From f4c6c70d675ca014cea4eed870fe34f2b92d55c6 Mon Sep 17 00:00:00 2001 From: Fabian Hauser Date: Mon, 30 Nov 2020 19:03:30 +0100 Subject: [PATCH] Clean up base role --- defaults/base/applications.nix | 74 +++++++ defaults/base/default.nix | 182 ++++-------------- defaults/base/overlays.nix | 7 + defaults/games/default.nix | 43 +++-- meta/default.nix | 5 +- meta/users.nix | 45 +++++ overlays/_nix-path/overlays.nix | 7 + .../remote/vmware-horizon-client/default.nix | 61 ++++-- overlays/default.nix | 4 +- 9 files changed, 242 insertions(+), 186 deletions(-) create mode 100644 defaults/base/applications.nix create mode 100644 defaults/base/overlays.nix create mode 100644 meta/users.nix create mode 100644 overlays/_nix-path/overlays.nix diff --git a/defaults/base/applications.nix b/defaults/base/applications.nix new file mode 100644 index 0000000..e5d88a8 --- /dev/null +++ b/defaults/base/applications.nix @@ -0,0 +1,74 @@ +{ config, lib, pkgs, ... }: + +{ + environment.systemPackages = with pkgs; + [ + vim + tmux + fwupd + pciutils + dmidecode + smartmontools + borgbackup + iw + killall + bc + efibootmgr + efitools + efivar + mkpasswd + rename + wipe + gnupg + pass + pwgen + units + powertop + lm_sensors + ] ++ [ nixfmt nix-index nix-diff nixpkgs-review ] + ++ [ autojump powerline-go ] ++ [ # File Utilities + ack + unzip + unrar + perl530Packages.DigestSHA3 + borgbackup + iotop + cabextract + tree # p7zip + vim + vimPlugins.pathogen + vimPlugins.airline + git + git-lfs + ] ++ [ # Filesystem & Disk Utilities + fuse_exfat + cifs-utils + keyutils # required for cifs kerberos auth + smbclient + exfat-utils + sshfs-fuse + hdparm + mtpfs + ntfs3g + smartmontools + parted + ] ++ [ # Networking Utilities + nmap + bind + curl + wget + ncat + tor + tor-arm + mosh + whois + wol + rsync + sshuttle + iftop + mailutils # hash-slinger #TODO: hash-slinger has broken dependency pyunbound + imapsync + bluez-tools + ]; + +} diff --git a/defaults/base/default.nix b/defaults/base/default.nix index 6099b51..5c1ca11 100644 --- a/defaults/base/default.nix +++ b/defaults/base/default.nix @@ -1,13 +1,8 @@ -# Default configuration for hosts { config, lib, pkgs, ... }: -{ - imports = [ ../../modules ./unfree.nix ]; - - nixpkgs.overlays = [ (import ../../overlays) ]; - - system.autoUpgrade.enable = true; - system.autoUpgrade.allowReboot = false; +let metausers = (import ../../meta).users; +in { + imports = [ ../../modules ./unfree.nix ./applications.nix ./overlays.nix ]; boot.loader.timeout = 2; boot.tmpOnTmpfs = true; @@ -16,162 +11,55 @@ font = "Lat2-Terminus16"; keyMap = "de_CH-latin1"; }; - i18n.defaultLocale = "en_US.UTF-8"; - environment.systemPackages = with pkgs; - [ - vim - tmux - fwupd - pciutils - dmidecode - smartmontools - borgbackup - iw - killall - bc - efibootmgr - efitools - efivar - mkpasswd - rename - wipe - gnupg - pass - pwgen - units - powertop - lm_sensors - ] ++ [ nixfmt nix-index nix-diff nixpkgs-review ] - ++ [ autojump powerline-go ] ++ [ # File Utilities - ack - unzip - unrar - perl530Packages.DigestSHA3 - borgbackup - iotop - cabextract - tree # p7zip - vim - vimPlugins.pathogen - vimPlugins.airline - git - git-lfs - ] ++ [ # Filesystem & Disk Utilities - fuse_exfat - cifs-utils - keyutils # required for cifs kerberos auth - smbclient - exfat-utils - sshfs-fuse - hdparm - mtpfs - ntfs3g - smartmontools - parted - ] ++ [ # Networking Utilities - nmap - bind - curl - wget - ncat - tor - tor-arm - mosh - whois - wol - rsync - sshuttle - iftop - mailutils # hash-slinger #TODO: hash-slinger has broken dependency pyunbound - imapsync - bluez-tools - ]; - - services.fwupd.enable = true; - - # Networking - networking.firewall = { - allowPing = true; - allowedTCPPorts = [ 22 ]; - }; - - # Enable the OpenSSH daemon. - services.openssh = { - enable = true; - passwordAuthentication = false; - }; - - nix.trustedUsers = [ "root" "@wheel" ]; - - users.groups = { - fhauser.gid = 1000; - das-g.gid = 1001; - empty0.gid = 1002; - }; - users.mutableUsers = false; - users.users = rec { # TODO: Migrate to meta - root.openssh.authorizedKeys.keys = - lib.flatten (map (u: u.openssh.authorizedKeys.keys) [ fhauser das-g ]); - - fhauser = { - uid = 1000; - isNormalUser = true; - description = "Fabian Hauser"; - group = "fhauser"; - extraGroups = [ "wheel" "video" ] - ++ (if config.virtualisation.docker.enable then [ "docker" ] else [ ]); - hashedPassword = - "$6$rounds=20000$TYZ8CojfBLwejcwn$smEJe6/anL9NGf.Ytfny14nBfhr4TRPv2XK1lgHz7yg.zQow1HACePirEjsjxzFC6vTHGaT8t2NxobUsHbWLg1"; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIPF8ZV7vhpbVvLxiKq8ANVusNUHMbtii5MuvjxCbVz7vSNVPo9OOLvYyDqhbRAWMTdQeGZVAaALBufKKmprDTRFMpnA7Ut4TFrdz/5DTaR2KEjJ7P75moH+0xooR/GsbzFGsNBSQSXK3u1igndPYEC/PqCHN++32kDo2wLqTB4VLrEovU3iq8BMckn329Bu1fGbXKTgDpEvUEEwFO2brQZLMmzILGF/v4B9ImEGtinAUNgDSfEpgPN23sdWQH9rwEClGv95JmWNf05tuVomhZzOBtCFoAno3XB1nj16avjsqJ3aGFY2CCcfsNrwKzhIotmm82bcI4BJuJIVRIKbZ1 cardno:000603507108" - ]; - }; - - das-g = { - uid = 1001; - isNormalUser = true; - description = "Raphael Das Gupta"; - group = "das-g"; - extraGroups = [ "wheel" ]; - hashedPassword = - "$6$rounds=37000$omA92cfwup$Ri9FXHbeOUIIDKf83D6UNa5NWGac.G9A3voJmrivwkVtaDGVMGLIa5qdgkaDeCKoMkl8YRjJ7smEyrMwTnuRD0"; - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRWDaUzbDyCNee/K8iCcXtoLrR0fZoGpXAV4f/CjB8kKb42lWKWXc67Juy0RnRVCZQc21ooApuQPJZ08Cawj9Okgz0j3vYdMnDBY1Ox9Ik12hzbpdLDHhOrIj3BOJuAKfFy5OM9Z2ZLwdvjXFk+1RQK1Qadd3PwtGjxLAgp5eBHj8TgUP8DXKGQQElphjfVLua4ufqoTldT1mrmDn/+GDgNY5HUTQb+YZ6AwjcemG+eAdG30Al1JRkOogke83hIXBVNCD9ObPtRv/KiAZv3TV8bgP2mzeeG2aDDb9qz8HXKvBlbN2ouz0cWTA5D5+Ua+wkOggEfhfPKBauF9sbQ8bRuknWm8VnuVXkikzdYZVGKdzvoHRdOfoTCL4JHzpGW6H3jVqdQuGTv5r28y/jxbDY95w6KmxLS+2u8SHVBh6hVAxf5i3P8aIHkOTEN//SyS/fa1uXHSQt0sVya2+4pTsCQfwWjE3TrQg6W6bmguVMjaICze5wWwckap+57jKbK9sPCuLFfYPwOvQ3nfb6wwNBhvNxmD9xGfk8/UzXsoq6OgPvF7GE5UWA04GHCnF4H0tEAQBK0vsjKxqC2lM8nK9msbqkSxadIFYqiG1+DAZyju3uZgkkInev8dh02yNsVJKYoCm60PWaMTLeVsrYZuvNDWXsXm7+nD02wWI0lxnkVw== das-g@x1carbon" - ]; - }; - - empty0 = { - uid = 1002; - isNormalUser = true; - description = "Testuser empty0"; - group = "empty0"; - extraGroups = [ "video" ]; - hashedPassword = - "$6$mlI7Au.EzmrL9uJj$vz8ujechSkx83tsFcRA8D04vh5.3ZwPlPmE.wsf2CTKvLio48a1eXtRxUHkkDfPlLAjqyJ55bSSw2lLazH9Ip/"; - }; + users.groups = metausers.groups; + users.users = metausers.users // { + root.openssh.authorizedKeys.keys = with lib; + concatLists (mapAttrsToList (name: user: + if elem "wheel" user.extraGroups then + user.openssh.authorizedKeys.keys + else + [ ]) metausers.users); }; + # Package management + nix.trustedUsers = [ "root" "@wheel" ]; nix.gc = { automatic = true; dates = "weekly"; options = "--delete-older-than 30d"; }; - services.btrfs.autoScrub.enable = true; + system.autoUpgrade.enable = true; + system.autoUpgrade.allowReboot = false; - environment.etc = { - gitconfig.source = ./etc/gitconfig; - vimrc.source = ./etc/vimrc; + # System Services + services.btrfs.autoScrub.enable = true; + services.fwupd.enable = true; + + # Network services + networking.firewall = { + allowPing = true; + allowedTCPPorts = [ 22 ]; + }; + + services.openssh = { + enable = true; + passwordAuthentication = false; }; - programs.autojump.enable = true; - programs.vim.defaultEditor = true; security.acme = { acceptTerms = true; email = "sysadmin@qo.is"; }; + # Default Settings + environment.etc = { + gitconfig.source = ./etc/gitconfig; + vimrc.source = ./etc/vimrc; + }; + programs.autojump.enable = true; + programs.vim.defaultEditor = true; } diff --git a/defaults/base/overlays.nix b/defaults/base/overlays.nix new file mode 100644 index 0000000..ac3e658 --- /dev/null +++ b/defaults/base/overlays.nix @@ -0,0 +1,7 @@ +{ config, lib, pkgs, options, ... }: + +{ + nixpkgs.overlays = [ (import ../../overlays) ]; + nix.nixPath = options.nix.nixPath.default + ++ [ "nixpkgs-overlays=/etc/nixos/overlays/_nix-path/" ]; +} diff --git a/defaults/games/default.nix b/defaults/games/default.nix index 8e59781..2928010 100644 --- a/defaults/games/default.nix +++ b/defaults/games/default.nix @@ -1,27 +1,28 @@ { config, lib, pkgs, ... }: { - environment.systemPackages = with pkgs; [ - neverball - wesnoth - pingus - superTux - superTuxKart - extremetuxracer - zeroad + environment.systemPackages = with pkgs; + [ + neverball + wesnoth + pingus + superTux + superTuxKart + extremetuxracer + zeroad ] ++ (with pkgs.gnome3; [ # Selection of gnome3 games - five-or-more - four-in-a-row - gnome-chess - gnome-klotski - gnome-mahjongg - gnome-nibbles - gnome-robots - gnome-sudoku - gnome-taquin - gnome-tetravex - lightsoff - quadrapassel - ]); + five-or-more + four-in-a-row + gnome-chess + gnome-klotski + gnome-mahjongg + gnome-nibbles + gnome-robots + gnome-sudoku + gnome-taquin + gnome-tetravex + lightsoff + quadrapassel + ]); } diff --git a/meta/default.nix b/meta/default.nix index b58fdf9..fe03f77 100644 --- a/meta/default.nix +++ b/meta/default.nix @@ -1 +1,4 @@ -{ network = import ./network.nix; } +{ + network = import ./network.nix; + users = import ./users.nix; +} diff --git a/meta/users.nix b/meta/users.nix new file mode 100644 index 0000000..801ea02 --- /dev/null +++ b/meta/users.nix @@ -0,0 +1,45 @@ +{ + groups = { + fhauser.gid = 1000; + das-g.gid = 1001; + empty0.gid = 1002; + }; + + users = rec { + fhauser = { + uid = 1000; + isNormalUser = true; + description = "Fabian Hauser"; + group = "fhauser"; + extraGroups = [ "wheel" "video" "docker" ]; + hashedPassword = + "$6$rounds=20000$TYZ8CojfBLwejcwn$smEJe6/anL9NGf.Ytfny14nBfhr4TRPv2XK1lgHz7yg.zQow1HACePirEjsjxzFC6vTHGaT8t2NxobUsHbWLg1"; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDIPF8ZV7vhpbVvLxiKq8ANVusNUHMbtii5MuvjxCbVz7vSNVPo9OOLvYyDqhbRAWMTdQeGZVAaALBufKKmprDTRFMpnA7Ut4TFrdz/5DTaR2KEjJ7P75moH+0xooR/GsbzFGsNBSQSXK3u1igndPYEC/PqCHN++32kDo2wLqTB4VLrEovU3iq8BMckn329Bu1fGbXKTgDpEvUEEwFO2brQZLMmzILGF/v4B9ImEGtinAUNgDSfEpgPN23sdWQH9rwEClGv95JmWNf05tuVomhZzOBtCFoAno3XB1nj16avjsqJ3aGFY2CCcfsNrwKzhIotmm82bcI4BJuJIVRIKbZ1 cardno:000603507108" + ]; + }; + + das-g = { + uid = 1001; + isNormalUser = true; + description = "Raphael Das Gupta"; + group = "das-g"; + extraGroups = [ "wheel" ]; + hashedPassword = + "$6$rounds=37000$omA92cfwup$Ri9FXHbeOUIIDKf83D6UNa5NWGac.G9A3voJmrivwkVtaDGVMGLIa5qdgkaDeCKoMkl8YRjJ7smEyrMwTnuRD0"; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDRWDaUzbDyCNee/K8iCcXtoLrR0fZoGpXAV4f/CjB8kKb42lWKWXc67Juy0RnRVCZQc21ooApuQPJZ08Cawj9Okgz0j3vYdMnDBY1Ox9Ik12hzbpdLDHhOrIj3BOJuAKfFy5OM9Z2ZLwdvjXFk+1RQK1Qadd3PwtGjxLAgp5eBHj8TgUP8DXKGQQElphjfVLua4ufqoTldT1mrmDn/+GDgNY5HUTQb+YZ6AwjcemG+eAdG30Al1JRkOogke83hIXBVNCD9ObPtRv/KiAZv3TV8bgP2mzeeG2aDDb9qz8HXKvBlbN2ouz0cWTA5D5+Ua+wkOggEfhfPKBauF9sbQ8bRuknWm8VnuVXkikzdYZVGKdzvoHRdOfoTCL4JHzpGW6H3jVqdQuGTv5r28y/jxbDY95w6KmxLS+2u8SHVBh6hVAxf5i3P8aIHkOTEN//SyS/fa1uXHSQt0sVya2+4pTsCQfwWjE3TrQg6W6bmguVMjaICze5wWwckap+57jKbK9sPCuLFfYPwOvQ3nfb6wwNBhvNxmD9xGfk8/UzXsoq6OgPvF7GE5UWA04GHCnF4H0tEAQBK0vsjKxqC2lM8nK9msbqkSxadIFYqiG1+DAZyju3uZgkkInev8dh02yNsVJKYoCm60PWaMTLeVsrYZuvNDWXsXm7+nD02wWI0lxnkVw== das-g@x1carbon" + ]; + }; + + empty0 = { + uid = 1002; + isNormalUser = true; + description = "Testuser empty0"; + group = "empty0"; + extraGroups = [ "video" ]; + hashedPassword = + "$6$mlI7Au.EzmrL9uJj$vz8ujechSkx83tsFcRA8D04vh5.3ZwPlPmE.wsf2CTKvLio48a1eXtRxUHkkDfPlLAjqyJ55bSSw2lLazH9Ip/"; + }; + }; +} diff --git a/overlays/_nix-path/overlays.nix b/overlays/_nix-path/overlays.nix new file mode 100644 index 0000000..a624a4a --- /dev/null +++ b/overlays/_nix-path/overlays.nix @@ -0,0 +1,7 @@ +self: super: +with super.lib; +let + # Load the system wide overlays + overlays = (import { }).config.nixpkgs.overlays; + # Apply all overlays to the input of the current "main" overlay +in foldl' (flip extends) (_: super) overlays self diff --git a/overlays/applications/networking/remote/vmware-horizon-client/default.nix b/overlays/applications/networking/remote/vmware-horizon-client/default.nix index 09b7011..5e11ecd 100644 --- a/overlays/applications/networking/remote/vmware-horizon-client/default.nix +++ b/overlays/applications/networking/remote/vmware-horizon-client/default.nix @@ -1,24 +1,26 @@ { stdenv, buildFHSUserEnv, fetchurl, makeWrapper, makeDesktopItem, libxslt, atk -, fontconfig, freetype, gdk-pixbuf, glib, gtk2, libudev0-shim, libxml2 -, pango, pixman, libX11, libXext, libXinerama, libXrandr , libXrender -, libXtst, libXcursor, libXi, libxkbfile , libXScrnSaver, zlib, liberation_ttf -, libtiff, dbus, at-spi2-atk, harfbuzz, gtk3-x11, libuuid, pcsclite -}: +, fontconfig, freetype, gdk-pixbuf, glib, gtk2, libudev0-shim, libxml2, pango +, pixman, libX11, libXext, libXinerama, libXrandr, libXrender, libXtst +, libXcursor, libXi, libxkbfile, libXScrnSaver, zlib, liberation_ttf, libtiff +, dbus, at-spi2-atk, harfbuzz, gtk3-x11, libuuid, pcsclite }: let version = "2006"; - sysArch = - if stdenv.hostPlatform.system == "x86_64-linux" then "x64" - else throw "Unsupported system: ${stdenv.hostPlatform.system}"; - # The downloaded archive also contains i386 and ARM binaries, but these have not been tested. + sysArch = if stdenv.hostPlatform.system == "x86_64-linux" then + "x64" + else + throw "Unsupported system: ${stdenv.hostPlatform.system}"; + # The downloaded archive also contains i386 and ARM binaries, but these have not been tested. vmwareHorizonClientFiles = stdenv.mkDerivation { name = "vmwareHorizonClientFiles"; inherit version; src = fetchurl { - url = https://download3.vmware.com/software/view/viewclients/CART21FQ2/vmware-view-client-linux-2006-8.0.0-16522670.tar.gz; - sha256 = "8c46d49fea42f8c1f7cf32a5f038f5a47d2b304743b1e4f4c68c658621b0e79c"; + url = + "https://download3.vmware.com/software/view/viewclients/CART21FQ2/vmware-view-client-linux-2006-8.0.0-16522670.tar.gz"; + sha256 = + "8c46d49fea42f8c1f7cf32a5f038f5a47d2b304743b1e4f4c68c658621b0e79c"; }; buildInputs = [ makeWrapper ]; installPhase = '' @@ -46,10 +48,36 @@ let runScript = "${vmwareHorizonClientFiles}/bin/vmware-view_wrapper"; targetPkgs = pkgs: [ - pcsclite dbus vmwareHorizonClientFiles atk fontconfig freetype gdk-pixbuf glib gtk2 - libudev0-shim libxml2 pango pixman liberation_ttf libX11 libXext libXinerama - libXrandr libXrender libXtst libXcursor libXi libxkbfile at-spi2-atk libXScrnSaver - zlib libtiff harfbuzz gtk3-x11 libuuid + pcsclite + dbus + vmwareHorizonClientFiles + atk + fontconfig + freetype + gdk-pixbuf + glib + gtk2 + libudev0-shim + libxml2 + pango + pixman + liberation_ttf + libX11 + libXext + libXinerama + libXrandr + libXrender + libXtst + libXcursor + libXi + libxkbfile + at-spi2-atk + libXScrnSaver + zlib + libtiff + harfbuzz + gtk3-x11 + libuuid ]; }; @@ -71,7 +99,8 @@ in stdenv.mkDerivation { ''; meta = with stdenv.lib; { - description = "Allows you to connect to your VMware Horizon virtual desktop"; + description = + "Allows you to connect to your VMware Horizon virtual desktop"; homepage = "https://www.vmware.com/go/viewclients"; license = licenses.unfree; platforms = platforms.linux; diff --git a/overlays/default.nix b/overlays/default.nix index 1670671..07da44b 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -1,4 +1,6 @@ self: super: { lib = (super.lib or { }) // { qois = import ../lib { lib = self.lib; }; }; - vmware-horizon-client = super.callPackage ./applications/networking/remote/vmware-horizon-client { }; # TODO: Should be included in 21.03 + vmware-horizon-client = + super.callPackage ./applications/networking/remote/vmware-horizon-client + { }; # TODO: Should be included in 21.03 }