talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Restructure flake.nix for a simpler config for building different images off the same NixOS config.

Browse Source
This commit is contained in:
Tom Alexander 2025-10-11 00:08:02 -04:00
parent 69b5cf9217
commit 7c82036bd7
Signed by: talexander
GPG Key ID: 36C99E8B3C39D85F
121 changed files with 2922 additions and 3074 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

142
nix/configuration/configuration.nix
View File

@ -1,7 +1,6 @@
{
config,
lib,
pkgs,
...
}:
@ -12,6 +11,7 @@
./roles/amd_s2idle
./roles/ansible
./roles/ares
./roles/base
./roles/bluetooth
./roles/boot
./roles/chromecast
@ -19,6 +19,7 @@
./roles/d2
./roles/direnv
./roles/distributed_build
./roles/doas
./roles/docker
./roles/ecc
./roles/emacs
@ -27,6 +28,7 @@
./roles/firewall
./roles/flux
./roles/fonts
./roles/image_based_appliance
./roles/gcloud
./roles/git
./roles/global_options
@ -66,12 +68,14 @@
./roles/sound
./roles/spaghettikart
./roles/ssh
./roles/sshd
./roles/steam
./roles/steam_run_free
./roles/sway
./roles/tekton
./roles/terraform
./roles/thunderbolt
./roles/user
./roles/uutils
./roles/vnc_client
./roles/vscode
@ -86,55 +90,26 @@
./util/unfree_polyfill
];
config = {
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings.trusted-users = [ "@wheel" ];
# boot.kernelPackages = pkgs.linuxPackages_6_11;
hardware.enableRedistributableFirmware = true;
# Use nixos-rebuild-ng
# system.rebuild.enableNg = true;
# Keep outputs so we can build offline.
# Disable substituters to avoid risk of cache poisoning.
nix.extraOptions = ''
keep-outputs = true
keep-derivations = true
substitute = false
'';
# Technically only needed when building the ISO because nix detects ZFS in the filesystem list normally. I basically always want this so I'm just setting it to always be on.
boot.supportedFilesystems.zfs = true;
# TODO: Is this different from boot.supportedFilesystems = [ "zfs" ]; ?
services.getty = {
autologinUser = "talexander"; # I use full disk encryption so the user password is irrelevant.
autologinOnce = true;
};
users.mutableUsers = false;
users.users.talexander = {
isNormalUser = true;
createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481
group = "talexander";
extraGroups = [ "wheel" ];
uid = 11235;
packages = with pkgs; [
tree
];
# Generate with `mkpasswd -m scrypt`
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
];
};
users.groups.talexander.gid = 11235;
nix.settings.substituters = lib.mkForce [ ];
# Automatic garbage collection
nix.gc = lib.mkIf (!config.me.buildingIso) {
nix.gc = lib.mkIf (!config.me.buildingPortable) {
# Runs nix-collect-garbage --delete-older-than 5d
automatic = true;
persistent = true;
@ -142,94 +117,18 @@
# randomizedDelaySec = "14m";
options = "--delete-older-than 30d";
};
nix.settings.auto-optimise-store = !config.me.buildingIso;
nix.settings.substituters = lib.mkForce [ ];
nix.settings.auto-optimise-store = !config.me.buildingPortable;
# Use doas instead of sudo
security.doas.enable = true;
security.doas.wheelNeedsPassword = false;
security.sudo.enable = false;
security.doas.extraRules = [
{
# Retain environment (for example NIX_PATH)
keepEnv = true;
persist = true; # Only ask for a password the first time.
}
];
environment.systemPackages = with pkgs; [
wget
mg
rsync
libinput
htop
tmux
file
usbutils # for lsusb
pciutils # for lspci
ripgrep
strace
# ltrace # Disabled because it uses more than 48GB of /tmp space during test phase.
trace-cmd # ftrace
tcpdump
git-crypt
gnumake
ncdu
nix-tree
libarchive # bsdtar
lsof
doas-sudo-shim # To support --sudo for remote builds
dmidecode # Read SMBIOS information.
ipcalc
gptfdisk # for cgdisk
nix-output-monitor # For better view into nixos-rebuild
nix-serve-ng # Serve nix store over http
];
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
hostKeys = [
{
path = "/persist/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
{
path = "/persist/ssh/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}
];
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
directories = [
"/var/lib/iwd" # Wifi settings
"/var/lib/nixos" # Contains user information (uids/gids)
"/var/lib/systemd" # Systemd state directory for random seed, persistent timers, core dumps, persist hardware state like backlight and rfkill
"/var/log/journal" # Logs, alternatively set `services.journald.storage = "volatile";` to write to /run/log/journal
];
files = [
"/etc/machine-id" # Systemd unique machine id "otherwise, the system journal may fail to list earlier boots, etc"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
];
users.talexander = {
directories = [
{
directory = "persist";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
# Write a list of the currently installed packages to /etc/current-system-packages
@ -241,29 +140,12 @@
in
formatted;
# environment.etc."system-packages-with-source".text = builtins.concatStringsSep "\n\n" (
# builtins.map (
# x: x.file + "\n" + builtins.concatStringsSep "\n" (builtins.map (s: " " + s) x.value)
# ) config.environment.systemPackages.definitionsWithLocations
# );
# nixpkgs.overlays = [
# (final: prev: {
# nix = pkgs-unstable.nix;
# })
# ];
# nixpkgs.overlays = [
# (final: prev: {
# foot = throw "foo";
# })
# ];
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
@ -282,5 +164,5 @@
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
};
}

17
nix/configuration/flake.lock generated
View File

@ -151,22 +151,6 @@
"type": "github"
}
},
"nixpkgs-dda3dcd3f": {
"locked": {
"lastModified": 1746663147,
"narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1730741070,
@ -232,7 +216,6 @@
"impermanence": "impermanence",
"lanzaboote": "lanzaboote",
"nixpkgs": "nixpkgs",
"nixpkgs-dda3dcd3f": "nixpkgs-dda3dcd3f",
"nixpkgs-unoptimized": "nixpkgs-unoptimized"
}
},

217
nix/configuration/flake.nix
View File

@ -1,29 +1,7 @@
# Build ISO image
# nix build --extra-experimental-features nix-command --extra-experimental-features flakes .#iso.odo
# output: result/iso/nixos.iso
# Run the ISO image
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \
# -accel kvm \
# -cpu host \
# -smp cores=8 \
# -m 32768 \
# -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" \
# -drive if=pflash,format=raw,file="/tmp/OVMF_VARS.fd" \
# -nic user,hostfwd=tcp::60022-:22 \
# -boot order=d \
# -cdrom "$(readlink -f ./result/iso/nixos*.iso)" \
# -display vnc=127.0.0.1:0
#
# doas cp "$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF_VARS.fd" /tmp/OVMF_VARS.fd
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" -accel kvm -cpu host -smp cores=8 -m 32768 -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" -drive if=pflash,format=raw,file="/tmp/OVMF_VARS.fd" -nic user,hostfwd=tcp::60022-:22 -boot order=d -cdrom /persist/machine_setup/nix/configuration/result/iso/nixos*.iso -display vnc=127.0.0.1:0
# Get a repl for this flake
# nix repl --expr "builtins.getFlake \"$PWD\""
# TODO maybe use `nix eval --raw .#iso.odo.outPath`
# iso.odo.isoName == "nixos.iso"
# full path = <outPath> / iso / <isoName>
# TODO maybe use `nix eval --raw .#odo.iso.outPath`
#
# Install on a new machine:
@ -41,12 +19,9 @@
inputs = {
impermanence.url = "github:nix-community/impermanence";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-dda3dcd3f.url = "github:NixOS/nixpkgs/dda3dcd3fe03e991015e9a74b22d35950f264a54";
nixpkgs-unoptimized.url = "github:NixOS/nixpkgs/nixos-unstable";
lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.2";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
@ -57,23 +32,30 @@
outputs =
{
self,
nixpkgs,
nixpkgs-unoptimized,
nixpkgs-dda3dcd3f,
disko,
impermanence,
lanzaboote,
...
}@inputs:
}:
let
base_x86_64_linux = rec {
forAllSystems = nixpkgs.lib.genAttrs nixpkgs.lib.systems.flakeExposed;
nodes = {
odo = {
system = "x86_64-linux";
specialArgs = {
pkgs-dda3dcd3f = import nixpkgs-dda3dcd3f {
inherit system;
};
quark = {
system = "x86_64-linux";
};
};
nixosConfigs = builtins.mapAttrs (
hostname: nodeConfig: format:
nixpkgs.lib.nixosSystem {
inherit (nodeConfig) system;
specialArgs = {
pkgs-unoptimized = import nixpkgs-unoptimized {
inherit system;
inherit (nodeConfig) system;
hostPlatform.gcc.arch = "default";
hostPlatform.gcc.tune = "default";
};
@ -81,162 +63,27 @@
modules = [
impermanence.nixosModules.impermanence
lanzaboote.nixosModules.lanzaboote
inputs.disko.nixosModules.disko
disko.nixosModules.disko
./configuration.nix
(./. + "/hosts/${hostname}")
(./. + "/formats/${format}.nix")
];
};
systems =
let
additional_iso_modules = [
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
# TODO: Figure out how to do image based appliances
# (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix")
{
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
me.buildingIso = true;
me.optimizations.enable = nixpkgs.lib.mkForce false;
}
{
# These are big space hogs. The chance that I need them on an ISO is slim.
me.steam.enable = nixpkgs.lib.mkForce false;
me.pcsx2.enable = nixpkgs.lib.mkForce false;
}
];
additional_vm_modules = [
(nixpkgs + "/nixos/modules/profiles/qemu-guest.nix")
{
networking.dhcpcd.enable = true;
networking.useDHCP = true;
me.optimizations.enable = nixpkgs.lib.mkForce false;
}
{
# I don't need games on a virtual machine.
me.steam.enable = nixpkgs.lib.mkForce false;
me.pcsx2.enable = nixpkgs.lib.mkForce false;
me.sm64ex.enable = nixpkgs.lib.mkForce false;
me.shipwright.enable = nixpkgs.lib.mkForce false;
me.ship2harkinian.enable = nixpkgs.lib.mkForce false;
}
];
) nodes;
in
{
odo = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/odo
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
quark = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/quark
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
neelix = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/neelix
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
hydra =
let
hydra_additional_iso_modules = additional_iso_modules ++ [
{
me.optimizations.enable = true;
nixosConfigurations = (builtins.mapAttrs (name: value: value "toplevel") nixosConfigs);
}
];
in
rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/hydra
];
};
iso = main // {
modules = main.modules ++ hydra_additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ hydra_additional_iso_modules;
};
};
ionlybootzfs = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/ionlybootzfs
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
};
in
{
nixosConfigurations.odo = nixpkgs.lib.nixosSystem systems.odo.main;
iso.odo = (nixpkgs.lib.nixosSystem systems.odo.iso).config.system.build.isoImage;
nixosConfigurations.vm_odo = nixpkgs.lib.nixosSystem systems.odo.vm;
vm_iso.odo = (nixpkgs.lib.nixosSystem systems.odo.vm_iso).config.system.build.isoImage;
nixosConfigurations.quark = nixpkgs.lib.nixosSystem systems.quark.main;
iso.quark = (nixpkgs.lib.nixosSystem systems.quark.iso).config.system.build.isoImage;
nixosConfigurations.vm_quark = nixpkgs.lib.nixosSystem systems.quark.vm;
vm_iso.quark = (nixpkgs.lib.nixosSystem systems.quark.vm_iso).config.system.build.isoImage;
nixosConfigurations.neelix = nixpkgs.lib.nixosSystem systems.neelix.main;
iso.neelix = (nixpkgs.lib.nixosSystem systems.neelix.iso).config.system.build.isoImage;
nixosConfigurations.vm_neelix = nixpkgs.lib.nixosSystem systems.neelix.vm;
vm_iso.neelix = (nixpkgs.lib.nixosSystem systems.neelix.vm_iso).config.system.build.isoImage;
nixosConfigurations.hydra = nixpkgs.lib.nixosSystem systems.hydra.main;
iso.hydra = (nixpkgs.lib.nixosSystem systems.hydra.iso).config.system.build.isoImage;
nixosConfigurations.vm_hydra = nixpkgs.lib.nixosSystem systems.hydra.vm;
vm_iso.hydra = (nixpkgs.lib.nixosSystem systems.hydra.vm_iso).config.system.build.isoImage;
nixosConfigurations.ionlybootzfs = nixpkgs.lib.nixosSystem systems.ionlybootzfs.main;
iso.ionlybootzfs = (nixpkgs.lib.nixosSystem systems.ionlybootzfs.iso).config.system.build.isoImage;
nixosConfigurations.vm_ionlybootzfs = nixpkgs.lib.nixosSystem systems.ionlybootzfs.vm;
vm_iso.ionlybootzfs =
(nixpkgs.lib.nixosSystem systems.ionlybootzfs.vm_iso).config.system.build.isoImage;
// {
packages = (
forAllSystems (
system:
(builtins.mapAttrs (hostname: nodeConfig: {
iso = (nixosConfigs."${hostname}" "iso").config.system.build.isoImage;
vm_iso = (nixosConfigs."${hostname}" "vm_iso").config.system.build.isoImage;
sd = (nixosConfigs."${hostname}" "sd").config.system.build.sdImage;
}) (nixpkgs.lib.attrsets.filterAttrs (hostname: nodeConfig: nodeConfig.system == system) nodes))
)
);
};
}

23
nix/configuration/formats/iso.nix Normal file
View File

@ -0,0 +1,23 @@
{
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/cd-dvd/iso-image.nix")
];
config = {
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
me.buildingPortable = true;
me.mountPersistence = lib.mkForce false;
me.optimizations.enable = lib.mkForce false;
me.image_based_appliance.enable = true;
# TODO: image based appliance?
};
}

17
nix/configuration/formats/sd.nix Normal file
View File

@ -0,0 +1,17 @@
{
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/sd-card/sd-image.nix")
];
config = {
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
# TODO: image based appliance?
};
}

1
nix/configuration/formats/toplevel.nix Normal file
View File

@ -0,0 +1 @@
{ }

21
nix/configuration/formats/vm_iso.nix Normal file
View File

@ -0,0 +1,21 @@
{
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/cd-dvd/iso-image.nix")
(modulesPath + "/profiles/qemu-guest.nix") # VirtIO kernel modules
];
config = {
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
networking.dhcpcd.enable = true;
networking.useDHCP = true;
# TODO: image based appliance?
};
}

24
nix/configuration/hosts/hydra/default.nix
View File

@ -14,12 +14,6 @@
# -display vnc=127.0.0.1:0
#
{
config,
lib,
pkgs,
...
}:
{
imports = [
./disk-config.nix
@ -27,6 +21,7 @@
./vm_disk.nix
];
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "fbd233d8";
@ -35,7 +30,8 @@
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = false;
me.boot.secure = false;
me.mountPersistence = true;
me.optimizations = {
enable = true;
@ -56,12 +52,26 @@
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
me.base.enable = true;
me.boot.enable = true;
me.doas.enable = true;
me.emacs_flavor = "plainmacs";
me.firewall.enable = true;
me.font.enable = true;
me.git.enable = true;
me.graphical = false;
me.hydra.enable = false;
me.memtest.enable = true;
me.network.enable = true;
me.nix_worker.enable = true;
me.nvme.enable = true;
me.ssh.enable = true;
me.sshd.enable = true;
me.user.enable = true;
me.vm_disk.enable = true;
me.wireguard.activated = [ ];
me.wireguard.deactivated = [ ];
me.zfs.enable = true;
me.zsh.enable = true;
};
}

1
nix/configuration/hosts/hydra/disk-config.nix
View File

@ -4,7 +4,6 @@
{
config,
lib,
pkgs,
...
}:

7
nix/configuration/hosts/hydra/hardware-configuration.nix
View File

@ -1,10 +1,5 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
@ -14,6 +9,7 @@
(modulesPath + "/installer/scan/not-detected.nix")
];
config = {
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
@ -36,4 +32,5 @@
# systemd.network.enable = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
};
}

9
nix/configuration/hosts/hydra/vm_disk.nix
View File

@ -1,7 +1,6 @@
{
config,
lib,
pkgs,
...
}:
@ -17,9 +16,7 @@
};
};
config = lib.mkIf config.me.vm_disk.enable (
lib.mkMerge [
{
config = lib.mkIf config.me.vm_disk.enable {
# Mount the local disk
fileSystems = {
"/.disk" = lib.mkForce {
@ -71,7 +68,5 @@
];
};
};
}
]
);
};
}

24
nix/configuration/hosts/ionlybootzfs/default.nix
View File

@ -14,18 +14,13 @@
# -display vnc=127.0.0.1:0
#
{
config,
lib,
pkgs,
...
}:
{
imports = [
./wrapped-disk-config.nix
./hardware-configuration.nix
];
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "fbd233d8";
@ -34,7 +29,8 @@
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = true;
me.boot.secure = true;
me.mountPersistence = true;
me.optimizations = {
enable = false;
@ -55,9 +51,23 @@
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
me.base.enable = true;
me.boot.enable = true;
me.doas.enable = true;
me.emacs_flavor = "plainmacs";
me.firewall.enable = true;
me.font.enable = true;
me.git.enable = true;
me.graphical = false;
me.memtest.enable = true;
me.network.enable = true;
me.nvme.enable = true;
me.ssh.enable = true;
me.sshd.enable = true;
me.user.enable = true;
me.wireguard.activated = [ ];
me.wireguard.deactivated = [ ];
me.zfs.enable = true;
me.zsh.enable = true;
};
}

7
nix/configuration/hosts/ionlybootzfs/hardware-configuration.nix
View File

@ -1,10 +1,5 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
@ -14,6 +9,7 @@
(modulesPath + "/installer/scan/not-detected.nix")
];
config = {
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
@ -35,4 +31,5 @@
# systemd.network.enable = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
};
}

1
nix/configuration/hosts/ionlybootzfs/wrapped-disk-config.nix
View File

@ -1,7 +1,6 @@
{
config,
lib,
pkgs,
...
}:

19
nix/configuration/hosts/neelix/default.nix
View File

@ -6,6 +6,7 @@
./power_management.nix
];
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "bca9d0a5";
@ -14,7 +15,8 @@
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = false;
me.boot.secure = false;
me.mountPersistence = true;
me.optimizations = {
enable = false;
@ -36,16 +38,29 @@
# Mount tmpfs at /tmp
# boot.tmp.useTmpfs = true;
me.base.enable = true;
me.bluetooth.enable = true;
me.boot.enable = true;
me.doas.enable = true;
me.emacs_flavor = "plainmacs";
me.firewall.enable = true;
me.font.enable = true;
me.git.enable = true;
me.graphical = true;
me.graphics_card_type = "intel";
me.kodi.enable = true;
me.lvfs.enable = true;
me.memtest.enable = true;
me.network.enable = true;
me.nvme.enable = true;
me.sound.enable = true;
me.ssh.enable = true;
me.sshd.enable = true;
me.user.enable = true;
me.wireguard.activated = [ "wgh" ];
me.wireguard.deactivated = [ "wgf" ];
me.zfs.enable = true;
me.zrepl.enable = true;
me.zsh.enable = true;
};
}

6
nix/configuration/hosts/neelix/hardware-configuration.nix
View File

@ -1,10 +1,6 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
@ -14,6 +10,7 @@
(modulesPath + "/installer/scan/not-detected.nix")
];
config = {
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
@ -36,4 +33,5 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
}

4
nix/configuration/hosts/neelix/power_management.nix
View File

@ -1,6 +1,4 @@
{
config,
lib,
pkgs,
...
}:
@ -8,6 +6,7 @@
{
imports = [ ];
config = {
environment.systemPackages = with pkgs; [
powertop
];
@ -32,4 +31,5 @@
boot.extraModprobeConfig = ''
options snd_hda_intel power_save=1
'';
};
}

4
nix/configuration/hosts/odo/DEPLOY_BOOT
View File

@ -6,12 +6,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
# TARGET=10.216.1.15
# TARGET=192.168.211.250
TARGET=odo
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#odo'

4
nix/configuration/hosts/odo/DEPLOY_SWITCH
View File

@ -6,12 +6,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=odo
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#odo'

2
nix/configuration/hosts/odo/ISO
View File

@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.odo" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#odo.iso" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

16
nix/configuration/hosts/odo/default.nix
View File

@ -24,7 +24,8 @@
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = true;
me.boot.secure = true;
me.mountPersistence = true;
me.optimizations = {
enable = true;
@ -63,19 +64,25 @@
me.amd_s2idle.enable = true;
me.ansible.enable = true;
me.ares.enable = true;
me.base.enable = true;
me.bluetooth.enable = true;
me.boot.enable = true;
me.chromecast.enable = true;
me.chromium.enable = true;
me.d2.enable = true;
me.direnv.enable = true;
me.doas.enable = true;
me.docker.enable = false;
me.ecc.enable = false;
me.emacs_flavor = "full";
me.emulate_isa.enable = true;
me.firefox.enable = true;
me.firewall.enable = true;
me.flux.enable = true;
me.font.enable = true;
me.gcloud.enable = true;
me.git.config = ../../roles/git/files/gitconfig_home;
me.git.enable = true;
me.gnuplot.enable = true;
me.gpg.enable = true;
me.graphical = true;
@ -87,7 +94,10 @@
me.launch_keyboard.enable = true;
me.lvfs.enable = true;
me.media.enable = true;
me.memtest.enable = true;
me.network.enable = true;
me.nix_index.enable = true;
me.nvme.enable = true;
me.openpgp_card_tools.enable = true;
me.pcsx2.enable = true;
me.podman.enable = true;
@ -101,12 +111,15 @@
me.sops.enable = true;
me.sound.enable = true;
me.spaghettikart.enable = true;
me.ssh.enable = true;
me.sshd.enable = true;
me.steam.enable = true;
me.steam_run_free.enable = true;
me.sway.enable = true;
me.tekton.enable = true;
me.terraform.enable = true;
me.thunderbolt.enable = true;
me.user.enable = true;
me.uutils.enable = false;
me.vnc_client.enable = true;
me.vscode.enable = true;
@ -119,6 +132,7 @@
];
me.wireguard.deactivated = [ "wgf" ];
me.yubikey.enable = true;
me.zfs.enable = true;
me.zrepl.enable = true;
me.zsh.enable = true;

12
nix/configuration/hosts/odo/distributed_build.nix
View File

@ -1,14 +1,7 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{
config = {
me.distributed_build.enable = true;
me.distributed_build.machines.hydra = {
enable = true;
@ -22,6 +15,5 @@
speedFactor = 2;
};
};
}
];
};
}

8
nix/configuration/hosts/odo/framework_module.nix
View File

@ -1,15 +1,12 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{
config = {
boot.extraModulePackages = with config.boot.kernelPackages; [
framework-laptop-kmod
];
@ -18,6 +15,5 @@
"cros_ec"
"cros_ec_lpcs"
];
}
];
};
}

6
nix/configuration/hosts/odo/hardware-configuration.nix
View File

@ -1,10 +1,6 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
@ -14,6 +10,7 @@
(modulesPath + "/installer/scan/not-detected.nix")
];
config = {
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
@ -33,4 +30,5 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
}

4
nix/configuration/hosts/odo/power_management.nix
View File

@ -1,6 +1,4 @@
{
config,
lib,
pkgs,
...
}:
@ -8,6 +6,7 @@
{
imports = [ ];
config = {
environment.systemPackages = with pkgs; [
powertop
];
@ -72,4 +71,5 @@
# Sound power-saving was causing chat notifications to be inaudible.
# options snd_hda_intel power_save=1
'';
};
}

11
nix/configuration/hosts/odo/screen_brightness.nix
View File

@ -1,14 +1,9 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = {
systemd.tmpfiles.rules = [
"w- /sys/class/backlight/amdgpu_bl1/brightness - - - - 21845"
"w- /sys/class/backlight/amdgpu_bl1/brightness - - - - 32767"
];
};
}

12
nix/configuration/hosts/odo/wifi.nix
View File

@ -1,19 +1,7 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = {
# Doesn't seem necessary starting with 6.13
# environment.loginShellInit = lib.mkIf (!config.me.buildingIso) ''
# doas iw dev wlan0 set power_save off
# '';
# Enable debug logging for ath12k wifi card.
boot.kernelParams = [
"ath12k.debug_mask=0xffffffff"

3
nix/configuration/hosts/odo/wrapped-disk-config.nix
View File

@ -1,8 +1,7 @@
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) (import ./disk-config.nix)
lib.mkIf (!config.me.buildingPortable) (import ./disk-config.nix)

4
nix/configuration/hosts/quark/DEPLOY_BOOT
View File

@ -6,12 +6,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.15
# TARGET=192.168.211.250
TARGET=quark
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#quark'

4
nix/configuration/hosts/quark/DEPLOY_SWITCH
View File

@ -6,12 +6,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=quark
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#quark'

2
nix/configuration/hosts/quark/ISO
View File

@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.quark" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#quark.iso" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

18
nix/configuration/hosts/quark/default.nix
View File

@ -6,7 +6,7 @@
}:
{
imports = [
./disk-config.nix
./wrapped-disk-config.nix
./distributed_build.nix
./hardware-configuration.nix
./power_management.nix
@ -21,7 +21,8 @@
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = true;
me.boot.secure = true;
me.mountPersistence = true;
me.optimizations = {
enable = true;
@ -56,19 +57,25 @@
me.amd_s2idle.enable = true;
me.ansible.enable = true;
me.ares.enable = true;
me.base.enable = true;
me.bluetooth.enable = true;
me.boot.enable = true;
me.chromecast.enable = true;
me.chromium.enable = true;
me.d2.enable = true;
me.direnv.enable = true;
me.doas.enable = true;
me.docker.enable = false;
me.ecc.enable = true;
me.emacs_flavor = "full";
me.emulate_isa.enable = true;
me.firefox.enable = true;
me.firewall.enable = true;
me.flux.enable = true;
me.font.enable = true;
me.gcloud.enable = true;
me.git.config = ../../roles/git/files/gitconfig_home;
me.git.enable = true;
me.gnuplot.enable = true;
me.gpg.enable = true;
me.graphical = true;
@ -80,8 +87,11 @@
me.launch_keyboard.enable = true;
me.lvfs.enable = true;
me.media.enable = true;
me.memtest.enable = true;
me.network.enable = true;
me.nix_index.enable = true;
me.nix_worker.enable = true;
me.nvme.enable = true;
me.openpgp_card_tools.enable = true;
me.pcsx2.enable = true;
me.podman.enable = true;
@ -95,12 +105,15 @@
me.sops.enable = true;
me.sound.enable = true;
me.spaghettikart.enable = true;
me.ssh.enable = true;
me.sshd.enable = true;
me.steam.enable = true;
me.steam_run_free.enable = true;
me.sway.enable = true;
me.tekton.enable = true;
me.terraform.enable = true;
me.thunderbolt.enable = true;
me.user.enable = true;
me.uutils.enable = false;
me.vnc_client.enable = true;
me.vscode.enable = true;
@ -113,6 +126,7 @@
];
me.wireguard.deactivated = [ "wgf" ];
me.yubikey.enable = true;
me.zfs.enable = true;
me.zrepl.enable = true;
me.zsh.enable = true;

7
nix/configuration/hosts/quark/disk-config.nix
View File

@ -2,13 +2,6 @@
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) {
disko.devices = {
disk = {
main = {

12
nix/configuration/hosts/quark/distributed_build.nix
View File

@ -1,14 +1,7 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{
config = {
me.distributed_build.enable = true;
me.distributed_build.machines.hydra = {
enable = true;
@ -16,6 +9,5 @@
speedFactor = 2;
};
};
}
];
};
}

6
nix/configuration/hosts/quark/hardware-configuration.nix
View File

@ -1,10 +1,6 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
@ -14,6 +10,7 @@
(modulesPath + "/installer/scan/not-detected.nix")
];
config = {
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
@ -32,4 +29,5 @@
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
}

2
nix/configuration/hosts/quark/power_management.nix
View File

@ -8,6 +8,7 @@
{
imports = [ ];
config = {
environment.systemPackages = with pkgs; [
powertop
];
@ -45,4 +46,5 @@
# destination = "/etc/udev/rules.d/30-amdgpu-low-power.rules";
# })
# ];
};
}

7
nix/configuration/hosts/quark/wrapped-disk-config.nix Normal file
View File

@ -0,0 +1,7 @@
{
config,
lib,
...
}:
lib.mkIf (!config.me.buildingPortable) (import ./disk-config.nix)

13
nix/configuration/roles/2ship2harkinian/default.nix
View File

@ -17,19 +17,16 @@
};
};
config = lib.mkIf config.me.ship2harkinian.enable (
lib.mkMerge [
{
config = lib.mkIf (config.me.ship2harkinian.enable && config.me.graphical) {
allowedUnfree = [ "2ship2harkinian" ];
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
_2ship2harkinian
];
# TODO perhaps install ~/.local/share/2ship/2ship2harkinian.json
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
@ -42,7 +39,5 @@
];
};
};
})
]
);
};
}

9
nix/configuration/roles/alacritty/default.nix
View File

@ -7,6 +7,7 @@
{
imports = [ ];
options.me = {
alacritty.enable = lib.mkOption {
type = lib.types.bool;
@ -16,9 +17,7 @@
};
};
config = lib.mkIf config.me.alacritty.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
config = lib.mkIf (config.me.alacritty.enable && config.me.graphical) {
environment.systemPackages = with pkgs; [
alacritty
xdg-utils # for xdg-open
@ -29,8 +28,6 @@
source = ./files/alacritty.toml;
};
};
})
]
);
};
}

8
nix/configuration/roles/amd_s2idle/default.nix
View File

@ -17,9 +17,7 @@
};
};
config = lib.mkIf config.me.amd_s2idle.enable (
lib.mkMerge [
{
config = lib.mkIf config.me.amd_s2idle.enable {
environment.systemPackages = with pkgs; [
amd-debug-tools
];
@ -41,7 +39,5 @@
];
})
];
}
]
);
};
}

8
nix/configuration/roles/ansible/default.nix
View File

@ -17,9 +17,7 @@
};
};
config = lib.mkIf config.me.ansible.enable (
lib.mkMerge [
{
config = lib.mkIf config.me.ansible.enable {
environment.systemPackages = with pkgs; [
ansible
];
@ -83,7 +81,5 @@
};
})
];
}
]
);
};
}

11
nix/configuration/roles/ares/default.nix
View File

@ -17,15 +17,12 @@
};
};
config = lib.mkIf config.me.ares.enable (
lib.mkMerge [
{ }
(lib.mkIf config.me.graphical {
config = lib.mkIf (config.me.ares.enable && config.me.graphical) {
environment.systemPackages = with pkgs; [
ares
];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
@ -38,7 +35,5 @@
];
};
};
})
]
);
};
}

50
nix/configuration/roles/base/default.nix Normal file
View File

@ -0,0 +1,50 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
base.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install base.";
};
};
config = lib.mkIf config.me.base.enable {
environment.systemPackages = with pkgs; [
wget
mg
rsync
libinput
htop
tmux
file
usbutils # for lsusb
pciutils # for lspci
ripgrep
strace
# ltrace # Disabled because it uses more than 48GB of /tmp space during test phase.
trace-cmd # ftrace
tcpdump
git-crypt
gnumake
ncdu
nix-tree
libarchive # bsdtar
lsof
doas-sudo-shim # To support --sudo for remote builds
dmidecode # Read SMBIOS information.
ipcalc
gptfdisk # for cgdisk
nix-output-monitor # For better view into nixos-rebuild
nix-serve-ng # Serve nix store over http
];
};
}

14
nix/configuration/roles/bluetooth/default.nix
View File

@ -1,7 +1,6 @@
{
config,
lib,
pkgs,
...
}:
@ -17,12 +16,7 @@
};
};
config = lib.mkIf config.me.bluetooth.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
];
config = lib.mkIf config.me.bluetooth.enable {
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
@ -34,13 +28,11 @@
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
directories = [
"/var/lib/bluetooth" # Bluetooth pairing information.
];
};
}
]
);
};
}

30
nix/configuration/roles/boot/default.nix
View File

@ -9,19 +9,24 @@
{
imports = [ ];
options = {
me.secureBoot = {
enable = lib.mkOption {
default = false;
options.me = {
boot.enable = lib.mkOption {
type = lib.types.bool;
description = ''
Enable to use secure boot.
'';
default = false;
example = true;
description = "Whether we want to install boot.";
};
boot.secure = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Enable to use secure boot.";
};
};
config = lib.mkMerge [
config = lib.mkIf config.me.boot.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
tpm2-tools # For tpm2_eventlog to check for OptionRoms
@ -30,7 +35,7 @@
sbctl # For debugging and troubleshooting Secure Boot.
];
}
(lib.mkIf (!config.me.buildingIso) {
(lib.mkIf (!config.me.buildingPortable) {
boot.loader.grub.enable = false;
# Use the systemd-boot EFI boot loader.
@ -75,14 +80,14 @@
# options root=PARTUUID=17e325bf-a378-4d1d-be6a-f6df5476f0fa
# '';
# };
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
directories = [
"/var/lib/sbctl" # Secure Boot Keys
];
};
})
(lib.mkIf (config.me.secureBoot.enable) {
(lib.mkIf (config.me.boot.secure) {
environment.systemPackages = with pkgs; [
sbctl
];
@ -92,7 +97,8 @@
pkiBundle = "/var/lib/sbctl";
};
})
];
]
);
}
# efibootmgr -c -d /dev/sda -p 1 -L NixOS-boot -l '\EFI\NixOS-boot\grubx64.efi'

10
nix/configuration/roles/chromecast/default.nix
View File

@ -17,15 +17,9 @@
};
};
config = lib.mkIf config.me.chromecast.enable (
lib.mkMerge [
{
config = lib.mkIf config.me.chromecast.enable {
environment.systemPackages = with pkgs; [
catt
];
}
(lib.mkIf config.me.graphical {
})
]
);
};
}

13
nix/configuration/roles/chromium/default.nix
View File

@ -17,10 +17,7 @@
};
};
config = lib.mkIf config.me.chromium.enable (
lib.mkMerge [
{ }
(lib.mkIf config.me.graphical {
config = lib.mkIf (config.me.chromium.enable && config.me.graphical) {
environment.systemPackages = with pkgs; [
chromium
];
@ -30,7 +27,7 @@
"widevine-cdm"
];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
@ -43,7 +40,7 @@
];
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
@ -69,7 +66,5 @@
};
})
];
})
]
);
};
}

8
nix/configuration/roles/d2/default.nix
View File

@ -17,13 +17,9 @@
};
};
config = lib.mkIf config.me.d2.enable (
lib.mkMerge [
{
config = lib.mkIf config.me.d2.enable {
environment.systemPackages = with pkgs; [
d2
];
}
]
);
};
}

10
nix/configuration/roles/direnv/default.nix
View File

@ -25,9 +25,7 @@ in
};
};
config = lib.mkIf config.me.direnv.enable (
lib.mkMerge [
{
config = lib.mkIf config.me.direnv.enable {
environment.systemPackages = with pkgs; [
direnv
nix-direnv
@ -35,7 +33,7 @@ in
me.zsh.includes = [ direnv_zsh_hook ];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
@ -49,7 +47,5 @@ in
];
};
};
}
]
);
};
}

1
nix/configuration/roles/distributed_build/default.nix
View File

@ -1,7 +1,6 @@
{
config,
lib,
pkgs,
...
}:

32
nix/configuration/roles/doas/default.nix Normal file
View File

@ -0,0 +1,32 @@
{
config,
lib,
...
}:
{
imports = [ ];
options.me = {
doas.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install doas.";
};
};
config = lib.mkIf config.me.doas.enable {
# Use doas instead of sudo
security.doas.enable = true;
security.doas.wheelNeedsPassword = false;
security.sudo.enable = false;
security.doas.extraRules = [
{
# Retain environment (for example NIX_PATH)
keepEnv = true;
persist = true; # Only ask for a password the first time.
}
];
};
}

13
nix/configuration/roles/docker/default.nix
View File

@ -17,17 +17,14 @@
};
};
config = lib.mkIf config.me.docker.enable (
lib.mkMerge [
{
config = lib.mkIf config.me.docker.enable {
assertions = [
{
assertion = !config.me.podman.enable;
message = "docker conflicts with podman";
}
];
}
{
virtualisation.docker.enable = true;
# Use docker activation
virtualisation.docker.enableOnBoot = false;
@ -42,7 +39,7 @@
docker-buildx
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
directories = [
{
@ -92,7 +89,5 @@
# Needed for non-rootless docker
users.users.talexander.extraGroups = [ "docker" ];
}
]
);
};
}

9
nix/configuration/roles/ecc/default.nix
View File

@ -2,7 +2,6 @@
{
config,
lib,
pkgs,
...
}:
@ -18,11 +17,7 @@
};
};
config = lib.mkIf config.me.ecc.enable (
lib.mkMerge [
{
config = lib.mkIf config.me.ecc.enable {
hardware.rasdaemon.enable = true;
}
]
);
};
}

2
nix/configuration/roles/emacs/default.nix
View File

@ -68,7 +68,7 @@ in
(e_shorthand my_emacs)
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [

2
nix/configuration/roles/emacs/files/emacs/elisp/base.el
View File

@ -110,8 +110,6 @@
project-mode-line t
)
;; (setq-default fringes-outside-margins t)
;; Typed text replaces selection
(delete-selection-mode)

2
nix/configuration/roles/emacs/files/emacs/elisp/util-tree-sitter.el
View File

@ -1,3 +1,5 @@
;; (add-to-list 'major-mode-remap-alist '(c-mode . c-ts-mode))
(use-package treesit
:pin manual
:ensure nil

10
nix/configuration/roles/emulate_isa/default.nix
View File

@ -1,7 +1,6 @@
{
config,
lib,
pkgs,
...
}:
@ -17,17 +16,12 @@
};
};
config = lib.mkIf config.me.emulate_isa.enable (
lib.mkMerge [
{
config = lib.mkIf config.me.emulate_isa.enable {
boot.binfmt.emulatedSystems = [
"aarch64-linux" # Raspberry Pi gen 3
"riscv64-linux"
# TODO: Should "x86_64-linux" be in this list or should this list be dependent on the host CPU?
"armv6l-linux" # Raspberry Pi gen 1
];
}
]
);
};
}
# NOTE: build nixosConfigurations.<name>.config.system.build.sdImage

12
nix/configuration/roles/firefox/default.nix
View File

@ -17,9 +17,7 @@
};
};
config = lib.mkIf config.me.firefox.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
config = lib.mkIf (config.me.firefox.enable && config.me.graphical) {
programs.firefox = {
enable = true;
package = (pkgs.wrapFirefox (pkgs.firefox-unwrapped.override { pipewireSupport = true; }) { });
@ -107,7 +105,7 @@
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
@ -120,7 +118,7 @@
];
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
@ -133,7 +131,5 @@
];
};
};
})
]
);
};
}

12
nix/configuration/roles/firewall/default.nix
View File

@ -1,13 +1,22 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
firewall.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install firewall.";
};
};
config = lib.mkIf config.me.firewall.enable {
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [
22 # ssh
@ -17,4 +26,5 @@
];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
};
}

8
nix/configuration/roles/flux/default.nix
View File

@ -17,13 +17,9 @@
};
};
config = lib.mkIf config.me.flux.enable (
lib.mkMerge [
{
config = lib.mkIf config.me.flux.enable {
environment.systemPackages = with pkgs; [
fluxcd
];
}
]
);
};
}

11
nix/configuration/roles/fonts/default.nix
View File

@ -8,7 +8,16 @@
{
imports = [ ];
config = lib.mkIf config.me.graphical {
options.me = {
font.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install font.";
};
};
config = lib.mkIf (config.me.font.enable && config.me.graphical) {
fonts = {
enableDefaultPackages = false;
packages = with pkgs; [

10
nix/configuration/roles/gcloud/default.nix
View File

@ -17,14 +17,12 @@
};
};
config = lib.mkIf config.me.gcloud.enable (
lib.mkMerge [
{
config = lib.mkIf config.me.gcloud.enable {
environment.systemPackages = with pkgs; [
(google-cloud-sdk.withExtraComponents [ google-cloud-sdk.components.gke-gcloud-auth-plugin ])
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
@ -37,7 +35,5 @@
];
};
};
}
]
);
};
}

13
nix/configuration/roles/git/default.nix
View File

@ -21,6 +21,13 @@ in
imports = [ ];
options.me = {
git.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install git.";
};
git.config = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
@ -29,7 +36,8 @@ in
};
};
config = lib.mkMerge [
config = lib.mkIf config.me.git.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
my_git
@ -75,5 +83,6 @@ in
})
];
})
];
]
);
}

8
nix/configuration/roles/gnuplot/default.nix
View File

@ -17,13 +17,9 @@
};
};
config = lib.mkIf config.me.gnuplot.enable (
lib.mkMerge [
{
config = lib.mkIf config.me.gnuplot.enable {
environment.systemPackages = with pkgs; [
gnuplot
];
}
]
);
};
}

12
nix/configuration/roles/gpg/default.nix
View File

@ -25,9 +25,7 @@ in
};
};
config = lib.mkIf config.me.gpg.enable (
lib.mkMerge [
{
config = lib.mkIf config.me.gpg.enable {
# Fetch public keys:
# gpg --locate-external-keys tom@fizz.buzz
@ -63,7 +61,7 @@ in
# Disabled because it breaks signing git commits because gpg wants to copy pubring.kbx. Unfortunately, this makes the install of scdaemon.conf do nothing since this mount of the full .gnupg directory goes over it.
#
# environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
# environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
# hideMounts = true;
# users.talexander = {
# files = [
@ -103,7 +101,7 @@ in
# };
# };
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
@ -127,7 +125,5 @@ in
];
programs.gnupg.agent.enableExtraSocket = true;
}
]
);
};
}

9
nix/configuration/roles/hydra/default.nix
View File

@ -1,7 +1,6 @@
{
config,
lib,
pkgs,
...
}:
@ -17,9 +16,7 @@
};
};
config = lib.mkIf config.me.hydra.enable (
lib.mkMerge [
{
config = lib.mkIf config.me.hydra.enable {
services.hydra = {
enable = true;
hydraURL = "http://localhost:3000"; # Externally visible URL
@ -43,7 +40,5 @@
# maxJobs = 8;
# }
# ];
}
]
);
};
}

29
nix/configuration/roles/image_based_appliance/default.nix Normal file
View File

@ -0,0 +1,29 @@
{
config,
lib,
...
}:
{
imports = [ ];
options.me = {
image_based_appliance.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install image_based_appliance.";
};
};
config = lib.mkIf config.me.image_based_appliance.enable (
lib.mkMerge [
{
# Do not install nix. A full new image must be built to update
# the machine.
nix.enable = false;
system.switch.enable = false;
}
]
);
}

12
nix/configuration/roles/iso/default.nix
View File

@ -1,18 +1,22 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me.buildingIso = lib.mkOption {
options.me.buildingPortable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we are building an ISO image.";
description = "Whether we are building a portable image (iso/sd). This would disable CPU-specific optimizations and persistent file mounts.";
};
options.me.mountPersistence = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we should mount persistent directories.";
};
}

8
nix/configuration/roles/iso_mount/default.nix
View File

@ -32,14 +32,10 @@ in
};
};
config = lib.mkIf config.me.iso_mount.enable (
lib.mkMerge [
{
config = lib.mkIf config.me.iso_mount.enable {
environment.systemPackages = [
iso_mount
iso_unmount
];
}
]
);
};
}

12
nix/configuration/roles/kanshi/default.nix
View File

@ -26,13 +26,7 @@ in
};
};
config = lib.mkIf config.me.kanshi.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
];
}
(lib.mkIf config.me.graphical {
config = lib.mkIf (config.me.kanshi.enable && config.me.graphical) {
environment.systemPackages = with pkgs; [
kanshi
];
@ -46,7 +40,5 @@ in
source = ./files/config_kanshi;
};
};
})
]
);
};
}

14
nix/configuration/roles/kodi/default.nix
View File

@ -17,13 +17,7 @@
};
};
config = lib.mkIf config.me.kodi.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
];
}
(lib.mkIf config.me.graphical {
config = lib.mkIf (config.me.kodi.enable && config.me.graphical) {
services.cage.user = "kodi";
services.cage.program = "${pkgs.kodi-wayland}/bin/kodi-standalone";
services.cage.enable = true;
@ -58,7 +52,7 @@
};
users.groups.kodi.gid = 12000;
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.kodi = {
directories = [
@ -85,7 +79,5 @@
# TODO: Maybe .kodi/userdata/sources.xml
# TODO: ./userdata/guisettings.xml:303: <setting id="filecache.memorysize">128</setting>
})
]
);
};
}

10
nix/configuration/roles/kubernetes/default.nix
View File

@ -56,9 +56,7 @@ in
};
};
config = lib.mkIf config.me.kubernetes.enable (
lib.mkMerge [
{
config = lib.mkIf config.me.kubernetes.enable {
environment.systemPackages = with pkgs; [
kubectl
kubeswitch
@ -74,7 +72,7 @@ in
ingress2gateway # Convert ingress yaml to gateway yaml
];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
@ -87,7 +85,5 @@ in
];
};
};
}
]
);
};
}

12
nix/configuration/roles/latex/default.nix
View File

@ -17,14 +17,11 @@
};
};
config = lib.mkIf config.me.latex.enable (
lib.mkMerge [
{
config = lib.mkIf config.me.latex.enable {
environment.systemPackages = with pkgs; [
tex
];
}
{
nixpkgs.overlays = [
(final: prev: {
tex = (
@ -51,8 +48,5 @@
);
})
];
}
]
);
};
}

8
nix/configuration/roles/launch_keyboard/default.nix
View File

@ -17,9 +17,7 @@
};
};
config = lib.mkIf config.me.launch_keyboard.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
config = lib.mkIf (config.me.launch_keyboard.enable && config.me.graphical) {
environment.systemPackages = with pkgs; [
system76-keyboard-configurator
dfu-programmer # For flashing keyboard https://support.system76.com/articles/launch_2-firmware-update/
@ -42,7 +40,5 @@
};
};
};
})
]
);
};
}

2
nix/configuration/roles/lvfs/default.nix
View File

@ -22,7 +22,7 @@
{
# TODO: Is this installing firmware or just downloading it?
services.fwupd.enable = true;
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
directories = [
{

18
nix/configuration/roles/memtest86/default.nix
View File

@ -7,15 +7,27 @@
{
imports = [ ];
config = lib.mkMerge [
options.me = {
memtest.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install memtest.";
};
};
config = lib.mkIf config.me.memtest.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
memtest86plus
];
}
# (lib.mkIf (config.me.buildingIso) {
# (lib.mkIf (config.me.buildingPortable) {
# boot.loader.systemd-boot.memtest86.enable = true;
# boot.loader.grub.memtest86.enable = true;
# })
];
]
);
}

41
nix/configuration/roles/network/default.nix
View File

@ -2,7 +2,6 @@
config,
lib,
pkgs,
pkgs-dda3dcd3f,
...
}:
@ -19,6 +18,16 @@
{
imports = [ ];
options.me = {
network.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install network.";
};
};
config = lib.mkIf config.me.network.enable {
networking.dhcpcd.enable = lib.mkDefault false;
networking.useDHCP = lib.mkDefault false;
networking.nameservers = [
@ -106,27 +115,11 @@
# "net.ipv6.conf.default.use_tempaddr" = 2;
};
# nixpkgs.overlays = [
# (final: prev: {
# inherit (pkgs-dda3dcd3f)
# linux-firmware
# ;
# })
# ];
# nixpkgs.overlays = [
# (final: prev: {
# linux-firmware = prev.linux-firwmare.overrideAttrs (old: rec {
# version = "20250917";
# src = final.fetchFromGitLab {
# owner = "kernel-firmware";
# repo = "linux-firmware";
# tag = version;
# hash = "sha256-tecFB6WYEfBK9FB7Rv8nHLdefIoaFnHrpzXBl+iSd08=";
# };
# });
# })
# ];
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
directories = [
"/var/lib/iwd" # Wifi settings
];
};
};
}

11
nix/configuration/roles/nix_index/default.nix
View File

@ -17,14 +17,12 @@
};
};
config = lib.mkIf config.me.nix_index.enable (
lib.mkMerge [
{
config = lib.mkIf config.me.nix_index.enable {
environment.systemPackages = with pkgs; [
nix-index-unwrapped
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
@ -37,8 +35,5 @@
];
};
};
}
]
);
};
}

9
nix/configuration/roles/nix_worker/default.nix
View File

@ -13,7 +13,6 @@
{
config,
lib,
pkgs,
...
}:
@ -29,9 +28,7 @@
};
};
config = lib.mkIf config.me.nix_worker.enable (
lib.mkMerge [
{
config = lib.mkIf config.me.nix_worker.enable {
nix.settings.trusted-users = [ "nixworker" ];
users.users.nixworker = {
@ -51,7 +48,5 @@
];
};
users.groups.nixworker = { };
}
]
);
};
}

11
nix/configuration/roles/nvme/default.nix
View File

@ -8,7 +8,18 @@
{
imports = [ ];
options.me = {
nvme.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install nvme.";
};
};
config = lib.mkIf config.me.nvme.enable {
environment.systemPackages = with pkgs; [
nvme-cli
];
};
}

8
nix/configuration/roles/openpgp_card_tools/default.nix
View File

@ -19,9 +19,7 @@
};
};
config = lib.mkIf config.me.openpgp_card_tools.enable (
lib.mkMerge [
{
config = lib.mkIf config.me.openpgp_card_tools.enable {
environment.systemPackages = with pkgs; [
openpgp-card-tools
openpgp-card-tool-git
@ -43,7 +41,5 @@
# The current openpgp-card-ssh-agent has an outdated dependency on openpgp-card-state which makes it not handle my current openpgp-card-state.toml
# services.openpgp-card-ssh-agent.enable = true;
}
]
);
};
}

6
nix/configuration/roles/openpgp_card_tools/openpgp-card-ssh-agent.nix
View File

@ -9,13 +9,7 @@
let
inherit (lib)
mkIf
mkOption
mkEnableOption
mkPackageOption
mkDefault
types
concatMapStringsSep
generators
;
cfg = config.services.openpgp-card-ssh-agent;
in

5
nix/configuration/roles/optimized_build/default.nix
View File

@ -31,7 +31,6 @@
"gccarch-znver4"
"gccarch-znver5"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
@ -99,9 +98,10 @@
)
(final: prev: {
inherit (pkgs-unoptimized)
assimp
binaryen
gsl
rapidjson
assimp
;
})
];
@ -115,6 +115,5 @@
}
]
))
];
}

12
nix/configuration/roles/pcsx2/default.nix
View File

@ -17,14 +17,12 @@
};
};
config = lib.mkIf config.me.pcsx2.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
config = lib.mkIf (config.me.pcsx2.enable && config.me.graphical) {
environment.systemPackages = with pkgs; [
pcsx2
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
@ -67,7 +65,7 @@
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
@ -87,7 +85,5 @@
source = ./files/PCSX2.ini;
};
};
})
]
);
};
}

13
nix/configuration/roles/podman/default.nix
View File

@ -17,17 +17,14 @@
};
};
config = lib.mkIf config.me.podman.enable (
lib.mkMerge [
{
config = lib.mkIf config.me.podman.enable {
assertions = [
{
assertion = !config.me.docker.enable;
message = "podman conflicts with docker";
}
];
}
{
environment.systemPackages = with pkgs; [
dive
podman-tui
@ -53,7 +50,7 @@
DOCKER_HOST = "unix://$XDG_RUNTIME_DIR/podman/podman.sock";
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
directories = [
{
@ -74,7 +71,5 @@
];
};
};
}
]
);
};
}

23
nix/configuration/roles/python/default.nix
View File

@ -17,16 +17,15 @@
};
};
config = lib.mkIf config.me.python.enable (
lib.mkMerge [
{
config = lib.mkIf config.me.python.enable {
environment.systemPackages = with pkgs; [
(python3.withPackages (python-pkgs: [
python-pkgs.distro # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
python-pkgs.pyudev # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
python-pkgs.systemd # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
python-pkgs.packaging # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
]))
# (python3.withPackages (python-pkgs: [
# python-pkgs.distro # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
# python-pkgs.pyudev # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
# python-pkgs.systemd # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
# python-pkgs.packaging # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
# ]))
python3
poetry
pyright
isort
@ -34,7 +33,7 @@
uv
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
@ -48,7 +47,5 @@
];
};
};
}
]
);
};
}

8
nix/configuration/roles/qemu/default.nix
View File

@ -52,14 +52,10 @@ in
};
};
config = lib.mkIf config.me.qemu.enable (
lib.mkMerge [
{
config = lib.mkIf config.me.qemu.enable {
environment.systemPackages = with pkgs; [
qemu
qemurc_wrapped
];
}
]
);
};
}

2
nix/configuration/roles/reset/default.nix
View File

@ -1,7 +1,5 @@
{
config,
lib,
pkgs,
...
}:

12
nix/configuration/roles/rpcs3/default.nix
View File

@ -48,9 +48,7 @@ in
};
};
config = lib.mkIf config.me.rpcs3.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
config = lib.mkIf (config.me.rpcs3.enable && config.me.graphical) {
environment.systemPackages = with pkgs; [
rpcs3
];
@ -91,7 +89,7 @@ in
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
@ -167,7 +165,7 @@ in
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
@ -180,7 +178,5 @@ in
];
};
};
})
]
);
};
}

10
nix/configuration/roles/rust/default.nix
View File

@ -35,9 +35,7 @@ in
};
};
config = lib.mkIf config.me.rust.enable (
lib.mkMerge [
{
config = lib.mkIf config.me.rust.enable {
environment.systemPackages = with pkgs; [
rustup
lldb # for lldb-vscode
@ -57,7 +55,7 @@ in
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
@ -131,9 +129,7 @@ in
};
})
];
}
]
);
};
}
# TODO: Install clippy, cranelift, rust-src

8
nix/configuration/roles/sequoia/default.nix
View File

@ -17,13 +17,9 @@
};
};
config = lib.mkIf config.me.sequoia.enable (
lib.mkMerge [
{
config = lib.mkIf config.me.sequoia.enable {
environment.systemPackages = with pkgs; [
sequoia-sq
];
}
]
);
};
}

44
nix/configuration/roles/shadps4/default.nix
View File

@ -17,9 +17,7 @@
};
};
config = lib.mkIf config.me.shadps4.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
config = lib.mkIf (config.me.shadps4.enable && config.me.graphical) {
environment.systemPackages = with pkgs; [
shadps4
];
@ -30,7 +28,7 @@
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
@ -75,7 +73,7 @@
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
@ -93,18 +91,44 @@
nixpkgs.overlays = [
(final: prev: {
shadps4 = prev.shadps4.overrideAttrs (old: {
version = "0.9.0";
version = "0.11.0";
src = final.fetchFromGitHub {
owner = "AzaharPlus";
repo = "shadPS4Plus";
tag = "SHADPS4PLUS_0_9_0_A";
hash = "sha256-ZwP+bOE4roWt51Ii53blDZzdq/SxK4Q69I4rLCNARLA=";
tag = "SHAD_PS4_PLUS_0_11_0";
hash = "sha256-puyINtFBTdMkOE2E9OnUlZ526vXHCWyKIWsZBaojQRk=";
fetchSubmodules = true;
};
});
})
(final: prev: {
pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
(python-final: python-prev: {
shiboken2 = python-prev.shiboken2.overrideAttrs (old: {
cmakeFlags = old.cmakeFlags ++ [
# Fix build with cmake>=4
(lib.strings.cmakeFeature "CMAKE_POLICY_VERSION_MINIMUM" "3.5")
# "-DCMAKE_POLICY_VERSION_MINIMUM=3.5"
];
});
pyside2 = python-prev.pyside2.overrideAttrs (old: {
cmakeFlags = old.cmakeFlags ++ [
# Fix build with cmake>=4
(lib.strings.cmakeFeature "CMAKE_POLICY_VERSION_MINIMUM" "3.5")
# "-DCMAKE_POLICY_VERSION_MINIMUM=3.5"
];
});
pyside2-tools = python-prev.pyside2-tools.overrideAttrs (old: {
cmakeFlags = old.cmakeFlags ++ [
# Fix build with cmake>=4
(lib.strings.cmakeFeature "CMAKE_POLICY_VERSION_MINIMUM" "3.5")
# "-DCMAKE_POLICY_VERSION_MINIMUM=3.5"
];
});
})
];
})
]
);
];
};
}

8
nix/configuration/roles/shikane/default.nix
View File

@ -25,9 +25,7 @@ in
};
};
config = lib.mkIf config.me.shikane.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
config = lib.mkIf (config.me.shikane.enable && config.me.graphical) {
environment.systemPackages = with pkgs; [
shikane
];
@ -41,7 +39,5 @@ in
source = ./files/config.toml;
};
};
})
]
);
};
}

13
nix/configuration/roles/shipwright/default.nix
View File

@ -17,19 +17,16 @@
};
};
config = lib.mkIf config.me.shipwright.enable (
lib.mkMerge [
{
config = lib.mkIf (config.me.shipwright.enable && config.me.graphical) {
allowedUnfree = [ "shipwright" ];
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
shipwright
];
# TODO perhaps install ~/.local/share/soh/shipofharkinian.json
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
@ -42,7 +39,5 @@
];
};
};
})
]
);
};
}

10
nix/configuration/roles/sm64ex/default.nix
View File

@ -17,9 +17,7 @@
};
};
config = lib.mkIf config.me.sm64ex.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
config = lib.mkIf (config.me.sm64ex.enable && config.me.graphical) {
allowedUnfree = [ "sm64ex" ];
environment.systemPackages = with pkgs; [
@ -44,7 +42,7 @@
# TODO perhaps install ~/.local/share/sm64ex/sm64config.txt
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [
@ -57,7 +55,5 @@
];
};
};
})
]
);
};
}

8
nix/configuration/roles/sops/default.nix
View File

@ -17,13 +17,9 @@
};
};
config = lib.mkIf config.me.sops.enable (
lib.mkMerge [
{
config = lib.mkIf config.me.sops.enable {
environment.systemPackages = with pkgs; [
sops # For encrypting kubernetes secrets.
];
}
]
);
};
}

2
nix/configuration/roles/sound/default.nix
View File

@ -72,7 +72,7 @@
];
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
directories = [

12
nix/configuration/roles/spaghettikart/default.nix
View File

@ -17,12 +17,8 @@
};
};
config = lib.mkIf config.me.spaghettikart.enable (
lib.mkMerge [
{
config = lib.mkIf (config.me.spaghettikart.enable && config.me.graphical) {
allowedUnfree = [ "spaghettikart" ];
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
spaghettikart
];
@ -34,7 +30,7 @@
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
files = [
@ -43,7 +39,5 @@
];
};
};
})
]
);
};
}

13
nix/configuration/roles/ssh/default.nix
View File

@ -8,11 +8,21 @@
{
imports = [ ];
options.me = {
ssh.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install ssh.";
};
};
config = lib.mkIf config.me.ssh.enable {
environment.systemPackages = with pkgs; [
sshfs
];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
users.talexander = {
files = [
@ -37,4 +47,5 @@
source = ./files/ssh_config;
};
};
};
}

49
nix/configuration/roles/sshd/default.nix Normal file
View File

@ -0,0 +1,49 @@
{
config,
lib,
...
}:
{
imports = [ ];
options.me = {
sshd.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install sshd.";
};
};
config = lib.mkIf config.me.sshd.enable {
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
hostKeys = [
{
path = "/persist/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
{
path = "/persist/ssh/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}
];
};
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
files = [
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
];
};
};
}

Some files were not shown because too many files have changed in this diff Show More