talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: talexander:7f4c41bb328b942af172a4ed160721f75056d0a0
Branches Tags
talexander:main talexander:nix talexander:kubernetes talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook
..
compare: talexander:upstream_amd_debug_tools
Branches Tags
talexander:nix talexander:kubernetes talexander:main talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook

93 Commits
7f4c41bb32 ... upstream_a

Author SHA1 Message Date
Tom Alexander
6cdb8f066f Disable optimizations for quick iteration. 2025-09-19 19:08:31 -04:00
Tom Alexander
c73ecf422c Switch to using my fork of nixpkgs. 2025-09-19 19:08:30 -04:00
Tom Alexander
b179bee277 Pull in improvements from nixpkgs PR. 2025-09-06 20:32:25 -04:00
Tom Alexander
b1c85417e1 Update to linux 6.16. 2025-09-06 17:39:04 -04:00
Tom Alexander
96ea6c4232 Reduce abmlevel to 2. 
Everything got dimmer in 6.14 so I am reducing the abmlevel.
 2025-09-04 18:51:14 -04:00
Tom Alexander
2a584915e4 Install d2. 2025-09-04 18:51:14 -04:00
Tom Alexander
a6a50d7c22 Add d2 to emacs. 2025-09-04 18:51:14 -04:00
Tom Alexander
edfafd1017 Add latex packages for org export. 2025-09-04 18:51:13 -04:00
Tom Alexander
9adff4ebc1 Add laptop-only entry in shikane. 2025-09-01 18:48:42 -04:00
Tom Alexander
a788879d92 Preserve poetry venvs. 2025-09-01 18:48:38 -04:00
Tom Alexander
955c5963c8 Disable machine learning in firefox. 2025-08-31 22:21:34 -04:00
Tom Alexander
11436c0efe Set vscode navigate backwards to be scoped to the editor. 2025-08-27 20:33:37 -04:00
Tom Alexander
5b487330e1 Use json for talking to nix output monitor. 2025-08-24 17:36:06 -04:00
Tom Alexander
d25e9173dd Merge branch 'amd_s2idle' into nix 2025-08-21 20:30:35 -04:00
Tom Alexander
8bddf10e9d Fix description. 2025-08-21 20:30:23 -04:00
Tom Alexander
64c94e9b06 Add run-time dependencies. 2025-08-17 20:48:35 -04:00
Tom Alexander
c87957b8cb Introduce a cysystemd package. 2025-08-17 20:32:20 -04:00
Tom Alexander
bf419b6f4a Switch to buildPythonApplication. 2025-08-17 19:01:07 -04:00
Tom Alexander
b224a78b89 Add amd_s2idle script for debugging s2idle. 2025-08-17 10:37:51 -04:00
Tom Alexander
748584c78e Merge branch 'copy_files_mixin' into nix 2025-08-10 16:22:19 -04:00
Tom Alexander
64e8903ae4 Remove test code. 2025-08-10 16:19:13 -04:00
Tom Alexander
f4338ec8df Replace uses of home-manager. 2025-08-10 16:12:09 -04:00
Tom Alexander
c947def321 Fix handling ownership of parent directories. 2025-08-10 12:54:34 -04:00
Tom Alexander
f1eaaf12b3 Support separate permissions for containing directories. 2025-08-10 11:52:55 -04:00
Tom Alexander
2b485f7f1d Support recursive. 2025-08-10 11:41:06 -04:00
Tom Alexander
6db8e01309 Honor ownership. 2025-08-09 21:19:13 -04:00
Tom Alexander
03e389195c Filter out blank lines. 2025-08-09 21:01:35 -04:00
Tom Alexander
2c3e5483e9 Centralize the logic for escaping the shell values. 2025-08-09 20:54:54 -04:00
Tom Alexander
6b42a09468 Make the paths relative to the user's home directory. 2025-08-09 20:43:01 -04:00
Tom Alexander
eb5815048f Add a check and uninstall phase. 2025-08-09 20:27:27 -04:00
Tom Alexander
1cb4fa4234 Add support for symlinking. 2025-08-09 20:05:29 -04:00
Tom Alexander
146dc5f79a Switch to nested attrsets. 2025-08-09 19:13:37 -04:00
Tom Alexander
f667c9daa6 Switch to a systemd unit file to remove the need for home-manager. 2025-08-09 11:09:21 -04:00
Tom Alexander
83eaba357f Fix bug where it used the path in the option name rather than the target value inside the option. 2025-08-09 11:09:21 -04:00
Tom Alexander
6284ce8d86 Add method parameter. 2025-08-09 11:09:21 -04:00
Tom Alexander
c26d6f34ea Start a user-specific variant of the install file command. 2025-08-09 11:09:21 -04:00
Tom Alexander
c3f715d010 Add the install_file module from the steam deck config. 2025-08-09 11:09:21 -04:00
Tom Alexander
45514d147c Disable turboboost. 2025-08-09 10:42:20 -04:00
Tom Alexander
aafa880b7c Fix accelerated video decode on chromium. 2025-08-06 22:56:02 -04:00
Tom Alexander
dde8be4d9f Do not update refs when rebasing. 2025-08-06 22:23:16 -04:00
Tom Alexander
03ae8d3b0a Change how we bundle meld into git. 2025-07-19 18:41:57 -04:00
Tom Alexander
03f0721e1f Set up typescript language server and add meld to git. 2025-07-15 22:57:03 -04:00
Tom Alexander
8847063948 Install direnv. 2025-07-13 16:51:58 -04:00
Tom Alexander
399379cea0 Fix eglot rust-analyzer settings. 2025-07-07 19:26:55 -04:00
Tom Alexander
1cdfebf392 Disable cranelift. 
It was causing problems (errors during build) while not providing much benefit for my use-cases.
 2025-07-07 18:44:12 -04:00
Tom Alexander
045fed0748 Fix crashes on shadps4 launch. 2025-07-05 17:08:33 -04:00
Tom Alexander
7fe153bfd3 Update packages. 2025-07-05 10:01:09 -04:00
Tom Alexander
52490457f0 Install shadps4. 2025-06-29 10:22:09 -04:00
Tom Alexander
e5e9bba2a5 Pin old version of linux-firmware to fix wifi on laptop. 2025-06-28 09:47:40 -04:00
Tom Alexander
7ef079afc0 Update to Linux kernel 6.15. 2025-06-28 01:10:47 -04:00
Tom Alexander
a06fece8f1 Update packages. 2025-06-26 23:31:12 -04:00
Tom Alexander
51c7888347 Add dhcpcd for USB tethering and use upstream linux-firmware. 2025-06-23 13:02:10 -04:00
Tom Alexander
7656c30a29 Update packages. 2025-06-22 01:12:03 -04:00
Tom Alexander
929401b359 Switch to memtest86+. 2025-06-22 01:11:41 -04:00
Tom Alexander
16746d58d2 Add a git alias to list the number of commits from each author. 2025-06-20 17:55:06 -04:00
Tom Alexander
82a016ec68 Reduce risk of crashing from savestates. 2025-06-10 17:21:27 -04:00
Tom Alexander
eed2bd4f13 Persist Demon's Souls settings. 2025-06-08 12:08:47 -04:00
Tom Alexander
99f1b1a51b Update packages. 2025-06-01 20:12:34 -04:00
Tom Alexander
99bc8c6d79 Pin the version of linux-firmware. 
New versions of linux-firmware break my wifi on my laptop. I am pinning the firmware version so I can update the rest of my software.
 2025-06-01 20:10:25 -04:00
Tom Alexander
0f2c595538 Perform weekly garbage collects. 2025-06-01 11:21:57 -04:00
Tom Alexander
996cb27a89 Merge branch 'rpcs3' into nix 2025-05-26 19:26:13 -04:00
Tom Alexander
9008d9b7c6 Clean up steam rom manager. 2025-05-26 19:25:10 -04:00
Tom Alexander
38a1168a32 Persist persistent_settings.dat on steam deck. 2025-05-26 18:23:10 -04:00
Tom Alexander
3a4344a112 Copy the RPCS3 setup improvements to the steam deck config. 2025-05-26 16:26:48 -04:00
Tom Alexander
18cb758986 Fix lag in the home button menu. 2025-05-26 16:02:34 -04:00
Tom Alexander
e28c7f8968 Persist icons and play stats. 2025-05-26 15:46:10 -04:00
Tom Alexander
5c17148635 Write color buffers to fix black screen on Demon's Souls. 2025-05-26 15:32:10 -04:00
Tom Alexander
199bb38dfb Fix rpcs3 config. 2025-05-26 15:24:50 -04:00
Tom Alexander
5af4a95940 Add the rpcs3 config.yml file. 2025-05-26 14:51:13 -04:00
Tom Alexander
daf35778c5 Add rpcs3 (ps3 emulator). 2025-05-26 14:51:12 -04:00
Tom Alexander
1866cf6290 Disable cargo in emacs because it is causing errors. 2025-05-24 22:46:38 -04:00
Tom Alexander
23ef4d50b9 Add a comment about how to read ECC memory errors. 2025-05-23 18:01:24 -04:00
Tom Alexander
4aec400388 Auto-format typescript in vscode. 2025-05-19 19:11:21 -04:00
Tom Alexander
f211282376 Fix the build after the software update. 2025-05-15 20:13:27 -04:00
Tom Alexander
96a96a0bc4 Move CPU optimizations into their own role. 
This is remove duplication between the individual hosts folders.
 2025-05-12 22:53:56 -04:00
Tom Alexander
554a6aff65 Update software. 2025-05-11 14:39:36 -04:00
Tom Alexander
14c5c7d0fd Improve video convert script. 2025-05-11 00:11:29 -04:00
Tom Alexander
22f9a0efcd I think I figured out howto enable cross compiling between zen versions. 2025-05-10 23:11:33 -04:00
Tom Alexander
3e80452235 Merge branch '9pfs' into nix 2025-05-10 22:24:43 -04:00
Tom Alexander
c68c069667 Add a new ionlybootzfs host for the test VM. 
This way it will install far less software.
 2025-05-10 22:11:59 -04:00
Tom Alexander
e08d93425a Remove games from VMs. 2025-05-10 21:14:34 -04:00
Tom Alexander
5b7cae49c3 Removing the 9pfs nix store. 
The experiment was good for mounting directories with various overlay patterns from the host to the guest, but using it specifically for /nix/store was a bad idea. It would be better to just serve the host nix store with nix-serve -p 8080 and add that as a substituter during install.
 2025-05-10 20:47:45 -04:00
Tom Alexander
e65504b5f3 Add a role for mounting the nix store over 9pfs. 
This is useful for virtual machines since we can have a persistent /nix/store on the host machine.
 2025-05-10 20:47:45 -04:00
Tom Alexander
158188c4c6 Fix disabling optimizations in iso builds. 2025-05-10 16:41:55 -04:00
Tom Alexander
c587fcc2ac Re-enable fwupd. Without it, gnome-firmwarm seems to not work. 2025-05-10 15:34:50 -04:00
Tom Alexander
9d16c7bd7b Update emacs config. 2025-05-10 12:44:12 -04:00
Tom Alexander
2b3b9af70b Disable teleparty. 
The firefox version has been buggy.
 2025-05-10 12:04:48 -04:00
Tom Alexander
53f370b1ee Add yt-dlp. 2025-05-10 11:58:55 -04:00
Tom Alexander
25c8c30488 Add mkvmerge. 2025-05-07 23:31:17 -04:00
Tom Alexander
4d754355b7 Merge branch 'nix_worker' into nix 2025-05-04 16:40:24 -04:00
Tom Alexander
902c6e1127 Switch to quark's buildMachine config being entirely in nix rather than in root's ssh config. 2025-05-04 16:26:41 -04:00
Tom Alexander
98f98a8895 Centralize the config for buildMachines. 2025-05-04 16:22:02 -04:00
Tom Alexander
4a303d17d8 Add a nix_worker role for nix builders. 2025-05-04 15:53:49 -04:00
109 changed files with 27215 additions and 956 deletions
Expand all files Collapse all files

1
ansible/roles/base/files/gitconfig_home
View File

@@ -8,6 +8,7 @@
lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
bh = log --oneline --branches=* --remotes=* --graph --decorate bh = log --oneline --branches=* --remotes=* --graph --decorate
amend = commit --amend --no-edit amend = commit --amend --no-edit
authorcount = shortlog --summary --numbered --all --no-merges
[core] [core]
excludesfile = ~/.gitignore_global excludesfile = ~/.gitignore_global
[commit] [commit]

1
ansible/roles/base/files/gitconfig_work
View File

@@ -8,6 +8,7 @@
lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
bh = log --oneline --branches=* --remotes=* --graph --decorate bh = log --oneline --branches=* --remotes=* --graph --decorate
amend = commit --amend --no-edit amend = commit --amend --no-edit
authorcount = shortlog --summary --numbered --all --no-merges
[core] [core]
excludesfile = ~/.gitignore_global excludesfile = ~/.gitignore_global
[commit] [commit]

43
nix/configuration/configuration.nix
View File

@@ -2,7 +2,6 @@
config, config,
lib, lib,
pkgs, pkgs,
home-manager,
... ...
}: }:
@@ -10,12 +9,16 @@
imports = [ imports = [
./roles/2ship2harkinian ./roles/2ship2harkinian
./roles/alacritty ./roles/alacritty
./roles/amd_s2idle
./roles/ansible ./roles/ansible
./roles/ares ./roles/ares
./roles/bluetooth ./roles/bluetooth
./roles/boot ./roles/boot
./roles/chromecast ./roles/chromecast
./roles/chromium ./roles/chromium
./roles/d2
./roles/direnv
./roles/distributed_build
./roles/docker ./roles/docker
./roles/ecc ./roles/ecc
./roles/emacs ./roles/emacs
@@ -31,6 +34,7 @@
./roles/graphics ./roles/graphics
./roles/hydra ./roles/hydra
./roles/iso ./roles/iso
./roles/iso_mount
./roles/kanshi ./roles/kanshi
./roles/kodi ./roles/kodi
./roles/kubernetes ./roles/kubernetes
@@ -41,12 +45,16 @@
./roles/memtest86 ./roles/memtest86
./roles/network ./roles/network
./roles/nix_index ./roles/nix_index
./roles/nix_worker
./roles/nvme ./roles/nvme
./roles/optimized_build
./roles/pcsx2 ./roles/pcsx2
./roles/python ./roles/python
./roles/qemu ./roles/qemu
./roles/reset ./roles/reset
./roles/rpcs3
./roles/rust ./roles/rust
./roles/shadps4
./roles/shikane ./roles/shikane
./roles/shipwright ./roles/shipwright
./roles/sm64ex ./roles/sm64ex
@@ -67,6 +75,7 @@
./roles/zfs ./roles/zfs
./roles/zrepl ./roles/zrepl
./roles/zsh ./roles/zsh
./util/install_files
./util/unfree_polyfill ./util/unfree_polyfill
]; ];
@@ -82,6 +91,16 @@
# Use nixos-rebuild-ng # Use nixos-rebuild-ng
# system.rebuild.enableNg = true; # system.rebuild.enableNg = true;
# Keep outputs so we can build offline.
nix.extraOptions = ''
keep-outputs = true
keep-derivations = true
'';
# Technically only needed when building the ISO because nix detects ZFS in the filesystem list normally. I basically always want this so I'm just setting it to always be on.
boot.supportedFilesystems.zfs = true;
# TODO: Is this different from boot.supportedFilesystems = [ "zfs" ]; ?
services.getty = { services.getty = {
autologinUser = "talexander"; # I use full disk encryption so the user password is irrelevant. autologinUser = "talexander"; # I use full disk encryption so the user password is irrelevant.
autologinOnce = true; autologinOnce = true;
@@ -105,27 +124,14 @@
]; ];
}; };
users.groups.talexander.gid = 11235; users.groups.talexander.gid = 11235;
home-manager.users.talexander =
{ pkgs, ... }:
{
# The state version is required and should stay at the version you
# originally installed.
home.stateVersion = "24.11";
};
home-manager.users.root =
{ pkgs, ... }:
{
# The state version is required and should stay at the version you
# originally installed.
home.stateVersion = "24.11";
};
# Automatic garbage collection # Automatic garbage collection
nix.gc = lib.mkIf (!config.me.buildingIso) { nix.gc = lib.mkIf (!config.me.buildingIso) {
# Runs nix-collect-garbage --delete-older-than 5d # Runs nix-collect-garbage --delete-older-than 5d
automatic = true; automatic = true;
randomizedDelaySec = "14m"; persistent = true;
dates = "monthly";
# randomizedDelaySec = "14m";
options = "--delete-older-than 30d"; options = "--delete-older-than 30d";
}; };
nix.settings.auto-optimise-store = !config.me.buildingIso; nix.settings.auto-optimise-store = !config.me.buildingIso;
@@ -154,7 +160,7 @@
pciutils # for lspci pciutils # for lspci
ripgrep ripgrep
strace strace
ltrace # ltrace # Disabled because it uses more than 48GB of /tmp space during test phase.
trace-cmd # ftrace trace-cmd # ftrace
tcpdump tcpdump
git-crypt git-crypt
@@ -168,6 +174,7 @@
ipcalc ipcalc
gptfdisk # for cgdisk gptfdisk # for cgdisk
nix-output-monitor # For better view into nixos-rebuild nix-output-monitor # For better view into nixos-rebuild
nix-serve-ng # Serve nix store over http
]; ];
services.openssh = { services.openssh = {

79
nix/configuration/flake.lock generated
View File

@@ -39,11 +39,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1745812220, "lastModified": 1758160037,
"narHash": "sha256-hotBG0EJ9VmAHJYF0yhWuTVZpENHvwcJ2SxvIPrXm+g=", "narHash": "sha256-fXelTdjdILspZ1IUU9aICB1+PXwSFiF8j+7ujwo1VpQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "d0c543d740fad42fe2c035b43c9d41127e073c78", "rev": "4f554162fff88e77655073d352eec0cea71103a2",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -147,26 +147,6 @@
"type": "github" "type": "github"
} }
}, },
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1746369725,
"narHash": "sha256-m3ai7LLFYsymMK0uVywCceWfUhP0k3CALyFOfcJACqE=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "1a1793f6d940d22c6e49753548c5b6cb7dc5545d",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1737831083, "lastModified": 1737831083,
@@ -210,33 +190,33 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1746232882, "lastModified": 1758242085,
"narHash": "sha256-MHmBH2rS8KkRRdoU/feC/dKbdlMkcNkB5mwkuipVHeQ=", "narHash": "sha256-hnrtEiy8qLMskZr0FBp0vbtMJ9xA4HvDdzuFRLxRiFg=",
"owner": "NixOS", "ref": "og-amd-debug-tools",
"repo": "nixpkgs", "rev": "7b0f433195e299008850d16e85a862177419cef6",
"rev": "7a2622e2c0dbad5c4493cb268aba12896e28b008", "revCount": 862645,
"type": "github" "type": "git",
"url": "https://github.com/tomalexander/nixpkgs.git"
}, },
"original": { "original": {
"owner": "NixOS", "ref": "og-amd-debug-tools",
"ref": "nixos-unstable", "type": "git",
"repo": "nixpkgs", "url": "https://github.com/tomalexander/nixpkgs.git"
"type": "github"
} }
}, },
"nixpkgs-b93b4e9b5": { "nixpkgs-dda3dcd3f": {
"locked": { "locked": {
"lastModified": 1713721570, "lastModified": 1746663147,
"narHash": "sha256-R0s+O5UjTePQRb72XPgtkTmEiOOW8n+1q9Gxt/OJnKU=", "narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b93b4e9b527904aadf52dba6ca35efde2067cbd4", "rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b93b4e9b527904aadf52dba6ca35efde2067cbd4", "rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54",
"type": "github" "type": "github"
} }
}, },
@@ -258,18 +238,18 @@
}, },
"nixpkgs-unoptimized": { "nixpkgs-unoptimized": {
"locked": { "locked": {
"lastModified": 1746232882, "lastModified": 1758242085,
"narHash": "sha256-MHmBH2rS8KkRRdoU/feC/dKbdlMkcNkB5mwkuipVHeQ=", "narHash": "sha256-hnrtEiy8qLMskZr0FBp0vbtMJ9xA4HvDdzuFRLxRiFg=",
"owner": "NixOS", "ref": "og-amd-debug-tools",
"repo": "nixpkgs", "rev": "7b0f433195e299008850d16e85a862177419cef6",
"rev": "7a2622e2c0dbad5c4493cb268aba12896e28b008", "revCount": 862645,
"type": "github" "type": "git",
"url": "https://github.com/tomalexander/nixpkgs.git"
}, },
"original": { "original": {
"owner": "NixOS", "ref": "og-amd-debug-tools",
"ref": "nixos-unstable", "type": "git",
"repo": "nixpkgs", "url": "https://github.com/tomalexander/nixpkgs.git"
"type": "github"
} }
}, },
"pre-commit-hooks-nix": { "pre-commit-hooks-nix": {
@@ -303,11 +283,10 @@
"inputs": { "inputs": {
"ansible-sshjail": "ansible-sshjail", "ansible-sshjail": "ansible-sshjail",
"disko": "disko", "disko": "disko",
"home-manager": "home-manager",
"impermanence": "impermanence", "impermanence": "impermanence",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-b93b4e9b5": "nixpkgs-b93b4e9b5", "nixpkgs-dda3dcd3f": "nixpkgs-dda3dcd3f",
"nixpkgs-unoptimized": "nixpkgs-unoptimized", "nixpkgs-unoptimized": "nixpkgs-unoptimized",
"zsh-histdb": "zsh-histdb" "zsh-histdb": "zsh-histdb"
} }

236
nix/configuration/flake.nix
View File

@@ -29,12 +29,12 @@
# Install on a new machine: # Install on a new machine:
# #
# #
# doas nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount hosts/quark/disk-config.nix # doas nix --substituters "http://10.0.2.2:8080?trusted=1 https://cache.nixos.org/" --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount hosts/odo/disk-config.nix
# nix flake update zsh-histdb --flake . # nix flake update zsh-histdb --flake .
# nix flake update ansible-sshjail --flake . # nix flake update ansible-sshjail --flake .
# for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done # for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
# nixos-install --flake ".#quark" # nixos-install --substituters "http://10.0.2.2:8080?trusted=1 https://cache.nixos.org/" --flake ".#vm_ionlybootzfs"
# #
{ {
@@ -42,11 +42,11 @@
inputs = { inputs = {
impermanence.url = "github:nix-community/impermanence"; impermanence.url = "github:nix-community/impermanence";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; # nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-b93b4e9b5.url = "github:NixOS/nixpkgs/b93b4e9b527904aadf52dba6ca35efde2067cbd4"; # nixpkgs.url = "github:tomalexander/nixpkgs/amd-debug-tools";
nixpkgs-unoptimized.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "git+https://github.com/tomalexander/nixpkgs.git?ref=og-amd-debug-tools";
home-manager.url = "github:nix-community/home-manager"; nixpkgs-dda3dcd3f.url = "github:NixOS/nixpkgs/dda3dcd3fe03e991015e9a74b22d35950f264a54";
home-manager.inputs.nixpkgs.follows = "nixpkgs"; nixpkgs-unoptimized.url = "git+https://github.com/tomalexander/nixpkgs.git?ref=og-amd-debug-tools";
lanzaboote = { lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.2"; url = "github:nix-community/lanzaboote/v0.4.2";
@@ -76,9 +76,8 @@
self, self,
nixpkgs, nixpkgs,
nixpkgs-unoptimized, nixpkgs-unoptimized,
nixpkgs-b93b4e9b5, nixpkgs-dda3dcd3f,
impermanence, impermanence,
home-manager,
lanzaboote, lanzaboote,
zsh-histdb, zsh-histdb,
ansible-sshjail, ansible-sshjail,
@@ -88,7 +87,7 @@
base_x86_64_linux = rec { base_x86_64_linux = rec {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { specialArgs = {
pkgs-b93b4e9b5 = import nixpkgs-b93b4e9b5 { pkgs-dda3dcd3f = import nixpkgs-dda3dcd3f {
inherit system; inherit system;
}; };
pkgs-unoptimized = import nixpkgs-unoptimized { pkgs-unoptimized = import nixpkgs-unoptimized {
@@ -99,13 +98,8 @@
}; };
modules = [ modules = [
impermanence.nixosModules.impermanence impermanence.nixosModules.impermanence
home-manager.nixosModules.home-manager
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
}
{ {
nixpkgs.overlays = [ nixpkgs.overlays = [
zsh-histdb.overlays.default zsh-histdb.overlays.default
@@ -115,21 +109,9 @@
./configuration.nix ./configuration.nix
]; ];
}; };
systems = { systems =
odo = { let
main = nixpkgs.lib.nixosSystem ( additional_iso_modules = [
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [
./hosts/odo
];
}
);
iso = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [
./hosts/odo
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix") (nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
# TODO: Figure out how to do image based appliances # TODO: Figure out how to do image based appliances
# (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix") # (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix")
@@ -137,98 +119,148 @@
isoImage.makeEfiBootable = true; isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true; isoImage.makeUsbBootable = true;
me.buildingIso = true; me.buildingIso = true;
me.optimizations.enable = false; me.optimizations.enable = nixpkgs.lib.mkForce false;
}
{
# These are big space hogs. The chance that I need them on an ISO is slim.
me.steam.enable = nixpkgs.lib.mkForce false;
me.pcsx2.enable = nixpkgs.lib.mkForce false;
} }
]; ];
additional_vm_modules = [
(nixpkgs + "/nixos/modules/profiles/qemu-guest.nix")
{
networking.dhcpcd.enable = true;
networking.useDHCP = true;
me.optimizations.enable = nixpkgs.lib.mkForce false;
} }
); {
# I don't need games on a virtual machine.
me.steam.enable = nixpkgs.lib.mkForce false;
me.pcsx2.enable = nixpkgs.lib.mkForce false;
me.sm64ex.enable = nixpkgs.lib.mkForce false;
me.shipwright.enable = nixpkgs.lib.mkForce false;
me.ship2harkinian.enable = nixpkgs.lib.mkForce false;
}
];
in
{
odo = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/odo
];
}; };
quark = { iso = main // {
main = nixpkgs.lib.nixosSystem ( modules = main.modules ++ additional_iso_modules;
base_x86_64_linux };
// { vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
quark = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [ modules = base_x86_64_linux.modules ++ [
./hosts/quark ./hosts/quark
]; ];
}
);
iso = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [
./hosts/quark
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
# TODO: Figure out how to do image based appliances
# (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix")
{
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
me.buildingIso = true;
me.optimizations.enable = false;
}
];
}
);
}; };
neelix = { iso = main // {
main = nixpkgs.lib.nixosSystem ( modules = main.modules ++ additional_iso_modules;
base_x86_64_linux };
// { vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
neelix = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [ modules = base_x86_64_linux.modules ++ [
./hosts/neelix ./hosts/neelix
]; ];
} };
); iso = main // {
iso = nixpkgs.lib.nixosSystem ( modules = main.modules ++ additional_iso_modules;
base_x86_64_linux };
// { vm = main // {
modules = base_x86_64_linux.modules ++ [ modules = main.modules ++ additional_vm_modules;
./hosts/neelix };
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix") vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
hydra =
let
additional_iso_modules = additional_iso_modules ++ [
{ {
isoImage.makeEfiBootable = true; me.optimizations.enable = true;
isoImage.makeUsbBootable = true;
me.buildingIso = true;
me.optimizations.enable = false;
} }
]; ];
} in
); rec {
}; main = base_x86_64_linux // {
hydra = {
main = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [ modules = base_x86_64_linux.modules ++ [
./hosts/hydra ./hosts/hydra
]; ];
}
);
iso = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [
./hosts/hydra
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
{
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
me.buildingIso = true;
}
];
}
);
}; };
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
ionlybootzfs = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/ionlybootzfs
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
}; };
in in
{ {
nixosConfigurations.odo = systems.odo.main; nixosConfigurations.odo = nixpkgs.lib.nixosSystem systems.odo.main;
iso.odo = systems.odo.iso.config.system.build.isoImage; iso.odo = (nixpkgs.lib.nixosSystem systems.odo.iso).config.system.build.isoImage;
nixosConfigurations.quark = systems.quark.main; nixosConfigurations.vm_odo = nixpkgs.lib.nixosSystem systems.odo.vm;
iso.quark = systems.quark.iso.config.system.build.isoImage; vm_iso.odo = (nixpkgs.lib.nixosSystem systems.odo.vm_iso).config.system.build.isoImage;
nixosConfigurations.neelix = systems.neelix.main;
iso.neelix = systems.neelix.iso.config.system.build.isoImage; nixosConfigurations.quark = nixpkgs.lib.nixosSystem systems.quark.main;
nixosConfigurations.hydra = systems.hydra.main; iso.quark = (nixpkgs.lib.nixosSystem systems.quark.iso).config.system.build.isoImage;
iso.hydra = systems.hydra.iso.config.system.build.isoImage; nixosConfigurations.vm_quark = nixpkgs.lib.nixosSystem systems.quark.vm;
vm_iso.quark = (nixpkgs.lib.nixosSystem systems.quark.vm_iso).config.system.build.isoImage;
nixosConfigurations.neelix = nixpkgs.lib.nixosSystem systems.neelix.main;
iso.neelix = (nixpkgs.lib.nixosSystem systems.neelix.iso).config.system.build.isoImage;
nixosConfigurations.vm_neelix = nixpkgs.lib.nixosSystem systems.neelix.vm;
vm_iso.neelix = (nixpkgs.lib.nixosSystem systems.neelix.vm_iso).config.system.build.isoImage;
nixosConfigurations.hydra = nixpkgs.lib.nixosSystem systems.hydra.main;
iso.hydra = (nixpkgs.lib.nixosSystem systems.hydra.iso).config.system.build.isoImage;
nixosConfigurations.vm_hydra = nixpkgs.lib.nixosSystem systems.hydra.vm;
vm_iso.hydra = (nixpkgs.lib.nixosSystem systems.hydra.vm_iso).config.system.build.isoImage;
nixosConfigurations.ionlybootzfs = nixpkgs.lib.nixosSystem systems.ionlybootzfs.main;
iso.ionlybootzfs = (nixpkgs.lib.nixosSystem systems.ionlybootzfs.iso).config.system.build.isoImage;
nixosConfigurations.vm_ionlybootzfs = nixpkgs.lib.nixosSystem systems.ionlybootzfs.vm;
vm_iso.ionlybootzfs =
(nixpkgs.lib.nixosSystem systems.ionlybootzfs.vm_iso).config.system.build.isoImage;
}; };
} }

2
nix/configuration/hosts/hydra/DEPLOY_BOOT
View File

@@ -14,6 +14,6 @@ nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../" nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom nixos-rebuild boot --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#hydra' # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#hydra'

2
nix/configuration/hosts/hydra/DEPLOY_SWITCH
View File

@@ -14,6 +14,6 @@ nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../" nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom nixos-rebuild switch --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#hydra' # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#hydra'

2
nix/configuration/hosts/hydra/ISO
View File

@@ -9,4 +9,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
nix flake update zsh-histdb --flake "$DIR/../../" nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../" nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.hydra" --max-jobs "$JOBS" "${@}" |& nom nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.hydra" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

23
nix/configuration/hosts/hydra/default.nix
View File

@@ -36,22 +36,33 @@
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
me.optimizations.enable = true;
me.secureBoot.enable = false; me.secureBoot.enable = false;
me.optimizations = {
enable = true;
arch = "znver4";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Mount tmpfs at /tmp # Mount tmpfs at /tmp
boot.tmp.useTmpfs = true; boot.tmp.useTmpfs = true;
me.emacs_flavor = "plainmacs"; me.emacs_flavor = "plainmacs";
me.graphical = false; me.graphical = false;
me.hydra.enable = false; me.hydra.enable = false;
me.nix_worker.enable = true;
me.vm_disk.enable = true; me.vm_disk.enable = true;
me.wireguard.activated = [ ]; me.wireguard.activated = [ ];
me.wireguard.deactivated = [ ]; me.wireguard.deactivated = [ ];
me.zsh.enable = true; me.zsh.enable = true;
# Trust this key so nix running as root can ssh into hydra.
users.users.talexander.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB/IlYTQ0M5pFN5tdoswh37CDl/gbULI3h+SsKXCansh talexander@odo"
];
} }

73
nix/configuration/hosts/hydra/optimized_build.nix
View File

@@ -1,73 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{
nix.settings.system-features = lib.mkForce [
"gccarch-znver4"
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
# "kvm"
# "nixos-test"
];
nixpkgs.hostPlatform = {
gcc.arch = "znver4";
gcc.tune = "znver4";
system = "x86_64-linux";
};
nixpkgs.overlays = [
(
final: prev:
let
optimizeWithFlags =
pkg: flags:
pkg.overrideAttrs (old: {
NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags;
});
addConfig =
additionalConfig: pkg:
pkg.override (oldconfig: {
structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
});
in
{
linux_znver4 =
addConfig
{
# Full preemption
PREEMPT = lib.mkOverride 60 lib.kernel.yes;
PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
# Google's BBRv3 TCP congestion Control
TCP_CONG_BBR = lib.kernel.yes;
DEFAULT_BBR = lib.kernel.yes;
# Preemptive Full Tickless Kernel at 300Hz
HZ = lib.kernel.freeform "300";
HZ_300 = lib.kernel.yes;
HZ_1000 = lib.kernel.no;
}
(
optimizeWithFlags prev.linux_6_14 [
"-march=znver4"
"-mtune=znver4"
]
);
}
)
];
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_znver4;
}
];
}

19
nix/configuration/hosts/ionlybootzfs/DEPLOY_BOOT Executable file
View File

@@ -0,0 +1,19 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET="ionlybootzfs"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#ionlybootzfs'

19
nix/configuration/hosts/ionlybootzfs/DEPLOY_SWITCH Executable file
View File

@@ -0,0 +1,19 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=ionlybootzfs
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#ionlybootzfs'

12
nix/configuration/hosts/ionlybootzfs/ISO Executable file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.ionlybootzfs" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

63
nix/configuration/hosts/ionlybootzfs/default.nix Normal file
View File

@@ -0,0 +1,63 @@
#
# Testing:
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \
# -accel kvm \
# -cpu host \
# -smp cores=8 \
# -m 32768 \
# -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" \
# -drive file=/tmp/localdisk.img,if=none,id=nvm,format=raw \
# -device nvme,serial=deadbeef,drive=nvm \
# -nic user,hostfwd=tcp::60022-:22 \
# -boot order=d \
# -cdrom "$(readlink -f /persist/machine_setup/nix/configuration/result/iso/nixos*.iso)" \
# -display vnc=127.0.0.1:0
#
{
config,
lib,
pkgs,
...
}:
{
imports = [
./wrapped-disk-config.nix
./hardware-configuration.nix
];
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "fbd233d8";
networking.hostName = "ionlybootzfs"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = true;
me.optimizations = {
enable = false;
arch = "znver4";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
me.emacs_flavor = "plainmacs";
me.graphical = false;
me.wireguard.activated = [ ];
me.wireguard.deactivated = [ ];
me.zsh.enable = true;
}

142
nix/configuration/hosts/ionlybootzfs/disk-config.nix Normal file
View File

@@ -0,0 +1,142 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"umask=0077"
"noatime"
"discard"
];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
# mode = "mirror";
# Workaround: cannot import 'zroot': I/O error in disko tests
options.cachefile = "none";
options = {
ashift = "12";
compatibility = "openzfs-2.2-freebsd";
autotrim = "on";
};
rootFsOptions = {
acltype = "posixacl";
atime = "off";
relatime = "off";
xattr = "sa";
mountpoint = "none";
compression = "lz4";
canmount = "off";
utf8only = "on";
dnodesize = "auto";
normalization = "formD";
};
datasets = {
"linux/nix" = {
type = "zfs_fs";
options.mountpoint = "none";
options = {
encryption = "aes-256-gcm";
keyformat = "passphrase";
# keylocation = "file:///tmp/secret.key";
};
};
"linux/nix/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
};
"linux/nix/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
options = {
recordsize = "16MiB";
compression = "zstd-19";
};
};
"linux/nix/home" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/home";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
};
"linux/nix/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
};
"linux/nix/state" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/state";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
};
};
};
};
};
# Make sure all persistent volumes are marked as neededForBoot
#
# Also mounts /home so it is mounted before the user home directories are created.
fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
fileSystems."/".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [
"noatime"
"norelatime"
];
fileSystems."/persist".options = [
"noatime"
"norelatime"
];
fileSystems."/state".options = [
"noatime"
"norelatime"
];
fileSystems."/home".options = [
"noatime"
"norelatime"
];
# Only attempt to decrypt the main pool. Otherwise it attempts to decrypt pools that aren't even used.
boot.zfs.requestEncryptionCredentials = [ "zroot/linux/nix" ];
}

38
nix/configuration/hosts/ionlybootzfs/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,38 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.dhcpcd.enable = lib.mkForce true;
networking.useDHCP = lib.mkForce true;
# systemd.network.enable = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

46
nix/configuration/hosts/odo/optimized_build.nix → nix/configuration/hosts/ionlybootzfs/optimized_build.nix
View File

@@ -56,31 +56,35 @@
(final: prev: { (final: prev: {
haskellPackages = prev.haskellPackages.extend ( haskellPackages = prev.haskellPackages.extend (
final': prev': { final': prev': {
crypton = pkgs-unoptimized.haskellPackages.crypton; inherit (pkgs-unoptimized.haskellPackages)
crypton-connection = pkgs-unoptimized.haskellPackages.crypton-connection; crypton
crypton-x509 = pkgs-unoptimized.haskellPackages.crypton-x509; crypton-connection
crypton-x509-store = pkgs-unoptimized.haskellPackages.crypton-x509-store; crypton-x509
crypton-x509-system = pkgs-unoptimized.haskellPackages.crypton-x509-system; crypton-x509-store
crypton-x509-validation = pkgs-unoptimized.haskellPackages.crypton-x509-validation; crypton-x509-system
hspec-wai = pkgs-unoptimized.haskellPackages.hspec-wai; crypton-x509-validation
http-client-tls = pkgs-unoptimized.haskellPackages.http-client-tls; hspec-wai
http2 = pkgs-unoptimized.haskellPackages.http2; http-client-tls
pandoc = pkgs-unoptimized.haskellPackages.pandoc; http2
pandoc-cli = pkgs-unoptimized.haskellPackages.pandoc-cli; pandoc
pandoc-lua-engine = pkgs-unoptimized.haskellPackages.pandoc-lua-engine; pandoc-cli
pandoc-server = pkgs-unoptimized.haskellPackages.pandoc-server; pandoc-lua-engine
servant-server = pkgs-unoptimized.haskellPackages.servant-server; pandoc-server
tls = pkgs-unoptimized.haskellPackages.tls; servant-server
wai-app-static = pkgs-unoptimized.haskellPackages.wai-app-static; tls
wai-extra = pkgs-unoptimized.haskellPackages.wai-extra; wai-app-static
warp = pkgs-unoptimized.haskellPackages.warp; wai-extra
warp
;
} }
); );
}) })
(final: prev: { (final: prev: {
gsl = pkgs-unoptimized.gsl; inherit (pkgs-unoptimized)
redis = pkgs-unoptimized.redis; gsl
valkey = pkgs-unoptimized.valkey; redis
valkey
;
}) })
]; ];

8
nix/configuration/hosts/ionlybootzfs/wrapped-disk-config.nix Normal file
View File

@@ -0,0 +1,8 @@
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) (import ./disk-config.nix)

2
nix/configuration/hosts/neelix/DEPLOY_BOOT
View File

@@ -14,6 +14,6 @@ nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../" nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom nixos-rebuild boot --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#neelix' # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#neelix'

2
nix/configuration/hosts/neelix/DEPLOY_SWITCH
View File

@@ -14,6 +14,6 @@ nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../" nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom nixos-rebuild switch --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#neelix' # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#neelix'

16
nix/configuration/hosts/neelix/default.nix
View File

@@ -3,7 +3,6 @@
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./disk-config.nix ./disk-config.nix
./optimized_build.nix
./power_management.nix ./power_management.nix
]; ];
@@ -15,9 +14,22 @@
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
me.optimizations.enable = false;
me.secureBoot.enable = false; me.secureBoot.enable = false;
me.optimizations = {
enable = false;
arch = "alderlake";
system_features = [
"gccarch-alderlake"
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Early KMS # Early KMS
boot.initrd.kernelModules = [ "i915" ]; boot.initrd.kernelModules = [ "i915" ];

11
nix/configuration/hosts/neelix/hardware-configuration.nix
View File

@@ -14,7 +14,14 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ]; boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
@@ -23,7 +30,7 @@
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; # networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;

80
nix/configuration/hosts/neelix/optimized_build.nix
View File

@@ -1,80 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{ }
(lib.mkIf (!config.me.optimizations.enable) {
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_13;
})
(lib.mkIf (config.me.optimizations.enable) {
nixpkgs.hostPlatform = {
gcc.arch = "alderlake";
gcc.tune = "alderlake";
system = "x86_64-linux";
};
nixpkgs.overlays = [
(
self: super:
let
optimizeWithFlags =
pkg: flags:
pkg.overrideAttrs (old: {
NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags;
});
addConfig =
additionalConfig: pkg:
pkg.override (oldconfig: {
structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
});
in
{
linux_me =
addConfig
{
# Full preemption
PREEMPT = lib.mkOverride 60 lib.kernel.yes;
PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
# Google's BBRv3 TCP congestion Control
TCP_CONG_BBR = lib.kernel.yes;
DEFAULT_BBR = lib.kernel.yes;
# Preemptive Full Tickless Kernel at 300Hz
HZ = lib.kernel.freeform "300";
HZ_300 = lib.kernel.yes;
HZ_1000 = lib.kernel.no;
}
(
optimizeWithFlags super.linux_6_12 [
"-march=alderlake"
"-mtune=alderlake"
]
);
}
)
];
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_me;
})
(lib.mkIf (!config.me.buildingIso) {
nix.settings.system-features = lib.mkForce [
"gccarch-alderlake"
"gccarch-x86-64-v3"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
})
(lib.mkIf (config.me.buildingIso) {
boot.supportedFilesystems = [ "zfs" ];
})
];
}

2
nix/configuration/hosts/odo/DEPLOY_BOOT
View File

@@ -14,6 +14,6 @@ nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../" nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom nixos-rebuild boot --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#odo' # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#odo'

2
nix/configuration/hosts/odo/DEPLOY_SWITCH
View File

@@ -14,6 +14,6 @@ nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../" nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom nixos-rebuild switch --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#odo' # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#odo'

2
nix/configuration/hosts/odo/ISO
View File

@@ -9,4 +9,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
nix flake update zsh-histdb --flake "$DIR/../../" nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../" nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.odo" --max-jobs "$JOBS" "${@}" |& nom nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.odo" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/odo/SELF_BOOT
View File

@@ -9,4 +9,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
nix flake update zsh-histdb --flake "$DIR/../../" nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../" nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" "${@}" |& nom nixos-rebuild boot --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json

12
nix/configuration/hosts/odo/SELF_BUILD Executable file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/odo/SELF_SWITCH
View File

@@ -9,4 +9,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
nix flake update zsh-histdb --flake "$DIR/../../" nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../" nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" "${@}" |& nom nixos-rebuild switch --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json

28
nix/configuration/hosts/odo/default.nix
View File

@@ -7,8 +7,7 @@
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./disk-config.nix ./wrapped-disk-config.nix
./optimized_build.nix
./distributed_build.nix ./distributed_build.nix
./power_management.nix ./power_management.nix
./screen_brightness.nix ./screen_brightness.nix
@@ -24,9 +23,24 @@
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
me.optimizations.enable = true;
me.secureBoot.enable = true; me.secureBoot.enable = true;
me.optimizations = {
enable = false;
arch = "znver4";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Early KMS # Early KMS
boot.initrd.kernelModules = [ "amdgpu" ]; boot.initrd.kernelModules = [ "amdgpu" ];
@@ -45,13 +59,16 @@
# services.fstrim.enable = lib.mkDefault true; # services.fstrim.enable = lib.mkDefault true;
me.alacritty.enable = true; me.alacritty.enable = true;
me.amd_s2idle.enable = true;
me.ansible.enable = true; me.ansible.enable = true;
me.ares.enable = true; me.ares.enable = true;
me.bluetooth.enable = true; me.bluetooth.enable = true;
me.chromecast.enable = true; me.chromecast.enable = true;
me.chromium.enable = true; me.chromium.enable = true;
me.d2.enable = true;
me.direnv.enable = true;
me.docker.enable = true; me.docker.enable = true;
me.ecc.enable = true; me.ecc.enable = false;
me.emacs_flavor = "full"; me.emacs_flavor = "full";
me.firefox.enable = true; me.firefox.enable = true;
me.flux.enable = true; me.flux.enable = true;
@@ -61,6 +78,7 @@
me.gpg.enable = true; me.gpg.enable = true;
me.graphical = true; me.graphical = true;
me.graphics_card_type = "amd"; me.graphics_card_type = "amd";
me.iso_mount.enable = true;
me.kanshi.enable = false; me.kanshi.enable = false;
me.kubernetes.enable = true; me.kubernetes.enable = true;
me.latex.enable = true; me.latex.enable = true;
@@ -71,7 +89,9 @@
me.pcsx2.enable = true; me.pcsx2.enable = true;
me.python.enable = true; me.python.enable = true;
me.qemu.enable = true; me.qemu.enable = true;
me.rpcs3.enable = true;
me.rust.enable = true; me.rust.enable = true;
me.shadps4.enable = true;
me.shikane.enable = true; me.shikane.enable = true;
me.sops.enable = true; me.sops.enable = true;
me.sound.enable = true; me.sound.enable = true;

8
nix/configuration/hosts/odo/disk-config.nix
View File

@@ -1,14 +1,8 @@
# Manual Step: # Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1 # Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1 # Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) { {
disko.devices = { disko.devices = {
disk = { disk = {
main = { main = {

51
nix/configuration/hosts/odo/distributed_build.nix
View File

@@ -9,48 +9,19 @@
config = lib.mkMerge [ config = lib.mkMerge [
{ {
nix.distributedBuilds = true; me.distributed_build.enable = true;
nix.buildMachines = [ me.distributed_build.machines.hydra = {
{ enable = true;
hostName = "hydra"; additional_config = {
sshUser = "talexander";
systems = [
"x86_64-linux"
# "aarch64-linux"
];
maxJobs = 1;
speedFactor = 2; speedFactor = 2;
supportedFeatures = [ };
# "nixos-test" };
"benchmark" me.distributed_build.machines.quark = {
"big-parallel" enable = true;
# "kvm" additional_config = {
"gccarch-znver4"
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
];
}
{
hostName = "quark";
sshUser = "talexander";
systems = [
"x86_64-linux"
# "aarch64-linux"
];
maxJobs = 1;
speedFactor = 2; speedFactor = 2;
supportedFeatures = [ };
# "nixos-test" };
"benchmark"
"big-parallel"
# "kvm"
"gccarch-znver4"
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"gccarch-znver5"
];
}
];
} }
]; ];
} }

2
nix/configuration/hosts/odo/hardware-configuration.nix
View File

@@ -27,7 +27,7 @@
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; # networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;

18
nix/configuration/hosts/odo/power_management.nix
View File

@@ -20,7 +20,7 @@
# amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds. # amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds.
# amdgpu.dcdebugmask=0x10 :: Allegedly disables Panel Replay from https://community.frame.work/t/tracking-freezing-arch-linux-amd/39495/32 # amdgpu.dcdebugmask=0x10 :: Allegedly disables Panel Replay from https://community.frame.work/t/tracking-freezing-arch-linux-amd/39495/32
boot.kernelParams = [ boot.kernelParams = [
"amdgpu.abmlevel=3" "amdgpu.abmlevel=2"
"pcie_aspm=force" "pcie_aspm=force"
# "pcie_aspm.policy=powersupersave" # "pcie_aspm.policy=powersupersave"
"nowatchdog" "nowatchdog"
@@ -47,6 +47,22 @@
"w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpu0/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu1/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu2/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu3/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu4/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu5/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu6/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu7/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu8/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu9/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu10/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu11/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu12/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu13/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu14/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu15/cpufreq/boost - - - - 0"
]; ];
boot.extraModprobeConfig = '' boot.extraModprobeConfig = ''

2
nix/configuration/hosts/odo/screen_brightness.nix
View File

@@ -9,6 +9,6 @@
imports = [ ]; imports = [ ];
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"w- /sys/class/backlight/amdgpu_bl1/brightness - - - - 85" "w- /sys/class/backlight/amdgpu_bl1/brightness - - - - 21845"
]; ];
} }

8
nix/configuration/hosts/odo/wrapped-disk-config.nix Normal file
View File

@@ -0,0 +1,8 @@
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) (import ./disk-config.nix)

2
nix/configuration/hosts/quark/DEPLOY_BOOT
View File

@@ -14,6 +14,6 @@ nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../" nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom nixos-rebuild boot --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#quark' # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#quark'

2
nix/configuration/hosts/quark/DEPLOY_SWITCH
View File

@@ -14,6 +14,6 @@ nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../" nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom nixos-rebuild switch --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#quark' # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#quark'

2
nix/configuration/hosts/quark/ISO
View File

@@ -9,4 +9,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
nix flake update zsh-histdb --flake "$DIR/../../" nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../" nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.quark" --max-jobs "$JOBS" "${@}" |& nom nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.quark" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/quark/SELF_BOOT
View File

@@ -9,4 +9,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
nix flake update zsh-histdb --flake "$DIR/../../" nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../" nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" "${@}" |& nom nixos-rebuild boot --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json

12
nix/configuration/hosts/quark/SELF_BUILD Executable file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/quark/SELF_SWITCH
View File

@@ -9,4 +9,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
nix flake update zsh-histdb --flake "$DIR/../../" nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../" nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" "${@}" |& nom nixos-rebuild switch --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json

31
nix/configuration/hosts/quark/default.nix
View File

@@ -9,11 +9,11 @@
./disk-config.nix ./disk-config.nix
./distributed_build.nix ./distributed_build.nix
./hardware-configuration.nix ./hardware-configuration.nix
./optimized_build.nix
./power_management.nix ./power_management.nix
./wifi.nix ./wifi.nix
]; ];
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4` # Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "47ee7d7c"; networking.hostId = "47ee7d7c";
@@ -22,9 +22,25 @@
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
me.optimizations.enable = true;
me.secureBoot.enable = true; me.secureBoot.enable = true;
me.optimizations = {
enable = true;
arch = "znver5";
system_features = [
"gccarch-znver4"
"gccarch-znver5"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Early KMS # Early KMS
boot.initrd.kernelModules = [ "amdgpu" ]; boot.initrd.kernelModules = [ "amdgpu" ];
@@ -34,12 +50,18 @@
# Enable TRIM # Enable TRIM
# services.fstrim.enable = lib.mkDefault true; # services.fstrim.enable = lib.mkDefault true;
# RPCS3 has difficulty with znver5
me.rpcs3.config.Core."Use LLVM CPU" = "znver4";
me.alacritty.enable = true; me.alacritty.enable = true;
me.amd_s2idle.enable = true;
me.ansible.enable = true; me.ansible.enable = true;
me.ares.enable = true; me.ares.enable = true;
me.bluetooth.enable = true; me.bluetooth.enable = true;
me.chromecast.enable = true; me.chromecast.enable = true;
me.chromium.enable = true; me.chromium.enable = true;
me.d2.enable = true;
me.direnv.enable = true;
me.docker.enable = true; me.docker.enable = true;
me.ecc.enable = true; me.ecc.enable = true;
me.emacs_flavor = "full"; me.emacs_flavor = "full";
@@ -51,6 +73,7 @@
me.gpg.enable = true; me.gpg.enable = true;
me.graphical = true; me.graphical = true;
me.graphics_card_type = "amd"; me.graphics_card_type = "amd";
me.iso_mount.enable = true;
me.kanshi.enable = false; me.kanshi.enable = false;
me.kubernetes.enable = true; me.kubernetes.enable = true;
me.latex.enable = true; me.latex.enable = true;
@@ -58,10 +81,13 @@
me.lvfs.enable = true; me.lvfs.enable = true;
me.media.enable = true; me.media.enable = true;
me.nix_index.enable = true; me.nix_index.enable = true;
me.nix_worker.enable = true;
me.pcsx2.enable = true; me.pcsx2.enable = true;
me.python.enable = true; me.python.enable = true;
me.qemu.enable = true; me.qemu.enable = true;
me.rpcs3.enable = true;
me.rust.enable = true; me.rust.enable = true;
me.shadps4.enable = true;
me.shikane.enable = true; me.shikane.enable = true;
me.sops.enable = true; me.sops.enable = true;
me.sound.enable = true; me.sound.enable = true;
@@ -87,4 +113,5 @@
me.sm64ex.enable = true; me.sm64ex.enable = true;
me.shipwright.enable = true; me.shipwright.enable = true;
me.ship2harkinian.enable = true; me.ship2harkinian.enable = true;
};
} }

27
nix/configuration/hosts/quark/distributed_build.nix
View File

@@ -9,28 +9,13 @@
config = lib.mkMerge [ config = lib.mkMerge [
{ {
nix.distributedBuilds = true; me.distributed_build.enable = true;
nix.buildMachines = [ me.distributed_build.machines.hydra = {
{ enable = true;
hostName = "hydra"; additional_config = {
sshUser = "talexander";
systems = [
"x86_64-linux"
# "aarch64-linux"
];
maxJobs = 1;
speedFactor = 2; speedFactor = 2;
supportedFeatures = [ };
# "nixos-test" };
"benchmark"
"big-parallel"
# "kvm"
"gccarch-znver4"
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
];
}
];
} }
]; ];
} }

3
nix/configuration/hosts/quark/hardware-configuration.nix
View File

@@ -27,10 +27,9 @@
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; # networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

122
nix/configuration/hosts/quark/optimized_build.nix
View File

@@ -1,122 +0,0 @@
{
config,
lib,
pkgs,
pkgs-unoptimized,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{ }
(lib.mkIf (!config.me.optimizations.enable) {
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_14;
})
(lib.mkIf (config.me.optimizations.enable) {
nixpkgs.hostPlatform = {
gcc.arch = "znver5";
gcc.tune = "znver5";
system = "x86_64-linux";
};
nixpkgs.overlays = [
(
final: prev:
let
addConfig =
additionalConfig: pkg:
pkg.override (oldconfig: {
structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
});
in
{
linux_me = addConfig {
# Full preemption
PREEMPT = lib.mkOverride 60 lib.kernel.yes;
PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
# Google's BBRv3 TCP congestion Control
TCP_CONG_BBR = lib.kernel.yes;
DEFAULT_BBR = lib.kernel.yes;
# Preemptive Full Tickless Kernel at 300Hz
HZ = lib.kernel.freeform "300";
HZ_300 = lib.kernel.yes;
HZ_1000 = lib.kernel.no;
} prev.linux_6_14;
}
)
(final: prev: {
haskellPackages = prev.haskellPackages.extend (
final': prev': {
crypton = pkgs-unoptimized.haskellPackages.crypton;
crypton-connection = pkgs-unoptimized.haskellPackages.crypton-connection;
crypton-x509 = pkgs-unoptimized.haskellPackages.crypton-x509;
crypton-x509-store = pkgs-unoptimized.haskellPackages.crypton-x509-store;
crypton-x509-system = pkgs-unoptimized.haskellPackages.crypton-x509-system;
crypton-x509-validation = pkgs-unoptimized.haskellPackages.crypton-x509-validation;
hspec-wai = pkgs-unoptimized.haskellPackages.hspec-wai;
http-client-tls = pkgs-unoptimized.haskellPackages.http-client-tls;
http2 = pkgs-unoptimized.haskellPackages.http2;
pandoc = pkgs-unoptimized.haskellPackages.pandoc;
pandoc-cli = pkgs-unoptimized.haskellPackages.pandoc-cli;
pandoc-lua-engine = pkgs-unoptimized.haskellPackages.pandoc-lua-engine;
pandoc-server = pkgs-unoptimized.haskellPackages.pandoc-server;
servant-server = pkgs-unoptimized.haskellPackages.servant-server;
tls = pkgs-unoptimized.haskellPackages.tls;
wai-app-static = pkgs-unoptimized.haskellPackages.wai-app-static;
wai-extra = pkgs-unoptimized.haskellPackages.wai-extra;
warp = pkgs-unoptimized.haskellPackages.warp;
}
);
})
(final: prev: {
gsl = pkgs-unoptimized.gsl;
redis = pkgs-unoptimized.redis;
valkey = pkgs-unoptimized.valkey;
})
];
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_me;
})
(lib.mkIf (!config.me.buildingIso) {
nix.settings.system-features = lib.mkForce [
"gccarch-znver4"
"gccarch-znver5"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
# Keep ALL dependencies so we can rebuild offline. This DRASTICALLY increase disk usage, but disk space is cheap.
# system.includeBuildDependencies = true;
# This also should enable building offline? TODO: test.
nix.extraOptions = ''
keep-outputs = true
keep-derivations = true
'';
# # building ON
# nixpkgs.localSystem = { system = "aarch64-linux"; };
# # building FOR
# nixpkgs.crossSystem = { system = "aarch64-linux"; };
# nixpkgs.config = {
# replaceStdenv = ({ pkgs }: pkgs.clangStdenv);
# };
# or maybe an overlay
# stdenv = prev.clangStdenv;
})
(lib.mkIf (config.me.buildingIso) {
boot.supportedFilesystems.zfs = true;
})
];
}

6
nix/configuration/roles/alacritty/default.nix
View File

@@ -24,10 +24,8 @@
xdg-utils # for xdg-open xdg-utils # for xdg-open
]; ];
home-manager.users.talexander = me.install.user.talexander.file = {
{ pkgs, ... }: ".config/alacritty/alacritty.toml" = {
{
home.file.".config/alacritty/alacritty.toml" = {
source = ./files/alacritty.toml; source = ./files/alacritty.toml;
}; };
}; };

29
nix/configuration/roles/amd_s2idle/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
amd_s2idle.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install amd_s2idle.";
};
};
config = lib.mkIf config.me.amd_s2idle.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
amd-debug-tools
];
}
]
);
}

14
nix/configuration/roles/chromium/default.nix
View File

@@ -22,7 +22,7 @@
{ } { }
(lib.mkIf config.me.graphical { (lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
(chromium.override { enableWideVine = true; }) chromium
]; ];
allowedUnfree = [ allowedUnfree = [
"chromium" "chromium"
@@ -57,8 +57,18 @@
}; };
}; };
nixpkgs.overlays = [
(final: prev: {
chromium = prev.chromium.override {
enableWideVine = true;
commandLineArgs = [
"--enable-features=VaapiVideoDecoder,VaapiIgnoreDriverChecks,Vulkan,DefaultANGLEVulkan,VulkanFromANGLE,AcceleratedVideoEncoder"
# Enabling vulkan causes video to render as white # Enabling vulkan causes video to render as white
# nixpkgs.config.chromium.commandLineArgs = "--enable-features=Vulkan"; # "--enable-features=Vulkan";
];
};
})
];
}) })
] ]
); );

29
nix/configuration/roles/d2/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
d2.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install d2.";
};
};
config = lib.mkIf config.me.d2.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
d2
];
}
]
);
}

55
nix/configuration/roles/direnv/default.nix Normal file
View File

@@ -0,0 +1,55 @@
{
config,
lib,
pkgs,
...
}:
let
direnv_zsh_hook = pkgs.writeTextFile {
name = "direnv_zsh_hook.zsh";
text = ''
eval "$(direnv hook zsh)"
'';
};
in
{
imports = [ ];
options.me = {
direnv.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install direnv.";
};
};
config = lib.mkIf config.me.direnv.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
direnv
nix-direnv
];
me.zsh.includes = [ direnv_zsh_hook ];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
# List of allowed directories from `direnv allow`.
directory = ".local/share/direnv";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
}
]
);
}

105
nix/configuration/roles/distributed_build/default.nix Normal file
View File

@@ -0,0 +1,105 @@
{
config,
lib,
pkgs,
...
}:
let
make_machine_config = name: {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to use the ${name} machine during distributed builds.";
};
additional_config = lib.mkOption {
type = lib.types.attrs;
default = { };
example = lib.literalExpression {
speedFactor = 2;
};
description = "Additional config values for the buildMachines entry. For example, speedFactor.";
};
};
in
{
imports = [ ];
options.me = {
distributed_build.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to use multiple machines to perform a nixos-rebuild.";
};
distributed_build.machines.hydra = make_machine_config "hydra";
distributed_build.machines.quark = make_machine_config "quark";
};
config = lib.mkIf config.me.distributed_build.enable (
lib.mkMerge [
{
nix.distributedBuilds = true;
}
(lib.mkIf config.me.distributed_build.machines.hydra.enable {
nix.buildMachines = [
(
{
hostName = "hydra";
sshUser = "nixworker";
# sshKey = "";
# publicHostKey = "";
systems = [
"x86_64-linux"
# "aarch64-linux"
];
maxJobs = 1;
supportedFeatures = [
# "nixos-test"
"benchmark"
"big-parallel"
# "kvm"
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"gccarch-znver4"
];
}
// config.me.distributed_build.machines.hydra.additional_config
)
];
})
(lib.mkIf config.me.distributed_build.machines.quark.enable {
nix.buildMachines = [
(
{
hostName = "quark";
sshUser = "nixworker";
sshKey = "/persist/manual/ssh/root/keys/id_ed25519";
# From: base64 -w0 /persist/ssh/ssh_host_ed25519_key.pub
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUx0alplYlVYTkRkU3Y1enVGbjM3eFNMZUN3S2hPKzFMdWovM2FYNFJRTEEgcm9vdEBxdWFyawo=";
systems = [
"x86_64-linux"
# "aarch64-linux"
];
maxJobs = 1;
supportedFeatures = [
# "nixos-test"
"benchmark"
"big-parallel"
# "kvm"
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"gccarch-znver4"
"gccarch-znver5"
];
}
// config.me.distributed_build.machines.quark.additional_config
)
];
})
]
);
}

1
nix/configuration/roles/ecc/default.nix
View File

@@ -1,3 +1,4 @@
# Check memory errors with: ras-mc-ctl --error-count
{ {
config, config,
lib, lib,

12
nix/configuration/roles/emacs/default.nix
View File

@@ -113,7 +113,7 @@ in
"doc" "doc"
"info" "info"
]; ];
buildInputs = [ final.makeWrapper ]; nativeBuildInputs = [ final.makeWrapper ];
postBuild = '' postBuild = ''
wrapProgram $out/bin/emacs --prefix PATH : ${ wrapProgram $out/bin/emacs --prefix PATH : ${
lib.makeBinPath [ lib.makeBinPath [
@@ -131,8 +131,10 @@ in
final.cmake-language-server final.cmake-language-server
final.cmake # Used by cmake-language-server final.cmake # Used by cmake-language-server
final.rust-analyzer final.rust-analyzer
final.nodePackages_latest.prettier # Format yaml, json, and JS final.prettier # Format yaml, json, and JS
final.terraform-ls final.terraform-ls
final.typescript-language-server
final.tex
] ]
} }
''; '';
@@ -140,10 +142,8 @@ in
}) })
]; ];
home-manager.users.talexander = me.install.user.talexander.file = {
{ pkgs, ... }: ".config/emacs" = {
{
home.file.".config/emacs" = {
source = ./files/emacs; source = ./files/emacs;
recursive = true; recursive = true;
}; };

11
nix/configuration/roles/emacs/files/emacs/elisp/base-extensions.el
View File

@@ -14,17 +14,6 @@
;; Other packages ;; Other packages
(use-package emacs
:config
(setq enable-recursive-minibuffers t)
;; Filter the M-x list base on the current mode
(setq read-extended-command-predicate #'command-completion-default-include-p)
;; Enable triggering completion with the tab key.
(setq tab-always-indent 'complete)
)
(use-package dashboard (use-package dashboard
:config :config
(dashboard-setup-startup-hook)) (dashboard-setup-startup-hook))

54
nix/configuration/roles/emacs/files/emacs/elisp/base.el
View File

@@ -24,11 +24,51 @@
(setq autoload-directory (concat user-emacs-directory (file-name-as-directory "elisp") (file-name-as-directory "autoload"))) (setq autoload-directory (concat user-emacs-directory (file-name-as-directory "elisp") (file-name-as-directory "autoload")))
(add-to-list 'load-path (assert-directory autoload-directory)) (add-to-list 'load-path (assert-directory autoload-directory))
(setq-default (use-package emacs
:ensure nil
:bind
(("C-z" . nil)
("C-x C-z" . nil)
("RET" . newline-and-indent)
)
:custom
;; Replace highlighted text if you start typing.
(delete-selection-mode 1)
(history-length 300)
;; Enable auto-revert for buffers like dired
(global-auto-revert-non-file-buffers t)
;; If the underlying file changes, reload it automatically. This is useful for moving around in git without confusing language servers.
(auto-revert-avoid-polling t)
(auto-revert-interval 5)
(auto-revert-check-vc-info t)
(global-auto-revert-mode t)
;; Disable backup files and lockfiles ;; Disable backup files and lockfiles
make-backup-files nil (create-lockfiles nil)
auto-save-default nil (make-backup-files nil)
create-lockfiles nil (backup-inhibited t)
;; Do not auto-save files
(auto-save-default nil)
(pixel-scroll-precision-mode t)
(pixel-scroll-precision-use-momentum nil)
:config
(setq enable-recursive-minibuffers t)
;; Filter the M-x list base on the current mode
(setq read-extended-command-predicate #'command-completion-default-include-p)
;; Enable triggering completion with the tab key.
(setq tab-always-indent 'complete)
)
(setq-default
;; Unless otherwise specified, always install packages if they are absent. ;; Unless otherwise specified, always install packages if they are absent.
use-package-always-ensure t use-package-always-ensure t
;; Point custom-file at /dev/null so emacs does not write any settings to my dotfiles. ;; Point custom-file at /dev/null so emacs does not write any settings to my dotfiles.
@@ -80,12 +120,6 @@
;; Delete trailing whitespace before save ;; Delete trailing whitespace before save
(add-hook 'before-save-hook 'delete-trailing-whitespace) (add-hook 'before-save-hook 'delete-trailing-whitespace)
;; If the underlying file changes, reload it automatically. This is useful for moving around in git without confusing language servers.
(setopt auto-revert-avoid-polling t)
(setopt auto-revert-interval 5)
(setopt auto-revert-check-vc-info t)
(global-auto-revert-mode)
;;;;; Performance ;;;;; Performance
;; Run garbage collect when emacs is idle ;; Run garbage collect when emacs is idle
(run-with-idle-timer 5 t (lambda () (garbage-collect))) (run-with-idle-timer 5 t (lambda () (garbage-collect)))

16
nix/configuration/roles/emacs/files/emacs/elisp/lang-d2.el Normal file
View File

@@ -0,0 +1,16 @@
(defun d2-format-buffer ()
"Run prettier."
(interactive)
(run-command-on-buffer "d2" "fmt" "-")
)
(use-package d2-mode
:commands (d2-mode)
:hook (
(d2-mode . (lambda ()
;; (add-hook 'before-save-hook 'd2-format-buffer nil 'local)
))
)
)
(provide 'lang-d2)

10
nix/configuration/roles/emacs/files/emacs/elisp/lang-javascript.el
View File

@@ -1,6 +1,12 @@
(require 'common-lsp) (require 'common-lsp)
(require 'util-tree-sitter) (require 'util-tree-sitter)
(defun js-format-buffer ()
"Run prettier."
(interactive)
(run-command-on-buffer "prettier" "--stdin-filepath" buffer-file-name)
)
(use-package json-ts-mode (use-package json-ts-mode
:ensure nil :ensure nil
:pin manual :pin manual
@@ -113,10 +119,14 @@
("\\.js\\'" . js-ts-mode) ("\\.js\\'" . js-ts-mode)
) )
:commands (js-ts-mode) :commands (js-ts-mode)
:custom (
(js-indent-level 2)
)
:hook ( :hook (
(js-ts-mode . (lambda () (js-ts-mode . (lambda ()
(when-linux (when-linux
(eglot-ensure) (eglot-ensure)
(add-hook 'before-save-hook 'js-format-buffer nil 'local)
) )
)) ))
) )

4
nix/configuration/roles/emacs/files/emacs/elisp/lang-org.el
View File

@@ -87,4 +87,8 @@
(use-package gnuplot) (use-package gnuplot)
(use-package graphviz-dot-mode) (use-package graphviz-dot-mode)
(use-package htmlize
;; For syntax highlighting when exporting to HTML.
)
(provide 'lang-org) (provide 'lang-org)

6
nix/configuration/roles/emacs/files/emacs/elisp/lang-rust.el
View File

@@ -46,7 +46,7 @@
(when rust-analyzer-command (when rust-analyzer-command
;; (add-to-list 'eglot-server-programs `(rust-ts-mode . (,rust-analyzer-command))) ;; (add-to-list 'eglot-server-programs `(rust-ts-mode . (,rust-analyzer-command)))
(add-to-list 'eglot-server-programs `(rust-ts-mode . (,rust-analyzer-command :initializationOptions (:imports (:granularity (:enforce t :group "item") (add-to-list 'eglot-server-programs `(rust-ts-mode . (,rust-analyzer-command :initializationOptions (:imports (:granularity (:enforce t :group "item")
:merge (:glob nil) :merge (:glob :json-false)
:prefix "self") :prefix "self")
)))) ))))
) )
@@ -60,8 +60,8 @@
(unless (treesit-ready-p 'rust) (treesit-install-language-grammar 'rust)) (unless (treesit-ready-p 'rust) (treesit-install-language-grammar 'rust))
:config :config
;; Add keybindings for interacting with Cargo ;; Add keybindings for interacting with Cargo
(use-package cargo ;; (use-package cargo
:hook (rust-ts-mode . cargo-minor-mode)) ;; :hook (rust-ts-mode . cargo-minor-mode))
) )
(use-package toml-ts-mode (use-package toml-ts-mode

2
nix/configuration/roles/emacs/files/emacs/init.el
View File

@@ -40,4 +40,6 @@
(require 'lang-cmake) (require 'lang-cmake)
(require 'lang-d2)
(load-directory autoload-directory) (load-directory autoload-directory)

11
nix/configuration/roles/firefox/default.nix
View File

@@ -73,6 +73,9 @@
"+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked"; "+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked";
# Disable weather on new tab page # Disable weather on new tab page
"browser.newtabpage.activity-stream.showWeather" = false; "browser.newtabpage.activity-stream.showWeather" = false;
# Disable AI stuff that wastes battery life
"browser.ml.chat.enabled" = false;
"browser.ml.enabled" = false;
}; };
# Check about:policies#documentation and https://mozilla.github.io/policy-templates/ for options. # Check about:policies#documentation and https://mozilla.github.io/policy-templates/ for options.
policies = { policies = {
@@ -88,10 +91,10 @@
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"; install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
installation_mode = "force_installed"; installation_mode = "force_installed";
}; };
"firefox@teleparty.com" = { # "firefox@teleparty.com" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/netflix-party-is-now-teleparty/latest.xpi"; # install_url = "https://addons.mozilla.org/firefox/downloads/latest/netflix-party-is-now-teleparty/latest.xpi";
installation_mode = "normal_installed"; # installation_mode = "normal_installed";
}; # };
"@ublacklist" = { "@ublacklist" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublacklist/latest.xpi"; install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublacklist/latest.xpi";
installation_mode = "normal_installed"; installation_mode = "normal_installed";

102
nix/configuration/roles/git/default.nix
View File

@@ -5,6 +5,18 @@
... ...
}: }:
let
git_wrapped =
package: prog:
pkgs.writeShellScriptBin "${prog}" ''
export PATH="${
lib.makeBinPath [
pkgs.meld
]
}:$PATH"
exec ${package}/bin/${prog} "''${@}"
'';
in
{ {
imports = [ ]; imports = [ ];
@@ -20,66 +32,48 @@
config = lib.mkMerge [ config = lib.mkMerge [
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
git my_git
]; ];
} }
(lib.mkIf (config.me.git.config != null) { (lib.mkIf (config.me.git.config != null) {
home-manager.users.talexander = me.install.user.talexander.file = {
{ pkgs, ... }: ".gitconfig" = {
{
home.file.".gitconfig" = {
source = config.me.git.config; source = config.me.git.config;
}; };
}; };
}) })
# (lib.mkIf (config.me.graphical) { (lib.mkIf (config.me.graphical) {
# nixpkgs.overlays = [ nixpkgs.overlays = [
# (final: prev: { (final: prev: {
# git = pkgs.buildEnv { my_git = (
# name = prev.git.name; pkgs.buildEnv {
# paths = [ name = prev.git.name;
# prev.git version = prev.git.version;
# ]; paths =
# extraOutputsToInstall = [ (builtins.map (git_wrapped prev.git) [
# "man" "git"
# "doc" ])
# "info" ++ [
# ]; prev.git
# buildInputs = [ final.makeWrapper ]; ];
# postBuild = '' extraOutputsToInstall = [
# wrapProgram $out/bin/git --prefix PATH : ${ "man"
# lib.makeBinPath [ "doc"
# final.meld "info"
# ] ];
# } nativeBuildInputs = [ final.makeWrapper ];
# ''; ignoreCollisions = true;
# }; }
# }) );
# ]; })
# }) ];
# (lib.mkIf (!config.me.graphical) { })
# nixpkgs.overlays = [ (lib.mkIf (!config.me.graphical) {
# (final: prev: { nixpkgs.overlays = [
# git = pkgs.buildEnv { (final: prev: {
# name = prev.git.name; my_git = prev.git;
# paths = [ })
# prev.git ];
# ]; })
# extraOutputsToInstall = [
# "man"
# "doc"
# "info"
# ];
# buildInputs = [ final.makeWrapper ];
# postBuild = ''
# wrapProgram $out/bin/git --prefix PATH : ${
# lib.makeBinPath [
# ]
# }
# '';
# };
# })
# ];
# })
]; ];
} }

4
nix/configuration/roles/git/files/gitconfig_home
View File

@@ -8,6 +8,7 @@
lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
bh = log --oneline --branches=* --remotes=* --graph --decorate bh = log --oneline --branches=* --remotes=* --graph --decorate
amend = commit --amend --no-edit amend = commit --amend --no-edit
authorcount = shortlog --summary --numbered --all --no-merges
[core] [core]
excludesfile = ~/.gitignore_global excludesfile = ~/.gitignore_global
[commit] [commit]
@@ -50,4 +51,5 @@
[rebase] [rebase]
autoSquash = true autoSquash = true
autoStash = true autoStash = true
updateRefs = true # updateRefs was annoying when you want to split a branch in two by rebasing away from commits from one branch and rebasing away some commits from another branch.
updateRefs = false

9
nix/configuration/roles/global_options/default.nix
View File

@@ -8,15 +8,6 @@
{ {
imports = [ ]; imports = [ ];
options.me = {
optimizations.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to enable CPU optimizations (will trigger a rebuild from source).";
};
};
# options.me.graphics_card_type = lib.mkOption { # options.me.graphics_card_type = lib.mkOption {
# type = lib.types.nullOr ( # type = lib.types.nullOr (
# lib.types.enum [ # lib.types.enum [

7
nix/configuration/roles/gpg/default.nix
View File

@@ -57,11 +57,8 @@ in
# disable-ccid = true; # disable-ccid = true;
# }; # };
# .gnupg/scdaemon.conf me.install.user.talexander.file = {
home-manager.users.talexander = ".gnupg/scdaemon.conf" = {
{ pkgs, ... }:
{
home.file.".gnupg/scdaemon.conf" = {
source = ./files/scdaemon.conf; source = ./files/scdaemon.conf;
}; };
}; };

45
nix/configuration/roles/iso_mount/default.nix Normal file
View File

@@ -0,0 +1,45 @@
{
config,
lib,
pkgs,
...
}:
let
iso_mount =
(pkgs.writeScriptBin "iso_mount" (builtins.readFile ./files/iso_mount.bash)).overrideAttrs
(old: {
buildCommand = "${old.buildCommand}\n patchShebangs $out";
});
iso_unmount =
(pkgs.writeScriptBin "iso_unmount" (builtins.readFile ./files/iso_unmount.bash)).overrideAttrs
(old: {
buildCommand = "${old.buildCommand}\n patchShebangs $out";
});
in
{
imports = [ ];
options.me = {
iso_mount.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install iso_mount.";
};
};
config = lib.mkIf config.me.iso_mount.enable (
lib.mkMerge [
{
environment.systemPackages = [
iso_mount
iso_unmount
];
}
]
);
}

8
nix/configuration/roles/iso_mount/files/iso_mount.bash Normal file
View File

@@ -0,0 +1,8 @@
#!/usr/bin/env bash
#
# Mount a full-disk image as a loopback device so you can mount individual partitions from inside of it.
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
exec udisksctl loop-setup -r -f "${@}"

8
nix/configuration/roles/iso_mount/files/iso_unmount.bash Normal file
View File

@@ -0,0 +1,8 @@
#!/usr/bin/env bash
#
# Mount a full-disk image as a loopback device so you can mount individual partitions from inside of it.
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
exec udisksctl loop-delete "${@}"

6
nix/configuration/roles/kanshi/default.nix
View File

@@ -41,15 +41,11 @@ in
exec_kanshi exec_kanshi
]; ];
home-manager.users.talexander = me.install.user.talexander.file = {
{ pkgs, ... }:
{
home.file = {
".config/kanshi/config" = { ".config/kanshi/config" = {
source = ./files/config_kanshi; source = ./files/config_kanshi;
}; };
}; };
};
}) })
] ]
); );

8
nix/configuration/roles/kodi/default.nix
View File

@@ -78,9 +78,6 @@
}; };
}; };
home-manager.users.kodi =
{ pkgs, ... }:
{
# home.file.".kodi/userdata/mediasources.xml".source = ./files/mediasources.xml; # home.file.".kodi/userdata/mediasources.xml".source = ./files/mediasources.xml;
# home.file.".kodi/userdata/addon_data/peripheral.joystick/resources/buttonmaps/xml/linux/DualSense_Wireless_Controller_13b_8a.xml".source = # home.file.".kodi/userdata/addon_data/peripheral.joystick/resources/buttonmaps/xml/linux/DualSense_Wireless_Controller_13b_8a.xml".source =
@@ -88,11 +85,6 @@
# TODO: Maybe .kodi/userdata/sources.xml # TODO: Maybe .kodi/userdata/sources.xml
# TODO: ./userdata/guisettings.xml:303: <setting id="filecache.memorysize">128</setting> # TODO: ./userdata/guisettings.xml:303: <setting id="filecache.memorysize">128</setting>
# The state version is required and should stay at the version you
# originally installed.
home.stateVersion = "24.11";
};
}) })
] ]
); );

2
nix/configuration/roles/kubernetes/default.nix
View File

@@ -33,7 +33,7 @@ let
.overrideAttrs .overrideAttrs
(old: { (old: {
buildCommand = "${old.buildCommand}\n patchShebangs $out"; buildCommand = "${old.buildCommand}\n patchShebangs $out";
buildInputs = [ pkgs.makeWrapper ]; nativeBuildInputs = [ pkgs.makeWrapper ];
postBuild = '' postBuild = ''
wrapProgram $out/bin/decrypt_k8s_secret --prefix PATH : ${ wrapProgram $out/bin/decrypt_k8s_secret --prefix PATH : ${
lib.makeBinPath [ lib.makeBinPath [

45
nix/configuration/roles/latex/default.nix
View File

@@ -5,22 +5,6 @@
... ...
}: }:
let
tex = (
pkgs.texlive.combine {
inherit (pkgs.texlive)
scheme-basic
dvisvgm
dvipng # for preview and export as html in org-mode
wrapfig
amsmath
ulem
hyperref
capt-of
;
}
);
in
{ {
imports = [ ]; imports = [ ];
@@ -40,6 +24,35 @@ in
tex tex
]; ];
} }
{
nixpkgs.overlays = [
(final: prev: {
tex = (
pkgs.texlive.combine {
inherit (pkgs.texlive)
scheme-basic
dvisvgm
dvipng # for preview and export as html in org-mode
wrapfig
amsmath
ulem
hyperref
capt-of
svg # emacs org-mode pdf export
catchfile # emacs org-mode pdf export
xcolor # emacs org-mode pdf export
transparent # emacs org-mode pdf export
pgf # emacs org-mode pdf export
minted # emacs org-mode pdf export code block highlighting
upquote # emacs org-mode pdf export
lineno # emacs org-mode pdf export
;
}
);
})
];
}
] ]
); );
} }

4
nix/configuration/roles/lvfs/default.nix
View File

@@ -20,8 +20,8 @@
config = lib.mkIf config.me.lvfs.enable ( config = lib.mkIf config.me.lvfs.enable (
lib.mkMerge [ lib.mkMerge [
{ {
# TODO: Is this installing firmware or just downloading it? Is this needed? # TODO: Is this installing firmware or just downloading it?
# services.fwupd.enable = true; services.fwupd.enable = true;
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true; hideMounts = true;
directories = [ directories = [

10
nix/configuration/roles/media/default.nix
View File

@@ -28,7 +28,7 @@ in
type = lib.types.bool; type = lib.types.bool;
default = false; default = false;
example = true; example = true;
description = "Whether we want to install media."; description = "Whether we want to install media utilities.";
}; };
}; };
@@ -39,6 +39,8 @@ in
ffmpeg ffmpeg
libva-utils # for vainfo libva-utils # for vainfo
vdpauinfo vdpauinfo
mkvtoolnix-cli # for mkvmerge
yt-dlp
]; ];
} }
(lib.mkIf config.me.graphical { (lib.mkIf config.me.graphical {
@@ -50,10 +52,8 @@ in
imv imv
]; ];
home-manager.users.talexander = me.install.user.talexander.file = {
{ pkgs, ... }: ".config/mpv/mpv.conf" = {
{
home.file.".config/mpv/mpv.conf" = {
source = ./files/mpv.conf; source = ./files/mpv.conf;
}; };
}; };

51
nix/configuration/roles/media/files/cast_file_vaapi
View File

@@ -6,6 +6,7 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: ${VIDEO_BITRATE:="1M"} # Only for encoding modes targeting bitrate : ${VIDEO_BITRATE:="1M"} # Only for encoding modes targeting bitrate
: ${AUDIO_BITRATE:="192k"} : ${AUDIO_BITRATE:="192k"}
: ${SPEED:="1"}
############## Setup ######################### ############## Setup #########################
@@ -62,6 +63,8 @@ function copy {
"rtsp://$USERNAME:$PASSWORD@172.16.16.251:8554/fetch" "rtsp://$USERNAME:$PASSWORD@172.16.16.251:8554/fetch"
} }
# benchmark vulkan decode:
# ffmpeg -init_hw_device "vulkan=vk:0" -hwaccel vulkan -hwaccel_output_format vulkan -i INPUT -f null - -benchmark
function convert { function convert {
local args=() local args=()
local acceleration_type="$1" # "software" or "hardware" local acceleration_type="$1" # "software" or "hardware"
@@ -99,11 +102,23 @@ function convert {
if [ "$acceleration_type" == "software" ]; then if [ "$acceleration_type" == "software" ]; then
true true
elif [ "$acceleration_type" == "hardware" ]; then elif [ "$acceleration_type" == "hardware" ]; then
if [ "$codec" == "h264" ]; then
args+=(-init_hw_device vulkan)
elif [ "$codec" == "av1" ]; then
args+=(-vaapi_device /dev/dri/renderD128) args+=(-vaapi_device /dev/dri/renderD128)
fi fi
fi
args+=(-i "$file_to_cast") args+=(-i "$file_to_cast")
if [ "$SPEED" != "1" ]; then
local audio_speed video_speed
video_speed=$(bc -l <<< "1/${SPEED}")
audio_speed=$(bc -l <<< "${SPEED}/1")
args+=(-filter:v "setpts=${video_speed}*PTS")
args+=(-filter:a "atempo=${audio_speed}")
fi
if [ "$codec" == "h264" ]; then if [ "$codec" == "h264" ]; then
if [ "$acceleration_type" == "software" ]; then if [ "$acceleration_type" == "software" ]; then
args+=(-c:v h264) args+=(-c:v h264)
@@ -111,7 +126,7 @@ function convert {
args+=(-b:v "$VIDEO_BITRATE") args+=(-b:v "$VIDEO_BITRATE")
elif [ "$acceleration_type" == "hardware" ]; then elif [ "$acceleration_type" == "hardware" ]; then
args+=(-vf 'format=nv12|vaapi,hwupload') args+=(-vf 'format=nv12|vaapi,hwupload')
args+=(-c:v h264_vaapi) args+=(-c:v h264_vulkan)
args+=(-profile:v high) args+=(-profile:v high)
args+=(-b:v "$VIDEO_BITRATE") args+=(-b:v "$VIDEO_BITRATE")
fi fi
@@ -119,12 +134,14 @@ function convert {
if [ "$acceleration_type" == "software" ]; then if [ "$acceleration_type" == "software" ]; then
args+=(-c:v libsvtav1) args+=(-c:v libsvtav1)
args+=(-preset 4) # [0-13] default 10, lower = higher quality / slower encode args+=(-preset 4) # [0-13] default 10, lower = higher quality / slower encode
args+=(-crf 20) # [0-63] default 35, lower = higher quality / larger file # args+=(-crf 20) # [0-63] default 35, lower = higher quality / larger file
# Parameters: https://gitlab.com/AOMediaCodec/SVT-AV1/-/blob/master/Docs/Parameters.md # Parameters: https://gitlab.com/AOMediaCodec/SVT-AV1/-/blob/master/Docs/Parameters.md
# fast-decode [0-2] default 0 (off), higher = faster decode # fast-decode [0-2] default 0 (off), higher = faster decode
# tune [0-2] default 1, Specifies whether to use PSNR or VQ as the tuning metric [0 = VQ, 1 = PSNR, 2 = SSIM] # tune [0-2] default 1, Specifies whether to use PSNR or VQ as the tuning metric [0 = VQ, 1 = PSNR, 2 = SSIM]
# film-grain-denoise, setting to 0 uses the original frames instead of denoising the film grain # film-grain-denoise, setting to 0 uses the original frames instead of denoising the film grain
args+=(-svtav1-params "fast-decode=1:film-grain-denoise=0") # rc 1 = vbr 2 = cbr
# tbr = average bitrate
args+=(-svtav1-params "fast-decode=1:film-grain-denoise=0:tbr=${VIDEO_BITRATE}:rc=1:passes=2")
elif [ "$acceleration_type" == "hardware" ]; then elif [ "$acceleration_type" == "hardware" ]; then
# -c:v av1_amf -quality quality # -c:v av1_amf -quality quality
args+=(-vf 'format=nv12|vaapi,hwupload') args+=(-vf 'format=nv12|vaapi,hwupload')
@@ -206,32 +223,4 @@ function encode_webcam {
"rtsp://$USERNAME:$PASSWORD@172.16.16.251:8554/fetch" "rtsp://$USERNAME:$PASSWORD@172.16.16.251:8554/fetch"
} }
function speed_up_preprocess_vp8 {
local file_to_cast file_to_save
file_to_cast="$1"
file_to_save="$2"
set -x
# -bf 0 :: Disable b-frames because webrtc doesn't support h264 streams with b-frames.
# -strict -2 :: Enable support for experimental codecs like opus.
# -b:v 2M :: Target 2 megabit/s
# -crf 10 :: Target a quality level and adjust bitrate accordingly. This should be preferred, but ideally both should be used.
# Could also use -filter_complex "[0:v]setpts=0.5*PTS[v];[0:a]atempo=2.0[a]" -map "[v]" -map "[a]"
</dev/null exec ffmpeg \
-i "$file_to_cast" \
-filter:v "setpts=0.66666666*PTS" \
-filter:a "atempo=1.5" \
-c:v vp8 \
-b:v 2M \
-crf 10 \
-bf 0 \
-c:a opus \
-b:a 320k \
-ar 48000 \
-strict -2 \
"$file_to_save"
}
main "${@}" main "${@}"

12
nix/configuration/roles/memtest86/default.nix
View File

@@ -8,10 +8,14 @@
{ {
imports = [ ]; imports = [ ];
config = lib.mkMerge [ config = lib.mkMerge [
{ } {
(lib.mkIf (config.me.buildingIso) { environment.systemPackages = with pkgs; [
memtest86plus
];
}
# (lib.mkIf (config.me.buildingIso) {
# boot.loader.systemd-boot.memtest86.enable = true; # boot.loader.systemd-boot.memtest86.enable = true;
boot.loader.grub.memtest86.enable = true; # boot.loader.grub.memtest86.enable = true;
}) # })
]; ];
} }

15
nix/configuration/roles/network/default.nix
View File

@@ -2,6 +2,7 @@
config, config,
lib, lib,
pkgs, pkgs,
pkgs-dda3dcd3f,
... ...
}: }:
@@ -18,8 +19,8 @@
{ {
imports = [ ]; imports = [ ];
networking.dhcpcd.enable = false; networking.dhcpcd.enable = lib.mkDefault false;
networking.useDHCP = false; networking.useDHCP = lib.mkDefault false;
networking.nameservers = [ networking.nameservers = [
"194.242.2.2#doh.mullvad.net" "194.242.2.2#doh.mullvad.net"
"2a07:e340::2#doh.mullvad.net" "2a07:e340::2#doh.mullvad.net"
@@ -64,6 +65,7 @@
ldns # for drill ldns # for drill
arp-scan # To find devices on the network arp-scan # To find devices on the network
wavemon wavemon
dhcpcd # For Android USB tethering.
]; ];
boot.extraModprobeConfig = '' boot.extraModprobeConfig = ''
@@ -91,4 +93,13 @@
# This is enabled by default in nixos. # This is enabled by default in nixos.
# "net.ipv6.conf.default.use_tempaddr" = 2; # "net.ipv6.conf.default.use_tempaddr" = 2;
}; };
# nixpkgs.overlays = [
# (final: prev: {
# inherit (pkgs-dda3dcd3f)
# linux-firmware
# ;
# })
# ];
} }

57
nix/configuration/roles/nix_worker/default.nix Normal file
View File

@@ -0,0 +1,57 @@
# MANUAL: Remember to set up root's ssh config with any necessary values. For example:
# Host foo
# HostName ns1.fizz.buzz
# Port 65122
# User nixworker
# IdentitiesOnly yes
# IdentityFile /persist/manual/ssh/root/keys/id_ed25519
# Host *
# Compression yes
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
nix_worker.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether this machine should be set up to function as a nix.buildMachines. This does not configure nix.buildMachines, but only does the necessary setup to get the machine ready/capable of being a nix.buildMachines.";
};
};
config = lib.mkIf config.me.nix_worker.enable (
lib.mkMerge [
{
nix.settings.trusted-users = [ "nixworker" ];
users.users.nixworker = {
isNormalUser = true;
createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481
group = "nixworker";
# extraGroups = [ "wheel" ];
# Generate with `mkpasswd -m scrypt`
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [
# Normal keys:
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
# Key for nix to connect:
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB/IlYTQ0M5pFN5tdoswh37CDl/gbULI3h+SsKXCansh talexander@odo"
];
};
users.groups.nixworker = { };
}
]
);
}

175
nix/configuration/roles/optimized_build/default.nix Normal file
View File

@@ -0,0 +1,175 @@
{
config,
lib,
pkgs,
pkgs-unoptimized,
...
}:
{
imports = [ ];
options.me = {
optimizations.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to enable CPU optimizations (will trigger a rebuild from source).";
};
optimizations.arch = lib.mkOption {
type = lib.types.str;
default = null;
example = "znver4";
description = "The CPU arch for which programs should be optimized.";
};
optimizations.system_features = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
example = [
"gccarch-znver4"
"gccarch-znver5"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
description = "The list of CPU features that should be enabled on this machine.";
};
};
config = lib.mkMerge [
(lib.mkIf (!config.me.optimizations.enable) (
lib.mkMerge [
{
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_16;
}
]
))
(lib.mkIf config.me.optimizations.enable (
lib.mkMerge [
{
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_me;
nixpkgs.hostPlatform = {
gcc.arch = config.me.optimizations.arch;
gcc.tune = config.me.optimizations.arch;
system = "x86_64-linux";
};
# Uncomment on of these to enable cross compiling:
# nixpkgs.buildPlatform = builtins.currentSystem;
# nixpkgs.buildPlatform = {
# gcc.arch = "znver4";
# gcc.tune = "znver4";
# system = "x86_64-linux";
# };
nixpkgs.overlays = [
(
final: prev:
let
addConfig =
additionalConfig: pkg:
pkg.override (oldconfig: {
structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
});
in
{
linux_me = addConfig {
# Full preemption
PREEMPT = lib.mkOverride 60 lib.kernel.yes;
PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
# Google's BBRv3 TCP congestion Control
TCP_CONG_BBR = lib.kernel.yes;
DEFAULT_BBR = lib.kernel.yes;
# Preemptive Full Tickless Kernel at 300Hz
HZ = lib.kernel.freeform "300";
HZ_300 = lib.kernel.yes;
HZ_1000 = lib.kernel.no;
} prev.linux_6_16;
}
)
(final: prev: {
haskellPackages = prev.haskellPackages.extend (
final': prev': {
inherit (pkgs-unoptimized.haskellPackages)
crypto-token
crypton
crypton-connection
crypton-x509
crypton-x509-store
crypton-x509-system
crypton-x509-validation
hspec-wai
http-client-tls
http2
pandoc
pandoc-cli
pandoc-lua-engine
pandoc-server
servant-server
tls
tls-session-manager
wai-app-static
wai-extra
warp
warp-tls
;
}
);
})
# (final: prev: {
# python = prev.python.override {
# packageOverrides = python-final: python-prev: {
# inherit (pkgs-unoptimized.pythonPackages) coverage;
# };
# };
# })
# (final: prev: {
# pythonPackagesOverlays = prev.pythonPackagesOverlays.extend (
# final': prev': {
# inherit (pkgs-unoptimized.pythonPackagesOverlays)
# coverage
# ;
# }
# );
# })
# (final: prev: {
# pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
# (python-final: python-prev: {
# inherit (pkgs-unoptimized.pythonPackages) coverage;
# })
# ];
# })
(final: prev: {
inherit (pkgs-unoptimized)
gsl
redis
valkey
nix-serve-ng
rapidjson
assimp
;
})
];
}
]
))
(lib.mkIf (config.me.optimizations.system_features != [ ]) (
lib.mkMerge [
{
nix.settings.system-features = lib.mkForce config.me.optimizations.system_features;
}
]
))
];
}

6
nix/configuration/roles/pcsx2/default.nix
View File

@@ -82,10 +82,8 @@
}; };
}; };
home-manager.users.talexander = me.install.user.talexander.file = {
{ pkgs, ... }: ".config/PCSX2/inis/PCSX2.ini" = {
{
home.file.".config/PCSX2/inis/PCSX2.ini" = {
source = ./files/PCSX2.ini; source = ./files/PCSX2.ini;
}; };
}; };

15
nix/configuration/roles/python/default.nix
View File

@@ -32,6 +32,21 @@
isort isort
black black
]; ];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
# Poetry virtual environments.
directory = ".cache/pypoetry";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
} }
] ]
); );

186
nix/configuration/roles/rpcs3/default.nix Normal file
View File

@@ -0,0 +1,186 @@
{
config,
lib,
pkgs,
...
}:
let
rpcs3_config_yaml = settingsFormat.generate "config.yml" config.me.rpcs3.config;
settingsFormat = pkgs.formats.yaml { };
in
{
imports = [ ];
options.me = {
rpcs3.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install rpcs3.";
};
rpcs3.config = lib.mkOption rec {
apply = lib.recursiveUpdate default;
inherit (settingsFormat) type;
default = {
Core = {
"Use LLVM CPU" = lib.mkIf (config.me.optimizations.enable) config.me.optimizations.arch;
};
VFS = {
"Enable /host_root/" = false;
};
Video = {
"Write Color Buffers" = true;
VSync = true;
"Performance Overlay" = {
Enabled = false;
};
};
Miscellaneous = {
"Pause emulation on RPCS3 focus loss" = true;
"Start games in fullscreen mode" = true;
"Pause Emulation During Home Menu" = false; # true makes the home menu slow
};
};
example = null;
description = "RPCS3's config.yml in nix form.";
};
};
config = lib.mkIf config.me.rpcs3.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
rpcs3
];
security.pam.loginLimits = [
{
domain = "@wheel";
item = "memlock";
type = "hard";
value = "unlimited";
}
{
domain = "@wheel";
item = "memlock";
type = "soft";
value = "unlimited";
}
];
me.install.user.talexander.file = {
".config/rpcs3/config.yml" = lib.mkIf (config.me.rpcs3.config != null) {
source = rpcs3_config_yaml;
};
".config/rpcs3/GuiConfigs/CurrentSettings.ini" = {
source = ./files/CurrentSettings.ini;
};
".config/rpcs3/custom_configs/config_BLUS30443.yml" = {
# Demon's Souls per-game config.
source = ./files/config_BLUS30443.yml;
};
".config/rpcs3/patches/patch.yml" = {
# All of the available patches.
source = ./files/patch.yml;
};
".config/rpcs3/patch_config.yml" = {
# Patches that I have enabled.
source = ./files/patch_config.yml;
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
# Location of ROMs.
directory = ".config/rpcs3/games";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
directory = ".config/rpcs3/dev_hdd0";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
directory = ".config/rpcs3/dev_hdd1";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
directory = ".config/rpcs3/savestates";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
directory = ".config/rpcs3/dev_usb000";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Seems to be where the firmware is installed.
directory = ".config/rpcs3/dev_flash";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Controller config.
directory = ".config/rpcs3/input_configs";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Game icons.
directory = ".config/rpcs3/Icons";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
files = [
{
# play times and recently played
file = ".config/rpcs3/GuiConfigs/persistent_settings.dat";
parentDirectory = {
mode = "0755";
};
}
{
# Netplay (RPCN) config and credentials
file = ".config/rpcs3/rpcn.yml";
parentDirectory = {
mode = "0755";
};
}
];
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".cache/rpcs3";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
})
]
);
}

5
nix/configuration/roles/rpcs3/files/CurrentSettings.ini Normal file
View File

@@ -0,0 +1,5 @@
[Meta]
currentStylesheet=Darker Style by TheMitoSan
[main_window]
infoBoxEnabledWelcome=false

14
nix/configuration/roles/rpcs3/files/config_BLUS30443.yml Normal file
View File

@@ -0,0 +1,14 @@
Core:
SPU Block Size: Safe
Video:
Write Color Buffers: true
Minimum Scalable Dimension: 640
Net:
Internet enabled: Connected
IP address: 0.0.0.0
Bind address: 0.0.0.0
DNS address: 8.8.8.8
IP swap list: "ds-eu-c.scej-online.jp=206.189.232.242&&ds-eu-g.scej-online.jp=206.189.232.242&&c.demons-souls.com=206.189.232.242&&g.demons-souls.com=206.189.232.242&&cmnap.scej-online.jp=206.189.232.242&&demons-souls.scej-online.jp=206.189.232.242"
UPNP Enabled: false
PSN status: RPCN
PSN Country: us

24771
nix/configuration/roles/rpcs3/files/patch.yml Normal file
View File

File diff suppressed because it is too large Load Diff

6
nix/configuration/roles/rpcs3/files/patch_config.yml Normal file
View File

@@ -0,0 +1,6 @@
PPU-83681f6110d33442329073b72b8dc88a2f677172:
Unlock FPS:
Demon's Souls:
BLUS30443:
01.00:
Enabled: true

8
nix/configuration/roles/rust/default.nix
View File

@@ -48,10 +48,7 @@ in
# ? cargo-public-api # ? cargo-public-api
]; ];
home-manager.users.talexander = me.install.user.talexander.file = {
{ pkgs, ... }:
{
home.file = {
".cargo/config.toml" = { ".cargo/config.toml" = {
source = ./files/cargo_config.toml; source = ./files/cargo_config.toml;
}; };
@@ -59,7 +56,6 @@ in
source = ./files/rustup_settings.toml; source = ./files/rustup_settings.toml;
}; };
}; };
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true; hideMounts = true;
@@ -131,7 +127,7 @@ in
++ [ ++ [
prev.rustup prev.rustup
]; ];
buildInputs = [ pkgs.makeWrapper ]; nativeBuildInputs = [ pkgs.makeWrapper ];
}; };
}) })
]; ];

14
nix/configuration/roles/rust/files/cargo_config.toml
View File

@@ -1,12 +1,12 @@
[target.x86_64-unknown-linux-gnu] # [target.x86_64-unknown-linux-gnu]
rustflags = ["-C", "target-cpu=native", "-Zthreads=0"] # rustflags = ["-C", "target-cpu=native", "-Zthreads=0"]
[unstable] # [unstable]
codegen-backend = true # codegen-backend = true
[profile.dev] # [profile.dev]
codegen-backend = "cranelift" # codegen-backend = "cranelift"
[profile.dev.package."*"] [profile.dev.package."*"]
codegen-backend = "llvm" # codegen-backend = "llvm"
opt-level = 3 opt-level = 3

110
nix/configuration/roles/shadps4/default.nix Normal file
View File

@@ -0,0 +1,110 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
shadps4.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install shadps4.";
};
};
config = lib.mkIf config.me.shadps4.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
shadps4
];
me.install.user.talexander.file = {
".local/share/shadPS4/config.toml" = {
source = ./files/config.toml;
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
# Location of ROMs.
directory = ".local/share/shadPS4/games";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Firmware.
directory = ".local/share/shadPS4/sys_modules";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Game saves.
directory = ".local/share/shadPS4/savedata";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# DLC.
directory = ".local/share/shadPS4/addcont";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
files = [
{
# play times and recently played
file = ".local/share/shadPS4/play_time.txt";
parentDirectory = {
mode = "0755";
};
}
];
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
# Cache.
directory = ".local/share/shadPS4/data";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
nixpkgs.overlays = [
(final: prev: {
shadps4 = prev.shadps4.overrideAttrs (old: {
version = "0.9.0";
src = final.fetchFromGitHub {
owner = "AzaharPlus";
repo = "shadPS4Plus";
tag = "SHADPS4PLUS_0_9_0_A";
hash = "sha256-ZwP+bOE4roWt51Ii53blDZzdq/SxK4Q69I4rLCNARLA=";
fetchSubmodules = true;
};
});
})
];
})
]
);
}

15
nix/configuration/roles/shadps4/files/config.toml Normal file
View File

@@ -0,0 +1,15 @@
[General]
# Without this, we get:
# /run/current-system/sw/bin/xdg-mime: line 1002: /nix/store/wd9bigydk9x8bsvnslrvb5klbgmh98v5-hm_mimeapps.list.new: Read-only file system
enableDiscordRPC = false
[GUI]
addonInstallDir = "/home/talexander/.local/share/shadPS4/addcont"
installDirs = ["/home/talexander/.local/share/shadPS4/games"]
installDirsEnabled = [true]
# Without the geometry settings shadps4 crashes instantly with a floating point error.
geometry_h = 981
geometry_w = 748
geometry_x = 0
geometry_y = 0

6
nix/configuration/roles/shikane/default.nix
View File

@@ -36,15 +36,11 @@ in
exec_shikane exec_shikane
]; ];
home-manager.users.talexander = me.install.user.talexander.file = {
{ pkgs, ... }:
{
home.file = {
".config/shikane/config.toml" = { ".config/shikane/config.toml" = {
source = ./files/config.toml; source = ./files/config.toml;
}; };
}; };
};
}) })
] ]
); );

12
nix/configuration/roles/shikane/files/config.toml
View File

@@ -1,3 +1,15 @@
[[profile]]
name = "laptop"
[[profile.output]]
enable = true
search = ["m=0x0BCA", "s=", "v=BOE"]
mode = "2256x1504@59.999Hz"
position = "0,0"
scale = 1.5
transform = "normal"
adaptive_sync = false
[[profile]] [[profile]]
name = "homedesk" name = "homedesk"
exec = ["notify-send shikane \"Profile $SHIKANE_PROFILE_NAME has been applied\""] exec = ["notify-send shikane \"Profile $SHIKANE_PROFILE_NAME has been applied\""]

19
nix/configuration/roles/ssh/default.nix
View File

@@ -27,19 +27,14 @@
}; };
}; };
home-manager.users.talexander = me.install.user.root.file = {
{ pkgs, ... }: ".ssh/config" = {
{
home.file.".ssh/config" = {
source = ./files/ssh_config;
};
};
home-manager.users.root =
{ pkgs, ... }:
{
home.file.".ssh/config" = {
source = ./files/ssh_config_root; source = ./files/ssh_config_root;
}; };
}; };
me.install.user.talexander.file = {
".ssh/config" = {
source = ./files/ssh_config;
};
};
} }

4
nix/configuration/roles/ssh/files/ssh_config
View File

@@ -34,5 +34,9 @@ Host hydra
ProxyJump talexander@mrmanager ProxyJump talexander@mrmanager
HostName 10.215.1.219 HostName 10.215.1.219
Host ionlybootzfs
HostName 127.0.0.1
Port 60022
Host * Host *
Compression yes Compression yes

2
nix/configuration/roles/ssh/files/ssh_config_root
View File

@@ -1,7 +1,7 @@
Host hydra Host hydra
HostName ns1.fizz.buzz HostName ns1.fizz.buzz
Port 65122 Port 65122
User talexander User nixworker
IdentitiesOnly yes IdentitiesOnly yes
IdentityFile /persist/manual/ssh/root/keys/id_ed25519 IdentityFile /persist/manual/ssh/root/keys/id_ed25519

12
nix/configuration/roles/sway/default.nix
View File

@@ -376,26 +376,18 @@ in
}; };
}; };
home-manager.users.talexander = me.install.user.talexander.file = {
{ pkgs, ... }:
{
home.file = {
# Configure default programs (for example, default browser)
".config/mimeapps.list" = { ".config/mimeapps.list" = {
# Configure default programs (for example, default browser)
source = ./files/mimeapps.list; source = ./files/mimeapps.list;
}; };
};
home.file = {
".config/gtk-3.0/settings.ini" = { ".config/gtk-3.0/settings.ini" = {
source = ./files/settings.ini; source = ./files/settings.ini;
}; };
};
home.file = {
".icons/default" = { ".icons/default" = {
source = "${pkgs.adwaita-icon-theme}/share/icons/Adwaita"; source = "${pkgs.adwaita-icon-theme}/share/icons/Adwaita";
}; };
}; };
};
# For mounting drives in pcmanfm # For mounting drives in pcmanfm
services.gvfs.enable = true; services.gvfs.enable = true;

10
nix/configuration/roles/vscode/default.nix
View File

@@ -22,6 +22,7 @@
(lib.mkIf config.me.graphical { (lib.mkIf config.me.graphical {
allowedUnfree = [ allowedUnfree = [
"vscode" "vscode"
"vscode-x86_64-unknown-linux-gnu-with-extensions"
"vscode-with-extensions" "vscode-with-extensions"
"vscode-extension-ms-vscode-remote-remote-ssh" "vscode-extension-ms-vscode-remote-remote-ssh"
]; ];
@@ -33,6 +34,7 @@
ms-python.python ms-python.python
ms-azuretools.vscode-docker ms-azuretools.vscode-docker
ms-vscode-remote.remote-ssh ms-vscode-remote.remote-ssh
esbenp.prettier-vscode
] ]
# ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [ # ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
# { # {
@@ -46,13 +48,11 @@
}) })
]; ];
home-manager.users.talexander = me.install.user.talexander.file = {
{ pkgs, ... }: ".config/Code/User/settings.json" = {
{
home.file.".config/Code/User/settings.json" = {
source = ./files/settings.json; source = ./files/settings.json;
}; };
home.file.".config/Code/User/keybindings.json" = { ".config/Code/User/keybindings.json" = {
source = ./files/keybindings.json; source = ./files/keybindings.json;
}; };
}; };

6
nix/configuration/roles/vscode/files/keybindings.json
View File

@@ -20,6 +20,12 @@
"command": "-workbench.action.navigateBack", "command": "-workbench.action.navigateBack",
"when": "canNavigateBack" "when": "canNavigateBack"
}, },
{
// This isn't quite right. In emacs it would go back to the last location you performed an action which could include navigation. This goes back to the place where you last changed the text. Either way, close enough.
"key": "ctrl+x ctrl+x",
"command": "workbench.action.navigateToLastEditLocation",
"when": "canNavigateToLastEditLocation"
},
{ {
"key": "shift+alt+/", "key": "shift+alt+/",
"command": "editor.action.goToReferences", "command": "editor.action.goToReferences",

17
nix/configuration/roles/vscode/files/settings.json
View File

@@ -18,6 +18,7 @@
"workbench.editor.showTabs": "none", "workbench.editor.showTabs": "none",
"workbench.activityBar.location": "hidden", "workbench.activityBar.location": "hidden",
"window.menuBarVisibility": "toggle", "window.menuBarVisibility": "toggle",
"window.commandCenter": false,
"explorer.autoReveal": false, "explorer.autoReveal": false,
"[python]": { "[python]": {
"editor.defaultFormatter": "ms-python.black-formatter", "editor.defaultFormatter": "ms-python.black-formatter",
@@ -31,11 +32,25 @@
"editor.defaultFormatter": "hashicorp.terraform", "editor.defaultFormatter": "hashicorp.terraform",
"editor.formatOnSave": true "editor.formatOnSave": true
}, },
"[typescript]": {
"editor.defaultFormatter": "esbenp.prettier-vscode",
"editor.formatOnSave": true
},
"[typescriptreact]": {
"editor.defaultFormatter": "esbenp.prettier-vscode",
"editor.formatOnSave": true
},
"javascript.autoClosingTags": false,
"typescript.autoClosingTags": false,
"black-formatter.importStrategy": "fromEnvironment", "black-formatter.importStrategy": "fromEnvironment",
"workbench.statusBar.visible": false, "workbench.statusBar.visible": false,
"git.openRepositoryInParentFolders": "never", "git.openRepositoryInParentFolders": "never",
"files.autoSave": "afterDelay", "files.autoSave": "afterDelay",
"editor.rulers": [ "editor.rulers": [
100 100
] ],
"workbench.secondarySideBar.defaultVisibility": "hidden",
"editor.autoClosingBrackets": "never",
"editor.autoSurround": "never",
"workbench.editor.navigationScope": "editorGroup"
} }

Some files were not shown because too many files have changed in this diff Show More