talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Restructure flake.nix for a simpler config for building different images off the same NixOS config.

Browse Source
This commit is contained in:
Tom Alexander 2025-10-11 00:08:02 -04:00
parent 69b5cf9217
commit 7c82036bd7
Signed by: talexander
GPG Key ID: 36C99E8B3C39D85F
121 changed files with 2922 additions and 3074 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

258
nix/configuration/configuration.nix
View File

@ -1,7 +1,6 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:
@ -12,6 +11,7 @@
./roles/amd_s2idle ./roles/amd_s2idle
./roles/ansible ./roles/ansible
./roles/ares ./roles/ares
./roles/base
./roles/bluetooth ./roles/bluetooth
./roles/boot ./roles/boot
./roles/chromecast ./roles/chromecast
@ -19,6 +19,7 @@
./roles/d2 ./roles/d2
./roles/direnv ./roles/direnv
./roles/distributed_build ./roles/distributed_build
./roles/doas
./roles/docker ./roles/docker
./roles/ecc ./roles/ecc
./roles/emacs ./roles/emacs
@ -27,6 +28,7 @@
./roles/firewall ./roles/firewall
./roles/flux ./roles/flux
./roles/fonts ./roles/fonts
./roles/image_based_appliance
./roles/gcloud ./roles/gcloud
./roles/git ./roles/git
./roles/global_options ./roles/global_options
@ -66,12 +68,14 @@
./roles/sound ./roles/sound
./roles/spaghettikart ./roles/spaghettikart
./roles/ssh ./roles/ssh
./roles/sshd
./roles/steam ./roles/steam
./roles/steam_run_free ./roles/steam_run_free
./roles/sway ./roles/sway
./roles/tekton ./roles/tekton
./roles/terraform ./roles/terraform
./roles/thunderbolt ./roles/thunderbolt
./roles/user
./roles/uutils ./roles/uutils
./roles/vnc_client ./roles/vnc_client
./roles/vscode ./roles/vscode
@ -86,201 +90,79 @@
./util/unfree_polyfill ./util/unfree_polyfill
]; ];
nix.settings.experimental-features = [ config = {
"nix-command" nix.settings.experimental-features = [
"flakes" "nix-command"
]; "flakes"
nix.settings.trusted-users = [ "@wheel" ];
# boot.kernelPackages = pkgs.linuxPackages_6_11;
hardware.enableRedistributableFirmware = true;
# Use nixos-rebuild-ng
# system.rebuild.enableNg = true;
# Keep outputs so we can build offline.
nix.extraOptions = ''
keep-outputs = true
keep-derivations = true
substitute = false
'';
# Technically only needed when building the ISO because nix detects ZFS in the filesystem list normally. I basically always want this so I'm just setting it to always be on.
boot.supportedFilesystems.zfs = true;
# TODO: Is this different from boot.supportedFilesystems = [ "zfs" ]; ?
services.getty = {
autologinUser = "talexander"; # I use full disk encryption so the user password is irrelevant.
autologinOnce = true;
};
users.mutableUsers = false;
users.users.talexander = {
isNormalUser = true;
createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481
group = "talexander";
extraGroups = [ "wheel" ];
uid = 11235;
packages = with pkgs; [
tree
]; ];
# Generate with `mkpasswd -m scrypt` nix.settings.trusted-users = [ "@wheel" ];
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
];
};
users.groups.talexander.gid = 11235;
# Automatic garbage collection hardware.enableRedistributableFirmware = true;
nix.gc = lib.mkIf (!config.me.buildingIso) {
# Runs nix-collect-garbage --delete-older-than 5d
automatic = true;
persistent = true;
dates = "monthly";
# randomizedDelaySec = "14m";
options = "--delete-older-than 30d";
};
nix.settings.auto-optimise-store = !config.me.buildingIso;
nix.settings.substituters = lib.mkForce [ ];
# Use doas instead of sudo # Keep outputs so we can build offline.
security.doas.enable = true; # Disable substituters to avoid risk of cache poisoning.
security.doas.wheelNeedsPassword = false; nix.extraOptions = ''
security.sudo.enable = false; keep-outputs = true
security.doas.extraRules = [ keep-derivations = true
{ substitute = false
# Retain environment (for example NIX_PATH) '';
keepEnv = true; nix.settings.substituters = lib.mkForce [ ];
persist = true; # Only ask for a password the first time.
}
];
environment.systemPackages = with pkgs; [ # Automatic garbage collection
wget nix.gc = lib.mkIf (!config.me.buildingPortable) {
mg # Runs nix-collect-garbage --delete-older-than 5d
rsync automatic = true;
libinput persistent = true;
htop dates = "monthly";
tmux # randomizedDelaySec = "14m";
file options = "--delete-older-than 30d";
usbutils # for lsusb
pciutils # for lspci
ripgrep
strace
# ltrace # Disabled because it uses more than 48GB of /tmp space during test phase.
trace-cmd # ftrace
tcpdump
git-crypt
gnumake
ncdu
nix-tree
libarchive # bsdtar
lsof
doas-sudo-shim # To support --sudo for remote builds
dmidecode # Read SMBIOS information.
ipcalc
gptfdisk # for cgdisk
nix-output-monitor # For better view into nixos-rebuild
nix-serve-ng # Serve nix store over http
];
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
}; };
hostKeys = [ nix.settings.auto-optimise-store = !config.me.buildingPortable;
{
path = "/persist/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
{
path = "/persist/ssh/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}
];
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
directories = [
"/var/lib/iwd" # Wifi settings
"/var/lib/nixos" # Contains user information (uids/gids)
"/var/lib/systemd" # Systemd state directory for random seed, persistent timers, core dumps, persist hardware state like backlight and rfkill
"/var/log/journal" # Logs, alternatively set `services.journald.storage = "volatile";` to write to /run/log/journal
];
files = [
"/etc/machine-id" # Systemd unique machine id "otherwise, the system journal may fail to list earlier boots, etc"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
];
users.talexander = {
directories = [ directories = [
{ "/var/lib/nixos" # Contains user information (uids/gids)
directory = "persist"; "/var/lib/systemd" # Systemd state directory for random seed, persistent timers, core dumps, persist hardware state like backlight and rfkill
user = "talexander"; "/var/log/journal" # Logs, alternatively set `services.journald.storage = "volatile";` to write to /run/log/journal
group = "talexander"; ];
mode = "0700"; files = [
} "/etc/machine-id" # Systemd unique machine id "otherwise, the system journal may fail to list earlier boots, etc"
]; ];
}; };
# Write a list of the currently installed packages to /etc/current-system-packages
environment.etc."current-system-packages".text =
let
packages = builtins.map (p: "${p.name}") config.environment.systemPackages;
sortedUnique = builtins.sort builtins.lessThan (lib.unique packages);
formatted = builtins.concatStringsSep "\n" sortedUnique;
in
formatted;
# nixpkgs.overlays = [
# (final: prev: {
# foot = throw "foo";
# })
# ];
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
}; };
# Write a list of the currently installed packages to /etc/current-system-packages
environment.etc."current-system-packages".text =
let
packages = builtins.map (p: "${p.name}") config.environment.systemPackages;
sortedUnique = builtins.sort builtins.lessThan (lib.unique packages);
formatted = builtins.concatStringsSep "\n" sortedUnique;
in
formatted;
# environment.etc."system-packages-with-source".text = builtins.concatStringsSep "\n\n" (
# builtins.map (
# x: x.file + "\n" + builtins.concatStringsSep "\n" (builtins.map (s: " " + s) x.value)
# ) config.environment.systemPackages.definitionsWithLocations
# );
# nixpkgs.overlays = [
# (final: prev: {
# nix = pkgs-unstable.nix;
# })
# ];
# nixpkgs.overlays = [
# (final: prev: {
# foot = throw "foo";
# })
# ];
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
} }

17
nix/configuration/flake.lock generated
View File

@ -151,22 +151,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-dda3dcd3f": {
"locked": {
"lastModified": 1746663147,
"narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54",
"type": "github"
}
},
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1730741070, "lastModified": 1730741070,
@ -232,7 +216,6 @@
"impermanence": "impermanence", "impermanence": "impermanence",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-dda3dcd3f": "nixpkgs-dda3dcd3f",
"nixpkgs-unoptimized": "nixpkgs-unoptimized" "nixpkgs-unoptimized": "nixpkgs-unoptimized"
} }
}, },

239
nix/configuration/flake.nix
View File

@ -1,29 +1,7 @@
# Build ISO image
# nix build --extra-experimental-features nix-command --extra-experimental-features flakes .#iso.odo
# output: result/iso/nixos.iso
# Run the ISO image
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \
# -accel kvm \
# -cpu host \
# -smp cores=8 \
# -m 32768 \
# -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" \
# -drive if=pflash,format=raw,file="/tmp/OVMF_VARS.fd" \
# -nic user,hostfwd=tcp::60022-:22 \
# -boot order=d \
# -cdrom "$(readlink -f ./result/iso/nixos*.iso)" \
# -display vnc=127.0.0.1:0
#
# doas cp "$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF_VARS.fd" /tmp/OVMF_VARS.fd
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" -accel kvm -cpu host -smp cores=8 -m 32768 -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" -drive if=pflash,format=raw,file="/tmp/OVMF_VARS.fd" -nic user,hostfwd=tcp::60022-:22 -boot order=d -cdrom /persist/machine_setup/nix/configuration/result/iso/nixos*.iso -display vnc=127.0.0.1:0
# Get a repl for this flake # Get a repl for this flake
# nix repl --expr "builtins.getFlake \"$PWD\"" # nix repl --expr "builtins.getFlake \"$PWD\""
# TODO maybe use `nix eval --raw .#iso.odo.outPath` # TODO maybe use `nix eval --raw .#odo.iso.outPath`
# iso.odo.isoName == "nixos.iso"
# full path = <outPath> / iso / <isoName>
# #
# Install on a new machine: # Install on a new machine:
@ -41,12 +19,9 @@
inputs = { inputs = {
impermanence.url = "github:nix-community/impermanence"; impermanence.url = "github:nix-community/impermanence";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-dda3dcd3f.url = "github:NixOS/nixpkgs/dda3dcd3fe03e991015e9a74b22d35950f264a54";
nixpkgs-unoptimized.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-unoptimized.url = "github:NixOS/nixpkgs/nixos-unstable";
lanzaboote = { lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.2"; url = "github:nix-community/lanzaboote/v0.4.2";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
disko = { disko = {
@ -57,186 +32,58 @@
outputs = outputs =
{ {
self,
nixpkgs, nixpkgs,
nixpkgs-unoptimized, nixpkgs-unoptimized,
nixpkgs-dda3dcd3f, disko,
impermanence, impermanence,
lanzaboote, lanzaboote,
... ...
}@inputs: }:
let let
base_x86_64_linux = rec { forAllSystems = nixpkgs.lib.genAttrs nixpkgs.lib.systems.flakeExposed;
system = "x86_64-linux"; nodes = {
specialArgs = { odo = {
pkgs-dda3dcd3f = import nixpkgs-dda3dcd3f { system = "x86_64-linux";
inherit system; };
}; quark = {
pkgs-unoptimized = import nixpkgs-unoptimized { system = "x86_64-linux";
inherit system;
hostPlatform.gcc.arch = "default";
hostPlatform.gcc.tune = "default";
};
}; };
modules = [
impermanence.nixosModules.impermanence
lanzaboote.nixosModules.lanzaboote
inputs.disko.nixosModules.disko
./configuration.nix
];
}; };
systems = nixosConfigs = builtins.mapAttrs (
let hostname: nodeConfig: format:
additional_iso_modules = [ nixpkgs.lib.nixosSystem {
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix") inherit (nodeConfig) system;
# TODO: Figure out how to do image based appliances specialArgs = {
# (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix") pkgs-unoptimized = import nixpkgs-unoptimized {
{ inherit (nodeConfig) system;
isoImage.makeEfiBootable = true; hostPlatform.gcc.arch = "default";
isoImage.makeUsbBootable = true; hostPlatform.gcc.tune = "default";
me.buildingIso = true; };
me.optimizations.enable = nixpkgs.lib.mkForce false; };
} modules = [
{ impermanence.nixosModules.impermanence
# These are big space hogs. The chance that I need them on an ISO is slim. lanzaboote.nixosModules.lanzaboote
me.steam.enable = nixpkgs.lib.mkForce false; disko.nixosModules.disko
me.pcsx2.enable = nixpkgs.lib.mkForce false; ./configuration.nix
} (./. + "/hosts/${hostname}")
(./. + "/formats/${format}.nix")
]; ];
additional_vm_modules = [ }
(nixpkgs + "/nixos/modules/profiles/qemu-guest.nix") ) nodes;
{
networking.dhcpcd.enable = true;
networking.useDHCP = true;
me.optimizations.enable = nixpkgs.lib.mkForce false;
}
{
# I don't need games on a virtual machine.
me.steam.enable = nixpkgs.lib.mkForce false;
me.pcsx2.enable = nixpkgs.lib.mkForce false;
me.sm64ex.enable = nixpkgs.lib.mkForce false;
me.shipwright.enable = nixpkgs.lib.mkForce false;
me.ship2harkinian.enable = nixpkgs.lib.mkForce false;
}
];
in
{
odo = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/odo
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
quark = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/quark
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
neelix = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/neelix
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
hydra =
let
hydra_additional_iso_modules = additional_iso_modules ++ [
{
me.optimizations.enable = true;
}
];
in
rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/hydra
];
};
iso = main // {
modules = main.modules ++ hydra_additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ hydra_additional_iso_modules;
};
};
ionlybootzfs = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/ionlybootzfs
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
};
in in
{ {
nixosConfigurations.odo = nixpkgs.lib.nixosSystem systems.odo.main; nixosConfigurations = (builtins.mapAttrs (name: value: value "toplevel") nixosConfigs);
iso.odo = (nixpkgs.lib.nixosSystem systems.odo.iso).config.system.build.isoImage; }
nixosConfigurations.vm_odo = nixpkgs.lib.nixosSystem systems.odo.vm; // {
vm_iso.odo = (nixpkgs.lib.nixosSystem systems.odo.vm_iso).config.system.build.isoImage; packages = (
forAllSystems (
nixosConfigurations.quark = nixpkgs.lib.nixosSystem systems.quark.main; system:
iso.quark = (nixpkgs.lib.nixosSystem systems.quark.iso).config.system.build.isoImage; (builtins.mapAttrs (hostname: nodeConfig: {
nixosConfigurations.vm_quark = nixpkgs.lib.nixosSystem systems.quark.vm; iso = (nixosConfigs."${hostname}" "iso").config.system.build.isoImage;
vm_iso.quark = (nixpkgs.lib.nixosSystem systems.quark.vm_iso).config.system.build.isoImage; vm_iso = (nixosConfigs."${hostname}" "vm_iso").config.system.build.isoImage;
sd = (nixosConfigs."${hostname}" "sd").config.system.build.sdImage;
nixosConfigurations.neelix = nixpkgs.lib.nixosSystem systems.neelix.main; }) (nixpkgs.lib.attrsets.filterAttrs (hostname: nodeConfig: nodeConfig.system == system) nodes))
iso.neelix = (nixpkgs.lib.nixosSystem systems.neelix.iso).config.system.build.isoImage; )
nixosConfigurations.vm_neelix = nixpkgs.lib.nixosSystem systems.neelix.vm; );
vm_iso.neelix = (nixpkgs.lib.nixosSystem systems.neelix.vm_iso).config.system.build.isoImage;
nixosConfigurations.hydra = nixpkgs.lib.nixosSystem systems.hydra.main;
iso.hydra = (nixpkgs.lib.nixosSystem systems.hydra.iso).config.system.build.isoImage;
nixosConfigurations.vm_hydra = nixpkgs.lib.nixosSystem systems.hydra.vm;
vm_iso.hydra = (nixpkgs.lib.nixosSystem systems.hydra.vm_iso).config.system.build.isoImage;
nixosConfigurations.ionlybootzfs = nixpkgs.lib.nixosSystem systems.ionlybootzfs.main;
iso.ionlybootzfs = (nixpkgs.lib.nixosSystem systems.ionlybootzfs.iso).config.system.build.isoImage;
nixosConfigurations.vm_ionlybootzfs = nixpkgs.lib.nixosSystem systems.ionlybootzfs.vm;
vm_iso.ionlybootzfs =
(nixpkgs.lib.nixosSystem systems.ionlybootzfs.vm_iso).config.system.build.isoImage;
}; };
} }

23
nix/configuration/formats/iso.nix Normal file
View File

@ -0,0 +1,23 @@
{
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/cd-dvd/iso-image.nix")
];
config = {
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
me.buildingPortable = true;
me.mountPersistence = lib.mkForce false;
me.optimizations.enable = lib.mkForce false;
me.image_based_appliance.enable = true;
# TODO: image based appliance?
};
}

17
nix/configuration/formats/sd.nix Normal file
View File

@ -0,0 +1,17 @@
{
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/sd-card/sd-image.nix")
];
config = {
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
# TODO: image based appliance?
};
}

1
nix/configuration/formats/toplevel.nix Normal file
View File

@ -0,0 +1 @@
{ }

21
nix/configuration/formats/vm_iso.nix Normal file
View File

@ -0,0 +1,21 @@
{
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/cd-dvd/iso-image.nix")
(modulesPath + "/profiles/qemu-guest.nix") # VirtIO kernel modules
];
config = {
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
networking.dhcpcd.enable = true;
networking.useDHCP = true;
# TODO: image based appliance?
};
}

86
nix/configuration/hosts/hydra/default.nix
View File

@ -14,12 +14,6 @@
# -display vnc=127.0.0.1:0 # -display vnc=127.0.0.1:0
# #
{
config,
lib,
pkgs,
...
}:
{ {
imports = [ imports = [
./disk-config.nix ./disk-config.nix
@ -27,41 +21,57 @@
./vm_disk.nix ./vm_disk.nix
]; ];
# Generate with `head -c4 /dev/urandom | od -A none -t x4` config = {
networking.hostId = "fbd233d8"; # Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "fbd233d8";
networking.hostName = "hydra"; # Define your hostname. networking.hostName = "hydra"; # Define your hostname.
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = false; me.boot.secure = false;
me.mountPersistence = true;
me.optimizations = { me.optimizations = {
enable = true; enable = true;
arch = "znver4"; arch = "znver4";
system_features = [ system_features = [
"gccarch-znver4" "gccarch-znver4"
"gccarch-skylake" "gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG # "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3" "gccarch-x86-64-v3"
"gccarch-x86-64-v4" "gccarch-x86-64-v4"
"benchmark" "benchmark"
"big-parallel" "big-parallel"
"kvm" "kvm"
"nixos-test" "nixos-test"
]; ];
};
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
me.base.enable = true;
me.boot.enable = true;
me.doas.enable = true;
me.emacs_flavor = "plainmacs";
me.firewall.enable = true;
me.font.enable = true;
me.git.enable = true;
me.graphical = false;
me.hydra.enable = false;
me.memtest.enable = true;
me.network.enable = true;
me.nix_worker.enable = true;
me.nvme.enable = true;
me.ssh.enable = true;
me.sshd.enable = true;
me.user.enable = true;
me.vm_disk.enable = true;
me.wireguard.activated = [ ];
me.wireguard.deactivated = [ ];
me.zfs.enable = true;
me.zsh.enable = true;
}; };
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
me.emacs_flavor = "plainmacs";
me.graphical = false;
me.hydra.enable = false;
me.nix_worker.enable = true;
me.vm_disk.enable = true;
me.wireguard.activated = [ ];
me.wireguard.deactivated = [ ];
me.zsh.enable = true;
} }

1
nix/configuration/hosts/hydra/disk-config.nix
View File

@ -4,7 +4,6 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:

47
nix/configuration/hosts/hydra/hardware-configuration.nix
View File

@ -1,10 +1,5 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ {
config,
lib, lib,
pkgs,
modulesPath, modulesPath,
... ...
}: }:
@ -14,26 +9,28 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ config = {
"xhci_pci" boot.initrd.availableKernelModules = [
"nvme" "xhci_pci"
"usbhid" "nvme"
"usb_storage" "usbhid"
"sd_mod" "usb_storage"
"sdhci_pci" "sd_mod"
]; "sdhci_pci"
boot.initrd.kernelModules = [ ]; ];
boot.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.dhcpcd.enable = lib.mkForce true; networking.dhcpcd.enable = lib.mkForce true;
networking.useDHCP = lib.mkForce true; networking.useDHCP = lib.mkForce true;
networking.interfaces.enp0s2.useDHCP = lib.mkForce true; networking.interfaces.enp0s2.useDHCP = lib.mkForce true;
# systemd.network.enable = true; # systemd.network.enable = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
};
} }

105
nix/configuration/hosts/hydra/vm_disk.nix
View File

@ -1,7 +1,6 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:
@ -17,61 +16,57 @@
}; };
}; };
config = lib.mkIf config.me.vm_disk.enable ( config = lib.mkIf config.me.vm_disk.enable {
lib.mkMerge [ # Mount the local disk
{ fileSystems = {
# Mount the local disk "/.disk" = lib.mkForce {
fileSystems = { device = "/dev/nvme0n1p1";
"/.disk" = lib.mkForce { fsType = "ext4";
device = "/dev/nvme0n1p1"; options = [
fsType = "ext4"; "noatime"
options = [ "discard"
"noatime" ];
"discard" neededForBoot = true;
]; };
neededForBoot = true;
};
"/persist" = { "/persist" = {
fsType = "none"; fsType = "none";
device = "/.disk/persist"; device = "/.disk/persist";
options = [ options = [
"bind" "bind"
"rw" "rw"
]; ];
depends = [ depends = [
"/.disk/persist" "/.disk/persist"
]; ];
}; };
"/state" = { "/state" = {
fsType = "none"; fsType = "none";
device = "/.disk/state"; device = "/.disk/state";
options = [ options = [
"bind" "bind"
"rw" "rw"
]; ];
depends = [ depends = [
"/.disk/state" "/.disk/state"
]; ];
}; };
"/nix/store" = lib.mkForce { "/nix/store" = lib.mkForce {
fsType = "overlay"; fsType = "overlay";
device = "overlay"; device = "overlay";
options = [ options = [
"lowerdir=/nix/.ro-store" "lowerdir=/nix/.ro-store"
"upperdir=/.disk/persist/store" "upperdir=/.disk/persist/store"
"workdir=/.disk/state/work" "workdir=/.disk/state/work"
]; ];
depends = [ depends = [
"/nix/.ro-store" "/nix/.ro-store"
"/.disk/persist/store" "/.disk/persist/store"
"/.disk/state/work" "/.disk/state/work"
]; ];
}; };
}; };
} };
]
);
} }

80
nix/configuration/hosts/ionlybootzfs/default.nix
View File

@ -14,50 +14,60 @@
# -display vnc=127.0.0.1:0 # -display vnc=127.0.0.1:0
# #
{
config,
lib,
pkgs,
...
}:
{ {
imports = [ imports = [
./wrapped-disk-config.nix ./wrapped-disk-config.nix
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
# Generate with `head -c4 /dev/urandom | od -A none -t x4` config = {
networking.hostId = "fbd233d8"; # Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "fbd233d8";
networking.hostName = "ionlybootzfs"; # Define your hostname. networking.hostName = "ionlybootzfs"; # Define your hostname.
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = true; me.boot.secure = true;
me.mountPersistence = true;
me.optimizations = { me.optimizations = {
enable = false; enable = false;
arch = "znver4"; arch = "znver4";
system_features = [ system_features = [
"gccarch-znver4" "gccarch-znver4"
"gccarch-skylake" "gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG # "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3" "gccarch-x86-64-v3"
"gccarch-x86-64-v4" "gccarch-x86-64-v4"
"benchmark" "benchmark"
"big-parallel" "big-parallel"
"kvm" "kvm"
"nixos-test" "nixos-test"
]; ];
};
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
me.base.enable = true;
me.boot.enable = true;
me.doas.enable = true;
me.emacs_flavor = "plainmacs";
me.firewall.enable = true;
me.font.enable = true;
me.git.enable = true;
me.graphical = false;
me.memtest.enable = true;
me.network.enable = true;
me.nvme.enable = true;
me.ssh.enable = true;
me.sshd.enable = true;
me.user.enable = true;
me.wireguard.activated = [ ];
me.wireguard.deactivated = [ ];
me.zfs.enable = true;
me.zsh.enable = true;
}; };
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
me.emacs_flavor = "plainmacs";
me.graphical = false;
me.wireguard.activated = [ ];
me.wireguard.deactivated = [ ];
me.zsh.enable = true;
} }

45
nix/configuration/hosts/ionlybootzfs/hardware-configuration.nix
View File

@ -1,10 +1,5 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ {
config,
lib, lib,
pkgs,
modulesPath, modulesPath,
... ...
}: }:
@ -14,25 +9,27 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ config = {
"xhci_pci" boot.initrd.availableKernelModules = [
"nvme" "xhci_pci"
"usbhid" "nvme"
"usb_storage" "usbhid"
"sd_mod" "usb_storage"
"sdhci_pci" "sd_mod"
]; "sdhci_pci"
boot.initrd.kernelModules = [ ]; ];
boot.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.dhcpcd.enable = lib.mkForce true; networking.dhcpcd.enable = lib.mkForce true;
networking.useDHCP = lib.mkForce true; networking.useDHCP = lib.mkForce true;
# systemd.network.enable = true; # systemd.network.enable = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
};
} }

1
nix/configuration/hosts/ionlybootzfs/wrapped-disk-config.nix
View File

@ -1,7 +1,6 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:

89
nix/configuration/hosts/neelix/default.nix
View File

@ -6,46 +6,61 @@
./power_management.nix ./power_management.nix
]; ];
# Generate with `head -c4 /dev/urandom | od -A none -t x4` config = {
networking.hostId = "bca9d0a5"; # Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "bca9d0a5";
networking.hostName = "neelix"; # Define your hostname. networking.hostName = "neelix"; # Define your hostname.
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = false; me.boot.secure = false;
me.mountPersistence = true;
me.optimizations = { me.optimizations = {
enable = false; enable = false;
arch = "alderlake"; arch = "alderlake";
system_features = [ system_features = [
"gccarch-alderlake" "gccarch-alderlake"
"gccarch-x86-64-v3" "gccarch-x86-64-v3"
"gccarch-x86-64-v4" "gccarch-x86-64-v4"
"benchmark" "benchmark"
"big-parallel" "big-parallel"
"kvm" "kvm"
"nixos-test" "nixos-test"
]; ];
};
# Early KMS
boot.initrd.kernelModules = [ "i915" ];
# Mount tmpfs at /tmp
# boot.tmp.useTmpfs = true;
me.base.enable = true;
me.bluetooth.enable = true;
me.boot.enable = true;
me.doas.enable = true;
me.emacs_flavor = "plainmacs";
me.firewall.enable = true;
me.font.enable = true;
me.git.enable = true;
me.graphical = true;
me.graphics_card_type = "intel";
me.kodi.enable = true;
me.lvfs.enable = true;
me.memtest.enable = true;
me.network.enable = true;
me.nvme.enable = true;
me.sound.enable = true;
me.ssh.enable = true;
me.sshd.enable = true;
me.user.enable = true;
me.wireguard.activated = [ "wgh" ];
me.wireguard.deactivated = [ "wgf" ];
me.zfs.enable = true;
me.zrepl.enable = true;
me.zsh.enable = true;
}; };
# Early KMS
boot.initrd.kernelModules = [ "i915" ];
# Mount tmpfs at /tmp
# boot.tmp.useTmpfs = true;
me.bluetooth.enable = true;
me.emacs_flavor = "plainmacs";
me.graphical = true;
me.graphics_card_type = "intel";
me.kodi.enable = true;
me.lvfs.enable = true;
me.sound.enable = true;
me.wireguard.activated = [ "wgh" ];
me.wireguard.deactivated = [ "wgf" ];
me.zrepl.enable = true;
me.zsh.enable = true;
} }

46
nix/configuration/hosts/neelix/hardware-configuration.nix
View File

@ -1,10 +1,6 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ {
config, config,
lib, lib,
pkgs,
modulesPath, modulesPath,
... ...
}: }:
@ -14,26 +10,28 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ config = {
"xhci_pci" boot.initrd.availableKernelModules = [
"nvme" "xhci_pci"
"usbhid" "nvme"
"usb_storage" "usbhid"
"sd_mod" "usb_storage"
"sdhci_pci" "sd_mod"
]; "sdhci_pci"
boot.initrd.kernelModules = [ ]; ];
boot.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
# networking.useDHCP = lib.mkDefault true; # networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
} }

46
nix/configuration/hosts/neelix/power_management.nix
View File

@ -1,6 +1,4 @@
{ {
config,
lib,
pkgs, pkgs,
... ...
}: }:
@ -8,28 +6,30 @@
{ {
imports = [ ]; imports = [ ];
environment.systemPackages = with pkgs; [ config = {
powertop environment.systemPackages = with pkgs; [
]; powertop
];
# pcie_aspm=force pcie_aspm.policy=powersupersave :: Enable PCIe active state power management for power reduction. # pcie_aspm=force pcie_aspm.policy=powersupersave :: Enable PCIe active state power management for power reduction.
# nowatchdog :: Disable watchdog for power savings (related to disable_sp5100_watchdog above). # nowatchdog :: Disable watchdog for power savings (related to disable_sp5100_watchdog above).
boot.kernelParams = [ boot.kernelParams = [
"pcie_aspm=force" "pcie_aspm=force"
# "pcie_aspm.policy=powersupersave" # "pcie_aspm.policy=powersupersave"
"nowatchdog" "nowatchdog"
]; ];
# default performance balance_performance balance_power power # default performance balance_performance balance_power power
# defaults to balance_performance # defaults to balance_performance
# systemd.tmpfiles.rules = [ # systemd.tmpfiles.rules = [
# "w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power" # "w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power" # "w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power" # "w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power" # "w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power"
# ]; # ];
boot.extraModprobeConfig = '' boot.extraModprobeConfig = ''
options snd_hda_intel power_save=1 options snd_hda_intel power_save=1
''; '';
};
} }

4
nix/configuration/hosts/odo/DEPLOY_BOOT
View File

@ -6,12 +6,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
# TARGET=10.216.1.15
# TARGET=192.168.211.250
TARGET=odo TARGET=odo
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#odo'

4
nix/configuration/hosts/odo/DEPLOY_SWITCH
View File

@ -6,12 +6,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=odo TARGET=odo
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#odo'

2
nix/configuration/hosts/odo/ISO
View File

@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.odo" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#odo.iso" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

16
nix/configuration/hosts/odo/default.nix
View File

@ -24,7 +24,8 @@
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = true; me.boot.secure = true;
me.mountPersistence = true;
me.optimizations = { me.optimizations = {
enable = true; enable = true;
@ -63,19 +64,25 @@
me.amd_s2idle.enable = true; me.amd_s2idle.enable = true;
me.ansible.enable = true; me.ansible.enable = true;
me.ares.enable = true; me.ares.enable = true;
me.base.enable = true;
me.bluetooth.enable = true; me.bluetooth.enable = true;
me.boot.enable = true;
me.chromecast.enable = true; me.chromecast.enable = true;
me.chromium.enable = true; me.chromium.enable = true;
me.d2.enable = true; me.d2.enable = true;
me.direnv.enable = true; me.direnv.enable = true;
me.doas.enable = true;
me.docker.enable = false; me.docker.enable = false;
me.ecc.enable = false; me.ecc.enable = false;
me.emacs_flavor = "full"; me.emacs_flavor = "full";
me.emulate_isa.enable = true; me.emulate_isa.enable = true;
me.firefox.enable = true; me.firefox.enable = true;
me.firewall.enable = true;
me.flux.enable = true; me.flux.enable = true;
me.font.enable = true;
me.gcloud.enable = true; me.gcloud.enable = true;
me.git.config = ../../roles/git/files/gitconfig_home; me.git.config = ../../roles/git/files/gitconfig_home;
me.git.enable = true;
me.gnuplot.enable = true; me.gnuplot.enable = true;
me.gpg.enable = true; me.gpg.enable = true;
me.graphical = true; me.graphical = true;
@ -87,7 +94,10 @@
me.launch_keyboard.enable = true; me.launch_keyboard.enable = true;
me.lvfs.enable = true; me.lvfs.enable = true;
me.media.enable = true; me.media.enable = true;
me.memtest.enable = true;
me.network.enable = true;
me.nix_index.enable = true; me.nix_index.enable = true;
me.nvme.enable = true;
me.openpgp_card_tools.enable = true; me.openpgp_card_tools.enable = true;
me.pcsx2.enable = true; me.pcsx2.enable = true;
me.podman.enable = true; me.podman.enable = true;
@ -101,12 +111,15 @@
me.sops.enable = true; me.sops.enable = true;
me.sound.enable = true; me.sound.enable = true;
me.spaghettikart.enable = true; me.spaghettikart.enable = true;
me.ssh.enable = true;
me.sshd.enable = true;
me.steam.enable = true; me.steam.enable = true;
me.steam_run_free.enable = true; me.steam_run_free.enable = true;
me.sway.enable = true; me.sway.enable = true;
me.tekton.enable = true; me.tekton.enable = true;
me.terraform.enable = true; me.terraform.enable = true;
me.thunderbolt.enable = true; me.thunderbolt.enable = true;
me.user.enable = true;
me.uutils.enable = false; me.uutils.enable = false;
me.vnc_client.enable = true; me.vnc_client.enable = true;
me.vscode.enable = true; me.vscode.enable = true;
@ -119,6 +132,7 @@
]; ];
me.wireguard.deactivated = [ "wgf" ]; me.wireguard.deactivated = [ "wgf" ];
me.yubikey.enable = true; me.yubikey.enable = true;
me.zfs.enable = true;
me.zrepl.enable = true; me.zrepl.enable = true;
me.zsh.enable = true; me.zsh.enable = true;

34
nix/configuration/hosts/odo/distributed_build.nix
View File

@ -1,27 +1,19 @@
{
config,
lib,
pkgs,
...
}:
{ {
imports = [ ]; imports = [ ];
config = lib.mkMerge [ config = {
{ me.distributed_build.enable = true;
me.distributed_build.enable = true; me.distributed_build.machines.hydra = {
me.distributed_build.machines.hydra = { enable = true;
enable = true; additional_config = {
additional_config = { speedFactor = 2;
speedFactor = 2;
};
}; };
me.distributed_build.machines.quark = { };
enable = true; me.distributed_build.machines.quark = {
additional_config = { enable = true;
speedFactor = 2; additional_config = {
}; speedFactor = 2;
}; };
} };
]; };
} }

24
nix/configuration/hosts/odo/framework_module.nix
View File

@ -1,23 +1,19 @@
{ {
config, config,
lib,
pkgs,
... ...
}: }:
{ {
imports = [ ]; imports = [ ];
config = lib.mkMerge [ config = {
{ boot.extraModulePackages = with config.boot.kernelPackages; [
boot.extraModulePackages = with config.boot.kernelPackages; [ framework-laptop-kmod
framework-laptop-kmod ];
]; # https://github.com/DHowett/framework-laptop-kmod?tab=readme-ov-file#usage
# https://github.com/DHowett/framework-laptop-kmod?tab=readme-ov-file#usage boot.kernelModules = [
boot.kernelModules = [ "cros_ec"
"cros_ec" "cros_ec_lpcs"
"cros_ec_lpcs" ];
]; };
}
];
} }

40
nix/configuration/hosts/odo/hardware-configuration.nix
View File

@ -1,10 +1,6 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ {
config, config,
lib, lib,
pkgs,
modulesPath, modulesPath,
... ...
}: }:
@ -14,23 +10,25 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ config = {
"nvme" boot.initrd.availableKernelModules = [
"xhci_pci" "nvme"
"thunderbolt" "xhci_pci"
]; "thunderbolt"
boot.initrd.kernelModules = [ ]; ];
boot.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
# networking.useDHCP = lib.mkDefault true; # networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
} }

124
nix/configuration/hosts/odo/power_management.nix
View File

@ -1,6 +1,4 @@
{ {
config,
lib,
pkgs, pkgs,
... ...
}: }:
@ -8,68 +6,70 @@
{ {
imports = [ ]; imports = [ ];
environment.systemPackages = with pkgs; [ config = {
powertop environment.systemPackages = with pkgs; [
]; powertop
];
# amdgpu.abmlevel=3 :: Automatically reduce screen brightness but tweak colors to compensate for power reduction. # amdgpu.abmlevel=3 :: Automatically reduce screen brightness but tweak colors to compensate for power reduction.
# pcie_aspm=force pcie_aspm.policy=powersupersave :: Enable PCIe active state power management for power reduction. # pcie_aspm=force pcie_aspm.policy=powersupersave :: Enable PCIe active state power management for power reduction.
# nowatchdog :: Disable watchdog for power savings (related to disable_sp5100_watchdog above). # nowatchdog :: Disable watchdog for power savings (related to disable_sp5100_watchdog above).
# amd_pstate=passive :: Fully automated hardware pstate control. # amd_pstate=passive :: Fully automated hardware pstate control.
# amd_pstate=active :: Same as passive except we can set the energy performance preference (EPP) to suggest how much we prefer performance or energy efficiency. # amd_pstate=active :: Same as passive except we can set the energy performance preference (EPP) to suggest how much we prefer performance or energy efficiency.
# amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds. # amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds.
# amdgpu.dcdebugmask=0x10 :: Allegedly disables Panel Replay from https://community.frame.work/t/tracking-freezing-arch-linux-amd/39495/32 # amdgpu.dcdebugmask=0x10 :: Allegedly disables Panel Replay from https://community.frame.work/t/tracking-freezing-arch-linux-amd/39495/32
boot.kernelParams = [ boot.kernelParams = [
"amdgpu.abmlevel=2" "amdgpu.abmlevel=2"
"pcie_aspm=force" "pcie_aspm=force"
# "pcie_aspm.policy=powersupersave" # "pcie_aspm.policy=powersupersave"
"nowatchdog" "nowatchdog"
# I don't see a measurable benefit from these two: # I don't see a measurable benefit from these two:
# "cpufreq.default_governor=powersave" # "cpufreq.default_governor=powersave"
# "initcall_blacklist=cpufreq_gov_userspace_init" # "initcall_blacklist=cpufreq_gov_userspace_init"
]; ];
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"w- /sys/firmware/acpi/platform_profile - - - - low-power" "w- /sys/firmware/acpi/platform_profile - - - - low-power"
"w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy4/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy4/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy5/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy5/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy6/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy6/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy7/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy7/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy8/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy8/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy9/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy9/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy10/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy10/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy11/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy11/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy12/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy12/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpu0/cpufreq/boost - - - - 0" "w- /sys/devices/system/cpu/cpu0/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu1/cpufreq/boost - - - - 0" "w- /sys/devices/system/cpu/cpu1/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu2/cpufreq/boost - - - - 0" "w- /sys/devices/system/cpu/cpu2/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu3/cpufreq/boost - - - - 0" "w- /sys/devices/system/cpu/cpu3/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu4/cpufreq/boost - - - - 0" "w- /sys/devices/system/cpu/cpu4/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu5/cpufreq/boost - - - - 0" "w- /sys/devices/system/cpu/cpu5/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu6/cpufreq/boost - - - - 0" "w- /sys/devices/system/cpu/cpu6/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu7/cpufreq/boost - - - - 0" "w- /sys/devices/system/cpu/cpu7/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu8/cpufreq/boost - - - - 0" "w- /sys/devices/system/cpu/cpu8/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu9/cpufreq/boost - - - - 0" "w- /sys/devices/system/cpu/cpu9/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu10/cpufreq/boost - - - - 0" "w- /sys/devices/system/cpu/cpu10/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu11/cpufreq/boost - - - - 0" "w- /sys/devices/system/cpu/cpu11/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu12/cpufreq/boost - - - - 0" "w- /sys/devices/system/cpu/cpu12/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu13/cpufreq/boost - - - - 0" "w- /sys/devices/system/cpu/cpu13/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu14/cpufreq/boost - - - - 0" "w- /sys/devices/system/cpu/cpu14/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu15/cpufreq/boost - - - - 0" "w- /sys/devices/system/cpu/cpu15/cpufreq/boost - - - - 0"
]; ];
boot.extraModprobeConfig = '' boot.extraModprobeConfig = ''
# Disable the hardware watchdog inside AMD 700 chipset series for power savings. # Disable the hardware watchdog inside AMD 700 chipset series for power savings.
blacklist sp5100_tco blacklist sp5100_tco
# Sound power-saving was causing chat notifications to be inaudible. # Sound power-saving was causing chat notifications to be inaudible.
# options snd_hda_intel power_save=1 # options snd_hda_intel power_save=1
''; '';
};
} }

15
nix/configuration/hosts/odo/screen_brightness.nix
View File

@ -1,14 +1,9 @@
{
config,
lib,
pkgs,
...
}:
{ {
imports = [ ]; imports = [ ];
systemd.tmpfiles.rules = [ config = {
"w- /sys/class/backlight/amdgpu_bl1/brightness - - - - 21845" systemd.tmpfiles.rules = [
]; "w- /sys/class/backlight/amdgpu_bl1/brightness - - - - 32767"
];
};
} }

12
nix/configuration/hosts/odo/wifi.nix
View File

@ -1,19 +1,7 @@
{
config,
lib,
pkgs,
...
}:
{ {
imports = [ ]; imports = [ ];
config = { config = {
# Doesn't seem necessary starting with 6.13
# environment.loginShellInit = lib.mkIf (!config.me.buildingIso) ''
# doas iw dev wlan0 set power_save off
# '';
# Enable debug logging for ath12k wifi card. # Enable debug logging for ath12k wifi card.
boot.kernelParams = [ boot.kernelParams = [
"ath12k.debug_mask=0xffffffff" "ath12k.debug_mask=0xffffffff"

3
nix/configuration/hosts/odo/wrapped-disk-config.nix
View File

@ -1,8 +1,7 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:
lib.mkIf (!config.me.buildingIso) (import ./disk-config.nix) lib.mkIf (!config.me.buildingPortable) (import ./disk-config.nix)

4
nix/configuration/hosts/quark/DEPLOY_BOOT
View File

@ -6,12 +6,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
#TARGET=10.216.1.15
# TARGET=192.168.211.250
TARGET=quark TARGET=quark
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#quark'

4
nix/configuration/hosts/quark/DEPLOY_SWITCH
View File

@ -6,12 +6,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=quark TARGET=quark
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#quark'

2
nix/configuration/hosts/quark/ISO
View File

@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.quark" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#quark.iso" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

18
nix/configuration/hosts/quark/default.nix
View File

@ -6,7 +6,7 @@
}: }:
{ {
imports = [ imports = [
./disk-config.nix ./wrapped-disk-config.nix
./distributed_build.nix ./distributed_build.nix
./hardware-configuration.nix ./hardware-configuration.nix
./power_management.nix ./power_management.nix
@ -21,7 +21,8 @@
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = true; me.boot.secure = true;
me.mountPersistence = true;
me.optimizations = { me.optimizations = {
enable = true; enable = true;
@ -56,19 +57,25 @@
me.amd_s2idle.enable = true; me.amd_s2idle.enable = true;
me.ansible.enable = true; me.ansible.enable = true;
me.ares.enable = true; me.ares.enable = true;
me.base.enable = true;
me.bluetooth.enable = true; me.bluetooth.enable = true;
me.boot.enable = true;
me.chromecast.enable = true; me.chromecast.enable = true;
me.chromium.enable = true; me.chromium.enable = true;
me.d2.enable = true; me.d2.enable = true;
me.direnv.enable = true; me.direnv.enable = true;
me.doas.enable = true;
me.docker.enable = false; me.docker.enable = false;
me.ecc.enable = true; me.ecc.enable = true;
me.emacs_flavor = "full"; me.emacs_flavor = "full";
me.emulate_isa.enable = true; me.emulate_isa.enable = true;
me.firefox.enable = true; me.firefox.enable = true;
me.firewall.enable = true;
me.flux.enable = true; me.flux.enable = true;
me.font.enable = true;
me.gcloud.enable = true; me.gcloud.enable = true;
me.git.config = ../../roles/git/files/gitconfig_home; me.git.config = ../../roles/git/files/gitconfig_home;
me.git.enable = true;
me.gnuplot.enable = true; me.gnuplot.enable = true;
me.gpg.enable = true; me.gpg.enable = true;
me.graphical = true; me.graphical = true;
@ -80,8 +87,11 @@
me.launch_keyboard.enable = true; me.launch_keyboard.enable = true;
me.lvfs.enable = true; me.lvfs.enable = true;
me.media.enable = true; me.media.enable = true;
me.memtest.enable = true;
me.network.enable = true;
me.nix_index.enable = true; me.nix_index.enable = true;
me.nix_worker.enable = true; me.nix_worker.enable = true;
me.nvme.enable = true;
me.openpgp_card_tools.enable = true; me.openpgp_card_tools.enable = true;
me.pcsx2.enable = true; me.pcsx2.enable = true;
me.podman.enable = true; me.podman.enable = true;
@ -95,12 +105,15 @@
me.sops.enable = true; me.sops.enable = true;
me.sound.enable = true; me.sound.enable = true;
me.spaghettikart.enable = true; me.spaghettikart.enable = true;
me.ssh.enable = true;
me.sshd.enable = true;
me.steam.enable = true; me.steam.enable = true;
me.steam_run_free.enable = true; me.steam_run_free.enable = true;
me.sway.enable = true; me.sway.enable = true;
me.tekton.enable = true; me.tekton.enable = true;
me.terraform.enable = true; me.terraform.enable = true;
me.thunderbolt.enable = true; me.thunderbolt.enable = true;
me.user.enable = true;
me.uutils.enable = false; me.uutils.enable = false;
me.vnc_client.enable = true; me.vnc_client.enable = true;
me.vscode.enable = true; me.vscode.enable = true;
@ -113,6 +126,7 @@
]; ];
me.wireguard.deactivated = [ "wgf" ]; me.wireguard.deactivated = [ "wgf" ];
me.yubikey.enable = true; me.yubikey.enable = true;
me.zfs.enable = true;
me.zrepl.enable = true; me.zrepl.enable = true;
me.zsh.enable = true; me.zsh.enable = true;

7
nix/configuration/hosts/quark/disk-config.nix
View File

@ -2,13 +2,6 @@
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1 # Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1 # Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{ {
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) {
disko.devices = { disko.devices = {
disk = { disk = {
main = { main = {

24
nix/configuration/hosts/quark/distributed_build.nix
View File

@ -1,21 +1,13 @@
{
config,
lib,
pkgs,
...
}:
{ {
imports = [ ]; imports = [ ];
config = lib.mkMerge [ config = {
{ me.distributed_build.enable = true;
me.distributed_build.enable = true; me.distributed_build.machines.hydra = {
me.distributed_build.machines.hydra = { enable = true;
enable = true; additional_config = {
additional_config = { speedFactor = 2;
speedFactor = 2;
};
}; };
} };
]; };
} }

38
nix/configuration/hosts/quark/hardware-configuration.nix
View File

@ -1,10 +1,6 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ {
config, config,
lib, lib,
pkgs,
modulesPath, modulesPath,
... ...
}: }:
@ -14,22 +10,24 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ config = {
"nvme" boot.initrd.availableKernelModules = [
"xhci_pci" "nvme"
"thunderbolt" "xhci_pci"
]; "thunderbolt"
boot.initrd.kernelModules = [ ]; ];
boot.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
# networking.useDHCP = lib.mkDefault true; # networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
} }

70
nix/configuration/hosts/quark/power_management.nix
View File

@ -8,41 +8,43 @@
{ {
imports = [ ]; imports = [ ];
environment.systemPackages = with pkgs; [ config = {
powertop environment.systemPackages = with pkgs; [
]; powertop
];
boot.kernelParams = [ boot.kernelParams = [
# Enable undervolting GPU. # Enable undervolting GPU.
# "amdgpu.ppfeaturemask=0xfff7ffff" # "amdgpu.ppfeaturemask=0xfff7ffff"
]; ];
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
# "w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power" # "w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power" # "w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power" # "w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power" # "w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy4/energy_performance_preference - - - - power" # "w- /sys/devices/system/cpu/cpufreq/policy4/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy5/energy_performance_preference - - - - power" # "w- /sys/devices/system/cpu/cpufreq/policy5/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy6/energy_performance_preference - - - - power" # "w- /sys/devices/system/cpu/cpufreq/policy6/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy7/energy_performance_preference - - - - power" # "w- /sys/devices/system/cpu/cpufreq/policy7/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy8/energy_performance_preference - - - - power" # "w- /sys/devices/system/cpu/cpufreq/policy8/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy9/energy_performance_preference - - - - power" # "w- /sys/devices/system/cpu/cpufreq/policy9/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy10/energy_performance_preference - - - - power" # "w- /sys/devices/system/cpu/cpufreq/policy10/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy11/energy_performance_preference - - - - power" # "w- /sys/devices/system/cpu/cpufreq/policy11/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy12/energy_performance_preference - - - - power" # "w- /sys/devices/system/cpu/cpufreq/policy12/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power" # "w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power" # "w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power" # "w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power"
]; ];
# services.udev.packages = [ # services.udev.packages = [
# (pkgs.writeTextFile { # (pkgs.writeTextFile {
# name = "amdgpu-low-power"; # name = "amdgpu-low-power";
# text = '' # text = ''
# ACTION=="add", SUBSYSTEM=="drm", DRIVERS=="amdgpu", ATTR{device/power_dpm_force_performance_level}="low" # ACTION=="add", SUBSYSTEM=="drm", DRIVERS=="amdgpu", ATTR{device/power_dpm_force_performance_level}="low"
# ''; # '';
# destination = "/etc/udev/rules.d/30-amdgpu-low-power.rules"; # destination = "/etc/udev/rules.d/30-amdgpu-low-power.rules";
# }) # })
# ]; # ];
};
} }

7
nix/configuration/hosts/quark/wrapped-disk-config.nix Normal file
View File

@ -0,0 +1,7 @@
{
config,
lib,
...
}:
lib.mkIf (!config.me.buildingPortable) (import ./disk-config.nix)

49
nix/configuration/roles/2ship2harkinian/default.nix
View File

@ -17,32 +17,27 @@
}; };
}; };
config = lib.mkIf config.me.ship2harkinian.enable ( config = lib.mkIf (config.me.ship2harkinian.enable && config.me.graphical) {
lib.mkMerge [ allowedUnfree = [ "2ship2harkinian" ];
{
allowedUnfree = [ "2ship2harkinian" ]; environment.systemPackages = with pkgs; [
} _2ship2harkinian
(lib.mkIf config.me.graphical { ];
environment.systemPackages = with pkgs; [
_2ship2harkinian # TODO perhaps install ~/.local/share/2ship/2ship2harkinian.json
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".local/share/2ship";
user = "talexander";
group = "talexander";
mode = "0755";
}
]; ];
};
# TODO perhaps install ~/.local/share/2ship/2ship2harkinian.json };
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".local/share/2ship";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
})
]
);
} }

27
nix/configuration/roles/alacritty/default.nix
View File

@ -7,6 +7,7 @@
{ {
imports = [ ]; imports = [ ];
options.me = { options.me = {
alacritty.enable = lib.mkOption { alacritty.enable = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
@ -16,21 +17,17 @@
}; };
}; };
config = lib.mkIf config.me.alacritty.enable ( config = lib.mkIf (config.me.alacritty.enable && config.me.graphical) {
lib.mkMerge [ environment.systemPackages = with pkgs; [
(lib.mkIf config.me.graphical { alacritty
environment.systemPackages = with pkgs; [ xdg-utils # for xdg-open
alacritty ];
xdg-utils # for xdg-open
];
me.install.user.talexander.file = { me.install.user.talexander.file = {
".config/alacritty/alacritty.toml" = { ".config/alacritty/alacritty.toml" = {
source = ./files/alacritty.toml; source = ./files/alacritty.toml;
}; };
}; };
}) };
]
);
} }

46
nix/configuration/roles/amd_s2idle/default.nix
View File

@ -17,31 +17,27 @@
}; };
}; };
config = lib.mkIf config.me.amd_s2idle.enable ( config = lib.mkIf config.me.amd_s2idle.enable {
lib.mkMerge [ environment.systemPackages = with pkgs; [
{ amd-debug-tools
environment.systemPackages = with pkgs; [ ];
amd-debug-tools nixpkgs.overlays = [
]; (
nixpkgs.overlays = [ final: prev:
( let
final: prev: innerPackage = (final.callPackage ./package.nix { });
let in
innerPackage = (final.callPackage ./package.nix { }); {
in amd-debug-tools = innerPackage;
{ }
amd-debug-tools = innerPackage; )
} (final: prev: {
) pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
(final: prev: { (python-final: python-prev: {
pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [ cysystemd = (python-final.callPackage ./cysystemd.nix { });
(python-final: python-prev: {
cysystemd = (python-final.callPackage ./cysystemd.nix { });
})
];
}) })
]; ];
} })
] ];
); };
} }

130
nix/configuration/roles/ansible/default.nix
View File

@ -17,73 +17,69 @@
}; };
}; };
config = lib.mkIf config.me.ansible.enable ( config = lib.mkIf config.me.ansible.enable {
lib.mkMerge [ environment.systemPackages = with pkgs; [
{ ansible
environment.systemPackages = with pkgs; [ ];
ansible
];
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: prev: { (final: prev: {
ansible-sshjail = (final.callPackage ./package/ansible-sshjail/package.nix { }); ansible-sshjail = (final.callPackage ./package/ansible-sshjail/package.nix { });
}) })
(final: prev: { (final: prev: {
ansible = pkgs.symlinkJoin { ansible = pkgs.symlinkJoin {
name = "ansible"; name = "ansible";
paths = [ paths = [
(prev.ansible.overridePythonAttrs { (prev.ansible.overridePythonAttrs {
propagatedBuildInputs = prev.ansible.propagatedBuildInputs ++ [ prev.python3Packages.jmespath ]; propagatedBuildInputs = prev.ansible.propagatedBuildInputs ++ [ prev.python3Packages.jmespath ];
}) })
pkgs.ansible-sshjail pkgs.ansible-sshjail
]; ];
buildInputs = [ pkgs.makeWrapper ]; buildInputs = [ pkgs.makeWrapper ];
postBuild = '' postBuild = ''
${lib.concatMapStringsSep "\n" ${lib.concatMapStringsSep "\n"
( (
prog: prog:
( (
"wrapProgram $out/bin/${prog} ${ "wrapProgram $out/bin/${prog} ${
lib.concatMapStringsSep " " lib.concatMapStringsSep " "
( (
plugin_type: plugin_type:
"--set ANSIBLE_${lib.toUpper plugin_type}_PLUGINS $out/share/ansible/plugins/${lib.toLower plugin_type}_plugins" "--set ANSIBLE_${lib.toUpper plugin_type}_PLUGINS $out/share/ansible/plugins/${lib.toLower plugin_type}_plugins"
) )
[ [
"action" "action"
"cache" "cache"
"callback" "callback"
"connection" "connection"
"filter" "filter"
"inventory" "inventory"
"lookup" "lookup"
"shell" "shell"
"strategy" "strategy"
"test" "test"
"vars" "vars"
] ]
} --prefix PATH : ${lib.makeBinPath [ ]}" } --prefix PATH : ${lib.makeBinPath [ ]}"
) )
) )
[ [
"ansible" "ansible"
"ansible-config" "ansible-config"
"ansible-console" "ansible-console"
"ansible-doc" "ansible-doc"
"ansible-galaxy" "ansible-galaxy"
"ansible-inventory" "ansible-inventory"
"ansible-playbook" "ansible-playbook"
"ansible-pull" "ansible-pull"
"ansible-test" "ansible-test"
"ansible-vault" "ansible-vault"
] ]
} }
''; '';
}; };
}) })
]; ];
} };
]
);
} }

41
nix/configuration/roles/ares/default.nix
View File

@ -17,28 +17,23 @@
}; };
}; };
config = lib.mkIf config.me.ares.enable ( config = lib.mkIf (config.me.ares.enable && config.me.graphical) {
lib.mkMerge [ environment.systemPackages = with pkgs; [
{ } ares
(lib.mkIf config.me.graphical { ];
environment.systemPackages = with pkgs; [
ares
];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
directories = [ directories = [
{ {
directory = ".local/share/ares"; directory = ".local/share/ares";
user = "talexander"; user = "talexander";
group = "talexander"; group = "talexander";
mode = "0755"; mode = "0755";
} }
]; ];
}; };
}; };
}) };
]
);
} }

50
nix/configuration/roles/base/default.nix Normal file
View File

@ -0,0 +1,50 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
base.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install base.";
};
};
config = lib.mkIf config.me.base.enable {
environment.systemPackages = with pkgs; [
wget
mg
rsync
libinput
htop
tmux
file
usbutils # for lsusb
pciutils # for lspci
ripgrep
strace
# ltrace # Disabled because it uses more than 48GB of /tmp space during test phase.
trace-cmd # ftrace
tcpdump
git-crypt
gnumake
ncdu
nix-tree
libarchive # bsdtar
lsof
doas-sudo-shim # To support --sudo for remote builds
dmidecode # Read SMBIOS information.
ipcalc
gptfdisk # for cgdisk
nix-output-monitor # For better view into nixos-rebuild
nix-serve-ng # Serve nix store over http
];
};
}

42
nix/configuration/roles/bluetooth/default.nix
View File

@ -1,7 +1,6 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:
@ -17,30 +16,23 @@
}; };
}; };
config = lib.mkIf config.me.bluetooth.enable ( config = lib.mkIf config.me.bluetooth.enable {
lib.mkMerge [ hardware.bluetooth = {
{ enable = true;
environment.systemPackages = with pkgs; [ powerOnBoot = true;
]; settings = {
General = {
hardware.bluetooth = { # Enable support for showing battery charge level.
enable = true; Experimental = true;
powerOnBoot = true;
settings = {
General = {
# Enable support for showing battery charge level.
Experimental = true;
};
};
}; };
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
directories = [ directories = [
"/var/lib/bluetooth" # Bluetooth pairing information. "/var/lib/bluetooth" # Bluetooth pairing information.
]; ];
}; };
} };
]
);
} }

162
nix/configuration/roles/boot/default.nix
View File

@ -9,90 +9,96 @@
{ {
imports = [ ]; imports = [ ];
options = { options.me = {
me.secureBoot = { boot.enable = lib.mkOption {
enable = lib.mkOption { type = lib.types.bool;
default = false; default = false;
type = lib.types.bool; example = true;
description = '' description = "Whether we want to install boot.";
Enable to use secure boot. };
'';
}; boot.secure = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Enable to use secure boot.";
}; };
}; };
config = lib.mkMerge [ config = lib.mkIf config.me.boot.enable (
{ lib.mkMerge [
environment.systemPackages = with pkgs; [ {
tpm2-tools # For tpm2_eventlog to check for OptionRoms environment.systemPackages = with pkgs; [
# cp /sys/kernel/security/tpm0/binary_bios_measurements eventlog tpm2-tools # For tpm2_eventlog to check for OptionRoms
# tpm2_eventlog eventlog | grep "BOOT_SERVICES_DRIVER" # cp /sys/kernel/security/tpm0/binary_bios_measurements eventlog
sbctl # For debugging and troubleshooting Secure Boot. # tpm2_eventlog eventlog | grep "BOOT_SERVICES_DRIVER"
]; sbctl # For debugging and troubleshooting Secure Boot.
}
(lib.mkIf (!config.me.buildingIso) {
boot.loader.grub.enable = false;
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
# TODO: make not write bootx64.efi
boot.loader.efi.canTouchEfiVariables = false;
# Automatically delete old generations
boot.loader.systemd-boot.configurationLimit = 3;
boot.loader.systemd-boot.memtest86.enable = true;
# Check what will be lost with `zfs diff zroot/linux/root@blank`
boot.initrd.systemd.enable = lib.mkDefault true;
boot.initrd.systemd.services.zfs-rollback = {
description = "Rollback ZFS root dataset to blank snapshot";
wantedBy = [
"initrd.target"
]; ];
after = [ }
"zfs-import-zroot.service" (lib.mkIf (!config.me.buildingPortable) {
];
before = [
"sysroot.mount"
];
path = with pkgs; [
zfs
];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
zfs rollback -r zroot/linux/nix/root@blank
zfs rollback -r zroot/linux/nix/home@blank
echo "rollback complete"
'';
};
# boot.loader.systemd-boot.extraEntries = { boot.loader.grub.enable = false;
# "windows.conf" = '' # Use the systemd-boot EFI boot loader.
# title Windows boot.loader.systemd-boot.enable = true;
# efi /EFI/Microsoft/Boot/bootmgfw.efi # TODO: make not write bootx64.efi
# options root=PARTUUID=17e325bf-a378-4d1d-be6a-f6df5476f0fa boot.loader.efi.canTouchEfiVariables = false;
# '';
# }; # Automatically delete old generations
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { boot.loader.systemd-boot.configurationLimit = 3;
hideMounts = true;
directories = [ boot.loader.systemd-boot.memtest86.enable = true;
"/var/lib/sbctl" # Secure Boot Keys
# Check what will be lost with `zfs diff zroot/linux/root@blank`
boot.initrd.systemd.enable = lib.mkDefault true;
boot.initrd.systemd.services.zfs-rollback = {
description = "Rollback ZFS root dataset to blank snapshot";
wantedBy = [
"initrd.target"
];
after = [
"zfs-import-zroot.service"
];
before = [
"sysroot.mount"
];
path = with pkgs; [
zfs
];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
zfs rollback -r zroot/linux/nix/root@blank
zfs rollback -r zroot/linux/nix/home@blank
echo "rollback complete"
'';
};
# boot.loader.systemd-boot.extraEntries = {
# "windows.conf" = ''
# title Windows
# efi /EFI/Microsoft/Boot/bootmgfw.efi
# options root=PARTUUID=17e325bf-a378-4d1d-be6a-f6df5476f0fa
# '';
# };
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
directories = [
"/var/lib/sbctl" # Secure Boot Keys
];
};
})
(lib.mkIf (config.me.boot.secure) {
environment.systemPackages = with pkgs; [
sbctl
]; ];
}; boot.loader.systemd-boot.enable = lib.mkForce false;
}) boot.lanzaboote = {
(lib.mkIf (config.me.secureBoot.enable) { enable = true;
environment.systemPackages = with pkgs; [ pkiBundle = "/var/lib/sbctl";
sbctl };
]; })
boot.loader.systemd-boot.enable = lib.mkForce false; ]
boot.lanzaboote = { );
enable = true;
pkiBundle = "/var/lib/sbctl";
};
})
];
} }
# efibootmgr -c -d /dev/sda -p 1 -L NixOS-boot -l '\EFI\NixOS-boot\grubx64.efi' # efibootmgr -c -d /dev/sda -p 1 -L NixOS-boot -l '\EFI\NixOS-boot\grubx64.efi'

16
nix/configuration/roles/chromecast/default.nix
View File

@ -17,15 +17,9 @@
}; };
}; };
config = lib.mkIf config.me.chromecast.enable ( config = lib.mkIf config.me.chromecast.enable {
lib.mkMerge [ environment.systemPackages = with pkgs; [
{ catt
environment.systemPackages = with pkgs; [ ];
catt };
];
}
(lib.mkIf config.me.graphical {
})
]
);
} }

99
nix/configuration/roles/chromium/default.nix
View File

@ -17,59 +17,54 @@
}; };
}; };
config = lib.mkIf config.me.chromium.enable ( config = lib.mkIf (config.me.chromium.enable && config.me.graphical) {
lib.mkMerge [ environment.systemPackages = with pkgs; [
{ } chromium
(lib.mkIf config.me.graphical { ];
environment.systemPackages = with pkgs; [ allowedUnfree = [
chromium "chromium"
]; "chromium-unwrapped"
allowedUnfree = [ "widevine-cdm"
"chromium" ];
"chromium-unwrapped"
"widevine-cdm"
];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
directories = [ directories = [
{ {
directory = ".config/chromium"; directory = ".config/chromium";
user = "talexander"; user = "talexander";
group = "talexander"; group = "talexander";
mode = "0700"; mode = "0700";
} }
];
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".cache/chromium";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
nixpkgs.overlays = [
(final: prev: {
chromium = prev.chromium.override {
enableWideVine = true;
commandLineArgs = [
"--enable-features=VaapiVideoDecoder,VaapiIgnoreDriverChecks,Vulkan,DefaultANGLEVulkan,VulkanFromANGLE,AcceleratedVideoEncoder"
# Enabling vulkan causes video to render as white
# "--enable-features=Vulkan";
];
};
})
]; ];
};
};
environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".cache/chromium";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
nixpkgs.overlays = [
(final: prev: {
chromium = prev.chromium.override {
enableWideVine = true;
commandLineArgs = [
"--enable-features=VaapiVideoDecoder,VaapiIgnoreDriverChecks,Vulkan,DefaultANGLEVulkan,VulkanFromANGLE,AcceleratedVideoEncoder"
# Enabling vulkan causes video to render as white
# "--enable-features=Vulkan";
];
};
}) })
] ];
); };
} }

14
nix/configuration/roles/d2/default.nix
View File

@ -17,13 +17,9 @@
}; };
}; };
config = lib.mkIf config.me.d2.enable ( config = lib.mkIf config.me.d2.enable {
lib.mkMerge [ environment.systemPackages = with pkgs; [
{ d2
environment.systemPackages = with pkgs; [ ];
d2 };
];
}
]
);
} }

48
nix/configuration/roles/direnv/default.nix
View File

@ -25,31 +25,27 @@ in
}; };
}; };
config = lib.mkIf config.me.direnv.enable ( config = lib.mkIf config.me.direnv.enable {
lib.mkMerge [ environment.systemPackages = with pkgs; [
{ direnv
environment.systemPackages = with pkgs; [ nix-direnv
direnv ];
nix-direnv
me.zsh.includes = [ direnv_zsh_hook ];
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{
# List of allowed directories from `direnv allow`.
directory = ".local/share/direnv";
user = "talexander";
group = "talexander";
mode = "0755";
}
]; ];
};
me.zsh.includes = [ direnv_zsh_hook ]; };
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
# List of allowed directories from `direnv allow`.
directory = ".local/share/direnv";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
}
]
);
} }

1
nix/configuration/roles/distributed_build/default.nix
View File

@ -1,7 +1,6 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:

32
nix/configuration/roles/doas/default.nix Normal file
View File

@ -0,0 +1,32 @@
{
config,
lib,
...
}:
{
imports = [ ];
options.me = {
doas.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install doas.";
};
};
config = lib.mkIf config.me.doas.enable {
# Use doas instead of sudo
security.doas.enable = true;
security.doas.wheelNeedsPassword = false;
security.sudo.enable = false;
security.doas.extraRules = [
{
# Retain environment (for example NIX_PATH)
keepEnv = true;
persist = true; # Only ask for a password the first time.
}
];
};
}

141
nix/configuration/roles/docker/default.nix
View File

@ -17,82 +17,77 @@
}; };
}; };
config = lib.mkIf config.me.docker.enable ( config = lib.mkIf config.me.docker.enable {
lib.mkMerge [ assertions = [
{ {
assertions = [ assertion = !config.me.podman.enable;
{ message = "docker conflicts with podman";
assertion = !config.me.podman.enable;
message = "docker conflicts with podman";
}
];
} }
{ ];
virtualisation.docker.enable = true;
# Use docker activation
virtualisation.docker.enableOnBoot = false;
# Rootless docker breaks access to ssh for buildkit.
# virtualisation.docker.rootless = {
# enable = true;
# setSocketVariable = true;
# };
# Give docker access to ssh for fetching repos with buildkit.
virtualisation.docker.extraPackages = [ pkgs.openssh ];
environment.systemPackages = with pkgs; [
docker-buildx
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) { virtualisation.docker.enable = true;
hideMounts = true; # Use docker activation
directories = [ virtualisation.docker.enableOnBoot = false;
{ # Rootless docker breaks access to ssh for buildkit.
directory = "/var/lib/docker"; # virtualisation.docker.rootless = {
user = "root"; # enable = true;
group = "root"; # setSocketVariable = true;
mode = "0740"; # };
} # Give docker access to ssh for fetching repos with buildkit.
]; virtualisation.docker.extraPackages = [ pkgs.openssh ];
# users.talexander = { environment.systemPackages = with pkgs; [
# directories = [ docker-buildx
# { ];
# directory = ".local/share/docker";
# user = "talexander";
# group = "talexander";
# mode = "0740";
# }
# ];
# };
};
systemd.services.link-docker-creds = { environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
# Contains credentials so it cannot be added to the nix store hideMounts = true;
enable = true; directories = [
description = "link-docker-creds"; {
wantedBy = [ "multi-user.target" ]; directory = "/var/lib/docker";
wants = [ "multi-user.target" ]; user = "root";
after = [ "multi-user.target" ]; group = "root";
# path = with pkgs; [ mode = "0740";
# zfs }
# ]; ];
unitConfig.DefaultDependencies = "no"; # users.talexander = {
serviceConfig = { # directories = [
Type = "oneshot"; # {
RemainAfterExit = "yes"; # directory = ".local/share/docker";
}; # user = "talexander";
script = '' # group = "talexander";
if [ -e /persist/manual/docker/config.json ]; then # mode = "0740";
install --directory --owner talexander --group talexander --mode 0700 /home/talexander/.docker # }
ln -s /persist/manual/docker/config.json /home/talexander/.docker/config.json # ];
fi # };
''; };
preStop = ''
rm -f /home/talexander/.docker/config.json
'';
};
# Needed for non-rootless docker systemd.services.link-docker-creds = {
users.users.talexander.extraGroups = [ "docker" ]; # Contains credentials so it cannot be added to the nix store
} enable = true;
] description = "link-docker-creds";
); wantedBy = [ "multi-user.target" ];
wants = [ "multi-user.target" ];
after = [ "multi-user.target" ];
# path = with pkgs; [
# zfs
# ];
unitConfig.DefaultDependencies = "no";
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
};
script = ''
if [ -e /persist/manual/docker/config.json ]; then
install --directory --owner talexander --group talexander --mode 0700 /home/talexander/.docker
ln -s /persist/manual/docker/config.json /home/talexander/.docker/config.json
fi
'';
preStop = ''
rm -f /home/talexander/.docker/config.json
'';
};
# Needed for non-rootless docker
users.users.talexander.extraGroups = [ "docker" ];
};
} }

11
nix/configuration/roles/ecc/default.nix
View File

@ -2,7 +2,6 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:
@ -18,11 +17,7 @@
}; };
}; };
config = lib.mkIf config.me.ecc.enable ( config = lib.mkIf config.me.ecc.enable {
lib.mkMerge [ hardware.rasdaemon.enable = true;
{ };
hardware.rasdaemon.enable = true;
}
]
);
} }

2
nix/configuration/roles/emacs/default.nix
View File

@ -68,7 +68,7 @@ in
(e_shorthand my_emacs) (e_shorthand my_emacs)
]; ];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
directories = [ directories = [

2
nix/configuration/roles/emacs/files/emacs/elisp/base.el
View File

@ -110,8 +110,6 @@
project-mode-line t project-mode-line t
) )
;; (setq-default fringes-outside-margins t)
;; Typed text replaces selection ;; Typed text replaces selection
(delete-selection-mode) (delete-selection-mode)

2
nix/configuration/roles/emacs/files/emacs/elisp/util-tree-sitter.el
View File

@ -1,3 +1,5 @@
;; (add-to-list 'major-mode-remap-alist '(c-mode . c-ts-mode))
(use-package treesit (use-package treesit
:pin manual :pin manual
:ensure nil :ensure nil

22
nix/configuration/roles/emulate_isa/default.nix
View File

@ -1,7 +1,6 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:
@ -17,17 +16,12 @@
}; };
}; };
config = lib.mkIf config.me.emulate_isa.enable ( config = lib.mkIf config.me.emulate_isa.enable {
lib.mkMerge [ boot.binfmt.emulatedSystems = [
{ "aarch64-linux" # Raspberry Pi gen 3
boot.binfmt.emulatedSystems = [ "riscv64-linux"
"aarch64-linux" # Raspberry Pi gen 3 # TODO: Should "x86_64-linux" be in this list or should this list be dependent on the host CPU?
"riscv64-linux" "armv6l-linux" # Raspberry Pi gen 1
# TODO: Should "x86_64-linux" be in this list or should this list be dependent on the host CPU? ];
"armv6l-linux" # Raspberry Pi gen 1 };
];
}
]
);
} }
# NOTE: build nixosConfigurations.<name>.config.system.build.sdImage

222
nix/configuration/roles/firefox/default.nix
View File

@ -17,123 +17,119 @@
}; };
}; };
config = lib.mkIf config.me.firefox.enable ( config = lib.mkIf (config.me.firefox.enable && config.me.graphical) {
lib.mkMerge [ programs.firefox = {
(lib.mkIf config.me.graphical { enable = true;
programs.firefox = { package = (pkgs.wrapFirefox (pkgs.firefox-unwrapped.override { pipewireSupport = true; }) { });
enable = true; languagePacks = [ "en-US" ];
package = (pkgs.wrapFirefox (pkgs.firefox-unwrapped.override { pipewireSupport = true; }) { }); preferences = {
languagePacks = [ "en-US" ]; # "identity.sync.tokenserver.uri": "https://ffsync.fizz.buzz/token/1.0/sync/1.5";
preferences = { "media.hardware-video-decoding.force-enabled" = true;
# "identity.sync.tokenserver.uri": "https://ffsync.fizz.buzz/token/1.0/sync/1.5"; "media.ffmpeg.vaapi.enabled" = true;
"media.hardware-video-decoding.force-enabled" = true; "doh-rollout.doorhanger-decision" = "UIDisabled";
"media.ffmpeg.vaapi.enabled" = true; "dom.security.https_only_mode" = true;
"doh-rollout.doorhanger-decision" = "UIDisabled"; "dom.security.https_only_mode_ever_enabled" = true;
"dom.security.https_only_mode" = true; "extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
"dom.security.https_only_mode_ever_enabled" = true; # Disable ads
"extensions.activeThemeID" = "firefox-compact-dark@mozilla.org"; "extensions.pocket.enabled" = false;
# Disable ads "browser.newtabpage.activity-stream.showSponsored" = false;
"extensions.pocket.enabled" = false; "browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
"browser.newtabpage.activity-stream.showSponsored" = false; "browser.newtabpage.activity-stream.feeds.section.topstories" = false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false; "browser.newtabpage.pinned" = "[]";
"browser.newtabpage.activity-stream.feeds.section.topstories" = false; "browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
"browser.newtabpage.pinned" = "[]"; "browser.topsites.contile.enabled" = false;
"browser.newtabpage.activity-stream.section.highlights.includePocket" = false; # Disable cache when devtools are open.
"browser.topsites.contile.enabled" = false; "devtools.cache.disabled" = true;
# Disable cache when devtools are open. # Do not track header.
"devtools.cache.disabled" = true; "privacy.donottrackheader.enabled" = true;
# Do not track header. # Tell websites not to share or sell my data.
"privacy.donottrackheader.enabled" = true; "privacy.globalprivacycontrol.enabled" = true;
# Tell websites not to share or sell my data. # Disable "studies" (slice testing)
"privacy.globalprivacycontrol.enabled" = true; "app.shield.optoutstudies.enabled" = false;
# Disable "studies" (slice testing) # Disable attribution which is used by advertisers to track you.
"app.shield.optoutstudies.enabled" = false; "dom.private-attribution.submission.enabled" = false;
# Disable attribution which is used by advertisers to track you. # Disable battery status, used to track users.
"dom.private-attribution.submission.enabled" = false; "dom.battery.enabled" = false;
# Disable battery status, used to track users.
"dom.battery.enabled" = false;
# Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected. # Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
# #
# This breaks copying from BigQuery https://github.com/microsoft/monaco-editor/issues/1540 # This breaks copying from BigQuery https://github.com/microsoft/monaco-editor/issues/1540
# dom.event.clipboardevents.enabled: false # dom.event.clipboardevents.enabled: false
# Isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains. # Isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains.
"privacy.firstparty.isolate" = true; "privacy.firstparty.isolate" = true;
# Do not preload URLs that auto-complete in the address bar. # Do not preload URLs that auto-complete in the address bar.
"browser.urlbar.speculativeConnect.enabled" = false; "browser.urlbar.speculativeConnect.enabled" = false;
# Do not resist fingerprinting because that tells websites to use light mode. # Do not resist fingerprinting because that tells websites to use light mode.
# https://bugzilla.mozilla.org/show_bug.cgi?id=1732114 # https://bugzilla.mozilla.org/show_bug.cgi?id=1732114
"privacy.resistFingerprinting" = false; # (default false) "privacy.resistFingerprinting" = false; # (default false)
# Instead, enable fingerprinting protection, which allows configuring an override. # Instead, enable fingerprinting protection, which allows configuring an override.
"privacy.fingerprintingProtection" = true; "privacy.fingerprintingProtection" = true;
# Allow sending dark mode preference to websites. # Allow sending dark mode preference to websites.
# Allow sending timezone to websites. # Allow sending timezone to websites.
"privacy.fingerprintingProtection.overrides" = "privacy.fingerprintingProtection.overrides" =
"+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"; "+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt";
# Disable weather on new tab page # Disable weather on new tab page
"browser.newtabpage.activity-stream.showWeather" = false; "browser.newtabpage.activity-stream.showWeather" = false;
# Disable AI stuff that wastes battery life # Disable AI stuff that wastes battery life
"browser.ml.chat.enabled" = false; "browser.ml.chat.enabled" = false;
"browser.ml.enabled" = false; "browser.ml.enabled" = false;
};
# Check about:policies#documentation and https://mozilla.github.io/policy-templates/ for options.
policies = {
DisableTelemetry = true;
DisplayBookmarksToolbar = "newtab";
# Check about:support for extension/add-on ID strings.
# Valid strings for installation_mode are "allowed", "blocked",
# "force_installed" and "normal_installed".
ExtensionSettings = {
# "*".installation_mode = "blocked"; # blocks all addons except the ones specified below
"uBlock0@raymondhill.net" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
installation_mode = "force_installed";
}; };
# Check about:policies#documentation and https://mozilla.github.io/policy-templates/ for options. # "firefox@teleparty.com" = {
policies = { # install_url = "https://addons.mozilla.org/firefox/downloads/latest/netflix-party-is-now-teleparty/latest.xpi";
DisableTelemetry = true; # installation_mode = "normal_installed";
DisplayBookmarksToolbar = "newtab"; # };
"@ublacklist" = {
# Check about:support for extension/add-on ID strings. install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublacklist/latest.xpi";
# Valid strings for installation_mode are "allowed", "blocked", installation_mode = "normal_installed";
# "force_installed" and "normal_installed". };
ExtensionSettings = { "@react-devtools" = {
# "*".installation_mode = "blocked"; # blocks all addons except the ones specified below install_url = "https://addons.mozilla.org/firefox/downloads/latest/react-devtools/latest.xpi";
"uBlock0@raymondhill.net" = { installation_mode = "normal_installed";
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
installation_mode = "force_installed";
};
# "firefox@teleparty.com" = {
# install_url = "https://addons.mozilla.org/firefox/downloads/latest/netflix-party-is-now-teleparty/latest.xpi";
# installation_mode = "normal_installed";
# };
"@ublacklist" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublacklist/latest.xpi";
installation_mode = "normal_installed";
};
"@react-devtools" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/react-devtools/latest.xpi";
installation_mode = "normal_installed";
};
};
}; };
}; };
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
directories = [ directories = [
{ {
directory = ".mozilla"; directory = ".mozilla";
user = "talexander"; user = "talexander";
group = "talexander"; group = "talexander";
mode = "0700"; mode = "0700";
} }
]; ];
}; };
}; };
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
directories = [ directories = [
{ {
directory = ".cache/mozilla"; directory = ".cache/mozilla";
user = "talexander"; user = "talexander";
group = "talexander"; group = "talexander";
mode = "0700"; mode = "0700";
} }
]; ];
}; };
}; };
}) };
]
);
} }

30
nix/configuration/roles/firewall/default.nix
View File

@ -1,20 +1,30 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:
{ {
imports = [ ]; imports = [ ];
# Open ports in the firewall. options.me = {
networking.firewall.allowedTCPPorts = [ firewall.enable = lib.mkOption {
22 # ssh type = lib.types.bool;
]; default = false;
networking.firewall.allowedUDPPorts = [ example = true;
5353 # mDNS description = "Whether we want to install firewall.";
]; };
# Or disable the firewall altogether. };
# networking.firewall.enable = false;
config = lib.mkIf config.me.firewall.enable {
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [
22 # ssh
];
networking.firewall.allowedUDPPorts = [
5353 # mDNS
];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
};
} }

14
nix/configuration/roles/flux/default.nix
View File

@ -17,13 +17,9 @@
}; };
}; };
config = lib.mkIf config.me.flux.enable ( config = lib.mkIf config.me.flux.enable {
lib.mkMerge [ environment.systemPackages = with pkgs; [
{ fluxcd
environment.systemPackages = with pkgs; [ ];
fluxcd };
];
}
]
);
} }

11
nix/configuration/roles/fonts/default.nix
View File

@ -8,7 +8,16 @@
{ {
imports = [ ]; imports = [ ];
config = lib.mkIf config.me.graphical { options.me = {
font.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install font.";
};
};
config = lib.mkIf (config.me.font.enable && config.me.graphical) {
fonts = { fonts = {
enableDefaultPackages = false; enableDefaultPackages = false;
packages = with pkgs; [ packages = with pkgs; [

40
nix/configuration/roles/gcloud/default.nix
View File

@ -17,27 +17,23 @@
}; };
}; };
config = lib.mkIf config.me.gcloud.enable ( config = lib.mkIf config.me.gcloud.enable {
lib.mkMerge [ environment.systemPackages = with pkgs; [
{ (google-cloud-sdk.withExtraComponents [ google-cloud-sdk.components.gke-gcloud-auth-plugin ])
environment.systemPackages = with pkgs; [ ];
(google-cloud-sdk.withExtraComponents [ google-cloud-sdk.components.gke-gcloud-auth-plugin ])
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
directories = [ directories = [
{ {
directory = ".config/gcloud"; directory = ".config/gcloud";
user = "talexander"; user = "talexander";
group = "talexander"; group = "talexander";
mode = "0700"; mode = "0700";
} }
]; ];
}; };
}; };
} };
]
);
} }

99
nix/configuration/roles/git/default.nix
View File

@ -21,6 +21,13 @@ in
imports = [ ]; imports = [ ];
options.me = { options.me = {
git.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install git.";
};
git.config = lib.mkOption { git.config = lib.mkOption {
type = lib.types.nullOr lib.types.path; type = lib.types.nullOr lib.types.path;
default = null; default = null;
@ -29,51 +36,53 @@ in
}; };
}; };
config = lib.mkMerge [ config = lib.mkIf config.me.git.enable (
{ lib.mkMerge [
environment.systemPackages = with pkgs; [ {
my_git environment.systemPackages = with pkgs; [
]; my_git
} ];
(lib.mkIf (config.me.git.config != null) { }
me.install.user.talexander.file = { (lib.mkIf (config.me.git.config != null) {
".gitconfig" = { me.install.user.talexander.file = {
source = config.me.git.config; ".gitconfig" = {
source = config.me.git.config;
};
}; };
}; })
}) (lib.mkIf (config.me.graphical) {
(lib.mkIf (config.me.graphical) { nixpkgs.overlays = [
nixpkgs.overlays = [ (final: prev: {
(final: prev: { my_git = (
my_git = ( pkgs.buildEnv {
pkgs.buildEnv { name = prev.git.name;
name = prev.git.name; version = prev.git.version;
version = prev.git.version; paths =
paths = (builtins.map (git_wrapped prev.git) [
(builtins.map (git_wrapped prev.git) [ "git"
"git" ])
]) ++ [
++ [ prev.git
prev.git ];
extraOutputsToInstall = [
"man"
"doc"
"info"
]; ];
extraOutputsToInstall = [ nativeBuildInputs = [ final.makeWrapper ];
"man" ignoreCollisions = true;
"doc" }
"info" );
]; })
nativeBuildInputs = [ final.makeWrapper ]; ];
ignoreCollisions = true; })
} (lib.mkIf (!config.me.graphical) {
); nixpkgs.overlays = [
}) (final: prev: {
]; my_git = prev.git;
}) })
(lib.mkIf (!config.me.graphical) { ];
nixpkgs.overlays = [ })
(final: prev: { ]
my_git = prev.git; );
})
];
})
];
} }

14
nix/configuration/roles/gnuplot/default.nix
View File

@ -17,13 +17,9 @@
}; };
}; };
config = lib.mkIf config.me.gnuplot.enable ( config = lib.mkIf config.me.gnuplot.enable {
lib.mkMerge [ environment.systemPackages = with pkgs; [
{ gnuplot
environment.systemPackages = with pkgs; [ ];
gnuplot };
];
}
]
);
} }

198
nix/configuration/roles/gpg/default.nix
View File

@ -25,109 +25,105 @@ in
}; };
}; };
config = lib.mkIf config.me.gpg.enable ( config = lib.mkIf config.me.gpg.enable {
lib.mkMerge [ # Fetch public keys:
{ # gpg --locate-external-keys tom@fizz.buzz
# Fetch public keys:
# gpg --locate-external-keys tom@fizz.buzz
hardware.gpgSmartcards.enable = true; hardware.gpgSmartcards.enable = true;
services.udev.packages = [ services.udev.packages = [
pkgs.yubikey-personalization pkgs.yubikey-personalization
pkgs.libfido2 pkgs.libfido2
(pkgs.writeTextFile { (pkgs.writeTextFile {
name = "my-rules"; name = "my-rules";
text = '' text = ''
ACTION=="add", SUBSYSTEM=="usb", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0406", MODE="660", GROUP="wheel" ACTION=="add", SUBSYSTEM=="usb", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0406", MODE="660", GROUP="wheel"
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0406", TAG+="uaccess", GROUP="wheel", MODE="0660" KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0406", TAG+="uaccess", GROUP="wheel", MODE="0660"
''; '';
destination = "/etc/udev/rules.d/50-yubikey.rules"; destination = "/etc/udev/rules.d/50-yubikey.rules";
}) })
];
services.pcscd.enable = true;
me.install.user.talexander.file = {
".gnupg/scdaemon.conf" = {
source = ./files/scdaemon.conf;
};
};
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-qt;
# Settings block populates /etc/gnupg/gpg-agent.conf
# settings = {
# };
};
# Disabled because it breaks signing git commits because gpg wants to copy pubring.kbx. Unfortunately, this makes the install of scdaemon.conf do nothing since this mount of the full .gnupg directory goes over it.
#
# environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
# hideMounts = true;
# users.talexander = {
# files = [
# {
# file = ".gnupg/trustdb.gpg";
# parentDirectory = {
# mode = "u=rwx,g=,o=";
# };
# }
# {
# file = ".gnupg/pubring.kbx";
# parentDirectory = {
# mode = "u=rwx,g=,o=";
# };
# }
# {
# file = ".gnupg/tofu.db";
# parentDirectory = {
# mode = "u=rwx,g=,o=";
# };
# }
# ];
# directories = [
# {
# directory = ".gnupg/crls.d";
# user = "talexander";
# group = "talexander";
# mode = "0700";
# }
# {
# directory = ".gnupg/private-keys-v1.d";
# user = "talexander";
# group = "talexander";
# mode = "0700";
# }
# ];
# };
# };
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".gnupg";
user = "talexander";
group = "talexander";
mode = "0700";
}
]; ];
services.pcscd.enable = true; };
};
me.install.user.talexander.file = { environment.systemPackages = with pkgs; [
".gnupg/scdaemon.conf" = { pcsclite
source = ./files/scdaemon.conf; pcsctools
}; glibcLocales
}; ccid
libusb-compat-0_1
gpg_test_wkd
];
programs.gnupg.agent = { programs.gnupg.agent.enableExtraSocket = true;
enable = true; };
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-qt;
# Settings block populates /etc/gnupg/gpg-agent.conf
# settings = {
# };
};
# Disabled because it breaks signing git commits because gpg wants to copy pubring.kbx. Unfortunately, this makes the install of scdaemon.conf do nothing since this mount of the full .gnupg directory goes over it.
#
# environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
# hideMounts = true;
# users.talexander = {
# files = [
# {
# file = ".gnupg/trustdb.gpg";
# parentDirectory = {
# mode = "u=rwx,g=,o=";
# };
# }
# {
# file = ".gnupg/pubring.kbx";
# parentDirectory = {
# mode = "u=rwx,g=,o=";
# };
# }
# {
# file = ".gnupg/tofu.db";
# parentDirectory = {
# mode = "u=rwx,g=,o=";
# };
# }
# ];
# directories = [
# {
# directory = ".gnupg/crls.d";
# user = "talexander";
# group = "talexander";
# mode = "0700";
# }
# {
# directory = ".gnupg/private-keys-v1.d";
# user = "talexander";
# group = "talexander";
# mode = "0700";
# }
# ];
# };
# };
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".gnupg";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
environment.systemPackages = with pkgs; [
pcsclite
pcsctools
glibcLocales
ccid
libusb-compat-0_1
gpg_test_wkd
];
programs.gnupg.agent.enableExtraSocket = true;
}
]
);
} }

53
nix/configuration/roles/hydra/default.nix
View File

@ -1,7 +1,6 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:
@ -17,33 +16,29 @@
}; };
}; };
config = lib.mkIf config.me.hydra.enable ( config = lib.mkIf config.me.hydra.enable {
lib.mkMerge [ services.hydra = {
{ enable = true;
services.hydra = { hydraURL = "http://localhost:3000"; # Externally visible URL
enable = true; notificationSender = "hydra@localhost"; # "From" address for hydra emails.
hydraURL = "http://localhost:3000"; # Externally visible URL # a standalone Hydra will require you to unset the buildMachinesFiles list to avoid using a nonexistant /etc/nix/machines
notificationSender = "hydra@localhost"; # "From" address for hydra emails. buildMachinesFiles = [ ];
# a standalone Hydra will require you to unset the buildMachinesFiles list to avoid using a nonexistant /etc/nix/machines useSubstitutes = true;
buildMachinesFiles = [ ]; };
useSubstitutes = true;
};
# nix.buildMachines = [ # nix.buildMachines = [
# { # {
# hostName = "localhost"; # hostName = "localhost";
# protocol = null; # protocol = null;
# system = "x86_64-linux"; # system = "x86_64-linux";
# supportedFeatures = [ # supportedFeatures = [
# "kvm" # "kvm"
# "nixos-test" # "nixos-test"
# "big-parallel" # "big-parallel"
# "benchmark" # "benchmark"
# ]; # ];
# maxJobs = 8; # maxJobs = 8;
# } # }
# ]; # ];
} };
]
);
} }

29
nix/configuration/roles/image_based_appliance/default.nix Normal file
View File

@ -0,0 +1,29 @@
{
config,
lib,
...
}:
{
imports = [ ];
options.me = {
image_based_appliance.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install image_based_appliance.";
};
};
config = lib.mkIf config.me.image_based_appliance.enable (
lib.mkMerge [
{
# Do not install nix. A full new image must be built to update
# the machine.
nix.enable = false;
system.switch.enable = false;
}
]
);
}

12
nix/configuration/roles/iso/default.nix
View File

@ -1,18 +1,22 @@
{ {
config,
lib, lib,
pkgs,
... ...
}: }:
{ {
imports = [ ]; imports = [ ];
options.me.buildingIso = lib.mkOption { options.me.buildingPortable = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
example = true; example = true;
description = "Whether we are building an ISO image."; description = "Whether we are building a portable image (iso/sd). This would disable CPU-specific optimizations and persistent file mounts.";
}; };
options.me.mountPersistence = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we should mount persistent directories.";
};
} }

16
nix/configuration/roles/iso_mount/default.nix
View File

@ -32,14 +32,10 @@ in
}; };
}; };
config = lib.mkIf config.me.iso_mount.enable ( config = lib.mkIf config.me.iso_mount.enable {
lib.mkMerge [ environment.systemPackages = [
{ iso_mount
environment.systemPackages = [ iso_unmount
iso_mount ];
iso_unmount };
];
}
]
);
} }

34
nix/configuration/roles/kanshi/default.nix
View File

@ -26,27 +26,19 @@ in
}; };
}; };
config = lib.mkIf config.me.kanshi.enable ( config = lib.mkIf (config.me.kanshi.enable && config.me.graphical) {
lib.mkMerge [ environment.systemPackages = with pkgs; [
{ kanshi
environment.systemPackages = with pkgs; [ ];
];
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
kanshi
];
me.swayIncludes = [ me.swayIncludes = [
exec_kanshi exec_kanshi
]; ];
me.install.user.talexander.file = { me.install.user.talexander.file = {
".config/kanshi/config" = { ".config/kanshi/config" = {
source = ./files/config_kanshi; source = ./files/config_kanshi;
}; };
}; };
}) };
]
);
} }

130
nix/configuration/roles/kodi/default.nix
View File

@ -17,75 +17,67 @@
}; };
}; };
config = lib.mkIf config.me.kodi.enable ( config = lib.mkIf (config.me.kodi.enable && config.me.graphical) {
lib.mkMerge [ services.cage.user = "kodi";
{ services.cage.program = "${pkgs.kodi-wayland}/bin/kodi-standalone";
environment.systemPackages = with pkgs; [ services.cage.enable = true;
];
}
(lib.mkIf config.me.graphical {
services.cage.user = "kodi";
services.cage.program = "${pkgs.kodi-wayland}/bin/kodi-standalone";
services.cage.enable = true;
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: prev: { (final: prev: {
kodi-wayland = prev.kodi-wayland.withPackages ( kodi-wayland = prev.kodi-wayland.withPackages (
kodiPkgs: with kodiPkgs; [ kodiPkgs: with kodiPkgs; [
joystick joystick
vfs-sftp vfs-sftp
] ]
); );
})
];
users.users.kodi = {
isNormalUser = true;
createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481
group = "kodi";
extraGroups = [ ];
uid = 12000;
packages = with pkgs; [
tree
];
# Generate with `mkpasswd -m scrypt`
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
];
};
users.groups.kodi.gid = 12000;
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.kodi = {
directories = [
{
directory = ".ssh";
user = "kodi";
group = "kodi";
mode = "0755";
}
{
directory = ".kodi";
user = "kodi";
group = "kodi";
mode = "0755";
}
];
};
};
# home.file.".kodi/userdata/mediasources.xml".source = ./files/mediasources.xml;
# home.file.".kodi/userdata/addon_data/peripheral.joystick/resources/buttonmaps/xml/linux/DualSense_Wireless_Controller_13b_8a.xml".source =
# ./files/DualSense_Wireless_Controller_13b_8a.xml;
# TODO: Maybe .kodi/userdata/sources.xml
# TODO: ./userdata/guisettings.xml:303: <setting id="filecache.memorysize">128</setting>
}) })
] ];
);
users.users.kodi = {
isNormalUser = true;
createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481
group = "kodi";
extraGroups = [ ];
uid = 12000;
packages = with pkgs; [
tree
];
# Generate with `mkpasswd -m scrypt`
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
];
};
users.groups.kodi.gid = 12000;
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.kodi = {
directories = [
{
directory = ".ssh";
user = "kodi";
group = "kodi";
mode = "0755";
}
{
directory = ".kodi";
user = "kodi";
group = "kodi";
mode = "0755";
}
];
};
};
# home.file.".kodi/userdata/mediasources.xml".source = ./files/mediasources.xml;
# home.file.".kodi/userdata/addon_data/peripheral.joystick/resources/buttonmaps/xml/linux/DualSense_Wireless_Controller_13b_8a.xml".source =
# ./files/DualSense_Wireless_Controller_13b_8a.xml;
# TODO: Maybe .kodi/userdata/sources.xml
# TODO: ./userdata/guisettings.xml:303: <setting id="filecache.memorysize">128</setting>
};
} }

62
nix/configuration/roles/kubernetes/default.nix
View File

@ -56,38 +56,34 @@ in
}; };
}; };
config = lib.mkIf config.me.kubernetes.enable ( config = lib.mkIf config.me.kubernetes.enable {
lib.mkMerge [ environment.systemPackages = with pkgs; [
{ kubectl
environment.systemPackages = with pkgs; [ kubeswitch
kubectl stern
kubeswitch alias_kx
stern alias_ks
alias_kx alias_k
alias_ks alias_ka
alias_k alias_kdel
alias_ka alias_kd
alias_kdel alias_klog
alias_kd decrypt_k8s_secret
alias_klog ingress2gateway # Convert ingress yaml to gateway yaml
decrypt_k8s_secret ];
ingress2gateway # Convert ingress yaml to gateway yaml
];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
directories = [ directories = [
{ {
directory = ".kube"; directory = ".kube";
user = "talexander"; user = "talexander";
group = "talexander"; group = "talexander";
mode = "0750"; mode = "0750";
} }
]; ];
}; };
}; };
} };
]
);
} }

68
nix/configuration/roles/latex/default.nix
View File

@ -17,42 +17,36 @@
}; };
}; };
config = lib.mkIf config.me.latex.enable ( config = lib.mkIf config.me.latex.enable {
lib.mkMerge [ environment.systemPackages = with pkgs; [
{ tex
environment.systemPackages = with pkgs; [ ];
tex
];
}
{
nixpkgs.overlays = [
(final: prev: {
tex = (
pkgs.texlive.combine {
inherit (pkgs.texlive)
scheme-basic
dvisvgm
dvipng # for preview and export as html in org-mode
wrapfig
amsmath
ulem
hyperref
capt-of
svg # emacs org-mode pdf export
catchfile # emacs org-mode pdf export
xcolor # emacs org-mode pdf export
transparent # emacs org-mode pdf export
pgf # emacs org-mode pdf export
minted # emacs org-mode pdf export code block highlighting
upquote # emacs org-mode pdf export
lineno # emacs org-mode pdf export
;
}
);
})
];
} nixpkgs.overlays = [
] (final: prev: {
); tex = (
pkgs.texlive.combine {
inherit (pkgs.texlive)
scheme-basic
dvisvgm
dvipng # for preview and export as html in org-mode
wrapfig
amsmath
ulem
hyperref
capt-of
svg # emacs org-mode pdf export
catchfile # emacs org-mode pdf export
xcolor # emacs org-mode pdf export
transparent # emacs org-mode pdf export
pgf # emacs org-mode pdf export
minted # emacs org-mode pdf export code block highlighting
upquote # emacs org-mode pdf export
lineno # emacs org-mode pdf export
;
}
);
})
];
};
} }

48
nix/configuration/roles/launch_keyboard/default.nix
View File

@ -17,32 +17,28 @@
}; };
}; };
config = lib.mkIf config.me.launch_keyboard.enable ( config = lib.mkIf (config.me.launch_keyboard.enable && config.me.graphical) {
lib.mkMerge [ environment.systemPackages = with pkgs; [
(lib.mkIf config.me.graphical { system76-keyboard-configurator
environment.systemPackages = with pkgs; [ dfu-programmer # For flashing keyboard https://support.system76.com/articles/launch_2-firmware-update/
system76-keyboard-configurator avrdude # For flashing keyboard https://support.system76.com/articles/launch_2-firmware-update/
dfu-programmer # For flashing keyboard https://support.system76.com/articles/launch_2-firmware-update/ lxqt.lxqt-policykit # Need a polkit agent to launch the keyboard configurator
avrdude # For flashing keyboard https://support.system76.com/articles/launch_2-firmware-update/ ];
lxqt.lxqt-policykit # Need a polkit agent to launch the keyboard configurator
];
systemd = { systemd = {
user.services.lxqt-policykit-agent = { user.services.lxqt-policykit-agent = {
description = "lxqt-policykit-agent"; description = "lxqt-policykit-agent";
wantedBy = [ "graphical-session.target" ]; wantedBy = [ "graphical-session.target" ];
wants = [ "graphical-session.target" ]; wants = [ "graphical-session.target" ];
after = [ "graphical-session.target" ]; after = [ "graphical-session.target" ];
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
ExecStart = "${pkgs.lxqt.lxqt-policykit}/bin/lxqt-policykit-agent"; ExecStart = "${pkgs.lxqt.lxqt-policykit}/bin/lxqt-policykit-agent";
Restart = "on-failure"; Restart = "on-failure";
RestartSec = 1; RestartSec = 1;
TimeoutStopSec = 10; TimeoutStopSec = 10;
};
};
}; };
}) };
] };
); };
} }

2
nix/configuration/roles/lvfs/default.nix
View File

@ -22,7 +22,7 @@
{ {
# TODO: Is this installing firmware or just downloading it? # TODO: Is this installing firmware or just downloading it?
services.fwupd.enable = true; services.fwupd.enable = true;
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
directories = [ directories = [
{ {

34
nix/configuration/roles/memtest86/default.nix
View File

@ -7,15 +7,27 @@
{ {
imports = [ ]; imports = [ ];
config = lib.mkMerge [
{ options.me = {
environment.systemPackages = with pkgs; [ memtest.enable = lib.mkOption {
memtest86plus type = lib.types.bool;
]; default = false;
} example = true;
# (lib.mkIf (config.me.buildingIso) { description = "Whether we want to install memtest.";
# boot.loader.systemd-boot.memtest86.enable = true; };
# boot.loader.grub.memtest86.enable = true; };
# })
]; config = lib.mkIf config.me.memtest.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
memtest86plus
];
}
# (lib.mkIf (config.me.buildingPortable) {
# boot.loader.systemd-boot.memtest86.enable = true;
# boot.loader.grub.memtest86.enable = true;
# })
]
);
} }

205
nix/configuration/roles/network/default.nix
View File

@ -2,7 +2,6 @@
config, config,
lib, lib,
pkgs, pkgs,
pkgs-dda3dcd3f,
... ...
}: }:
@ -19,114 +18,108 @@
{ {
imports = [ ]; imports = [ ];
networking.dhcpcd.enable = lib.mkDefault false; options.me = {
networking.useDHCP = lib.mkDefault false; network.enable = lib.mkOption {
networking.nameservers = [ type = lib.types.bool;
"194.242.2.2#doh.mullvad.net" default = false;
"2a07:e340::2#doh.mullvad.net" example = true;
]; description = "Whether we want to install network.";
services.resolved = {
enable = true;
# dnssec = "true";
domains = [ "~." ];
fallbackDns = [ ];
dnsovertls = "true";
};
# Without this, systemd-resolved will send DNS requests for <X>.home.arpa to the per-link DNS server (172.16.0.1) which does not support DNS-over-TLS. This leads to the connection hanging and timing out. This causes firefox startup to take an extra 10+ seconds.
#
# Test with: drill @127.0.0.53 odo.home.arpa
# TODO: The 127.0.0.1 address should probably be moved to a host-specific file.
networking.extraHosts = ''
127.0.0.1 ${config.networking.hostName}.home.arpa
10.216.1.1 homeserver
10.216.1.6 media
10.216.1.12 odo
10.216.1.14 neelix
10.216.1.15 quark
10.217.1.1 drmario
10.217.2.1 mrmanager
'';
networking.wireless.iwd = {
enable = true;
settings = {
General = {
EnableNetworkConfiguration = true;
AddressRandomization = "network";
};
# Rank = {
# BandModifier2_4GHz = 1.0;
# BandModifier5GHz = 1.0;
# BandModifier6GHz = 1.0;
# };
DriverQuirks = {
PowerSaveDisable = "*";
# ath12k_pci
};
# Scan = {
# DisablePeriodicScan = true;
# DisableRoamingScan = true;
# };
}; };
}; };
environment.systemPackages = with pkgs; [
iw
iwd
ldns # for drill
arp-scan # To find devices on the network
wavemon
dhcpcd # For Android USB tethering.
];
boot.extraModprobeConfig = '' config = lib.mkIf config.me.network.enable {
# Set wifi to US networking.dhcpcd.enable = lib.mkDefault false;
options cfg80211 ieee80211_regdom=US networking.useDHCP = lib.mkDefault false;
''; networking.nameservers = [
"194.242.2.2#doh.mullvad.net"
"2a07:e340::2#doh.mullvad.net"
];
services.resolved = {
enable = true;
# dnssec = "true";
domains = [ "~." ];
fallbackDns = [ ];
dnsovertls = "true";
};
boot.kernel.sysctl = { # Without this, systemd-resolved will send DNS requests for <X>.home.arpa to the per-link DNS server (172.16.0.1) which does not support DNS-over-TLS. This leads to the connection hanging and timing out. This causes firefox startup to take an extra 10+ seconds.
# Enable TCP packetization-layer PMTUD when an ICMP black hole is detected. #
"net.ipv4.tcp_mtu_probing" = 1; # Test with: drill @127.0.0.53 odo.home.arpa
# Switch to bbr tcp congestion control which should be better on lossy connections like bad wifi. # TODO: The 127.0.0.1 address should probably be moved to a host-specific file.
# We set this in the kernel config, but include this here for unoptimized builds. networking.extraHosts = ''
"net.ipv4.tcp_congestion_control" = "bbr"; 127.0.0.1 ${config.networking.hostName}.home.arpa
# Don't do a slow start after a connection has been idle for a single RTO. 10.216.1.1 homeserver
"net.ipv4.tcp_slow_start_after_idle" = 0; 10.216.1.6 media
# 3x time to accumulate filesystem changes before flushing to disk. 10.216.1.12 odo
"vm.dirty_writeback_centisecs" = 1500; 10.216.1.14 neelix
# Adjust ttl 10.216.1.15 quark
"net.ipv4.ip_default_ttl" = 65; 10.217.1.1 drmario
"net.ipv6.conf.all.hop_limit" = 65; 10.217.2.1 mrmanager
"net.ipv6.conf.default.hop_limit" = 65; '';
# Enable IPv6 Privacy Extensions
"net.ipv6.conf.all.use_tempaddr" = 2; networking.wireless.iwd = {
# Enable IPv6 Privacy Extensions enable = true;
# This is enabled by default in nixos.
# "net.ipv6.conf.default.use_tempaddr" = 2; settings = {
General = {
EnableNetworkConfiguration = true;
AddressRandomization = "network";
};
# Rank = {
# BandModifier2_4GHz = 1.0;
# BandModifier5GHz = 1.0;
# BandModifier6GHz = 1.0;
# };
DriverQuirks = {
PowerSaveDisable = "*";
# ath12k_pci
};
# Scan = {
# DisablePeriodicScan = true;
# DisableRoamingScan = true;
# };
};
};
environment.systemPackages = with pkgs; [
iw
iwd
ldns # for drill
arp-scan # To find devices on the network
wavemon
dhcpcd # For Android USB tethering.
];
boot.extraModprobeConfig = ''
# Set wifi to US
options cfg80211 ieee80211_regdom=US
'';
boot.kernel.sysctl = {
# Enable TCP packetization-layer PMTUD when an ICMP black hole is detected.
"net.ipv4.tcp_mtu_probing" = 1;
# Switch to bbr tcp congestion control which should be better on lossy connections like bad wifi.
# We set this in the kernel config, but include this here for unoptimized builds.
"net.ipv4.tcp_congestion_control" = "bbr";
# Don't do a slow start after a connection has been idle for a single RTO.
"net.ipv4.tcp_slow_start_after_idle" = 0;
# 3x time to accumulate filesystem changes before flushing to disk.
"vm.dirty_writeback_centisecs" = 1500;
# Adjust ttl
"net.ipv4.ip_default_ttl" = 65;
"net.ipv6.conf.all.hop_limit" = 65;
"net.ipv6.conf.default.hop_limit" = 65;
# Enable IPv6 Privacy Extensions
"net.ipv6.conf.all.use_tempaddr" = 2;
# Enable IPv6 Privacy Extensions
# This is enabled by default in nixos.
# "net.ipv6.conf.default.use_tempaddr" = 2;
};
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
directories = [
"/var/lib/iwd" # Wifi settings
];
};
}; };
# nixpkgs.overlays = [
# (final: prev: {
# inherit (pkgs-dda3dcd3f)
# linux-firmware
# ;
# })
# ];
# nixpkgs.overlays = [
# (final: prev: {
# linux-firmware = prev.linux-firwmare.overrideAttrs (old: rec {
# version = "20250917";
# src = final.fetchFromGitLab {
# owner = "kernel-firmware";
# repo = "linux-firmware";
# tag = version;
# hash = "sha256-tecFB6WYEfBK9FB7Rv8nHLdefIoaFnHrpzXBl+iSd08=";
# };
# });
# })
# ];
} }

41
nix/configuration/roles/nix_index/default.nix
View File

@ -17,28 +17,23 @@
}; };
}; };
config = lib.mkIf config.me.nix_index.enable ( config = lib.mkIf config.me.nix_index.enable {
lib.mkMerge [ environment.systemPackages = with pkgs; [
{ nix-index-unwrapped
environment.systemPackages = with pkgs; [ ];
nix-index-unwrapped
environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".cache/nix-index";
user = "talexander";
group = "talexander";
mode = "0755";
}
]; ];
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) { };
hideMounts = true; };
users.talexander = {
directories = [
{
directory = ".cache/nix-index";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
}
]
);
} }

45
nix/configuration/roles/nix_worker/default.nix
View File

@ -13,7 +13,6 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:
@ -29,29 +28,25 @@
}; };
}; };
config = lib.mkIf config.me.nix_worker.enable ( config = lib.mkIf config.me.nix_worker.enable {
lib.mkMerge [ nix.settings.trusted-users = [ "nixworker" ];
{
nix.settings.trusted-users = [ "nixworker" ];
users.users.nixworker = { users.users.nixworker = {
isNormalUser = true; isNormalUser = true;
createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481 createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481
group = "nixworker"; group = "nixworker";
# extraGroups = [ "wheel" ]; # extraGroups = [ "wheel" ];
# Generate with `mkpasswd -m scrypt` # Generate with `mkpasswd -m scrypt`
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48"; hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
# Normal keys: # Normal keys:
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo=" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo=" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
# Key for nix to connect: # Key for nix to connect:
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB/IlYTQ0M5pFN5tdoswh37CDl/gbULI3h+SsKXCansh talexander@odo" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB/IlYTQ0M5pFN5tdoswh37CDl/gbULI3h+SsKXCansh talexander@odo"
]; ];
}; };
users.groups.nixworker = { }; users.groups.nixworker = { };
} };
]
);
} }

17
nix/configuration/roles/nvme/default.nix
View File

@ -8,7 +8,18 @@
{ {
imports = [ ]; imports = [ ];
environment.systemPackages = with pkgs; [ options.me = {
nvme-cli nvme.enable = lib.mkOption {
]; type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install nvme.";
};
};
config = lib.mkIf config.me.nvme.enable {
environment.systemPackages = with pkgs; [
nvme-cli
];
};
} }

44
nix/configuration/roles/openpgp_card_tools/default.nix
View File

@ -19,31 +19,27 @@
}; };
}; };
config = lib.mkIf config.me.openpgp_card_tools.enable ( config = lib.mkIf config.me.openpgp_card_tools.enable {
lib.mkMerge [ environment.systemPackages = with pkgs; [
{ openpgp-card-tools
environment.systemPackages = with pkgs; [ openpgp-card-tool-git
openpgp-card-tools openpgp-card-ssh-agent
openpgp-card-tool-git ];
openpgp-card-ssh-agent
];
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: prev: { (final: prev: {
openpgp-card-tool-git = (final.callPackage ./package/openpgp-card-tool-git/package.nix { }); openpgp-card-tool-git = (final.callPackage ./package/openpgp-card-tool-git/package.nix { });
openpgp-card-ssh-agent = (final.callPackage ./package/openpgp-card-ssh-agent/package.nix { }); openpgp-card-ssh-agent = (final.callPackage ./package/openpgp-card-ssh-agent/package.nix { });
}) })
]; ];
me.install.user.talexander.file = { me.install.user.talexander.file = {
".config/openpgp-card-state/config.toml" = { ".config/openpgp-card-state/config.toml" = {
source = ./files/openpgp-card-state.toml; source = ./files/openpgp-card-state.toml;
}; };
}; };
# The current openpgp-card-ssh-agent has an outdated dependency on openpgp-card-state which makes it not handle my current openpgp-card-state.toml # The current openpgp-card-ssh-agent has an outdated dependency on openpgp-card-state which makes it not handle my current openpgp-card-state.toml
# services.openpgp-card-ssh-agent.enable = true; # services.openpgp-card-ssh-agent.enable = true;
} };
]
);
} }

6
nix/configuration/roles/openpgp_card_tools/openpgp-card-ssh-agent.nix
View File

@ -9,13 +9,7 @@
let let
inherit (lib) inherit (lib)
mkIf mkIf
mkOption
mkEnableOption
mkPackageOption mkPackageOption
mkDefault
types
concatMapStringsSep
generators
; ;
cfg = config.services.openpgp-card-ssh-agent; cfg = config.services.openpgp-card-ssh-agent;
in in

5
nix/configuration/roles/optimized_build/default.nix
View File

@ -31,7 +31,6 @@
"gccarch-znver4" "gccarch-znver4"
"gccarch-znver5" "gccarch-znver5"
"gccarch-skylake" "gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3" "gccarch-x86-64-v3"
"gccarch-x86-64-v4" "gccarch-x86-64-v4"
"benchmark" "benchmark"
@ -99,9 +98,10 @@
) )
(final: prev: { (final: prev: {
inherit (pkgs-unoptimized) inherit (pkgs-unoptimized)
assimp
binaryen
gsl gsl
rapidjson rapidjson
assimp
; ;
}) })
]; ];
@ -115,6 +115,5 @@
} }
] ]
)) ))
]; ];
} }

136
nix/configuration/roles/pcsx2/default.nix
View File

@ -17,77 +17,73 @@
}; };
}; };
config = lib.mkIf config.me.pcsx2.enable ( config = lib.mkIf (config.me.pcsx2.enable && config.me.graphical) {
lib.mkMerge [ environment.systemPackages = with pkgs; [
(lib.mkIf config.me.graphical { pcsx2
environment.systemPackages = with pkgs; [ ];
pcsx2
environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{
# Shaders, games list, and achievement data.
directory = ".config/PCSX2/cache";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Save states.
directory = ".config/PCSX2/sstates";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Screenshots.
directory = ".config/PCSX2/snaps";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Game covers.
directory = ".config/PCSX2/covers";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Video recordings.
directory = ".config/PCSX2/videos";
user = "talexander";
group = "talexander";
mode = "0755";
}
]; ];
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
directories = [ directories = [
{ {
# Shaders, games list, and achievement data. # Game saves
directory = ".config/PCSX2/cache"; directory = ".config/PCSX2/memcards";
user = "talexander"; user = "talexander";
group = "talexander"; group = "talexander";
mode = "0755"; mode = "0755";
} }
{ ];
# Save states. };
directory = ".config/PCSX2/sstates"; };
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Screenshots.
directory = ".config/PCSX2/snaps";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Game covers.
directory = ".config/PCSX2/covers";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Video recordings.
directory = ".config/PCSX2/videos";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { me.install.user.talexander.file = {
hideMounts = true; ".config/PCSX2/inis/PCSX2.ini" = {
users.talexander = { source = ./files/PCSX2.ini;
directories = [ };
{ };
# Game saves };
directory = ".config/PCSX2/memcards";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
me.install.user.talexander.file = {
".config/PCSX2/inis/PCSX2.ini" = {
source = ./files/PCSX2.ini;
};
};
})
]
);
} }

107
nix/configuration/roles/podman/default.nix
View File

@ -17,64 +17,59 @@
}; };
}; };
config = lib.mkIf config.me.podman.enable ( config = lib.mkIf config.me.podman.enable {
lib.mkMerge [ assertions = [
{ {
assertions = [ assertion = !config.me.docker.enable;
message = "podman conflicts with docker";
}
];
environment.systemPackages = with pkgs; [
dive
podman-tui
podman-compose
];
# Write config files in /etc/containers
virtualisation.containers.enable = true;
# By default this includes "quay.io" which leads to prompting for which registry to download from.
virtualisation.containers.registries.search = [ "docker.io" ];
virtualisation = {
podman = {
enable = true;
# Install docker shim
dockerCompat = true;
# Support name resolution in podman-compose.
defaultNetwork.settings.dns_enabled = true;
};
};
environment.variables = {
# For compatibility with tools expecting a docker socket (like dive).
DOCKER_HOST = "unix://$XDG_RUNTIME_DIR/podman/podman.sock";
};
environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
directories = [
{
directory = "/var/lib/containers";
user = "root";
group = "root";
mode = "0755";
}
];
users.talexander = {
directories = [
{ {
assertion = !config.me.docker.enable; directory = ".local/share/containers";
message = "podman conflicts with docker"; user = "talexander";
group = "talexander";
mode = "0700";
} }
]; ];
} };
{ };
environment.systemPackages = with pkgs; [ };
dive
podman-tui
podman-compose
];
# Write config files in /etc/containers
virtualisation.containers.enable = true;
# By default this includes "quay.io" which leads to prompting for which registry to download from.
virtualisation.containers.registries.search = [ "docker.io" ];
virtualisation = {
podman = {
enable = true;
# Install docker shim
dockerCompat = true;
# Support name resolution in podman-compose.
defaultNetwork.settings.dns_enabled = true;
};
};
environment.variables = {
# For compatibility with tools expecting a docker socket (like dive).
DOCKER_HOST = "unix://$XDG_RUNTIME_DIR/podman/podman.sock";
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
{
directory = "/var/lib/containers";
user = "root";
group = "root";
mode = "0755";
}
];
users.talexander = {
directories = [
{
directory = ".local/share/containers";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
}
]
);
} }

63
nix/configuration/roles/python/default.nix
View File

@ -17,38 +17,35 @@
}; };
}; };
config = lib.mkIf config.me.python.enable ( config = lib.mkIf config.me.python.enable {
lib.mkMerge [ environment.systemPackages = with pkgs; [
{ # (python3.withPackages (python-pkgs: [
environment.systemPackages = with pkgs; [ # python-pkgs.distro # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
(python3.withPackages (python-pkgs: [ # python-pkgs.pyudev # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
python-pkgs.distro # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py # python-pkgs.systemd # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
python-pkgs.pyudev # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py # python-pkgs.packaging # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
python-pkgs.systemd # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py # ]))
python-pkgs.packaging # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py python3
])) poetry
poetry pyright
pyright isort
isort black
black uv
uv ];
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
directories = [ directories = [
{ {
# Poetry virtual environments. # Poetry virtual environments.
directory = ".cache/pypoetry"; directory = ".cache/pypoetry";
user = "talexander"; user = "talexander";
group = "talexander"; group = "talexander";
mode = "0755"; mode = "0755";
} }
]; ];
}; };
}; };
} };
]
);
} }

16
nix/configuration/roles/qemu/default.nix
View File

@ -52,14 +52,10 @@ in
}; };
}; };
config = lib.mkIf config.me.qemu.enable ( config = lib.mkIf config.me.qemu.enable {
lib.mkMerge [ environment.systemPackages = with pkgs; [
{ qemu
environment.systemPackages = with pkgs; [ qemurc_wrapped
qemu ];
qemurc_wrapped };
];
}
]
);
} }

2
nix/configuration/roles/reset/default.nix
View File

@ -1,7 +1,5 @@
{ {
config,
lib, lib,
pkgs,
... ...
}: }:

252
nix/configuration/roles/rpcs3/default.nix
View File

@ -48,139 +48,135 @@ in
}; };
}; };
config = lib.mkIf config.me.rpcs3.enable ( config = lib.mkIf (config.me.rpcs3.enable && config.me.graphical) {
lib.mkMerge [ environment.systemPackages = with pkgs; [
(lib.mkIf config.me.graphical { rpcs3
environment.systemPackages = with pkgs; [ ];
rpcs3
];
security.pam.loginLimits = [ security.pam.loginLimits = [
{
domain = "@wheel";
item = "memlock";
type = "hard";
value = "unlimited";
}
{
domain = "@wheel";
item = "memlock";
type = "soft";
value = "unlimited";
}
];
me.install.user.talexander.file = {
".config/rpcs3/config.yml" = lib.mkIf (config.me.rpcs3.config != null) {
source = rpcs3_config_yaml;
};
".config/rpcs3/GuiConfigs/CurrentSettings.ini" = {
source = ./files/CurrentSettings.ini;
};
".config/rpcs3/custom_configs/config_BLUS30443.yml" = {
# Demon's Souls per-game config.
source = ./files/config_BLUS30443.yml;
};
".config/rpcs3/patches/patch.yml" = {
# All of the available patches.
source = ./files/patch.yml;
};
".config/rpcs3/patch_config.yml" = {
# Patches that I have enabled.
source = ./files/patch_config.yml;
};
};
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{ {
domain = "@wheel"; # Location of ROMs.
item = "memlock"; directory = ".config/rpcs3/games";
type = "hard"; user = "talexander";
value = "unlimited"; group = "talexander";
mode = "0755";
} }
{ {
domain = "@wheel"; directory = ".config/rpcs3/dev_hdd0";
item = "memlock"; user = "talexander";
type = "soft"; group = "talexander";
value = "unlimited"; mode = "0755";
}
{
directory = ".config/rpcs3/dev_hdd1";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
directory = ".config/rpcs3/savestates";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
directory = ".config/rpcs3/dev_usb000";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Seems to be where the firmware is installed.
directory = ".config/rpcs3/dev_flash";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Controller config.
directory = ".config/rpcs3/input_configs";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Game icons.
directory = ".config/rpcs3/Icons";
user = "talexander";
group = "talexander";
mode = "0755";
} }
]; ];
files = [
{
# play times and recently played
file = ".config/rpcs3/GuiConfigs/persistent_settings.dat";
parentDirectory = {
mode = "0755";
};
}
{
# Netplay (RPCN) config and credentials
file = ".config/rpcs3/rpcn.yml";
parentDirectory = {
mode = "0755";
};
}
];
};
};
me.install.user.talexander.file = { environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
".config/rpcs3/config.yml" = lib.mkIf (config.me.rpcs3.config != null) { hideMounts = true;
source = rpcs3_config_yaml; users.talexander = {
}; directories = [
".config/rpcs3/GuiConfigs/CurrentSettings.ini" = { {
source = ./files/CurrentSettings.ini; directory = ".cache/rpcs3";
}; user = "talexander";
".config/rpcs3/custom_configs/config_BLUS30443.yml" = { group = "talexander";
# Demon's Souls per-game config. mode = "0755";
source = ./files/config_BLUS30443.yml; }
}; ];
".config/rpcs3/patches/patch.yml" = { };
# All of the available patches. };
source = ./files/patch.yml; };
};
".config/rpcs3/patch_config.yml" = {
# Patches that I have enabled.
source = ./files/patch_config.yml;
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
# Location of ROMs.
directory = ".config/rpcs3/games";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
directory = ".config/rpcs3/dev_hdd0";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
directory = ".config/rpcs3/dev_hdd1";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
directory = ".config/rpcs3/savestates";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
directory = ".config/rpcs3/dev_usb000";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Seems to be where the firmware is installed.
directory = ".config/rpcs3/dev_flash";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Controller config.
directory = ".config/rpcs3/input_configs";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Game icons.
directory = ".config/rpcs3/Icons";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
files = [
{
# play times and recently played
file = ".config/rpcs3/GuiConfigs/persistent_settings.dat";
parentDirectory = {
mode = "0755";
};
}
{
# Netplay (RPCN) config and credentials
file = ".config/rpcs3/rpcn.yml";
parentDirectory = {
mode = "0755";
};
}
];
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".cache/rpcs3";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
})
]
);
} }

184
nix/configuration/roles/rust/default.nix
View File

@ -35,105 +35,101 @@ in
}; };
}; };
config = lib.mkIf config.me.rust.enable ( config = lib.mkIf config.me.rust.enable {
lib.mkMerge [ environment.systemPackages = with pkgs; [
{ rustup
environment.systemPackages = with pkgs; [ lldb # for lldb-vscode
rustup musl # for building static binaries
lldb # for lldb-vscode cargo-semver-checks
musl # for building static binaries # ? cargo-bloat
cargo-semver-checks # ? cargo-outdated
# ? cargo-bloat # ? cargo-public-api
# ? cargo-outdated ];
# ? cargo-public-api
me.install.user.talexander.file = {
".cargo/config.toml" = {
source = ./files/cargo_config.toml;
};
".rustup/settings.toml" = {
source = ./files/rustup_settings.toml;
};
};
environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".rustup";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
directory = ".cargo/registry";
user = "talexander";
group = "talexander";
mode = "0755";
}
]; ];
};
};
me.install.user.talexander.file = { systemd.services.link-rust-creds = {
".cargo/config.toml" = { # Contains credentials so it cannot be added to the nix store
source = ./files/cargo_config.toml; enable = true;
}; description = "link-rust-creds";
".rustup/settings.toml" = { wantedBy = [ "multi-user.target" ];
source = ./files/rustup_settings.toml; wants = [ "multi-user.target" ];
}; after = [ "multi-user.target" ];
}; # path = with pkgs; [
# zfs
# ];
unitConfig.DefaultDependencies = "no";
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
};
script = ''
if [ -e /persist/manual/rust/cargo_credentials.toml ]; then
install --directory --owner talexander --group talexander --mode 0755 /home/talexander/.cargo
ln -s /persist/manual/rust/cargo_credentials.toml /home/talexander/.cargo/credentials.toml
fi
'';
preStop = ''
rm -f /home/talexander/.cargo/credentials.toml
'';
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) { nixpkgs.overlays = [
hideMounts = true; (final: prev: {
users.talexander = { rustup = pkgs.symlinkJoin {
directories = [ name = "rustup";
{ paths =
directory = ".rustup"; (builtins.map (cargo_wrapped prev.rustup) [
user = "talexander"; "cargo"
group = "talexander"; "cargo-clippy"
mode = "0755"; "cargo-fmt"
} "cargo-miri"
{ "clippy-driver"
directory = ".cargo/registry"; "rls"
user = "talexander"; "rust-analyzer"
group = "talexander"; "rust-gdb"
mode = "0755"; "rust-gdbgui"
} "rust-lldb"
"rustc"
"rustdoc"
"rustfmt"
"rustup"
])
++ [
prev.rustup
]; ];
}; nativeBuildInputs = [ pkgs.makeWrapper ];
}; };
})
systemd.services.link-rust-creds = { ];
# Contains credentials so it cannot be added to the nix store };
enable = true;
description = "link-rust-creds";
wantedBy = [ "multi-user.target" ];
wants = [ "multi-user.target" ];
after = [ "multi-user.target" ];
# path = with pkgs; [
# zfs
# ];
unitConfig.DefaultDependencies = "no";
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
};
script = ''
if [ -e /persist/manual/rust/cargo_credentials.toml ]; then
install --directory --owner talexander --group talexander --mode 0755 /home/talexander/.cargo
ln -s /persist/manual/rust/cargo_credentials.toml /home/talexander/.cargo/credentials.toml
fi
'';
preStop = ''
rm -f /home/talexander/.cargo/credentials.toml
'';
};
nixpkgs.overlays = [
(final: prev: {
rustup = pkgs.symlinkJoin {
name = "rustup";
paths =
(builtins.map (cargo_wrapped prev.rustup) [
"cargo"
"cargo-clippy"
"cargo-fmt"
"cargo-miri"
"clippy-driver"
"rls"
"rust-analyzer"
"rust-gdb"
"rust-gdbgui"
"rust-lldb"
"rustc"
"rustdoc"
"rustfmt"
"rustup"
])
++ [
prev.rustup
];
nativeBuildInputs = [ pkgs.makeWrapper ];
};
})
];
}
]
);
} }
# TODO: Install clippy, cranelift, rust-src # TODO: Install clippy, cranelift, rust-src

14
nix/configuration/roles/sequoia/default.nix
View File

@ -17,13 +17,9 @@
}; };
}; };
config = lib.mkIf config.me.sequoia.enable ( config = lib.mkIf config.me.sequoia.enable {
lib.mkMerge [ environment.systemPackages = with pkgs; [
{ sequoia-sq
environment.systemPackages = with pkgs; [ ];
sequoia-sq };
];
}
]
);
} }

188
nix/configuration/roles/shadps4/default.nix
View File

@ -17,94 +17,118 @@
}; };
}; };
config = lib.mkIf config.me.shadps4.enable ( config = lib.mkIf (config.me.shadps4.enable && config.me.graphical) {
lib.mkMerge [ environment.systemPackages = with pkgs; [
(lib.mkIf config.me.graphical { shadps4
environment.systemPackages = with pkgs; [ ];
shadps4
me.install.user.talexander.file = {
".local/share/shadPS4/config.toml" = {
source = ./files/config.toml;
};
};
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{
# Location of ROMs.
directory = ".local/share/shadPS4/games";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Firmware.
directory = ".local/share/shadPS4/sys_modules";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Game saves.
directory = ".local/share/shadPS4/savedata";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# DLC.
directory = ".local/share/shadPS4/addcont";
user = "talexander";
group = "talexander";
mode = "0755";
}
]; ];
files = [
{
# play times and recently played
file = ".local/share/shadPS4/play_time.txt";
parentDirectory = {
mode = "0755";
};
}
];
};
};
me.install.user.talexander.file = { environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
".local/share/shadPS4/config.toml" = { hideMounts = true;
source = ./files/config.toml; users.talexander = {
directories = [
{
# Cache.
directory = ".local/share/shadPS4/data";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
nixpkgs.overlays = [
(final: prev: {
shadps4 = prev.shadps4.overrideAttrs (old: {
version = "0.11.0";
src = final.fetchFromGitHub {
owner = "AzaharPlus";
repo = "shadPS4Plus";
tag = "SHAD_PS4_PLUS_0_11_0";
hash = "sha256-puyINtFBTdMkOE2E9OnUlZ526vXHCWyKIWsZBaojQRk=";
fetchSubmodules = true;
}; };
}; });
})
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { (final: prev: {
hideMounts = true; pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
users.talexander = { (python-final: python-prev: {
directories = [ shiboken2 = python-prev.shiboken2.overrideAttrs (old: {
{ cmakeFlags = old.cmakeFlags ++ [
# Location of ROMs. # Fix build with cmake>=4
directory = ".local/share/shadPS4/games"; (lib.strings.cmakeFeature "CMAKE_POLICY_VERSION_MINIMUM" "3.5")
user = "talexander"; # "-DCMAKE_POLICY_VERSION_MINIMUM=3.5"
group = "talexander"; ];
mode = "0755"; });
} pyside2 = python-prev.pyside2.overrideAttrs (old: {
{ cmakeFlags = old.cmakeFlags ++ [
# Firmware. # Fix build with cmake>=4
directory = ".local/share/shadPS4/sys_modules"; (lib.strings.cmakeFeature "CMAKE_POLICY_VERSION_MINIMUM" "3.5")
user = "talexander"; # "-DCMAKE_POLICY_VERSION_MINIMUM=3.5"
group = "talexander"; ];
mode = "0755"; });
} pyside2-tools = python-prev.pyside2-tools.overrideAttrs (old: {
{ cmakeFlags = old.cmakeFlags ++ [
# Game saves. # Fix build with cmake>=4
directory = ".local/share/shadPS4/savedata"; (lib.strings.cmakeFeature "CMAKE_POLICY_VERSION_MINIMUM" "3.5")
user = "talexander"; # "-DCMAKE_POLICY_VERSION_MINIMUM=3.5"
group = "talexander"; ];
mode = "0755";
}
{
# DLC.
directory = ".local/share/shadPS4/addcont";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
files = [
{
# play times and recently played
file = ".local/share/shadPS4/play_time.txt";
parentDirectory = {
mode = "0755";
};
}
];
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
# Cache.
directory = ".local/share/shadPS4/data";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
nixpkgs.overlays = [
(final: prev: {
shadps4 = prev.shadps4.overrideAttrs (old: {
version = "0.9.0";
src = final.fetchFromGitHub {
owner = "AzaharPlus";
repo = "shadPS4Plus";
tag = "SHADPS4PLUS_0_9_0_A";
hash = "sha256-ZwP+bOE4roWt51Ii53blDZzdq/SxK4Q69I4rLCNARLA=";
fetchSubmodules = true;
};
}); });
}) })
]; ];
}) })
] ];
); };
} }

30
nix/configuration/roles/shikane/default.nix
View File

@ -25,23 +25,19 @@ in
}; };
}; };
config = lib.mkIf config.me.shikane.enable ( config = lib.mkIf (config.me.shikane.enable && config.me.graphical) {
lib.mkMerge [ environment.systemPackages = with pkgs; [
(lib.mkIf config.me.graphical { shikane
environment.systemPackages = with pkgs; [ ];
shikane
];
me.swayIncludes = [ me.swayIncludes = [
exec_shikane exec_shikane
]; ];
me.install.user.talexander.file = { me.install.user.talexander.file = {
".config/shikane/config.toml" = { ".config/shikane/config.toml" = {
source = ./files/config.toml; source = ./files/config.toml;
}; };
}; };
}) };
]
);
} }

49
nix/configuration/roles/shipwright/default.nix
View File

@ -17,32 +17,27 @@
}; };
}; };
config = lib.mkIf config.me.shipwright.enable ( config = lib.mkIf (config.me.shipwright.enable && config.me.graphical) {
lib.mkMerge [ allowedUnfree = [ "shipwright" ];
{
allowedUnfree = [ "shipwright" ]; environment.systemPackages = with pkgs; [
} shipwright
(lib.mkIf config.me.graphical { ];
environment.systemPackages = with pkgs; [
shipwright # TODO perhaps install ~/.local/share/soh/shipofharkinian.json
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".local/share/soh";
user = "talexander";
group = "talexander";
mode = "0755";
}
]; ];
};
# TODO perhaps install ~/.local/share/soh/shipofharkinian.json };
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".local/share/soh";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
})
]
);
} }

74
nix/configuration/roles/sm64ex/default.nix
View File

@ -17,47 +17,43 @@
}; };
}; };
config = lib.mkIf config.me.sm64ex.enable ( config = lib.mkIf (config.me.sm64ex.enable && config.me.graphical) {
lib.mkMerge [ allowedUnfree = [ "sm64ex" ];
(lib.mkIf config.me.graphical {
allowedUnfree = [ "sm64ex" ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
sm64ex sm64ex
]; ];
# nixpkgs.overlays = [ # nixpkgs.overlays = [
# (final: prev: { # (final: prev: {
# sm4ex = prev.sm64ex.override { # sm4ex = prev.sm64ex.override {
# baseRom.name = "SuperMario64.z64"; # baseRom.name = "SuperMario64.z64";
# }; # };
# }) # })
# ]; # ];
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: prev: { (final: prev: {
sm64ex = prev.sm64ex.overrideAttrs (old: { sm64ex = prev.sm64ex.overrideAttrs (old: {
buildInputs = old.buildInputs ++ [ final.libGL ]; buildInputs = old.buildInputs ++ [ final.libGL ];
}); });
})
];
# TODO perhaps install ~/.local/share/sm64ex/sm64config.txt
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".local/share/sm64ex";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
}) })
] ];
);
# TODO perhaps install ~/.local/share/sm64ex/sm64config.txt
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".local/share/sm64ex";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
};
} }

14
nix/configuration/roles/sops/default.nix
View File

@ -17,13 +17,9 @@
}; };
}; };
config = lib.mkIf config.me.sops.enable ( config = lib.mkIf config.me.sops.enable {
lib.mkMerge [ environment.systemPackages = with pkgs; [
{ sops # For encrypting kubernetes secrets.
environment.systemPackages = with pkgs; [ ];
sops # For encrypting kubernetes secrets. };
];
}
]
);
} }

2
nix/configuration/roles/sound/default.nix
View File

@ -72,7 +72,7 @@
]; ];
}; };
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
directories = [ directories = [

50
nix/configuration/roles/spaghettikart/default.nix
View File

@ -17,33 +17,27 @@
}; };
}; };
config = lib.mkIf config.me.spaghettikart.enable ( config = lib.mkIf (config.me.spaghettikart.enable && config.me.graphical) {
lib.mkMerge [ allowedUnfree = [ "spaghettikart" ];
{ environment.systemPackages = with pkgs; [
allowedUnfree = [ "spaghettikart" ]; spaghettikart
} ];
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [ me.install.user.talexander.file = {
spaghettikart ".local/share/spaghettikart/spaghettify.cfg.json" = {
source = ./files/spaghettify.cfg.json;
method = "overwrite";
};
};
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
files = [
".local/share/spaghettikart/default.sav"
".local/share/spaghettikart/mk64.o2r"
]; ];
};
me.install.user.talexander.file = { };
".local/share/spaghettikart/spaghettify.cfg.json" = { };
source = ./files/spaghettify.cfg.json;
method = "overwrite";
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
files = [
".local/share/spaghettikart/default.sav"
".local/share/spaghettikart/mk64.o2r"
];
};
};
})
]
);
} }

57
nix/configuration/roles/ssh/default.nix
View File

@ -8,33 +8,44 @@
{ {
imports = [ ]; imports = [ ];
environment.systemPackages = with pkgs; [ options.me = {
sshfs ssh.enable = lib.mkOption {
]; type = lib.types.bool;
default = false;
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { example = true;
hideMounts = true; description = "Whether we want to install ssh.";
users.talexander = {
files = [
".ssh/known_hosts"
];
};
users.root = {
home = "/root";
files = [
".ssh/known_hosts"
];
}; };
}; };
me.install.user.root.file = { config = lib.mkIf config.me.ssh.enable {
".ssh/config" = { environment.systemPackages = with pkgs; [
source = ./files/ssh_config_root; sshfs
];
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
files = [
".ssh/known_hosts"
];
};
users.root = {
home = "/root";
files = [
".ssh/known_hosts"
];
};
}; };
};
me.install.user.talexander.file = { me.install.user.root.file = {
".ssh/config" = { ".ssh/config" = {
source = ./files/ssh_config; source = ./files/ssh_config_root;
};
};
me.install.user.talexander.file = {
".ssh/config" = {
source = ./files/ssh_config;
};
}; };
}; };
} }

49
nix/configuration/roles/sshd/default.nix Normal file
View File

@ -0,0 +1,49 @@
{
config,
lib,
...
}:
{
imports = [ ];
options.me = {
sshd.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install sshd.";
};
};
config = lib.mkIf config.me.sshd.enable {
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
hostKeys = [
{
path = "/persist/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
{
path = "/persist/ssh/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}
];
};
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
files = [
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
];
};
};
}

Some files were not shown because too many files have changed in this diff Show More