Skip to content

Instantly share code, notes, and snippets.

@cleverca22

cleverca22/core.nix

Created February 2, 2016 20:20
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save cleverca22/6d408ff69eab1680bef9 to your computer and use it in GitHub Desktop.
Save cleverca22/6d408ff69eab1680bef9 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
core.nix
{ config, pkgs, ...}:
let
pixfix = if (builtins.currentSystem == "armv6l-linux") then
[ ./pixman.nix ]
else
[];
passwords = import ./passwords.nix;
keys = import ./keys.nix;
in
{
imports = [ ./vim.nix ./iscsi-boot.nix ./toxvpn_module.nix ./iscsi_module.nix ] ++ pixfix;
environment.systemPackages = with pkgs; [ sqlite screen git util nix-repl utillinuxCurses psmisc ];
programs = {
screen.screenrc = ''
defscrollback 5000
caption always
'';
ssh = {
knownHosts = [
{ hostNames = [ "192.168.2.1" "router.localnet" ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMSvyvC18BHfivZJDhWSm7VU3kEElfNfMIfeohkil614"; }
{ hostNames = [ "192.168.2.15" "amd.localnet" ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJhJRINrY5cFcqZ76GsAK7FU+wQhErlS6APdOIm7xcnW"; }
{ hostNames = [ "192.168.2.30" ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN3cnHv8e6v3mQvVLc7f7YgbeHKqQY2UtySeNL8Ew4ro"; }
{ hostNames = [ "192.168.2.31" ]; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGG8XsjV3ufF2+SWc1isnYqry3tdIqA01GA4d+SSak/F"; }
{ hostNames = [ "c2d.localnet" ]; publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAeIKSyO23iQey8rfwqYdRrcn2sY/Uxcy/OogAZKYNBAeLdwWDmX73d/TZA/rLJtImKPjZYl1VyCIylnNaogvNs="; }
{ hostNames = [ "192.168.123.24" "gamah" ]; publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBJpj4w4nvVhxRlJOsdn1anlOjpmwgeAZqRAhYwtg3RY96Dv3gDnJTsOU5z4DoKOVq5YNfeTGI5HJTGZuV6BSik0="; }
{ hostNames = [ "andoria.angeldsis.com" ]; publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBHX1VUOiMc14jztdHArChYyUaLlTygtUSuH7qU+SD8DqnCmlmbTgeuRDEnsMCBGfWIRSftGi1VG7gC5cZwQxsiY="; }
];
};
};
nixpkgs.config = {
sqlite.interactive = true;
packageOverrides = (import ./overrides.nix).packageOverrides;
};
services = {
openssh = {
enable = true;
permitRootLogin = "yes";
};
};
nix = {
trustedUsers = [ "builder" ];
distributedBuilds = true;
binaryCaches = [
"http://nixcache.localnet"
"https://cache.nixos.org"
#"http://hydra.nixos.org/"
];
binaryCachePublicKeys = [
"c2d.localnet-1:YTVKcy9ZO3tqPNxRqeYEYxSpUH5C8ykZ9ImUKuugf4c="
"hydra.nixos.org-1:CNHJZBh9K4tP3EKF6FkkgeVYsS3ohTl+oS0Qa8bezVs="
];
};
users.extraUsers = {
clever = {
home = "/home/clever";
isNormalUser = true;
extraGroups = [ "wheel" "wireshark" ];
uid = 1000;
openssh.authorizedKeys.keys = [ keys.ramboot ];
initialHashedPassword = passwords.hashedPw;
};
builder = {
uid = 1001;
isNormalUser = true;
openssh.authorizedKeys.keys = [ keys.dual.distro keys.nix1.distro keys.router.distro keys.nix2 keys.amd_distro ];
};
root.openssh.authorizedKeys.keys = [ keys.dual.distro keys.amd ];
};
users.extraGroups.wireshark.gid = 500;
}
Raw
headless.nix
{ config, pkgs, ... }:
{
boot = {
kernelParams = [ "boot.panic_on_fail" ];
};
}
Raw
nix1.nix
{ pkgs, lib, config, ... }:
{
imports = [ ./rpi.nix ./headless.nix ];
services = {
avahi = {
enable = true;
nssmdns = true;
};
xserver = {
enable = false;
displayManager.slim.enable = false;
desktopManager.xfce.enable = false;
desktopManager.xterm.enable = false;
};
toxvpn.enable = true;
toxvpn.localip = "192.168.123.21";
};
fileSystems = {
"/" = {
device = "UUID=d230cc98-8f33-457f-9fee-b65558165188";
fsType = "ext4";
iscsi = {
enable = true;
host = "192.168.2.61";
lun = "iqn.2001-04.com.c2d-nix3";
};
};
"/boot" = { device = "UUID=DCF1-5AC3"; };
};
environment.noXlibs = lib.mkDefault true;
#i18n.supportedLocales = [ config.i18n.defaultLocale ];
networking = {
firewall.enable = false;
hostName = "nix1";
interfaces.eth0.ipAddress = "192.168.2.30";
interfaces.eth0.prefixLength = 24;
defaultGateway = "192.168.2.1";
nameservers = [ "192.168.2.61" ];
dhcpcd.persistent = true;
nat = {
enable = true;
internalInterfaces = [ "ve-+" ];
externalInterface = "eth0";
};
};
nixpkgs.system = "armv6l-linux";
nixpkgs.config = {
allowUnfree = true;
packageOverrides = pkgs: rec {
# mesa_noglu = pkgs.callPackage ./mesa.nix {
# grsecEnabled = true;
# llvmPackages = pkgs.llvmPackages_36;
# };
};
};
environment.systemPackages = with pkgs; [ sysstat gdb git lsof ];
boot = {
initrd = {
iscsi = {
initiatorName = "iqn.2015-09.com.example:3255a7223b2";
netDev = "eth0";
};
};
};
}
Raw
rpi.nix
{config,pkgs,...}:
let
builders = import ./builders.nix;
in
{
imports = [ ./core.nix ./snmpd.nix ];
services.xserver = {
videoDrivers = [ "fbdev" ];
};
hardware.opengl.enable = false;
boot = {
loader = {
grub.enable = false;
raspberryPi.enable = false;
raspberryPi.version = 1;
generic-extlinux-compatible.enable = true;
};
};
hardware.sane.enable = false;
services.nixosManual.enable = false; # FIXME: workaround SANE not evaluating on ARM
sound.enable = false;
nix = {
#buildMachines = builders.arm;
};
}
Raw
snmpd.nix
{ pkgs, ... }:
let
passwords = import ./passwords.nix;
in
{
systemd.services.snmpd = let
snmpconfig = pkgs.writeTextFile {
name = "snmpd.conf";
text = ''
rocommunity ${passwords.snmp}
disk / 10000
extend cputemp ${pkgs.stdenv.shell} -c "${pkgs.acpi}/bin/acpi -t|egrep -o '[0-9\.]{3,}'"
'';
};
in {
description = "net-snmp daemon";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.net_snmp}/bin/snmpd -f -c ${snmpconfig}";
KillMode = "process";
Restart = "always";
};
};
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment