talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: talexander:a547b3b04b7f16f225d248549a4cc16a91498254
Branches Tags
talexander:main talexander:nix talexander:kubernetes talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook
..
compare: talexander:mt7927
Branches Tags
talexander:nix talexander:kubernetes talexander:main talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook

54 Commits
a547b3b04b ... mt7927

Author SHA1 Message Date
Tom Alexander
5c2b0d8c2f Add mt7927 driver to quark. 2026-04-11 11:24:05 -04:00
Tom Alexander
9550032c08 Support hardware accelerated RNG in qemurc. 2026-04-10 09:08:20 -04:00
Tom Alexander
d46c2a0225 Revert "Update packages." 
This reverts commit ee4794859a.
 2026-04-09 20:25:12 -04:00
Tom Alexander
6430b1cc77 Sync to the store before registering paths. 2026-04-08 20:51:20 -04:00
Tom Alexander
157d4e4c94 New VPN address for home server. 2026-04-08 20:51:20 -04:00
Tom Alexander
075a4b8262 Use direct paths for hydra's nix store. 
I was getting corrupted builds, so as a test I am using the direct path where the drive is mounted rather than going through bind mounts.
 2026-04-08 20:51:20 -04:00
Tom Alexander
d62b3d8a62 Add a build of nixbsd to nix_builder. 2026-04-08 08:45:07 -04:00
Tom Alexander
ee4794859a Update packages. 2026-04-08 08:45:07 -04:00
Tom Alexander
791f67eb82 Update nix_builder. 2026-04-02 22:03:45 -04:00
Tom Alexander
bf27504a5a Add repair flag to build scripts. 2026-04-02 14:14:11 -04:00
Tom Alexander
620c12eaa7 Add auto-formatting for d2. 2026-04-02 14:04:04 -04:00
Tom Alexander
e2658412ab Fix stuttery zoom on google maps. 2026-03-29 19:40:51 -04:00
Tom Alexander
a86e8c3a18 Fix rga alias. 2026-03-29 19:40:51 -04:00
Tom Alexander
299185970d Add stream to /etc/hosts 2026-03-19 18:16:57 -04:00
Tom Alexander
6670fdbe73 Merge branch 'family_disks' into nix 2026-03-08 13:01:20 -04:00
Tom Alexander
ed4eead5c0 Add a config for the machine to recover the family disks. 2026-03-08 13:01:11 -04:00
Tom Alexander
7f9f010217 Add support for a portable monitor. 2026-03-07 16:39:21 -05:00
Tom Alexander
ea133ded21 Add the next_hop script. 
This script determines the next hop for a packet leaving this machine destined for the given address.
 2026-03-04 21:13:40 -05:00
Tom Alexander
04ede4bfee Add a role for loading esims onto standalone sim cards. 2026-03-01 16:51:34 -05:00
Tom Alexander
2529ca4510 Disable some stuff in firefox. 2026-02-22 13:21:01 -05:00
Tom Alexander
69384f6cad Use rust nix-builder instead of bash script. 2026-02-22 13:21:01 -05:00
Tom Alexander
3df022ab3f Move org custom faces to a use-package :custom-face block. 
This prevent the faces from being written to custom.el.
 2026-02-22 13:21:01 -05:00
Tom Alexander
bf006a968b Update jujutsu config. 2026-02-22 13:21:01 -05:00
Tom Alexander
b1b2ea2109 Add git hide and git unhide scripts. 2026-02-14 12:33:06 -05:00
Tom Alexander
1211bc1c44 Remove programs.adb.enable. 2026-02-14 12:33:06 -05:00
Tom Alexander
776ed67675 Set up hydra as a remote build machine. 2026-02-13 10:37:29 -05:00
Tom Alexander
24e03ed8f7 Update packages in nix. 2026-02-13 10:36:49 -05:00
Tom Alexander
e75c4087c3 Add keep-alive to ssh connections. 2026-02-13 10:36:49 -05:00
Tom Alexander
43f3c1f955 Add some nix settings. 2026-02-13 10:36:47 -05:00
Tom Alexander
7ab1d4b9e1 Add the v4l utilities to control webcam settings. 2026-02-06 11:24:05 -05:00
Tom Alexander
ad88a526bc Add support for the android debug bridge. 2026-02-03 18:15:35 -05:00
Tom Alexander
b0cebc7973 Add a work monitor to shikane. 2026-02-03 11:10:45 -05:00
Tom Alexander
c90513cbea Install beamer with LaTeX. 2026-01-08 22:18:38 -05:00
Tom Alexander
07a8882766 Install graphviz. 2026-01-02 10:11:39 -05:00
Tom Alexander
e106a9fad1 Add nftables-mode to emacs. 2026-01-01 22:00:14 -05:00
Tom Alexander
70f3ae6894 Add a nix-flake-repl script. 2026-01-01 11:01:13 -05:00
Tom Alexander
d883dda34c Remove old TODO. 2025-12-27 20:45:20 -05:00
Tom Alexander
05a0459e5a Add toml2nix. 2025-12-16 18:43:37 -05:00
Tom Alexander
641c21c77f Add C/C++ debugging to personal vscode. 2025-12-13 23:15:59 -05:00
Tom Alexander
88634655d0 Fix firmware updating now that my UEFI system partition is mounted at /efi 2025-12-13 23:15:33 -05:00
Tom Alexander
0bd5931013 Fix the self repl script. 2025-12-10 21:35:50 -05:00
Tom Alexander
dc28b9a112 Inject the password-store flag to vscode. 2025-12-10 20:57:26 -05:00
Tom Alexander
d8d466e737 Update steam deck packages. 2025-12-09 20:38:18 -05:00
Tom Alexander
f94278e96d Re-enable rofimoji. 2025-12-09 13:52:45 -05:00
Tom Alexander
6452d591a7 Install yaml2nix. 2025-12-08 23:21:59 -05:00
Tom Alexander
4fbbec96c0 Another fix for screen scaling when sharing screen. 2025-12-08 13:01:42 -05:00
Tom Alexander
412c6d7220 Another fix for screen scaling when sharing screen. 2025-12-04 15:26:51 -05:00
Tom Alexander
519354fd2c Install pgformatter. 2025-12-03 16:12:36 -05:00
Tom Alexander
6d976d8319 Force cascadia mono. 2025-12-03 12:58:02 -05:00
Tom Alexander
910652e98c Fix scaling monitor when entering screen sharing. 2025-12-02 12:21:53 -05:00
Tom Alexander
e218973f1b Remove local copy of grub package. 2025-11-30 15:02:03 -05:00
Tom Alexander
b48d2b7b25 Disable the binary cache. 2025-11-30 14:16:48 -05:00
Tom Alexander
144d8fab6c Fix quark's updating. 2025-11-30 12:22:03 -05:00
Tom Alexander
15c99bc0b5 Remove the deprecated --fast flag. 2025-11-30 09:24:14 -05:00
124 changed files with 2512 additions and 1408 deletions
Expand all files Collapse all files

84
nix/configuration/configuration.nix
View File

@@ -9,6 +9,7 @@
./roles/2ship2harkinian ./roles/2ship2harkinian
./roles/alacritty ./roles/alacritty
./roles/amd_s2idle ./roles/amd_s2idle
./roles/android
./roles/ansible ./roles/ansible
./roles/ares ./roles/ares
./roles/base ./roles/base
@@ -27,6 +28,7 @@
./roles/ecc ./roles/ecc
./roles/emacs ./roles/emacs
./roles/emulate_isa ./roles/emulate_isa
./roles/esim
./roles/firefox ./roles/firefox
./roles/firewall ./roles/firewall
./roles/flux ./roles/flux
@@ -38,6 +40,7 @@
./roles/gnuplot ./roles/gnuplot
./roles/gpg ./roles/gpg
./roles/graphics ./roles/graphics
./roles/graphviz
./roles/hydra ./roles/hydra
./roles/image_based_appliance ./roles/image_based_appliance
./roles/iso ./roles/iso
@@ -54,12 +57,15 @@
./roles/minimal_base ./roles/minimal_base
./roles/network ./roles/network
./roles/nix_index ./roles/nix_index
./roles/nix_repl
./roles/nix_worker ./roles/nix_worker
./roles/nixdev
./roles/nvme ./roles/nvme
./roles/openpgp_card_tools ./roles/openpgp_card_tools
./roles/optimized_build ./roles/optimized_build
./roles/pcsx2 ./roles/pcsx2
./roles/podman ./roles/podman
./roles/postgresql_client
./roles/python ./roles/python
./roles/qemu ./roles/qemu
./roles/recovery ./roles/recovery
@@ -88,6 +94,7 @@
./roles/vscode ./roles/vscode
./roles/wasm ./roles/wasm
./roles/waybar ./roles/waybar
./roles/webcam
./roles/wine ./roles/wine
./roles/wireguard ./roles/wireguard
./roles/yubikey ./roles/yubikey
@@ -107,6 +114,14 @@
# "git-hashing" # "git-hashing"
]; ];
nix.settings.trusted-users = [ "@wheel" ]; nix.settings.trusted-users = [ "@wheel" ];
nix.settings.connect-timeout = 5;
nix.settings.min-free = 128000000;
nix.settings.max-free = 1000000000;
nix.settings.fallback = true;
nix.settings.warn-dirty = false;
nix.settings.fsync-metadata = true;
# Ensure store paths are durably written to disk before registering the paths so a crash mid-build does not leave us in a corrupted state.
nix.settings.fsync-store-paths = true;
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
@@ -155,6 +170,7 @@
nixpkgs.overlays = nixpkgs.overlays =
let let
disableTests = ( disableTests = (
# Example: (disableTests "coreutils")
package_name: package_name:
(final: prev: { (final: prev: {
"${package_name}" = prev."${package_name}".overrideAttrs (old: { "${package_name}" = prev."${package_name}".overrideAttrs (old: {
@@ -163,23 +179,65 @@
}); });
}) })
); );
disableTestsPython = (
# Example: (disableTestsPython "scipy")
package_name:
(final: prev: {
pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
(python-final: python-prev: {
"${package_name}" = python-prev."${package_name}".overridePythonAttrs (oldAttrs: {
doCheck = false;
});
})
];
})
);
disableOptimizations = (
# Example: (disableOptimizations "coreutils")
package_name:
(final: prev: {
"${package_name}" = final.unoptimized."${package_name}";
})
);
disableOptimizationsScope = (
# Example: (disableOptimizationsScope "kdePackages" "qtbase")
scope: package_name:
(final: prev: {
"${scope}" = prev."${scope}".overrideScope (
scopeFinal: scopePrev: {
"${package_name}" = final.unoptimized."${scope}"."${package_name}";
}
);
})
);
disableOptimizationsPython3 = (
# Example: (disableOptimizationsPython3 "scipy")
package_name:
(final: prev: {
python3Packages = prev.python3Packages.override {
overrides = python-final: python-prev: {
"${package_name}" = final.unoptimized.python3.pkgs."${package_name}";
};
};
})
);
in in
[ [
(disableTests "coreutils")
(disableTests "coreutils-full")
(disableTests "libuv")
(final: prev: {
inherit (final.unoptimized) libtpms libjxl;
})
(disableOptimizationsPython3 "scipy")
# Works but probably sets python2's scipy to be python3:
#
# (final: prev: { # (final: prev: {
# imagemagick = prev.imagemagick.overrideAttrs (old: rec { # pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
# # 7.1.2-6 seems to no longer exist, so use 7.1.2-7 # (python-final: python-prev: {
# version = "7.1.2-7"; # scipy = final.unoptimized.python3Packages.scipy;
# src = final.fetchFromGitHub {
# owner = "ImageMagick";
# repo = "ImageMagick";
# tag = version;
# hash = "sha256-9ARCYftoXiilpJoj+Y+aLCEqLmhHFYSrHfgA5DQHbGo=";
# };
# });
# }) # })
# (final: prev: { # ];
# grub2 = (final.callPackage ./package/grub { });
# }) # })
]; ];

47
nix/configuration/flake.lock generated
View File

@@ -22,11 +22,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1764110879, "lastModified": 1769524058,
"narHash": "sha256-xanUzIb0tf3kJ+PoOFmXEXV1jM3PjkDT/TQ5DYeNYRc=", "narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "aecba248f9a7d68c5d1ed15de2d1c8a4c994a3c5", "rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -94,13 +94,40 @@
"type": "github" "type": "github"
} }
}, },
"impermanence": { "home-manager": {
"inputs": {
"nixpkgs": [
"impermanence",
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1737831083, "lastModified": 1768598210,
"narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", "narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "c47b2cc64a629f8e075de52e4742de688f930dc6",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": {
"inputs": {
"home-manager": "home-manager",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1769548169,
"narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", "rev": "7b1d382faf603b6d264f58627330f9faa5cba149",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -137,11 +164,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1763966396, "lastModified": 1770197578,
"narHash": "sha256-6eeL1YPcY1MV3DDStIDIdy/zZCDKgHdkCmsrLJFiZf0=", "narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5ae3b07d8d6527c42f17c876e404993199144b6a", "rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2",
"type": "github" "type": "github"
}, },
"original": { "original": {

62
nix/configuration/flake.nix
View File

@@ -1,6 +1,3 @@
# Get a repl for this flake
# nix repl --expr "builtins.getFlake \"$PWD\""
# TODO maybe use `nix eval --raw .#odo.iso.outPath` # TODO maybe use `nix eval --raw .#odo.iso.outPath`
# #
@@ -18,7 +15,10 @@
description = "My system configuration"; description = "My system configuration";
inputs = { inputs = {
impermanence.url = "github:nix-community/impermanence"; impermanence = {
url = "github:nix-community/impermanence";
inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
lanzaboote = { lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.2"; url = "github:nix-community/lanzaboote/v0.4.2";
@@ -28,6 +28,7 @@
url = "github:nix-community/disko"; url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
mt7927.url = "github:cmspam/mt7927-nixos";
}; };
outputs = outputs =
@@ -37,6 +38,7 @@
disko, disko,
impermanence, impermanence,
lanzaboote, lanzaboote,
mt7927,
... ...
}: }:
let let
@@ -60,6 +62,9 @@
hydra = { hydra = {
system = "x86_64-linux"; system = "x86_64-linux";
}; };
family_disks = {
system = "x86_64-linux";
};
}; };
nixosConfigs = builtins.mapAttrs ( nixosConfigs = builtins.mapAttrs (
hostname: nodeConfig: format: hostname: nodeConfig: format:
@@ -75,6 +80,7 @@
impermanence.nixosModules.impermanence impermanence.nixosModules.impermanence
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
disko.nixosModules.disko disko.nixosModules.disko
mt7927.nixosModules.default
./configuration.nix ./configuration.nix
(./. + "/hosts/${hostname}") (./. + "/hosts/${hostname}")
(./. + "/formats/${format}.nix") (./. + "/formats/${format}.nix")
@@ -93,30 +99,6 @@
]; ];
}; };
} }
(
{
config,
lib,
pkgs,
...
}:
let
repl_path = toString ./.;
nix-self-repl = pkgs.writeShellScriptBin "nix-self-repl" ''
source /etc/set-environment
nix repl "${repl_path}/repl.nix" "$@"
'';
# If we wanted the current version of a flake then we'd just launch
# nix repl
# and then run:
# :lf /path/to/flake
in
{
config = {
environment.systemPackages = lib.mkIf config.nix.enable [ nix-self-repl ];
};
}
)
]; ];
} }
) nodes; ) nodes;
@@ -128,30 +110,6 @@
}; };
modules = [ modules = [
./formats/installer.nix ./formats/installer.nix
(
{
config,
lib,
pkgs,
...
}:
let
repl_path = toString ./.;
nix-self-repl = pkgs.writeShellScriptBin "nix-self-repl" ''
source /etc/set-environment
nix repl "${repl_path}/repl.nix" "$@"
'';
# If we wanted the current version of a flake then we'd just launch
# nix repl
# and then run:
# :lf /path/to/flake
in
{
config = {
environment.systemPackages = lib.mkIf config.nix.enable [ nix-self-repl ];
};
}
)
({ nixpkgs.hostPlatform.system = nodeConfig.system; }) ({ nixpkgs.hostPlatform.system = nodeConfig.system; })
]; ];
}; };

3
nix/configuration/formats/installer.nix
View File

@@ -37,7 +37,8 @@ in
(modulesPath + "/profiles/all-hardware.nix") (modulesPath + "/profiles/all-hardware.nix")
]; ];
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_17; boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_18;
# boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux;
boot.zfs.package = pkgs.zfs_unstable; boot.zfs.package = pkgs.zfs_unstable;
boot.kernelParams = [ boot.kernelParams = [
"quiet" "quiet"

13
nix/configuration/hosts/family_disks/DEPLOY_BOOT Executable file
View File

@@ -0,0 +1,13 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
TARGET=family_disks
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#family_disks" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

13
nix/configuration/hosts/family_disks/DEPLOY_SWITCH Executable file
View File

@@ -0,0 +1,13 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
TARGET=family_disks
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#family_disks" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/family_disks/ISO Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#family_disks.iso" --repair --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/family_disks/SELF_BOOT Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#family_disks" --repair --log-format internal-json -v "${@}" |& nom --json

12
nix/configuration/hosts/family_disks/SELF_BUILD Executable file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
: "${NOM:="true"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#family_disks" --repair --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/family_disks/SELF_SWITCH Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#family_disks" --repair --log-format internal-json -v "${@}" |& nom --json

75
nix/configuration/hosts/family_disks/default.nix Normal file
View File

@@ -0,0 +1,75 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./hardware-configuration.nix
./wrapped-disk-config.nix
./distributed_build.nix
./power_management.nix
];
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "908cbf04";
networking.hostName = "family_disks"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.boot.enable = true;
me.boot.secure = false;
me.mountPersistence = true;
# Toggle to start writing the extlinux config which will be used by zfsbootmenu
boot.loader.generic-extlinux-compatible.enable = true;
boot.loader.systemd-boot.enable = lib.mkForce false;
me.rollback.dataset = [
"zroot/linux/nix/root@blank"
"zroot/linux/nix/home@blank"
];
me.optimizations = {
enable = true;
arch = "skylake";
# build_arch = "x86-64-v3";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
"gccarch-kabylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Early KMS
# boot.initrd.kernelModules = [ "amdgpu" ];
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
# Enable light sensor
# hardware.sensor.iio.enable = lib.mkDefault true;
# Enable TRIM
# services.fstrim.enable = lib.mkDefault true;
# Only run nix builders at idle priority for a more responsive system. Do not set on servers, just end-user devices.
nix.daemonCPUSchedPolicy = "idle";
me.build_in_ram.enable = true;
me.dont_use_substituters.enable = true;
me.minimal_base.enable = true;
me.recovery.enable = true;
};
}

155
nix/configuration/hosts/family_disks/disk-config.nix Normal file
View File

@@ -0,0 +1,155 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/efi";
mountOptions = [
"umask=0077"
"noatime"
"discard"
];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
# mode = "mirror";
# Workaround: cannot import 'zroot': I/O error in disko tests
options.cachefile = "none";
options = {
ashift = "12";
compatibility = "openzfs-2.2-freebsd";
autotrim = "on";
};
rootFsOptions = {
acltype = "posixacl";
atime = "off";
relatime = "off";
xattr = "sa";
mountpoint = "none";
compression = "lz4";
canmount = "off";
utf8only = "on";
dnodesize = "auto";
normalization = "formD";
};
datasets = {
"linux/nix" = {
type = "zfs_fs";
options.mountpoint = "none";
options = {
# encryption = "aes-256-gcm";
# keyformat = "passphrase";
# # keylocation = "file:///tmp/secret.key";
};
};
"linux/nix/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
};
"linux/nix/boot" = {
type = "zfs_fs";
options = {
mountpoint = "legacy";
"org.zfsbootmenu:active" = "on";
};
mountpoint = "/boot";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/boot@blank$' || zfs snapshot zroot/linux/nix/boot@blank";
};
"linux/nix/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
options = {
# recordsize = "16MiB";
# compression = "zstd-19";
};
};
"linux/nix/home" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/home";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
};
"linux/nix/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
};
"linux/nix/state" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/state";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
};
};
};
};
};
# Make sure all persistent volumes are marked as neededForBoot
#
# Also mounts /home so it is mounted before the user home directories are created.
fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
fileSystems."/".options = [
"noatime"
"norelatime"
];
fileSystems."/boot".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [
"noatime"
"norelatime"
];
fileSystems."/persist".options = [
"noatime"
"norelatime"
];
fileSystems."/state".options = [
"noatime"
"norelatime"
];
fileSystems."/home".options = [
"noatime"
"norelatime"
];
# Only attempt to decrypt the main pool. Otherwise it attempts to decrypt pools that aren't even used.
boot.zfs.requestEncryptionCredentials = [ "zroot/linux/nix" ];
}

19
nix/configuration/hosts/family_disks/distributed_build.nix Normal file
View File

@@ -0,0 +1,19 @@
{
imports = [ ];
config = {
me.distributed_build.enable = true;
me.distributed_build.machines.quark = {
enable = false;
additional_config = {
speedFactor = 2;
};
};
me.distributed_build.machines.hydra = {
enable = true;
additional_config = {
speedFactor = 2;
};
};
};
}

33
nix/configuration/hosts/family_disks/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,33 @@
{
config,
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
config = {
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
}

75
nix/configuration/hosts/family_disks/power_management.nix Normal file
View File

@@ -0,0 +1,75 @@
{
pkgs,
...
}:
{
imports = [ ];
config = {
environment.systemPackages = with pkgs; [
powertop
];
# amdgpu.abmlevel=3 :: Automatically reduce screen brightness but tweak colors to compensate for power reduction.
# pcie_aspm=force pcie_aspm.policy=powersupersave :: Enable PCIe active state power management for power reduction.
# nowatchdog :: Disable watchdog for power savings (related to disable_sp5100_watchdog above).
# amd_pstate=passive :: Fully automated hardware pstate control.
# amd_pstate=active :: Same as passive except we can set the energy performance preference (EPP) to suggest how much we prefer performance or energy efficiency.
# amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds.
# amdgpu.dcdebugmask=0x10 :: Allegedly disables Panel Replay from https://community.frame.work/t/tracking-freezing-arch-linux-amd/39495/32
boot.kernelParams = [
"amdgpu.abmlevel=2"
"pcie_aspm=force"
# "pcie_aspm.policy=powersupersave"
"nowatchdog"
# I don't see a measurable benefit from these two:
# "cpufreq.default_governor=powersave"
# "initcall_blacklist=cpufreq_gov_userspace_init"
];
systemd.tmpfiles.rules = [
"w- /sys/firmware/acpi/platform_profile - - - - low-power"
"w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy4/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy5/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy6/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy7/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy8/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy9/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy10/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy11/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy12/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpu0/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu1/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu2/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu3/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu4/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu5/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu6/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu7/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu8/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu9/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu10/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu11/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu12/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu13/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu14/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu15/cpufreq/boost - - - - 0"
];
boot.extraModprobeConfig = ''
# Disable the hardware watchdog inside AMD 700 chipset series for power savings.
blacklist sp5100_tco
# Sound power-saving was causing chat notifications to be inaudible.
# options snd_hda_intel power_save=1
'';
};
}

7
nix/configuration/hosts/family_disks/wrapped-disk-config.nix Normal file
View File

@@ -0,0 +1,7 @@
{
config,
lib,
...
}:
lib.mkIf (!config.me.buildingPortable) (import ./disk-config.nix)

2
nix/configuration/hosts/hydra/DEPLOY_BOOT
View File

@@ -10,4 +10,4 @@ TARGET=hydra
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/hydra/DEPLOY_SWITCH
View File

@@ -10,4 +10,4 @@ TARGET=hydra
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/hydra/ISO
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#hydra.iso" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#hydra.iso" --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/hydra/SELF_BOOT
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#hydra" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#hydra" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/hydra/SELF_BUILD
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#hydra" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#hydra" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/hydra/SELF_SWITCH
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#hydra" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#hydra" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/hydra/VM_ISO
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#hydra.vm_iso" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#hydra.vm_iso" --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

66
nix/configuration/hosts/hydra/default.nix
View File

@@ -18,10 +18,43 @@
]; ];
config = { config = {
networking =
let
interface = "enp0s2";
in
{
# Generate with `head -c4 /dev/urandom | od -A none -t x4` # Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "6fbf418b"; hostId = "6fbf418b";
networking.hostName = "hydra"; # Define your hostname. hostName = "hydra"; # Define your hostname.
interfaces = {
"${interface}" = {
ipv4.addresses = [
{
address = "10.215.1.219";
prefixLength = 24;
}
];
ipv6.addresses = [
{
address = "2620:11f:7001:7:ffff:ffff:0ad7:01db";
prefixLength = 64;
}
];
};
};
defaultGateway = "10.215.1.1";
defaultGateway6 = {
# address = "2620:11f:7001:7::1";
address = "2620:11f:7001:7:ffff:ffff:0ad7:0101";
inherit interface;
};
dhcpcd.enable = lib.mkForce false;
useDHCP = lib.mkForce false;
};
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
@@ -63,13 +96,42 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
htop htop
git # for building on hydra
tmux # for building on hydra
nix-output-monitor # for building on hydra
]; ];
# nix.sshServe.enable = true; # nix.sshServe.enable = true;
# nix.sshServe.keys = [ "ssh-dss AAAAB3NzaC1k... bob@example.org" ]; # nix.sshServe.keys = [ "ssh-dss AAAAB3NzaC1k... bob@example.org" ];
# Override garbage collection to keep things longer
# Automatic garbage collection
nix.gc = lib.mkForce {
automatic = true;
persistent = true;
dates = "weekly";
# randomizedDelaySec = "14m";
options = "--delete-older-than 60d";
};
# The default limit of files is 1024 which is too low for some nix builds.
#
# Check with `ulimit -n`
security.pam.loginLimits = [
{
domain = "*";
item = "nofile";
type = "-";
value = "8192";
}
];
# systemd.user.extraConfig = "DefaultLimitNOFILE=8192";
# systemd.services."user@11400".serviceConfig.LimitNOFILE = "8192";
me.build_in_ram.enable = true; me.build_in_ram.enable = true;
me.dont_use_substituters.enable = true; me.dont_use_substituters.enable = true;
me.hydra.enable = true;
me.minimal_base.enable = true; me.minimal_base.enable = true;
me.nix_worker.enable = true; me.nix_worker.enable = true;
}; };

42
nix/configuration/hosts/hydra/vm_disk.nix
View File

@@ -26,7 +26,7 @@
neededForBoot = true; neededForBoot = true;
}; };
# "/.disk" = lib.mkForce { # "/.persist" = lib.mkForce {
# device = "bind9p"; # device = "bind9p";
# fsType = "9p"; # fsType = "9p";
# options = [ # options = [
@@ -35,6 +35,10 @@
# "version=9p2000.L" # "version=9p2000.L"
# "cache=mmap" # "cache=mmap"
# "msize=512000" # "msize=512000"
# "uname=root"
# "dfltuid=0"
# "dfltgid=0"
# "nodevmap"
# # "noauto" # # "noauto"
# # "x-systemd.automount" # # "x-systemd.automount"
# ]; # ];
@@ -67,25 +71,25 @@
neededForBoot = true; neededForBoot = true;
}; };
"/nix/store" = lib.mkForce { # "/nix/store" = lib.mkForce {
overlay = { # overlay = {
lowerdir = [ "/nix/.ro-store" ]; # lowerdir = [ "/nix/.ro-store" ];
upperdir = "/.disk/persist/store"; # upperdir = "/.disk/persist/store";
workdir = "/.disk/state/work"; # workdir = "/.disk/state/work";
}; # };
# fsType = "overlay"; # # fsType = "overlay";
# device = "overlay"; # # device = "overlay";
# options = [ # # options = [
# "lowerdir=/nix/.ro-store" # # "lowerdir=/nix/.ro-store"
# "upperdir=/.disk/persist/store" # # "upperdir=/.disk/persist/store"
# "workdir=/.disk/state/work" # # "workdir=/.disk/state/work"
# # ];
# depends = [
# "/nix/.ro-store"
# "/.disk/persist/store"
# "/.disk/state/work"
# ]; # ];
depends = [ # };
"/nix/.ro-store"
"/.disk/persist/store"
"/.disk/state/work"
];
};
}; };
}; };
} }

2
nix/configuration/hosts/i_only_boot_zfs/DEPLOY_BOOT
View File

@@ -10,4 +10,4 @@ TARGET=i_only_boot_zfs
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#i_only_boot_zfs" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --flake "$DIR/../../#i_only_boot_zfs" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/i_only_boot_zfs/DEPLOY_SWITCH
View File

@@ -10,4 +10,4 @@ TARGET=i_only_boot_zfs
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#i_only_boot_zfs" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --flake "$DIR/../../#i_only_boot_zfs" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/i_only_boot_zfs/ISO
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#i_only_boot_zfs.iso" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#i_only_boot_zfs.iso" --repair --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/i_only_boot_zfs/SELF_BOOT
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#i_only_boot_zfs" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#i_only_boot_zfs" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/i_only_boot_zfs/SELF_BUILD
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#i_only_boot_zfs" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#i_only_boot_zfs" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/i_only_boot_zfs/SELF_SWITCH
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#i_only_boot_zfs" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#i_only_boot_zfs" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/neelix/DEPLOY_BOOT
View File

@@ -12,6 +12,6 @@ TARGET=neelix
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#neelix' # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#neelix'

2
nix/configuration/hosts/neelix/DEPLOY_SWITCH
View File

@@ -12,6 +12,6 @@ TARGET=neelix
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#neelix' # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#neelix'

2
nix/configuration/hosts/odo/DEPLOY_BOOT
View File

@@ -10,4 +10,4 @@ TARGET=odo
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/odo/DEPLOY_SWITCH
View File

@@ -10,4 +10,4 @@ TARGET=odo
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/odo/ISO
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#odo.iso" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#odo.iso" --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/odo/SELF_BOOT
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --repair --log-format internal-json -v "${@}" |& nom --json

4
nix/configuration/hosts/odo/SELF_BUILD
View File

@@ -5,6 +5,8 @@ IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
: "${NOM:="true"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/odo/SELF_SWITCH
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --repair --log-format internal-json -v "${@}" |& nom --json

8
nix/configuration/hosts/odo/default.nix
View File

@@ -77,6 +77,7 @@
me.alacritty.enable = true; me.alacritty.enable = true;
me.amd_s2idle.enable = true; me.amd_s2idle.enable = true;
me.android.enable = true;
me.ansible.enable = true; me.ansible.enable = true;
me.ares.enable = true; me.ares.enable = true;
me.base.enable = true; me.base.enable = true;
@@ -92,6 +93,7 @@
me.ecc.enable = false; me.ecc.enable = false;
me.emacs_flavor = "full"; me.emacs_flavor = "full";
me.emulate_isa.enable = true; me.emulate_isa.enable = true;
me.esim.enable = true;
me.firefox.enable = true; me.firefox.enable = true;
me.firewall.enable = true; me.firewall.enable = true;
me.flux.enable = true; me.flux.enable = true;
@@ -103,7 +105,9 @@
me.gpg.enable = true; me.gpg.enable = true;
me.graphical = true; me.graphical = true;
me.graphics_card_type = "amd"; me.graphics_card_type = "amd";
me.graphviz.enable = true;
me.iso_mount.enable = true; me.iso_mount.enable = true;
me.jujutsu.config = ../../roles/jujutsu/files/jujutsu_config_home.toml;
me.jujutsu.enable = true; me.jujutsu.enable = true;
me.kanshi.enable = false; me.kanshi.enable = false;
me.kubernetes.enable = true; me.kubernetes.enable = true;
@@ -114,10 +118,13 @@
me.memtest.enable = true; me.memtest.enable = true;
me.network.enable = true; me.network.enable = true;
me.nix_index.enable = true; me.nix_index.enable = true;
me.nix_repl.enable = true;
me.nixdev.enable = true;
me.nvme.enable = true; me.nvme.enable = true;
me.openpgp_card_tools.enable = true; me.openpgp_card_tools.enable = true;
me.pcsx2.enable = true; me.pcsx2.enable = true;
me.podman.enable = true; me.podman.enable = true;
me.postgresql_client.enable = true;
me.python.enable = true; me.python.enable = true;
me.qemu.enable = true; me.qemu.enable = true;
me.recovery.enable = true; me.recovery.enable = true;
@@ -143,6 +150,7 @@
me.vscode.enable = true; me.vscode.enable = true;
me.wasm.enable = true; me.wasm.enable = true;
me.waybar.enable = true; me.waybar.enable = true;
me.webcam.enable = true;
me.wine.enable = false; me.wine.enable = false;
me.wireguard.activated = [ me.wireguard.activated = [
"drmario" "drmario"

6
nix/configuration/hosts/odo/distributed_build.nix
View File

@@ -4,6 +4,12 @@
config = { config = {
me.distributed_build.enable = true; me.distributed_build.enable = true;
me.distributed_build.machines.quark = { me.distributed_build.machines.quark = {
enable = false;
additional_config = {
speedFactor = 2;
};
};
me.distributed_build.machines.hydra = {
enable = true; enable = true;
additional_config = { additional_config = {
speedFactor = 2; speedFactor = 2;

2
nix/configuration/hosts/odowork/DEPLOY_BOOT
View File

@@ -8,4 +8,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
TARGET=odowork TARGET=odowork
nixos-rebuild boot --flake "$DIR/../../#odowork" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --flake "$DIR/../../#odowork" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/odowork/DEPLOY_SWITCH
View File

@@ -8,4 +8,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
TARGET=odowork TARGET=odowork
nixos-rebuild switch --flake "$DIR/../../#odowork" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --flake "$DIR/../../#odowork" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/odowork/INSTALLER
View File

@@ -6,4 +6,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#odowork.installer" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#odowork.installer" --repair --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/odowork/ISO
View File

@@ -6,4 +6,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#odowork.iso" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#odowork.iso" --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/odowork/SELF_BOOT
View File

@@ -6,4 +6,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odowork" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odowork" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/odowork/SELF_BUILD
View File

@@ -6,4 +6,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odowork" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odowork" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/odowork/SELF_SWITCH
View File

@@ -6,4 +6,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odowork" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odowork" --repair --log-format internal-json -v "${@}" |& nom --json

7
nix/configuration/hosts/odowork/default.nix
View File

@@ -84,6 +84,7 @@
me.alacritty.enable = true; me.alacritty.enable = true;
me.amd_s2idle.enable = true; me.amd_s2idle.enable = true;
me.android.enable = true;
me.ansible.enable = true; me.ansible.enable = true;
me.base.enable = true; me.base.enable = true;
me.bluetooth.enable = true; me.bluetooth.enable = true;
@@ -106,7 +107,9 @@
me.gpg.enable = true; me.gpg.enable = true;
me.graphical = true; me.graphical = true;
me.graphics_card_type = "amd"; me.graphics_card_type = "amd";
me.graphviz.enable = true;
me.iso_mount.enable = true; me.iso_mount.enable = true;
me.jujutsu.config = ../../roles/jujutsu/files/jujutsu_config_home.toml;
me.jujutsu.enable = true; me.jujutsu.enable = true;
me.latex.enable = true; me.latex.enable = true;
me.launch_keyboard.enable = true; me.launch_keyboard.enable = true;
@@ -115,9 +118,12 @@
me.memtest.enable = true; me.memtest.enable = true;
me.network.enable = true; me.network.enable = true;
me.nix_index.enable = true; me.nix_index.enable = true;
me.nix_repl.enable = true;
me.nixdev.enable = true;
me.nvme.enable = true; me.nvme.enable = true;
me.openpgp_card_tools.enable = true; me.openpgp_card_tools.enable = true;
me.podman.enable = true; me.podman.enable = true;
me.postgresql_client.enable = true;
me.python.enable = true; me.python.enable = true;
me.rust.enable = true; me.rust.enable = true;
me.sequoia.enable = true; me.sequoia.enable = true;
@@ -134,6 +140,7 @@
me.vscode.enable = true; me.vscode.enable = true;
me.vscode.enable_work_profile = true; me.vscode.enable_work_profile = true;
me.waybar.enable = true; me.waybar.enable = true;
me.webcam.enable = true;
me.wireguard.activated = [ me.wireguard.activated = [
"wgh" "wgh"
]; ];

6
nix/configuration/hosts/odowork/distributed_build.nix
View File

@@ -4,6 +4,12 @@
config = { config = {
me.distributed_build.enable = true; me.distributed_build.enable = true;
me.distributed_build.machines.quark = { me.distributed_build.machines.quark = {
enable = false;
additional_config = {
speedFactor = 2;
};
};
me.distributed_build.machines.hydra = {
enable = true; enable = true;
additional_config = { additional_config = {
speedFactor = 2; speedFactor = 2;

2
nix/configuration/hosts/quark/DEPLOY_BOOT
View File

@@ -10,4 +10,4 @@ TARGET=quark
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/quark/DEPLOY_SWITCH
View File

@@ -10,4 +10,4 @@ TARGET=quark
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/quark/ISO
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#quark.iso" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#quark.iso" --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/quark/SELF_BOOT
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/quark/SELF_BUILD
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/quark/SELF_SWITCH
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --repair --log-format internal-json -v "${@}" |& nom --json

9
nix/configuration/hosts/quark/default.nix
View File

@@ -11,6 +11,7 @@
./hardware-configuration.nix ./hardware-configuration.nix
./power_management.nix ./power_management.nix
./waybar.nix ./waybar.nix
./wifi.nix
]; ];
config = { config = {
@@ -72,6 +73,7 @@
me.alacritty.enable = true; me.alacritty.enable = true;
me.amd_s2idle.enable = true; me.amd_s2idle.enable = true;
me.ansible.enable = true; me.ansible.enable = true;
me.android.enable = true;
me.ares.enable = true; me.ares.enable = true;
me.base.enable = true; me.base.enable = true;
me.bluetooth.enable = true; me.bluetooth.enable = true;
@@ -86,6 +88,7 @@
me.ecc.enable = true; me.ecc.enable = true;
me.emacs_flavor = "full"; me.emacs_flavor = "full";
me.emulate_isa.enable = true; me.emulate_isa.enable = true;
me.esim.enable = true;
me.firefox.enable = true; me.firefox.enable = true;
me.firewall.enable = true; me.firewall.enable = true;
me.flux.enable = true; me.flux.enable = true;
@@ -97,7 +100,9 @@
me.gpg.enable = true; me.gpg.enable = true;
me.graphical = true; me.graphical = true;
me.graphics_card_type = "amd"; me.graphics_card_type = "amd";
me.graphviz.enable = true;
me.iso_mount.enable = true; me.iso_mount.enable = true;
me.jujutsu.config = ../../roles/jujutsu/files/jujutsu_config_home.toml;
me.jujutsu.enable = true; me.jujutsu.enable = true;
me.kanshi.enable = false; me.kanshi.enable = false;
me.kubernetes.enable = true; me.kubernetes.enable = true;
@@ -108,11 +113,14 @@
me.memtest.enable = true; me.memtest.enable = true;
me.network.enable = true; me.network.enable = true;
me.nix_index.enable = true; me.nix_index.enable = true;
me.nix_repl.enable = true;
me.nix_worker.enable = true; me.nix_worker.enable = true;
me.nixdev.enable = true;
me.nvme.enable = true; me.nvme.enable = true;
me.openpgp_card_tools.enable = true; me.openpgp_card_tools.enable = true;
me.pcsx2.enable = true; me.pcsx2.enable = true;
me.podman.enable = true; me.podman.enable = true;
me.postgresql_client.enable = true;
me.python.enable = true; me.python.enable = true;
me.qemu.enable = true; me.qemu.enable = true;
me.recovery.enable = true; me.recovery.enable = true;
@@ -138,6 +146,7 @@
me.vscode.enable = true; me.vscode.enable = true;
me.wasm.enable = true; me.wasm.enable = true;
me.waybar.enable = true; me.waybar.enable = true;
me.webcam.enable = true;
me.wine.enable = false; me.wine.enable = false;
me.wireguard.activated = [ me.wireguard.activated = [
"drmario" "drmario"

9
nix/configuration/hosts/quark/disk-config.nix
View File

@@ -75,6 +75,15 @@
mountpoint = "/"; mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank"; postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
}; };
"linux/nix/boot" = {
type = "zfs_fs";
options = {
mountpoint = "legacy";
"org.zfsbootmenu:active" = "on";
};
mountpoint = "/boot";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/boot@blank$' || zfs snapshot zroot/linux/nix/boot@blank";
};
"linux/nix/nix" = { "linux/nix/nix" = {
type = "zfs_fs"; type = "zfs_fs";
options.mountpoint = "legacy"; options.mountpoint = "legacy";

6
nix/configuration/hosts/quark/distributed_build.nix
View File

@@ -3,5 +3,11 @@
config = { config = {
me.distributed_build.enable = true; me.distributed_build.enable = true;
me.distributed_build.machines.hydra = {
enable = true;
additional_config = {
speedFactor = 2;
};
};
}; };
} }

20
nix/configuration/hosts/quark/wifi.nix Normal file
View File

@@ -0,0 +1,20 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = {
hardware.mediatek-mt7927 = {
enable = true;
enableWifi = true;
enableBluetooth = true;
# Highly recommended to fix upload speed issues
disableAspm = true;
};
};
}

2
nix/configuration/hosts/recovery/DEPLOY_BOOT
View File

@@ -10,4 +10,4 @@ TARGET=recovery
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#recovery" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --flake "$DIR/../../#recovery" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/recovery/DEPLOY_SWITCH
View File

@@ -10,4 +10,4 @@ TARGET=recovery
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#recovery" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --flake "$DIR/../../#recovery" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/recovery/ISO
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#recovery.iso" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#recovery.iso" --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/recovery/SELF_BOOT
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#recovery" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#recovery" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/recovery/SELF_BUILD
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#recovery" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#recovery" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/recovery/SELF_SWITCH
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#recovery" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#recovery" --repair --log-format internal-json -v "${@}" |& nom --json

204
nix/configuration/package/grub/add-hidden-menu-entries.patch
View File

@@ -1,204 +0,0 @@
diff --git a/grub-core/commands/legacycfg.c b/grub-core/commands/legacycfg.c
index e9e9d94ef..54e08a1b4 100644
--- a/grub-core/commands/legacycfg.c
+++ b/grub-core/commands/legacycfg.c
@@ -143,7 +143,7 @@ legacy_file (const char *filename)
args[0] = oldname;
grub_normal_add_menu_entry (1, args, NULL, NULL, "legacy",
NULL, NULL,
- entrysrc, 0);
+ entrysrc, 0, 0);
grub_free (args);
entrysrc[0] = 0;
grub_free (oldname);
@@ -205,7 +205,7 @@ legacy_file (const char *filename)
}
args[0] = entryname;
grub_normal_add_menu_entry (1, args, NULL, NULL, NULL,
- NULL, NULL, entrysrc, 0);
+ NULL, NULL, entrysrc, 0, 0);
grub_free (args);
}
diff --git a/grub-core/commands/menuentry.c b/grub-core/commands/menuentry.c
index 720e6d8ea..50632ccce 100644
--- a/grub-core/commands/menuentry.c
+++ b/grub-core/commands/menuentry.c
@@ -78,7 +78,7 @@ grub_normal_add_menu_entry (int argc, const char **args,
char **classes, const char *id,
const char *users, const char *hotkey,
const char *prefix, const char *sourcecode,
- int submenu)
+ int submenu, int hidden)
{
int menu_hotkey = 0;
char **menu_args = NULL;
@@ -188,8 +188,11 @@ grub_normal_add_menu_entry (int argc, const char **args,
(*last)->args = menu_args;
(*last)->sourcecode = menu_sourcecode;
(*last)->submenu = submenu;
+ (*last)->hidden = hidden;
+
+ if (!hidden)
+ menu->size++;
- menu->size++;
return GRUB_ERR_NONE;
fail:
@@ -286,7 +289,8 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args)
users,
ctxt->state[2].arg, 0,
ctxt->state[3].arg,
- ctxt->extcmd->cmd->name[0] == 's');
+ ctxt->extcmd->cmd->name[0] == 's',
+ ctxt->extcmd->cmd->name[0] == 'h');
src = args[argc - 1];
args[argc - 1] = NULL;
@@ -303,7 +307,8 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args)
ctxt->state[0].args, ctxt->state[4].arg,
users,
ctxt->state[2].arg, prefix, src + 1,
- ctxt->extcmd->cmd->name[0] == 's');
+ ctxt->extcmd->cmd->name[0] == 's',
+ ctxt->extcmd->cmd->name[0] == 'h');
src[len - 1] = ch;
args[argc - 1] = src;
@@ -311,7 +316,7 @@ grub_cmd_menuentry (grub_extcmd_context_t ctxt, int argc, char **args)
return r;
}
-static grub_extcmd_t cmd, cmd_sub;
+static grub_extcmd_t cmd, cmd_sub, cmd_hidden;
void
grub_menu_init (void)
@@ -327,6 +332,12 @@ grub_menu_init (void)
| GRUB_COMMAND_FLAG_EXTRACTOR,
N_("BLOCK"), N_("Define a submenu."),
options);
+ cmd_hidden = grub_register_extcmd ("hiddenentry", grub_cmd_menuentry,
+ GRUB_COMMAND_FLAG_BLOCKS
+ | GRUB_COMMAND_ACCEPT_DASH
+ | GRUB_COMMAND_FLAG_EXTRACTOR,
+ N_("BLOCK"), N_("Define a hidden menu entry."),
+ options);
}
void
diff --git a/grub-core/normal/menu.c b/grub-core/normal/menu.c
index 6a90e091f..4236f55bc 100644
--- a/grub-core/normal/menu.c
+++ b/grub-core/normal/menu.c
@@ -37,6 +37,8 @@
entry failing to boot. */
#define DEFAULT_ENTRY_ERROR_DELAY_MS 2500
+#define MENU_INCLUDE_HIDDEN 0x10000
+
grub_err_t (*grub_gfxmenu_try_hook) (int entry, grub_menu_t menu,
int nested) = NULL;
@@ -80,8 +82,20 @@ grub_menu_get_entry (grub_menu_t menu, int no)
{
grub_menu_entry_t e;
- for (e = menu->entry_list; e && no > 0; e = e->next, no--)
- ;
+ if (no & MENU_INCLUDE_HIDDEN) {
+ no &= ~MENU_INCLUDE_HIDDEN;
+
+ for (e = menu->entry_list; e && no > 0; e = e->next, no--)
+ ;
+ } else {
+ for (e = menu->entry_list; e && no > 0; e = e->next, no--) {
+ /* Skip hidden entries */
+ while (e && e->hidden)
+ e = e->next;
+ }
+ while (e && e->hidden)
+ e = e->next;
+ }
return e;
}
@@ -93,10 +107,10 @@ get_entry_index_by_hotkey (grub_menu_t menu, int hotkey)
grub_menu_entry_t entry;
int i;
- for (i = 0, entry = menu->entry_list; i < menu->size;
+ for (i = 0, entry = menu->entry_list; entry;
i++, entry = entry->next)
if (entry->hotkey == hotkey)
- return i;
+ return i | MENU_INCLUDE_HIDDEN;
return -1;
}
@@ -509,6 +523,10 @@ get_entry_number (grub_menu_t menu, const char *name)
grub_menu_entry_t e = menu->entry_list;
int i;
+ /* Skip hidden entries */
+ while (e && e->hidden)
+ e = e->next;
+
grub_errno = GRUB_ERR_NONE;
for (i = 0; e; i++)
@@ -520,6 +538,10 @@ get_entry_number (grub_menu_t menu, const char *name)
break;
}
e = e->next;
+
+ /* Skip hidden entries */
+ while (e && e->hidden)
+ e = e->next;
}
if (! e)
diff --git a/grub-core/normal/menu_text.c b/grub-core/normal/menu_text.c
index b1321eb26..d2e46cac8 100644
--- a/grub-core/normal/menu_text.c
+++ b/grub-core/normal/menu_text.c
@@ -289,7 +289,11 @@ print_entries (grub_menu_t menu, const struct menu_viewer_data *data)
print_entry (data->geo.first_entry_y + i, data->offset == i,
e, data);
if (e)
- e = e->next;
+ e = e->next;
+
+ /* Skip hidden entries */
+ while (e && e->hidden)
+ e = e->next;
}
grub_term_gotoxy (data->term,
diff --git a/include/grub/menu.h b/include/grub/menu.h
index ee2b5e910..eb8a86ba9 100644
--- a/include/grub/menu.h
+++ b/include/grub/menu.h
@@ -58,6 +58,8 @@ struct grub_menu_entry
int submenu;
+ int hidden;
+
/* The next element. */
struct grub_menu_entry *next;
};
diff --git a/include/grub/normal.h b/include/grub/normal.h
index 218cbabcc..bcb412466 100644
--- a/include/grub/normal.h
+++ b/include/grub/normal.h
@@ -145,7 +145,7 @@ grub_normal_add_menu_entry (int argc, const char **args, char **classes,
const char *id,
const char *users, const char *hotkey,
const char *prefix, const char *sourcecode,
- int submenu);
+ int submenu, int hidden);
grub_err_t
grub_normal_set_password (const char *user, const char *password);

681
nix/configuration/package/grub/default.nix
View File

@@ -1,681 +0,0 @@
{
lib,
stdenv,
fetchgit,
flex,
bison,
python3,
autoconf,
automake,
libtool,
bash,
gettext,
ncurses,
libusb-compat-0_1,
freetype,
qemu,
lvm2,
unifont,
pkg-config,
help2man,
fetchzip,
fetchpatch,
buildPackages,
nixosTests,
fuse, # only needed for grub-mount
runtimeShell,
zfs ? null,
efiSupport ? false,
zfsSupport ? false,
xenSupport ? false,
xenPvhSupport ? false,
kbdcompSupport ? false,
ckbcomp,
}:
let
pcSystems = {
i686-linux.target = "i386";
x86_64-linux.target = "i386";
};
efiSystemsBuild = {
i686-linux.target = "i386";
x86_64-linux.target = "x86_64";
armv7l-linux.target = "arm";
aarch64-linux.target = "aarch64";
loongarch64-linux.target = "loongarch64";
riscv32-linux.target = "riscv32";
riscv64-linux.target = "riscv64";
};
# For aarch64, we need to use '--target=aarch64-efi' when building,
# but '--target=arm64-efi' when installing. Insanity!
efiSystemsInstall = {
i686-linux.target = "i386";
x86_64-linux.target = "x86_64";
armv7l-linux.target = "arm";
aarch64-linux.target = "arm64";
loongarch64-linux.target = "loongarch64";
riscv32-linux.target = "riscv32";
riscv64-linux.target = "riscv64";
};
xenSystemsBuild = {
i686-linux.target = "i386";
x86_64-linux.target = "x86_64";
};
xenPvhSystemsBuild = {
i686-linux.target = "i386";
x86_64-linux.target = "i386"; # Xen PVH is only i386 on x86.
};
inPCSystems = lib.any (system: stdenv.hostPlatform.system == system) (lib.attrNames pcSystems);
gnulib = fetchgit {
url = "https://git.savannah.gnu.org/git/gnulib.git";
# NOTE: keep in sync with bootstrap.conf!
rev = "9f48fb992a3d7e96610c4ce8be969cff2d61a01b";
hash = "sha256-mzbF66SNqcSlI+xmjpKpNMwzi13yEWoc1Fl7p4snTto=";
};
# The locales are fetched from translationproject.org at build time,
# but those translations are not versioned/stable. For that reason
# we take them from the nearest release tarball instead:
locales = fetchzip {
url = "https://ftp.gnu.org/gnu/grub/grub-2.12.tar.gz";
hash = "sha256-IoRiJHNQ58y0UhCAD0CrpFiI8Mz1upzAtyh5K4Njh/w=";
};
in
assert zfsSupport -> zfs != null;
assert !(efiSupport && (xenSupport || xenPvhSupport));
assert !(xenSupport && xenPvhSupport);
stdenv.mkDerivation rec {
pname = "grub";
version = "2.12";
src = fetchgit {
url = "https://git.savannah.gnu.org/git/grub.git";
tag = "grub-${version}";
hash = "sha256-lathsBb2f7urh8R86ihpTdwo3h1hAHnRiHd5gCLVpBc=";
};
patches = [
./fix-bash-completion.patch
./add-hidden-menu-entries.patch
# https://lists.gnu.org/archive/html/grub-devel/2025-02/msg00024.html
(fetchpatch {
name = "01_implement_grub_strlcpy.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=ea703528a8581a2ea7e0bad424a70fdf0aec7d8f";
hash = "sha256-MSMgu1vMG83HRImUUsTyA1YQaIhgEreGGPd+ZDWSI2I=";
})
(fetchpatch {
name = "02_CVE-2024-45781.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=c1a291b01f4f1dcd6a22b61f1c81a45a966d16ba";
hash = "sha256-q8ErK+cQzaqwSuhLRFL3AfYBkpgJq1IQmadnlmlz2yw=";
})
(fetchpatch {
name = "03_CVE-2024-45782_CVE-2024-56737.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=417547c10410b714e43f08f74137c24015f8f4c3";
hash = "sha256-mRinw27WZ2d1grzyzFGO18yXx72UVBM6Lf5cR8XJfs8=";
})
(fetchpatch {
name = "04_fs_tar_initialize_name_in_grub_cpio_find_file.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=2c8ac08c99466c0697f704242363fc687f492a0d";
hash = "sha256-EMGF0B+Fw6tSmllWUJAp1ynzWk+w2C/XM1LmXSReHWg=";
})
(fetchpatch {
name = "05_CVE-2024-45780.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=0087bc6902182fe5cedce2d034c75a79cf6dd4f3";
hash = "sha256-IlW5i4EJVoUYPu9/lb0LeytTpzltQuu5fpkFPQNIhls=";
})
(fetchpatch {
name = "06_fs_f2fs_grub_errno_mount_fails.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=563436258cde64da6b974880abff1bf0959f4da3";
hash = "sha256-Iu0RPyB+pAnqMT+MTX+TrJbYJsvYPn7jbMgE1jcLh/Q=";
})
(fetchpatch {
name = "07_CVE-2024-45783.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=f7c070a2e28dfab7137db0739fb8db1dc02d8898";
hash = "sha256-V1wh2dPeTazmad61jFtOjhq2MdoD+txPWY/AfwwyTZM=";
})
(fetchpatch {
name = "08_fs_iso9660_grub_errno_mount_fails.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=965db5970811d18069b34f28f5f31ddadde90a97";
hash = "sha256-6eN1AvZwXkJOQVcjgymy/E7QiAxzL/d0W3KlAZRqUzI=";
})
(fetchpatch {
name = "09_fs_iso9660_fix_invalid_free.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=1443833a9535a5873f7de3798cf4d8389f366611";
hash = "sha256-Gt5yMy5Vg9zrDggj3o/TLNt2vT9/6IuHg4Se2p8e8pI=";
})
(fetchpatch {
name = "10_fs_jfs_fix_oob_read_jfs_getent.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=66175696f3a385b14bdf1ebcda7755834bd2d5fb";
hash = "sha256-ETbzbc5gvf55sTLjmJOXXC9VH3qcP1Gv5seR/U9NRiY=";
})
(fetchpatch {
name = "11_fs_jfs_fix_oob_read_caused_by_invalid_dir_slot_index.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=ab09fd0531f3523ac0ef833404526c98c08248f7";
hash = "sha256-wE6niiIx4BdN800/Eegb6IbBRoMFpXq9kPvatwhWNXY=";
})
(fetchpatch {
name = "12_fs_jfs_use_full_40_bits_offset_and_address_for_data_extent.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=bd999310fe67f35a66de3bfa2836da91589d04ef";
hash = "sha256-fbC4oTEIoGWJASzJI5RXfoanrMLTfjFOI51LCUU7Ctg=";
})
(fetchpatch {
name = "13_fs_jfs_inconsistent_signed_unsigned_types_usage.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=edd995a26ec98654d907a9436a296c2d82bc4b28";
hash = "sha256-aa1G1vi4bPZejfKEqZokAZTzY9Ea2lyxTrP4drDV9tk=";
})
(fetchpatch {
name = "14_fs_ext2_fix_out-of-bounds_read_for_inline_extent.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=7e2f750f0a795c4d64ec7dc7591edac8da2e978c";
hash = "sha256-PtPqZHMU2fy7btRRaaswLyHizplxnygCzDfcg5ievOQ=";
})
(fetchpatch {
name = "15_fs_ntfs_fix_out-of-bounds_read.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=aff26318783a135562b904ff09e2359893885732";
hash = "sha256-znN6lkAB9aAhTGKR1038DzOz5nzuTp+7ylHVqRM7HeI=";
})
(fetchpatch {
name = "16_fs_ntfs_track_the_end_of_the_MFT_attribute_buffer.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=237a71184a32d1ef7732f5f49ed6a89c5fe1c99a";
hash = "sha256-0I/g0qHkWY6PArPn1UaYRhCrrh9bHknADh34v5eSjjM=";
})
(fetchpatch {
name = "17_fs_ntfs_use_a_helper_function_to_access_attributes.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=048777bc29043403d077d41a81d0183767b8bc71";
hash = "sha256-Mm49MSLqCq143r8ruLJm1QoyCoLtOlCBfqoAPwPlv8E=";
})
# Patch 18 (067b6d225d482280abad03944f04e30abcbdafa1) has been removed because it causes regressions
# https://lists.gnu.org/archive/html/grub-devel/2025-03/msg00067.html
(fetchpatch {
name = "19_fs_xfs_fix_out-of-bounds_read.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=6ccc77b59d16578b10eaf8a4fe85c20b229f0d8a";
hash = "sha256-FvTzFvfEi3oyxPC/dUHreyzzeVCskaUlYUjpKY/l0DE=";
})
(fetchpatch {
name = "20_fs_xfs_ensuring_failing_to_mount_sets_a_grub_errno.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=d1d6b7ea58aa5a80a4c4d0666b49460056c8ef0a";
hash = "sha256-SLdXMmYHq/gRmWrjRrOu5ZYFod84EllUL6hk+gnr3kg=";
})
(fetchpatch {
name = "21_kern_file_ensure_file_data_is_set.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=a7910687294b29288ac649e71b47493c93294f17";
hash = "sha256-DabZK9eSToEmSA9dEwtEN+URiVyS9qf6e2Y2UiMuy8Q=";
})
(fetchpatch {
name = "22_kern_file_implement_filesystem_reference_counting.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=16f196874fbe360a1b3c66064ec15adadf94c57b";
excludes = [ "grub-core/fs/erofs.c" ]; # Does not exist on 2.12
hash = "sha256-yGU//1tPaxi+xFKZrsbUAnvgFpwtrIMG+8cPbSud4+U=";
})
(fetchpatch {
name = "23_prerequisite_1_key_protector_add_key_protectors_framework.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=5d260302da672258444b01239803c8f4d753e3f3";
hash = "sha256-5aFHzc5qXBNLEc6yzI17AH6J7EYogcXdLxk//1QgumY=";
})
(fetchpatch {
name = "23_prerequisite_2_disk_cryptodisk_allow_user_to_retry_failed_passphrase.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=386b59ddb42fa3f86ddfe557113b25c8fa16f88c";
hash = "sha256-e1kGQB7wGWvEb2bY3xIpZxE1uzTt9JOKi05jXyUm+bI=";
})
(fetchpatch {
name = "23_prerequisite_3_cryptodisk_support_key_protectors.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=ad0c52784a375cecaa8715d7deadcf5d65baf173";
hash = "sha256-+YIvUYA3fLiOFFsXDrQjqjWFluzLa7N1tv0lwq8BqCs=";
})
(fetchpatch {
name = "23_prerequisite_4_cryptodisk_fallback_to_passphrase.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=6abf8af3c54abc04c4ec71c75d10fcfbc190e181";
hash = "sha256-eMu9rW4iJucDAsTQMJD1XE6dDIcUmn02cGqIaqBbO3o=";
})
(fetchpatch {
name = "23_prerequisite_5_cryptodisk_wipe_out_the_cached_keys_from_protectors.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=b35480b48e6f9506d8b7ad8a3b5206d29c24ea95";
hash = "sha256-5L6Rr+X5Z+Ip91z8cpLcatDW1vyEoZa1icL2oMXPXuI=";
})
(fetchpatch {
name = "23_prerequisite_6_cli_lock_add_build_option_to_block_command_line_interface.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=bb65d81fe320e4b20d0a9b32232a7546eb275ecc";
hash = "sha256-HxXgtvEhtaIjXbOcxJHNpD9/NVOv3uXPnue7cagEMu8=";
})
# (fetchpatch {
# name = "23_CVE-2024-49504.patch";
# url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=13febd78db3cd85dcba67d8ad03ad4d42815f11e";
# hash = "sha256-U7lNUb4iVAyQ1yEg5ECHCQGE51tKvY13T9Ji09Q1W9Y=";
# })
(fetchpatch {
name = "24_disk_loopback_reference_tracking_for_the_loopback.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=67f70f70a36b6e87a65f928fe1e840a12eafb7ae";
hash = "sha256-sWBnSF3rAuY1A/IIK1Pc+BqTvyK3j7+lLEhvImtBQMA=";
})
(fetchpatch {
name = "25_kern_disk_limit_recursion_depth.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=18212f0648b6de7d71d4c8f41eb4d8b78b3a299b";
hash = "sha256-HiVzXUNs45Fxh4DSqO8wAxSBM7CaYU/bix0PVBcIHGw=";
})
(fetchpatch {
name = "26_kern_partition_limit_recursion_in_part_iterate.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=8a7103fddfd6664f41081f3bb88eebbf2871da2a";
hash = "sha256-Nw1VFRVww1VSDSBkRrnTGeaA2PKCitugM12XH6X/2YI=";
})
(fetchpatch {
name = "27_script_execute_limit_the_recursion_depth.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=d8a937ccae5c6d86dc4375698afca5cefdcd01e1";
hash = "sha256-YOAdPMZ2iBNMzIwAXFkkyTMKh4ptZUQ0J3v9EjnRlbo=";
})
(fetchpatch {
name = "28_net_unregister_net_default_ip_and_net_default_mac_variables_hooks_on_unload.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=a1dd8e59da26f1a9608381d3a1a6c0f465282b1d";
hash = "sha256-7fqdkhFqLECzhz1OLavkHrE9ktDAEmx9ZxZayNr/Eo4=";
})
(fetchpatch {
name = "29_net_remove_variables_hooks_when_interface_is_unregisted.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=aa8b4d7facef7b75a2703274b1b9d4e0e734c401";
hash = "sha256-m3VLDbJlwchV5meEpU4LJrDxBtA80qvYcVMJinHLnac=";
})
(fetchpatch {
name = "30_CVE-2025-0624.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=5eef88152833062a3f7e017535372d64ac8ef7e1";
hash = "sha256-DvhzHnenAmO9SZpi4kU+0GhyKZB4q4xQYuNJgEhJmn0=";
})
(fetchpatch {
name = "31_net_tftp_fix_stack_buffer_overflow_in_tftp_open.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=0707accab1b9be5d3645d4700dde3f99209f9367";
hash = "sha256-16NrpWFSE4jFT2uxmJg16jChw8HiGRTol25XQXNQ5l4=";
})
(fetchpatch {
name = "32_CVE-2024-45774.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=2c34af908ebf4856051ed29e46d88abd2b20387f";
hash = "sha256-OWmF+fp2TmetQjV4EWMcESW8u52Okkb5C5IPLfczyv4=";
})
(fetchpatch {
name = "33_kern_dl_fix_for_an_integer_overflow_in_grub_dl_ref.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=500e5fdd82ca40412b0b73f5e5dda38e4a3af96d";
hash = "sha256-FNqOWo+oZ4/1sCbTi2uaeKchUxwAKXtbzhScezm0yxk=";
})
# Patch 34 (https://git.savannah.gnu.org/cgit/grub.git/patch/?id=d72208423dcabf9eb4a3bcb17b6b31888396bd49)
# is skipped, grub_dl_set_mem_attrs() does not exist on 2.12
(fetchpatch {
name = "35_kern_dl_check_for_the_SHF_INFO_LINK_flag_in_grub_dl_relocate_symbols.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=98ad84328dcabfa603dcf5bd217570aa6b4bdd99";
hash = "sha256-Zi4Pj2NbodL0VhhO5MWhvErb8xmA7Li0ur0MxpgQjzg=";
})
(fetchpatch {
name = "36_CVE-2024-45775.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=05be856a8c3aae41f5df90cab7796ab7ee34b872";
hash = "sha256-T6DO8iuImQTP7hPaCAHMtFnheQoCkZ6w+kfNolLPmrY=";
})
(fetchpatch {
name = "37_commands_ls_fix_NULL_dereference.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=0bf56bce47489c059e50e61a3db7f682d8c44b56";
hash = "sha256-h5okwqv4ZFahP3ANUbsk1fiSV4pwEnxUExeBgQ4tiTI=";
})
(fetchpatch {
name = "38_CVE-2025-0622.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=2123c5bca7e21fbeb0263df4597ddd7054700726";
hash = "sha256-tFE7VgImGZWDICyvHbrI1hqW6/XohgdTmk21MzljMGw=";
})
(fetchpatch {
name = "39_CVE-2025-0622.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=9c16197734ada8d0838407eebe081117799bfe67";
hash = "sha256-tTeuEvadKbXVuY0m0dKtTr11Lpb3yQi4zk0bpwrMOeA=";
})
(fetchpatch {
name = "40_CVE-2025-0622.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=7580addfc8c94cedb0cdfd7a1fd65b539215e637";
hash = "sha256-khRLpWqE7hzzoqssVkGFMjAv09T+uHn13Q9pCpogMms=";
})
(fetchpatch {
name = "41_CVE-2024-45776.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=09bd6eb58b0f71ec273916070fa1e2de16897a91";
hash = "sha256-yrl/6XUdKQg/MLe8KFuFoRRbQSyOhDmyvnWBV+sr3EY=";
})
(fetchpatch {
name = "42_CVE-2024-45777.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=b970a5ed967816bbca8225994cd0ee2557bad515";
hash = "sha256-Vl5Emw3O3Ba2hD1GCWune4PGduDDPO0gM5u+zx/OwKo=";
})
(fetchpatch {
name = "43_CVE-2025-0690.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=dad8f502974ed9ad0a70ae6820d17b4b142558fc";
hash = "sha256-DeWOncndX2VM8w1lb5fd5wHAZrI+ChB5Pj9XbUIfDWY=";
})
(fetchpatch {
name = "44_commands_test_stack_overflow_due_to_unlimited_recursion_depth.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=c68b7d23628a19da67ebe2e06f84165ee04961af";
hash = "sha256-aputM9KqkB/cK8hBiU9VXbu0LpLNlNCMVIeE9h2pMgY=";
})
(fetchpatch {
name = "45_CVE-2025-1118.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=34824806ac6302f91e8cabaa41308eaced25725f";
hash = "sha256-PKQs+fCwj4a9p4hbMqAT3tFNoAOw4xnbKmCwjPUgEOc=";
})
(fetchpatch {
name = "46_commands_memrw_disable_memory_reading_in_lockdown_mode.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=340e4d058f584534f4b90b7dbea2b64a9f8c418c";
hash = "sha256-NiMIUnfRreDBw+k4yxUzoRNMFL8pkJhVtkINVgmv5XA=";
})
(fetchpatch {
name = "47_commands_hexdump_disable_memory_reading_in_lockdown_mode.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=5f31164aed51f498957cdd6ed733ec71a8592c99";
hash = "sha256-NA7QjxZ9FP+WwiOveqLkbZqsF7hULIyaVS3gNaSUXJE=";
})
(fetchpatch {
name = "48_CVE-2024-45778_CVE-2024-45779.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=26db6605036bd9e5b16d9068a8cc75be63b8b630";
hash = "sha256-1+ImwkF/qsejWs2lpyO6xbcqVo2NJGv32gjrP8mEPnI=";
})
(fetchpatch {
name = "49_CVE-2025-0677_CVE-2025-0684_CVE-2025-0685_CVE-2025-0686_CVE-2025-0689.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=c4bc55da28543d2522a939ba4ee0acde45f2fa74";
hash = "sha256-qrlErSImMX8eXJHkXjOe5GZ6lWOya5SVpNoiqyEM1lE=";
})
(fetchpatch {
name = "50_disk_use_safe_math_macros_to_prevent_overflows.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=c407724dad6c3e2fc1571e57adbda71cc03f82aa";
hash = "sha256-kkAjxXvCdzwqh+oWtEF3qSPiUX9cGWO6eSFVeo7WJzQ=";
})
(fetchpatch {
name = "51_disk_prevent_overflows_when_allocating_memory_for_arrays.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=d8151f98331ee4d15fcca59edffa59246d8fc15f";
hash = "sha256-2U+gMLigOCCg3P1GB615xQ0B9PDA6j92tt1ba3Tqg+E=";
})
(fetchpatch {
name = "52_disk_check_if_returned_pointer_for_allocated_memory_is_NULL.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=33bd6b5ac5c77b346769ab5284262f94e695e464";
hash = "sha256-+BaJRskWP/YVEdvIxMvEydjQx2LpLlGphRtZjiOUxJ0=";
})
(fetchpatch {
name = "53_disk_ieee1275_ofdisk_call_grub_ieee1275_close_when_grub_malloc_fails.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=fbaddcca541805c333f0fc792b82772594e73753";
hash = "sha256-9sGA41HlB/8rtT/fMfkDo4ZJMXBSr+EyN92l/0gDfl4=";
})
(fetchpatch {
name = "54_fs_use_safe_math_macros_to_prevent_overflows.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=6608163b08a7a8be4b0ab2a5cd4593bba07fe2b7";
excludes = [ "grub-core/fs/erofs.c" ]; # Does not exist on 2.12
hash = "sha256-mW4MH5VH5pDxCaFhNh/4mEcYloga56p8vCi7X4kSaek=";
})
(fetchpatch {
name = "55_CVE-2025-0678_CVE-2025-1125.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=84bc0a9a68835952ae69165c11709811dae7634e";
hash = "sha256-rCliqM2+k7rTGNpdHFkg3pHvuISjoG0MQr6/8lIvwK4=";
})
(fetchpatch {
name = "56_fs_prevent_overflows_when_assigning_returned_values_from_read_number.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=cde9f7f338f8f5771777f0e7dfc423ddf952ad31";
hash = "sha256-dN3HJXNIYtaUZL0LhLabC4VKK6CVC8km9UTw/ln/6ys=";
})
(fetchpatch {
name = "57_fs_zfs_use_safe_math_macros_to_prevent_overflows.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=88e491a0f744c6b19b6d4caa300a576ba56db7c9";
hash = "sha256-taSuKyCf9+TiQZcF26yMWpDDQqCfTdRuZTqB9aEz3aA=";
})
(fetchpatch {
name = "58_fs_zfs_prevent_overflows_when_allocating_memory_for_arrays.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=7f38e32c7ebeaebb79e2c71e3c7d5ea367d3a39c";
hash = "sha256-E5VmP7I4TAEXxTz3j7mi/uIr9kOSzMoPHAYAbyu56Xk=";
})
(fetchpatch {
name = "59_fs_zfs_check_if_returned_pointer_for_allocated_memory_is_NULL.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=13065f69dae0eeb60813809026de5bd021051892";
hash = "sha256-1W//rHUspDS+utdNc069J8lX1ONfoBKiJYnUt46C/D0=";
})
(fetchpatch {
name = "60_fs_zfs_add_missing_NULL_check_after_grub_strdup_call.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=dd6a4c8d10e02ca5056681e75795041a343636e4";
hash = "sha256-iFLEkz5G6aQ8FXGuY7/wgN4d4o0+sUxWMKYIFcQ/H+o=";
})
(fetchpatch {
name = "61_net_use_safe_math_macros_to_prevent_overflows.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=4beeff8a31c4fb4071d2225533cfa316b5a58391";
hash = "sha256-/gs5ZhplQ1h7PWw0p+b5+0OxmRcvDRKWHj39ezhivcg=";
})
(fetchpatch {
name = "62_net_prevent_overflows_when_allocating_memory_for_arrays.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=dee2c14fd66bc497cdc74c69fde8c9b84637c8eb";
hash = "sha256-cO02tCGEeQhQF0TmgtNOgUwRLnNgmxhEefo1gtSlFOk=";
})
(fetchpatch {
name = "63_net_check_if_returned_pointer_for_allocated_memory_is_NULL.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=1c06ec900591d1fab6fbacf80dc010541d0a5ec8";
hash = "sha256-oSRhWWVraitoVDqGlFOVzdCkaNqFGOHLjJu75CSc388=";
})
(fetchpatch {
name = "64_fs_sfs_check_if_allocated_memory_is_NULL.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=e3c578a56f9294e286b6028ca7c1def997a17b15";
hash = "sha256-7tvFbmjWmWmmRykQjMvZV6IYlhSS8oNR7YfaO5XXAfU=";
})
(fetchpatch {
name = "65_script_execute_fix_potential_underflow_and_NULL.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=d13b6e8ebd10b4eb16698a002aa40258cf6e6f0e";
hash = "sha256-paMWaAIImzxtufUrVF5v4T4KnlDAJIPhdaHznu5CyZ8=";
})
(fetchpatch {
name = "66_osdep_unix_getroot_fix_potential_underflow.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=66733f7c7dae889861ea3ef3ec0710811486019e";
hash = "sha256-/14HC1kcW7Sy9WfJQFfC+YnvS/GNTMP+Uy6Dxd3zkwc=";
})
(fetchpatch {
name = "67_misc_ensure_consistent_overflow_error_messages.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=f8795cde217e21539c2f236bcbb1a4bf521086b3";
hash = "sha256-4X7wr1Tg16xDE9FO6NTlgkfLV5zFKmajeaOspIqcCuI=";
})
(fetchpatch {
name = "68_bus_usb_ehci_define_GRUB_EHCI_TOGGLE_as_grub_uint32_t.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=9907d9c2723304b42cf6da74f1cc6c4601391956";
hash = "sha256-D8xaI8g7ffGGmZqqeS8wxWIFLUWUBfmHwMVOHkYTc2I=";
})
(fetchpatch {
name = "69_normal_menu_use_safe_math_to_avoid_an_integer_overflow.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=5b36a5210e21bee2624f8acc36aefd8f10266adb";
hash = "sha256-UourmM0Zlaj4o+SnYi5AtjfNujDOt+2ez2XH/uWyiaM=";
})
(fetchpatch {
name = "70_kern_partition_add_sanity_check_after_grub_strtoul_call.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=8e6e87e7923ca2ae880021cb42a35cc9bb4c8fe2";
hash = "sha256-4keMUu6ZDKmuSQlFnldV15dDGUibsnSvoEWhLsqWieI=";
})
(fetchpatch {
name = "71_kern_misc_add_sanity_check_after_grub_strtoul_call.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=a8d6b06331a75d75b46f3dd6cc6fcd40dcf604b7";
hash = "sha256-2Mpe1sqyuoUPyMAKGZTNzG/ig3G3K8w0gia7lc508Rg=";
})
(fetchpatch {
name = "72_loader_i386_linux_cast_left_shift_to_grub_uint32_t.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=490a6ab71cebd96fae7a1ceb9067484f5ccbec2a";
hash = "sha256-e49OC1EBaX0/nWTTXT5xE5apTJPQV0myP5Ohxn9Wwa8=";
})
(fetchpatch {
name = "73_loader_i386_bsd_use_safe_math_to_avoid_underflow.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=4dc6166571645780c459dde2cdc1b001a5ec844c";
hash = "sha256-e8X+oBvejcFNOY1Tp/f6QqCDwrgK7f9u1F8SdO/dhy4=";
})
(fetchpatch {
# Fixes 7e2f750f0a (security patch 14/73)
name = "fs_ext2_rework_out-of-bounds_read_for_inline_and_external_extents.patch";
url = "https://git.savannah.gnu.org/cgit/grub.git/patch/?id=348cd416a3574348f4255bf2b04ec95938990997";
hash = "sha256-WBLYQxv8si2tvdPAvbm0/4NNqYWBMJpFV4GC0HhN/kE=";
})
];
postPatch =
if kbdcompSupport then
''
sed -i util/grub-kbdcomp.in -e 's@\bckbcomp\b@${ckbcomp}/bin/ckbcomp@'
''
else
''
echo '#! ${runtimeShell}' > util/grub-kbdcomp.in
echo 'echo "Compile grub2 with { kbdcompSupport = true; } to enable support for this command."' >> util/grub-kbdcomp.in
'';
depsBuildBuild = [ buildPackages.stdenv.cc ];
nativeBuildInputs = [
bison
flex
python3
pkg-config
gettext
freetype
autoconf
automake
help2man
];
buildInputs = [
ncurses
libusb-compat-0_1
freetype
lvm2
fuse
libtool
bash
]
++ lib.optional doCheck qemu
++ lib.optional zfsSupport zfs;
strictDeps = true;
hardeningDisable = [ "all" ];
separateDebugInfo = !xenSupport;
preConfigure = ''
for i in "tests/util/"*.in
do
sed -i "$i" -e's|/bin/bash|${stdenv.shell}|g'
done
# Apparently, the QEMU executable is no longer called
# `qemu-system-i386', even on i386.
#
# In addition, use `-nodefaults' to avoid errors like:
#
# chardev: opening backend "stdio" failed
# qemu: could not open serial device 'stdio': Invalid argument
#
# See <http://www.mail-archive.com/qemu-devel@nongnu.org/msg22775.html>.
sed -i "tests/util/grub-shell.in" \
-e's/qemu-system-i386/qemu-system-x86_64 -nodefaults/g'
unset CPP # setting CPP intereferes with dependency calculation
patchShebangs .
GNULIB_REVISION=$(. bootstrap.conf; echo $GNULIB_REVISION)
if [ "$GNULIB_REVISION" != ${gnulib.rev} ]; then
echo "This version of GRUB requires a different gnulib revision!"
echo "We have: ${gnulib.rev}"
echo "GRUB needs: $GNULIB_REVISION"
exit 1
fi
cp -f --no-preserve=mode ${locales}/po/LINGUAS ${locales}/po/*.po po
./bootstrap --no-git --gnulib-srcdir=${gnulib}
substituteInPlace ./configure --replace '/usr/share/fonts/unifont' '${unifont}/share/fonts'
'';
postConfigure = ''
# make sure .po files are up to date to workaround
# parallel `msgmerge --update` on autogenerated .po files:
# https://github.com/NixOS/nixpkgs/pull/248747#issuecomment-1676301670
make dist
'';
configureFlags = [
"--enable-grub-mount" # dep of os-prober
]
++ lib.optionals (stdenv.hostPlatform != stdenv.buildPlatform) [
# grub doesn't do cross-compilation as usual and tries to use unprefixed
# tools to target the host. Provide toolchain information explicitly for
# cross builds.
#
# Ref: # https://github.com/buildroot/buildroot/blob/master/boot/grub2/grub2.mk#L108
"TARGET_CC=${stdenv.cc.targetPrefix}cc"
"TARGET_NM=${stdenv.cc.targetPrefix}nm"
"TARGET_OBJCOPY=${stdenv.cc.targetPrefix}objcopy"
"TARGET_RANLIB=${stdenv.cc.targetPrefix}ranlib"
"TARGET_STRIP=${stdenv.cc.targetPrefix}strip"
]
++ lib.optional zfsSupport "--enable-libzfs"
++ lib.optionals efiSupport [
"--with-platform=efi"
"--target=${efiSystemsBuild.${stdenv.hostPlatform.system}.target}"
"--program-prefix="
]
++ lib.optionals xenSupport [
"--with-platform=xen"
"--target=${xenSystemsBuild.${stdenv.hostPlatform.system}.target}"
]
++ lib.optionals xenPvhSupport [
"--with-platform=xen_pvh"
"--target=${xenPvhSystemsBuild.${stdenv.hostPlatform.system}.target}"
];
# save target that grub is compiled for
grubTarget =
if efiSupport then
"${efiSystemsInstall.${stdenv.hostPlatform.system}.target}-efi"
else
lib.optionalString inPCSystems "${pcSystems.${stdenv.hostPlatform.system}.target}-pc";
doCheck = false;
enableParallelBuilding = true;
postInstall = ''
# Avoid a runtime reference to gcc
sed -i $out/lib/grub/*/modinfo.sh -e "/grub_target_cppflags=/ s|'.*'|' '|"
# just adding bash to buildInputs wasn't enough to fix the shebang
substituteInPlace $out/lib/grub/*/modinfo.sh \
--replace ${buildPackages.bash} "/usr/bin/bash"
'';
passthru.tests = {
nixos-grub = nixosTests.grub;
nixos-install-simple = nixosTests.installer.simple;
nixos-install-grub-uefi = nixosTests.installer.simpleUefiGrub;
nixos-install-grub-uefi-spec = nixosTests.installer.simpleUefiGrubSpecialisation;
};
meta = with lib; {
description = "GNU GRUB, the Grand Unified Boot Loader";
longDescription = ''
GNU GRUB is a Multiboot boot loader. It was derived from GRUB, GRand
Unified Bootloader, which was originally designed and implemented by
Erich Stefan Boleyn.
Briefly, the boot loader is the first software program that runs when a
computer starts. It is responsible for loading and transferring
control to the operating system kernel software (such as the Hurd or
the Linux). The kernel, in turn, initializes the rest of the
operating system (e.g., GNU).
'';
homepage = "https://www.gnu.org/software/grub/";
license = licenses.gpl3Plus;
platforms =
if efiSupport then
lib.attrNames efiSystemsBuild
else if xenSupport then
lib.attrNames xenSystemsBuild
else if xenPvhSupport then
lib.attrNames xenPvhSystemsBuild
else
platforms.gnu ++ platforms.linux;
maintainers = [ ];
};
}

24
nix/configuration/package/grub/fix-bash-completion.patch
View File

@@ -1,24 +0,0 @@
diff -ubr grub-2.00-orig/util/bash-completion.d/grub-completion.bash.in grub-2.00/util/bash-completion.d/grub-completion.bash.in
--- grub-2.00-orig/util/bash-completion.d/grub-completion.bash.in 2012-10-16 19:02:36.342733957 +0200
+++ grub-2.00/util/bash-completion.d/grub-completion.bash.in 2012-10-16 19:04:48.262733941 +0200
@@ -17,6 +17,12 @@
# along with GRUB. If not, see <http://www.gnu.org/licenses/>.
# bash completion for grub
+have()
+{
+ unset -v have
+ _have $1 && have=yes
+}
+
__grub_dir() {
local i c=1 boot_dir
@@ -479,6 +485,7 @@
have ${__grub_script_check_program} && \
complete -F _grub_script_check -o filenames ${__grub_script_check_program}
+unset -f have
# Local variables:
# mode: shell-script

5
nix/configuration/repl.nix
View File

@@ -1,5 +0,0 @@
let
flake = builtins.getFlake (toString ./.);
nixpkgs = import <nixpkgs> { };
in
{ inherit flake; } // flake // builtins // nixpkgs // nixpkgs.lib // flake.nixosConfigurations

26
nix/configuration/roles/android/default.nix Normal file
View File

@@ -0,0 +1,26 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
android.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install android.";
};
};
config = lib.mkIf config.me.android.enable {
environment.systemPackages = with pkgs; [
android-tools
];
users.users.talexander.extraGroups = [ "adbusers" ];
};
}

5
nix/configuration/roles/base/default.nix
View File

@@ -14,7 +14,7 @@ let
cleanup_temporary_files = ( cleanup_temporary_files = (
patchScriptBin "cleanup_temporary_files" (builtins.readFile ./files/cleanup_temporary_files.bash) patchScriptBin "cleanup_temporary_files" (builtins.readFile ./files/cleanup_temporary_files.bash)
); );
alias_rga = pkgs.writeShellScriptBin "ks" '' alias_rga = pkgs.writeShellScriptBin "rga" ''
exec ${pkgs.ripgrep}/bin/rg -uuu "''${@}" exec ${pkgs.ripgrep}/bin/rg -uuu "''${@}"
''; '';
in in
@@ -57,9 +57,10 @@ in
ipcalc ipcalc
gptfdisk # for cgdisk gptfdisk # for cgdisk
nix-output-monitor # For better view into nixos-rebuild nix-output-monitor # For better view into nixos-rebuild
nix-serve-ng # Serve nix store over http # nix-serve-ng # Serve nix store over http
cleanup_temporary_files cleanup_temporary_files
jq jq
inetutils # For whois
]; ];
}; };
} }

4
nix/configuration/roles/disko/default.nix
View File

@@ -85,9 +85,9 @@
set -xeuo pipefail set -xeuo pipefail
IFS=$'\n\t' IFS=$'\n\t'
#${this_nixos_config.config.system.build.destroyScript} ${this_nixos_config.config.system.build.destroyScript}
#${this_nixos_config.config.system.build.formatScript} ${this_nixos_config.config.system.build.formatScript}
${this_nixos_config.config.system.build.mountScript} ${this_nixos_config.config.system.build.mountScript}

71
nix/configuration/roles/distributed_build/default.nix
View File

@@ -25,6 +25,13 @@ let
}; };
description = "Additional config values for the buildMachines entry. For example, speedFactor."; description = "Additional config values for the buildMachines entry. For example, speedFactor.";
}; };
substituter_url = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
example = "ssh-ng://remote-host";
description = "URL to use as a substituter.";
};
}; };
static_host_configs = { static_host_configs = {
@@ -37,7 +44,40 @@ let
# "aarch64-linux" # "aarch64-linux"
]; ];
}; };
hydra = {
# Does not work, so we have to use root's authorized keys. Not sure why. My best guess is it is related to overriding the ssh target via the ssh config.
#
# From: base64 -w0 /persist/ssh/ssh_host_ed25519_key.pub
# publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUNJRk9tU0NWV25xVVFFL2RKd2R0STdRQ29LTHhBNHRmWnRSYStFSG9XV0wgcm9vdEBoeWRyYQo=";
# publicHostKey = "c3NoLXJzYSBBQUFBQjNOemFDMXljMkVBQUFBREFRQUJBQUFDQVFDNk1nNytKMys1d2c5QkJmLzkweWJhbnhJK3ZiSXRzY1ZoTzRRVFNMT1FJM1QxbWMrNUxTK2oxdDY4a20zVmx1c2k5WWh0UmNOVk1NbmZQT3Q3ejFyZ0Q4Y05iY3UzU0xCOTNGR2hvb1ZtUktyVEMyaVE4bkxZYVoyV1lrdnZ3UjJ6b24zTjRlTlFJdWUwR0EzTEtNKy82RDN5V3didjRYV2pFeWtpa1NoVFJUVUtMTjU4aUVVOVRmcnEzeE1Ib0EvYmJZMGIxK1QzUDRkQ05wb3BFcFczaVJaYkV0NUpvNS92VFBsVjc4L3I3bnV2eHlaVjU3dWhzYjhFQlFzYUdCYTIraEt6SUhFblBHWXlPUDVRRWVCZ1ZBUzh6bFg4aktaZnZuaDA0NmdFdFoyMWJWdHNBZHNXcnVYdXNEUVQyanJ2VjJOVTYvc2cyMzZPbFZvWVU4Z1JYRHZiTXhoclVSVWNsajM1RGlzTi9wMEd2clZOckVjSktZK245MS9UMG9qU0gvVTVlRzVPclhZRXQwVzIra0NsVDk0T2kxM2JjQkVDYmVUUXJKMjJRc1hKSnVEVkVzOWhsU2RLemZkMDVaaVc3MllHaHRCRWptL015UG1nSHhxYzNTKzEwc0VvT2FIazdtRjQ0M0o1MzZoWEVHZDhGWjROMnQ3MlF3V3RuUGoyNENYOG8wbmNJN2ZIYTRHTWsybi9EWU84MlNUTEJHeVBMTkxnK040NUcyYUhaSk1NWGprWlplMUVZS0dQQm5tcTFlVUdFMVd0ZkVRSEhCTHd3Y0dDdm15aWI1NTliQ0p5NWExS2pnSGNBYlk0WVRKOTlwMWtPT2lIcVlvTnArczlhSklPZU93aE5xbkkrOUxrWnYrbEhCdXRoM3A1anRRNzA3bEJMMmVBd1E9PSByb290QGh5ZHJhCg==";
systems = [
"i686-linux"
"x86_64-linux"
# "aarch64-linux"
];
hostName = lib.mkForce "hydra?remote-store=local?root=/.disk/root";
}; };
};
joined_configs =
lib.genAttrs
(builtins.filter (hostname: config.me.distributed_build.machines."${hostname}".enable) (
builtins.attrNames all_nixos_configs
))
(
hostname:
(lib.mkMerge [
{
hostName = hostname;
sshUser = "nixworker";
sshKey = "/persist/manual/ssh/root/keys/id_ed25519";
maxJobs = 1;
supportedFeatures = all_nixos_configs."${hostname}".config.me.optimizations.system_features;
}
static_host_configs."${hostname}"
config.me.distributed_build.machines."${hostname}".additional_config
])
);
in in
{ {
imports = [ ]; imports = [ ];
@@ -58,16 +98,20 @@ in
{ {
nix.distributedBuilds = true; nix.distributedBuilds = true;
# https://nix.dev/manual/nix/2.32/store/types/ssh-store.html # Using an ssh-based substituter slows down the build because querying the remote store for paths takes ages.
nix.settings.substituters = lib.mkForce [ "ssh://hydra?compress=true&log-fd=2&max-connections=4" ]; #
nix.settings.substitute = lib.mkForce true; # nix.settings.substituters = lib.mkForce [
nix.settings.post-build-hook = pkgs.writeShellScript "post-build-hook" '' # "ssh-ng://nixworker@ns1.fizz.buzz:65122?compress=true&ssh-key=/persist/manual/ssh/root/keys/id_ed25519&remote-store=/.disk/root"
set -euo pipefail # ];
IFS=$'\n\t' # nix.settings.substitute = lib.mkForce true;
set -f # disable globbing
echo "Signing and uploading paths" $OUT_PATHS # nix.settings.post-build-hook = pkgs.writeShellScript "post-build-hook" ''
exec nix copy --to 'ssh://hydra' $OUT_PATHS # set -euo pipefail
''; # IFS=$'\n\t'
# set -f # disable globbing
# echo "Signing and uploading paths" $OUT_PATHS
# exec nix copy --to 'ssh://hydra' $OUT_PATHS
# '';
nix.settings.secret-key-files = [ "/persist/manual/nix/nix-cache-key.sec" ]; nix.settings.secret-key-files = [ "/persist/manual/nix/nix-cache-key.sec" ];
nix.settings.trusted-public-keys = lib.mkForce [ nix.settings.trusted-public-keys = lib.mkForce [
"odo:0S/XKSFjjIrihQ7lbHEIebXk/c/xuoodhm0Gz26YhjA=" "odo:0S/XKSFjjIrihQ7lbHEIebXk/c/xuoodhm0Gz26YhjA="
@@ -87,6 +131,7 @@ in
sshKey = "/persist/manual/ssh/root/keys/id_ed25519"; sshKey = "/persist/manual/ssh/root/keys/id_ed25519";
maxJobs = 1; maxJobs = 1;
supportedFeatures = all_nixos_configs."${hostname}".config.me.optimizations.system_features; supportedFeatures = all_nixos_configs."${hostname}".config.me.optimizations.system_features;
protocol = "ssh-ng";
} }
static_host_configs."${hostname}" static_host_configs."${hostname}"
config.me.distributed_build.machines."${hostname}".additional_config config.me.distributed_build.machines."${hostname}".additional_config
@@ -95,6 +140,12 @@ in
) (builtins.attrNames all_nixos_configs) ) (builtins.attrNames all_nixos_configs)
); );
} }
# {
# nix.settings.substitute = lib.mkForce true;
# nix.settings.substituters = lib.mkForce (
# lib.mapAttrsToList (hostname: joined_config: "ssh-ng://${joined_config.hostName}") joined_configs
# );
# }
] ]
); );
} }

2
nix/configuration/roles/dont_use_substituters/default.nix
View File

@@ -20,6 +20,6 @@
config = lib.mkIf config.me.dont_use_substituters.enable { config = lib.mkIf config.me.dont_use_substituters.enable {
# Disable substituters to avoid risk of cache poisoning. # Disable substituters to avoid risk of cache poisoning.
nix.settings.substitute = false; nix.settings.substitute = false;
nix.settings.substituters = lib.mkForce [ ]; nix.settings.substituters = lib.mkOverride 99 [ ];
}; };
} }

2
nix/configuration/roles/emacs/default.nix
View File

@@ -125,7 +125,7 @@ in
] ]
)) ))
final.nixd # nix language server final.nixd # nix language server
final.nixfmt-rfc-style # auto-formatting nix files through nixd final.nixfmt # auto-formatting nix files through nixd
final.clang # To compile tree-sitter grammars final.clang # To compile tree-sitter grammars
final.shellcheck final.shellcheck
final.cmake-language-server final.cmake-language-server

23
nix/configuration/roles/emacs/files/emacs/elisp/base-functions.el
View File

@@ -27,6 +27,29 @@
) )
) )
(defun run-command-on-buffer-require-output (cmd &rest args)
"Run a command using the current buffer as stdin and replacing its contents if the command succeeds with the stdout from the command. This is useful for code formatters. This version only replaces the buffer contents if the command output some text."
(let (
(stdout-buffer (generate-new-buffer "tmp-stdout" t))
(full-cmd (append '(call-process-region nil nil cmd nil stdout-buffer nil) args))
)
(unwind-protect
(let ((exit-status (eval full-cmd)))
(if (eq exit-status 0)
(if (> (buffer-size stdout-buffer) 0)
(save-excursion
(replace-buffer-contents stdout-buffer)
)
(message "No output from command on buffer %s" (append (list cmd) args))
)
(message "FAILED running command on buffer %s" (append (list cmd) args))
)
)
(kill-buffer stdout-buffer)
)
)
)
(defun run-command-in-directory (dir cmd &rest args) (defun run-command-in-directory (dir cmd &rest args)
"Run a command in the specified directory. If the directory is nil, the directory of the file is used. The stdout result is trimmed of whitespace and returned." "Run a command in the specified directory. If the directory is nil, the directory of the file is used. The stdout result is trimmed of whitespace and returned."
(let ( (let (

25
nix/configuration/roles/emacs/files/emacs/elisp/base.el
View File

@@ -1,9 +1,19 @@
(package-initialize) (package-initialize)
(use-package use-package) (use-package use-package
:custom
(add-to-list 'package-archives ;; Unless otherwise specified, always install packages if they are absent.
(use-package-always-ensure t)
;; Allow updating built-in packages like eglot
;; For some reason, built-in packages are still not updating so I'm just going to comment this out.
;; (package-install-upgrade-built-in t)
;; Natively compile packages
(package-native-compile t)
:config
(add-to-list 'package-archives
'("melpa" . "https://melpa.org/packages/") '("melpa" . "https://melpa.org/packages/")
) )
)
(use-package auto-package-update (use-package auto-package-update
:ensure t :ensure t
@@ -71,10 +81,11 @@
) )
(setq-default (setq-default
;; Unless otherwise specified, always install packages if they are absent.
use-package-always-ensure t
;; Point custom-file at /dev/null so emacs does not write any settings to my dotfiles. ;; Point custom-file at /dev/null so emacs does not write any settings to my dotfiles.
custom-file "/dev/null" ;; custom-file "/dev/null"
;;
;; list-package breaks on newer versions of emacs if custom-file is set to /dev/null
custom-file (expand-file-name "custom.el" user-emacs-directory)
;; Don't pop up a small window at the bottom of emacs at launch. ;; Don't pop up a small window at the bottom of emacs at launch.
inhibit-startup-screen t inhibit-startup-screen t
inhibit-startup-message t inhibit-startup-message t
@@ -95,8 +106,6 @@
"%b"))) "%b")))
;; Use 'y' or 'n' instead of 'yes' or 'no' ;; Use 'y' or 'n' instead of 'yes' or 'no'
use-short-answers t use-short-answers t
;; Natively compile packages
package-native-compile t
;; Confirm when opening a file that does not exist ;; Confirm when opening a file that does not exist
confirm-nonexistent-file-or-buffer t confirm-nonexistent-file-or-buffer t
;; Do not require double space to end a sentence. ;; Do not require double space to end a sentence.

1
nix/configuration/roles/emacs/files/emacs/elisp/common-lsp.el
View File

@@ -1,4 +1,5 @@
(use-package eglot (use-package eglot
;; This is an emacs built-in but we're pulling the latest version
:pin gnu :pin gnu
:commands (eglot eglot-ensure) :commands (eglot eglot-ensure)
:bind (:map eglot-mode-map :bind (:map eglot-mode-map

4
nix/configuration/roles/emacs/files/emacs/elisp/lang-d2.el
View File

@@ -1,14 +1,14 @@
(defun d2-format-buffer () (defun d2-format-buffer ()
"Run prettier." "Run prettier."
(interactive) (interactive)
(run-command-on-buffer "d2" "fmt" "-") (run-command-on-buffer-require-output "d2" "fmt" "-")
) )
(use-package d2-mode (use-package d2-mode
:commands (d2-mode) :commands (d2-mode)
:hook ( :hook (
(d2-mode . (lambda () (d2-mode . (lambda ()
;; (add-hook 'before-save-hook 'd2-format-buffer nil 'local) (add-hook 'before-save-hook 'd2-format-buffer nil 'local)
)) ))
) )
) )

5
nix/configuration/roles/emacs/files/emacs/elisp/lang-nft.el Normal file
View File

@@ -0,0 +1,5 @@
(use-package nftables-mode
:commands nftables-mode
)
(provide 'lang-nft)

18
nix/configuration/roles/emacs/files/emacs/elisp/lang-org.el
View File

@@ -1,4 +1,6 @@
(use-package org (require 'color)
(let ((bg (face-attribute 'default :background)))
(use-package org
:ensure nil :ensure nil
:commands org-mode :commands org-mode
:bind (:map org-mode-map :bind (:map org-mode-map
@@ -19,6 +21,10 @@
(org-shiftdown-final . windmove-down) (org-shiftdown-final . windmove-down)
(org-shiftright-final . windmove-right) (org-shiftright-final . windmove-right)
) )
:custom-face
(org-block ((t (:inherit default :background ,(color-lighten-name bg 15) :extend ,t))))
(org-block-begin-line ((t (:inherit default :background ,"#472300" :extend ,t))))
(org-block-end-line ((t (:inherit default :background ,"#472300" :extend ,t))))
:config :config
(require 'org-tempo) (require 'org-tempo)
(setq org-export-latex-listings t) (setq org-export-latex-listings t)
@@ -67,15 +73,7 @@
(gnuplot . t) (gnuplot . t)
(sqlite . t) (sqlite . t)
)) ))
)
(require 'color)
(let ((bg (face-attribute 'default :background)))
(custom-set-faces
`(org-block ((t (:inherit default :background ,(color-lighten-name bg 15) :extend ,t))))
`(org-block-begin-line ((t (:inherit default :background ,"#472300" :extend ,t))))
`(org-block-end-line ((t (:inherit default :background ,"#472300" :extend ,t))))
))
) )
(use-package org-bullets (use-package org-bullets

2
nix/configuration/roles/emacs/files/emacs/init.el
View File

@@ -42,4 +42,6 @@
(require 'lang-d2) (require 'lang-d2)
(require 'lang-nft)
(load-directory autoload-directory) (load-directory autoload-directory)

33
nix/configuration/roles/esim/default.nix Normal file
View File

@@ -0,0 +1,33 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
esim.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install esim.";
};
};
config = lib.mkIf (config.me.esim.enable && config.me.graphical) {
environment.systemPackages = with pkgs; [
easylpac
zbar # To decode qrcodes via `zbarimg <file>`
];
nixpkgs.overlays = [
(final: prev: {
easylpac = (final.callPackage ./package/easylpac/package.nix { });
})
];
};
}

1
nix/configuration/roles/esim/package/easylpac/CONTRIB Normal file
View File

@@ -0,0 +1 @@
Package from https://github.com/nix-community/nur-combined/blob/main/repos/linyinfeng/pkgs/easylpac/default.nix

120
nix/configuration/roles/esim/package/easylpac/ci-registry.json Normal file
View File

@@ -0,0 +1,120 @@
[
{
"key-id": "81370f",
"name": "GSM Association - RSP2 Root CI1",
"crls": ["http://gsma-crl.symauth.com/offlineca/gsma-rsp2-root-ci1.crl"]
},
{
"key-id": "d7a7d0",
"name": "GSM Association - M2M31 Root CI2"
},
{
"key-id": "4c2796",
"name": "OISITE GSMA CI G1",
"crls": ["http://public.wisekey.com/crl/ogsmacig1.crl"]
},
{
"key-id": "665a14",
"name": "Symantec RSP Test Root CA",
"crls": ["http://pki-crl.symauth.com/ca_a3dc2e3fea7708a11c889386d9d3a76f/LatestCRL.crl"]
},
{
"key-id": "f54172",
"name": "GSMA Test CI (SGP.26 v1)"
},
{
"key-id": "c0bc70",
"name": "GSMA Test CI (SGP.26 v1, BRP P256r1)"
},
{
"key-id": "34eecf",
"name": "Test CI (SGP.26 v3)"
},
{
"key-id": "2209f6",
"name": "Test CI (SGP.26 v3, BRP P256r1)"
},
{
"key-id": "148030",
"country": "CN",
"name": "Taier eSIM Root CA",
"crls": ["http://111.204.176.254:18889/download/n1.crl", "http://111.204.176.254:18889/download/n2.crl"]
},
{
"key-id": "16b5d1",
"country": "CN",
"name": "MNO: China Unicom"
},
{
"key-id": "7c0e54",
"country": "CN",
"name": "MNO: China Unicom"
},
{
"key-id": "3bd3f5",
"country": "CN",
"name": "MNO: China Unicom"
},
{
"key-id": "cdf6d1",
"country": "CN",
"name": "MNO: China Mobile"
},
{
"key-id": "d3ef83",
"country": "CN",
"name": "MNO: China Telecom",
"crls": ["http://crl.cnca.net/esim/ccs/a.crl", "http://crl.cnca.net/esim/ccs/b.crl"]
},
{
"key-id": "4eb94e",
"country": "CN",
"name": "MNO: China Telecom"
},
{
"key-id": "b70ba4",
"country": "GB",
"name": "Truphone SAS-UP CA"
},
{
"key-id": "73fca0",
"country": "CN",
"name": "Redtea Mobile CI"
},
{
"key-id": "ea53ad",
"country": "DE",
"name": "SubMan V4.2 CI"
},
{
"key-id": "96524c",
"country": "DE",
"name": "SubMan V4.2 CI"
},
{
"key-id": "b60f0b",
"country": "DE",
"name": "SubMan V4.2 CI Google Pixel"
},
{
"key-id": "cd6e60",
"country": "FR",
"name": "MC4 OT ROOT CI v1"
},
{
"key-id": "066d48",
"country": "FR",
"name": "MC4 CI TEST v2"
},
{
"key-id": "16704b",
"country": "US",
"name": "Entrust eSIM CA",
"crls": ["http://crl.entrust.net/entesimca.crl"]
},
{
"key-id": "77f0bd",
"country": "FR",
"name": "Gemalto CE CI"
}
]

88
nix/configuration/roles/esim/package/easylpac/eum-registry.json Normal file
View File

@@ -0,0 +1,88 @@
[
{
"eum": "35060000",
"country": "CN",
"manufacturer": "HED"
},
{
"eum": "35840574",
"country": "CN",
"manufacturer": "Beijing Watchdata",
"accreditations": ["WD-BG"]
},
{
"eum": "89033023",
"country": "FR",
"manufacturer": "Thales",
"accreditations": ["GO-CA", "GO-PA", "GO-SI", "TS-CA", "TS-ME", "TS-NA", "TS-PA", "TS-SI"]
},
{
"eum": "89033024",
"country": "FR",
"manufacturer": "IDEMIA",
"accreditations": ["IA-FK", "IA-VE", "ID-NA", "ID-SN", "OR-SN"]
},
{
"eum": "89034011",
"country": "ES",
"manufacturer": "Valid",
"accreditations": ["VD-MD", "VD-SU"]
},
{
"eum": "89041030",
"country": "CH",
"manufacturer": "STM",
"accreditations": ["SM-CA", "SM-CT"]
},
{
"eum": "89043051",
"country": "AT",
"manufacturer": "NXP",
"accreditations": ["NP-HG", "NP-KG", "NP-TN"]
},
{
"eum": "89043052",
"country": "AT",
"manufacturer": "NXP"
},
{
"eum": "89044045",
"country": "GB",
"manufacturer": "Kigen",
"accreditations": ["KN-DN", "KN-NA"]
},
{
"eum": "89044047",
"country": "GB",
"manufacturer": "Truphone"
},
{
"eum": "89049032",
"country": "DE",
"manufacturer": "G+D",
"accreditations": ["GD-BA", "GD-CI", "GD-MM", "GD-NG"]
},
{
"eum": "89049038",
"country": "DE",
"manufacturer": "G+D"
},
{
"eum": "89086001",
"country": "CN",
"manufacturer": "Hengbao",
"accreditations": ["HO-DG"]
},
{
"eum": "89086029",
"country": "CN",
"manufacturer": "Wuhan Tianyu",
"accreditations": ["WN-HI"]
},
{
"eum": "89086030",
"country": "CN",
"manufacturer": "Eastcompeace",
"accreditations": ["ED-ZI"]
}
]

68
nix/configuration/roles/esim/package/easylpac/package.nix Normal file
View File

@@ -0,0 +1,68 @@
{
callPackage,
go,
buildGoModule,
fetchFromGitHub,
pkg-config,
gtk3,
libXxf86vm,
libglvnd,
glfw,
wrapGAppsHook3,
fontconfig,
lpac,
lib,
}:
buildGoModule rec {
pname = "easylpac";
version = "0.7.9.2";
src = fetchFromGitHub {
owner = "creamlike1024";
repo = "EasyLPAC";
rev = version;
sha256 = "sha256-8VVR8QJR6SZEvdGls3kDU9l8SdFdUVnHm2qxUzgGJuU=";
};
proxyVendor = true;
vendorHash = "sha256-tX7abWGn1f4p+7vx2gDa5/NKg5SbWqMfHT8kbPwHK14=";
postConfigure = ''
cp --verbose "${./eum-registry.json}" eum-registry.json
cp --verbose "${./ci-registry.json}" ci-registry.json
'';
env.FONTCONFIG_FILE = "${fontconfig.out}/etc/fonts/fonts.conf";
nativeBuildInputs = [
pkg-config
wrapGAppsHook3
];
buildInputs = [
gtk3
libglvnd
libXxf86vm
]
++ glfw.buildInputs;
postInstall = ''
ln -s "${lpac}/bin/lpac" "$out/bin/lpac"
'';
passthru = {
updateScriptEnabled = true;
updateScript =
let
script = callPackage ./update.nix { };
in
[ "${script}/bin/update-easylpac" ];
};
meta = with lib; {
description = "lpac GUI Frontend";
homepage = "https://github.com/creamlike1024/EasyLPAC";
mainProgram = "EasyLPAC";
license = licenses.mit;
maintainers = with maintainers; [ yinfeng ];
broken = !(lib.versionAtLeast go.version "1.24");
};
}

28
nix/configuration/roles/firefox/default.nix
View File

@@ -66,8 +66,18 @@
"privacy.fingerprintingProtection" = true; "privacy.fingerprintingProtection" = true;
# Allow sending dark mode preference to websites. # Allow sending dark mode preference to websites.
# Allow sending timezone to websites. # Allow sending timezone to websites.
"privacy.fingerprintingProtection.overrides" = "privacy.fingerprintingProtection.overrides" = (
"+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt,-CanvasExtractionFromThirdPartiesIsBlocked"; builtins.concatStringsSep "," [
"+AllTargets" # Enable all protections
"-CSSPrefersColorScheme" # Don't hide light/dark preference
"-JSDateTimeUTC" # Allow sending timezone to websites.
"-CanvasExtractionBeforeUserInputIsBlocked" # Canvas image extraction needed by google maps to avoid names looking like barcodes.
# Google meet's auto-framing results in random flashing colored bars unless the following two are allowed:
"-CanvasImageExtractionPrompt"
"-CanvasExtractionFromThirdPartiesIsBlocked"
"-WebGLRenderCapability" # Needed for smooth zooming on google maps
]
);
# Disable weather on new tab page # Disable weather on new tab page
"browser.newtabpage.activity-stream.showWeather" = false; "browser.newtabpage.activity-stream.showWeather" = false;
# Disable AI stuff that wastes battery life # Disable AI stuff that wastes battery life
@@ -79,6 +89,20 @@
policies = { policies = {
DisableTelemetry = true; DisableTelemetry = true;
DisplayBookmarksToolbar = "newtab"; DisplayBookmarksToolbar = "newtab";
DisableFirefoxStudies = true;
FirefoxHome = {
SponsoredStories = false;
SponsoredTopSites = false;
Stories = false;
};
GenerativeAI = {
Enabled = false;
};
SearchEngines = {
Remove = [
"Perplexity"
];
};
# Check about:support for extension/add-on ID strings. # Check about:support for extension/add-on ID strings.
# Valid strings for installation_mode are "allowed", "blocked", # Valid strings for installation_mode are "allowed", "blocked",

8
nix/configuration/roles/fonts/files/fonts.conf
View File

@@ -54,10 +54,10 @@
<!-- </match> --> <!-- </match> -->
<!-- Dejavu Sans Mono keeps coming back when I query "monospace". Doesn't happen when I'm using Souce Code Pro but does happen with cascadia... force it to cascadia --> <!-- Dejavu Sans Mono keeps coming back when I query "monospace". Doesn't happen when I'm using Souce Code Pro but does happen with cascadia... force it to cascadia -->
<!-- <match target="pattern"> --> <match target="pattern">
<!-- <test qual="any" name="family"><string>monospace</string></test> --> <test qual="any" name="family"><string>monospace</string></test>
<!-- <edit name="family" mode="assign" binding="same"><string>Cascadia Mono</string></edit> --> <edit name="family" mode="assign" binding="same"><string>Cascadia Mono</string></edit>
<!-- </match> --> </match>
<!-- Disable ligatures in monospace fonts. --> <!-- Disable ligatures in monospace fonts. -->
<match target="font"> <match target="font">

10
nix/configuration/roles/git/default.nix
View File

@@ -16,6 +16,14 @@ let
}:$PATH" }:$PATH"
exec ${package}/bin/${prog} "''${@}" exec ${package}/bin/${prog} "''${@}"
''; '';
git_hide = pkgs.writeShellScriptBin "git-hide" ''
git add --intent-to-add "''${@}"
git update-index --skip-worktree --assume-unchange "''${@}"
'';
git_unhide = pkgs.writeShellScriptBin "git-unhide" ''
git update-index --no-skip-worktree --no-assume-unchange "''${@}"
git reset "''${@}"
'';
in in
{ {
imports = [ ]; imports = [ ];
@@ -41,6 +49,8 @@ in
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
my_git my_git
git_hide
git_unhide
]; ];
} }
(lib.mkIf (config.me.git.config != null) { (lib.mkIf (config.me.git.config != null) {

10
nix/configuration/roles/gpg/default.nix
View File

@@ -44,11 +44,11 @@ in
]; ];
services.pcscd.enable = true; services.pcscd.enable = true;
me.install.user.talexander.file = { # me.install.user.talexander.file = {
".gnupg/scdaemon.conf" = { # ".gnupg/scdaemon.conf" = {
source = ./files/scdaemon.conf; # source = ./files/scdaemon.conf;
}; # };
}; # };
programs.gnupg.agent = { programs.gnupg.agent = {
enable = true; enable = true;

25
nix/configuration/roles/graphviz/default.nix Normal file
View File

@@ -0,0 +1,25 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
graphviz.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install graphviz.";
};
};
config = lib.mkIf config.me.graphviz.enable {
environment.systemPackages = with pkgs; [
graphviz
];
};
}

154
nix/configuration/roles/hydra/default.nix
View File

@@ -1,9 +1,57 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:
let
# patchScriptBin =
# {
# filename,
# contents,
# path ? [ ],
# }:
# ((pkgs.writeScriptBin filename contents).overrideAttrs (old: {
# buildInputs = [ pkgs.makeWrapper ];
# buildCommand = "${old.buildCommand}\n patchShebangs $out\nwrapProgram $out/bin/${filename} --prefix PATH : ${lib.makeBinPath path}";
# }));
nix_builder = pkgs.rustPlatform.buildRustPackage rec {
pname = "nix_builder";
version = "0.0.0";
src = pkgs.fetchgit {
url = "https://code.fizz.buzz/talexander/nix_builder.git";
# tag = version;
rev = "606832f505a1ccc9702cd12c236c3188f9282e82";
hash = "sha256-WHvnkCIPDBw0BnrQMnBpmwmYuhlxR4FfkoNWw2DY6XE=";
leaveDotGit = false;
};
cargoLock = {
lockFile = "${src}/Cargo.lock";
};
meta = with lib; {
description = "A builder of nix configs for a build server.";
homepage = "https://code.fizz.buzz/talexander/nix_builder";
license = licenses.bsd0;
maintainers = [ ];
};
nativeBuildInputs = [ pkgs.makeWrapper ];
postInstall = ''
wrapProgram $out/bin/nix-builder --prefix PATH : ${
lib.makeBinPath [
pkgs.git
pkgs.nix
pkgs.nixos-rebuild
]
}
'';
};
in
{ {
imports = [ ]; imports = [ ];
@@ -17,28 +65,92 @@
}; };
config = lib.mkIf config.me.hydra.enable { config = lib.mkIf config.me.hydra.enable {
services.hydra = { environment.systemPackages = with pkgs; [
enable = true; nix_builder
hydraURL = "http://localhost:3000"; # Externally visible URL sqlite # For manually inspecting the database.
notificationSender = "hydra@localhost"; # "From" address for hydra emails. ];
# a standalone Hydra will require you to unset the buildMachinesFiles list to avoid using a nonexistant /etc/nix/machines
buildMachinesFiles = [ ]; environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
useSubstitutes = true; hideMounts = true;
users.nixworker = {
directories = [
{
directory = "persist";
user = "nixworker";
group = "nixworker";
mode = "0700";
}
];
};
}; };
# nix.buildMachines = [ # Nix 2.30.0 (2025-07-07) changed the build directory from /tmp to /nix/var/nix/builds which broke a number of builds because my ZFS datasets were utf8only.
# { fileSystems."/.disk/root/nix/var/nix/builds" = {
# hostName = "localhost"; device = "tmpfs";
# protocol = null; fsType = "tmpfs";
# system = "x86_64-linux"; options = [
# supportedFeatures = [ "size=50G" # adjust for your situation and needs
# "kvm" "mode=700"
# "nixos-test" "uid=11400"
# "big-parallel" "gid=11400"
# "benchmark" ];
# ]; };
# maxJobs = 8;
# } systemd.timers."build-cache" = {
# ]; wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*-*-* 03:00:00 America/New_York";
Unit = "build-cache.service";
};
};
systemd.services."build-cache" = {
script = ''
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "''${BASH_SOURCE[0]}" )" && pwd )"
NIX_REMOTE='local?root=/.disk/root' RUST_BACKTRACE=1 RUST_LOG=nix_builder=DEBUG ${nix_builder}/bin/nix-builder build --config ${./files/nix_builder.toml} --target odo --target odo_update --target odowork --target odowork_update --target quark --target quark_update --target hydra --target hydra_update --target controller0 --target controller0_update --target controller1 --target controller1_update --target controller2 --target controller2_update --target worker0 --target worker0_update --target worker1 --target worker1_update --target worker2 --target worker2_update --target family_disks --target family_disks_update --target nixbsd
'';
restartIfChanged = false;
serviceConfig = {
Type = "simple";
User = "nixworker";
# restartIfChanged = false;
# RemainAfterExit = true; # Prevents the service from automatically starting on rebuild. See https://discourse.nixos.org/t/how-to-prevent-custom-systemd-service-from-restarting-on-nixos-rebuild-switch/43431
LimitNOFILE = 8192;
};
};
# TODO: This should move into nix-builder so we can only run clean when builds are passing. Otherwise partial builds will lose progress.
# TODO: In nix-builder maybe include setting to auto delete to make room during builds if we run out of space, just in case builds are failing for a long time and prevent cleanup from running.
systemd.timers."clean-cache" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*-*-01 02:00:00 America/New_York";
Unit = "clean-cache.service";
};
};
systemd.services."clean-cache" = {
script = ''
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "''${BASH_SOURCE[0]}" )" && pwd )"
NIX_REMOTE='local?root=/.disk/root' nix-collect-garbage -d
'';
path = with pkgs; [
pkgs.nix
];
restartIfChanged = false;
serviceConfig = {
Type = "simple";
User = "nixworker";
# restartIfChanged = false;
# RemainAfterExit = true; # Prevents the service from automatically starting on rebuild. See https://discourse.nixos.org/t/how-to-prevent-custom-systemd-service-from-restarting-on-nixos-rebuild-switch/43431
LimitNOFILE = 8192;
};
};
}; };
} }

186
nix/configuration/roles/hydra/files/nix_builder.toml Normal file
View File

@@ -0,0 +1,186 @@
output_directory = "/home/nixworker/persist/nix_builder"
[[targets]]
name = "odo"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "nix"
path = "nix/configuration"
attr = "nixosConfigurations.odo.config.system.build.toplevel"
[[targets]]
name = "odo_update"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "nix"
path = "nix/configuration"
attr = "nixosConfigurations.odo.config.system.build.toplevel"
update = true
update_branch = "nix_update"
[[targets]]
name = "odowork"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "nix"
path = "nix/configuration"
attr = "nixosConfigurations.odowork.config.system.build.toplevel"
[[targets]]
name = "odowork_update"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "nix"
path = "nix/configuration"
attr = "nixosConfigurations.odowork.config.system.build.toplevel"
update = true
update_branch = "nix_update"
[[targets]]
name = "quark"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "nix"
path = "nix/configuration"
attr = "nixosConfigurations.quark.config.system.build.toplevel"
[[targets]]
name = "quark_update"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "nix"
path = "nix/configuration"
attr = "nixosConfigurations.quark.config.system.build.toplevel"
update = true
update_branch = "nix_update"
[[targets]]
name = "hydra"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "nix"
path = "nix/configuration"
attr = "hydra.vm_iso"
[[targets]]
name = "hydra_update"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "nix"
path = "nix/configuration"
attr = "hydra.vm_iso"
update = true
update_branch = "nix_update"
[[targets]]
name = "controller0"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "kubernetes"
path = "nix/kubernetes"
attr = "controller0.vm_iso"
[[targets]]
name = "controller0_update"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "kubernetes"
path = "nix/kubernetes"
attr = "controller0.vm_iso"
update = true
update_branch = "kubernetes_update"
[[targets]]
name = "controller1"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "kubernetes"
path = "nix/kubernetes"
attr = "controller1.vm_iso"
[[targets]]
name = "controller1_update"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "kubernetes"
path = "nix/kubernetes"
attr = "controller1.vm_iso"
update = true
update_branch = "kubernetes_update"
[[targets]]
name = "controller2"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "kubernetes"
path = "nix/kubernetes"
attr = "controller2.vm_iso"
[[targets]]
name = "controller2_update"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "kubernetes"
path = "nix/kubernetes"
attr = "controller2.vm_iso"
update = true
update_branch = "kubernetes_update"
[[targets]]
name = "worker0"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "kubernetes"
path = "nix/kubernetes"
attr = "worker0.vm_iso"
[[targets]]
name = "worker0_update"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "kubernetes"
path = "nix/kubernetes"
attr = "worker0.vm_iso"
update = true
update_branch = "kubernetes_update"
[[targets]]
name = "worker1"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "kubernetes"
path = "nix/kubernetes"
attr = "worker1.vm_iso"
[[targets]]
name = "worker1_update"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "kubernetes"
path = "nix/kubernetes"
attr = "worker1.vm_iso"
update = true
update_branch = "kubernetes_update"
[[targets]]
name = "worker2"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "kubernetes"
path = "nix/kubernetes"
attr = "worker2.vm_iso"
[[targets]]
name = "worker2_update"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "kubernetes"
path = "nix/kubernetes"
attr = "worker2.vm_iso"
update = true
update_branch = "kubernetes_update"
# TODO: Add steam deck
[[targets]]
name = "family_disks"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "family_disks"
path = "nix/configuration"
attr = "nixosConfigurations.family_disks.config.system.build.toplevel"
[[targets]]
name = "family_disks_update"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "family_disks"
path = "nix/configuration"
attr = "nixosConfigurations.family_disks.config.system.build.toplevel"
update = true
update_branch = "nix_update"
[[targets]]
name = "nixbsd"
repo = "https://github.com/nixos-bsd/nixbsd.git"
revision = "828ff7a3c4ee91f548de65a963fca40eaedb171c"
path = "."
attr = "base.vmClosureInfo"

20
nix/configuration/roles/jujutsu/default.nix
View File

@@ -15,11 +15,29 @@
example = true; example = true;
description = "Whether we want to install jujutsu."; description = "Whether we want to install jujutsu.";
}; };
jujutsu.config = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
example = ./files/jujutsu_config_home.toml;
description = "A jujutsu config file.";
};
}; };
config = lib.mkIf config.me.jujutsu.enable { config = lib.mkIf config.me.jujutsu.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
jujutsu jujutsu
]; ];
}
(lib.mkIf (config.me.jujutsu.config != null) {
me.install.user.talexander.file = {
".config/jj/config.toml" = {
source = config.me.jujutsu.config;
}; };
};
})
]
);
} }

17
nix/configuration/roles/jujutsu/files/jujutsu_config_home.toml Normal file
View File

@@ -0,0 +1,17 @@
#:schema https://docs.jj-vcs.dev/latest/config-schema.json
[ui]
default-command = "log"
paginate = "never"
[user]
name = "Tom Alexander"
email = "tom@fizz.buzz"
[signing]
behavior = "own"
backend = "gpg"
key = "D272C8D6167F26859467666F4278299FB84F6875"
# [git]
# sign-on-push = true

1
nix/configuration/roles/kanshi/default.nix
View File

@@ -1,4 +1,3 @@
# TODO: Maybe replace with https://gitlab.com/w0lff/shikane because its written in rust
{ {
config, config,
lib, lib,

1
nix/configuration/roles/latex/default.nix
View File

@@ -43,6 +43,7 @@
minted # emacs org-mode pdf export code block highlighting minted # emacs org-mode pdf export code block highlighting
upquote # emacs org-mode pdf export upquote # emacs org-mode pdf export
lineno # emacs org-mode pdf export lineno # emacs org-mode pdf export
beamer # emacs org-mode presentation pdf export
; ;
} }
); );

1
nix/configuration/roles/lvfs/default.nix
View File

@@ -22,6 +22,7 @@
{ {
# TODO: Is this installing firmware or just downloading it? # TODO: Is this installing firmware or just downloading it?
services.fwupd.enable = true; services.fwupd.enable = true;
services.fwupd.daemonSettings.EspLocation = lib.mkForce "/efi";
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) { environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
directories = [ directories = [

Some files were not shown because too many files have changed in this diff Show More