talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: talexander:9a271848858ae3bb28cfeaf87742b11e88e69c12
Branches Tags
talexander:main talexander:kubernetes talexander:nix talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook
..
compare: talexander:install_files_mixin
Branches Tags
talexander:kubernetes talexander:nix talexander:main talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook

350 Commits
9a27184885 ... install_fi

Author SHA1 Message Date
Tom Alexander
504f8ecf09 Add support for setting the group owning the file. 2025-05-26 21:17:11 -04:00
Tom Alexander
7254bc8c7c Add test invocation. 2025-05-26 21:05:56 -04:00
Tom Alexander
a32f6bf0d1 Add a mixin to install files instead of using home-manager. 2025-05-26 21:05:56 -04:00
Tom Alexander
996cb27a89 Merge branch 'rpcs3' into nix 2025-05-26 19:26:13 -04:00
Tom Alexander
9008d9b7c6 Clean up steam rom manager. 2025-05-26 19:25:10 -04:00
Tom Alexander
38a1168a32 Persist persistent_settings.dat on steam deck. 2025-05-26 18:23:10 -04:00
Tom Alexander
3a4344a112 Copy the RPCS3 setup improvements to the steam deck config. 2025-05-26 16:26:48 -04:00
Tom Alexander
18cb758986 Fix lag in the home button menu. 2025-05-26 16:02:34 -04:00
Tom Alexander
e28c7f8968 Persist icons and play stats. 2025-05-26 15:46:10 -04:00
Tom Alexander
5c17148635 Write color buffers to fix black screen on Demon's Souls. 2025-05-26 15:32:10 -04:00
Tom Alexander
199bb38dfb Fix rpcs3 config. 2025-05-26 15:24:50 -04:00
Tom Alexander
5af4a95940 Add the rpcs3 config.yml file. 2025-05-26 14:51:13 -04:00
Tom Alexander
daf35778c5 Add rpcs3 (ps3 emulator). 2025-05-26 14:51:12 -04:00
Tom Alexander
1866cf6290 Disable cargo in emacs because it is causing errors. 2025-05-24 22:46:38 -04:00
Tom Alexander
23ef4d50b9 Add a comment about how to read ECC memory errors. 2025-05-23 18:01:24 -04:00
Tom Alexander
4aec400388 Auto-format typescript in vscode. 2025-05-19 19:11:21 -04:00
Tom Alexander
f211282376 Fix the build after the software update. 2025-05-15 20:13:27 -04:00
Tom Alexander
96a96a0bc4 Move CPU optimizations into their own role. 
This is remove duplication between the individual hosts folders.
 2025-05-12 22:53:56 -04:00
Tom Alexander
554a6aff65 Update software. 2025-05-11 14:39:36 -04:00
Tom Alexander
14c5c7d0fd Improve video convert script. 2025-05-11 00:11:29 -04:00
Tom Alexander
22f9a0efcd I think I figured out howto enable cross compiling between zen versions. 2025-05-10 23:11:33 -04:00
Tom Alexander
3e80452235 Merge branch '9pfs' into nix 2025-05-10 22:24:43 -04:00
Tom Alexander
c68c069667 Add a new ionlybootzfs host for the test VM. 
This way it will install far less software.
 2025-05-10 22:11:59 -04:00
Tom Alexander
e08d93425a Remove games from VMs. 2025-05-10 21:14:34 -04:00
Tom Alexander
5b7cae49c3 Removing the 9pfs nix store. 
The experiment was good for mounting directories with various overlay patterns from the host to the guest, but using it specifically for /nix/store was a bad idea. It would be better to just serve the host nix store with nix-serve -p 8080 and add that as a substituter during install.
 2025-05-10 20:47:45 -04:00
Tom Alexander
e65504b5f3 Add a role for mounting the nix store over 9pfs. 
This is useful for virtual machines since we can have a persistent /nix/store on the host machine.
 2025-05-10 20:47:45 -04:00
Tom Alexander
158188c4c6 Fix disabling optimizations in iso builds. 2025-05-10 16:41:55 -04:00
Tom Alexander
c587fcc2ac Re-enable fwupd. Without it, gnome-firmwarm seems to not work. 2025-05-10 15:34:50 -04:00
Tom Alexander
9d16c7bd7b Update emacs config. 2025-05-10 12:44:12 -04:00
Tom Alexander
2b3b9af70b Disable teleparty. 
The firefox version has been buggy.
 2025-05-10 12:04:48 -04:00
Tom Alexander
53f370b1ee Add yt-dlp. 2025-05-10 11:58:55 -04:00
Tom Alexander
25c8c30488 Add mkvmerge. 2025-05-07 23:31:17 -04:00
Tom Alexander
4d754355b7 Merge branch 'nix_worker' into nix 2025-05-04 16:40:24 -04:00
Tom Alexander
902c6e1127 Switch to quark's buildMachine config being entirely in nix rather than in root's ssh config. 2025-05-04 16:26:41 -04:00
Tom Alexander
98f98a8895 Centralize the config for buildMachines. 2025-05-04 16:22:02 -04:00
Tom Alexander
4a303d17d8 Add a nix_worker role for nix builders. 2025-05-04 15:53:49 -04:00
Tom Alexander
7f4c41bb32 Add odo deploy scripts. 2025-05-04 15:16:44 -04:00
Tom Alexander
c68a6aaa19 Introduce config.me.optimizations.enable to toggle optimizations. 
This is more granular than the buildingIso setting.
 2025-05-04 15:12:41 -04:00
Tom Alexander
a36ebbf94c Switching --no-build-nix to --fast because it fixes remote deploys to machines with different architectures. 
I thought these flags were synonymous?
 2025-05-04 14:50:14 -04:00
Tom Alexander
1044aa16b0 Update to linux 6.14. 2025-05-04 12:09:57 -04:00
Tom Alexander
efcefc129a Update versions and regenerate lockfile. 2025-04-28 18:24:37 -04:00
Tom Alexander
16dd93668d Keep build outputs on odo. 2025-04-27 22:44:12 -04:00
Tom Alexander
c457f6414b Fix sm64ex. 2025-04-25 20:14:24 -04:00
Tom Alexander
844466c2ca Update versions. 2025-04-21 08:14:20 -04:00
Tom Alexander
6cf6e61193 Add quark as a /etc/hosts entry. 2025-04-19 21:14:40 -04:00
Tom Alexander
ca3ef67533 Disable lvfs and minor bug fix in copy_files util. 2025-04-19 20:58:16 -04:00
Tom Alexander
56c0add33f Add Quark to nix config. 2025-04-19 20:47:10 -04:00
Tom Alexander
ba81687d42 Add duckstation to the steam deck. 2025-04-15 21:44:53 -04:00
Tom Alexander
144f83982d Copy over some networking sysctls from my ansible playbook. 2025-04-11 19:38:14 -04:00
Tom Alexander
a97a03f642 Sort imports. 2025-04-11 17:41:55 -04:00
Tom Alexander
fc47359184 Add support for yuzu and ryujinx. 2025-04-05 21:53:36 -04:00
Tom Alexander
812a762652 Import disko through the flake inputs instead of fetchTarball. 2025-04-05 12:22:33 -04:00
Tom Alexander
fb785e036b Add a comment. 2025-04-05 12:22:33 -04:00
Tom Alexander
cdc7d13225 Fix screen scaling during screen sharing. 2025-04-05 12:22:33 -04:00
Tom Alexander
ec4583b79e Switch to shikane. 
Kanshi has been fine, but I want to see if I am missing anything that shikane offers.
 2025-04-05 12:22:32 -04:00
Tom Alexander
cab8c8d955 Switch to regular emacs package instead of pinned-version. 2025-04-05 12:22:32 -04:00
Tom Alexander
33f582d17a Enable optimization for hydra ISO. 2025-04-05 12:22:32 -04:00
Tom Alexander
295ac24361 Verify all the optimized builds. 2025-04-05 12:22:32 -04:00
Tom Alexander
42dd67f9da Enable optimizations for shipwright (Ocarina of Time PC Port). 2025-03-30 18:43:15 -04:00
Tom Alexander
c173ea87cf Auto-create persist directories. 2025-03-30 18:32:32 -04:00
Tom Alexander
33f45c56bf Add dolphin for gamecube and wii. 2025-03-30 17:10:43 -04:00
Tom Alexander
83389cb5cf Add ares for snes and nintendo 64. 2025-03-30 13:51:50 -04:00
Tom Alexander
4db3ef1ed3 Put steam rom manager data in the persist folder. 2025-03-29 19:19:41 -04:00
Tom Alexander
fe7a083a7b Pass along args in steam wrappers. 2025-03-29 16:46:52 -04:00
Tom Alexander
cd0578d0a6 Stop forcing cascadia. 2025-03-29 16:30:27 -04:00
Tom Alexander
f56dcc7c42 Start a hydra role. 2025-03-29 16:30:27 -04:00
Tom Alexander
83de1e3708 Add support for persistent disks in the hydra iso. 2025-03-29 16:30:27 -04:00
Tom Alexander
2b20ab5123 Fix remote builder config. 2025-03-27 22:15:53 -04:00
Tom Alexander
3ecb2fc790 Enable optimized builds for steam deck. 2025-03-24 21:59:43 -04:00
Tom Alexander
44a49d7ac7 Add rpcs3 (PS3 emulator) to steam deck. 2025-03-24 21:59:43 -04:00
Tom Alexander
acfc9ac1a4 Add hydra as a distributed build machine. 2025-03-24 21:59:42 -04:00
Tom Alexander
e733dcdcbf Add a target for the hydra server. 2025-03-23 18:19:49 -04:00
Tom Alexander
3099a18424 Enable optimization on odo. 2025-03-23 18:19:49 -04:00
Tom Alexander
15c209fdd9 Add support for pcsx2. 2025-03-22 13:39:13 -04:00
Tom Alexander
ee181b535e Compiling with optimizations still failing. 2025-03-17 08:26:39 -04:00
Tom Alexander
4d0fc61e13 Upgrade to 6.13. 2025-03-14 23:17:30 -04:00
Tom Alexander
2b54630053 Add some scripts that are helpful for configuring kubernetes. 2025-03-08 17:22:32 -05:00
Tom Alexander
84bd6be8e6 Hide the libultraship splash screen for a more authentic feel. 2025-03-01 22:53:33 -05:00
Tom Alexander
dd96520ad1 Add support for authenticating to GKE with gcloud. 2025-03-01 14:49:19 -05:00
Tom Alexander
11a1d61581 Integrate some git config suggestions from https://blog.gitbutler.com/how-git-core-devs-configure-git/ . 2025-02-26 17:06:44 -05:00
Tom Alexander
bab2cfdc7b Update to emacs 30. 2025-02-24 22:09:23 -05:00
Tom Alexander
fd0c92f3eb Persist the gcloud config directory. 2025-02-23 18:44:59 -05:00
Tom Alexander
6ac33d2538 Update lockfile. 2025-02-21 19:30:58 -05:00
Tom Alexander
8d4b345414 Install ipcalc. 2025-02-19 20:43:27 -05:00
Tom Alexander
8beaf00693 Add terraform-ls to emacs. 2025-02-18 18:23:40 -05:00
Tom Alexander
181e650094 Install steam-run-free. 2025-02-18 17:58:35 -05:00
Tom Alexander
449f288214 Add gcloud. 2025-02-18 17:52:50 -05:00
Tom Alexander
f6df27d7a9 Remove config that was causing extra prompts with no noticeable impact. 2025-02-16 20:57:08 -05:00
Tom Alexander
e3a7a410c4 Merge branch 'steam_deck' into nix 2025-02-16 09:18:07 -05:00
Tom Alexander
345c62a477 Add wrappers for 2ship2harkinian and sm64ex also. 
Set the steam launcher to run /home/deck/.nix-profile/bin/steam_<GAME> to have it work inside steam gaming mode.
 2025-02-15 20:50:34 -05:00
Tom Alexander
e7528765a9 Add a wrapper script to launch ship of harkinian in gaming mode. 2025-02-15 20:22:29 -05:00
Tom Alexander
54860370c0 Add a desktop file for sm64ex. 2025-02-15 19:31:16 -05:00
Tom Alexander
46b21370bd Auto-clean-up steam deck nix store. 2025-02-15 12:18:59 -05:00
Tom Alexander
381e3fb591 Switch to deploying 2ship2harkinian config file and fix launching it from KDE plasma's start menu. 2025-02-15 12:15:58 -05:00
Tom Alexander
5d4ebf90b3 Fix launching ship of harkinian from KDE plasma's start menu. 2025-02-15 11:53:19 -05:00
Tom Alexander
7dcdcc906c Switch to deploying the ship of harkinian config file. 2025-02-15 11:53:19 -05:00
Tom Alexander
a4abb96de3 Switch to deploying the sm64ex config file. 2025-02-15 10:57:18 -05:00
Tom Alexander
5859a06c5d Add icon to steam rom manager. 2025-02-15 10:32:50 -05:00
Tom Alexander
02223deb64 Switch steam rom manager to using the AppImage. 2025-02-15 08:50:58 -05:00
Tom Alexander
20e247f8ed Add a role for sm64ex for the deck. 2025-02-13 21:24:31 -05:00
Tom Alexander
b0186dc85b Add a role for 2ship2harkinian (Majora's Mask PC port). 2025-02-13 20:45:49 -05:00
Tom Alexander
cac15febfa Add impermanence for ship of harkinian's files. 2025-02-13 20:10:59 -05:00
Tom Alexander
48fa3c7436 Move steam rom manager to a role. 2025-02-13 19:33:07 -05:00
Tom Alexander
7dd922c2a2 Add a blank role. 2025-02-13 19:26:52 -05:00
Tom Alexander
ab6f7dbea5 Add a role for ship of harkinian (the pc port of Ocarina of Time). 2025-02-13 19:21:53 -05:00
Tom Alexander
fea86b00b4 Install nixGL to support running graphical programs on non-nixos. 2025-02-13 17:57:33 -05:00
Tom Alexander
197b8fcced Add ssh config. 2025-02-10 18:14:18 -05:00
Tom Alexander
0bec3dbe63 Switch to home-manager. 2025-02-10 01:17:58 -05:00
Tom Alexander
53caf8bc81 Add a steam deck nix config. 2025-02-10 00:09:26 -05:00
Tom Alexander
c37d0d9b9e Add decrypt k8s secret script. 2025-02-09 20:24:13 -05:00
Tom Alexander
a663a90ada Install sops for encrypting kubernetes secrets. 2025-02-09 11:06:53 -05:00
Tom Alexander
2d976a1cf3 Install dmidecode. 2025-02-09 10:08:32 -05:00
Tom Alexander
d8e8781287 Support compiling openssl-sys with rust. 2025-02-08 20:41:37 -05:00
Tom Alexander
502e18fdec Set up vdpau. 2025-02-08 16:06:57 -05:00
Tom Alexander
24d83e95a5 Fix shift-arrowkey hotkeys in org mode. 2025-02-07 19:01:49 -05:00
Tom Alexander
3ed43b1b8a Configure rustup toolchain, cargo credentials, and put dependencies under cargo. 2025-02-02 08:30:26 -05:00
Tom Alexander
64e735abbf Add role for gnuplot. 2025-02-01 14:38:51 -05:00
Tom Alexander
ed11bf1e65 Link docker credentials. 2025-02-01 13:34:19 -05:00
Tom Alexander
c0afe006b8 Add prettier to emacs. 2025-02-01 12:27:29 -05:00
Tom Alexander
1fe305576b Add a role for tekton. 2025-02-01 11:32:25 -05:00
Tom Alexander
fc400a98db Add role for flux. 2025-02-01 11:30:52 -05:00
Tom Alexander
4a63e1c23e Move rust-analyzer to inside emacs' path. 2025-02-01 00:03:02 -05:00
Tom Alexander
379795f6e8 Disable tmpfs on neelix so it can compile the kernel. 2025-01-31 22:46:36 -05:00
Tom Alexander
edd3c6a266 Add doas-sudo-shim to support remote builds. 2025-01-31 21:29:05 -05:00
Tom Alexander
dd785692ce Add lsof and fix styling of right-click menu in waybar. 2025-01-29 19:40:44 -05:00
Tom Alexander
c6ff6a1f24 Install wavemon. 2025-01-28 21:28:34 -05:00
Tom Alexander
2f2d33296b Persist ares data. 2025-01-26 19:04:17 -05:00
Tom Alexander
2c1cf54de0 Update packages. 2025-01-26 18:55:53 -05:00
Tom Alexander
65be133ffe Update lanzaboote. 2025-01-26 16:57:18 -05:00
Tom Alexander
ee47c3cfa3 Enable debugging on ath12k. 2025-01-26 10:11:53 -05:00
Tom Alexander
ff8bb0653b Enable bluetooth on odo. 2025-01-25 21:28:14 -05:00
Tom Alexander
ff98873b32 Persist save data for ship of harkinian and 2ship2harkinian. 2025-01-25 21:22:55 -05:00
Tom Alexander
67ad4e2dff Persist sm64ex save data. 2025-01-25 20:47:48 -05:00
Tom Alexander
60452b0aeb Persist the nix-index index. 2025-01-25 20:22:41 -05:00
Tom Alexander
e043320e5c Clean up experiments in the gpg role. 2025-01-25 19:35:05 -05:00
Tom Alexander
2f8c4fbfe8 Disable verbose logging for gpg. 2025-01-25 19:10:48 -05:00
Tom Alexander
233bf4e967 Put the sleep back into wireguard. 2025-01-25 17:58:56 -05:00
Tom Alexander
f7adfaf54d Update lockfile. 2025-01-25 16:28:53 -05:00
Tom Alexander
78c9dec4c4 Disable rom name override. 
The latest nixpkgs does not support overriding the name so I am removing it now for compatibility.
 2025-01-25 16:22:04 -05:00
Tom Alexander
53c12a5b1e Add sshjail as an ansible plugin. 2025-01-25 15:30:30 -05:00
Tom Alexander
7d94210d8f Add cmake support to emacs. 2025-01-25 10:20:22 -05:00
Tom Alexander
1ebf31dc11 Remove sleep from wireguard service. 2025-01-25 10:20:22 -05:00
Tom Alexander
82c30bdb77 Add a role for 2ship2harkinian (Majora's Mask). 2025-01-24 21:25:41 -05:00
Tom Alexander
d5e7fdd097 Add bsdtar. 2025-01-24 20:58:03 -05:00
Tom Alexander
40fd7931d0 Add a persist folder for the talexander user. 2025-01-24 20:36:37 -05:00
Tom Alexander
835fd340a2 Add role for Ocarina of Time (shipwright). 2025-01-24 20:23:49 -05:00
Tom Alexander
94ef9ff3c8 Add role to build sm64ex. 2025-01-24 20:08:10 -05:00
Tom Alexander
62d3c010f5 Install nix-tree. 2025-01-24 19:01:51 -05:00
Tom Alexander
e9e792961c Add a not-working snippet to show where system packages are imported. 2025-01-24 18:53:57 -05:00
Tom Alexander
281dffc9c0 Do not install foot. 2025-01-24 18:42:57 -05:00
Tom Alexander
5bd67bb02a Move defaultPackages into the reset role. 2025-01-24 18:36:14 -05:00
Tom Alexander
4a76097a5e Refactor the wireguard role to use lib.mkMerge. 2025-01-24 17:59:07 -05:00
Tom Alexander
facfd01661 Make zsh install conditional. 2025-01-23 21:55:22 -05:00
Tom Alexander
2ce4520cd6 Make zrepl a conditional install. 2025-01-23 21:52:50 -05:00
Tom Alexander
814769b3e9 Do not install waybar on neelix. 2025-01-23 21:43:08 -05:00
Tom Alexander
6424129da3 Do not install wasm role on neelix. 2025-01-23 21:41:08 -05:00
Tom Alexander
415edbad91 Do not install vscode on neelix. 2025-01-23 21:39:57 -05:00
Tom Alexander
a773f94593 Do not install vnc client on neelix. 2025-01-23 21:37:16 -05:00
Tom Alexander
226610c926 Do not install steam or terraform on neelix. 2025-01-23 21:37:15 -05:00
Tom Alexander
7c6afef2bb Do not install pavucontrol on non-graphical installs. 2025-01-23 21:25:19 -05:00
Tom Alexander
55654fafb1 Do not install rust on neelix. 2025-01-23 21:21:37 -05:00
Tom Alexander
8946868fd6 Do not install qemu on neelix. 2025-01-23 21:18:57 -05:00
Tom Alexander
cd8e9002d0 Do not install python on neelix. 2025-01-23 21:15:48 -05:00
Tom Alexander
e1a274c88e Do not install media role on neelix. 2025-01-23 21:06:11 -05:00
Tom Alexander
cdc4bdffb6 Git buildEnv is failing. 2025-01-23 20:59:39 -05:00
Tom Alexander
9b9a103e49 Do not install gnome-firmware on non-graphical installs. 2025-01-23 20:46:03 -05:00
Tom Alexander
ea7bf809fc Do not install the launch keyboard configurator on neelix or non-graphical installs. 2025-01-23 20:42:22 -05:00
Tom Alexander
88a6d046b8 Do not install LaTeX on neelix. 2025-01-23 20:38:54 -05:00
Tom Alexander
d8e16f0b05 Do not install kubernetes clients on neelix. 2025-01-23 20:35:28 -05:00
Tom Alexander
e3fee206a1 Don't install kanshi on non-graphical installs. 2025-01-23 20:20:08 -05:00
Tom Alexander
3be710b4ad Install meld to git's path when doing a graphical install. 2025-01-23 20:07:23 -05:00
Tom Alexander
b37f8a8e1a Do not install my git config on neelix. 2025-01-23 19:55:13 -05:00
Tom Alexander
509cceb220 Only install fonts in graphical installs. 2025-01-23 19:48:25 -05:00
Tom Alexander
47408cfce0 Do not install firefox on neelix. 2025-01-23 19:14:25 -05:00
Tom Alexander
812dc40257 Do not install docker on neelix. 2025-01-23 19:09:59 -05:00
Tom Alexander
0e370c0d62 Do not install chromium or catt on neelix. 2025-01-23 19:04:19 -05:00
Tom Alexander
0598c796b7 Do not install ares on neelix. 2025-01-23 18:53:36 -05:00
Tom Alexander
df2efb728d Don't install alacritty on neelix or non-graphical installs. 2025-01-23 18:47:03 -05:00
Tom Alexander
62fc955b68 Merge branch 'plainmacs' into nix 2025-01-23 18:44:30 -05:00
Tom Alexander
e0644a069d Add support for non-graphical emacs. 2025-01-23 01:52:56 -05:00
Tom Alexander
054e056d00 Switch to buildEnv instead of symlinkJoin for better control over the joining process. 2025-01-23 01:52:56 -05:00
Tom Alexander
d3ea8b3667 Introduce a plainmacs emacs install flavor. 2025-01-22 21:01:34 -05:00
Tom Alexander
3f945f8ae3 Merge branch 'neelix' into nix 2025-01-22 20:29:12 -05:00
Tom Alexander
93c4aa4c76 Clean up the host-specific configs. 2025-01-22 20:28:58 -05:00
Tom Alexander
4664804d90 Comment out the kodi configs so they remain mutable until I've made a config I like. 2025-01-22 20:12:50 -05:00
Tom Alexander
edc48d00a2 Add some config files. 2025-01-21 23:07:05 -05:00
Tom Alexander
37aa0e6732 Add a bluetooth role. 2025-01-21 22:19:28 -05:00
Tom Alexander
a739728d41 Add neelix public key to sftp server. 2025-01-21 21:23:21 -05:00
Tom Alexander
48c5aebd82 Install jmespath for ansible. 2025-01-21 20:56:48 -05:00
Tom Alexander
c33a1b6c50 Set up memtest86 on neelix. 2025-01-20 22:50:44 -05:00
Tom Alexander
368c455b7f Persist ssh keys for kodi user. 2025-01-20 22:38:54 -05:00
Tom Alexander
5a5d34911c Add /etc/hosts entry for neelix. 2025-01-20 21:00:35 -05:00
Tom Alexander
d0c1bb1b65 Do not install sway on neelix. 2025-01-20 20:14:59 -05:00
Tom Alexander
9d49eb9d6a Add an empty kodi role. 2025-01-20 19:40:54 -05:00
Tom Alexander
ccbc999744 Add a global options role. 2025-01-20 19:27:49 -05:00
Tom Alexander
d537aa599b Stop the sway-session.target when exiting sway. 2025-01-20 18:43:54 -05:00
Tom Alexander
95d06dfe0e Enable memtest86 when building the ISO. 2025-01-20 18:43:54 -05:00
Tom Alexander
f2adb9328b Build zfs into the ISO image. 2025-01-20 18:43:54 -05:00
Tom Alexander
7bc6e0c470 Add a config for neelix. 2025-01-20 18:43:54 -05:00
Tom Alexander
99edb2d161 Use full emacs for e alias. 2025-01-19 23:15:33 -05:00
Tom Alexander
938f8676ff Add chromecast support. 2025-01-19 13:44:01 -05:00
Tom Alexander
d365b6aea9 Add ncdu to inspect disk usage. 2025-01-19 11:05:00 -05:00
Tom Alexander
8d911ff893 Wrap tofi without forcing a rebuild. 2025-01-19 10:53:54 -05:00
Tom Alexander
2aca77ea1a Merge branch 'emacs_refactor' into nix 2025-01-19 10:16:27 -05:00
Tom Alexander
1b342d3402 Switch from buildEnv to symlinkJoin to keep dependencies out of the system path. 2025-01-19 10:09:49 -05:00
Tom Alexander
9976e232e6 Move packages out of systemPackages and into the emacs_full package. 2025-01-18 23:11:35 -05:00
Tom Alexander
3baf18f435 Install aspell into the emacs_full environment. 2025-01-18 22:53:09 -05:00
Tom Alexander
e00331bf94 Wrap emacs settings in a mkMerge. 2025-01-18 21:26:17 -05:00
Tom Alexander
8e22d8febb Switch to a 300hz tickless kernel and enable BBR. 
Aside from BBR, these settings are copied from arch linux.
 2025-01-18 20:15:20 -05:00
Tom Alexander
ed0d1e41d6 Add a notification daemon. 2025-01-18 18:44:00 -05:00
Tom Alexander
2c27d580f4 Add a mode to force focus a window. 2025-01-18 18:40:08 -05:00
Tom Alexander
75ac4b91f3 Add screenshot / screen recording. 2025-01-18 18:33:46 -05:00
Tom Alexander
9abe43096b Add swaylock. 2025-01-18 18:13:30 -05:00
Tom Alexander
1535800e2f Replace wofi with tofi. 2025-01-18 17:39:51 -05:00
Tom Alexander
dcffced35a Add rofimoji. 2025-01-18 14:32:44 -05:00
Tom Alexander
1da36ab7c5 Remove unused portion of zshrc. 
I will probably move to a similar import system to what I am doing with sway.
 2025-01-18 13:18:06 -05:00
Tom Alexander
c694c6ae4c Make zsh-histdb use sqlite3 directly instead of depending on systemPackages. 2025-01-18 13:12:24 -05:00
Tom Alexander
f524aa168a Stick with imv instead of swayimg. 2025-01-18 12:16:11 -05:00
Tom Alexander
308206d1cc Launch a terminal at boot in the live ISO. 2025-01-18 11:55:12 -05:00
Tom Alexander
8ac235cb8c Move disabling wifi power saving to a host-specific file. 2025-01-18 11:48:53 -05:00
Tom Alexander
5170678a25 Don't garbage collect in a built ISO. 
The ISO is immutable so garbage collection does not make sense.
 2025-01-18 11:33:39 -05:00
Tom Alexander
19cf31b094 Move a zfs setting into the zfs role. 2025-01-18 11:14:19 -05:00
Tom Alexander
4f0024c4f9 Move some graphics bits into the graphics role. 2025-01-18 11:00:30 -05:00
Tom Alexander
41138ab34a Update to the new secureboot location. 2025-01-18 10:54:34 -05:00
Tom Alexander
f9b18809f9 An update fixed firefox's launch time. 2025-01-17 22:42:57 -05:00
Tom Alexander
fefe46b512 Remove kvm-amd from boot.kernelModules. 2025-01-17 21:36:34 -05:00
Tom Alexander
b4947bcff6 Add vnc client. 2025-01-17 20:30:16 -05:00
Tom Alexander
14baaddcff Persist factorio data. 2025-01-17 19:07:54 -05:00
Tom Alexander
1c8f2f1c74 Switch back to regular linux. 2025-01-17 18:55:59 -05:00
Tom Alexander
1bfe24f457 Remove duplicate entry for xdg-desktop-portal-wlr. 2025-01-16 20:51:17 -05:00
Tom Alexander
08feb8bad6 Add more tracing commands. 2025-01-15 21:12:28 -05:00
Tom Alexander
cb3b01a74c Blacklist hardward watchdog for AMD 700 chipset series for power savings. 2025-01-15 21:01:30 -05:00
Tom Alexander
0e95edd8e7 Switch to unstable. 2025-01-15 21:00:57 -05:00
Tom Alexander
d172b1dea2 Add some wasm utilities. 2025-01-14 23:57:24 -05:00
Tom Alexander
2a97a1ee92 Add vscode role. 2025-01-14 23:57:24 -05:00
Tom Alexander
ba4085df1a Add terraform. 2025-01-14 23:17:26 -05:00
Tom Alexander
7c542364a2 Add firmware updating through fwupd via the Linux Vendor firmware Service (LVFS). 2025-01-14 22:42:52 -05:00
Tom Alexander
0299ebcb43 Add nvme role. 2025-01-14 21:51:53 -05:00
Tom Alexander
c23245b97c Add TODO. 2025-01-14 21:40:38 -05:00
Tom Alexander
491412c33c Add seatd. 2025-01-14 21:10:03 -05:00
Tom Alexander
5a5839482d Add support for the system76 launch keyboard configurator. 2025-01-14 20:16:06 -05:00
Tom Alexander
63408f5664 Set up latex. 2025-01-14 18:04:04 -05:00
Tom Alexander
d338b77d23 Install sshfs. 2025-01-14 17:56:29 -05:00
Tom Alexander
ce9140aa73 Add role for zrepl. 2025-01-13 17:59:03 -05:00
Tom Alexander
dbf3f2e983 Disable the fallback DNS servers. 2025-01-13 17:43:38 -05:00
Tom Alexander
0ca26e73fb Add more firefox extensions. 2025-01-12 22:43:23 -05:00
Tom Alexander
0fb53a4294 Add preparations for the new location for secureboot keys. 2025-01-12 21:17:47 -05:00
Tom Alexander
4019e6d132 Fix buildkit access to SSH agent. 2025-01-12 21:17:47 -05:00
Tom Alexander
8b1e76d9d7 Add a script to resume a zfs send/recv. 2025-01-12 19:55:15 -05:00
Tom Alexander
477637ae62 Add a script to test fetching PGP keys from a Web Key Directory (WKD). 2025-01-12 18:29:48 -05:00
Tom Alexander
5146a114eb Introduce a variable for sway includes and disable relatime on the zfs legacy mounts. 2025-01-12 15:39:46 -05:00
Tom Alexander
a817464b38 Preserve steam directories. 2025-01-11 22:36:09 -05:00
Tom Alexander
1acf889c68 Instll steam and the zfs_clone_send / zfs_clone_recv scripts. 2025-01-11 13:48:46 -05:00
Tom Alexander
af07d43c18 Add asian fonts. 2025-01-11 12:50:13 -05:00
Tom Alexander
33f13d898d Switch to ares instead of bsnes. 2025-01-11 12:09:02 -05:00
Tom Alexander
47d9e203f3 Add media role. 2025-01-10 22:54:32 -05:00
Tom Alexander
1a2ff987fe Add fw-ectool to framework laptop. 2025-01-09 23:31:27 -05:00
Tom Alexander
16480b3749 Switch to ladspa. 2025-01-09 21:32:37 -05:00
Tom Alexander
0d3901788d Installing ccid and libusb-compat does not fix it. 2025-01-09 19:04:44 -05:00
Tom Alexander
a3cb2c8632 Add kanshi. 2025-01-09 18:14:45 -05:00
Tom Alexander
6b9660bc44 Switch to mono noise suppression for voice and disable vulkan for chromium. 2025-01-09 17:56:46 -05:00
Tom Alexander
5c41b7efa2 Update software. 2025-01-08 21:43:39 -05:00
Tom Alexander
ead5db241e Install packages needed to run amd_s2idle. 2025-01-07 23:02:22 -05:00
Tom Alexander
8b074617e8 Use Adwaita cursor theme. 2025-01-06 19:34:28 -05:00
Tom Alexander
13970b53ad Only decrypt the nix zfs dataset. 2025-01-06 19:21:20 -05:00
Tom Alexander
13d7319a0f Add nix-index. 2025-01-06 14:32:07 -05:00
Tom Alexander
bd9a85efd3 Add klog alias. 2025-01-05 15:43:23 -05:00
Tom Alexander
4a4c54def4 Disable DNS settings for hotel. 2025-01-02 22:50:55 -05:00
Tom Alexander
18d372c8ee Revert "Switching to a home-manager config did not fix it." 
This reverts commit 4599b38ebf.
 2025-01-02 10:27:25 -05:00
Tom Alexander
4599b38ebf Switching to a home-manager config did not fix it. 2025-01-02 10:27:21 -05:00
Tom Alexander
04a95a2543 More failed attempts to get gpg working. 2025-01-02 09:43:00 -05:00
Tom Alexander
7c5f14ee61 Persist kubernetes client config. 2025-01-02 09:03:19 -05:00
Tom Alexander
d49f12f58f Enable panel replay. 2025-01-01 19:59:02 -05:00
Tom Alexander
936d3bc34d Add rust. 2025-01-01 19:16:08 -05:00
Tom Alexander
1b34841921 Comment out specific version of gpg. 2025-01-01 18:43:29 -05:00
Tom Alexander
611904761e Add kubernetes client. 2025-01-01 18:43:29 -05:00
Tom Alexander
f843b7924f Add docker. 2025-01-01 18:29:27 -05:00
Tom Alexander
7bb7b89b82 Try a specific version of gpg. 2025-01-01 13:35:29 -05:00
Tom Alexander
c1103775b6 Keep 30 days of /nix. 2025-01-01 13:31:45 -05:00
Tom Alexander
24d89ed704 Default to power-saving mode. 2024-12-31 12:51:23 -05:00
Tom Alexander
e8dff5ece1 Set up wireguard networks using functions. 2024-12-31 11:04:24 -05:00
Tom Alexander
e22b5c1c6c Add power management kernel parameters. 2024-12-31 10:27:15 -05:00
Tom Alexander
d9bc4f15d8 Add powertop. 2024-12-31 07:44:02 -05:00
Tom Alexander
77ae96ca7a Set up python. 2024-12-31 07:37:48 -05:00
Tom Alexander
d2f908005c Persist the .ssh known_hosts. 2024-12-31 07:00:41 -05:00
Tom Alexander
5e74a874ba Persist sound settings (for example, muted status) and do not enable wireguard in built ISO. 2024-12-29 15:45:52 -05:00
Tom Alexander
fe820e5843 Move remaining nix configs into folders. 2024-12-29 15:27:03 -05:00
Tom Alexander
81315e4c7b Add a snes emulator. 2024-12-29 15:12:31 -05:00
Tom Alexander
ce8718b042 Add wgh wireguard network. 2024-12-28 21:05:45 -05:00
Tom Alexander
720164497d More attempts to fix gpg decrypt with yubikey. 2024-12-27 20:53:43 -05:00
Tom Alexander
0b31b91c69 Set up wireguard. 2024-12-27 15:44:00 -05:00
Tom Alexander
2ef181cfab Attempt to fix gpg decrypt with yubikey. Did not succeed. 2024-12-27 13:09:13 -05:00
Tom Alexander
5a3450fdf8 Add gvfs and git-crypt. 2024-12-26 21:28:31 -05:00
Tom Alexander
aae534308a Add noise supression to microphone. 2024-12-25 09:17:30 -05:00
Tom Alexander
cbd8f70ce4 Merge branch 'zsh' into nix 2024-12-25 09:17:23 -05:00
Tom Alexander
64d495afa5 Use zsh-histdb package. 2024-12-23 17:28:31 -05:00
Tom Alexander
5e424b35e4 Make a zsh-histdb package. 2024-12-23 15:41:45 -05:00
Tom Alexander
7decd40844 Switch to zsh. 2024-12-23 11:14:18 -05:00
Tom Alexander
9c0f3ce601 Use dark themes. 2024-12-23 10:56:57 -05:00
Tom Alexander
e09eea2049 Switch to zen kernel optimized for znver4. 2024-12-23 10:00:01 -05:00
Tom Alexander
5d23126205 Enable secure boot. 2024-12-22 22:03:03 -05:00
Tom Alexander
748e6dee68 Set firefox as default browser. 2024-12-22 16:14:12 -05:00
Tom Alexander
27aa2f077b Set up chromium with support for wayland and widevine. 2024-12-22 00:48:57 -05:00
Tom Alexander
69098488f6 Switch to a raw file for fontconfig. 2024-12-21 17:15:54 -05:00
Tom Alexander
14e6e78aee Add the waybar scripts. 2024-12-21 16:25:40 -05:00
Tom Alexander
a0f9f4baa4 Set up waybar and building ISOs. 2024-12-21 15:46:05 -05:00
Tom Alexander
a7f3754d25 Add more sway config files. 2024-12-20 23:03:51 -05:00
Tom Alexander
54c8459fa1 Switch to vulkan renderer for sway. 2024-12-20 22:45:09 -05:00
Tom Alexander
e26118af4f Reformat all nix files. 2024-12-20 22:37:44 -05:00
Tom Alexander
764a8c58ce Add alias for emacs. 2024-12-20 22:36:32 -05:00
Tom Alexander
8f89f1c6c1 Add alacritty config. 2024-12-20 21:59:20 -05:00
Tom Alexander
862829c57c Preserve firefox cache. 2024-12-20 21:38:19 -05:00
Tom Alexander
aba96213c3 Enable the nixd language server in emacs. 2024-12-20 21:19:22 -05:00
Tom Alexander
e7ab762ee4 Fix firefox launch time. 2024-12-20 21:06:04 -05:00
Tom Alexander
b314982196 Set up firefox. 2024-12-20 18:30:35 -05:00
Tom Alexander
27060fed8d Preserve gpg directory. 2024-12-20 16:50:27 -05:00
Tom Alexander
20c1c46d12 Set up fonts. 2024-12-20 16:07:12 -05:00
Tom Alexander
3b133ed86c Do not launch alacritty at the start. 2024-12-20 15:34:02 -05:00
Tom Alexander
0aad0c39f4 Enable wayland support for emacs. 
This unfortunately means pinning to a specific version (or using 3rd party emacs-overlay).
 2024-12-20 15:30:51 -05:00
Tom Alexander
fe1033fa4b Switch to uid/gid 11235. 2024-12-20 15:22:46 -05:00
Tom Alexander
2ce635d028 Fix emacs config. 2024-12-20 15:03:33 -05:00
Tom Alexander
ba3a6e74eb Add git config and initial emacs config. 2024-12-20 13:17:13 -05:00
Tom Alexander
7e768022e7 Add hotkeys and window management to sway. 2024-12-19 23:08:19 -05:00
Tom Alexander
a76bd4ebd3 Fix wifi config 2024-12-19 22:20:55 -05:00
Tom Alexander
df89d1b973 Enable redistributable firmware. 2024-12-19 19:52:27 -05:00
Tom Alexander
50811aad77 Set up building an ISO from the config. 2024-12-19 19:36:10 -05:00
Tom Alexander
df3528d62a Enable graphics acceleration. 2024-12-19 18:59:38 -05:00
Tom Alexander
e97c570bb2 Trust wheel. 2024-12-19 18:09:48 -05:00
Tom Alexander
fbcb0826d2 Extremely minimal sway setup. 2024-12-19 17:33:21 -05:00
Tom Alexander
74499fb6a0 Switch to a different way of building the VM. 2024-12-19 16:28:40 -05:00
Tom Alexander
fbbff409a0 Add a build for a qemu virtual machine. 2024-12-19 16:14:47 -05:00
Tom Alexander
05da118d8f Start module for sway. 2024-12-19 15:13:56 -05:00
Tom Alexander
033d695fd9 Only set bootloader when in VM. 2024-12-19 15:06:57 -05:00
Tom Alexander
6953cdb81f Set up a minimal initial config. 2024-12-17 16:46:44 -05:00
Tom Alexander
48f700b803 Add script for managing nix testing vm. 2024-12-17 16:46:43 -05:00
Tom Alexander
e2f8696ed6 Move the window title to the center. 2024-12-16 23:00:50 -05:00
Tom Alexander
3bd4f15fe1 Add window title to waybar. 2024-12-16 22:43:10 -05:00
Tom Alexander
157471952a Get rid of window title bars. 2024-12-16 18:18:18 -05:00
Tom Alexander
a555876a7e Sort icons. 2024-12-13 23:06:54 -05:00
Tom Alexander
3116d34994 Add nix support to emacs. 2024-11-29 21:27:08 -05:00
Tom Alexander
5c823f3353 Try a convert vs stream function instead for video conversion. 2024-11-17 21:29:42 -05:00
Tom Alexander
c2f1a0db1c Merge branch 'template_linfi' 2024-10-21 18:10:49 -04:00
Tom Alexander
c0c12b9eea Hard-code my wifi regulatory domain to US. 2024-10-21 18:10:39 -04:00
Tom Alexander
d2ff39b5e6 Move my home server over to linfi. 2024-10-21 18:10:39 -04:00
Tom Alexander
e9e6e141d2 Switch to av1 for screen recording. 2024-10-14 18:18:20 -04:00
Tom Alexander
d2c1f5c94f Disable pf so fileserver doesn't go dark accidentally. 2024-10-14 18:18:20 -04:00
Tom Alexander
cd0208f3fc Add a script to get the next hop in a route. 
I never remember the incantation, and its slightly different between FreeBSD and Linux so I am adding this script essentially as a note.
 2024-10-13 22:02:59 -04:00
Tom Alexander
9d6ddfd1bd Merge branch 'linfi' 2024-10-13 20:48:29 -04:00
Tom Alexander
117769d1ab Set up a linux VM for running wifi. 2024-10-13 20:45:33 -04:00
Tom Alexander
91a138ab9d Add my custom ports. 2024-10-12 13:17:02 -04:00
295 changed files with 17325 additions and 309 deletions
Expand all files Collapse all files

11
ansible/environments/home/host_vars/homeserver
View File

@@ -77,8 +77,17 @@ jail_list:
# - name: mumbledb
# mount: /var/db/murmur
bhyve_dataset: zmass/encrypted/vm
bhyve_canmount: "on"
# Disable mounting bhyve dataset so it doesn't hide the unencrypted linfi vm
bhyve_canmount: "off"
bhyve_mountpoint: "none"
bhyve_bemount: "on"
wireguard_directory: homeserver
enabled_wireguard:
- wgh
linfi:
enabled: true
zfs_dataset: zmass/unencrypted/vm/linfi
zfs_mountpoint: /vm/linfi
driver_blocklist: "ath if_ath if_ath_pci ath_hal if_iwm if_iwlwifi"
pci_blocklist: "6/0/0"
amd: false

2
ansible/environments/home/hosts
View File

@@ -1,2 +1,2 @@
[headless]
homeserver ansible_user=talexander ansible_host=10.216.1.1
homeserver ansible_user=talexander ansible_host=homeserver

7
ansible/environments/laptop/host_vars/odofreebsd
View File

@@ -59,3 +59,10 @@ enabled_wireguard:
- wgh
- drmario
- colo
linfi:
enabled: true
zfs_dataset: zroot/freebsd/current/vm/linfi
zfs_mountpoint: /vm/linfi
driver_blocklist: "if_iwm if_iwlwifi"
pci_blocklist: "1/0/0"
amd: true

2
ansible/playbook.yaml
View File

@@ -126,12 +126,14 @@
vars:
ansible_become: True
roles:
- linfi
- framework_laptop
- hosts: homeserver
vars:
ansible_become: True
roles:
- linfi
- homeserver
- hosts: odowork

1
ansible/roles/base/files/login.conf
View File

@@ -44,6 +44,7 @@ default:\
:pseudoterminals=unlimited:\
:kqueues=unlimited:\
:umtxp=unlimited:\
:pipebuf=unlimited:\
:priority=0:\
:ignoretime@:\
:umask=022:\

6
ansible/roles/devfs/files/homeserver_devfs.rules
View File

@@ -17,3 +17,9 @@ add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
add path 'bpf*' unhide
[tajailrand=15]
add include $devfsrules_hide_all
add include $devfsrules_unhide_basic
add include $devfsrules_unhide_login
add path urandom unhide

1
ansible/roles/docker/tasks/linux.yaml
View File

@@ -3,6 +3,7 @@
name:
- docker
- docker-compose
- docker-buildx
state: present
- name: Create docker zfs dataset

22
ansible/roles/emacs/files/elisp/lang-nix.el Normal file
View File

@@ -0,0 +1,22 @@
(require 'common-lsp)
(require 'util-tree-sitter)
(use-package nix-mode
:mode (("\\.nix\\'" . nix-mode)
)
:commands nix-mode
:hook (
(nix-mode . (lambda ()
;; (eglot-ensure)
;; (defclass my/eglot-nix (eglot-lsp-server) ()
;; :documentation
;; "Own eglot server class.")
;; (add-to-list 'eglot-server-programs
;; '(nix-mode . (my/eglot-nix "nixd")))
;; (add-hook 'before-save-hook 'eglot-format-buffer nil 'local)
))
)
)
(provide 'lang-nix)

2
ansible/roles/emacs/files/init.el
View File

@@ -36,4 +36,6 @@
(require 'lang-xml)
(require 'lang-nix)
(load-directory autoload-directory)

2
ansible/roles/emacs/meta/main.yaml
View File

@@ -7,3 +7,5 @@ dependencies:
when: 'emacs_flavor == "full"'
- role: terraform
when: 'emacs_flavor == "full"'
- role: nix
when: 'emacs_flavor == "full"'

2
ansible/roles/firefox/defaults/main.yaml
View File

@@ -28,7 +28,7 @@ firefox_config:
# Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
#
# This breaks copying from BigQuery https://github.com/microsoft/monaco-editor/issues/1540
dom.event.clipboardevents.enabled: false
# dom.event.clipboardevents.enabled: false
# Isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains.
privacy.firstparty.isolate: true
# Do not preload URLs that auto-complete in the address bar.

14
ansible/roles/firewall/files/homeserver_pf.conf
View File

@@ -1,5 +1,5 @@
ext_if = "{ igb0 igb1 ix0 ix1 wlan0 }"
not_ext_if = "{ !igb0 !igb1 !ix0 !ix1 !wlan0 }"
ext_if = "{ igb0 igb1 ix0 ix1 linfi_host }"
not_ext_if = "{ !igb0 !igb1 !ix0 !ix1 !linfi_host }"
jail_nat_v4 = "{ 10.215.1.0/24 }"
not_jail_nat_v4 = "{ any, !10.215.1.0/24 }"
restricted_nat_v4 = "{ 10.215.2.0/24 }"
@@ -19,17 +19,17 @@ unifi_ports = "{ 8443 3478 10001 8080 1900 8843 8880 6789 5514 }"
set skip on lo
# queueing
# altq on wlan0 cbq queue { def, stuff }
# altq on linfi_host cbq queue { def, stuff }
# queue def cbq(default borrow)
# queue stuff bandwidth 8Mb cbq { dagger }
# queue dagger cbq(borrow)
# redirections
nat pass on $ext_if inet from $jail_nat_v4 to $not_jail_nat_v4 -> (wlan0)
nat pass on $ext_if inet from $jail_nat_v4 to $not_jail_nat_v4 -> (linfi_host)
rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 172.16.0.1 port 53
# cloak
nat pass on $ext_if inet from 10.215.2.0/24 to !10.215.2.0/24 -> (wlan0)
nat pass on $ext_if inet from 10.215.2.0/24 to !10.215.2.0/24 -> (linfi_host)
rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.2.1 port 53 -> 172.16.0.1 port 53
# bastion
@@ -42,6 +42,10 @@ nat pass on restricted_nat proto {tcp, udp} from 10.215.1.217/32 to 10.215.2.2 p
rdr pass on $ext_if inet proto {tcp, udp} from $not_restricted_nat_v4 to any port 8082 -> 10.215.2.2 port 8082
nat pass on restricted_nat proto {tcp, udp} from any to 10.215.2.2 port 8082 -> 10.215.2.1
# cloak -> dagger old
rdr pass on $ext_if inet proto {tcp, udp} from $not_restricted_nat_v4 to any port 8083 -> 10.215.2.2 port 8083
nat pass on restricted_nat proto {tcp, udp} from any to 10.215.2.2 port 8083 -> 10.215.2.1
# -> sftp
# TODO: Limit bandwidth for sftp
rdr pass on $ext_if inet proto {tcp, udp} from $not_jail_nat_v4 to any port 8022 -> 10.215.1.216 port 22

6
ansible/roles/firewall/files/odofreebsd_pf.conf
View File

@@ -1,5 +1,5 @@
ext_if = "{ wlan0 }"
not_ext_if = "{ !wlan0 }"
ext_if = "{ linfi_host }"
not_ext_if = "{ !linfi_host }"
jail_nat_v4 = "{ 10.215.1.0/24 }"
not_jail_nat_v4 = "{ any, !10.215.1.0/24 }"
rfc1918 = "{ 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16 }"
@@ -16,7 +16,7 @@ udp_pass_in = "{ 53 51820 }"
set skip on lo
# redirections
nat pass on $ext_if inet from $jail_nat_v4 to $not_jail_nat_v4 -> (wlan0)
nat pass on $ext_if inet from $jail_nat_v4 to $not_jail_nat_v4 -> (linfi_host)
rdr pass on $not_ext_if proto {tcp, udp} from any to 10.215.1.1 port 53 -> 172.16.0.1 port 53
# Redirect jaeger ports to virtual machine.

1
ansible/roles/framework_laptop/files/wifi_us_modprobe.conf Normal file
View File

@@ -0,0 +1 @@
options cfg80211 ieee80211_regdom=US

2
ansible/roles/framework_laptop/tasks/linux.yaml
View File

@@ -30,6 +30,7 @@
- iwlwifi
- snd_hda_intel
- disable_sp5100_watchdog
- wifi_us
- name: Configure kernel command line
zfs:
@@ -95,4 +96,5 @@
package:
name:
- fw-ectool-git
- wireless-regdb
state: present

2
ansible/roles/jail/files/jails/dagger.conf
View File

@@ -6,6 +6,8 @@ dagger {
exec.prestart += "/usr/local/bin/jail_netgraph_bridge start cloak ${name} 192.168.1.0/24";
exec.poststop += "sleep 10; /usr/local/bin/jail_netgraph_bridge stop cloak ${name}";
devfs_ruleset = 15;
mount.devfs;
mount.fstab = "/etc/fstab.${name}";
exec.start += "/bin/sh /etc/rc";

7
ansible/roles/kubernetes/files/k8s_remove_finalizers_pipeline_runs Normal file
View File

@@ -0,0 +1,7 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
kubectl get pipelinerun --all-namespaces -o go-template='{{range .items}}{{.metadata.namespace}}/{{.metadata.name}}{{"\n"}}{{end}}' | while read p; do namespace=$(cut -d '/' -f 1 <<<"$p"); name=$(cut -d '/' -f 2 <<<"$p"); kubectl patch pipelinerun -n "$namespace" "$name" -p '{"metadata":{"finalizers":null}}' --type=merge; done

7
ansible/roles/linfi/defaults/main.yaml Normal file
View File

@@ -0,0 +1,7 @@
# linfi:
# enabled: true
# zfs_dataset: zroot/freebsd/current/vm/linfi
# zfs_mountpoint: /vm/linfi
# driver_blocklist: "if_iwm if_iwlwifi"
# pci_blocklist: "1/0/0"
# amd: true

239
ansible/roles/linfi/files/launch_linfi.bash Normal file
View File

@@ -0,0 +1,239 @@
#!/usr/local/bin/bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# Share a host directory to the guest via 9pfs.
#
# Inside the VM run:
# mount -t virtfs -o trans=virtio sharename /some/vm/path
# mount -t 9p -o cache=mmap -o msize=512000 sharename /mnt/9p
# mount -t 9p -o trans=virtio,cache=mmap,msize=512000 sharename /path/to/mountpoint
# bhyve_options="-s 28,virtio-9p,sharename=/"
# Enable Sound
# bhyve_options="-s 16,hda,play=/dev/dsp,rec=/dev/dsp"
# Example usage:
#
# doas bhyve_netgraph_bridge create-disk zdata/vm/poudriere /vm/poudriere 10
# doas bhyve_netgraph_bridge start poudriere zdata/vm/poudriere /vm/poudriere /vm/iso/FreeBSD-13.2-RELEASE-amd64-bootonly.iso
# doas bhyve_netgraph_bridge start poudriere zdata/vm/poudriere /vm/poudriere
: ${VERBOSE:="NO"} # or YES
: ${CPU_CORES:="1"}
: ${MEMORY:="1G"}
: ${NETWORK:="NAT"} # or RAW or BOTH
: ${IP_RANGE:="10.215.1.1/24"} # Ignored for RAW networks
: ${INTERFACE_NAME:="linfi_host"} # or the external interface like lagg0 for RAW networks
: ${BRIDGE_NAME:="bridge_$INTERFACE_NAME"} # or bridge_raw for RAW networks
: ${VNC_ENABLE:="NO"}
: ${VNC_LISTEN:="127.0.0.1:5900"}
: ${VNC_WIDTH:="1920"}
: ${VNC_HEIGHT:="1080"}
: ${PASSTHROUGH:="1/0/0"}
if [ "$VERBOSE" = "YES" ]; then
set -x
fi
############## Setup #########################
function cleanup {
for vm in "${vms[@]}"; do
log "Destroying bhyve vm $vm"
bhyvectl "--vm=$vm" --destroy
log "Destroyed bhyve vm $vm"
done
}
vms=()
for sig in EXIT; do
trap "set +e; sleep 10; cleanup" "$sig"
done
function die {
local status_code="$1"
shift
(>&2 echo "${@}")
exit "$status_code"
}
function log {
(>&2 echo "${@}")
}
############## Program #########################
function main {
local cmd="$1"
shift 1
if [ "$cmd" = "create-disk" ]; then
create_disk "${@}"
elif [ "$cmd" = "start" ]; then
start_vm "${@}"
else
die 1 "Unrecognized command $cmd"
fi
}
function create_disk {
local zfs_path="$1"
local mount_path="$2"
local gigabytes="$3"
zfs create -o "mountpoint=$mount_path" "$zfs_path"
cp /usr/local/share/edk2-bhyve/BHYVE_UEFI_VARS.fd "${mount_path}/"
tee "${mount_path}/settings" <<EOF
CPU_CORES="$CPU_CORES"
MEMORY="$MEMORY"
NETWORK="$NETWORK"
IP_RANGE="$IP_RANGE"
BRIDGE_NAME="$BRIDGE_NAME"
INTERFACE_NAME="$INTERFACE_NAME"
EOF
zfs create -s "-V${gigabytes}G" -o volmode=dev -o primarycache=metadata -o secondarycache=none -o volblocksize=64K "$zfs_path/disk0"
}
function start_vm {
local name="$1"
local zfs_path="$2"
local mount_path="$3"
local mount_cd="${4:-}"
if [ -e "${mount_path}/settings" ]; then
source "${mount_path}/settings"
fi
local additional_args=()
local host_interface_name="linfi_host"
local bridge_name="linfi_bridge"
assert_bridge "$host_interface_name" "$bridge_name"
local mac_address
mac_address=$(calculate_mac_address "$name")
local bridge_link_name
bridge_link_name=$(detect_available_link "${bridge_name}")
additional_args+=("-s" "2:0,virtio-net,netgraph,path=${bridge_name}:,peerhook=${bridge_link_name},mac=${mac_address}")
# -H release the CPU when guest issues HLT instruction. Otherwise 100% of core will be consumed.
# -s 3,ahci-cd,/vm/.iso/archlinux-2023.04.01-x86_64.iso \
# -s 29,fbuf,tcp=0.0.0.0:5900,w=1920,h=1080,wait \
# -s 29,fbuf,tcp=0.0.0.0:5900,w=1920,h=1080 \
# TODO: Look into using nmdm instead of stdio for serial console
if [ -n "$mount_cd" ]; then
additional_args+=("-s" "5,ahci-cd,$mount_cd")
fi
if [ "$VNC_ENABLE" = "YES" ]; then
additional_args+=("-s" "29,fbuf,tcp=$VNC_LISTEN,w=$VNC_WIDTH,h=$VNC_HEIGHT")
fi
vms+=("$name")
while true; do
set -x
set +e
bhyve \
-D \
-c sockets=1,cores=1,threads=1 \
-m "$MEMORY" \
-H \
-w \
-o 'rtc.use_localtime=false' \
-s 0,hostbridge \
-s "4,nvme,/dev/zvol/${zfs_path}/disk0" \
-S \
-s "7,passthru,${PASSTHROUGH}" \
-s 30,xhci,tablet \
-s 31,lpc -l com1,stdio \
-l "bootrom,/usr/local/share/uefi-firmware/BHYVE_UEFI.fd,${mount_path}/BHYVE_UEFI_VARS.fd" \
-U '08421734-875e-11ef-a0f3-f426796942c7' \
"${additional_args[@]}" \
"$name"
local exit_code=$?
set -e
set +x
if [ $exit_code -eq 0 ]; then
echo "Rebooting."
sleep 5
elif [ $exit_code -eq 1 ]; then
echo "Powered off."
break
elif [ $exit_code -eq 2 ]; then
echo "Halted."
break
elif [ $exit_code -eq 3 ]; then
echo "Triple fault."
break
elif [ $exit_code -eq 4 ]; then
echo "Exited due to an error."
break
fi
done
}
function detect_available_link {
local bridge_name="$1"
local linknum=1
while true; do
local link_name="link${linknum}"
if ! ng_exists "${bridge_name}:${link_name}"; then
echo "$link_name"
return
fi
linknum=$((linknum + 1))
if [ "$linknum" -gt 90 ]; then
(>&2 echo "No available links on bridge $bridge_name")
exit 1
fi
done
}
function assert_bridge {
local host_interface_name="$1"
local bridge_name="$2"
if ! ng_exists "${bridge_name}:"; then
ngctl -d -f - <<EOF
mkpeer . eiface hook ether
name .:hook $host_interface_name
EOF
ngctl -d -f - <<EOF
mkpeer ${host_interface_name}: bridge ether link0
name ${host_interface_name}:ether $bridge_name
EOF
ifconfig $(ngctl msg "${host_interface_name}:" getifname | grep Args | cut -d '"' -f 2) name "${host_interface_name}" 192.168.253.2/24 up
route add default 192.168.253.1
fi
}
function ng_exists {
ngctl status "${1}" >/dev/null 2>&1
}
function calculate_mac_address {
local name="$1"
local source
source=$(md5 -r -s "$name" | awk '{print $1}')
echo "06:${source:0:2}:${source:2:2}:${source:4:2}:${source:6:2}:${source:8:2}"
}
function find_available_port {
local start_port="$1"
local port="$start_port"
while true; do
sockstat -P tcp -p 443
port=$((port + 1))
done
}
function ngctlcat {
if [ "$VERBOSE" = "YES" ]; then
tee /dev/tty | ngctl -d -f -
else
ngctl -d -f -
fi
}
main "${@}"

1
ansible/roles/linfi/files/linfi_rc.conf Normal file
View File

@@ -0,0 +1 @@
linfi_enable="YES"

3
ansible/roles/linfi/meta/main.yaml Normal file
View File

@@ -0,0 +1,3 @@
dependencies:
- role: bhyve
when: 'os_flavor == "freebsd"'

55
ansible/roles/linfi/tasks/common.yaml Normal file
View File

@@ -0,0 +1,55 @@
# - name: Create directories
# file:
# name: "{{ item }}"
# state: directory
# mode: 0755
# owner: root
# group: wheel
# loop:
# - /foo/bar
# - name: Install scripts
# copy:
# src: "files/{{ item.src }}"
# dest: "{{ item.dest }}"
# mode: 0755
# owner: root
# group: wheel
# loop:
# - src: foo.bash
# dest: /usr/local/bin/foo
# - name: Install Configuration
# copy:
# src: "files/{{ item.src }}"
# dest: "{{ item.dest }}"
# mode: 0600
# owner: root
# group: wheel
# loop:
# - src: foo.conf
# dest: /usr/local/etc/foo.conf
# - name: Clone Source
# git:
# repo: "https://foo.bar/baz.git"
# dest: /foo/bar
# version: "v1.0.2"
# force: true
# diff: false
- import_tasks: tasks/freebsd.yaml
when: 'os_flavor == "freebsd"'
- import_tasks: tasks/linux.yaml
when: 'os_flavor == "linux"'
- include_tasks:
file: tasks/peruser.yaml
apply:
become: yes
become_user: "{{ initialize_user }}"
when: users is defined
loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
loop_control:
loop_var: initialize_user

50
ansible/roles/linfi/tasks/freebsd.yaml Normal file
View File

@@ -0,0 +1,50 @@
- name: Install loader.conf
template:
src: "templates/{{ item }}_loader.conf.j2"
dest: "/boot/loader.conf.d/{{ item }}.conf"
mode: 0644
owner: root
group: wheel
loop:
- linfi
- name: Install scripts
copy:
src: "files/{{ item.src }}"
dest: "{{ item.dest }}"
mode: 0755
owner: root
group: wheel
loop:
- src: launch_linfi.bash
dest: /usr/local/bin/launch_linfi
- name: Install rc script
template:
src: "templates/{{ item.src }}.j2"
dest: "/usr/local/etc/rc.d/{{ item.dest|default(item.src) }}"
owner: root
group: wheel
mode: 0755
loop:
- src: linfi
- name: Install service configuration
copy:
src: "files/{{ item }}_rc.conf"
dest: "/etc/rc.conf.d/{{ item }}"
mode: 0644
owner: root
group: wheel
loop:
- linfi
- name: Install service configuration
template:
src: "templates/{{ item }}_rc.conf.j2"
dest: "/etc/rc.conf.d/{{ item }}"
mode: 0644
owner: root
group: wheel
loop:
- devmatch

29
ansible/roles/linfi/tasks/linux.yaml Normal file
View File

@@ -0,0 +1,29 @@
# - name: Build aur packages
# register: buildaur
# become_user: "{{ build_user.name }}"
# command: "aurutils-sync --no-view {{ item }}"
# args:
# creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*"
# loop:
# - foo
# - name: Update cache
# when: buildaur.changed
# pacman:
# name: []
# state: present
# update_cache: true
# - name: Install packages
# package:
# name:
# - foo
# state: present
# - name: Enable services
# systemd:
# enabled: yes
# name: "{{ item }}"
# daemon_reload: yes
# loop:
# - foo.service

2
ansible/roles/linfi/tasks/main.yaml Normal file
View File

@@ -0,0 +1,2 @@
- import_tasks: tasks/common.yaml
when: linfi is defined and linfi.enabled

29
ansible/roles/linfi/tasks/peruser.yaml Normal file
View File

@@ -0,0 +1,29 @@
- include_role:
name: per_user
# - name: Create directories
# file:
# name: "{{ account_homedir.stdout }}/{{ item }}"
# state: directory
# mode: 0700
# owner: "{{ account_name.stdout }}"
# group: "{{ group_name.stdout }}"
# loop:
# - ".config/foo"
# - name: Copy files
# copy:
# src: "files/{{ item.src }}"
# dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
# mode: 0600
# owner: "{{ account_name.stdout }}"
# group: "{{ group_name.stdout }}"
# loop:
# - src: foo.conf
# dest: .config/foo/foo.conf
- import_tasks: tasks/peruser_freebsd.yaml
when: 'os_flavor == "freebsd"'
- import_tasks: tasks/peruser_linux.yaml
when: 'os_flavor == "linux"'

0
ansible/roles/linfi/tasks/peruser_freebsd.yaml Normal file
View File

0
ansible/roles/linfi/tasks/peruser_linux.yaml Normal file
View File

2
ansible/roles/linfi/templates/devmatch_rc.conf.j2 Normal file
View File

@@ -0,0 +1,2 @@
devmatch_enable="YES"
devmatch_blocklist="{{ linfi.driver_blocklist }}"

46
ansible/roles/linfi/templates/linfi.j2 Normal file
View File

@@ -0,0 +1,46 @@
#!/bin/sh
#
# PROVIDE: linfi
# REQUIRE: LOGIN
# KEYWORD: shutdown nojail
. /etc/rc.subr
name=linfi
rcvar=${name}_enable
start_cmd="${name}_start"
stop_cmd="${name}_stop"
status_cmd="${name}_status"
load_rc_config $name
tmux_name="linfi"
linfi_start() {
/usr/local/bin/tmux new-session -d -s "$tmux_name" "/usr/bin/env PASSTHROUGH='{{ linfi.pci_blocklist }}' /usr/local/bin/bash /usr/local/bin/launch_linfi start linfi {{ linfi.zfs_dataset }} {{ linfi.zfs_mountpoint }}"
# /vm/.iso/alpine-extended-3.20.3-x86_64.iso
}
linfi_status() {
if /usr/local/bin/tmux has-session -t $tmux_name 2>/dev/null; then
echo "$tmux_name is running."
else
echo "$tmux_name is not running."
return 1
fi
}
linfi_stop() {
/usr/local/bin/tmux has-session -t $tmux_name 2>/dev/null && (
/usr/local/bin/tmux kill-session -t $tmux_name
sleep 10
bhyvectl --vm=linfi --destroy
# kill `cat /var/run/linfi.pid`
)
linfi_wait_for_end
}
linfi_wait_for_end() {
while /usr/local/bin/tmux has-session -t $tmux_name 2>dev/null; do
sleep 1
done
}
run_rc_command "$1"

5
ansible/roles/linfi/templates/linfi_loader.conf.j2 Normal file
View File

@@ -0,0 +1,5 @@
vmm_load="YES"
pptdevs="{{ linfi.pci_blocklist }}"
{% if linfi.amd %}
hw.vmm.amdvi.enable="1"
{% endif %}

362
ansible/roles/media/files/cast_file_vaapi
View File

@@ -4,7 +4,23 @@ set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: ${VIDEO_BITRATE:="1M"} # Only for encoding modes targeting bitrate
: ${AUDIO_BITRATE:="192k"}
############## Setup #########################
function die {
local status_code="$1"
shift
(>&2 echo "${@}")
exit "$status_code"
}
function log {
(>&2 echo "${@}")
}
############## Program #########################
function main {
local cmd
@@ -12,28 +28,10 @@ function main {
shift
if [ "$cmd" = "copy" ]; then
copy "${@}"
elif [ "$cmd" = "av1" ]; then
av1 "${@}"
elif [ "$cmd" = "stream_software_h264" ]; then
stream_software_h264 "${@}"
elif [ "$cmd" = "stream_hardware_h264" ]; then
stream_hardware_h264 "${@}"
elif [ "$cmd" = "preprocess_software_h264" ]; then
preprocess_software_h264 "${@}"
elif [ "$cmd" = "preprocess_hardware_h264" ]; then
preprocess_hardware_h264 "${@}"
elif [ "$cmd" = "vp9" ]; then
vp9 "${@}"
elif [ "$cmd" = "preprocess_hardware_vp9" ]; then
preprocess_hardware_vp9 "${@}"
elif [ "$cmd" = "vp8" ]; then
vp8 "${@}"
elif [ "$cmd" = "software_vp8" ]; then
software_vp8 "${@}"
elif [ "$cmd" = "preprocess_h264" ]; then
preprocess_h264 "${@}"
elif [ "$cmd" = "preprocess_vp8" ]; then
preprocess_vp8 "${@}"
elif [ "$cmd" = "convert" ]; then
convert "${@}"
elif [ "$cmd" = "stream" ]; then
stream "${@}"
elif [ "$cmd" = "webcam" ]; then
webcam "${@}"
elif [ "$cmd" = "encode_webcam" ]; then
@@ -64,286 +62,106 @@ function copy {
"rtsp://$USERNAME:$PASSWORD@172.16.16.251:8554/fetch"
}
function av1 {
# local additional_flags=()
# additional_flags+=(--profile "$PROFILE")
# (cd "$DIR/../" && cargo build --no-default-features "${additional_flags[@]}")
local destination_type="$1" # "stream" or "preprocess"
local acceleration_type="$2" # "software" or "hardware"
# shift 2
function convert {
local args=()
local acceleration_type="$1" # "software" or "hardware"
local codec="$2" # "h264" or "av1"
local file_to_cast="$3"
local file_to_save="$4"
if [ "$destination_type" == "stream" ]; then
args+=(-re -stream_loop -1)
elif [ "$destination_type" == "preproces" ]; then
# Verify parameters
if [ "$acceleration_type" == "software" ]; then
true
elif [ "$acceleration_type" == "hardware" ]; then
true
else
(>&2 echo "Unknown destination type: $destination_type")
exit 1
die 1 "Unknown acceleration type: $acceleration_type"
fi
if [ "$codec" == "h264" ]; then
true
elif [ "$codec" == "av1" ]; then
true
else
die 1 "Unknown codec: $codec"
fi
# Build command
if [ "$acceleration_type" == "software" ]; then
true
elif [ "$acceleration_type" == "hardware" ]; then
args+=(-vaapi_device /dev/dri/renderD128)
else
(>&2 echo "Unknown acceleration type: $acceleration_type")
exit 1
fi
args+=(-i "$file_to_cast")
if [ "$codec" == "h264" ]; then
if [ "$acceleration_type" == "software" ]; then
args+=(-c:v h264)
args+=(-profile:v high)
args+=(-b:v "$VIDEO_BITRATE")
elif [ "$acceleration_type" == "hardware" ]; then
args+=(-vf 'format=nv12|vaapi,hwupload')
args+=(-c:v h264_vaapi)
else
(>&2 echo "Unknown acceleration type: $acceleration_type")
exit 1
args+=(-profile:v high)
args+=(-b:v "$VIDEO_BITRATE")
fi
elif [ "$codec" == "av1" ]; then
if [ "$acceleration_type" == "software" ]; then
args+=(-c:v libsvtav1)
args+=(-preset 4) # [0-13] default 10, lower = higher quality / slower encode
args+=(-crf 20) # [0-63] default 35, lower = higher quality / larger file
# Parameters: https://gitlab.com/AOMediaCodec/SVT-AV1/-/blob/master/Docs/Parameters.md
# fast-decode [0-2] default 0 (off), higher = faster decode
# tune [0-2] default 1, Specifies whether to use PSNR or VQ as the tuning metric [0 = VQ, 1 = PSNR, 2 = SSIM]
# film-grain-denoise, setting to 0 uses the original frames instead of denoising the film grain
args+=(-svtav1-params "fast-decode=1:film-grain-denoise=0")
elif [ "$acceleration_type" == "hardware" ]; then
# -c:v av1_amf -quality quality
args+=(-vf 'format=nv12|vaapi,hwupload')
args+=(-c:v av1_vaapi)
args+=(-b:v "$VIDEO_BITRATE")
fi
fi
args+=(-b:v 2M)
args+=(-profile:v high)
# -bf 0 :: Disable b-frames because webrtc doesn't support h264 streams with b-frames.
args+=(-bf 0)
args+=(-strict -2)
args+=(-c:a opus)
args+=(-ac 2)
args+=(-b:a 320k)
args+=(-b:a "$AUDIO_BITRATE")
args+=(-ar 48000)
args+=("$file_to_save")
set -x
</dev/null exec ffmpeg "${args[@]}"
}
function stream {
local args=()
local acceleration_type="$1" # "software" or "hardware"
local codec="$2" # "h264" or "av1"
local USERNAME="$3"
local PASSWORD="$4"
local file_to_cast="$5"
args+=(-re -stream_loop -1)
if [ "$destination_type" == "stream" ]; then
args+=(-f rtsp)
args+=(-rtsp_transport tcp)
args+=("rtsp://$USERNAME:$PASSWORD@172.16.16.251:8554/fetch")
elif [ "$destination_type" == "preproces" ]; then
args+=("$file_to_save")
else
(>&2 echo "Unknown destination type: $destination_type")
exit 1
fi
}
function stream_software_h264 {
local file_to_cast
file_to_cast="$3"
local USERNAME PASSWORD
USERNAME="$1"
PASSWORD="$2"
set -x
# -bf 0 :: Disable b-frames because webrtc doesn't support h264 streams with b-frames.
</dev/null exec ffmpeg \
-re \
-stream_loop -1 \
-i "$file_to_cast" \
-c:v h264 \
-b:v 2M \
-profile:v high \
-bf 0 \
-strict -2 \
-c:a opus \
-ac 2 \
-b:a 320k \
-ar 48000 \
-f rtsp \
-rtsp_transport tcp \
"rtsp://$USERNAME:$PASSWORD@172.16.16.251:8554/fetch"
}
function stream_hardware_h264 {
local file_to_cast
file_to_cast="$3"
local USERNAME PASSWORD
USERNAME="$1"
PASSWORD="$2"
set -x
# -bf 0 :: Disable b-frames because webrtc doesn't support h264 streams with b-frames.
</dev/null exec ffmpeg \
-re \
-stream_loop -1 \
-vaapi_device /dev/dri/renderD128 \
-i "$file_to_cast" \
-vf 'format=nv12|vaapi,hwupload' \
-c:v h264_vaapi \
-b:v 2M \
-profile:v high \
-bf 0 \
-strict -2 \
-c:a opus \
-ac 2 \
-b:a 320k \
-ar 48000 \
-f rtsp \
-rtsp_transport tcp \
"rtsp://$USERNAME:$PASSWORD@172.16.16.251:8554/fetch"
}
function preprocess_software_h264 {
local file_to_cast file_to_save
file_to_cast="$1"
file_to_save="$2"
set -x
# -bf 0 :: Disable b-frames because webrtc doesn't support h264 streams with b-frames.
</dev/null exec ffmpeg \
-i "$file_to_cast" \
-c:v h264 \
-b:v 2M \
-profile:v high \
-bf 0 \
-strict -2 \
-c:a opus \
-ac 2 \
-b:a 320k \
-ar 48000 \
"$file_to_save"
}
function preprocess_hardware_h264 {
local file_to_cast file_to_save
file_to_cast="$1"
file_to_save="$2"
set -x
# -bf 0 :: Disable b-frames because webrtc doesn't support h264 streams with b-frames.
</dev/null exec ffmpeg \
-vaapi_device /dev/dri/renderD128 \
-i "$file_to_cast" \
-vf 'format=nv12,hwupload' \
-c:v h264_vaapi \
-b:v 2M \
-profile:v high \
-bf 0 \
-strict -2 \
-c:a opus \
-ac 2 \
-b:a 320k \
-ar 48000 \
"$file_to_save"
}
function vp9 {
local file_to_cast
file_to_cast="$3"
local USERNAME PASSWORD
USERNAME="$1"
PASSWORD="$2"
set -x
# -bf 0 :: Disable b-frames because webrtc doesn't support h264 streams with b-frames.
</dev/null exec ffmpeg \
-re \
-stream_loop -1 \
-init_hw_device vaapi=foo:/dev/dri/renderD128 \
-hwaccel vaapi \
-hwaccel_output_format vaapi \
-hwaccel_device foo \
-i "$file_to_cast" \
-filter_hw_device foo \
-vf 'format=nv12|vaapi,hwupload' \
-c:v vp9_vaapi \
-bf 0 \
-strict -2 \
-c:a opus \
-b:a 320k \
-ar 48000 \
-f rtsp \
-rtsp_transport tcp \
"rtsp://$USERNAME:$PASSWORD@172.16.16.251:8554/fetch"
}
function preprocess_hardware_vp9 {
local file_to_cast file_to_save
file_to_cast="$1"
file_to_save="$2"
set -x
# -bf 0 :: Disable b-frames because webrtc doesn't support h264 streams with b-frames.
</dev/null exec ffmpeg \
-init_hw_device vaapi=foo:/dev/dri/renderD128 \
-hwaccel vaapi \
-hwaccel_output_format vaapi \
-hwaccel_device foo \
-i "$file_to_cast" \
-filter_hw_device foo \
-vf 'format=nv12|vaapi,hwupload' \
-c:v vp9_vaapi \
-bf 0 \
-strict -2 \
-c:a opus \
-b:a 320k \
-ar 48000 \
"$file_to_save"
}
function software_vp8 {
local USERNAME PASSWORD
USERNAME="$1"
PASSWORD="$2"
local file_to_cast
file_to_cast="$3"
set -x
# -bf 0 :: Disable b-frames because webrtc doesn't support h264 streams with b-frames.
# -strict -2 :: Enable support for experimental codecs like opus.
# -b:v 2M :: Target 2 megabit/s
# -crf 10 :: Target a quality level and adjust bitrate accordingly. This should be preferred, but ideally both should be used.
</dev/null exec ffmpeg \
-re \
-stream_loop -1 \
-i "$file_to_cast" \
-c:v vp8 \
-b:v 2M \
-crf 10 \
-bf 0 \
-c:a opus \
-b:a 320k \
-ar 48000 \
-strict -2 \
-f rtsp \
-rtsp_transport tcp \
"rtsp://$USERNAME:$PASSWORD@172.16.16.251:8554/fetch"
}
function preprocess_vp8 {
local file_to_cast file_to_save
file_to_cast="$1"
file_to_save="$2"
set -x
# -bf 0 :: Disable b-frames because webrtc doesn't support h264 streams with b-frames.
# -strict -2 :: Enable support for experimental codecs like opus.
# -b:v 2M :: Target 2 megabit/s
# -crf 10 :: Target a quality level and adjust bitrate accordingly. This should be preferred, but ideally both should be used.
</dev/null exec ffmpeg \
-i "$file_to_cast" \
-c:v vp8 \
-b:v 2M \
-crf 10 \
-bf 0 \
-c:a opus \
-b:a 320k \
-ar 48000 \
-strict -2 \
"$file_to_save"
}
function webcam {

2
ansible/roles/media/tasks/linux.yaml
View File

@@ -1,3 +1,5 @@
# Maybe install https://github.com/alexheretic/ab-av1 to find good crf values for encoding
- name: Build aur packages
register: buildaur
become_user: "{{ build_user.name }}"

8
ansible/roles/network/files/homeserver_network.conf
View File

@@ -1,4 +1,4 @@
wlans_ath0="wlan0"
ifconfig_wlan0="WPA DHCP"
ifconfig_wlan0_ipv6="inet6 accept_rtadv"
ipv6_cpe_wanif="wlan0"
# wlans_ath0="wlan0"
# ifconfig_wlan0="WPA DHCP"
# ifconfig_wlan0_ipv6="inet6 accept_rtadv"
# ipv6_cpe_wanif="wlan0"

3
ansible/roles/network/files/main.conf
View File

@@ -1,3 +1,6 @@
[General]
EnableNetworkConfiguration=true
# AddressRandomization=network
# Needed for Qualcomm WCN785x
ControlPortOverNL80211=false

7
ansible/roles/network/files/next_hop_freebsd.bash Normal file
View File

@@ -0,0 +1,7 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
exec route get "${@}"

7
ansible/roles/network/files/next_hop_linux.bash Normal file
View File

@@ -0,0 +1,7 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
exec ip route get "${@}"

8
ansible/roles/network/files/odofreebsd_network.conf
View File

@@ -1,4 +1,4 @@
wlans_iwlwifi0="wlan0"
ifconfig_wlan0="WPA DHCP"
ifconfig_wlan0_ipv6="inet6 accept_rtadv"
ipv6_cpe_wanif="wlan0"
# wlans_iwlwifi0="wlan0"
# ifconfig_wlan0="WPA DHCP"
# ifconfig_wlan0_ipv6="inet6 accept_rtadv"
# ipv6_cpe_wanif="wlan0"

11
ansible/roles/network/tasks/freebsd.yaml
View File

@@ -75,3 +75,14 @@
file:
path: "/etc/rc.conf.d/ip6addrctl"
state: absent
- name: Install scripts
copy:
src: "files/{{ item.src }}"
dest: "{{ item.dest }}"
mode: 0755
owner: root
group: wheel
loop:
- src: next_hop_freebsd.bash
dest: /usr/local/bin/next_hop

11
ansible/roles/network/tasks/linux.yaml
View File

@@ -58,3 +58,14 @@
- iwd.service
# - systemd-networkd.service
- systemd-resolved.service
- name: Install scripts
copy:
src: "files/{{ item.src }}"
dest: "{{ item.dest }}"
mode: 0755
owner: root
group: wheel
loop:
- src: next_hop_linux.bash
dest: /usr/local/bin/next_hop

55
ansible/roles/nix/tasks/common.yaml Normal file
View File

@@ -0,0 +1,55 @@
# - name: Create directories
# file:
# name: "{{ item }}"
# state: directory
# mode: 0755
# owner: root
# group: wheel
# loop:
# - /foo/bar
# - name: Install scripts
# copy:
# src: "files/{{ item.src }}"
# dest: "{{ item.dest }}"
# mode: 0755
# owner: root
# group: wheel
# loop:
# - src: foo.bash
# dest: /usr/local/bin/foo
# - name: Install Configuration
# copy:
# src: "files/{{ item.src }}"
# dest: "{{ item.dest }}"
# mode: 0600
# owner: root
# group: wheel
# loop:
# - src: foo.conf
# dest: /usr/local/etc/foo.conf
# - name: Clone Source
# git:
# repo: "https://foo.bar/baz.git"
# dest: /foo/bar
# version: "v1.0.2"
# force: true
# diff: false
- import_tasks: tasks/freebsd.yaml
when: 'os_flavor == "freebsd"'
- import_tasks: tasks/linux.yaml
when: 'os_flavor == "linux"'
- include_tasks:
file: tasks/peruser.yaml
apply:
become: yes
become_user: "{{ initialize_user }}"
when: users is defined
loop: "{{ users | dict2items | community.general.json_query('[?value.initialize==`true`].key') }}"
loop_control:
loop_var: initialize_user

5
ansible/roles/nix/tasks/freebsd.yaml Normal file
View File

@@ -0,0 +1,5 @@
# - name: Install packages
# package:
# name:
# - foo
# state: present

21
ansible/roles/nix/tasks/linux.yaml Normal file
View File

@@ -0,0 +1,21 @@
# - name: Build aur packages
# register: buildaur
# become_user: "{{ build_user.name }}"
# command: "aurutils-sync --no-view {{ item }}"
# args:
# creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*"
# loop:
# - nixd
# - name: Update cache
# when: buildaur.changed
# pacman:
# name: []
# state: present
# update_cache: true
# - name: Install packages
# package:
# name:
# - nixd
# state: present

2
ansible/roles/nix/tasks/main.yaml Normal file
View File

@@ -0,0 +1,2 @@
- import_tasks: tasks/common.yaml
# when: foo is defined

29
ansible/roles/nix/tasks/peruser.yaml Normal file
View File

@@ -0,0 +1,29 @@
- include_role:
name: per_user
# - name: Create directories
# file:
# name: "{{ account_homedir.stdout }}/{{ item }}"
# state: directory
# mode: 0700
# owner: "{{ account_name.stdout }}"
# group: "{{ group_name.stdout }}"
# loop:
# - ".config/foo"
# - name: Copy files
# copy:
# src: "files/{{ item.src }}"
# dest: "{{ account_homedir.stdout }}/{{ item.dest }}"
# mode: 0600
# owner: "{{ account_name.stdout }}"
# group: "{{ group_name.stdout }}"
# loop:
# - src: foo.conf
# dest: .config/foo/foo.conf
- import_tasks: tasks/peruser_freebsd.yaml
when: 'os_flavor == "freebsd"'
- import_tasks: tasks/peruser_linux.yaml
when: 'os_flavor == "linux"'

0
ansible/roles/nix/tasks/peruser_freebsd.yaml Normal file
View File

0
ansible/roles/nix/tasks/peruser_linux.yaml Normal file
View File

3
ansible/roles/portshaker/files/freebsd
View File

@@ -5,6 +5,7 @@ if [ "$1" != '--' ]; then
fi
shift
method="git"
git_clone_uri="https://git.FreeBSD.org/ports.git"
git_clone_uri="https://code.fizz.buzz/mirror/freebsd-ports.git"
# git_clone_uri="https://git.FreeBSD.org/ports.git"
git_branch="main"
run_portshaker_command $*

4
ansible/roles/portshaker/files/portshaker.conf
View File

@@ -5,5 +5,5 @@ mirror_base_dir="/var/cache/portshaker"
ports_trees="main"
main_ports_tree="/usr/local/portshaker/trees/main"
# main_merge_from="freebsd myrepo"
main_merge_from="freebsd"
main_merge_from="freebsd myrepo"
# main_merge_from="freebsd"

2
ansible/roles/poudriere/files/poudriere.d/14broadwell-default-computer-make.conf
View File

@@ -2,7 +2,7 @@ CPUTYPE?=broadwell
# CPU optimizations for go
.if ${.CURDIR:M*/lang/go*}
OPTIONS_SET+=V2
OPTIONS_UNSET+=V1
OPTIONS_SET+=V3
.endif

4
ansible/roles/poudriere/files/poudriere.d/currentznver4-default-framework-make.conf
View File

@@ -9,8 +9,7 @@ CPUTYPE?=znver4
# CPU optimizations for go
.if ${.CURDIR:M*/lang/go*}
OPTIONS_SET+=V2
OPTIONS_SET+=V3
OPTIONS_UNSET+=V1
OPTIONS_SET+=V4
.endif
@@ -34,6 +33,7 @@ OPTIONS_SET+=STATIC LTO
.if ${.CURDIR:M*/editors/emacs*}
OPTIONS_SET+=NATIVECOMP PGTK
OPTIONS_UNSET+=XPM
.endif
.if ${.CURDIR:M*/www/firefox*}

2
ansible/roles/poudriere/files/poudriere.d/currentznver4-default-framework-pkglist
View File

@@ -1,3 +1,4 @@
#sysutils/kubeswitch
accessibility/wlsunset
archivers/unrar
archivers/unzip
@@ -104,6 +105,7 @@ sysutils/pv
sysutils/radeontop
sysutils/rust-coreutils
sysutils/shuf
sysutils/stern
sysutils/terraform
sysutils/tmux
sysutils/tree

17
ansible/roles/sftp/tasks/common.yaml
View File

@@ -64,6 +64,23 @@
# force: true
# diff: false
- name: Create directories
file:
name: "{{ item }}"
state: directory
mode: 0700
owner: nochainstounlock
group: nochainstounlock
loop:
- /home/nochainstounlock/.ssh
- name: Set authorized keys
authorized_key:
user: nochainstounlock
key: |
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMrjXsXjtxEm47XnRZfo67kJULoc0NBLrB0lPYFiS2Ar kodi@neelix
exclusive: true
- import_tasks: tasks/freebsd.yaml
when: 'os_flavor == "freebsd"'

3
ansible/roles/sway/files/config
View File

@@ -21,6 +21,9 @@ set $term alacritty
# set $menu dmenu_path | dmenu | xargs swaymsg exec
set $menu wofi --show drun --gtk-dark
# Do not show a title bar on windows
default_border pixel 2
bindsym $mod+grave exec $term
include ~/.config/sway/config.d/*.conf

6
ansible/roles/sway/files/sway_config_files/screenshots.conf
View File

@@ -3,7 +3,7 @@
bindsym $mod+print exec slurp | grim -g - "$HOME/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"
bindsym print exec grim "$HOME/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"
# Maybe add --audio flag? can optionally specify specific device name from `pactl list sources | grep Name`
bindsym $mod+Shift+print exec wl-screenrec -g "$(slurp)" -f "$HOME/$(date +'screencast_%Y-%m-%d-%H%M%S.mkv')"
bindsym Shift+print exec wl-screenrec -f "$HOME/$(date +'screencast_%Y-%m-%d-%H%M%S.mkv')"
bindsym $mod+ctrl+Shift+print exec killall -SIGINT wl-sceenrec
bindsym $mod+Shift+print exec wl-screenrec -g "$(slurp)" --codec av1 -f "$HOME/$(date +'screencast_%Y-%m-%d-%H%M%S.mkv')"
bindsym Shift+print exec wl-screenrec --codec av1 -f "$HOME/$(date +'screencast_%Y-%m-%d-%H%M%S.mkv')"
bindsym $mod+ctrl+Shift+print exec pkill -SIGINT wl-screenrec
# Need to make a hotkey to end the recording

5
ansible/roles/waybar/files/style.css
View File

@@ -149,6 +149,11 @@ tooltip {
padding-bottom: 2px;
}
#window {
padding-left: 10px;
padding-right: 10px;
}
#network {
/* No styles */
}

4
ansible/roles/waybar/files/waybar_config.json
View File

@@ -1,6 +1,7 @@
{
// "height": 10, // Waybar height (to be removed for auto height)
"modules-left": ["sway/workspaces", "sway/mode"],
"modules-center": ["sway/window"],
"modules-right": ["custom/night_mode", "custom/temperature", "custom/sound", "custom/available_memory", "custom/battery", "idle_inhibitor", "custom/clock", "tray"],
"sway/workspaces": {
"disable-scroll": true
@@ -8,6 +9,9 @@
"sway/mode": {
"format": "<span style=\"italic\">{}</span>"
},
"sway/window": {
"format": "{title}"
},
"idle_inhibitor": {
"format": "{icon}",
"format-icons": {

4
ansible/roles/waybar/files/waybar_scripts/waybar_night_mode.bash
View File

@@ -8,7 +8,7 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
SLEEP_INTERVAL=${SLEEP_INTERVAL:-30}
# ◓◒●◌◎
# 🟠🟡🟢🟣🟤
# 🔴🔵🟠🟡🟢🟣🟤
# 🟥🟦🟧🟨🟩🟪🟫
# ☀☯⭐🌝🌞⏾
# 🌑🌓🌗🌕
@@ -42,7 +42,7 @@ function main {
local night_mode_icon night_mode_text night_mode_class
night_mode_mode="auto"
night_mode_class=""
wlsunset -l 40.7 -L -74.0 &
wlsunset -S 07:00 -s 22:00 &
wlsunset_pid=$!
while true; do

7
ansible/roles/zfs/tasks/linux.yaml
View File

@@ -1,7 +1,8 @@
- name: Install packages
package:
name:
- linux-lts-headers
# - linux-lts-headers
- linux-headers
state: present
- name: Check trusted gpg keys
@@ -26,7 +27,7 @@
args:
creates: "/var/cache/pacman/custom/{{ item }}-*.pkg.tar.*"
loop:
- zfs-dkms
- zfs-dkms-git
- zfs-utils
- name: Update cache
@@ -39,7 +40,7 @@
- name: Install packages
package:
name:
- zfs-dkms
- zfs-dkms-git
- zfs-utils
state: present

1
nix/configuration/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
result

291
nix/configuration/configuration.nix Normal file
View File

@@ -0,0 +1,291 @@
{
config,
lib,
pkgs,
home-manager,
...
}:
{
imports = [
./roles/2ship2harkinian
./roles/alacritty
./roles/ansible
./roles/ares
./roles/bluetooth
./roles/boot
./roles/chromecast
./roles/chromium
./roles/distributed_build
./roles/docker
./roles/ecc
./roles/emacs
./roles/firefox
./roles/firewall
./roles/flux
./roles/fonts
./roles/gcloud
./roles/git
./roles/global_options
./roles/gnuplot
./roles/gpg
./roles/graphics
./roles/hydra
./roles/iso
./roles/iso_mount
./roles/kanshi
./roles/kodi
./roles/kubernetes
./roles/latex
./roles/launch_keyboard
./roles/lvfs
./roles/media
./roles/memtest86
./roles/network
./roles/nix_index
./roles/nix_worker
./roles/nvme
./roles/optimized_build
./roles/pcsx2
./roles/python
./roles/qemu
./roles/reset
./roles/rpcs3
./roles/rust
./roles/shikane
./roles/shipwright
./roles/sm64ex
./roles/sops
./roles/sound
./roles/ssh
./roles/steam
./roles/steam_run_free
./roles/sway
./roles/tekton
./roles/terraform
./roles/thunderbolt
./roles/vnc_client
./roles/vscode
./roles/wasm
./roles/waybar
./roles/wireguard
./roles/zfs
./roles/zrepl
./roles/zsh
./util/install_files
./util/unfree_polyfill
];
me.install.user.talexander.file."/home/talexander/flake.nix" = {
source = ./flake.nix;
};
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings.trusted-users = [ "@wheel" ];
# boot.kernelPackages = pkgs.linuxPackages_6_11;
hardware.enableRedistributableFirmware = true;
# Use nixos-rebuild-ng
# system.rebuild.enableNg = true;
# Keep outputs so we can build offline.
nix.extraOptions = ''
keep-outputs = true
keep-derivations = true
'';
# Technically only needed when building the ISO because nix detects ZFS in the filesystem list normally. I basically always want this so I'm just setting it to always be on.
boot.supportedFilesystems.zfs = true;
# TODO: Is this different from boot.supportedFilesystems = [ "zfs" ]; ?
services.getty = {
autologinUser = "talexander"; # I use full disk encryption so the user password is irrelevant.
autologinOnce = true;
};
users.mutableUsers = false;
users.users.talexander = {
isNormalUser = true;
createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481
group = "talexander";
extraGroups = [ "wheel" ];
uid = 11235;
packages = with pkgs; [
tree
];
# Generate with `mkpasswd -m scrypt`
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
];
};
users.groups.talexander.gid = 11235;
home-manager.users.talexander =
{ pkgs, ... }:
{
# The state version is required and should stay at the version you
# originally installed.
home.stateVersion = "24.11";
};
home-manager.users.root =
{ pkgs, ... }:
{
# The state version is required and should stay at the version you
# originally installed.
home.stateVersion = "24.11";
};
# Automatic garbage collection
nix.gc = lib.mkIf (!config.me.buildingIso) {
# Runs nix-collect-garbage --delete-older-than 5d
automatic = true;
randomizedDelaySec = "14m";
options = "--delete-older-than 30d";
};
nix.settings.auto-optimise-store = !config.me.buildingIso;
# Use doas instead of sudo
security.doas.enable = true;
security.doas.wheelNeedsPassword = false;
security.sudo.enable = false;
security.doas.extraRules = [
{
# Retain environment (for example NIX_PATH)
keepEnv = true;
persist = true; # Only ask for a password the first time.
}
];
environment.systemPackages = with pkgs; [
wget
mg
rsync
libinput
htop
tmux
file
usbutils # for lsusb
pciutils # for lspci
ripgrep
strace
ltrace
trace-cmd # ftrace
tcpdump
git-crypt
gnumake
ncdu
nix-tree
libarchive # bsdtar
lsof
doas-sudo-shim # To support --use-remote-sudo for remote builds
dmidecode # Read SMBIOS information.
ipcalc
gptfdisk # for cgdisk
nix-output-monitor # For better view into nixos-rebuild
nix-serve-ng # Serve nix store over http
];
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
hostKeys = [
{
path = "/persist/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
{
path = "/persist/ssh/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}
];
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
"/var/lib/iwd" # Wifi settings
"/var/lib/nixos" # Contains user information (uids/gids)
"/var/lib/systemd" # Systemd state directory for random seed, persistent timers, core dumps, persist hardware state like backlight and rfkill
"/var/log/journal" # Logs, alternatively set `services.journald.storage = "volatile";` to write to /run/log/journal
];
files = [
"/etc/machine-id" # Systemd unique machine id "otherwise, the system journal may fail to list earlier boots, etc"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
];
users.talexander = {
directories = [
{
directory = "persist";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
# Write a list of the currently installed packages to /etc/current-system-packages
environment.etc."current-system-packages".text =
let
packages = builtins.map (p: "${p.name}") config.environment.systemPackages;
sortedUnique = builtins.sort builtins.lessThan (lib.unique packages);
formatted = builtins.concatStringsSep "\n" sortedUnique;
in
formatted;
# environment.etc."system-packages-with-source".text = builtins.concatStringsSep "\n\n" (
# builtins.map (
# x: x.file + "\n" + builtins.concatStringsSep "\n" (builtins.map (s: " " + s) x.value)
# ) config.environment.systemPackages.definitionsWithLocations
# );
# nixpkgs.overlays = [
# (final: prev: {
# nix = pkgs-unstable.nix;
# })
# ];
# nixpkgs.overlays = [
# (final: prev: {
# foot = throw "foo";
# })
# ];
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
}

386
nix/configuration/flake.lock generated Normal file
View File

@@ -0,0 +1,386 @@
{
"nodes": {
"ansible-sshjail": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"path": "flakes/ansible-sshjail",
"type": "path"
},
"original": {
"path": "flakes/ansible-sshjail",
"type": "path"
},
"parent": []
},
"crane": {
"locked": {
"lastModified": 1731098351,
"narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=",
"owner": "ipetkov",
"repo": "crane",
"rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1746729224,
"narHash": "sha256-9R4sOLAK1w3Bq54H3XOJogdc7a6C2bLLmatOQ+5pf5w=",
"owner": "nix-community",
"repo": "disko",
"rev": "85555d27ded84604ad6657ecca255a03fd878607",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1730504689,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"pre-commit-hooks-nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1746981801,
"narHash": "sha256-+Bfr0KqZV6gZdA7e2kupeoawozaLIHLuiPtC54uxbFc=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "ff915842e4a2e63c4c8c5c08c6870b9d5b3c3ee9",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": {
"locked": {
"lastModified": 1737831083,
"narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "impermanence",
"type": "github"
}
},
"lanzaboote": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks-nix": "pre-commit-hooks-nix",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1737639419,
"narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "a65905a09e2c43ff63be8c0e86a93712361f871e",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "v0.4.2",
"repo": "lanzaboote",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1746663147,
"narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-b93b4e9b5": {
"locked": {
"lastModified": 1713721570,
"narHash": "sha256-R0s+O5UjTePQRb72XPgtkTmEiOOW8n+1q9Gxt/OJnKU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b93b4e9b527904aadf52dba6ca35efde2067cbd4",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b93b4e9b527904aadf52dba6ca35efde2067cbd4",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1730741070,
"narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unoptimized": {
"locked": {
"lastModified": 1746663147,
"narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"pre-commit-hooks-nix": {
"inputs": {
"flake-compat": [
"lanzaboote",
"flake-compat"
],
"gitignore": "gitignore",
"nixpkgs": [
"lanzaboote",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1731363552,
"narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": {
"inputs": {
"ansible-sshjail": "ansible-sshjail",
"disko": "disko",
"home-manager": "home-manager",
"impermanence": "impermanence",
"lanzaboote": "lanzaboote",
"nixpkgs": "nixpkgs",
"nixpkgs-b93b4e9b5": "nixpkgs-b93b4e9b5",
"nixpkgs-unoptimized": "nixpkgs-unoptimized",
"zsh-histdb": "zsh-histdb"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1731897198,
"narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "0be641045af6d8666c11c2c40e45ffc9667839b5",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"zsh-histdb": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"path": "flakes/zsh-histdb",
"type": "path"
},
"original": {
"path": "flakes/zsh-histdb",
"type": "path"
},
"parent": []
}
},
"root": "root",
"version": 7
}

272
nix/configuration/flake.nix Normal file
View File

@@ -0,0 +1,272 @@
# Build ISO image
# nix build --extra-experimental-features nix-command --extra-experimental-features flakes .#iso.odo
# output: result/iso/nixos.iso
# Run the ISO image
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \
# -accel kvm \
# -cpu host \
# -smp cores=8 \
# -m 32768 \
# -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" \
# -drive if=pflash,format=raw,file="/tmp/OVMF_VARS.fd" \
# -nic user,hostfwd=tcp::60022-:22 \
# -boot order=d \
# -cdrom "$(readlink -f ./result/iso/nixos*.iso)" \
# -display vnc=127.0.0.1:0
#
# doas cp "$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF_VARS.fd" /tmp/OVMF_VARS.fd
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" -accel kvm -cpu host -smp cores=8 -m 32768 -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" -drive if=pflash,format=raw,file="/tmp/OVMF_VARS.fd" -nic user,hostfwd=tcp::60022-:22 -boot order=d -cdrom /persist/machine_setup/nix/configuration/result/iso/nixos*.iso -display vnc=127.0.0.1:0
# Get a repl for this flake
# nix repl --expr "builtins.getFlake \"$PWD\""
# TODO maybe use `nix eval --raw .#iso.odo.outPath`
# iso.odo.isoName == "nixos.iso"
# full path = <outPath> / iso / <isoName>
#
# Install on a new machine:
#
#
# doas nix --substituters "http://10.0.2.2:8080?trusted=1 https://cache.nixos.org/" --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount hosts/odo/disk-config.nix
# nix flake update zsh-histdb --flake .
# nix flake update ansible-sshjail --flake .
# for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
# nixos-install --substituters "http://10.0.2.2:8080?trusted=1 https://cache.nixos.org/" --flake ".#vm_ionlybootzfs"
#
{
description = "My system configuration";
inputs = {
impermanence.url = "github:nix-community/impermanence";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-b93b4e9b5.url = "github:NixOS/nixpkgs/b93b4e9b527904aadf52dba6ca35efde2067cbd4";
nixpkgs-unoptimized.url = "github:NixOS/nixpkgs/nixos-unstable";
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.2";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
zsh-histdb = {
url = "path:flakes/zsh-histdb";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
ansible-sshjail = {
url = "path:flakes/ansible-sshjail";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
{
self,
nixpkgs,
nixpkgs-unoptimized,
nixpkgs-b93b4e9b5,
impermanence,
home-manager,
lanzaboote,
zsh-histdb,
ansible-sshjail,
...
}@inputs:
let
base_x86_64_linux = rec {
system = "x86_64-linux";
specialArgs = {
pkgs-b93b4e9b5 = import nixpkgs-b93b4e9b5 {
inherit system;
};
pkgs-unoptimized = import nixpkgs-unoptimized {
inherit system;
hostPlatform.gcc.arch = "default";
hostPlatform.gcc.tune = "default";
};
};
modules = [
impermanence.nixosModules.impermanence
home-manager.nixosModules.home-manager
lanzaboote.nixosModules.lanzaboote
inputs.disko.nixosModules.disko
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
}
{
nixpkgs.overlays = [
zsh-histdb.overlays.default
ansible-sshjail.overlays.default
];
}
./configuration.nix
];
};
systems =
let
additional_iso_modules = [
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
# TODO: Figure out how to do image based appliances
# (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix")
{
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
me.buildingIso = true;
me.optimizations.enable = nixpkgs.lib.mkForce false;
}
{
# These are big space hogs. The chance that I need them on an ISO is slim.
me.steam.enable = nixpkgs.lib.mkForce false;
me.pcsx2.enable = nixpkgs.lib.mkForce false;
}
];
additional_vm_modules = [
(nixpkgs + "/nixos/modules/profiles/qemu-guest.nix")
{
networking.dhcpcd.enable = true;
networking.useDHCP = true;
me.optimizations.enable = nixpkgs.lib.mkForce false;
}
{
# I don't need games on a virtual machine.
me.steam.enable = nixpkgs.lib.mkForce false;
me.pcsx2.enable = nixpkgs.lib.mkForce false;
me.sm64ex.enable = nixpkgs.lib.mkForce false;
me.shipwright.enable = nixpkgs.lib.mkForce false;
me.ship2harkinian.enable = nixpkgs.lib.mkForce false;
}
];
in
{
odo = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/odo
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
quark = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/quark
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
neelix = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/neelix
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
hydra =
let
additional_iso_modules = additional_iso_modules ++ [
{
me.optimizations.enable = true;
}
];
in
rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/hydra
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
ionlybootzfs = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/ionlybootzfs
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
};
in
{
nixosConfigurations.odo = nixpkgs.lib.nixosSystem systems.odo.main;
iso.odo = (nixpkgs.lib.nixosSystem systems.odo.iso).config.system.build.isoImage;
nixosConfigurations.vm_odo = nixpkgs.lib.nixosSystem systems.odo.vm;
vm_iso.odo = (nixpkgs.lib.nixosSystem systems.odo.vm_iso).config.system.build.isoImage;
nixosConfigurations.quark = nixpkgs.lib.nixosSystem systems.quark.main;
iso.quark = (nixpkgs.lib.nixosSystem systems.quark.iso).config.system.build.isoImage;
nixosConfigurations.vm_quark = nixpkgs.lib.nixosSystem systems.quark.vm;
vm_iso.quark = (nixpkgs.lib.nixosSystem systems.quark.vm_iso).config.system.build.isoImage;
nixosConfigurations.neelix = nixpkgs.lib.nixosSystem systems.neelix.main;
iso.neelix = (nixpkgs.lib.nixosSystem systems.neelix.iso).config.system.build.isoImage;
nixosConfigurations.vm_neelix = nixpkgs.lib.nixosSystem systems.neelix.vm;
vm_iso.neelix = (nixpkgs.lib.nixosSystem systems.neelix.vm_iso).config.system.build.isoImage;
nixosConfigurations.hydra = nixpkgs.lib.nixosSystem systems.hydra.main;
iso.hydra = (nixpkgs.lib.nixosSystem systems.hydra.iso).config.system.build.isoImage;
nixosConfigurations.vm_hydra = nixpkgs.lib.nixosSystem systems.hydra.vm;
vm_iso.hydra = (nixpkgs.lib.nixosSystem systems.hydra.vm_iso).config.system.build.isoImage;
nixosConfigurations.ionlybootzfs = nixpkgs.lib.nixosSystem systems.ionlybootzfs.main;
iso.ionlybootzfs = (nixpkgs.lib.nixosSystem systems.ionlybootzfs.iso).config.system.build.isoImage;
nixosConfigurations.vm_ionlybootzfs = nixpkgs.lib.nixosSystem systems.ionlybootzfs.vm;
vm_iso.ionlybootzfs =
(nixpkgs.lib.nixosSystem systems.ionlybootzfs.vm_iso).config.system.build.isoImage;
};
}

61
nix/configuration/flakes/ansible-sshjail/flake.lock generated Normal file
View File

@@ -0,0 +1,61 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735141468,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

34
nix/configuration/flakes/ansible-sshjail/flake.nix Normal file
View File

@@ -0,0 +1,34 @@
{
description = "A slightly better history for zsh";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
inputs.flake-utils.url = "github:numtide/flake-utils";
outputs =
{
self,
nixpkgs,
flake-utils,
...
}:
let
out =
system:
let
pkgs = nixpkgs.legacyPackages.${system};
# Maybe pkgs = import nixpkgs { inherit system; }; ?
appliedOverlay = self.overlays.default pkgs pkgs;
in
{
packages = rec {
default = ansible-sshjail;
ansible-sshjail = appliedOverlay.ansible-sshjail;
};
};
in
flake-utils.lib.eachDefaultSystem out
// {
overlays.default = final: prev: {
ansible-sshjail = final.callPackage ./package.nix { };
};
};
}

33
nix/configuration/flakes/ansible-sshjail/package.nix Normal file
View File

@@ -0,0 +1,33 @@
# unpackPhase
# patchPhase
# configurePhase
# buildPhase
# checkPhase
# installPhase
# fixupPhase
# installCheckPhase
# distPhase
{
stdenv,
fetchgit,
...
}:
stdenv.mkDerivation {
name = "ansible-sshjail";
src = fetchgit {
url = "https://github.com/austinhyde/ansible-sshjail.git";
rev = "a7b0076fdb680b915d35efafd1382919100532b6";
sha256 = "sha256-4QX/017fDRzb363NexgvHZ/VFKXOjRgGPDKKygyUylM=";
};
phases = [
"installPhase"
];
installPhase = ''
runHook preInstall
mkdir -p $out/share/ansible/plugins/connection_plugins
cp $src/sshjail.py $out/share/ansible/plugins/connection_plugins/
runHook postInstall
'';
}

61
nix/configuration/flakes/zsh-histdb/flake.lock generated Normal file
View File

@@ -0,0 +1,61 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735141468,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

34
nix/configuration/flakes/zsh-histdb/flake.nix Normal file
View File

@@ -0,0 +1,34 @@
{
description = "A slightly better history for zsh";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
inputs.flake-utils.url = "github:numtide/flake-utils";
outputs =
{
self,
nixpkgs,
flake-utils,
...
}:
let
out =
system:
let
pkgs = nixpkgs.legacyPackages.${system};
# Maybe pkgs = import nixpkgs { inherit system; }; ?
appliedOverlay = self.overlays.default pkgs pkgs;
in
{
packages = rec {
default = zsh-histdb;
zsh-histdb = appliedOverlay.zsh-histdb;
};
};
in
flake-utils.lib.eachDefaultSystem out
// {
overlays.default = final: prev: {
zsh-histdb = final.callPackage ./package.nix { };
};
};
}

36
nix/configuration/flakes/zsh-histdb/package.nix Normal file
View File

@@ -0,0 +1,36 @@
# unpackPhase
# patchPhase
# configurePhase
# buildPhase
# checkPhase
# installPhase
# fixupPhase
# installCheckPhase
# distPhase
{
stdenv,
pkgs,
sqlite,
...
}:
stdenv.mkDerivation {
name = "zsh-histdb";
src = pkgs.fetchgit {
url = "https://github.com/larkery/zsh-histdb.git";
rev = "90a6c104d0fcc0410d665e148fa7da28c49684eb";
sha256 = "sha256-vtG1poaRVbfb/wKPChk1WpPgDq+7udLqLfYfLqap4Vg=";
};
buildInputs = [ sqlite ];
phases = [
"installPhase"
];
installPhase = ''
runHook preInstall
mkdir -p $out/share/zsh/plugins/zsh-histdb
cp -r $src/histdb-* $src/*.zsh $src/db_migrations $out/share/zsh/plugins/zsh-histdb/
runHook postInstall
'';
postInstall = ''
substituteInPlace $out/share/zsh/plugins/zsh-histdb/sqlite-history.zsh $out/share/zsh/plugins/zsh-histdb/histdb-merge $out/share/zsh/plugins/zsh-histdb/histdb-migrate --replace-fail "sqlite3" "${sqlite}/bin/sqlite3"
'';
}

19
nix/configuration/hosts/hydra/DEPLOY_BOOT Executable file
View File

@@ -0,0 +1,19 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=hydra
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#hydra'

19
nix/configuration/hosts/hydra/DEPLOY_SWITCH Executable file
View File

@@ -0,0 +1,19 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=hydra
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#hydra'

12
nix/configuration/hosts/hydra/ISO Executable file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.hydra" --max-jobs "$JOBS" "${@}" |& nom

68
nix/configuration/hosts/hydra/default.nix Normal file
View File

@@ -0,0 +1,68 @@
#
# Testing:
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \
# -accel kvm \
# -cpu host \
# -smp cores=8 \
# -m 32768 \
# -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" \
# -drive file=/tmp/localdisk.img,if=none,id=nvm,format=raw \
# -device nvme,serial=deadbeef,drive=nvm \
# -nic user,hostfwd=tcp::60022-:22 \
# -boot order=d \
# -cdrom "$(readlink -f /persist/machine_setup/nix/configuration/result/iso/nixos*.iso)" \
# -display vnc=127.0.0.1:0
#
{
config,
lib,
pkgs,
...
}:
{
imports = [
./disk-config.nix
./hardware-configuration.nix
./optimized_build.nix
./vm_disk.nix
];
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "fbd233d8";
networking.hostName = "hydra"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = false;
me.optimizations = {
enable = true;
arch = "znver4";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
me.emacs_flavor = "plainmacs";
me.graphical = false;
me.hydra.enable = false;
me.nix_worker.enable = true;
me.vm_disk.enable = true;
me.wireguard.activated = [ ];
me.wireguard.deactivated = [ ];
me.zsh.enable = true;
}

140
nix/configuration/hosts/hydra/disk-config.nix Normal file
View File

@@ -0,0 +1,140 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) {
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"umask=0077"
"noatime"
"discard"
];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
# mode = "mirror";
# Workaround: cannot import 'zroot': I/O error in disko tests
options.cachefile = "none";
options = {
ashift = "12";
compatibility = "openzfs-2.2-freebsd";
autotrim = "on";
};
rootFsOptions = {
acltype = "posixacl";
atime = "off";
relatime = "off";
xattr = "sa";
mountpoint = "none";
compression = "lz4";
canmount = "off";
utf8only = "on";
dnodesize = "auto";
normalization = "formD";
};
datasets = {
"linux/nix" = {
type = "zfs_fs";
options.mountpoint = "none";
};
"linux/nix/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
};
"linux/nix/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
options = {
recordsize = "1MiB";
compression = "lz4";
};
};
"linux/nix/home" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/home";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
};
"linux/nix/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
};
"linux/nix/state" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/state";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
};
};
};
};
};
# Make sure all persistent volumes are marked as neededForBoot
#
# Also mounts /home so it is mounted before the user home directories are created.
fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
fileSystems."/".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [
"noatime"
"norelatime"
];
fileSystems."/persist".options = [
"noatime"
"norelatime"
];
fileSystems."/state".options = [
"noatime"
"norelatime"
];
fileSystems."/home".options = [
"noatime"
"norelatime"
];
}

39
nix/configuration/hosts/hydra/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,39 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.dhcpcd.enable = lib.mkForce true;
networking.useDHCP = lib.mkForce true;
networking.interfaces.enp0s2.useDHCP = lib.mkForce true;
# systemd.network.enable = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

77
nix/configuration/hosts/hydra/vm_disk.nix Normal file
View File

@@ -0,0 +1,77 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
vm_disk.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to mount the local disk for persistent storage.";
};
};
config = lib.mkIf config.me.vm_disk.enable (
lib.mkMerge [
{
# Mount the local disk
fileSystems = {
"/.disk" = lib.mkForce {
device = "/dev/nvme0n1p1";
fsType = "ext4";
options = [
"noatime"
"discard"
];
neededForBoot = true;
};
"/persist" = {
fsType = "none";
device = "/.disk/persist";
options = [
"bind"
"rw"
];
depends = [
"/.disk/persist"
];
};
"/state" = {
fsType = "none";
device = "/.disk/state";
options = [
"bind"
"rw"
];
depends = [
"/.disk/state"
];
};
"/nix/store" = lib.mkForce {
fsType = "overlay";
device = "overlay";
options = [
"lowerdir=/nix/.ro-store"
"upperdir=/.disk/persist/store"
"workdir=/.disk/state/work"
];
depends = [
"/nix/.ro-store"
"/.disk/persist/store"
"/.disk/state/work"
];
};
};
}
]
);
}

19
nix/configuration/hosts/ionlybootzfs/DEPLOY_BOOT Executable file
View File

@@ -0,0 +1,19 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET="ionlybootzfs"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#ionlybootzfs'

19
nix/configuration/hosts/ionlybootzfs/DEPLOY_SWITCH Executable file
View File

@@ -0,0 +1,19 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=ionlybootzfs
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#ionlybootzfs'

12
nix/configuration/hosts/ionlybootzfs/ISO Executable file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.ionlybootzfs" --max-jobs "$JOBS" "${@}" |& nom

63
nix/configuration/hosts/ionlybootzfs/default.nix Normal file
View File

@@ -0,0 +1,63 @@
#
# Testing:
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \
# -accel kvm \
# -cpu host \
# -smp cores=8 \
# -m 32768 \
# -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" \
# -drive file=/tmp/localdisk.img,if=none,id=nvm,format=raw \
# -device nvme,serial=deadbeef,drive=nvm \
# -nic user,hostfwd=tcp::60022-:22 \
# -boot order=d \
# -cdrom "$(readlink -f /persist/machine_setup/nix/configuration/result/iso/nixos*.iso)" \
# -display vnc=127.0.0.1:0
#
{
config,
lib,
pkgs,
...
}:
{
imports = [
./wrapped-disk-config.nix
./hardware-configuration.nix
];
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "fbd233d8";
networking.hostName = "ionlybootzfs"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = true;
me.optimizations = {
enable = false;
arch = "znver4";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
me.emacs_flavor = "plainmacs";
me.graphical = false;
me.wireguard.activated = [ ];
me.wireguard.deactivated = [ ];
me.zsh.enable = true;
}

142
nix/configuration/hosts/ionlybootzfs/disk-config.nix Normal file
View File

@@ -0,0 +1,142 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"umask=0077"
"noatime"
"discard"
];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
# mode = "mirror";
# Workaround: cannot import 'zroot': I/O error in disko tests
options.cachefile = "none";
options = {
ashift = "12";
compatibility = "openzfs-2.2-freebsd";
autotrim = "on";
};
rootFsOptions = {
acltype = "posixacl";
atime = "off";
relatime = "off";
xattr = "sa";
mountpoint = "none";
compression = "lz4";
canmount = "off";
utf8only = "on";
dnodesize = "auto";
normalization = "formD";
};
datasets = {
"linux/nix" = {
type = "zfs_fs";
options.mountpoint = "none";
options = {
encryption = "aes-256-gcm";
keyformat = "passphrase";
# keylocation = "file:///tmp/secret.key";
};
};
"linux/nix/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
};
"linux/nix/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
options = {
recordsize = "16MiB";
compression = "zstd-19";
};
};
"linux/nix/home" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/home";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
};
"linux/nix/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
};
"linux/nix/state" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/state";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
};
};
};
};
};
# Make sure all persistent volumes are marked as neededForBoot
#
# Also mounts /home so it is mounted before the user home directories are created.
fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
fileSystems."/".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [
"noatime"
"norelatime"
];
fileSystems."/persist".options = [
"noatime"
"norelatime"
];
fileSystems."/state".options = [
"noatime"
"norelatime"
];
fileSystems."/home".options = [
"noatime"
"norelatime"
];
# Only attempt to decrypt the main pool. Otherwise it attempts to decrypt pools that aren't even used.
boot.zfs.requestEncryptionCredentials = [ "zroot/linux/nix" ];
}

38
nix/configuration/hosts/ionlybootzfs/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,38 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.dhcpcd.enable = lib.mkForce true;
networking.useDHCP = lib.mkForce true;
# systemd.network.enable = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

131
nix/configuration/hosts/ionlybootzfs/optimized_build.nix Normal file
View File

@@ -0,0 +1,131 @@
{
config,
lib,
pkgs,
pkgs-unoptimized,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{ }
(lib.mkIf (!config.me.optimizations.enable) {
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_14;
})
(lib.mkIf (config.me.optimizations.enable) {
nixpkgs.hostPlatform = {
gcc.arch = "znver4";
gcc.tune = "znver4";
system = "x86_64-linux";
};
nixpkgs.overlays = [
(
final: prev:
let
addConfig =
additionalConfig: pkg:
pkg.override (oldconfig: {
structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
});
in
{
linux_me = addConfig {
# Full preemption
PREEMPT = lib.mkOverride 60 lib.kernel.yes;
PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
# Google's BBRv3 TCP congestion Control
TCP_CONG_BBR = lib.kernel.yes;
DEFAULT_BBR = lib.kernel.yes;
# Preemptive Full Tickless Kernel at 300Hz
HZ = lib.kernel.freeform "300";
HZ_300 = lib.kernel.yes;
HZ_1000 = lib.kernel.no;
} prev.linux_6_14;
# gsl = prev.gsl.overrideAttrs (old: {
# # gsl tests fails when optimizations are enabled.
# # > FAIL: cholesky_invert unscaled hilbert ( 4, 4)[0,2]: 2.55795384873636067e-13 0
# # > (2.55795384873636067e-13 observed vs 0 expected) [28259614]
# doCheck = false;
# });
}
)
(final: prev: {
haskellPackages = prev.haskellPackages.extend (
final': prev': {
inherit (pkgs-unoptimized.haskellPackages)
crypton
crypton-connection
crypton-x509
crypton-x509-store
crypton-x509-system
crypton-x509-validation
hspec-wai
http-client-tls
http2
pandoc
pandoc-cli
pandoc-lua-engine
pandoc-server
servant-server
tls
wai-app-static
wai-extra
warp
;
}
);
})
(final: prev: {
inherit (pkgs-unoptimized)
gsl
redis
valkey
;
})
];
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_me;
})
(lib.mkIf (!config.me.buildingIso) {
nix.settings.system-features = lib.mkForce [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
# Keep ALL dependencies so we can rebuild offline. This DRASTICALLY increase disk usage, but disk space is cheap.
# system.includeBuildDependencies = true;
# This also should enable building offline? TODO: test.
nix.extraOptions = ''
keep-outputs = true
keep-derivations = true
'';
# # building ON
# nixpkgs.localSystem = { system = "aarch64-linux"; };
# # building FOR
# nixpkgs.crossSystem = { system = "aarch64-linux"; };
# nixpkgs.config = {
# replaceStdenv = ({ pkgs }: pkgs.clangStdenv);
# };
# or maybe an overlay
# stdenv = prev.clangStdenv;
})
(lib.mkIf (config.me.buildingIso) {
boot.supportedFilesystems.zfs = true;
})
];
}

8
nix/configuration/hosts/ionlybootzfs/wrapped-disk-config.nix Normal file
View File

@@ -0,0 +1,8 @@
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) (import ./disk-config.nix)

19
nix/configuration/hosts/neelix/DEPLOY_BOOT Executable file
View File

@@ -0,0 +1,19 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=neelix
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#neelix'

19
nix/configuration/hosts/neelix/DEPLOY_SWITCH Executable file
View File

@@ -0,0 +1,19 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=neelix
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#neelix'

51
nix/configuration/hosts/neelix/default.nix Normal file
View File

@@ -0,0 +1,51 @@
{ config, pkgs, ... }:
{
imports = [
./hardware-configuration.nix
./disk-config.nix
./power_management.nix
];
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "bca9d0a5";
networking.hostName = "neelix"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = false;
me.optimizations = {
enable = false;
arch = "alderlake";
system_features = [
"gccarch-alderlake"
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Early KMS
boot.initrd.kernelModules = [ "i915" ];
# Mount tmpfs at /tmp
# boot.tmp.useTmpfs = true;
me.bluetooth.enable = true;
me.emacs_flavor = "plainmacs";
me.graphical = true;
me.graphics_card_type = "intel";
me.kodi.enable = true;
me.lvfs.enable = true;
me.sound.enable = true;
me.wireguard.activated = [ "wgh" ];
me.wireguard.deactivated = [ "wgf" ];
me.zrepl.enable = true;
me.zsh.enable = true;
}

140
nix/configuration/hosts/neelix/disk-config.nix Normal file
View File

@@ -0,0 +1,140 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) {
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"umask=0077"
"noatime"
"discard"
];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
# mode = "mirror";
# Workaround: cannot import 'zroot': I/O error in disko tests
options.cachefile = "none";
options = {
ashift = "12";
compatibility = "openzfs-2.2-freebsd";
autotrim = "on";
};
rootFsOptions = {
acltype = "posixacl";
atime = "off";
relatime = "off";
xattr = "sa";
mountpoint = "none";
compression = "lz4";
canmount = "off";
utf8only = "on";
dnodesize = "auto";
normalization = "formD";
};
datasets = {
"linux/nix" = {
type = "zfs_fs";
options.mountpoint = "none";
};
"linux/nix/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
};
"linux/nix/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
options = {
recordsize = "1MiB";
compression = "lz4";
};
};
"linux/nix/home" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/home";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
};
"linux/nix/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
};
"linux/nix/state" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/state";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
};
};
};
};
};
# Make sure all persistent volumes are marked as neededForBoot
#
# Also mounts /home so it is mounted before the user home directories are created.
fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
fileSystems."/".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [
"noatime"
"norelatime"
];
fileSystems."/persist".options = [
"noatime"
"norelatime"
];
fileSystems."/state".options = [
"noatime"
"norelatime"
];
fileSystems."/home".options = [
"noatime"
"norelatime"
];
}

39
nix/configuration/hosts/neelix/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,39 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

35
nix/configuration/hosts/neelix/power_management.nix Normal file
View File

@@ -0,0 +1,35 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
environment.systemPackages = with pkgs; [
powertop
];
# pcie_aspm=force pcie_aspm.policy=powersupersave :: Enable PCIe active state power management for power reduction.
# nowatchdog :: Disable watchdog for power savings (related to disable_sp5100_watchdog above).
boot.kernelParams = [
"pcie_aspm=force"
# "pcie_aspm.policy=powersupersave"
"nowatchdog"
];
# default performance balance_performance balance_power power
# defaults to balance_performance
# systemd.tmpfiles.rules = [
# "w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power"
# ];
boot.extraModprobeConfig = ''
options snd_hda_intel power_save=1
'';
}

19
nix/configuration/hosts/odo/DEPLOY_BOOT Executable file
View File

@@ -0,0 +1,19 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
# TARGET=10.216.1.15
# TARGET=192.168.211.250
TARGET=odo
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#odo'

19
nix/configuration/hosts/odo/DEPLOY_SWITCH Executable file
View File

@@ -0,0 +1,19 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=odo
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#odo'

12
nix/configuration/hosts/odo/ISO Executable file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.odo" --max-jobs "$JOBS" "${@}" |& nom

12
nix/configuration/hosts/odo/SELF_BOOT Executable file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" "${@}" |& nom

12
nix/configuration/hosts/odo/SELF_BUILD Executable file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" "${@}" |& nom

12
nix/configuration/hosts/odo/SELF_SWITCH Executable file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" "${@}" |& nom

116
nix/configuration/hosts/odo/default.nix Normal file
View File

@@ -0,0 +1,116 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./hardware-configuration.nix
./wrapped-disk-config.nix
./distributed_build.nix
./power_management.nix
./screen_brightness.nix
./wifi.nix
./framework_module.nix
];
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "908cbf04";
networking.hostName = "odo"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = true;
me.optimizations = {
enable = true;
arch = "znver4";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Early KMS
boot.initrd.kernelModules = [ "amdgpu" ];
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
environment.systemPackages = with pkgs; [
fw-ectool
framework-tool
];
# Enable light sensor
# hardware.sensor.iio.enable = lib.mkDefault true;
# Enable TRIM
# services.fstrim.enable = lib.mkDefault true;
me.alacritty.enable = true;
me.ansible.enable = true;
me.ares.enable = true;
me.bluetooth.enable = true;
me.chromecast.enable = true;
me.chromium.enable = true;
me.docker.enable = true;
me.ecc.enable = true;
me.emacs_flavor = "full";
me.firefox.enable = true;
me.flux.enable = true;
me.gcloud.enable = true;
me.git.config = ../../roles/git/files/gitconfig_home;
me.gnuplot.enable = true;
me.gpg.enable = true;
me.graphical = true;
me.graphics_card_type = "amd";
me.iso_mount.enable = true;
me.kanshi.enable = false;
me.kubernetes.enable = true;
me.latex.enable = true;
me.launch_keyboard.enable = true;
me.lvfs.enable = true;
me.media.enable = true;
me.nix_index.enable = true;
me.pcsx2.enable = true;
me.python.enable = true;
me.qemu.enable = true;
me.rpcs3.enable = true;
me.rust.enable = true;
me.shikane.enable = true;
me.sops.enable = true;
me.sound.enable = true;
me.steam.enable = true;
me.steam_run_free.enable = true;
me.sway.enable = true;
me.tekton.enable = true;
me.terraform.enable = true;
me.thunderbolt.enable = true;
me.vnc_client.enable = true;
me.vscode.enable = true;
me.wasm.enable = true;
me.waybar.enable = true;
me.wireguard.activated = [
"drmario"
"wgh"
"colo"
];
me.wireguard.deactivated = [ "wgf" ];
me.zrepl.enable = true;
me.zsh.enable = true;
me.sm64ex.enable = true;
me.shipwright.enable = true;
me.ship2harkinian.enable = true;
}

142
nix/configuration/hosts/odo/disk-config.nix Normal file
View File

@@ -0,0 +1,142 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"umask=0077"
"noatime"
"discard"
];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
# mode = "mirror";
# Workaround: cannot import 'zroot': I/O error in disko tests
options.cachefile = "none";
options = {
ashift = "12";
compatibility = "openzfs-2.2-freebsd";
autotrim = "on";
};
rootFsOptions = {
acltype = "posixacl";
atime = "off";
relatime = "off";
xattr = "sa";
mountpoint = "none";
compression = "lz4";
canmount = "off";
utf8only = "on";
dnodesize = "auto";
normalization = "formD";
};
datasets = {
"linux/nix" = {
type = "zfs_fs";
options.mountpoint = "none";
options = {
encryption = "aes-256-gcm";
keyformat = "passphrase";
# keylocation = "file:///tmp/secret.key";
};
};
"linux/nix/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
};
"linux/nix/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
options = {
recordsize = "16MiB";
compression = "zstd-19";
};
};
"linux/nix/home" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/home";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
};
"linux/nix/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
};
"linux/nix/state" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/state";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
};
};
};
};
};
# Make sure all persistent volumes are marked as neededForBoot
#
# Also mounts /home so it is mounted before the user home directories are created.
fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
fileSystems."/".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [
"noatime"
"norelatime"
];
fileSystems."/persist".options = [
"noatime"
"norelatime"
];
fileSystems."/state".options = [
"noatime"
"norelatime"
];
fileSystems."/home".options = [
"noatime"
"norelatime"
];
# Only attempt to decrypt the main pool. Otherwise it attempts to decrypt pools that aren't even used.
boot.zfs.requestEncryptionCredentials = [ "zroot/linux/nix" ];
}

27
nix/configuration/hosts/odo/distributed_build.nix Normal file
View File

@@ -0,0 +1,27 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{
me.distributed_build.enable = true;
me.distributed_build.machines.hydra = {
enable = true;
additional_config = {
speedFactor = 2;
};
};
me.distributed_build.machines.quark = {
enable = true;
additional_config = {
speedFactor = 2;
};
};
}
];
}

23
nix/configuration/hosts/odo/framework_module.nix Normal file
View File

@@ -0,0 +1,23 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{
boot.extraModulePackages = with config.boot.kernelPackages; [
framework-laptop-kmod
];
# https://github.com/DHowett/framework-laptop-kmod?tab=readme-ov-file#usage
boot.kernelModules = [
"cros_ec"
"cros_ec_lpcs"
];
}
];
}

Some files were not shown because too many files have changed in this diff Show More