talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: talexander:7ab1d4b9e1f4adc43c3078cb50df70a0f5471848
Branches Tags
talexander:main talexander:nix talexander:kubernetes talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook
...
compare: talexander:24e03ed8f7dcfa527099a1b7028d66bb37ddf9ae
Branches Tags
talexander:nix talexander:kubernetes talexander:main talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook

3 Commits
7ab1d4b9e1 ... 24e03ed8f7

Author SHA1 Message Date
Tom Alexander
24e03ed8f7 Update packages in nix. 2026-02-13 10:36:49 -05:00
Tom Alexander
e75c4087c3 Add keep-alive to ssh connections. 2026-02-13 10:36:49 -05:00
Tom Alexander
43f3c1f955 Add some nix settings. 2026-02-13 10:36:47 -05:00
16 changed files with 398 additions and 141 deletions
Expand all files Collapse all files

74
nix/configuration/configuration.nix
View File

@@ -113,6 +113,11 @@
# "git-hashing"
];
nix.settings.trusted-users = [ "@wheel" ];
nix.settings.connect-timeout = 5;
nix.settings.min-free = 128000000;
nix.settings.max-free = 1000000000;
nix.settings.fallback = true;
nix.settings.warn-dirty = false;
hardware.enableRedistributableFirmware = true;
@@ -161,6 +166,7 @@
nixpkgs.overlays =
let
disableTests = (
# Example: (disableTests "coreutils")
package_name:
(final: prev: {
"${package_name}" = prev."${package_name}".overrideAttrs (old: {
@@ -169,23 +175,65 @@
});
})
);
disableTestsPython = (
# Example: (disableTestsPython "scipy")
package_name:
(final: prev: {
pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
(python-final: python-prev: {
"${package_name}" = python-prev."${package_name}".overridePythonAttrs (oldAttrs: {
doCheck = false;
});
})
];
})
);
disableOptimizations = (
# Example: (disableOptimizations "coreutils")
package_name:
(final: prev: {
"${package_name}" = final.unoptimized."${package_name}";
})
);
disableOptimizationsScope = (
# Example: (disableOptimizationsScope "kdePackages" "qtbase")
scope: package_name:
(final: prev: {
"${scope}" = prev."${scope}".overrideScope (
scopeFinal: scopePrev: {
"${package_name}" = final.unoptimized."${scope}"."${package_name}";
}
);
})
);
disableOptimizationsPython3 = (
# Example: (disableOptimizationsPython3 "scipy")
package_name:
(final: prev: {
python3Packages = prev.python3Packages.override {
overrides = python-final: python-prev: {
"${package_name}" = final.unoptimized.python3.pkgs."${package_name}";
};
};
})
);
in
[
(disableTests "coreutils")
(disableTests "coreutils-full")
(disableTests "libuv")
(final: prev: {
inherit (final.unoptimized) libtpms libjxl;
})
(disableOptimizationsPython3 "scipy")
# Works but probably sets python2's scipy to be python3:
#
# (final: prev: {
# imagemagick = prev.imagemagick.overrideAttrs (old: rec {
# # 7.1.2-6 seems to no longer exist, so use 7.1.2-7
# version = "7.1.2-7";
# src = final.fetchFromGitHub {
# owner = "ImageMagick";
# repo = "ImageMagick";
# tag = version;
# hash = "sha256-9ARCYftoXiilpJoj+Y+aLCEqLmhHFYSrHfgA5DQHbGo=";
# };
# });
# pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
# (python-final: python-prev: {
# scipy = final.unoptimized.python3Packages.scipy;
# })
# (final: prev: {
# grub2 = (final.callPackage ./package/grub { });
# ];
# })
];

47
nix/configuration/flake.lock generated
View File

@@ -22,11 +22,11 @@
]
},
"locked": {
"lastModified": 1764110879,
"narHash": "sha256-xanUzIb0tf3kJ+PoOFmXEXV1jM3PjkDT/TQ5DYeNYRc=",
"lastModified": 1769524058,
"narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=",
"owner": "nix-community",
"repo": "disko",
"rev": "aecba248f9a7d68c5d1ed15de2d1c8a4c994a3c5",
"rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d",
"type": "github"
},
"original": {
@@ -94,13 +94,40 @@
"type": "github"
}
},
"impermanence": {
"home-manager": {
"inputs": {
"nixpkgs": [
"impermanence",
"nixpkgs"
]
},
"locked": {
"lastModified": 1737831083,
"narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
"lastModified": 1768598210,
"narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "c47b2cc64a629f8e075de52e4742de688f930dc6",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": {
"inputs": {
"home-manager": "home-manager",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1769548169,
"narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
"rev": "7b1d382faf603b6d264f58627330f9faa5cba149",
"type": "github"
},
"original": {
@@ -137,11 +164,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1763966396,
"narHash": "sha256-6eeL1YPcY1MV3DDStIDIdy/zZCDKgHdkCmsrLJFiZf0=",
"lastModified": 1770197578,
"narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5ae3b07d8d6527c42f17c876e404993199144b6a",
"rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2",
"type": "github"
},
"original": {

5
nix/configuration/flake.nix
View File

@@ -15,7 +15,10 @@
description = "My system configuration";
inputs = {
impermanence.url = "github:nix-community/impermanence";
impermanence = {
url = "github:nix-community/impermanence";
inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.2";

3
nix/configuration/formats/installer.nix
View File

@@ -37,7 +37,8 @@ in
(modulesPath + "/profiles/all-hardware.nix")
];
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_17;
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_18;
# boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux;
boot.zfs.package = pkgs.zfs_unstable;
boot.kernelParams = [
"quiet"

2
nix/configuration/roles/base/default.nix
View File

@@ -57,7 +57,7 @@ in
ipcalc
gptfdisk # for cgdisk
nix-output-monitor # For better view into nixos-rebuild
nix-serve-ng # Serve nix store over http
# nix-serve-ng # Serve nix store over http
cleanup_temporary_files
jq
inetutils # For whois

2
nix/configuration/roles/emacs/default.nix
View File

@@ -125,7 +125,7 @@ in
]
))
final.nixd # nix language server
final.nixfmt-rfc-style # auto-formatting nix files through nixd
final.nixfmt # auto-formatting nix files through nixd
final.clang # To compile tree-sitter grammars
final.shellcheck
final.cmake-language-server

10
nix/configuration/roles/gpg/default.nix
View File

@@ -44,11 +44,11 @@ in
];
services.pcscd.enable = true;
me.install.user.talexander.file = {
".gnupg/scdaemon.conf" = {
source = ./files/scdaemon.conf;
};
};
# me.install.user.talexander.file = {
# ".gnupg/scdaemon.conf" = {
# source = ./files/scdaemon.conf;
# };
# };
programs.gnupg.agent = {
enable = true;

6
nix/configuration/roles/network/default.nix
View File

@@ -37,9 +37,9 @@
services.resolved = {
enable = true;
# dnssec = "true";
domains = [ "~." ];
fallbackDns = [ ];
dnsovertls = "true";
settings.Resolve.Domains = [ "~." ];
settings.Resolve.FallbackDNS = [ ];
settings.Resolve.DNSOverTLS = "true";
};
# Without this, systemd-resolved will send DNS requests for <X>.home.arpa to the per-link DNS server (172.16.0.1) which does not support DNS-over-TLS. This leads to the connection hanging and timing out. This causes firefox startup to take an extra 10+ seconds.

5
nix/configuration/roles/optimized_build/default.nix
View File

@@ -52,7 +52,8 @@
(lib.mkIf (!config.me.optimizations.enable) (
lib.mkMerge [
{
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_17;
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_18;
# boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux;
}
]
))
@@ -90,7 +91,7 @@
HZ = lib.kernel.freeform "300";
HZ_300 = lib.kernel.yes;
HZ_1000 = lib.kernel.no;
} prev.linux_6_17;
} prev.linux_6_18; # or prev.linux
}
)
(final: prev: {

6
nix/configuration/roles/rust/default.nix
View File

@@ -50,9 +50,9 @@ in
".cargo/config.toml" = {
source = ./files/cargo_config.toml;
};
".rustup/settings.toml" = {
source = ./files/rustup_settings.toml;
};
# ".rustup/settings.toml" = {
# source = ./files/rustup_settings.toml;
# };
};
environment.persistence."/state" = lib.mkIf (config.me.mountPersistence) {

5
nix/configuration/roles/ssh/default.nix
View File

@@ -30,7 +30,6 @@
];
};
users.root = {
home = "/root";
files = [
".ssh/known_hosts"
];
@@ -47,5 +46,9 @@
source = ./files/ssh_config;
};
};
programs.ssh.extraConfig = ''
Include ${./files/ssh_config_global}
'';
};
}

3
nix/configuration/roles/ssh/files/ssh_config
View File

@@ -37,6 +37,3 @@ Host hydra
Host i_only_boot_zfs
HostName 127.0.0.1
Port 60022
Host *
Compression yes

4
nix/configuration/roles/ssh/files/ssh_config_global Normal file
View File

@@ -0,0 +1,4 @@
Host *
Compression yes
# ServerAliveInterval 240
# TCPKeepAlive yes # Default is yes

3
nix/configuration/roles/ssh/files/ssh_config_root
View File

@@ -4,6 +4,3 @@ Host hydra
User nixworker
IdentitiesOnly yes
IdentityFile /persist/manual/ssh/root/keys/id_ed25519
Host *
Compression yes

3
nix/configuration/roles/sshd/default.nix
View File

@@ -22,6 +22,9 @@
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
# ClientAliveInterval = 120;
# ClientAliveCountMax = 3;
# TCPKeepAlive = "yes"; # Default is yes
};
hostKeys = [
{

221
nix/configuration/util/install_files/default.nix
View File

@@ -11,7 +11,7 @@ let
attrNames
;
get_shell_values =
get_user_shell_values =
target:
let
homedir = config.users.users."${target.username}".home;
@@ -25,6 +25,19 @@ let
username = lib.strings.escapeShellArg "${target.username}";
group = lib.strings.escapeShellArg "${group}";
};
get_global_shell_values =
target:
let
group = config.users.users."${target.username}".group;
in
{
source = lib.strings.escapeShellArg "${target.source}";
destination = lib.strings.escapeShellArg "${target.target}";
mode = lib.strings.escapeShellArg "${target.mode}";
dir_mode = lib.strings.escapeShellArg "${target.dir_mode}";
username = lib.strings.escapeShellArg "${target.username}";
group = lib.strings.escapeShellArg "${group}";
};
install_user_file =
let
constructors = {
@@ -33,12 +46,20 @@ let
};
in
stage: target: (constructors."${target.method}"."${stage}" target);
install_global_file =
let
constructors = {
"overwrite" = install_global_file_overwrite;
"symlink" = install_global_file_symlink;
};
in
stage: target: (constructors."${target.method}"."${stage}" target);
install_user_file_overwrite = {
"check" = (target: "");
"install" = (
target:
let
inherit (get_shell_values target)
inherit (get_user_shell_values target)
source
destination
mode
@@ -79,7 +100,7 @@ let
"uninstall" = (
target:
let
inherit (get_shell_values target)
inherit (get_user_shell_values target)
source
destination
;
@@ -107,7 +128,7 @@ let
"install" = (
target:
let
inherit (get_shell_values target)
inherit (get_user_shell_values target)
source
destination
mode
@@ -151,7 +172,7 @@ let
"uninstall" = (
target:
let
inherit (get_shell_values target)
inherit (get_user_shell_values target)
source
destination
;
@@ -174,21 +195,148 @@ let
]
);
};
in
{
imports = [ ];
options.me.install = {
user = lib.mkOption {
default = { };
type = lib.types.attrsOf (
lib.types.submodule (
{ name, config, ... }:
install_global_file_overwrite = {
"check" = (target: "");
"install" = (
target:
let
username = name;
inherit (get_global_shell_values target)
source
destination
mode
dir_mode
username
group
;
flags = lib.strings.concatStringsSep " " [
(if mode != "" then "-m ${mode}" else "")
(if username != "" then "-o ${username}" else "")
(if group != "" then "-g ${group}" else "")
];
dir_flags = lib.strings.concatStringsSep " " [
(if dir_mode != "" then "-m ${dir_mode}" else "")
(if username != "" then "-o ${username}" else "")
(if group != "" then "-g ${group}" else "")
];
in
{
options = {
if target.recursive then
[
''
find ${source} -type f -print0 | while read -r -d "" file; do
relative_path=$(realpath -s --relative-to ${source} "$file")
full_dest=${destination}/"$relative_path"
create_containing_directories "$full_dest" ${dir_flags}
$DRY_RUN_CMD install $VERBOSE_ARG --compare ${flags} "$file" "$full_dest"
done
''
]
else
[
''
create_containing_directories ${destination} ${dir_flags}
$DRY_RUN_CMD install $VERBOSE_ARG --compare ${flags} ${source} ${destination}
''
]
);
"uninstall" = (
target:
let
inherit (get_global_shell_values target)
source
destination
;
in
if target.recursive then
[
''
find ${source} -type f -print0 | while read -r -d "" file; do
relative_path=$(realpath -s --relative-to ${source} "$file")
full_dest=${destination}/"$relative_path"
$DRY_RUN_CMD echo rm -f "$full_dest"
done
''
]
else
[
''
$DRY_RUN_CMD echo rm -f ${destination}
''
]
);
};
install_global_file_symlink = {
"check" = (target: "");
"install" = (
target:
let
inherit (get_global_shell_values target)
source
destination
mode
dir_mode
username
group
;
owner = lib.strings.concatStringsSep ":" (
filter (val: val != "") [
username
group
]
);
dir_flags = lib.strings.concatStringsSep " " [
(if dir_mode != "" then "-m ${dir_mode}" else "")
(if username != "" then "-o ${username}" else "")
(if group != "" then "-g ${group}" else "")
];
in
if target.recursive then
[
''
find ${source} -type f -print0 | while read -r -d "" file; do
relative_path=$(realpath -s --relative-to ${source} "$file")
full_dest=${destination}/"$relative_path"
create_containing_directories "$full_dest" ${dir_flags}
$DRY_RUN_CMD ln $VERBOSE_ARG -s "$file" "$full_dest"
$DRY_RUN_CMD chown $VERBOSE_ARG -h ${owner} "$full_dest"
done
''
]
else
[
''
create_containing_directories ${destination} ${dir_flags}
$DRY_RUN_CMD ln $VERBOSE_ARG -s ${source} ${destination}
$DRY_RUN_CMD chown $VERBOSE_ARG -h ${owner} ${destination}
''
]
);
"uninstall" = (
target:
let
inherit (get_global_shell_values target)
source
destination
;
in
if target.recursive then
[
''
find ${source} -type f -print0 | while read -r -d "" file; do
relative_path=$(realpath -s --relative-to ${source} "$file")
full_dest=${destination}/"$relative_path"
$DRY_RUN_CMD echo rm -f "$full_dest"
done
''
]
else
[
''
$DRY_RUN_CMD echo rm -f ${destination}
''
]
);
};
install_target_options = username: {
enable = lib.mkOption {
type = lib.types.bool;
default = true;
@@ -198,6 +346,7 @@ in
};
file = lib.mkOption {
default = { };
type = lib.types.attrsOf (
lib.types.submodule (
{ name, config, ... }:
@@ -274,11 +423,29 @@ in
);
};
};
in
{
imports = [ ];
options.me.install = (
{
user = lib.mkOption {
default = { };
type = lib.types.attrsOf (
lib.types.submodule (
{ name, config, ... }:
let
username = name;
in
{
options = (install_target_options username);
}
)
);
};
};
}
// (install_target_options "root")
);
config =
let
@@ -288,11 +455,17 @@ in
builtins.map (user: (builtins.map (path: user.file."${path}") (attrNames user.file))) enabled_users
);
enabled_file_targets = filter (target: target.enable) all_file_targets;
check_commands = lib.flatten (builtins.map (install_user_file "check") enabled_file_targets);
install_commands = lib.flatten (builtins.map (install_user_file "install") enabled_file_targets);
uninstall_commands = lib.flatten (
builtins.map (install_user_file "uninstall") enabled_file_targets
);
all_global_file_targets = (builtins.map (path: cfg.file."${path}") (attrNames cfg.file));
enabled_global_file_targets = filter (target: target.enable) all_global_file_targets;
check_commands =
(lib.flatten (builtins.map (install_global_file "check") enabled_global_file_targets))
++ (lib.flatten (builtins.map (install_user_file "check") enabled_file_targets));
install_commands =
(lib.flatten (builtins.map (install_global_file "install") enabled_global_file_targets))
++ (lib.flatten (builtins.map (install_user_file "install") enabled_file_targets));
uninstall_commands =
(lib.flatten (builtins.map (install_global_file "uninstall") enabled_global_file_targets))
++ (lib.flatten (builtins.map (install_user_file "uninstall") enabled_file_targets));
in
{
systemd.services.me-install-file = {