talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: talexander:ba4085df1a66e29b4655602a35ae9c5e7bfeb784
Branches Tags
talexander:main talexander:kubernetes talexander:nix talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook
...
compare: talexander:starship
Branches Tags
talexander:kubernetes talexander:nix talexander:main talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook

112 Commits
ba4085df1a ... starship

Author SHA1 Message Date
Tom Alexander
9513882870 Still not working. 2025-01-27 20:38:45 -05:00
Tom Alexander
71a6843b37 Same issue with package based on 2ship2harkinian. 2025-01-27 19:26:38 -05:00
Tom Alexander
7d9d1ca80e Add a package for starship (Star Fox 64). 2025-01-27 19:26:38 -05:00
Tom Alexander
2f2d33296b Persist ares data. 2025-01-26 19:04:17 -05:00
Tom Alexander
2c1cf54de0 Update packages. 2025-01-26 18:55:53 -05:00
Tom Alexander
65be133ffe Update lanzaboote. 2025-01-26 16:57:18 -05:00
Tom Alexander
ee47c3cfa3 Enable debugging on ath12k. 2025-01-26 10:11:53 -05:00
Tom Alexander
ff8bb0653b Enable bluetooth on odo. 2025-01-25 21:28:14 -05:00
Tom Alexander
ff98873b32 Persist save data for ship of harkinian and 2ship2harkinian. 2025-01-25 21:22:55 -05:00
Tom Alexander
67ad4e2dff Persist sm64ex save data. 2025-01-25 20:47:48 -05:00
Tom Alexander
60452b0aeb Persist the nix-index index. 2025-01-25 20:22:41 -05:00
Tom Alexander
e043320e5c Clean up experiments in the gpg role. 2025-01-25 19:35:05 -05:00
Tom Alexander
2f8c4fbfe8 Disable verbose logging for gpg. 2025-01-25 19:10:48 -05:00
Tom Alexander
233bf4e967 Put the sleep back into wireguard. 2025-01-25 17:58:56 -05:00
Tom Alexander
f7adfaf54d Update lockfile. 2025-01-25 16:28:53 -05:00
Tom Alexander
78c9dec4c4 Disable rom name override. 
The latest nixpkgs does not support overriding the name so I am removing it now for compatibility.
 2025-01-25 16:22:04 -05:00
Tom Alexander
53c12a5b1e Add sshjail as an ansible plugin. 2025-01-25 15:30:30 -05:00
Tom Alexander
7d94210d8f Add cmake support to emacs. 2025-01-25 10:20:22 -05:00
Tom Alexander
1ebf31dc11 Remove sleep from wireguard service. 2025-01-25 10:20:22 -05:00
Tom Alexander
82c30bdb77 Add a role for 2ship2harkinian (Majora's Mask). 2025-01-24 21:25:41 -05:00
Tom Alexander
d5e7fdd097 Add bsdtar. 2025-01-24 20:58:03 -05:00
Tom Alexander
40fd7931d0 Add a persist folder for the talexander user. 2025-01-24 20:36:37 -05:00
Tom Alexander
835fd340a2 Add role for Ocarina of Time (shipwright). 2025-01-24 20:23:49 -05:00
Tom Alexander
94ef9ff3c8 Add role to build sm64ex. 2025-01-24 20:08:10 -05:00
Tom Alexander
62d3c010f5 Install nix-tree. 2025-01-24 19:01:51 -05:00
Tom Alexander
e9e792961c Add a not-working snippet to show where system packages are imported. 2025-01-24 18:53:57 -05:00
Tom Alexander
281dffc9c0 Do not install foot. 2025-01-24 18:42:57 -05:00
Tom Alexander
5bd67bb02a Move defaultPackages into the reset role. 2025-01-24 18:36:14 -05:00
Tom Alexander
4a76097a5e Refactor the wireguard role to use lib.mkMerge. 2025-01-24 17:59:07 -05:00
Tom Alexander
facfd01661 Make zsh install conditional. 2025-01-23 21:55:22 -05:00
Tom Alexander
2ce4520cd6 Make zrepl a conditional install. 2025-01-23 21:52:50 -05:00
Tom Alexander
814769b3e9 Do not install waybar on neelix. 2025-01-23 21:43:08 -05:00
Tom Alexander
6424129da3 Do not install wasm role on neelix. 2025-01-23 21:41:08 -05:00
Tom Alexander
415edbad91 Do not install vscode on neelix. 2025-01-23 21:39:57 -05:00
Tom Alexander
a773f94593 Do not install vnc client on neelix. 2025-01-23 21:37:16 -05:00
Tom Alexander
226610c926 Do not install steam or terraform on neelix. 2025-01-23 21:37:15 -05:00
Tom Alexander
7c6afef2bb Do not install pavucontrol on non-graphical installs. 2025-01-23 21:25:19 -05:00
Tom Alexander
55654fafb1 Do not install rust on neelix. 2025-01-23 21:21:37 -05:00
Tom Alexander
8946868fd6 Do not install qemu on neelix. 2025-01-23 21:18:57 -05:00
Tom Alexander
cd8e9002d0 Do not install python on neelix. 2025-01-23 21:15:48 -05:00
Tom Alexander
e1a274c88e Do not install media role on neelix. 2025-01-23 21:06:11 -05:00
Tom Alexander
cdc4bdffb6 Git buildEnv is failing. 2025-01-23 20:59:39 -05:00
Tom Alexander
9b9a103e49 Do not install gnome-firmware on non-graphical installs. 2025-01-23 20:46:03 -05:00
Tom Alexander
ea7bf809fc Do not install the launch keyboard configurator on neelix or non-graphical installs. 2025-01-23 20:42:22 -05:00
Tom Alexander
88a6d046b8 Do not install LaTeX on neelix. 2025-01-23 20:38:54 -05:00
Tom Alexander
d8e16f0b05 Do not install kubernetes clients on neelix. 2025-01-23 20:35:28 -05:00
Tom Alexander
e3fee206a1 Don't install kanshi on non-graphical installs. 2025-01-23 20:20:08 -05:00
Tom Alexander
3be710b4ad Install meld to git's path when doing a graphical install. 2025-01-23 20:07:23 -05:00
Tom Alexander
b37f8a8e1a Do not install my git config on neelix. 2025-01-23 19:55:13 -05:00
Tom Alexander
509cceb220 Only install fonts in graphical installs. 2025-01-23 19:48:25 -05:00
Tom Alexander
47408cfce0 Do not install firefox on neelix. 2025-01-23 19:14:25 -05:00
Tom Alexander
812dc40257 Do not install docker on neelix. 2025-01-23 19:09:59 -05:00
Tom Alexander
0e370c0d62 Do not install chromium or catt on neelix. 2025-01-23 19:04:19 -05:00
Tom Alexander
0598c796b7 Do not install ares on neelix. 2025-01-23 18:53:36 -05:00
Tom Alexander
df2efb728d Don't install alacritty on neelix or non-graphical installs. 2025-01-23 18:47:03 -05:00
Tom Alexander
62fc955b68 Merge branch 'plainmacs' into nix 2025-01-23 18:44:30 -05:00
Tom Alexander
e0644a069d Add support for non-graphical emacs. 2025-01-23 01:52:56 -05:00
Tom Alexander
054e056d00 Switch to buildEnv instead of symlinkJoin for better control over the joining process. 2025-01-23 01:52:56 -05:00
Tom Alexander
d3ea8b3667 Introduce a plainmacs emacs install flavor. 2025-01-22 21:01:34 -05:00
Tom Alexander
3f945f8ae3 Merge branch 'neelix' into nix 2025-01-22 20:29:12 -05:00
Tom Alexander
93c4aa4c76 Clean up the host-specific configs. 2025-01-22 20:28:58 -05:00
Tom Alexander
4664804d90 Comment out the kodi configs so they remain mutable until I've made a config I like. 2025-01-22 20:12:50 -05:00
Tom Alexander
edc48d00a2 Add some config files. 2025-01-21 23:07:05 -05:00
Tom Alexander
37aa0e6732 Add a bluetooth role. 2025-01-21 22:19:28 -05:00
Tom Alexander
a739728d41 Add neelix public key to sftp server. 2025-01-21 21:23:21 -05:00
Tom Alexander
48c5aebd82 Install jmespath for ansible. 2025-01-21 20:56:48 -05:00
Tom Alexander
c33a1b6c50 Set up memtest86 on neelix. 2025-01-20 22:50:44 -05:00
Tom Alexander
368c455b7f Persist ssh keys for kodi user. 2025-01-20 22:38:54 -05:00
Tom Alexander
5a5d34911c Add /etc/hosts entry for neelix. 2025-01-20 21:00:35 -05:00
Tom Alexander
d0c1bb1b65 Do not install sway on neelix. 2025-01-20 20:14:59 -05:00
Tom Alexander
9d49eb9d6a Add an empty kodi role. 2025-01-20 19:40:54 -05:00
Tom Alexander
ccbc999744 Add a global options role. 2025-01-20 19:27:49 -05:00
Tom Alexander
d537aa599b Stop the sway-session.target when exiting sway. 2025-01-20 18:43:54 -05:00
Tom Alexander
95d06dfe0e Enable memtest86 when building the ISO. 2025-01-20 18:43:54 -05:00
Tom Alexander
f2adb9328b Build zfs into the ISO image. 2025-01-20 18:43:54 -05:00
Tom Alexander
7bc6e0c470 Add a config for neelix. 2025-01-20 18:43:54 -05:00
Tom Alexander
99edb2d161 Use full emacs for e alias. 2025-01-19 23:15:33 -05:00
Tom Alexander
938f8676ff Add chromecast support. 2025-01-19 13:44:01 -05:00
Tom Alexander
d365b6aea9 Add ncdu to inspect disk usage. 2025-01-19 11:05:00 -05:00
Tom Alexander
8d911ff893 Wrap tofi without forcing a rebuild. 2025-01-19 10:53:54 -05:00
Tom Alexander
2aca77ea1a Merge branch 'emacs_refactor' into nix 2025-01-19 10:16:27 -05:00
Tom Alexander
1b342d3402 Switch from buildEnv to symlinkJoin to keep dependencies out of the system path. 2025-01-19 10:09:49 -05:00
Tom Alexander
9976e232e6 Move packages out of systemPackages and into the emacs_full package. 2025-01-18 23:11:35 -05:00
Tom Alexander
3baf18f435 Install aspell into the emacs_full environment. 2025-01-18 22:53:09 -05:00
Tom Alexander
e00331bf94 Wrap emacs settings in a mkMerge. 2025-01-18 21:26:17 -05:00
Tom Alexander
8e22d8febb Switch to a 300hz tickless kernel and enable BBR. 
Aside from BBR, these settings are copied from arch linux.
 2025-01-18 20:15:20 -05:00
Tom Alexander
ed0d1e41d6 Add a notification daemon. 2025-01-18 18:44:00 -05:00
Tom Alexander
2c27d580f4 Add a mode to force focus a window. 2025-01-18 18:40:08 -05:00
Tom Alexander
75ac4b91f3 Add screenshot / screen recording. 2025-01-18 18:33:46 -05:00
Tom Alexander
9abe43096b Add swaylock. 2025-01-18 18:13:30 -05:00
Tom Alexander
1535800e2f Replace wofi with tofi. 2025-01-18 17:39:51 -05:00
Tom Alexander
dcffced35a Add rofimoji. 2025-01-18 14:32:44 -05:00
Tom Alexander
1da36ab7c5 Remove unused portion of zshrc. 
I will probably move to a similar import system to what I am doing with sway.
 2025-01-18 13:18:06 -05:00
Tom Alexander
c694c6ae4c Make zsh-histdb use sqlite3 directly instead of depending on systemPackages. 2025-01-18 13:12:24 -05:00
Tom Alexander
f524aa168a Stick with imv instead of swayimg. 2025-01-18 12:16:11 -05:00
Tom Alexander
308206d1cc Launch a terminal at boot in the live ISO. 2025-01-18 11:55:12 -05:00
Tom Alexander
8ac235cb8c Move disabling wifi power saving to a host-specific file. 2025-01-18 11:48:53 -05:00
Tom Alexander
5170678a25 Don't garbage collect in a built ISO. 
The ISO is immutable so garbage collection does not make sense.
 2025-01-18 11:33:39 -05:00
Tom Alexander
19cf31b094 Move a zfs setting into the zfs role. 2025-01-18 11:14:19 -05:00
Tom Alexander
4f0024c4f9 Move some graphics bits into the graphics role. 2025-01-18 11:00:30 -05:00
Tom Alexander
41138ab34a Update to the new secureboot location. 2025-01-18 10:54:34 -05:00
Tom Alexander
f9b18809f9 An update fixed firefox's launch time. 2025-01-17 22:42:57 -05:00
Tom Alexander
fefe46b512 Remove kvm-amd from boot.kernelModules. 2025-01-17 21:36:34 -05:00
Tom Alexander
b4947bcff6 Add vnc client. 2025-01-17 20:30:16 -05:00
Tom Alexander
14baaddcff Persist factorio data. 2025-01-17 19:07:54 -05:00
Tom Alexander
1c8f2f1c74 Switch back to regular linux. 2025-01-17 18:55:59 -05:00
Tom Alexander
1bfe24f457 Remove duplicate entry for xdg-desktop-portal-wlr. 2025-01-16 20:51:17 -05:00
Tom Alexander
08feb8bad6 Add more tracing commands. 2025-01-15 21:12:28 -05:00
Tom Alexander
cb3b01a74c Blacklist hardward watchdog for AMD 700 chipset series for power savings. 2025-01-15 21:01:30 -05:00
Tom Alexander
0e95edd8e7 Switch to unstable. 2025-01-15 21:00:57 -05:00
Tom Alexander
d172b1dea2 Add some wasm utilities. 2025-01-14 23:57:24 -05:00
Tom Alexander
2a97a1ee92 Add vscode role. 2025-01-14 23:57:24 -05:00
82 changed files with 3616 additions and 942 deletions
Expand all files Collapse all files

17
ansible/roles/sftp/tasks/common.yaml
View File

@@ -64,6 +64,23 @@
# force: true # force: true
# diff: false # diff: false
- name: Create directories
file:
name: "{{ item }}"
state: directory
mode: 0700
owner: nochainstounlock
group: nochainstounlock
loop:
- /home/nochainstounlock/.ssh
- name: Set authorized keys
authorized_key:
user: nochainstounlock
key: |
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMrjXsXjtxEm47XnRZfo67kJULoc0NBLrB0lPYFiS2Ar kodi@neelix
exclusive: true
- import_tasks: tasks/freebsd.yaml - import_tasks: tasks/freebsd.yaml
when: 'os_flavor == "freebsd"' when: 'os_flavor == "freebsd"'

57
nix/configuration/configuration.nix
View File

@@ -2,7 +2,6 @@
config, config,
lib, lib,
pkgs, pkgs,
pkgs-unstable,
home-manager, home-manager,
... ...
}: }:
@@ -10,9 +9,9 @@
{ {
imports = [ imports = [
./roles/reset ./roles/reset
./roles/global_options
./util/unfree_polyfill ./util/unfree_polyfill
./roles/iso ./roles/iso
./hosts/odo
"${ "${
builtins.fetchTarball { builtins.fetchTarball {
url = "https://github.com/nix-community/disko/archive/refs/tags/v1.9.0.tar.gz"; url = "https://github.com/nix-community/disko/archive/refs/tags/v1.9.0.tar.gz";
@@ -52,6 +51,18 @@
./roles/lvfs ./roles/lvfs
./roles/nvme ./roles/nvme
./roles/terraform ./roles/terraform
./roles/vscode
./roles/wasm
./roles/vnc_client
./roles/chromecast
./roles/memtest86
./roles/kodi
./roles/ansible
./roles/bluetooth
./roles/sm64ex
./roles/shipwright
./roles/2ship2harkinian
./roles/nix_index
]; ];
nix.settings.experimental-features = [ nix.settings.experimental-features = [
@@ -101,12 +112,13 @@
}; };
# Automatic garbage collection # Automatic garbage collection
nix.gc = { nix.gc = lib.mkIf (!config.me.buildingIso) {
# Runs nix-collect-garbage --delete-older-than 5d # Runs nix-collect-garbage --delete-older-than 5d
automatic = true; automatic = true;
randomizedDelaySec = "14m"; randomizedDelaySec = "14m";
options = "--delete-older-than 30d"; options = "--delete-older-than 30d";
}; };
nix.settings.auto-optimise-store = !config.me.buildingIso;
# Use doas instead of sudo # Use doas instead of sudo
security.doas.enable = true; security.doas.enable = true;
@@ -120,9 +132,6 @@
} }
]; ];
# Do not use default packages (nixos includes some defaults like nano)
environment.defaultPackages = lib.mkForce [ ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
wget wget
mg mg
@@ -133,15 +142,16 @@
file file
usbutils # for lsusb usbutils # for lsusb
pciutils # for lspci pciutils # for lspci
mesa-demos # for glxgears TODO move to better role
vulkan-tools # for vkcube TODO move to better role
xorg.xeyes # to test which windows are using x11 TODO move to better role
ripgrep ripgrep
strace strace
ltrace
trace-cmd # ftrace
tcpdump tcpdump
git-crypt git-crypt
nix-index-unwrapped
gnumake gnumake
ncdu
nix-tree
libarchive # bsdtar
]; ];
services.openssh = { services.openssh = {
@@ -170,7 +180,6 @@
"/var/lib/nixos" # Contains user information (uids/gids) "/var/lib/nixos" # Contains user information (uids/gids)
"/var/lib/systemd" # Systemd state directory for random seed, persistent timers, core dumps, persist hardware state like backlight and rfkill "/var/lib/systemd" # Systemd state directory for random seed, persistent timers, core dumps, persist hardware state like backlight and rfkill
"/var/log/journal" # Logs, alternatively set `services.journald.storage = "volatile";` to write to /run/log/journal "/var/log/journal" # Logs, alternatively set `services.journald.storage = "volatile";` to write to /run/log/journal
"/etc/zfs/zpool.cache" # Which zpools to import, the root zpool is already imported and does not need this cache file but this captures additional pools. TODO consider setting cachefile=none on main pool.
]; ];
files = [ files = [
"/etc/machine-id" # Systemd unique machine id "otherwise, the system journal may fail to list earlier boots, etc" "/etc/machine-id" # Systemd unique machine id "otherwise, the system journal may fail to list earlier boots, etc"
@@ -179,10 +188,16 @@
"/etc/ssh/ssh_host_ed25519_key" "/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub" "/etc/ssh/ssh_host_ed25519_key.pub"
]; ];
# users.talexander = { users.talexander = {
# directories = []; directories = [
# files = []; {
# }; directory = "persist";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
}; };
# Write a list of the currently installed packages to /etc/current-system-packages # Write a list of the currently installed packages to /etc/current-system-packages
@@ -194,12 +209,24 @@
in in
formatted; formatted;
# environment.etc."system-packages-with-source".text = builtins.concatStringsSep "\n\n" (
# builtins.map (
# x: x.file + "\n" + builtins.concatStringsSep "\n" (builtins.map (s: " " + s) x.value)
# ) config.environment.systemPackages.definitionsWithLocations
# );
# nixpkgs.overlays = [ # nixpkgs.overlays = [
# (final: prev: { # (final: prev: {
# nix = pkgs-unstable.nix; # nix = pkgs-unstable.nix;
# }) # })
# ]; # ];
# nixpkgs.overlays = [
# (final: prev: {
# foot = throw "foo";
# })
# ];
# Copy the NixOS configuration file and link it from the resulting system # Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you # (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix. # accidentally delete configuration.nix.

108
nix/configuration/flake.lock generated
View File

@@ -1,18 +1,30 @@
{ {
"nodes": { "nodes": {
"crane": { "ansible-sshjail": {
"inputs": { "inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"lanzaboote",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1717535930, "lastModified": 1,
"narHash": "sha256-1hZ/txnbd/RmiBPNUs7i8UQw2N89uAK3UzrGAWdnFfU=", "narHash": "sha256-c4Ds4E/10Zj5AQLuJ3JvJTuDK8o2WjVXLcIL7eyhTfw=",
"path": "flakes/ansible-sshjail",
"type": "path"
},
"original": {
"path": "flakes/ansible-sshjail",
"type": "path"
}
},
"crane": {
"locked": {
"lastModified": 1731098351,
"narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "55e7754ec31dac78980c8be45f8a28e80e370946", "rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -45,11 +57,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1717285511, "lastModified": 1730504689,
"narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", "narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", "rev": "506278e768c2a08bec68eb62932193e341f55c90",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -63,11 +75,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1710146030, "lastModified": 1731533236,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -123,27 +135,26 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1736373539, "lastModified": 1737762889,
"narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", "narHash": "sha256-5HGG09bh/Yx0JA8wtBMAzt0HMCL1bYZ93x4IqzVExio=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "bd65bc3cde04c16755955630b344bc9e35272c56", "rev": "daf04c5950b676f47a794300657f1d3d14c1a120",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "release-24.11",
"repo": "home-manager", "repo": "home-manager",
"type": "github" "type": "github"
} }
}, },
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1734945620, "lastModified": 1737831083,
"narHash": "sha256-olIfsfJK4/GFmPH8mXMmBDAkzVQ1TWJmeGT3wBGfQPY=", "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "d000479f4f41390ff7cf9204979660ad5dd16176", "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -157,7 +168,6 @@
"crane": "crane", "crane": "crane",
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"flake-utils": "flake-utils",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
@@ -165,32 +175,32 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1718178907, "lastModified": 1737639419,
"narHash": "sha256-eSZyrQ9uoPB9iPQ8Y5H7gAmAgAvCw3InStmU3oEjqsE=", "narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "lanzaboote", "repo": "lanzaboote",
"rev": "b627ccd97d0159214cee5c7db1412b75e4be6086", "rev": "a65905a09e2c43ff63be8c0e86a93712361f871e",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"ref": "v0.4.1", "ref": "v0.4.2",
"repo": "lanzaboote", "repo": "lanzaboote",
"type": "github" "type": "github"
} }
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1736200483, "lastModified": 1737885589,
"narHash": "sha256-JO+lFN2HsCwSLMUWXHeOad6QUxOuwe9UOAF/iSl1J4I=", "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "3f0a8ac25fb674611b98089ca3a5dd6480175751", "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-24.11", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@@ -213,32 +223,16 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1710695816, "lastModified": 1730741070,
"narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", "narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "614b4613980a522ba49f0d194531beddbb7220d3", "rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-23.11", "ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1736012469,
"narHash": "sha256-/qlNWm/IEVVH7GfgAIyP6EsVZI6zjAx1cV5zNyrs+rI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "8f3e1f807051e32d8c95cd12b9b421623850a34d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@@ -257,11 +251,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1717664902, "lastModified": 1731363552,
"narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=", "narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1", "rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -272,32 +266,28 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"ansible-sshjail": "ansible-sshjail",
"home-manager": "home-manager", "home-manager": "home-manager",
"impermanence": "impermanence", "impermanence": "impermanence",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-b93b4e9b5": "nixpkgs-b93b4e9b5", "nixpkgs-b93b4e9b5": "nixpkgs-b93b4e9b5",
"nixpkgs-unstable": "nixpkgs-unstable",
"zsh-histdb": "zsh-histdb" "zsh-histdb": "zsh-histdb"
} }
}, },
"rust-overlay": { "rust-overlay": {
"inputs": { "inputs": {
"flake-utils": [
"lanzaboote",
"flake-utils"
],
"nixpkgs": [ "nixpkgs": [
"lanzaboote", "lanzaboote",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1717813066, "lastModified": 1731897198,
"narHash": "sha256-wqbRwq3i7g5EHIui0bIi84mdqZ/It1AXBSLJ5tafD28=", "narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "6dc3e45fe4aee36efeed24d64fc68b1f989d5465", "rev": "0be641045af6d8666c11c2c40e45ffc9667839b5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -345,7 +335,7 @@
}, },
"locked": { "locked": {
"lastModified": 1, "lastModified": 1,
"narHash": "sha256-TFks1dvPwAXKQeePh9jmxj06ZfXArH1pN9yXVQWeL6w=", "narHash": "sha256-5DWw7GnwVZ98HUp/UUJcyUmmy9Bh/mcQB8MQQ0t3ZRo=",
"path": "flakes/zsh-histdb", "path": "flakes/zsh-histdb",
"type": "path" "type": "path"
}, },

66
nix/configuration/flake.nix
View File

@@ -16,7 +16,7 @@
# -display vnc=127.0.0.1:0 # -display vnc=127.0.0.1:0
# #
# doas cp "$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF_VARS.fd" /tmp/OVMF_VARS.fd # doas cp "$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF_VARS.fd" /tmp/OVMF_VARS.fd
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" -accel kvm -cpu host -smp cores=8 -m 32768 -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" -drive if=pflash,format=raw,file="/tmp/OVMF_VARS.fd" -nic user,hostfwd=tcp::60022-:22 -boot order=d -cdrom /persist/machine_setup/nix/configuration/result/iso/nixos.iso -display vnc=127.0.0.1:0 # doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" -accel kvm -cpu host -smp cores=8 -m 32768 -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" -drive if=pflash,format=raw,file="/tmp/OVMF_VARS.fd" -nic user,hostfwd=tcp::60022-:22 -boot order=d -cdrom /persist/machine_setup/nix/configuration/result/iso/nixos*.iso -display vnc=127.0.0.1:0
# Get a repl for this flake # Get a repl for this flake
# nix repl --expr "builtins.getFlake \"$PWD\"" # nix repl --expr "builtins.getFlake \"$PWD\""
@@ -30,13 +30,12 @@
inputs = { inputs = {
impermanence.url = "github:nix-community/impermanence"; impermanence.url = "github:nix-community/impermanence";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-b93b4e9b5.url = "github:NixOS/nixpkgs/b93b4e9b527904aadf52dba6ca35efde2067cbd4"; nixpkgs-b93b4e9b5.url = "github:NixOS/nixpkgs/b93b4e9b527904aadf52dba6ca35efde2067cbd4";
home-manager.url = "github:nix-community/home-manager/release-24.11"; home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs"; home-manager.inputs.nixpkgs.follows = "nixpkgs";
lanzaboote = { lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.1"; url = "github:nix-community/lanzaboote/v0.4.2";
# Optional but recommended to limit the size of your system closure. # Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@@ -44,6 +43,12 @@
zsh-histdb = { zsh-histdb = {
url = "path:flakes/zsh-histdb"; url = "path:flakes/zsh-histdb";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
ansible-sshjail = {
url = "path:flakes/ansible-sshjail";
# Optional but recommended to limit the size of your system closure. # Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
@@ -53,12 +58,12 @@
{ {
self, self,
nixpkgs, nixpkgs,
nixpkgs-unstable,
nixpkgs-b93b4e9b5, nixpkgs-b93b4e9b5,
impermanence, impermanence,
home-manager, home-manager,
lanzaboote, lanzaboote,
zsh-histdb, zsh-histdb,
ansible-sshjail,
... ...
}@inputs: }@inputs:
let let
@@ -68,9 +73,6 @@
pkgs-b93b4e9b5 = import nixpkgs-b93b4e9b5 { pkgs-b93b4e9b5 = import nixpkgs-b93b4e9b5 {
inherit system; inherit system;
}; };
pkgs-unstable = import nixpkgs-unstable {
inherit system;
};
}; };
modules = [ modules = [
impermanence.nixosModules.impermanence impermanence.nixosModules.impermanence
@@ -80,19 +82,57 @@
home-manager.useGlobalPkgs = true; home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
} }
{ nixpkgs.overlays = [ zsh-histdb.overlays.default ]; } {
nixpkgs.overlays = [
zsh-histdb.overlays.default
ansible-sshjail.overlays.default
];
}
./configuration.nix ./configuration.nix
]; ];
}; };
systems = { systems = {
odo = { odo = {
main = nixpkgs.lib.nixosSystem (base_x86_64_linux // { }); main = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [
./hosts/odo
];
}
);
iso = nixpkgs.lib.nixosSystem ( iso = nixpkgs.lib.nixosSystem (
base_x86_64_linux base_x86_64_linux
// { // {
modules = base_x86_64_linux.modules ++ [ modules = base_x86_64_linux.modules ++ [
./hosts/odo
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
# TODO: Figure out how to do image based appliances
# (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix")
{
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
me.buildingIso = true;
}
];
}
);
};
neelix = {
main = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [
./hosts/neelix
];
}
);
iso = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [
./hosts/neelix
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix") (nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
# TODO: maybe? imports = [ "${modulesPath}/profiles/image-based-appliance.nix" ];
{ {
isoImage.makeEfiBootable = true; isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true; isoImage.makeUsbBootable = true;
@@ -107,5 +147,7 @@
{ {
nixosConfigurations.odo = systems.odo.main; nixosConfigurations.odo = systems.odo.main;
iso.odo = systems.odo.iso.config.system.build.isoImage; iso.odo = systems.odo.iso.config.system.build.isoImage;
nixosConfigurations.neelix = systems.neelix.main;
iso.neelix = systems.neelix.iso.config.system.build.isoImage;
}; };
} }

61
nix/configuration/flakes/ansible-sshjail/flake.lock generated Normal file
View File

@@ -0,0 +1,61 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735141468,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

34
nix/configuration/flakes/ansible-sshjail/flake.nix Normal file
View File

@@ -0,0 +1,34 @@
{
description = "A slightly better history for zsh";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
inputs.flake-utils.url = "github:numtide/flake-utils";
outputs =
{
self,
nixpkgs,
flake-utils,
...
}:
let
out =
system:
let
pkgs = nixpkgs.legacyPackages.${system};
# Maybe pkgs = import nixpkgs { inherit system; }; ?
appliedOverlay = self.overlays.default pkgs pkgs;
in
{
packages = rec {
default = ansible-sshjail;
ansible-sshjail = appliedOverlay.ansible-sshjail;
};
};
in
flake-utils.lib.eachDefaultSystem out
// {
overlays.default = final: prev: {
ansible-sshjail = final.callPackage ./package.nix { };
};
};
}

33
nix/configuration/flakes/ansible-sshjail/package.nix Normal file
View File

@@ -0,0 +1,33 @@
# unpackPhase
# patchPhase
# configurePhase
# buildPhase
# checkPhase
# installPhase
# fixupPhase
# installCheckPhase
# distPhase
{
stdenv,
fetchgit,
...
}:
stdenv.mkDerivation {
name = "ansible-sshjail";
src = fetchgit {
url = "https://github.com/austinhyde/ansible-sshjail.git";
rev = "a7b0076fdb680b915d35efafd1382919100532b6";
sha256 = "sha256-4QX/017fDRzb363NexgvHZ/VFKXOjRgGPDKKygyUylM=";
};
phases = [
"installPhase"
];
installPhase = ''
runHook preInstall
mkdir -p $out/share/ansible/plugins/connection_plugins
cp $src/sshjail.py $out/share/ansible/plugins/connection_plugins/
runHook postInstall
'';
}

61
nix/configuration/flakes/starship-game/flake.lock generated Normal file
View File

@@ -0,0 +1,61 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735141468,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

34
nix/configuration/flakes/starship-game/flake.nix Normal file
View File

@@ -0,0 +1,34 @@
{
description = "A slightly better history for zsh";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
inputs.flake-utils.url = "github:numtide/flake-utils";
outputs =
{
self,
nixpkgs,
flake-utils,
...
}:
let
out =
system:
let
pkgs = nixpkgs.legacyPackages.${system};
# Maybe pkgs = import nixpkgs { inherit system; }; ?
appliedOverlay = self.overlays.default pkgs pkgs;
in
{
packages = rec {
default = starship-game;
starship-game = appliedOverlay.starship-game;
};
};
in
flake-utils.lib.eachDefaultSystem out
// {
overlays.default = final: prev: {
starship-game = final.callPackage ./package.nix { };
};
};
}

261
nix/configuration/flakes/starship-game/package.nix Normal file
View File

@@ -0,0 +1,261 @@
{
lib,
stdenv,
SDL2,
cmake,
copyDesktopItems,
fetchFromGitHub,
fetchpatch,
fetchurl,
imagemagick,
imgui,
libpng,
libpulseaudio,
libzip,
lsb-release,
makeDesktopItem,
makeWrapper,
ninja,
nlohmann_json,
pkg-config,
python3,
spdlog,
stormlib,
tinyxml-2,
writeTextFile,
zenity,
}:
let
# This would get fetched at build time otherwise, see:
# https://github.com/HarbourMasters/2ship2harkinian/blob/1.0.2/mm/CMakeLists.txt#L708
gamecontrollerdb = fetchurl {
name = "gamecontrollerdb.txt";
url = "https://raw.githubusercontent.com/gabomdq/SDL_GameControllerDB/b1759cf84028aab89caa1c395e198c340b8dfd89/gamecontrollerdb.txt";
hash = "sha256-7C5EkqBIhLGNJuhi3832y0ffW5Ep7iuTYXb1bL5h2Js=";
};
# 2ship needs a specific imgui version
imgui' = imgui.overrideAttrs rec {
version = "1.90.6";
src = fetchFromGitHub {
owner = "ocornut";
repo = "imgui";
rev = "v${version}-docking";
hash = "sha256-Y8lZb1cLJF48sbuxQ3vXq6GLru/WThR78pq7LlORIzc=";
};
};
libgfxd = fetchFromGitHub {
owner = "glankk";
repo = "libgfxd";
rev = "96fd3b849f38b3a7c7b7f3ff03c5921d328e6cdf";
hash = "sha256-dedZuV0BxU6goT+rPvrofYqTz9pTA/f6eQcsvpDWdvQ=";
};
yaml_cpp = fetchFromGitHub {
owner = "jbeder";
repo = "yaml-cpp";
rev = "f7320141120f720aecc4c32be25586e7da9eb978";
hash = "sha256-J87oS6Az1/vNdyXu3L7KmUGWzU0IAkGrGMUUha+xDXI=";
};
# spdlog = fetchFromGitHub {
# owner = "gabime";
# repo = "spdlog";
# rev = "7e635fca68d014934b4af8a1cf874f63989352b7";
# hash = "sha256-cxTaOuLXHRU8xMz9gluYz0a93O0ez2xOxbloyc1m1ns=";
# };
# stb_impl = writeTextFile {
# name = "stb_impl.c";
# text = ''
# #define STB_IMAGE_IMPLEMENTATION
# #include "stb_image.h"
# '';
# };
# stb' = fetchurl {
# name = "stb_image.h";
# url = "https://raw.githubusercontent.com/nothings/stb/0bc88af4de5fb022db643c2d8e549a0927749354/stb_image.h";
# hash = "sha256-xUsVponmofMsdeLsI6+kQuPg436JS3PBl00IZ5sg3Vw=";
# };
# Apply 2ship's patch for stormlib
stormlib' = stormlib.overrideAttrs (prev: rec {
version = "9.25";
src = fetchFromGitHub {
owner = "ladislav-zezula";
repo = "StormLib";
rev = "v${version}";
hash = "sha256-HTi2FKzKCbRaP13XERUmHkJgw8IfKaRJvsK3+YxFFdc=";
};
nativeBuildInputs = prev.nativeBuildInputs ++ [ pkg-config ];
patches = (prev.patches or [ ]) ++ [
(fetchpatch {
name = "stormlib-optimizations.patch";
url = "https://github.com/briaguya-ai/StormLib/commit/ff338b230544f8b2bb68d2fbe075175ed2fd758c.patch";
hash = "sha256-Jbnsu5E6PkBifcx/yULMVC//ab7tszYgktS09Azs5+4=";
})
];
});
thread_pool = fetchFromGitHub {
owner = "bshoshany";
repo = "thread-pool";
rev = "v4.1.0";
hash = "sha256-zhRFEmPYNFLqQCfvdAaG5VBNle9Qm8FepIIIrT9sh88=";
};
in
stdenv.mkDerivation (finalAttrs: {
pname = "starship-game";
version = "v1.0.0";
src = fetchFromGitHub {
owner = "HarbourMasters";
repo = "starship";
# rev = "5e5e49da93e066f51c3010ba38f09331d866f2db";
tag = finalAttrs.version;
hash = "sha256-kaLLlLuonqE2DJcRlWR4tCEBNjwIYFlzeDLcYsvMO7I=";
fetchSubmodules = true;
};
# patches = [
# # remove fetching stb as we will patch our own
# ./0001-deps.patch
# ];
nativeBuildInputs = [
cmake
copyDesktopItems
imagemagick
lsb-release
makeWrapper
ninja
pkg-config
python3
];
buildInputs = [
SDL2
imgui'
libpng
libpulseaudio
libzip
nlohmann_json
spdlog
stormlib'
tinyxml-2
zenity
];
cmakeFlags = [
(lib.cmakeBool "NON_PORTABLE" true)
(lib.cmakeFeature "CMAKE_INSTALL_PREFIX" "${placeholder "out"}/starship-game")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_IMGUI" "${imgui'.src}")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_LIBGFXD" "${libgfxd}")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_STORMLIB" "${stormlib'}")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_THREADPOOL" "${thread_pool}")
];
dontAddPrefix = true;
# Linking fails without this
hardeningDisable = [ "format" ];
# Pie needs to be enabled or else it segfaults
hardeningEnable = [ "pie" ];
# preConfigure = ''
# # mirror 2ship's stb
# mkdir stb
# cp ${stb'} ./stb/${stb'.name}
# cp ${stb_impl} ./stb/${stb_impl.name}
# substituteInPlace libultraship/cmake/dependencies/common.cmake \
# --replace-fail "\''${STB_DIR}" "/build/source/stb"
# '';
# (cd tools/Torch && cmake -H. -Bbuild-cmake -GNinja \
# -DFETCHCONTENT_SOURCE_DIR_LIBGFXD=${libgfxd} \
# -DFETCHCONTENT_SOURCE_DIR_YAML-CPP=${finalAttrs.yaml_cpp_src} \
# -DFETCHCONTENT_SOURCE_DIR_SPDLOG=${finalAttrs.spdlog_src}
# )
configurePhase = ''
cmake -H. -Bbuild-cmake -GNinja \
-DFETCHCONTENT_SOURCE_DIR_IMGUI=${imgui'.src} \
-DFETCHCONTENT_SOURCE_DIR_STORMLIB=${stormlib'} \
-DFETCHCONTENT_SOURCE_DIR_THREADPOOL=${thread_pool}
(cd tools/Torch && cmake -H. -Bbuild-cmake -GNinja \
-DFETCHCONTENT_SOURCE_DIR_LIBGFXD=${libgfxd} \
-DFETCHCONTENT_SOURCE_DIR_YAML-CPP=${yaml_cpp} \
-DFETCHCONTENT_SOURCE_DIR_SPDLOG=${spdlog}
)
(cd libultraship && cmake -H. -Bbuild-cmake -GNinja \
-DFETCHCONTENT_SOURCE_DIR_LIBGFXD=${libgfxd} \
-DFETCHCONTENT_SOURCE_DIR_IMGUI=${imgui'.src} \
-DFETCHCONTENT_SOURCE_DIR_STORMLIB=${stormlib'} \
-DFETCHCONTENT_SOURCE_DIR_THREADPOOL=${thread_pool}
)
'';
buildPhase = ''
cmake --build build-cmake
'';
postBuild = ''
cp ${gamecontrollerdb} ${gamecontrollerdb.name}
pushd ../OTRExporter
python3 ./extract_assets.py -z ../build/ZAPD/ZAPD.out --norom --xml-root ../mm/assets/xml --custom-assets-path ../mm/assets/custom --custom-otr-file 2ship.o2r --port-ver ${finalAttrs.version}
popd
'';
preInstall = ''
# Cmake likes it here for its install paths
cp ../OTRExporter/2ship.o2r mm/
'';
postInstall = ''
mkdir -p $out/bin
ln -s $out/2s2h/2s2h.elf $out/bin/2s2h
install -Dm644 ../mm/linux/2s2hIcon.png $out/share/pixmaps/2s2h.png
'';
postFixup = ''
wrapProgram $out/2s2h/2s2h.elf --prefix PATH ":" ${lib.makeBinPath [ zenity ]}
'';
desktopItems = [
(makeDesktopItem {
name = "starship";
icon = "starship";
exec = "starship";
comment = finalAttrs.meta.description;
genericName = "Starship";
desktopName = "starship";
categories = [ "Game" ];
})
];
meta = {
homepage = "https://github.com/HarbourMasters/2ship2harkinian";
description = "A PC port of Majora's Mask with modern controls, widescreen, high-resolution, and more";
mainProgram = "starship";
platforms = [ "x86_64-linux" ];
maintainers = with lib.maintainers; [ ];
license = with lib.licenses; [
# # OTRExporter, OTRGui, ZAPDTR, libultraship
# mit
# # 2 Ship 2 Harkinian
# cc0
# # Reverse engineering
# unfree
];
};
})

9
nix/configuration/flakes/zsh-histdb/package.nix
View File

@@ -21,9 +21,16 @@ stdenv.mkDerivation {
sha256 = "sha256-vtG1poaRVbfb/wKPChk1WpPgDq+7udLqLfYfLqap4Vg="; sha256 = "sha256-vtG1poaRVbfb/wKPChk1WpPgDq+7udLqLfYfLqap4Vg=";
}; };
buildInputs = [ sqlite ]; buildInputs = [ sqlite ];
phases = [ "installPhase" ]; phases = [
"installPhase"
];
installPhase = '' installPhase = ''
runHook preInstall
mkdir -p $out/share/zsh/plugins/zsh-histdb mkdir -p $out/share/zsh/plugins/zsh-histdb
cp -r $src/histdb-* $src/*.zsh $src/db_migrations $out/share/zsh/plugins/zsh-histdb/ cp -r $src/histdb-* $src/*.zsh $src/db_migrations $out/share/zsh/plugins/zsh-histdb/
runHook postInstall
'';
postInstall = ''
substituteInPlace $out/share/zsh/plugins/zsh-histdb/sqlite-history.zsh $out/share/zsh/plugins/zsh-histdb/histdb-merge $out/share/zsh/plugins/zsh-histdb/histdb-migrate --replace-fail "sqlite3" "${sqlite}/bin/sqlite3"
''; '';
} }

38
nix/configuration/hosts/neelix/default.nix Normal file
View File

@@ -0,0 +1,38 @@
{ config, pkgs, ... }:
{
imports = [
./hardware-configuration.nix
./disk-config.nix
./optimized_build.nix
./power_management.nix
];
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "fbd233d8";
networking.hostName = "neelix"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = false;
# Early KMS
boot.initrd.kernelModules = [ "i915" ];
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
me.bluetooth.enable = true;
me.emacs_flavor = "plainmacs";
me.graphical = true;
me.graphics_card_type = "intel";
me.kodi.enable = true;
me.lvfs.enable = true;
me.sound.enable = true;
me.wireguard.activated = [ "wgh" ];
me.wireguard.deactivated = [ "wgf" ];
me.zrepl.enable = true;
me.zsh.enable = true;
}

140
nix/configuration/hosts/neelix/disk-config.nix Normal file
View File

@@ -0,0 +1,140 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) {
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"umask=0077"
"noatime"
"discard"
];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
# mode = "mirror";
# Workaround: cannot import 'zroot': I/O error in disko tests
options.cachefile = "none";
options = {
ashift = "12";
compatibility = "openzfs-2.2-freebsd";
autotrim = "on";
};
rootFsOptions = {
acltype = "posixacl";
atime = "off";
relatime = "off";
xattr = "sa";
mountpoint = "none";
compression = "lz4";
canmount = "off";
utf8only = "on";
dnodesize = "auto";
normalization = "formD";
};
datasets = {
"linux/nix" = {
type = "zfs_fs";
options.mountpoint = "none";
};
"linux/nix/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
};
"linux/nix/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
options = {
recordsize = "1MiB";
compression = "lz4";
};
};
"linux/nix/home" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/home";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
};
"linux/nix/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
};
"linux/nix/state" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/state";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
};
};
};
};
};
# Make sure all persistent volumes are marked as neededForBoot
#
# Also mounts /home so it is mounted before the user home directories are created.
fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
fileSystems."/".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [
"noatime"
"norelatime"
];
fileSystems."/persist".options = [
"noatime"
"norelatime"
];
fileSystems."/state".options = [
"noatime"
"norelatime"
];
fileSystems."/home".options = [
"noatime"
"norelatime"
];
}

32
nix/configuration/hosts/neelix/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,32 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

78
nix/configuration/hosts/neelix/optimized_build.nix Normal file
View File

@@ -0,0 +1,78 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{ }
(lib.mkIf (!config.me.buildingIso) {
nix.settings.system-features = lib.mkForce [
"gccarch-alderlake"
"gccarch-x86-64-v3"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
# nixpkgs.hostPlatform = {
# gcc.arch = "alderlake";
# gcc.tune = "alderlake";
# system = "x86_64-linux";
# };
nixpkgs.overlays = [
(
self: super:
let
optimizeWithFlags =
pkg: flags:
pkg.overrideAttrs (old: {
NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags;
});
addConfig =
additionalConfig: pkg:
pkg.override (oldconfig: {
structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
});
in
{
linux_alderlake =
addConfig
{
# Full preemption
PREEMPT = lib.mkOverride 60 lib.kernel.yes;
PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
# Google's BBRv3 TCP congestion Control
TCP_CONG_BBR = lib.kernel.yes;
DEFAULT_BBR = lib.kernel.yes;
# Preemptive Full Tickless Kernel at 300Hz
HZ = lib.kernel.freeform "300";
HZ_300 = lib.kernel.yes;
HZ_1000 = lib.kernel.no;
}
(
optimizeWithFlags super.linux_6_12 [
"-march=alderlake"
"-mtune=alderlake"
]
);
}
)
];
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_alderlake;
})
(lib.mkIf (config.me.buildingIso) {
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_12;
boot.supportedFilesystems = [ "zfs" ];
})
];
}

35
nix/configuration/hosts/neelix/power_management.nix Normal file
View File

@@ -0,0 +1,35 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
environment.systemPackages = with pkgs; [
powertop
];
# pcie_aspm=force pcie_aspm.policy=powersupersave :: Enable PCIe active state power management for power reduction.
# nowatchdog :: Disable watchdog for power savings (related to disable_sp5100_watchdog above).
boot.kernelParams = [
"pcie_aspm=force"
# "pcie_aspm.policy=powersupersave"
"nowatchdog"
];
# default performance balance_performance balance_power power
# defaults to balance_performance
# systemd.tmpfiles.rules = [
# "w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power"
# ];
boot.extraModprobeConfig = ''
options snd_hda_intel power_save=1
'';
}

44
nix/configuration/hosts/odo/default.nix
View File

@@ -6,6 +6,7 @@
./optimized_build.nix ./optimized_build.nix
./power_management.nix ./power_management.nix
./screen_brightness.nix ./screen_brightness.nix
./wifi.nix
]; ];
# Generate with `head -c4 /dev/urandom | od -A none -t x4` # Generate with `head -c4 /dev/urandom | od -A none -t x4`
@@ -28,6 +29,47 @@
fw-ectool fw-ectool
]; ];
me.alacritty.enable = true;
me.ansible.enable = true;
me.ares.enable = true;
me.bluetooth.enable = true;
me.chromecast.enable = true;
me.chromium.enable = true;
me.docker.enable = true;
me.emacs_flavor = "full";
me.firefox.enable = true;
me.git.config = ../../roles/git/files/gitconfig_home;
me.gpg.enable = true;
me.graphical = true; me.graphical = true;
me.graphicsCardType = "amd"; me.graphics_card_type = "amd";
me.kanshi.enable = true;
me.kubernetes.enable = true;
me.latex.enable = true;
me.launch_keyboard.enable = true;
me.lvfs.enable = true;
me.media.enable = true;
me.nix_index.enable = true;
me.python.enable = true;
me.qemu.enable = true;
me.rust.enable = true;
me.sound.enable = true;
me.steam.enable = true;
me.sway.enable = true;
me.terraform.enable = true;
me.vnc_client.enable = true;
me.vscode.enable = true;
me.wasm.enable = true;
me.waybar.enable = true;
me.wireguard.activated = [
"drmario"
"wgh"
"colo"
];
me.wireguard.deactivated = [ "wgf" ];
me.zrepl.enable = true;
me.zsh.enable = true;
me.sm64ex.enable = true;
me.shipwright.enable = true;
me.ship2harkinian.enable = true;
} }

3
nix/configuration/hosts/odo/disk-config.nix
View File

@@ -1,3 +1,6 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{ {
config, config,
lib, lib,

2
nix/configuration/hosts/odo/hardware-configuration.nix
View File

@@ -20,7 +20,7 @@
"thunderbolt" "thunderbolt"
]; ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

104
nix/configuration/hosts/odo/optimized_build.nix
View File

@@ -2,50 +2,80 @@
config, config,
lib, lib,
pkgs, pkgs,
pkgs-unstable,
... ...
}: }:
{ {
imports = [ ]; imports = [ ];
nix.settings.system-features = lib.mkForce [ config = lib.mkMerge [
"gccarch-znver4" { }
"gccarch-skylake" (lib.mkIf (!config.me.buildingIso) {
# "gccarch-alderlake" missing pkgwait nix.settings.system-features = lib.mkForce [
"gccarch-x86-64-v3" "gccarch-znver4"
"benchmark" "gccarch-skylake"
"big-parallel" # "gccarch-alderlake" missing WAITPKG
"kvm" "gccarch-x86-64-v3"
"nixos-test" "gccarch-x86-64-v4"
]; "benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
# nixpkgs.hostPlatform = { # nixpkgs.hostPlatform = {
# gcc.arch = "znver4"; # gcc.arch = "znver4";
# gcc.tune = "znver4"; # gcc.tune = "znver4";
# system = "x86_64-linux"; # system = "x86_64-linux";
# };
nixpkgs.overlays = [ # };
(
self: super: nixpkgs.overlays = [
let (
optimizeWithFlags = self: super:
pkg: flags: let
pkg.overrideAttrs (old: { optimizeWithFlags =
NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags; pkg: flags:
}); pkg.overrideAttrs (old: {
in NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags;
{ });
linux_znver4 = optimizeWithFlags super.linux_zen [ addConfig =
"-march=znver4" additionalConfig: pkg:
"-mtune=znver4" pkg.override (oldconfig: {
]; structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
} });
) in
(final: prev: { {
linux-firmware = pkgs-unstable.linux-firmware; linux_znver4 =
addConfig
{
# Full preemption
PREEMPT = lib.mkOverride 60 lib.kernel.yes;
PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
# Google's BBRv3 TCP congestion Control
TCP_CONG_BBR = lib.kernel.yes;
DEFAULT_BBR = lib.kernel.yes;
# Preemptive Full Tickless Kernel at 300Hz
HZ = lib.kernel.freeform "300";
HZ_300 = lib.kernel.yes;
HZ_1000 = lib.kernel.no;
}
(
optimizeWithFlags super.linux_6_12 [
"-march=znver4"
"-mtune=znver4"
]
);
}
)
];
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_znver4;
})
(lib.mkIf (config.me.buildingIso) {
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_12;
boot.supportedFilesystems.zfs = true;
}) })
]; ];
boot.kernelPackages = lib.mkIf (!config.me.buildingIso) (pkgs.linuxPackagesFor pkgs.linux_znver4);
} }

10
nix/configuration/hosts/odo/power_management.nix
View File

@@ -22,7 +22,7 @@
boot.kernelParams = [ boot.kernelParams = [
"amdgpu.abmlevel=3" "amdgpu.abmlevel=3"
"pcie_aspm=force" "pcie_aspm=force"
"pcie_aspm.policy=powersupersave" # "pcie_aspm.policy=powersupersave"
"nowatchdog" "nowatchdog"
# I don't see a measurable benefit from these two: # I don't see a measurable benefit from these two:
# "cpufreq.default_governor=powersave" # "cpufreq.default_governor=powersave"
@@ -48,4 +48,12 @@
"w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power"
]; ];
boot.extraModprobeConfig = ''
# Disable the hardware watchdog inside AMD 700 chipset series for power savings.
blacklist sp5100_tco
# Sound power-saving was causing chat notifications to be inaudible.
# options snd_hda_intel power_save=1
'';
} }

21
nix/configuration/hosts/odo/wifi.nix Normal file
View File

@@ -0,0 +1,21 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = {
environment.loginShellInit = lib.mkIf (!config.me.buildingIso) ''
doas iw dev wlan0 set power_save off
'';
# Enable debug logging for ath12k wifi card.
boot.kernelParams = [
"ath12k.debug_mask=0xffffffff"
];
};
}

48
nix/configuration/roles/2ship2harkinian/default.nix Normal file
View File

@@ -0,0 +1,48 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
ship2harkinian.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install 2ship2harkinian.";
};
};
config = lib.mkIf config.me.ship2harkinian.enable (
lib.mkMerge [
{
allowedUnfree = [ "2ship2harkinian" ];
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
_2ship2harkinian
];
# TODO perhaps install ~/.local/share/2ship/2ship2harkinian.json
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".local/share/2ship";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
})
]
);
}

38
nix/configuration/roles/alacritty/default.nix
View File

@@ -7,18 +7,32 @@
{ {
imports = [ ]; imports = [ ];
options.me = {
environment.systemPackages = with pkgs; [ alacritty.enable = lib.mkOption {
alacritty type = lib.types.bool;
xdg-utils # for xdg-open default = false;
]; example = true;
description = "Whether we want to install alacritty.";
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".config/alacritty/alacritty.toml" = {
source = ./files/alacritty.toml;
};
}; };
};
config = lib.mkIf config.me.alacritty.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
alacritty
xdg-utils # for xdg-open
];
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".config/alacritty/alacritty.toml" = {
source = ./files/alacritty.toml;
};
};
})
]
);
} }

86
nix/configuration/roles/ansible/default.nix Normal file
View File

@@ -0,0 +1,86 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
ansible.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install ansible.";
};
};
config = lib.mkIf config.me.ansible.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
ansible
];
nixpkgs.overlays = [
(final: prev: {
ansible = pkgs.symlinkJoin {
name = "ansible";
paths = [
(prev.ansible.overridePythonAttrs {
propagatedBuildInputs = prev.ansible.propagatedBuildInputs ++ [ prev.python3Packages.jmespath ];
})
pkgs.ansible-sshjail
];
buildInputs = [ pkgs.makeWrapper ];
postBuild = ''
${lib.concatMapStringsSep "\n"
(
prog:
(
"wrapProgram $out/bin/${prog} ${
lib.concatMapStringsSep " "
(
plugin_type:
"--set ANSIBLE_${lib.toUpper plugin_type}_PLUGINS $out/share/ansible/plugins/${lib.toLower plugin_type}_plugins"
)
[
"action"
"cache"
"callback"
"connection"
"filter"
"inventory"
"lookup"
"shell"
"strategy"
"test"
"vars"
]
} --prefix PATH : ${lib.makeBinPath [ ]}"
)
)
[
"ansible"
"ansible-config"
"ansible-console"
"ansible-doc"
"ansible-galaxy"
"ansible-inventory"
"ansible-playbook"
"ansible-pull"
"ansible-test"
"ansible-vault"
]
}
'';
};
})
];
}
]
);
}

36
nix/configuration/roles/ares/default.nix
View File

@@ -8,7 +8,37 @@
{ {
imports = [ ]; imports = [ ];
environment.systemPackages = with pkgs; [ options.me = {
ares ares.enable = lib.mkOption {
]; type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install ares.";
};
};
config = lib.mkIf config.me.ares.enable (
lib.mkMerge [
{ }
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
ares
];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".local/share/ares";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
})
]
);
} }

21
nix/configuration/roles/blank/default.nix
View File

@@ -8,6 +8,23 @@
{ {
imports = [ ]; imports = [ ];
environment.systemPackages = with pkgs; [ options.me = {
]; blank.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install blank.";
};
};
config = lib.mkIf config.me.blank.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
];
}
(lib.mkIf config.me.graphical {
})
]
);
} }

46
nix/configuration/roles/bluetooth/default.nix Normal file
View File

@@ -0,0 +1,46 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
bluetooth.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install bluetooth.";
};
};
config = lib.mkIf config.me.bluetooth.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
];
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
settings = {
General = {
# Enable support for showing battery charge level.
Experimental = true;
};
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
"/var/lib/bluetooth" # Bluetooth pairing information.
];
};
}
]
);
}

18
nix/configuration/roles/boot/default.nix
View File

@@ -22,6 +22,14 @@
}; };
config = lib.mkMerge [ config = lib.mkMerge [
{
environment.systemPackages = with pkgs; [
tpm2-tools # For tpm2_eventlog to check for OptionRoms
# cp /sys/kernel/security/tpm0/binary_bios_measurements eventlog
# tpm2_eventlog eventlog | grep "BOOT_SERVICES_DRIVER"
sbctl # For debugging and troubleshooting Secure Boot.
];
}
(lib.mkIf (!config.me.buildingIso) { (lib.mkIf (!config.me.buildingIso) {
boot.loader.grub.enable = false; boot.loader.grub.enable = false;
@@ -33,6 +41,8 @@
# Automatically delete old generations # Automatically delete old generations
boot.loader.systemd-boot.configurationLimit = 3; boot.loader.systemd-boot.configurationLimit = 3;
boot.loader.systemd-boot.memtest86.enable = true;
# Check what will be lost with `zfs diff zroot/linux/root@blank` # Check what will be lost with `zfs diff zroot/linux/root@blank`
boot.initrd.systemd.enable = lib.mkDefault true; boot.initrd.systemd.enable = lib.mkDefault true;
boot.initrd.systemd.services.zfs-rollback = { boot.initrd.systemd.services.zfs-rollback = {
@@ -67,22 +77,18 @@
# }; # };
}) })
(lib.mkIf (config.me.secureBoot.enable) { (lib.mkIf (config.me.secureBoot.enable) {
# For debugging and troubleshooting Secure Boot.
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
sbctl sbctl
]; ];
boot.loader.systemd-boot.enable = lib.mkForce false; boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote = { boot.lanzaboote = {
enable = true; enable = true;
pkiBundle = "/etc/secureboot"; pkiBundle = "/var/lib/sbctl";
# TODO:
# pkiBundle = "/var/lib/sbctl";
}; };
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true; hideMounts = true;
directories = [ directories = [
"/etc/secureboot" # Old Secure Boot Keys location
# TODO: run `doas sbctl setup --migrate` to move keys
"/var/lib/sbctl" # Secure Boot Keys "/var/lib/sbctl" # Secure Boot Keys
]; ];
}; };

31
nix/configuration/roles/chromecast/default.nix Normal file
View File

@@ -0,0 +1,31 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
chromecast.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install chromecast.";
};
};
config = lib.mkIf config.me.chromecast.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
catt
];
}
(lib.mkIf config.me.graphical {
})
]
);
}

89
nix/configuration/roles/chromium/default.nix
View File

@@ -8,45 +8,58 @@
{ {
imports = [ ]; imports = [ ];
# TODO: Read https://bbs.archlinux.org/viewtopic.php?pid=2209507#p2209507 and apply desired settings. options.me = {
chromium.enable = lib.mkOption {
environment.systemPackages = with pkgs; [ type = lib.types.bool;
(chromium.override { enableWideVine = true; }) default = false;
]; example = true;
description = "Whether we want to install chromium.";
allowedUnfree = [
"chromium"
"chromium-unwrapped"
"widevine-cdm"
];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".config/chromium";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".cache/chromium";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
}; };
}; };
# Enabling vulkan causes video to render as white config = lib.mkIf config.me.chromium.enable (
# nixpkgs.config.chromium.commandLineArgs = "--enable-features=Vulkan"; lib.mkMerge [
{ }
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
(chromium.override { enableWideVine = true; })
];
allowedUnfree = [
"chromium"
"chromium-unwrapped"
"widevine-cdm"
];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".config/chromium";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".cache/chromium";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
# Enabling vulkan causes video to render as white
# nixpkgs.config.chromium.commandLineArgs = "--enable-features=Vulkan";
})
]
);
} }

87
nix/configuration/roles/docker/default.nix
View File

@@ -8,42 +8,57 @@
{ {
imports = [ ]; imports = [ ];
virtualisation.docker.enable = true; options.me = {
# Use docker activation docker.enable = lib.mkOption {
virtualisation.docker.enableOnBoot = false; type = lib.types.bool;
# Rootless docker breaks access to ssh for buildkit. default = false;
# virtualisation.docker.rootless = { example = true;
# enable = true; description = "Whether we want to install docker.";
# setSocketVariable = true; };
# };
# Give docker access to ssh for fetching repos with buildkit.
virtualisation.docker.extraPackages = [ pkgs.openssh ];
environment.systemPackages = with pkgs; [
docker-buildx
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
{
directory = "/var/lib/docker";
user = "root";
group = "root";
mode = "0740";
}
];
# users.talexander = {
# directories = [
# {
# directory = ".local/share/docker";
# user = "talexander";
# group = "talexander";
# mode = "0740";
# }
# ];
# };
}; };
# Needed for non-rootless docker config = lib.mkIf config.me.docker.enable (
users.users.talexander.extraGroups = [ "docker" ]; lib.mkMerge [
{
virtualisation.docker.enable = true;
# Use docker activation
virtualisation.docker.enableOnBoot = false;
# Rootless docker breaks access to ssh for buildkit.
# virtualisation.docker.rootless = {
# enable = true;
# setSocketVariable = true;
# };
# Give docker access to ssh for fetching repos with buildkit.
virtualisation.docker.extraPackages = [ pkgs.openssh ];
environment.systemPackages = with pkgs; [
docker-buildx
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
{
directory = "/var/lib/docker";
user = "root";
group = "root";
mode = "0740";
}
];
# users.talexander = {
# directories = [
# {
# directory = ".local/share/docker";
# user = "talexander";
# group = "talexander";
# mode = "0740";
# }
# ];
# };
};
# Needed for non-rootless docker
users.users.talexander.extraGroups = [ "docker" ];
}
]
);
} }

214
nix/configuration/roles/emacs/default.nix
View File

@@ -6,76 +6,162 @@
}: }:
let let
plainmacs = pkgs.writeShellScriptBin "plainmacs" '' plainmacs =
INIT_SCRIPT=$(cat <<EOF emacs_package:
(progn pkgs.writeShellScriptBin "plainmacs" ''
(setq make-backup-files nil auto-save-default nil create-lockfiles nil) INIT_SCRIPT=$(cat <<EOF
(load-theme 'tango-dark t) (progn
(set-face-attribute 'default nil :background "black") (setq make-backup-files nil auto-save-default nil create-lockfiles nil)
;; Bright yellow highlighting for selected region (load-theme 'tango-dark t)
(set-face-attribute 'region nil :background "#ffff50" :foreground "black") (set-face-attribute 'default nil :background "black")
;; Bright green cursor to distinguish from yellow region ;; Bright yellow highlighting for selected region
(set-cursor-color "#ccff66") (set-face-attribute 'region nil :background "#ffff50" :foreground "black")
;; Hightlight the current line ;; Bright green cursor to distinguish from yellow region
(set-face-attribute 'line-number-current-line nil :foreground "white") (set-cursor-color "#ccff66")
;; Set default font ;; Hightlight the current line
(set-face-attribute 'default nil :height 100 :width 'regular :weight 'regular :family "Cascadia Mono") (set-face-attribute 'line-number-current-line nil :foreground "white")
;; Set fallback font for unicode glyphs ;; Set default font
(when (display-graphic-p) (set-face-attribute 'default nil :height 100 :width 'regular :weight 'regular :family "Cascadia Mono")
(set-fontset-font "fontset-default" nil (font-spec :name "Noto Color Emoji"))) ;; Set fallback font for unicode glyphs
(menu-bar-mode -1) (when (display-graphic-p)
(when (fboundp 'tool-bar-mode) (set-fontset-font "fontset-default" nil (font-spec :name "Noto Color Emoji")))
(tool-bar-mode -1)) (menu-bar-mode -1)
(when ( fboundp 'scroll-bar-mode) (when (fboundp 'tool-bar-mode)
(scroll-bar-mode -1)) (tool-bar-mode -1))
(pixel-scroll-precision-mode) (when ( fboundp 'scroll-bar-mode)
(setq frame-resize-pixelwise t) (scroll-bar-mode -1))
(pixel-scroll-precision-mode)
(setq frame-resize-pixelwise t)
)
EOF
) )
EOF
)
exec ${pkgs.emacs29-pgtk}/bin/emacs -q --eval "$INIT_SCRIPT" "''${@}" exec ${emacs_package}/bin/emacs -q --eval "$INIT_SCRIPT" "''${@}"
''; '';
e_shorthand = pkgs.writeShellScriptBin "e" '' e_shorthand =
exec ${pkgs.emacs29-pgtk}/bin/emacs "''${@}" emacs_package:
''; pkgs.writeShellScriptBin "e" ''
exec ${emacs_package}/bin/emacs "''${@}"
'';
in in
{ {
imports = [ ]; imports = [ ];
environment.systemPackages = with pkgs; [ options.me.emacs_flavor = lib.mkOption {
plainmacs type = lib.types.nullOr (
e_shorthand lib.types.enum [
emacs29-pgtk "full"
clang # To compile tree-sitter grammars "plainmacs"
nixd # nix language server ]
nixfmt-rfc-style # auto-formatting nix files through nixd );
]; default = null;
example = "full";
home-manager.users.talexander = description = "What flavor of emacs to set up.";
{ pkgs, ... }:
{
home.file.".config/emacs" = {
source = ./files/emacs;
recursive = true;
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
".config/emacs/eln-cache" # Installed packages
".config/emacs/elpa" # Installed packages
".config/emacs/private" # For recentf
".config/emacs/tree-sitter" # Compiled tree-sitter grammars
];
files = [
".config/emacs/history" # For savehist
".config/emacs/.last-package-update-day" # For use-package
];
};
}; };
environment.variables.EDITOR = "${plainmacs}/bin/plainmacs"; config = lib.mkIf (config.me.emacs_flavor != null) (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
my_emacs
(plainmacs my_emacs)
(e_shorthand my_emacs)
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
".config/emacs/eln-cache" # Installed packages
".config/emacs/elpa" # Installed packages
".config/emacs/private" # For recentf
".config/emacs/tree-sitter" # Compiled tree-sitter grammars
];
files = [
".config/emacs/history" # For savehist
".config/emacs/.last-package-update-day" # For use-package
];
};
};
environment.variables.EDITOR = "plainmacs";
}
(lib.mkIf (config.me.graphical) {
nixpkgs.overlays = [
(final: prev: {
my_emacs = final.emacs29-pgtk;
})
];
})
(lib.mkIf (!config.me.graphical) {
nixpkgs.overlays = [
(final: prev: {
my_emacs = final.emacs-nox;
})
];
})
(lib.mkIf (config.me.emacs_flavor == "full") {
nixpkgs.overlays = [
(final: prev: {
my_emacs = pkgs.buildEnv {
name = prev.my_emacs.name;
paths = with prev; [
my_emacs
];
extraOutputsToInstall = [
"man"
"doc"
"info"
];
buildInputs = [ final.makeWrapper ];
postBuild = ''
wrapProgram $out/bin/emacs --prefix PATH : ${
lib.makeBinPath [
(final.aspellWithDicts (
dicts: with dicts; [
en
en-computers
]
))
final.nixd # nix language server
final.nixfmt-rfc-style # auto-formatting nix files through nixd
final.clang # To compile tree-sitter grammars
final.shellcheck
final.cmake-language-server
final.cmake # Used by cmake-language-server
]
}
'';
};
})
];
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".config/emacs" = {
source = ./files/emacs;
recursive = true;
};
};
})
(lib.mkIf (config.me.emacs_flavor == "plainmacs") {
nixpkgs.overlays = [
(final: prev: {
my_emacs = pkgs.buildEnv {
name = prev.my_emacs.name;
paths = with prev; [
my_emacs
];
extraOutputsToInstall = [
"man"
"doc"
"info"
];
};
})
];
})
]
);
} }

18
nix/configuration/roles/emacs/files/emacs/elisp/lang-cmake.el Normal file
View File

@@ -0,0 +1,18 @@
(require 'common-lsp)
(use-package cmake-mode
:commands cmake-mode
:hook (
(cmake-mode . (lambda ()
(eglot-ensure)
(defclass my/eglot-cmake (eglot-lsp-server) ()
:documentation
"Own eglot server class.")
(add-to-list 'eglot-server-programs
'(cmake-mode . (my/eglot-cmake "cmake-language-server")))
))
)
)
(provide 'lang-cmake)

2
nix/configuration/roles/emacs/files/emacs/init.el
View File

@@ -38,4 +38,6 @@
(require 'lang-nix) (require 'lang-nix)
(require 'lang-cmake)
(load-directory autoload-directory) (load-directory autoload-directory)

229
nix/configuration/roles/firefox/default.nix
View File

@@ -8,114 +8,129 @@
{ {
imports = [ ]; imports = [ ];
programs.firefox = { options.me = {
enable = true; firefox.enable = lib.mkOption {
package = (pkgs.wrapFirefox (pkgs.firefox-unwrapped.override { pipewireSupport = true; }) { }); type = lib.types.bool;
languagePacks = [ "en-US" ]; default = false;
preferences = { example = true;
# "identity.sync.tokenserver.uri": "https://ffsync.fizz.buzz/token/1.0/sync/1.5"; description = "Whether we want to install firefox.";
"media.hardware-video-decoding.force-enabled" = true;
"media.ffmpeg.vaapi.enabled" = true;
"doh-rollout.doorhanger-decision" = "UIDisabled";
"dom.security.https_only_mode" = true;
"dom.security.https_only_mode_ever_enabled" = true;
"extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
# Disable ads
"extensions.pocket.enabled" = false;
"browser.newtabpage.activity-stream.showSponsored" = false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
"browser.newtabpage.activity-stream.feeds.section.topstories" = false;
"browser.newtabpage.pinned" = "[]";
"browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
"browser.topsites.contile.enabled" = false;
# Disable cache when devtools are open.
"devtools.cache.disabled" = true;
# Do not track header.
"privacy.donottrackheader.enabled" = true;
# Tell websites not to share or sell my data.
"privacy.globalprivacycontrol.enabled" = true;
# Disable "studies" (slice testing)
"app.shield.optoutstudies.enabled" = false;
# Disable attribution which is used by advertisers to track you.
"dom.private-attribution.submission.enabled" = false;
# Disable battery status, used to track users.
"dom.battery.enabled" = false;
# Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
#
# This breaks copying from BigQuery https://github.com/microsoft/monaco-editor/issues/1540
# dom.event.clipboardevents.enabled: false
# Isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains.
"privacy.firstparty.isolate" = true;
# Do not preload URLs that auto-complete in the address bar.
"browser.urlbar.speculativeConnect.enabled" = false;
# Do not resist fingerprinting because that tells websites to use light mode.
# https://bugzilla.mozilla.org/show_bug.cgi?id=1732114
"privacy.resistFingerprinting" = false; # (default false)
# Instead, enable fingerprinting protection, which allows configuring an override.
"privacy.fingerprintingProtection" = true;
# Allow sending dark mode preference to websites.
# Allow sending timezone to websites.
"privacy.fingerprintingProtection.overrides" =
"+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked";
# Disable weather on new tab page
"browser.newtabpage.activity-stream.showWeather" = false;
};
# Check about:policies#documentation and https://mozilla.github.io/policy-templates/ for options.
policies = {
DisableTelemetry = true;
DisplayBookmarksToolbar = "newtab";
# Check about:support for extension/add-on ID strings.
# Valid strings for installation_mode are "allowed", "blocked",
# "force_installed" and "normal_installed".
ExtensionSettings = {
# "*".installation_mode = "blocked"; # blocks all addons except the ones specified below
"uBlock0@raymondhill.net" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
installation_mode = "force_installed";
};
"firefox@teleparty.com" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/netflix-party-is-now-teleparty/latest.xpi";
installation_mode = "normal_installed";
};
"@ublacklist" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublacklist/latest.xpi";
installation_mode = "normal_installed";
};
"@react-devtools" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/react-devtools/latest.xpi";
installation_mode = "normal_installed";
};
};
}; };
}; };
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { config = lib.mkIf config.me.firefox.enable (
hideMounts = true; lib.mkMerge [
users.talexander = { (lib.mkIf config.me.graphical {
directories = [ programs.firefox = {
{ enable = true;
directory = ".mozilla"; package = (pkgs.wrapFirefox (pkgs.firefox-unwrapped.override { pipewireSupport = true; }) { });
user = "talexander"; languagePacks = [ "en-US" ];
group = "talexander"; preferences = {
mode = "0700"; # "identity.sync.tokenserver.uri": "https://ffsync.fizz.buzz/token/1.0/sync/1.5";
} "media.hardware-video-decoding.force-enabled" = true;
]; "media.ffmpeg.vaapi.enabled" = true;
}; "doh-rollout.doorhanger-decision" = "UIDisabled";
}; "dom.security.https_only_mode" = true;
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) { "dom.security.https_only_mode_ever_enabled" = true;
hideMounts = true; "extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
users.talexander = { # Disable ads
directories = [ "extensions.pocket.enabled" = false;
{ "browser.newtabpage.activity-stream.showSponsored" = false;
directory = ".cache/mozilla"; "browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
user = "talexander"; "browser.newtabpage.activity-stream.feeds.section.topstories" = false;
group = "talexander"; "browser.newtabpage.pinned" = "[]";
mode = "0700"; "browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
} "browser.topsites.contile.enabled" = false;
]; # Disable cache when devtools are open.
}; "devtools.cache.disabled" = true;
}; # Do not track header.
"privacy.donottrackheader.enabled" = true;
# Tell websites not to share or sell my data.
"privacy.globalprivacycontrol.enabled" = true;
# Disable "studies" (slice testing)
"app.shield.optoutstudies.enabled" = false;
# Disable attribution which is used by advertisers to track you.
"dom.private-attribution.submission.enabled" = false;
# Disable battery status, used to track users.
"dom.battery.enabled" = false;
# Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
#
# This breaks copying from BigQuery https://github.com/microsoft/monaco-editor/issues/1540
# dom.event.clipboardevents.enabled: false
# Isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains.
"privacy.firstparty.isolate" = true;
# Do not preload URLs that auto-complete in the address bar.
"browser.urlbar.speculativeConnect.enabled" = false;
# Do not resist fingerprinting because that tells websites to use light mode.
# https://bugzilla.mozilla.org/show_bug.cgi?id=1732114
"privacy.resistFingerprinting" = false; # (default false)
# Instead, enable fingerprinting protection, which allows configuring an override.
"privacy.fingerprintingProtection" = true;
# Allow sending dark mode preference to websites.
# Allow sending timezone to websites.
"privacy.fingerprintingProtection.overrides" =
"+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked";
# Disable weather on new tab page
"browser.newtabpage.activity-stream.showWeather" = false;
};
# Check about:policies#documentation and https://mozilla.github.io/policy-templates/ for options.
policies = {
DisableTelemetry = true;
DisplayBookmarksToolbar = "newtab";
# Check about:support for extension/add-on ID strings.
# Valid strings for installation_mode are "allowed", "blocked",
# "force_installed" and "normal_installed".
ExtensionSettings = {
# "*".installation_mode = "blocked"; # blocks all addons except the ones specified below
"uBlock0@raymondhill.net" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
installation_mode = "force_installed";
};
"firefox@teleparty.com" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/netflix-party-is-now-teleparty/latest.xpi";
installation_mode = "normal_installed";
};
"@ublacklist" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublacklist/latest.xpi";
installation_mode = "normal_installed";
};
"@react-devtools" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/react-devtools/latest.xpi";
installation_mode = "normal_installed";
};
};
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".mozilla";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".cache/mozilla";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
})
]
);
} }

28
nix/configuration/roles/fonts/default.nix
View File

@@ -8,20 +8,22 @@
{ {
imports = [ ]; imports = [ ];
fonts = { config = lib.mkIf config.me.graphical {
enableDefaultPackages = false; fonts = {
packages = with pkgs; [ enableDefaultPackages = false;
cascadia-code packages = with pkgs; [
source-sans-pro cascadia-code
source-serif-pro source-sans-pro
noto-fonts-cjk-sans source-serif-pro
noto-fonts-cjk-serif noto-fonts-cjk-sans
noto-fonts-color-emoji noto-fonts-cjk-serif
]; noto-fonts-color-emoji
];
fontconfig = { fontconfig = {
localConf = (builtins.readFile ./files/fonts.conf); localConf = (builtins.readFile ./files/fonts.conf);
useEmbeddedBitmaps = true; useEmbeddedBitmaps = true;
};
}; };
}; };
} }

83
nix/configuration/roles/git/default.nix
View File

@@ -8,15 +8,78 @@
{ {
imports = [ ]; imports = [ ];
environment.systemPackages = with pkgs; [ options.me = {
git git.config = lib.mkOption {
]; type = lib.types.nullOr lib.types.path;
default = null;
home-manager.users.talexander = example = ./files/gitconfig_home;
{ pkgs, ... }: description = "A git config file.";
{
home.file.".gitconfig" = {
source = ./files/gitconfig_home;
};
}; };
};
config = lib.mkMerge [
{
environment.systemPackages = with pkgs; [
git
];
}
(lib.mkIf (config.me.git.config != null) {
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".gitconfig" = {
source = config.me.git.config;
};
};
})
# (lib.mkIf (config.me.graphical) {
# nixpkgs.overlays = [
# (final: prev: {
# git = pkgs.buildEnv {
# name = prev.git.name;
# paths = [
# prev.git
# ];
# extraOutputsToInstall = [
# "man"
# "doc"
# "info"
# ];
# buildInputs = [ final.makeWrapper ];
# postBuild = ''
# wrapProgram $out/bin/git --prefix PATH : ${
# lib.makeBinPath [
# final.meld
# ]
# }
# '';
# };
# })
# ];
# })
# (lib.mkIf (!config.me.graphical) {
# nixpkgs.overlays = [
# (final: prev: {
# git = pkgs.buildEnv {
# name = prev.git.name;
# paths = [
# prev.git
# ];
# extraOutputsToInstall = [
# "man"
# "doc"
# "info"
# ];
# buildInputs = [ final.makeWrapper ];
# postBuild = ''
# wrapProgram $out/bin/git --prefix PATH : ${
# lib.makeBinPath [
# ]
# }
# '';
# };
# })
# ];
# })
];
} }

34
nix/configuration/roles/global_options/default.nix Normal file
View File

@@ -0,0 +1,34 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
};
# options.me.graphics_card_type = lib.mkOption {
# type = lib.types.nullOr (
# lib.types.enum [
# "amd"
# "intel"
# "nvidia"
# ]
# );
# default = null;
# example = "amd";
# description = "What graphics card type is in the computer.";
# };
# options.me.graphical = lib.mkOption {
# type = lib.types.bool;
# default = false;
# example = true;
# description = "Whether we want to install graphical programs.";
# };
}

220
nix/configuration/roles/gpg/default.nix
View File

@@ -2,7 +2,6 @@
config, config,
lib, lib,
pkgs, pkgs,
pkgs-unstable,
... ...
}: }:
@@ -17,158 +16,93 @@ in
{ {
imports = [ ]; imports = [ ];
# Fetch public keys: options.me = {
# gpg --locate-keys tom@fizz.buzz gpg.enable = lib.mkOption {
# type = lib.types.bool;
# gpg -vvv --auto-key-locate local,wkd --locate-keys tom@fizz.buzz default = false;
example = true;
hardware.gpgSmartcards.enable = true; description = "Whether we want to install gpg.";
services.udev.packages = [
pkgs.yubikey-personalization
pkgs.libfido2
(pkgs.writeTextFile {
name = "my-rules";
text = ''
ACTION=="add", SUBSYSTEM=="usb", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0406", MODE="660", GROUP="wheel"
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0406", TAG+="uaccess", GROUP="wheel", MODE="0660"
'';
destination = "/etc/udev/rules.d/50-yubikey.rules";
})
];
services.pcscd.enable = true;
# services.gnome.gnome-keyring.enable = true;
# services.dbus.packages = [ pkgs.gcr ];
# services.pcscd.plugins = lib.mkForce [ ];
# programs.gpg.scdaemonSettings = {
# disable-ccid = true;
# };
# .gnupg/scdaemon.conf
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".gnupg/scdaemon.conf" = {
source = ./files/scdaemon.conf;
};
};
# programs.gnupg.dirmngr.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-qt;
# settings = {
# disable-ccid = true;
# };
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".gnupg";
user = "talexander";
group = "talexander";
mode = "0700";
} # Local keyring
];
}; };
}; };
nixpkgs.overlays = [ config = lib.mkIf config.me.gpg.enable (
(final: prev: { lib.mkMerge [
# pcsclite = prev.pcsclite.overrideAttrs (old: { {
# postPatch = '' # Fetch public keys:
# substituteInPlace src/libredirect.c src/spy/libpcscspy.c \ # gpg --locate-keys tom@fizz.buzz
# --replace-fail "libpcsclite_real.so.1" "$lib/lib/libpcsclite_real.so.1" #
# ''; # gpg -vvv --auto-key-locate local,wkd --locate-keys tom@fizz.buzz
# });
# pcsclite = prev.pcsclite.overrideAttrs (old: { hardware.gpgSmartcards.enable = true;
# postPatch = services.udev.packages = [
# old.postPatch pkgs.yubikey-personalization
# + (lib.optionalString pkgs.libfido2
# (!(lib.strings.hasInfix ''--replace-fail "libpcsclite_real.so.1"'' old.postPatch)) (pkgs.writeTextFile {
# '' name = "my-rules";
# substituteInPlace src/libredirect.c src/spy/libpcscspy.c \ text = ''
# --replace-fail "libpcsclite_real.so.1" "$lib/lib/libpcsclite_real.so.1" ACTION=="add", SUBSYSTEM=="usb", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0406", MODE="660", GROUP="wheel"
# '' KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0406", TAG+="uaccess", GROUP="wheel", MODE="0660"
# ); '';
# }); destination = "/etc/udev/rules.d/50-yubikey.rules";
})
];
services.pcscd.enable = true;
# services.gnome.gnome-keyring.enable = true;
# pcsclite = prev.pcsclite.overrideAttrs (old: { # services.dbus.packages = [ pkgs.gcr ];
# postPatch =
# old.postPatch
# + ''
# substituteInPlace src/libredirect.c src/spy/libpcscspy.c \
# --replace-fail "libpcsclite_real.so.1" "$lib/lib/libpcsclite_real.so.1"
# '';
# });
# gnupg = prev.gnupg.override { # services.pcscd.plugins = lib.mkForce [ ];
# pcsclite = pkgs.pcsclite.overrideAttrs (old: {
# postPatch =
# old.postPatch
# + (lib.optionalString
# (!(lib.strings.hasInfix ''--replace-fail "libpcsclite_real.so.1"'' old.postPatch))
# ''
# substituteInPlace src/libredirect.c src/spy/libpcscspy.c \
# --replace-fail "libpcsclite_real.so.1" "$lib/lib/libpcsclite_real.so.1"
# ''
# );
# });
# };
})
];
# security.polkit.extraConfig = '' # programs.gpg.scdaemonSettings = {
# polkit.addRule(function(action, subject) { # disable-ccid = true;
# if (action.id == "org.debian.pcsc-lite.access_card") { # };
# return polkit.Result.YES;
# }
# });
# polkit.addRule(function(action, subject) { # .gnupg/scdaemon.conf
# if (action.id == "org.debian.pcsc-lite.access_pcsc") { home-manager.users.talexander =
# return polkit.Result.YES; { pkgs, ... }:
# } {
# }); home.file.".gnupg/scdaemon.conf" = {
# ''; source = ./files/scdaemon.conf;
};
};
environment.systemPackages = with pkgs; [ # programs.gnupg.dirmngr.enable = true;
pcsclite programs.gnupg.agent = {
pcsctools enable = true;
yubikey-personalization enableSSHSupport = true;
yubikey-manager pinentryPackage = pkgs.pinentry-qt;
glibcLocales # settings = {
ccid # disable-ccid = true;
libusb-compat-0_1 # };
gpg_test_wkd };
];
# nixpkgs.overlays = [ environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
# (final: prev: { hideMounts = true;
# gnupg = pkgs-unstable.gnupg; users.talexander = {
# scdaemon = pkgs-unstable.scdaemon; directories = [
# libgcrypt = pkgs-unstable.libgcrypt; {
# }) directory = ".gnupg";
# ]; user = "talexander";
group = "talexander";
mode = "0700";
} # Local keyring
];
};
};
# nixpkgs.overlays = [ environment.systemPackages = with pkgs; [
# (final: prev: { pcsclite
# gnupg = prev.gnupg.overrideAttrs (old: rec { pcsctools
# version = "2.4.7"; yubikey-personalization
# src = prev.fetchurl { yubikey-manager
# url = "https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-${version}.tar.bz2"; glibcLocales
# hash = "sha256-eyRwbk2n4OOwbKBoIxAnQB8jgQLEHJCWMTSdzDuF60Y="; ccid
# }; libusb-compat-0_1
# }); gpg_test_wkd
# }) ];
# ];
programs.gnupg.agent.enableExtraSocket = true; programs.gnupg.agent.enableExtraSocket = true;
}
]
);
} }

10
nix/configuration/roles/gpg/files/scdaemon.conf
View File

@@ -1,7 +1,7 @@
reader-port Yubico Yubi #reader-port Yubico Yubi
disable-ccid disable-ccid
log-file /home/talexander/scd.log #log-file /home/talexander/scd.log
verbose #verbose
debug cardio #debug cardio
debug-level 5 #debug-level 5

33
nix/configuration/roles/graphics/default.nix
View File

@@ -8,5 +8,36 @@
{ {
imports = [ ]; imports = [ ];
hardware.graphics.enable = true; options.me.graphics_card_type = lib.mkOption {
type = lib.types.nullOr (
lib.types.enum [
"amd"
"intel"
"nvidia"
]
);
default = null;
example = "amd";
description = "What graphics card type is in the computer.";
};
options.me.graphical = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install graphical programs.";
};
config = (
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
mesa-demos # for glxgears
vulkan-tools # for vkcube
xorg.xeyes # to test which windows are using x11
];
hardware.graphics.enable = true;
})
]
);
} }

51
nix/configuration/roles/kanshi/default.nix
View File

@@ -17,21 +17,40 @@ in
{ {
imports = [ ]; imports = [ ];
environment.systemPackages = with pkgs; [ options.me = {
kanshi kanshi.enable = lib.mkOption {
]; type = lib.types.bool;
default = false;
me.swayIncludes = [ example = true;
exec_kanshi description = "Whether we want to install kanshi.";
];
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file = {
".config/kanshi/config" = {
source = ./files/config_kanshi;
};
};
}; };
};
config = lib.mkIf config.me.kanshi.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
];
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
kanshi
];
me.swayIncludes = [
exec_kanshi
];
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file = {
".config/kanshi/config" = {
source = ./files/config_kanshi;
};
};
};
})
]
);
} }

99
nix/configuration/roles/kodi/default.nix Normal file
View File

@@ -0,0 +1,99 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
kodi.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install kodi.";
};
};
config = lib.mkIf config.me.kodi.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
];
}
(lib.mkIf config.me.graphical {
services.cage.user = "kodi";
services.cage.program = "${pkgs.kodi-wayland}/bin/kodi-standalone";
services.cage.enable = true;
nixpkgs.overlays = [
(final: prev: {
kodi-wayland = prev.kodi-wayland.withPackages (
kodiPkgs: with kodiPkgs; [
joystick
vfs-sftp
]
);
})
];
users.users.kodi = {
isNormalUser = true;
createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481
group = "kodi";
extraGroups = [ ];
uid = 12000;
packages = with pkgs; [
tree
];
# Generate with `mkpasswd -m scrypt`
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
];
};
users.groups.kodi.gid = 12000;
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.kodi = {
directories = [
{
directory = ".ssh";
user = "kodi";
group = "kodi";
mode = "0755";
}
{
directory = ".kodi";
user = "kodi";
group = "kodi";
mode = "0755";
}
];
};
};
home-manager.users.kodi =
{ pkgs, ... }:
{
# home.file.".kodi/userdata/mediasources.xml".source = ./files/mediasources.xml;
# home.file.".kodi/userdata/addon_data/peripheral.joystick/resources/buttonmaps/xml/linux/DualSense_Wireless_Controller_13b_8a.xml".source =
# ./files/DualSense_Wireless_Controller_13b_8a.xml;
# TODO: Maybe .kodi/userdata/sources.xml
# TODO: ./userdata/guisettings.xml:303: <setting id="filecache.memorysize">128</setting>
# The state version is required and should stay at the version you
# originally installed.
home.stateVersion = "24.11";
};
})
]
);
}

38
nix/configuration/roles/kodi/files/DualSense_Wireless_Controller_13b_8a.xml Normal file
View File

@@ -0,0 +1,38 @@
<?xml version="1.0" ?>
<buttonmap>
<device name="DualSense Wireless Controller" provider="linux" buttoncount="13" axiscount="8">
<configuration>
<axis index="2" center="-1" range="2" />
<axis index="5" center="-1" range="2" />
</configuration>
<controller id="game.controller.default">
<feature name="a" button="0" />
<feature name="b" button="1" />
<feature name="back" button="9" />
<feature name="down" axis="+7" />
<feature name="guide" button="10" />
<feature name="left" axis="-6" />
<feature name="leftbumper" button="4" />
<feature name="leftstick">
<up axis="-1" />
<down axis="+1" />
<right axis="+0" />
<left axis="-0" />
</feature>
<feature name="lefttrigger" button="6" />
<feature name="right" axis="+6" />
<feature name="rightbumper" button="5" />
<feature name="rightstick">
<up axis="-4" />
<down axis="+4" />
<right axis="+3" />
<left axis="-3" />
</feature>
<feature name="righttrigger" button="7" />
<feature name="start" button="8" />
<feature name="up" axis="-7" />
<feature name="x" button="3" />
<feature name="y" button="2" />
</controller>
</device>
</buttonmap>

5
nix/configuration/roles/kodi/files/mediasources.xml Normal file
View File

@@ -0,0 +1,5 @@
<mediasources>
<network>
<location id="0">sftp://nochainstounlock@stuff.fizz.buzz:42069/readonly/library/</location>
</network>
</mediasources>

62
nix/configuration/roles/kubernetes/default.nix
View File

@@ -32,31 +32,45 @@ in
{ {
imports = [ ]; imports = [ ];
environment.systemPackages = with pkgs; [ options.me = {
kubectl kubernetes.enable = lib.mkOption {
kubeswitch type = lib.types.bool;
stern default = false;
alias_kx example = true;
alias_ks description = "Whether we want to install kubernetes.";
alias_k
alias_ka
alias_kdel
alias_kd
alias_klog
];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".kube";
user = "talexander";
group = "talexander";
mode = "0750";
}
];
}; };
}; };
config = lib.mkIf config.me.kubernetes.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
kubectl
kubeswitch
stern
alias_kx
alias_ks
alias_k
alias_ka
alias_kdel
alias_kd
alias_klog
];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".kube";
user = "talexander";
group = "talexander";
mode = "0750";
}
];
};
};
}
]
);
} }

21
nix/configuration/roles/latex/default.nix
View File

@@ -4,6 +4,7 @@
pkgs, pkgs,
... ...
}: }:
let let
tex = ( tex = (
pkgs.texlive.combine { pkgs.texlive.combine {
@@ -23,8 +24,22 @@ in
{ {
imports = [ ]; imports = [ ];
environment.systemPackages = with pkgs; [ options.me = {
tex latex.enable = lib.mkOption {
]; type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install latex.";
};
};
config = lib.mkIf config.me.latex.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
tex
];
}
]
);
} }

58
nix/configuration/roles/launch_keyboard/default.nix
View File

@@ -8,29 +8,41 @@
{ {
imports = [ ]; imports = [ ];
config = lib.mkIf config.me.graphical { options.me = {
environment.systemPackages = with pkgs; [ launch_keyboard.enable = lib.mkOption {
system76-keyboard-configurator type = lib.types.bool;
dfu-programmer # For flashing keyboard https://support.system76.com/articles/launch_2-firmware-update/ default = false;
avrdude # For flashing keyboard https://support.system76.com/articles/launch_2-firmware-update/ example = true;
lxqt.lxqt-policykit # Need a polkit agent to launch the keyboard configurator description = "Whether we want to install launch_keyboard.";
];
# TODO: Switch sway to using seatd instead of polkit
systemd = {
user.services.lxqt-policykit-agent = {
description = "lxqt-policykit-agent";
wantedBy = [ "graphical-session.target" ];
wants = [ "graphical-session.target" ];
after = [ "graphical-session.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.lxqt.lxqt-policykit}/bin/lxqt-policykit-agent";
Restart = "on-failure";
RestartSec = 1;
TimeoutStopSec = 10;
};
};
}; };
}; };
config = lib.mkIf config.me.launch_keyboard.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
system76-keyboard-configurator
dfu-programmer # For flashing keyboard https://support.system76.com/articles/launch_2-firmware-update/
avrdude # For flashing keyboard https://support.system76.com/articles/launch_2-firmware-update/
lxqt.lxqt-policykit # Need a polkit agent to launch the keyboard configurator
];
systemd = {
user.services.lxqt-policykit-agent = {
description = "lxqt-policykit-agent";
wantedBy = [ "graphical-session.target" ];
wants = [ "graphical-session.target" ];
after = [ "graphical-session.target" ];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.lxqt.lxqt-policykit}/bin/lxqt-policykit-agent";
Restart = "on-failure";
RestartSec = 1;
TimeoutStopSec = 10;
};
};
};
})
]
);
} }

50
nix/configuration/roles/lvfs/default.nix
View File

@@ -8,26 +8,36 @@
{ {
imports = [ ]; imports = [ ];
config = lib.mkMerge [ options.me = {
{ lvfs.enable = lib.mkOption {
services.fwupd.enable = true; type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install lvfs.";
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { config = lib.mkIf config.me.lvfs.enable (
hideMounts = true; lib.mkMerge [
directories = [ {
{ services.fwupd.enable = true;
directory = "/var/lib/fwupd"; environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
user = "root"; hideMounts = true;
group = "root"; directories = [
mode = "0755"; {
} directory = "/var/lib/fwupd";
user = "root";
group = "root";
mode = "0755";
}
];
};
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
gnome-firmware
]; ];
}; })
} ]
(lib.mkIf config.me.graphical { );
environment.systemPackages = with pkgs; [
gnome-firmware
];
})
];
} }

46
nix/configuration/roles/media/default.nix
View File

@@ -21,32 +21,30 @@ in
{ {
imports = [ ]; imports = [ ];
options.me.graphicsCardType = lib.mkOption { options.me = {
type = lib.types.nullOr ( media.enable = lib.mkOption {
lib.types.enum [ type = lib.types.bool;
"amd" default = false;
"intel" example = true;
"nvidia" description = "Whether we want to install media.";
] };
);
default = null;
example = "amd";
description = "What graphics card type is in the computer.";
}; };
options.me.graphical = lib.mkOption { config = lib.mkIf config.me.media.enable (
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install graphical programs.";
};
config = (
lib.mkMerge [ lib.mkMerge [
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
ffmpeg ffmpeg
]; ];
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
mpv
evince
gimp
# So far I prefer imv over swayimg because imv supports the 'p' hotkey to print the currently-viewed file to stdout (useful for pipelines) and afaik doesn't support the exec:// protocol which seems like a massive risk.
imv
];
home-manager.users.talexander = home-manager.users.talexander =
{ pkgs, ... }: { pkgs, ... }:
@@ -55,16 +53,8 @@ in
source = ./files/mpv.conf; source = ./files/mpv.conf;
}; };
}; };
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
mpv
evince
gimp
imv # TODO: Maybe replace with https://github.com/artemsen/swayimg because imv is looking for a new maintainer
];
}) })
(lib.mkIf (config.me.graphicsCardType == "amd" || config.me.graphicsCardType == "intel") { (lib.mkIf (config.me.graphics_card_type == "amd" || config.me.graphics_card_type == "intel") {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
cast_file_vaapi cast_file_vaapi
]; ];

17
nix/configuration/roles/memtest86/default.nix Normal file
View File

@@ -0,0 +1,17 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{ }
(lib.mkIf (config.me.buildingIso) {
# boot.loader.systemd-boot.memtest86.enable = true;
boot.loader.grub.memtest86.enable = true;
})
];
}

10
nix/configuration/roles/network/default.nix
View File

@@ -26,7 +26,7 @@
]; ];
services.resolved = { services.resolved = {
enable = true; enable = true;
dnssec = "true"; # dnssec = "true";
domains = [ "~." ]; domains = [ "~." ];
fallbackDns = [ ]; fallbackDns = [ ];
dnsovertls = "true"; dnsovertls = "true";
@@ -39,7 +39,8 @@
127.0.0.1 odo.home.arpa 127.0.0.1 odo.home.arpa
10.216.1.1 homeserver 10.216.1.1 homeserver
10.216.1.6 media 10.216.1.6 media
10.216.1.12 odo #10.216.1.12 odo
10.216.1.14 neelix
10.217.1.1 drmario 10.217.1.1 drmario
10.217.2.1 mrmanager 10.217.2.1 mrmanager
''; '';
@@ -61,4 +62,9 @@
ldns # for drill ldns # for drill
arp-scan # To find devices on the network arp-scan # To find devices on the network
]; ];
boot.extraModprobeConfig = ''
# Set wifi to US
options cfg80211 ieee80211_regdom=US
'';
} }

44
nix/configuration/roles/nix_index/default.nix Normal file
View File

@@ -0,0 +1,44 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
nix_index.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install nix_index.";
};
};
config = lib.mkIf config.me.nix_index.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
nix-index-unwrapped
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".cache/nix-index";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
}
]
);
}

39
nix/configuration/roles/python/default.nix
View File

@@ -8,16 +8,31 @@
{ {
imports = [ ]; imports = [ ];
environment.systemPackages = with pkgs; [ options.me = {
(python3.withPackages (python-pkgs: [ python.enable = lib.mkOption {
python-pkgs.distro # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py type = lib.types.bool;
python-pkgs.pyudev # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py default = false;
python-pkgs.systemd # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py example = true;
python-pkgs.packaging # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py description = "Whether we want to install python.";
])) };
poetry };
pyright
isort config = lib.mkIf config.me.python.enable (
black lib.mkMerge [
]; {
environment.systemPackages = with pkgs; [
(python3.withPackages (python-pkgs: [
python-pkgs.distro # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
python-pkgs.pyudev # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
python-pkgs.systemd # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
python-pkgs.packaging # For https://gitlab.freedesktop.org/drm/amd/-/blob/master/scripts/amd_s2idle.py
]))
poetry
pyright
isort
black
];
}
]
);
} }

21
nix/configuration/roles/qemu/default.nix
View File

@@ -8,7 +8,22 @@
{ {
imports = [ ]; imports = [ ];
environment.systemPackages = with pkgs; [ options.me = {
qemu qemu.enable = lib.mkOption {
]; type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install qemu.";
};
};
config = lib.mkIf config.me.qemu.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
qemu
];
}
]
);
} }

5
nix/configuration/roles/reset/default.nix
View File

@@ -9,5 +9,8 @@
imports = [ ]; imports = [ ];
# Reset some defaults to start from a minimal more-arch-linux-like state. Think of this like a CSS reset sheet. # Reset some defaults to start from a minimal more-arch-linux-like state. Think of this like a CSS reset sheet.
config = {
# Do not use default packages (nixos includes some defaults like nano)
environment.defaultPackages = lib.mkForce [ ];
};
} }

61
nix/configuration/roles/rust/default.nix
View File

@@ -8,31 +8,46 @@
{ {
imports = [ ]; imports = [ ];
environment.systemPackages = with pkgs; [ options.me = {
rustup rust.enable = lib.mkOption {
lldb # for lldb-vscode type = lib.types.bool;
musl # for building static binaries default = false;
rust-analyzer example = true;
cargo-semver-checks description = "Whether we want to install rust.";
# ? cargo-bloat
# ? cargo-outdated
# ? cargo-public-api
];
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file = {
".cargo/config.toml" = {
source = ./files/cargo_config.toml;
};
# # TODO: Figure out what to do with credentials.
# ".cargo/credentials.toml" = {
# source = ./files/cargo_credentials.toml;
# };
};
}; };
};
config = lib.mkIf config.me.rust.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
rustup
lldb # for lldb-vscode
musl # for building static binaries
rust-analyzer
cargo-semver-checks
# ? cargo-bloat
# ? cargo-outdated
# ? cargo-public-api
];
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file = {
".cargo/config.toml" = {
source = ./files/cargo_config.toml;
};
# # TODO: Figure out what to do with credentials.
# ".cargo/credentials.toml" = {
# source = ./files/cargo_credentials.toml;
# };
};
};
}
]
);
} }
# TODO: Install clippy, cranelift, rust-src # TODO: Install clippy, cranelift, rust-src

48
nix/configuration/roles/shipwright/default.nix Normal file
View File

@@ -0,0 +1,48 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
shipwright.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install shipwright.";
};
};
config = lib.mkIf config.me.shipwright.enable (
lib.mkMerge [
{
allowedUnfree = [ "shipwright" ];
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
shipwright
];
# TODO perhaps install ~/.local/share/soh/shipofharkinian.json
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".local/share/soh";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
})
]
);
}

55
nix/configuration/roles/sm64ex/default.nix Normal file
View File

@@ -0,0 +1,55 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
sm64ex.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install sm64ex.";
};
};
config = lib.mkIf config.me.sm64ex.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
allowedUnfree = [ "sm64ex" ];
environment.systemPackages = with pkgs; [
sm64ex
];
# nixpkgs.overlays = [
# (final: prev: {
# sm4ex = prev.sm64ex.override {
# baseRom.name = "SuperMario64.z64";
# };
# })
# ];
# TODO perhaps install ~/.local/share/sm64ex/sm64config.txt
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".local/share/sm64ex";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
})
]
);
}

140
nix/configuration/roles/sound/default.nix
View File

@@ -8,69 +8,85 @@
{ {
imports = [ ]; imports = [ ];
environment.systemPackages = with pkgs; [ options.me = {
pavucontrol sound.enable = lib.mkOption {
]; type = lib.types.bool;
default = false;
# rtkit is optional but recommended example = true;
security.rtkit.enable = true; description = "Whether we want to install sound.";
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
extraLv2Packages = [ pkgs.rnnoise-plugin ];
configPackages = [
(pkgs.writeTextDir "share/pipewire/pipewire.conf.d/99-input-denoising.conf" ''
context.modules = [
{ name = libpipewire-module-filter-chain
args = {
node.description = "Noise Canceling source"
media.name = "Noise Canceling source"
filter.graph = {
nodes = [
{
type = ladspa
name = rnnoise
plugin = "${pkgs.rnnoise-plugin}/lib/ladspa/librnnoise_ladspa.so"
label = noise_suppressor_mono
control = {
"VAD Threshold (%)" = 50.0
"VAD Grace Period (ms)" = 200
"Retroactive VAD Grace (ms)" = 0
}
}
]
}
capture.props = {
node.name = "capture.rnnoise_source"
node.passive = true
audio.rate = 48000
# Optionally specify a specific input: (ID from `pactl list`)
# target.object = "alsa_input.usb-Shure_Incorporated_Shure_Digital-00.analog-stereo"
}
playback.props = {
node.name = "rnnoise_source"
media.class = Audio/Source
audio.rate = 48000
}
}
}
]
'')
];
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
".local/state/wireplumber" # Sound settings
];
}; };
}; };
config = lib.mkIf config.me.sound.enable (
lib.mkMerge [
{
# rtkit is optional but recommended
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
extraLv2Packages = [ pkgs.rnnoise-plugin ];
configPackages = [
(pkgs.writeTextDir "share/pipewire/pipewire.conf.d/99-input-denoising.conf" ''
context.modules = [
{ name = libpipewire-module-filter-chain
args = {
node.description = "Noise Canceling source"
media.name = "Noise Canceling source"
filter.graph = {
nodes = [
{
type = ladspa
name = rnnoise
plugin = "${pkgs.rnnoise-plugin}/lib/ladspa/librnnoise_ladspa.so"
label = noise_suppressor_mono
control = {
"VAD Threshold (%)" = 50.0
"VAD Grace Period (ms)" = 200
"Retroactive VAD Grace (ms)" = 0
}
}
]
}
capture.props = {
node.name = "capture.rnnoise_source"
node.passive = true
audio.rate = 48000
# Optionally specify a specific input: (ID from `pactl list`)
# target.object = "alsa_input.usb-Shure_Incorporated_Shure_Digital-00.analog-stereo"
}
playback.props = {
node.name = "rnnoise_source"
media.class = Audio/Source
audio.rate = 48000
}
}
}
]
'')
];
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
".local/state/wireplumber" # Sound settings
];
};
};
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
pavucontrol
];
})
]
);
} }

18
nix/configuration/roles/steam/default.nix
View File

@@ -8,16 +8,18 @@
{ {
imports = [ ]; imports = [ ];
options.me.games = lib.mkOption { options.me = {
type = lib.types.bool; steam.enable = lib.mkOption {
default = config.me.graphical; type = lib.types.bool;
example = true; default = false;
description = "Whether we want to install games."; example = true;
description = "Whether we want to install steam.";
};
}; };
config = ( config = lib.mkIf config.me.steam.enable (
lib.mkMerge [ lib.mkMerge [
(lib.mkIf config.me.games { (lib.mkIf config.me.graphical {
allowedUnfree = [ allowedUnfree = [
"steam" "steam"
"steam-original" "steam-original"
@@ -38,11 +40,11 @@
directories = [ directories = [
".local/share/Steam" ".local/share/Steam"
".steam" ".steam"
".factorio"
]; ];
}; };
}; };
}) })
] ]
); );
} }

32
nix/configuration/roles/sway/default.nix
View File

@@ -6,7 +6,6 @@
}: }:
let let
# TODO: Maybe replace wofi with tofi (with config to make it start quickly)
sway-config = pkgs.writeTextFile { sway-config = pkgs.writeTextFile {
name = "config"; name = "config";
text = '' text = ''
@@ -31,7 +30,8 @@ let
# Your preferred application launcher # Your preferred application launcher
# Note: it's recommended that you pass the final command to sway # Note: it's recommended that you pass the final command to sway
# set $menu dmenu_path | dmenu | xargs swaymsg exec # set $menu dmenu_path | dmenu | xargs swaymsg exec
set $menu ${pkgs.wofi}/bin/wofi --show drun --gtk-dark set $menu ${pkgs.tofi}/bin/tofi-drun | xargs swaymsg exec --
#set $menu ${pkgs.wofi}/bin/wofi --show drun --gtk-dark
# Do not show a title bar on windows # Do not show a title bar on windows
default_border pixel 2 default_border pixel 2
@@ -258,8 +258,23 @@ in
{ {
imports = [ imports = [
./graphical_session_target.nix ./graphical_session_target.nix
./iso.nix
./rofimoji.nix
./lockscreen.nix
./screenshot.nix
./force_focus.nix
./notification.nix
]; ];
options.me = {
sway.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install sway.";
};
};
options.me.swayIncludes = lib.mkOption { options.me.swayIncludes = lib.mkOption {
type = lib.types.listOf lib.types.package; type = lib.types.listOf lib.types.package;
default = [ ]; default = [ ];
@@ -271,7 +286,7 @@ in
description = "List of packages to import as sway configs."; description = "List of packages to import as sway configs.";
}; };
config = { config = lib.mkIf (config.me.graphical && config.me.sway.enable) {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
alacritty alacritty
pcmanfm pcmanfm
@@ -279,6 +294,8 @@ in
stop_screen_share stop_screen_share
]; ];
programs.sway.extraPackages = lib.mkForce [ ];
me.swayIncludes = [ me.swayIncludes = [
base-hotkeys base-hotkeys
display-configs display-configs
@@ -330,7 +347,8 @@ in
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
files = [ files = [
".cache/wofi-drun" # Execution history for wofi to sort results ".local/state/tofi-drun-history" # A cache of the desktop files for tofi
".cache/tofi-drun" # Execution history for tofi to sort results
]; ];
}; };
}; };
@@ -339,7 +357,6 @@ in
portal = { portal = {
enable = true; enable = true;
extraPortals = with pkgs; [ extraPortals = with pkgs; [
xdg-desktop-portal-wlr
xdg-desktop-portal-gtk xdg-desktop-portal-gtk
]; ];
wlr = { wlr = {
@@ -384,9 +401,8 @@ in
services.gvfs.enable = true; services.gvfs.enable = true;
# Auto-launch sway # Auto-launch sway
environment.loginShellInit = '' # Run sway as the absolute last command in the login shell init. mkBefore = 500, plain = 1000, mkAfter = 1500
# TODO: This shouldn't be shoe-horned into the sway config environment.loginShellInit = lib.mkOrder 2000 ''
doas iw dev wlan0 set power_save off
[ -z "$WAYLAND_DISPLAY" ] && [ -n "$XDG_VTNR" ] && [ "$XDG_VTNR" -eq 1 ] && [ "$(tty)" = "/dev/tty1" ] && exec ${pkgs.systemd}/bin/systemd-cat --identifier=sway sway [ -z "$WAYLAND_DISPLAY" ] && [ -n "$XDG_VTNR" ] && [ "$XDG_VTNR" -eq 1 ] && [ "$(tty)" = "/dev/tty1" ] && exec ${pkgs.systemd}/bin/systemd-cat --identifier=sway sway
''; '';
}; };

3
nix/configuration/roles/sway/files/tofi-config Normal file
View File

@@ -0,0 +1,3 @@
border-width = 4
outline-width = 1
border-color = #FF6600

27
nix/configuration/roles/sway/force_focus.nix Normal file
View File

@@ -0,0 +1,27 @@
{
config,
lib,
pkgs,
...
}:
let
force_focus_sway_config = pkgs.writeTextFile {
name = "force_focus.conf";
text = ''
mode "force focus" {
bindsym $mod+Shift+Escape fullscreen; mode "default"
}
bindsym $mod+Shift+f fullscreen; mode "force focus"
'';
};
in
{
imports = [ ];
config = lib.mkIf (config.me.graphical && config.me.sway.enable) {
me.swayIncludes = [
force_focus_sway_config
];
};
}

1
nix/configuration/roles/sway/graphical_session_target.nix
View File

@@ -11,6 +11,7 @@ let
text = '' text = ''
# Trigger graphical-session.target through sway-session.target so systemd user units can depend on it. # Trigger graphical-session.target through sway-session.target so systemd user units can depend on it.
exec systemctl --user start sway-session.target exec systemctl --user start sway-session.target
exec swaymsg -t subscribe '["shutdown"]' && systemctl --user stop sway-session.target
''; '';
}; };
in in

25
nix/configuration/roles/sway/iso.nix Normal file
View File

@@ -0,0 +1,25 @@
{
config,
lib,
pkgs,
...
}:
let
launch_terminal = pkgs.writeTextFile {
name = "launch_terminal.conf";
text = ''
exec ${pkgs.alacritty}/bin/alacritty
'';
};
in
{
imports = [ ];
config = lib.mkIf (config.me.buildingIso && config.me.graphical && config.me.sway.enable) {
# Launch a terminal at boot in the live ISO for when hotkeys don't work.
me.swayIncludes = [
launch_terminal
];
};
}

33
nix/configuration/roles/sway/lockscreen.nix Normal file
View File

@@ -0,0 +1,33 @@
{
config,
lib,
pkgs,
...
}:
let
lockscreen_sway_config = pkgs.writeTextFile {
name = "lockscreen.conf";
text = ''
set $lock ${pkgs.swaylock}/bin/swaylock -f -c 000000
# Hotkey to lock the screen
bindsym $mod+l exec $lock
exec ${pkgs.swayidle}/bin/swayidle -w \
timeout 300 '$lock' \
timeout 600 '${pkgs.sway}/bin/swaymsg "output * dpms off"' \
resume '${pkgs.sway}/bin/swaymsg "output * dpms on"' \
before-sleep '$lock'
'';
};
in
{
imports = [ ];
config = lib.mkIf (config.me.graphical && config.me.sway.enable) {
me.swayIncludes = [
lockscreen_sway_config
];
};
}

32
nix/configuration/roles/sway/notification.nix Normal file
View File

@@ -0,0 +1,32 @@
{
config,
lib,
pkgs,
...
}:
let
notification_sway_config = pkgs.writeTextFile {
name = "notification.conf";
text =
builtins.replaceStrings
[ "@mako@" "@makoctl@" ]
[ "${pkgs.mako}/bin/mako" "${pkgs.mako}/bin/makoctl" ]
''
bindsym $mod+Escape exec @makoctl@ dismiss
bindsym $mod+Shift+Escape exec @makoctl@ invoke
# Notifications
exec @mako@
'';
};
in
{
imports = [ ];
config = lib.mkIf (config.me.graphical && config.me.sway.enable) {
me.swayIncludes = [
notification_sway_config
];
};
}

63
nix/configuration/roles/sway/rofimoji.nix Normal file
View File

@@ -0,0 +1,63 @@
{
config,
lib,
pkgs,
...
}:
let
rofimoji_sway_config = pkgs.writeTextFile {
name = "rofimoji.conf";
text = ''
# Emoji selector
bindsym $mod+backslash exec ${pkgs.rofimoji}/bin/rofimoji --selector tofi
'';
};
in
{
imports = [ ];
config = lib.mkIf (config.me.graphical && config.me.sway.enable) {
me.swayIncludes = [
rofimoji_sway_config
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".local/share/rofimoji";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
nixpkgs.overlays = [
(final: prev: {
rofimoji = prev.rofimoji.overrideAttrs (old: {
propagatedBuildInputs = old.propagatedBuildInputs ++ [ pkgs.tofi ];
src = builtins.fetchGit {
# https://github.com/fdw/rofimoji/issues/209
url = "https://github.com/fdw/rofimoji.git";
rev = "615f00abeb984f3e648ef712164aa4e61f2e1808";
};
});
})
(final: prev: {
tofi = pkgs.symlinkJoin {
name = "tofi";
paths = [ prev.tofi ];
buildInputs = [ pkgs.makeWrapper ];
postBuild = ''
wrapProgram $out/bin/tofi-drun --add-flags --font=${pkgs.source-sans-pro}/share/fonts/opentype/SourceSansPro-Regular.otf --add-flags --config=${./files/tofi-config}
wrapProgram $out/bin/tofi --add-flags --config=${./files/tofi-config}
'';
};
})
];
};
}

42
nix/configuration/roles/sway/screenshot.nix Normal file
View File

@@ -0,0 +1,42 @@
{
config,
lib,
pkgs,
...
}:
let
screenshot_sway_config = pkgs.writeTextFile {
name = "screenshot.conf";
text =
builtins.replaceStrings
[ "@grim@" "@wl-screenrec@" "@pactl@" "@grep@" "@slurp@" ]
[
"${pkgs.grim}/bin/grim"
"${pkgs.wl-screenrec}/bin/wl-screenrec"
"${pkgs.pulseaudio}/bin/pactl"
"${pkgs.gnugrep}/bin/grep"
"${pkgs.slurp}/bin/slurp"
]
''
# Screenshots
#bindsym $mod+print exec @slurp@ | @grim@ -g - $(xdg-user-dir PICTURES)/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')
bindsym $mod+print exec @slurp@ | @grim@ -g - "$HOME/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"
bindsym print exec @grim@ "$HOME/$(date +'screenshot_%Y-%m-%d-%H%M%S.png')"
# Maybe add --audio flag? can optionally specify specific device name from `@pactl@ list sources | @grep@ Name`
bindsym $mod+Shift+print exec @wl-screenrec@ -g "$(@slurp@)" --codec av1 -f "$HOME/$(date +'screencast_%Y-%m-%d-%H%M%S.mkv')"
bindsym Shift+print exec @wl-screenrec@ --codec av1 -f "$HOME/$(date +'screencast_%Y-%m-%d-%H%M%S.mkv')"
bindsym $mod+ctrl+Shift+print exec pkill -SIGINT @wl-screenrec@
# Need to make a hotkey to end the recording
'';
};
in
{
imports = [ ];
config = lib.mkIf (config.me.graphical && config.me.sway.enable) {
me.swayIncludes = [
screenshot_sway_config
];
};
}

55
nix/configuration/roles/terraform/default.nix
View File

@@ -13,26 +13,41 @@ in
{ {
imports = [ ]; imports = [ ];
environment.systemPackages = with pkgs; [ options.me = {
terraform terraform.enable = lib.mkOption {
alias_tf type = lib.types.bool;
]; default = false;
example = true;
allowedUnfree = [ description = "Whether we want to install terraform.";
"terraform"
];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".terraform.d";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
}; };
}; };
config = lib.mkIf config.me.terraform.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
terraform
alias_tf
];
allowedUnfree = [
"terraform"
];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".terraform.d";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
}
]
);
} }

29
nix/configuration/roles/vnc_client/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
vnc_client.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install vnc_client.";
};
};
config = lib.mkIf config.me.vnc_client.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
wlvncc
];
})
]
);
}

62
nix/configuration/roles/vscode/default.nix Normal file
View File

@@ -0,0 +1,62 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
vscode.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install vscode.";
};
};
config = lib.mkIf config.me.vscode.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
allowedUnfree = [
"vscode"
"vscode-with-extensions"
"vscode-extension-ms-vscode-remote-remote-ssh"
];
environment.systemPackages = with pkgs; [
(vscode-with-extensions.override {
vscodeExtensions = with vscode-extensions; [
bbenoist.nix
ms-python.python
ms-azuretools.vscode-docker
ms-vscode-remote.remote-ssh
]
# ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [
# {
# name = "remote-ssh-edit";
# publisher = "ms-vscode-remote";
# version = "0.47.2";
# sha256 = "1hp6gjh4xp2m1xlm1jsdzxw9d8frkiidhph6nvl24d0h8z34w49g";
# }
# ]
;
})
];
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".config/Code/User/settings.json" = {
source = ./files/settings.json;
};
home.file.".config/Code/User/keybindings.json" = {
source = ./files/keybindings.json;
};
};
})
]
);
}

280
nix/configuration/roles/vscode/files/keybindings.json Normal file
View File

@@ -0,0 +1,280 @@
// Place your key bindings in this file to override the defaultsauto[]
[
{
"key": "alt+.",
"command": "editor.action.revealDefinition",
"when": "editorHasDefinitionProvider && editorTextFocus && !isInEmbeddedEditor"
},
{
"key": "f12",
"command": "-editor.action.revealDefinition",
"when": "editorHasDefinitionProvider && editorTextFocus && !isInEmbeddedEditor"
},
{
"key": "alt+,",
"command": "workbench.action.navigateBack",
"when": "canNavigateBack"
},
{
"key": "ctrl+alt+-",
"command": "-workbench.action.navigateBack",
"when": "canNavigateBack"
},
{
"key": "shift+alt+/",
"command": "editor.action.goToReferences",
"when": "editorHasReferenceProvider && editorTextFocus && !inReferenceSearchEditor && !isInEmbeddedEditor"
},
{
"key": "shift+f12",
"command": "-editor.action.goToReferences",
"when": "editorHasReferenceProvider && editorTextFocus && !inReferenceSearchEditor && !isInEmbeddedEditor"
},
{
"key": "ctrl+alt+.",
"command": "workbench.action.showAllSymbols"
},
{
"key": "ctrl+t",
"command": "-workbench.action.showAllSymbols"
},
{
"key": "alt+;",
"command": "editor.action.commentLine",
"when": "editorTextFocus && !editorReadonly"
},
{
"key": "ctrl+/",
"command": "-editor.action.commentLine",
"when": "editorTextFocus && !editorReadonly"
},
{
"key": "ctrl+x",
"command": "-editor.action.clipboardCutAction"
},
{
"key": "ctrl+x",
"command": "-filesExplorer.cut",
"when": "filesExplorerFocus && foldersViewVisible && !explorerResourceIsRoot && !explorerResourceReadonly && !inputFocus"
},
{
"key": "ctrl+x 3",
"command": "workbench.action.splitEditor"
},
{
"key": "ctrl+\\",
"command": "-workbench.action.splitEditor"
},
{
"key": "ctrl+x 2",
"command": "workbench.action.splitEditorDown"
},
{
"key": "ctrl+k ctrl+\\",
"command": "-workbench.action.splitEditorDown"
},
{
"key": "ctrl+x 1",
"command": "workbench.action.joinAllGroups"
},
{
"key": "ctrl+x 0",
"command": "workbench.action.closeEditorsAndGroup"
},
{
"key": "ctrl+x shift+=",
"command": "workbench.action.evenEditorWidths"
},
{
"key": "shift+up",
"command": "workbench.action.focusAboveGroup"
},
{
"key": "ctrl+k ctrl+up",
"command": "-workbench.action.focusAboveGroup"
},
{
"key": "shift+down",
"command": "workbench.action.focusBelowGroup"
},
{
"key": "ctrl+k ctrl+down",
"command": "-workbench.action.focusBelowGroup"
},
{
"key": "shift+left",
"command": "workbench.action.focusLeftGroup"
},
{
"key": "ctrl+k ctrl+left",
"command": "-workbench.action.focusLeftGroup"
},
{
"key": "shift+right",
"command": "workbench.action.focusRightGroup"
},
{
"key": "ctrl+k ctrl+right",
"command": "-workbench.action.focusRightGroup"
},
{
"key": "ctrl+x ctrl+s",
"command": "workbench.action.files.save"
},
{
"key": "ctrl+s",
"command": "-workbench.action.files.save"
},
{
"key": "alt+g g",
"command": "workbench.action.gotoLine"
},
{
"key": "ctrl+g",
"command": "-workbench.action.gotoLine"
},
{
"key": "ctrl+space",
"command": "editor.action.setSelectionAnchor",
"when": "editorTextFocus"
},
{
"key": "ctrl+k ctrl+b",
"command": "-editor.action.setSelectionAnchor",
"when": "editorTextFocus"
},
{
"key": "alt+w",
"command": "editor.action.clipboardCopyAction"
},
{
"key": "ctrl+c",
"command": "-editor.action.clipboardCopyAction"
},
{
"key": "ctrl+w",
"command": "editor.action.clipboardCutAction"
},
{
"key": "ctrl+y",
"command": "editor.action.clipboardPasteAction"
},
{
"key": "ctrl+v",
"command": "-editor.action.clipboardPasteAction"
},
{
"key": "ctrl+x p f",
"command": "workbench.action.quickOpen"
},
{
"key": "ctrl+e",
"command": "-workbench.action.quickOpen"
},
{
"key": "ctrl+a",
"command": "cursorLineStart"
},
{
"key": "ctrl+e",
"command": "cursorLineEnd"
},
{
"key": "ctrl+s",
"command": "actions.find",
"when": "editorFocus || editorIsOpen"
},
{
"key": "ctrl+f",
"command": "-actions.find",
"when": "editorFocus || editorIsOpen"
},
{
"key": "ctrl+shift+-",
"command": "undo"
},
{
"key": "ctrl+z",
"command": "-undo"
},
{
"key": "alt+x",
"command": "workbench.action.showCommands"
},
{
"key": "ctrl+shift+p",
"command": "-workbench.action.showCommands"
},
{
"key": "ctrl+c ctrl+a",
"command": "editor.action.quickFix",
"when": "editorHasCodeActionsProvider && textInputFocus && !editorReadonly"
},
{
"key": "ctrl+.",
"command": "-editor.action.quickFix",
"when": "editorHasCodeActionsProvider && textInputFocus && !editorReadonly"
},
{
"key": "shift+alt+5",
"command": "editor.action.startFindReplaceAction",
"when": "editorFocus || editorIsOpen"
},
{
"key": "ctrl+h",
"command": "-editor.action.startFindReplaceAction",
"when": "editorFocus || editorIsOpen"
},
{
"key": "shift+1",
"command": "editor.action.replaceAll",
"when": "editorFocus && findWidgetVisible"
},
{
"key": "ctrl+alt+enter",
"command": "-editor.action.replaceAll",
"when": "editorFocus && findWidgetVisible"
},
{
"key": "shift+alt+,",
"command": "cursorTop",
"when": "textInputFocus"
},
{
"key": "ctrl+home",
"command": "-cursorTop",
"when": "textInputFocus"
},
{
"key": "shift+alt+.",
"command": "cursorBottom",
"when": "textInputFocus"
},
{
"key": "ctrl+end",
"command": "-cursorBottom",
"when": "textInputFocus"
},
{
"key": "ctrl+x ctrl+f",
"command": "workbench.action.files.openFile",
"when": "true"
},
{
"key": "ctrl+o",
"command": "-workbench.action.files.openFile",
"when": "true"
},
{
"key": "ctrl+x k",
"command": "workbench.action.closeEditorInAllGroups"
},
{
"key": "ctrl+x b",
"command": "workbench.action.showAllEditors"
},
{
"key": "ctrl+k ctrl+p",
"command": "-workbench.action.showAllEditors"
}
]

41
nix/configuration/roles/vscode/files/settings.json Normal file
View File

@@ -0,0 +1,41 @@
{
"application.shellEnvironmentResolutionTimeout": 90,
"workbench.colorTheme": "Default High Contrast",
"remote.SSH.connectTimeout": 90,
"remote.SSH.enableDynamicForwarding": false,
"remote.SSH.enableAgentForwarding": false,
"remote.SSH.enableX11Forwarding": false,
"python.analysis.inlayHints.functionReturnTypes": true,
"python.analysis.inlayHints.variableTypes": true,
"editor.minimap.enabled": false,
"editor.fontSize": 12,
"editor.cursorStyle": "block",
"editor.fontFamily": "'Cascadia Mono', 'monospace', monospace",
"workbench.colorCustomizations": {
"editorCursor.foreground": "#ccff66",
"terminalCursor.foreground": "#ccff66"
},
"workbench.editor.showTabs": "none",
"workbench.activityBar.location": "hidden",
"window.menuBarVisibility": "toggle",
"explorer.autoReveal": false,
"[python]": {
"editor.defaultFormatter": "ms-python.black-formatter",
"editor.formatOnSave": true
},
"[terraform]": {
"editor.defaultFormatter": "hashicorp.terraform",
"editor.formatOnSave": true
},
"[terraform-vars]": {
"editor.defaultFormatter": "hashicorp.terraform",
"editor.formatOnSave": true
},
"black-formatter.importStrategy": "fromEnvironment",
"workbench.statusBar.visible": false,
"git.openRepositoryInParentFolders": "never",
"files.autoSave": "afterDelay",
"editor.rulers": [
100
]
}

31
nix/configuration/roles/wasm/default.nix Normal file
View File

@@ -0,0 +1,31 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
wasm.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install wasm.";
};
};
config = lib.mkIf config.me.wasm.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
wabt
wasm-bindgen-cli
binaryen # for wasm-opt
];
}
]
);
}

79
nix/configuration/roles/waybar/default.nix
View File

@@ -4,6 +4,7 @@
pkgs, pkgs,
... ...
}: }:
let let
waybar_sway_config = pkgs.writeTextFile { waybar_sway_config = pkgs.writeTextFile {
name = "waybar.conf"; name = "waybar.conf";
@@ -79,38 +80,52 @@ in
{ {
imports = [ ]; imports = [ ];
environment.systemPackages = with pkgs; [ options.me = {
waybar waybar.enable = lib.mkOption {
waybar_available_memory type = lib.types.bool;
waybar_battery default = false;
waybar_clock example = true;
waybar_night_mode description = "Whether we want to install waybar.";
waybar_sound
waybar_temperature
python3 # for clock TODO python should not be in the system packages, maybe switch to a venv? ref https://nixos.wiki/wiki/Python
bc # for temperature and sound
jq # for memory, battery, sound, night mode, and temperature
upower # for battery
wlsunset # for night mode
];
me.swayIncludes = [
waybar_sway_config
];
services.upower.enable = true; # for battery
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file = {
".config/waybar/config" = {
source = ./files/waybar_config.json;
};
".config/waybar/style.css" = {
source = ./files/style.css;
};
};
}; };
};
config = lib.mkIf config.me.waybar.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
waybar
waybar_available_memory
waybar_battery
waybar_clock
waybar_night_mode
waybar_sound
waybar_temperature
python3 # for clock TODO python should not be in the system packages, maybe switch to a venv? ref https://nixos.wiki/wiki/Python
bc # for temperature and sound
jq # for memory, battery, sound, night mode, and temperature
upower # for battery
wlsunset # for night mode
];
me.swayIncludes = [
waybar_sway_config
];
services.upower.enable = true; # for battery
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file = {
".config/waybar/config" = {
source = ./files/waybar_config.json;
};
".config/waybar/style.css" = {
source = ./files/style.css;
};
};
};
})
]
);
} }

51
nix/configuration/roles/wireguard/default.nix
View File

@@ -4,24 +4,16 @@
pkgs, pkgs,
... ...
}: }:
let let
activatedWg = name: { activatedWg = name: {
networking.wg-quick.interfaces."${name}".configFile = "/persist/manual/wireguard/${name}.conf"; networking.wg-quick.interfaces."${name}".configFile = "/persist/manual/wireguard/${name}.conf";
systemd.services."wg-quick-${name}" = { systemd.services."wg-quick-${name}" = {
after = [ after = [
"network-online.target"
"nss-lookup.target" "nss-lookup.target"
"systemd-resolved.service"
"multi-user.target"
]; ];
preStart = "${pkgs.toybox}/bin/sleep 10"; preStart = "${pkgs.toybox}/bin/sleep 3";
}; };
# systemd.services."wg-quick-${name}".after = [
# "nss-lookup.target"
# "systemd-resolved.service"
# "multi-user.target"
# ];
# systemd.services."wg-quick-${name}".preStart = "${pkgs.toybox}/bin/sleep 10";
}; };
deactivatedWg = name: { deactivatedWg = name: {
networking.wg-quick.interfaces."${name}" = { networking.wg-quick.interfaces."${name}" = {
@@ -29,21 +21,36 @@ let
autostart = false; autostart = false;
}; };
}; };
wgConfig = lib.attrsets.recursiveUpdate (lib.attrsets.recursiveUpdate (lib.attrsets.recursiveUpdate wireguard_enable = (config.me.wireguard.activated != [ ] || config.me.wireguard.deactivated != [ ]);
(lib.attrsets.recursiveUpdate {
networking.firewall.allowedUDPPorts = [ 51821 ];
networking.wireguard.enable = true;
} (activatedWg "drmario"))
(activatedWg "wgh")
) (activatedWg "colo")) (deactivatedWg "wgf");
in in
{ {
imports = [ ]; imports = [ ];
config = lib.mkIf (!config.me.buildingIso) wgConfig; options.me = {
wireguard.activated = lib.mkOption {
# environment.systemPackages = with pkgs; [ type = lib.types.listOf lib.types.str;
# wireguard-tools default = false;
# ]; example = true;
description = "List of wireguard config names that should be activated at boot.";
};
wireguard.deactivated = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = false;
example = true;
description = "List of wireguard config names that are not activated at boot but can be manually activated later.";
};
};
config = lib.mkIf wireguard_enable (
lib.mkMerge [
{
networking.firewall.allowedUDPPorts = [ 51821 ];
networking.wireguard.enable = true;
}
(activatedWg "drmario")
(activatedWg "wgh")
(activatedWg "colo")
(deactivatedWg "wgf")
]
);
} }

7
nix/configuration/roles/zfs/default.nix
View File

@@ -44,4 +44,11 @@ in
zfs_clone_recv zfs_clone_recv
zfs_clone_resume zfs_clone_resume
]; ];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
"/etc/zfs/zpool.cache" # Which zpools to import, the root zpool is already imported and does not need this cache file but this captures additional pools.
];
};
} }

75
nix/configuration/roles/zrepl/default.nix
View File

@@ -8,38 +8,53 @@
{ {
imports = [ ]; imports = [ ];
services.zrepl = { options.me = {
enable = true; zrepl.enable = lib.mkOption {
settings = { type = lib.types.bool;
jobs = [ default = false;
{ example = true;
name = "snapjob"; description = "Whether we want to install zrepl.";
type = "snap"; };
filesystems = { };
"zroot/linux/nix/persist<" = true;
"zroot/bridge<" = true; config = lib.mkIf config.me.zrepl.enable (
}; lib.mkMerge [
snapshotting = { {
type = "periodic"; services.zrepl = {
interval = "15m"; enable = true;
prefix = "zrepl_"; settings = {
}; jobs = [
pruning = {
keep = [
{ {
type = "grid"; name = "snapjob";
grid = "1x1h(keep=all) | 24x1h | 14x1d"; type = "snap";
regex = "^zrepl_.*"; filesystems = {
} "zroot/linux/nix/persist<" = true;
{ "zroot/bridge<" = true;
type = "regex"; };
negate = true; snapshotting = {
regex = "^zrepl_.*"; type = "periodic";
interval = "15m";
prefix = "zrepl_";
};
pruning = {
keep = [
{
type = "grid";
grid = "1x1h(keep=all) | 24x1h | 14x1d";
regex = "^zrepl_.*";
}
{
type = "regex";
negate = true;
regex = "^zrepl_.*";
}
];
};
} }
]; ];
}; };
} };
]; }
}; ]
}; );
} }

83
nix/configuration/roles/zsh/default.nix
View File

@@ -49,50 +49,57 @@ let
source ${pkgs.zsh-histdb}/share/zsh/plugins/zsh-histdb/histdb-interactive.zsh source ${pkgs.zsh-histdb}/share/zsh/plugins/zsh-histdb/histdb-interactive.zsh
bindkey '^r' _histdb-isearch bindkey '^r' _histdb-isearch
# TODO: Consider moving to /etc/profile.d
#while read file; do
# if [ -e "$file" ]; then
# source "$file"
# fi
#done <<<"$(find $HOME/.config/ansible_deploy/zshrc -maxdepth 1 -type f -name '*.zsh' -print)"
''; '';
}; };
in in
{ {
imports = [ ]; imports = [ ];
environment.systemPackages = with pkgs; [ options.me = {
zsh zsh.enable = lib.mkOption {
sqlite # TODO: can this be pulled into zsh-histdb automatically? type = lib.types.bool;
]; default = false;
example = true;
users.users.talexander.shell = pkgs.zsh; description = "Whether we want to install zsh.";
environment.shells = with pkgs; [ zsh ];
programs.zsh = {
enable = true;
};
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".zshrc" = {
source = "${zshrc}";
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".histdb";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
}; };
}; };
config = lib.mkIf config.me.zsh.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
zsh
];
users.users.talexander.shell = pkgs.zsh;
environment.shells = with pkgs; [ zsh ];
programs.zsh = {
enable = true;
};
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".zshrc" = {
source = "${zshrc}";
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".histdb";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
}
]
);
} }