commit 7a4dfbcd71d667cb2a5e74fd8e04cd6683ef4bc7
parent b39d56a4c741598c3c1c7fce56755c7af17212d9
Author: William Casarin <jb55@jb55.com>
Date: Sun, 21 Nov 2021 13:35:00 -0800
monad nix-config updates
Signed-off-by: William Casarin <jb55@jb55.com>
Diffstat:
13 files changed, 155 insertions(+), 149 deletions(-)
diff --git a/nix-config/configuration.nix b/nix-config/configuration.nix
@@ -21,7 +21,7 @@ let machine = extra.private.machine;
};
util = extra.util;
caches = [ "https://cache.nixos.org" ];
- composeKey = if machine == "quiver" then "ralt" else "rwin";
+ composeKey = if machine == "quiver" then "ralt" else "prsc";
home = "/home/jb55";
isDark = false;
bash = "${pkgs.bashInteractive}/bin/bash";
diff --git a/nix-config/environment/default.nix b/nix-config/environment/default.nix
@@ -14,7 +14,6 @@ let jb55pkgs = import <jb55pkgs> { inherit pkgs; };
csv-scripts
datefmt
extname
- kindle-send
mandown
ratio
samp
diff --git a/nix-config/environment/desktop/default.nix b/nix-config/environment/desktop/default.nix
@@ -16,7 +16,7 @@ let gtk2rc = pkgs.writeText "gtk2rc" ''
jb55pkgs = import <jb55pkgs> { inherit pkgs; };
jbpkgs = with jb55pkgs; [
- snap
+ #snap
cmdtree
zoom-link-opener
x11-rename
@@ -34,7 +34,6 @@ let gtk2rc = pkgs.writeText "gtk2rc" ''
mypkgs = (with pkgs; [
aerc
- hwi
clipmenu
colorpicker
dmenu
@@ -59,7 +58,7 @@ let gtk2rc = pkgs.writeText "gtk2rc" ''
pavucontrol
pinentry
postgresql # psql
- python37Packages.trezor
+ #python37Packages.trezor
qalculate-gtk
qutebrowser
rxvt_unicode-with-plugins
@@ -119,8 +118,4 @@ in {
lastpass-cli
rxvt_unicode-with-plugins
]) else mypkgs;
-
- security.wrappers = {
- slock.source = "${pkgs.slock}/bin/slock";
- };
}
diff --git a/nix-config/machines/monad/allure/default.nix b/nix-config/machines/monad/allure/default.nix
@@ -0,0 +1,13 @@
+{ config, lib, pkgs, ... }:
+{
+ services.nginx.httpConfig = ''
+ server {
+ listen 80 default_server;
+ server_name _;
+ index index.html index.htm;
+ location / {
+ try_files $uri $uri/ =404;
+ }
+ }
+ '';
+}
diff --git a/nix-config/machines/monad/bitcoin/modules/spark-wallet.nix b/nix-config/machines/monad/bitcoin/modules/spark-wallet.nix
@@ -0,0 +1,53 @@
+spark-wallet:
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let
+ cfg = config.services.spark-wallet;
+
+ startScript = ''
+ exec ${spark-wallet}/bin/spark-wallet \
+ --ln-path "/home/jb55/.lightning/bitcoin" \
+ --host ${cfg.address} --port ${toString cfg.port} \
+ --public-url "http://wallet.jb55.com" \
+ --pairing-qr --print-key ${cfg.extraArgs}
+ '';
+in {
+ options.services.spark-wallet = {
+ enable = mkEnableOption "spark-wallet";
+ address = mkOption {
+ type = types.str;
+ default = "localhost";
+ description = "http(s) server address.";
+ };
+ port = mkOption {
+ type = types.port;
+ default = 9737;
+ description = "http(s) server port.";
+ };
+ publicUrl = mkOption {
+ type = types.str;
+ default = "localhost";
+ description = "public url";
+ };
+ extraArgs = mkOption {
+ type = types.separatedString " ";
+ default = "";
+ description = "Extra command line arguments passed to spark-wallet.";
+ };
+ };
+
+ config = mkIf cfg.enable {
+ systemd.user.services.spark-wallet = {
+ wantedBy = [ "multi-user.target" ];
+ requires = [ "clightning-mainnet.service" ];
+ after = [ "clightning-mainnet.service" ];
+ script = startScript;
+ serviceConfig = {
+ Restart = "on-failure";
+ RestartSec = "10s";
+ };
+ };
+ };
+}
diff --git a/nix-config/machines/monad/bitcoin/walletemail.nix b/nix-config/machines/monad/bitcoin/walletemail.nix
@@ -11,7 +11,7 @@ wallet="$2"
from="Bitcoin Wallet <bitcoind@monad>"
to="William Casarin <jb55@jb55.com>"
subject="Wallet notification"
-keys="-r 0x8860420C3C135662EABEADF96342E010C44A6337 -r 0x5B2B1E4F62216BC74362AC61D4FBA2FC4535A2A9 -r 0xE02D3FD4EB4585A63531C1D0E1BFCB90A1FF7A1C"
+keys="-r 0xC5D732336E9DC2C7F9D9D91CAC3CB14001216D67"
tx="$(${bcli} -rpcwallet=$wallet gettransaction "$txid" true)"
address="$(${pkgs.jq}/bin/jq -r '.details[0].address' <<<"$tx")"
diff --git a/nix-config/machines/monad/default.nix b/nix-config/machines/monad/default.nix
@@ -40,7 +40,7 @@ in
boot.kernelPackages = pkgs.linuxPackages_latest;
- services.ofono.enable = true;
+ services.ofono.enable = false;
services.ofono.plugins = with pkgs; [ ofono-phonesim ];
services.prometheus.enable = false;
@@ -56,39 +56,12 @@ in
];
# services.guix.enable = true;
- services.synergy.server.enable = if extra.is-minimal then false else true;
- services.synergy.server.autoStart = true;
- services.synergy.server.screenName = "desktop";
- services.synergy.server.configFile = pkgs.writeText "barrier-cfg" ''
- section: screens
- desktop:
- mac:
- win:
- end
- section: aliases
- desktop:
- 192.168.86.26
- mac:
- 10.100.0.4
- win:
- 192.168.122.218
- end
- section: links
- desktop:
- left = mac
- right = win
- mac:
- right = desktop
- win:
- left = desktop
- end
- section: options
- keystroke(alt+control+h) = switchInDirection(left)
- keystroke(alt+control+l) = switchInDirection(right)
- end
- '';
+ services.synergy.client.enable = if extra.is-minimal then false else true;
+ services.synergy.client.autoStart = true;
+ services.synergy.client.serverAddress = "10.100.0.2";
+ services.synergy.client.screenName = "monad";
- services.bitlbee.enable = if extra.is-minimal then false else true;
+ services.bitlbee.enable = if extra.is-minimal then false else false;
services.bitlbee.libpurple_plugins = with pkgs; [
pidgin-skypeweb
purple-facebook
@@ -174,7 +147,7 @@ in
wantedBy = [ "graphical-session.target" ];
after = [ "graphical-session.target" ];
- path = with pkgs; [ openssh msmtp libnotify netcat ];
+ path = with pkgs; [ openssh msmtp libnotify netcat gitFull ];
environment = {
SSH_AUTH_SOCK = "/run/user/1000/ssh-agent";
@@ -184,11 +157,17 @@ in
export SSH_ASKPASS="${pkgs.x11_ssh_askpass}/libexec/x11-ssh-askpass"
while true
do
- duration="5m"
+ duration="30m"
cd /home/jb55/dev/github/bitcoin/bitcoin
${git-email-contacts}
+ git gc
cd /home/jb55/dev/github/bitcoin-core/gui
${git-email-contacts}
+ git gc
+ cd /home/jb55/etc/nixpkgs-master
+ git fetch -p upstream
+ ${git-email-contacts}
+ git gc
printf "done for now, waiting %s...\n" $duration 2>&1
sleep $duration
done
@@ -245,7 +224,7 @@ in
'';
};
- virtualisation.libvirtd.enable = true;
+ virtualisation.libvirtd.enable = false;
virtualisation.libvirtd.qemuOvmf = true;
virtualisation.libvirtd.qemuVerbatimConfig = ''
user = "jb55"
@@ -260,25 +239,6 @@ in
]
'';
- services.samba = {
- };
-
- systemd.tmpfiles.rules = [
- "f /dev/shm/looking-glass 0660 jb55 qemu-libvirtd -"
- "f /dev/shm/scream 0660 jb55 qemu-libvirtd -"
- ];
-
- systemd.user.services.scream-ivshmem = {
- enable = true;
- description = "Scream IVSHMEM";
- serviceConfig = {
- ExecStart = "${pkgs.scream-receivers}/bin/scream-ivshmem-pulse /dev/shm/scream";
- Restart = "always";
- };
- wantedBy = [ "multi-user.target" ];
- requires = [ "pulseaudio.service" ];
- };
-
systemd.user.services.btc-ban-aws = {
enable = if extra.is-minimal then false else true;
description = "Ban Bitcoin EC2 nodes";
@@ -296,7 +256,7 @@ in
environment.systemPackages = [ pkgs.virt-manager ];
- virtualisation.virtualbox.host.enable = false;#if extra.is-minimal then false else true;
+ virtualisation.virtualbox.host.enable = true;#if extra.is-minimal then false else true;
virtualisation.virtualbox.host.enableHardening = false;
#virtualization.virtualbox.host.enableExtensionPack = true;
@@ -314,8 +274,8 @@ in
documentation.nixos.enable = false;
- # services.trezord.enable = if extra.is-minimal then false else true;
- services.redis.enable = if extra.is-minimal then false else true;
+ services.redis.enable = if extra.is-minimal then false else false;
+ services.mongodb.enable = if extra.is-minimal then false else false;
services.zeronet.enable = false;
#services.zeronet.trackers = ''
@@ -326,8 +286,6 @@ in
# udp://ultra.zt.ua:6969/announce
#'';
- services.mongodb.enable = if extra.is-minimal then false else false;
-
services.tor.enable = if extra.is-minimal then false else true;
services.tor.controlPort = 9051;
services.tor.client.enable = true;
@@ -350,7 +308,7 @@ in
server {
listen 80;
listen ${extra.machine.ztip}:80;
- listen 192.168.86.26;
+ listen 192.168.87.26;
server_name notes.jb55.com;
@@ -419,7 +377,7 @@ in
# # type db user address method
# local all all trust
# host all all 127.0.0.1/32 trust
- # host all all 192.168.86.0/24 trust
+ # host all all 192.168.87.0/24 trust
# '';
# extraConfig = ''
# listen_addresses = '0.0.0.0'
@@ -435,7 +393,7 @@ in
# # type db user address method
# local all all trust
# host all all 127.0.0.1/32 trust
- # host all all 192.168.86.0/24 trust
+ # host all all 192.168.87.0/24 trust
# '';
# extraConfig = ''
# listen_addresses = '0.0.0.0'
diff --git a/nix-config/machines/monad/hardware/default.nix b/nix-config/machines/monad/hardware/default.nix
@@ -10,7 +10,7 @@
modprobe -i vfio-pci
'';
- boot.kernelParams = [ "amdgpu.gpu_recovery=1" "amd_iommu=on" "pcie_aspm=off" ];
+ boot.kernelParams = [ "amdgpu.gpu_recovery=1" ];
boot.kernelModules = [ "kvm-amd" "kvm-intel" ];
boot.loader.grub.copyKernels = true;
boot.extraModulePackages = [ ];
@@ -25,6 +25,11 @@
fsType = "zfs";
};
+ #fileSystems."/chonk" =
+ # { device = "chonk";
+ # fsType = "zfs";
+ # };
+
fileSystems."/zbig" =
{ device = "zbig";
fsType = "zfs";
diff --git a/nix-config/machines/monad/networking/default.nix b/nix-config/machines/monad/networking/default.nix
@@ -1,7 +1,7 @@
extra:
{ config, lib, pkgs, ... }:
let
- chromecastIP = "192.168.86.190";
+ chromecastIP = "192.168.87.190";
iptables = "iptables -A nixos-fw";
ipr = "${pkgs.iproute}/bin/ip";
hasVPN = true;
@@ -37,16 +37,19 @@ let
http = 80;
wireguard = 51820;
weechat = 9000;
+ nncp = 5442;
inherit (extra.private) notify-port;
};
firewallRules = [
- "nixos-fw -s 10.100.0.0/24,192.168.86.1/24 -p tcp --dport 8080 -j nixos-fw-accept" # dev
+ "nixos-fw -s 10.100.0.0/24,192.168.87.1/24 -p tcp --dport 8080 -j nixos-fw-accept" # dev
+ "nixos-fw -s 10.100.0.0/24,192.168.87.1/24 -p tcp --dport 5442 -j nixos-fw-accept"
"nixos-fw -s 10.100.0.0/24 -p tcp --dport 80 -j nixos-fw-accept"
"nixos-fw -s 10.100.0.0/24 -p tcp --dport 3000 -j nixos-fw-accept"
"nixos-fw -s 10.100.0.2/32 -p tcp --dport ${toString ports.lntun} -j nixos-fw-accept"
"nixos-fw -s 10.100.0.0/24 -p tcp --dport ${toString ports.weechat} -j nixos-fw-accept"
- "nixos-fw -s 10.100.0.0/24,192.168.86.1/24 -p tcp --dport 8333 -j nixos-fw-accept" # bitcoin
+ "nixos-fw -s 10.100.0.0/24,192.168.87.1/24 -p tcp --dport 8333 -j nixos-fw-accept" # bitcoin
+ "nixos-fw -s 10.100.0.0/24,192.168.87.1/24 -p tcp --dport 8332 -j nixos-fw-accept" # bitcoin-rpc
"nixos-fw -s 192.168.122.218 -p udp --dport 137 -j nixos-fw-accept"
"nixos-fw -s 192.168.122.218 -p udp --dport 138 -j nixos-fw-accept"
"nixos-fw -s 192.168.122.218 -p tcp --dport 139 -j nixos-fw-accept"
@@ -153,26 +156,26 @@ in
openFirewall = true;
};
- services.xinetd.enable = true;
- services.xinetd.services =
- [
- { name = "gopher";
- port = 70;
- server = "${pkgs.gophernicus}/bin/in.gophernicus";
- serverArgs = "-nf -r /var/gopher";
- extraConfig = ''
- disable = no
- env = PATH=${pkgs.coreutils}/bin:${pkgs.curl}/bin
- passenv = PATH
- '';
- }
- ];
+ #services.xinetd.enable = true;
+ #services.xinetd.services =
+ #[
+ # { name = "gopher";
+ # port = 70;
+ # server = "${pkgs.gophernicus}/bin/in.gophernicus";
+ # serverArgs = "-nf -r /var/gopher";
+ # extraConfig = ''
+ # disable = no
+ # env = PATH=${pkgs.coreutils}/bin:${pkgs.curl}/bin
+ # passenv = PATH
+ # '';
+ # }
+ #];
services.nginx.httpConfig = lib.mkIf config.services.transmission.enable ''
server {
listen 80;
listen ${extra.machine.ztip}:80;
- listen 192.168.86.26;
+ listen 192.168.87.26;
# server names for this server.
# any requests that come in that match any these names will use the proxy.
@@ -233,7 +236,7 @@ in
server {
listen 80;
listen ${extra.machine.ztip}:80;
- listen 192.168.86.26;
+ listen 192.168.87.26;
server_name torrents.jb55.com torrentz.jb55.com torrents.home torrent.home;
location = /download {
diff --git a/nix-config/machines/quiver/default.nix b/nix-config/machines/quiver/default.nix
@@ -165,8 +165,8 @@ extra:
# https://github.com/nmikhailov/Validity90 # driver not done yet
services.fprintd.enable = false;
- services.tor.enable = true;
- services.tor.client.enable = true;
+ services.tor.enable = false;
+ services.tor.client.enable = false;
services.tor.controlPort = 9051;
services.autorandr.enable = true;
diff --git a/nix-config/machines/quiver/networking/default.nix b/nix-config/machines/quiver/networking/default.nix
@@ -1,7 +1,7 @@
extra:
{ config, lib, pkgs, ... }:
let
- chromecastIPs = [ "192.168.86.190" ];
+ chromecastIPs = [ "192.168.87.190" ];
iptables = "iptables -A nixos-fw";
openChromecast = ip: ''
${iptables} -p udp -s ${ip} -j nixos-fw-accept
@@ -76,7 +76,7 @@ in
${lib.concatStringsSep "\n\n" (map openChromecast chromecastIPs)}
# home network nginx
- iptables -A nixos-fw -p tcp -s 192.168.86.0/24 -d 192.168.86.0/24 --dport 80 -j nixos-fw-accept
+ iptables -A nixos-fw -p tcp -s 192.168.87.0/24 -d 192.168.87.0/24 --dport 80 -j nixos-fw-accept
# mark tor-related packets
iptables -t mangle -A OUTPUT -m cgroup --cgroup 12 -j MARK --set-mark 12
@@ -92,7 +92,7 @@ in
'';
networking.firewall.extraStopCommands = ''
- iptables -D nixos-fw -p tcp -s 192.168.86.0/24 -d 192.168.86.0/24 --dport 80 -j nixos-fw-accept || true
+ iptables -D nixos-fw -p tcp -s 192.168.87.0/24 -d 192.168.87.0/24 --dport 80 -j nixos-fw-accept || true
# mark tor-related packets
iptables -t mangle -D OUTPUT -m cgroup --cgroup 12 -j MARK --set-mark 12 || true
diff --git a/nix-config/nixpkgs/config.nix b/nix-config/nixpkgs/config.nix
@@ -17,13 +17,9 @@ in {
packageOverrides = super: rec {
- qemu = super.qemu.override {
- smbdSupport = true;
- };
-
- scream-receivers = super.scream-receivers.override {
- pulseSupport = true;
- };
+ #qemu = super.qemu.override {
+ # smbdSupport = true;
+ #};
# /run/current-system/sw/bin/ls $HOME/.emacs.d/elpa | sed 's/-[[:digit:]].*//g;s/\+$/-plus/g' | sort -u
#emacs = super.emacsHead;
@@ -34,15 +30,6 @@ in {
inherit pkgs;
};
- less = pkgs.lib.overrideDerivation super.less (attrs: {
- patches = [
- (super.fetchurl {
- url = "https://jb55.com/s/0001-mark-save-lastmarks.patch";
- sha256 = "4974a406ddcdc46c2008b9a828d9eba3a04b8a46ed02ca5e5534b2f09441a709";
- })
- ];
- });
-
msmtp = pkgs.lib.overrideDerivation super.msmtp (attrs: {
patches = [
(super.fetchurl {
@@ -72,27 +59,20 @@ in {
};
});
- lastpass-cli = super.lastpass-cli.override { guiSupport = true; };
+ #lastpass-cli = super.lastpass-cli.override { guiSupport = true; };
wine = super.wineWowPackages.staging;
- phonectl = super.python3Packages.callPackage (import (super.fetchFromGitHub {
- owner = "jb55";
- repo = "phonectl";
- sha256 = "0wqpwg32qa1rzpw7881r6q2zklxlq1y4qgyyy742pihfh99rkcmj";
- rev = "de0f37a20d16a32a73f9267860302357b2df0c20";
- })) {};
-
- notmuch = pkgs.lib.overrideDerivation super.notmuch (attrs: {
- src = pkgs.fetchFromGitHub {
- owner = "jb55";
- repo = "notmuch";
- rev = "f0f99973ad9d4e932b34cc76a5d7c6629079575a";
- sha256 = "0n89q4vlq0yhn6dqjjb7sva54cvg62hcj1yxryvs5jai5n5gl493";
- };
+ #notmuch = pkgs.lib.overrideDerivation super.notmuch (attrs: {
+ # src = pkgs.fetchFromGitHub {
+ # owner = "jb55";
+ # repo = "notmuch";
+ # rev = "f0f99973ad9d4e932b34cc76a5d7c6629079575a";
+ # sha256 = "0n89q4vlq0yhn6dqjjb7sva54cvg62hcj1yxryvs5jai5n5gl493";
+ # };
- doCheck = false;
- });
+ # doCheck = false;
+ #});
# wirelesstools =
# let
diff --git a/nix-config/services/desktop/default.nix b/nix-config/services/desktop/default.nix
@@ -26,13 +26,13 @@ in
services.pcscd.enable = true;
services.gnome3.gnome-keyring.enable = if extra.is-minimal then false else true;
- services.trezord.enable = if extra.is-minimal then false else true;
+ services.trezord.enable = false;
services.avahi.enable = true;
services.avahi.publish.enable = true;
services.avahi.publish.userServices = true;
- services.spotifyd.enable = if extra.is-minimal then false else true;
+ services.spotifyd.enable = false;
services.spotifyd.config = ''
[global]
username = bcasarin
@@ -139,7 +139,7 @@ in
autoRepeatDelay = 200;
autoRepeatInterval = 50;
- xkbOptions = "terminate:ctrl_alt_bksp, ctrl:nocaps, keypad:hex, altwin:swap_alt_win, lv3:ralt_switch, compose:${composeKey}";
+ xkbOptions = "terminate:ctrl_alt_bksp, ctrl:nocaps, keypad:hex, altwin:swap_alt_win, lv3:ralt_switch, compose:${composeKey}";
wacom.enable = false;
@@ -215,21 +215,21 @@ in
services.clipmenu.enable = true;
- environment.systemPackages = [pkgs.phonectl];
- systemd.user.services.phonectl = {
- enable = if extra.is-minimal then false else true;
- description = "phonectl";
- wantedBy = [ "graphical-session.target" ];
- after = [ "graphical-session.target" ];
-
- serviceConfig.ExecStart = "${pkgs.phonectl}/bin/phonectld";
-
- environment = with secrets.phonectl; {
- PHONECTLUSER=user;
- PHONECTLPASS=pass;
- PHONECTLPHONE=phone;
- };
- };
+ #environment.systemPackages = [pkgs.phonectl];
+ #systemd.user.services.phonectl = {
+ # enable = if extra.is-minimal then false else true;
+ # description = "phonectl";
+ # wantedBy = [ "graphical-session.target" ];
+ # after = [ "graphical-session.target" ];
+
+ # serviceConfig.ExecStart = "${pkgs.phonectl}/bin/phonectld";
+
+ # environment = with secrets.phonectl; {
+ # PHONECTLUSER=user;
+ # PHONECTLPASS=pass;
+ # PHONECTLPHONE=phone;
+ # };
+ #};
# TODO: maybe doesn't have my package env
# systemd.user.services.xbindkeys = {
