talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: talexander:b1b2ea2109491d3cf9a36bb2a84f04079bcf3184
Branches Tags
talexander:main talexander:nix talexander:kubernetes talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook
..
compare: talexander:nix
Branches Tags
talexander:nix talexander:kubernetes talexander:main talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook

38 Commits
b1b2ea2109 ... nix

Author SHA1 Message Date
Tom Alexander
6094fee196 Enable the thunderbolt service. 2026-06-17 13:08:11 -04:00
Tom Alexander
9e4c079258 Update packages. 2026-06-13 22:05:23 -04:00
Tom Alexander
3ab7a6e460 Update packages. 2026-06-13 22:05:23 -04:00
Tom Alexander
49f75408ae Move kernel config to its own role. 2026-06-13 22:05:23 -04:00
Tom Alexander
0fa170c57e Preserve .vscode-shared. 
The latest vscode is storing data in ~/.vscode-shared that contains the "Open Recent" entries and the settings on which folders are trusted.
 2026-05-27 13:24:16 -04:00
Tom Alexander
3050cece0c Do not force import the root zfs pool. 2026-05-25 22:20:08 -04:00
Tom Alexander
6d070ddbb4 Update packages. 2026-05-25 22:20:08 -04:00
Tom Alexander
f99fa54d60 Revert "Update only the kernel." 
This reverts commit d52b5db39b.
 2026-05-21 20:31:54 -04:00
Tom Alexander
d52b5db39b Update only the kernel. 2026-05-21 20:31:27 -04:00
Tom Alexander
003c3cc41a Fix rnnoise after latest update. 2026-05-07 17:00:03 -04:00
Tom Alexander
d83652bb9c Add rsync_clone script. 2026-05-06 10:02:20 -04:00
Tom Alexander
6fd09a712e Add git_fix_author script. 2026-05-06 10:00:02 -04:00
Tom Alexander
d9c4f824d2 Add git_find_merged_branches script. 2026-05-06 09:56:18 -04:00
Tom Alexander
856e4daee6 Add the decode_jwt script. 2026-05-06 09:49:47 -04:00
Tom Alexander
9a9268f8cc Disable shipwright. 
The hash is not matching, so the build is broken.
 2026-05-05 22:42:17 -04:00
Tom Alexander
8d3ebf7ba2 Update packages. 2026-05-01 20:16:45 -04:00
Tom Alexander
d35cfaacbd Add nix-pin-revision script. 2026-04-26 08:32:17 -04:00
Tom Alexander
8b1212e182 Support hardware accelerated RNG in qemurc. 2026-04-26 08:32:17 -04:00
Tom Alexander
7f0250cb9d Sync to the store before registering paths. 2026-04-26 08:32:17 -04:00
Tom Alexander
bc2636a54c New VPN address for home server. 2026-04-26 08:32:17 -04:00
Tom Alexander
c8147b5e9e Use direct paths for hydra's nix store. 
I was getting corrupted builds, so as a test I am using the direct path where the drive is mounted rather than going through bind mounts.
 2026-04-26 08:32:17 -04:00
Tom Alexander
4115e95bb6 Add a build of nixbsd to nix_builder. 2026-04-26 08:32:17 -04:00
Tom Alexander
4c1465c8d0 Update packages. 2026-04-26 08:32:17 -04:00
Tom Alexander
791f67eb82 Update nix_builder. 2026-04-02 22:03:45 -04:00
Tom Alexander
bf27504a5a Add repair flag to build scripts. 2026-04-02 14:14:11 -04:00
Tom Alexander
620c12eaa7 Add auto-formatting for d2. 2026-04-02 14:04:04 -04:00
Tom Alexander
e2658412ab Fix stuttery zoom on google maps. 2026-03-29 19:40:51 -04:00
Tom Alexander
a86e8c3a18 Fix rga alias. 2026-03-29 19:40:51 -04:00
Tom Alexander
299185970d Add stream to /etc/hosts 2026-03-19 18:16:57 -04:00
Tom Alexander
6670fdbe73 Merge branch 'family_disks' into nix 2026-03-08 13:01:20 -04:00
Tom Alexander
ed4eead5c0 Add a config for the machine to recover the family disks. 2026-03-08 13:01:11 -04:00
Tom Alexander
7f9f010217 Add support for a portable monitor. 2026-03-07 16:39:21 -05:00
Tom Alexander
ea133ded21 Add the next_hop script. 
This script determines the next hop for a packet leaving this machine destined for the given address.
 2026-03-04 21:13:40 -05:00
Tom Alexander
04ede4bfee Add a role for loading esims onto standalone sim cards. 2026-03-01 16:51:34 -05:00
Tom Alexander
2529ca4510 Disable some stuff in firefox. 2026-02-22 13:21:01 -05:00
Tom Alexander
69384f6cad Use rust nix-builder instead of bash script. 2026-02-22 13:21:01 -05:00
Tom Alexander
3df022ab3f Move org custom faces to a use-package :custom-face block. 
This prevent the faces from being written to custom.el.
 2026-02-22 13:21:01 -05:00
Tom Alexander
bf006a968b Update jujutsu config. 2026-02-22 13:21:01 -05:00
101 changed files with 1887 additions and 284 deletions
Expand all files Collapse all files

48
nix/configuration/configuration.nix
View File

@@ -1,9 +1,16 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:
let
alias_nix_pin_revision = pkgs.writeShellScriptBin "nix-pin-revision" ''
# Usage: nix-pin-revision nixpkgs 'github:NixOS/nixpkgs/00c21e4c93d963c50d4c0c89bfa84ed6e0694df2'
exec nix flake lock --override-input "''${@}"
'';
in
{ {
imports = [ imports = [
./roles/2ship2harkinian ./roles/2ship2harkinian
@@ -28,6 +35,7 @@
./roles/ecc ./roles/ecc
./roles/emacs ./roles/emacs
./roles/emulate_isa ./roles/emulate_isa
./roles/esim
./roles/firefox ./roles/firefox
./roles/firewall ./roles/firewall
./roles/flux ./roles/flux
@@ -46,6 +54,7 @@
./roles/iso_mount ./roles/iso_mount
./roles/jujutsu ./roles/jujutsu
./roles/kanshi ./roles/kanshi
./roles/kernel
./roles/kodi ./roles/kodi
./roles/kubernetes ./roles/kubernetes
./roles/latex ./roles/latex
@@ -118,6 +127,9 @@
nix.settings.max-free = 1000000000; nix.settings.max-free = 1000000000;
nix.settings.fallback = true; nix.settings.fallback = true;
nix.settings.warn-dirty = false; nix.settings.warn-dirty = false;
nix.settings.fsync-metadata = true;
# Ensure store paths are durably written to disk before registering the paths so a crash mid-build does not leave us in a corrupted state.
nix.settings.fsync-store-paths = true;
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
@@ -128,7 +140,8 @@
# Automatic garbage collection # Automatic garbage collection
nix.gc = lib.mkIf (!config.me.buildingPortable) { nix.gc = lib.mkIf (!config.me.buildingPortable) {
# Runs nix-collect-garbage --delete-older-than 5d # Runs nix-collect-garbage --delete-older-than 5d
automatic = true; # automatic = true;
automatic = false;
persistent = true; persistent = true;
dates = "monthly"; dates = "monthly";
# randomizedDelaySec = "14m"; # randomizedDelaySec = "14m";
@@ -136,6 +149,10 @@
}; };
nix.settings.auto-optimise-store = !config.me.buildingPortable; nix.settings.auto-optimise-store = !config.me.buildingPortable;
environment.systemPackages = [
alias_nix_pin_revision
];
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) { environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true; hideMounts = true;
directories = [ directories = [
@@ -219,13 +236,30 @@
); );
in in
[ [
(disableTests "coreutils") (disableTests "deno") # Tests use too much disk space
(disableTests "coreutils-full") (disableOptimizations "libtpms")
(disableTests "libuv")
(final: prev: {
inherit (final.unoptimized) libtpms libjxl;
})
(disableOptimizationsPython3 "scipy") (disableOptimizationsPython3 "scipy")
(disableOptimizations "assimp")
(disableOptimizations "gsl")
(final: prev: {
rpcs3 = prev.rpcs3.override {
glew = (final.glew.override { enableEGL = false; });
};
})
(final: prev: {
fwupd = prev.fwupd.overrideAttrs (
finalAttrs: prevAttrs: {
version = "2.1.5";
src = final.fetchFromGitHub {
owner = "fwupd";
repo = "fwupd";
tag = finalAttrs.version;
hash = "sha256-DzQ+N99ZmFRqZc2rN6PSqmoIMXUyrE8Kkn+KnT/AWPc=";
};
}
);
})
# Works but probably sets python2's scipy to be python3: # Works but probably sets python2's scipy to be python3:
# #
# (final: prev: { # (final: prev: {

31
nix/configuration/flake.lock generated
View File

@@ -22,11 +22,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1769524058, "lastModified": 1780894562,
"narHash": "sha256-zygdD6X1PcVNR2PsyK4ptzrVEiAdbMqLos7utrMDEWE=", "narHash": "sha256-c3430xwxwhHipl3jigUGMMBfpaMylDqytW/kdmB3ZGs=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "71a3fc97d80881e91710fe721f1158d3b96ae14d", "rev": "24fed06cac83bcc44ac8efbb57cab1a82fa0bedc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -164,11 +164,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1770197578, "lastModified": 1780749050,
"narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=", "narHash": "sha256-3av0pIjlOWQ6rDbNOmpUSvbNnJkGORQKKjb4LtCZsIY=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2", "rev": "a799d3e3886da994fa307f817a6bc705ae538eeb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -178,6 +178,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-google": {
"locked": {
"lastModified": 1779893571,
"narHash": "sha256-wiwMyVCtmjRjlFCe2zaumCE6LRV9GzzN0ZH25NQkbAU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "45f6cfaa4605b706c870e75bd74bdb5e97eee11e",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "45f6cfaa4605b706c870e75bd74bdb5e97eee11e",
"type": "github"
}
},
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1730741070, "lastModified": 1730741070,
@@ -226,7 +242,8 @@
"disko": "disko", "disko": "disko",
"impermanence": "impermanence", "impermanence": "impermanence",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs",
"nixpkgs-google": "nixpkgs-google"
} }
}, },
"rust-overlay": { "rust-overlay": {

8
nix/configuration/flake.nix
View File

@@ -20,6 +20,7 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-google.url = "github:NixOS/nixpkgs/45f6cfaa4605b706c870e75bd74bdb5e97eee11e";
lanzaboote = { lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.2"; url = "github:nix-community/lanzaboote/v0.4.2";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@@ -34,6 +35,7 @@
{ {
self, self,
nixpkgs, nixpkgs,
nixpkgs-google,
disko, disko,
impermanence, impermanence,
lanzaboote, lanzaboote,
@@ -60,6 +62,9 @@
hydra = { hydra = {
system = "x86_64-linux"; system = "x86_64-linux";
}; };
family_disks = {
system = "x86_64-linux";
};
}; };
nixosConfigs = builtins.mapAttrs ( nixosConfigs = builtins.mapAttrs (
hostname: nodeConfig: format: hostname: nodeConfig: format:
@@ -89,6 +94,9 @@
hostPlatform.gcc.arch = "default"; hostPlatform.gcc.arch = "default";
hostPlatform.gcc.tune = "default"; hostPlatform.gcc.tune = "default";
}; };
google = import nixpkgs-google {
system = prev.stdenv.hostPlatform.system;
};
}) })
]; ];
}; };

13
nix/configuration/hosts/family_disks/DEPLOY_BOOT Executable file
View File

@@ -0,0 +1,13 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
TARGET=family_disks
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#family_disks" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

13
nix/configuration/hosts/family_disks/DEPLOY_SWITCH Executable file
View File

@@ -0,0 +1,13 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
TARGET=family_disks
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#family_disks" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/family_disks/ISO Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#family_disks.iso" --repair --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/family_disks/SELF_BOOT Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#family_disks" --repair --log-format internal-json -v "${@}" |& nom --json

12
nix/configuration/hosts/family_disks/SELF_BUILD Executable file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
: "${NOM:="true"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#family_disks" --repair --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/family_disks/SELF_SWITCH Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#family_disks" --repair --log-format internal-json -v "${@}" |& nom --json

75
nix/configuration/hosts/family_disks/default.nix Normal file
View File

@@ -0,0 +1,75 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./hardware-configuration.nix
./wrapped-disk-config.nix
./distributed_build.nix
./power_management.nix
];
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "908cbf04";
networking.hostName = "family_disks"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.boot.enable = true;
me.boot.secure = false;
me.mountPersistence = true;
# Toggle to start writing the extlinux config which will be used by zfsbootmenu
boot.loader.generic-extlinux-compatible.enable = true;
boot.loader.systemd-boot.enable = lib.mkForce false;
me.rollback.dataset = [
"zroot/linux/nix/root@blank"
"zroot/linux/nix/home@blank"
];
me.optimizations = {
enable = true;
arch = "skylake";
# build_arch = "x86-64-v3";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
"gccarch-kabylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Early KMS
# boot.initrd.kernelModules = [ "amdgpu" ];
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
# Enable light sensor
# hardware.sensor.iio.enable = lib.mkDefault true;
# Enable TRIM
# services.fstrim.enable = lib.mkDefault true;
# Only run nix builders at idle priority for a more responsive system. Do not set on servers, just end-user devices.
nix.daemonCPUSchedPolicy = "idle";
me.build_in_ram.enable = true;
me.dont_use_substituters.enable = true;
me.minimal_base.enable = true;
me.recovery.enable = true;
};
}

155
nix/configuration/hosts/family_disks/disk-config.nix Normal file
View File

@@ -0,0 +1,155 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/efi";
mountOptions = [
"umask=0077"
"noatime"
"discard"
];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
# mode = "mirror";
# Workaround: cannot import 'zroot': I/O error in disko tests
options.cachefile = "none";
options = {
ashift = "12";
compatibility = "openzfs-2.2-freebsd";
autotrim = "on";
};
rootFsOptions = {
acltype = "posixacl";
atime = "off";
relatime = "off";
xattr = "sa";
mountpoint = "none";
compression = "lz4";
canmount = "off";
utf8only = "on";
dnodesize = "auto";
normalization = "formD";
};
datasets = {
"linux/nix" = {
type = "zfs_fs";
options.mountpoint = "none";
options = {
# encryption = "aes-256-gcm";
# keyformat = "passphrase";
# # keylocation = "file:///tmp/secret.key";
};
};
"linux/nix/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
};
"linux/nix/boot" = {
type = "zfs_fs";
options = {
mountpoint = "legacy";
"org.zfsbootmenu:active" = "on";
};
mountpoint = "/boot";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/boot@blank$' || zfs snapshot zroot/linux/nix/boot@blank";
};
"linux/nix/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
options = {
# recordsize = "16MiB";
# compression = "zstd-19";
};
};
"linux/nix/home" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/home";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
};
"linux/nix/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
};
"linux/nix/state" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/state";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
};
};
};
};
};
# Make sure all persistent volumes are marked as neededForBoot
#
# Also mounts /home so it is mounted before the user home directories are created.
fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
fileSystems."/".options = [
"noatime"
"norelatime"
];
fileSystems."/boot".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [
"noatime"
"norelatime"
];
fileSystems."/persist".options = [
"noatime"
"norelatime"
];
fileSystems."/state".options = [
"noatime"
"norelatime"
];
fileSystems."/home".options = [
"noatime"
"norelatime"
];
# Only attempt to decrypt the main pool. Otherwise it attempts to decrypt pools that aren't even used.
boot.zfs.requestEncryptionCredentials = [ "zroot/linux/nix" ];
}

19
nix/configuration/hosts/family_disks/distributed_build.nix Normal file
View File

@@ -0,0 +1,19 @@
{
imports = [ ];
config = {
me.distributed_build.enable = true;
me.distributed_build.machines.quark = {
enable = false;
additional_config = {
speedFactor = 2;
};
};
me.distributed_build.machines.hydra = {
enable = true;
additional_config = {
speedFactor = 2;
};
};
};
}

33
nix/configuration/hosts/family_disks/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,33 @@
{
config,
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
config = {
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
}

75
nix/configuration/hosts/family_disks/power_management.nix Normal file
View File

@@ -0,0 +1,75 @@
{
pkgs,
...
}:
{
imports = [ ];
config = {
environment.systemPackages = with pkgs; [
powertop
];
# amdgpu.abmlevel=3 :: Automatically reduce screen brightness but tweak colors to compensate for power reduction.
# pcie_aspm=force pcie_aspm.policy=powersupersave :: Enable PCIe active state power management for power reduction.
# nowatchdog :: Disable watchdog for power savings (related to disable_sp5100_watchdog above).
# amd_pstate=passive :: Fully automated hardware pstate control.
# amd_pstate=active :: Same as passive except we can set the energy performance preference (EPP) to suggest how much we prefer performance or energy efficiency.
# amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds.
# amdgpu.dcdebugmask=0x10 :: Allegedly disables Panel Replay from https://community.frame.work/t/tracking-freezing-arch-linux-amd/39495/32
boot.kernelParams = [
"amdgpu.abmlevel=2"
"pcie_aspm=force"
# "pcie_aspm.policy=powersupersave"
"nowatchdog"
# I don't see a measurable benefit from these two:
# "cpufreq.default_governor=powersave"
# "initcall_blacklist=cpufreq_gov_userspace_init"
];
systemd.tmpfiles.rules = [
"w- /sys/firmware/acpi/platform_profile - - - - low-power"
"w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy4/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy5/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy6/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy7/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy8/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy9/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy10/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy11/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy12/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpu0/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu1/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu2/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu3/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu4/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu5/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu6/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu7/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu8/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu9/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu10/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu11/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu12/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu13/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu14/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu15/cpufreq/boost - - - - 0"
];
boot.extraModprobeConfig = ''
# Disable the hardware watchdog inside AMD 700 chipset series for power savings.
blacklist sp5100_tco
# Sound power-saving was causing chat notifications to be inaudible.
# options snd_hda_intel power_save=1
'';
};
}

7
nix/configuration/hosts/family_disks/wrapped-disk-config.nix Normal file
View File

@@ -0,0 +1,7 @@
{
config,
lib,
...
}:
lib.mkIf (!config.me.buildingPortable) (import ./disk-config.nix)

2
nix/configuration/hosts/hydra/DEPLOY_BOOT
View File

@@ -10,4 +10,4 @@ TARGET=hydra
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/hydra/DEPLOY_SWITCH
View File

@@ -10,4 +10,4 @@ TARGET=hydra
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/hydra/ISO
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#hydra.iso" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#hydra.iso" --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/hydra/SELF_BOOT
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#hydra" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#hydra" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/hydra/SELF_BUILD
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#hydra" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#hydra" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/hydra/SELF_SWITCH
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#hydra" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#hydra" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/hydra/VM_ISO
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#hydra.vm_iso" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#hydra.vm_iso" --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/i_only_boot_zfs/DEPLOY_BOOT
View File

@@ -10,4 +10,4 @@ TARGET=i_only_boot_zfs
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#i_only_boot_zfs" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --flake "$DIR/../../#i_only_boot_zfs" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/i_only_boot_zfs/DEPLOY_SWITCH
View File

@@ -10,4 +10,4 @@ TARGET=i_only_boot_zfs
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#i_only_boot_zfs" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --flake "$DIR/../../#i_only_boot_zfs" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/i_only_boot_zfs/ISO
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#i_only_boot_zfs.iso" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#i_only_boot_zfs.iso" --repair --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/i_only_boot_zfs/SELF_BOOT
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#i_only_boot_zfs" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#i_only_boot_zfs" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/i_only_boot_zfs/SELF_BUILD
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#i_only_boot_zfs" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#i_only_boot_zfs" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/i_only_boot_zfs/SELF_SWITCH
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#i_only_boot_zfs" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#i_only_boot_zfs" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/neelix/DEPLOY_BOOT
View File

@@ -12,6 +12,6 @@ TARGET=neelix
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#neelix' # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#neelix'

2
nix/configuration/hosts/neelix/DEPLOY_SWITCH
View File

@@ -12,6 +12,6 @@ TARGET=neelix
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#neelix' # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#neelix'

2
nix/configuration/hosts/odo/DEPLOY_BOOT
View File

@@ -10,4 +10,4 @@ TARGET=odo
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/odo/DEPLOY_SWITCH
View File

@@ -10,4 +10,4 @@ TARGET=odo
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/odo/ISO
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#odo.iso" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#odo.iso" --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/odo/SELF_BOOT
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --repair --log-format internal-json -v "${@}" |& nom --json

7
nix/configuration/hosts/odo/SELF_BUILD
View File

@@ -5,12 +5,7 @@ IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
: "${NOM:="true"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
if [ "$NOM" = "true" ]; then nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --repair --log-format internal-json -v "${@}" |& nom --json
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json
else
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" -v "${@}"
fi

2
nix/configuration/hosts/odo/SELF_SWITCH
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --repair --log-format internal-json -v "${@}" |& nom --json

5
nix/configuration/hosts/odo/default.nix
View File

@@ -93,6 +93,7 @@
me.ecc.enable = false; me.ecc.enable = false;
me.emacs_flavor = "full"; me.emacs_flavor = "full";
me.emulate_isa.enable = true; me.emulate_isa.enable = true;
me.esim.enable = true;
me.firefox.enable = true; me.firefox.enable = true;
me.firewall.enable = true; me.firewall.enable = true;
me.flux.enable = true; me.flux.enable = true;
@@ -106,8 +107,10 @@
me.graphics_card_type = "amd"; me.graphics_card_type = "amd";
me.graphviz.enable = true; me.graphviz.enable = true;
me.iso_mount.enable = true; me.iso_mount.enable = true;
me.jujutsu.config = ../../roles/jujutsu/files/jujutsu_config_home.toml;
me.jujutsu.enable = true; me.jujutsu.enable = true;
me.kanshi.enable = false; me.kanshi.enable = false;
me.kernel.enable = true;
me.kubernetes.enable = true; me.kubernetes.enable = true;
me.latex.enable = true; me.latex.enable = true;
me.launch_keyboard.enable = true; me.launch_keyboard.enable = true;
@@ -162,7 +165,7 @@
me.zsh.enable = true; me.zsh.enable = true;
me.sm64ex.enable = true; me.sm64ex.enable = true;
me.shipwright.enable = true; me.shipwright.enable = false;
me.ship2harkinian.enable = true; me.ship2harkinian.enable = true;
}; };
} }

2
nix/configuration/hosts/odowork/DEPLOY_BOOT
View File

@@ -8,4 +8,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
TARGET=odowork TARGET=odowork
nixos-rebuild boot --flake "$DIR/../../#odowork" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --flake "$DIR/../../#odowork" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/odowork/DEPLOY_SWITCH
View File

@@ -8,4 +8,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
TARGET=odowork TARGET=odowork
nixos-rebuild switch --flake "$DIR/../../#odowork" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --flake "$DIR/../../#odowork" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/odowork/INSTALLER
View File

@@ -6,4 +6,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#odowork.installer" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#odowork.installer" --repair --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/odowork/ISO
View File

@@ -6,4 +6,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#odowork.iso" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#odowork.iso" --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/odowork/SELF_BOOT
View File

@@ -6,4 +6,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odowork" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odowork" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/odowork/SELF_BUILD
View File

@@ -6,4 +6,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odowork" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odowork" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/odowork/SELF_SWITCH
View File

@@ -6,4 +6,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odowork" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odowork" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/odowork/default.nix
View File

@@ -109,7 +109,9 @@
me.graphics_card_type = "amd"; me.graphics_card_type = "amd";
me.graphviz.enable = true; me.graphviz.enable = true;
me.iso_mount.enable = true; me.iso_mount.enable = true;
me.jujutsu.config = ../../roles/jujutsu/files/jujutsu_config_home.toml;
me.jujutsu.enable = true; me.jujutsu.enable = true;
me.kernel.enable = true;
me.latex.enable = true; me.latex.enable = true;
me.launch_keyboard.enable = true; me.launch_keyboard.enable = true;
me.lvfs.enable = true; me.lvfs.enable = true;

2
nix/configuration/hosts/quark/DEPLOY_BOOT
View File

@@ -10,4 +10,4 @@ TARGET=quark
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/quark/DEPLOY_SWITCH
View File

@@ -10,4 +10,4 @@ TARGET=quark
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/quark/ISO
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#quark.iso" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#quark.iso" --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/quark/SELF_BOOT
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/quark/SELF_BUILD
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/quark/SELF_SWITCH
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --repair --log-format internal-json -v "${@}" |& nom --json

5
nix/configuration/hosts/quark/default.nix
View File

@@ -87,6 +87,7 @@
me.ecc.enable = true; me.ecc.enable = true;
me.emacs_flavor = "full"; me.emacs_flavor = "full";
me.emulate_isa.enable = true; me.emulate_isa.enable = true;
me.esim.enable = true;
me.firefox.enable = true; me.firefox.enable = true;
me.firewall.enable = true; me.firewall.enable = true;
me.flux.enable = true; me.flux.enable = true;
@@ -100,8 +101,10 @@
me.graphics_card_type = "amd"; me.graphics_card_type = "amd";
me.graphviz.enable = true; me.graphviz.enable = true;
me.iso_mount.enable = true; me.iso_mount.enable = true;
me.jujutsu.config = ../../roles/jujutsu/files/jujutsu_config_home.toml;
me.jujutsu.enable = true; me.jujutsu.enable = true;
me.kanshi.enable = false; me.kanshi.enable = false;
me.kernel.enable = true;
me.kubernetes.enable = true; me.kubernetes.enable = true;
me.latex.enable = true; me.latex.enable = true;
me.launch_keyboard.enable = true; me.launch_keyboard.enable = true;
@@ -157,7 +160,7 @@
me.zsh.enable = true; me.zsh.enable = true;
me.sm64ex.enable = true; me.sm64ex.enable = true;
me.shipwright.enable = true; me.shipwright.enable = false;
me.ship2harkinian.enable = true; me.ship2harkinian.enable = true;
}; };
} }

2
nix/configuration/hosts/recovery/DEPLOY_BOOT
View File

@@ -10,4 +10,4 @@ TARGET=recovery
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#recovery" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --flake "$DIR/../../#recovery" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/recovery/DEPLOY_SWITCH
View File

@@ -10,4 +10,4 @@ TARGET=recovery
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#recovery" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --flake "$DIR/../../#recovery" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/recovery/ISO
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#recovery.iso" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#recovery.iso" --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/recovery/SELF_BOOT
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#recovery" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#recovery" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/recovery/SELF_BUILD
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#recovery" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#recovery" --repair --log-format internal-json -v "${@}" |& nom --json

2
nix/configuration/hosts/recovery/SELF_SWITCH
View File

@@ -7,4 +7,4 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#recovery" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#recovery" --repair --log-format internal-json -v "${@}" |& nom --json

12
nix/configuration/roles/base/default.nix
View File

@@ -14,7 +14,13 @@ let
cleanup_temporary_files = ( cleanup_temporary_files = (
patchScriptBin "cleanup_temporary_files" (builtins.readFile ./files/cleanup_temporary_files.bash) patchScriptBin "cleanup_temporary_files" (builtins.readFile ./files/cleanup_temporary_files.bash)
); );
alias_rga = pkgs.writeShellScriptBin "ks" '' decode_jwt = (patchScriptBin "decode_jwt" (builtins.readFile ./files/decode_jwt.bash));
git_find_merged_branches = (
patchScriptBin "git_find_merged_branches" (builtins.readFile ./files/git_find_merged_branches.bash)
);
git_fix_author = (patchScriptBin "git_fix_author" (builtins.readFile ./files/git_fix_author.bash));
rsync_clone = (patchScriptBin "rsync_clone" (builtins.readFile ./files/rsync_clone.bash));
alias_rga = pkgs.writeShellScriptBin "rga" ''
exec ${pkgs.ripgrep}/bin/rg -uuu "''${@}" exec ${pkgs.ripgrep}/bin/rg -uuu "''${@}"
''; '';
in in
@@ -59,8 +65,12 @@ in
nix-output-monitor # For better view into nixos-rebuild nix-output-monitor # For better view into nixos-rebuild
# nix-serve-ng # Serve nix store over http # nix-serve-ng # Serve nix store over http
cleanup_temporary_files cleanup_temporary_files
decode_jwt
jq jq
inetutils # For whois inetutils # For whois
git_find_merged_branches
git_fix_author
rsync_clone
]; ];
}; };
} }

5
nix/configuration/roles/base/files/cleanup_temporary_files.bash
View File

@@ -1,4 +1,7 @@
#!/usr/bin/env bash #!/usr/bin/env bash
# #
# Delete temporary files on entire disk # Delete temporary files on entire disk
find / -type f '(' -name '*.orig' -or -name '*~' -or -name '*.core' ')' -delete -print 2>/dev/null set -euo pipefail
IFS=$'\n\t'
exec find / -type f '(' -name '*.orig' -or -name '*~' -or -name '*.core' ')' -delete -print 2>/dev/null

8
nix/configuration/roles/base/files/decode_jwt.bash Normal file
View File

@@ -0,0 +1,8 @@
#!/usr/bin/env bash
#
# Decode the contents of a JWT
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
exec jq -R 'split(".") | .[0],.[1] | gsub("-"; "+") | gsub("_"; "/") | gsub("%3D"; "=")| @base64d | fromjson'

10
nix/configuration/roles/base/files/git_find_merged_branches.bash Normal file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
# Find local branches that have been merged
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: ${MAIN_BRANCH:="main"}
git checkout -q ${MAIN_BRANCH} && git for-each-ref refs/heads/ "--format=%(refname:short)" | while read branch; do mergeBase=$(git merge-base ${MAIN_BRANCH} $branch) && [[ $(git cherry ${MAIN_BRANCH} $(git commit-tree $(git rev-parse "$branch^{tree}") -p $mergeBase -m _)) == "-"* ]] && echo "$branch"; done

22
nix/configuration/roles/base/files/git_fix_author.bash Normal file
View File

@@ -0,0 +1,22 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
git filter-branch --env-filter '
WRONG_EMAIL="old@email.foo"
NEW_NAME="New Name"
NEW_EMAIL="new@email.bar"
if [ "$GIT_COMMITTER_EMAIL" = "$WRONG_EMAIL" ]
then
export GIT_COMMITTER_NAME="$NEW_NAME"
export GIT_COMMITTER_EMAIL="$NEW_EMAIL"
fi
if [ "$GIT_AUTHOR_EMAIL" = "$WRONG_EMAIL" ]
then
export GIT_AUTHOR_NAME="$NEW_NAME"
export GIT_AUTHOR_EMAIL="$NEW_EMAIL"
fi
' --tag-name-filter cat --commit-filter 'git commit-tree -S "$@";' -- --branches --tags

8
nix/configuration/roles/base/files/rsync_clone.bash Normal file
View File

@@ -0,0 +1,8 @@
#!/usr/bin/env bash
#
# Wrapper to set rsync flags for cloning a folder preserving attributes
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
exec rsync -aHAXS "$@"

4
nix/configuration/roles/disko/default.nix
View File

@@ -85,9 +85,9 @@
set -xeuo pipefail set -xeuo pipefail
IFS=$'\n\t' IFS=$'\n\t'
#${this_nixos_config.config.system.build.destroyScript} ${this_nixos_config.config.system.build.destroyScript}
#${this_nixos_config.config.system.build.formatScript} ${this_nixos_config.config.system.build.formatScript}
${this_nixos_config.config.system.build.mountScript} ${this_nixos_config.config.system.build.mountScript}

4
nix/configuration/roles/distributed_build/default.nix
View File

@@ -56,7 +56,7 @@ let
# "aarch64-linux" # "aarch64-linux"
]; ];
hostName = lib.mkForce "hydra?remote-store=local?root=/home/nixworker/persist/root"; hostName = lib.mkForce "hydra?remote-store=local?root=/.disk/root";
}; };
}; };
joined_configs = joined_configs =
@@ -101,7 +101,7 @@ in
# Using an ssh-based substituter slows down the build because querying the remote store for paths takes ages. # Using an ssh-based substituter slows down the build because querying the remote store for paths takes ages.
# #
# nix.settings.substituters = lib.mkForce [ # nix.settings.substituters = lib.mkForce [
# "ssh-ng://nixworker@ns1.fizz.buzz:65122?compress=true&ssh-key=/persist/manual/ssh/root/keys/id_ed25519&remote-store=/home/nixworker/persist/root" # "ssh-ng://nixworker@ns1.fizz.buzz:65122?compress=true&ssh-key=/persist/manual/ssh/root/keys/id_ed25519&remote-store=/.disk/root"
# ]; # ];
# nix.settings.substitute = lib.mkForce true; # nix.settings.substitute = lib.mkForce true;

23
nix/configuration/roles/emacs/files/emacs/elisp/base-functions.el
View File

@@ -27,6 +27,29 @@
) )
) )
(defun run-command-on-buffer-require-output (cmd &rest args)
"Run a command using the current buffer as stdin and replacing its contents if the command succeeds with the stdout from the command. This is useful for code formatters. This version only replaces the buffer contents if the command output some text."
(let (
(stdout-buffer (generate-new-buffer "tmp-stdout" t))
(full-cmd (append '(call-process-region nil nil cmd nil stdout-buffer nil) args))
)
(unwind-protect
(let ((exit-status (eval full-cmd)))
(if (eq exit-status 0)
(if (> (buffer-size stdout-buffer) 0)
(save-excursion
(replace-buffer-contents stdout-buffer)
)
(message "No output from command on buffer %s" (append (list cmd) args))
)
(message "FAILED running command on buffer %s" (append (list cmd) args))
)
)
(kill-buffer stdout-buffer)
)
)
)
(defun run-command-in-directory (dir cmd &rest args) (defun run-command-in-directory (dir cmd &rest args)
"Run a command in the specified directory. If the directory is nil, the directory of the file is used. The stdout result is trimmed of whitespace and returned." "Run a command in the specified directory. If the directory is nil, the directory of the file is used. The stdout result is trimmed of whitespace and returned."
(let ( (let (

27
nix/configuration/roles/emacs/files/emacs/elisp/base.el
View File

@@ -1,9 +1,19 @@
(package-initialize) (package-initialize)
(use-package use-package) (use-package use-package
:custom
;; Unless otherwise specified, always install packages if they are absent.
(use-package-always-ensure t)
;; Allow updating built-in packages like eglot
;; For some reason, built-in packages are still not updating so I'm just going to comment this out.
;; (package-install-upgrade-built-in t)
;; Natively compile packages
(package-native-compile t)
:config
(add-to-list 'package-archives
'("melpa" . "https://melpa.org/packages/")
)
)
(add-to-list 'package-archives
'("melpa" . "https://melpa.org/packages/")
)
(use-package auto-package-update (use-package auto-package-update
:ensure t :ensure t
@@ -71,10 +81,11 @@
) )
(setq-default (setq-default
;; Unless otherwise specified, always install packages if they are absent.
use-package-always-ensure t
;; Point custom-file at /dev/null so emacs does not write any settings to my dotfiles. ;; Point custom-file at /dev/null so emacs does not write any settings to my dotfiles.
custom-file "/dev/null" ;; custom-file "/dev/null"
;;
;; list-package breaks on newer versions of emacs if custom-file is set to /dev/null
custom-file (expand-file-name "custom.el" user-emacs-directory)
;; Don't pop up a small window at the bottom of emacs at launch. ;; Don't pop up a small window at the bottom of emacs at launch.
inhibit-startup-screen t inhibit-startup-screen t
inhibit-startup-message t inhibit-startup-message t
@@ -95,8 +106,6 @@
"%b"))) "%b")))
;; Use 'y' or 'n' instead of 'yes' or 'no' ;; Use 'y' or 'n' instead of 'yes' or 'no'
use-short-answers t use-short-answers t
;; Natively compile packages
package-native-compile t
;; Confirm when opening a file that does not exist ;; Confirm when opening a file that does not exist
confirm-nonexistent-file-or-buffer t confirm-nonexistent-file-or-buffer t
;; Do not require double space to end a sentence. ;; Do not require double space to end a sentence.

1
nix/configuration/roles/emacs/files/emacs/elisp/common-lsp.el
View File

@@ -1,4 +1,5 @@
(use-package eglot (use-package eglot
;; This is an emacs built-in but we're pulling the latest version
:pin gnu :pin gnu
:commands (eglot eglot-ensure) :commands (eglot eglot-ensure)
:bind (:map eglot-mode-map :bind (:map eglot-mode-map

4
nix/configuration/roles/emacs/files/emacs/elisp/lang-d2.el
View File

@@ -1,14 +1,14 @@
(defun d2-format-buffer () (defun d2-format-buffer ()
"Run prettier." "Run prettier."
(interactive) (interactive)
(run-command-on-buffer "d2" "fmt" "-") (run-command-on-buffer-require-output "d2" "fmt" "-")
) )
(use-package d2-mode (use-package d2-mode
:commands (d2-mode) :commands (d2-mode)
:hook ( :hook (
(d2-mode . (lambda () (d2-mode . (lambda ()
;; (add-hook 'before-save-hook 'd2-format-buffer nil 'local) (add-hook 'before-save-hook 'd2-format-buffer nil 'local)
)) ))
) )
) )

140
nix/configuration/roles/emacs/files/emacs/elisp/lang-org.el
View File

@@ -1,81 +1,79 @@
(use-package org (require 'color)
:ensure nil (let ((bg (face-attribute 'default :background)))
:commands org-mode (use-package org
:bind (:map org-mode-map :ensure nil
("C-c l" . org-store-link) :commands org-mode
("C-c a" . org-agenda) :bind (:map org-mode-map
("S-<up>" . org-shiftup) ("C-c l" . org-store-link)
("S-<right>" . org-shiftright) ("C-c a" . org-agenda)
("S-<down>" . org-shiftdown) ("S-<up>" . org-shiftup)
("S-<left>" . org-shiftleft) ("S-<right>" . org-shiftright)
) ("S-<down>" . org-shiftdown)
:hook ( ("S-<left>" . org-shiftleft)
(org-mode . (lambda () )
(org-indent-mode +1) :hook (
)) (org-mode . (lambda ()
;; Make windmove work in Org mode: (org-indent-mode +1)
(org-shiftup-final . windmove-up) ))
(org-shiftleft-final . windmove-left) ;; Make windmove work in Org mode:
(org-shiftdown-final . windmove-down) (org-shiftup-final . windmove-up)
(org-shiftright-final . windmove-right) (org-shiftleft-final . windmove-left)
) (org-shiftdown-final . windmove-down)
:config (org-shiftright-final . windmove-right)
(require 'org-tempo) )
(setq org-export-latex-listings t) :custom-face
(setq org-startup-truncated nil) (org-block ((t (:inherit default :background ,(color-lighten-name bg 15) :extend ,t))))
(setq org-startup-folded nil) (org-block-begin-line ((t (:inherit default :background ,"#472300" :extend ,t))))
(setq org-src-fontify-natively t (org-block-end-line ((t (:inherit default :background ,"#472300" :extend ,t))))
org-src-tab-acts-natively t :config
org-confirm-babel-evaluate nil (require 'org-tempo)
) (setq org-export-latex-listings t)
(setq org-startup-truncated nil)
(setq org-startup-folded nil)
(setq org-src-fontify-natively t
org-src-tab-acts-natively t
org-confirm-babel-evaluate nil
)
;; Show the full source of org-mode links instead of condensing them. I.E. render "[[foo]]" instead of "foo" ;; Show the full source of org-mode links instead of condensing them. I.E. render "[[foo]]" instead of "foo"
(setq org-descriptive-links nil) (setq org-descriptive-links nil)
;; Only interpret _ and ^ and sub and superscripts if they're of the form _{subscript} and ^{superscript} ;; Only interpret _ and ^ and sub and superscripts if they're of the form _{subscript} and ^{superscript}
(setq org-export-with-sub-superscripts '{}) (setq org-export-with-sub-superscripts '{})
;; Don't include a "validate" link at the bottom of html export ;; Don't include a "validate" link at the bottom of html export
(setq org-html-validation-link nil) (setq org-html-validation-link nil)
(setq org-latex-listings 'minted) (setq org-latex-listings 'minted)
(setq org-latex-minted-options '(("breaklines" "true") (setq org-latex-minted-options '(("breaklines" "true")
("breakanywhere" "true") ("breakanywhere" "true")
("bgcolor" "mintedbg") ("frame" "single") ("framesep" "6pt") ("fontsize" "\\footnotesize"))) ("bgcolor" "mintedbg") ("frame" "single") ("framesep" "6pt") ("fontsize" "\\footnotesize")))
;; TODO: There is an option to set the compiler, could be better than manually doing this here https://orgmode.org/manual/LaTeX_002fPDF-export-commands.html ;; TODO: There is an option to set the compiler, could be better than manually doing this here https://orgmode.org/manual/LaTeX_002fPDF-export-commands.html
;; (setq org-latex-compiler "lualatex") ;; (setq org-latex-compiler "lualatex")
;; TODO: nixos latex page recommends this line, figure out what it does / why its needed: ;; TODO: nixos latex page recommends this line, figure out what it does / why its needed:
;; (setq org-preview-latex-default-process 'dvisvgm) ;; (setq org-preview-latex-default-process 'dvisvgm)
(setq org-latex-pdf-process (setq org-latex-pdf-process
'("lualatex -shell-escape -interaction nonstopmode -output-directory %o %f" '("lualatex -shell-escape -interaction nonstopmode -output-directory %o %f"
"lualatex -shell-escape -interaction nonstopmode -output-directory %o %f" "lualatex -shell-escape -interaction nonstopmode -output-directory %o %f"
"lualatex -shell-escape -interaction nonstopmode -output-directory %o %f")) "lualatex -shell-escape -interaction nonstopmode -output-directory %o %f"))
(add-to-list 'org-latex-packages-alist '("cache=false" "minted")) (add-to-list 'org-latex-packages-alist '("cache=false" "minted"))
(add-to-list 'org-latex-packages-alist '("" "svg")) (add-to-list 'org-latex-packages-alist '("" "svg"))
(add-to-list 'org-latex-packages-alist '("margin=2cm" "geometry" nil)) (add-to-list 'org-latex-packages-alist '("margin=2cm" "geometry" nil))
(add-to-list 'org-src-lang-modes '("dot" . "graphviz-dot")) (add-to-list 'org-src-lang-modes '("dot" . "graphviz-dot"))
(org-babel-do-load-languages 'org-babel-load-languages (org-babel-do-load-languages 'org-babel-load-languages
'((shell . t) '((shell . t)
(js . t) (js . t)
(emacs-lisp . t) (emacs-lisp . t)
(python . t) (python . t)
(dot . t) (dot . t)
(css . t) (css . t)
(gnuplot . t) (gnuplot . t)
(sqlite . t) (sqlite . t)
)) ))
)
(require 'color)
(let ((bg (face-attribute 'default :background)))
(custom-set-faces
`(org-block ((t (:inherit default :background ,(color-lighten-name bg 15) :extend ,t))))
`(org-block-begin-line ((t (:inherit default :background ,"#472300" :extend ,t))))
`(org-block-end-line ((t (:inherit default :background ,"#472300" :extend ,t))))
))
) )
(use-package org-bullets (use-package org-bullets

33
nix/configuration/roles/esim/default.nix Normal file
View File

@@ -0,0 +1,33 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
esim.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install esim.";
};
};
config = lib.mkIf (config.me.esim.enable && config.me.graphical) {
environment.systemPackages = with pkgs; [
easylpac
zbar # To decode qrcodes via `zbarimg <file>`
];
nixpkgs.overlays = [
(final: prev: {
easylpac = (final.callPackage ./package/easylpac/package.nix { });
})
];
};
}

1
nix/configuration/roles/esim/package/easylpac/CONTRIB Normal file
View File

@@ -0,0 +1 @@
Package from https://github.com/nix-community/nur-combined/blob/main/repos/linyinfeng/pkgs/easylpac/default.nix

120
nix/configuration/roles/esim/package/easylpac/ci-registry.json Normal file
View File

@@ -0,0 +1,120 @@
[
{
"key-id": "81370f",
"name": "GSM Association - RSP2 Root CI1",
"crls": ["http://gsma-crl.symauth.com/offlineca/gsma-rsp2-root-ci1.crl"]
},
{
"key-id": "d7a7d0",
"name": "GSM Association - M2M31 Root CI2"
},
{
"key-id": "4c2796",
"name": "OISITE GSMA CI G1",
"crls": ["http://public.wisekey.com/crl/ogsmacig1.crl"]
},
{
"key-id": "665a14",
"name": "Symantec RSP Test Root CA",
"crls": ["http://pki-crl.symauth.com/ca_a3dc2e3fea7708a11c889386d9d3a76f/LatestCRL.crl"]
},
{
"key-id": "f54172",
"name": "GSMA Test CI (SGP.26 v1)"
},
{
"key-id": "c0bc70",
"name": "GSMA Test CI (SGP.26 v1, BRP P256r1)"
},
{
"key-id": "34eecf",
"name": "Test CI (SGP.26 v3)"
},
{
"key-id": "2209f6",
"name": "Test CI (SGP.26 v3, BRP P256r1)"
},
{
"key-id": "148030",
"country": "CN",
"name": "Taier eSIM Root CA",
"crls": ["http://111.204.176.254:18889/download/n1.crl", "http://111.204.176.254:18889/download/n2.crl"]
},
{
"key-id": "16b5d1",
"country": "CN",
"name": "MNO: China Unicom"
},
{
"key-id": "7c0e54",
"country": "CN",
"name": "MNO: China Unicom"
},
{
"key-id": "3bd3f5",
"country": "CN",
"name": "MNO: China Unicom"
},
{
"key-id": "cdf6d1",
"country": "CN",
"name": "MNO: China Mobile"
},
{
"key-id": "d3ef83",
"country": "CN",
"name": "MNO: China Telecom",
"crls": ["http://crl.cnca.net/esim/ccs/a.crl", "http://crl.cnca.net/esim/ccs/b.crl"]
},
{
"key-id": "4eb94e",
"country": "CN",
"name": "MNO: China Telecom"
},
{
"key-id": "b70ba4",
"country": "GB",
"name": "Truphone SAS-UP CA"
},
{
"key-id": "73fca0",
"country": "CN",
"name": "Redtea Mobile CI"
},
{
"key-id": "ea53ad",
"country": "DE",
"name": "SubMan V4.2 CI"
},
{
"key-id": "96524c",
"country": "DE",
"name": "SubMan V4.2 CI"
},
{
"key-id": "b60f0b",
"country": "DE",
"name": "SubMan V4.2 CI Google Pixel"
},
{
"key-id": "cd6e60",
"country": "FR",
"name": "MC4 OT ROOT CI v1"
},
{
"key-id": "066d48",
"country": "FR",
"name": "MC4 CI TEST v2"
},
{
"key-id": "16704b",
"country": "US",
"name": "Entrust eSIM CA",
"crls": ["http://crl.entrust.net/entesimca.crl"]
},
{
"key-id": "77f0bd",
"country": "FR",
"name": "Gemalto CE CI"
}
]

88
nix/configuration/roles/esim/package/easylpac/eum-registry.json Normal file
View File

@@ -0,0 +1,88 @@
[
{
"eum": "35060000",
"country": "CN",
"manufacturer": "HED"
},
{
"eum": "35840574",
"country": "CN",
"manufacturer": "Beijing Watchdata",
"accreditations": ["WD-BG"]
},
{
"eum": "89033023",
"country": "FR",
"manufacturer": "Thales",
"accreditations": ["GO-CA", "GO-PA", "GO-SI", "TS-CA", "TS-ME", "TS-NA", "TS-PA", "TS-SI"]
},
{
"eum": "89033024",
"country": "FR",
"manufacturer": "IDEMIA",
"accreditations": ["IA-FK", "IA-VE", "ID-NA", "ID-SN", "OR-SN"]
},
{
"eum": "89034011",
"country": "ES",
"manufacturer": "Valid",
"accreditations": ["VD-MD", "VD-SU"]
},
{
"eum": "89041030",
"country": "CH",
"manufacturer": "STM",
"accreditations": ["SM-CA", "SM-CT"]
},
{
"eum": "89043051",
"country": "AT",
"manufacturer": "NXP",
"accreditations": ["NP-HG", "NP-KG", "NP-TN"]
},
{
"eum": "89043052",
"country": "AT",
"manufacturer": "NXP"
},
{
"eum": "89044045",
"country": "GB",
"manufacturer": "Kigen",
"accreditations": ["KN-DN", "KN-NA"]
},
{
"eum": "89044047",
"country": "GB",
"manufacturer": "Truphone"
},
{
"eum": "89049032",
"country": "DE",
"manufacturer": "G+D",
"accreditations": ["GD-BA", "GD-CI", "GD-MM", "GD-NG"]
},
{
"eum": "89049038",
"country": "DE",
"manufacturer": "G+D"
},
{
"eum": "89086001",
"country": "CN",
"manufacturer": "Hengbao",
"accreditations": ["HO-DG"]
},
{
"eum": "89086029",
"country": "CN",
"manufacturer": "Wuhan Tianyu",
"accreditations": ["WN-HI"]
},
{
"eum": "89086030",
"country": "CN",
"manufacturer": "Eastcompeace",
"accreditations": ["ED-ZI"]
}
]

68
nix/configuration/roles/esim/package/easylpac/package.nix Normal file
View File

@@ -0,0 +1,68 @@
{
callPackage,
go,
buildGoModule,
fetchFromGitHub,
pkg-config,
gtk3,
libXxf86vm,
libglvnd,
glfw,
wrapGAppsHook3,
fontconfig,
lpac,
lib,
}:
buildGoModule rec {
pname = "easylpac";
version = "0.7.9.2";
src = fetchFromGitHub {
owner = "creamlike1024";
repo = "EasyLPAC";
rev = version;
sha256 = "sha256-8VVR8QJR6SZEvdGls3kDU9l8SdFdUVnHm2qxUzgGJuU=";
};
proxyVendor = true;
vendorHash = "sha256-tX7abWGn1f4p+7vx2gDa5/NKg5SbWqMfHT8kbPwHK14=";
postConfigure = ''
cp --verbose "${./eum-registry.json}" eum-registry.json
cp --verbose "${./ci-registry.json}" ci-registry.json
'';
env.FONTCONFIG_FILE = "${fontconfig.out}/etc/fonts/fonts.conf";
nativeBuildInputs = [
pkg-config
wrapGAppsHook3
];
buildInputs = [
gtk3
libglvnd
libXxf86vm
]
++ glfw.buildInputs;
postInstall = ''
ln -s "${lpac}/bin/lpac" "$out/bin/lpac"
'';
passthru = {
updateScriptEnabled = true;
updateScript =
let
script = callPackage ./update.nix { };
in
[ "${script}/bin/update-easylpac" ];
};
meta = with lib; {
description = "lpac GUI Frontend";
homepage = "https://github.com/creamlike1024/EasyLPAC";
mainProgram = "EasyLPAC";
license = licenses.mit;
maintainers = with maintainers; [ yinfeng ];
broken = !(lib.versionAtLeast go.version "1.24");
};
}

28
nix/configuration/roles/firefox/default.nix
View File

@@ -66,8 +66,18 @@
"privacy.fingerprintingProtection" = true; "privacy.fingerprintingProtection" = true;
# Allow sending dark mode preference to websites. # Allow sending dark mode preference to websites.
# Allow sending timezone to websites. # Allow sending timezone to websites.
"privacy.fingerprintingProtection.overrides" = "privacy.fingerprintingProtection.overrides" = (
"+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt,-CanvasExtractionFromThirdPartiesIsBlocked"; builtins.concatStringsSep "," [
"+AllTargets" # Enable all protections
"-CSSPrefersColorScheme" # Don't hide light/dark preference
"-JSDateTimeUTC" # Allow sending timezone to websites.
"-CanvasExtractionBeforeUserInputIsBlocked" # Canvas image extraction needed by google maps to avoid names looking like barcodes.
# Google meet's auto-framing results in random flashing colored bars unless the following two are allowed:
"-CanvasImageExtractionPrompt"
"-CanvasExtractionFromThirdPartiesIsBlocked"
"-WebGLRenderCapability" # Needed for smooth zooming on google maps
]
);
# Disable weather on new tab page # Disable weather on new tab page
"browser.newtabpage.activity-stream.showWeather" = false; "browser.newtabpage.activity-stream.showWeather" = false;
# Disable AI stuff that wastes battery life # Disable AI stuff that wastes battery life
@@ -79,6 +89,20 @@
policies = { policies = {
DisableTelemetry = true; DisableTelemetry = true;
DisplayBookmarksToolbar = "newtab"; DisplayBookmarksToolbar = "newtab";
DisableFirefoxStudies = true;
FirefoxHome = {
SponsoredStories = false;
SponsoredTopSites = false;
Stories = false;
};
GenerativeAI = {
Enabled = false;
};
SearchEngines = {
Remove = [
"Perplexity"
];
};
# Check about:support for extension/add-on ID strings. # Check about:support for extension/add-on ID strings.
# Valid strings for installation_mode are "allowed", "blocked", # Valid strings for installation_mode are "allowed", "blocked",

11
nix/configuration/roles/firewall/default.nix
View File

@@ -24,7 +24,16 @@
networking.firewall.allowedUDPPorts = [ networking.firewall.allowedUDPPorts = [
5353 # mDNS 5353 # mDNS
]; ];
# networking.firewall.enable = true;
# networking.nftables.enable = true;
# Or disable the firewall altogether. # Or disable the firewall altogether.
# networking.firewall.enable = false; networking.firewall.enable = false;
# Debugging
# networking.firewall.logRefusedConnections = true;
# networking.firewall.logRefusedPackets = true;
# networking.firewall.logReversePathDrops = true;
}; };
} }

2
nix/configuration/roles/gcloud/default.nix
View File

@@ -18,7 +18,7 @@
}; };
config = lib.mkIf config.me.gcloud.enable { config = lib.mkIf config.me.gcloud.enable {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs.google; [
(google-cloud-sdk.withExtraComponents [ google-cloud-sdk.components.gke-gcloud-auth-plugin ]) (google-cloud-sdk.withExtraComponents [ google-cloud-sdk.components.gke-gcloud-auth-plugin ])
]; ];

2
nix/configuration/roles/graphics/default.nix
View File

@@ -34,7 +34,7 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
mesa-demos # for glxgears mesa-demos # for glxgears
vulkan-tools # for vkcube vulkan-tools # for vkcube
xorg.xeyes # to test which windows are using x11 xeyes # to test which windows are using x11
]; ];
hardware.graphics.enable = true; hardware.graphics.enable = true;
# hardware.graphics.enable32Bit = true; # hardware.graphics.enable32Bit = true;

113
nix/configuration/roles/hydra/default.nix
View File

@@ -6,29 +6,51 @@
}: }:
let let
patchScriptBin = # patchScriptBin =
{ # {
filename, # filename,
contents, # contents,
path ? [ ], # path ? [ ],
}: # }:
((pkgs.writeScriptBin filename contents).overrideAttrs (old: { # ((pkgs.writeScriptBin filename contents).overrideAttrs (old: {
buildInputs = [ pkgs.makeWrapper ]; # buildInputs = [ pkgs.makeWrapper ];
buildCommand = "${old.buildCommand}\n patchShebangs $out\nwrapProgram $out/bin/${filename} --prefix PATH : ${lib.makeBinPath path}"; # buildCommand = "${old.buildCommand}\n patchShebangs $out\nwrapProgram $out/bin/${filename} --prefix PATH : ${lib.makeBinPath path}";
})); # }));
build_odo = ( nix_builder = pkgs.rustPlatform.buildRustPackage rec {
patchScriptBin { pname = "nix_builder";
filename = "build_odo"; version = "0.0.0";
contents = (builtins.readFile ./files/build_odo.bash);
path = with pkgs; [ src = pkgs.fetchgit {
bash url = "https://code.fizz.buzz/talexander/nix_builder.git";
git # tag = version;
nix rev = "606832f505a1ccc9702cd12c236c3188f9282e82";
nix-output-monitor hash = "sha256-WHvnkCIPDBw0BnrQMnBpmwmYuhlxR4FfkoNWw2DY6XE=";
nixos-rebuild leaveDotGit = false;
]; };
}
); cargoLock = {
lockFile = "${src}/Cargo.lock";
};
meta = with lib; {
description = "A builder of nix configs for a build server.";
homepage = "https://code.fizz.buzz/talexander/nix_builder";
license = licenses.bsd0;
maintainers = [ ];
};
nativeBuildInputs = [ pkgs.makeWrapper ];
postInstall = ''
wrapProgram $out/bin/nix-builder --prefix PATH : ${
lib.makeBinPath [
pkgs.git
pkgs.nix
pkgs.nixos-rebuild
]
}
'';
};
in in
{ {
imports = [ ]; imports = [ ];
@@ -44,7 +66,8 @@ in
config = lib.mkIf config.me.hydra.enable { config = lib.mkIf config.me.hydra.enable {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
build_odo nix_builder
sqlite # For manually inspecting the database.
]; ];
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) { environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
@@ -62,11 +85,11 @@ in
}; };
# Nix 2.30.0 (2025-07-07) changed the build directory from /tmp to /nix/var/nix/builds which broke a number of builds because my ZFS datasets were utf8only. # Nix 2.30.0 (2025-07-07) changed the build directory from /tmp to /nix/var/nix/builds which broke a number of builds because my ZFS datasets were utf8only.
fileSystems."/home/nixworker/persist/root/nix/var/nix/builds" = { fileSystems."/.disk/root/nix/var/nix/builds" = {
device = "tmpfs"; device = "tmpfs";
fsType = "tmpfs"; fsType = "tmpfs";
options = [ options = [
"size=40G" # adjust for your situation and needs "size=50G" # adjust for your situation and needs
"mode=700" "mode=700"
"uid=11400" "uid=11400"
"gid=11400" "gid=11400"
@@ -76,7 +99,7 @@ in
systemd.timers."build-cache" = { systemd.timers."build-cache" = {
wantedBy = [ "timers.target" ]; wantedBy = [ "timers.target" ];
timerConfig = { timerConfig = {
OnCalendar = "Mon *-*-* 02:00:00 America/New_York"; OnCalendar = "*-*-* 03:00:00 America/New_York";
Unit = "build-cache.service"; Unit = "build-cache.service";
}; };
}; };
@@ -87,13 +110,45 @@ in
IFS=$'\n\t' IFS=$'\n\t'
DIR="$( cd "$( dirname "''${BASH_SOURCE[0]}" )" && pwd )" DIR="$( cd "$( dirname "''${BASH_SOURCE[0]}" )" && pwd )"
${build_odo}/bin/build_odo NIX_REMOTE='local?root=/.disk/root' RUST_BACKTRACE=1 RUST_LOG=nix_builder=DEBUG ${nix_builder}/bin/nix-builder build --config ${./files/nix_builder.toml} --target odo --target odo_update --target odowork --target odowork_update --target quark --target quark_update --target hydra --target hydra_update --target controller0 --target controller0_update --target controller1 --target controller1_update --target controller2 --target controller2_update --target worker0 --target worker0_update --target worker1 --target worker1_update --target worker2 --target worker2_update --target family_disks --target family_disks_update --target nixbsd
''; '';
restartIfChanged = false; restartIfChanged = false;
serviceConfig = { serviceConfig = {
Type = "simple"; Type = "simple";
User = "nixworker"; User = "nixworker";
RemainAfterExit = true; # Prevents the service from automatically starting on rebuild. See https://discourse.nixos.org/t/how-to-prevent-custom-systemd-service-from-restarting-on-nixos-rebuild-switch/43431 # restartIfChanged = false;
# RemainAfterExit = true; # Prevents the service from automatically starting on rebuild. See https://discourse.nixos.org/t/how-to-prevent-custom-systemd-service-from-restarting-on-nixos-rebuild-switch/43431
LimitNOFILE = 8192;
};
};
# TODO: This should move into nix-builder so we can only run clean when builds are passing. Otherwise partial builds will lose progress.
# TODO: In nix-builder maybe include setting to auto delete to make room during builds if we run out of space, just in case builds are failing for a long time and prevent cleanup from running.
systemd.timers."clean-cache" = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*-*-01 02:00:00 America/New_York";
Unit = "clean-cache.service";
};
};
systemd.services."clean-cache" = {
script = ''
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "''${BASH_SOURCE[0]}" )" && pwd )"
NIX_REMOTE='local?root=/.disk/root' nix-collect-garbage -d
'';
path = with pkgs; [
pkgs.nix
];
restartIfChanged = false;
serviceConfig = {
Type = "simple";
User = "nixworker";
# restartIfChanged = false;
# RemainAfterExit = true; # Prevents the service from automatically starting on rebuild. See https://discourse.nixos.org/t/how-to-prevent-custom-systemd-service-from-restarting-on-nixos-rebuild-switch/43431
LimitNOFILE = 8192; LimitNOFILE = 8192;
}; };
}; };

18
nix/configuration/roles/hydra/files/build_odo.bash
View File

@@ -1,18 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# : ${FOO:="1"}
# MANUAL: doas install -d -o nixworker -g nixworker /persist/manual/manual_add_to_store
# MANUAL: doas -u nixworker touch /persist/manual/manual_add_to_store/foo
mkdir -p /home/nixworker/persist/machines/odo /home/nixworker/persist/root
if [ ! -d /home/nixworker/persist/machine_setup ]; then
git clone --branch kubernetes https://code.fizz.buzz/talexander/machine_setup.git /home/nixworker/persist/machine_setup
fi
(cd /home/nixworker/persist/machines/odo && JOBS=1 NIX_REMOTE='local?root=/home/nixworker/persist/root' NOM='false' /home/nixworker/persist/machine_setup/nix/configuration/hosts/odo/SELF_BUILD)

186
nix/configuration/roles/hydra/files/nix_builder.toml Normal file
View File

@@ -0,0 +1,186 @@
output_directory = "/home/nixworker/persist/nix_builder"
[[targets]]
name = "odo"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "nix"
path = "nix/configuration"
attr = "nixosConfigurations.odo.config.system.build.toplevel"
[[targets]]
name = "odo_update"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "nix"
path = "nix/configuration"
attr = "nixosConfigurations.odo.config.system.build.toplevel"
update = true
update_branch = "nix_update"
[[targets]]
name = "odowork"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "nix"
path = "nix/configuration"
attr = "nixosConfigurations.odowork.config.system.build.toplevel"
[[targets]]
name = "odowork_update"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "nix"
path = "nix/configuration"
attr = "nixosConfigurations.odowork.config.system.build.toplevel"
update = true
update_branch = "nix_update"
[[targets]]
name = "quark"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "nix"
path = "nix/configuration"
attr = "nixosConfigurations.quark.config.system.build.toplevel"
[[targets]]
name = "quark_update"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "nix"
path = "nix/configuration"
attr = "nixosConfigurations.quark.config.system.build.toplevel"
update = true
update_branch = "nix_update"
[[targets]]
name = "hydra"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "nix"
path = "nix/configuration"
attr = "hydra.vm_iso"
[[targets]]
name = "hydra_update"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "nix"
path = "nix/configuration"
attr = "hydra.vm_iso"
update = true
update_branch = "nix_update"
[[targets]]
name = "controller0"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "kubernetes"
path = "nix/kubernetes"
attr = "controller0.vm_iso"
[[targets]]
name = "controller0_update"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "kubernetes"
path = "nix/kubernetes"
attr = "controller0.vm_iso"
update = true
update_branch = "kubernetes_update"
[[targets]]
name = "controller1"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "kubernetes"
path = "nix/kubernetes"
attr = "controller1.vm_iso"
[[targets]]
name = "controller1_update"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "kubernetes"
path = "nix/kubernetes"
attr = "controller1.vm_iso"
update = true
update_branch = "kubernetes_update"
[[targets]]
name = "controller2"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "kubernetes"
path = "nix/kubernetes"
attr = "controller2.vm_iso"
[[targets]]
name = "controller2_update"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "kubernetes"
path = "nix/kubernetes"
attr = "controller2.vm_iso"
update = true
update_branch = "kubernetes_update"
[[targets]]
name = "worker0"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "kubernetes"
path = "nix/kubernetes"
attr = "worker0.vm_iso"
[[targets]]
name = "worker0_update"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "kubernetes"
path = "nix/kubernetes"
attr = "worker0.vm_iso"
update = true
update_branch = "kubernetes_update"
[[targets]]
name = "worker1"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "kubernetes"
path = "nix/kubernetes"
attr = "worker1.vm_iso"
[[targets]]
name = "worker1_update"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "kubernetes"
path = "nix/kubernetes"
attr = "worker1.vm_iso"
update = true
update_branch = "kubernetes_update"
[[targets]]
name = "worker2"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "kubernetes"
path = "nix/kubernetes"
attr = "worker2.vm_iso"
[[targets]]
name = "worker2_update"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "kubernetes"
path = "nix/kubernetes"
attr = "worker2.vm_iso"
update = true
update_branch = "kubernetes_update"
# TODO: Add steam deck
[[targets]]
name = "family_disks"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "family_disks"
path = "nix/configuration"
attr = "nixosConfigurations.family_disks.config.system.build.toplevel"
[[targets]]
name = "family_disks_update"
repo = "https://code.fizz.buzz/talexander/machine_setup.git"
branch = "family_disks"
path = "nix/configuration"
attr = "nixosConfigurations.family_disks.config.system.build.toplevel"
update = true
update_branch = "nix_update"
[[targets]]
name = "nixbsd"
repo = "https://github.com/nixos-bsd/nixbsd.git"
revision = "828ff7a3c4ee91f548de65a963fca40eaedb171c"
path = "."
attr = "base.vmClosureInfo"

28
nix/configuration/roles/jujutsu/default.nix
View File

@@ -15,11 +15,29 @@
example = true; example = true;
description = "Whether we want to install jujutsu."; description = "Whether we want to install jujutsu.";
}; };
jujutsu.config = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
example = ./files/jujutsu_config_home.toml;
description = "A jujutsu config file.";
};
}; };
config = lib.mkIf config.me.jujutsu.enable { config = lib.mkIf config.me.jujutsu.enable (
environment.systemPackages = with pkgs; [ lib.mkMerge [
jujutsu {
]; environment.systemPackages = with pkgs; [
}; jujutsu
];
}
(lib.mkIf (config.me.jujutsu.config != null) {
me.install.user.talexander.file = {
".config/jj/config.toml" = {
source = config.me.jujutsu.config;
};
};
})
]
);
} }

17
nix/configuration/roles/jujutsu/files/jujutsu_config_home.toml Normal file
View File

@@ -0,0 +1,17 @@
#:schema https://docs.jj-vcs.dev/latest/config-schema.json
[ui]
default-command = "log"
paginate = "never"
[user]
name = "Tom Alexander"
email = "tom@fizz.buzz"
[signing]
behavior = "own"
backend = "gpg"
key = "D272C8D6167F26859467666F4278299FB84F6875"
# [git]
# sign-on-push = true

194
nix/configuration/roles/kernel/default.nix Normal file
View File

@@ -0,0 +1,194 @@
# Check current config:
# nix build '/persist/machine_setup/nix/configuration#nixosConfigurations.hydra.pkgs.linux_me.configfile'
# cat $(nix eval --raw '/persist/machine_setup/nix/configuration#nixosConfigurations.hydra.pkgs.linux_me.configfile') | less
{
config,
lib,
pkgs,
...
}:
let
preemption_type = with lib.kernel; {
full = {
PREEMPT_DYNAMIC = yes;
PREEMPT = yes;
PREEMPT_VOLUNTARY = lib.mkForce no;
PREEMPT_LAZY = lib.mkForce no;
PREEMPT_NONE = no;
};
lazy = {
PREEMPT_DYNAMIC = yes;
PREEMPT = no;
PREEMPT_VOLUNTARY = lib.mkForce no;
PREEMPT_LAZY = yes;
PREEMPT_NONE = no;
};
voluntary = {
PREEMPT_DYNAMIC = no;
PREEMPT = no;
PREEMPT_VOLUNTARY = yes;
PREEMPT_LAZY = lib.mkForce no;
PREEMPT_NONE = no;
};
none = {
PREEMPT_DYNAMIC = no;
PREEMPT = no;
PREEMPT_VOLUNTARY = lib.mkForce no;
PREEMPT_LAZY = lib.mkForce no;
PREEMPT_NONE = yes;
};
};
tick_hz =
with lib.kernel;
{
"1000" = {
HZ_1000 = yes;
HZ = freeform "1000";
};
}
// lib.genAttrs [ "100" "250" "300" "500" "600" "750" ] (hz: {
HZ_1000 = no;
"HZ_${hz}" = yes;
HZ = freeform hz;
});
performance_governor = with lib.kernel; {
default = {
CPU_FREQ_DEFAULT_GOV_SCHEDUTIL = yes;
};
performance = {
CPU_FREQ_DEFAULT_GOV_SCHEDUTIL = no;
CPU_FREQ_DEFAULT_GOV_PERFORMANCE = yes;
};
};
tick_rate = with lib.kernel; {
# Always tick at the hz frequency.
periodic = {
NO_HZ_IDLE = no;
NO_HZ_FULL = no;
NO_HZ = no;
NO_HZ_COMMON = no;
HZ_PERIODIC = yes;
};
# Idle - Do not disturb the CPU when idle. This can save power but increase latency.
idle = {
HZ_PERIODIC = no;
NO_HZ_FULL = no;
NO_HZ_IDLE = yes;
NO_HZ = yes;
NO_HZ_COMMON = yes;
};
# Full dyntick system (tickless) - The kernel tries to shut down the tick whenever possible.
tickless = {
HZ_PERIODIC = no;
NO_HZ_IDLE = no;
NO_HZ_FULL = yes;
NO_HZ = yes;
NO_HZ_COMMON = yes;
CONTEXT_TRACKING = yes;
};
};
huge_page = with lib.kernel; {
always = {
TRANSPARENT_HUGEPAGE_MADVISE = no;
TRANSPARENT_HUGEPAGE_ALWAYS = yes;
};
madvise = {
TRANSPARENT_HUGEPAGE_ALWAYS = no;
TRANSPARENT_HUGEPAGE_MADVISE = yes;
};
};
common_config =
with lib.kernel;
{
# Google's BBRv3 TCP congestion Control
TCP_CONG_BBR = yes;
DEFAULT_BBR = yes;
};
flavors = {
server = lib.mkMerge [
preemption_type.none
tick_hz."300"
performance_governor.default
tick_rate.tickless
huge_page.madvise
];
interactive =
with lib.kernel;
lib.mkMerge [
{
# Enable RCU Lazy - Reduces power consumption when idle or lightly loaded. Useful for battery-powered devices like laptops.
RCU_LAZY = yes;
}
preemption_type.lazy
tick_hz."300"
performance_governor.default
tick_rate.tickless
huge_page.madvise
];
};
in
{
imports = [ ];
options.me = {
kernel.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install kernel.";
};
kernel.version = lib.mkOption {
type = lib.types.str;
default = "linux"; # LTS
example = "linux_6_18";
description = "What version of the kernl should we use.";
};
kernel.flavor = lib.mkOption {
type = lib.types.str;
default = "interactive";
example = "server";
description = "What type of kernel should be built.";
};
};
config = lib.mkIf config.me.kernel.enable (
lib.mkMerge [
{
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_me;
}
(lib.mkIf (!config.me.optimizations.enable) {
nixpkgs.overlays = [
(final: prev: {
linux_me = final."${config.me.kernel.version}";
})
];
})
(lib.mkIf (config.me.optimizations.enable) {
nixpkgs.overlays = [
(
final: prev:
let
addConfig =
additionalConfig: pkg:
pkg.override (oldconfig: {
structuredExtraConfig = lib.mkMerge ([ pkg.structuredExtraConfig ] ++ additionalConfig);
# stdenv = pkgs.llvmPackages_latest.stdenv;
# stdenv = pkgs.clangStdenv;
});
in
{
linux_me = addConfig ([
common_config
flavors."${config.me.kernel.flavor}"
]) final."${config.me.kernel.version}";
}
)
];
})
]
);
}

1
nix/configuration/roles/minimal_base/default.nix
View File

@@ -19,6 +19,7 @@
config = lib.mkIf config.me.minimal_base.enable { config = lib.mkIf config.me.minimal_base.enable {
me.doas.enable = true; me.doas.enable = true;
me.kernel.enable = true;
me.network.enable = true; me.network.enable = true;
me.nvme.enable = true; me.nvme.enable = true;
me.ssh.enable = true; me.ssh.enable = true;

17
nix/configuration/roles/network/default.nix
View File

@@ -15,6 +15,14 @@
# "2001:4860:4860::8844#dns.google" # "2001:4860:4860::8844#dns.google"
# "2001:4860:4860::8888#dns.google" # "2001:4860:4860::8888#dns.google"
let
patchScriptBin =
filename: contents:
((pkgs.writeScriptBin filename contents).overrideAttrs (old: {
buildCommand = "${old.buildCommand}\n patchShebangs $out";
}));
next_hop = (patchScriptBin "next_hop" (builtins.readFile ./files/next_hop_linux.bash));
in
{ {
imports = [ ]; imports = [ ];
@@ -48,13 +56,19 @@
# TODO: The 127.0.0.1 address should probably be moved to a host-specific file. # TODO: The 127.0.0.1 address should probably be moved to a host-specific file.
networking.extraHosts = '' networking.extraHosts = ''
127.0.0.1 ${config.networking.hostName}.home.arpa 127.0.0.1 ${config.networking.hostName}.home.arpa
10.216.1.1 homeserver 10.216.1.32 homeserver
fdfd:5e8a:ee2d::1:32 homeserver
10.216.1.6 media 10.216.1.6 media
10.216.1.12 odo 10.216.1.12 odo
fdfd:5e8a:ee2d::1:2 odo
10.216.1.14 neelix 10.216.1.14 neelix
10.216.1.15 quark 10.216.1.15 quark
fdfd:5e8a:ee2d::1:3 quark
10.217.1.1 drmario 10.217.1.1 drmario
10.217.2.1 mrmanager 10.217.2.1 mrmanager
fdfd:5e8a:ee2d::2:2 mrmanager
172.16.16.245 turtle
172.16.16.251 stream
''; '';
networking.wireless.iwd = { networking.wireless.iwd = {
@@ -87,6 +101,7 @@
arp-scan # To find devices on the network arp-scan # To find devices on the network
wavemon wavemon
dhcpcd # For Android USB tethering. dhcpcd # For Android USB tethering.
next_hop
]; ];
boot.extraModprobeConfig = '' boot.extraModprobeConfig = ''

7
nix/configuration/roles/network/files/next_hop_linux.bash Normal file
View File

@@ -0,0 +1,7 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
exec ip route get "${@}"

53
nix/configuration/roles/optimized_build/default.nix
View File

@@ -1,7 +1,6 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:
@@ -49,65 +48,13 @@
}; };
config = lib.mkMerge [ config = lib.mkMerge [
(lib.mkIf (!config.me.optimizations.enable) (
lib.mkMerge [
{
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_18;
# boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux;
}
]
))
(lib.mkIf config.me.optimizations.enable ( (lib.mkIf config.me.optimizations.enable (
lib.mkMerge [ lib.mkMerge [
{ {
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_me;
nixpkgs.hostPlatform = { nixpkgs.hostPlatform = {
gcc.arch = config.me.optimizations.arch; gcc.arch = config.me.optimizations.arch;
gcc.tune = config.me.optimizations.arch; gcc.tune = config.me.optimizations.arch;
}; };
nixpkgs.overlays = [
(
final: prev:
let
addConfig =
additionalConfig: pkg:
pkg.override (oldconfig: {
structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
});
in
{
linux_me = addConfig {
# Full preemption
PREEMPT = lib.mkOverride 60 lib.kernel.yes;
PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
# Google's BBRv3 TCP congestion Control
TCP_CONG_BBR = lib.kernel.yes;
DEFAULT_BBR = lib.kernel.yes;
# Preemptive Full Tickless Kernel at 300Hz
HZ = lib.kernel.freeform "300";
HZ_300 = lib.kernel.yes;
HZ_1000 = lib.kernel.no;
} prev.linux_6_18; # or prev.linux
}
)
(final: prev: {
inherit (final.unoptimized)
assimp
binaryen
gsl
rapidjson
ffmpeg-headless
ffmpeg
pipewire
chromaprint
gtkmm
;
})
];
} }
] ]
)) ))

1
nix/configuration/roles/qemu/files/qemurc.bash
View File

@@ -355,6 +355,7 @@ function start_body {
-smp cores="$CPU_CORES" -smp cores="$CPU_CORES"
-m "$MEMORY" -m "$MEMORY"
-rtc base=localtime -rtc base=localtime
-device virtio-rng-pci
-drive "file=\"@OVMFfd@/FV/OVMF_CODE.fd\",if=pflash,format=raw,readonly=on" -drive "file=\"@OVMFfd@/FV/OVMF_CODE.fd\",if=pflash,format=raw,readonly=on"
-drive "if=pflash,format=raw,file=\"$(readlink -f "${mount_path}/OVMF_VARS.fd")\"" -drive "if=pflash,format=raw,file=\"$(readlink -f "${mount_path}/OVMF_VARS.fd")\""
-drive "if=none,file=/dev/zvol/${zfs_path}/disk0,format=raw,id=hd0" -drive "if=none,file=/dev/zvol/${zfs_path}/disk0,format=raw,id=hd0"

5
nix/configuration/roles/recovery/default.nix
View File

@@ -22,11 +22,14 @@
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
ddrescue ddrescue
tmux # For running rescues in the background
rsync # For transferring rescued files
htop # To check resource usage
]; ];
} }
(lib.mkIf config.me.graphical { (lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
ddrescueview #ddrescueview
]; ];
}) })
] ]

2
nix/configuration/roles/rpcs3/default.nix
View File

@@ -53,6 +53,8 @@ in
rpcs3 rpcs3
]; ];
allowedUnfree = [ "rpcs3" ];
security.pam.loginLimits = [ security.pam.loginLimits = [
{ {
domain = "@wheel"; domain = "@wheel";

21
nix/configuration/roles/shikane/files/config.toml
View File

@@ -44,3 +44,24 @@ position = "0,0"
scale = 1.0 scale = 1.0
transform = "normal" transform = "normal"
adaptive_sync = false adaptive_sync = false
[[profile]]
name = "portablemonitor"
[[profile.output]]
enable = true
search = ["m=0x0BCA", "s=", "v=BOE"]
mode = "2256x1504@59.999Hz"
position = "0,0"
scale = 1.5
transform = "normal"
adaptive_sync = false
[[profile.output]]
enable = true
search = ["m=HG560T34", "s=0x10101010", "v=Invalid Vendor Codename - RTK"]
mode = "3840x2400@59.994Hz"
position = "1504,0"
scale = 2
transform = "normal"
adaptive_sync = false

5
nix/configuration/roles/sm64ex/default.nix
View File

@@ -18,7 +18,10 @@
}; };
config = lib.mkIf (config.me.sm64ex.enable && config.me.graphical) { config = lib.mkIf (config.me.sm64ex.enable && config.me.graphical) {
allowedUnfree = [ "sm64ex" ]; allowedUnfree = [
"sm64ex"
"baserom.us.z64"
];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
sm64ex sm64ex

4
nix/configuration/roles/sound/default.nix
View File

@@ -30,7 +30,7 @@
# If you want to use JACK applications, uncomment this # If you want to use JACK applications, uncomment this
#jack.enable = true; #jack.enable = true;
extraLv2Packages = [ pkgs.rnnoise-plugin ]; extraLadspaPackages = [ pkgs.rnnoise-plugin.ladspa ];
configPackages = [ configPackages = [
(pkgs.writeTextDir "share/pipewire/pipewire.conf.d/99-input-denoising.conf" '' (pkgs.writeTextDir "share/pipewire/pipewire.conf.d/99-input-denoising.conf" ''
context.modules = [ context.modules = [
@@ -43,7 +43,7 @@
{ {
type = ladspa type = ladspa
name = rnnoise name = rnnoise
plugin = "${pkgs.rnnoise-plugin}/lib/ladspa/librnnoise_ladspa.so" plugin = "librnnoise_ladspa"
label = noise_suppressor_mono label = noise_suppressor_mono
control = { control = {
"VAD Threshold (%)" = 50.0 "VAD Threshold (%)" = 50.0

67
nix/configuration/roles/sway/default.nix
View File

@@ -6,6 +6,25 @@
}: }:
let let
patchScriptBin =
{
filename,
contents,
path ? [ ],
}:
((pkgs.writeScriptBin filename contents).overrideAttrs (old: {
buildCommand = "${old.buildCommand}\n patchShebangs $out";
postBuild = ''
wrapProgram $out/bin/${filename} --prefix PATH : ${lib.makeBinPath path}
'';
}));
workspace_helper = (
patchScriptBin {
filename = "workspace_helper";
contents = (builtins.readFile ./files/workspace_helper.bash);
path = with pkgs; [ jq ];
}
);
sway-config = pkgs.writeTextFile { sway-config = pkgs.writeTextFile {
name = "config"; name = "config";
text = '' text = ''
@@ -75,6 +94,9 @@ let
output 'Unknown 0x095F 0x00000000' scale 1.5 output 'Unknown 0x095F 0x00000000' scale 1.5
output 'BOE 0x095F Unknown' scale 1.5 output 'BOE 0x095F Unknown' scale 1.5
output 'BOE 0x0BCA Unknown' scale 1.5 output 'BOE 0x0BCA Unknown' scale 1.5
# Breaks screen sharing:
# output 'Dell Inc. DELL U3014 P1V6N35M329L' render_bit_depth 10
''; '';
}; };
window-management = pkgs.writeTextFile { window-management = pkgs.writeTextFile {
@@ -174,29 +196,34 @@ let
# Workspaces: # Workspaces:
# #
# switch to workspace # switch to workspace
bindsym $mod+1 workspace 1 bindsym $mod+1 exec ${workspace_helper}/bin/workspace_helper go_to_workspace 1
bindsym $mod+2 workspace 2 bindsym $mod+2 exec ${workspace_helper}/bin/workspace_helper go_to_workspace 2
bindsym $mod+3 workspace 3 bindsym $mod+3 exec ${workspace_helper}/bin/workspace_helper go_to_workspace 3
bindsym $mod+4 workspace 4 bindsym $mod+4 exec ${workspace_helper}/bin/workspace_helper go_to_workspace 4
bindsym $mod+5 workspace 5 bindsym $mod+5 exec ${workspace_helper}/bin/workspace_helper go_to_workspace 5
bindsym $mod+6 workspace 6 bindsym $mod+6 exec ${workspace_helper}/bin/workspace_helper go_to_workspace 6
bindsym $mod+7 workspace 7 bindsym $mod+7 exec ${workspace_helper}/bin/workspace_helper go_to_workspace 7
bindsym $mod+8 workspace 8 bindsym $mod+8 exec ${workspace_helper}/bin/workspace_helper go_to_workspace 8
bindsym $mod+9 workspace 9 bindsym $mod+9 exec ${workspace_helper}/bin/workspace_helper go_to_workspace 9
bindsym $mod+0 workspace 10 bindsym $mod+0 exec ${workspace_helper}/bin/workspace_helper go_to_workspace 10
# move focused container to workspace # move focused container to workspace
bindsym $mod+Shift+1 move container to workspace 1 bindsym $mod+Shift+1 exec ${workspace_helper}/bin/workspace_helper send_to_workspace 1
bindsym $mod+Shift+2 move container to workspace 2 bindsym $mod+Shift+2 exec ${workspace_helper}/bin/workspace_helper send_to_workspace 2
bindsym $mod+Shift+3 move container to workspace 3 bindsym $mod+Shift+3 exec ${workspace_helper}/bin/workspace_helper send_to_workspace 3
bindsym $mod+Shift+4 move container to workspace 4 bindsym $mod+Shift+4 exec ${workspace_helper}/bin/workspace_helper send_to_workspace 4
bindsym $mod+Shift+5 move container to workspace 5 bindsym $mod+Shift+5 exec ${workspace_helper}/bin/workspace_helper send_to_workspace 5
bindsym $mod+Shift+6 move container to workspace 6 bindsym $mod+Shift+6 exec ${workspace_helper}/bin/workspace_helper send_to_workspace 6
bindsym $mod+Shift+7 move container to workspace 7 bindsym $mod+Shift+7 exec ${workspace_helper}/bin/workspace_helper send_to_workspace 7
bindsym $mod+Shift+8 move container to workspace 8 bindsym $mod+Shift+8 exec ${workspace_helper}/bin/workspace_helper send_to_workspace 8
bindsym $mod+Shift+9 move container to workspace 9 bindsym $mod+Shift+9 exec ${workspace_helper}/bin/workspace_helper send_to_workspace 9
bindsym $mod+Shift+0 move container to workspace 10 bindsym $mod+Shift+0 exec ${workspace_helper}/bin/workspace_helper send_to_workspace 10
# Note: workspaces can have any name you want, not just numbers. # Note: workspaces can have any name you want, not just numbers.
# We just use 1-10 as the default. # We just use 1-10 as the default.
bindsym $mod+Ctrl+Left exec ${workspace_helper}/bin/workspace_helper go_to_previous_monitor
bindsym $mod+Ctrl+Shift+Left exec ${workspace_helper}/bin/workspace_helper send_to_previous_monitor
bindsym $mod+Ctrl+Right exec ${workspace_helper}/bin/workspace_helper go_to_next_monitor
bindsym $mod+Ctrl+Shift+Right exec ${workspace_helper}/bin/workspace_helper send_to_next_monitor
''; '';
}; };
disable-focus-follows-mouse = pkgs.writeTextFile { disable-focus-follows-mouse = pkgs.writeTextFile {

173
nix/configuration/roles/sway/files/workspace_helper.bash Normal file
View File

@@ -0,0 +1,173 @@
#!/usr/bin/env bash
#
# A helper to manage workspaces across multiple monitors.
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TODO: Only move output if it is on the wrong monitor
############## Setup #########################
# function cleanup {
# log "Killing child process $wlsunset_pid"
# kill "$wlsunset_pid"
# true
# }
# for sig in EXIT; do
# trap "set +e; cleanup" "$sig"
# done
function die {
local status_code="$1"
shift
(>&2 echo "${@}")
exit "$status_code"
}
function log {
(>&2 echo "${@}")
}
############## Program #########################
function main {
local cmd="$1"
shift
if [ "$cmd" = "go_to_next_monitor" ]; then
go_to_next_monitor "${@}"
elif [ "$cmd" = "send_to_next_monitor" ]; then
send_to_next_monitor "${@}"
elif [ "$cmd" = "go_to_previous_monitor" ]; then
go_to_previous_monitor "${@}"
elif [ "$cmd" = "send_to_previous_monitor" ]; then
send_to_previous_monitor "${@}"
elif [ "$cmd" = "go_to_workspace" ]; then
go_to_workspace "${@}"
elif [ "$cmd" = "send_to_workspace" ]; then
send_to_workspace "${@}"
else
die 1 "Unrecognized command $cmd"
fi
}
function go_to_next_monitor {
local monitor_index workspace_index workspace
workspace=$(swaymsg -t get_workspaces | jq -r '.[] | select(.focused == true) | .name')
workspace_index=$(parse_workspace_index "${workspace}")
# monitor_index=$(parse_monitor_index "${workspace}")
monitor_index=$(swaymsg -t get_outputs | jq 'map(.focused) | to_entries | .[] | select(.value) | .key')
local target output target_monitor
target_monitor=$(normalize_monitor_index "$((monitor_index+1))")
target=$(encode_workspace "${target_monitor}" "${workspace_index}")
output=$(get_output "${target_monitor}")
swaymsg workspace "${target}" \; move workspace to output "$output"
}
function send_to_next_monitor {
local monitor_index workspace_index workspace
workspace=$(swaymsg -t get_workspaces | jq -r '.[] | select(.focused == true) | .name')
workspace_index=$(parse_workspace_index "${workspace}")
# monitor_index=$(parse_monitor_index "${workspace}")
monitor_index=$(swaymsg -t get_outputs | jq 'map(.focused) | to_entries | .[] | select(.value) | .key')
local target output target_monitor
target_monitor=$(normalize_monitor_index "$((monitor_index+1))")
target=$(encode_workspace "${target_monitor}" "${workspace_index}")
output=$(get_output "${target_monitor}")
swaymsg move container to workspace "${target}" \; workspace "$target" move to output "$output"
}
function go_to_previous_monitor {
local monitor_index workspace_index workspace
workspace=$(swaymsg -t get_workspaces | jq -r '.[] | select(.focused == true) | .name')
workspace_index=$(parse_workspace_index "${workspace}")
# monitor_index=$(parse_monitor_index "${workspace}")
monitor_index=$(swaymsg -t get_outputs | jq 'map(.focused) | to_entries | .[] | select(.value) | .key')
local target output target_monitor
target_monitor=$(normalize_monitor_index "$((monitor_index-1))")
target=$(encode_workspace "${target_monitor}" "${workspace_index}")
output=$(get_output "${target_monitor}")
swaymsg workspace "${target}" \; move workspace to output "$output"
}
function send_to_previous_monitor {
local monitor_index workspace_index workspace
workspace=$(swaymsg -t get_workspaces | jq -r '.[] | select(.focused == true) | .name')
workspace_index=$(parse_workspace_index "${workspace}")
# monitor_index=$(parse_monitor_index "${workspace}")
monitor_index=$(swaymsg -t get_outputs | jq 'map(.focused) | to_entries | .[] | select(.value) | .key')
local target output target_monitor
target_monitor=$(normalize_monitor_index "$((monitor_index-1))")
target=$(encode_workspace "${target_monitor}" "${workspace_index}")
output=$(get_output "${target_monitor}")
swaymsg move container to workspace "${target}" \; workspace "$target" move to output "$output"
}
function go_to_workspace {
local monitor_index workspace_index workspace output
workspace_index="$1"
monitor_index=$(swaymsg -t get_outputs | jq 'map(.focused) | to_entries | .[] | select(.value) | .key')
workspace=$(encode_workspace "$monitor_index" "$workspace_index")
output=$(get_output "${monitor_index}")
swaymsg workspace "${workspace}" \; move workspace to output "$output"
}
function send_to_workspace {
local monitor_index workspace_index workspace output
workspace_index="$1"
monitor_index=$(swaymsg -t get_outputs | jq 'map(.focused) | to_entries | .[] | select(.value) | .key')
workspace=$(encode_workspace "$monitor_index" "$workspace_index")
output=$(get_output "${monitor_index}")
swaymsg move container to workspace "${workspace}" \; workspace "${workspace}" move to output "$output"
}
function get_output {
local monitor_index output
monitor_index="$1"
output=$(swaymsg -t get_outputs | jq -r ".[${monitor_index}].name")
echo "$output"
}
function encode_workspace {
local monitor_index workspace_index
monitor_index="$1"
workspace_index="$2"
if [ "$monitor_index" = "0" ]; then
echo "$workspace_index"
else
echo "${monitor_index}-${workspace_index}"
fi
}
function parse_monitor_index {
local workspace="$1"
if [[ $workspace = *-* ]]; then
cut -d '-' -f 1 <<<"$workspace"
else
echo "0"
fi
}
function parse_workspace_index {
local workspace="$1"
if [[ $workspace = *-* ]]; then
cut -d '-' -f 2 <<<"$workspace"
else
echo "$workspace"
fi
}
function normalize_monitor_index {
local monitor_index num_monitors
monitor_index="$1"
num_monitors=$(swaymsg -t get_outputs | jq length)
while [ "$monitor_index" -lt 0 ]; do
monitor_index=$((monitor_index + num_monitors))
done
while [ "$monitor_index" -ge "$num_monitors" ]; do
monitor_index=$((monitor_index - num_monitors))
done
echo "$monitor_index"
}
main "${@}"

13
nix/configuration/roles/thunderbolt/default.nix
View File

@@ -21,5 +21,18 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
bolt # For boltctl bolt # For boltctl
]; ];
services.hardware.bolt.enable = true;
# Trust all thunderbolt devices
# services.udev.packages = [
# (pkgs.writeTextFile {
# name = "removable";
# text = ''
# ACTION=="add", SUBSYSTEM=="thunderbolt", ATTR{authorized}=="0", ATTR{authorized}="1"
# '';
# destination = "/etc/udev/rules.d/99-removable.rules";
# })
# ];
}; };
} }

6
nix/configuration/roles/vscode/default.nix
View File

@@ -121,6 +121,12 @@ in
group = "talexander"; group = "talexander";
mode = "0755"; mode = "0755";
} }
{
directory = ".vscode-shared";
user = "talexander";
group = "talexander";
mode = "0755";
}
]; ];
}; };
}; };

Some files were not shown because too many files have changed in this diff Show More