.0"; - acl = [ "topic readwrite #" ]; - port = port; - settings = { - allow_anonymous = true; - }; - } - ]; - bridges.hackensOrg = { - topics = [ "# both" ]; - addresses = [ - { - address = "new.hackens.org"; - } - ]; - }; - }; - networking.firewall.allowedTCPPorts = [ port ]; -} - diff --git a/profiles/shared-hackens/netboot-server.nix b/profiles/shared-hackens/netboot-server.nix deleted file mode 100644 index bc31f32..0000000 --- a/profiles/shared-hackens/netboot-server.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ pkgs, ... }: -{ - services.pixiecore = { - enable = true; - openFirwalle = true; - dhcpNoBind = true; - }; -} diff --git a/profiles/shared-hackens/programs.nix b/profiles/shared-hackens/programs.nix index d3f4730..58f87de 100644 --- a/profiles/shared-hackens/programs.nix +++ b/profiles/shared-hackens/programs.nix @@ -6,46 +6,29 @@ programs.wireshark.enable = true; environment.systemPackages = with pkgs; [ - kitty - # Todolist - taskwarrior - - # Slicers - super-slicer - # prusa-slicer TODO: it is broken - - # CAD/3D - blender openscad # kicad-with-packages3d freecad - # Microcontrollers - arduino arduino-cli stm32flash stm32loader - # FPGA - # python38Packages.nmigen python38Packages.nmigen-soc python38Packages.nmigen-boards - verilog verilator yosys symbiyosys mcy - # Reverse engineering - ghidra-bin apktool pwndbg - radare2 - # IRC weechat + # Latex + texlive.combined.scheme-full + # Editors vscodium emacs neovim - # Utilities - minicom smartmontools - starship - wget firefox ripgrep chromium + wget + firefox + ripgrep nmap htop dnsutils - ncdu lazygit + ncdu + lazygit # Networking - speedtest-cli iperf + speedtest-cli + iperf - # CNC - inkscape ]; programs.chromium = { diff --git a/profiles/shared-hackens/result b/profiles/shared-hackens/result new file mode 120000 index 0000000..41ec79d --- /dev/null +++ b/profiles/shared-hackens/result @@ -0,0 +1 @@ +/nix/store/q3gp3rnx0y5pxdq7jlhj1x3bqrisv7pp-nixos-system-hackens-milieu-23.05pre442253.befc83905c9 \ No newline at end of file diff --git a/profiles/shared-hackens/ssd.nix b/profiles/shared-hackens/ssd.nix deleted file mode 100644 index f197688..0000000 --- a/profiles/shared-hackens/ssd.nix +++ /dev/null @@ -1,6 +0,0 @@ -{ pkgs, ... }: -{ - services.fstrim = { - enable = true; - }; -} diff --git a/profiles/shared-hackens/syncthing.nix b/profiles/shared-hackens/syncthing.nix deleted file mode 100644 index d666ae5..0000000 --- a/profiles/shared-hackens/syncthing.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ pkgs, ... }: -{ - services.syncthing = { - enable = true; - user = "hackens"; - openDefaultPorts = true; - dataDir = "/home/hackens"; - }; -} diff --git a/profiles/shared-hackens/system.nix b/profiles/shared-hackens/system.nix index e24c283..5070118 100644 --- a/profiles/shared-hackens/system.nix +++ b/profiles/shared-hackens/system.nix @@ -5,6 +5,11 @@ allowReboot = false; }; + # SSD stuff + services.fstrim = { + enable = true; + }; + # Auto-GC and store optimizations nix = { trustedUsers = [ "root" "hackens" ]; @@ -24,8 +29,13 @@ }; services.locate.enable = true; + + # ssh services.openssh.enable = true; services.openssh.passwordAuthentication = false; + + # We are on a trusted network networking.firewall.enable = false; + documentation.info.enable = false; } diff --git a/profiles/shared-hackens/users.nix b/profiles/shared-hackens/users.nix index a9925af..529e041 100644 --- a/profiles/shared-hackens/users.nix +++ b/profiles/shared-hackens/users.nix @@ -4,6 +4,7 @@ let ../../pubkeys/raito.keys ../../pubkeys/gdd.keys ../../pubkeys/BiBi.keys + ../../pubkeys/sinavir.keys ]; in { diff --git a/profiles/shared-hackens/vim.nix b/profiles/shared-hackens/vim.nix index 616693e..fbb559e 100644 --- a/profiles/shared-hackens/vim.nix +++ b/profiles/shared-hackens/vim.nix @@ -4,7 +4,6 @@ git (neovim.override { vimAlias = true; - configure.plug.plugins = with vimPlugins; [ vim-nix vim-lastplace ]; }) ]; } diff --git a/profiles/shared-hackens/vpn-network/default.nix b/profiles/shared-hackens/vpn-network/default.nix deleted file mode 100644 index 9f2ffec..0000000 --- a/profiles/shared-hackens/vpn-network/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ pkgs, ... }: -{ - imports = [ - ./wg-peers.nix - ]; - - networking.wireguard.interfaces.wghackens = { - ips = [ "192.168.2.1/24" ]; - listenPort = 51820; - - privateKeyFile = "/etc/secrets/wghackens"; - generatePrivateKeyFile = true; - }; - - boot.kernel.sysctl."net.ipv4.ip_forward" = 1; -} - diff --git a/profiles/shared-hackens/vpn-network/wg-peers.nix b/profiles/shared-hackens/vpn-network/wg-peers.nix deleted file mode 100644 index 8c0a5e7..0000000 --- a/profiles/shared-hackens/vpn-network/wg-peers.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ ... }: -let - startPrefix = "192.168.2"; - mkPeer = i: publicKey: { - inherit publicKey; - allowedIPs = [ "${startPrefix}.${toString i}/32" ]; # Only one IP. - }; -in - { - # Comment s'ajouter ? - # Ajouter un élément dans la liste sous la forme - # (mkPeer i "publicKey") - # i := c'est le i dans 192.168.2.i qui sera l'IP « allouée » sur le tunnel - # publicKey := votre clef publique WireGuard - # si on veut mettre une presharedKey, faut rajouter une entrée manuellement en suivant la doc :). - # Ne pas oublier un commentaire à la fin de l'entrée pour documenter qui est quoi. - # Clef publique actuelle: 95dW/JJDnbOelgot/yWMJMswCzHdQGCqPDvriwq9CT4= - networking.wireguard.interfaces.wghackens.peers = [ - (mkPeer 2 "ed5ib4LwK6YvRDqUPyvLnbS0onrBQpFApv5HreYuMHs=") # Raito - (mkPeer 3 "cm0G/YTSnu4sD72wMqXjNqDuauTh5XJHf/nvE0gOpFk=") # BiBi - ]; - } diff --git a/pubkeys/raito.keys b/pubkeys/raito.keys index 2473c6b..0f679c8 100644 --- a/pubkeys/raito.keys +++ b/pubkeys/raito.keys @@ -1,3 +1,3 @@ ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDcEkYM1r8QVNM/G5CxJInEdoBCWjEHHDdHlzDYNSUIdHHsn04QY+XI67AdMCm8w30GZnLUIj5RiJEWXREUApby0GrfxGGcy8otforygfgtmuUKAUEHdU2MMwrQI7RtTZ8oQ0USRGuqvmegxz3l5caVU7qGvBllJ4NUHXrkZSja2/51vq80RF4MKkDGiz7xUTixI2UcBwQBCA/kQedKV9G28EH+1XfvePqmMivZjl+7VyHsgUVj9eRGA1XWFw59UPZG8a7VkxO/Eb3K9NF297HUAcFMcbY6cPFi9AaBgu3VC4eetDnoN/+xT1owiHi7BReQhGAy/6cdf7C/my5ehZwD -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGtS70Y1Merif66/G4bsP1/E3jyjiqjf7ZMsU07lw+Wf -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKIIcqryU28FkV+UpiTnGCOfwKO5jFhkdvU7a7Ew2KoZ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE0xMwWedkKosax9+7D2OlnMxFL/eV4CvFZLsbLptpXr +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIA4m2d+oCEWCceZMC1Th4IT7HO2/Z6DyJOXYLbCc8GGn diff --git a/shared/nur.nix b/shared/nur.nix deleted file mode 100644 index 206862c..0000000 --- a/shared/nur.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ lib, pkgs, ... }: -let - agenix = pkgs.fetchFromGitHub { - owner = "ryantm"; - repo = "agenix"; - rev = "7e5e58b98c3dcbf497543ff6f22591552ebfe65b"; - }; -in { - nixpkgs.config.packageOverrides = { - hackens = import ./myPkgs { inherit pkgs; }; - }; - imports = [ "${agenix}/modules/age.nix" ] - ++ lib.attrValues (import ./myModules); -}