talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: talexander:862829c57c77d105496b4163a434c1110fc14cb6
Branches Tags
talexander:main talexander:kubernetes talexander:nix talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook
...
compare: talexander:starship
Branches Tags
talexander:kubernetes talexander:nix talexander:main talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook

188 Commits
862829c57c ... starship

Author SHA1 Message Date
Tom Alexander
9513882870 Still not working. 2025-01-27 20:38:45 -05:00
Tom Alexander
71a6843b37 Same issue with package based on 2ship2harkinian. 2025-01-27 19:26:38 -05:00
Tom Alexander
7d9d1ca80e Add a package for starship (Star Fox 64). 2025-01-27 19:26:38 -05:00
Tom Alexander
2f2d33296b Persist ares data. 2025-01-26 19:04:17 -05:00
Tom Alexander
2c1cf54de0 Update packages. 2025-01-26 18:55:53 -05:00
Tom Alexander
65be133ffe Update lanzaboote. 2025-01-26 16:57:18 -05:00
Tom Alexander
ee47c3cfa3 Enable debugging on ath12k. 2025-01-26 10:11:53 -05:00
Tom Alexander
ff8bb0653b Enable bluetooth on odo. 2025-01-25 21:28:14 -05:00
Tom Alexander
ff98873b32 Persist save data for ship of harkinian and 2ship2harkinian. 2025-01-25 21:22:55 -05:00
Tom Alexander
67ad4e2dff Persist sm64ex save data. 2025-01-25 20:47:48 -05:00
Tom Alexander
60452b0aeb Persist the nix-index index. 2025-01-25 20:22:41 -05:00
Tom Alexander
e043320e5c Clean up experiments in the gpg role. 2025-01-25 19:35:05 -05:00
Tom Alexander
2f8c4fbfe8 Disable verbose logging for gpg. 2025-01-25 19:10:48 -05:00
Tom Alexander
233bf4e967 Put the sleep back into wireguard. 2025-01-25 17:58:56 -05:00
Tom Alexander
f7adfaf54d Update lockfile. 2025-01-25 16:28:53 -05:00
Tom Alexander
78c9dec4c4 Disable rom name override. 
The latest nixpkgs does not support overriding the name so I am removing it now for compatibility.
 2025-01-25 16:22:04 -05:00
Tom Alexander
53c12a5b1e Add sshjail as an ansible plugin. 2025-01-25 15:30:30 -05:00
Tom Alexander
7d94210d8f Add cmake support to emacs. 2025-01-25 10:20:22 -05:00
Tom Alexander
1ebf31dc11 Remove sleep from wireguard service. 2025-01-25 10:20:22 -05:00
Tom Alexander
82c30bdb77 Add a role for 2ship2harkinian (Majora's Mask). 2025-01-24 21:25:41 -05:00
Tom Alexander
d5e7fdd097 Add bsdtar. 2025-01-24 20:58:03 -05:00
Tom Alexander
40fd7931d0 Add a persist folder for the talexander user. 2025-01-24 20:36:37 -05:00
Tom Alexander
835fd340a2 Add role for Ocarina of Time (shipwright). 2025-01-24 20:23:49 -05:00
Tom Alexander
94ef9ff3c8 Add role to build sm64ex. 2025-01-24 20:08:10 -05:00
Tom Alexander
62d3c010f5 Install nix-tree. 2025-01-24 19:01:51 -05:00
Tom Alexander
e9e792961c Add a not-working snippet to show where system packages are imported. 2025-01-24 18:53:57 -05:00
Tom Alexander
281dffc9c0 Do not install foot. 2025-01-24 18:42:57 -05:00
Tom Alexander
5bd67bb02a Move defaultPackages into the reset role. 2025-01-24 18:36:14 -05:00
Tom Alexander
4a76097a5e Refactor the wireguard role to use lib.mkMerge. 2025-01-24 17:59:07 -05:00
Tom Alexander
facfd01661 Make zsh install conditional. 2025-01-23 21:55:22 -05:00
Tom Alexander
2ce4520cd6 Make zrepl a conditional install. 2025-01-23 21:52:50 -05:00
Tom Alexander
814769b3e9 Do not install waybar on neelix. 2025-01-23 21:43:08 -05:00
Tom Alexander
6424129da3 Do not install wasm role on neelix. 2025-01-23 21:41:08 -05:00
Tom Alexander
415edbad91 Do not install vscode on neelix. 2025-01-23 21:39:57 -05:00
Tom Alexander
a773f94593 Do not install vnc client on neelix. 2025-01-23 21:37:16 -05:00
Tom Alexander
226610c926 Do not install steam or terraform on neelix. 2025-01-23 21:37:15 -05:00
Tom Alexander
7c6afef2bb Do not install pavucontrol on non-graphical installs. 2025-01-23 21:25:19 -05:00
Tom Alexander
55654fafb1 Do not install rust on neelix. 2025-01-23 21:21:37 -05:00
Tom Alexander
8946868fd6 Do not install qemu on neelix. 2025-01-23 21:18:57 -05:00
Tom Alexander
cd8e9002d0 Do not install python on neelix. 2025-01-23 21:15:48 -05:00
Tom Alexander
e1a274c88e Do not install media role on neelix. 2025-01-23 21:06:11 -05:00
Tom Alexander
cdc4bdffb6 Git buildEnv is failing. 2025-01-23 20:59:39 -05:00
Tom Alexander
9b9a103e49 Do not install gnome-firmware on non-graphical installs. 2025-01-23 20:46:03 -05:00
Tom Alexander
ea7bf809fc Do not install the launch keyboard configurator on neelix or non-graphical installs. 2025-01-23 20:42:22 -05:00
Tom Alexander
88a6d046b8 Do not install LaTeX on neelix. 2025-01-23 20:38:54 -05:00
Tom Alexander
d8e16f0b05 Do not install kubernetes clients on neelix. 2025-01-23 20:35:28 -05:00
Tom Alexander
e3fee206a1 Don't install kanshi on non-graphical installs. 2025-01-23 20:20:08 -05:00
Tom Alexander
3be710b4ad Install meld to git's path when doing a graphical install. 2025-01-23 20:07:23 -05:00
Tom Alexander
b37f8a8e1a Do not install my git config on neelix. 2025-01-23 19:55:13 -05:00
Tom Alexander
509cceb220 Only install fonts in graphical installs. 2025-01-23 19:48:25 -05:00
Tom Alexander
47408cfce0 Do not install firefox on neelix. 2025-01-23 19:14:25 -05:00
Tom Alexander
812dc40257 Do not install docker on neelix. 2025-01-23 19:09:59 -05:00
Tom Alexander
0e370c0d62 Do not install chromium or catt on neelix. 2025-01-23 19:04:19 -05:00
Tom Alexander
0598c796b7 Do not install ares on neelix. 2025-01-23 18:53:36 -05:00
Tom Alexander
df2efb728d Don't install alacritty on neelix or non-graphical installs. 2025-01-23 18:47:03 -05:00
Tom Alexander
62fc955b68 Merge branch 'plainmacs' into nix 2025-01-23 18:44:30 -05:00
Tom Alexander
e0644a069d Add support for non-graphical emacs. 2025-01-23 01:52:56 -05:00
Tom Alexander
054e056d00 Switch to buildEnv instead of symlinkJoin for better control over the joining process. 2025-01-23 01:52:56 -05:00
Tom Alexander
d3ea8b3667 Introduce a plainmacs emacs install flavor. 2025-01-22 21:01:34 -05:00
Tom Alexander
3f945f8ae3 Merge branch 'neelix' into nix 2025-01-22 20:29:12 -05:00
Tom Alexander
93c4aa4c76 Clean up the host-specific configs. 2025-01-22 20:28:58 -05:00
Tom Alexander
4664804d90 Comment out the kodi configs so they remain mutable until I've made a config I like. 2025-01-22 20:12:50 -05:00
Tom Alexander
edc48d00a2 Add some config files. 2025-01-21 23:07:05 -05:00
Tom Alexander
37aa0e6732 Add a bluetooth role. 2025-01-21 22:19:28 -05:00
Tom Alexander
a739728d41 Add neelix public key to sftp server. 2025-01-21 21:23:21 -05:00
Tom Alexander
48c5aebd82 Install jmespath for ansible. 2025-01-21 20:56:48 -05:00
Tom Alexander
c33a1b6c50 Set up memtest86 on neelix. 2025-01-20 22:50:44 -05:00
Tom Alexander
368c455b7f Persist ssh keys for kodi user. 2025-01-20 22:38:54 -05:00
Tom Alexander
5a5d34911c Add /etc/hosts entry for neelix. 2025-01-20 21:00:35 -05:00
Tom Alexander
d0c1bb1b65 Do not install sway on neelix. 2025-01-20 20:14:59 -05:00
Tom Alexander
9d49eb9d6a Add an empty kodi role. 2025-01-20 19:40:54 -05:00
Tom Alexander
ccbc999744 Add a global options role. 2025-01-20 19:27:49 -05:00
Tom Alexander
d537aa599b Stop the sway-session.target when exiting sway. 2025-01-20 18:43:54 -05:00
Tom Alexander
95d06dfe0e Enable memtest86 when building the ISO. 2025-01-20 18:43:54 -05:00
Tom Alexander
f2adb9328b Build zfs into the ISO image. 2025-01-20 18:43:54 -05:00
Tom Alexander
7bc6e0c470 Add a config for neelix. 2025-01-20 18:43:54 -05:00
Tom Alexander
99edb2d161 Use full emacs for e alias. 2025-01-19 23:15:33 -05:00
Tom Alexander
938f8676ff Add chromecast support. 2025-01-19 13:44:01 -05:00
Tom Alexander
d365b6aea9 Add ncdu to inspect disk usage. 2025-01-19 11:05:00 -05:00
Tom Alexander
8d911ff893 Wrap tofi without forcing a rebuild. 2025-01-19 10:53:54 -05:00
Tom Alexander
2aca77ea1a Merge branch 'emacs_refactor' into nix 2025-01-19 10:16:27 -05:00
Tom Alexander
1b342d3402 Switch from buildEnv to symlinkJoin to keep dependencies out of the system path. 2025-01-19 10:09:49 -05:00
Tom Alexander
9976e232e6 Move packages out of systemPackages and into the emacs_full package. 2025-01-18 23:11:35 -05:00
Tom Alexander
3baf18f435 Install aspell into the emacs_full environment. 2025-01-18 22:53:09 -05:00
Tom Alexander
e00331bf94 Wrap emacs settings in a mkMerge. 2025-01-18 21:26:17 -05:00
Tom Alexander
8e22d8febb Switch to a 300hz tickless kernel and enable BBR. 
Aside from BBR, these settings are copied from arch linux.
 2025-01-18 20:15:20 -05:00
Tom Alexander
ed0d1e41d6 Add a notification daemon. 2025-01-18 18:44:00 -05:00
Tom Alexander
2c27d580f4 Add a mode to force focus a window. 2025-01-18 18:40:08 -05:00
Tom Alexander
75ac4b91f3 Add screenshot / screen recording. 2025-01-18 18:33:46 -05:00
Tom Alexander
9abe43096b Add swaylock. 2025-01-18 18:13:30 -05:00
Tom Alexander
1535800e2f Replace wofi with tofi. 2025-01-18 17:39:51 -05:00
Tom Alexander
dcffced35a Add rofimoji. 2025-01-18 14:32:44 -05:00
Tom Alexander
1da36ab7c5 Remove unused portion of zshrc. 
I will probably move to a similar import system to what I am doing with sway.
 2025-01-18 13:18:06 -05:00
Tom Alexander
c694c6ae4c Make zsh-histdb use sqlite3 directly instead of depending on systemPackages. 2025-01-18 13:12:24 -05:00
Tom Alexander
f524aa168a Stick with imv instead of swayimg. 2025-01-18 12:16:11 -05:00
Tom Alexander
308206d1cc Launch a terminal at boot in the live ISO. 2025-01-18 11:55:12 -05:00
Tom Alexander
8ac235cb8c Move disabling wifi power saving to a host-specific file. 2025-01-18 11:48:53 -05:00
Tom Alexander
5170678a25 Don't garbage collect in a built ISO. 
The ISO is immutable so garbage collection does not make sense.
 2025-01-18 11:33:39 -05:00
Tom Alexander
19cf31b094 Move a zfs setting into the zfs role. 2025-01-18 11:14:19 -05:00
Tom Alexander
4f0024c4f9 Move some graphics bits into the graphics role. 2025-01-18 11:00:30 -05:00
Tom Alexander
41138ab34a Update to the new secureboot location. 2025-01-18 10:54:34 -05:00
Tom Alexander
f9b18809f9 An update fixed firefox's launch time. 2025-01-17 22:42:57 -05:00
Tom Alexander
fefe46b512 Remove kvm-amd from boot.kernelModules. 2025-01-17 21:36:34 -05:00
Tom Alexander
b4947bcff6 Add vnc client. 2025-01-17 20:30:16 -05:00
Tom Alexander
14baaddcff Persist factorio data. 2025-01-17 19:07:54 -05:00
Tom Alexander
1c8f2f1c74 Switch back to regular linux. 2025-01-17 18:55:59 -05:00
Tom Alexander
1bfe24f457 Remove duplicate entry for xdg-desktop-portal-wlr. 2025-01-16 20:51:17 -05:00
Tom Alexander
08feb8bad6 Add more tracing commands. 2025-01-15 21:12:28 -05:00
Tom Alexander
cb3b01a74c Blacklist hardward watchdog for AMD 700 chipset series for power savings. 2025-01-15 21:01:30 -05:00
Tom Alexander
0e95edd8e7 Switch to unstable. 2025-01-15 21:00:57 -05:00
Tom Alexander
d172b1dea2 Add some wasm utilities. 2025-01-14 23:57:24 -05:00
Tom Alexander
2a97a1ee92 Add vscode role. 2025-01-14 23:57:24 -05:00
Tom Alexander
ba4085df1a Add terraform. 2025-01-14 23:17:26 -05:00
Tom Alexander
7c542364a2 Add firmware updating through fwupd via the Linux Vendor firmware Service (LVFS). 2025-01-14 22:42:52 -05:00
Tom Alexander
0299ebcb43 Add nvme role. 2025-01-14 21:51:53 -05:00
Tom Alexander
c23245b97c Add TODO. 2025-01-14 21:40:38 -05:00
Tom Alexander
491412c33c Add seatd. 2025-01-14 21:10:03 -05:00
Tom Alexander
5a5839482d Add support for the system76 launch keyboard configurator. 2025-01-14 20:16:06 -05:00
Tom Alexander
63408f5664 Set up latex. 2025-01-14 18:04:04 -05:00
Tom Alexander
d338b77d23 Install sshfs. 2025-01-14 17:56:29 -05:00
Tom Alexander
ce9140aa73 Add role for zrepl. 2025-01-13 17:59:03 -05:00
Tom Alexander
dbf3f2e983 Disable the fallback DNS servers. 2025-01-13 17:43:38 -05:00
Tom Alexander
0ca26e73fb Add more firefox extensions. 2025-01-12 22:43:23 -05:00
Tom Alexander
0fb53a4294 Add preparations for the new location for secureboot keys. 2025-01-12 21:17:47 -05:00
Tom Alexander
4019e6d132 Fix buildkit access to SSH agent. 2025-01-12 21:17:47 -05:00
Tom Alexander
8b1e76d9d7 Add a script to resume a zfs send/recv. 2025-01-12 19:55:15 -05:00
Tom Alexander
477637ae62 Add a script to test fetching PGP keys from a Web Key Directory (WKD). 2025-01-12 18:29:48 -05:00
Tom Alexander
5146a114eb Introduce a variable for sway includes and disable relatime on the zfs legacy mounts. 2025-01-12 15:39:46 -05:00
Tom Alexander
a817464b38 Preserve steam directories. 2025-01-11 22:36:09 -05:00
Tom Alexander
1acf889c68 Instll steam and the zfs_clone_send / zfs_clone_recv scripts. 2025-01-11 13:48:46 -05:00
Tom Alexander
af07d43c18 Add asian fonts. 2025-01-11 12:50:13 -05:00
Tom Alexander
33f13d898d Switch to ares instead of bsnes. 2025-01-11 12:09:02 -05:00
Tom Alexander
47d9e203f3 Add media role. 2025-01-10 22:54:32 -05:00
Tom Alexander
1a2ff987fe Add fw-ectool to framework laptop. 2025-01-09 23:31:27 -05:00
Tom Alexander
16480b3749 Switch to ladspa. 2025-01-09 21:32:37 -05:00
Tom Alexander
0d3901788d Installing ccid and libusb-compat does not fix it. 2025-01-09 19:04:44 -05:00
Tom Alexander
a3cb2c8632 Add kanshi. 2025-01-09 18:14:45 -05:00
Tom Alexander
6b9660bc44 Switch to mono noise suppression for voice and disable vulkan for chromium. 2025-01-09 17:56:46 -05:00
Tom Alexander
5c41b7efa2 Update software. 2025-01-08 21:43:39 -05:00
Tom Alexander
ead5db241e Install packages needed to run amd_s2idle. 2025-01-07 23:02:22 -05:00
Tom Alexander
8b074617e8 Use Adwaita cursor theme. 2025-01-06 19:34:28 -05:00
Tom Alexander
13970b53ad Only decrypt the nix zfs dataset. 2025-01-06 19:21:20 -05:00
Tom Alexander
13d7319a0f Add nix-index. 2025-01-06 14:32:07 -05:00
Tom Alexander
bd9a85efd3 Add klog alias. 2025-01-05 15:43:23 -05:00
Tom Alexander
4a4c54def4 Disable DNS settings for hotel. 2025-01-02 22:50:55 -05:00
Tom Alexander
18d372c8ee Revert "Switching to a home-manager config did not fix it." 
This reverts commit 4599b38ebf.
 2025-01-02 10:27:25 -05:00
Tom Alexander
4599b38ebf Switching to a home-manager config did not fix it. 2025-01-02 10:27:21 -05:00
Tom Alexander
04a95a2543 More failed attempts to get gpg working. 2025-01-02 09:43:00 -05:00
Tom Alexander
7c5f14ee61 Persist kubernetes client config. 2025-01-02 09:03:19 -05:00
Tom Alexander
d49f12f58f Enable panel replay. 2025-01-01 19:59:02 -05:00
Tom Alexander
936d3bc34d Add rust. 2025-01-01 19:16:08 -05:00
Tom Alexander
1b34841921 Comment out specific version of gpg. 2025-01-01 18:43:29 -05:00
Tom Alexander
611904761e Add kubernetes client. 2025-01-01 18:43:29 -05:00
Tom Alexander
f843b7924f Add docker. 2025-01-01 18:29:27 -05:00
Tom Alexander
7bb7b89b82 Try a specific version of gpg. 2025-01-01 13:35:29 -05:00
Tom Alexander
c1103775b6 Keep 30 days of /nix. 2025-01-01 13:31:45 -05:00
Tom Alexander
24d89ed704 Default to power-saving mode. 2024-12-31 12:51:23 -05:00
Tom Alexander
e8dff5ece1 Set up wireguard networks using functions. 2024-12-31 11:04:24 -05:00
Tom Alexander
e22b5c1c6c Add power management kernel parameters. 2024-12-31 10:27:15 -05:00
Tom Alexander
d9bc4f15d8 Add powertop. 2024-12-31 07:44:02 -05:00
Tom Alexander
77ae96ca7a Set up python. 2024-12-31 07:37:48 -05:00
Tom Alexander
d2f908005c Persist the .ssh known_hosts. 2024-12-31 07:00:41 -05:00
Tom Alexander
5e74a874ba Persist sound settings (for example, muted status) and do not enable wireguard in built ISO. 2024-12-29 15:45:52 -05:00
Tom Alexander
fe820e5843 Move remaining nix configs into folders. 2024-12-29 15:27:03 -05:00
Tom Alexander
81315e4c7b Add a snes emulator. 2024-12-29 15:12:31 -05:00
Tom Alexander
ce8718b042 Add wgh wireguard network. 2024-12-28 21:05:45 -05:00
Tom Alexander
720164497d More attempts to fix gpg decrypt with yubikey. 2024-12-27 20:53:43 -05:00
Tom Alexander
0b31b91c69 Set up wireguard. 2024-12-27 15:44:00 -05:00
Tom Alexander
2ef181cfab Attempt to fix gpg decrypt with yubikey. Did not succeed. 2024-12-27 13:09:13 -05:00
Tom Alexander
5a3450fdf8 Add gvfs and git-crypt. 2024-12-26 21:28:31 -05:00
Tom Alexander
aae534308a Add noise supression to microphone. 2024-12-25 09:17:30 -05:00
Tom Alexander
cbd8f70ce4 Merge branch 'zsh' into nix 2024-12-25 09:17:23 -05:00
Tom Alexander
64d495afa5 Use zsh-histdb package. 2024-12-23 17:28:31 -05:00
Tom Alexander
5e424b35e4 Make a zsh-histdb package. 2024-12-23 15:41:45 -05:00
Tom Alexander
7decd40844 Switch to zsh. 2024-12-23 11:14:18 -05:00
Tom Alexander
9c0f3ce601 Use dark themes. 2024-12-23 10:56:57 -05:00
Tom Alexander
e09eea2049 Switch to zen kernel optimized for znver4. 2024-12-23 10:00:01 -05:00
Tom Alexander
5d23126205 Enable secure boot. 2024-12-22 22:03:03 -05:00
Tom Alexander
748e6dee68 Set firefox as default browser. 2024-12-22 16:14:12 -05:00
Tom Alexander
27aa2f077b Set up chromium with support for wayland and widevine. 2024-12-22 00:48:57 -05:00
Tom Alexander
69098488f6 Switch to a raw file for fontconfig. 2024-12-21 17:15:54 -05:00
Tom Alexander
14e6e78aee Add the waybar scripts. 2024-12-21 16:25:40 -05:00
Tom Alexander
a0f9f4baa4 Set up waybar and building ISOs. 2024-12-21 15:46:05 -05:00
Tom Alexander
a7f3754d25 Add more sway config files. 2024-12-20 23:03:51 -05:00
Tom Alexander
54c8459fa1 Switch to vulkan renderer for sway. 2024-12-20 22:45:09 -05:00
Tom Alexander
e26118af4f Reformat all nix files. 2024-12-20 22:37:44 -05:00
Tom Alexander
764a8c58ce Add alias for emacs. 2024-12-20 22:36:32 -05:00
Tom Alexander
8f89f1c6c1 Add alacritty config. 2024-12-20 21:59:20 -05:00
117 changed files with 7541 additions and 765 deletions
Expand all files Collapse all files

17
ansible/roles/sftp/tasks/common.yaml
View File

@@ -64,6 +64,23 @@
# force: true
# diff: false
- name: Create directories
file:
name: "{{ item }}"
state: directory
mode: 0700
owner: nochainstounlock
group: nochainstounlock
loop:
- /home/nochainstounlock/.ssh
- name: Set authorized keys
authorized_key:
user: nochainstounlock
key: |
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMrjXsXjtxEm47XnRZfo67kJULoc0NBLrB0lPYFiS2Ar kodi@neelix
exclusive: true
- import_tasks: tasks/freebsd.yaml
when: 'os_flavor == "freebsd"'

24
nix/configuration/boot.nix
View File

@@ -1,24 +0,0 @@
{ config, lib, pkgs, ... }:
{
imports = [];
boot.loader.grub.enable = false;
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
# TODO: make not write bootx64.efi
boot.loader.efi.canTouchEfiVariables = false;
# Automatically delete old generations
boot.loader.systemd-boot.configurationLimit = 3;
}
# efibootmgr -c -d /dev/sda -p 1 -L NixOS-boot -l '\EFI\NixOS-boot\grubx64.efi'
# Text-only:
# sudo cp "$(nix-build '<nixpkgs>' --no-out-link -A 'refind')/share/refind/refind_x64.efi" /boot/EFI/boot/bootx64.efi
# Full graphics:
# $ sudo nix-shell -p refind efibootmgr
# $ refind-install

201
nix/configuration/configuration.nix
View File

@@ -1,31 +1,83 @@
{ config, lib, pkgs, pkgs-unstable, home-manager, ... }:
{
config,
lib,
pkgs,
home-manager,
...
}:
{
imports =
[
./roles/reset
./hosts/odo
"${builtins.fetchTarball {url="https://github.com/nix-community/disko/archive/refs/tags/v1.9.0.tar.gz";sha256="0j76ar4qz320fakdii4659w5lww8wiz6yb7g47npywqvf2lbp388";}}/module.nix"
./boot.nix
./zfs.nix
./network.nix
./roles/firewall
./roles/graphics
./roles/sound
./roles/sway
./roles/firefox
./roles/emacs
./roles/git
./roles/fonts
./roles/gpg
];
imports = [
./roles/reset
./roles/global_options
./util/unfree_polyfill
./roles/iso
"${
builtins.fetchTarball {
url = "https://github.com/nix-community/disko/archive/refs/tags/v1.9.0.tar.gz";
sha256 = "0j76ar4qz320fakdii4659w5lww8wiz6yb7g47npywqvf2lbp388";
}
}/module.nix"
./roles/boot
./roles/zfs
./roles/network
./roles/firewall
./roles/zsh
./roles/zrepl
./roles/graphics
./roles/sound
./roles/sway
./roles/kanshi
./roles/alacritty
./roles/firefox
./roles/chromium
./roles/emacs
./roles/git
./roles/fonts
./roles/gpg
./roles/waybar
./roles/qemu
./roles/wireguard
./roles/ares
./roles/ssh
./roles/python
./roles/docker
./roles/kubernetes
./roles/rust
./roles/media
./roles/steam
./roles/latex
./roles/launch_keyboard
./roles/lvfs
./roles/nvme
./roles/terraform
./roles/vscode
./roles/wasm
./roles/vnc_client
./roles/chromecast
./roles/memtest86
./roles/kodi
./roles/ansible
./roles/bluetooth
./roles/sm64ex
./roles/shipwright
./roles/2ship2harkinian
./roles/nix_index
];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings.trusted-users = [ "@wheel" ];
boot.kernelPackages = pkgs.linuxPackages_6_11;
# boot.kernelPackages = pkgs.linuxPackages_6_11;
hardware.enableRedistributableFirmware = true;
services.getty = {
autologinUser = "talexander"; # I use full disk encryption so the user password is irrelevant.
autologinOnce = true;
};
users.mutableUsers = false;
users.users.talexander = {
isNormalUser = true;
@@ -45,35 +97,40 @@
];
};
users.groups.talexander.gid = 11235;
home-manager.users.talexander = { pkgs, ... }: {
home.packages = [ pkgs.atool pkgs.httpie ];
programs.bash.enable = true;
home-manager.users.talexander =
{ pkgs, ... }:
{
home.packages = [
pkgs.atool
pkgs.httpie
];
programs.bash.enable = true;
# The state version is required and should stay at the version you
# originally installed.
home.stateVersion = "24.11";
};
# The state version is required and should stay at the version you
# originally installed.
home.stateVersion = "24.11";
};
# Automatic garbage collection
nix.gc = {
nix.gc = lib.mkIf (!config.me.buildingIso) {
# Runs nix-collect-garbage --delete-older-than 5d
automatic = true;
randomizedDelaySec = "14m";
options = "--delete-older-than 5d";
options = "--delete-older-than 30d";
};
nix.settings.auto-optimise-store = !config.me.buildingIso;
# Use doas instead of sudo
security.doas.enable = true;
security.doas.wheelNeedsPassword = false;
security.sudo.enable = false;
security.doas.extraRules = [{
# Retain environment (for example NIX_PATH)
keepEnv = true;
persist = true; # Only ask for a password the first time.
}];
# Do not use default packages (nixos includes some defaults like nano)
environment.defaultPackages = lib.mkForce [];
security.doas.extraRules = [
{
# Retain environment (for example NIX_PATH)
keepEnv = true;
persist = true; # Only ask for a password the first time.
}
];
environment.systemPackages = with pkgs; [
wget
@@ -85,12 +142,16 @@
file
usbutils # for lsusb
pciutils # for lspci
mesa-demos # for glxgears TODO move to better role
vulkan-tools # for vkcube TODO move to better role
xorg.xeyes # to test which windows are using x11 TODO move to better role
ripgrep
strace
ltrace
trace-cmd # ftrace
tcpdump
git-crypt
gnumake
ncdu
nix-tree
libarchive # bsdtar
];
services.openssh = {
@@ -112,47 +173,31 @@
];
};
# Check what will be lost with `zfs diff zroot/linux/root@blank`
boot.initrd.systemd.enable = lib.mkDefault true;
boot.initrd.systemd.services.zfs-rollback = {
description = "Rollback ZFS root dataset to blank snapshot";
wantedBy = [
"initrd.target"
];
after = [
"zfs-import-zroot.service"
];
before = [
"sysroot.mount"
];
path = with pkgs; [
zfs
];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
zfs rollback -r zroot/linux/nix/root@blank
zfs rollback -r zroot/linux/nix/home@blank
echo "rollback complete"
'';
};
environment.persistence."/persist" = {
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
"/var/lib/iwd" # Wifi settings
"/var/lib/nixos" # Contains user information (uids/gids)
"/var/lib/systemd" # Systemd state directory for random seed, persistent timers, core dumps, persist hardware state like backlight and rfkill
"/var/log/journal" # Logs, alternatively set `services.journald.storage = "volatile";` to write to /run/log/journal
];
files = [
"/etc/machine-id" # Systemd unique machine id "otherwise, the system journal may fail to list earlier boots, etc"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
];
# users.talexander = {
# directories = [];
# files = [];
# };
users.talexander = {
directories = [
{
directory = "persist";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
# Write a list of the currently installed packages to /etc/current-system-packages
@@ -162,7 +207,13 @@
sortedUnique = builtins.sort builtins.lessThan (lib.unique packages);
formatted = builtins.concatStringsSep "\n" sortedUnique;
in
formatted;
formatted;
# environment.etc."system-packages-with-source".text = builtins.concatStringsSep "\n\n" (
# builtins.map (
# x: x.file + "\n" + builtins.concatStringsSep "\n" (builtins.map (s: " " + s) x.value)
# ) config.environment.systemPackages.definitionsWithLocations
# );
# nixpkgs.overlays = [
# (final: prev: {
@@ -170,7 +221,11 @@
# })
# ];
# nixpkgs.overlays = [
# (final: prev: {
# foot = throw "foo";
# })
# ];
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you

285
nix/configuration/flake.lock generated
View File

@@ -1,5 +1,133 @@
{
"nodes": {
"ansible-sshjail": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1,
"narHash": "sha256-c4Ds4E/10Zj5AQLuJ3JvJTuDK8o2WjVXLcIL7eyhTfw=",
"path": "flakes/ansible-sshjail",
"type": "path"
},
"original": {
"path": "flakes/ansible-sshjail",
"type": "path"
}
},
"crane": {
"locked": {
"lastModified": 1731098351,
"narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=",
"owner": "ipetkov",
"repo": "crane",
"rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1730504689,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"pre-commit-hooks-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@@ -7,27 +135,26 @@
]
},
"locked": {
"lastModified": 1734366194,
"narHash": "sha256-vykpJ1xsdkv0j8WOVXrRFHUAdp9NXHpxdnn1F4pYgSw=",
"lastModified": 1737762889,
"narHash": "sha256-5HGG09bh/Yx0JA8wtBMAzt0HMCL1bYZ93x4IqzVExio=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "80b0fdf483c5d1cb75aaad909bd390d48673857f",
"rev": "daf04c5950b676f47a794300657f1d3d14c1a120",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-24.11",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": {
"locked": {
"lastModified": 1734200366,
"narHash": "sha256-0NursoP4BUdnc+wy+Mq3icHkXu/RgP1Sjo0MJxV2+Dw=",
"lastModified": 1737831083,
"narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "c6323585fa0035d780e3d8906eb1b24b65d19a48",
"rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
"type": "github"
},
"original": {
@@ -36,18 +163,44 @@
"type": "github"
}
},
"lanzaboote": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1737639419,
"narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "a65905a09e2c43ff63be8c0e86a93712361f871e",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "v0.4.2",
"repo": "lanzaboote",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1734323986,
"narHash": "sha256-m/lh6hYMIWDYHCAsn81CDAiXoT3gmxXI9J987W5tZrE=",
"lastModified": 1737885589,
"narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "394571358ce82dff7411395829aa6a3aad45b907",
"rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
@@ -68,29 +221,127 @@
"type": "github"
}
},
"nixpkgs-unstable": {
"nixpkgs-stable": {
"locked": {
"lastModified": 1734424634,
"narHash": "sha256-cHar1vqHOOyC7f1+tVycPoWTfKIaqkoe1Q6TnKzuti4=",
"lastModified": 1730741070,
"narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d3c42f187194c26d9f0309a8ecc469d6c878ce33",
"rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"pre-commit-hooks-nix": {
"inputs": {
"flake-compat": [
"lanzaboote",
"flake-compat"
],
"gitignore": "gitignore",
"nixpkgs": [
"lanzaboote",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1731363552,
"narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": {
"inputs": {
"ansible-sshjail": "ansible-sshjail",
"home-manager": "home-manager",
"impermanence": "impermanence",
"lanzaboote": "lanzaboote",
"nixpkgs": "nixpkgs",
"nixpkgs-b93b4e9b5": "nixpkgs-b93b4e9b5",
"nixpkgs-unstable": "nixpkgs-unstable"
"zsh-histdb": "zsh-histdb"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1731897198,
"narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "0be641045af6d8666c11c2c40e45ffc9667839b5",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"zsh-histdb": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1,
"narHash": "sha256-5DWw7GnwVZ98HUp/UUJcyUmmy9Bh/mcQB8MQQ0t3ZRo=",
"path": "flakes/zsh-histdb",
"type": "path"
},
"original": {
"path": "flakes/zsh-histdb",
"type": "path"
}
}
},

210
nix/configuration/flake.nix
View File

@@ -1,115 +1,153 @@
# Build ISO image
# doas nix run github:nix-community/nixos-generators -- --flake .#odo --format iso
# nix build --extra-experimental-features nix-command --extra-experimental-features flakes .#iso.odo
# output: result/iso/nixos.iso
# Run the ISO image
# "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \
# -accel kvm \
# -cpu host \
# -smp cores=8 \
# -m 32768 \
# -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" \
# -drive if=pflash,format=raw,file="/tmp/OVMF_VARS.fd" \
# -nic user,hostfwd=tcp::60022-:22 \
# -boot order=d \
# -cdrom "$(readlink -f ./result/iso/nixos.iso)" \
# -display vnc=127.0.0.1:0
#
# doas cp "$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF_VARS.fd" /tmp/OVMF_VARS.fd
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" -accel kvm -cpu host -smp cores=8 -m 32768 -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" -drive if=pflash,format=raw,file="/tmp/OVMF_VARS.fd" -nic user,hostfwd=tcp::60022-:22 -boot order=d -cdrom /persist/machine_setup/nix/configuration/result/iso/nixos*.iso -display vnc=127.0.0.1:0
# Get a repl for this flake
# nix repl --expr "builtins.getFlake \"$PWD\""
# TODO maybe use `nix eval --raw .#iso.odo.outPath`
# iso.odo.isoName == "nixos.iso"
# full path = <outPath> / iso / <isoName>
{
description = "My system configuration";
inputs = {
impermanence.url = "github:nix-community/impermanence";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-b93b4e9b5.url = "github:NixOS/nixpkgs/b93b4e9b527904aadf52dba6ca35efde2067cbd4";
home-manager.url = "github:nix-community/home-manager/release-24.11";
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.2";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
zsh-histdb = {
url = "path:flakes/zsh-histdb";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
ansible-sshjail = {
url = "path:flakes/ansible-sshjail";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = { self, nixpkgs, nixpkgs-unstable, nixpkgs-b93b4e9b5, impermanence, home-manager, ... }@inputs: let
base-system = {};
odoqemu = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
specialArgs = {
pkgs-b93b4e9b5 = import nixpkgs-b93b4e9b5 {
inherit system;
# config.allowUnfree = true;
};
pkgs-unstable = import nixpkgs-unstable {
inherit system;
# config.allowUnfree = true;
};
};
modules = [
impermanence.nixosModules.impermanence
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
}
./configuration.nix
({lib, ...}: {
imports = [ <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix> ];
virtualisation.qemu.options = [
"-device virtio-vga"
];
virtualisation.vmVariant = {
# following configuration is added only when building VM with build-vm
virtualisation = {
memorySize = 2048; # Use 2048MiB memory.
cores = 3;
graphics = false;
};
};
networking.dhcpcd.enable = lib.mkForce true;
networking.useDHCP = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce true;
# doas nixos-rebuild build-vm --flake .#odoqemu
#./result/bin/run-nixos-vm
})
];
};
odo = nixpkgs.lib.nixosSystem rec {
system = "x86_64-linux";
specialArgs = {
pkgs-b93b4e9b5 = import nixpkgs-b93b4e9b5 {
inherit system;
# config.allowUnfree = true;
};
pkgs-unstable = import nixpkgs-unstable {
inherit system;
# config.allowUnfree = true;
};
};
modules = [
impermanence.nixosModules.impermanence
home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
}
./configuration.nix
];
};
in
outputs =
{
# doas nix build --extra-experimental-features nix-command --extra-experimental-features flakes .#vms.odo
# ./result/bin/run-nixos-vim
vms.odo = odoqemu.config.system.build.vm;
odoiso = odo.config.system.build.isoImage;
nixosConfigurations.odo = odo;
nixosConfigurations.odovm = nixpkgs.lib.nixosSystem rec {
self,
nixpkgs,
nixpkgs-b93b4e9b5,
impermanence,
home-manager,
lanzaboote,
zsh-histdb,
ansible-sshjail,
...
}@inputs:
let
base_x86_64_linux = rec {
system = "x86_64-linux";
specialArgs = {
pkgs-b93b4e9b5 = import nixpkgs-b93b4e9b5 {
inherit system;
# config.allowUnfree = true;
};
pkgs-unstable = import nixpkgs-unstable {
inherit system;
# config.allowUnfree = true;
};
};
modules = [
impermanence.nixosModules.impermanence
home-manager.nixosModules.home-manager
lanzaboote.nixosModules.lanzaboote
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
}
{
nixpkgs.overlays = [
zsh-histdb.overlays.default
ansible-sshjail.overlays.default
];
}
./configuration.nix
({lib, ...}: {
networking.dhcpcd.enable = lib.mkForce true;
networking.useDHCP = lib.mkForce true;
boot.loader.efi.canTouchEfiVariables = lib.mkForce true;
})
];
};
systems = {
odo = {
main = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [
./hosts/odo
];
}
);
iso = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [
./hosts/odo
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
# TODO: Figure out how to do image based appliances
# (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix")
{
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
me.buildingIso = true;
}
];
}
);
};
neelix = {
main = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [
./hosts/neelix
];
}
);
iso = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [
./hosts/neelix
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
{
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
me.buildingIso = true;
}
];
}
);
};
};
in
{
nixosConfigurations.odo = systems.odo.main;
iso.odo = systems.odo.iso.config.system.build.isoImage;
nixosConfigurations.neelix = systems.neelix.main;
iso.neelix = systems.neelix.iso.config.system.build.isoImage;
};
}

61
nix/configuration/flakes/ansible-sshjail/flake.lock generated Normal file
View File

@@ -0,0 +1,61 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735141468,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

34
nix/configuration/flakes/ansible-sshjail/flake.nix Normal file
View File

@@ -0,0 +1,34 @@
{
description = "A slightly better history for zsh";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
inputs.flake-utils.url = "github:numtide/flake-utils";
outputs =
{
self,
nixpkgs,
flake-utils,
...
}:
let
out =
system:
let
pkgs = nixpkgs.legacyPackages.${system};
# Maybe pkgs = import nixpkgs { inherit system; }; ?
appliedOverlay = self.overlays.default pkgs pkgs;
in
{
packages = rec {
default = ansible-sshjail;
ansible-sshjail = appliedOverlay.ansible-sshjail;
};
};
in
flake-utils.lib.eachDefaultSystem out
// {
overlays.default = final: prev: {
ansible-sshjail = final.callPackage ./package.nix { };
};
};
}

33
nix/configuration/flakes/ansible-sshjail/package.nix Normal file
View File

@@ -0,0 +1,33 @@
# unpackPhase
# patchPhase
# configurePhase
# buildPhase
# checkPhase
# installPhase
# fixupPhase
# installCheckPhase
# distPhase
{
stdenv,
fetchgit,
...
}:
stdenv.mkDerivation {
name = "ansible-sshjail";
src = fetchgit {
url = "https://github.com/austinhyde/ansible-sshjail.git";
rev = "a7b0076fdb680b915d35efafd1382919100532b6";
sha256 = "sha256-4QX/017fDRzb363NexgvHZ/VFKXOjRgGPDKKygyUylM=";
};
phases = [
"installPhase"
];
installPhase = ''
runHook preInstall
mkdir -p $out/share/ansible/plugins/connection_plugins
cp $src/sshjail.py $out/share/ansible/plugins/connection_plugins/
runHook postInstall
'';
}

61
nix/configuration/flakes/starship-game/flake.lock generated Normal file
View File

@@ -0,0 +1,61 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735141468,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

34
nix/configuration/flakes/starship-game/flake.nix Normal file
View File

@@ -0,0 +1,34 @@
{
description = "A slightly better history for zsh";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
inputs.flake-utils.url = "github:numtide/flake-utils";
outputs =
{
self,
nixpkgs,
flake-utils,
...
}:
let
out =
system:
let
pkgs = nixpkgs.legacyPackages.${system};
# Maybe pkgs = import nixpkgs { inherit system; }; ?
appliedOverlay = self.overlays.default pkgs pkgs;
in
{
packages = rec {
default = starship-game;
starship-game = appliedOverlay.starship-game;
};
};
in
flake-utils.lib.eachDefaultSystem out
// {
overlays.default = final: prev: {
starship-game = final.callPackage ./package.nix { };
};
};
}

261
nix/configuration/flakes/starship-game/package.nix Normal file
View File

@@ -0,0 +1,261 @@
{
lib,
stdenv,
SDL2,
cmake,
copyDesktopItems,
fetchFromGitHub,
fetchpatch,
fetchurl,
imagemagick,
imgui,
libpng,
libpulseaudio,
libzip,
lsb-release,
makeDesktopItem,
makeWrapper,
ninja,
nlohmann_json,
pkg-config,
python3,
spdlog,
stormlib,
tinyxml-2,
writeTextFile,
zenity,
}:
let
# This would get fetched at build time otherwise, see:
# https://github.com/HarbourMasters/2ship2harkinian/blob/1.0.2/mm/CMakeLists.txt#L708
gamecontrollerdb = fetchurl {
name = "gamecontrollerdb.txt";
url = "https://raw.githubusercontent.com/gabomdq/SDL_GameControllerDB/b1759cf84028aab89caa1c395e198c340b8dfd89/gamecontrollerdb.txt";
hash = "sha256-7C5EkqBIhLGNJuhi3832y0ffW5Ep7iuTYXb1bL5h2Js=";
};
# 2ship needs a specific imgui version
imgui' = imgui.overrideAttrs rec {
version = "1.90.6";
src = fetchFromGitHub {
owner = "ocornut";
repo = "imgui";
rev = "v${version}-docking";
hash = "sha256-Y8lZb1cLJF48sbuxQ3vXq6GLru/WThR78pq7LlORIzc=";
};
};
libgfxd = fetchFromGitHub {
owner = "glankk";
repo = "libgfxd";
rev = "96fd3b849f38b3a7c7b7f3ff03c5921d328e6cdf";
hash = "sha256-dedZuV0BxU6goT+rPvrofYqTz9pTA/f6eQcsvpDWdvQ=";
};
yaml_cpp = fetchFromGitHub {
owner = "jbeder";
repo = "yaml-cpp";
rev = "f7320141120f720aecc4c32be25586e7da9eb978";
hash = "sha256-J87oS6Az1/vNdyXu3L7KmUGWzU0IAkGrGMUUha+xDXI=";
};
# spdlog = fetchFromGitHub {
# owner = "gabime";
# repo = "spdlog";
# rev = "7e635fca68d014934b4af8a1cf874f63989352b7";
# hash = "sha256-cxTaOuLXHRU8xMz9gluYz0a93O0ez2xOxbloyc1m1ns=";
# };
# stb_impl = writeTextFile {
# name = "stb_impl.c";
# text = ''
# #define STB_IMAGE_IMPLEMENTATION
# #include "stb_image.h"
# '';
# };
# stb' = fetchurl {
# name = "stb_image.h";
# url = "https://raw.githubusercontent.com/nothings/stb/0bc88af4de5fb022db643c2d8e549a0927749354/stb_image.h";
# hash = "sha256-xUsVponmofMsdeLsI6+kQuPg436JS3PBl00IZ5sg3Vw=";
# };
# Apply 2ship's patch for stormlib
stormlib' = stormlib.overrideAttrs (prev: rec {
version = "9.25";
src = fetchFromGitHub {
owner = "ladislav-zezula";
repo = "StormLib";
rev = "v${version}";
hash = "sha256-HTi2FKzKCbRaP13XERUmHkJgw8IfKaRJvsK3+YxFFdc=";
};
nativeBuildInputs = prev.nativeBuildInputs ++ [ pkg-config ];
patches = (prev.patches or [ ]) ++ [
(fetchpatch {
name = "stormlib-optimizations.patch";
url = "https://github.com/briaguya-ai/StormLib/commit/ff338b230544f8b2bb68d2fbe075175ed2fd758c.patch";
hash = "sha256-Jbnsu5E6PkBifcx/yULMVC//ab7tszYgktS09Azs5+4=";
})
];
});
thread_pool = fetchFromGitHub {
owner = "bshoshany";
repo = "thread-pool";
rev = "v4.1.0";
hash = "sha256-zhRFEmPYNFLqQCfvdAaG5VBNle9Qm8FepIIIrT9sh88=";
};
in
stdenv.mkDerivation (finalAttrs: {
pname = "starship-game";
version = "v1.0.0";
src = fetchFromGitHub {
owner = "HarbourMasters";
repo = "starship";
# rev = "5e5e49da93e066f51c3010ba38f09331d866f2db";
tag = finalAttrs.version;
hash = "sha256-kaLLlLuonqE2DJcRlWR4tCEBNjwIYFlzeDLcYsvMO7I=";
fetchSubmodules = true;
};
# patches = [
# # remove fetching stb as we will patch our own
# ./0001-deps.patch
# ];
nativeBuildInputs = [
cmake
copyDesktopItems
imagemagick
lsb-release
makeWrapper
ninja
pkg-config
python3
];
buildInputs = [
SDL2
imgui'
libpng
libpulseaudio
libzip
nlohmann_json
spdlog
stormlib'
tinyxml-2
zenity
];
cmakeFlags = [
(lib.cmakeBool "NON_PORTABLE" true)
(lib.cmakeFeature "CMAKE_INSTALL_PREFIX" "${placeholder "out"}/starship-game")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_IMGUI" "${imgui'.src}")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_LIBGFXD" "${libgfxd}")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_STORMLIB" "${stormlib'}")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_THREADPOOL" "${thread_pool}")
];
dontAddPrefix = true;
# Linking fails without this
hardeningDisable = [ "format" ];
# Pie needs to be enabled or else it segfaults
hardeningEnable = [ "pie" ];
# preConfigure = ''
# # mirror 2ship's stb
# mkdir stb
# cp ${stb'} ./stb/${stb'.name}
# cp ${stb_impl} ./stb/${stb_impl.name}
# substituteInPlace libultraship/cmake/dependencies/common.cmake \
# --replace-fail "\''${STB_DIR}" "/build/source/stb"
# '';
# (cd tools/Torch && cmake -H. -Bbuild-cmake -GNinja \
# -DFETCHCONTENT_SOURCE_DIR_LIBGFXD=${libgfxd} \
# -DFETCHCONTENT_SOURCE_DIR_YAML-CPP=${finalAttrs.yaml_cpp_src} \
# -DFETCHCONTENT_SOURCE_DIR_SPDLOG=${finalAttrs.spdlog_src}
# )
configurePhase = ''
cmake -H. -Bbuild-cmake -GNinja \
-DFETCHCONTENT_SOURCE_DIR_IMGUI=${imgui'.src} \
-DFETCHCONTENT_SOURCE_DIR_STORMLIB=${stormlib'} \
-DFETCHCONTENT_SOURCE_DIR_THREADPOOL=${thread_pool}
(cd tools/Torch && cmake -H. -Bbuild-cmake -GNinja \
-DFETCHCONTENT_SOURCE_DIR_LIBGFXD=${libgfxd} \
-DFETCHCONTENT_SOURCE_DIR_YAML-CPP=${yaml_cpp} \
-DFETCHCONTENT_SOURCE_DIR_SPDLOG=${spdlog}
)
(cd libultraship && cmake -H. -Bbuild-cmake -GNinja \
-DFETCHCONTENT_SOURCE_DIR_LIBGFXD=${libgfxd} \
-DFETCHCONTENT_SOURCE_DIR_IMGUI=${imgui'.src} \
-DFETCHCONTENT_SOURCE_DIR_STORMLIB=${stormlib'} \
-DFETCHCONTENT_SOURCE_DIR_THREADPOOL=${thread_pool}
)
'';
buildPhase = ''
cmake --build build-cmake
'';
postBuild = ''
cp ${gamecontrollerdb} ${gamecontrollerdb.name}
pushd ../OTRExporter
python3 ./extract_assets.py -z ../build/ZAPD/ZAPD.out --norom --xml-root ../mm/assets/xml --custom-assets-path ../mm/assets/custom --custom-otr-file 2ship.o2r --port-ver ${finalAttrs.version}
popd
'';
preInstall = ''
# Cmake likes it here for its install paths
cp ../OTRExporter/2ship.o2r mm/
'';
postInstall = ''
mkdir -p $out/bin
ln -s $out/2s2h/2s2h.elf $out/bin/2s2h
install -Dm644 ../mm/linux/2s2hIcon.png $out/share/pixmaps/2s2h.png
'';
postFixup = ''
wrapProgram $out/2s2h/2s2h.elf --prefix PATH ":" ${lib.makeBinPath [ zenity ]}
'';
desktopItems = [
(makeDesktopItem {
name = "starship";
icon = "starship";
exec = "starship";
comment = finalAttrs.meta.description;
genericName = "Starship";
desktopName = "starship";
categories = [ "Game" ];
})
];
meta = {
homepage = "https://github.com/HarbourMasters/2ship2harkinian";
description = "A PC port of Majora's Mask with modern controls, widescreen, high-resolution, and more";
mainProgram = "starship";
platforms = [ "x86_64-linux" ];
maintainers = with lib.maintainers; [ ];
license = with lib.licenses; [
# # OTRExporter, OTRGui, ZAPDTR, libultraship
# mit
# # 2 Ship 2 Harkinian
# cc0
# # Reverse engineering
# unfree
];
};
})

61
nix/configuration/flakes/zsh-histdb/flake.lock generated Normal file
View File

@@ -0,0 +1,61 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735141468,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

34
nix/configuration/flakes/zsh-histdb/flake.nix Normal file
View File

@@ -0,0 +1,34 @@
{
description = "A slightly better history for zsh";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
inputs.flake-utils.url = "github:numtide/flake-utils";
outputs =
{
self,
nixpkgs,
flake-utils,
...
}:
let
out =
system:
let
pkgs = nixpkgs.legacyPackages.${system};
# Maybe pkgs = import nixpkgs { inherit system; }; ?
appliedOverlay = self.overlays.default pkgs pkgs;
in
{
packages = rec {
default = zsh-histdb;
zsh-histdb = appliedOverlay.zsh-histdb;
};
};
in
flake-utils.lib.eachDefaultSystem out
// {
overlays.default = final: prev: {
zsh-histdb = final.callPackage ./package.nix { };
};
};
}

36
nix/configuration/flakes/zsh-histdb/package.nix Normal file
View File

@@ -0,0 +1,36 @@
# unpackPhase
# patchPhase
# configurePhase
# buildPhase
# checkPhase
# installPhase
# fixupPhase
# installCheckPhase
# distPhase
{
stdenv,
pkgs,
sqlite,
...
}:
stdenv.mkDerivation {
name = "zsh-histdb";
src = pkgs.fetchgit {
url = "https://github.com/larkery/zsh-histdb.git";
rev = "90a6c104d0fcc0410d665e148fa7da28c49684eb";
sha256 = "sha256-vtG1poaRVbfb/wKPChk1WpPgDq+7udLqLfYfLqap4Vg=";
};
buildInputs = [ sqlite ];
phases = [
"installPhase"
];
installPhase = ''
runHook preInstall
mkdir -p $out/share/zsh/plugins/zsh-histdb
cp -r $src/histdb-* $src/*.zsh $src/db_migrations $out/share/zsh/plugins/zsh-histdb/
runHook postInstall
'';
postInstall = ''
substituteInPlace $out/share/zsh/plugins/zsh-histdb/sqlite-history.zsh $out/share/zsh/plugins/zsh-histdb/histdb-merge $out/share/zsh/plugins/zsh-histdb/histdb-migrate --replace-fail "sqlite3" "${sqlite}/bin/sqlite3"
'';
}

38
nix/configuration/hosts/neelix/default.nix Normal file
View File

@@ -0,0 +1,38 @@
{ config, pkgs, ... }:
{
imports = [
./hardware-configuration.nix
./disk-config.nix
./optimized_build.nix
./power_management.nix
];
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "fbd233d8";
networking.hostName = "neelix"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = false;
# Early KMS
boot.initrd.kernelModules = [ "i915" ];
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
me.bluetooth.enable = true;
me.emacs_flavor = "plainmacs";
me.graphical = true;
me.graphics_card_type = "intel";
me.kodi.enable = true;
me.lvfs.enable = true;
me.sound.enable = true;
me.wireguard.activated = [ "wgh" ];
me.wireguard.deactivated = [ "wgf" ];
me.zrepl.enable = true;
me.zsh.enable = true;
}

140
nix/configuration/hosts/neelix/disk-config.nix Normal file
View File

@@ -0,0 +1,140 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) {
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"umask=0077"
"noatime"
"discard"
];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
# mode = "mirror";
# Workaround: cannot import 'zroot': I/O error in disko tests
options.cachefile = "none";
options = {
ashift = "12";
compatibility = "openzfs-2.2-freebsd";
autotrim = "on";
};
rootFsOptions = {
acltype = "posixacl";
atime = "off";
relatime = "off";
xattr = "sa";
mountpoint = "none";
compression = "lz4";
canmount = "off";
utf8only = "on";
dnodesize = "auto";
normalization = "formD";
};
datasets = {
"linux/nix" = {
type = "zfs_fs";
options.mountpoint = "none";
};
"linux/nix/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
};
"linux/nix/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
options = {
recordsize = "1MiB";
compression = "lz4";
};
};
"linux/nix/home" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/home";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
};
"linux/nix/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
};
"linux/nix/state" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/state";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
};
};
};
};
};
# Make sure all persistent volumes are marked as neededForBoot
#
# Also mounts /home so it is mounted before the user home directories are created.
fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
fileSystems."/".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [
"noatime"
"norelatime"
];
fileSystems."/persist".options = [
"noatime"
"norelatime"
];
fileSystems."/state".options = [
"noatime"
"norelatime"
];
fileSystems."/home".options = [
"noatime"
"norelatime"
];
}

32
nix/configuration/hosts/neelix/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,32 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

78
nix/configuration/hosts/neelix/optimized_build.nix Normal file
View File

@@ -0,0 +1,78 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{ }
(lib.mkIf (!config.me.buildingIso) {
nix.settings.system-features = lib.mkForce [
"gccarch-alderlake"
"gccarch-x86-64-v3"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
# nixpkgs.hostPlatform = {
# gcc.arch = "alderlake";
# gcc.tune = "alderlake";
# system = "x86_64-linux";
# };
nixpkgs.overlays = [
(
self: super:
let
optimizeWithFlags =
pkg: flags:
pkg.overrideAttrs (old: {
NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags;
});
addConfig =
additionalConfig: pkg:
pkg.override (oldconfig: {
structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
});
in
{
linux_alderlake =
addConfig
{
# Full preemption
PREEMPT = lib.mkOverride 60 lib.kernel.yes;
PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
# Google's BBRv3 TCP congestion Control
TCP_CONG_BBR = lib.kernel.yes;
DEFAULT_BBR = lib.kernel.yes;
# Preemptive Full Tickless Kernel at 300Hz
HZ = lib.kernel.freeform "300";
HZ_300 = lib.kernel.yes;
HZ_1000 = lib.kernel.no;
}
(
optimizeWithFlags super.linux_6_12 [
"-march=alderlake"
"-mtune=alderlake"
]
);
}
)
];
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_alderlake;
})
(lib.mkIf (config.me.buildingIso) {
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_12;
boot.supportedFilesystems = [ "zfs" ];
})
];
}

35
nix/configuration/hosts/neelix/power_management.nix Normal file
View File

@@ -0,0 +1,35 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
environment.systemPackages = with pkgs; [
powertop
];
# pcie_aspm=force pcie_aspm.policy=powersupersave :: Enable PCIe active state power management for power reduction.
# nowatchdog :: Disable watchdog for power savings (related to disable_sp5100_watchdog above).
boot.kernelParams = [
"pcie_aspm=force"
# "pcie_aspm.policy=powersupersave"
"nowatchdog"
];
# default performance balance_performance balance_power power
# defaults to balance_performance
# systemd.tmpfiles.rules = [
# "w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power"
# ];
boot.extraModprobeConfig = ''
options snd_hda_intel power_save=1
'';
}

61
nix/configuration/hosts/odo/default.nix
View File

@@ -3,6 +3,10 @@
imports = [
./hardware-configuration.nix
./disk-config.nix
./optimized_build.nix
./power_management.nix
./screen_brightness.nix
./wifi.nix
];
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
@@ -11,4 +15,61 @@
networking.hostName = "odo"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = true;
# Early KMS
boot.initrd.kernelModules = [ "amdgpu" ];
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
environment.systemPackages = with pkgs; [
fw-ectool
];
me.alacritty.enable = true;
me.ansible.enable = true;
me.ares.enable = true;
me.bluetooth.enable = true;
me.chromecast.enable = true;
me.chromium.enable = true;
me.docker.enable = true;
me.emacs_flavor = "full";
me.firefox.enable = true;
me.git.config = ../../roles/git/files/gitconfig_home;
me.gpg.enable = true;
me.graphical = true;
me.graphics_card_type = "amd";
me.kanshi.enable = true;
me.kubernetes.enable = true;
me.latex.enable = true;
me.launch_keyboard.enable = true;
me.lvfs.enable = true;
me.media.enable = true;
me.nix_index.enable = true;
me.python.enable = true;
me.qemu.enable = true;
me.rust.enable = true;
me.sound.enable = true;
me.steam.enable = true;
me.sway.enable = true;
me.terraform.enable = true;
me.vnc_client.enable = true;
me.vscode.enable = true;
me.wasm.enable = true;
me.waybar.enable = true;
me.wireguard.activated = [
"drmario"
"wgh"
"colo"
];
me.wireguard.deactivated = [ "wgf" ];
me.zrepl.enable = true;
me.zsh.enable = true;
me.sm64ex.enable = true;
me.shipwright.enable = true;
me.ship2harkinian.enable = true;
}

40
nix/configuration/hosts/odo/disk-config.nix
View File

@@ -1,4 +1,14 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) {
disko.devices = {
disk = {
main = {
@@ -14,7 +24,11 @@
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" "noatime" "discard" ];
mountOptions = [
"umask=0077"
"noatime"
"discard"
];
};
};
zfs = {
@@ -107,4 +121,28 @@
fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
fileSystems."/".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [
"noatime"
"norelatime"
];
fileSystems."/persist".options = [
"noatime"
"norelatime"
];
fileSystems."/state".options = [
"noatime"
"norelatime"
];
fileSystems."/home".options = [
"noatime"
"norelatime"
];
# Only attempt to decrypt the main pool. Otherwise it attempts to decrypt pools that aren't even used.
boot.zfs.requestEncryptionCredentials = [ "zroot/linux/nix" ];
}

22
nix/configuration/hosts/odo/hardware-configuration.nix
View File

@@ -1,16 +1,26 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking

81
nix/configuration/hosts/odo/optimized_build.nix Normal file
View File

@@ -0,0 +1,81 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{ }
(lib.mkIf (!config.me.buildingIso) {
nix.settings.system-features = lib.mkForce [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
# nixpkgs.hostPlatform = {
# gcc.arch = "znver4";
# gcc.tune = "znver4";
# system = "x86_64-linux";
# };
nixpkgs.overlays = [
(
self: super:
let
optimizeWithFlags =
pkg: flags:
pkg.overrideAttrs (old: {
NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags;
});
addConfig =
additionalConfig: pkg:
pkg.override (oldconfig: {
structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
});
in
{
linux_znver4 =
addConfig
{
# Full preemption
PREEMPT = lib.mkOverride 60 lib.kernel.yes;
PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
# Google's BBRv3 TCP congestion Control
TCP_CONG_BBR = lib.kernel.yes;
DEFAULT_BBR = lib.kernel.yes;
# Preemptive Full Tickless Kernel at 300Hz
HZ = lib.kernel.freeform "300";
HZ_300 = lib.kernel.yes;
HZ_1000 = lib.kernel.no;
}
(
optimizeWithFlags super.linux_6_12 [
"-march=znver4"
"-mtune=znver4"
]
);
}
)
];
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_znver4;
})
(lib.mkIf (config.me.buildingIso) {
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_12;
boot.supportedFilesystems.zfs = true;
})
];
}

59
nix/configuration/hosts/odo/power_management.nix Normal file
View File

@@ -0,0 +1,59 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
environment.systemPackages = with pkgs; [
powertop
];
# amdgpu.abmlevel=3 :: Automatically reduce screen brightness but tweak colors to compensate for power reduction.
# pcie_aspm=force pcie_aspm.policy=powersupersave :: Enable PCIe active state power management for power reduction.
# nowatchdog :: Disable watchdog for power savings (related to disable_sp5100_watchdog above).
# amd_pstate=passive :: Fully automated hardware pstate control.
# amd_pstate=active :: Same as passive except we can set the energy performance preference (EPP) to suggest how much we prefer performance or energy efficiency.
# amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds.
# amdgpu.dcdebugmask=0x10 :: Allegedly disables Panel Replay from https://community.frame.work/t/tracking-freezing-arch-linux-amd/39495/32
boot.kernelParams = [
"amdgpu.abmlevel=3"
"pcie_aspm=force"
# "pcie_aspm.policy=powersupersave"
"nowatchdog"
# I don't see a measurable benefit from these two:
# "cpufreq.default_governor=powersave"
# "initcall_blacklist=cpufreq_gov_userspace_init"
];
systemd.tmpfiles.rules = [
"w- /sys/firmware/acpi/platform_profile - - - - low-power"
"w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy4/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy5/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy6/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy7/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy8/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy9/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy10/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy11/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy12/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power"
];
boot.extraModprobeConfig = ''
# Disable the hardware watchdog inside AMD 700 chipset series for power savings.
blacklist sp5100_tco
# Sound power-saving was causing chat notifications to be inaudible.
# options snd_hda_intel power_save=1
'';
}

14
nix/configuration/hosts/odo/screen_brightness.nix Normal file
View File

@@ -0,0 +1,14 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
systemd.tmpfiles.rules = [
"w- /sys/class/backlight/amdgpu_bl1/brightness - - - - 85"
];
}

21
nix/configuration/hosts/odo/wifi.nix Normal file
View File

@@ -0,0 +1,21 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = {
environment.loginShellInit = lib.mkIf (!config.me.buildingIso) ''
doas iw dev wlan0 set power_save off
'';
# Enable debug logging for ath12k wifi card.
boot.kernelParams = [
"ath12k.debug_mask=0xffffffff"
];
};
}

39
nix/configuration/network.nix
View File

@@ -1,39 +0,0 @@
{ config, lib, pkgs, ... }:
{
imports = [];
networking.dhcpcd.enable = false;
networking.useDHCP = false;
networking.nameservers = [ "194.242.2.2#doh.mullvad.net" "2a07:e340::2#doh.mullvad.net" ];
services.resolved = {
enable = true;
dnssec = "true";
domains = [ "~." ];
fallbackDns = [ ];
dnsovertls = "true";
};
# Without this, systemd-resolved will send DNS requests for <X>.home.arpa to the per-link DNS server (172.16.0.1) which does not support DNS-over-TLS. This leads to the connection anging and timing out. This causes firefox startup to take an extra 10+ seconds.
#
# Test with: drill @127.0.0.53 odo.home.arpa
networking.extraHosts = "127.0.0.1 odo.home.arpa";
networking.wireless.iwd = {
enable = true;
settings = {
General = {
EnableNetworkConfiguration = true;
AddressRandomization = "network";
ControlPortOverNL80211 = false;
};
};
};
environment.systemPackages = with pkgs; [
iw
iwd
ldns # for drill
];
}

48
nix/configuration/roles/2ship2harkinian/default.nix Normal file
View File

@@ -0,0 +1,48 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
ship2harkinian.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install 2ship2harkinian.";
};
};
config = lib.mkIf config.me.ship2harkinian.enable (
lib.mkMerge [
{
allowedUnfree = [ "2ship2harkinian" ];
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
_2ship2harkinian
];
# TODO perhaps install ~/.local/share/2ship/2ship2harkinian.json
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".local/share/2ship";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
})
]
);
}

38
nix/configuration/roles/alacritty/default.nix Normal file
View File

@@ -0,0 +1,38 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
alacritty.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install alacritty.";
};
};
config = lib.mkIf config.me.alacritty.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
alacritty
xdg-utils # for xdg-open
];
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".config/alacritty/alacritty.toml" = {
source = ./files/alacritty.toml;
};
};
})
]
);
}

44
nix/configuration/roles/alacritty/files/alacritty.toml Normal file
View File

@@ -0,0 +1,44 @@
[colors]
draw_bold_text_with_bright_colors = true
indexed_colors = []
[colors.bright]
black = "0x666666"
blue = "0x7aa6da"
cyan = "0x54ced6"
green = "0x9ec400"
magenta = "0xb77ee0"
red = "0xff3334"
white = "0xffffff"
yellow = "0xe7c547"
[colors.normal]
black = "0x000000"
blue = "0x7aa6da"
cyan = "0x70c0ba"
green = "0xb9ca4a"
magenta = "0xc397d8"
red = "0xd54e53"
white = "0xeaeaea"
yellow = "0xe6c547"
[colors.primary]
background = "0x000000"
foreground = "0xeaeaea"
[font]
size = 11.0
[[hints.enabled]]
command = "xdg-open"
post_processing = true
regex = "(ipfs:|ipns:|magnet:|mailto:|gemini:|gopher:|https:|http:|news:|file:|git:|ssh:|ftp:)[^\u0000-\u001F\u007F-<>\"\\s{-}\\^⟨⟩`]+"
[hints.enabled.mouse]
enabled = false
mods = "None"
[scrolling]
history = 10000
# Lines moved per scroll.
multiplier = 3

86
nix/configuration/roles/ansible/default.nix Normal file
View File

@@ -0,0 +1,86 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
ansible.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install ansible.";
};
};
config = lib.mkIf config.me.ansible.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
ansible
];
nixpkgs.overlays = [
(final: prev: {
ansible = pkgs.symlinkJoin {
name = "ansible";
paths = [
(prev.ansible.overridePythonAttrs {
propagatedBuildInputs = prev.ansible.propagatedBuildInputs ++ [ prev.python3Packages.jmespath ];
})
pkgs.ansible-sshjail
];
buildInputs = [ pkgs.makeWrapper ];
postBuild = ''
${lib.concatMapStringsSep "\n"
(
prog:
(
"wrapProgram $out/bin/${prog} ${
lib.concatMapStringsSep " "
(
plugin_type:
"--set ANSIBLE_${lib.toUpper plugin_type}_PLUGINS $out/share/ansible/plugins/${lib.toLower plugin_type}_plugins"
)
[
"action"
"cache"
"callback"
"connection"
"filter"
"inventory"
"lookup"
"shell"
"strategy"
"test"
"vars"
]
} --prefix PATH : ${lib.makeBinPath [ ]}"
)
)
[
"ansible"
"ansible-config"
"ansible-console"
"ansible-doc"
"ansible-galaxy"
"ansible-inventory"
"ansible-playbook"
"ansible-pull"
"ansible-test"
"ansible-vault"
]
}
'';
};
})
];
}
]
);
}

44
nix/configuration/roles/ares/default.nix Normal file
View File

@@ -0,0 +1,44 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
ares.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install ares.";
};
};
config = lib.mkIf config.me.ares.enable (
lib.mkMerge [
{ }
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
ares
];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".local/share/ares";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
})
]
);
}

27
nix/configuration/roles/blank/default.nix
View File

@@ -1,7 +1,30 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
{
imports = [];
imports = [ ];
options.me = {
blank.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install blank.";
};
};
config = lib.mkIf config.me.blank.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
];
}
(lib.mkIf config.me.graphical {
})
]
);
}

46
nix/configuration/roles/bluetooth/default.nix Normal file
View File

@@ -0,0 +1,46 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
bluetooth.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install bluetooth.";
};
};
config = lib.mkIf config.me.bluetooth.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
];
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
settings = {
General = {
# Enable support for showing battery charge level.
Experimental = true;
};
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
"/var/lib/bluetooth" # Bluetooth pairing information.
];
};
}
]
);
}

105
nix/configuration/roles/boot/default.nix Normal file
View File

@@ -0,0 +1,105 @@
# ISO does not work with systemd initrd yet https://github.com/NixOS/nixpkgs/pull/291750
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options = {
me.secureBoot = {
enable = lib.mkOption {
default = false;
type = lib.types.bool;
description = ''
Enable to use secure boot.
'';
};
};
};
config = lib.mkMerge [
{
environment.systemPackages = with pkgs; [
tpm2-tools # For tpm2_eventlog to check for OptionRoms
# cp /sys/kernel/security/tpm0/binary_bios_measurements eventlog
# tpm2_eventlog eventlog | grep "BOOT_SERVICES_DRIVER"
sbctl # For debugging and troubleshooting Secure Boot.
];
}
(lib.mkIf (!config.me.buildingIso) {
boot.loader.grub.enable = false;
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
# TODO: make not write bootx64.efi
boot.loader.efi.canTouchEfiVariables = false;
# Automatically delete old generations
boot.loader.systemd-boot.configurationLimit = 3;
boot.loader.systemd-boot.memtest86.enable = true;
# Check what will be lost with `zfs diff zroot/linux/root@blank`
boot.initrd.systemd.enable = lib.mkDefault true;
boot.initrd.systemd.services.zfs-rollback = {
description = "Rollback ZFS root dataset to blank snapshot";
wantedBy = [
"initrd.target"
];
after = [
"zfs-import-zroot.service"
];
before = [
"sysroot.mount"
];
path = with pkgs; [
zfs
];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
zfs rollback -r zroot/linux/nix/root@blank
zfs rollback -r zroot/linux/nix/home@blank
echo "rollback complete"
'';
};
# boot.loader.systemd-boot.extraEntries = {
# "windows.conf" = ''
# title Windows
# efi /EFI/Microsoft/Boot/bootmgfw.efi
# options root=PARTUUID=17e325bf-a378-4d1d-be6a-f6df5476f0fa
# '';
# };
})
(lib.mkIf (config.me.secureBoot.enable) {
environment.systemPackages = with pkgs; [
sbctl
];
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
"/var/lib/sbctl" # Secure Boot Keys
];
};
})
];
}
# efibootmgr -c -d /dev/sda -p 1 -L NixOS-boot -l '\EFI\NixOS-boot\grubx64.efi'
# Text-only:
# sudo cp "$(nix-build '<nixpkgs>' --no-out-link -A 'refind')/share/refind/refind_x64.efi" /boot/EFI/boot/bootx64.efi
# Full graphics:
# $ sudo nix-shell -p refind efibootmgr
# $ refind-install

31
nix/configuration/roles/chromecast/default.nix Normal file
View File

@@ -0,0 +1,31 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
chromecast.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install chromecast.";
};
};
config = lib.mkIf config.me.chromecast.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
catt
];
}
(lib.mkIf config.me.graphical {
})
]
);
}

65
nix/configuration/roles/chromium/default.nix Normal file
View File

@@ -0,0 +1,65 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
chromium.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install chromium.";
};
};
config = lib.mkIf config.me.chromium.enable (
lib.mkMerge [
{ }
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
(chromium.override { enableWideVine = true; })
];
allowedUnfree = [
"chromium"
"chromium-unwrapped"
"widevine-cdm"
];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".config/chromium";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".cache/chromium";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
# Enabling vulkan causes video to render as white
# nixpkgs.config.chromium.commandLineArgs = "--enable-features=Vulkan";
})
]
);
}

64
nix/configuration/roles/docker/default.nix Normal file
View File

@@ -0,0 +1,64 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
docker.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install docker.";
};
};
config = lib.mkIf config.me.docker.enable (
lib.mkMerge [
{
virtualisation.docker.enable = true;
# Use docker activation
virtualisation.docker.enableOnBoot = false;
# Rootless docker breaks access to ssh for buildkit.
# virtualisation.docker.rootless = {
# enable = true;
# setSocketVariable = true;
# };
# Give docker access to ssh for fetching repos with buildkit.
virtualisation.docker.extraPackages = [ pkgs.openssh ];
environment.systemPackages = with pkgs; [
docker-buildx
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
{
directory = "/var/lib/docker";
user = "root";
group = "root";
mode = "0740";
}
];
# users.talexander = {
# directories = [
# {
# directory = ".local/share/docker";
# user = "talexander";
# group = "talexander";
# mode = "0740";
# }
# ];
# };
};
# Needed for non-rootless docker
users.users.talexander.extraGroups = [ "docker" ];
}
]
);
}

216
nix/configuration/roles/emacs/default.nix
View File

@@ -1,69 +1,167 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
plainmacs = pkgs.writeShellScriptBin "plainmacs" ''
INIT_SCRIPT=$(cat <<EOF
(progn
(setq make-backup-files nil auto-save-default nil create-lockfiles nil)
(load-theme 'tango-dark t)
(set-face-attribute 'default nil :background "black")
;; Bright yellow highlighting for selected region
(set-face-attribute 'region nil :background "#ffff50" :foreground "black")
;; Bright green cursor to distinguish from yellow region
(set-cursor-color "#ccff66")
;; Hightlight the current line
(set-face-attribute 'line-number-current-line nil :foreground "white")
;; Set default font
(set-face-attribute 'default nil :height 100 :width 'regular :weight 'regular :family "Cascadia Mono")
;; Set fallback font for unicode glyphs
(when (display-graphic-p)
(set-fontset-font "fontset-default" nil (font-spec :name "Noto Color Emoji")))
(menu-bar-mode -1)
(when (fboundp 'tool-bar-mode)
(tool-bar-mode -1))
(when ( fboundp 'scroll-bar-mode)
(scroll-bar-mode -1))
(pixel-scroll-precision-mode)
(setq frame-resize-pixelwise t)
)
EOF
)
plainmacs =
emacs_package:
pkgs.writeShellScriptBin "plainmacs" ''
INIT_SCRIPT=$(cat <<EOF
(progn
(setq make-backup-files nil auto-save-default nil create-lockfiles nil)
(load-theme 'tango-dark t)
(set-face-attribute 'default nil :background "black")
;; Bright yellow highlighting for selected region
(set-face-attribute 'region nil :background "#ffff50" :foreground "black")
;; Bright green cursor to distinguish from yellow region
(set-cursor-color "#ccff66")
;; Hightlight the current line
(set-face-attribute 'line-number-current-line nil :foreground "white")
;; Set default font
(set-face-attribute 'default nil :height 100 :width 'regular :weight 'regular :family "Cascadia Mono")
;; Set fallback font for unicode glyphs
(when (display-graphic-p)
(set-fontset-font "fontset-default" nil (font-spec :name "Noto Color Emoji")))
(menu-bar-mode -1)
(when (fboundp 'tool-bar-mode)
(tool-bar-mode -1))
(when ( fboundp 'scroll-bar-mode)
(scroll-bar-mode -1))
(pixel-scroll-precision-mode)
(setq frame-resize-pixelwise t)
)
EOF
)
exec ${pkgs.emacs29-pgtk}/bin/emacs -q --eval "$INIT_SCRIPT" "''${@}"
'';
exec ${emacs_package}/bin/emacs -q --eval "$INIT_SCRIPT" "''${@}"
'';
e_shorthand =
emacs_package:
pkgs.writeShellScriptBin "e" ''
exec ${emacs_package}/bin/emacs "''${@}"
'';
in
{
imports = [];
imports = [ ];
environment.systemPackages = with pkgs; [
plainmacs
emacs29-pgtk
clang # To compile tree-sitter grammars
nixd # nix language server
];
home-manager.users.talexander = { pkgs, ... }: {
home.file.".config/emacs" = {
source = ./files/emacs;
recursive = true;
};
options.me.emacs_flavor = lib.mkOption {
type = lib.types.nullOr (
lib.types.enum [
"full"
"plainmacs"
]
);
default = null;
example = "full";
description = "What flavor of emacs to set up.";
};
environment.persistence."/state" = {
hideMounts = true;
users.talexander = {
directories = [
".config/emacs/eln-cache" # Installed packages
".config/emacs/elpa" # Installed packages
".config/emacs/private" # For recentf
".config/emacs/tree-sitter" # Compiled tree-sitter grammars
];
files = [
".config/emacs/history" # For savehist
".config/emacs/.last-package-update-day" # For use-package
];
};
};
config = lib.mkIf (config.me.emacs_flavor != null) (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
my_emacs
(plainmacs my_emacs)
(e_shorthand my_emacs)
];
environment.variables.EDITOR = "${plainmacs}/bin/plainmacs";
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
".config/emacs/eln-cache" # Installed packages
".config/emacs/elpa" # Installed packages
".config/emacs/private" # For recentf
".config/emacs/tree-sitter" # Compiled tree-sitter grammars
];
files = [
".config/emacs/history" # For savehist
".config/emacs/.last-package-update-day" # For use-package
];
};
};
environment.variables.EDITOR = "plainmacs";
}
(lib.mkIf (config.me.graphical) {
nixpkgs.overlays = [
(final: prev: {
my_emacs = final.emacs29-pgtk;
})
];
})
(lib.mkIf (!config.me.graphical) {
nixpkgs.overlays = [
(final: prev: {
my_emacs = final.emacs-nox;
})
];
})
(lib.mkIf (config.me.emacs_flavor == "full") {
nixpkgs.overlays = [
(final: prev: {
my_emacs = pkgs.buildEnv {
name = prev.my_emacs.name;
paths = with prev; [
my_emacs
];
extraOutputsToInstall = [
"man"
"doc"
"info"
];
buildInputs = [ final.makeWrapper ];
postBuild = ''
wrapProgram $out/bin/emacs --prefix PATH : ${
lib.makeBinPath [
(final.aspellWithDicts (
dicts: with dicts; [
en
en-computers
]
))
final.nixd # nix language server
final.nixfmt-rfc-style # auto-formatting nix files through nixd
final.clang # To compile tree-sitter grammars
final.shellcheck
final.cmake-language-server
final.cmake # Used by cmake-language-server
]
}
'';
};
})
];
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".config/emacs" = {
source = ./files/emacs;
recursive = true;
};
};
})
(lib.mkIf (config.me.emacs_flavor == "plainmacs") {
nixpkgs.overlays = [
(final: prev: {
my_emacs = pkgs.buildEnv {
name = prev.my_emacs.name;
paths = with prev; [
my_emacs
];
extraOutputsToInstall = [
"man"
"doc"
"info"
];
};
})
];
})
]
);
}

18
nix/configuration/roles/emacs/files/emacs/elisp/lang-cmake.el Normal file
View File

@@ -0,0 +1,18 @@
(require 'common-lsp)
(use-package cmake-mode
:commands cmake-mode
:hook (
(cmake-mode . (lambda ()
(eglot-ensure)
(defclass my/eglot-cmake (eglot-lsp-server) ()
:documentation
"Own eglot server class.")
(add-to-list 'eglot-server-programs
'(cmake-mode . (my/eglot-cmake "cmake-language-server")))
))
)
)
(provide 'lang-cmake)

2
nix/configuration/roles/emacs/files/emacs/elisp/lang-org.el
View File

@@ -38,6 +38,8 @@
;; TODO: There is an option to set the compiler, could be better than manually doing this here https://orgmode.org/manual/LaTeX_002fPDF-export-commands.html
;; (setq org-latex-compiler "lualatex")
;; TODO: nixos latex page recommends this line, figure out what it does / why its needed:
;; (setq org-preview-latex-default-process 'dvisvgm)
(setq org-latex-pdf-process
'("lualatex -shell-escape -interaction nonstopmode -output-directory %o %f"
"lualatex -shell-escape -interaction nonstopmode -output-directory %o %f"

2
nix/configuration/roles/emacs/files/emacs/init.el
View File

@@ -38,4 +38,6 @@
(require 'lang-nix)
(require 'lang-cmake)
(load-directory autoload-directory)

217
nix/configuration/roles/firefox/default.nix
View File

@@ -1,97 +1,136 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
{
imports = [];
imports = [ ];
programs.firefox = {
enable = true;
package = (pkgs.wrapFirefox (pkgs.firefox-unwrapped.override { pipewireSupport = true;}) {});
languagePacks = [ "en-US" ];
preferences = {
# "identity.sync.tokenserver.uri": "https://ffsync.fizz.buzz/token/1.0/sync/1.5";
"media.hardware-video-decoding.force-enabled" = true;
"media.ffmpeg.vaapi.enabled" = true;
"doh-rollout.doorhanger-decision" = "UIDisabled";
"dom.security.https_only_mode" = true;
"dom.security.https_only_mode_ever_enabled" = true;
"extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
# Disable ads
"extensions.pocket.enabled" = false;
"browser.newtabpage.activity-stream.showSponsored" = false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
"browser.newtabpage.activity-stream.feeds.section.topstories" = false;
"browser.newtabpage.pinned" = "[]";
"browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
"browser.topsites.contile.enabled" = false;
# Disable cache when devtools are open.
"devtools.cache.disabled" = true;
# Do not track header.
"privacy.donottrackheader.enabled" = true;
# Tell websites not to share or sell my data.
"privacy.globalprivacycontrol.enabled" = true;
# Disable "studies" (slice testing)
"app.shield.optoutstudies.enabled" = false;
# Disable attribution which is used by advertisers to track you.
"dom.private-attribution.submission.enabled" = false;
# Disable battery status, used to track users.
"dom.battery.enabled" = false;
# Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
#
# This breaks copying from BigQuery https://github.com/microsoft/monaco-editor/issues/1540
# dom.event.clipboardevents.enabled: false
# Isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains.
"privacy.firstparty.isolate" = true;
# Do not preload URLs that auto-complete in the address bar.
"browser.urlbar.speculativeConnect.enabled" = false;
# Do not resist fingerprinting because that tells websites to use light mode.
# https://bugzilla.mozilla.org/show_bug.cgi?id=1732114
"privacy.resistFingerprinting" = false; # (default false)
# Instead, enable fingerprinting protection, which allows configuring an override.
"privacy.fingerprintingProtection" = true;
# Allow sending dark mode preference to websites.
# Allow sending timezone to websites.
"privacy.fingerprintingProtection.overrides" = "+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked";
# Disable weather on new tab page
"browser.newtabpage.activity-stream.showWeather" = false;
options.me = {
firefox.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install firefox.";
};
# Check about:policies#documentation and https://mozilla.github.io/policy-templates/ for options.
policies = {
DisableTelemetry = true;
DisplayBookmarksToolbar = "newtab";
};
# Check about:support for extension/add-on ID strings.
# Valid strings for installation_mode are "allowed", "blocked",
# "force_installed" and "normal_installed".
ExtensionSettings = {
# "*".installation_mode = "blocked"; # blocks all addons except the ones specified below
"uBlock0@raymondhill.net" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
installation_mode = "force_installed";
config = lib.mkIf config.me.firefox.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
programs.firefox = {
enable = true;
package = (pkgs.wrapFirefox (pkgs.firefox-unwrapped.override { pipewireSupport = true; }) { });
languagePacks = [ "en-US" ];
preferences = {
# "identity.sync.tokenserver.uri": "https://ffsync.fizz.buzz/token/1.0/sync/1.5";
"media.hardware-video-decoding.force-enabled" = true;
"media.ffmpeg.vaapi.enabled" = true;
"doh-rollout.doorhanger-decision" = "UIDisabled";
"dom.security.https_only_mode" = true;
"dom.security.https_only_mode_ever_enabled" = true;
"extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
# Disable ads
"extensions.pocket.enabled" = false;
"browser.newtabpage.activity-stream.showSponsored" = false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
"browser.newtabpage.activity-stream.feeds.section.topstories" = false;
"browser.newtabpage.pinned" = "[]";
"browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
"browser.topsites.contile.enabled" = false;
# Disable cache when devtools are open.
"devtools.cache.disabled" = true;
# Do not track header.
"privacy.donottrackheader.enabled" = true;
# Tell websites not to share or sell my data.
"privacy.globalprivacycontrol.enabled" = true;
# Disable "studies" (slice testing)
"app.shield.optoutstudies.enabled" = false;
# Disable attribution which is used by advertisers to track you.
"dom.private-attribution.submission.enabled" = false;
# Disable battery status, used to track users.
"dom.battery.enabled" = false;
# Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
#
# This breaks copying from BigQuery https://github.com/microsoft/monaco-editor/issues/1540
# dom.event.clipboardevents.enabled: false
# Isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains.
"privacy.firstparty.isolate" = true;
# Do not preload URLs that auto-complete in the address bar.
"browser.urlbar.speculativeConnect.enabled" = false;
# Do not resist fingerprinting because that tells websites to use light mode.
# https://bugzilla.mozilla.org/show_bug.cgi?id=1732114
"privacy.resistFingerprinting" = false; # (default false)
# Instead, enable fingerprinting protection, which allows configuring an override.
"privacy.fingerprintingProtection" = true;
# Allow sending dark mode preference to websites.
# Allow sending timezone to websites.
"privacy.fingerprintingProtection.overrides" =
"+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked";
# Disable weather on new tab page
"browser.newtabpage.activity-stream.showWeather" = false;
};
# Check about:policies#documentation and https://mozilla.github.io/policy-templates/ for options.
policies = {
DisableTelemetry = true;
DisplayBookmarksToolbar = "newtab";
# Check about:support for extension/add-on ID strings.
# Valid strings for installation_mode are "allowed", "blocked",
# "force_installed" and "normal_installed".
ExtensionSettings = {
# "*".installation_mode = "blocked"; # blocks all addons except the ones specified below
"uBlock0@raymondhill.net" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
installation_mode = "force_installed";
};
"firefox@teleparty.com" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/netflix-party-is-now-teleparty/latest.xpi";
installation_mode = "normal_installed";
};
"@ublacklist" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublacklist/latest.xpi";
installation_mode = "normal_installed";
};
"@react-devtools" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/react-devtools/latest.xpi";
installation_mode = "normal_installed";
};
};
};
};
"firefox@teleparty.com" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/netflix-party-is-now-teleparty/latest.xpi";
installation_mode = "normal_installed";
};
};
};
};
environment.persistence."/persist" = {
hideMounts = true;
users.talexander = {
directories = [
{ directory = ".mozilla"; user = "talexander"; group = "talexander"; mode = "0700"; }
];
};
};
environment.persistence."/state" = {
hideMounts = true;
users.talexander = {
directories = [
{ directory = ".cache/mozilla"; user = "talexander"; group = "talexander"; mode = "0700"; }
];
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".mozilla";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".cache/mozilla";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
})
]
);
}

9
nix/configuration/roles/firewall/default.nix
View File

@@ -1,7 +1,12 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
{
imports = [];
imports = [ ];
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [

133
nix/configuration/roles/fonts/default.nix
View File

@@ -1,118 +1,29 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
{
imports = [];
imports = [ ];
fonts = {
enableDefaultPackages = true;
packages = with pkgs; [
cascadia-code
source-sans-pro
source-serif-pro
];
config = lib.mkIf config.me.graphical {
fonts = {
enableDefaultPackages = false;
packages = with pkgs; [
cascadia-code
source-sans-pro
source-serif-pro
noto-fonts-cjk-sans
noto-fonts-cjk-serif
noto-fonts-color-emoji
];
fontconfig = {
localConf = ''
<?xml version="1.0"?>
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
<fontconfig>
<!-- reject all bitmap fonts, with the exception of 'terminus' -->
<selectfont>
<!-- <acceptfont> -->
<!-- <pattern> -->
<!-- <patelt name="family"> <string>Terminus</string> </patelt> -->
<!-- </pattern> -->
<!-- </acceptfont> -->
<rejectfont>
<pattern>
<patelt name="scalable"> <bool>false</bool> </patelt>
</pattern>
</rejectfont>
<rejectfont>
<!-- You don't want ghostscript fonts in your web browsing because of annoying ligatures like ffi -->
<glob>/usr/share/fonts/gsfonts/*</glob>
</rejectfont>
</selectfont>
<!-- preferred aliases -->
<alias>
<family>serif</family>
<prefer>
<family>Source Serif Pro</family>
<family>Source Sans Pro</family>
</prefer>
</alias>
<!-- preferred aliases -->
<alias>
<family>sans-serif</family>
<prefer>
<family>Source Sans Pro</family>
<family>Source Serif Pro</family>
</prefer>
</alias>
<!-- preferred aliases -->
<alias>
<family>monospace</family>
<prefer>
<family>Cascadia Mono</family>
<family>Cascadia Code</family>
</prefer>
</alias>
<!-- Screw it. Force Liberation Mono to be source code pro. -->
<match target="pattern">
<test qual="any" name="family"><string>Liberation Mono</string></test>
<edit name="family" mode="assign" binding="same"><string>Cascadia Mono</string></edit>
</match>
<!-- Dejavu Sans Mono keeps coming back when I query "monospace". Doesn't happen when I'm using Souce Code Pro but does happen with cascadia... force it to cascadia -->
<match target="pattern">
<test qual="any" name="family"><string>monospace</string></test>
<edit name="family" mode="assign" binding="same"><string>Cascadia Mono</string></edit>
</match>
<!-- Disable ligatures in monospace fonts. -->
<match target="font">
<test name="family" compare="eq" ignore-blanks="true">
<string>Cascadia Code</string>
</test>
<edit name="fontfeatures" mode="append">
<string>liga off</string>
<string>dlig off</string>
</edit>
</match>
<!-- Font Display Settings -->
<match target="font" >
<edit mode="assign" name="rgba" >
<const>rgb</const>
</edit>
</match>
<match target="font" >
<edit mode="assign" name="hinting" >
<bool>true</bool>
</edit>
</match>
<match target="font" >
<edit mode="assign" name="hintstyle" >
<const>hintslight</const>
</edit>
</match>
<match target="font" >
<edit mode="assign" name="antialias" >
<bool>true</bool>
</edit>
</match>
<match target="font" >
<edit mode="assign" name="lcdfilter" >
<const>lcddefault</const>
</edit>
</match>
</fontconfig>
'';
fontconfig = {
localConf = (builtins.readFile ./files/fonts.conf);
useEmbeddedBitmaps = true;
};
};
};
}

99
nix/configuration/roles/fonts/files/fonts.conf Normal file
View File

@@ -0,0 +1,99 @@
<?xml version="1.0"?>
<!DOCTYPE fontconfig SYSTEM "fonts.dtd">
<fontconfig>
<!-- reject all bitmap fonts, with the exception of 'terminus' -->
<selectfont>
<!-- <acceptfont> -->
<!-- <pattern> -->
<!-- <patelt name="family"> <string>Terminus</string> </patelt> -->
<!-- </pattern> -->
<!-- </acceptfont> -->
<rejectfont>
<pattern>
<patelt name="scalable"> <bool>false</bool> </patelt>
</pattern>
</rejectfont>
<rejectfont>
<!-- You don't want ghostscript fonts in your web browsing because of annoying ligatures like ffi -->
<glob>/usr/share/fonts/gsfonts/*</glob>
</rejectfont>
</selectfont>
<!-- preferred aliases -->
<alias>
<family>serif</family>
<prefer>
<family>Source Serif Pro</family>
<family>Source Sans Pro</family>
</prefer>
</alias>
<!-- preferred aliases -->
<alias>
<family>sans-serif</family>
<prefer>
<family>Source Sans Pro</family>
<family>Source Serif Pro</family>
</prefer>
</alias>
<!-- preferred aliases -->
<alias>
<family>monospace</family>
<prefer>
<family>Cascadia Mono</family>
<family>Cascadia Code</family>
</prefer>
</alias>
<!-- Screw it. Force Liberation Mono to be source code pro. -->
<match target="pattern">
<test qual="any" name="family"><string>Liberation Mono</string></test>
<edit name="family" mode="assign" binding="same"><string>Cascadia Mono</string></edit>
</match>
<!-- Dejavu Sans Mono keeps coming back when I query "monospace". Doesn't happen when I'm using Souce Code Pro but does happen with cascadia... force it to cascadia -->
<match target="pattern">
<test qual="any" name="family"><string>monospace</string></test>
<edit name="family" mode="assign" binding="same"><string>Cascadia Mono</string></edit>
</match>
<!-- Disable ligatures in monospace fonts. -->
<match target="font">
<test name="family" compare="eq" ignore-blanks="true">
<string>Cascadia Code</string>
</test>
<edit name="fontfeatures" mode="append">
<string>liga off</string>
<string>dlig off</string>
</edit>
</match>
<!-- Font Display Settings -->
<match target="font" >
<edit mode="assign" name="rgba" >
<const>rgb</const>
</edit>
</match>
<match target="font" >
<edit mode="assign" name="hinting" >
<bool>true</bool>
</edit>
</match>
<match target="font" >
<edit mode="assign" name="hintstyle" >
<const>hintslight</const>
</edit>
</match>
<match target="font" >
<edit mode="assign" name="antialias" >
<bool>true</bool>
</edit>
</match>
<match target="font" >
<edit mode="assign" name="lcdfilter" >
<const>lcddefault</const>
</edit>
</match>
</fontconfig>

88
nix/configuration/roles/git/default.nix
View File

@@ -1,15 +1,85 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
{
imports = [];
imports = [ ];
environment.systemPackages = with pkgs; [
git
];
home-manager.users.talexander = { pkgs, ... }: {
home.file.".gitconfig" = {
source = ./files/gitconfig_home;
options.me = {
git.config = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
example = ./files/gitconfig_home;
description = "A git config file.";
};
};
config = lib.mkMerge [
{
environment.systemPackages = with pkgs; [
git
];
}
(lib.mkIf (config.me.git.config != null) {
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".gitconfig" = {
source = config.me.git.config;
};
};
})
# (lib.mkIf (config.me.graphical) {
# nixpkgs.overlays = [
# (final: prev: {
# git = pkgs.buildEnv {
# name = prev.git.name;
# paths = [
# prev.git
# ];
# extraOutputsToInstall = [
# "man"
# "doc"
# "info"
# ];
# buildInputs = [ final.makeWrapper ];
# postBuild = ''
# wrapProgram $out/bin/git --prefix PATH : ${
# lib.makeBinPath [
# final.meld
# ]
# }
# '';
# };
# })
# ];
# })
# (lib.mkIf (!config.me.graphical) {
# nixpkgs.overlays = [
# (final: prev: {
# git = pkgs.buildEnv {
# name = prev.git.name;
# paths = [
# prev.git
# ];
# extraOutputsToInstall = [
# "man"
# "doc"
# "info"
# ];
# buildInputs = [ final.makeWrapper ];
# postBuild = ''
# wrapProgram $out/bin/git --prefix PATH : ${
# lib.makeBinPath [
# ]
# }
# '';
# };
# })
# ];
# })
];
}

34
nix/configuration/roles/global_options/default.nix Normal file
View File

@@ -0,0 +1,34 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
};
# options.me.graphics_card_type = lib.mkOption {
# type = lib.types.nullOr (
# lib.types.enum [
# "amd"
# "intel"
# "nvidia"
# ]
# );
# default = null;
# example = "amd";
# description = "What graphics card type is in the computer.";
# };
# options.me.graphical = lib.mkOption {
# type = lib.types.bool;
# default = false;
# example = true;
# description = "Whether we want to install graphical programs.";
# };
}

117
nix/configuration/roles/gpg/default.nix
View File

@@ -1,25 +1,108 @@
{ config, lib, pkgs, ... }:
{
imports = [];
config,
lib,
pkgs,
...
}:
# Fetch public keys:
# gpg --locate-keys tom@fizz.buzz
#
# gpg -vvv --auto-key-locate local,wkd --locate-keys tom@fizz.buzz
let
gpg_test_wkd =
(pkgs.writeScriptBin "gpg_test_wkd" (builtins.readFile ./files/gpg_test_wkd.bash)).overrideAttrs
(old: {
buildCommand = "${old.buildCommand}\n patchShebangs $out";
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
};
});
in
{
imports = [ ];
environment.persistence."/persist" = {
hideMounts = true;
users.talexander = {
directories = [
{ directory = ".gnupg"; user = "talexander"; group = "talexander"; mode = "0700"; } # Local keyring
];
options.me = {
gpg.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install gpg.";
};
};
config = lib.mkIf config.me.gpg.enable (
lib.mkMerge [
{
# Fetch public keys:
# gpg --locate-keys tom@fizz.buzz
#
# gpg -vvv --auto-key-locate local,wkd --locate-keys tom@fizz.buzz
hardware.gpgSmartcards.enable = true;
services.udev.packages = [
pkgs.yubikey-personalization
pkgs.libfido2
(pkgs.writeTextFile {
name = "my-rules";
text = ''
ACTION=="add", SUBSYSTEM=="usb", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0406", MODE="660", GROUP="wheel"
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0406", TAG+="uaccess", GROUP="wheel", MODE="0660"
'';
destination = "/etc/udev/rules.d/50-yubikey.rules";
})
];
services.pcscd.enable = true;
# services.gnome.gnome-keyring.enable = true;
# services.dbus.packages = [ pkgs.gcr ];
# services.pcscd.plugins = lib.mkForce [ ];
# programs.gpg.scdaemonSettings = {
# disable-ccid = true;
# };
# .gnupg/scdaemon.conf
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".gnupg/scdaemon.conf" = {
source = ./files/scdaemon.conf;
};
};
# programs.gnupg.dirmngr.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-qt;
# settings = {
# disable-ccid = true;
# };
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".gnupg";
user = "talexander";
group = "talexander";
mode = "0700";
} # Local keyring
];
};
};
environment.systemPackages = with pkgs; [
pcsclite
pcsctools
yubikey-personalization
yubikey-manager
glibcLocales
ccid
libusb-compat-0_1
gpg_test_wkd
];
programs.gnupg.agent.enableExtraSocket = true;
}
]
);
}

8
nix/configuration/roles/gpg/files/gpg_test_wkd.bash Normal file
View File

@@ -0,0 +1,8 @@
#!/usr/bin/env bash
#
# Test that we can retrieve a PGP key using Web Key Directory (WKD)
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
gpg --no-default-keyring --keyring /tmp/gpg-$$ --auto-key-locate clear,wkd --locate-keys "${@}"

7
nix/configuration/roles/gpg/files/scdaemon.conf Normal file
View File

@@ -0,0 +1,7 @@
#reader-port Yubico Yubi
disable-ccid
#log-file /home/talexander/scd.log
#verbose
#debug cardio
#debug-level 5

42
nix/configuration/roles/graphics/default.nix
View File

@@ -1,7 +1,43 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
{
imports = [];
imports = [ ];
hardware.graphics.enable = true;
options.me.graphics_card_type = lib.mkOption {
type = lib.types.nullOr (
lib.types.enum [
"amd"
"intel"
"nvidia"
]
);
default = null;
example = "amd";
description = "What graphics card type is in the computer.";
};
options.me.graphical = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install graphical programs.";
};
config = (
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
mesa-demos # for glxgears
vulkan-tools # for vkcube
xorg.xeyes # to test which windows are using x11
];
hardware.graphics.enable = true;
})
]
);
}

18
nix/configuration/roles/iso/default.nix Normal file
View File

@@ -0,0 +1,18 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me.buildingIso = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we are building an ISO image.";
};
}

56
nix/configuration/roles/kanshi/default.nix Normal file
View File

@@ -0,0 +1,56 @@
# TODO: Maybe replace with https://gitlab.com/w0lff/shikane because its written in rust
{
config,
lib,
pkgs,
...
}:
let
exec_kanshi = pkgs.writeTextFile {
name = "exec_kanshi.conf";
text = ''
exec kanshi
'';
};
in
{
imports = [ ];
options.me = {
kanshi.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install kanshi.";
};
};
config = lib.mkIf config.me.kanshi.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
];
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
kanshi
];
me.swayIncludes = [
exec_kanshi
];
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file = {
".config/kanshi/config" = {
source = ./files/config_kanshi;
};
};
};
})
]
);
}

7
nix/configuration/roles/kanshi/files/config_kanshi Normal file
View File

@@ -0,0 +1,7 @@
profile docked {
output eDP-1 disable
output "Dell Inc. DELL U3014 P1V6N35M329L" enable
}
profile laptop {
output eDP-1 enable
}

99
nix/configuration/roles/kodi/default.nix Normal file
View File

@@ -0,0 +1,99 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
kodi.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install kodi.";
};
};
config = lib.mkIf config.me.kodi.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
];
}
(lib.mkIf config.me.graphical {
services.cage.user = "kodi";
services.cage.program = "${pkgs.kodi-wayland}/bin/kodi-standalone";
services.cage.enable = true;
nixpkgs.overlays = [
(final: prev: {
kodi-wayland = prev.kodi-wayland.withPackages (
kodiPkgs: with kodiPkgs; [
joystick
vfs-sftp
]
);
})
];
users.users.kodi = {
isNormalUser = true;
createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481
group = "kodi";
extraGroups = [ ];
uid = 12000;
packages = with pkgs; [
tree
];
# Generate with `mkpasswd -m scrypt`
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
];
};
users.groups.kodi.gid = 12000;
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.kodi = {
directories = [
{
directory = ".ssh";
user = "kodi";
group = "kodi";
mode = "0755";
}
{
directory = ".kodi";
user = "kodi";
group = "kodi";
mode = "0755";
}
];
};
};
home-manager.users.kodi =
{ pkgs, ... }:
{
# home.file.".kodi/userdata/mediasources.xml".source = ./files/mediasources.xml;
# home.file.".kodi/userdata/addon_data/peripheral.joystick/resources/buttonmaps/xml/linux/DualSense_Wireless_Controller_13b_8a.xml".source =
# ./files/DualSense_Wireless_Controller_13b_8a.xml;
# TODO: Maybe .kodi/userdata/sources.xml
# TODO: ./userdata/guisettings.xml:303: <setting id="filecache.memorysize">128</setting>
# The state version is required and should stay at the version you
# originally installed.
home.stateVersion = "24.11";
};
})
]
);
}

38
nix/configuration/roles/kodi/files/DualSense_Wireless_Controller_13b_8a.xml Normal file
View File

@@ -0,0 +1,38 @@
<?xml version="1.0" ?>
<buttonmap>
<device name="DualSense Wireless Controller" provider="linux" buttoncount="13" axiscount="8">
<configuration>
<axis index="2" center="-1" range="2" />
<axis index="5" center="-1" range="2" />
</configuration>
<controller id="game.controller.default">
<feature name="a" button="0" />
<feature name="b" button="1" />
<feature name="back" button="9" />
<feature name="down" axis="+7" />
<feature name="guide" button="10" />
<feature name="left" axis="-6" />
<feature name="leftbumper" button="4" />
<feature name="leftstick">
<up axis="-1" />
<down axis="+1" />
<right axis="+0" />
<left axis="-0" />
</feature>
<feature name="lefttrigger" button="6" />
<feature name="right" axis="+6" />
<feature name="rightbumper" button="5" />
<feature name="rightstick">
<up axis="-4" />
<down axis="+4" />
<right axis="+3" />
<left axis="-3" />
</feature>
<feature name="righttrigger" button="7" />
<feature name="start" button="8" />
<feature name="up" axis="-7" />
<feature name="x" button="3" />
<feature name="y" button="2" />
</controller>
</device>
</buttonmap>

5
nix/configuration/roles/kodi/files/mediasources.xml Normal file
View File

@@ -0,0 +1,5 @@
<mediasources>
<network>
<location id="0">sftp://nochainstounlock@stuff.fizz.buzz:42069/readonly/library/</location>
</network>
</mediasources>

76
nix/configuration/roles/kubernetes/default.nix Normal file
View File

@@ -0,0 +1,76 @@
{
config,
lib,
pkgs,
...
}:
let
alias_kx = pkgs.writeShellScriptBin "kx" ''
exec ${pkgs.kubeswitch}/bin/switcher "''${@}"
'';
alias_ks = pkgs.writeShellScriptBin "ks" ''
exec ${pkgs.kubeswitch}/bin/switcher namespace "''${@}"
'';
alias_k = pkgs.writeShellScriptBin "k" ''
exec ${pkgs.kubectl}/bin/kubectl "''${@}"
'';
alias_ka = pkgs.writeShellScriptBin "ka" ''
exec ${pkgs.kubectl}/bin/kubectl "''${@}" --all-namespaces
'';
alias_kdel = pkgs.writeShellScriptBin "kdel" ''
exec ${pkgs.kubectl}/bin/kubectl delete --all "''${@}"
'';
alias_kd = pkgs.writeShellScriptBin "kd" ''
export KUBECTL_EXTERNAL_DIFF="${pkgs.colordiff}/bin/colordiff -N -u"
exec ${pkgs.kubectl}/bin/kubectl diff "''${@}"
'';
alias_klog = pkgs.writeShellScriptBin "klog" ''
exec ${pkgs.kubectl}/bin/kubectl logs --all-containers "$@"
'';
in
{
imports = [ ];
options.me = {
kubernetes.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install kubernetes.";
};
};
config = lib.mkIf config.me.kubernetes.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
kubectl
kubeswitch
stern
alias_kx
alias_ks
alias_k
alias_ka
alias_kdel
alias_kd
alias_klog
];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".kube";
user = "talexander";
group = "talexander";
mode = "0750";
}
];
};
};
}
]
);
}

45
nix/configuration/roles/latex/default.nix Normal file
View File

@@ -0,0 +1,45 @@
{
config,
lib,
pkgs,
...
}:
let
tex = (
pkgs.texlive.combine {
inherit (pkgs.texlive)
scheme-basic
dvisvgm
dvipng # for preview and export as html in org-mode
wrapfig
amsmath
ulem
hyperref
capt-of
;
}
);
in
{
imports = [ ];
options.me = {
latex.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install latex.";
};
};
config = lib.mkIf config.me.latex.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
tex
];
}
]
);
}

48
nix/configuration/roles/launch_keyboard/default.nix Normal file
View File

@@ -0,0 +1,48 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
launch_keyboard.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install launch_keyboard.";
};
};
config = lib.mkIf config.me.launch_keyboard.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
system76-keyboard-configurator
dfu-programmer # For flashing keyboard https://support.system76.com/articles/launch_2-firmware-update/
avrdude # For flashing keyboard https://support.system76.com/articles/launch_2-firmware-update/
lxqt.lxqt-policykit # Need a polkit agent to launch the keyboard configurator
];
systemd = {
user.services.lxqt-policykit-agent = {
description = "lxqt-policykit-agent";
wantedBy = [ "graphical-session.target" ];
wants = [ "graphical-session.target" ];
after = [ "graphical-session.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.lxqt.lxqt-policykit}/bin/lxqt-policykit-agent";
Restart = "on-failure";
RestartSec = 1;
TimeoutStopSec = 10;
};
};
};
})
]
);
}

894
nix/configuration/roles/launch_keyboard/files/launch_keyboard_layout.json Normal file
View File

@@ -0,0 +1,894 @@
{
"model": "system76/launch_2",
"version": 1,
"map": {
"K00": [
"ESC",
"RESET",
"ROLL_OVER",
"ROLL_OVER"
],
"K01": [
"F1",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K02": [
"F2",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K03": [
"F3",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K04": [
"F4",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K05": [
"F5",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K06": [
"F6",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K07": [
"F7",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K08": [
"F8",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K09": [
"F9",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K0A": [
"F10",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K0B": [
"F11",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K0C": [
"F12",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K0D": [
"DEL",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K0E": [
"HOME",
"PLAY_PAUSE",
"ROLL_OVER",
"ROLL_OVER"
],
"K10": [
"TICK",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K11": [
"1",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K12": [
"2",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K13": [
"3",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K14": [
"4",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K15": [
"5",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K16": [
"6",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K17": [
"7",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K18": [
"8",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K19": [
"9",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K1A": [
"0",
"KBD_TOGGLE",
"ROLL_OVER",
"ROLL_OVER"
],
"K1B": [
"MINUS",
"KBD_DOWN",
"ROLL_OVER",
"ROLL_OVER"
],
"K1C": [
"EQUALS",
"KBD_UP",
"ROLL_OVER",
"ROLL_OVER"
],
"K1D": [
"BKSP",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K1E": [
"PGUP",
"VOLUME_UP",
"ROLL_OVER",
"ROLL_OVER"
],
"K20": [
"TAB",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K21": [
"Q",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K22": [
"W",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K23": [
"E",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K24": [
"R",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K25": [
"T",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K26": [
"Y",
"HOME",
"ROLL_OVER",
"ROLL_OVER"
],
"K27": [
"U",
"PGDN",
"ROLL_OVER",
"ROLL_OVER"
],
"K28": [
"I",
"PGUP",
"ROLL_OVER",
"ROLL_OVER"
],
"K29": [
"O",
"END",
"ROLL_OVER",
"ROLL_OVER"
],
"K2A": [
"P",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K2B": [
"BRACE_OPEN",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K2C": [
"BRACE_CLOSE",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K2D": [
"BACKSLASH",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K2E": [
"PGDN",
"VOLUME_DOWN",
"ROLL_OVER",
"ROLL_OVER"
],
"K30": [
"CAPS",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K31": [
"A",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K32": [
"S",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K33": [
"D",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K34": [
"F",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K35": [
"G",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K36": [
"H",
"LEFT",
"ROLL_OVER",
"ROLL_OVER"
],
"K37": [
"J",
"DOWN",
"ROLL_OVER",
"ROLL_OVER"
],
"K38": [
"K",
"UP",
"ROLL_OVER",
"ROLL_OVER"
],
"K39": [
"L",
"RIGHT",
"ROLL_OVER",
"ROLL_OVER"
],
"K3A": [
"SEMICOLON",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K3B": [
"QUOTE",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K3C": [
"ENTER",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K3D": [
"END",
"MUTE",
"ROLL_OVER",
"ROLL_OVER"
],
"K40": [
"LEFT_SHIFT",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K41": [
"Z",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K42": [
"X",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K43": [
"C",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K44": [
"V",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K45": [
"B",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K46": [
"N",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K47": [
"M",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K48": [
"COMMA",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K49": [
"PERIOD",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K4A": [
"SLASH",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K4B": [
"RIGHT_SHIFT",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K4C": [
"UP",
"PGUP",
"ROLL_OVER",
"ROLL_OVER"
],
"K50": [
"LEFT_CTRL",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K51": [
"LEFT_SUPER",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K52": [
"LEFT_ALT",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K53": [
"FN",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K54": [
"SPACE",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K55": [
"SPACE",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K56": [
"RIGHT_CTRL",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K57": [
"RIGHT_ALT",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K58": [
"PRINT_SCREEN",
"ROLL_OVER",
"ROLL_OVER",
"ROLL_OVER"
],
"K59": [
"LEFT",
"HOME",
"ROLL_OVER",
"ROLL_OVER"
],
"K5A": [
"DOWN",
"PGDN",
"ROLL_OVER",
"ROLL_OVER"
],
"K5B": [
"RIGHT",
"END",
"ROLL_OVER",
"ROLL_OVER"
]
},
"key_leds": {
"K00": [
0,
0
],
"K01": [
0,
0
],
"K02": [
0,
0
],
"K03": [
0,
0
],
"K04": [
0,
0
],
"K05": [
0,
0
],
"K06": [
0,
0
],
"K07": [
0,
0
],
"K08": [
0,
0
],
"K09": [
0,
0
],
"K0A": [
0,
0
],
"K0B": [
0,
0
],
"K0C": [
0,
0
],
"K0D": [
0,
0
],
"K0E": [
0,
0
],
"K10": [
0,
0
],
"K11": [
0,
0
],
"K12": [
0,
0
],
"K13": [
0,
0
],
"K14": [
0,
0
],
"K15": [
0,
0
],
"K16": [
0,
0
],
"K17": [
0,
0
],
"K18": [
0,
0
],
"K19": [
0,
0
],
"K1A": [
0,
0
],
"K1B": [
0,
0
],
"K1C": [
0,
0
],
"K1D": [
0,
0
],
"K1E": [
0,
0
],
"K20": [
0,
0
],
"K21": [
0,
0
],
"K22": [
0,
0
],
"K23": [
0,
0
],
"K24": [
0,
0
],
"K25": [
0,
0
],
"K26": [
0,
0
],
"K27": [
0,
0
],
"K28": [
0,
0
],
"K29": [
0,
0
],
"K2A": [
0,
0
],
"K2B": [
0,
0
],
"K2C": [
0,
0
],
"K2D": [
0,
0
],
"K2E": [
0,
0
],
"K30": [
0,
0
],
"K31": [
0,
0
],
"K32": [
0,
0
],
"K33": [
0,
0
],
"K34": [
0,
0
],
"K35": [
0,
0
],
"K36": [
0,
0
],
"K37": [
0,
0
],
"K38": [
0,
0
],
"K39": [
0,
0
],
"K3A": [
0,
0
],
"K3B": [
0,
0
],
"K3C": [
0,
0
],
"K3D": [
0,
0
],
"K40": [
0,
0
],
"K41": [
0,
0
],
"K42": [
0,
0
],
"K43": [
0,
0
],
"K44": [
0,
0
],
"K45": [
0,
0
],
"K46": [
0,
0
],
"K47": [
0,
0
],
"K48": [
0,
0
],
"K49": [
0,
0
],
"K4A": [
0,
0
],
"K4B": [
0,
0
],
"K4C": [
0,
0
],
"K50": [
0,
0
],
"K51": [
0,
0
],
"K52": [
0,
0
],
"K53": [
0,
0
],
"K54": [
0,
0
],
"K55": [
0,
0
],
"K56": [
0,
0
],
"K57": [
0,
0
],
"K58": [
0,
0
],
"K59": [
0,
0
],
"K5A": [
0,
0
],
"K5B": [
0,
0
]
},
"layers": [
{
"mode": [
0,
127
],
"brightness": 109,
"color": [
0,
0
]
},
{
"mode": [
13,
127
],
"brightness": 109,
"color": [
21,
255
]
},
{
"mode": [
13,
127
],
"brightness": 109,
"color": [
142,
255
]
},
{
"mode": [
13,
127
],
"brightness": 109,
"color": [
142,
255
]
}
]
}

43
nix/configuration/roles/lvfs/default.nix Normal file
View File

@@ -0,0 +1,43 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
lvfs.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install lvfs.";
};
};
config = lib.mkIf config.me.lvfs.enable (
lib.mkMerge [
{
services.fwupd.enable = true;
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
{
directory = "/var/lib/fwupd";
user = "root";
group = "root";
mode = "0755";
}
];
};
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
gnome-firmware
];
})
]
);
}

64
nix/configuration/roles/media/default.nix Normal file
View File

@@ -0,0 +1,64 @@
{
config,
lib,
pkgs,
...
}:
let
cast_file_vaapi =
(pkgs.writeScriptBin "cast_file" (builtins.readFile ./files/cast_file_vaapi)).overrideAttrs
(old: {
buildCommand = "${old.buildCommand}\n patchShebangs $out";
});
cast_file_nvidia =
(pkgs.writeScriptBin "cast_file" (builtins.readFile ./files/cast_file_nvidia)).overrideAttrs
(old: {
buildCommand = "${old.buildCommand}\n patchShebangs $out";
});
in
{
imports = [ ];
options.me = {
media.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install media.";
};
};
config = lib.mkIf config.me.media.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
ffmpeg
];
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
mpv
evince
gimp
# So far I prefer imv over swayimg because imv supports the 'p' hotkey to print the currently-viewed file to stdout (useful for pipelines) and afaik doesn't support the exec:// protocol which seems like a massive risk.
imv
];
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".config/mpv/mpv.conf" = {
source = ./files/mpv.conf;
};
};
})
(lib.mkIf (config.me.graphics_card_type == "amd" || config.me.graphics_card_type == "intel") {
environment.systemPackages = with pkgs; [
cast_file_vaapi
];
})
]
);
}

11
nix/configuration/roles/media/files/cast_file_nvidia Normal file
View File

@@ -0,0 +1,11 @@
#!/usr/bin/env bash
#
ffmpeg -re -i "$1" -vcodec h264_nvenc -r 30 -g 30 -loop -1 -c:a aac -b:a 160k -ar 44100 -strict -2 -f flv rtmp:172.16.16.44/live/test &
ffmpegpid=$!
sleep 1
castnow --exit 'https://broadcast.fizz.buzz/hls/hls/test.m3u8'
wait "$ffmpegpid"
sleep 10

237
nix/configuration/roles/media/files/cast_file_vaapi Normal file
View File

@@ -0,0 +1,237 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: ${VIDEO_BITRATE:="1M"} # Only for encoding modes targeting bitrate
: ${AUDIO_BITRATE:="192k"}
############## Setup #########################
function die {
local status_code="$1"
shift
(>&2 echo "${@}")
exit "$status_code"
}
function log {
(>&2 echo "${@}")
}
############## Program #########################
function main {
local cmd
cmd=$1
shift
if [ "$cmd" = "copy" ]; then
copy "${@}"
elif [ "$cmd" = "convert" ]; then
convert "${@}"
elif [ "$cmd" = "stream" ]; then
stream "${@}"
elif [ "$cmd" = "webcam" ]; then
webcam "${@}"
elif [ "$cmd" = "encode_webcam" ]; then
encode_webcam "${@}"
else
(>&2 echo "Unknown command: $cmd")
exit 1
fi
}
function copy {
local file_to_cast
file_to_cast="$3"
local USERNAME PASSWORD
USERNAME="$1"
PASSWORD="$2"
set -x
</dev/null exec ffmpeg \
-re \
-stream_loop -1 \
-i "$file_to_cast" \
-c copy \
-strict experimental \
-f rtsp \
-rtsp_transport tcp \
"rtsp://$USERNAME:$PASSWORD@172.16.16.251:8554/fetch"
}
function convert {
local args=()
local acceleration_type="$1" # "software" or "hardware"
local codec="$2" # "h264" or "av1"
local file_to_cast="$3"
local file_to_save="$4"
# Verify parameters
if [ "$acceleration_type" == "software" ]; then
true
elif [ "$acceleration_type" == "hardware" ]; then
true
else
die 1 "Unknown acceleration type: $acceleration_type"
fi
if [ "$codec" == "h264" ]; then
true
elif [ "$codec" == "av1" ]; then
true
else
die 1 "Unknown codec: $codec"
fi
# Build command
if [ "$acceleration_type" == "software" ]; then
true
elif [ "$acceleration_type" == "hardware" ]; then
args+=(-vaapi_device /dev/dri/renderD128)
fi
args+=(-i "$file_to_cast")
if [ "$codec" == "h264" ]; then
if [ "$acceleration_type" == "software" ]; then
args+=(-c:v h264)
args+=(-profile:v high)
args+=(-b:v "$VIDEO_BITRATE")
elif [ "$acceleration_type" == "hardware" ]; then
args+=(-vf 'format=nv12|vaapi,hwupload')
args+=(-c:v h264_vaapi)
args+=(-profile:v high)
args+=(-b:v "$VIDEO_BITRATE")
fi
elif [ "$codec" == "av1" ]; then
if [ "$acceleration_type" == "software" ]; then
args+=(-c:v libsvtav1)
args+=(-preset 4) # [0-13] default 10, lower = higher quality / slower encode
args+=(-crf 20) # [0-63] default 35, lower = higher quality / larger file
# Parameters: https://gitlab.com/AOMediaCodec/SVT-AV1/-/blob/master/Docs/Parameters.md
# fast-decode [0-2] default 0 (off), higher = faster decode
# tune [0-2] default 1, Specifies whether to use PSNR or VQ as the tuning metric [0 = VQ, 1 = PSNR, 2 = SSIM]
# film-grain-denoise, setting to 0 uses the original frames instead of denoising the film grain
args+=(-svtav1-params "fast-decode=1:film-grain-denoise=0")
elif [ "$acceleration_type" == "hardware" ]; then
# -c:v av1_amf -quality quality
args+=(-vf 'format=nv12|vaapi,hwupload')
args+=(-c:v av1_vaapi)
args+=(-b:v "$VIDEO_BITRATE")
fi
fi
# -bf 0 :: Disable b-frames because webrtc doesn't support h264 streams with b-frames.
args+=(-bf 0)
args+=(-strict -2)
args+=(-c:a opus)
args+=(-ac 2)
args+=(-b:a "$AUDIO_BITRATE")
args+=(-ar 48000)
args+=("$file_to_save")
set -x
</dev/null exec ffmpeg "${args[@]}"
}
function stream {
local args=()
local acceleration_type="$1" # "software" or "hardware"
local codec="$2" # "h264" or "av1"
local USERNAME="$3"
local PASSWORD="$4"
local file_to_cast="$5"
args+=(-re -stream_loop -1)
args+=(-f rtsp)
args+=(-rtsp_transport tcp)
args+=("rtsp://$USERNAME:$PASSWORD@172.16.16.251:8554/fetch")
}
function webcam {
# Uses on-webcam h264 encoding.
local USERNAME PASSWORD
USERNAME="$1"
PASSWORD="$2"
set -x
</dev/null exec ffmpeg \
-re \
-input_format h264 \
-video_size 1920x1080 \
-i /dev/video0 \
-c:v copy \
-an \
-f rtsp \
-rtsp_transport tcp \
"rtsp://$USERNAME:$PASSWORD@172.16.16.251:8554/fetch"
}
function encode_webcam {
# Uses hardware accelerated gpu-based encoding.
local USERNAME PASSWORD
USERNAME="$1"
PASSWORD="$2"
set -x
</dev/null exec ffmpeg \
-re \
-vaapi_device /dev/dri/renderD128 \
-i /dev/video0 \
-vf 'format=nv12,hwupload' \
-c:v h264_vaapi \
-an \
-f rtsp \
-rtsp_transport tcp \
"rtsp://$USERNAME:$PASSWORD@172.16.16.251:8554/fetch"
}
function speed_up_preprocess_vp8 {
local file_to_cast file_to_save
file_to_cast="$1"
file_to_save="$2"
set -x
# -bf 0 :: Disable b-frames because webrtc doesn't support h264 streams with b-frames.
# -strict -2 :: Enable support for experimental codecs like opus.
# -b:v 2M :: Target 2 megabit/s
# -crf 10 :: Target a quality level and adjust bitrate accordingly. This should be preferred, but ideally both should be used.
# Could also use -filter_complex "[0:v]setpts=0.5*PTS[v];[0:a]atempo=2.0[a]" -map "[v]" -map "[a]"
</dev/null exec ffmpeg \
-i "$file_to_cast" \
-filter:v "setpts=0.66666666*PTS" \
-filter:a "atempo=1.5" \
-c:v vp8 \
-b:v 2M \
-crf 10 \
-bf 0 \
-c:a opus \
-b:a 320k \
-ar 48000 \
-strict -2 \
"$file_to_save"
}
main "${@}"

25
nix/configuration/roles/media/files/mpv.conf Normal file
View File

@@ -0,0 +1,25 @@
# To debug hardware video acceleration:
# mpv --hwdec=auto --msg-level=vd=v,vo=v,vo/gpu/vaapi-egl=trace
# GPU Decoding
hwdec=auto
# Allow CPU processing via filters:
#hwdec=auto-copy
# Use higher quality gpu rendering
profile=gpu-hq
scale=ewa_lanczossharp
cscale=ewa_lanczossharp
# Instead of dropping frames, re-sample audio which may cause a slight pitch change
# ISSUE: caused frame stutter on Louie S01E03
# video-sync=display-resample
# Make motion smoother when video frame rate != monitor refresh rate
interpolation
tscale=oversample
# Load a lot of the file into memory
# cache=yes
# demuxer-max-bytes=123400KiB
# demuxer-readahead-secs=20

17
nix/configuration/roles/memtest86/default.nix Normal file
View File

@@ -0,0 +1,17 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{ }
(lib.mkIf (config.me.buildingIso) {
# boot.loader.systemd-boot.memtest86.enable = true;
boot.loader.grub.memtest86.enable = true;
})
];
}

70
nix/configuration/roles/network/default.nix Normal file
View File

@@ -0,0 +1,70 @@
{
config,
lib,
pkgs,
...
}:
# Alternative DNS servers:
# "1.0.0.1#cloudflare-dns.com"
# "1.1.1.1#cloudflare-dns.com"
# "2606:4700:4700::1001#cloudflare-dns.com"
# "2606:4700:4700::1111#cloudflare-dns.com"
# "8.8.4.4#dns.google"
# "8.8.8.8#dns.google"
# "2001:4860:4860::8844#dns.google"
# "2001:4860:4860::8888#dns.google"
{
imports = [ ];
networking.dhcpcd.enable = false;
networking.useDHCP = false;
networking.nameservers = [
"194.242.2.2#doh.mullvad.net"
"2a07:e340::2#doh.mullvad.net"
];
services.resolved = {
enable = true;
# dnssec = "true";
domains = [ "~." ];
fallbackDns = [ ];
dnsovertls = "true";
};
# Without this, systemd-resolved will send DNS requests for <X>.home.arpa to the per-link DNS server (172.16.0.1) which does not support DNS-over-TLS. This leads to the connection anging and timing out. This causes firefox startup to take an extra 10+ seconds.
#
# Test with: drill @127.0.0.53 odo.home.arpa
networking.extraHosts = ''
127.0.0.1 odo.home.arpa
10.216.1.1 homeserver
10.216.1.6 media
#10.216.1.12 odo
10.216.1.14 neelix
10.217.1.1 drmario
10.217.2.1 mrmanager
'';
networking.wireless.iwd = {
enable = true;
settings = {
General = {
EnableNetworkConfiguration = true;
AddressRandomization = "network";
ControlPortOverNL80211 = false;
};
};
};
environment.systemPackages = with pkgs; [
iw
iwd
ldns # for drill
arp-scan # To find devices on the network
];
boot.extraModprobeConfig = ''
# Set wifi to US
options cfg80211 ieee80211_regdom=US
'';
}

44
nix/configuration/roles/nix_index/default.nix Normal file
View File

@@ -0,0 +1,44 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
nix_index.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install nix_index.";
};
};
config = lib.mkIf config.me.nix_index.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
nix-index-unwrapped
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".cache/nix-index";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
}
]
);
}

14
nix/configuration/roles/nvme/default.nix Normal file
View File

@@ -0,0 +1,14 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
environment.systemPackages = with pkgs; [
nvme-cli
];
}

38
nix/configuration/roles/python/default.nix Normal file
View File

@@ -0,0 +1,38 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
python.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install python.";
};
};
config = lib.mkIf config.me.python.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
(python3.withPackages (python-pkgs: [
python-pkgs.distro # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
python-pkgs.pyudev # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
python-pkgs.systemd # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
python-pkgs.packaging # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
]))
poetry
pyright
isort
black
];
}
]
);
}

29
nix/configuration/roles/qemu/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
qemu.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install qemu.";
};
};
config = lib.mkIf config.me.qemu.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
qemu
];
}
]
);
}

14
nix/configuration/roles/reset/default.nix
View File

@@ -1,8 +1,16 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
{
imports = [];
imports = [ ];
# Reset some defaults to start from a minimal more-arch-linux-like state. Think of this like a CSS reset sheet.
config = {
# Do not use default packages (nixos includes some defaults like nano)
environment.defaultPackages = lib.mkForce [ ];
};
}

54
nix/configuration/roles/rust/default.nix Normal file
View File

@@ -0,0 +1,54 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
rust.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install rust.";
};
};
config = lib.mkIf config.me.rust.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
rustup
lldb # for lldb-vscode
musl # for building static binaries
rust-analyzer
cargo-semver-checks
# ? cargo-bloat
# ? cargo-outdated
# ? cargo-public-api
];
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file = {
".cargo/config.toml" = {
source = ./files/cargo_config.toml;
};
# # TODO: Figure out what to do with credentials.
# ".cargo/credentials.toml" = {
# source = ./files/cargo_credentials.toml;
# };
};
};
}
]
);
}
# TODO: Install clippy, cranelift, rust-src
# TODO: Install rust targets x86_64-unknown-linux-musl and wasm32-unknown-unknown

12
nix/configuration/roles/rust/files/cargo_config.toml Normal file
View File

@@ -0,0 +1,12 @@
[target.x86_64-unknown-linux-gnu]
rustflags = ["-C", "target-cpu=native", "-Zthreads=0"]
[unstable]
codegen-backend = true
[profile.dev]
codegen-backend = "cranelift"
[profile.dev.package."*"]
codegen-backend = "llvm"
opt-level = 3

48
nix/configuration/roles/shipwright/default.nix Normal file
View File

@@ -0,0 +1,48 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
shipwright.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install shipwright.";
};
};
config = lib.mkIf config.me.shipwright.enable (
lib.mkMerge [
{
allowedUnfree = [ "shipwright" ];
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
shipwright
];
# TODO perhaps install ~/.local/share/soh/shipofharkinian.json
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".local/share/soh";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
})
]
);
}

55
nix/configuration/roles/sm64ex/default.nix Normal file
View File

@@ -0,0 +1,55 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
sm64ex.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install sm64ex.";
};
};
config = lib.mkIf config.me.sm64ex.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
allowedUnfree = [ "sm64ex" ];
environment.systemPackages = with pkgs; [
sm64ex
];
# nixpkgs.overlays = [
# (final: prev: {
# sm4ex = prev.sm64ex.override {
# baseRom.name = "SuperMario64.z64";
# };
# })
# ];
# TODO perhaps install ~/.local/share/sm64ex/sm64config.txt
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".local/share/sm64ex";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
})
]
);
}

102
nix/configuration/roles/sound/default.nix
View File

@@ -1,20 +1,92 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
{
imports = [];
imports = [ ];
environment.systemPackages = with pkgs; [
pavucontrol
];
# rtkit is optional but recommended
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
options.me = {
sound.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install sound.";
};
};
config = lib.mkIf config.me.sound.enable (
lib.mkMerge [
{
# rtkit is optional but recommended
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
extraLv2Packages = [ pkgs.rnnoise-plugin ];
configPackages = [
(pkgs.writeTextDir "share/pipewire/pipewire.conf.d/99-input-denoising.conf" ''
context.modules = [
{ name = libpipewire-module-filter-chain
args = {
node.description = "Noise Canceling source"
media.name = "Noise Canceling source"
filter.graph = {
nodes = [
{
type = ladspa
name = rnnoise
plugin = "${pkgs.rnnoise-plugin}/lib/ladspa/librnnoise_ladspa.so"
label = noise_suppressor_mono
control = {
"VAD Threshold (%)" = 50.0
"VAD Grace Period (ms)" = 200
"Retroactive VAD Grace (ms)" = 0
}
}
]
}
capture.props = {
node.name = "capture.rnnoise_source"
node.passive = true
audio.rate = 48000
# Optionally specify a specific input: (ID from `pactl list`)
# target.object = "alsa_input.usb-Shure_Incorporated_Shure_Digital-00.analog-stereo"
}
playback.props = {
node.name = "rnnoise_source"
media.class = Audio/Source
audio.rate = 48000
}
}
}
]
'')
];
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
".local/state/wireplumber" # Sound settings
];
};
};
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
pavucontrol
];
})
]
);
}

23
nix/configuration/roles/ssh/default.nix Normal file
View File

@@ -0,0 +1,23 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
environment.systemPackages = with pkgs; [
sshfs
];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
files = [
".ssh/known_hosts"
];
};
};
}

50
nix/configuration/roles/steam/default.nix Normal file
View File

@@ -0,0 +1,50 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
steam.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install steam.";
};
};
config = lib.mkIf config.me.steam.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
allowedUnfree = [
"steam"
"steam-original"
"steam-unwrapped"
"steam-run"
];
programs.steam = {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
# dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
".local/share/Steam"
".steam"
".factorio"
];
};
};
})
]
);
}

545
nix/configuration/roles/sway/default.nix
View File

@@ -1,250 +1,409 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
sway-config = pkgs.writeTextFile {
name = "config";
text = ''
# Default config for sway
#
# Copy this to ~/.config/sway/config and edit it to your liking.
#
# Read `man 5 sway` for a complete reference.
# Default config for sway
#
# Copy this to ~/.config/sway/config and edit it to your liking.
#
# Read `man 5 sway` for a complete reference.
### Variables
#
# Logo key. Use Mod1 for Alt.
set $mod Mod4
# set $mod Mod1
# Home row direction keys, like vim
set $left h
set $down j
set $up k
set $right l
# Your preferred terminal emulator
set $term ${pkgs.alacritty}/bin/alacritty
# Your preferred application launcher
# Note: it's recommended that you pass the final command to sway
# set $menu dmenu_path | dmenu | xargs swaymsg exec
set $menu ${pkgs.wofi}/bin/wofi --show drun --gtk-dark
### Variables
#
# Logo key. Use Mod1 for Alt.
set $mod Mod4
# set $mod Mod1
# Home row direction keys, like vim
set $left h
set $down j
set $up k
set $right l
# Your preferred terminal emulator
set $term ${pkgs.alacritty}/bin/alacritty
# Your preferred application launcher
# Note: it's recommended that you pass the final command to sway
# set $menu dmenu_path | dmenu | xargs swaymsg exec
set $menu ${pkgs.tofi}/bin/tofi-drun | xargs swaymsg exec --
#set $menu ${pkgs.wofi}/bin/wofi --show drun --gtk-dark
# Do not show a title bar on windows
default_border pixel 2
# Do not show a title bar on windows
default_border pixel 2
hide_edge_borders smart_no_gaps
bindsym $mod+grave exec $term
bindsym $mod+grave exec $term
include ${base-hotkeys}
include ${display-configs}
include ${window-management}
include ${movement}
include ${disable-focus-follows-mouse}
include ~/.config/sway/config.d/*.conf
include /etc/sway/config.d/*
'';
${lib.concatMapStringsSep "\n" (item: "include ${item}") config.me.swayIncludes}
'';
};
base-hotkeys = pkgs.writeTextFile {
name = "base-hotkeys.conf";
text = ''
### Key bindings
#
# Basics:
#
# kill focused window
bindsym $mod+Shift+q kill
### Key bindings
#
# Basics:
#
# kill focused window
bindsym $mod+Shift+q kill
# start your launcher
bindsym $mod+Return exec $menu
# start your launcher
bindsym $mod+Return exec $menu
# Drag floating windows by holding down $mod and left mouse button.
# Resize them with right mouse button + $mod.
# Despite the name, also works for non-floating windows.
# Change normal to inverse to use left mouse button for resizing and right
# mouse button for dragging.
floating_modifier $mod normal
# Drag floating windows by holding down $mod and left mouse button.
# Resize them with right mouse button + $mod.
# Despite the name, also works for non-floating windows.
# Change normal to inverse to use left mouse button for resizing and right
# mouse button for dragging.
floating_modifier $mod normal
# reload the configuration file
bindsym $mod+Shift+c reload
# reload the configuration file
bindsym $mod+Shift+c reload
# exit sway (logs you out of your Wayland session)
bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'
'';
# exit sway (logs you out of your Wayland session)
bindsym $mod+Shift+e exec swaynag -t warning -m 'You pressed the exit shortcut. Do you really want to exit sway? This will end your Wayland session.' -b 'Yes, exit sway' 'swaymsg exit'
'';
};
display-configs = pkgs.writeTextFile {
name = "display-configs.conf";
text = ''
output 'Unknown 0x095F 0x00000000' scale 1.5
output 'BOE 0x095F Unknown' scale 1.5
output 'BOE 0x0BCA Unknown' scale 1.5
'';
output 'Unknown 0x095F 0x00000000' scale 1.5
output 'BOE 0x095F Unknown' scale 1.5
output 'BOE 0x0BCA Unknown' scale 1.5
'';
};
window-management = pkgs.writeTextFile {
name = "window-management.conf";
text = ''
#
# Layout stuff:
#
# You can "split" the current object of your focus with
# $mod+b or $mod+v, for horizontal and vertical splits
# respectively.
bindsym $mod+h splith
bindsym $mod+v splitv
#
# Layout stuff:
#
# You can "split" the current object of your focus with
# $mod+b or $mod+v, for horizontal and vertical splits
# respectively.
bindsym $mod+h splith
bindsym $mod+v splitv
# Switch the current container between different layout styles
bindsym $mod+s layout stacking
bindsym $mod+w layout tabbed
bindsym $mod+e layout toggle split
# Switch the current container between different layout styles
bindsym $mod+s layout stacking
bindsym $mod+w layout tabbed
bindsym $mod+e layout toggle split
# Make the current focus fullscreen
bindsym $mod+f fullscreen
# Make the current focus fullscreen
bindsym $mod+f fullscreen
# Toggle the current focus between tiling and floating mode
bindsym $mod+Shift+space floating toggle
# Toggle the current focus between tiling and floating mode
bindsym $mod+Shift+space floating toggle
# Swap focus between the tiling area and the floating area
bindsym $mod+space focus mode_toggle
# Swap focus between the tiling area and the floating area
bindsym $mod+space focus mode_toggle
# move focus to the parent container
bindsym $mod+a focus parent
#
# Scratchpad:
#
# Sway has a "scratchpad", which is a bag of holding for windows.
# You can send windows there and get them back later.
# move focus to the parent container
bindsym $mod+a focus parent
#
# Scratchpad:
#
# Sway has a "scratchpad", which is a bag of holding for windows.
# You can send windows there and get them back later.
# Move the currently focused window to the scratchpad
bindsym $mod+Shift+minus move scratchpad
# Move the currently focused window to the scratchpad
bindsym $mod+Shift+minus move scratchpad
# Show the next scratchpad window or hide the focused scratchpad window.
# If there are multiple scratchpad windows, this command cycles through them.
bindsym $mod+minus scratchpad show
#
# Resizing containers:
#
mode "resize" {
# left will shrink the containers width
# right will grow the containers width
# up will shrink the containers height
# down will grow the containers height
bindsym $left resize shrink width 10px
bindsym $down resize grow height 10px
bindsym $up resize shrink height 10px
bindsym $right resize grow width 10px
# Show the next scratchpad window or hide the focused scratchpad window.
# If there are multiple scratchpad windows, this command cycles through them.
bindsym $mod+minus scratchpad show
#
# Resizing containers:
#
mode "resize" {
# left will shrink the containers width
# right will grow the containers width
# up will shrink the containers height
# down will grow the containers height
bindsym $left resize shrink width 10px
bindsym $down resize grow height 10px
bindsym $up resize shrink height 10px
bindsym $right resize grow width 10px
# ditto, with arrow keys
bindsym Left resize shrink width 10px
bindsym Down resize grow height 10px
bindsym Up resize shrink height 10px
bindsym Right resize grow width 10px
# ditto, with arrow keys
bindsym Left resize shrink width 10px
bindsym Down resize grow height 10px
bindsym Up resize shrink height 10px
bindsym Right resize grow width 10px
# return to default mode
bindsym Return mode "default"
bindsym Escape mode "default"
}
bindsym $mod+r mode "resize"
'';
# return to default mode
bindsym Return mode "default"
bindsym Escape mode "default"
}
bindsym $mod+r mode "resize"
'';
};
movement = pkgs.writeTextFile {
name = "movement.conf";
text = ''
#
# Moving around:
#
# Move your focus around
# bindsym $mod+$left focus left
# bindsym $mod+$down focus down
# bindsym $mod+$up focus up
# bindsym $mod+$right focus right
# or use $mod+[up|down|left|right]
bindsym $mod+Left focus left
bindsym $mod+Down focus down
bindsym $mod+Up focus up
bindsym $mod+Right focus right
#
# Moving around:
#
# Move your focus around
# bindsym $mod+$left focus left
# bindsym $mod+$down focus down
# bindsym $mod+$up focus up
# bindsym $mod+$right focus right
# or use $mod+[up|down|left|right]
bindsym $mod+Left focus left
bindsym $mod+Down focus down
bindsym $mod+Up focus up
bindsym $mod+Right focus right
# _move_ the focused window with the same, but add Shift
bindsym $mod+Shift+$left move left
bindsym $mod+Shift+$down move down
bindsym $mod+Shift+$up move up
bindsym $mod+Shift+$right move right
# ditto, with arrow keys
bindsym $mod+Shift+Left move left
bindsym $mod+Shift+Down move down
bindsym $mod+Shift+Up move up
bindsym $mod+Shift+Right move right
#
# Workspaces:
#
# switch to workspace
bindsym $mod+1 workspace 1
bindsym $mod+2 workspace 2
bindsym $mod+3 workspace 3
bindsym $mod+4 workspace 4
bindsym $mod+5 workspace 5
bindsym $mod+6 workspace 6
bindsym $mod+7 workspace 7
bindsym $mod+8 workspace 8
bindsym $mod+9 workspace 9
bindsym $mod+0 workspace 10
# move focused container to workspace
bindsym $mod+Shift+1 move container to workspace 1
bindsym $mod+Shift+2 move container to workspace 2
bindsym $mod+Shift+3 move container to workspace 3
bindsym $mod+Shift+4 move container to workspace 4
bindsym $mod+Shift+5 move container to workspace 5
bindsym $mod+Shift+6 move container to workspace 6
bindsym $mod+Shift+7 move container to workspace 7
bindsym $mod+Shift+8 move container to workspace 8
bindsym $mod+Shift+9 move container to workspace 9
bindsym $mod+Shift+0 move container to workspace 10
# Note: workspaces can have any name you want, not just numbers.
# We just use 1-10 as the default.
'';
# _move_ the focused window with the same, but add Shift
bindsym $mod+Shift+$left move left
bindsym $mod+Shift+$down move down
bindsym $mod+Shift+$up move up
bindsym $mod+Shift+$right move right
# ditto, with arrow keys
bindsym $mod+Shift+Left move left
bindsym $mod+Shift+Down move down
bindsym $mod+Shift+Up move up
bindsym $mod+Shift+Right move right
#
# Workspaces:
#
# switch to workspace
bindsym $mod+1 workspace 1
bindsym $mod+2 workspace 2
bindsym $mod+3 workspace 3
bindsym $mod+4 workspace 4
bindsym $mod+5 workspace 5
bindsym $mod+6 workspace 6
bindsym $mod+7 workspace 7
bindsym $mod+8 workspace 8
bindsym $mod+9 workspace 9
bindsym $mod+0 workspace 10
# move focused container to workspace
bindsym $mod+Shift+1 move container to workspace 1
bindsym $mod+Shift+2 move container to workspace 2
bindsym $mod+Shift+3 move container to workspace 3
bindsym $mod+Shift+4 move container to workspace 4
bindsym $mod+Shift+5 move container to workspace 5
bindsym $mod+Shift+6 move container to workspace 6
bindsym $mod+Shift+7 move container to workspace 7
bindsym $mod+Shift+8 move container to workspace 8
bindsym $mod+Shift+9 move container to workspace 9
bindsym $mod+Shift+0 move container to workspace 10
# Note: workspaces can have any name you want, not just numbers.
# We just use 1-10 as the default.
'';
};
disable-focus-follows-mouse = pkgs.writeTextFile {
name = "disable-focus-follows-mouse.conf";
text = ''
# Disable focus following mouse
focus_follows_mouse no
'';
# Disable focus following mouse
focus_follows_mouse no
'';
};
background = pkgs.writeTextFile {
name = "background.conf";
text = ''
output * bg ${./files/bliss.jpg} fill
'';
};
touchpad_input = pkgs.writeTextFile {
name = "touchpad_input.conf";
text = ''
input * xkb_rules "evdev"
# All touchpads
input type:touchpad {
dwt enabled
click_method clickfinger
tap enabled
}
'';
};
announce_sway_start = pkgs.writeTextFile {
name = "announce_sway_start.conf";
text = ''
# announce a running sway session to systemd
exec systemctl --user import-environment WAYLAND_DISPLAY DISPLAY XDG_CURRENT_DESKTOP SWAYSOCK I3SOCK XCURSOR_SIZE XCURSOR_THEME
exec dbus-update-activation-environment WAYLAND_DISPLAY DISPLAY XDG_CURRENT_DESKTOP SWAYSOCK I3SOCK XCURSOR_SIZE XCURSOR_THEME
'';
};
start_screen_share = pkgs.writeShellScriptBin "start_screen_share" ''
# Disable displaying notifications. This is useful for video conference screen sharing.
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "''${BASH_SOURCE[0]}" )" && pwd )"
makoctl set-mode do-not-disturb
swaymsg output "'Dell Inc. DELL U3014 P1V6N35M329L'" scale 2
'';
stop_screen_share = pkgs.writeShellScriptBin "stop_screen_share" ''
# Allow mako to show notifications again.
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "''${BASH_SOURCE [ 0 ]}" )" && pwd )"
makoctl set-mode default
swaymsg output "'Dell Inc. DELL U3014 P1V6N35M329L'" scale 1
'';
in
{
imports = [];
environment.systemPackages = with pkgs; [
alacritty
pcmanfm
imports = [
./graphical_session_target.nix
./iso.nix
./rofimoji.nix
./lockscreen.nix
./screenshot.nix
./force_focus.nix
./notification.nix
];
environment.sessionVariables = {
WLR_RENDERER_ALLOW_SOFTWARE = "1";
options.me = {
sway.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install sway.";
};
};
programs.sway = {
enable = true;
wrapperFeatures.gtk = true;
extraOptions = [
"--debug"
"--config"
"${sway-config}"
"--unsupported-gpu"
options.me.swayIncludes = lib.mkOption {
type = lib.types.listOf lib.types.package;
default = [ ];
example = lib.literalExpression ''
[ (pkgs.writeTextFile {
name = "launch-kanshi.conf";
text = "exec kanshi";
}) ]'';
description = "List of packages to import as sway configs.";
};
config = lib.mkIf (config.me.graphical && config.me.sway.enable) {
environment.systemPackages = with pkgs; [
alacritty
pcmanfm
start_screen_share
stop_screen_share
];
};
environment.persistence."/state" = {
hideMounts = true;
users.talexander = {
files = [
".cache/wofi-drun" # Execution history for wofi to sort results
];
};
};
programs.sway.extraPackages = lib.mkForce [ ];
xdg = {
portal = {
me.swayIncludes = [
base-hotkeys
display-configs
window-management
movement
disable-focus-follows-mouse
background
touchpad_input
announce_sway_start
];
services.seatd.enable = true;
# TODO: Maybe use `seatd-launch -- sway` instead of running the seatd daemon
users.users.talexander.extraGroups = [ "seat" ];
# Probably would be cleaner to use environment.sessionVariables but programs.sway.extraSessionCommands is sway-specific.
programs.sway.extraSessionCommands =
if config.me.buildingIso then
''
export WLR_RENDERER_ALLOW_SOFTWARE=1
export NIXOS_OZONE_WL=1 # Wayland support for chromium and electron
export QT_QPA_PLATFORMTHEME=gtk3 # Use gtk theme in Qt applications
''
else
''
export WLR_RENDERER=vulkan
export NIXOS_OZONE_WL=1 # Wayland support for chromium and electron
export QT_QPA_PLATFORMTHEME=gtk3 # Use gtk theme in Qt applications
'';
programs.sway = {
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk
];
wrapperFeatures.gtk = true;
extraOptions =
if config.me.buildingIso then
[
"--config"
"${sway-config}"
"--unsupported-gpu"
]
else
[
"--config"
"${sway-config}"
];
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
files = [
".local/state/tofi-drun-history" # A cache of the desktop files for tofi
".cache/tofi-drun" # Execution history for tofi to sort results
];
};
};
xdg = {
portal = {
enable = true;
extraPortals = with pkgs; [
xdg-desktop-portal-gtk
];
wlr = {
enable = true;
settings = {
# uninteresting for this problem, for completeness only
screencast = {
# output_name = "eDP-1";
max_fps = 30;
exec_before = "${start_screen_share}";
exec_after = "${stop_screen_share}";
chooser_type = "simple";
chooser_cmd = "${pkgs.slurp}/bin/slurp -f %o -or";
};
};
};
};
};
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file = {
# Configure default programs (for example, default browser)
".config/mimeapps.list" = {
source = ./files/mimeapps.list;
};
};
home.file = {
".config/gtk-3.0/settings.ini" = {
source = ./files/settings.ini;
};
};
home.file = {
".icons/default" = {
source = "${pkgs.adwaita-icon-theme}/share/icons/Adwaita";
};
};
};
# For mounting drives in pcmanfm
services.gvfs.enable = true;
# Auto-launch sway
# Run sway as the absolute last command in the login shell init. mkBefore = 500, plain = 1000, mkAfter = 1500
environment.loginShellInit = lib.mkOrder 2000 ''
[ -z "$WAYLAND_DISPLAY" ] && [ -n "$XDG_VTNR" ] && [ "$XDG_VTNR" -eq 1 ] && [ "$(tty)" = "/dev/tty1" ] && exec ${pkgs.systemd}/bin/systemd-cat --identifier=sway sway
'';
};
}

BIN
nix/configuration/roles/sway/files/bliss.jpg Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 638 KiB

23
nix/configuration/roles/sway/files/mimeapps.list Normal file
View File

@@ -0,0 +1,23 @@
[Default Applications]
x-scheme-handler/http=firefox.desktop
x-scheme-handler/https=firefox.desktop
x-scheme-handler/chrome=firefox.desktop
text/html=firefox.desktop
application/x-extension-htm=firefox.desktop
application/x-extension-html=firefox.desktop
application/x-extension-shtml=firefox.desktop
application/xhtml+xml=firefox.desktop
application/x-extension-xhtml=firefox.desktop
application/x-extension-xht=firefox.desktop
[Added Associations]
x-scheme-handler/http=firefox.desktop;
x-scheme-handler/https=firefox.desktop;
x-scheme-handler/chrome=firefox.desktop;
text/html=firefox.desktop;
application/x-extension-htm=firefox.desktop;
application/x-extension-html=firefox.desktop;
application/x-extension-shtml=firefox.desktop;
application/xhtml+xml=firefox.desktop;
application/x-extension-xhtml=firefox.desktop;
application/x-extension-xht=firefox.desktop;

2
nix/configuration/roles/sway/files/settings.ini Normal file
View File

@@ -0,0 +1,2 @@
[Settings]
gtk-application-prefer-dark-theme=1

3
nix/configuration/roles/sway/files/tofi-config Normal file
View File

@@ -0,0 +1,3 @@
border-width = 4
outline-width = 1
border-color = #FF6600

27
nix/configuration/roles/sway/force_focus.nix Normal file
View File

@@ -0,0 +1,27 @@
{
config,
lib,
pkgs,
...
}:
let
force_focus_sway_config = pkgs.writeTextFile {
name = "force_focus.conf";
text = ''
mode "force focus" {
bindsym $mod+Shift+Escape fullscreen; mode "default"
}
bindsym $mod+Shift+f fullscreen; mode "force focus"
'';
};
in
{
imports = [ ];
config = lib.mkIf (config.me.graphical && config.me.sway.enable) {
me.swayIncludes = [
force_focus_sway_config
];
};
}

25
nix/configuration/roles/sway/graphical_session_target.nix Normal file
View File

@@ -0,0 +1,25 @@
{
config,
lib,
pkgs,
...
}:
let
start_sway_session = pkgs.writeTextFile {
name = "start_sway_session.conf";
text = ''
# Trigger graphical-session.target through sway-session.target so systemd user units can depend on it.
exec systemctl --user start sway-session.target
exec swaymsg -t subscribe '["shutdown"]' && systemctl --user stop sway-session.target
'';
};
in
{
imports = [ ];
me.swayIncludes = lib.mkAfter [
start_sway_session
];
}

25
nix/configuration/roles/sway/iso.nix Normal file
View File

@@ -0,0 +1,25 @@
{
config,
lib,
pkgs,
...
}:
let
launch_terminal = pkgs.writeTextFile {
name = "launch_terminal.conf";
text = ''
exec ${pkgs.alacritty}/bin/alacritty
'';
};
in
{
imports = [ ];
config = lib.mkIf (config.me.buildingIso && config.me.graphical && config.me.sway.enable) {
# Launch a terminal at boot in the live ISO for when hotkeys don't work.
me.swayIncludes = [
launch_terminal
];
};
}

33
nix/configuration/roles/sway/lockscreen.nix Normal file
View File

@@ -0,0 +1,33 @@
{
config,
lib,
pkgs,
...
}:
let
lockscreen_sway_config = pkgs.writeTextFile {
name = "lockscreen.conf";
text = ''
set $lock ${pkgs.swaylock}/bin/swaylock -f -c 000000
# Hotkey to lock the screen
bindsym $mod+l exec $lock
exec ${pkgs.swayidle}/bin/swayidle -w \
timeout 300 '$lock' \
timeout 600 '${pkgs.sway}/bin/swaymsg "output * dpms off"' \
resume '${pkgs.sway}/bin/swaymsg "output * dpms on"' \
before-sleep '$lock'
'';
};
in
{
imports = [ ];
config = lib.mkIf (config.me.graphical && config.me.sway.enable) {
me.swayIncludes = [
lockscreen_sway_config
];
};
}

32
nix/configuration/roles/sway/notification.nix Normal file
View File

@@ -0,0 +1,32 @@
{
config,
lib,
pkgs,
...
}:
let
notification_sway_config = pkgs.writeTextFile {
name = "notification.conf";
text =
builtins.replaceStrings
[ "@mako@" "@makoctl@" ]
[ "${pkgs.mako}/bin/mako" "${pkgs.mako}/bin/makoctl" ]
''
bindsym $mod+Escape exec @makoctl@ dismiss
bindsym $mod+Shift+Escape exec @makoctl@ invoke
# Notifications
exec @mako@
'';
};
in
{
imports = [ ];
config = lib.mkIf (config.me.graphical && config.me.sway.enable) {
me.swayIncludes = [
notification_sway_config
];
};
}

63
nix/configuration/roles/sway/rofimoji.nix Normal file
View File

@@ -0,0 +1,63 @@
{
config,
lib,
pkgs,
...
}:
let
rofimoji_sway_config = pkgs.writeTextFile {
name = "rofimoji.conf";
text = ''
# Emoji selector
bindsym $mod+backslash exec ${pkgs.rofimoji}/bin/rofimoji --selector tofi
'';
};
in
{
imports = [ ];
config = lib.mkIf (config.me.graphical && config.me.sway.enable) {
me.swayIncludes = [
rofimoji_sway_config
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".local/share/rofimoji";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
nixpkgs.overlays = [
(final: prev: {
rofimoji = prev.rofimoji.overrideAttrs (old: {
propagatedBuildInputs = old.propagatedBuildInputs ++ [ pkgs.tofi ];
src = builtins.fetchGit {
# https://github.com/fdw/rofimoji/issues/209
url = "https://github.com/fdw/rofimoji.git";
rev = "615f00abeb984f3e648ef712164aa4e61f2e1808";
};
});
})
(final: prev: {
tofi = pkgs.symlinkJoin {
name = "tofi";
paths = [ prev.tofi ];
buildInputs = [ pkgs.makeWrapper ];
postBuild = ''
wrapProgram $out/bin/tofi-drun --add-flags --font=${pkgs.source-sans-pro}/share/fonts/opentype/SourceSansPro-Regular.otf --add-flags --config=${./files/tofi-config}
wrapProgram $out/bin/tofi --add-flags --config=${./files/tofi-config}
'';
};
})
];
};
}

42
nix/configuration/roles/sway/screenshot.nix Normal file
View File

@@ -0,0 +1,42 @@
{
config,
lib,
pkgs,
...
}:
let
screenshot_sway_config = pkgs.writeTextFile {
name = "screenshot.conf";
text =
builtins.replaceStrings
[ "@grim@" "@wl-screenrec@" "@pactl@" "@grep@" "@slurp@" ]
[
"${pkgs.grim}/bin/grim"
"${pkgs.wl-screenrec}/bin/wl-screenrec"
"${pkgs.pulseaudio}/bin/pactl"
"${pkgs.gnugrep}/bin/grep"
"${pkgs.slurp}/bin/slurp"
]
''
# Screenshots
#bindsym $mod+print exec @slurp@ | @grim@ -g - $(xdg-user-dir PICTURES)/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')
bindsym $mod+print exec @slurp@ | @grim@ -g - "$HOME/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"
bindsym print exec @grim@ "$HOME/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"
# Maybe add --audio flag? can optionally specify specific device name from `@pactl@ list sources | @grep@ Name`
bindsym $mod+Shift+print exec @wl-screenrec@ -g "$(@slurp@)" --codec av1 -f "$HOME/$(date +'screencast_%Y-%m-%d-%H%M%S.mkv')"
bindsym Shift+print exec @wl-screenrec@ --codec av1 -f "$HOME/$(date +'screencast_%Y-%m-%d-%H%M%S.mkv')"
bindsym $mod+ctrl+Shift+print exec pkill -SIGINT @wl-screenrec@
# Need to make a hotkey to end the recording
'';
};
in
{
imports = [ ];
config = lib.mkIf (config.me.graphical && config.me.sway.enable) {
me.swayIncludes = [
screenshot_sway_config
];
};
}

53
nix/configuration/roles/terraform/default.nix Normal file
View File

@@ -0,0 +1,53 @@
{
config,
lib,
pkgs,
...
}:
let
alias_tf = pkgs.writeShellScriptBin "tf" ''
exec ${pkgs.terraform}/bin/terraform "''${@}"
'';
in
{
imports = [ ];
options.me = {
terraform.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install terraform.";
};
};
config = lib.mkIf config.me.terraform.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
terraform
alias_tf
];
allowedUnfree = [
"terraform"
];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".terraform.d";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
}
]
);
}

29
nix/configuration/roles/vnc_client/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
vnc_client.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install vnc_client.";
};
};
config = lib.mkIf config.me.vnc_client.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
wlvncc
];
})
]
);
}

62
nix/configuration/roles/vscode/default.nix Normal file
View File

@@ -0,0 +1,62 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
vscode.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install vscode.";
};
};
config = lib.mkIf config.me.vscode.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
allowedUnfree = [
"vscode"
"vscode-with-extensions"
"vscode-extension-ms-vscode-remote-remote-ssh"
];
environment.systemPackages = with pkgs; [
(vscode-with-extensions.override {
vscodeExtensions = with vscode-extensions; [
bbenoist.nix
ms-python.python
ms-azuretools.vscode-docker
ms-vscode-remote.remote-ssh
]
# ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
# {
# name = "remote-ssh-edit";
# publisher = "ms-vscode-remote";
# version = "0.47.2";
# sha256 = "1hp6gjh4xp2m1xlm1jsdzxw9d8frkiidhph6nvl24d0h8z34w49g";
# }
# ]
;
})
];
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".config/Code/User/settings.json" = {
source = ./files/settings.json;
};
home.file.".config/Code/User/keybindings.json" = {
source = ./files/keybindings.json;
};
};
})
]
);
}

280
nix/configuration/roles/vscode/files/keybindings.json Normal file
View File

@@ -0,0 +1,280 @@
// Place your key bindings in this file to override the defaultsauto[]
[
{
"key": "alt+.",
"command": "editor.action.revealDefinition",
"when": "editorHasDefinitionProvider && editorTextFocus && !isInEmbeddedEditor"
},
{
"key": "f12",
"command": "-editor.action.revealDefinition",
"when": "editorHasDefinitionProvider && editorTextFocus && !isInEmbeddedEditor"
},
{
"key": "alt+,",
"command": "workbench.action.navigateBack",
"when": "canNavigateBack"
},
{
"key": "ctrl+alt+-",
"command": "-workbench.action.navigateBack",
"when": "canNavigateBack"
},
{
"key": "shift+alt+/",
"command": "editor.action.goToReferences",
"when": "editorHasReferenceProvider && editorTextFocus && !inReferenceSearchEditor && !isInEmbeddedEditor"
},
{
"key": "shift+f12",
"command": "-editor.action.goToReferences",
"when": "editorHasReferenceProvider && editorTextFocus && !inReferenceSearchEditor && !isInEmbeddedEditor"
},
{
"key": "ctrl+alt+.",
"command": "workbench.action.showAllSymbols"
},
{
"key": "ctrl+t",
"command": "-workbench.action.showAllSymbols"
},
{
"key": "alt+;",
"command": "editor.action.commentLine",
"when": "editorTextFocus && !editorReadonly"
},
{
"key": "ctrl+/",
"command": "-editor.action.commentLine",
"when": "editorTextFocus && !editorReadonly"
},
{
"key": "ctrl+x",
"command": "-editor.action.clipboardCutAction"
},
{
"key": "ctrl+x",
"command": "-filesExplorer.cut",
"when": "filesExplorerFocus && foldersViewVisible && !explorerResourceIsRoot && !explorerResourceReadonly && !inputFocus"
},
{
"key": "ctrl+x 3",
"command": "workbench.action.splitEditor"
},
{
"key": "ctrl+\\",
"command": "-workbench.action.splitEditor"
},
{
"key": "ctrl+x 2",
"command": "workbench.action.splitEditorDown"
},
{
"key": "ctrl+k ctrl+\\",
"command": "-workbench.action.splitEditorDown"
},
{
"key": "ctrl+x 1",
"command": "workbench.action.joinAllGroups"
},
{
"key": "ctrl+x 0",
"command": "workbench.action.closeEditorsAndGroup"
},
{
"key": "ctrl+x shift+=",
"command": "workbench.action.evenEditorWidths"
},
{
"key": "shift+up",
"command": "workbench.action.focusAboveGroup"
},
{
"key": "ctrl+k ctrl+up",
"command": "-workbench.action.focusAboveGroup"
},
{
"key": "shift+down",
"command": "workbench.action.focusBelowGroup"
},
{
"key": "ctrl+k ctrl+down",
"command": "-workbench.action.focusBelowGroup"
},
{
"key": "shift+left",
"command": "workbench.action.focusLeftGroup"
},
{
"key": "ctrl+k ctrl+left",
"command": "-workbench.action.focusLeftGroup"
},
{
"key": "shift+right",
"command": "workbench.action.focusRightGroup"
},
{
"key": "ctrl+k ctrl+right",
"command": "-workbench.action.focusRightGroup"
},
{
"key": "ctrl+x ctrl+s",
"command": "workbench.action.files.save"
},
{
"key": "ctrl+s",
"command": "-workbench.action.files.save"
},
{
"key": "alt+g g",
"command": "workbench.action.gotoLine"
},
{
"key": "ctrl+g",
"command": "-workbench.action.gotoLine"
},
{
"key": "ctrl+space",
"command": "editor.action.setSelectionAnchor",
"when": "editorTextFocus"
},
{
"key": "ctrl+k ctrl+b",
"command": "-editor.action.setSelectionAnchor",
"when": "editorTextFocus"
},
{
"key": "alt+w",
"command": "editor.action.clipboardCopyAction"
},
{
"key": "ctrl+c",
"command": "-editor.action.clipboardCopyAction"
},
{
"key": "ctrl+w",
"command": "editor.action.clipboardCutAction"
},
{
"key": "ctrl+y",
"command": "editor.action.clipboardPasteAction"
},
{
"key": "ctrl+v",
"command": "-editor.action.clipboardPasteAction"
},
{
"key": "ctrl+x p f",
"command": "workbench.action.quickOpen"
},
{
"key": "ctrl+e",
"command": "-workbench.action.quickOpen"
},
{
"key": "ctrl+a",
"command": "cursorLineStart"
},
{
"key": "ctrl+e",
"command": "cursorLineEnd"
},
{
"key": "ctrl+s",
"command": "actions.find",
"when": "editorFocus || editorIsOpen"
},
{
"key": "ctrl+f",
"command": "-actions.find",
"when": "editorFocus || editorIsOpen"
},
{
"key": "ctrl+shift+-",
"command": "undo"
},
{
"key": "ctrl+z",
"command": "-undo"
},
{
"key": "alt+x",
"command": "workbench.action.showCommands"
},
{
"key": "ctrl+shift+p",
"command": "-workbench.action.showCommands"
},
{
"key": "ctrl+c ctrl+a",
"command": "editor.action.quickFix",
"when": "editorHasCodeActionsProvider && textInputFocus && !editorReadonly"
},
{
"key": "ctrl+.",
"command": "-editor.action.quickFix",
"when": "editorHasCodeActionsProvider && textInputFocus && !editorReadonly"
},
{
"key": "shift+alt+5",
"command": "editor.action.startFindReplaceAction",
"when": "editorFocus || editorIsOpen"
},
{
"key": "ctrl+h",
"command": "-editor.action.startFindReplaceAction",
"when": "editorFocus || editorIsOpen"
},
{
"key": "shift+1",
"command": "editor.action.replaceAll",
"when": "editorFocus && findWidgetVisible"
},
{
"key": "ctrl+alt+enter",
"command": "-editor.action.replaceAll",
"when": "editorFocus && findWidgetVisible"
},
{
"key": "shift+alt+,",
"command": "cursorTop",
"when": "textInputFocus"
},
{
"key": "ctrl+home",
"command": "-cursorTop",
"when": "textInputFocus"
},
{
"key": "shift+alt+.",
"command": "cursorBottom",
"when": "textInputFocus"
},
{
"key": "ctrl+end",
"command": "-cursorBottom",
"when": "textInputFocus"
},
{
"key": "ctrl+x ctrl+f",
"command": "workbench.action.files.openFile",
"when": "true"
},
{
"key": "ctrl+o",
"command": "-workbench.action.files.openFile",
"when": "true"
},
{
"key": "ctrl+x k",
"command": "workbench.action.closeEditorInAllGroups"
},
{
"key": "ctrl+x b",
"command": "workbench.action.showAllEditors"
},
{
"key": "ctrl+k ctrl+p",
"command": "-workbench.action.showAllEditors"
}
]

41
nix/configuration/roles/vscode/files/settings.json Normal file
View File

@@ -0,0 +1,41 @@
{
"application.shellEnvironmentResolutionTimeout": 90,
"workbench.colorTheme": "Default High Contrast",
"remote.SSH.connectTimeout": 90,
"remote.SSH.enableDynamicForwarding": false,
"remote.SSH.enableAgentForwarding": false,
"remote.SSH.enableX11Forwarding": false,
"python.analysis.inlayHints.functionReturnTypes": true,
"python.analysis.inlayHints.variableTypes": true,
"editor.minimap.enabled": false,
"editor.fontSize": 12,
"editor.cursorStyle": "block",
"editor.fontFamily": "'Cascadia Mono', 'monospace', monospace",
"workbench.colorCustomizations": {
"editorCursor.foreground": "#ccff66",
"terminalCursor.foreground": "#ccff66"
},
"workbench.editor.showTabs": "none",
"workbench.activityBar.location": "hidden",
"window.menuBarVisibility": "toggle",
"explorer.autoReveal": false,
"[python]": {
"editor.defaultFormatter": "ms-python.black-formatter",
"editor.formatOnSave": true
},
"[terraform]": {
"editor.defaultFormatter": "hashicorp.terraform",
"editor.formatOnSave": true
},
"[terraform-vars]": {
"editor.defaultFormatter": "hashicorp.terraform",
"editor.formatOnSave": true
},
"black-formatter.importStrategy": "fromEnvironment",
"workbench.statusBar.visible": false,
"git.openRepositoryInParentFolders": "never",
"files.autoSave": "afterDelay",
"editor.rulers": [
100
]
}

31
nix/configuration/roles/wasm/default.nix Normal file
View File

@@ -0,0 +1,31 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
wasm.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install wasm.";
};
};
config = lib.mkIf config.me.wasm.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
wabt
wasm-bindgen-cli
binaryen # for wasm-opt
];
}
]
);
}

131
nix/configuration/roles/waybar/default.nix Normal file
View File

@@ -0,0 +1,131 @@
{
config,
lib,
pkgs,
...
}:
let
waybar_sway_config = pkgs.writeTextFile {
name = "waybar.conf";
text = ''
#
# Status Bar:
#
# Read `man 5 sway-bar` for more information about this section.
bar {
position top
font pango:Cascadia Mono, FontAwesome 10
swaybar_command waybar
colors {
statusline #ffffff
background #323232
inactive_workspace #32323200 #32323200 #5c5c5c
}
}
'';
};
waybar_available_memory =
(pkgs.writeScriptBin "waybar_custom_available_memory" (
builtins.readFile ./files/waybar_scripts/waybar_available_memory_linux.bash
)).overrideAttrs
(old: {
buildCommand = "${old.buildCommand}\n patchShebangs $out";
});
waybar_battery =
(pkgs.writeScriptBin "waybar_custom_battery" (
builtins.readFile ./files/waybar_scripts/waybar_battery_linux.bash
)).overrideAttrs
(old: {
buildCommand = "${old.buildCommand}\n patchShebangs $out";
});
waybar_clock =
(pkgs.writeScriptBin "waybar_custom_clock" (
builtins.readFile ./files/waybar_scripts/waybar_custom_clock.py
)).overrideAttrs
(old: {
buildCommand = "${old.buildCommand}\n patchShebangs $out";
});
waybar_night_mode =
(pkgs.writeScriptBin "waybar_night_mode" (
builtins.readFile ./files/waybar_scripts/waybar_night_mode.bash
)).overrideAttrs
(old: {
buildCommand = "${old.buildCommand}\n patchShebangs $out";
});
waybar_sound =
(pkgs.writeScriptBin "waybar_custom_sound" (
builtins.readFile ./files/waybar_scripts/waybar_sound_linux.bash
)).overrideAttrs
(old: {
buildCommand = "${old.buildCommand}\n patchShebangs $out";
});
waybar_temperature =
(pkgs.writeScriptBin "waybar_custom_temperature" (
builtins.readFile ./files/waybar_scripts/waybar_temperature_linux.bash
)).overrideAttrs
(old: {
buildCommand = "${old.buildCommand}\n patchShebangs $out";
});
in
{
imports = [ ];
options.me = {
waybar.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install waybar.";
};
};
config = lib.mkIf config.me.waybar.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
waybar
waybar_available_memory
waybar_battery
waybar_clock
waybar_night_mode
waybar_sound
waybar_temperature
python3 # for clock TODO python should not be in the system packages, maybe switch to a venv? ref https://nixos.wiki/wiki/Python
bc # for temperature and sound
jq # for memory, battery, sound, night mode, and temperature
upower # for battery
wlsunset # for night mode
];
me.swayIncludes = [
waybar_sway_config
];
services.upower.enable = true; # for battery
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file = {
".config/waybar/config" = {
source = ./files/waybar_config.json;
};
".config/waybar/style.css" = {
source = ./files/style.css;
};
};
};
})
]
);
}

Some files were not shown because too many files have changed in this diff Show More