Update thor flake

2022-05-07 15:18:05 +02:00 · 2022-05-07 15:18:05 +02:00 · 0cbcfa9fa0
commit 0cbcfa9fa0
parent a1b6645fb8
19 changed files with 27 additions and 1190 deletions
--- a/config.nix
+++ b/config.nix
@ -1,4 +0,0 @@
 {
  allowUnfree = true;
  allowUnsupportedSystem = true;
 }
--- a/flake.nix
+++ b/flake.nix
@ -63,6 +63,7 @@
      nixpkgsSettings = {
        inherit overlays system;
        config = {
          extraOptions = "experimental-features = nix-command flakes";
          allowUnfree = true;
          permittedInsecurePackages = [ "electron-9.4.4" ]; # authy dependency
        };
@ -117,7 +118,7 @@
        modules = thorBaseModules ++ [
          home-manager.nixosModules.home-manager
          homeManagerSettings
-          { home-manager.users.bertof = import ./thor.nix; }
+          { home-manager.users.bertof = import ./home_manager/thor.nix; }
        ] ++ extraModules;
      };
@ -126,7 +127,7 @@
        modules = thorBaseModules ++ [
          home-manager-unstable.nixosModules.home-manager
          homeManagerSettings
-          { home-manager.users.bertof = import ./thor.nix; }
+          { home-manager.users.bertof = import ./home_manager/thor.nix; }
        ] ++ extraModules;
      };
--- a/home_manager/modules/pro_audio.nix
+++ b/home_manager/modules/pro_audio.nix
@ -14,14 +14,14 @@ in
    carla
    rnnoise
    ardour
-    # zrythm
+    unstable.zrythm
    mixxx
    # Plugins
    # artyFX
    autotalent
    boops
-    # cardinal
+    unstable.cardinal
    geonkick
    helm
    (lsp-plugins.overrideAttrs (old: { version = "1.2.0"; }))
@ -31,7 +31,8 @@ in
    # stochas
    # sunvox
    # surge
-    surge-XT
+    unstable.giada
    unstable.surge-XT
    talentedhack
    tunefish
    vocproc
--- a/home_manager/odin.nix
+++ b/home_manager/odin.nix
@ -2,7 +2,7 @@
 {
  home = {
    packages = with pkgs; [
-      # #   pulseaudio
+      # pulseaudio
      easyeffects
      tex2nix
@ -101,7 +101,7 @@
      yq
      zip
      zoom-us
-      zotero
+      unstable.zotero
    ];
  };
@ -109,7 +109,7 @@
    ./basic_env.nix
    ./modules/cpp.nix
-    ./modules/go.nix
+    # ./modules/go.nix
    ./modules/java.nix
    ./modules/javascript.nix
    ./modules/latex.nix
@ -125,11 +125,10 @@
    ./modules/kakoune.nix
    # ./modules/keepassxc.nix
    ./modules/kitty.nix
    ./modules/latex.nix
    ./modules/libinput-gestures.nix
    ./modules/mangohud.nix
    ./modules/megasync.nix
-    # ./modules/noti.nix
+    ./modules/noti.nix
    ./modules/obs-studio.nix
    ./modules/office.nix
    ./modules/onedrive.nix
--- a/home_manager/thor.nix
+++ b/home_manager/thor.nix
@ -14,7 +14,7 @@
      ark
      authy
      bitwarden
-      (blender.override { cudaSupport = true; })
+      (unstable.blender.override { cudaSupport = true; })
      btop
      catgirl # IRC
      cava
@ -111,7 +111,7 @@
      yq
      zip
      zoom-us
-      zotero
+      unstable.zotero
      retroarchFull
      # (
@ -128,86 +128,43 @@
  };
  imports = [
-    ./modules/configurations.nix
+    ./basic_env.nix
-    ./modules/fonts.nix
+
    ./modules/cpp.nix
    # ./modules/go.nix
    ./modules/java.nix
    ./modules/javascript.nix
    ./modules/latex.nix
    ./modules/python.nix
    ./modules/rust.nix
    ./modules/alacritty.nix
    ./modules/bash.nix
    ./modules/bat.nix
    ./modules/bottom.nix
    ./modules/broot.nix
    # ./modules/bspwm.nix
    ./modules/dircolors.nix
    ./modules/direnv.nix
    # ./modules/dunst.nix
    ./modules/fzf.nix
    ./modules/git.nix
    ./modules/go.nix
    ./modules/gpg.nix
    # ./modules/grobi.nix
-    ./modules/info.nix
+    ./modules/gtk_theme.nix
    ./modules/java.nix
    ./modules/joystickwake.nix
    ./modules/jq.nix
    ./modules/kakoune.nix
    # ./modules/keepassxc.nix
    ./modules/keychain.nix
    ./modules/kitty.nix
    # ./modules/latex.nix
    ./modules/lf.nix
    ./modules/lorri.nix
    ./modules/man.nix
    ./modules/mangohud.nix
    ./modules/megasync.nix
    ./modules/nix-index.nix
    ./modules/noti.nix
    ./modules/obs-studio.nix
    ./modules/office.nix
    ./modules/onedrive.nix
    # ./modules/picom.nix
    # ./modules/polybar.nix
-    ./modules/pycharm.nix
+    ./modules/pro_audio.nix
    ./modules/gtk_theme.nix
    ./modules/rofi.nix
    ./modules/rofimoji.nix
    ./modules/rofi.nix
    # ./modules/screen_locker.nix
-    ./modules/ssh.nix
+    # ./modules/security.nix
    ./modules/starship.nix
    # ./modules/sxhkd.nix
    ./modules/syncthing.nix
    ./modules/terminator.nix
    ./modules/tmux.nix
    # ./modules/update_background.nix
    ./modules/webapp.nix
    # ./modules/xidlehook.nix
    ./modules/zoxide.nix
    ./modules/zsh.nix
    ./modules/pro_audio.nix
    # ./modules/security.nix
    ./modules/shell_aliases.nix
  ];
  services = {
    # blueman-applet.enable = true;
    # caffeine.enable = true;
    # cbatticon.enable = true;
    # gnome-keyring.enable = true;
    # network-manager-applet.enable = true;
    # playerctld.enable = true;
    # poweralertd.enable = true;
  };
  # xsession = {
  #   enable = true;
  #   numlock.enable = true;
  #   initExtra = ''
  #     ## Touchpad
  #     ${pkgs.xorg.xinput}/bin/xinput set-prop 'DELL0824:00 06CB:7E92 Touchpad' 'libinput Natural Scrolling Enabled' 1
  #     ${pkgs.xorg.xinput}/bin/xinput set-prop 'DELL0824:00 06CB:7E92 Touchpad' 'libinput Tapping Enabled' 1
  #   '';
  # };
 }
--- a/nixos/base.nix
+++ b/nixos/base.nix
@ -1,254 +0,0 @@
 { config, pkgs, lib, ... }:
 {
  imports = [
    <nixos-hardware/common/cpu/intel>
    <nixos-hardware/common/pc/laptop>
    <nixos-hardware/common/pc/laptop/ssd>
    /etc/nixos/hardware-configuration.nix
    # ./laptop.nix
    # ./pentablet.nix
    ./pro_audio.nix
    # ./defcon.nix
    # ./mind.nix
    # ./k3s.nix
    ./big_data.nix
  ];
  # Use the systemd-boot EFI boot loader.
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;
  boot.initrd.checkJournalingFS = true;
  boot.kernelPackages = pkgs.linuxKernel.packages.linux_5_16;
  boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
  # # Cross-build arm
  boot.binfmt.emulatedSystems = [ "armv7l-linux" "aarch64-linux" ];
  # Use same ACPI identifier as Dell Ubuntu
  boot.kernelParams = [
    "acpi_osi=Linux-Dell-Video"
  ];
  networking = {
    hostName = "odin";
    networkmanager.enable = true;
    # The global useDHCP flag is deprecated, therefore explicitly set to false here.
    # Per-interface useDHCP will be mandatory in the future, so this generated config
    # replicates the default behaviour.
    useDHCP = false;
    interfaces = { enp60s0.useDHCP = true; wlp0s20f3.useDHCP = true; };
    # Configure network proxy if necessary
    # proxy.default = "http://user:password@proxy:port/";
    # proxy.noProxy = "127.0.0.1,localhost,internal.domain";
    # Open ports in the firewall.
    # firewall.allowedTCPPorts = [ ... ];
    # firewall.allowedUDPPorts = [ ... ];
    # Or disable the firewall altogether.
    # firewall.enable = false;
    hosts = {
      "*.engine.sesar.int" = [ "172.20.28.210" ];
      "vcenter.sesar.int" = [ "159.149.147.137" ];
    };
  };
  # Set your time zone.
  time.timeZone = "Europe/Rome";
  # Select internationalisation properties.
  i18n.defaultLocale = "it_IT.UTF-8";
  console = {
    font = "Lat2-Terminus16";
    keyMap = "it";
  };
  # X11 windowing system.
  services.xserver = {
    enable = true;
    # Enable the GNOME 3 Desktop Environment.
    # displayManager.gdm = {
    #   enable = true;
    #   wayland = true;
    #   nvidiaWayland = true;
    # };
    desktopManager.gnome.enable = true;
    # windowManager.bspwm.enable = true;
    # Configure keymap in X11
    layout = "it";
    extraLayouts = {
      eng = { languages = [ "eng" ]; description = "English layout for external keyboard"; };
    };
    xkbOptions = "eurosign:e;";
    libinput.enable = true;
  };
  # Enable CUPS to print documents.
  services.printing = {
    enable = true;
    drivers = with pkgs; [ gutenprint cups-kyocera ];
  };
  services.fwupd.enable = true;
  # Enable sound.
  # PULSE
  # sound.enable = true;
  # hardware.pulseaudio.enable = true;
  # PIPEWIRE
  hardware.pulseaudio.enable = false;
  security.rtkit.enable = true;
  services.pipewire = {
    enable = true;
    pulse.enable = true;
    jack.enable = true;
    alsa = { enable = true; support32Bit = true; };
    # media-session.enable = true;
  };
  environment.sessionVariables.LD_LIBRARY_PATH = lib.mkForce "${config.services.pipewire.package.jack}/lib"; # Temporary fix for WebKitGTK
  # # Tablet
  # hardware.opentabletdriver = {
  #   enable = true;
  #   daemon.enable = true;
  # };
  # Define a user account. Don't forget to set a password with ‘passwd’.
  users.users.bertof = {
    isNormalUser = true;
    extraGroups = [ "audio" "input" "docker" "flashrom" "libvirtd" "network" "usb" "video" "wheel" ];
    shell = pkgs.zsh;
    openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+zsSWZFFzQKnATCAvtG+iuSm4qkZHjCtHzGa9B/71W" ];
  };
  # List packages installed in system profile. To search, run:
  # $ nix search wget
  environment.systemPackages = with pkgs; [ tmux firefox kakoune vim ];
  # Some programs need SUID wrappers, can be configured further or are
  # started in user sessions.
  # programs.mtr.enable = true;
  programs.flashrom.enable = true;
  programs.gnupg.agent = { enable = true; enableSSHSupport = true; };
  programs.steam.enable = true;
  programs.dconf.enable = true;
  programs.zsh = { enable = true; syntaxHighlighting.enable = true; };
  # List services that you want to enable:
  # Enable the OpenSSH daemon.
  services.openssh = { enable = true; openFirewall = true; permitRootLogin = "no"; passwordAuthentication = false; };
  # Cooling management
  services.thermald.enable = true;
  services.snapper = {
    configs =
      let
        bertofExtraConfig = ''
          ALLOW_USERS="bertof"
          TIMELINE_CREATE=yes
          TIMELINE_CLEANUP=yes
        '';
        common = { extraConfig = bertofExtraConfig; };
      in
      {
        bertof_home = common // { subvolume = "/home/bertof"; };
        bertof_music = common // { subvolume = "/home/bertof/Musica"; };
        bertof_downloads = common // { subvolume = "/home/bertof/Scaricati"; };
        bertof_images = common // { subvolume = "/home/bertof/Immagini"; };
        bertof_videos = common // { subvolume = "/home/bertof/Video"; };
        bertof_documents = common // { subvolume = "/home/bertof/Documenti"; };
        bertof_games_ssd = common // { subvolume = "/home/bertof/Giochi/SSD"; };
        # bertof_games_hdd = common // { subvolume = "/home/bertof/Giochi/HDD"; };
        bertof_git = common // { subvolume = "/home/bertof/Documenti/Git"; };
      };
  };
  services.dbus.packages = with pkgs; [ dconf ];
  services.gnome.gnome-keyring.enable = true;
  hardware.bluetooth.enable = true;
  # services.blueman.enable = true;
  services.zerotierone = { enable = true; joinNetworks = [ "8056c2e21cf9c753" ]; };
  services.gvfs = { enable = true; package = lib.mkForce pkgs.gnome3.gvfs; };
  # services.tlp.enable = false;
  services.avahi = {
    enable = true;
    openFirewall = true;
    nssmdns = true;
    publish = {
      enable = true;
      addresses = true;
      domain = true;
      userServices = true;
      workstation = true;
    };
    extraServiceFiles = {
      ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
    };
  };
  # SMART
  services.smartd = { enable = true; notifications.x11.enable = true; };
  # FPRINTD
  # services.fprintd = {
  #   enable = true;
  #   tod = { enable = true; driver = pkgs.libfprint-2-tod1-goodix; };
  # };
  security.pam.services.login.fprintAuth = true;
  security.pam.services.xscreensaver.fprintAuth = true;
  # Clamav
  services.clamav = { daemon.enable = true; updater.enable = true; };
  # Power-profiles
  services.power-profiles-daemon.enable = true;
  # services.teamviewer.enable = true;
  # Virtualisation
  virtualisation = {
    docker.enable = true;
    kvmgt.enable = true;
    libvirtd.enable = true;
    podman.enable = true;
    virtualbox.host.enable = true;
  };
  # Allow completion for system packages
  environment.pathsToLink = [ "/share/zsh" ];
  security.sudo.extraConfig = ''
    Defaults pwfeedback
  '';
  security.pam.services.sddm.enableGnomeKeyring = true;
  nixpkgs.config = {
    allowUnfree = true;
    packageOverrides = pkgs: {
      steam = pkgs.steam.override {
        extraPkgs = pkgs: with pkgs; [ icu ];
      };
    };
  };
  nix = {
    package = pkgs.nixFlakes;
    extraOptions = lib.optionalString (config.nix.package == pkgs.nixFlakes)
      "experimental-features = nix-command flakes";
    gc.automatic = true;
  };
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "21.11"; # Did you read the comment?
 }
--- a/nixos/big_data.nix
+++ b/nixos/big_data.nix
@ -1,276 +0,0 @@
 { config, lib, pkgs, ... }:
 let
  setup_scirpt = ''
    sudo mkdir -p /hdfs
    sudo chown -R hdfs:hadoop /hdfs
    for p in {nn,dn,jn,rm,nm,jhs,HTTP}; do
    	sudo kadmin.local -q "ank -randkey $p/my.engine";
    	sudo kadmin.local -q "xst -k /etc/hadoop.keytab $p/my.engine";
    	sudo kadmin.local -q "ktrem -k /etc/hadoop.keytab $p/my.engine old"
    done
    sudo chown hdfs:hadoop /etc/hadoop.keytab
    sudo kadmin.local -q "ank -randkey spark/my.engine";
    sudo kadmin.local -q "xst -k /etc/spark.keytab spark/my.engine";
    sudo kadmin.local -q "ktrem -k /etc/spark.keytab spark/my.engine old"
    sudo chown spark:spark /etc/spark.keytab
  '';
  hadoop_keytab_path = "/etc/hadoop.keytab";
  spark_keytab_path = "/etc/spark.keytab";
  pysparkPackageSelector = p: with p; [ numpy pyspark ];
  pysparkEnv = pkgs.python3.withPackages pysparkPackageSelector;
  hadoopConf = import <nixos/nixos/modules/services/cluster/hadoop/conf.nix> {
    inherit pkgs lib;
    cfg = config.services.hadoop;
  };
  hadoopConfDir = "${hadoopConf}/";
  spark = pkgs.spark.override {
    extraPythonPackages = pysparkPackageSelector pkgs.python3.pkgs;
  };
  sparkConfDir = pkgs.stdenv.mkDerivation {
    name = "spark-conf";
    dontUnpack = true;
    installPhase = ''
      # source standard environment
      . $stdenv/setup
      # shorthands
      base_conf=${pkgs.spark}/lib/${pkgs.spark.untarDir}/conf/
      # create output dirs for new derivation
      mkdir -p $out/
      # link unchanged files from the original gnome-session
      for f in $base_conf/*.template ; do
         ln -sf $f $out/
      done
      # change selected files
      cp $out/log4j.properties{.template,}
      cat > $out/spark-env.sh <<- STOP
      export JAVA_HOME="${pkgs.jdk8}"
      export SPARK_HOME="${pkgs.spark}/lib/${pkgs.spark.untarDir}"
      export SPARK_DIST_CLASSPATH=$(${pkgs.hadoop}/bin/hadoop classpath)
      export PYSPARK_PYTHON="${pysparkEnv.outPath}/bin/${pysparkEnv.executable}"
      export PYSPARK_DRIVER_PYTHON="${pysparkEnv.outPath}/bin/${pysparkEnv.executable}"
      export PYTHONPATH="\$PYTHONPATH:$PYTHONPATH"
      export HADOOP_CONF_DIR="${hadoopConfDir}"
      export SPARKR_R_SHELL="${pkgs.R}/bin/R"
      export PATH="\$PATH:${pkgs.R}/bin"
      STOP
      cat > $out/spark-defaults.conf <<- STOP
      spark.eventLog.enabled									true
      spark.eventLog.dir											hdfs://localhost:/logs/spark
      spark.history.fs.logDirectory						hdfs://localhost:/logs/spark
      # spark.yarn.keytab											${spark_keytab_path}
      # spark.yarn.principal									spark/my.engine@MY.ENGINE
      spark.history.ui.acls.enable						true
      spark.history.kerberos.enabled					true
      spark.history.kerberos.keytab						${spark_keytab_path}
      spark.history.kerberos.principal				spark/my.engine@MY.ENGINE
      spark.yarn.appMasterEnv.PYSPARK_PYTHON	${pysparkEnv.outPath}/bin/${pysparkEnv.executable}
      spark.yarn.appMasterEnv.PYTHONPATH			${pysparkEnv.outPath}/lib/${pysparkEnv.executable}/site-packages
      spark.executorEnv.PYSPARK_PYTHON        ${pysparkEnv.outPath}/bin/${pysparkEnv.executable}
      STOP
    '';
  };
 in
 {
  networking = {
    hosts = {
      "127.0.0.1" = [
        "ds.my.engine"
        "kdc.my.engine"
        "my.engine"
      ];
    };
  };
  services = {
    spark = {
      package = spark;
      master = { enable = true; restartIfChanged = true; };
      worker = { enable = true; restartIfChanged = true; };
      confDir = sparkConfDir;
    };
    hadoop = {
      coreSite = {
        "fs.defaultFS" = "hdfs://my.engine:8020";
        # HDFS IMPERSONATION
        "hadoop.proxyuser.hdfs.hosts" = "*";
        "hadoop.proxyuser.hdfs.groups" = "*";
        # HIVE IMPERSONATION
        "hadoop.proxyuser.hive.hosts" = "*";
        "hadoop.proxyuser.hive.groups" = "*";
        # ENABLE AUTHENTICATION
        "hadoop.security.authentication" = "kerberos";
        "hadoop.security.authorization" = "true";
        "hadoop.rpc.protection" = "privacy";
        "hadoop.security.auth_to_local" = ''
          RULE:[2:$1/$2@$0]([ndj]n/.*@MY\.ENGINE)s/.*/hdfs/
          RULE:[2:$1/$2@$0]([rn]m/.*@MY\.ENGINE)s/.*/yarn/
          RULE:[2:$1/$2@$0](jhs/.*@MY\.ENGINE)s/.*/mapred/
          DEFAULT
        '';
      };
      hdfsSite = {
        # DATA
        "dfs.namenode.name.dir" = "/hdfs/dfs/name";
        "dfs.datanode.data.dir" = "/hdfs/dfs/data";
        "dfs.journalnode.edits.dir" = "/hdfs/dfs/edits";
        # HDFS SECURITY
        "dfs.block.access.token.enable" = "true";
        # NAME NODE SECURITY
        "dfs.namenode.keytab.file" = hadoop_keytab_path;
        "dfs.namenode.kerberos.principal" = "nn/my.engine@MY.ENGINE";
        "dfs.namenode.kerberos.internal.spnego.principal" = "HTTP/my.engine@MY.ENGINE";
        # SECONDARY NAME NODE SECURITY
        "dfs.secondary.namenode.keytab.file" = hadoop_keytab_path;
        "dfs.secondary.namenode.kerberos.principal" = "nn/my.engine@MY.ENGINE";
        "dfs.secondary.namenode.kerberos.internal.spnego.principal" = "HTTP/my.engine@MY.ENGINE";
        # DATA NODE SECURITY
        "dfs.datanode.keytab.file" = hadoop_keytab_path;
        "dfs.datanode.kerberos.principal" = "dn/my.engine@MY.ENGINE";
        # JOURNAL NODE SECURITY
        "dfs.journalnode.keytab.file" = hadoop_keytab_path;
        "dfs.journalnode.kerberos.principal" = "jn/my.engine@MY.ENGINE";
        # WEBHDFS SECURITY
        "dfs.webhdfs.enabled" = "true";
        # WEB AUTHENTICATION CONFIG
        "dfs.web.authentication.kerberos.principal" = "HTTP/my.engine@MY.ENGINE";
        "dfs.web.authentication.kerberos.keytab" = hadoop_keytab_path;
        "ignore.secure.ports.for.testing" = "true";
        "dfs.http.policy" = "HTTP_ONLY";
        "dfs.data.transfer.protection" = "privacy";
        # ## MULTIHOMED
        # "dfs.namenode.rpc-bind-host" = "0.0.0.0";
        # "dfs.namenode.servicerpc-bind-host" = "0.0.0.0";
        # "dfs.namenode.http-bind-host" = "0.0.0.0";
        # "dfs.namenode.https-bind-host" = "0.0.0.0";
        # "dfs.client.use.datanode.hostname" = "true"; # force connection by hostname
        # "dfs.datanode.use.datanode.hostname" = "true"; # force connection by hostname
      };
      yarnSite = {
        "yarn.nodemanager.admin-env" = "PATH=$PATH";
        "yarn.nodemanager.aux-services" = "mapreduce_shuffle";
        "yarn.nodemanager.aux-services.mapreduce_shuffle.class" = "org.apache.hadoop.mapred.ShuffleHandler";
        "yarn.nodemanager.bind-host" = "0.0.0.0";
        "yarn.nodemanager.container-executor.class" = "org.apache.hadoop.yarn.server.nodemanager.LinuxContainerExecutor";
        "yarn.nodemanager.env-whitelist" = "JAVA_HOME,HADOOP_COMMON_HOME,HADOOP_HDFS_HOME,HADOOP_CONF_DIR,CLASSPATH_PREPEND_DISTCACHE,HADOOP_YARN_HOME,HADOOP_HOME,LANG,TZ";
        "yarn.nodemanager.linux-container-executor.group" = "hadoop";
        "yarn.nodemanager.linux-container-executor.path" = "/run/wrappers/yarn-nodemanager/bin/container-executor";
        "yarn.nodemanager.log-dirs" = "/var/log/hadoop/yarn/nodemanager";
        "yarn.resourcemanager.bind-host" = "0.0.0.0";
        "yarn.resourcemanager.scheduler.class" = "org.apache.hadoop.yarn.server.resourcemanager.scheduler.fifo.FifoScheduler";
        "yarn.resourcemanager.keytab" = hadoop_keytab_path;
        "yarn.resourcemanager.principal" = "rm/my.engine@MY.ENGINE";
        "yarn.nodemanager.keytab" = hadoop_keytab_path;
        "yarn.nodemanager.principal" = "nm/my.engine@MY.ENGINE";
        # "yarn.nodemanager.container-executor.class" = "org.apache.hadoop.yarn.server.nodemanager.LinuxContainerExecutor";
        "yarn.scheduler.capacity.root.queues" = "default";
        "yarn.scheduler.capacity.root.default.capacity" = 100;
        # "yarn.scheduler.capacity.root.default.state" = "RUNNING";
        "yarn.scheduler.capacity.root.acl_submit_applications" = "hadoop,yarn,mapred,hdfs";
      };
      extraConfDirs = [ ];
      hdfs = {
        namenode = { enable = true; formatOnInit = true; restartIfChanged = true; };
        datanode = { enable = true; restartIfChanged = true; };
        journalnode = { enable = true; restartIfChanged = true; };
        zkfc = { enable = false; restartIfChanged = true; }; # ZOOKEEPER DISABLED, not using High Availability setup
        httpfs = { enable = true; restartIfChanged = true; };
      };
      yarn = {
        resourcemanager = { enable = true; restartIfChanged = true; };
        nodemanager = { enable = true; restartIfChanged = true; };
      };
    };
    kerberos_server = {
      enable = true;
      realms."MY.ENGINE".acl = [
        { principal = "*/admin"; access = "all"; }
        { principal = "*/my.engine"; access = "all"; }
      ];
    };
  };
  krb5 = {
    enable = true;
    realms = {
      "MY.ENGINE" = {
        admin_server = "kdc.my.engine";
        kdc = "kdc.my.engine";
        # default_domain = "my.engine";
        # kpasswd_server = "odin";
      };
    };
    domain_realm = {
      # ".my.engine" = "MY.ENGINE";
      "my.engine" = "MY.ENGINE";
    };
    libdefaults = {
      default_realm = "MY.ENGINE";
      dns_lookup_realm = true;
      dns_lookup_kdc = true;
      ticket_lifetime = "24h";
      renew_lifetime = "7d";
      forwardable = true;
    };
    extraConfig = ''
      [logging]
        default = FILE:/var/log/krb5libs.log
        kdc = FILE:/var/log/krb5kdc.log
        admin_server = FILE:/var/log/kadmind.log
    '';
  };
  users.users.bertof.extraGroups = [ "hadoop" ];
  systemd.services.spark-history = {
    path = with pkgs; [ procps openssh nettools ];
    description = "spark history service.";
    after = [ "network.target" ];
    wantedBy = [ "multi-user.target" ];
    restartIfChanged = true;
    environment = {
      SPARK_CONF_DIR = sparkConfDir;
      SPARK_LOG_DIR = "/var/log/spark";
    };
    serviceConfig = {
      Type = "forking";
      User = "spark";
      Group = "spark";
      WorkingDirectory = "${pkgs.spark}/lib/${pkgs.spark.untarDir}";
      ExecStart = "${pkgs.spark}/lib/${pkgs.spark.untarDir}/sbin/start-history-server.sh";
      ExecStop = "${pkgs.spark}/lib/${pkgs.spark.untarDir}/sbin/stop-history-server.sh";
      TimeoutSec = 300;
      StartLimitBurst = 10;
      Restart = "always";
    };
  };
 }
--- a/nixos/laptop.nix
+++ b/nixos/laptop.nix
@ -1,27 +0,0 @@
 { config, lib, ... }:
 {
  # SSD swappines
  boot.kernel.sysctl = {
    "vm.swappiness" = lib.mkDefault 1;
  };
  # Atheros WiFi module
  boot.blacklistedKernelModules = lib.optionals (!config.hardware.enableRedistributableFirmware) [
    "ath3k"
  ];
  # ACPI support
  boot = {
    kernelModules = [ "acpi_call" ];
    extraModulePackages = with config.boot.kernelPackages; [ acpi_call ];
  };
  # Touchpad support
  services.xserver.libinput.enable = lib.mkDefault true;
  # SSD trim service
  services.fstrim.enable = lib.mkDefault true;
  # Hard disk protection if the laptop falls:
  services.hdapsd.enable = lib.mkDefault true;
 }
--- a/nixos/odin-intel.nix
+++ b/nixos/odin-intel.nix
@ -1,37 +0,0 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 { config, pkgs, ... }:
 {
  imports = [
    ./base.nix
  ];
  boot.initrd.kernelModules = [ "i915" ];
  hardware.cpu.intel.updateMicrocode = config.hardware.enableRedistributableFirmware;
  hardware.opengl.enable = true;
  hardware.opengl.extraPackages = with pkgs; [
    intel-media-driver
    vaapiIntel
    vaapiVdpau
    libvdpau-va-gl
  ];
  services.xserver = {
    displayManager.gdm = {
      enable = true;
      wayland = true;
    };
  };
  # This runs only Intel and nvidia does not drain power.
  ##### disable nvidia for a very nice battery life.
  hardware.nvidiaOptimus.disable = true;
  boot.blacklistedKernelModules = [ "nouveau" "nvidia" ];
  services.xserver.videoDrivers = [ "intel" ];
  hardware.opengl.driSupport32Bit = true;
 }
--- a/nixos/odin-nvidia.nix
+++ b/nixos/odin-nvidia.nix
@ -1,36 +0,0 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 { config, pkgs, ... }:
 {
  imports =
    [
      <nixos-hardware/common/cpu/amd>
      <nixos-hardware/common/pc/laptop/ssd>
      ./base.nix
    ];
  boot.initrd.kernelModules = [ "i915" ];
  hardware.cpu.intel.updateMicrocode = config.hardware.enableRedistributableFirmware;
  services.xserver = {
    videoDrivers = [ "nvidia" ];
    displayManager.sddm = {
      enable = true;
      autoNumlock = true;
    };
  };
  hardware.nvidia.prime = {
    offload.enable = false;
    sync.enable = true;
    intelBusId = "PCI:0:2:0";
    nvidiaBusId = "PCI:1:0:0";
  };
  # hardware.nvidia.modesetting.enable = true;
  # hardware.nvidia.package = pkgs.linuxPackages.nvidia_x11;
  hardware.opengl.driSupport32Bit = true;
 }
--- a/nixos/pro_audio.nix
+++ b/nixos/pro_audio.nix
@ -1,61 +0,0 @@
 { pkgs, lib, ... }: {
  boot = {
    # kernelModules = [ "snd-seq" "snd-rawmidi" ];
    # kernel.sysctl = { "vm.swappiness" = 10; "fs.inotify.max_user_watches" = 524288; };
    # kernelParams = [ "threadirq" ];
    # kernelPatches = lib.singleton {
    #   name = "pro_audio";
    #   patch = null;
    #   extraConfig = ''
    #     PREEMPT_RT y
    #     PREEMPT y
    #     IOSCHED_DEADLINE y
    #     DEFAULT_DEADLINE y
    #     DEFAULT_IOSCHED "deadline"
    #     HPET_TIMER y
    #     CPU_FREQ n
    #     TREE_RCU_TRACE n
    #   '';
    # };
    # postBootCommands = ''
    #   echo 2048 > /sys/class/rtc/rtc0/max_user_freq
    #   echo 2048 > /proc/sys/dev/hpet/max-user-freq
    #   # setpci -v -d *:* latency_timer=b0
    #   # setpci -v -s $00:1b.0 latency_timer=ff
    # '';
    # The SOUND_CARD_PCI_ID can be obtained like so:
    # $ lspci ¦ grep -i audio
  };
  # powerManagement.cpuFreqGovernor = "performance";
  # fileSystems."/" = { options = "noatime errors=remount-ro"; };
  security.pam.loginLimits = [
    { domain = "@audio"; item = "memlock"; type = "-"; value = "unlimited"; }
    { domain = "@audio"; item = "rtprio"; type = "-"; value = "99"; }
    { domain = "@audio"; item = "nofile"; type = "soft"; value = "99999"; }
    { domain = "@audio"; item = "nofile"; type = "hard"; value = "99999"; }
  ];
  # services = {
  #   udev = {
  #     packages = [ pkgs.ffado ]; # If you have a FireWire audio interface
  #     extraRules = ''
  #       KERNEL=="rtc0", GROUP="audio"
  #       KERNEL=="hpet", GROUP="audio"
  #     '';
  #   };
  #   cron.enable = false;
  # };
  environment.shellInit = ''
    export VST_PATH=/nix/var/nix/profiles/default/lib/vst:/var/run/current-system/sw/lib/vst:~/.vst
    export LXVST_PATH=/nix/var/nix/profiles/default/lib/lxvst:/var/run/current-system/sw/lib/lxvst:~/.lxvst
    export LADSPA_PATH=/nix/var/nix/profiles/default/lib/ladspa:/var/run/current-system/sw/lib/ladspa:~/.ladspa
    export LV2_PATH=/nix/var/nix/profiles/default/lib/lv2:/var/run/current-system/sw/lib/lv2:~/.lv2
    export DSSI_PATH=/nix/var/nix/profiles/default/lib/dssi:/var/run/current-system/sw/lib/dssi:~/.dssi
  '';
 }
--- a/nixos/thor.nix
+++ b/nixos/thor.nix
@ -1,223 +0,0 @@
 # Edit this configuration file to define what should be installed on
 # your system.  Help is available in the configuration.nix(5) man page
 # and in the NixOS manual (accessible by running ‘nixos-help’).
 { config, pkgs, lib, ... }:
 {
  imports = [
    <nixos-hardware/common/cpu/amd>
    <nixos-hardware/common/pc/ssd>
    /etc/nixos/hardware-configuration.nix
    ./pro_audio.nix
    ./big_data.nix
  ];
  boot = {
    binfmt.emulatedSystems = [ "armv7l-linux" "aarch64-linux" ];
    extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
    loader = {
      systemd-boot.enable = true;
      efi.canTouchEfiVariables = true;
    };
    initrd = {
      checkJournalingFS = true;
      luks.devices = {
        root = {
          device = "/dev/nvme0n1p2";
          preLVM = true;
          allowDiscards = true;
        };
      };
    };
  };
  console = {
    font = "Lat2-Terminus16";
    keyMap = "us";
  };
  environment = {
    pathsToLink = [ "/share/zsh" ];
    systemPackages = with pkgs; [
      kakoune
      tmux
      vim
    ];
  };
  hardware = {
    bluetooth.enable = true;
    enableRedistributableFirmware = true;
    pulseaudio.enable = false;
    # nvidia.modesetting.enable = true;
  };
  i18n.defaultLocale = "it_IT.UTF-8";
  programs = {
    dconf.enable = true;
    flashrom.enable = true;
    gnupg.agent = {
      enable = true;
      enableSSHSupport = true;
    };
    steam = {
      enable = true;
    };
    zsh = {
      enable = true;
      syntaxHighlighting.enable = true;
    };
  };
  networking = {
    hostName = "thor"; # Define your hostname.
    interfaces = {
      eno1.useDHCP = true;
      wlp5s0.useDHCP = true;
    };
    networkmanager.enable = true;
    useDHCP = false;
    hosts = {
      "*.engine.sesar.int" = [ "172.20.28.210" ];
      "vcenter.sesar.int" = [ "172.20.28.20" ];
    };
  };
  time.timeZone = "Europe/Rome";
  services = {
    avahi = {
      enable = true;
      openFirewall = true;
      nssmdns = true;
      publish = {
        enable = true;
        addresses = true;
        domain = true;
        userServices = true;
        workstation = true;
      };
      extraServiceFiles = {
        ssh = "${pkgs.avahi}/etc/avahi/services/ssh.service";
      };
    };
    clamav = { daemon.enable = true; updater.enable = true; };
    dbus.packages = with pkgs; [ pkgs.dconf ];
    gnome.gnome-keyring.enable = true;
    gvfs = { enable = true; package = pkgs.gnome3.gvfs; };
    fwupd.enable = true;
    openssh = { enable = true; openFirewall = true; permitRootLogin = "no"; passwordAuthentication = false; forwardX11 = true; };
    pipewire = {
      enable = true;
      pulse.enable = true;
      jack.enable = true;
      alsa = {
        enable = true;
        support32Bit = true;
      };
      media-session.enable = true;
    };
    power-profiles-daemon.enable = true;
    smartd = { enable = true; notifications.x11.enable = true; };
    snapper = {
      configs =
        let
          common = {
            extraConfig = ''
              ALLOW_USERS="bertof"
              TIMELINE_CREATE=yes
              TIMELINE_CLEANUP=yes
            '';
          };
        in
        {
          bertof_home = common // { subvolume = "/home/bertof"; };
        };
    };
    thermald.enable = true;
    xserver = {
      enable = true;
      desktopManager = {
        # gnome.enable = true;
        # cinnamon.enable = true;
        plasma5 = {
          enable = true;
          runUsingSystemd = true;
          useQtScaling = true;
        };
      };
      # displayManager.gdm = { enable = true; nvidiaWayland = true; };
      displayManager.sddm.enable = true;
      layout = "us";
      videoDrivers = [ "nvidia" ];
      xkbOptions = "eurosign:e";
    };
    # gnome.gnome-remote-desktop.enable = true;
    zerotierone = { enable = true; joinNetworks = [ "8056c2e21cf9c753" ]; };
    ethminer = {
      enable = false;
      wallet = "0x73b788882e1C182123333f42FFf275B7dd7f51bb";
      toolkit = "opencl";
      rig = "thor";
      pool = "eth-eu1.nanopool.org";
      stratumPort = 9999;
      registerMail = "";
    };
    # teamviewer.enable = true;
  };
  services.teamviewer.enable = true;
  security = {
    pam.services."kde" = {
      enableKwallet = true;
    };
    rtkit.enable = true;
    sudo.extraConfig = ''
      Defaults pwfeedback
    '';
  };
  sound.enable = false;
  users.users.bertof = {
    isNormalUser = true;
    extraGroups = [ "audio" "input" "docker" "flashrom" "libvirtd" "network" "networkmanager" "usb" "video" "wheel" ];
    openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN+zsSWZFFzQKnATCAvtG+iuSm4qkZHjCtHzGa9B/71W" ];
    shell = pkgs.zsh;
    useDefaultShell = false;
  };
  virtualisation = {
    docker.enable = true;
    kvmgt.enable = true;
    libvirtd.enable = true;
    podman.enable = true;
    virtualbox.host.enable = true;
  };
  nixpkgs.config = {
    allowUnfree = true;
    packageOverrides = pkgs: {
      steam = pkgs.steam.override {
        extraPkgs = pkgs: with pkgs; [ ];
        extraLibraries = pkgs: with pkgs; [ fontconfig.lib icu freetype ];
      };
    };
    # cudaSupport = true;
  };
  nix = {
    package = pkgs.nixFlakes;
    extraOptions = lib.optionalString (config.nix.package == pkgs.nixFlakes)
      "experimental-features = nix-command flakes";
    gc.automatic = true;
  };
  system.stateVersion = "21.05"; # Did you read the comment?
 }
--- a/nixos_modules/defcon.nix
+++ b/nixos_modules/defcon.nix
--- a/nixos_modules/k3s.nix
+++ b/nixos_modules/k3s.nix
--- a/nixos_modules/mind.nix
+++ b/nixos_modules/mind.nix
--- a/nixos_modules/pentablet.nix
+++ b/nixos_modules/pentablet.nix
--- a/odin.nix
+++ b/odin.nix
@ -1,199 +0,0 @@
 { pkgs, lib, ... }:
 {
  home = {
    language.base = "it_IT.UTF-8";
    keyboard = {
      layout = "it";
      options = [ "terminate:ctrl_alt_bksp" "compose:rctrl" ];
    };
    packages = with pkgs; [
      #   pulseaudio
      easyeffects
      tex2nix
      kubectl
      docker-compose
      docker-machine
      arandr
      ark
      authy
      bitwarden
      btop
      catgirl # IRC
      cava
      discord
      droidcam
      # element-desktop # matrix client
      # evolution
      file
      filelight
      # firefox
      gallery-dl
      # gnome.dconf-editor
      # gnome.eog
      # gnome.evince
      # gnomeExtensions.appindicator
      # gnomeExtensions.caffeine
      # gnomeExtensions.dash-to-dock
      # # gnomeExtensions.dynamic-panel-transparency
      # gnomeExtensions.gtile
      # gnomeExtensions.just-perfection
      # gnomeExtensions.vitals
      # gnome.file-roller
      # gnome.gnome-screenshot
      gnome.gnome-sound-recorder
      gnome.gnome-sudoku
      # gnome.gnome-system-monitor
      # gnome.gnome-tweaks
      # gnome.nautilus
      # gnome.quadrapassel
      # gnome.seahorse
      # gnome.sushi
      google-chrome
      gucharmap
      htop
      httpie
      # hyperspace-cli
      inkscape
      jetbrains.datagrip
      kmail
      kompare
      kontact
      korganizer
      krita
      ksystemlog
      kubectl
      lutris
      kcolorchooser
      kompare
      korganizer
      # keepassxc
      kgpg
      # kid3 # tag mp3
      krita
      ksystemlog
      lutris
      meld
      mmv-go
      mpv
      neofetch
      nixos-option
      nix-prefetch-scripts
      nix-tree
      obsidian
      okular
      openvpn
      p7zip
      pavucontrol
      pcmanfm
      pentablet-driver
      procps
      ripgrep
      skypeforlinux
      spotify
      tdesktop
      teams
      tracker
      transmission-gtk
      unrar
      unzip
      virt-manager
      wget
      # wineFull
      wireguard-tools
      xclip
      xournalpp
      yq
      zip
      zoom-us
      zotero
    ];
  };
  imports = [
    ./modules/configurations.nix
    ./modules/fonts.nix
    ./modules/alacritty.nix
    ./modules/bash.nix
    ./modules/bat.nix
    ./modules/bottom.nix
    ./modules/broot.nix
    # ./modules/bspwm.nix
    ./modules/dircolors.nix
    ./modules/direnv.nix
    # ./modules/dunst.nix
    ./modules/fzf.nix
    ./modules/git.nix
    ./modules/go.nix
    ./modules/gpg.nix
    # ./modules/grobi.nix
    ./modules/info.nix
    ./modules/java.nix
    ./modules/joystickwake.nix
    ./modules/jq.nix
    ./modules/kakoune.nix
    # ./modules/keepassxc.nix
    ./modules/keychain.nix
    ./modules/kitty.nix
    ./modules/latex.nix
    ./modules/lf.nix
    ./modules/libinput-gestures.nix
    # ./modules/lorri.nix
    ./modules/man.nix
    ./modules/mangohud.nix
    ./modules/megasync.nix
    ./modules/nix-index.nix
    # ./modules/noti.nix
    ./modules/obs-studio.nix
    ./modules/office.nix
    ./modules/onedrive.nix
    # ./modules/picom.nix
    # ./modules/polybar.nix
    ./modules/pycharm.nix
    ./modules/gtk_theme.nix
    ./modules/rofi.nix
    ./modules/rofimoji.nix
    # ./modules/screen_locker.nix
    ./modules/ssh.nix
    ./modules/starship.nix
    # ./modules/sxhkd.nix
    ./modules/syncthing.nix
    ./modules/terminator.nix
    ./modules/tmux.nix
    # ./modules/update_background.nix
    ./modules/webapp.nix
    # ./modules/xidlehook.nix
    ./modules/zoxide.nix
    ./modules/zsh.nix
    ./modules/pro_audio.nix
    # ./modules/security.nix
    ./modules/shell_aliases.nix
  ];
  services = {
    # blueman-applet.enable = true;
    # caffeine.enable = true;
    # cbatticon.enable = true;
    # gnome-keyring.enable = true;
    # network-manager-applet.enable = true;
    # playerctld.enable = true;
    # poweralertd.enable = true;
  };
  # xsession = {
  #   enable = true;
  #   numlock.enable = true;
  #   initExtra = ''
  #     ## Touchpad
  #     ${pkgs.xorg.xinput}/bin/xinput set-prop 'DELL0824:00 06CB:7E92 Touchpad' 'libinput Natural Scrolling Enabled' 1
  #     ${pkgs.xorg.xinput}/bin/xinput set-prop 'DELL0824:00 06CB:7E92 Touchpad' 'libinput Tapping Enabled' 1
  #   '';
  # };
 }
--- a/overlays.nix
+++ b/overlays.nix
@ -1,4 +0,0 @@
 [
  (import (builtins.fetchTarball "https://github.com/oxalica/rust-overlay/archive/master.tar.gz"))
 ]
--- a/thor/configuration.nix
+++ b/thor/configuration.nix
@ -4,7 +4,7 @@
  boot = {
    binfmt.emulatedSystems = [ "armv7l-linux" "aarch64-linux" ];
-    kernelPackages = pkgs.linuxPackages_latest;
+    kernelPackages = pkgs.linuxPackages_5_17;
    extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
    loader = {
      systemd-boot.enable = true;