talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Restructure flake.nix for a simpler config for building different images off the same NixOS config.

Browse Source
This commit is contained in:
Tom Alexander 2025-10-11 00:08:02 -04:00
parent 69b5cf9217
commit 7c82036bd7
Signed by: talexander
GPG Key ID: 36C99E8B3C39D85F
121 changed files with 2922 additions and 3074 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

142
nix/configuration/configuration.nix
View File

@ -1,7 +1,6 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:
@ -12,6 +11,7 @@
./roles/amd_s2idle ./roles/amd_s2idle
./roles/ansible ./roles/ansible
./roles/ares ./roles/ares
./roles/base
./roles/bluetooth ./roles/bluetooth
./roles/boot ./roles/boot
./roles/chromecast ./roles/chromecast
@ -19,6 +19,7 @@
./roles/d2 ./roles/d2
./roles/direnv ./roles/direnv
./roles/distributed_build ./roles/distributed_build
./roles/doas
./roles/docker ./roles/docker
./roles/ecc ./roles/ecc
./roles/emacs ./roles/emacs
@ -27,6 +28,7 @@
./roles/firewall ./roles/firewall
./roles/flux ./roles/flux
./roles/fonts ./roles/fonts
./roles/image_based_appliance
./roles/gcloud ./roles/gcloud
./roles/git ./roles/git
./roles/global_options ./roles/global_options
@ -66,12 +68,14 @@
./roles/sound ./roles/sound
./roles/spaghettikart ./roles/spaghettikart
./roles/ssh ./roles/ssh
./roles/sshd
./roles/steam ./roles/steam
./roles/steam_run_free ./roles/steam_run_free
./roles/sway ./roles/sway
./roles/tekton ./roles/tekton
./roles/terraform ./roles/terraform
./roles/thunderbolt ./roles/thunderbolt
./roles/user
./roles/uutils ./roles/uutils
./roles/vnc_client ./roles/vnc_client
./roles/vscode ./roles/vscode
@ -86,55 +90,26 @@
./util/unfree_polyfill ./util/unfree_polyfill
]; ];
config = {
nix.settings.experimental-features = [ nix.settings.experimental-features = [
"nix-command" "nix-command"
"flakes" "flakes"
]; ];
nix.settings.trusted-users = [ "@wheel" ]; nix.settings.trusted-users = [ "@wheel" ];
# boot.kernelPackages = pkgs.linuxPackages_6_11;
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
# Use nixos-rebuild-ng
# system.rebuild.enableNg = true;
# Keep outputs so we can build offline. # Keep outputs so we can build offline.
# Disable substituters to avoid risk of cache poisoning.
nix.extraOptions = '' nix.extraOptions = ''
keep-outputs = true keep-outputs = true
keep-derivations = true keep-derivations = true
substitute = false substitute = false
''; '';
nix.settings.substituters = lib.mkForce [ ];
# Technically only needed when building the ISO because nix detects ZFS in the filesystem list normally. I basically always want this so I'm just setting it to always be on.
boot.supportedFilesystems.zfs = true;
# TODO: Is this different from boot.supportedFilesystems = [ "zfs" ]; ?
services.getty = {
autologinUser = "talexander"; # I use full disk encryption so the user password is irrelevant.
autologinOnce = true;
};
users.mutableUsers = false;
users.users.talexander = {
isNormalUser = true;
createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481
group = "talexander";
extraGroups = [ "wheel" ];
uid = 11235;
packages = with pkgs; [
tree
];
# Generate with `mkpasswd -m scrypt`
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
];
};
users.groups.talexander.gid = 11235;
# Automatic garbage collection # Automatic garbage collection
nix.gc = lib.mkIf (!config.me.buildingIso) { nix.gc = lib.mkIf (!config.me.buildingPortable) {
# Runs nix-collect-garbage --delete-older-than 5d # Runs nix-collect-garbage --delete-older-than 5d
automatic = true; automatic = true;
persistent = true; persistent = true;
@ -142,94 +117,18 @@
# randomizedDelaySec = "14m"; # randomizedDelaySec = "14m";
options = "--delete-older-than 30d"; options = "--delete-older-than 30d";
}; };
nix.settings.auto-optimise-store = !config.me.buildingIso; nix.settings.auto-optimise-store = !config.me.buildingPortable;
nix.settings.substituters = lib.mkForce [ ];
# Use doas instead of sudo environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
security.doas.enable = true;
security.doas.wheelNeedsPassword = false;
security.sudo.enable = false;
security.doas.extraRules = [
{
# Retain environment (for example NIX_PATH)
keepEnv = true;
persist = true; # Only ask for a password the first time.
}
];
environment.systemPackages = with pkgs; [
wget
mg
rsync
libinput
htop
tmux
file
usbutils # for lsusb
pciutils # for lspci
ripgrep
strace
# ltrace # Disabled because it uses more than 48GB of /tmp space during test phase.
trace-cmd # ftrace
tcpdump
git-crypt
gnumake
ncdu
nix-tree
libarchive # bsdtar
lsof
doas-sudo-shim # To support --sudo for remote builds
dmidecode # Read SMBIOS information.
ipcalc
gptfdisk # for cgdisk
nix-output-monitor # For better view into nixos-rebuild
nix-serve-ng # Serve nix store over http
];
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
hostKeys = [
{
path = "/persist/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
{
path = "/persist/ssh/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}
];
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true; hideMounts = true;
directories = [ directories = [
"/var/lib/iwd" # Wifi settings
"/var/lib/nixos" # Contains user information (uids/gids) "/var/lib/nixos" # Contains user information (uids/gids)
"/var/lib/systemd" # Systemd state directory for random seed, persistent timers, core dumps, persist hardware state like backlight and rfkill "/var/lib/systemd" # Systemd state directory for random seed, persistent timers, core dumps, persist hardware state like backlight and rfkill
"/var/log/journal" # Logs, alternatively set `services.journald.storage = "volatile";` to write to /run/log/journal "/var/log/journal" # Logs, alternatively set `services.journald.storage = "volatile";` to write to /run/log/journal
]; ];
files = [ files = [
"/etc/machine-id" # Systemd unique machine id "otherwise, the system journal may fail to list earlier boots, etc" "/etc/machine-id" # Systemd unique machine id "otherwise, the system journal may fail to list earlier boots, etc"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
]; ];
users.talexander = {
directories = [
{
directory = "persist";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
}; };
# Write a list of the currently installed packages to /etc/current-system-packages # Write a list of the currently installed packages to /etc/current-system-packages
@ -241,29 +140,12 @@
in in
formatted; formatted;
# environment.etc."system-packages-with-source".text = builtins.concatStringsSep "\n\n" (
# builtins.map (
# x: x.file + "\n" + builtins.concatStringsSep "\n" (builtins.map (s: " " + s) x.value)
# ) config.environment.systemPackages.definitionsWithLocations
# );
# nixpkgs.overlays = [
# (final: prev: {
# nix = pkgs-unstable.nix;
# })
# ];
# nixpkgs.overlays = [ # nixpkgs.overlays = [
# (final: prev: { # (final: prev: {
# foot = throw "foo"; # foot = throw "foo";
# }) # })
# ]; # ];
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine, # This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
# #
@ -282,5 +164,5 @@
# #
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment? system.stateVersion = "24.11"; # Did you read the comment?
};
} }

17
nix/configuration/flake.lock generated
View File

@ -151,22 +151,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-dda3dcd3f": {
"locked": {
"lastModified": 1746663147,
"narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54",
"type": "github"
}
},
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1730741070, "lastModified": 1730741070,
@ -232,7 +216,6 @@
"impermanence": "impermanence", "impermanence": "impermanence",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-dda3dcd3f": "nixpkgs-dda3dcd3f",
"nixpkgs-unoptimized": "nixpkgs-unoptimized" "nixpkgs-unoptimized": "nixpkgs-unoptimized"
} }
}, },

217
nix/configuration/flake.nix
View File

@ -1,29 +1,7 @@
# Build ISO image
# nix build --extra-experimental-features nix-command --extra-experimental-features flakes .#iso.odo
# output: result/iso/nixos.iso
# Run the ISO image
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \
# -accel kvm \
# -cpu host \
# -smp cores=8 \
# -m 32768 \
# -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" \
# -drive if=pflash,format=raw,file="/tmp/OVMF_VARS.fd" \
# -nic user,hostfwd=tcp::60022-:22 \
# -boot order=d \
# -cdrom "$(readlink -f ./result/iso/nixos*.iso)" \
# -display vnc=127.0.0.1:0
#
# doas cp "$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF_VARS.fd" /tmp/OVMF_VARS.fd
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" -accel kvm -cpu host -smp cores=8 -m 32768 -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" -drive if=pflash,format=raw,file="/tmp/OVMF_VARS.fd" -nic user,hostfwd=tcp::60022-:22 -boot order=d -cdrom /persist/machine_setup/nix/configuration/result/iso/nixos*.iso -display vnc=127.0.0.1:0
# Get a repl for this flake # Get a repl for this flake
# nix repl --expr "builtins.getFlake \"$PWD\"" # nix repl --expr "builtins.getFlake \"$PWD\""
# TODO maybe use `nix eval --raw .#iso.odo.outPath` # TODO maybe use `nix eval --raw .#odo.iso.outPath`
# iso.odo.isoName == "nixos.iso"
# full path = <outPath> / iso / <isoName>
# #
# Install on a new machine: # Install on a new machine:
@ -41,12 +19,9 @@
inputs = { inputs = {
impermanence.url = "github:nix-community/impermanence"; impermanence.url = "github:nix-community/impermanence";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-dda3dcd3f.url = "github:NixOS/nixpkgs/dda3dcd3fe03e991015e9a74b22d35950f264a54";
nixpkgs-unoptimized.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-unoptimized.url = "github:NixOS/nixpkgs/nixos-unstable";
lanzaboote = { lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.2"; url = "github:nix-community/lanzaboote/v0.4.2";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
disko = { disko = {
@ -57,23 +32,30 @@
outputs = outputs =
{ {
self,
nixpkgs, nixpkgs,
nixpkgs-unoptimized, nixpkgs-unoptimized,
nixpkgs-dda3dcd3f, disko,
impermanence, impermanence,
lanzaboote, lanzaboote,
... ...
}@inputs: }:
let let
base_x86_64_linux = rec { forAllSystems = nixpkgs.lib.genAttrs nixpkgs.lib.systems.flakeExposed;
nodes = {
odo = {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = {
pkgs-dda3dcd3f = import nixpkgs-dda3dcd3f {
inherit system;
}; };
quark = {
system = "x86_64-linux";
};
};
nixosConfigs = builtins.mapAttrs (
hostname: nodeConfig: format:
nixpkgs.lib.nixosSystem {
inherit (nodeConfig) system;
specialArgs = {
pkgs-unoptimized = import nixpkgs-unoptimized { pkgs-unoptimized = import nixpkgs-unoptimized {
inherit system; inherit (nodeConfig) system;
hostPlatform.gcc.arch = "default"; hostPlatform.gcc.arch = "default";
hostPlatform.gcc.tune = "default"; hostPlatform.gcc.tune = "default";
}; };
@ -81,162 +63,27 @@
modules = [ modules = [
impermanence.nixosModules.impermanence impermanence.nixosModules.impermanence
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
inputs.disko.nixosModules.disko disko.nixosModules.disko
./configuration.nix ./configuration.nix
(./. + "/hosts/${hostname}")
(./. + "/formats/${format}.nix")
]; ];
};
systems =
let
additional_iso_modules = [
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
# TODO: Figure out how to do image based appliances
# (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix")
{
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
me.buildingIso = true;
me.optimizations.enable = nixpkgs.lib.mkForce false;
} }
{ ) nodes;
# These are big space hogs. The chance that I need them on an ISO is slim.
me.steam.enable = nixpkgs.lib.mkForce false;
me.pcsx2.enable = nixpkgs.lib.mkForce false;
}
];
additional_vm_modules = [
(nixpkgs + "/nixos/modules/profiles/qemu-guest.nix")
{
networking.dhcpcd.enable = true;
networking.useDHCP = true;
me.optimizations.enable = nixpkgs.lib.mkForce false;
}
{
# I don't need games on a virtual machine.
me.steam.enable = nixpkgs.lib.mkForce false;
me.pcsx2.enable = nixpkgs.lib.mkForce false;
me.sm64ex.enable = nixpkgs.lib.mkForce false;
me.shipwright.enable = nixpkgs.lib.mkForce false;
me.ship2harkinian.enable = nixpkgs.lib.mkForce false;
}
];
in in
{ {
odo = rec { nixosConfigurations = (builtins.mapAttrs (name: value: value "toplevel") nixosConfigs);
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/odo
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
quark = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/quark
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
neelix = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/neelix
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
hydra =
let
hydra_additional_iso_modules = additional_iso_modules ++ [
{
me.optimizations.enable = true;
} }
]; // {
in packages = (
rec { forAllSystems (
main = base_x86_64_linux // { system:
modules = base_x86_64_linux.modules ++ [ (builtins.mapAttrs (hostname: nodeConfig: {
./hosts/hydra iso = (nixosConfigs."${hostname}" "iso").config.system.build.isoImage;
]; vm_iso = (nixosConfigs."${hostname}" "vm_iso").config.system.build.isoImage;
}; sd = (nixosConfigs."${hostname}" "sd").config.system.build.sdImage;
iso = main // { }) (nixpkgs.lib.attrsets.filterAttrs (hostname: nodeConfig: nodeConfig.system == system) nodes))
modules = main.modules ++ hydra_additional_iso_modules; )
}; );
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ hydra_additional_iso_modules;
};
};
ionlybootzfs = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/ionlybootzfs
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
};
in
{
nixosConfigurations.odo = nixpkgs.lib.nixosSystem systems.odo.main;
iso.odo = (nixpkgs.lib.nixosSystem systems.odo.iso).config.system.build.isoImage;
nixosConfigurations.vm_odo = nixpkgs.lib.nixosSystem systems.odo.vm;
vm_iso.odo = (nixpkgs.lib.nixosSystem systems.odo.vm_iso).config.system.build.isoImage;
nixosConfigurations.quark = nixpkgs.lib.nixosSystem systems.quark.main;
iso.quark = (nixpkgs.lib.nixosSystem systems.quark.iso).config.system.build.isoImage;
nixosConfigurations.vm_quark = nixpkgs.lib.nixosSystem systems.quark.vm;
vm_iso.quark = (nixpkgs.lib.nixosSystem systems.quark.vm_iso).config.system.build.isoImage;
nixosConfigurations.neelix = nixpkgs.lib.nixosSystem systems.neelix.main;
iso.neelix = (nixpkgs.lib.nixosSystem systems.neelix.iso).config.system.build.isoImage;
nixosConfigurations.vm_neelix = nixpkgs.lib.nixosSystem systems.neelix.vm;
vm_iso.neelix = (nixpkgs.lib.nixosSystem systems.neelix.vm_iso).config.system.build.isoImage;
nixosConfigurations.hydra = nixpkgs.lib.nixosSystem systems.hydra.main;
iso.hydra = (nixpkgs.lib.nixosSystem systems.hydra.iso).config.system.build.isoImage;
nixosConfigurations.vm_hydra = nixpkgs.lib.nixosSystem systems.hydra.vm;
vm_iso.hydra = (nixpkgs.lib.nixosSystem systems.hydra.vm_iso).config.system.build.isoImage;
nixosConfigurations.ionlybootzfs = nixpkgs.lib.nixosSystem systems.ionlybootzfs.main;
iso.ionlybootzfs = (nixpkgs.lib.nixosSystem systems.ionlybootzfs.iso).config.system.build.isoImage;
nixosConfigurations.vm_ionlybootzfs = nixpkgs.lib.nixosSystem systems.ionlybootzfs.vm;
vm_iso.ionlybootzfs =
(nixpkgs.lib.nixosSystem systems.ionlybootzfs.vm_iso).config.system.build.isoImage;
}; };
} }

23
nix/configuration/formats/iso.nix Normal file
View File

@ -0,0 +1,23 @@
{
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/cd-dvd/iso-image.nix")
];
config = {
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
me.buildingPortable = true;
me.mountPersistence = lib.mkForce false;
me.optimizations.enable = lib.mkForce false;
me.image_based_appliance.enable = true;
# TODO: image based appliance?
};
}

17
nix/configuration/formats/sd.nix Normal file
View File

@ -0,0 +1,17 @@
{
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/sd-card/sd-image.nix")
];
config = {
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
# TODO: image based appliance?
};
}

1
nix/configuration/formats/toplevel.nix Normal file
View File

@ -0,0 +1 @@
{ }

21
nix/configuration/formats/vm_iso.nix Normal file
View File

@ -0,0 +1,21 @@
{
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/cd-dvd/iso-image.nix")
(modulesPath + "/profiles/qemu-guest.nix") # VirtIO kernel modules
];
config = {
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
networking.dhcpcd.enable = true;
networking.useDHCP = true;
# TODO: image based appliance?
};
}

24
nix/configuration/hosts/hydra/default.nix
View File

@ -14,12 +14,6 @@
# -display vnc=127.0.0.1:0 # -display vnc=127.0.0.1:0
# #
{
config,
lib,
pkgs,
...
}:
{ {
imports = [ imports = [
./disk-config.nix ./disk-config.nix
@ -27,6 +21,7 @@
./vm_disk.nix ./vm_disk.nix
]; ];
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4` # Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "fbd233d8"; networking.hostId = "fbd233d8";
@ -35,7 +30,8 @@
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = false; me.boot.secure = false;
me.mountPersistence = true;
me.optimizations = { me.optimizations = {
enable = true; enable = true;
@ -56,12 +52,26 @@
# Mount tmpfs at /tmp # Mount tmpfs at /tmp
boot.tmp.useTmpfs = true; boot.tmp.useTmpfs = true;
me.base.enable = true;
me.boot.enable = true;
me.doas.enable = true;
me.emacs_flavor = "plainmacs"; me.emacs_flavor = "plainmacs";
me.firewall.enable = true;
me.font.enable = true;
me.git.enable = true;
me.graphical = false; me.graphical = false;
me.hydra.enable = false; me.hydra.enable = false;
me.memtest.enable = true;
me.network.enable = true;
me.nix_worker.enable = true; me.nix_worker.enable = true;
me.nvme.enable = true;
me.ssh.enable = true;
me.sshd.enable = true;
me.user.enable = true;
me.vm_disk.enable = true; me.vm_disk.enable = true;
me.wireguard.activated = [ ]; me.wireguard.activated = [ ];
me.wireguard.deactivated = [ ]; me.wireguard.deactivated = [ ];
me.zfs.enable = true;
me.zsh.enable = true; me.zsh.enable = true;
};
} }

1
nix/configuration/hosts/hydra/disk-config.nix
View File

@ -4,7 +4,6 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:

7
nix/configuration/hosts/hydra/hardware-configuration.nix
View File

@ -1,10 +1,5 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ {
config,
lib, lib,
pkgs,
modulesPath, modulesPath,
... ...
}: }:
@ -14,6 +9,7 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
config = {
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [
"xhci_pci" "xhci_pci"
"nvme" "nvme"
@ -36,4 +32,5 @@
# systemd.network.enable = true; # systemd.network.enable = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
};
} }

9
nix/configuration/hosts/hydra/vm_disk.nix
View File

@ -1,7 +1,6 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:
@ -17,9 +16,7 @@
}; };
}; };
config = lib.mkIf config.me.vm_disk.enable ( config = lib.mkIf config.me.vm_disk.enable {
lib.mkMerge [
{
# Mount the local disk # Mount the local disk
fileSystems = { fileSystems = {
"/.disk" = lib.mkForce { "/.disk" = lib.mkForce {
@ -71,7 +68,5 @@
]; ];
}; };
}; };
} };
]
);
} }

24
nix/configuration/hosts/ionlybootzfs/default.nix
View File

@ -14,18 +14,13 @@
# -display vnc=127.0.0.1:0 # -display vnc=127.0.0.1:0
# #
{
config,
lib,
pkgs,
...
}:
{ {
imports = [ imports = [
./wrapped-disk-config.nix ./wrapped-disk-config.nix
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4` # Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "fbd233d8"; networking.hostId = "fbd233d8";
@ -34,7 +29,8 @@
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = true; me.boot.secure = true;
me.mountPersistence = true;
me.optimizations = { me.optimizations = {
enable = false; enable = false;
@ -55,9 +51,23 @@
# Mount tmpfs at /tmp # Mount tmpfs at /tmp
boot.tmp.useTmpfs = true; boot.tmp.useTmpfs = true;
me.base.enable = true;
me.boot.enable = true;
me.doas.enable = true;
me.emacs_flavor = "plainmacs"; me.emacs_flavor = "plainmacs";
me.firewall.enable = true;
me.font.enable = true;
me.git.enable = true;
me.graphical = false; me.graphical = false;
me.memtest.enable = true;
me.network.enable = true;
me.nvme.enable = true;
me.ssh.enable = true;
me.sshd.enable = true;
me.user.enable = true;
me.wireguard.activated = [ ]; me.wireguard.activated = [ ];
me.wireguard.deactivated = [ ]; me.wireguard.deactivated = [ ];
me.zfs.enable = true;
me.zsh.enable = true; me.zsh.enable = true;
};
} }

7
nix/configuration/hosts/ionlybootzfs/hardware-configuration.nix
View File

@ -1,10 +1,5 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ {
config,
lib, lib,
pkgs,
modulesPath, modulesPath,
... ...
}: }:
@ -14,6 +9,7 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
config = {
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [
"xhci_pci" "xhci_pci"
"nvme" "nvme"
@ -35,4 +31,5 @@
# systemd.network.enable = true; # systemd.network.enable = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
};
} }

1
nix/configuration/hosts/ionlybootzfs/wrapped-disk-config.nix
View File

@ -1,7 +1,6 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:

19
nix/configuration/hosts/neelix/default.nix
View File

@ -6,6 +6,7 @@
./power_management.nix ./power_management.nix
]; ];
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4` # Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "bca9d0a5"; networking.hostId = "bca9d0a5";
@ -14,7 +15,8 @@
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = false; me.boot.secure = false;
me.mountPersistence = true;
me.optimizations = { me.optimizations = {
enable = false; enable = false;
@ -36,16 +38,29 @@
# Mount tmpfs at /tmp # Mount tmpfs at /tmp
# boot.tmp.useTmpfs = true; # boot.tmp.useTmpfs = true;
me.base.enable = true;
me.bluetooth.enable = true; me.bluetooth.enable = true;
me.boot.enable = true;
me.doas.enable = true;
me.emacs_flavor = "plainmacs"; me.emacs_flavor = "plainmacs";
me.firewall.enable = true;
me.font.enable = true;
me.git.enable = true;
me.graphical = true; me.graphical = true;
me.graphics_card_type = "intel"; me.graphics_card_type = "intel";
me.kodi.enable = true; me.kodi.enable = true;
me.lvfs.enable = true; me.lvfs.enable = true;
me.memtest.enable = true;
me.network.enable = true;
me.nvme.enable = true;
me.sound.enable = true; me.sound.enable = true;
me.ssh.enable = true;
me.sshd.enable = true;
me.user.enable = true;
me.wireguard.activated = [ "wgh" ]; me.wireguard.activated = [ "wgh" ];
me.wireguard.deactivated = [ "wgf" ]; me.wireguard.deactivated = [ "wgf" ];
me.zfs.enable = true;
me.zrepl.enable = true; me.zrepl.enable = true;
me.zsh.enable = true; me.zsh.enable = true;
};
} }

6
nix/configuration/hosts/neelix/hardware-configuration.nix
View File

@ -1,10 +1,6 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ {
config, config,
lib, lib,
pkgs,
modulesPath, modulesPath,
... ...
}: }:
@ -14,6 +10,7 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
config = {
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [
"xhci_pci" "xhci_pci"
"nvme" "nvme"
@ -36,4 +33,5 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
} }

4
nix/configuration/hosts/neelix/power_management.nix
View File

@ -1,6 +1,4 @@
{ {
config,
lib,
pkgs, pkgs,
... ...
}: }:
@ -8,6 +6,7 @@
{ {
imports = [ ]; imports = [ ];
config = {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
powertop powertop
]; ];
@ -32,4 +31,5 @@
boot.extraModprobeConfig = '' boot.extraModprobeConfig = ''
options snd_hda_intel power_save=1 options snd_hda_intel power_save=1
''; '';
};
} }

4
nix/configuration/hosts/odo/DEPLOY_BOOT
View File

@ -6,12 +6,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
# TARGET=10.216.1.15
# TARGET=192.168.211.250
TARGET=odo TARGET=odo
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#odo'

4
nix/configuration/hosts/odo/DEPLOY_SWITCH
View File

@ -6,12 +6,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=odo TARGET=odo
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#odo'

2
nix/configuration/hosts/odo/ISO
View File

@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.odo" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#odo.iso" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

16
nix/configuration/hosts/odo/default.nix
View File

@ -24,7 +24,8 @@
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = true; me.boot.secure = true;
me.mountPersistence = true;
me.optimizations = { me.optimizations = {
enable = true; enable = true;
@ -63,19 +64,25 @@
me.amd_s2idle.enable = true; me.amd_s2idle.enable = true;
me.ansible.enable = true; me.ansible.enable = true;
me.ares.enable = true; me.ares.enable = true;
me.base.enable = true;
me.bluetooth.enable = true; me.bluetooth.enable = true;
me.boot.enable = true;
me.chromecast.enable = true; me.chromecast.enable = true;
me.chromium.enable = true; me.chromium.enable = true;
me.d2.enable = true; me.d2.enable = true;
me.direnv.enable = true; me.direnv.enable = true;
me.doas.enable = true;
me.docker.enable = false; me.docker.enable = false;
me.ecc.enable = false; me.ecc.enable = false;
me.emacs_flavor = "full"; me.emacs_flavor = "full";
me.emulate_isa.enable = true; me.emulate_isa.enable = true;
me.firefox.enable = true; me.firefox.enable = true;
me.firewall.enable = true;
me.flux.enable = true; me.flux.enable = true;
me.font.enable = true;
me.gcloud.enable = true; me.gcloud.enable = true;
me.git.config = ../../roles/git/files/gitconfig_home; me.git.config = ../../roles/git/files/gitconfig_home;
me.git.enable = true;
me.gnuplot.enable = true; me.gnuplot.enable = true;
me.gpg.enable = true; me.gpg.enable = true;
me.graphical = true; me.graphical = true;
@ -87,7 +94,10 @@
me.launch_keyboard.enable = true; me.launch_keyboard.enable = true;
me.lvfs.enable = true; me.lvfs.enable = true;
me.media.enable = true; me.media.enable = true;
me.memtest.enable = true;
me.network.enable = true;
me.nix_index.enable = true; me.nix_index.enable = true;
me.nvme.enable = true;
me.openpgp_card_tools.enable = true; me.openpgp_card_tools.enable = true;
me.pcsx2.enable = true; me.pcsx2.enable = true;
me.podman.enable = true; me.podman.enable = true;
@ -101,12 +111,15 @@
me.sops.enable = true; me.sops.enable = true;
me.sound.enable = true; me.sound.enable = true;
me.spaghettikart.enable = true; me.spaghettikart.enable = true;
me.ssh.enable = true;
me.sshd.enable = true;
me.steam.enable = true; me.steam.enable = true;
me.steam_run_free.enable = true; me.steam_run_free.enable = true;
me.sway.enable = true; me.sway.enable = true;
me.tekton.enable = true; me.tekton.enable = true;
me.terraform.enable = true; me.terraform.enable = true;
me.thunderbolt.enable = true; me.thunderbolt.enable = true;
me.user.enable = true;
me.uutils.enable = false; me.uutils.enable = false;
me.vnc_client.enable = true; me.vnc_client.enable = true;
me.vscode.enable = true; me.vscode.enable = true;
@ -119,6 +132,7 @@
]; ];
me.wireguard.deactivated = [ "wgf" ]; me.wireguard.deactivated = [ "wgf" ];
me.yubikey.enable = true; me.yubikey.enable = true;
me.zfs.enable = true;
me.zrepl.enable = true; me.zrepl.enable = true;
me.zsh.enable = true; me.zsh.enable = true;

12
nix/configuration/hosts/odo/distributed_build.nix
View File

@ -1,14 +1,7 @@
{
config,
lib,
pkgs,
...
}:
{ {
imports = [ ]; imports = [ ];
config = lib.mkMerge [ config = {
{
me.distributed_build.enable = true; me.distributed_build.enable = true;
me.distributed_build.machines.hydra = { me.distributed_build.machines.hydra = {
enable = true; enable = true;
@ -22,6 +15,5 @@
speedFactor = 2; speedFactor = 2;
}; };
}; };
} };
];
} }

8
nix/configuration/hosts/odo/framework_module.nix
View File

@ -1,15 +1,12 @@
{ {
config, config,
lib,
pkgs,
... ...
}: }:
{ {
imports = [ ]; imports = [ ];
config = lib.mkMerge [ config = {
{
boot.extraModulePackages = with config.boot.kernelPackages; [ boot.extraModulePackages = with config.boot.kernelPackages; [
framework-laptop-kmod framework-laptop-kmod
]; ];
@ -18,6 +15,5 @@
"cros_ec" "cros_ec"
"cros_ec_lpcs" "cros_ec_lpcs"
]; ];
} };
];
} }

6
nix/configuration/hosts/odo/hardware-configuration.nix
View File

@ -1,10 +1,6 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ {
config, config,
lib, lib,
pkgs,
modulesPath, modulesPath,
... ...
}: }:
@ -14,6 +10,7 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
config = {
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [
"nvme" "nvme"
"xhci_pci" "xhci_pci"
@ -33,4 +30,5 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
} }

4
nix/configuration/hosts/odo/power_management.nix
View File

@ -1,6 +1,4 @@
{ {
config,
lib,
pkgs, pkgs,
... ...
}: }:
@ -8,6 +6,7 @@
{ {
imports = [ ]; imports = [ ];
config = {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
powertop powertop
]; ];
@ -72,4 +71,5 @@
# Sound power-saving was causing chat notifications to be inaudible. # Sound power-saving was causing chat notifications to be inaudible.
# options snd_hda_intel power_save=1 # options snd_hda_intel power_save=1
''; '';
};
} }

11
nix/configuration/hosts/odo/screen_brightness.nix
View File

@ -1,14 +1,9 @@
{
config,
lib,
pkgs,
...
}:
{ {
imports = [ ]; imports = [ ];
config = {
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"w- /sys/class/backlight/amdgpu_bl1/brightness - - - - 21845" "w- /sys/class/backlight/amdgpu_bl1/brightness - - - - 32767"
]; ];
};
} }

12
nix/configuration/hosts/odo/wifi.nix
View File

@ -1,19 +1,7 @@
{
config,
lib,
pkgs,
...
}:
{ {
imports = [ ]; imports = [ ];
config = { config = {
# Doesn't seem necessary starting with 6.13
# environment.loginShellInit = lib.mkIf (!config.me.buildingIso) ''
# doas iw dev wlan0 set power_save off
# '';
# Enable debug logging for ath12k wifi card. # Enable debug logging for ath12k wifi card.
boot.kernelParams = [ boot.kernelParams = [
"ath12k.debug_mask=0xffffffff" "ath12k.debug_mask=0xffffffff"

3
nix/configuration/hosts/odo/wrapped-disk-config.nix
View File

@ -1,8 +1,7 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:
lib.mkIf (!config.me.buildingIso) (import ./disk-config.nix) lib.mkIf (!config.me.buildingPortable) (import ./disk-config.nix)

4
nix/configuration/hosts/quark/DEPLOY_BOOT
View File

@ -6,12 +6,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
#TARGET=10.216.1.15
# TARGET=192.168.211.250
TARGET=quark TARGET=quark
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#quark'

4
nix/configuration/hosts/quark/DEPLOY_SWITCH
View File

@ -6,12 +6,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=quark TARGET=quark
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#quark'

2
nix/configuration/hosts/quark/ISO
View File

@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.quark" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#quark.iso" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

18
nix/configuration/hosts/quark/default.nix
View File

@ -6,7 +6,7 @@
}: }:
{ {
imports = [ imports = [
./disk-config.nix ./wrapped-disk-config.nix
./distributed_build.nix ./distributed_build.nix
./hardware-configuration.nix ./hardware-configuration.nix
./power_management.nix ./power_management.nix
@ -21,7 +21,8 @@
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = true; me.boot.secure = true;
me.mountPersistence = true;
me.optimizations = { me.optimizations = {
enable = true; enable = true;
@ -56,19 +57,25 @@
me.amd_s2idle.enable = true; me.amd_s2idle.enable = true;
me.ansible.enable = true; me.ansible.enable = true;
me.ares.enable = true; me.ares.enable = true;
me.base.enable = true;
me.bluetooth.enable = true; me.bluetooth.enable = true;
me.boot.enable = true;
me.chromecast.enable = true; me.chromecast.enable = true;
me.chromium.enable = true; me.chromium.enable = true;
me.d2.enable = true; me.d2.enable = true;
me.direnv.enable = true; me.direnv.enable = true;
me.doas.enable = true;
me.docker.enable = false; me.docker.enable = false;
me.ecc.enable = true; me.ecc.enable = true;
me.emacs_flavor = "full"; me.emacs_flavor = "full";
me.emulate_isa.enable = true; me.emulate_isa.enable = true;
me.firefox.enable = true; me.firefox.enable = true;
me.firewall.enable = true;
me.flux.enable = true; me.flux.enable = true;
me.font.enable = true;
me.gcloud.enable = true; me.gcloud.enable = true;
me.git.config = ../../roles/git/files/gitconfig_home; me.git.config = ../../roles/git/files/gitconfig_home;
me.git.enable = true;
me.gnuplot.enable = true; me.gnuplot.enable = true;
me.gpg.enable = true; me.gpg.enable = true;
me.graphical = true; me.graphical = true;
@ -80,8 +87,11 @@
me.launch_keyboard.enable = true; me.launch_keyboard.enable = true;
me.lvfs.enable = true; me.lvfs.enable = true;
me.media.enable = true; me.media.enable = true;
me.memtest.enable = true;
me.network.enable = true;
me.nix_index.enable = true; me.nix_index.enable = true;
me.nix_worker.enable = true; me.nix_worker.enable = true;
me.nvme.enable = true;
me.openpgp_card_tools.enable = true; me.openpgp_card_tools.enable = true;
me.pcsx2.enable = true; me.pcsx2.enable = true;
me.podman.enable = true; me.podman.enable = true;
@ -95,12 +105,15 @@
me.sops.enable = true; me.sops.enable = true;
me.sound.enable = true; me.sound.enable = true;
me.spaghettikart.enable = true; me.spaghettikart.enable = true;
me.ssh.enable = true;
me.sshd.enable = true;
me.steam.enable = true; me.steam.enable = true;
me.steam_run_free.enable = true; me.steam_run_free.enable = true;
me.sway.enable = true; me.sway.enable = true;
me.tekton.enable = true; me.tekton.enable = true;
me.terraform.enable = true; me.terraform.enable = true;
me.thunderbolt.enable = true; me.thunderbolt.enable = true;
me.user.enable = true;
me.uutils.enable = false; me.uutils.enable = false;
me.vnc_client.enable = true; me.vnc_client.enable = true;
me.vscode.enable = true; me.vscode.enable = true;
@ -113,6 +126,7 @@
]; ];
me.wireguard.deactivated = [ "wgf" ]; me.wireguard.deactivated = [ "wgf" ];
me.yubikey.enable = true; me.yubikey.enable = true;
me.zfs.enable = true;
me.zrepl.enable = true; me.zrepl.enable = true;
me.zsh.enable = true; me.zsh.enable = true;

7
nix/configuration/hosts/quark/disk-config.nix
View File

@ -2,13 +2,6 @@
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1 # Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1 # Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{ {
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) {
disko.devices = { disko.devices = {
disk = { disk = {
main = { main = {

12
nix/configuration/hosts/quark/distributed_build.nix
View File

@ -1,14 +1,7 @@
{
config,
lib,
pkgs,
...
}:
{ {
imports = [ ]; imports = [ ];
config = lib.mkMerge [ config = {
{
me.distributed_build.enable = true; me.distributed_build.enable = true;
me.distributed_build.machines.hydra = { me.distributed_build.machines.hydra = {
enable = true; enable = true;
@ -16,6 +9,5 @@
speedFactor = 2; speedFactor = 2;
}; };
}; };
} };
];
} }

6
nix/configuration/hosts/quark/hardware-configuration.nix
View File

@ -1,10 +1,6 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ {
config, config,
lib, lib,
pkgs,
modulesPath, modulesPath,
... ...
}: }:
@ -14,6 +10,7 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
config = {
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [
"nvme" "nvme"
"xhci_pci" "xhci_pci"
@ -32,4 +29,5 @@
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
} }

2
nix/configuration/hosts/quark/power_management.nix
View File

@ -8,6 +8,7 @@
{ {
imports = [ ]; imports = [ ];
config = {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
powertop powertop
]; ];
@ -45,4 +46,5 @@
# destination = "/etc/udev/rules.d/30-amdgpu-low-power.rules"; # destination = "/etc/udev/rules.d/30-amdgpu-low-power.rules";
# }) # })
# ]; # ];
};
} }

7
nix/configuration/hosts/quark/wrapped-disk-config.nix Normal file
View File

@ -0,0 +1,7 @@
{
config,
lib,
...
}:
lib.mkIf (!config.me.buildingPortable) (import ./disk-config.nix)

13
nix/configuration/roles/2ship2harkinian/default.nix
View File

@ -17,19 +17,16 @@
}; };
}; };
config = lib.mkIf config.me.ship2harkinian.enable ( config = lib.mkIf (config.me.ship2harkinian.enable && config.me.graphical) {
lib.mkMerge [
{
allowedUnfree = [ "2ship2harkinian" ]; allowedUnfree = [ "2ship2harkinian" ];
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
_2ship2harkinian _2ship2harkinian
]; ];
# TODO perhaps install ~/.local/share/2ship/2ship2harkinian.json # TODO perhaps install ~/.local/share/2ship/2ship2harkinian.json
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
directories = [ directories = [
@ -42,7 +39,5 @@
]; ];
}; };
}; };
}) };
]
);
} }

9
nix/configuration/roles/alacritty/default.nix
View File

@ -7,6 +7,7 @@
{ {
imports = [ ]; imports = [ ];
options.me = { options.me = {
alacritty.enable = lib.mkOption { alacritty.enable = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
@ -16,9 +17,7 @@
}; };
}; };
config = lib.mkIf config.me.alacritty.enable ( config = lib.mkIf (config.me.alacritty.enable && config.me.graphical) {
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
alacritty alacritty
xdg-utils # for xdg-open xdg-utils # for xdg-open
@ -29,8 +28,6 @@
source = ./files/alacritty.toml; source = ./files/alacritty.toml;
}; };
}; };
}) };
]
);
} }

8
nix/configuration/roles/amd_s2idle/default.nix
View File

@ -17,9 +17,7 @@
}; };
}; };
config = lib.mkIf config.me.amd_s2idle.enable ( config = lib.mkIf config.me.amd_s2idle.enable {
lib.mkMerge [
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
amd-debug-tools amd-debug-tools
]; ];
@ -41,7 +39,5 @@
]; ];
}) })
]; ];
} };
]
);
} }

8
nix/configuration/roles/ansible/default.nix
View File

@ -17,9 +17,7 @@
}; };
}; };
config = lib.mkIf config.me.ansible.enable ( config = lib.mkIf config.me.ansible.enable {
lib.mkMerge [
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
ansible ansible
]; ];
@ -83,7 +81,5 @@
}; };
}) })
]; ];
} };
]
);
} }

11
nix/configuration/roles/ares/default.nix
View File

@ -17,15 +17,12 @@
}; };
}; };
config = lib.mkIf config.me.ares.enable ( config = lib.mkIf (config.me.ares.enable && config.me.graphical) {
lib.mkMerge [
{ }
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
ares ares
]; ];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
directories = [ directories = [
@ -38,7 +35,5 @@
]; ];
}; };
}; };
}) };
]
);
} }

50
nix/configuration/roles/base/default.nix Normal file
View File

@ -0,0 +1,50 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
base.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install base.";
};
};
config = lib.mkIf config.me.base.enable {
environment.systemPackages = with pkgs; [
wget
mg
rsync
libinput
htop
tmux
file
usbutils # for lsusb
pciutils # for lspci
ripgrep
strace
# ltrace # Disabled because it uses more than 48GB of /tmp space during test phase.
trace-cmd # ftrace
tcpdump
git-crypt
gnumake
ncdu
nix-tree
libarchive # bsdtar
lsof
doas-sudo-shim # To support --sudo for remote builds
dmidecode # Read SMBIOS information.
ipcalc
gptfdisk # for cgdisk
nix-output-monitor # For better view into nixos-rebuild
nix-serve-ng # Serve nix store over http
];
};
}

14
nix/configuration/roles/bluetooth/default.nix
View File

@ -1,7 +1,6 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:
@ -17,12 +16,7 @@
}; };
}; };
config = lib.mkIf config.me.bluetooth.enable ( config = lib.mkIf config.me.bluetooth.enable {
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
];
hardware.bluetooth = { hardware.bluetooth = {
enable = true; enable = true;
powerOnBoot = true; powerOnBoot = true;
@ -34,13 +28,11 @@
}; };
}; };
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
directories = [ directories = [
"/var/lib/bluetooth" # Bluetooth pairing information. "/var/lib/bluetooth" # Bluetooth pairing information.
]; ];
}; };
} };
]
);
} }

30
nix/configuration/roles/boot/default.nix
View File

@ -9,19 +9,24 @@
{ {
imports = [ ]; imports = [ ];
options = { options.me = {
me.secureBoot = { boot.enable = lib.mkOption {
enable = lib.mkOption {
default = false;
type = lib.types.bool; type = lib.types.bool;
description = '' default = false;
Enable to use secure boot. example = true;
''; description = "Whether we want to install boot.";
}; };
boot.secure = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Enable to use secure boot.";
}; };
}; };
config = lib.mkMerge [ config = lib.mkIf config.me.boot.enable (
lib.mkMerge [
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
tpm2-tools # For tpm2_eventlog to check for OptionRoms tpm2-tools # For tpm2_eventlog to check for OptionRoms
@ -30,7 +35,7 @@
sbctl # For debugging and troubleshooting Secure Boot. sbctl # For debugging and troubleshooting Secure Boot.
]; ];
} }
(lib.mkIf (!config.me.buildingIso) { (lib.mkIf (!config.me.buildingPortable) {
boot.loader.grub.enable = false; boot.loader.grub.enable = false;
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.
@ -75,14 +80,14 @@
# options root=PARTUUID=17e325bf-a378-4d1d-be6a-f6df5476f0fa # options root=PARTUUID=17e325bf-a378-4d1d-be6a-f6df5476f0fa
# ''; # '';
# }; # };
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
directories = [ directories = [
"/var/lib/sbctl" # Secure Boot Keys "/var/lib/sbctl" # Secure Boot Keys
]; ];
}; };
}) })
(lib.mkIf (config.me.secureBoot.enable) { (lib.mkIf (config.me.boot.secure) {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
sbctl sbctl
]; ];
@ -92,7 +97,8 @@
pkiBundle = "/var/lib/sbctl"; pkiBundle = "/var/lib/sbctl";
}; };
}) })
]; ]
);
} }
# efibootmgr -c -d /dev/sda -p 1 -L NixOS-boot -l '\EFI\NixOS-boot\grubx64.efi' # efibootmgr -c -d /dev/sda -p 1 -L NixOS-boot -l '\EFI\NixOS-boot\grubx64.efi'

10
nix/configuration/roles/chromecast/default.nix
View File

@ -17,15 +17,9 @@
}; };
}; };
config = lib.mkIf config.me.chromecast.enable ( config = lib.mkIf config.me.chromecast.enable {
lib.mkMerge [
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
catt catt
]; ];
} };
(lib.mkIf config.me.graphical {
})
]
);
} }

13
nix/configuration/roles/chromium/default.nix
View File

@ -17,10 +17,7 @@
}; };
}; };
config = lib.mkIf config.me.chromium.enable ( config = lib.mkIf (config.me.chromium.enable && config.me.graphical) {
lib.mkMerge [
{ }
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
chromium chromium
]; ];
@ -30,7 +27,7 @@
"widevine-cdm" "widevine-cdm"
]; ];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
directories = [ directories = [
@ -43,7 +40,7 @@
]; ];
}; };
}; };
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
directories = [ directories = [
@ -69,7 +66,5 @@
}; };
}) })
]; ];
}) };
]
);
} }

8
nix/configuration/roles/d2/default.nix
View File

@ -17,13 +17,9 @@
}; };
}; };
config = lib.mkIf config.me.d2.enable ( config = lib.mkIf config.me.d2.enable {
lib.mkMerge [
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
d2 d2
]; ];
} };
]
);
} }

10
nix/configuration/roles/direnv/default.nix
View File

@ -25,9 +25,7 @@ in
}; };
}; };
config = lib.mkIf config.me.direnv.enable ( config = lib.mkIf config.me.direnv.enable {
lib.mkMerge [
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
direnv direnv
nix-direnv nix-direnv
@ -35,7 +33,7 @@ in
me.zsh.includes = [ direnv_zsh_hook ]; me.zsh.includes = [ direnv_zsh_hook ];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
directories = [ directories = [
@ -49,7 +47,5 @@ in
]; ];
}; };
}; };
} };
]
);
} }

1
nix/configuration/roles/distributed_build/default.nix
View File

@ -1,7 +1,6 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:

32
nix/configuration/roles/doas/default.nix Normal file
View File

@ -0,0 +1,32 @@
{
config,
lib,
...
}:
{
imports = [ ];
options.me = {
doas.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install doas.";
};
};
config = lib.mkIf config.me.doas.enable {
# Use doas instead of sudo
security.doas.enable = true;
security.doas.wheelNeedsPassword = false;
security.sudo.enable = false;
security.doas.extraRules = [
{
# Retain environment (for example NIX_PATH)
keepEnv = true;
persist = true; # Only ask for a password the first time.
}
];
};
}

13
nix/configuration/roles/docker/default.nix
View File

@ -17,17 +17,14 @@
}; };
}; };
config = lib.mkIf config.me.docker.enable ( config = lib.mkIf config.me.docker.enable {
lib.mkMerge [
{
assertions = [ assertions = [
{ {
assertion = !config.me.podman.enable; assertion = !config.me.podman.enable;
message = "docker conflicts with podman"; message = "docker conflicts with podman";
} }
]; ];
}
{
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
# Use docker activation # Use docker activation
virtualisation.docker.enableOnBoot = false; virtualisation.docker.enableOnBoot = false;
@ -42,7 +39,7 @@
docker-buildx docker-buildx
]; ];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
directories = [ directories = [
{ {
@ -92,7 +89,5 @@
# Needed for non-rootless docker # Needed for non-rootless docker
users.users.talexander.extraGroups = [ "docker" ]; users.users.talexander.extraGroups = [ "docker" ];
} };
]
);
} }

9
nix/configuration/roles/ecc/default.nix
View File

@ -2,7 +2,6 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:
@ -18,11 +17,7 @@
}; };
}; };
config = lib.mkIf config.me.ecc.enable ( config = lib.mkIf config.me.ecc.enable {
lib.mkMerge [
{
hardware.rasdaemon.enable = true; hardware.rasdaemon.enable = true;
} };
]
);
} }

2
nix/configuration/roles/emacs/default.nix
View File

@ -68,7 +68,7 @@ in
(e_shorthand my_emacs) (e_shorthand my_emacs)
]; ];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
directories = [ directories = [

2
nix/configuration/roles/emacs/files/emacs/elisp/base.el
View File

@ -110,8 +110,6 @@
project-mode-line t project-mode-line t
) )
;; (setq-default fringes-outside-margins t)
;; Typed text replaces selection ;; Typed text replaces selection
(delete-selection-mode) (delete-selection-mode)

2
nix/configuration/roles/emacs/files/emacs/elisp/util-tree-sitter.el
View File

@ -1,3 +1,5 @@
;; (add-to-list 'major-mode-remap-alist '(c-mode . c-ts-mode))
(use-package treesit (use-package treesit
:pin manual :pin manual
:ensure nil :ensure nil

10
nix/configuration/roles/emulate_isa/default.nix
View File

@ -1,7 +1,6 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:
@ -17,17 +16,12 @@
}; };
}; };
config = lib.mkIf config.me.emulate_isa.enable ( config = lib.mkIf config.me.emulate_isa.enable {
lib.mkMerge [
{
boot.binfmt.emulatedSystems = [ boot.binfmt.emulatedSystems = [
"aarch64-linux" # Raspberry Pi gen 3 "aarch64-linux" # Raspberry Pi gen 3
"riscv64-linux" "riscv64-linux"
# TODO: Should "x86_64-linux" be in this list or should this list be dependent on the host CPU? # TODO: Should "x86_64-linux" be in this list or should this list be dependent on the host CPU?
"armv6l-linux" # Raspberry Pi gen 1 "armv6l-linux" # Raspberry Pi gen 1
]; ];
} };
]
);
} }
# NOTE: build nixosConfigurations.<name>.config.system.build.sdImage

12
nix/configuration/roles/firefox/default.nix
View File

@ -17,9 +17,7 @@
}; };
}; };
config = lib.mkIf config.me.firefox.enable ( config = lib.mkIf (config.me.firefox.enable && config.me.graphical) {
lib.mkMerge [
(lib.mkIf config.me.graphical {
programs.firefox = { programs.firefox = {
enable = true; enable = true;
package = (pkgs.wrapFirefox (pkgs.firefox-unwrapped.override { pipewireSupport = true; }) { }); package = (pkgs.wrapFirefox (pkgs.firefox-unwrapped.override { pipewireSupport = true; }) { });
@ -107,7 +105,7 @@
}; };
}; };
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
directories = [ directories = [
@ -120,7 +118,7 @@
]; ];
}; };
}; };
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
directories = [ directories = [
@ -133,7 +131,5 @@
]; ];
}; };
}; };
}) };
]
);
} }

12
nix/configuration/roles/firewall/default.nix
View File

@ -1,13 +1,22 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:
{ {
imports = [ ]; imports = [ ];
options.me = {
firewall.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install firewall.";
};
};
config = lib.mkIf config.me.firewall.enable {
# Open ports in the firewall. # Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
22 # ssh 22 # ssh
@ -17,4 +26,5 @@
]; ];
# Or disable the firewall altogether. # Or disable the firewall altogether.
# networking.firewall.enable = false; # networking.firewall.enable = false;
};
} }

8
nix/configuration/roles/flux/default.nix
View File

@ -17,13 +17,9 @@
}; };
}; };
config = lib.mkIf config.me.flux.enable ( config = lib.mkIf config.me.flux.enable {
lib.mkMerge [
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
fluxcd fluxcd
]; ];
} };
]
);
} }

11
nix/configuration/roles/fonts/default.nix
View File

@ -8,7 +8,16 @@
{ {
imports = [ ]; imports = [ ];
config = lib.mkIf config.me.graphical { options.me = {
font.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install font.";
};
};
config = lib.mkIf (config.me.font.enable && config.me.graphical) {
fonts = { fonts = {
enableDefaultPackages = false; enableDefaultPackages = false;
packages = with pkgs; [ packages = with pkgs; [

10
nix/configuration/roles/gcloud/default.nix
View File

@ -17,14 +17,12 @@
}; };
}; };
config = lib.mkIf config.me.gcloud.enable ( config = lib.mkIf config.me.gcloud.enable {
lib.mkMerge [
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
(google-cloud-sdk.withExtraComponents [ google-cloud-sdk.components.gke-gcloud-auth-plugin ]) (google-cloud-sdk.withExtraComponents [ google-cloud-sdk.components.gke-gcloud-auth-plugin ])
]; ];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
directories = [ directories = [
@ -37,7 +35,5 @@
]; ];
}; };
}; };
} };
]
);
} }

13
nix/configuration/roles/git/default.nix
View File

@ -21,6 +21,13 @@ in
imports = [ ]; imports = [ ];
options.me = { options.me = {
git.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install git.";
};
git.config = lib.mkOption { git.config = lib.mkOption {
type = lib.types.nullOr lib.types.path; type = lib.types.nullOr lib.types.path;
default = null; default = null;
@ -29,7 +36,8 @@ in
}; };
}; };
config = lib.mkMerge [ config = lib.mkIf config.me.git.enable (
lib.mkMerge [
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
my_git my_git
@ -75,5 +83,6 @@ in
}) })
]; ];
}) })
]; ]
);
} }

8
nix/configuration/roles/gnuplot/default.nix
View File

@ -17,13 +17,9 @@
}; };
}; };
config = lib.mkIf config.me.gnuplot.enable ( config = lib.mkIf config.me.gnuplot.enable {
lib.mkMerge [
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
gnuplot gnuplot
]; ];
} };
]
);
} }

12
nix/configuration/roles/gpg/default.nix
View File

@ -25,9 +25,7 @@ in
}; };
}; };
config = lib.mkIf config.me.gpg.enable ( config = lib.mkIf config.me.gpg.enable {
lib.mkMerge [
{
# Fetch public keys: # Fetch public keys:
# gpg --locate-external-keys tom@fizz.buzz # gpg --locate-external-keys tom@fizz.buzz
@ -63,7 +61,7 @@ in
# Disabled because it breaks signing git commits because gpg wants to copy pubring.kbx. Unfortunately, this makes the install of scdaemon.conf do nothing since this mount of the full .gnupg directory goes over it. # Disabled because it breaks signing git commits because gpg wants to copy pubring.kbx. Unfortunately, this makes the install of scdaemon.conf do nothing since this mount of the full .gnupg directory goes over it.
# #
# environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { # environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
# hideMounts = true; # hideMounts = true;
# users.talexander = { # users.talexander = {
# files = [ # files = [
@ -103,7 +101,7 @@ in
# }; # };
# }; # };
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
directories = [ directories = [
@ -127,7 +125,5 @@ in
]; ];
programs.gnupg.agent.enableExtraSocket = true; programs.gnupg.agent.enableExtraSocket = true;
} };
]
);
} }

9
nix/configuration/roles/hydra/default.nix
View File

@ -1,7 +1,6 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:
@ -17,9 +16,7 @@
}; };
}; };
config = lib.mkIf config.me.hydra.enable ( config = lib.mkIf config.me.hydra.enable {
lib.mkMerge [
{
services.hydra = { services.hydra = {
enable = true; enable = true;
hydraURL = "http://localhost:3000"; # Externally visible URL hydraURL = "http://localhost:3000"; # Externally visible URL
@ -43,7 +40,5 @@
# maxJobs = 8; # maxJobs = 8;
# } # }
# ]; # ];
} };
]
);
} }

29
nix/configuration/roles/image_based_appliance/default.nix Normal file
View File

@ -0,0 +1,29 @@
{
config,
lib,
...
}:
{
imports = [ ];
options.me = {
image_based_appliance.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install image_based_appliance.";
};
};
config = lib.mkIf config.me.image_based_appliance.enable (
lib.mkMerge [
{
# Do not install nix. A full new image must be built to update
# the machine.
nix.enable = false;
system.switch.enable = false;
}
]
);
}

12
nix/configuration/roles/iso/default.nix
View File

@ -1,18 +1,22 @@
{ {
config,
lib, lib,
pkgs,
... ...
}: }:
{ {
imports = [ ]; imports = [ ];
options.me.buildingIso = lib.mkOption { options.me.buildingPortable = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
example = true; example = true;
description = "Whether we are building an ISO image."; description = "Whether we are building a portable image (iso/sd). This would disable CPU-specific optimizations and persistent file mounts.";
}; };
options.me.mountPersistence = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we should mount persistent directories.";
};
} }

8
nix/configuration/roles/iso_mount/default.nix
View File

@ -32,14 +32,10 @@ in
}; };
}; };
config = lib.mkIf config.me.iso_mount.enable ( config = lib.mkIf config.me.iso_mount.enable {
lib.mkMerge [
{
environment.systemPackages = [ environment.systemPackages = [
iso_mount iso_mount
iso_unmount iso_unmount
]; ];
} };
]
);
} }

12
nix/configuration/roles/kanshi/default.nix
View File

@ -26,13 +26,7 @@ in
}; };
}; };
config = lib.mkIf config.me.kanshi.enable ( config = lib.mkIf (config.me.kanshi.enable && config.me.graphical) {
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
];
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
kanshi kanshi
]; ];
@ -46,7 +40,5 @@ in
source = ./files/config_kanshi; source = ./files/config_kanshi;
}; };
}; };
}) };
]
);
} }

14
nix/configuration/roles/kodi/default.nix
View File

@ -17,13 +17,7 @@
}; };
}; };
config = lib.mkIf config.me.kodi.enable ( config = lib.mkIf (config.me.kodi.enable && config.me.graphical) {
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
];
}
(lib.mkIf config.me.graphical {
services.cage.user = "kodi"; services.cage.user = "kodi";
services.cage.program = "${pkgs.kodi-wayland}/bin/kodi-standalone"; services.cage.program = "${pkgs.kodi-wayland}/bin/kodi-standalone";
services.cage.enable = true; services.cage.enable = true;
@ -58,7 +52,7 @@
}; };
users.groups.kodi.gid = 12000; users.groups.kodi.gid = 12000;
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.kodi = { users.kodi = {
directories = [ directories = [
@ -85,7 +79,5 @@
# TODO: Maybe .kodi/userdata/sources.xml # TODO: Maybe .kodi/userdata/sources.xml
# TODO: ./userdata/guisettings.xml:303: <setting id="filecache.memorysize">128</setting> # TODO: ./userdata/guisettings.xml:303: <setting id="filecache.memorysize">128</setting>
}) };
]
);
} }

10
nix/configuration/roles/kubernetes/default.nix
View File

@ -56,9 +56,7 @@ in
}; };
}; };
config = lib.mkIf config.me.kubernetes.enable ( config = lib.mkIf config.me.kubernetes.enable {
lib.mkMerge [
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
kubectl kubectl
kubeswitch kubeswitch
@ -74,7 +72,7 @@ in
ingress2gateway # Convert ingress yaml to gateway yaml ingress2gateway # Convert ingress yaml to gateway yaml
]; ];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
directories = [ directories = [
@ -87,7 +85,5 @@ in
]; ];
}; };
}; };
} };
]
);
} }

12
nix/configuration/roles/latex/default.nix
View File

@ -17,14 +17,11 @@
}; };
}; };
config = lib.mkIf config.me.latex.enable ( config = lib.mkIf config.me.latex.enable {
lib.mkMerge [
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
tex tex
]; ];
}
{
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: prev: { (final: prev: {
tex = ( tex = (
@ -51,8 +48,5 @@
); );
}) })
]; ];
};
}
]
);
} }

8
nix/configuration/roles/launch_keyboard/default.nix
View File

@ -17,9 +17,7 @@
}; };
}; };
config = lib.mkIf config.me.launch_keyboard.enable ( config = lib.mkIf (config.me.launch_keyboard.enable && config.me.graphical) {
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
system76-keyboard-configurator system76-keyboard-configurator
dfu-programmer # For flashing keyboard https://support.system76.com/articles/launch_2-firmware-update/ dfu-programmer # For flashing keyboard https://support.system76.com/articles/launch_2-firmware-update/
@ -42,7 +40,5 @@
}; };
}; };
}; };
}) };
]
);
} }

2
nix/configuration/roles/lvfs/default.nix
View File

@ -22,7 +22,7 @@
{ {
# TODO: Is this installing firmware or just downloading it? # TODO: Is this installing firmware or just downloading it?
services.fwupd.enable = true; services.fwupd.enable = true;
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
directories = [ directories = [
{ {

18
nix/configuration/roles/memtest86/default.nix
View File

@ -7,15 +7,27 @@
{ {
imports = [ ]; imports = [ ];
config = lib.mkMerge [
options.me = {
memtest.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install memtest.";
};
};
config = lib.mkIf config.me.memtest.enable (
lib.mkMerge [
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
memtest86plus memtest86plus
]; ];
} }
# (lib.mkIf (config.me.buildingIso) { # (lib.mkIf (config.me.buildingPortable) {
# boot.loader.systemd-boot.memtest86.enable = true; # boot.loader.systemd-boot.memtest86.enable = true;
# boot.loader.grub.memtest86.enable = true; # boot.loader.grub.memtest86.enable = true;
# }) # })
]; ]
);
} }

41
nix/configuration/roles/network/default.nix
View File

@ -2,7 +2,6 @@
config, config,
lib, lib,
pkgs, pkgs,
pkgs-dda3dcd3f,
... ...
}: }:
@ -19,6 +18,16 @@
{ {
imports = [ ]; imports = [ ];
options.me = {
network.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install network.";
};
};
config = lib.mkIf config.me.network.enable {
networking.dhcpcd.enable = lib.mkDefault false; networking.dhcpcd.enable = lib.mkDefault false;
networking.useDHCP = lib.mkDefault false; networking.useDHCP = lib.mkDefault false;
networking.nameservers = [ networking.nameservers = [
@ -106,27 +115,11 @@
# "net.ipv6.conf.default.use_tempaddr" = 2; # "net.ipv6.conf.default.use_tempaddr" = 2;
}; };
# nixpkgs.overlays = [ environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
# (final: prev: { hideMounts = true;
# inherit (pkgs-dda3dcd3f) directories = [
# linux-firmware "/var/lib/iwd" # Wifi settings
# ; ];
# }) };
# ]; };
# nixpkgs.overlays = [
# (final: prev: {
# linux-firmware = prev.linux-firwmare.overrideAttrs (old: rec {
# version = "20250917";
# src = final.fetchFromGitLab {
# owner = "kernel-firmware";
# repo = "linux-firmware";
# tag = version;
# hash = "sha256-tecFB6WYEfBK9FB7Rv8nHLdefIoaFnHrpzXBl+iSd08=";
# };
# });
# })
# ];
} }

11
nix/configuration/roles/nix_index/default.nix
View File

@ -17,14 +17,12 @@
}; };
}; };
config = lib.mkIf config.me.nix_index.enable ( config = lib.mkIf config.me.nix_index.enable {
lib.mkMerge [
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
nix-index-unwrapped nix-index-unwrapped
]; ];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
directories = [ directories = [
@ -37,8 +35,5 @@
]; ];
}; };
}; };
};
}
]
);
} }

9
nix/configuration/roles/nix_worker/default.nix
View File

@ -13,7 +13,6 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:
@ -29,9 +28,7 @@
}; };
}; };
config = lib.mkIf config.me.nix_worker.enable ( config = lib.mkIf config.me.nix_worker.enable {
lib.mkMerge [
{
nix.settings.trusted-users = [ "nixworker" ]; nix.settings.trusted-users = [ "nixworker" ];
users.users.nixworker = { users.users.nixworker = {
@ -51,7 +48,5 @@
]; ];
}; };
users.groups.nixworker = { }; users.groups.nixworker = { };
} };
]
);
} }

11
nix/configuration/roles/nvme/default.nix
View File

@ -8,7 +8,18 @@
{ {
imports = [ ]; imports = [ ];
options.me = {
nvme.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install nvme.";
};
};
config = lib.mkIf config.me.nvme.enable {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
nvme-cli nvme-cli
]; ];
};
} }

8
nix/configuration/roles/openpgp_card_tools/default.nix
View File

@ -19,9 +19,7 @@
}; };
}; };
config = lib.mkIf config.me.openpgp_card_tools.enable ( config = lib.mkIf config.me.openpgp_card_tools.enable {
lib.mkMerge [
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
openpgp-card-tools openpgp-card-tools
openpgp-card-tool-git openpgp-card-tool-git
@ -43,7 +41,5 @@
# The current openpgp-card-ssh-agent has an outdated dependency on openpgp-card-state which makes it not handle my current openpgp-card-state.toml # The current openpgp-card-ssh-agent has an outdated dependency on openpgp-card-state which makes it not handle my current openpgp-card-state.toml
# services.openpgp-card-ssh-agent.enable = true; # services.openpgp-card-ssh-agent.enable = true;
} };
]
);
} }

6
nix/configuration/roles/openpgp_card_tools/openpgp-card-ssh-agent.nix
View File

@ -9,13 +9,7 @@
let let
inherit (lib) inherit (lib)
mkIf mkIf
mkOption
mkEnableOption
mkPackageOption mkPackageOption
mkDefault
types
concatMapStringsSep
generators
; ;
cfg = config.services.openpgp-card-ssh-agent; cfg = config.services.openpgp-card-ssh-agent;
in in

5
nix/configuration/roles/optimized_build/default.nix
View File

@ -31,7 +31,6 @@
"gccarch-znver4" "gccarch-znver4"
"gccarch-znver5" "gccarch-znver5"
"gccarch-skylake" "gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3" "gccarch-x86-64-v3"
"gccarch-x86-64-v4" "gccarch-x86-64-v4"
"benchmark" "benchmark"
@ -99,9 +98,10 @@
) )
(final: prev: { (final: prev: {
inherit (pkgs-unoptimized) inherit (pkgs-unoptimized)
assimp
binaryen
gsl gsl
rapidjson rapidjson
assimp
; ;
}) })
]; ];
@ -115,6 +115,5 @@
} }
] ]
)) ))
]; ];
} }

12
nix/configuration/roles/pcsx2/default.nix
View File

@ -17,14 +17,12 @@
}; };
}; };
config = lib.mkIf config.me.pcsx2.enable ( config = lib.mkIf (config.me.pcsx2.enable && config.me.graphical) {
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
pcsx2 pcsx2
]; ];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
directories = [ directories = [
@ -67,7 +65,7 @@
}; };
}; };
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
directories = [ directories = [
@ -87,7 +85,5 @@
source = ./files/PCSX2.ini; source = ./files/PCSX2.ini;
}; };
}; };
}) };
]
);
} }

13
nix/configuration/roles/podman/default.nix
View File

@ -17,17 +17,14 @@
}; };
}; };
config = lib.mkIf config.me.podman.enable ( config = lib.mkIf config.me.podman.enable {
lib.mkMerge [
{
assertions = [ assertions = [
{ {
assertion = !config.me.docker.enable; assertion = !config.me.docker.enable;
message = "podman conflicts with docker"; message = "podman conflicts with docker";
} }
]; ];
}
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
dive dive
podman-tui podman-tui
@ -53,7 +50,7 @@
DOCKER_HOST = "unix://$XDG_RUNTIME_DIR/podman/podman.sock"; DOCKER_HOST = "unix://$XDG_RUNTIME_DIR/podman/podman.sock";
}; };
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
directories = [ directories = [
{ {
@ -74,7 +71,5 @@
]; ];
}; };
}; };
} };
]
);
} }

23
nix/configuration/roles/python/default.nix
View File

@ -17,16 +17,15 @@
}; };
}; };
config = lib.mkIf config.me.python.enable ( config = lib.mkIf config.me.python.enable {
lib.mkMerge [
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
(python3.withPackages (python-pkgs: [ # (python3.withPackages (python-pkgs: [
python-pkgs.distro # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py # python-pkgs.distro # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
python-pkgs.pyudev # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py # python-pkgs.pyudev # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
python-pkgs.systemd # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py # python-pkgs.systemd # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
python-pkgs.packaging # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py # python-pkgs.packaging # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
])) # ]))
python3
poetry poetry
pyright pyright
isort isort
@ -34,7 +33,7 @@
uv uv
]; ];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
directories = [ directories = [
@ -48,7 +47,5 @@
]; ];
}; };
}; };
} };
]
);
} }

8
nix/configuration/roles/qemu/default.nix
View File

@ -52,14 +52,10 @@ in
}; };
}; };
config = lib.mkIf config.me.qemu.enable ( config = lib.mkIf config.me.qemu.enable {
lib.mkMerge [
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
qemu qemu
qemurc_wrapped qemurc_wrapped
]; ];
} };
]
);
} }

2
nix/configuration/roles/reset/default.nix
View File

@ -1,7 +1,5 @@
{ {
config,
lib, lib,
pkgs,
... ...
}: }:

12
nix/configuration/roles/rpcs3/default.nix
View File

@ -48,9 +48,7 @@ in
}; };
}; };
config = lib.mkIf config.me.rpcs3.enable ( config = lib.mkIf (config.me.rpcs3.enable && config.me.graphical) {
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
rpcs3 rpcs3
]; ];
@ -91,7 +89,7 @@ in
}; };
}; };
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
directories = [ directories = [
@ -167,7 +165,7 @@ in
}; };
}; };
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
directories = [ directories = [
@ -180,7 +178,5 @@ in
]; ];
}; };
}; };
}) };
]
);
} }

10
nix/configuration/roles/rust/default.nix
View File

@ -35,9 +35,7 @@ in
}; };
}; };
config = lib.mkIf config.me.rust.enable ( config = lib.mkIf config.me.rust.enable {
lib.mkMerge [
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
rustup rustup
lldb # for lldb-vscode lldb # for lldb-vscode
@ -57,7 +55,7 @@ in
}; };
}; };
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
directories = [ directories = [
@ -131,9 +129,7 @@ in
}; };
}) })
]; ];
} };
]
);
} }
# TODO: Install clippy, cranelift, rust-src # TODO: Install clippy, cranelift, rust-src

8
nix/configuration/roles/sequoia/default.nix
View File

@ -17,13 +17,9 @@
}; };
}; };
config = lib.mkIf config.me.sequoia.enable ( config = lib.mkIf config.me.sequoia.enable {
lib.mkMerge [
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
sequoia-sq sequoia-sq
]; ];
} };
]
);
} }

44
nix/configuration/roles/shadps4/default.nix
View File

@ -17,9 +17,7 @@
}; };
}; };
config = lib.mkIf config.me.shadps4.enable ( config = lib.mkIf (config.me.shadps4.enable && config.me.graphical) {
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
shadps4 shadps4
]; ];
@ -30,7 +28,7 @@
}; };
}; };
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
directories = [ directories = [
@ -75,7 +73,7 @@
}; };
}; };
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
directories = [ directories = [
@ -93,18 +91,44 @@
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: prev: { (final: prev: {
shadps4 = prev.shadps4.overrideAttrs (old: { shadps4 = prev.shadps4.overrideAttrs (old: {
version = "0.9.0"; version = "0.11.0";
src = final.fetchFromGitHub { src = final.fetchFromGitHub {
owner = "AzaharPlus"; owner = "AzaharPlus";
repo = "shadPS4Plus"; repo = "shadPS4Plus";
tag = "SHADPS4PLUS_0_9_0_A"; tag = "SHAD_PS4_PLUS_0_11_0";
hash = "sha256-ZwP+bOE4roWt51Ii53blDZzdq/SxK4Q69I4rLCNARLA="; hash = "sha256-puyINtFBTdMkOE2E9OnUlZ526vXHCWyKIWsZBaojQRk=";
fetchSubmodules = true; fetchSubmodules = true;
}; };
}); });
}) })
(final: prev: {
pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
(python-final: python-prev: {
shiboken2 = python-prev.shiboken2.overrideAttrs (old: {
cmakeFlags = old.cmakeFlags ++ [
# Fix build with cmake>=4
(lib.strings.cmakeFeature "CMAKE_POLICY_VERSION_MINIMUM" "3.5")
# "-DCMAKE_POLICY_VERSION_MINIMUM=3.5"
];
});
pyside2 = python-prev.pyside2.overrideAttrs (old: {
cmakeFlags = old.cmakeFlags ++ [
# Fix build with cmake>=4
(lib.strings.cmakeFeature "CMAKE_POLICY_VERSION_MINIMUM" "3.5")
# "-DCMAKE_POLICY_VERSION_MINIMUM=3.5"
];
});
pyside2-tools = python-prev.pyside2-tools.overrideAttrs (old: {
cmakeFlags = old.cmakeFlags ++ [
# Fix build with cmake>=4
(lib.strings.cmakeFeature "CMAKE_POLICY_VERSION_MINIMUM" "3.5")
# "-DCMAKE_POLICY_VERSION_MINIMUM=3.5"
];
});
})
]; ];
}) })
] ];
); };
} }

8
nix/configuration/roles/shikane/default.nix
View File

@ -25,9 +25,7 @@ in
}; };
}; };
config = lib.mkIf config.me.shikane.enable ( config = lib.mkIf (config.me.shikane.enable && config.me.graphical) {
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
shikane shikane
]; ];
@ -41,7 +39,5 @@ in
source = ./files/config.toml; source = ./files/config.toml;
}; };
}; };
}) };
]
);
} }

13
nix/configuration/roles/shipwright/default.nix
View File

@ -17,19 +17,16 @@
}; };
}; };
config = lib.mkIf config.me.shipwright.enable ( config = lib.mkIf (config.me.shipwright.enable && config.me.graphical) {
lib.mkMerge [
{
allowedUnfree = [ "shipwright" ]; allowedUnfree = [ "shipwright" ];
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
shipwright shipwright
]; ];
# TODO perhaps install ~/.local/share/soh/shipofharkinian.json # TODO perhaps install ~/.local/share/soh/shipofharkinian.json
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
directories = [ directories = [
@ -42,7 +39,5 @@
]; ];
}; };
}; };
}) };
]
);
} }

10
nix/configuration/roles/sm64ex/default.nix
View File

@ -17,9 +17,7 @@
}; };
}; };
config = lib.mkIf config.me.sm64ex.enable ( config = lib.mkIf (config.me.sm64ex.enable && config.me.graphical) {
lib.mkMerge [
(lib.mkIf config.me.graphical {
allowedUnfree = [ "sm64ex" ]; allowedUnfree = [ "sm64ex" ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -44,7 +42,7 @@
# TODO perhaps install ~/.local/share/sm64ex/sm64config.txt # TODO perhaps install ~/.local/share/sm64ex/sm64config.txt
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
directories = [ directories = [
@ -57,7 +55,5 @@
]; ];
}; };
}; };
}) };
]
);
} }

8
nix/configuration/roles/sops/default.nix
View File

@ -17,13 +17,9 @@
}; };
}; };
config = lib.mkIf config.me.sops.enable ( config = lib.mkIf config.me.sops.enable {
lib.mkMerge [
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
sops # For encrypting kubernetes secrets. sops # For encrypting kubernetes secrets.
]; ];
} };
]
);
} }

2
nix/configuration/roles/sound/default.nix
View File

@ -72,7 +72,7 @@
]; ];
}; };
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
directories = [ directories = [

12
nix/configuration/roles/spaghettikart/default.nix
View File

@ -17,12 +17,8 @@
}; };
}; };
config = lib.mkIf config.me.spaghettikart.enable ( config = lib.mkIf (config.me.spaghettikart.enable && config.me.graphical) {
lib.mkMerge [
{
allowedUnfree = [ "spaghettikart" ]; allowedUnfree = [ "spaghettikart" ];
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
spaghettikart spaghettikart
]; ];
@ -34,7 +30,7 @@
}; };
}; };
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
files = [ files = [
@ -43,7 +39,5 @@
]; ];
}; };
}; };
}) };
]
);
} }

13
nix/configuration/roles/ssh/default.nix
View File

@ -8,11 +8,21 @@
{ {
imports = [ ]; imports = [ ];
options.me = {
ssh.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install ssh.";
};
};
config = lib.mkIf config.me.ssh.enable {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
sshfs sshfs
]; ];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
files = [ files = [
@ -37,4 +47,5 @@
source = ./files/ssh_config; source = ./files/ssh_config;
}; };
}; };
};
} }

49
nix/configuration/roles/sshd/default.nix Normal file
View File

@ -0,0 +1,49 @@
{
config,
lib,
...
}:
{
imports = [ ];
options.me = {
sshd.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install sshd.";
};
};
config = lib.mkIf config.me.sshd.enable {
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
hostKeys = [
{
path = "/persist/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
{
path = "/persist/ssh/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}
];
};
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
files = [
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
];
};
};
}

Some files were not shown because too many files have changed in this diff Show More