[All] Improve infrastructure

M-Gregoire · Jan 15, 2020 · 8d088d4 · 8d088d4
1 parent 7e99ac7
commit 8d088d4
Show file tree

Hide file tree

Showing 24 changed files with 87 additions and 65 deletions.
diff --git a/home/apps.nix b/home/apps.nix
@@ -48,6 +48,8 @@
     qrencode
     # Mount remote filesystems over SSH
     sshfs
+    # Run appImage
+    appimage-run
   ];
 
   xdg.configFile."khal/config".source = builtins.toPath "${config.resources.pcs.paths.privateDotfiles}/khal/config";

diff --git a/home/dev.nix b/home/dev.nix
@@ -2,7 +2,7 @@
 
 {
   imports = [
-    ./dev/LSP.nix
+    #./dev/LSP.nix
     ./dev/c.nix
     ./dev/compton.nix
     ./dev/emacs.nix

diff --git a/home/dev/LSP.nix b/home/dev/LSP.nix
@@ -19,7 +19,7 @@ in
     # C / C++
     ccls
     # Bash
-    unstable.nodePackages.bash-language-server
+    #nodePackages.bash-language-server
     # Python
     #python27Packages.python-language-server
     python37Packages.python-language-server

diff --git a/home/dev/nix.nix b/home/dev/nix.nix
@@ -4,7 +4,6 @@
   home.packages = with pkgs;[
     nix-prefetch-git
     nix-prefetch-github
-    yarn2nix
     nodePackages.node2nix
     go2nix
     nixops

diff --git a/home/gui.nix b/home/gui.nix
@@ -1,11 +1,11 @@
 { config, lib, pkgs, ... }:
 
 let
-  thunar-with-plugins = with pkgs; with xfce; thunar.override {
-    thunarPlugins = [
-      thunar-archive-plugin
-    ];
-  };
+ # thunar-with-plugins = with pkgs; with xfce4-14; thunar.override {
+ #   thunarPlugins = [
+ #     thunar-archive-plugin
+ #   ];
+ # };
 
   rofiTheme = import ./theme/rofi.nix {
     theme=config.resources.theme;
@@ -16,9 +16,9 @@ in
 {
   programs.feh.enable = true;
 
-  home.packages = with pkgs; with xfce4-13; [
+  home.packages = with pkgs; [
     # Browser & emails
-    unstable.firefox
+    firefox
     chromium
     thunderbird
     # Video
@@ -33,20 +33,21 @@ in
     leafpad
     # Mumble
     mumble
-    mumble_overlay
+    #mumble_overlay
     # Music
     spotify
     # Chats
     unstable.signal-desktop
-    unstable.rambox
+    #rambox
     # Thunar with archive plugin
-    thunar-with-plugins
+    xfce4-14.thunar
     # Volume manager
-    thunar-volman
+    xfce4-14.thunar-volman
+    xfce.thunar-archive-plugin
     # Thumbnail
     ffmpegthumbnailer
     # D-bus thumbnailer service
-    tumbler
+    xfce4-14.tumbler
     # Disk managment
     gparted
     # Sound control
@@ -63,6 +64,8 @@ in
     inkscape
     # Image viewer
     nomacs
+    # Veracrypt
+    veracrypt
   ];
 
   home.file.".mozilla/firefox/${config.resources.pcs.firefox.profile}/user.js".source = builtins.toPath "${config.resources.pcs.paths.publicDotfiles}/firefox/user.js";

diff --git a/home/i3.nix b/home/i3.nix
@@ -65,7 +65,7 @@ in
         "${workspace1}" = [{class="Firefox";}];
         "${workspace3}" = [{class="Emacs";}];
         "${workspace8}" = [{class="rambox";}];
-        "${workspace9}" = [{class="Thunderbird";}];
+        "${workspace9}" = [{class="Thunderbird";} {class="Daily";}];
       };
 
       keybindings = {

diff --git a/home/services.nix b/home/services.nix
@@ -46,4 +46,7 @@ in
       };
     };
   }dunstTheme;
+
+  # Automount for removable device
+  services.udiskie.enable = true;
 }
diff --git a/nixops/Skuld.nix b/nixops/Skuld.nix
diff --git a/nixops/generateDeployment.sh b/nixops/generateDeployment.sh
@@ -9,10 +9,10 @@ nixops delete -d cloud 2> /dev/null
 nixops delete -d pcs 2> /dev/null
 nixops delete -d servers 2> /dev/null
 
-nixops create home.nix Bur.nix Mimir.nix Skuld.nix Fenrir.nix -d home
+nixops create home.nix Bur.nix Mimir.nix Fenrir.nix -d home
 nixops create cloud.nix Eldir.nix -d cloud
 nixops create pcs.nix Bur.nix Mimir.nix -d pcs
-nixops create servers.nix Eldir.nix Skuld.nix Fenrir.nix -d servers
+nixops create servers.nix Eldir.nix Fenrir.nix -d servers
 
 #nixops deploy -d home
 #nixops deploy -d cloud

diff --git a/nixops/home.nix b/nixops/home.nix
@@ -19,15 +19,6 @@
         ];
     };
 
-  Skuld =
-    { config, pkgs, ... }:
-    {
-      imports =
-        [
-          ../nixos/hosts/Skuld/configuration.nix
-        ];
-    };
-
   FenrirDocker =
     { config, pkgs, ... }:
     {

diff --git a/nixops/servers.nix b/nixops/servers.nix
@@ -10,15 +10,6 @@
         ];
     };
 
-  Skuld =
-    { config, pkgs, ... }:
-    {
-      imports =
-        [
-          ../nixos/hosts/Skuld/configuration.nix
-        ];
-    };
-
   FenrirDocker =
     { config, pkgs, ... }:
     {

diff --git a/nixos/common.nix b/nixos/common.nix
@@ -4,6 +4,7 @@
   imports = [
     ../modules
     ./dev/docker.nix
+    ./dev/nfs.nix
     ./services.nix
   ];
 
@@ -39,8 +40,6 @@
   nixpkgs.overlays = import ../nixpkgs/overlays.nix;
 
   networking.hostName = config.resources.hostname;
-  #
-
 
   networking.firewall.allowedTCPPorts = config.resources.networking.firewall.openTCPPorts;
   networking.firewall.allowedUDPPorts = config.resources.networking.firewall.openUDPPorts;
@@ -52,10 +51,19 @@
     "::1" = [ "${config.resources.hostname}" ];
   };
 
+  users.groups.${config.resources.username} = {
+    name = "${config.resources.username}";
+    members = [ "${config.resources.username}" ];
+    gid = 1000;
+  };
+
   users.users.${config.resources.username} = {
     isNormalUser = true;
     home = "/home/${config.resources.username}";
+    uid = 1000;
+    group = "${config.resources.username}";
     extraGroups = [
+      "users"
       "wheel"
       "docker"
     ];

diff --git a/nixos/dev/nfs.nix b/nixos/dev/nfs.nix
@@ -1,5 +1,15 @@
-{ config, ... }:
+{ config, pkgs, ... }:
 
 {
   boot.kernelModules = [ "nfs" "nfsd" ];
+
+  environment.systemPackages = with pkgs; [
+    # NFS
+    nfs-utils
+  ];
+
+  boot.kernelParams = [
+    # https://www.suse.com/support/kb/doc/?id=7014266
+    "nfs.nfs4_disable_idmapping=1"
+  ];
 }
diff --git a/nixos/hosts/Eldir/configuration.nix b/nixos/hosts/Eldir/configuration.nix
@@ -12,7 +12,7 @@
       ./nixos-in-place.nix
     ];
 
-  system.stateVersion = "16.09";
+  system.stateVersion = "19.03";
 
   networking.firewall.allowedTCPPorts = [ config.resources.hosts.eldir.ssh.port ];
   services.openssh.ports = [ config.resources.hosts.eldir.ssh.port ];

diff --git a/nixos/hosts/FenrirDocker/configuration.nix b/nixos/hosts/FenrirDocker/configuration.nix
@@ -17,20 +17,28 @@
   networking.firewall.allowedTCPPorts = [ config.resources.hosts.fenrirDocker.ssh.port ];
   services.openssh.ports = [ config.resources.hosts.fenrirDocker.ssh.port ];
 
+  # Unifi
+  services.unifi.enable = true;
+
+  fileSystems."/nfs/Sharkoon" = {
+    device = "fenrirNas.martinache.net:/mnt/Sharkoon";
+    fsType = "nfs";
+    options = [ "defaults" "uid=1000" "gid=1000" "umask=002" ];
+  };
+
   networking.hosts = {
     # This part is used to define custom DNS records by my PiHole
     "${config.resources.hosts.bur.ip.default}" = [ "Bur" "${builtins.concatStringsSep " " config.resources.hosts.bur.extraDomains}" ];
     "${config.resources.hosts.eldir.ip.default}" = [ "Eldir" "${builtins.concatStringsSep " " config.resources.hosts.eldir.extraDomains}" ];
     "${config.resources.hosts.idunn.ip.default}" = [ "Idunn" "${builtins.concatStringsSep " " config.resources.hosts.idunn.extraDomains}" ];
     "${config.resources.hosts.mimir.ip.default}" = [ "Mimir" "${builtins.concatStringsSep " " config.resources.hosts.mimir.extraDomains}" ];
     "${config.resources.hosts.skuld.ip.default}" = [ "Skuld" "${builtins.concatStringsSep " " config.resources.hosts.skuld.extraDomains}" ];
-    "${config.resources.hosts.fenrir.ip.default}" = [ "Fenrir" "${builtins.concatStringsSep " " config.resources.hosts.fenrir.extraDomains}" ];
     # Basic hostname already defined in the home profile
     "${config.resources.hosts.beyla.ip.default}" = [ "${builtins.concatStringsSep " " config.resources.hosts.beyla.extraDomains}" ];
     "${config.resources.hosts.octopi.ip.default}" = [ "${builtins.concatStringsSep " " config.resources.hosts.octopi.extraDomains}" ];
     # Basic hostname binded to localhost
     "${config.resources.hosts.fenrirDocker.ip.default}" = [ "${builtins.concatStringsSep " " config.resources.hosts.fenrirDocker.extraDomains}" ];
   } // config.resources.hosts.extra;
 
-  system.stateVersion = "19.09";
+  system.stateVersion = "19.03";
 }
diff --git a/nixos/hosts/Mimir/configuration.nix b/nixos/hosts/Mimir/configuration.nix
@@ -16,6 +16,9 @@
       ./hardware-configuration.nix
     ];
 
+  # Unifi
+  services.unifi.enable = true;
+
   services.xserver.libinput.accelSpeed = null;
 
   services.xserver.videoDrivers = [ "amdgpu" ];

diff --git a/nixos/profiles/PC/default.nix b/nixos/profiles/PC/default.nix
@@ -3,14 +3,14 @@
 {
   imports = [
     (import ../../../vendor/home-manager { inherit pkgs; }).nixos
+    #../../dev/ipfs.nix
     ../../../modules
     ../../dev/3D.nix
     ../../dev/android.nix
     ../../dev/fwudp.nix
-    #../../dev/ipfs.nix
     ../../dev/openvpn-client.nix
     ../../dev/pam.nix
-    ../../dev/teamviewer.nix
+    #../../dev/teamviewer.nix
     ../../dev/wireguard-client-home.nix
     ../../dev/wireguard-tools.nix
     ./mime.nix
@@ -76,6 +76,8 @@
   };
 
   fonts.fonts = with pkgs; [
+    # https://github.com/NixOS/nixpkgs/issues/47921#issuecomment-435310057
+    # nix-prefetch-url --type sha256 --unpack --name source file:///home/gregoire/Downloads/nerd-fonts-2.0.0.tar.gz 09i467hyskvzj2wn5sj6shvc9pb0a0rx5iknjkkkbg1ng3bla7nm
     unstable.nerdfonts
   ];
 
@@ -84,7 +86,5 @@
     ntfs3g
     # exFat
     exfat
-    # NFS
-    nfs-utils
   ];
 }
diff --git a/nixos/profiles/PC/services.nix b/nixos/profiles/PC/services.nix
@@ -12,8 +12,20 @@
     };
   };
 
-  # Unifi
-  services.unifi.enable = true;
+  services.gvfs.enable = true;
+
+  # https://github.com/NixOS/nixpkgs/issues/22064
+#  nixpkgs.config.packageOverrides = pkgs: {
+#    xfce = pkgs.xfce // {
+#      gvfs = pkgs.gvfs;
+#    };
+#  };
+  # Network share
+#  environment.systemPackages = with pkgs; [
+#    lxqt.lxqt-policykit
+#    pkgs.xfce.gvfs
+#  ]; # provides a default authentification client for policykit
+
 
   # Smart card
   services.pcscd.enable = true;
@@ -59,7 +71,7 @@
     serviceConfig.User = "${config.resources.username}";
     script = ''
       if [ -d '${config.resources.pcs.paths.publicConfig}' ]; then
-        if ${pkgs.git}/bin/git -C ${config.resources.pcs.paths.publicConfig}/vendor/nixpkgs-release fetch --all && ${pkgs.git}/bin/git -C ${config.resources.pcs.paths.publicConfig}/vendor/nixpkgs-release checkout channels/nixos-19.03; then
+        if ${pkgs.git}/bin/git -C ${config.resources.pcs.paths.publicConfig}/vendor/nixpkgs-release fetch --all && ${pkgs.git}/bin/git -C ${config.resources.pcs.paths.publicConfig}/vendor/nixpkgs-release checkout channels/nixos-19.09; then
           echo "nixpkgs-release updated"
         else
           echo "nixpkgs-release update failed: sending notification"

diff --git a/nixos/systemd-networkd.nix b/nixos/systemd-networkd.nix
@@ -7,6 +7,8 @@
 
   networking.wireless.enable = true;
 
+  networking.useDHCP = false;
+
   services.resolved.enable = true;
   # /!\ DNS fallback is not a recovery DNS
   # See https://github.com/systemd/systemd/issues/5771#issuecomment-296673115

diff --git a/scripts/polybar-spotify-controls b/scripts/polybar-spotify-controls
diff --git a/vendor/home-manager b/vendor/home-manager
diff --git a/vendor/infrastructure-private b/vendor/infrastructure-private
diff --git a/vendor/nixpkgs-release b/vendor/nixpkgs-release
diff --git a/vendor/update.sh b/vendor/update.sh
@@ -4,7 +4,7 @@ nix-channel --update
 
 cd home-manager
 git fetch --all
-git checkout master
+git checkout release-19.09
 git pull
 
 cd ..
@@ -13,7 +13,7 @@ cd nixpkgs-release
 git remote add channels https://github.com/NixOS/nixpkgs-channels.git
 git remote update channels
 git fetch --all
-git checkout channels/nixos-19.03
+git checkout channels/nixos-19.09
 
 cd ..