talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: talexander:20c1c46d1262baea248b06df96b26fe88746e865
Branches Tags
talexander:main talexander:kubernetes talexander:nix talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook
...
compare: talexander:starship
Branches Tags
talexander:kubernetes talexander:nix talexander:main talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook

193 Commits
20c1c46d12 ... starship

Author SHA1 Message Date
Tom Alexander
9513882870 Still not working. 2025-01-27 20:38:45 -05:00
Tom Alexander
71a6843b37 Same issue with package based on 2ship2harkinian. 2025-01-27 19:26:38 -05:00
Tom Alexander
7d9d1ca80e Add a package for starship (Star Fox 64). 2025-01-27 19:26:38 -05:00
Tom Alexander
2f2d33296b Persist ares data. 2025-01-26 19:04:17 -05:00
Tom Alexander
2c1cf54de0 Update packages. 2025-01-26 18:55:53 -05:00
Tom Alexander
65be133ffe Update lanzaboote. 2025-01-26 16:57:18 -05:00
Tom Alexander
ee47c3cfa3 Enable debugging on ath12k. 2025-01-26 10:11:53 -05:00
Tom Alexander
ff8bb0653b Enable bluetooth on odo. 2025-01-25 21:28:14 -05:00
Tom Alexander
ff98873b32 Persist save data for ship of harkinian and 2ship2harkinian. 2025-01-25 21:22:55 -05:00
Tom Alexander
67ad4e2dff Persist sm64ex save data. 2025-01-25 20:47:48 -05:00
Tom Alexander
60452b0aeb Persist the nix-index index. 2025-01-25 20:22:41 -05:00
Tom Alexander
e043320e5c Clean up experiments in the gpg role. 2025-01-25 19:35:05 -05:00
Tom Alexander
2f8c4fbfe8 Disable verbose logging for gpg. 2025-01-25 19:10:48 -05:00
Tom Alexander
233bf4e967 Put the sleep back into wireguard. 2025-01-25 17:58:56 -05:00
Tom Alexander
f7adfaf54d Update lockfile. 2025-01-25 16:28:53 -05:00
Tom Alexander
78c9dec4c4 Disable rom name override. 
The latest nixpkgs does not support overriding the name so I am removing it now for compatibility.
 2025-01-25 16:22:04 -05:00
Tom Alexander
53c12a5b1e Add sshjail as an ansible plugin. 2025-01-25 15:30:30 -05:00
Tom Alexander
7d94210d8f Add cmake support to emacs. 2025-01-25 10:20:22 -05:00
Tom Alexander
1ebf31dc11 Remove sleep from wireguard service. 2025-01-25 10:20:22 -05:00
Tom Alexander
82c30bdb77 Add a role for 2ship2harkinian (Majora's Mask). 2025-01-24 21:25:41 -05:00
Tom Alexander
d5e7fdd097 Add bsdtar. 2025-01-24 20:58:03 -05:00
Tom Alexander
40fd7931d0 Add a persist folder for the talexander user. 2025-01-24 20:36:37 -05:00
Tom Alexander
835fd340a2 Add role for Ocarina of Time (shipwright). 2025-01-24 20:23:49 -05:00
Tom Alexander
94ef9ff3c8 Add role to build sm64ex. 2025-01-24 20:08:10 -05:00
Tom Alexander
62d3c010f5 Install nix-tree. 2025-01-24 19:01:51 -05:00
Tom Alexander
e9e792961c Add a not-working snippet to show where system packages are imported. 2025-01-24 18:53:57 -05:00
Tom Alexander
281dffc9c0 Do not install foot. 2025-01-24 18:42:57 -05:00
Tom Alexander
5bd67bb02a Move defaultPackages into the reset role. 2025-01-24 18:36:14 -05:00
Tom Alexander
4a76097a5e Refactor the wireguard role to use lib.mkMerge. 2025-01-24 17:59:07 -05:00
Tom Alexander
facfd01661 Make zsh install conditional. 2025-01-23 21:55:22 -05:00
Tom Alexander
2ce4520cd6 Make zrepl a conditional install. 2025-01-23 21:52:50 -05:00
Tom Alexander
814769b3e9 Do not install waybar on neelix. 2025-01-23 21:43:08 -05:00
Tom Alexander
6424129da3 Do not install wasm role on neelix. 2025-01-23 21:41:08 -05:00
Tom Alexander
415edbad91 Do not install vscode on neelix. 2025-01-23 21:39:57 -05:00
Tom Alexander
a773f94593 Do not install vnc client on neelix. 2025-01-23 21:37:16 -05:00
Tom Alexander
226610c926 Do not install steam or terraform on neelix. 2025-01-23 21:37:15 -05:00
Tom Alexander
7c6afef2bb Do not install pavucontrol on non-graphical installs. 2025-01-23 21:25:19 -05:00
Tom Alexander
55654fafb1 Do not install rust on neelix. 2025-01-23 21:21:37 -05:00
Tom Alexander
8946868fd6 Do not install qemu on neelix. 2025-01-23 21:18:57 -05:00
Tom Alexander
cd8e9002d0 Do not install python on neelix. 2025-01-23 21:15:48 -05:00
Tom Alexander
e1a274c88e Do not install media role on neelix. 2025-01-23 21:06:11 -05:00
Tom Alexander
cdc4bdffb6 Git buildEnv is failing. 2025-01-23 20:59:39 -05:00
Tom Alexander
9b9a103e49 Do not install gnome-firmware on non-graphical installs. 2025-01-23 20:46:03 -05:00
Tom Alexander
ea7bf809fc Do not install the launch keyboard configurator on neelix or non-graphical installs. 2025-01-23 20:42:22 -05:00
Tom Alexander
88a6d046b8 Do not install LaTeX on neelix. 2025-01-23 20:38:54 -05:00
Tom Alexander
d8e16f0b05 Do not install kubernetes clients on neelix. 2025-01-23 20:35:28 -05:00
Tom Alexander
e3fee206a1 Don't install kanshi on non-graphical installs. 2025-01-23 20:20:08 -05:00
Tom Alexander
3be710b4ad Install meld to git's path when doing a graphical install. 2025-01-23 20:07:23 -05:00
Tom Alexander
b37f8a8e1a Do not install my git config on neelix. 2025-01-23 19:55:13 -05:00
Tom Alexander
509cceb220 Only install fonts in graphical installs. 2025-01-23 19:48:25 -05:00
Tom Alexander
47408cfce0 Do not install firefox on neelix. 2025-01-23 19:14:25 -05:00
Tom Alexander
812dc40257 Do not install docker on neelix. 2025-01-23 19:09:59 -05:00
Tom Alexander
0e370c0d62 Do not install chromium or catt on neelix. 2025-01-23 19:04:19 -05:00
Tom Alexander
0598c796b7 Do not install ares on neelix. 2025-01-23 18:53:36 -05:00
Tom Alexander
df2efb728d Don't install alacritty on neelix or non-graphical installs. 2025-01-23 18:47:03 -05:00
Tom Alexander
62fc955b68 Merge branch 'plainmacs' into nix 2025-01-23 18:44:30 -05:00
Tom Alexander
e0644a069d Add support for non-graphical emacs. 2025-01-23 01:52:56 -05:00
Tom Alexander
054e056d00 Switch to buildEnv instead of symlinkJoin for better control over the joining process. 2025-01-23 01:52:56 -05:00
Tom Alexander
d3ea8b3667 Introduce a plainmacs emacs install flavor. 2025-01-22 21:01:34 -05:00
Tom Alexander
3f945f8ae3 Merge branch 'neelix' into nix 2025-01-22 20:29:12 -05:00
Tom Alexander
93c4aa4c76 Clean up the host-specific configs. 2025-01-22 20:28:58 -05:00
Tom Alexander
4664804d90 Comment out the kodi configs so they remain mutable until I've made a config I like. 2025-01-22 20:12:50 -05:00
Tom Alexander
edc48d00a2 Add some config files. 2025-01-21 23:07:05 -05:00
Tom Alexander
37aa0e6732 Add a bluetooth role. 2025-01-21 22:19:28 -05:00
Tom Alexander
a739728d41 Add neelix public key to sftp server. 2025-01-21 21:23:21 -05:00
Tom Alexander
48c5aebd82 Install jmespath for ansible. 2025-01-21 20:56:48 -05:00
Tom Alexander
c33a1b6c50 Set up memtest86 on neelix. 2025-01-20 22:50:44 -05:00
Tom Alexander
368c455b7f Persist ssh keys for kodi user. 2025-01-20 22:38:54 -05:00
Tom Alexander
5a5d34911c Add /etc/hosts entry for neelix. 2025-01-20 21:00:35 -05:00
Tom Alexander
d0c1bb1b65 Do not install sway on neelix. 2025-01-20 20:14:59 -05:00
Tom Alexander
9d49eb9d6a Add an empty kodi role. 2025-01-20 19:40:54 -05:00
Tom Alexander
ccbc999744 Add a global options role. 2025-01-20 19:27:49 -05:00
Tom Alexander
d537aa599b Stop the sway-session.target when exiting sway. 2025-01-20 18:43:54 -05:00
Tom Alexander
95d06dfe0e Enable memtest86 when building the ISO. 2025-01-20 18:43:54 -05:00
Tom Alexander
f2adb9328b Build zfs into the ISO image. 2025-01-20 18:43:54 -05:00
Tom Alexander
7bc6e0c470 Add a config for neelix. 2025-01-20 18:43:54 -05:00
Tom Alexander
99edb2d161 Use full emacs for e alias. 2025-01-19 23:15:33 -05:00
Tom Alexander
938f8676ff Add chromecast support. 2025-01-19 13:44:01 -05:00
Tom Alexander
d365b6aea9 Add ncdu to inspect disk usage. 2025-01-19 11:05:00 -05:00
Tom Alexander
8d911ff893 Wrap tofi without forcing a rebuild. 2025-01-19 10:53:54 -05:00
Tom Alexander
2aca77ea1a Merge branch 'emacs_refactor' into nix 2025-01-19 10:16:27 -05:00
Tom Alexander
1b342d3402 Switch from buildEnv to symlinkJoin to keep dependencies out of the system path. 2025-01-19 10:09:49 -05:00
Tom Alexander
9976e232e6 Move packages out of systemPackages and into the emacs_full package. 2025-01-18 23:11:35 -05:00
Tom Alexander
3baf18f435 Install aspell into the emacs_full environment. 2025-01-18 22:53:09 -05:00
Tom Alexander
e00331bf94 Wrap emacs settings in a mkMerge. 2025-01-18 21:26:17 -05:00
Tom Alexander
8e22d8febb Switch to a 300hz tickless kernel and enable BBR. 
Aside from BBR, these settings are copied from arch linux.
 2025-01-18 20:15:20 -05:00
Tom Alexander
ed0d1e41d6 Add a notification daemon. 2025-01-18 18:44:00 -05:00
Tom Alexander
2c27d580f4 Add a mode to force focus a window. 2025-01-18 18:40:08 -05:00
Tom Alexander
75ac4b91f3 Add screenshot / screen recording. 2025-01-18 18:33:46 -05:00
Tom Alexander
9abe43096b Add swaylock. 2025-01-18 18:13:30 -05:00
Tom Alexander
1535800e2f Replace wofi with tofi. 2025-01-18 17:39:51 -05:00
Tom Alexander
dcffced35a Add rofimoji. 2025-01-18 14:32:44 -05:00
Tom Alexander
1da36ab7c5 Remove unused portion of zshrc. 
I will probably move to a similar import system to what I am doing with sway.
 2025-01-18 13:18:06 -05:00
Tom Alexander
c694c6ae4c Make zsh-histdb use sqlite3 directly instead of depending on systemPackages. 2025-01-18 13:12:24 -05:00
Tom Alexander
f524aa168a Stick with imv instead of swayimg. 2025-01-18 12:16:11 -05:00
Tom Alexander
308206d1cc Launch a terminal at boot in the live ISO. 2025-01-18 11:55:12 -05:00
Tom Alexander
8ac235cb8c Move disabling wifi power saving to a host-specific file. 2025-01-18 11:48:53 -05:00
Tom Alexander
5170678a25 Don't garbage collect in a built ISO. 
The ISO is immutable so garbage collection does not make sense.
 2025-01-18 11:33:39 -05:00
Tom Alexander
19cf31b094 Move a zfs setting into the zfs role. 2025-01-18 11:14:19 -05:00
Tom Alexander
4f0024c4f9 Move some graphics bits into the graphics role. 2025-01-18 11:00:30 -05:00
Tom Alexander
41138ab34a Update to the new secureboot location. 2025-01-18 10:54:34 -05:00
Tom Alexander
f9b18809f9 An update fixed firefox's launch time. 2025-01-17 22:42:57 -05:00
Tom Alexander
fefe46b512 Remove kvm-amd from boot.kernelModules. 2025-01-17 21:36:34 -05:00
Tom Alexander
b4947bcff6 Add vnc client. 2025-01-17 20:30:16 -05:00
Tom Alexander
14baaddcff Persist factorio data. 2025-01-17 19:07:54 -05:00
Tom Alexander
1c8f2f1c74 Switch back to regular linux. 2025-01-17 18:55:59 -05:00
Tom Alexander
1bfe24f457 Remove duplicate entry for xdg-desktop-portal-wlr. 2025-01-16 20:51:17 -05:00
Tom Alexander
08feb8bad6 Add more tracing commands. 2025-01-15 21:12:28 -05:00
Tom Alexander
cb3b01a74c Blacklist hardward watchdog for AMD 700 chipset series for power savings. 2025-01-15 21:01:30 -05:00
Tom Alexander
0e95edd8e7 Switch to unstable. 2025-01-15 21:00:57 -05:00
Tom Alexander
d172b1dea2 Add some wasm utilities. 2025-01-14 23:57:24 -05:00
Tom Alexander
2a97a1ee92 Add vscode role. 2025-01-14 23:57:24 -05:00
Tom Alexander
ba4085df1a Add terraform. 2025-01-14 23:17:26 -05:00
Tom Alexander
7c542364a2 Add firmware updating through fwupd via the Linux Vendor firmware Service (LVFS). 2025-01-14 22:42:52 -05:00
Tom Alexander
0299ebcb43 Add nvme role. 2025-01-14 21:51:53 -05:00
Tom Alexander
c23245b97c Add TODO. 2025-01-14 21:40:38 -05:00
Tom Alexander
491412c33c Add seatd. 2025-01-14 21:10:03 -05:00
Tom Alexander
5a5839482d Add support for the system76 launch keyboard configurator. 2025-01-14 20:16:06 -05:00
Tom Alexander
63408f5664 Set up latex. 2025-01-14 18:04:04 -05:00
Tom Alexander
d338b77d23 Install sshfs. 2025-01-14 17:56:29 -05:00
Tom Alexander
ce9140aa73 Add role for zrepl. 2025-01-13 17:59:03 -05:00
Tom Alexander
dbf3f2e983 Disable the fallback DNS servers. 2025-01-13 17:43:38 -05:00
Tom Alexander
0ca26e73fb Add more firefox extensions. 2025-01-12 22:43:23 -05:00
Tom Alexander
0fb53a4294 Add preparations for the new location for secureboot keys. 2025-01-12 21:17:47 -05:00
Tom Alexander
4019e6d132 Fix buildkit access to SSH agent. 2025-01-12 21:17:47 -05:00
Tom Alexander
8b1e76d9d7 Add a script to resume a zfs send/recv. 2025-01-12 19:55:15 -05:00
Tom Alexander
477637ae62 Add a script to test fetching PGP keys from a Web Key Directory (WKD). 2025-01-12 18:29:48 -05:00
Tom Alexander
5146a114eb Introduce a variable for sway includes and disable relatime on the zfs legacy mounts. 2025-01-12 15:39:46 -05:00
Tom Alexander
a817464b38 Preserve steam directories. 2025-01-11 22:36:09 -05:00
Tom Alexander
1acf889c68 Instll steam and the zfs_clone_send / zfs_clone_recv scripts. 2025-01-11 13:48:46 -05:00
Tom Alexander
af07d43c18 Add asian fonts. 2025-01-11 12:50:13 -05:00
Tom Alexander
33f13d898d Switch to ares instead of bsnes. 2025-01-11 12:09:02 -05:00
Tom Alexander
47d9e203f3 Add media role. 2025-01-10 22:54:32 -05:00
Tom Alexander
1a2ff987fe Add fw-ectool to framework laptop. 2025-01-09 23:31:27 -05:00
Tom Alexander
16480b3749 Switch to ladspa. 2025-01-09 21:32:37 -05:00
Tom Alexander
0d3901788d Installing ccid and libusb-compat does not fix it. 2025-01-09 19:04:44 -05:00
Tom Alexander
a3cb2c8632 Add kanshi. 2025-01-09 18:14:45 -05:00
Tom Alexander
6b9660bc44 Switch to mono noise suppression for voice and disable vulkan for chromium. 2025-01-09 17:56:46 -05:00
Tom Alexander
5c41b7efa2 Update software. 2025-01-08 21:43:39 -05:00
Tom Alexander
ead5db241e Install packages needed to run amd_s2idle. 2025-01-07 23:02:22 -05:00
Tom Alexander
8b074617e8 Use Adwaita cursor theme. 2025-01-06 19:34:28 -05:00
Tom Alexander
13970b53ad Only decrypt the nix zfs dataset. 2025-01-06 19:21:20 -05:00
Tom Alexander
13d7319a0f Add nix-index. 2025-01-06 14:32:07 -05:00
Tom Alexander
bd9a85efd3 Add klog alias. 2025-01-05 15:43:23 -05:00
Tom Alexander
4a4c54def4 Disable DNS settings for hotel. 2025-01-02 22:50:55 -05:00
Tom Alexander
18d372c8ee Revert "Switching to a home-manager config did not fix it." 
This reverts commit 4599b38ebf.
 2025-01-02 10:27:25 -05:00
Tom Alexander
4599b38ebf Switching to a home-manager config did not fix it. 2025-01-02 10:27:21 -05:00
Tom Alexander
04a95a2543 More failed attempts to get gpg working. 2025-01-02 09:43:00 -05:00
Tom Alexander
7c5f14ee61 Persist kubernetes client config. 2025-01-02 09:03:19 -05:00
Tom Alexander
d49f12f58f Enable panel replay. 2025-01-01 19:59:02 -05:00
Tom Alexander
936d3bc34d Add rust. 2025-01-01 19:16:08 -05:00
Tom Alexander
1b34841921 Comment out specific version of gpg. 2025-01-01 18:43:29 -05:00
Tom Alexander
611904761e Add kubernetes client. 2025-01-01 18:43:29 -05:00
Tom Alexander
f843b7924f Add docker. 2025-01-01 18:29:27 -05:00
Tom Alexander
7bb7b89b82 Try a specific version of gpg. 2025-01-01 13:35:29 -05:00
Tom Alexander
c1103775b6 Keep 30 days of /nix. 2025-01-01 13:31:45 -05:00
Tom Alexander
24d89ed704 Default to power-saving mode. 2024-12-31 12:51:23 -05:00
Tom Alexander
e8dff5ece1 Set up wireguard networks using functions. 2024-12-31 11:04:24 -05:00
Tom Alexander
e22b5c1c6c Add power management kernel parameters. 2024-12-31 10:27:15 -05:00
Tom Alexander
d9bc4f15d8 Add powertop. 2024-12-31 07:44:02 -05:00
Tom Alexander
77ae96ca7a Set up python. 2024-12-31 07:37:48 -05:00
Tom Alexander
d2f908005c Persist the .ssh known_hosts. 2024-12-31 07:00:41 -05:00
Tom Alexander
5e74a874ba Persist sound settings (for example, muted status) and do not enable wireguard in built ISO. 2024-12-29 15:45:52 -05:00
Tom Alexander
fe820e5843 Move remaining nix configs into folders. 2024-12-29 15:27:03 -05:00
Tom Alexander
81315e4c7b Add a snes emulator. 2024-12-29 15:12:31 -05:00
Tom Alexander
ce8718b042 Add wgh wireguard network. 2024-12-28 21:05:45 -05:00
Tom Alexander
720164497d More attempts to fix gpg decrypt with yubikey. 2024-12-27 20:53:43 -05:00
Tom Alexander
0b31b91c69 Set up wireguard. 2024-12-27 15:44:00 -05:00
Tom Alexander
2ef181cfab Attempt to fix gpg decrypt with yubikey. Did not succeed. 2024-12-27 13:09:13 -05:00
Tom Alexander
5a3450fdf8 Add gvfs and git-crypt. 2024-12-26 21:28:31 -05:00
Tom Alexander
aae534308a Add noise supression to microphone. 2024-12-25 09:17:30 -05:00
Tom Alexander
cbd8f70ce4 Merge branch 'zsh' into nix 2024-12-25 09:17:23 -05:00
Tom Alexander
64d495afa5 Use zsh-histdb package. 2024-12-23 17:28:31 -05:00
Tom Alexander
5e424b35e4 Make a zsh-histdb package. 2024-12-23 15:41:45 -05:00
Tom Alexander
7decd40844 Switch to zsh. 2024-12-23 11:14:18 -05:00
Tom Alexander
9c0f3ce601 Use dark themes. 2024-12-23 10:56:57 -05:00
Tom Alexander
e09eea2049 Switch to zen kernel optimized for znver4. 2024-12-23 10:00:01 -05:00
Tom Alexander
5d23126205 Enable secure boot. 2024-12-22 22:03:03 -05:00
Tom Alexander
748e6dee68 Set firefox as default browser. 2024-12-22 16:14:12 -05:00
Tom Alexander
27aa2f077b Set up chromium with support for wayland and widevine. 2024-12-22 00:48:57 -05:00
Tom Alexander
69098488f6 Switch to a raw file for fontconfig. 2024-12-21 17:15:54 -05:00
Tom Alexander
14e6e78aee Add the waybar scripts. 2024-12-21 16:25:40 -05:00
Tom Alexander
a0f9f4baa4 Set up waybar and building ISOs. 2024-12-21 15:46:05 -05:00
Tom Alexander
a7f3754d25 Add more sway config files. 2024-12-20 23:03:51 -05:00
Tom Alexander
54c8459fa1 Switch to vulkan renderer for sway. 2024-12-20 22:45:09 -05:00
Tom Alexander
e26118af4f Reformat all nix files. 2024-12-20 22:37:44 -05:00
Tom Alexander
764a8c58ce Add alias for emacs. 2024-12-20 22:36:32 -05:00
Tom Alexander
8f89f1c6c1 Add alacritty config. 2024-12-20 21:59:20 -05:00
Tom Alexander
862829c57c Preserve firefox cache. 2024-12-20 21:38:19 -05:00
Tom Alexander
aba96213c3 Enable the nixd language server in emacs. 2024-12-20 21:19:22 -05:00
Tom Alexander
e7ab762ee4 Fix firefox launch time. 2024-12-20 21:06:04 -05:00
Tom Alexander
b314982196 Set up firefox. 2024-12-20 18:30:35 -05:00
Tom Alexander
27060fed8d Preserve gpg directory. 2024-12-20 16:50:27 -05:00
118 changed files with 7593 additions and 632 deletions
Expand all files Collapse all files

17
ansible/roles/sftp/tasks/common.yaml
View File

@@ -64,6 +64,23 @@
# force: true # force: true
# diff: false # diff: false
- name: Create directories
file:
name: "{{ item }}"
state: directory
mode: 0700
owner: nochainstounlock
group: nochainstounlock
loop:
- /home/nochainstounlock/.ssh
- name: Set authorized keys
authorized_key:
user: nochainstounlock
key: |
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMrjXsXjtxEm47XnRZfo67kJULoc0NBLrB0lPYFiS2Ar kodi@neelix
exclusive: true
- import_tasks: tasks/freebsd.yaml - import_tasks: tasks/freebsd.yaml
when: 'os_flavor == "freebsd"' when: 'os_flavor == "freebsd"'

24
nix/configuration/boot.nix
View File

@@ -1,24 +0,0 @@
{ config, lib, pkgs, ... }:
{
imports = [];
boot.loader.grub.enable = false;
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
# TODO: make not write bootx64.efi
boot.loader.efi.canTouchEfiVariables = false;
# Automatically delete old generations
boot.loader.systemd-boot.configurationLimit = 3;
}
# efibootmgr -c -d /dev/sda -p 1 -L NixOS-boot -l '\EFI\NixOS-boot\grubx64.efi'
# Text-only:
# sudo cp "$(nix-build '<nixpkgs>' --no-out-link -A 'refind')/share/refind/refind_x64.efi" /boot/EFI/boot/bootx64.efi
# Full graphics:
# $ sudo nix-shell -p refind efibootmgr
# $ refind-install

205
nix/configuration/configuration.nix
View File

@@ -1,26 +1,83 @@
{ config, lib, pkgs, pkgs-unstable, home-manager, ... }: {
config,
lib,
pkgs,
home-manager,
...
}:
{ {
imports = imports = [
[ ./roles/reset
./roles/reset ./roles/global_options
./hosts/odo ./util/unfree_polyfill
"${builtins.fetchTarball {url="https://github.com/nix-community/disko/archive/refs/tags/v1.9.0.tar.gz";sha256="0j76ar4qz320fakdii4659w5lww8wiz6yb7g47npywqvf2lbp388";}}/module.nix" ./roles/iso
./boot.nix "${
./zfs.nix builtins.fetchTarball {
./network.nix url = "https://github.com/nix-community/disko/archive/refs/tags/v1.9.0.tar.gz";
./roles/sway sha256 = "0j76ar4qz320fakdii4659w5lww8wiz6yb7g47npywqvf2lbp388";
./roles/emacs }
./roles/git }/module.nix"
./roles/fonts ./roles/boot
]; ./roles/zfs
./roles/network
./roles/firewall
./roles/zsh
./roles/zrepl
./roles/graphics
./roles/sound
./roles/sway
./roles/kanshi
./roles/alacritty
./roles/firefox
./roles/chromium
./roles/emacs
./roles/git
./roles/fonts
./roles/gpg
./roles/waybar
./roles/qemu
./roles/wireguard
./roles/ares
./roles/ssh
./roles/python
./roles/docker
./roles/kubernetes
./roles/rust
./roles/media
./roles/steam
./roles/latex
./roles/launch_keyboard
./roles/lvfs
./roles/nvme
./roles/terraform
./roles/vscode
./roles/wasm
./roles/vnc_client
./roles/chromecast
./roles/memtest86
./roles/kodi
./roles/ansible
./roles/bluetooth
./roles/sm64ex
./roles/shipwright
./roles/2ship2harkinian
./roles/nix_index
];
nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings.trusted-users = [ "@wheel" ]; nix.settings.trusted-users = [ "@wheel" ];
boot.kernelPackages = pkgs.linuxPackages_6_11; # boot.kernelPackages = pkgs.linuxPackages_6_11;
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
services.getty = {
autologinUser = "talexander"; # I use full disk encryption so the user password is irrelevant.
autologinOnce = true;
};
users.mutableUsers = false; users.mutableUsers = false;
users.users.talexander = { users.users.talexander = {
isNormalUser = true; isNormalUser = true;
@@ -40,35 +97,40 @@
]; ];
}; };
users.groups.talexander.gid = 11235; users.groups.talexander.gid = 11235;
home-manager.users.talexander = { pkgs, ... }: { home-manager.users.talexander =
home.packages = [ pkgs.atool pkgs.httpie ]; { pkgs, ... }:
programs.bash.enable = true; {
home.packages = [
pkgs.atool
pkgs.httpie
];
programs.bash.enable = true;
# The state version is required and should stay at the version you # The state version is required and should stay at the version you
# originally installed. # originally installed.
home.stateVersion = "24.11"; home.stateVersion = "24.11";
}; };
# Automatic garbage collection # Automatic garbage collection
nix.gc = { nix.gc = lib.mkIf (!config.me.buildingIso) {
# Runs nix-collect-garbage --delete-older-than 5d # Runs nix-collect-garbage --delete-older-than 5d
automatic = true; automatic = true;
randomizedDelaySec = "14m"; randomizedDelaySec = "14m";
options = "--delete-older-than 5d"; options = "--delete-older-than 30d";
}; };
nix.settings.auto-optimise-store = !config.me.buildingIso;
# Use doas instead of sudo # Use doas instead of sudo
security.doas.enable = true; security.doas.enable = true;
security.doas.wheelNeedsPassword = false; security.doas.wheelNeedsPassword = false;
security.sudo.enable = false; security.sudo.enable = false;
security.doas.extraRules = [{ security.doas.extraRules = [
# Retain environment (for example NIX_PATH) {
keepEnv = true; # Retain environment (for example NIX_PATH)
persist = true; # Only ask for a password the first time. keepEnv = true;
}]; persist = true; # Only ask for a password the first time.
}
# Do not use default packages (nixos includes some defaults like nano) ];
environment.defaultPackages = lib.mkForce [];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
wget wget
@@ -80,9 +142,16 @@
file file
usbutils # for lsusb usbutils # for lsusb
pciutils # for lspci pciutils # for lspci
mesa-demos # for glxgears TODO move to better role ripgrep
vulkan-tools # for vkcube TODO move to better role strace
xorg.xeyes # to test which windows are using x11 TODO move to better role ltrace
trace-cmd # ftrace
tcpdump
git-crypt
gnumake
ncdu
nix-tree
libarchive # bsdtar
]; ];
services.openssh = { services.openssh = {
@@ -104,53 +173,31 @@
]; ];
}; };
# Open ports in the firewall. environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
networking.firewall.allowedTCPPorts = [ 22 ];
networking.firewall.allowedUDPPorts = [ ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Check what will be lost with `zfs diff zroot/linux/root@blank`
boot.initrd.systemd.enable = lib.mkDefault true;
boot.initrd.systemd.services.zfs-rollback = {
description = "Rollback ZFS root dataset to blank snapshot";
wantedBy = [
"initrd.target"
];
after = [
"zfs-import-zroot.service"
];
before = [
"sysroot.mount"
];
path = with pkgs; [
zfs
];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
zfs rollback -r zroot/linux/nix/root@blank
zfs rollback -r zroot/linux/nix/home@blank
echo "rollback complete"
'';
};
environment.persistence."/persist" = {
hideMounts = true; hideMounts = true;
directories = [ directories = [
"/var/lib/iwd" # Wifi settings "/var/lib/iwd" # Wifi settings
"/var/lib/nixos" # Contains user information (uids/gids) "/var/lib/nixos" # Contains user information (uids/gids)
"/var/lib/systemd" # Systemd state directory for random seed, persistent timers, core dumps, persist hardware state like backlight and rfkill
"/var/log/journal" # Logs, alternatively set `services.journald.storage = "volatile";` to write to /run/log/journal
]; ];
files = [ files = [
"/etc/machine-id" # Systemd unique machine id "otherwise, the system journal may fail to list earlier boots, etc"
"/etc/ssh/ssh_host_rsa_key" "/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub" "/etc/ssh/ssh_host_rsa_key.pub"
"/etc/ssh/ssh_host_ed25519_key" "/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub" "/etc/ssh/ssh_host_ed25519_key.pub"
]; ];
# users.talexander = { users.talexander = {
# directories = []; directories = [
# files = []; {
# }; directory = "persist";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
}; };
# Write a list of the currently installed packages to /etc/current-system-packages # Write a list of the currently installed packages to /etc/current-system-packages
@@ -160,7 +207,13 @@
sortedUnique = builtins.sort builtins.lessThan (lib.unique packages); sortedUnique = builtins.sort builtins.lessThan (lib.unique packages);
formatted = builtins.concatStringsSep "\n" sortedUnique; formatted = builtins.concatStringsSep "\n" sortedUnique;
in in
formatted; formatted;
# environment.etc."system-packages-with-source".text = builtins.concatStringsSep "\n\n" (
# builtins.map (
# x: x.file + "\n" + builtins.concatStringsSep "\n" (builtins.map (s: " " + s) x.value)
# ) config.environment.systemPackages.definitionsWithLocations
# );
# nixpkgs.overlays = [ # nixpkgs.overlays = [
# (final: prev: { # (final: prev: {
@@ -168,7 +221,11 @@
# }) # })
# ]; # ];
# nixpkgs.overlays = [
# (final: prev: {
# foot = throw "foo";
# })
# ];
# Copy the NixOS configuration file and link it from the resulting system # Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you # (/run/current-system/configuration.nix). This is useful in case you

285
nix/configuration/flake.lock generated
View File

@@ -1,5 +1,133 @@
{ {
"nodes": { "nodes": {
"ansible-sshjail": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1,
"narHash": "sha256-c4Ds4E/10Zj5AQLuJ3JvJTuDK8o2WjVXLcIL7eyhTfw=",
"path": "flakes/ansible-sshjail",
"type": "path"
},
"original": {
"path": "flakes/ansible-sshjail",
"type": "path"
}
},
"crane": {
"locked": {
"lastModified": 1731098351,
"narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=",
"owner": "ipetkov",
"repo": "crane",
"rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1730504689,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"pre-commit-hooks-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -7,27 +135,26 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1734366194, "lastModified": 1737762889,
"narHash": "sha256-vykpJ1xsdkv0j8WOVXrRFHUAdp9NXHpxdnn1F4pYgSw=", "narHash": "sha256-5HGG09bh/Yx0JA8wtBMAzt0HMCL1bYZ93x4IqzVExio=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "80b0fdf483c5d1cb75aaad909bd390d48673857f", "rev": "daf04c5950b676f47a794300657f1d3d14c1a120",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-24.11",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
}, },
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1734200366, "lastModified": 1737831083,
"narHash": "sha256-0NursoP4BUdnc+wy+Mq3icHkXu/RgP1Sjo0MJxV2+Dw=", "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "c6323585fa0035d780e3d8906eb1b24b65d19a48", "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -36,18 +163,44 @@
"type": "github" "type": "github"
} }
}, },
"lanzaboote": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1737639419,
"narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "a65905a09e2c43ff63be8c0e86a93712361f871e",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "v0.4.2",
"repo": "lanzaboote",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1734323986, "lastModified": 1737885589,
"narHash": "sha256-m/lh6hYMIWDYHCAsn81CDAiXoT3gmxXI9J987W5tZrE=", "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "394571358ce82dff7411395829aa6a3aad45b907", "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-24.11", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@@ -68,29 +221,127 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-unstable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1734424634, "lastModified": 1730741070,
"narHash": "sha256-cHar1vqHOOyC7f1+tVycPoWTfKIaqkoe1Q6TnKzuti4=", "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d3c42f187194c26d9f0309a8ecc469d6c878ce33", "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-unstable", "ref": "nixos-24.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"pre-commit-hooks-nix": {
"inputs": {
"flake-compat": [
"lanzaboote",
"flake-compat"
],
"gitignore": "gitignore",
"nixpkgs": [
"lanzaboote",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1731363552,
"narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"ansible-sshjail": "ansible-sshjail",
"home-manager": "home-manager", "home-manager": "home-manager",
"impermanence": "impermanence", "impermanence": "impermanence",
"lanzaboote": "lanzaboote",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-b93b4e9b5": "nixpkgs-b93b4e9b5", "nixpkgs-b93b4e9b5": "nixpkgs-b93b4e9b5",
"nixpkgs-unstable": "nixpkgs-unstable" "zsh-histdb": "zsh-histdb"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1731897198,
"narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "0be641045af6d8666c11c2c40e45ffc9667839b5",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"zsh-histdb": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1,
"narHash": "sha256-5DWw7GnwVZ98HUp/UUJcyUmmy9Bh/mcQB8MQQ0t3ZRo=",
"path": "flakes/zsh-histdb",
"type": "path"
},
"original": {
"path": "flakes/zsh-histdb",
"type": "path"
} }
} }
}, },

210
nix/configuration/flake.nix
View File

@@ -1,115 +1,153 @@
# Build ISO image # Build ISO image
# doas nix run github:nix-community/nixos-generators -- --flake .#odo --format iso # nix build --extra-experimental-features nix-command --extra-experimental-features flakes .#iso.odo
# output: result/iso/nixos.iso
# Run the ISO image
# "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \
# -accel kvm \
# -cpu host \
# -smp cores=8 \
# -m 32768 \
# -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" \
# -drive if=pflash,format=raw,file="/tmp/OVMF_VARS.fd" \
# -nic user,hostfwd=tcp::60022-:22 \
# -boot order=d \
# -cdrom "$(readlink -f ./result/iso/nixos.iso)" \
# -display vnc=127.0.0.1:0
#
# doas cp "$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF_VARS.fd" /tmp/OVMF_VARS.fd
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" -accel kvm -cpu host -smp cores=8 -m 32768 -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" -drive if=pflash,format=raw,file="/tmp/OVMF_VARS.fd" -nic user,hostfwd=tcp::60022-:22 -boot order=d -cdrom /persist/machine_setup/nix/configuration/result/iso/nixos*.iso -display vnc=127.0.0.1:0
# Get a repl for this flake
# nix repl --expr "builtins.getFlake \"$PWD\""
# TODO maybe use `nix eval --raw .#iso.odo.outPath`
# iso.odo.isoName == "nixos.iso"
# full path = <outPath> / iso / <isoName>
{ {
description = "My system configuration"; description = "My system configuration";
inputs = { inputs = {
impermanence.url = "github:nix-community/impermanence"; impermanence.url = "github:nix-community/impermanence";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-b93b4e9b5.url = "github:NixOS/nixpkgs/b93b4e9b527904aadf52dba6ca35efde2067cbd4"; nixpkgs-b93b4e9b5.url = "github:NixOS/nixpkgs/b93b4e9b527904aadf52dba6ca35efde2067cbd4";
home-manager.url = "github:nix-community/home-manager/release-24.11"; home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs"; home-manager.inputs.nixpkgs.follows = "nixpkgs";
lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.2";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
zsh-histdb = {
url = "path:flakes/zsh-histdb";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
ansible-sshjail = {
url = "path:flakes/ansible-sshjail";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-b93b4e9b5, impermanence, home-manager, ... }@inputs: let outputs =
base-system = {};
odoqemu = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
specialArgs = {
pkgs-b93b4e9b5 = import nixpkgs-b93b4e9b5 {
inherit system;
# config.allowUnfree = true;
};
pkgs-unstable = import nixpkgs-unstable {
inherit system;
# config.allowUnfree = true;
};
};
modules = [
impermanence.nixosModules.impermanence
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
}
./configuration.nix
({lib, ...}: {
imports = [ <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix> ];
virtualisation.qemu.options = [
"-device virtio-vga"
];
virtualisation.vmVariant = {
# following configuration is added only when building VM with build-vm
virtualisation = {
memorySize = 2048; # Use 2048MiB memory.
cores = 3;
graphics = false;
};
};
networking.dhcpcd.enable = lib.mkForce true;
networking.useDHCP = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce true;
# doas nixos-rebuild build-vm --flake .#odoqemu
#./result/bin/run-nixos-vm
})
];
};
odo = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
specialArgs = {
pkgs-b93b4e9b5 = import nixpkgs-b93b4e9b5 {
inherit system;
# config.allowUnfree = true;
};
pkgs-unstable = import nixpkgs-unstable {
inherit system;
# config.allowUnfree = true;
};
};
modules = [
impermanence.nixosModules.impermanence
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
}
./configuration.nix
];
};
in
{ {
# doas nix build --extra-experimental-features nix-command --extra-experimental-features flakes .#vms.odo self,
# ./result/bin/run-nixos-vim nixpkgs,
vms.odo = odoqemu.config.system.build.vm; nixpkgs-b93b4e9b5,
odoiso = odo.config.system.build.isoImage; impermanence,
nixosConfigurations.odo = odo; home-manager,
nixosConfigurations.odovm = nixpkgs.lib.nixosSystem rec { lanzaboote,
zsh-histdb,
ansible-sshjail,
...
}@inputs:
let
base_x86_64_linux = rec {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { specialArgs = {
pkgs-b93b4e9b5 = import nixpkgs-b93b4e9b5 { pkgs-b93b4e9b5 = import nixpkgs-b93b4e9b5 {
inherit system; inherit system;
# config.allowUnfree = true;
};
pkgs-unstable = import nixpkgs-unstable {
inherit system;
# config.allowUnfree = true;
}; };
}; };
modules = [ modules = [
impermanence.nixosModules.impermanence impermanence.nixosModules.impermanence
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
lanzaboote.nixosModules.lanzaboote
{ {
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
} }
{
nixpkgs.overlays = [
zsh-histdb.overlays.default
ansible-sshjail.overlays.default
];
}
./configuration.nix ./configuration.nix
({lib, ...}: {
networking.dhcpcd.enable = lib.mkForce true;
networking.useDHCP = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce true;
})
]; ];
}; };
systems = {
odo = {
main = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [
./hosts/odo
];
}
);
iso = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [
./hosts/odo
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
# TODO: Figure out how to do image based appliances
# (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix")
{
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
me.buildingIso = true;
}
];
}
);
};
neelix = {
main = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [
./hosts/neelix
];
}
);
iso = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [
./hosts/neelix
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
{
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
me.buildingIso = true;
}
];
}
);
};
};
in
{
nixosConfigurations.odo = systems.odo.main;
iso.odo = systems.odo.iso.config.system.build.isoImage;
nixosConfigurations.neelix = systems.neelix.main;
iso.neelix = systems.neelix.iso.config.system.build.isoImage;
}; };
} }

61
nix/configuration/flakes/ansible-sshjail/flake.lock generated Normal file
View File

@@ -0,0 +1,61 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735141468,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

34
nix/configuration/flakes/ansible-sshjail/flake.nix Normal file
View File

@@ -0,0 +1,34 @@
{
description = "A slightly better history for zsh";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
inputs.flake-utils.url = "github:numtide/flake-utils";
outputs =
{
self,
nixpkgs,
flake-utils,
...
}:
let
out =
system:
let
pkgs = nixpkgs.legacyPackages.${system};
# Maybe pkgs = import nixpkgs { inherit system; }; ?
appliedOverlay = self.overlays.default pkgs pkgs;
in
{
packages = rec {
default = ansible-sshjail;
ansible-sshjail = appliedOverlay.ansible-sshjail;
};
};
in
flake-utils.lib.eachDefaultSystem out
// {
overlays.default = final: prev: {
ansible-sshjail = final.callPackage ./package.nix { };
};
};
}

33
nix/configuration/flakes/ansible-sshjail/package.nix Normal file
View File

@@ -0,0 +1,33 @@
# unpackPhase
# patchPhase
# configurePhase
# buildPhase
# checkPhase
# installPhase
# fixupPhase
# installCheckPhase
# distPhase
{
stdenv,
fetchgit,
...
}:
stdenv.mkDerivation {
name = "ansible-sshjail";
src = fetchgit {
url = "https://github.com/austinhyde/ansible-sshjail.git";
rev = "a7b0076fdb680b915d35efafd1382919100532b6";
sha256 = "sha256-4QX/017fDRzb363NexgvHZ/VFKXOjRgGPDKKygyUylM=";
};
phases = [
"installPhase"
];
installPhase = ''
runHook preInstall
mkdir -p $out/share/ansible/plugins/connection_plugins
cp $src/sshjail.py $out/share/ansible/plugins/connection_plugins/
runHook postInstall
'';
}

61
nix/configuration/flakes/starship-game/flake.lock generated Normal file
View File

@@ -0,0 +1,61 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735141468,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

34
nix/configuration/flakes/starship-game/flake.nix Normal file
View File

@@ -0,0 +1,34 @@
{
description = "A slightly better history for zsh";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
inputs.flake-utils.url = "github:numtide/flake-utils";
outputs =
{
self,
nixpkgs,
flake-utils,
...
}:
let
out =
system:
let
pkgs = nixpkgs.legacyPackages.${system};
# Maybe pkgs = import nixpkgs { inherit system; }; ?
appliedOverlay = self.overlays.default pkgs pkgs;
in
{
packages = rec {
default = starship-game;
starship-game = appliedOverlay.starship-game;
};
};
in
flake-utils.lib.eachDefaultSystem out
// {
overlays.default = final: prev: {
starship-game = final.callPackage ./package.nix { };
};
};
}

261
nix/configuration/flakes/starship-game/package.nix Normal file
View File

@@ -0,0 +1,261 @@
{
lib,
stdenv,
SDL2,
cmake,
copyDesktopItems,
fetchFromGitHub,
fetchpatch,
fetchurl,
imagemagick,
imgui,
libpng,
libpulseaudio,
libzip,
lsb-release,
makeDesktopItem,
makeWrapper,
ninja,
nlohmann_json,
pkg-config,
python3,
spdlog,
stormlib,
tinyxml-2,
writeTextFile,
zenity,
}:
let
# This would get fetched at build time otherwise, see:
# https://github.com/HarbourMasters/2ship2harkinian/blob/1.0.2/mm/CMakeLists.txt#L708
gamecontrollerdb = fetchurl {
name = "gamecontrollerdb.txt";
url = "https://raw.githubusercontent.com/gabomdq/SDL_GameControllerDB/b1759cf84028aab89caa1c395e198c340b8dfd89/gamecontrollerdb.txt";
hash = "sha256-7C5EkqBIhLGNJuhi3832y0ffW5Ep7iuTYXb1bL5h2Js=";
};
# 2ship needs a specific imgui version
imgui' = imgui.overrideAttrs rec {
version = "1.90.6";
src = fetchFromGitHub {
owner = "ocornut";
repo = "imgui";
rev = "v${version}-docking";
hash = "sha256-Y8lZb1cLJF48sbuxQ3vXq6GLru/WThR78pq7LlORIzc=";
};
};
libgfxd = fetchFromGitHub {
owner = "glankk";
repo = "libgfxd";
rev = "96fd3b849f38b3a7c7b7f3ff03c5921d328e6cdf";
hash = "sha256-dedZuV0BxU6goT+rPvrofYqTz9pTA/f6eQcsvpDWdvQ=";
};
yaml_cpp = fetchFromGitHub {
owner = "jbeder";
repo = "yaml-cpp";
rev = "f7320141120f720aecc4c32be25586e7da9eb978";
hash = "sha256-J87oS6Az1/vNdyXu3L7KmUGWzU0IAkGrGMUUha+xDXI=";
};
# spdlog = fetchFromGitHub {
# owner = "gabime";
# repo = "spdlog";
# rev = "7e635fca68d014934b4af8a1cf874f63989352b7";
# hash = "sha256-cxTaOuLXHRU8xMz9gluYz0a93O0ez2xOxbloyc1m1ns=";
# };
# stb_impl = writeTextFile {
# name = "stb_impl.c";
# text = ''
# #define STB_IMAGE_IMPLEMENTATION
# #include "stb_image.h"
# '';
# };
# stb' = fetchurl {
# name = "stb_image.h";
# url = "https://raw.githubusercontent.com/nothings/stb/0bc88af4de5fb022db643c2d8e549a0927749354/stb_image.h";
# hash = "sha256-xUsVponmofMsdeLsI6+kQuPg436JS3PBl00IZ5sg3Vw=";
# };
# Apply 2ship's patch for stormlib
stormlib' = stormlib.overrideAttrs (prev: rec {
version = "9.25";
src = fetchFromGitHub {
owner = "ladislav-zezula";
repo = "StormLib";
rev = "v${version}";
hash = "sha256-HTi2FKzKCbRaP13XERUmHkJgw8IfKaRJvsK3+YxFFdc=";
};
nativeBuildInputs = prev.nativeBuildInputs ++ [ pkg-config ];
patches = (prev.patches or [ ]) ++ [
(fetchpatch {
name = "stormlib-optimizations.patch";
url = "https://github.com/briaguya-ai/StormLib/commit/ff338b230544f8b2bb68d2fbe075175ed2fd758c.patch";
hash = "sha256-Jbnsu5E6PkBifcx/yULMVC//ab7tszYgktS09Azs5+4=";
})
];
});
thread_pool = fetchFromGitHub {
owner = "bshoshany";
repo = "thread-pool";
rev = "v4.1.0";
hash = "sha256-zhRFEmPYNFLqQCfvdAaG5VBNle9Qm8FepIIIrT9sh88=";
};
in
stdenv.mkDerivation (finalAttrs: {
pname = "starship-game";
version = "v1.0.0";
src = fetchFromGitHub {
owner = "HarbourMasters";
repo = "starship";
# rev = "5e5e49da93e066f51c3010ba38f09331d866f2db";
tag = finalAttrs.version;
hash = "sha256-kaLLlLuonqE2DJcRlWR4tCEBNjwIYFlzeDLcYsvMO7I=";
fetchSubmodules = true;
};
# patches = [
# # remove fetching stb as we will patch our own
# ./0001-deps.patch
# ];
nativeBuildInputs = [
cmake
copyDesktopItems
imagemagick
lsb-release
makeWrapper
ninja
pkg-config
python3
];
buildInputs = [
SDL2
imgui'
libpng
libpulseaudio
libzip
nlohmann_json
spdlog
stormlib'
tinyxml-2
zenity
];
cmakeFlags = [
(lib.cmakeBool "NON_PORTABLE" true)
(lib.cmakeFeature "CMAKE_INSTALL_PREFIX" "${placeholder "out"}/starship-game")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_IMGUI" "${imgui'.src}")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_LIBGFXD" "${libgfxd}")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_STORMLIB" "${stormlib'}")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_THREADPOOL" "${thread_pool}")
];
dontAddPrefix = true;
# Linking fails without this
hardeningDisable = [ "format" ];
# Pie needs to be enabled or else it segfaults
hardeningEnable = [ "pie" ];
# preConfigure = ''
# # mirror 2ship's stb
# mkdir stb
# cp ${stb'} ./stb/${stb'.name}
# cp ${stb_impl} ./stb/${stb_impl.name}
# substituteInPlace libultraship/cmake/dependencies/common.cmake \
# --replace-fail "\''${STB_DIR}" "/build/source/stb"
# '';
# (cd tools/Torch && cmake -H. -Bbuild-cmake -GNinja \
# -DFETCHCONTENT_SOURCE_DIR_LIBGFXD=${libgfxd} \
# -DFETCHCONTENT_SOURCE_DIR_YAML-CPP=${finalAttrs.yaml_cpp_src} \
# -DFETCHCONTENT_SOURCE_DIR_SPDLOG=${finalAttrs.spdlog_src}
# )
configurePhase = ''
cmake -H. -Bbuild-cmake -GNinja \
-DFETCHCONTENT_SOURCE_DIR_IMGUI=${imgui'.src} \
-DFETCHCONTENT_SOURCE_DIR_STORMLIB=${stormlib'} \
-DFETCHCONTENT_SOURCE_DIR_THREADPOOL=${thread_pool}
(cd tools/Torch && cmake -H. -Bbuild-cmake -GNinja \
-DFETCHCONTENT_SOURCE_DIR_LIBGFXD=${libgfxd} \
-DFETCHCONTENT_SOURCE_DIR_YAML-CPP=${yaml_cpp} \
-DFETCHCONTENT_SOURCE_DIR_SPDLOG=${spdlog}
)
(cd libultraship && cmake -H. -Bbuild-cmake -GNinja \
-DFETCHCONTENT_SOURCE_DIR_LIBGFXD=${libgfxd} \
-DFETCHCONTENT_SOURCE_DIR_IMGUI=${imgui'.src} \
-DFETCHCONTENT_SOURCE_DIR_STORMLIB=${stormlib'} \
-DFETCHCONTENT_SOURCE_DIR_THREADPOOL=${thread_pool}
)
'';
buildPhase = ''
cmake --build build-cmake
'';
postBuild = ''
cp ${gamecontrollerdb} ${gamecontrollerdb.name}
pushd ../OTRExporter
python3 ./extract_assets.py -z ../build/ZAPD/ZAPD.out --norom --xml-root ../mm/assets/xml --custom-assets-path ../mm/assets/custom --custom-otr-file 2ship.o2r --port-ver ${finalAttrs.version}
popd
'';
preInstall = ''
# Cmake likes it here for its install paths
cp ../OTRExporter/2ship.o2r mm/
'';
postInstall = ''
mkdir -p $out/bin
ln -s $out/2s2h/2s2h.elf $out/bin/2s2h
install -Dm644 ../mm/linux/2s2hIcon.png $out/share/pixmaps/2s2h.png
'';
postFixup = ''
wrapProgram $out/2s2h/2s2h.elf --prefix PATH ":" ${lib.makeBinPath [ zenity ]}
'';
desktopItems = [
(makeDesktopItem {
name = "starship";
icon = "starship";
exec = "starship";
comment = finalAttrs.meta.description;
genericName = "Starship";
desktopName = "starship";
categories = [ "Game" ];
})
];
meta = {
homepage = "https://github.com/HarbourMasters/2ship2harkinian";
description = "A PC port of Majora's Mask with modern controls, widescreen, high-resolution, and more";
mainProgram = "starship";
platforms = [ "x86_64-linux" ];
maintainers = with lib.maintainers; [ ];
license = with lib.licenses; [
# # OTRExporter, OTRGui, ZAPDTR, libultraship
# mit
# # 2 Ship 2 Harkinian
# cc0
# # Reverse engineering
# unfree
];
};
})

61
nix/configuration/flakes/zsh-histdb/flake.lock generated Normal file
View File

@@ -0,0 +1,61 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735141468,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

34
nix/configuration/flakes/zsh-histdb/flake.nix Normal file
View File

@@ -0,0 +1,34 @@
{
description = "A slightly better history for zsh";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
inputs.flake-utils.url = "github:numtide/flake-utils";
outputs =
{
self,
nixpkgs,
flake-utils,
...
}:
let
out =
system:
let
pkgs = nixpkgs.legacyPackages.${system};
# Maybe pkgs = import nixpkgs { inherit system; }; ?
appliedOverlay = self.overlays.default pkgs pkgs;
in
{
packages = rec {
default = zsh-histdb;
zsh-histdb = appliedOverlay.zsh-histdb;
};
};
in
flake-utils.lib.eachDefaultSystem out
// {
overlays.default = final: prev: {
zsh-histdb = final.callPackage ./package.nix { };
};
};
}

36
nix/configuration/flakes/zsh-histdb/package.nix Normal file
View File

@@ -0,0 +1,36 @@
# unpackPhase
# patchPhase
# configurePhase
# buildPhase
# checkPhase
# installPhase
# fixupPhase
# installCheckPhase
# distPhase
{
stdenv,
pkgs,
sqlite,
...
}:
stdenv.mkDerivation {
name = "zsh-histdb";
src = pkgs.fetchgit {
url = "https://github.com/larkery/zsh-histdb.git";
rev = "90a6c104d0fcc0410d665e148fa7da28c49684eb";
sha256 = "sha256-vtG1poaRVbfb/wKPChk1WpPgDq+7udLqLfYfLqap4Vg=";
};
buildInputs = [ sqlite ];
phases = [
"installPhase"
];
installPhase = ''
runHook preInstall
mkdir -p $out/share/zsh/plugins/zsh-histdb
cp -r $src/histdb-* $src/*.zsh $src/db_migrations $out/share/zsh/plugins/zsh-histdb/
runHook postInstall
'';
postInstall = ''
substituteInPlace $out/share/zsh/plugins/zsh-histdb/sqlite-history.zsh $out/share/zsh/plugins/zsh-histdb/histdb-merge $out/share/zsh/plugins/zsh-histdb/histdb-migrate --replace-fail "sqlite3" "${sqlite}/bin/sqlite3"
'';
}

38
nix/configuration/hosts/neelix/default.nix Normal file
View File

@@ -0,0 +1,38 @@
{ config, pkgs, ... }:
{
imports = [
./hardware-configuration.nix
./disk-config.nix
./optimized_build.nix
./power_management.nix
];
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "fbd233d8";
networking.hostName = "neelix"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = false;
# Early KMS
boot.initrd.kernelModules = [ "i915" ];
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
me.bluetooth.enable = true;
me.emacs_flavor = "plainmacs";
me.graphical = true;
me.graphics_card_type = "intel";
me.kodi.enable = true;
me.lvfs.enable = true;
me.sound.enable = true;
me.wireguard.activated = [ "wgh" ];
me.wireguard.deactivated = [ "wgf" ];
me.zrepl.enable = true;
me.zsh.enable = true;
}

140
nix/configuration/hosts/neelix/disk-config.nix Normal file
View File

@@ -0,0 +1,140 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) {
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"umask=0077"
"noatime"
"discard"
];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
# mode = "mirror";
# Workaround: cannot import 'zroot': I/O error in disko tests
options.cachefile = "none";
options = {
ashift = "12";
compatibility = "openzfs-2.2-freebsd";
autotrim = "on";
};
rootFsOptions = {
acltype = "posixacl";
atime = "off";
relatime = "off";
xattr = "sa";
mountpoint = "none";
compression = "lz4";
canmount = "off";
utf8only = "on";
dnodesize = "auto";
normalization = "formD";
};
datasets = {
"linux/nix" = {
type = "zfs_fs";
options.mountpoint = "none";
};
"linux/nix/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
};
"linux/nix/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
options = {
recordsize = "1MiB";
compression = "lz4";
};
};
"linux/nix/home" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/home";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
};
"linux/nix/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
};
"linux/nix/state" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/state";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
};
};
};
};
};
# Make sure all persistent volumes are marked as neededForBoot
#
# Also mounts /home so it is mounted before the user home directories are created.
fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
fileSystems."/".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [
"noatime"
"norelatime"
];
fileSystems."/persist".options = [
"noatime"
"norelatime"
];
fileSystems."/state".options = [
"noatime"
"norelatime"
];
fileSystems."/home".options = [
"noatime"
"norelatime"
];
}

32
nix/configuration/hosts/neelix/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,32 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

78
nix/configuration/hosts/neelix/optimized_build.nix Normal file
View File

@@ -0,0 +1,78 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{ }
(lib.mkIf (!config.me.buildingIso) {
nix.settings.system-features = lib.mkForce [
"gccarch-alderlake"
"gccarch-x86-64-v3"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
# nixpkgs.hostPlatform = {
# gcc.arch = "alderlake";
# gcc.tune = "alderlake";
# system = "x86_64-linux";
# };
nixpkgs.overlays = [
(
self: super:
let
optimizeWithFlags =
pkg: flags:
pkg.overrideAttrs (old: {
NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags;
});
addConfig =
additionalConfig: pkg:
pkg.override (oldconfig: {
structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
});
in
{
linux_alderlake =
addConfig
{
# Full preemption
PREEMPT = lib.mkOverride 60 lib.kernel.yes;
PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
# Google's BBRv3 TCP congestion Control
TCP_CONG_BBR = lib.kernel.yes;
DEFAULT_BBR = lib.kernel.yes;
# Preemptive Full Tickless Kernel at 300Hz
HZ = lib.kernel.freeform "300";
HZ_300 = lib.kernel.yes;
HZ_1000 = lib.kernel.no;
}
(
optimizeWithFlags super.linux_6_12 [
"-march=alderlake"
"-mtune=alderlake"
]
);
}
)
];
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_alderlake;
})
(lib.mkIf (config.me.buildingIso) {
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_12;
boot.supportedFilesystems = [ "zfs" ];
})
];
}

35
nix/configuration/hosts/neelix/power_management.nix Normal file
View File

@@ -0,0 +1,35 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
environment.systemPackages = with pkgs; [
powertop
];
# pcie_aspm=force pcie_aspm.policy=powersupersave :: Enable PCIe active state power management for power reduction.
# nowatchdog :: Disable watchdog for power savings (related to disable_sp5100_watchdog above).
boot.kernelParams = [
"pcie_aspm=force"
# "pcie_aspm.policy=powersupersave"
"nowatchdog"
];
# default performance balance_performance balance_power power
# defaults to balance_performance
# systemd.tmpfiles.rules = [
# "w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power"
# ];
boot.extraModprobeConfig = ''
options snd_hda_intel power_save=1
'';
}

61
nix/configuration/hosts/odo/default.nix
View File

@@ -3,6 +3,10 @@
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./disk-config.nix ./disk-config.nix
./optimized_build.nix
./power_management.nix
./screen_brightness.nix
./wifi.nix
]; ];
# Generate with `head -c4 /dev/urandom | od -A none -t x4` # Generate with `head -c4 /dev/urandom | od -A none -t x4`
@@ -11,4 +15,61 @@
networking.hostName = "odo"; # Define your hostname. networking.hostName = "odo"; # Define your hostname.
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = true;
# Early KMS
boot.initrd.kernelModules = [ "amdgpu" ];
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
environment.systemPackages = with pkgs; [
fw-ectool
];
me.alacritty.enable = true;
me.ansible.enable = true;
me.ares.enable = true;
me.bluetooth.enable = true;
me.chromecast.enable = true;
me.chromium.enable = true;
me.docker.enable = true;
me.emacs_flavor = "full";
me.firefox.enable = true;
me.git.config = ../../roles/git/files/gitconfig_home;
me.gpg.enable = true;
me.graphical = true;
me.graphics_card_type = "amd";
me.kanshi.enable = true;
me.kubernetes.enable = true;
me.latex.enable = true;
me.launch_keyboard.enable = true;
me.lvfs.enable = true;
me.media.enable = true;
me.nix_index.enable = true;
me.python.enable = true;
me.qemu.enable = true;
me.rust.enable = true;
me.sound.enable = true;
me.steam.enable = true;
me.sway.enable = true;
me.terraform.enable = true;
me.vnc_client.enable = true;
me.vscode.enable = true;
me.wasm.enable = true;
me.waybar.enable = true;
me.wireguard.activated = [
"drmario"
"wgh"
"colo"
];
me.wireguard.deactivated = [ "wgf" ];
me.zrepl.enable = true;
me.zsh.enable = true;
me.sm64ex.enable = true;
me.shipwright.enable = true;
me.ship2harkinian.enable = true;
} }

40
nix/configuration/hosts/odo/disk-config.nix
View File

@@ -1,4 +1,14 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{ {
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) {
disko.devices = { disko.devices = {
disk = { disk = {
main = { main = {
@@ -14,7 +24,11 @@
type = "filesystem"; type = "filesystem";
format = "vfat"; format = "vfat";
mountpoint = "/boot"; mountpoint = "/boot";
mountOptions = [ "umask=0077" "noatime" "discard" ]; mountOptions = [
"umask=0077"
"noatime"
"discard"
];
}; };
}; };
zfs = { zfs = {
@@ -107,4 +121,28 @@
fileSystems."/persist".neededForBoot = true; fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true; fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true; fileSystems."/home".neededForBoot = true;
fileSystems."/".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [
"noatime"
"norelatime"
];
fileSystems."/persist".options = [
"noatime"
"norelatime"
];
fileSystems."/state".options = [
"noatime"
"norelatime"
];
fileSystems."/home".options = [
"noatime"
"norelatime"
];
# Only attempt to decrypt the main pool. Otherwise it attempts to decrypt pools that aren't even used.
boot.zfs.requestEncryptionCredentials = [ "zroot/linux/nix" ];
} }

22
nix/configuration/hosts/odo/hardware-configuration.nix
View File

@@ -1,16 +1,26 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: {
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = imports = [
[ (modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" ]; boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

81
nix/configuration/hosts/odo/optimized_build.nix Normal file
View File

@@ -0,0 +1,81 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{ }
(lib.mkIf (!config.me.buildingIso) {
nix.settings.system-features = lib.mkForce [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
# nixpkgs.hostPlatform = {
# gcc.arch = "znver4";
# gcc.tune = "znver4";
# system = "x86_64-linux";
# };
nixpkgs.overlays = [
(
self: super:
let
optimizeWithFlags =
pkg: flags:
pkg.overrideAttrs (old: {
NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags;
});
addConfig =
additionalConfig: pkg:
pkg.override (oldconfig: {
structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
});
in
{
linux_znver4 =
addConfig
{
# Full preemption
PREEMPT = lib.mkOverride 60 lib.kernel.yes;
PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
# Google's BBRv3 TCP congestion Control
TCP_CONG_BBR = lib.kernel.yes;
DEFAULT_BBR = lib.kernel.yes;
# Preemptive Full Tickless Kernel at 300Hz
HZ = lib.kernel.freeform "300";
HZ_300 = lib.kernel.yes;
HZ_1000 = lib.kernel.no;
}
(
optimizeWithFlags super.linux_6_12 [
"-march=znver4"
"-mtune=znver4"
]
);
}
)
];
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_znver4;
})
(lib.mkIf (config.me.buildingIso) {
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_12;
boot.supportedFilesystems.zfs = true;
})
];
}

59
nix/configuration/hosts/odo/power_management.nix Normal file
View File

@@ -0,0 +1,59 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
environment.systemPackages = with pkgs; [
powertop
];
# amdgpu.abmlevel=3 :: Automatically reduce screen brightness but tweak colors to compensate for power reduction.
# pcie_aspm=force pcie_aspm.policy=powersupersave :: Enable PCIe active state power management for power reduction.
# nowatchdog :: Disable watchdog for power savings (related to disable_sp5100_watchdog above).
# amd_pstate=passive :: Fully automated hardware pstate control.
# amd_pstate=active :: Same as passive except we can set the energy performance preference (EPP) to suggest how much we prefer performance or energy efficiency.
# amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds.
# amdgpu.dcdebugmask=0x10 :: Allegedly disables Panel Replay from https://community.frame.work/t/tracking-freezing-arch-linux-amd/39495/32
boot.kernelParams = [
"amdgpu.abmlevel=3"
"pcie_aspm=force"
# "pcie_aspm.policy=powersupersave"
"nowatchdog"
# I don't see a measurable benefit from these two:
# "cpufreq.default_governor=powersave"
# "initcall_blacklist=cpufreq_gov_userspace_init"
];
systemd.tmpfiles.rules = [
"w- /sys/firmware/acpi/platform_profile - - - - low-power"
"w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy4/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy5/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy6/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy7/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy8/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy9/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy10/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy11/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy12/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power"
];
boot.extraModprobeConfig = ''
# Disable the hardware watchdog inside AMD 700 chipset series for power savings.
blacklist sp5100_tco
# Sound power-saving was causing chat notifications to be inaudible.
# options snd_hda_intel power_save=1
'';
}

14
nix/configuration/hosts/odo/screen_brightness.nix Normal file
View File

@@ -0,0 +1,14 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
systemd.tmpfiles.rules = [
"w- /sys/class/backlight/amdgpu_bl1/brightness - - - - 85"
];
}

21
nix/configuration/hosts/odo/wifi.nix Normal file
View File

@@ -0,0 +1,21 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = {
environment.loginShellInit = lib.mkIf (!config.me.buildingIso) ''
doas iw dev wlan0 set power_save off
'';
# Enable debug logging for ath12k wifi card.
boot.kernelParams = [
"ath12k.debug_mask=0xffffffff"
];
};
}

33
nix/configuration/network.nix
View File

@@ -1,33 +0,0 @@
{ config, lib, pkgs, ... }:
{
imports = [];
networking.dhcpcd.enable = false;
networking.useDHCP = false;
# networking.nameservers = ["8.8.8.8" "8.8.4.4"];
networking.nameservers = [ "194.242.2.2#doh.mullvad.net" "[2a07:e340::2]#doh.mullvad.net" ];
# networking.nameservers = [ "1.1.1.1#one.one.one.one" "1.0.0.1#one.one.one.one" ];
services.resolved = {
enable = true;
dnssec = "true";
domains = [ "~." ];
fallbackDns = [ ];
dnsovertls = "true";
};
networking.wireless.iwd = {
enable = true;
settings = {
General = {
EnableNetworkConfiguration = true;
AddressRandomization = "network";
ControlPortOverNL80211 = false;
};
};
};
environment.systemPackages = with pkgs; [
iw
iwd
];
}

48
nix/configuration/roles/2ship2harkinian/default.nix Normal file
View File

@@ -0,0 +1,48 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
ship2harkinian.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install 2ship2harkinian.";
};
};
config = lib.mkIf config.me.ship2harkinian.enable (
lib.mkMerge [
{
allowedUnfree = [ "2ship2harkinian" ];
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
_2ship2harkinian
];
# TODO perhaps install ~/.local/share/2ship/2ship2harkinian.json
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".local/share/2ship";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
})
]
);
}

38
nix/configuration/roles/alacritty/default.nix Normal file
View File

@@ -0,0 +1,38 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
alacritty.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install alacritty.";
};
};
config = lib.mkIf config.me.alacritty.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
alacritty
xdg-utils # for xdg-open
];
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".config/alacritty/alacritty.toml" = {
source = ./files/alacritty.toml;
};
};
})
]
);
}

44
nix/configuration/roles/alacritty/files/alacritty.toml Normal file
View File

@@ -0,0 +1,44 @@
[colors]
draw_bold_text_with_bright_colors = true
indexed_colors = []
[colors.bright]
black = "0x666666"
blue = "0x7aa6da"
cyan = "0x54ced6"
green = "0x9ec400"
magenta = "0xb77ee0"
red = "0xff3334"
white = "0xffffff"
yellow = "0xe7c547"
[colors.normal]
black = "0x000000"
blue = "0x7aa6da"
cyan = "0x70c0ba"
green = "0xb9ca4a"
magenta = "0xc397d8"
red = "0xd54e53"
white = "0xeaeaea"
yellow = "0xe6c547"
[colors.primary]
background = "0x000000"
foreground = "0xeaeaea"
[font]
size = 11.0
[[hints.enabled]]
command = "xdg-open"
post_processing = true
regex = "(ipfs:|ipns:|magnet:|mailto:|gemini:|gopher:|https:|http:|news:|file:|git:|ssh:|ftp:)[^\u0000-\u001F\u007F-<>\"\\s{-}\\^⟨⟩`]+"
[hints.enabled.mouse]
enabled = false
mods = "None"
[scrolling]
history = 10000
# Lines moved per scroll.
multiplier = 3

86
nix/configuration/roles/ansible/default.nix Normal file
View File

@@ -0,0 +1,86 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
ansible.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install ansible.";
};
};
config = lib.mkIf config.me.ansible.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
ansible
];
nixpkgs.overlays = [
(final: prev: {
ansible = pkgs.symlinkJoin {
name = "ansible";
paths = [
(prev.ansible.overridePythonAttrs {
propagatedBuildInputs = prev.ansible.propagatedBuildInputs ++ [ prev.python3Packages.jmespath ];
})
pkgs.ansible-sshjail
];
buildInputs = [ pkgs.makeWrapper ];
postBuild = ''
${lib.concatMapStringsSep "\n"
(
prog:
(
"wrapProgram $out/bin/${prog} ${
lib.concatMapStringsSep " "
(
plugin_type:
"--set ANSIBLE_${lib.toUpper plugin_type}_PLUGINS $out/share/ansible/plugins/${lib.toLower plugin_type}_plugins"
)
[
"action"
"cache"
"callback"
"connection"
"filter"
"inventory"
"lookup"
"shell"
"strategy"
"test"
"vars"
]
} --prefix PATH : ${lib.makeBinPath [ ]}"
)
)
[
"ansible"
"ansible-config"
"ansible-console"
"ansible-doc"
"ansible-galaxy"
"ansible-inventory"
"ansible-playbook"
"ansible-pull"
"ansible-test"
"ansible-vault"
]
}
'';
};
})
];
}
]
);
}

44
nix/configuration/roles/ares/default.nix Normal file
View File

@@ -0,0 +1,44 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
ares.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install ares.";
};
};
config = lib.mkIf config.me.ares.enable (
lib.mkMerge [
{ }
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
ares
];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".local/share/ares";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
})
]
);
}

27
nix/configuration/roles/blank/default.nix
View File

@@ -1,7 +1,30 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
{ {
imports = []; imports = [ ];
options.me = {
blank.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install blank.";
};
};
config = lib.mkIf config.me.blank.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
];
}
(lib.mkIf config.me.graphical {
})
]
);
} }

46
nix/configuration/roles/bluetooth/default.nix Normal file
View File

@@ -0,0 +1,46 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
bluetooth.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install bluetooth.";
};
};
config = lib.mkIf config.me.bluetooth.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
];
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
settings = {
General = {
# Enable support for showing battery charge level.
Experimental = true;
};
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
"/var/lib/bluetooth" # Bluetooth pairing information.
];
};
}
]
);
}

105
nix/configuration/roles/boot/default.nix Normal file
View File

@@ -0,0 +1,105 @@
# ISO does not work with systemd initrd yet https://github.com/NixOS/nixpkgs/pull/291750
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options = {
me.secureBoot = {
enable = lib.mkOption {
default = false;
type = lib.types.bool;
description = ''
Enable to use secure boot.
'';
};
};
};
config = lib.mkMerge [
{
environment.systemPackages = with pkgs; [
tpm2-tools # For tpm2_eventlog to check for OptionRoms
# cp /sys/kernel/security/tpm0/binary_bios_measurements eventlog
# tpm2_eventlog eventlog | grep "BOOT_SERVICES_DRIVER"
sbctl # For debugging and troubleshooting Secure Boot.
];
}
(lib.mkIf (!config.me.buildingIso) {
boot.loader.grub.enable = false;
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
# TODO: make not write bootx64.efi
boot.loader.efi.canTouchEfiVariables = false;
# Automatically delete old generations
boot.loader.systemd-boot.configurationLimit = 3;
boot.loader.systemd-boot.memtest86.enable = true;
# Check what will be lost with `zfs diff zroot/linux/root@blank`
boot.initrd.systemd.enable = lib.mkDefault true;
boot.initrd.systemd.services.zfs-rollback = {
description = "Rollback ZFS root dataset to blank snapshot";
wantedBy = [
"initrd.target"
];
after = [
"zfs-import-zroot.service"
];
before = [
"sysroot.mount"
];
path = with pkgs; [
zfs
];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
zfs rollback -r zroot/linux/nix/root@blank
zfs rollback -r zroot/linux/nix/home@blank
echo "rollback complete"
'';
};
# boot.loader.systemd-boot.extraEntries = {
# "windows.conf" = ''
# title Windows
# efi /EFI/Microsoft/Boot/bootmgfw.efi
# options root=PARTUUID=17e325bf-a378-4d1d-be6a-f6df5476f0fa
# '';
# };
})
(lib.mkIf (config.me.secureBoot.enable) {
environment.systemPackages = with pkgs; [
sbctl
];
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
"/var/lib/sbctl" # Secure Boot Keys
];
};
})
];
}
# efibootmgr -c -d /dev/sda -p 1 -L NixOS-boot -l '\EFI\NixOS-boot\grubx64.efi'
# Text-only:
# sudo cp "$(nix-build '<nixpkgs>' --no-out-link -A 'refind')/share/refind/refind_x64.efi" /boot/EFI/boot/bootx64.efi
# Full graphics:
# $ sudo nix-shell -p refind efibootmgr
# $ refind-install

31
nix/configuration/roles/chromecast/default.nix Normal file
View File

@@ -0,0 +1,31 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
chromecast.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install chromecast.";
};
};
config = lib.mkIf config.me.chromecast.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
catt
];
}
(lib.mkIf config.me.graphical {
})
]
);
}

65
nix/configuration/roles/chromium/default.nix Normal file
View File

@@ -0,0 +1,65 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
chromium.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install chromium.";
};
};
config = lib.mkIf config.me.chromium.enable (
lib.mkMerge [
{ }
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
(chromium.override { enableWideVine = true; })
];
allowedUnfree = [
"chromium"
"chromium-unwrapped"
"widevine-cdm"
];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".config/chromium";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".cache/chromium";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
# Enabling vulkan causes video to render as white
# nixpkgs.config.chromium.commandLineArgs = "--enable-features=Vulkan";
})
]
);
}

64
nix/configuration/roles/docker/default.nix Normal file
View File

@@ -0,0 +1,64 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
docker.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install docker.";
};
};
config = lib.mkIf config.me.docker.enable (
lib.mkMerge [
{
virtualisation.docker.enable = true;
# Use docker activation
virtualisation.docker.enableOnBoot = false;
# Rootless docker breaks access to ssh for buildkit.
# virtualisation.docker.rootless = {
# enable = true;
# setSocketVariable = true;
# };
# Give docker access to ssh for fetching repos with buildkit.
virtualisation.docker.extraPackages = [ pkgs.openssh ];
environment.systemPackages = with pkgs; [
docker-buildx
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
{
directory = "/var/lib/docker";
user = "root";
group = "root";
mode = "0740";
}
];
# users.talexander = {
# directories = [
# {
# directory = ".local/share/docker";
# user = "talexander";
# group = "talexander";
# mode = "0740";
# }
# ];
# };
};
# Needed for non-rootless docker
users.users.talexander.extraGroups = [ "docker" ];
}
]
);
}

215
nix/configuration/roles/emacs/default.nix
View File

@@ -1,68 +1,167 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
plainmacs = pkgs.writeShellScriptBin "plainmacs" '' plainmacs =
INIT_SCRIPT=$(cat <<EOF emacs_package:
(progn pkgs.writeShellScriptBin "plainmacs" ''
(setq make-backup-files nil auto-save-default nil create-lockfiles nil) INIT_SCRIPT=$(cat <<EOF
(load-theme 'tango-dark t) (progn
(set-face-attribute 'default nil :background "black") (setq make-backup-files nil auto-save-default nil create-lockfiles nil)
;; Bright yellow highlighting for selected region (load-theme 'tango-dark t)
(set-face-attribute 'region nil :background "#ffff50" :foreground "black") (set-face-attribute 'default nil :background "black")
;; Bright green cursor to distinguish from yellow region ;; Bright yellow highlighting for selected region
(set-cursor-color "#ccff66") (set-face-attribute 'region nil :background "#ffff50" :foreground "black")
;; Hightlight the current line ;; Bright green cursor to distinguish from yellow region
(set-face-attribute 'line-number-current-line nil :foreground "white") (set-cursor-color "#ccff66")
;; Set default font ;; Hightlight the current line
(set-face-attribute 'default nil :height 100 :width 'regular :weight 'regular :family "Cascadia Mono") (set-face-attribute 'line-number-current-line nil :foreground "white")
;; Set fallback font for unicode glyphs ;; Set default font
(when (display-graphic-p) (set-face-attribute 'default nil :height 100 :width 'regular :weight 'regular :family "Cascadia Mono")
(set-fontset-font "fontset-default" nil (font-spec :name "Noto Color Emoji"))) ;; Set fallback font for unicode glyphs
(menu-bar-mode -1) (when (display-graphic-p)
(when (fboundp 'tool-bar-mode) (set-fontset-font "fontset-default" nil (font-spec :name "Noto Color Emoji")))
(tool-bar-mode -1)) (menu-bar-mode -1)
(when ( fboundp 'scroll-bar-mode) (when (fboundp 'tool-bar-mode)
(scroll-bar-mode -1)) (tool-bar-mode -1))
(pixel-scroll-precision-mode) (when ( fboundp 'scroll-bar-mode)
(setq frame-resize-pixelwise t) (scroll-bar-mode -1))
) (pixel-scroll-precision-mode)
EOF (setq frame-resize-pixelwise t)
) )
EOF
)
exec ${pkgs.emacs29-pgtk}/bin/emacs -q --eval "$INIT_SCRIPT" "''${@}" exec ${emacs_package}/bin/emacs -q --eval "$INIT_SCRIPT" "''${@}"
''; '';
e_shorthand =
emacs_package:
pkgs.writeShellScriptBin "e" ''
exec ${emacs_package}/bin/emacs "''${@}"
'';
in in
{ {
imports = []; imports = [ ];
environment.systemPackages = with pkgs; [ options.me.emacs_flavor = lib.mkOption {
plainmacs type = lib.types.nullOr (
emacs29-pgtk lib.types.enum [
clang # To compile tree-sitter grammars "full"
]; "plainmacs"
]
home-manager.users.talexander = { pkgs, ... }: { );
home.file.".config/emacs" = { default = null;
source = ./files/emacs; example = "full";
recursive = true; description = "What flavor of emacs to set up.";
};
}; };
environment.persistence."/state" = { config = lib.mkIf (config.me.emacs_flavor != null) (
hideMounts = true; lib.mkMerge [
users.talexander = { {
directories = [ environment.systemPackages = with pkgs; [
".config/emacs/eln-cache" # Installed packages my_emacs
".config/emacs/elpa" # Installed packages (plainmacs my_emacs)
".config/emacs/private" # For recentf (e_shorthand my_emacs)
".config/emacs/tree-sitter" # Compiled tree-sitter grammars ];
];
files = [
".config/emacs/history" # For savehist
".config/emacs/.last-package-update-day" # For use-package
];
};
};
environment.variables.EDITOR = "${plainmacs}/bin/plainmacs"; environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
".config/emacs/eln-cache" # Installed packages
".config/emacs/elpa" # Installed packages
".config/emacs/private" # For recentf
".config/emacs/tree-sitter" # Compiled tree-sitter grammars
];
files = [
".config/emacs/history" # For savehist
".config/emacs/.last-package-update-day" # For use-package
];
};
};
environment.variables.EDITOR = "plainmacs";
}
(lib.mkIf (config.me.graphical) {
nixpkgs.overlays = [
(final: prev: {
my_emacs = final.emacs29-pgtk;
})
];
})
(lib.mkIf (!config.me.graphical) {
nixpkgs.overlays = [
(final: prev: {
my_emacs = final.emacs-nox;
})
];
})
(lib.mkIf (config.me.emacs_flavor == "full") {
nixpkgs.overlays = [
(final: prev: {
my_emacs = pkgs.buildEnv {
name = prev.my_emacs.name;
paths = with prev; [
my_emacs
];
extraOutputsToInstall = [
"man"
"doc"
"info"
];
buildInputs = [ final.makeWrapper ];
postBuild = ''
wrapProgram $out/bin/emacs --prefix PATH : ${
lib.makeBinPath [
(final.aspellWithDicts (
dicts: with dicts; [
en
en-computers
]
))
final.nixd # nix language server
final.nixfmt-rfc-style # auto-formatting nix files through nixd
final.clang # To compile tree-sitter grammars
final.shellcheck
final.cmake-language-server
final.cmake # Used by cmake-language-server
]
}
'';
};
})
];
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".config/emacs" = {
source = ./files/emacs;
recursive = true;
};
};
})
(lib.mkIf (config.me.emacs_flavor == "plainmacs") {
nixpkgs.overlays = [
(final: prev: {
my_emacs = pkgs.buildEnv {
name = prev.my_emacs.name;
paths = with prev; [
my_emacs
];
extraOutputsToInstall = [
"man"
"doc"
"info"
];
};
})
];
})
]
);
} }

18
nix/configuration/roles/emacs/files/emacs/elisp/lang-cmake.el Normal file
View File

@@ -0,0 +1,18 @@
(require 'common-lsp)
(use-package cmake-mode
:commands cmake-mode
:hook (
(cmake-mode . (lambda ()
(eglot-ensure)
(defclass my/eglot-cmake (eglot-lsp-server) ()
:documentation
"Own eglot server class.")
(add-to-list 'eglot-server-programs
'(cmake-mode . (my/eglot-cmake "cmake-language-server")))
))
)
)
(provide 'lang-cmake)

16
nix/configuration/roles/emacs/files/emacs/elisp/lang-nix.el
View File

@@ -7,15 +7,15 @@
:commands nix-mode :commands nix-mode
:hook ( :hook (
(nix-mode . (lambda () (nix-mode . (lambda ()
;; (eglot-ensure) (eglot-ensure)
;; (defclass my/eglot-nix (eglot-lsp-server) () (defclass my/eglot-nix (eglot-lsp-server) ()
;; :documentation :documentation
;; "Own eglot server class.") "Own eglot server class.")
;; (add-to-list 'eglot-server-programs (add-to-list 'eglot-server-programs
;; '(nix-mode . (my/eglot-nix "nixd"))) '(nix-mode . (my/eglot-nix "nixd")))
;; (add-hook 'before-save-hook 'eglot-format-buffer nil 'local) (add-hook 'before-save-hook 'eglot-format-buffer nil 'local)
)) ))
) )
) )

2
nix/configuration/roles/emacs/files/emacs/elisp/lang-org.el
View File

@@ -38,6 +38,8 @@
;; TODO: There is an option to set the compiler, could be better than manually doing this here https://orgmode.org/manual/LaTeX_002fPDF-export-commands.html ;; TODO: There is an option to set the compiler, could be better than manually doing this here https://orgmode.org/manual/LaTeX_002fPDF-export-commands.html
;; (setq org-latex-compiler "lualatex") ;; (setq org-latex-compiler "lualatex")
;; TODO: nixos latex page recommends this line, figure out what it does / why its needed:
;; (setq org-preview-latex-default-process 'dvisvgm)
(setq org-latex-pdf-process (setq org-latex-pdf-process
'("lualatex -shell-escape -interaction nonstopmode -output-directory %o %f" '("lualatex -shell-escape -interaction nonstopmode -output-directory %o %f"
"lualatex -shell-escape -interaction nonstopmode -output-directory %o %f" "lualatex -shell-escape -interaction nonstopmode -output-directory %o %f"

2
nix/configuration/roles/emacs/files/emacs/init.el
View File

@@ -38,4 +38,6 @@
(require 'lang-nix) (require 'lang-nix)
(require 'lang-cmake)
(load-directory autoload-directory) (load-directory autoload-directory)

136
nix/configuration/roles/firefox/default.nix Normal file
View File

@@ -0,0 +1,136 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
firefox.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install firefox.";
};
};
config = lib.mkIf config.me.firefox.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
programs.firefox = {
enable = true;
package = (pkgs.wrapFirefox (pkgs.firefox-unwrapped.override { pipewireSupport = true; }) { });
languagePacks = [ "en-US" ];
preferences = {
# "identity.sync.tokenserver.uri": "https://ffsync.fizz.buzz/token/1.0/sync/1.5";
"media.hardware-video-decoding.force-enabled" = true;
"media.ffmpeg.vaapi.enabled" = true;
"doh-rollout.doorhanger-decision" = "UIDisabled";
"dom.security.https_only_mode" = true;
"dom.security.https_only_mode_ever_enabled" = true;
"extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
# Disable ads
"extensions.pocket.enabled" = false;
"browser.newtabpage.activity-stream.showSponsored" = false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
"browser.newtabpage.activity-stream.feeds.section.topstories" = false;
"browser.newtabpage.pinned" = "[]";
"browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
"browser.topsites.contile.enabled" = false;
# Disable cache when devtools are open.
"devtools.cache.disabled" = true;
# Do not track header.
"privacy.donottrackheader.enabled" = true;
# Tell websites not to share or sell my data.
"privacy.globalprivacycontrol.enabled" = true;
# Disable "studies" (slice testing)
"app.shield.optoutstudies.enabled" = false;
# Disable attribution which is used by advertisers to track you.
"dom.private-attribution.submission.enabled" = false;
# Disable battery status, used to track users.
"dom.battery.enabled" = false;
# Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
#
# This breaks copying from BigQuery https://github.com/microsoft/monaco-editor/issues/1540
# dom.event.clipboardevents.enabled: false
# Isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains.
"privacy.firstparty.isolate" = true;
# Do not preload URLs that auto-complete in the address bar.
"browser.urlbar.speculativeConnect.enabled" = false;
# Do not resist fingerprinting because that tells websites to use light mode.
# https://bugzilla.mozilla.org/show_bug.cgi?id=1732114
"privacy.resistFingerprinting" = false; # (default false)
# Instead, enable fingerprinting protection, which allows configuring an override.
"privacy.fingerprintingProtection" = true;
# Allow sending dark mode preference to websites.
# Allow sending timezone to websites.
"privacy.fingerprintingProtection.overrides" =
"+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked";
# Disable weather on new tab page
"browser.newtabpage.activity-stream.showWeather" = false;
};
# Check about:policies#documentation and https://mozilla.github.io/policy-templates/ for options.
policies = {
DisableTelemetry = true;
DisplayBookmarksToolbar = "newtab";
# Check about:support for extension/add-on ID strings.
# Valid strings for installation_mode are "allowed", "blocked",
# "force_installed" and "normal_installed".
ExtensionSettings = {
# "*".installation_mode = "blocked"; # blocks all addons except the ones specified below
"uBlock0@raymondhill.net" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
installation_mode = "force_installed";
};
"firefox@teleparty.com" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/netflix-party-is-now-teleparty/latest.xpi";
installation_mode = "normal_installed";
};
"@ublacklist" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublacklist/latest.xpi";
installation_mode = "normal_installed";
};
"@react-devtools" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/react-devtools/latest.xpi";
installation_mode = "normal_installed";
};
};
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".mozilla";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".cache/mozilla";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
})
]
);
}

20
nix/configuration/roles/firewall/default.nix Normal file
View File

@@ -0,0 +1,20 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [
22 # ssh
];
networking.firewall.allowedUDPPorts = [
5353 # mDNS
];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
}

133
nix/configuration/roles/fonts/default.nix
View File

@@ -1,118 +1,29 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
{ {
imports = []; imports = [ ];
fonts = { config = lib.mkIf config.me.graphical {
enableDefaultPackages = true; fonts = {
packages = with pkgs; [ enableDefaultPackages = false;
cascadia-code packages = with pkgs; [
source-sans-pro cascadia-code
source-serif-pro source-sans-pro
]; source-serif-pro
noto-fonts-cjk-sans
noto-fonts-cjk-serif
noto-fonts-color-emoji
];
fontconfig = { fontconfig = {
localConf = '' localConf = (builtins.readFile ./files/fonts.conf);
<?xml version="1.0"?> useEmbeddedBitmaps = true;
<!DOCTYPE fontconfig SYSTEM "fonts.dtd"> };
<fontconfig>
<!-- reject all bitmap fonts, with the exception of 'terminus' -->
<selectfont>
<!-- <acceptfont> -->
<!-- <pattern> -->
<!-- <patelt name="family"> <string>Terminus</string> </patelt> -->
<!-- </pattern> -->
<!-- </acceptfont> -->
<rejectfont>
<pattern>
<patelt name="scalable"> <bool>false</bool> </patelt>
</pattern>
</rejectfont>
<rejectfont>
<!-- You don't want ghostscript fonts in your web browsing because of annoying ligatures like ffi -->
<glob>/usr/share/fonts/gsfonts/*</glob>
</rejectfont>
</selectfont>
<!-- preferred aliases -->
<alias>
<family>serif</family>
<prefer>
<family>Source Serif Pro</family>
<family>Source Sans Pro</family>
</prefer>
</alias>
<!-- preferred aliases -->
<alias>
<family>sans-serif</family>
<prefer>
<family>Source Sans Pro</family>
<family>Source Serif Pro</family>
</prefer>
</alias>
<!-- preferred aliases -->
<alias>
<family>monospace</family>
<prefer>
<family>Cascadia Mono</family>
<family>Cascadia Code</family>
</prefer>
</alias>
<!-- Screw it. Force Liberation Mono to be source code pro. -->
<match target="pattern">
<test qual="any" name="family"><string>Liberation Mono</string></test>
<edit name="family" mode="assign" binding="same"><string>Cascadia Mono</string></edit>
</match>
<!-- Dejavu Sans Mono keeps coming back when I query "monospace". Doesn't happen when I'm using Souce Code Pro but does happen with cascadia... force it to cascadia -->
<match target="pattern">
<test qual="any" name="family"><string>monospace</string></test>
<edit name="family" mode="assign" binding="same"><string>Cascadia Mono</string></edit>
</match>
<!-- Disable ligatures in monospace fonts. -->
<match target="font">
<test name="family" compare="eq" ignore-blanks="true">
<string>Cascadia Code</string>
</test>
<edit name="fontfeatures" mode="append">
<string>liga off</string>
<string>dlig off</string>
</edit>
</match>
<!-- Font Display Settings -->
<match target="font" >
<edit mode="assign" name="rgba" >
<const>rgb</const>
</edit>
</match>
<match target="font" >
<edit mode="assign" name="hinting" >
<bool>true</bool>
</edit>
</match>
<match target="font" >
<edit mode="assign" name="hintstyle" >
<const>hintslight</const>
</edit>
</match>
<match target="font" >
<edit mode="assign" name="antialias" >
<bool>true</bool>
</edit>
</match>
<match target="font" >
<edit mode="assign" name="lcdfilter" >
<const>lcddefault</const>
</edit>
</match>
</fontconfig>
'';
}; };
}; };
} }

99
nix/configuration/roles/fonts/files/fonts.conf Normal file
View File

@@ -0,0 +1,99 @@
<?xml version="1.0"?>
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
<fontconfig>
<!-- reject all bitmap fonts, with the exception of 'terminus' -->
<selectfont>
<!-- <acceptfont> -->
<!-- <pattern> -->
<!-- <patelt name="family"> <string>Terminus</string> </patelt> -->
<!-- </pattern> -->
<!-- </acceptfont> -->
<rejectfont>
<pattern>
<patelt name="scalable"> <bool>false</bool> </patelt>
</pattern>
</rejectfont>
<rejectfont>
<!-- You don't want ghostscript fonts in your web browsing because of annoying ligatures like ffi -->
<glob>/usr/share/fonts/gsfonts/*</glob>
</rejectfont>
</selectfont>
<!-- preferred aliases -->
<alias>
<family>serif</family>
<prefer>
<family>Source Serif Pro</family>
<family>Source Sans Pro</family>
</prefer>
</alias>
<!-- preferred aliases -->
<alias>
<family>sans-serif</family>
<prefer>
<family>Source Sans Pro</family>
<family>Source Serif Pro</family>
</prefer>
</alias>
<!-- preferred aliases -->
<alias>
<family>monospace</family>
<prefer>
<family>Cascadia Mono</family>
<family>Cascadia Code</family>
</prefer>
</alias>
<!-- Screw it. Force Liberation Mono to be source code pro. -->
<match target="pattern">
<test qual="any" name="family"><string>Liberation Mono</string></test>
<edit name="family" mode="assign" binding="same"><string>Cascadia Mono</string></edit>
</match>
<!-- Dejavu Sans Mono keeps coming back when I query "monospace". Doesn't happen when I'm using Souce Code Pro but does happen with cascadia... force it to cascadia -->
<match target="pattern">
<test qual="any" name="family"><string>monospace</string></test>
<edit name="family" mode="assign" binding="same"><string>Cascadia Mono</string></edit>
</match>
<!-- Disable ligatures in monospace fonts. -->
<match target="font">
<test name="family" compare="eq" ignore-blanks="true">
<string>Cascadia Code</string>
</test>
<edit name="fontfeatures" mode="append">
<string>liga off</string>
<string>dlig off</string>
</edit>
</match>
<!-- Font Display Settings -->
<match target="font" >
<edit mode="assign" name="rgba" >
<const>rgb</const>
</edit>
</match>
<match target="font" >
<edit mode="assign" name="hinting" >
<bool>true</bool>
</edit>
</match>
<match target="font" >
<edit mode="assign" name="hintstyle" >
<const>hintslight</const>
</edit>
</match>
<match target="font" >
<edit mode="assign" name="antialias" >
<bool>true</bool>
</edit>
</match>
<match target="font" >
<edit mode="assign" name="lcdfilter" >
<const>lcddefault</const>
</edit>
</match>
</fontconfig>

88
nix/configuration/roles/git/default.nix
View File

@@ -1,15 +1,85 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
{ {
imports = []; imports = [ ];
environment.systemPackages = with pkgs; [ options.me = {
git git.config = lib.mkOption {
]; type = lib.types.nullOr lib.types.path;
default = null;
home-manager.users.talexander = { pkgs, ... }: { example = ./files/gitconfig_home;
home.file.".gitconfig" = { description = "A git config file.";
source = ./files/gitconfig_home;
}; };
}; };
config = lib.mkMerge [
{
environment.systemPackages = with pkgs; [
git
];
}
(lib.mkIf (config.me.git.config != null) {
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".gitconfig" = {
source = config.me.git.config;
};
};
})
# (lib.mkIf (config.me.graphical) {
# nixpkgs.overlays = [
# (final: prev: {
# git = pkgs.buildEnv {
# name = prev.git.name;
# paths = [
# prev.git
# ];
# extraOutputsToInstall = [
# "man"
# "doc"
# "info"
# ];
# buildInputs = [ final.makeWrapper ];
# postBuild = ''
# wrapProgram $out/bin/git --prefix PATH : ${
# lib.makeBinPath [
# final.meld
# ]
# }
# '';
# };
# })
# ];
# })
# (lib.mkIf (!config.me.graphical) {
# nixpkgs.overlays = [
# (final: prev: {
# git = pkgs.buildEnv {
# name = prev.git.name;
# paths = [
# prev.git
# ];
# extraOutputsToInstall = [
# "man"
# "doc"
# "info"
# ];
# buildInputs = [ final.makeWrapper ];
# postBuild = ''
# wrapProgram $out/bin/git --prefix PATH : ${
# lib.makeBinPath [
# ]
# }
# '';
# };
# })
# ];
# })
];
} }

34
nix/configuration/roles/global_options/default.nix Normal file
View File

@@ -0,0 +1,34 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
};
# options.me.graphics_card_type = lib.mkOption {
# type = lib.types.nullOr (
# lib.types.enum [
# "amd"
# "intel"
# "nvidia"
# ]
# );
# default = null;
# example = "amd";
# description = "What graphics card type is in the computer.";
# };
# options.me.graphical = lib.mkOption {
# type = lib.types.bool;
# default = false;
# example = true;
# description = "Whether we want to install graphical programs.";
# };
}

108
nix/configuration/roles/gpg/default.nix Normal file
View File

@@ -0,0 +1,108 @@
{
config,
lib,
pkgs,
...
}:
let
gpg_test_wkd =
(pkgs.writeScriptBin "gpg_test_wkd" (builtins.readFile ./files/gpg_test_wkd.bash)).overrideAttrs
(old: {
buildCommand = "${old.buildCommand}\n patchShebangs $out";
});
in
{
imports = [ ];
options.me = {
gpg.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install gpg.";
};
};
config = lib.mkIf config.me.gpg.enable (
lib.mkMerge [
{
# Fetch public keys:
# gpg --locate-keys tom@fizz.buzz
#
# gpg -vvv --auto-key-locate local,wkd --locate-keys tom@fizz.buzz
hardware.gpgSmartcards.enable = true;
services.udev.packages = [
pkgs.yubikey-personalization
pkgs.libfido2
(pkgs.writeTextFile {
name = "my-rules";
text = ''
ACTION=="add", SUBSYSTEM=="usb", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0406", MODE="660", GROUP="wheel"
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0406", TAG+="uaccess", GROUP="wheel", MODE="0660"
'';
destination = "/etc/udev/rules.d/50-yubikey.rules";
})
];
services.pcscd.enable = true;
# services.gnome.gnome-keyring.enable = true;
# services.dbus.packages = [ pkgs.gcr ];
# services.pcscd.plugins = lib.mkForce [ ];
# programs.gpg.scdaemonSettings = {
# disable-ccid = true;
# };
# .gnupg/scdaemon.conf
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".gnupg/scdaemon.conf" = {
source = ./files/scdaemon.conf;
};
};
# programs.gnupg.dirmngr.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-qt;
# settings = {
# disable-ccid = true;
# };
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".gnupg";
user = "talexander";
group = "talexander";
mode = "0700";
} # Local keyring
];
};
};
environment.systemPackages = with pkgs; [
pcsclite
pcsctools
yubikey-personalization
yubikey-manager
glibcLocales
ccid
libusb-compat-0_1
gpg_test_wkd
];
programs.gnupg.agent.enableExtraSocket = true;
}
]
);
}

8
nix/configuration/roles/gpg/files/gpg_test_wkd.bash Normal file
View File

@@ -0,0 +1,8 @@
#!/usr/bin/env bash
#
# Test that we can retrieve a PGP key using Web Key Directory (WKD)
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
gpg --no-default-keyring --keyring /tmp/gpg-$$ --auto-key-locate clear,wkd --locate-keys "${@}"

7
nix/configuration/roles/gpg/files/scdaemon.conf Normal file
View File

@@ -0,0 +1,7 @@
#reader-port Yubico Yubi
disable-ccid
#log-file /home/talexander/scd.log
#verbose
#debug cardio
#debug-level 5

43
nix/configuration/roles/graphics/default.nix Normal file
View File

@@ -0,0 +1,43 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me.graphics_card_type = lib.mkOption {
type = lib.types.nullOr (
lib.types.enum [
"amd"
"intel"
"nvidia"
]
);
default = null;
example = "amd";
description = "What graphics card type is in the computer.";
};
options.me.graphical = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install graphical programs.";
};
config = (
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
mesa-demos # for glxgears
vulkan-tools # for vkcube
xorg.xeyes # to test which windows are using x11
];
hardware.graphics.enable = true;
})
]
);
}

18
nix/configuration/roles/iso/default.nix Normal file
View File

@@ -0,0 +1,18 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me.buildingIso = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we are building an ISO image.";
};
}

56
nix/configuration/roles/kanshi/default.nix Normal file
View File

@@ -0,0 +1,56 @@
# TODO: Maybe replace with https://gitlab.com/w0lff/shikane because its written in rust
{
config,
lib,
pkgs,
...
}:
let
exec_kanshi = pkgs.writeTextFile {
name = "exec_kanshi.conf";
text = ''
exec kanshi
'';
};
in
{
imports = [ ];
options.me = {
kanshi.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install kanshi.";
};
};
config = lib.mkIf config.me.kanshi.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
];
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
kanshi
];
me.swayIncludes = [
exec_kanshi
];
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file = {
".config/kanshi/config" = {
source = ./files/config_kanshi;
};
};
};
})
]
);
}

7
nix/configuration/roles/kanshi/files/config_kanshi Normal file
View File

@@ -0,0 +1,7 @@
profile docked {
output eDP-1 disable
output "Dell Inc. DELL U3014 P1V6N35M329L" enable
}
profile laptop {
output eDP-1 enable
}

99
nix/configuration/roles/kodi/default.nix Normal file
View File

@@ -0,0 +1,99 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
kodi.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install kodi.";
};
};
config = lib.mkIf config.me.kodi.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
];
}
(lib.mkIf config.me.graphical {
services.cage.user = "kodi";
services.cage.program = "${pkgs.kodi-wayland}/bin/kodi-standalone";
services.cage.enable = true;
nixpkgs.overlays = [
(final: prev: {
kodi-wayland = prev.kodi-wayland.withPackages (
kodiPkgs: with kodiPkgs; [
joystick
vfs-sftp
]
);
})
];
users.users.kodi = {
isNormalUser = true;
createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481
group = "kodi";
extraGroups = [ ];
uid = 12000;
packages = with pkgs; [
tree
];
# Generate with `mkpasswd -m scrypt`
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
];
};
users.groups.kodi.gid = 12000;
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.kodi = {
directories = [
{
directory = ".ssh";
user = "kodi";
group = "kodi";
mode = "0755";
}
{
directory = ".kodi";
user = "kodi";
group = "kodi";
mode = "0755";
}
];
};
};
home-manager.users.kodi =
{ pkgs, ... }:
{
# home.file.".kodi/userdata/mediasources.xml".source = ./files/mediasources.xml;
# home.file.".kodi/userdata/addon_data/peripheral.joystick/resources/buttonmaps/xml/linux/DualSense_Wireless_Controller_13b_8a.xml".source =
# ./files/DualSense_Wireless_Controller_13b_8a.xml;
# TODO: Maybe .kodi/userdata/sources.xml
# TODO: ./userdata/guisettings.xml:303: <setting id="filecache.memorysize">128</setting>
# The state version is required and should stay at the version you
# originally installed.
home.stateVersion = "24.11";
};
})
]
);
}

38
nix/configuration/roles/kodi/files/DualSense_Wireless_Controller_13b_8a.xml Normal file
View File

@@ -0,0 +1,38 @@
<?xml version="1.0" ?>
<buttonmap>
<device name="DualSense Wireless Controller" provider="linux" buttoncount="13" axiscount="8">
<configuration>
<axis index="2" center="-1" range="2" />
<axis index="5" center="-1" range="2" />
</configuration>
<controller id="game.controller.default">
<feature name="a" button="0" />
<feature name="b" button="1" />
<feature name="back" button="9" />
<feature name="down" axis="+7" />
<feature name="guide" button="10" />
<feature name="left" axis="-6" />
<feature name="leftbumper" button="4" />
<feature name="leftstick">
<up axis="-1" />
<down axis="+1" />
<right axis="+0" />
<left axis="-0" />
</feature>
<feature name="lefttrigger" button="6" />
<feature name="right" axis="+6" />
<feature name="rightbumper" button="5" />
<feature name="rightstick">
<up axis="-4" />
<down axis="+4" />
<right axis="+3" />
<left axis="-3" />
</feature>
<feature name="righttrigger" button="7" />
<feature name="start" button="8" />
<feature name="up" axis="-7" />
<feature name="x" button="3" />
<feature name="y" button="2" />
</controller>
</device>
</buttonmap>

5
nix/configuration/roles/kodi/files/mediasources.xml Normal file
View File

@@ -0,0 +1,5 @@
<mediasources>
<network>
<location id="0">sftp://nochainstounlock@stuff.fizz.buzz:42069/readonly/library/</location>
</network>
</mediasources>

76
nix/configuration/roles/kubernetes/default.nix Normal file
View File

@@ -0,0 +1,76 @@
{
config,
lib,
pkgs,
...
}:
let
alias_kx = pkgs.writeShellScriptBin "kx" ''
exec ${pkgs.kubeswitch}/bin/switcher "''${@}"
'';
alias_ks = pkgs.writeShellScriptBin "ks" ''
exec ${pkgs.kubeswitch}/bin/switcher namespace "''${@}"
'';
alias_k = pkgs.writeShellScriptBin "k" ''
exec ${pkgs.kubectl}/bin/kubectl "''${@}"
'';
alias_ka = pkgs.writeShellScriptBin "ka" ''
exec ${pkgs.kubectl}/bin/kubectl "''${@}" --all-namespaces
'';
alias_kdel = pkgs.writeShellScriptBin "kdel" ''
exec ${pkgs.kubectl}/bin/kubectl delete --all "''${@}"
'';
alias_kd = pkgs.writeShellScriptBin "kd" ''
export KUBECTL_EXTERNAL_DIFF="${pkgs.colordiff}/bin/colordiff -N -u"
exec ${pkgs.kubectl}/bin/kubectl diff "''${@}"
'';
alias_klog = pkgs.writeShellScriptBin "klog" ''
exec ${pkgs.kubectl}/bin/kubectl logs --all-containers "$@"
'';
in
{
imports = [ ];
options.me = {
kubernetes.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install kubernetes.";
};
};
config = lib.mkIf config.me.kubernetes.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
kubectl
kubeswitch
stern
alias_kx
alias_ks
alias_k
alias_ka
alias_kdel
alias_kd
alias_klog
];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".kube";
user = "talexander";
group = "talexander";
mode = "0750";
}
];
};
};
}
]
);
}

45
nix/configuration/roles/latex/default.nix Normal file
View File

@@ -0,0 +1,45 @@
{
config,
lib,
pkgs,
...
}:
let
tex = (
pkgs.texlive.combine {
inherit (pkgs.texlive)
scheme-basic
dvisvgm
dvipng # for preview and export as html in org-mode
wrapfig
amsmath
ulem
hyperref
capt-of
;
}
);
in
{
imports = [ ];
options.me = {
latex.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install latex.";
};
};
config = lib.mkIf config.me.latex.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
tex
];
}
]
);
}

48
nix/configuration/roles/launch_keyboard/default.nix Normal file
View File

@@ -0,0 +1,48 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
launch_keyboard.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install launch_keyboard.";
};
};
config = lib.mkIf config.me.launch_keyboard.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
system76-keyboard-configurator
dfu-programmer # For flashing keyboard https://support.system76.com/articles/launch_2-firmware-update/
avrdude # For flashing keyboard https://support.system76.com/articles/launch_2-firmware-update/
lxqt.lxqt-policykit # Need a polkit agent to launch the keyboard configurator
];
systemd = {
user.services.lxqt-policykit-agent = {
description = "lxqt-policykit-agent";
wantedBy = [ "graphical-session.target" ];
wants = [ "graphical-session.target" ];
after = [ "graphical-session.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.lxqt.lxqt-policykit}/bin/lxqt-policykit-agent";
Restart = "on-failure";
RestartSec = 1;
TimeoutStopSec = 10;
};
};
};
})
]
);
}

894
nix/configuration/roles/launch_keyboard/files/launch_keyboard_layout.json Normal file
View File

@@ -0,0 +1,894 @@
{
"model": "system76/launch_2",
"version": 1,
"map": {
"K00": [
"ESC",
"RESET",
"ROLL_OVER",
"ROLL_OVER"
],
"K01": [
"F1",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K02": [
"F2",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K03": [
"F3",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K04": [
"F4",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K05": [
"F5",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K06": [
"F6",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K07": [
"F7",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K08": [
"F8",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K09": [
"F9",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K0A": [
"F10",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K0B": [
"F11",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K0C": [
"F12",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K0D": [
"DEL",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K0E": [
"HOME",
"PLAY_PAUSE",
"ROLL_OVER",
"ROLL_OVER"
],
"K10": [
"TICK",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K11": [
"1",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K12": [
"2",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K13": [
"3",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K14": [
"4",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K15": [
"5",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K16": [
"6",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K17": [
"7",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K18": [
"8",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K19": [
"9",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K1A": [
"0",
"KBD_TOGGLE",
"ROLL_OVER",
"ROLL_OVER"
],
"K1B": [
"MINUS",
"KBD_DOWN",
"ROLL_OVER",
"ROLL_OVER"
],
"K1C": [
"EQUALS",
"KBD_UP",
"ROLL_OVER",
"ROLL_OVER"
],
"K1D": [
"BKSP",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K1E": [
"PGUP",
"VOLUME_UP",
"ROLL_OVER",
"ROLL_OVER"
],
"K20": [
"TAB",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K21": [
"Q",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K22": [
"W",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K23": [
"E",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K24": [
"R",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K25": [
"T",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K26": [
"Y",
"HOME",
"ROLL_OVER",
"ROLL_OVER"
],
"K27": [
"U",
"PGDN",
"ROLL_OVER",
"ROLL_OVER"
],
"K28": [
"I",
"PGUP",
"ROLL_OVER",
"ROLL_OVER"
],
"K29": [
"O",
"END",
"ROLL_OVER",
"ROLL_OVER"
],
"K2A": [
"P",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K2B": [
"BRACE_OPEN",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K2C": [
"BRACE_CLOSE",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K2D": [
"BACKSLASH",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K2E": [
"PGDN",
"VOLUME_DOWN",
"ROLL_OVER",
"ROLL_OVER"
],
"K30": [
"CAPS",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K31": [
"A",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K32": [
"S",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K33": [
"D",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K34": [
"F",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K35": [
"G",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K36": [
"H",
"LEFT",
"ROLL_OVER",
"ROLL_OVER"
],
"K37": [
"J",
"DOWN",
"ROLL_OVER",
"ROLL_OVER"
],
"K38": [
"K",
"UP",
"ROLL_OVER",
"ROLL_OVER"
],
"K39": [
"L",
"RIGHT",
"ROLL_OVER",
"ROLL_OVER"
],
"K3A": [
"SEMICOLON",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K3B": [
"QUOTE",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K3C": [
"ENTER",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K3D": [
"END",
"MUTE",
"ROLL_OVER",
"ROLL_OVER"
],
"K40": [
"LEFT_SHIFT",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K41": [
"Z",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K42": [
"X",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K43": [
"C",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K44": [
"V",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K45": [
"B",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K46": [
"N",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K47": [
"M",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K48": [
"COMMA",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K49": [
"PERIOD",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K4A": [
"SLASH",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K4B": [
"RIGHT_SHIFT",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K4C": [
"UP",
"PGUP",
"ROLL_OVER",
"ROLL_OVER"
],
"K50": [
"LEFT_CTRL",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K51": [
"LEFT_SUPER",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K52": [
"LEFT_ALT",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K53": [
"FN",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K54": [
"SPACE",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K55": [
"SPACE",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K56": [
"RIGHT_CTRL",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K57": [
"RIGHT_ALT",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K58": [
"PRINT_SCREEN",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K59": [
"LEFT",
"HOME",
"ROLL_OVER",
"ROLL_OVER"
],
"K5A": [
"DOWN",
"PGDN",
"ROLL_OVER",
"ROLL_OVER"
],
"K5B": [
"RIGHT",
"END",
"ROLL_OVER",
"ROLL_OVER"
]
},
"key_leds": {
"K00": [
0,
0
],
"K01": [
0,
0
],
"K02": [
0,
0
],
"K03": [
0,
0
],
"K04": [
0,
0
],
"K05": [
0,
0
],
"K06": [
0,
0
],
"K07": [
0,
0
],
"K08": [
0,
0
],
"K09": [
0,
0
],
"K0A": [
0,
0
],
"K0B": [
0,
0
],
"K0C": [
0,
0
],
"K0D": [
0,
0
],
"K0E": [
0,
0
],
"K10": [
0,
0
],
"K11": [
0,
0
],
"K12": [
0,
0
],
"K13": [
0,
0
],
"K14": [
0,
0
],
"K15": [
0,
0
],
"K16": [
0,
0
],
"K17": [
0,
0
],
"K18": [
0,
0
],
"K19": [
0,
0
],
"K1A": [
0,
0
],
"K1B": [
0,
0
],
"K1C": [
0,
0
],
"K1D": [
0,
0
],
"K1E": [
0,
0
],
"K20": [
0,
0
],
"K21": [
0,
0
],
"K22": [
0,
0
],
"K23": [
0,
0
],
"K24": [
0,
0
],
"K25": [
0,
0
],
"K26": [
0,
0
],
"K27": [
0,
0
],
"K28": [
0,
0
],
"K29": [
0,
0
],
"K2A": [
0,
0
],
"K2B": [
0,
0
],
"K2C": [
0,
0
],
"K2D": [
0,
0
],
"K2E": [
0,
0
],
"K30": [
0,
0
],
"K31": [
0,
0
],
"K32": [
0,
0
],
"K33": [
0,
0
],
"K34": [
0,
0
],
"K35": [
0,
0
],
"K36": [
0,
0
],
"K37": [
0,
0
],
"K38": [
0,
0
],
"K39": [
0,
0
],
"K3A": [
0,
0
],
"K3B": [
0,
0
],
"K3C": [
0,
0
],
"K3D": [
0,
0
],
"K40": [
0,
0
],
"K41": [
0,
0
],
"K42": [
0,
0
],
"K43": [
0,
0
],
"K44": [
0,
0
],
"K45": [
0,
0
],
"K46": [
0,
0
],
"K47": [
0,
0
],
"K48": [
0,
0
],
"K49": [
0,
0
],
"K4A": [
0,
0
],
"K4B": [
0,
0
],
"K4C": [
0,
0
],
"K50": [
0,
0
],
"K51": [
0,
0
],
"K52": [
0,
0
],
"K53": [
0,
0
],
"K54": [
0,
0
],
"K55": [
0,
0
],
"K56": [
0,
0
],
"K57": [
0,
0
],
"K58": [
0,
0
],
"K59": [
0,
0
],
"K5A": [
0,
0
],
"K5B": [
0,
0
]
},
"layers": [
{
"mode": [
0,
127
],
"brightness": 109,
"color": [
0,
0
]
},
{
"mode": [
13,
127
],
"brightness": 109,
"color": [
21,
255
]
},
{
"mode": [
13,
127
],
"brightness": 109,
"color": [
142,
255
]
},
{
"mode": [
13,
127
],
"brightness": 109,
"color": [
142,
255
]
}
]
}

43
nix/configuration/roles/lvfs/default.nix Normal file
View File

@@ -0,0 +1,43 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
lvfs.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install lvfs.";
};
};
config = lib.mkIf config.me.lvfs.enable (
lib.mkMerge [
{
services.fwupd.enable = true;
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
{
directory = "/var/lib/fwupd";
user = "root";
group = "root";
mode = "0755";
}
];
};
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
gnome-firmware
];
})
]
);
}

64
nix/configuration/roles/media/default.nix Normal file
View File

@@ -0,0 +1,64 @@
{
config,
lib,
pkgs,
...
}:
let
cast_file_vaapi =
(pkgs.writeScriptBin "cast_file" (builtins.readFile ./files/cast_file_vaapi)).overrideAttrs
(old: {
buildCommand = "${old.buildCommand}\n patchShebangs $out";
});
cast_file_nvidia =
(pkgs.writeScriptBin "cast_file" (builtins.readFile ./files/cast_file_nvidia)).overrideAttrs
(old: {
buildCommand = "${old.buildCommand}\n patchShebangs $out";
});
in
{
imports = [ ];
options.me = {
media.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install media.";
};
};
config = lib.mkIf config.me.media.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
ffmpeg
];
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
mpv
evince
gimp
# So far I prefer imv over swayimg because imv supports the 'p' hotkey to print the currently-viewed file to stdout (useful for pipelines) and afaik doesn't support the exec:// protocol which seems like a massive risk.
imv
];
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".config/mpv/mpv.conf" = {
source = ./files/mpv.conf;
};
};
})
(lib.mkIf (config.me.graphics_card_type == "amd" || config.me.graphics_card_type == "intel") {
environment.systemPackages = with pkgs; [
cast_file_vaapi
];
})
]
);
}

11
nix/configuration/roles/media/files/cast_file_nvidia Normal file
View File

@@ -0,0 +1,11 @@
#!/usr/bin/env bash
#
ffmpeg -re -i "$1" -vcodec h264_nvenc -r 30 -g 30 -loop -1 -c:a aac -b:a 160k -ar 44100 -strict -2 -f flv rtmp:172.16.16.44/live/test &
ffmpegpid=$!
sleep 1
castnow --exit 'https://broadcast.fizz.buzz/hls/hls/test.m3u8'
wait "$ffmpegpid"
sleep 10

237
nix/configuration/roles/media/files/cast_file_vaapi Normal file
View File

@@ -0,0 +1,237 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: ${VIDEO_BITRATE:="1M"} # Only for encoding modes targeting bitrate
: ${AUDIO_BITRATE:="192k"}
############## Setup #########################
function die {
local status_code="$1"
shift
(>&2 echo "${@}")
exit "$status_code"
}
function log {
(>&2 echo "${@}")
}
############## Program #########################
function main {
local cmd
cmd=$1
shift
if [ "$cmd" = "copy" ]; then
copy "${@}"
elif [ "$cmd" = "convert" ]; then
convert "${@}"
elif [ "$cmd" = "stream" ]; then
stream "${@}"
elif [ "$cmd" = "webcam" ]; then
webcam "${@}"
elif [ "$cmd" = "encode_webcam" ]; then
encode_webcam "${@}"
else
(>&2 echo "Unknown command: $cmd")
exit 1
fi
}
function copy {
local file_to_cast
file_to_cast="$3"
local USERNAME PASSWORD
USERNAME="$1"
PASSWORD="$2"
set -x
</dev/null exec ffmpeg \
-re \
-stream_loop -1 \
-i "$file_to_cast" \
-c copy \
-strict experimental \
-f rtsp \
-rtsp_transport tcp \
"rtsp://$USERNAME:$PASSWORD@172.16.16.251:8554/fetch"
}
function convert {
local args=()
local acceleration_type="$1" # "software" or "hardware"
local codec="$2" # "h264" or "av1"
local file_to_cast="$3"
local file_to_save="$4"
# Verify parameters
if [ "$acceleration_type" == "software" ]; then
true
elif [ "$acceleration_type" == "hardware" ]; then
true
else
die 1 "Unknown acceleration type: $acceleration_type"
fi
if [ "$codec" == "h264" ]; then
true
elif [ "$codec" == "av1" ]; then
true
else
die 1 "Unknown codec: $codec"
fi
# Build command
if [ "$acceleration_type" == "software" ]; then
true
elif [ "$acceleration_type" == "hardware" ]; then
args+=(-vaapi_device /dev/dri/renderD128)
fi
args+=(-i "$file_to_cast")
if [ "$codec" == "h264" ]; then
if [ "$acceleration_type" == "software" ]; then
args+=(-c:v h264)
args+=(-profile:v high)
args+=(-b:v "$VIDEO_BITRATE")
elif [ "$acceleration_type" == "hardware" ]; then
args+=(-vf 'format=nv12|vaapi,hwupload')
args+=(-c:v h264_vaapi)
args+=(-profile:v high)
args+=(-b:v "$VIDEO_BITRATE")
fi
elif [ "$codec" == "av1" ]; then
if [ "$acceleration_type" == "software" ]; then
args+=(-c:v libsvtav1)
args+=(-preset 4) # [0-13] default 10, lower = higher quality / slower encode
args+=(-crf 20) # [0-63] default 35, lower = higher quality / larger file
# Parameters: https://gitlab.com/AOMediaCodec/SVT-AV1/-/blob/master/Docs/Parameters.md
# fast-decode [0-2] default 0 (off), higher = faster decode
# tune [0-2] default 1, Specifies whether to use PSNR or VQ as the tuning metric [0 = VQ, 1 = PSNR, 2 = SSIM]
# film-grain-denoise, setting to 0 uses the original frames instead of denoising the film grain
args+=(-svtav1-params "fast-decode=1:film-grain-denoise=0")
elif [ "$acceleration_type" == "hardware" ]; then
# -c:v av1_amf -quality quality
args+=(-vf 'format=nv12|vaapi,hwupload')
args+=(-c:v av1_vaapi)
args+=(-b:v "$VIDEO_BITRATE")
fi
fi
# -bf 0 :: Disable b-frames because webrtc doesn't support h264 streams with b-frames.
args+=(-bf 0)
args+=(-strict -2)
args+=(-c:a opus)
args+=(-ac 2)
args+=(-b:a "$AUDIO_BITRATE")
args+=(-ar 48000)
args+=("$file_to_save")
set -x
</dev/null exec ffmpeg "${args[@]}"
}
function stream {
local args=()
local acceleration_type="$1" # "software" or "hardware"
local codec="$2" # "h264" or "av1"
local USERNAME="$3"
local PASSWORD="$4"
local file_to_cast="$5"
args+=(-re -stream_loop -1)
args+=(-f rtsp)
args+=(-rtsp_transport tcp)
args+=("rtsp://$USERNAME:$PASSWORD@172.16.16.251:8554/fetch")
}
function webcam {
# Uses on-webcam h264 encoding.
local USERNAME PASSWORD
USERNAME="$1"
PASSWORD="$2"
set -x
</dev/null exec ffmpeg \
-re \
-input_format h264 \
-video_size 1920x1080 \
-i /dev/video0 \
-c:v copy \
-an \
-f rtsp \
-rtsp_transport tcp \
"rtsp://$USERNAME:$PASSWORD@172.16.16.251:8554/fetch"
}
function encode_webcam {
# Uses hardware accelerated gpu-based encoding.
local USERNAME PASSWORD
USERNAME="$1"
PASSWORD="$2"
set -x
</dev/null exec ffmpeg \
-re \
-vaapi_device /dev/dri/renderD128 \
-i /dev/video0 \
-vf 'format=nv12,hwupload' \
-c:v h264_vaapi \
-an \
-f rtsp \
-rtsp_transport tcp \
"rtsp://$USERNAME:$PASSWORD@172.16.16.251:8554/fetch"
}
function speed_up_preprocess_vp8 {
local file_to_cast file_to_save
file_to_cast="$1"
file_to_save="$2"
set -x
# -bf 0 :: Disable b-frames because webrtc doesn't support h264 streams with b-frames.
# -strict -2 :: Enable support for experimental codecs like opus.
# -b:v 2M :: Target 2 megabit/s
# -crf 10 :: Target a quality level and adjust bitrate accordingly. This should be preferred, but ideally both should be used.
# Could also use -filter_complex "[0:v]setpts=0.5*PTS[v];[0:a]atempo=2.0[a]" -map "[v]" -map "[a]"
</dev/null exec ffmpeg \
-i "$file_to_cast" \
-filter:v "setpts=0.66666666*PTS" \
-filter:a "atempo=1.5" \
-c:v vp8 \
-b:v 2M \
-crf 10 \
-bf 0 \
-c:a opus \
-b:a 320k \
-ar 48000 \
-strict -2 \
"$file_to_save"
}
main "${@}"

25
nix/configuration/roles/media/files/mpv.conf Normal file
View File

@@ -0,0 +1,25 @@
# To debug hardware video acceleration:
# mpv --hwdec=auto --msg-level=vd=v,vo=v,vo/gpu/vaapi-egl=trace
# GPU Decoding
hwdec=auto
# Allow CPU processing via filters:
#hwdec=auto-copy
# Use higher quality gpu rendering
profile=gpu-hq
scale=ewa_lanczossharp
cscale=ewa_lanczossharp
# Instead of dropping frames, re-sample audio which may cause a slight pitch change
# ISSUE: caused frame stutter on Louie S01E03
# video-sync=display-resample
# Make motion smoother when video frame rate != monitor refresh rate
interpolation
tscale=oversample
# Load a lot of the file into memory
# cache=yes
# demuxer-max-bytes=123400KiB
# demuxer-readahead-secs=20

17
nix/configuration/roles/memtest86/default.nix Normal file
View File

@@ -0,0 +1,17 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{ }
(lib.mkIf (config.me.buildingIso) {
# boot.loader.systemd-boot.memtest86.enable = true;
boot.loader.grub.memtest86.enable = true;
})
];
}

70
nix/configuration/roles/network/default.nix Normal file
View File

@@ -0,0 +1,70 @@
{
config,
lib,
pkgs,
...
}:
# Alternative DNS servers:
# "1.0.0.1#cloudflare-dns.com"
# "1.1.1.1#cloudflare-dns.com"
# "2606:4700:4700::1001#cloudflare-dns.com"
# "2606:4700:4700::1111#cloudflare-dns.com"
# "8.8.4.4#dns.google"
# "8.8.8.8#dns.google"
# "2001:4860:4860::8844#dns.google"
# "2001:4860:4860::8888#dns.google"
{
imports = [ ];
networking.dhcpcd.enable = false;
networking.useDHCP = false;
networking.nameservers = [
"194.242.2.2#doh.mullvad.net"
"2a07:e340::2#doh.mullvad.net"
];
services.resolved = {
enable = true;
# dnssec = "true";
domains = [ "~." ];
fallbackDns = [ ];
dnsovertls = "true";
};
# Without this, systemd-resolved will send DNS requests for <X>.home.arpa to the per-link DNS server (172.16.0.1) which does not support DNS-over-TLS. This leads to the connection anging and timing out. This causes firefox startup to take an extra 10+ seconds.
#
# Test with: drill @127.0.0.53 odo.home.arpa
networking.extraHosts = ''
127.0.0.1 odo.home.arpa
10.216.1.1 homeserver
10.216.1.6 media
#10.216.1.12 odo
10.216.1.14 neelix
10.217.1.1 drmario
10.217.2.1 mrmanager
'';
networking.wireless.iwd = {
enable = true;
settings = {
General = {
EnableNetworkConfiguration = true;
AddressRandomization = "network";
ControlPortOverNL80211 = false;
};
};
};
environment.systemPackages = with pkgs; [
iw
iwd
ldns # for drill
arp-scan # To find devices on the network
];
boot.extraModprobeConfig = ''
# Set wifi to US
options cfg80211 ieee80211_regdom=US
'';
}

44
nix/configuration/roles/nix_index/default.nix Normal file
View File

@@ -0,0 +1,44 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
nix_index.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install nix_index.";
};
};
config = lib.mkIf config.me.nix_index.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
nix-index-unwrapped
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".cache/nix-index";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
}
]
);
}

14
nix/configuration/roles/nvme/default.nix Normal file
View File

@@ -0,0 +1,14 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
environment.systemPackages = with pkgs; [
nvme-cli
];
}

38
nix/configuration/roles/python/default.nix Normal file
View File

@@ -0,0 +1,38 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
python.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install python.";
};
};
config = lib.mkIf config.me.python.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
(python3.withPackages (python-pkgs: [
python-pkgs.distro # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
python-pkgs.pyudev # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
python-pkgs.systemd # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
python-pkgs.packaging # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
]))
poetry
pyright
isort
black
];
}
]
);
}

29
nix/configuration/roles/qemu/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
qemu.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install qemu.";
};
};
config = lib.mkIf config.me.qemu.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
qemu
];
}
]
);
}

14
nix/configuration/roles/reset/default.nix
View File

@@ -1,8 +1,16 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
{ {
imports = []; imports = [ ];
# Reset some defaults to start from a minimal more-arch-linux-like state. Think of this like a CSS reset sheet. # Reset some defaults to start from a minimal more-arch-linux-like state. Think of this like a CSS reset sheet.
config = {
# Do not use default packages (nixos includes some defaults like nano)
environment.defaultPackages = lib.mkForce [ ];
};
} }

54
nix/configuration/roles/rust/default.nix Normal file
View File

@@ -0,0 +1,54 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
rust.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install rust.";
};
};
config = lib.mkIf config.me.rust.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
rustup
lldb # for lldb-vscode
musl # for building static binaries
rust-analyzer
cargo-semver-checks
# ? cargo-bloat
# ? cargo-outdated
# ? cargo-public-api
];
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file = {
".cargo/config.toml" = {
source = ./files/cargo_config.toml;
};
# # TODO: Figure out what to do with credentials.
# ".cargo/credentials.toml" = {
# source = ./files/cargo_credentials.toml;
# };
};
};
}
]
);
}
# TODO: Install clippy, cranelift, rust-src
# TODO: Install rust targets x86_64-unknown-linux-musl and wasm32-unknown-unknown

12
nix/configuration/roles/rust/files/cargo_config.toml Normal file
View File

@@ -0,0 +1,12 @@
[target.x86_64-unknown-linux-gnu]
rustflags = ["-C", "target-cpu=native", "-Zthreads=0"]
[unstable]
codegen-backend = true
[profile.dev]
codegen-backend = "cranelift"
[profile.dev.package."*"]
codegen-backend = "llvm"
opt-level = 3

48
nix/configuration/roles/shipwright/default.nix Normal file
View File

@@ -0,0 +1,48 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
shipwright.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install shipwright.";
};
};
config = lib.mkIf config.me.shipwright.enable (
lib.mkMerge [
{
allowedUnfree = [ "shipwright" ];
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
shipwright
];
# TODO perhaps install ~/.local/share/soh/shipofharkinian.json
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".local/share/soh";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
})
]
);
}

55
nix/configuration/roles/sm64ex/default.nix Normal file
View File

@@ -0,0 +1,55 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
sm64ex.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install sm64ex.";
};
};
config = lib.mkIf config.me.sm64ex.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
allowedUnfree = [ "sm64ex" ];
environment.systemPackages = with pkgs; [
sm64ex
];
# nixpkgs.overlays = [
# (final: prev: {
# sm4ex = prev.sm64ex.override {
# baseRom.name = "SuperMario64.z64";
# };
# })
# ];
# TODO perhaps install ~/.local/share/sm64ex/sm64config.txt
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".local/share/sm64ex";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
})
]
);
}

92
nix/configuration/roles/sound/default.nix Normal file
View File

@@ -0,0 +1,92 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
sound.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install sound.";
};
};
config = lib.mkIf config.me.sound.enable (
lib.mkMerge [
{
# rtkit is optional but recommended
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
extraLv2Packages = [ pkgs.rnnoise-plugin ];
configPackages = [
(pkgs.writeTextDir "share/pipewire/pipewire.conf.d/99-input-denoising.conf" ''
context.modules = [
{ name = libpipewire-module-filter-chain
args = {
node.description = "Noise Canceling source"
media.name = "Noise Canceling source"
filter.graph = {
nodes = [
{
type = ladspa
name = rnnoise
plugin = "${pkgs.rnnoise-plugin}/lib/ladspa/librnnoise_ladspa.so"
label = noise_suppressor_mono
control = {
"VAD Threshold (%)" = 50.0
"VAD Grace Period (ms)" = 200
"Retroactive VAD Grace (ms)" = 0
}
}
]
}
capture.props = {
node.name = "capture.rnnoise_source"
node.passive = true
audio.rate = 48000
# Optionally specify a specific input: (ID from `pactl list`)
# target.object = "alsa_input.usb-Shure_Incorporated_Shure_Digital-00.analog-stereo"
}
playback.props = {
node.name = "rnnoise_source"
media.class = Audio/Source
audio.rate = 48000
}
}
}
]
'')
];
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
".local/state/wireplumber" # Sound settings
];
};
};
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
pavucontrol
];
})
]
);
}

23
nix/configuration/roles/ssh/default.nix Normal file
View File

@@ -0,0 +1,23 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
environment.systemPackages = with pkgs; [
sshfs
];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
files = [
".ssh/known_hosts"
];
};
};
}

50
nix/configuration/roles/steam/default.nix Normal file
View File

@@ -0,0 +1,50 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
steam.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install steam.";
};
};
config = lib.mkIf config.me.steam.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
allowedUnfree = [
"steam"
"steam-original"
"steam-unwrapped"
"steam-run"
];
programs.steam = {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
# dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
".local/share/Steam"
".steam"
".factorio"
];
};
};
})
]
);
}

539
nix/configuration/roles/sway/default.nix
View File

@@ -1,238 +1,409 @@
{ config, lib, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
let let
sway-config = pkgs.writeTextFile { sway-config = pkgs.writeTextFile {
name = "config"; name = "config";
text = '' text = ''
# Default config for sway # Default config for sway
# #
# Copy this to ~/.config/sway/config and edit it to your liking. # Copy this to ~/.config/sway/config and edit it to your liking.
# #
# Read `man 5 sway` for a complete reference. # Read `man 5 sway` for a complete reference.
### Variables ### Variables
# #
# Logo key. Use Mod1 for Alt. # Logo key. Use Mod1 for Alt.
set $mod Mod4 set $mod Mod4
# set $mod Mod1 # set $mod Mod1
# Home row direction keys, like vim # Home row direction keys, like vim
set $left h set $left h
set $down j set $down j
set $up k set $up k
set $right l set $right l
# Your preferred terminal emulator # Your preferred terminal emulator
set $term ${pkgs.alacritty}/bin/alacritty set $term ${pkgs.alacritty}/bin/alacritty
# Your preferred application launcher # Your preferred application launcher
# Note: it's recommended that you pass the final command to sway # Note: it's recommended that you pass the final command to sway
# set $menu dmenu_path | dmenu | xargs swaymsg exec # set $menu dmenu_path | dmenu | xargs swaymsg exec
set $menu ${pkgs.wofi}/bin/wofi --show drun --gtk-dark set $menu ${pkgs.tofi}/bin/tofi-drun | xargs swaymsg exec --
#set $menu ${pkgs.wofi}/bin/wofi --show drun --gtk-dark
# Do not show a title bar on windows # Do not show a title bar on windows
default_border pixel 2 default_border pixel 2
hide_edge_borders smart_no_gaps
bindsym $mod+grave exec $term bindsym $mod+grave exec $term
include ${base-hotkeys} ${lib.concatMapStringsSep "\n" (item: "include ${item}") config.me.swayIncludes}
include ${display-configs} '';
include ${window-management}
include ${movement}
include ${disable-focus-follows-mouse}
include ~/.config/sway/config.d/*.conf
include /etc/sway/config.d/*
'';
}; };
base-hotkeys = pkgs.writeTextFile { base-hotkeys = pkgs.writeTextFile {
name = "base-hotkeys.conf"; name = "base-hotkeys.conf";
text = '' text = ''
### Key bindings ### Key bindings
# #
# Basics: # Basics:
# #
# kill focused window # kill focused window
bindsym $mod+Shift+q kill bindsym $mod+Shift+q kill
# start your launcher # start your launcher
bindsym $mod+Return exec $menu bindsym $mod+Return exec $menu
# Drag floating windows by holding down $mod and left mouse button. # Drag floating windows by holding down $mod and left mouse button.
# Resize them with right mouse button + $mod. # Resize them with right mouse button + $mod.
# Despite the name, also works for non-floating windows. # Despite the name, also works for non-floating windows.
# Change normal to inverse to use left mouse button for resizing and right # Change normal to inverse to use left mouse button for resizing and right
# mouse button for dragging. # mouse button for dragging.
floating_modifier $mod normal floating_modifier $mod normal
# reload the configuration file # reload the configuration file
bindsym $mod+Shift+c reload bindsym $mod+Shift+c reload
# exit sway (logs you out of your Wayland session) # exit sway (logs you out of your Wayland session)
bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit' bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'
''; '';
}; };
display-configs = pkgs.writeTextFile { display-configs = pkgs.writeTextFile {
name = "display-configs.conf"; name = "display-configs.conf";
text = '' text = ''
output 'Unknown 0x095F 0x00000000' scale 1.5 output 'Unknown 0x095F 0x00000000' scale 1.5
output 'BOE 0x095F Unknown' scale 1.5 output 'BOE 0x095F Unknown' scale 1.5
output 'BOE 0x0BCA Unknown' scale 1.5 output 'BOE 0x0BCA Unknown' scale 1.5
''; '';
}; };
window-management = pkgs.writeTextFile { window-management = pkgs.writeTextFile {
name = "window-management.conf"; name = "window-management.conf";
text = '' text = ''
# #
# Layout stuff: # Layout stuff:
# #
# You can "split" the current object of your focus with # You can "split" the current object of your focus with
# $mod+b or $mod+v, for horizontal and vertical splits # $mod+b or $mod+v, for horizontal and vertical splits
# respectively. # respectively.
bindsym $mod+h splith bindsym $mod+h splith
bindsym $mod+v splitv bindsym $mod+v splitv
# Switch the current container between different layout styles # Switch the current container between different layout styles
bindsym $mod+s layout stacking bindsym $mod+s layout stacking
bindsym $mod+w layout tabbed bindsym $mod+w layout tabbed
bindsym $mod+e layout toggle split bindsym $mod+e layout toggle split
# Make the current focus fullscreen # Make the current focus fullscreen
bindsym $mod+f fullscreen bindsym $mod+f fullscreen
# Toggle the current focus between tiling and floating mode # Toggle the current focus between tiling and floating mode
bindsym $mod+Shift+space floating toggle bindsym $mod+Shift+space floating toggle
# Swap focus between the tiling area and the floating area # Swap focus between the tiling area and the floating area
bindsym $mod+space focus mode_toggle bindsym $mod+space focus mode_toggle
# move focus to the parent container # move focus to the parent container
bindsym $mod+a focus parent bindsym $mod+a focus parent
# #
# Scratchpad: # Scratchpad:
# #
# Sway has a "scratchpad", which is a bag of holding for windows. # Sway has a "scratchpad", which is a bag of holding for windows.
# You can send windows there and get them back later. # You can send windows there and get them back later.
# Move the currently focused window to the scratchpad # Move the currently focused window to the scratchpad
bindsym $mod+Shift+minus move scratchpad bindsym $mod+Shift+minus move scratchpad
# Show the next scratchpad window or hide the focused scratchpad window. # Show the next scratchpad window or hide the focused scratchpad window.
# If there are multiple scratchpad windows, this command cycles through them. # If there are multiple scratchpad windows, this command cycles through them.
bindsym $mod+minus scratchpad show bindsym $mod+minus scratchpad show
# #
# Resizing containers: # Resizing containers:
# #
mode "resize" { mode "resize" {
# left will shrink the containers width # left will shrink the containers width
# right will grow the containers width # right will grow the containers width
# up will shrink the containers height # up will shrink the containers height
# down will grow the containers height # down will grow the containers height
bindsym $left resize shrink width 10px bindsym $left resize shrink width 10px
bindsym $down resize grow height 10px bindsym $down resize grow height 10px
bindsym $up resize shrink height 10px bindsym $up resize shrink height 10px
bindsym $right resize grow width 10px bindsym $right resize grow width 10px
# ditto, with arrow keys # ditto, with arrow keys
bindsym Left resize shrink width 10px bindsym Left resize shrink width 10px
bindsym Down resize grow height 10px bindsym Down resize grow height 10px
bindsym Up resize shrink height 10px bindsym Up resize shrink height 10px
bindsym Right resize grow width 10px bindsym Right resize grow width 10px
# return to default mode # return to default mode
bindsym Return mode "default" bindsym Return mode "default"
bindsym Escape mode "default" bindsym Escape mode "default"
} }
bindsym $mod+r mode "resize" bindsym $mod+r mode "resize"
''; '';
}; };
movement = pkgs.writeTextFile { movement = pkgs.writeTextFile {
name = "movement.conf"; name = "movement.conf";
text = '' text = ''
# #
# Moving around: # Moving around:
# #
# Move your focus around # Move your focus around
# bindsym $mod+$left focus left # bindsym $mod+$left focus left
# bindsym $mod+$down focus down # bindsym $mod+$down focus down
# bindsym $mod+$up focus up # bindsym $mod+$up focus up
# bindsym $mod+$right focus right # bindsym $mod+$right focus right
# or use $mod+[up|down|left|right] # or use $mod+[up|down|left|right]
bindsym $mod+Left focus left bindsym $mod+Left focus left
bindsym $mod+Down focus down bindsym $mod+Down focus down
bindsym $mod+Up focus up bindsym $mod+Up focus up
bindsym $mod+Right focus right bindsym $mod+Right focus right
# _move_ the focused window with the same, but add Shift # _move_ the focused window with the same, but add Shift
bindsym $mod+Shift+$left move left bindsym $mod+Shift+$left move left
bindsym $mod+Shift+$down move down bindsym $mod+Shift+$down move down
bindsym $mod+Shift+$up move up bindsym $mod+Shift+$up move up
bindsym $mod+Shift+$right move right bindsym $mod+Shift+$right move right
# ditto, with arrow keys # ditto, with arrow keys
bindsym $mod+Shift+Left move left bindsym $mod+Shift+Left move left
bindsym $mod+Shift+Down move down bindsym $mod+Shift+Down move down
bindsym $mod+Shift+Up move up bindsym $mod+Shift+Up move up
bindsym $mod+Shift+Right move right bindsym $mod+Shift+Right move right
# #
# Workspaces: # Workspaces:
# #
# switch to workspace # switch to workspace
bindsym $mod+1 workspace 1 bindsym $mod+1 workspace 1
bindsym $mod+2 workspace 2 bindsym $mod+2 workspace 2
bindsym $mod+3 workspace 3 bindsym $mod+3 workspace 3
bindsym $mod+4 workspace 4 bindsym $mod+4 workspace 4
bindsym $mod+5 workspace 5 bindsym $mod+5 workspace 5
bindsym $mod+6 workspace 6 bindsym $mod+6 workspace 6
bindsym $mod+7 workspace 7 bindsym $mod+7 workspace 7
bindsym $mod+8 workspace 8 bindsym $mod+8 workspace 8
bindsym $mod+9 workspace 9 bindsym $mod+9 workspace 9
bindsym $mod+0 workspace 10 bindsym $mod+0 workspace 10
# move focused container to workspace # move focused container to workspace
bindsym $mod+Shift+1 move container to workspace 1 bindsym $mod+Shift+1 move container to workspace 1
bindsym $mod+Shift+2 move container to workspace 2 bindsym $mod+Shift+2 move container to workspace 2
bindsym $mod+Shift+3 move container to workspace 3 bindsym $mod+Shift+3 move container to workspace 3
bindsym $mod+Shift+4 move container to workspace 4 bindsym $mod+Shift+4 move container to workspace 4
bindsym $mod+Shift+5 move container to workspace 5 bindsym $mod+Shift+5 move container to workspace 5
bindsym $mod+Shift+6 move container to workspace 6 bindsym $mod+Shift+6 move container to workspace 6
bindsym $mod+Shift+7 move container to workspace 7 bindsym $mod+Shift+7 move container to workspace 7
bindsym $mod+Shift+8 move container to workspace 8 bindsym $mod+Shift+8 move container to workspace 8
bindsym $mod+Shift+9 move container to workspace 9 bindsym $mod+Shift+9 move container to workspace 9
bindsym $mod+Shift+0 move container to workspace 10 bindsym $mod+Shift+0 move container to workspace 10
# Note: workspaces can have any name you want, not just numbers. # Note: workspaces can have any name you want, not just numbers.
# We just use 1-10 as the default. # We just use 1-10 as the default.
''; '';
}; };
disable-focus-follows-mouse = pkgs.writeTextFile { disable-focus-follows-mouse = pkgs.writeTextFile {
name = "disable-focus-follows-mouse.conf"; name = "disable-focus-follows-mouse.conf";
text = '' text = ''
# Disable focus following mouse # Disable focus following mouse
focus_follows_mouse no focus_follows_mouse no
''; '';
}; };
background = pkgs.writeTextFile {
name = "background.conf";
text = ''
output * bg ${./files/bliss.jpg} fill
'';
};
touchpad_input = pkgs.writeTextFile {
name = "touchpad_input.conf";
text = ''
input * xkb_rules "evdev"
# All touchpads
input type:touchpad {
dwt enabled
click_method clickfinger
tap enabled
}
'';
};
announce_sway_start = pkgs.writeTextFile {
name = "announce_sway_start.conf";
text = ''
# announce a running sway session to systemd
exec systemctl --user import-environment WAYLAND_DISPLAY DISPLAY XDG_CURRENT_DESKTOP SWAYSOCK I3SOCK XCURSOR_SIZE XCURSOR_THEME
exec dbus-update-activation-environment WAYLAND_DISPLAY DISPLAY XDG_CURRENT_DESKTOP SWAYSOCK I3SOCK XCURSOR_SIZE XCURSOR_THEME
'';
};
start_screen_share = pkgs.writeShellScriptBin "start_screen_share" ''
# Disable displaying notifications. This is useful for video conference screen sharing.
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "''${BASH_SOURCE[0]}" )" && pwd )"
makoctl set-mode do-not-disturb
swaymsg output "'Dell Inc. DELL U3014 P1V6N35M329L'" scale 2
'';
stop_screen_share = pkgs.writeShellScriptBin "stop_screen_share" ''
# Allow mako to show notifications again.
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "''${BASH_SOURCE [ 0 ]}" )" && pwd )"
makoctl set-mode default
swaymsg output "'Dell Inc. DELL U3014 P1V6N35M329L'" scale 1
'';
in in
{ {
imports = []; imports = [
./graphical_session_target.nix
environment.systemPackages = with pkgs; [ ./iso.nix
alacritty ./rofimoji.nix
firefox ./lockscreen.nix
pcmanfm ./screenshot.nix
./force_focus.nix
./notification.nix
]; ];
hardware.graphics.enable = true;
environment.sessionVariables = { options.me = {
WLR_RENDERER_ALLOW_SOFTWARE = "1"; sway.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install sway.";
};
}; };
programs.sway = { options.me.swayIncludes = lib.mkOption {
enable = true; type = lib.types.listOf lib.types.package;
wrapperFeatures.gtk = true; default = [ ];
extraOptions = [ example = lib.literalExpression ''
"--debug" [ (pkgs.writeTextFile {
"--config" name = "launch-kanshi.conf";
"${sway-config}" text = "exec kanshi";
"--unsupported-gpu" }) ]'';
description = "List of packages to import as sway configs.";
};
config = lib.mkIf (config.me.graphical && config.me.sway.enable) {
environment.systemPackages = with pkgs; [
alacritty
pcmanfm
start_screen_share
stop_screen_share
]; ];
};
programs.gnupg.agent = { programs.sway.extraPackages = lib.mkForce [ ];
enable = true;
enableSSHSupport = true; me.swayIncludes = [
base-hotkeys
display-configs
window-management
movement
disable-focus-follows-mouse
background
touchpad_input
announce_sway_start
];
services.seatd.enable = true;
# TODO: Maybe use `seatd-launch -- sway` instead of running the seatd daemon
users.users.talexander.extraGroups = [ "seat" ];
# Probably would be cleaner to use environment.sessionVariables but programs.sway.extraSessionCommands is sway-specific.
programs.sway.extraSessionCommands =
if config.me.buildingIso then
''
export WLR_RENDERER_ALLOW_SOFTWARE=1
export NIXOS_OZONE_WL=1 # Wayland support for chromium and electron
export QT_QPA_PLATFORMTHEME=gtk3 # Use gtk theme in Qt applications
''
else
''
export WLR_RENDERER=vulkan
export NIXOS_OZONE_WL=1 # Wayland support for chromium and electron
export QT_QPA_PLATFORMTHEME=gtk3 # Use gtk theme in Qt applications
'';
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
extraOptions =
if config.me.buildingIso then
[
"--config"
"${sway-config}"
"--unsupported-gpu"
]
else
[
"--config"
"${sway-config}"
];
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
files = [
".local/state/tofi-drun-history" # A cache of the desktop files for tofi
".cache/tofi-drun" # Execution history for tofi to sort results
];
};
};
xdg = {
portal = {
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
];
wlr = {
enable = true;
settings = {
# uninteresting for this problem, for completeness only
screencast = {
# output_name = "eDP-1";
max_fps = 30;
exec_before = "${start_screen_share}";
exec_after = "${stop_screen_share}";
chooser_type = "simple";
chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or";
};
};
};
};
};
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file = {
# Configure default programs (for example, default browser)
".config/mimeapps.list" = {
source = ./files/mimeapps.list;
};
};
home.file = {
".config/gtk-3.0/settings.ini" = {
source = ./files/settings.ini;
};
};
home.file = {
".icons/default" = {
source = "${pkgs.adwaita-icon-theme}/share/icons/Adwaita";
};
};
};
# For mounting drives in pcmanfm
services.gvfs.enable = true;
# Auto-launch sway
# Run sway as the absolute last command in the login shell init. mkBefore = 500, plain = 1000, mkAfter = 1500
environment.loginShellInit = lib.mkOrder 2000 ''
[ -z "$WAYLAND_DISPLAY" ] && [ -n "$XDG_VTNR" ] && [ "$XDG_VTNR" -eq 1 ] && [ "$(tty)" = "/dev/tty1" ] && exec ${pkgs.systemd}/bin/systemd-cat --identifier=sway sway
'';
}; };
} }

BIN
nix/configuration/roles/sway/files/bliss.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 638 KiB

23
nix/configuration/roles/sway/files/mimeapps.list Normal file
View File

@@ -0,0 +1,23 @@
[Default Applications]
x-scheme-handler/http=firefox.desktop
x-scheme-handler/https=firefox.desktop
x-scheme-handler/chrome=firefox.desktop
text/html=firefox.desktop
application/x-extension-htm=firefox.desktop
application/x-extension-html=firefox.desktop
application/x-extension-shtml=firefox.desktop
application/xhtml+xml=firefox.desktop
application/x-extension-xhtml=firefox.desktop
application/x-extension-xht=firefox.desktop
[Added Associations]
x-scheme-handler/http=firefox.desktop;
x-scheme-handler/https=firefox.desktop;
x-scheme-handler/chrome=firefox.desktop;
text/html=firefox.desktop;
application/x-extension-htm=firefox.desktop;
application/x-extension-html=firefox.desktop;
application/x-extension-shtml=firefox.desktop;
application/xhtml+xml=firefox.desktop;
application/x-extension-xhtml=firefox.desktop;
application/x-extension-xht=firefox.desktop;

2
nix/configuration/roles/sway/files/settings.ini Normal file
View File

@@ -0,0 +1,2 @@
[Settings]
gtk-application-prefer-dark-theme=1

3
nix/configuration/roles/sway/files/tofi-config Normal file
View File

@@ -0,0 +1,3 @@
border-width = 4
outline-width = 1
border-color = #FF6600

27
nix/configuration/roles/sway/force_focus.nix Normal file
View File

@@ -0,0 +1,27 @@
{
config,
lib,
pkgs,
...
}:
let
force_focus_sway_config = pkgs.writeTextFile {
name = "force_focus.conf";
text = ''
mode "force focus" {
bindsym $mod+Shift+Escape fullscreen; mode "default"
}
bindsym $mod+Shift+f fullscreen; mode "force focus"
'';
};
in
{
imports = [ ];
config = lib.mkIf (config.me.graphical && config.me.sway.enable) {
me.swayIncludes = [
force_focus_sway_config
];
};
}

25
nix/configuration/roles/sway/graphical_session_target.nix Normal file
View File

@@ -0,0 +1,25 @@
{
config,
lib,
pkgs,
...
}:
let
start_sway_session = pkgs.writeTextFile {
name = "start_sway_session.conf";
text = ''
# Trigger graphical-session.target through sway-session.target so systemd user units can depend on it.
exec systemctl --user start sway-session.target
exec swaymsg -t subscribe '["shutdown"]' && systemctl --user stop sway-session.target
'';
};
in
{
imports = [ ];
me.swayIncludes = lib.mkAfter [
start_sway_session
];
}

25
nix/configuration/roles/sway/iso.nix Normal file
View File

@@ -0,0 +1,25 @@
{
config,
lib,
pkgs,
...
}:
let
launch_terminal = pkgs.writeTextFile {
name = "launch_terminal.conf";
text = ''
exec ${pkgs.alacritty}/bin/alacritty
'';
};
in
{
imports = [ ];
config = lib.mkIf (config.me.buildingIso && config.me.graphical && config.me.sway.enable) {
# Launch a terminal at boot in the live ISO for when hotkeys don't work.
me.swayIncludes = [
launch_terminal
];
};
}

33
nix/configuration/roles/sway/lockscreen.nix Normal file
View File

@@ -0,0 +1,33 @@
{
config,
lib,
pkgs,
...
}:
let
lockscreen_sway_config = pkgs.writeTextFile {
name = "lockscreen.conf";
text = ''
set $lock ${pkgs.swaylock}/bin/swaylock -f -c 000000
# Hotkey to lock the screen
bindsym $mod+l exec $lock
exec ${pkgs.swayidle}/bin/swayidle -w \
timeout 300 '$lock' \
timeout 600 '${pkgs.sway}/bin/swaymsg "output * dpms off"' \
resume '${pkgs.sway}/bin/swaymsg "output * dpms on"' \
before-sleep '$lock'
'';
};
in
{
imports = [ ];
config = lib.mkIf (config.me.graphical && config.me.sway.enable) {
me.swayIncludes = [
lockscreen_sway_config
];
};
}

32
nix/configuration/roles/sway/notification.nix Normal file
View File

@@ -0,0 +1,32 @@
{
config,
lib,
pkgs,
...
}:
let
notification_sway_config = pkgs.writeTextFile {
name = "notification.conf";
text =
builtins.replaceStrings
[ "@mako@" "@makoctl@" ]
[ "${pkgs.mako}/bin/mako" "${pkgs.mako}/bin/makoctl" ]
''
bindsym $mod+Escape exec @makoctl@ dismiss
bindsym $mod+Shift+Escape exec @makoctl@ invoke
# Notifications
exec @mako@
'';
};
in
{
imports = [ ];
config = lib.mkIf (config.me.graphical && config.me.sway.enable) {
me.swayIncludes = [
notification_sway_config
];
};
}

63
nix/configuration/roles/sway/rofimoji.nix Normal file
View File

@@ -0,0 +1,63 @@
{
config,
lib,
pkgs,
...
}:
let
rofimoji_sway_config = pkgs.writeTextFile {
name = "rofimoji.conf";
text = ''
# Emoji selector
bindsym $mod+backslash exec ${pkgs.rofimoji}/bin/rofimoji --selector tofi
'';
};
in
{
imports = [ ];
config = lib.mkIf (config.me.graphical && config.me.sway.enable) {
me.swayIncludes = [
rofimoji_sway_config
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".local/share/rofimoji";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
nixpkgs.overlays = [
(final: prev: {
rofimoji = prev.rofimoji.overrideAttrs (old: {
propagatedBuildInputs = old.propagatedBuildInputs ++ [ pkgs.tofi ];
src = builtins.fetchGit {
# https://github.com/fdw/rofimoji/issues/209
url = "https://github.com/fdw/rofimoji.git";
rev = "615f00abeb984f3e648ef712164aa4e61f2e1808";
};
});
})
(final: prev: {
tofi = pkgs.symlinkJoin {
name = "tofi";
paths = [ prev.tofi ];
buildInputs = [ pkgs.makeWrapper ];
postBuild = ''
wrapProgram $out/bin/tofi-drun --add-flags --font=${pkgs.source-sans-pro}/share/fonts/opentype/SourceSansPro-Regular.otf --add-flags --config=${./files/tofi-config}
wrapProgram $out/bin/tofi --add-flags --config=${./files/tofi-config}
'';
};
})
];
};
}

42
nix/configuration/roles/sway/screenshot.nix Normal file
View File

@@ -0,0 +1,42 @@
{
config,
lib,
pkgs,
...
}:
let
screenshot_sway_config = pkgs.writeTextFile {
name = "screenshot.conf";
text =
builtins.replaceStrings
[ "@grim@" "@wl-screenrec@" "@pactl@" "@grep@" "@slurp@" ]
[
"${pkgs.grim}/bin/grim"
"${pkgs.wl-screenrec}/bin/wl-screenrec"
"${pkgs.pulseaudio}/bin/pactl"
"${pkgs.gnugrep}/bin/grep"
"${pkgs.slurp}/bin/slurp"
]
''
# Screenshots
#bindsym $mod+print exec @slurp@ | @grim@ -g - $(xdg-user-dir PICTURES)/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')
bindsym $mod+print exec @slurp@ | @grim@ -g - "$HOME/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"
bindsym print exec @grim@ "$HOME/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"
# Maybe add --audio flag? can optionally specify specific device name from `@pactl@ list sources | @grep@ Name`
bindsym $mod+Shift+print exec @wl-screenrec@ -g "$(@slurp@)" --codec av1 -f "$HOME/$(date +'screencast_%Y-%m-%d-%H%M%S.mkv')"
bindsym Shift+print exec @wl-screenrec@ --codec av1 -f "$HOME/$(date +'screencast_%Y-%m-%d-%H%M%S.mkv')"
bindsym $mod+ctrl+Shift+print exec pkill -SIGINT @wl-screenrec@
# Need to make a hotkey to end the recording
'';
};
in
{
imports = [ ];
config = lib.mkIf (config.me.graphical && config.me.sway.enable) {
me.swayIncludes = [
screenshot_sway_config
];
};
}

53
nix/configuration/roles/terraform/default.nix Normal file
View File

@@ -0,0 +1,53 @@
{
config,
lib,
pkgs,
...
}:
let
alias_tf = pkgs.writeShellScriptBin "tf" ''
exec ${pkgs.terraform}/bin/terraform "''${@}"
'';
in
{
imports = [ ];
options.me = {
terraform.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install terraform.";
};
};
config = lib.mkIf config.me.terraform.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
terraform
alias_tf
];
allowedUnfree = [
"terraform"
];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".terraform.d";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
}
]
);
}

29
nix/configuration/roles/vnc_client/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
vnc_client.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install vnc_client.";
};
};
config = lib.mkIf config.me.vnc_client.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
wlvncc
];
})
]
);
}

62
nix/configuration/roles/vscode/default.nix Normal file
View File

@@ -0,0 +1,62 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
vscode.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install vscode.";
};
};
config = lib.mkIf config.me.vscode.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
allowedUnfree = [
"vscode"
"vscode-with-extensions"
"vscode-extension-ms-vscode-remote-remote-ssh"
];
environment.systemPackages = with pkgs; [
(vscode-with-extensions.override {
vscodeExtensions = with vscode-extensions; [
bbenoist.nix
ms-python.python
ms-azuretools.vscode-docker
ms-vscode-remote.remote-ssh
]
# ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
# {
# name = "remote-ssh-edit";
# publisher = "ms-vscode-remote";
# version = "0.47.2";
# sha256 = "1hp6gjh4xp2m1xlm1jsdzxw9d8frkiidhph6nvl24d0h8z34w49g";
# }
# ]
;
})
];
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".config/Code/User/settings.json" = {
source = ./files/settings.json;
};
home.file.".config/Code/User/keybindings.json" = {
source = ./files/keybindings.json;
};
};
})
]
);
}

280
nix/configuration/roles/vscode/files/keybindings.json Normal file
View File

@@ -0,0 +1,280 @@
// Place your key bindings in this file to override the defaultsauto[]
[
{
"key": "alt+.",
"command": "editor.action.revealDefinition",
"when": "editorHasDefinitionProvider && editorTextFocus && !isInEmbeddedEditor"
},
{
"key": "f12",
"command": "-editor.action.revealDefinition",
"when": "editorHasDefinitionProvider && editorTextFocus && !isInEmbeddedEditor"
},
{
"key": "alt+,",
"command": "workbench.action.navigateBack",
"when": "canNavigateBack"
},
{
"key": "ctrl+alt+-",
"command": "-workbench.action.navigateBack",
"when": "canNavigateBack"
},
{
"key": "shift+alt+/",
"command": "editor.action.goToReferences",
"when": "editorHasReferenceProvider && editorTextFocus && !inReferenceSearchEditor && !isInEmbeddedEditor"
},
{
"key": "shift+f12",
"command": "-editor.action.goToReferences",
"when": "editorHasReferenceProvider && editorTextFocus && !inReferenceSearchEditor && !isInEmbeddedEditor"
},
{
"key": "ctrl+alt+.",
"command": "workbench.action.showAllSymbols"
},
{
"key": "ctrl+t",
"command": "-workbench.action.showAllSymbols"
},
{
"key": "alt+;",
"command": "editor.action.commentLine",
"when": "editorTextFocus && !editorReadonly"
},
{
"key": "ctrl+/",
"command": "-editor.action.commentLine",
"when": "editorTextFocus && !editorReadonly"
},
{
"key": "ctrl+x",
"command": "-editor.action.clipboardCutAction"
},
{
"key": "ctrl+x",
"command": "-filesExplorer.cut",
"when": "filesExplorerFocus && foldersViewVisible && !explorerResourceIsRoot && !explorerResourceReadonly && !inputFocus"
},
{
"key": "ctrl+x 3",
"command": "workbench.action.splitEditor"
},
{
"key": "ctrl+\\",
"command": "-workbench.action.splitEditor"
},
{
"key": "ctrl+x 2",
"command": "workbench.action.splitEditorDown"
},
{
"key": "ctrl+k ctrl+\\",
"command": "-workbench.action.splitEditorDown"
},
{
"key": "ctrl+x 1",
"command": "workbench.action.joinAllGroups"
},
{
"key": "ctrl+x 0",
"command": "workbench.action.closeEditorsAndGroup"
},
{
"key": "ctrl+x shift+=",
"command": "workbench.action.evenEditorWidths"
},
{
"key": "shift+up",
"command": "workbench.action.focusAboveGroup"
},
{
"key": "ctrl+k ctrl+up",
"command": "-workbench.action.focusAboveGroup"
},
{
"key": "shift+down",
"command": "workbench.action.focusBelowGroup"
},
{
"key": "ctrl+k ctrl+down",
"command": "-workbench.action.focusBelowGroup"
},
{
"key": "shift+left",
"command": "workbench.action.focusLeftGroup"
},
{
"key": "ctrl+k ctrl+left",
"command": "-workbench.action.focusLeftGroup"
},
{
"key": "shift+right",
"command": "workbench.action.focusRightGroup"
},
{
"key": "ctrl+k ctrl+right",
"command": "-workbench.action.focusRightGroup"
},
{
"key": "ctrl+x ctrl+s",
"command": "workbench.action.files.save"
},
{
"key": "ctrl+s",
"command": "-workbench.action.files.save"
},
{
"key": "alt+g g",
"command": "workbench.action.gotoLine"
},
{
"key": "ctrl+g",
"command": "-workbench.action.gotoLine"
},
{
"key": "ctrl+space",
"command": "editor.action.setSelectionAnchor",
"when": "editorTextFocus"
},
{
"key": "ctrl+k ctrl+b",
"command": "-editor.action.setSelectionAnchor",
"when": "editorTextFocus"
},
{
"key": "alt+w",
"command": "editor.action.clipboardCopyAction"
},
{
"key": "ctrl+c",
"command": "-editor.action.clipboardCopyAction"
},
{
"key": "ctrl+w",
"command": "editor.action.clipboardCutAction"
},
{
"key": "ctrl+y",
"command": "editor.action.clipboardPasteAction"
},
{
"key": "ctrl+v",
"command": "-editor.action.clipboardPasteAction"
},
{
"key": "ctrl+x p f",
"command": "workbench.action.quickOpen"
},
{
"key": "ctrl+e",
"command": "-workbench.action.quickOpen"
},
{
"key": "ctrl+a",
"command": "cursorLineStart"
},
{
"key": "ctrl+e",
"command": "cursorLineEnd"
},
{
"key": "ctrl+s",
"command": "actions.find",
"when": "editorFocus || editorIsOpen"
},
{
"key": "ctrl+f",
"command": "-actions.find",
"when": "editorFocus || editorIsOpen"
},
{
"key": "ctrl+shift+-",
"command": "undo"
},
{
"key": "ctrl+z",
"command": "-undo"
},
{
"key": "alt+x",
"command": "workbench.action.showCommands"
},
{
"key": "ctrl+shift+p",
"command": "-workbench.action.showCommands"
},
{
"key": "ctrl+c ctrl+a",
"command": "editor.action.quickFix",
"when": "editorHasCodeActionsProvider && textInputFocus && !editorReadonly"
},
{
"key": "ctrl+.",
"command": "-editor.action.quickFix",
"when": "editorHasCodeActionsProvider && textInputFocus && !editorReadonly"
},
{
"key": "shift+alt+5",
"command": "editor.action.startFindReplaceAction",
"when": "editorFocus || editorIsOpen"
},
{
"key": "ctrl+h",
"command": "-editor.action.startFindReplaceAction",
"when": "editorFocus || editorIsOpen"
},
{
"key": "shift+1",
"command": "editor.action.replaceAll",
"when": "editorFocus && findWidgetVisible"
},
{
"key": "ctrl+alt+enter",
"command": "-editor.action.replaceAll",
"when": "editorFocus && findWidgetVisible"
},
{
"key": "shift+alt+,",
"command": "cursorTop",
"when": "textInputFocus"
},
{
"key": "ctrl+home",
"command": "-cursorTop",
"when": "textInputFocus"
},
{
"key": "shift+alt+.",
"command": "cursorBottom",
"when": "textInputFocus"
},
{
"key": "ctrl+end",
"command": "-cursorBottom",
"when": "textInputFocus"
},
{
"key": "ctrl+x ctrl+f",
"command": "workbench.action.files.openFile",
"when": "true"
},
{
"key": "ctrl+o",
"command": "-workbench.action.files.openFile",
"when": "true"
},
{
"key": "ctrl+x k",
"command": "workbench.action.closeEditorInAllGroups"
},
{
"key": "ctrl+x b",
"command": "workbench.action.showAllEditors"
},
{
"key": "ctrl+k ctrl+p",
"command": "-workbench.action.showAllEditors"
}
]

41
nix/configuration/roles/vscode/files/settings.json Normal file
View File

@@ -0,0 +1,41 @@
{
"application.shellEnvironmentResolutionTimeout": 90,
"workbench.colorTheme": "Default High Contrast",
"remote.SSH.connectTimeout": 90,
"remote.SSH.enableDynamicForwarding": false,
"remote.SSH.enableAgentForwarding": false,
"remote.SSH.enableX11Forwarding": false,
"python.analysis.inlayHints.functionReturnTypes": true,
"python.analysis.inlayHints.variableTypes": true,
"editor.minimap.enabled": false,
"editor.fontSize": 12,
"editor.cursorStyle": "block",
"editor.fontFamily": "'Cascadia Mono', 'monospace', monospace",
"workbench.colorCustomizations": {
"editorCursor.foreground": "#ccff66",
"terminalCursor.foreground": "#ccff66"
},
"workbench.editor.showTabs": "none",
"workbench.activityBar.location": "hidden",
"window.menuBarVisibility": "toggle",
"explorer.autoReveal": false,
"[python]": {
"editor.defaultFormatter": "ms-python.black-formatter",
"editor.formatOnSave": true
},
"[terraform]": {
"editor.defaultFormatter": "hashicorp.terraform",
"editor.formatOnSave": true
},
"[terraform-vars]": {
"editor.defaultFormatter": "hashicorp.terraform",
"editor.formatOnSave": true
},
"black-formatter.importStrategy": "fromEnvironment",
"workbench.statusBar.visible": false,
"git.openRepositoryInParentFolders": "never",
"files.autoSave": "afterDelay",
"editor.rulers": [
100
]
}

31
nix/configuration/roles/wasm/default.nix Normal file
View File

@@ -0,0 +1,31 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
wasm.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install wasm.";
};
};
config = lib.mkIf config.me.wasm.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
wabt
wasm-bindgen-cli
binaryen # for wasm-opt
];
}
]
);
}

Some files were not shown because too many files have changed in this diff Show More