talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: talexander:d537aa599b36384eadf6991419c05f7a9c391f4c
Branches Tags
talexander:main talexander:kubernetes talexander:nix talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook
..
compare: talexander:upstream_amd_debug_tools
Branches Tags
talexander:kubernetes talexander:nix talexander:main talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook

255 Commits
d537aa599b ... upstream_a

Author SHA1 Message Date
Tom Alexander
6cdb8f066f Disable optimizations for quick iteration. 2025-09-19 19:08:31 -04:00
Tom Alexander
c73ecf422c Switch to using my fork of nixpkgs. 2025-09-19 19:08:30 -04:00
Tom Alexander
b179bee277 Pull in improvements from nixpkgs PR. 2025-09-06 20:32:25 -04:00
Tom Alexander
b1c85417e1 Update to linux 6.16. 2025-09-06 17:39:04 -04:00
Tom Alexander
96ea6c4232 Reduce abmlevel to 2. 
Everything got dimmer in 6.14 so I am reducing the abmlevel.
 2025-09-04 18:51:14 -04:00
Tom Alexander
2a584915e4 Install d2. 2025-09-04 18:51:14 -04:00
Tom Alexander
a6a50d7c22 Add d2 to emacs. 2025-09-04 18:51:14 -04:00
Tom Alexander
edfafd1017 Add latex packages for org export. 2025-09-04 18:51:13 -04:00
Tom Alexander
9adff4ebc1 Add laptop-only entry in shikane. 2025-09-01 18:48:42 -04:00
Tom Alexander
a788879d92 Preserve poetry venvs. 2025-09-01 18:48:38 -04:00
Tom Alexander
955c5963c8 Disable machine learning in firefox. 2025-08-31 22:21:34 -04:00
Tom Alexander
11436c0efe Set vscode navigate backwards to be scoped to the editor. 2025-08-27 20:33:37 -04:00
Tom Alexander
5b487330e1 Use json for talking to nix output monitor. 2025-08-24 17:36:06 -04:00
Tom Alexander
d25e9173dd Merge branch 'amd_s2idle' into nix 2025-08-21 20:30:35 -04:00
Tom Alexander
8bddf10e9d Fix description. 2025-08-21 20:30:23 -04:00
Tom Alexander
64c94e9b06 Add run-time dependencies. 2025-08-17 20:48:35 -04:00
Tom Alexander
c87957b8cb Introduce a cysystemd package. 2025-08-17 20:32:20 -04:00
Tom Alexander
bf419b6f4a Switch to buildPythonApplication. 2025-08-17 19:01:07 -04:00
Tom Alexander
b224a78b89 Add amd_s2idle script for debugging s2idle. 2025-08-17 10:37:51 -04:00
Tom Alexander
748584c78e Merge branch 'copy_files_mixin' into nix 2025-08-10 16:22:19 -04:00
Tom Alexander
64e8903ae4 Remove test code. 2025-08-10 16:19:13 -04:00
Tom Alexander
f4338ec8df Replace uses of home-manager. 2025-08-10 16:12:09 -04:00
Tom Alexander
c947def321 Fix handling ownership of parent directories. 2025-08-10 12:54:34 -04:00
Tom Alexander
f1eaaf12b3 Support separate permissions for containing directories. 2025-08-10 11:52:55 -04:00
Tom Alexander
2b485f7f1d Support recursive. 2025-08-10 11:41:06 -04:00
Tom Alexander
6db8e01309 Honor ownership. 2025-08-09 21:19:13 -04:00
Tom Alexander
03e389195c Filter out blank lines. 2025-08-09 21:01:35 -04:00
Tom Alexander
2c3e5483e9 Centralize the logic for escaping the shell values. 2025-08-09 20:54:54 -04:00
Tom Alexander
6b42a09468 Make the paths relative to the user's home directory. 2025-08-09 20:43:01 -04:00
Tom Alexander
eb5815048f Add a check and uninstall phase. 2025-08-09 20:27:27 -04:00
Tom Alexander
1cb4fa4234 Add support for symlinking. 2025-08-09 20:05:29 -04:00
Tom Alexander
146dc5f79a Switch to nested attrsets. 2025-08-09 19:13:37 -04:00
Tom Alexander
f667c9daa6 Switch to a systemd unit file to remove the need for home-manager. 2025-08-09 11:09:21 -04:00
Tom Alexander
83eaba357f Fix bug where it used the path in the option name rather than the target value inside the option. 2025-08-09 11:09:21 -04:00
Tom Alexander
6284ce8d86 Add method parameter. 2025-08-09 11:09:21 -04:00
Tom Alexander
c26d6f34ea Start a user-specific variant of the install file command. 2025-08-09 11:09:21 -04:00
Tom Alexander
c3f715d010 Add the install_file module from the steam deck config. 2025-08-09 11:09:21 -04:00
Tom Alexander
45514d147c Disable turboboost. 2025-08-09 10:42:20 -04:00
Tom Alexander
aafa880b7c Fix accelerated video decode on chromium. 2025-08-06 22:56:02 -04:00
Tom Alexander
dde8be4d9f Do not update refs when rebasing. 2025-08-06 22:23:16 -04:00
Tom Alexander
03ae8d3b0a Change how we bundle meld into git. 2025-07-19 18:41:57 -04:00
Tom Alexander
03f0721e1f Set up typescript language server and add meld to git. 2025-07-15 22:57:03 -04:00
Tom Alexander
8847063948 Install direnv. 2025-07-13 16:51:58 -04:00
Tom Alexander
399379cea0 Fix eglot rust-analyzer settings. 2025-07-07 19:26:55 -04:00
Tom Alexander
1cdfebf392 Disable cranelift. 
It was causing problems (errors during build) while not providing much benefit for my use-cases.
 2025-07-07 18:44:12 -04:00
Tom Alexander
045fed0748 Fix crashes on shadps4 launch. 2025-07-05 17:08:33 -04:00
Tom Alexander
7fe153bfd3 Update packages. 2025-07-05 10:01:09 -04:00
Tom Alexander
52490457f0 Install shadps4. 2025-06-29 10:22:09 -04:00
Tom Alexander
e5e9bba2a5 Pin old version of linux-firmware to fix wifi on laptop. 2025-06-28 09:47:40 -04:00
Tom Alexander
7ef079afc0 Update to Linux kernel 6.15. 2025-06-28 01:10:47 -04:00
Tom Alexander
a06fece8f1 Update packages. 2025-06-26 23:31:12 -04:00
Tom Alexander
51c7888347 Add dhcpcd for USB tethering and use upstream linux-firmware. 2025-06-23 13:02:10 -04:00
Tom Alexander
7656c30a29 Update packages. 2025-06-22 01:12:03 -04:00
Tom Alexander
929401b359 Switch to memtest86+. 2025-06-22 01:11:41 -04:00
Tom Alexander
16746d58d2 Add a git alias to list the number of commits from each author. 2025-06-20 17:55:06 -04:00
Tom Alexander
82a016ec68 Reduce risk of crashing from savestates. 2025-06-10 17:21:27 -04:00
Tom Alexander
eed2bd4f13 Persist Demon's Souls settings. 2025-06-08 12:08:47 -04:00
Tom Alexander
99f1b1a51b Update packages. 2025-06-01 20:12:34 -04:00
Tom Alexander
99bc8c6d79 Pin the version of linux-firmware. 
New versions of linux-firmware break my wifi on my laptop. I am pinning the firmware version so I can update the rest of my software.
 2025-06-01 20:10:25 -04:00
Tom Alexander
0f2c595538 Perform weekly garbage collects. 2025-06-01 11:21:57 -04:00
Tom Alexander
996cb27a89 Merge branch 'rpcs3' into nix 2025-05-26 19:26:13 -04:00
Tom Alexander
9008d9b7c6 Clean up steam rom manager. 2025-05-26 19:25:10 -04:00
Tom Alexander
38a1168a32 Persist persistent_settings.dat on steam deck. 2025-05-26 18:23:10 -04:00
Tom Alexander
3a4344a112 Copy the RPCS3 setup improvements to the steam deck config. 2025-05-26 16:26:48 -04:00
Tom Alexander
18cb758986 Fix lag in the home button menu. 2025-05-26 16:02:34 -04:00
Tom Alexander
e28c7f8968 Persist icons and play stats. 2025-05-26 15:46:10 -04:00
Tom Alexander
5c17148635 Write color buffers to fix black screen on Demon's Souls. 2025-05-26 15:32:10 -04:00
Tom Alexander
199bb38dfb Fix rpcs3 config. 2025-05-26 15:24:50 -04:00
Tom Alexander
5af4a95940 Add the rpcs3 config.yml file. 2025-05-26 14:51:13 -04:00
Tom Alexander
daf35778c5 Add rpcs3 (ps3 emulator). 2025-05-26 14:51:12 -04:00
Tom Alexander
1866cf6290 Disable cargo in emacs because it is causing errors. 2025-05-24 22:46:38 -04:00
Tom Alexander
23ef4d50b9 Add a comment about how to read ECC memory errors. 2025-05-23 18:01:24 -04:00
Tom Alexander
4aec400388 Auto-format typescript in vscode. 2025-05-19 19:11:21 -04:00
Tom Alexander
f211282376 Fix the build after the software update. 2025-05-15 20:13:27 -04:00
Tom Alexander
96a96a0bc4 Move CPU optimizations into their own role. 
This is remove duplication between the individual hosts folders.
 2025-05-12 22:53:56 -04:00
Tom Alexander
554a6aff65 Update software. 2025-05-11 14:39:36 -04:00
Tom Alexander
14c5c7d0fd Improve video convert script. 2025-05-11 00:11:29 -04:00
Tom Alexander
22f9a0efcd I think I figured out howto enable cross compiling between zen versions. 2025-05-10 23:11:33 -04:00
Tom Alexander
3e80452235 Merge branch '9pfs' into nix 2025-05-10 22:24:43 -04:00
Tom Alexander
c68c069667 Add a new ionlybootzfs host for the test VM. 
This way it will install far less software.
 2025-05-10 22:11:59 -04:00
Tom Alexander
e08d93425a Remove games from VMs. 2025-05-10 21:14:34 -04:00
Tom Alexander
5b7cae49c3 Removing the 9pfs nix store. 
The experiment was good for mounting directories with various overlay patterns from the host to the guest, but using it specifically for /nix/store was a bad idea. It would be better to just serve the host nix store with nix-serve -p 8080 and add that as a substituter during install.
 2025-05-10 20:47:45 -04:00
Tom Alexander
e65504b5f3 Add a role for mounting the nix store over 9pfs. 
This is useful for virtual machines since we can have a persistent /nix/store on the host machine.
 2025-05-10 20:47:45 -04:00
Tom Alexander
158188c4c6 Fix disabling optimizations in iso builds. 2025-05-10 16:41:55 -04:00
Tom Alexander
c587fcc2ac Re-enable fwupd. Without it, gnome-firmwarm seems to not work. 2025-05-10 15:34:50 -04:00
Tom Alexander
9d16c7bd7b Update emacs config. 2025-05-10 12:44:12 -04:00
Tom Alexander
2b3b9af70b Disable teleparty. 
The firefox version has been buggy.
 2025-05-10 12:04:48 -04:00
Tom Alexander
53f370b1ee Add yt-dlp. 2025-05-10 11:58:55 -04:00
Tom Alexander
25c8c30488 Add mkvmerge. 2025-05-07 23:31:17 -04:00
Tom Alexander
4d754355b7 Merge branch 'nix_worker' into nix 2025-05-04 16:40:24 -04:00
Tom Alexander
902c6e1127 Switch to quark's buildMachine config being entirely in nix rather than in root's ssh config. 2025-05-04 16:26:41 -04:00
Tom Alexander
98f98a8895 Centralize the config for buildMachines. 2025-05-04 16:22:02 -04:00
Tom Alexander
4a303d17d8 Add a nix_worker role for nix builders. 2025-05-04 15:53:49 -04:00
Tom Alexander
7f4c41bb32 Add odo deploy scripts. 2025-05-04 15:16:44 -04:00
Tom Alexander
c68a6aaa19 Introduce config.me.optimizations.enable to toggle optimizations. 
This is more granular than the buildingIso setting.
 2025-05-04 15:12:41 -04:00
Tom Alexander
a36ebbf94c Switching --no-build-nix to --fast because it fixes remote deploys to machines with different architectures. 
I thought these flags were synonymous?
 2025-05-04 14:50:14 -04:00
Tom Alexander
1044aa16b0 Update to linux 6.14. 2025-05-04 12:09:57 -04:00
Tom Alexander
efcefc129a Update versions and regenerate lockfile. 2025-04-28 18:24:37 -04:00
Tom Alexander
16dd93668d Keep build outputs on odo. 2025-04-27 22:44:12 -04:00
Tom Alexander
c457f6414b Fix sm64ex. 2025-04-25 20:14:24 -04:00
Tom Alexander
844466c2ca Update versions. 2025-04-21 08:14:20 -04:00
Tom Alexander
6cf6e61193 Add quark as a /etc/hosts entry. 2025-04-19 21:14:40 -04:00
Tom Alexander
ca3ef67533 Disable lvfs and minor bug fix in copy_files util. 2025-04-19 20:58:16 -04:00
Tom Alexander
56c0add33f Add Quark to nix config. 2025-04-19 20:47:10 -04:00
Tom Alexander
ba81687d42 Add duckstation to the steam deck. 2025-04-15 21:44:53 -04:00
Tom Alexander
144f83982d Copy over some networking sysctls from my ansible playbook. 2025-04-11 19:38:14 -04:00
Tom Alexander
a97a03f642 Sort imports. 2025-04-11 17:41:55 -04:00
Tom Alexander
fc47359184 Add support for yuzu and ryujinx. 2025-04-05 21:53:36 -04:00
Tom Alexander
812a762652 Import disko through the flake inputs instead of fetchTarball. 2025-04-05 12:22:33 -04:00
Tom Alexander
fb785e036b Add a comment. 2025-04-05 12:22:33 -04:00
Tom Alexander
cdc7d13225 Fix screen scaling during screen sharing. 2025-04-05 12:22:33 -04:00
Tom Alexander
ec4583b79e Switch to shikane. 
Kanshi has been fine, but I want to see if I am missing anything that shikane offers.
 2025-04-05 12:22:32 -04:00
Tom Alexander
cab8c8d955 Switch to regular emacs package instead of pinned-version. 2025-04-05 12:22:32 -04:00
Tom Alexander
33f582d17a Enable optimization for hydra ISO. 2025-04-05 12:22:32 -04:00
Tom Alexander
295ac24361 Verify all the optimized builds. 2025-04-05 12:22:32 -04:00
Tom Alexander
42dd67f9da Enable optimizations for shipwright (Ocarina of Time PC Port). 2025-03-30 18:43:15 -04:00
Tom Alexander
c173ea87cf Auto-create persist directories. 2025-03-30 18:32:32 -04:00
Tom Alexander
33f45c56bf Add dolphin for gamecube and wii. 2025-03-30 17:10:43 -04:00
Tom Alexander
83389cb5cf Add ares for snes and nintendo 64. 2025-03-30 13:51:50 -04:00
Tom Alexander
4db3ef1ed3 Put steam rom manager data in the persist folder. 2025-03-29 19:19:41 -04:00
Tom Alexander
fe7a083a7b Pass along args in steam wrappers. 2025-03-29 16:46:52 -04:00
Tom Alexander
cd0578d0a6 Stop forcing cascadia. 2025-03-29 16:30:27 -04:00
Tom Alexander
f56dcc7c42 Start a hydra role. 2025-03-29 16:30:27 -04:00
Tom Alexander
83de1e3708 Add support for persistent disks in the hydra iso. 2025-03-29 16:30:27 -04:00
Tom Alexander
2b20ab5123 Fix remote builder config. 2025-03-27 22:15:53 -04:00
Tom Alexander
3ecb2fc790 Enable optimized builds for steam deck. 2025-03-24 21:59:43 -04:00
Tom Alexander
44a49d7ac7 Add rpcs3 (PS3 emulator) to steam deck. 2025-03-24 21:59:43 -04:00
Tom Alexander
acfc9ac1a4 Add hydra as a distributed build machine. 2025-03-24 21:59:42 -04:00
Tom Alexander
e733dcdcbf Add a target for the hydra server. 2025-03-23 18:19:49 -04:00
Tom Alexander
3099a18424 Enable optimization on odo. 2025-03-23 18:19:49 -04:00
Tom Alexander
15c209fdd9 Add support for pcsx2. 2025-03-22 13:39:13 -04:00
Tom Alexander
ee181b535e Compiling with optimizations still failing. 2025-03-17 08:26:39 -04:00
Tom Alexander
4d0fc61e13 Upgrade to 6.13. 2025-03-14 23:17:30 -04:00
Tom Alexander
2b54630053 Add some scripts that are helpful for configuring kubernetes. 2025-03-08 17:22:32 -05:00
Tom Alexander
84bd6be8e6 Hide the libultraship splash screen for a more authentic feel. 2025-03-01 22:53:33 -05:00
Tom Alexander
dd96520ad1 Add support for authenticating to GKE with gcloud. 2025-03-01 14:49:19 -05:00
Tom Alexander
11a1d61581 Integrate some git config suggestions from https://blog.gitbutler.com/how-git-core-devs-configure-git/ . 2025-02-26 17:06:44 -05:00
Tom Alexander
bab2cfdc7b Update to emacs 30. 2025-02-24 22:09:23 -05:00
Tom Alexander
fd0c92f3eb Persist the gcloud config directory. 2025-02-23 18:44:59 -05:00
Tom Alexander
6ac33d2538 Update lockfile. 2025-02-21 19:30:58 -05:00
Tom Alexander
8d4b345414 Install ipcalc. 2025-02-19 20:43:27 -05:00
Tom Alexander
8beaf00693 Add terraform-ls to emacs. 2025-02-18 18:23:40 -05:00
Tom Alexander
181e650094 Install steam-run-free. 2025-02-18 17:58:35 -05:00
Tom Alexander
449f288214 Add gcloud. 2025-02-18 17:52:50 -05:00
Tom Alexander
f6df27d7a9 Remove config that was causing extra prompts with no noticeable impact. 2025-02-16 20:57:08 -05:00
Tom Alexander
e3a7a410c4 Merge branch 'steam_deck' into nix 2025-02-16 09:18:07 -05:00
Tom Alexander
345c62a477 Add wrappers for 2ship2harkinian and sm64ex also. 
Set the steam launcher to run /home/deck/.nix-profile/bin/steam_<GAME> to have it work inside steam gaming mode.
 2025-02-15 20:50:34 -05:00
Tom Alexander
e7528765a9 Add a wrapper script to launch ship of harkinian in gaming mode. 2025-02-15 20:22:29 -05:00
Tom Alexander
54860370c0 Add a desktop file for sm64ex. 2025-02-15 19:31:16 -05:00
Tom Alexander
46b21370bd Auto-clean-up steam deck nix store. 2025-02-15 12:18:59 -05:00
Tom Alexander
381e3fb591 Switch to deploying 2ship2harkinian config file and fix launching it from KDE plasma's start menu. 2025-02-15 12:15:58 -05:00
Tom Alexander
5d4ebf90b3 Fix launching ship of harkinian from KDE plasma's start menu. 2025-02-15 11:53:19 -05:00
Tom Alexander
7dcdcc906c Switch to deploying the ship of harkinian config file. 2025-02-15 11:53:19 -05:00
Tom Alexander
a4abb96de3 Switch to deploying the sm64ex config file. 2025-02-15 10:57:18 -05:00
Tom Alexander
5859a06c5d Add icon to steam rom manager. 2025-02-15 10:32:50 -05:00
Tom Alexander
02223deb64 Switch steam rom manager to using the AppImage. 2025-02-15 08:50:58 -05:00
Tom Alexander
20e247f8ed Add a role for sm64ex for the deck. 2025-02-13 21:24:31 -05:00
Tom Alexander
b0186dc85b Add a role for 2ship2harkinian (Majora's Mask PC port). 2025-02-13 20:45:49 -05:00
Tom Alexander
cac15febfa Add impermanence for ship of harkinian's files. 2025-02-13 20:10:59 -05:00
Tom Alexander
48fa3c7436 Move steam rom manager to a role. 2025-02-13 19:33:07 -05:00
Tom Alexander
7dd922c2a2 Add a blank role. 2025-02-13 19:26:52 -05:00
Tom Alexander
ab6f7dbea5 Add a role for ship of harkinian (the pc port of Ocarina of Time). 2025-02-13 19:21:53 -05:00
Tom Alexander
fea86b00b4 Install nixGL to support running graphical programs on non-nixos. 2025-02-13 17:57:33 -05:00
Tom Alexander
197b8fcced Add ssh config. 2025-02-10 18:14:18 -05:00
Tom Alexander
0bec3dbe63 Switch to home-manager. 2025-02-10 01:17:58 -05:00
Tom Alexander
53caf8bc81 Add a steam deck nix config. 2025-02-10 00:09:26 -05:00
Tom Alexander
c37d0d9b9e Add decrypt k8s secret script. 2025-02-09 20:24:13 -05:00
Tom Alexander
a663a90ada Install sops for encrypting kubernetes secrets. 2025-02-09 11:06:53 -05:00
Tom Alexander
2d976a1cf3 Install dmidecode. 2025-02-09 10:08:32 -05:00
Tom Alexander
d8e8781287 Support compiling openssl-sys with rust. 2025-02-08 20:41:37 -05:00
Tom Alexander
502e18fdec Set up vdpau. 2025-02-08 16:06:57 -05:00
Tom Alexander
24d83e95a5 Fix shift-arrowkey hotkeys in org mode. 2025-02-07 19:01:49 -05:00
Tom Alexander
3ed43b1b8a Configure rustup toolchain, cargo credentials, and put dependencies under cargo. 2025-02-02 08:30:26 -05:00
Tom Alexander
64e735abbf Add role for gnuplot. 2025-02-01 14:38:51 -05:00
Tom Alexander
ed11bf1e65 Link docker credentials. 2025-02-01 13:34:19 -05:00
Tom Alexander
c0afe006b8 Add prettier to emacs. 2025-02-01 12:27:29 -05:00
Tom Alexander
1fe305576b Add a role for tekton. 2025-02-01 11:32:25 -05:00
Tom Alexander
fc400a98db Add role for flux. 2025-02-01 11:30:52 -05:00
Tom Alexander
4a63e1c23e Move rust-analyzer to inside emacs' path. 2025-02-01 00:03:02 -05:00
Tom Alexander
379795f6e8 Disable tmpfs on neelix so it can compile the kernel. 2025-01-31 22:46:36 -05:00
Tom Alexander
edd3c6a266 Add doas-sudo-shim to support remote builds. 2025-01-31 21:29:05 -05:00
Tom Alexander
dd785692ce Add lsof and fix styling of right-click menu in waybar. 2025-01-29 19:40:44 -05:00
Tom Alexander
c6ff6a1f24 Install wavemon. 2025-01-28 21:28:34 -05:00
Tom Alexander
2f2d33296b Persist ares data. 2025-01-26 19:04:17 -05:00
Tom Alexander
2c1cf54de0 Update packages. 2025-01-26 18:55:53 -05:00
Tom Alexander
65be133ffe Update lanzaboote. 2025-01-26 16:57:18 -05:00
Tom Alexander
ee47c3cfa3 Enable debugging on ath12k. 2025-01-26 10:11:53 -05:00
Tom Alexander
ff8bb0653b Enable bluetooth on odo. 2025-01-25 21:28:14 -05:00
Tom Alexander
ff98873b32 Persist save data for ship of harkinian and 2ship2harkinian. 2025-01-25 21:22:55 -05:00
Tom Alexander
67ad4e2dff Persist sm64ex save data. 2025-01-25 20:47:48 -05:00
Tom Alexander
60452b0aeb Persist the nix-index index. 2025-01-25 20:22:41 -05:00
Tom Alexander
e043320e5c Clean up experiments in the gpg role. 2025-01-25 19:35:05 -05:00
Tom Alexander
2f8c4fbfe8 Disable verbose logging for gpg. 2025-01-25 19:10:48 -05:00
Tom Alexander
233bf4e967 Put the sleep back into wireguard. 2025-01-25 17:58:56 -05:00
Tom Alexander
f7adfaf54d Update lockfile. 2025-01-25 16:28:53 -05:00
Tom Alexander
78c9dec4c4 Disable rom name override. 
The latest nixpkgs does not support overriding the name so I am removing it now for compatibility.
 2025-01-25 16:22:04 -05:00
Tom Alexander
53c12a5b1e Add sshjail as an ansible plugin. 2025-01-25 15:30:30 -05:00
Tom Alexander
7d94210d8f Add cmake support to emacs. 2025-01-25 10:20:22 -05:00
Tom Alexander
1ebf31dc11 Remove sleep from wireguard service. 2025-01-25 10:20:22 -05:00
Tom Alexander
82c30bdb77 Add a role for 2ship2harkinian (Majora's Mask). 2025-01-24 21:25:41 -05:00
Tom Alexander
d5e7fdd097 Add bsdtar. 2025-01-24 20:58:03 -05:00
Tom Alexander
40fd7931d0 Add a persist folder for the talexander user. 2025-01-24 20:36:37 -05:00
Tom Alexander
835fd340a2 Add role for Ocarina of Time (shipwright). 2025-01-24 20:23:49 -05:00
Tom Alexander
94ef9ff3c8 Add role to build sm64ex. 2025-01-24 20:08:10 -05:00
Tom Alexander
62d3c010f5 Install nix-tree. 2025-01-24 19:01:51 -05:00
Tom Alexander
e9e792961c Add a not-working snippet to show where system packages are imported. 2025-01-24 18:53:57 -05:00
Tom Alexander
281dffc9c0 Do not install foot. 2025-01-24 18:42:57 -05:00
Tom Alexander
5bd67bb02a Move defaultPackages into the reset role. 2025-01-24 18:36:14 -05:00
Tom Alexander
4a76097a5e Refactor the wireguard role to use lib.mkMerge. 2025-01-24 17:59:07 -05:00
Tom Alexander
facfd01661 Make zsh install conditional. 2025-01-23 21:55:22 -05:00
Tom Alexander
2ce4520cd6 Make zrepl a conditional install. 2025-01-23 21:52:50 -05:00
Tom Alexander
814769b3e9 Do not install waybar on neelix. 2025-01-23 21:43:08 -05:00
Tom Alexander
6424129da3 Do not install wasm role on neelix. 2025-01-23 21:41:08 -05:00
Tom Alexander
415edbad91 Do not install vscode on neelix. 2025-01-23 21:39:57 -05:00
Tom Alexander
a773f94593 Do not install vnc client on neelix. 2025-01-23 21:37:16 -05:00
Tom Alexander
226610c926 Do not install steam or terraform on neelix. 2025-01-23 21:37:15 -05:00
Tom Alexander
7c6afef2bb Do not install pavucontrol on non-graphical installs. 2025-01-23 21:25:19 -05:00
Tom Alexander
55654fafb1 Do not install rust on neelix. 2025-01-23 21:21:37 -05:00
Tom Alexander
8946868fd6 Do not install qemu on neelix. 2025-01-23 21:18:57 -05:00
Tom Alexander
cd8e9002d0 Do not install python on neelix. 2025-01-23 21:15:48 -05:00
Tom Alexander
e1a274c88e Do not install media role on neelix. 2025-01-23 21:06:11 -05:00
Tom Alexander
cdc4bdffb6 Git buildEnv is failing. 2025-01-23 20:59:39 -05:00
Tom Alexander
9b9a103e49 Do not install gnome-firmware on non-graphical installs. 2025-01-23 20:46:03 -05:00
Tom Alexander
ea7bf809fc Do not install the launch keyboard configurator on neelix or non-graphical installs. 2025-01-23 20:42:22 -05:00
Tom Alexander
88a6d046b8 Do not install LaTeX on neelix. 2025-01-23 20:38:54 -05:00
Tom Alexander
d8e16f0b05 Do not install kubernetes clients on neelix. 2025-01-23 20:35:28 -05:00
Tom Alexander
e3fee206a1 Don't install kanshi on non-graphical installs. 2025-01-23 20:20:08 -05:00
Tom Alexander
3be710b4ad Install meld to git's path when doing a graphical install. 2025-01-23 20:07:23 -05:00
Tom Alexander
b37f8a8e1a Do not install my git config on neelix. 2025-01-23 19:55:13 -05:00
Tom Alexander
509cceb220 Only install fonts in graphical installs. 2025-01-23 19:48:25 -05:00
Tom Alexander
47408cfce0 Do not install firefox on neelix. 2025-01-23 19:14:25 -05:00
Tom Alexander
812dc40257 Do not install docker on neelix. 2025-01-23 19:09:59 -05:00
Tom Alexander
0e370c0d62 Do not install chromium or catt on neelix. 2025-01-23 19:04:19 -05:00
Tom Alexander
0598c796b7 Do not install ares on neelix. 2025-01-23 18:53:36 -05:00
Tom Alexander
df2efb728d Don't install alacritty on neelix or non-graphical installs. 2025-01-23 18:47:03 -05:00
Tom Alexander
62fc955b68 Merge branch 'plainmacs' into nix 2025-01-23 18:44:30 -05:00
Tom Alexander
e0644a069d Add support for non-graphical emacs. 2025-01-23 01:52:56 -05:00
Tom Alexander
054e056d00 Switch to buildEnv instead of symlinkJoin for better control over the joining process. 2025-01-23 01:52:56 -05:00
Tom Alexander
d3ea8b3667 Introduce a plainmacs emacs install flavor. 2025-01-22 21:01:34 -05:00
Tom Alexander
3f945f8ae3 Merge branch 'neelix' into nix 2025-01-22 20:29:12 -05:00
Tom Alexander
93c4aa4c76 Clean up the host-specific configs. 2025-01-22 20:28:58 -05:00
Tom Alexander
4664804d90 Comment out the kodi configs so they remain mutable until I've made a config I like. 2025-01-22 20:12:50 -05:00
Tom Alexander
edc48d00a2 Add some config files. 2025-01-21 23:07:05 -05:00
Tom Alexander
37aa0e6732 Add a bluetooth role. 2025-01-21 22:19:28 -05:00
Tom Alexander
a739728d41 Add neelix public key to sftp server. 2025-01-21 21:23:21 -05:00
Tom Alexander
48c5aebd82 Install jmespath for ansible. 2025-01-21 20:56:48 -05:00
Tom Alexander
c33a1b6c50 Set up memtest86 on neelix. 2025-01-20 22:50:44 -05:00
Tom Alexander
368c455b7f Persist ssh keys for kodi user. 2025-01-20 22:38:54 -05:00
Tom Alexander
5a5d34911c Add /etc/hosts entry for neelix. 2025-01-20 21:00:35 -05:00
Tom Alexander
d0c1bb1b65 Do not install sway on neelix. 2025-01-20 20:14:59 -05:00
Tom Alexander
9d49eb9d6a Add an empty kodi role. 2025-01-20 19:40:54 -05:00
Tom Alexander
ccbc999744 Add a global options role. 2025-01-20 19:27:49 -05:00
Tom Alexander
95d06dfe0e Enable memtest86 when building the ISO. 2025-01-20 18:43:54 -05:00
Tom Alexander
f2adb9328b Build zfs into the ISO image. 2025-01-20 18:43:54 -05:00
Tom Alexander
7bc6e0c470 Add a config for neelix. 2025-01-20 18:43:54 -05:00
200 changed files with 35582 additions and 1241 deletions
Expand all files Collapse all files

1
ansible/roles/base/files/gitconfig_home
View File

@@ -8,6 +8,7 @@
lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
bh = log --oneline --branches=* --remotes=* --graph --decorate
amend = commit --amend --no-edit
authorcount = shortlog --summary --numbered --all --no-merges
[core]
excludesfile = ~/.gitignore_global
[commit]

1
ansible/roles/base/files/gitconfig_work
View File

@@ -8,6 +8,7 @@
lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
bh = log --oneline --branches=* --remotes=* --graph --decorate
amend = commit --amend --no-edit
authorcount = shortlog --summary --numbered --all --no-merges
[core]
excludesfile = ~/.gitignore_global
[commit]

17
ansible/roles/sftp/tasks/common.yaml
View File

@@ -64,6 +64,23 @@
# force: true
# diff: false
- name: Create directories
file:
name: "{{ item }}"
state: directory
mode: 0700
owner: nochainstounlock
group: nochainstounlock
loop:
- /home/nochainstounlock/.ssh
- name: Set authorized keys
authorized_key:
user: nochainstounlock
key: |
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMrjXsXjtxEm47XnRZfo67kJULoc0NBLrB0lPYFiS2Ar kodi@neelix
exclusive: true
- import_tasks: tasks/freebsd.yaml
when: 'os_flavor == "freebsd"'

1
nix/configuration/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
result

167
nix/configuration/configuration.nix
View File

@@ -2,59 +2,81 @@
config,
lib,
pkgs,
home-manager,
...
}:
{
imports = [
./roles/reset
./util/unfree_polyfill
./roles/iso
./hosts/odo
"${
builtins.fetchTarball {
url = "https://github.com/nix-community/disko/archive/refs/tags/v1.9.0.tar.gz";
sha256 = "0j76ar4qz320fakdii4659w5lww8wiz6yb7g47npywqvf2lbp388";
}
}/module.nix"
./roles/boot
./roles/zfs
./roles/network
./roles/firewall
./roles/zsh
./roles/zrepl
./roles/graphics
./roles/sound
./roles/sway
./roles/kanshi
./roles/2ship2harkinian
./roles/alacritty
./roles/firefox
./roles/chromium
./roles/emacs
./roles/git
./roles/fonts
./roles/gpg
./roles/waybar
./roles/qemu
./roles/wireguard
./roles/amd_s2idle
./roles/ansible
./roles/ares
./roles/ssh
./roles/python
./roles/bluetooth
./roles/boot
./roles/chromecast
./roles/chromium
./roles/d2
./roles/direnv
./roles/distributed_build
./roles/docker
./roles/ecc
./roles/emacs
./roles/firefox
./roles/firewall
./roles/flux
./roles/fonts
./roles/gcloud
./roles/git
./roles/global_options
./roles/gnuplot
./roles/gpg
./roles/graphics
./roles/hydra
./roles/iso
./roles/iso_mount
./roles/kanshi
./roles/kodi
./roles/kubernetes
./roles/rust
./roles/media
./roles/steam
./roles/latex
./roles/launch_keyboard
./roles/lvfs
./roles/media
./roles/memtest86
./roles/network
./roles/nix_index
./roles/nix_worker
./roles/nvme
./roles/optimized_build
./roles/pcsx2
./roles/python
./roles/qemu
./roles/reset
./roles/rpcs3
./roles/rust
./roles/shadps4
./roles/shikane
./roles/shipwright
./roles/sm64ex
./roles/sops
./roles/sound
./roles/ssh
./roles/steam
./roles/steam_run_free
./roles/sway
./roles/tekton
./roles/terraform
./roles/thunderbolt
./roles/vnc_client
./roles/vscode
./roles/wasm
./roles/vnc_client
./roles/chromecast
./roles/waybar
./roles/wireguard
./roles/zfs
./roles/zrepl
./roles/zsh
./util/install_files
./util/unfree_polyfill
];
nix.settings.experimental-features = [
@@ -66,6 +88,19 @@
# boot.kernelPackages = pkgs.linuxPackages_6_11;
hardware.enableRedistributableFirmware = true;
# Use nixos-rebuild-ng
# system.rebuild.enableNg = true;
# Keep outputs so we can build offline.
nix.extraOptions = ''
keep-outputs = true
keep-derivations = true
'';
# Technically only needed when building the ISO because nix detects ZFS in the filesystem list normally. I basically always want this so I'm just setting it to always be on.
boot.supportedFilesystems.zfs = true;
# TODO: Is this different from boot.supportedFilesystems = [ "zfs" ]; ?
services.getty = {
autologinUser = "talexander"; # I use full disk encryption so the user password is irrelevant.
autologinOnce = true;
@@ -89,25 +124,14 @@
];
};
users.groups.talexander.gid = 11235;
home-manager.users.talexander =
{ pkgs, ... }:
{
home.packages = [
pkgs.atool
pkgs.httpie
];
programs.bash.enable = true;
# The state version is required and should stay at the version you
# originally installed.
home.stateVersion = "24.11";
};
# Automatic garbage collection
nix.gc = lib.mkIf (!config.me.buildingIso) {
# Runs nix-collect-garbage --delete-older-than 5d
automatic = true;
randomizedDelaySec = "14m";
persistent = true;
dates = "monthly";
# randomizedDelaySec = "14m";
options = "--delete-older-than 30d";
};
nix.settings.auto-optimise-store = !config.me.buildingIso;
@@ -124,9 +148,6 @@
}
];
# Do not use default packages (nixos includes some defaults like nano)
environment.defaultPackages = lib.mkForce [ ];
environment.systemPackages = with pkgs; [
wget
mg
@@ -139,13 +160,21 @@
pciutils # for lspci
ripgrep
strace
ltrace
# ltrace # Disabled because it uses more than 48GB of /tmp space during test phase.
trace-cmd # ftrace
tcpdump
git-crypt
nix-index-unwrapped
gnumake
ncdu
nix-tree
libarchive # bsdtar
lsof
doas-sudo-shim # To support --use-remote-sudo for remote builds
dmidecode # Read SMBIOS information.
ipcalc
gptfdisk # for cgdisk
nix-output-monitor # For better view into nixos-rebuild
nix-serve-ng # Serve nix store over http
];
services.openssh = {
@@ -182,10 +211,16 @@
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
];
# users.talexander = {
# directories = [];
# files = [];
# };
users.talexander = {
directories = [
{
directory = "persist";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
# Write a list of the currently installed packages to /etc/current-system-packages
@@ -197,12 +232,24 @@
in
formatted;
# environment.etc."system-packages-with-source".text = builtins.concatStringsSep "\n\n" (
# builtins.map (
# x: x.file + "\n" + builtins.concatStringsSep "\n" (builtins.map (s: " " + s) x.value)
# ) config.environment.systemPackages.definitionsWithLocations
# );
# nixpkgs.overlays = [
# (final: prev: {
# nix = pkgs-unstable.nix;
# })
# ];
# nixpkgs.overlays = [
# (final: prev: {
# foot = throw "foo";
# })
# ];
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.

169
nix/configuration/flake.lock generated
View File

@@ -1,18 +1,29 @@
{
"nodes": {
"crane": {
"ansible-sshjail": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1717535930,
"narHash": "sha256-1hZ/txnbd/RmiBPNUs7i8UQw2N89uAK3UzrGAWdnFfU=",
"path": "flakes/ansible-sshjail",
"type": "path"
},
"original": {
"path": "flakes/ansible-sshjail",
"type": "path"
},
"parent": []
},
"crane": {
"locked": {
"lastModified": 1731098351,
"narHash": "sha256-HQkYvKvaLQqNa10KEFGgWHfMAbWBfFp+4cAgkut+NNE=",
"owner": "ipetkov",
"repo": "crane",
"rev": "55e7754ec31dac78980c8be45f8a28e80e370946",
"rev": "ef80ead953c1b28316cc3f8613904edc2eb90c28",
"type": "github"
},
"original": {
@@ -21,6 +32,26 @@
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1758160037,
"narHash": "sha256-fXelTdjdILspZ1IUU9aICB1+PXwSFiF8j+7ujwo1VpQ=",
"owner": "nix-community",
"repo": "disko",
"rev": "4f554162fff88e77655073d352eec0cea71103a2",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
@@ -45,11 +76,11 @@
]
},
"locked": {
"lastModified": 1717285511,
"narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=",
"lastModified": 1730504689,
"narHash": "sha256-hgmguH29K2fvs9szpq2r3pz2/8cJd2LPS+b4tfNFCwE=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8",
"rev": "506278e768c2a08bec68eb62932193e341f55c90",
"type": "github"
},
"original": {
@@ -63,11 +94,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
@@ -116,33 +147,13 @@
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1737120639,
"narHash": "sha256-p5e/45V41YD3tMELuiNIoVCa25/w4nhOTm0B9MtdHFI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "a0046af169ce7b1da503974e1b22c48ef4d71887",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": {
"locked": {
"lastModified": 1736688610,
"narHash": "sha256-1Zl9xahw399UiZSJ9Vxs1W4WRFjO1SsNdVZQD4nghz0=",
"lastModified": 1737831083,
"narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "c64bed13b562fc3bb454b48773d4155023ac31b7",
"rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
"type": "github"
},
"original": {
@@ -156,7 +167,6 @@
"crane": "crane",
"flake-compat": "flake-compat",
"flake-parts": "flake-parts",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
@@ -164,68 +174,84 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1718178907,
"narHash": "sha256-eSZyrQ9uoPB9iPQ8Y5H7gAmAgAvCw3InStmU3oEjqsE=",
"lastModified": 1737639419,
"narHash": "sha256-AEEDktApTEZ5PZXNDkry2YV2k6t0dTgLPEmAZbnigXU=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "b627ccd97d0159214cee5c7db1412b75e4be6086",
"rev": "a65905a09e2c43ff63be8c0e86a93712361f871e",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "v0.4.1",
"ref": "v0.4.2",
"repo": "lanzaboote",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1737062831,
"narHash": "sha256-Tbk1MZbtV2s5aG+iM99U8FqwxU/YNArMcWAv6clcsBc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5df43628fdf08d642be8ba5b3625a6c70731c19c",
"type": "github"
"lastModified": 1758242085,
"narHash": "sha256-hnrtEiy8qLMskZr0FBp0vbtMJ9xA4HvDdzuFRLxRiFg=",
"ref": "og-amd-debug-tools",
"rev": "7b0f433195e299008850d16e85a862177419cef6",
"revCount": 862645,
"type": "git",
"url": "https://github.com/tomalexander/nixpkgs.git"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
"ref": "og-amd-debug-tools",
"type": "git",
"url": "https://github.com/tomalexander/nixpkgs.git"
}
},
"nixpkgs-b93b4e9b5": {
"nixpkgs-dda3dcd3f": {
"locked": {
"lastModified": 1713721570,
"narHash": "sha256-R0s+O5UjTePQRb72XPgtkTmEiOOW8n+1q9Gxt/OJnKU=",
"lastModified": 1746663147,
"narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b93b4e9b527904aadf52dba6ca35efde2067cbd4",
"rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b93b4e9b527904aadf52dba6ca35efde2067cbd4",
"rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54",
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1710695816,
"narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=",
"lastModified": 1730741070,
"narHash": "sha256-edm8WG19kWozJ/GqyYx2VjW99EdhjKwbY3ZwdlPAAlo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "614b4613980a522ba49f0d194531beddbb7220d3",
"rev": "d063c1dd113c91ab27959ba540c0d9753409edf3",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"ref": "nixos-24.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unoptimized": {
"locked": {
"lastModified": 1758242085,
"narHash": "sha256-hnrtEiy8qLMskZr0FBp0vbtMJ9xA4HvDdzuFRLxRiFg=",
"ref": "og-amd-debug-tools",
"rev": "7b0f433195e299008850d16e85a862177419cef6",
"revCount": 862645,
"type": "git",
"url": "https://github.com/tomalexander/nixpkgs.git"
},
"original": {
"ref": "og-amd-debug-tools",
"type": "git",
"url": "https://github.com/tomalexander/nixpkgs.git"
}
},
"pre-commit-hooks-nix": {
"inputs": {
"flake-compat": [
@@ -240,11 +266,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1717664902,
"narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=",
"lastModified": 1731363552,
"narHash": "sha256-vFta1uHnD29VUY4HJOO/D6p6rxyObnf+InnSMT4jlMU=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1",
"rev": "cd1af27aa85026ac759d5d3fccf650abe7e1bbf0",
"type": "github"
},
"original": {
@@ -255,31 +281,29 @@
},
"root": {
"inputs": {
"home-manager": "home-manager",
"ansible-sshjail": "ansible-sshjail",
"disko": "disko",
"impermanence": "impermanence",
"lanzaboote": "lanzaboote",
"nixpkgs": "nixpkgs",
"nixpkgs-b93b4e9b5": "nixpkgs-b93b4e9b5",
"nixpkgs-dda3dcd3f": "nixpkgs-dda3dcd3f",
"nixpkgs-unoptimized": "nixpkgs-unoptimized",
"zsh-histdb": "zsh-histdb"
}
},
"rust-overlay": {
"inputs": {
"flake-utils": [
"lanzaboote",
"flake-utils"
],
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1717813066,
"narHash": "sha256-wqbRwq3i7g5EHIui0bIi84mdqZ/It1AXBSLJ5tafD28=",
"lastModified": 1731897198,
"narHash": "sha256-Ou7vLETSKwmE/HRQz4cImXXJBr/k9gp4J4z/PF8LzTE=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "6dc3e45fe4aee36efeed24d64fc68b1f989d5465",
"rev": "0be641045af6d8666c11c2c40e45ffc9667839b5",
"type": "github"
},
"original": {
@@ -326,15 +350,14 @@
]
},
"locked": {
"lastModified": 1,
"narHash": "sha256-5DWw7GnwVZ98HUp/UUJcyUmmy9Bh/mcQB8MQQ0t3ZRo=",
"path": "flakes/zsh-histdb",
"type": "path"
},
"original": {
"path": "flakes/zsh-histdb",
"type": "path"
}
},
"parent": []
}
},
"root": "root",

221
nix/configuration/flake.nix
View File

@@ -3,7 +3,7 @@
# output: result/iso/nixos.iso
# Run the ISO image
# "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \
# -accel kvm \
# -cpu host \
# -smp cores=8 \
@@ -12,7 +12,7 @@
# -drive if=pflash,format=raw,file="/tmp/OVMF_VARS.fd" \
# -nic user,hostfwd=tcp::60022-:22 \
# -boot order=d \
# -cdrom "$(readlink -f ./result/iso/nixos.iso)" \
# -cdrom "$(readlink -f ./result/iso/nixos*.iso)" \
# -display vnc=127.0.0.1:0
#
# doas cp "$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF_VARS.fd" /tmp/OVMF_VARS.fd
@@ -25,17 +25,30 @@
# iso.odo.isoName == "nixos.iso"
# full path = <outPath> / iso / <isoName>
#
# Install on a new machine:
#
#
# doas nix --substituters "http://10.0.2.2:8080?trusted=1 https://cache.nixos.org/" --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount hosts/odo/disk-config.nix
# nix flake update zsh-histdb --flake .
# nix flake update ansible-sshjail --flake .
# for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
# nixos-install --substituters "http://10.0.2.2:8080?trusted=1 https://cache.nixos.org/" --flake ".#vm_ionlybootzfs"
#
{
description = "My system configuration";
inputs = {
impermanence.url = "github:nix-community/impermanence";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-b93b4e9b5.url = "github:NixOS/nixpkgs/b93b4e9b527904aadf52dba6ca35efde2067cbd4";
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
# nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
# nixpkgs.url = "github:tomalexander/nixpkgs/amd-debug-tools";
nixpkgs.url = "git+https://github.com/tomalexander/nixpkgs.git?ref=og-amd-debug-tools";
nixpkgs-dda3dcd3f.url = "github:NixOS/nixpkgs/dda3dcd3fe03e991015e9a74b22d35950f264a54";
nixpkgs-unoptimized.url = "git+https://github.com/tomalexander/nixpkgs.git?ref=og-amd-debug-tools";
lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.1";
url = "github:nix-community/lanzaboote/v0.4.2";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
@@ -46,62 +59,208 @@
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
ansible-sshjail = {
url = "path:flakes/ansible-sshjail";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
{
self,
nixpkgs,
nixpkgs-b93b4e9b5,
nixpkgs-unoptimized,
nixpkgs-dda3dcd3f,
impermanence,
home-manager,
lanzaboote,
zsh-histdb,
ansible-sshjail,
...
}@inputs:
let
base_x86_64_linux = rec {
system = "x86_64-linux";
specialArgs = {
pkgs-b93b4e9b5 = import nixpkgs-b93b4e9b5 {
pkgs-dda3dcd3f = import nixpkgs-dda3dcd3f {
inherit system;
};
pkgs-unoptimized = import nixpkgs-unoptimized {
inherit system;
hostPlatform.gcc.arch = "default";
hostPlatform.gcc.tune = "default";
};
};
modules = [
impermanence.nixosModules.impermanence
home-manager.nixosModules.home-manager
lanzaboote.nixosModules.lanzaboote
inputs.disko.nixosModules.disko
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
nixpkgs.overlays = [
zsh-histdb.overlays.default
ansible-sshjail.overlays.default
];
}
{ nixpkgs.overlays = [ zsh-histdb.overlays.default ]; }
./configuration.nix
];
};
systems = {
odo = {
main = nixpkgs.lib.nixosSystem (base_x86_64_linux // { });
iso = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
systems =
let
additional_iso_modules = [
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
# TODO: Figure out how to do image based appliances
# (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix")
{
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
me.buildingIso = true;
me.optimizations.enable = nixpkgs.lib.mkForce false;
}
{
# These are big space hogs. The chance that I need them on an ISO is slim.
me.steam.enable = nixpkgs.lib.mkForce false;
me.pcsx2.enable = nixpkgs.lib.mkForce false;
}
];
additional_vm_modules = [
(nixpkgs + "/nixos/modules/profiles/qemu-guest.nix")
{
networking.dhcpcd.enable = true;
networking.useDHCP = true;
me.optimizations.enable = nixpkgs.lib.mkForce false;
}
{
# I don't need games on a virtual machine.
me.steam.enable = nixpkgs.lib.mkForce false;
me.pcsx2.enable = nixpkgs.lib.mkForce false;
me.sm64ex.enable = nixpkgs.lib.mkForce false;
me.shipwright.enable = nixpkgs.lib.mkForce false;
me.ship2harkinian.enable = nixpkgs.lib.mkForce false;
}
];
in
{
odo = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
# TODO: Figure out how to do image based appliances
# (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix")
./hosts/odo
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
quark = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/quark
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
neelix = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/neelix
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
hydra =
let
additional_iso_modules = additional_iso_modules ++ [
{
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
me.buildingIso = true;
me.optimizations.enable = true;
}
];
}
);
in
rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/hydra
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
ionlybootzfs = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/ionlybootzfs
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
};
};
in
{
nixosConfigurations.odo = systems.odo.main;
iso.odo = systems.odo.iso.config.system.build.isoImage;
nixosConfigurations.odo = nixpkgs.lib.nixosSystem systems.odo.main;
iso.odo = (nixpkgs.lib.nixosSystem systems.odo.iso).config.system.build.isoImage;
nixosConfigurations.vm_odo = nixpkgs.lib.nixosSystem systems.odo.vm;
vm_iso.odo = (nixpkgs.lib.nixosSystem systems.odo.vm_iso).config.system.build.isoImage;
nixosConfigurations.quark = nixpkgs.lib.nixosSystem systems.quark.main;
iso.quark = (nixpkgs.lib.nixosSystem systems.quark.iso).config.system.build.isoImage;
nixosConfigurations.vm_quark = nixpkgs.lib.nixosSystem systems.quark.vm;
vm_iso.quark = (nixpkgs.lib.nixosSystem systems.quark.vm_iso).config.system.build.isoImage;
nixosConfigurations.neelix = nixpkgs.lib.nixosSystem systems.neelix.main;
iso.neelix = (nixpkgs.lib.nixosSystem systems.neelix.iso).config.system.build.isoImage;
nixosConfigurations.vm_neelix = nixpkgs.lib.nixosSystem systems.neelix.vm;
vm_iso.neelix = (nixpkgs.lib.nixosSystem systems.neelix.vm_iso).config.system.build.isoImage;
nixosConfigurations.hydra = nixpkgs.lib.nixosSystem systems.hydra.main;
iso.hydra = (nixpkgs.lib.nixosSystem systems.hydra.iso).config.system.build.isoImage;
nixosConfigurations.vm_hydra = nixpkgs.lib.nixosSystem systems.hydra.vm;
vm_iso.hydra = (nixpkgs.lib.nixosSystem systems.hydra.vm_iso).config.system.build.isoImage;
nixosConfigurations.ionlybootzfs = nixpkgs.lib.nixosSystem systems.ionlybootzfs.main;
iso.ionlybootzfs = (nixpkgs.lib.nixosSystem systems.ionlybootzfs.iso).config.system.build.isoImage;
nixosConfigurations.vm_ionlybootzfs = nixpkgs.lib.nixosSystem systems.ionlybootzfs.vm;
vm_iso.ionlybootzfs =
(nixpkgs.lib.nixosSystem systems.ionlybootzfs.vm_iso).config.system.build.isoImage;
};
}

61
nix/configuration/flakes/ansible-sshjail/flake.lock generated Normal file
View File

@@ -0,0 +1,61 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735141468,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

34
nix/configuration/flakes/ansible-sshjail/flake.nix Normal file
View File

@@ -0,0 +1,34 @@
{
description = "A slightly better history for zsh";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
inputs.flake-utils.url = "github:numtide/flake-utils";
outputs =
{
self,
nixpkgs,
flake-utils,
...
}:
let
out =
system:
let
pkgs = nixpkgs.legacyPackages.${system};
# Maybe pkgs = import nixpkgs { inherit system; }; ?
appliedOverlay = self.overlays.default pkgs pkgs;
in
{
packages = rec {
default = ansible-sshjail;
ansible-sshjail = appliedOverlay.ansible-sshjail;
};
};
in
flake-utils.lib.eachDefaultSystem out
// {
overlays.default = final: prev: {
ansible-sshjail = final.callPackage ./package.nix { };
};
};
}

33
nix/configuration/flakes/ansible-sshjail/package.nix Normal file
View File

@@ -0,0 +1,33 @@
# unpackPhase
# patchPhase
# configurePhase
# buildPhase
# checkPhase
# installPhase
# fixupPhase
# installCheckPhase
# distPhase
{
stdenv,
fetchgit,
...
}:
stdenv.mkDerivation {
name = "ansible-sshjail";
src = fetchgit {
url = "https://github.com/austinhyde/ansible-sshjail.git";
rev = "a7b0076fdb680b915d35efafd1382919100532b6";
sha256 = "sha256-4QX/017fDRzb363NexgvHZ/VFKXOjRgGPDKKygyUylM=";
};
phases = [
"installPhase"
];
installPhase = ''
runHook preInstall
mkdir -p $out/share/ansible/plugins/connection_plugins
cp $src/sshjail.py $out/share/ansible/plugins/connection_plugins/
runHook postInstall
'';
}

19
nix/configuration/hosts/hydra/DEPLOY_BOOT Executable file
View File

@@ -0,0 +1,19 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=hydra
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#hydra'

19
nix/configuration/hosts/hydra/DEPLOY_SWITCH Executable file
View File

@@ -0,0 +1,19 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=hydra
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#hydra'

12
nix/configuration/hosts/hydra/ISO Executable file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.hydra" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

68
nix/configuration/hosts/hydra/default.nix Normal file
View File

@@ -0,0 +1,68 @@
#
# Testing:
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \
# -accel kvm \
# -cpu host \
# -smp cores=8 \
# -m 32768 \
# -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" \
# -drive file=/tmp/localdisk.img,if=none,id=nvm,format=raw \
# -device nvme,serial=deadbeef,drive=nvm \
# -nic user,hostfwd=tcp::60022-:22 \
# -boot order=d \
# -cdrom "$(readlink -f /persist/machine_setup/nix/configuration/result/iso/nixos*.iso)" \
# -display vnc=127.0.0.1:0
#
{
config,
lib,
pkgs,
...
}:
{
imports = [
./disk-config.nix
./hardware-configuration.nix
./optimized_build.nix
./vm_disk.nix
];
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "fbd233d8";
networking.hostName = "hydra"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = false;
me.optimizations = {
enable = true;
arch = "znver4";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
me.emacs_flavor = "plainmacs";
me.graphical = false;
me.hydra.enable = false;
me.nix_worker.enable = true;
me.vm_disk.enable = true;
me.wireguard.activated = [ ];
me.wireguard.deactivated = [ ];
me.zsh.enable = true;
}

140
nix/configuration/hosts/hydra/disk-config.nix Normal file
View File

@@ -0,0 +1,140 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) {
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"umask=0077"
"noatime"
"discard"
];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
# mode = "mirror";
# Workaround: cannot import 'zroot': I/O error in disko tests
options.cachefile = "none";
options = {
ashift = "12";
compatibility = "openzfs-2.2-freebsd";
autotrim = "on";
};
rootFsOptions = {
acltype = "posixacl";
atime = "off";
relatime = "off";
xattr = "sa";
mountpoint = "none";
compression = "lz4";
canmount = "off";
utf8only = "on";
dnodesize = "auto";
normalization = "formD";
};
datasets = {
"linux/nix" = {
type = "zfs_fs";
options.mountpoint = "none";
};
"linux/nix/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
};
"linux/nix/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
options = {
recordsize = "1MiB";
compression = "lz4";
};
};
"linux/nix/home" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/home";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
};
"linux/nix/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
};
"linux/nix/state" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/state";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
};
};
};
};
};
# Make sure all persistent volumes are marked as neededForBoot
#
# Also mounts /home so it is mounted before the user home directories are created.
fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
fileSystems."/".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [
"noatime"
"norelatime"
];
fileSystems."/persist".options = [
"noatime"
"norelatime"
];
fileSystems."/state".options = [
"noatime"
"norelatime"
];
fileSystems."/home".options = [
"noatime"
"norelatime"
];
}

39
nix/configuration/hosts/hydra/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,39 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.dhcpcd.enable = lib.mkForce true;
networking.useDHCP = lib.mkForce true;
networking.interfaces.enp0s2.useDHCP = lib.mkForce true;
# systemd.network.enable = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

77
nix/configuration/hosts/hydra/vm_disk.nix Normal file
View File

@@ -0,0 +1,77 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
vm_disk.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to mount the local disk for persistent storage.";
};
};
config = lib.mkIf config.me.vm_disk.enable (
lib.mkMerge [
{
# Mount the local disk
fileSystems = {
"/.disk" = lib.mkForce {
device = "/dev/nvme0n1p1";
fsType = "ext4";
options = [
"noatime"
"discard"
];
neededForBoot = true;
};
"/persist" = {
fsType = "none";
device = "/.disk/persist";
options = [
"bind"
"rw"
];
depends = [
"/.disk/persist"
];
};
"/state" = {
fsType = "none";
device = "/.disk/state";
options = [
"bind"
"rw"
];
depends = [
"/.disk/state"
];
};
"/nix/store" = lib.mkForce {
fsType = "overlay";
device = "overlay";
options = [
"lowerdir=/nix/.ro-store"
"upperdir=/.disk/persist/store"
"workdir=/.disk/state/work"
];
depends = [
"/nix/.ro-store"
"/.disk/persist/store"
"/.disk/state/work"
];
};
};
}
]
);
}

19
nix/configuration/hosts/ionlybootzfs/DEPLOY_BOOT Executable file
View File

@@ -0,0 +1,19 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET="ionlybootzfs"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#ionlybootzfs'

19
nix/configuration/hosts/ionlybootzfs/DEPLOY_SWITCH Executable file
View File

@@ -0,0 +1,19 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=ionlybootzfs
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#ionlybootzfs'

12
nix/configuration/hosts/ionlybootzfs/ISO Executable file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.ionlybootzfs" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

63
nix/configuration/hosts/ionlybootzfs/default.nix Normal file
View File

@@ -0,0 +1,63 @@
#
# Testing:
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \
# -accel kvm \
# -cpu host \
# -smp cores=8 \
# -m 32768 \
# -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" \
# -drive file=/tmp/localdisk.img,if=none,id=nvm,format=raw \
# -device nvme,serial=deadbeef,drive=nvm \
# -nic user,hostfwd=tcp::60022-:22 \
# -boot order=d \
# -cdrom "$(readlink -f /persist/machine_setup/nix/configuration/result/iso/nixos*.iso)" \
# -display vnc=127.0.0.1:0
#
{
config,
lib,
pkgs,
...
}:
{
imports = [
./wrapped-disk-config.nix
./hardware-configuration.nix
];
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "fbd233d8";
networking.hostName = "ionlybootzfs"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = true;
me.optimizations = {
enable = false;
arch = "znver4";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
me.emacs_flavor = "plainmacs";
me.graphical = false;
me.wireguard.activated = [ ];
me.wireguard.deactivated = [ ];
me.zsh.enable = true;
}

142
nix/configuration/hosts/ionlybootzfs/disk-config.nix Normal file
View File

@@ -0,0 +1,142 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"umask=0077"
"noatime"
"discard"
];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
# mode = "mirror";
# Workaround: cannot import 'zroot': I/O error in disko tests
options.cachefile = "none";
options = {
ashift = "12";
compatibility = "openzfs-2.2-freebsd";
autotrim = "on";
};
rootFsOptions = {
acltype = "posixacl";
atime = "off";
relatime = "off";
xattr = "sa";
mountpoint = "none";
compression = "lz4";
canmount = "off";
utf8only = "on";
dnodesize = "auto";
normalization = "formD";
};
datasets = {
"linux/nix" = {
type = "zfs_fs";
options.mountpoint = "none";
options = {
encryption = "aes-256-gcm";
keyformat = "passphrase";
# keylocation = "file:///tmp/secret.key";
};
};
"linux/nix/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
};
"linux/nix/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
options = {
recordsize = "16MiB";
compression = "zstd-19";
};
};
"linux/nix/home" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/home";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
};
"linux/nix/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
};
"linux/nix/state" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/state";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
};
};
};
};
};
# Make sure all persistent volumes are marked as neededForBoot
#
# Also mounts /home so it is mounted before the user home directories are created.
fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
fileSystems."/".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [
"noatime"
"norelatime"
];
fileSystems."/persist".options = [
"noatime"
"norelatime"
];
fileSystems."/state".options = [
"noatime"
"norelatime"
];
fileSystems."/home".options = [
"noatime"
"norelatime"
];
# Only attempt to decrypt the main pool. Otherwise it attempts to decrypt pools that aren't even used.
boot.zfs.requestEncryptionCredentials = [ "zroot/linux/nix" ];
}

38
nix/configuration/hosts/ionlybootzfs/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,38 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.dhcpcd.enable = lib.mkForce true;
networking.useDHCP = lib.mkForce true;
# systemd.network.enable = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

131
nix/configuration/hosts/ionlybootzfs/optimized_build.nix Normal file
View File

@@ -0,0 +1,131 @@
{
config,
lib,
pkgs,
pkgs-unoptimized,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{ }
(lib.mkIf (!config.me.optimizations.enable) {
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_14;
})
(lib.mkIf (config.me.optimizations.enable) {
nixpkgs.hostPlatform = {
gcc.arch = "znver4";
gcc.tune = "znver4";
system = "x86_64-linux";
};
nixpkgs.overlays = [
(
final: prev:
let
addConfig =
additionalConfig: pkg:
pkg.override (oldconfig: {
structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
});
in
{
linux_me = addConfig {
# Full preemption
PREEMPT = lib.mkOverride 60 lib.kernel.yes;
PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
# Google's BBRv3 TCP congestion Control
TCP_CONG_BBR = lib.kernel.yes;
DEFAULT_BBR = lib.kernel.yes;
# Preemptive Full Tickless Kernel at 300Hz
HZ = lib.kernel.freeform "300";
HZ_300 = lib.kernel.yes;
HZ_1000 = lib.kernel.no;
} prev.linux_6_14;
# gsl = prev.gsl.overrideAttrs (old: {
# # gsl tests fails when optimizations are enabled.
# # > FAIL: cholesky_invert unscaled hilbert ( 4, 4)[0,2]: 2.55795384873636067e-13 0
# # > (2.55795384873636067e-13 observed vs 0 expected) [28259614]
# doCheck = false;
# });
}
)
(final: prev: {
haskellPackages = prev.haskellPackages.extend (
final': prev': {
inherit (pkgs-unoptimized.haskellPackages)
crypton
crypton-connection
crypton-x509
crypton-x509-store
crypton-x509-system
crypton-x509-validation
hspec-wai
http-client-tls
http2
pandoc
pandoc-cli
pandoc-lua-engine
pandoc-server
servant-server
tls
wai-app-static
wai-extra
warp
;
}
);
})
(final: prev: {
inherit (pkgs-unoptimized)
gsl
redis
valkey
;
})
];
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_me;
})
(lib.mkIf (!config.me.buildingIso) {
nix.settings.system-features = lib.mkForce [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
# Keep ALL dependencies so we can rebuild offline. This DRASTICALLY increase disk usage, but disk space is cheap.
# system.includeBuildDependencies = true;
# This also should enable building offline? TODO: test.
nix.extraOptions = ''
keep-outputs = true
keep-derivations = true
'';
# # building ON
# nixpkgs.localSystem = { system = "aarch64-linux"; };
# # building FOR
# nixpkgs.crossSystem = { system = "aarch64-linux"; };
# nixpkgs.config = {
# replaceStdenv = ({ pkgs }: pkgs.clangStdenv);
# };
# or maybe an overlay
# stdenv = prev.clangStdenv;
})
(lib.mkIf (config.me.buildingIso) {
boot.supportedFilesystems.zfs = true;
})
];
}

8
nix/configuration/hosts/ionlybootzfs/wrapped-disk-config.nix Normal file
View File

@@ -0,0 +1,8 @@
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) (import ./disk-config.nix)

19
nix/configuration/hosts/neelix/DEPLOY_BOOT Executable file
View File

@@ -0,0 +1,19 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=neelix
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#neelix'

19
nix/configuration/hosts/neelix/DEPLOY_SWITCH Executable file
View File

@@ -0,0 +1,19 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=neelix
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#neelix'

51
nix/configuration/hosts/neelix/default.nix Normal file
View File

@@ -0,0 +1,51 @@
{ config, pkgs, ... }:
{
imports = [
./hardware-configuration.nix
./disk-config.nix
./power_management.nix
];
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "bca9d0a5";
networking.hostName = "neelix"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = false;
me.optimizations = {
enable = false;
arch = "alderlake";
system_features = [
"gccarch-alderlake"
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Early KMS
boot.initrd.kernelModules = [ "i915" ];
# Mount tmpfs at /tmp
# boot.tmp.useTmpfs = true;
me.bluetooth.enable = true;
me.emacs_flavor = "plainmacs";
me.graphical = true;
me.graphics_card_type = "intel";
me.kodi.enable = true;
me.lvfs.enable = true;
me.sound.enable = true;
me.wireguard.activated = [ "wgh" ];
me.wireguard.deactivated = [ "wgf" ];
me.zrepl.enable = true;
me.zsh.enable = true;
}

140
nix/configuration/hosts/neelix/disk-config.nix Normal file
View File

@@ -0,0 +1,140 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) {
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"umask=0077"
"noatime"
"discard"
];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
# mode = "mirror";
# Workaround: cannot import 'zroot': I/O error in disko tests
options.cachefile = "none";
options = {
ashift = "12";
compatibility = "openzfs-2.2-freebsd";
autotrim = "on";
};
rootFsOptions = {
acltype = "posixacl";
atime = "off";
relatime = "off";
xattr = "sa";
mountpoint = "none";
compression = "lz4";
canmount = "off";
utf8only = "on";
dnodesize = "auto";
normalization = "formD";
};
datasets = {
"linux/nix" = {
type = "zfs_fs";
options.mountpoint = "none";
};
"linux/nix/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
};
"linux/nix/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
options = {
recordsize = "1MiB";
compression = "lz4";
};
};
"linux/nix/home" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/home";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
};
"linux/nix/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
};
"linux/nix/state" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/state";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
};
};
};
};
};
# Make sure all persistent volumes are marked as neededForBoot
#
# Also mounts /home so it is mounted before the user home directories are created.
fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
fileSystems."/".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [
"noatime"
"norelatime"
];
fileSystems."/persist".options = [
"noatime"
"norelatime"
];
fileSystems."/state".options = [
"noatime"
"norelatime"
];
fileSystems."/home".options = [
"noatime"
"norelatime"
];
}

39
nix/configuration/hosts/neelix/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,39 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

35
nix/configuration/hosts/neelix/power_management.nix Normal file
View File

@@ -0,0 +1,35 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
environment.systemPackages = with pkgs; [
powertop
];
# pcie_aspm=force pcie_aspm.policy=powersupersave :: Enable PCIe active state power management for power reduction.
# nowatchdog :: Disable watchdog for power savings (related to disable_sp5100_watchdog above).
boot.kernelParams = [
"pcie_aspm=force"
# "pcie_aspm.policy=powersupersave"
"nowatchdog"
];
# default performance balance_performance balance_power power
# defaults to balance_performance
# systemd.tmpfiles.rules = [
# "w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power"
# ];
boot.extraModprobeConfig = ''
options snd_hda_intel power_save=1
'';
}

19
nix/configuration/hosts/odo/DEPLOY_BOOT Executable file
View File

@@ -0,0 +1,19 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
# TARGET=10.216.1.15
# TARGET=192.168.211.250
TARGET=odo
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#odo'

19
nix/configuration/hosts/odo/DEPLOY_SWITCH Executable file
View File

@@ -0,0 +1,19 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=odo
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#odo'

12
nix/configuration/hosts/odo/ISO Executable file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.odo" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

12
nix/configuration/hosts/odo/SELF_BOOT Executable file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json

12
nix/configuration/hosts/odo/SELF_BUILD Executable file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json

12
nix/configuration/hosts/odo/SELF_SWITCH Executable file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json

94
nix/configuration/hosts/odo/default.nix
View File

@@ -1,12 +1,18 @@
{ config, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
{
imports = [
./hardware-configuration.nix
./disk-config.nix
./optimized_build.nix
./wrapped-disk-config.nix
./distributed_build.nix
./power_management.nix
./screen_brightness.nix
./wifi.nix
./framework_module.nix
];
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
@@ -19,6 +25,22 @@
me.secureBoot.enable = true;
me.optimizations = {
enable = false;
arch = "znver4";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Early KMS
boot.initrd.kernelModules = [ "amdgpu" ];
@@ -27,8 +49,72 @@
environment.systemPackages = with pkgs; [
fw-ectool
framework-tool
];
# Enable light sensor
# hardware.sensor.iio.enable = lib.mkDefault true;
# Enable TRIM
# services.fstrim.enable = lib.mkDefault true;
me.alacritty.enable = true;
me.amd_s2idle.enable = true;
me.ansible.enable = true;
me.ares.enable = true;
me.bluetooth.enable = true;
me.chromecast.enable = true;
me.chromium.enable = true;
me.d2.enable = true;
me.direnv.enable = true;
me.docker.enable = true;
me.ecc.enable = false;
me.emacs_flavor = "full";
me.firefox.enable = true;
me.flux.enable = true;
me.gcloud.enable = true;
me.git.config = ../../roles/git/files/gitconfig_home;
me.gnuplot.enable = true;
me.gpg.enable = true;
me.graphical = true;
me.graphicsCardType = "amd";
me.graphics_card_type = "amd";
me.iso_mount.enable = true;
me.kanshi.enable = false;
me.kubernetes.enable = true;
me.latex.enable = true;
me.launch_keyboard.enable = true;
me.lvfs.enable = true;
me.media.enable = true;
me.nix_index.enable = true;
me.pcsx2.enable = true;
me.python.enable = true;
me.qemu.enable = true;
me.rpcs3.enable = true;
me.rust.enable = true;
me.shadps4.enable = true;
me.shikane.enable = true;
me.sops.enable = true;
me.sound.enable = true;
me.steam.enable = true;
me.steam_run_free.enable = true;
me.sway.enable = true;
me.tekton.enable = true;
me.terraform.enable = true;
me.thunderbolt.enable = true;
me.vnc_client.enable = true;
me.vscode.enable = true;
me.wasm.enable = true;
me.waybar.enable = true;
me.wireguard.activated = [
"drmario"
"wgh"
"colo"
];
me.wireguard.deactivated = [ "wgf" ];
me.zrepl.enable = true;
me.zsh.enable = true;
me.sm64ex.enable = true;
me.shipwright.enable = true;
me.ship2harkinian.enable = true;
}

11
nix/configuration/hosts/odo/disk-config.nix
View File

@@ -1,11 +1,8 @@
{
config,
lib,
pkgs,
...
}:
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
lib.mkIf (!config.me.buildingIso) {
{
disko.devices = {
disk = {
main = {

27
nix/configuration/hosts/odo/distributed_build.nix Normal file
View File

@@ -0,0 +1,27 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{
me.distributed_build.enable = true;
me.distributed_build.machines.hydra = {
enable = true;
additional_config = {
speedFactor = 2;
};
};
me.distributed_build.machines.quark = {
enable = true;
additional_config = {
speedFactor = 2;
};
};
}
];
}

23
nix/configuration/hosts/odo/framework_module.nix Normal file
View File

@@ -0,0 +1,23 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{
boot.extraModulePackages = with config.boot.kernelPackages; [
framework-laptop-kmod
];
# https://github.com/DHowett/framework-laptop-kmod?tab=readme-ov-file#usage
boot.kernelModules = [
"cros_ec"
"cros_ec_lpcs"
];
}
];
}

2
nix/configuration/hosts/odo/hardware-configuration.nix
View File

@@ -27,7 +27,7 @@
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;

71
nix/configuration/hosts/odo/optimized_build.nix
View File

@@ -1,71 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
nix.settings.system-features = lib.mkForce [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
# nixpkgs.hostPlatform = {
# gcc.arch = "znver4";
# gcc.tune = "znver4";
# system = "x86_64-linux";
# };
nixpkgs.overlays = [
(
self: super:
let
optimizeWithFlags =
pkg: flags:
pkg.overrideAttrs (old: {
NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags;
});
addConfig =
additionalConfig: pkg:
pkg.override (oldconfig: {
structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
});
in
{
linux_znver4 =
addConfig
{
# Full preemption
PREEMPT = lib.mkOverride 60 lib.kernel.yes;
PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
# Google's BBRv3 TCP congestion Control
TCP_CONG_BBR = lib.kernel.yes;
DEFAULT_BBR = lib.kernel.yes;
# Preemptive Full Tickless Kernel at 300Hz
HZ = lib.kernel.freeform "300";
HZ_300 = lib.kernel.yes;
HZ_1000 = lib.kernel.no;
}
(
optimizeWithFlags super.linux_6_12 [
"-march=znver4"
"-mtune=znver4"
]
);
}
)
];
boot.kernelPackages = lib.mkIf (!config.me.buildingIso) (pkgs.linuxPackagesFor pkgs.linux_znver4);
}

18
nix/configuration/hosts/odo/power_management.nix
View File

@@ -20,7 +20,7 @@
# amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds.
# amdgpu.dcdebugmask=0x10 :: Allegedly disables Panel Replay from https://community.frame.work/t/tracking-freezing-arch-linux-amd/39495/32
boot.kernelParams = [
"amdgpu.abmlevel=3"
"amdgpu.abmlevel=2"
"pcie_aspm=force"
# "pcie_aspm.policy=powersupersave"
"nowatchdog"
@@ -47,6 +47,22 @@
"w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpu0/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu1/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu2/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu3/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu4/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu5/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu6/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu7/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu8/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu9/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu10/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu11/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu12/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu13/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu14/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu15/cpufreq/boost - - - - 0"
];
boot.extraModprobeConfig = ''

2
nix/configuration/hosts/odo/screen_brightness.nix
View File

@@ -9,6 +9,6 @@
imports = [ ];
systemd.tmpfiles.rules = [
"w- /sys/class/backlight/amdgpu_bl1/brightness - - - - 85"
"w- /sys/class/backlight/amdgpu_bl1/brightness - - - - 21845"
];
}

12
nix/configuration/hosts/odo/wifi.nix
View File

@@ -9,8 +9,14 @@
imports = [ ];
config = {
environment.loginShellInit = lib.mkIf (!config.me.buildingIso) ''
doas iw dev wlan0 set power_save off
'';
# Doesn't seem necessary starting with 6.13
# environment.loginShellInit = lib.mkIf (!config.me.buildingIso) ''
# doas iw dev wlan0 set power_save off
# '';
# Enable debug logging for ath12k wifi card.
boot.kernelParams = [
"ath12k.debug_mask=0xffffffff"
];
};
}

8
nix/configuration/hosts/odo/wrapped-disk-config.nix Normal file
View File

@@ -0,0 +1,8 @@
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) (import ./disk-config.nix)

19
nix/configuration/hosts/quark/DEPLOY_BOOT Executable file
View File

@@ -0,0 +1,19 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.15
# TARGET=192.168.211.250
TARGET=quark
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#quark'

19
nix/configuration/hosts/quark/DEPLOY_SWITCH Executable file
View File

@@ -0,0 +1,19 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=quark
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#quark'

12
nix/configuration/hosts/quark/ISO Executable file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.quark" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

12
nix/configuration/hosts/quark/SELF_BOOT Executable file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json

12
nix/configuration/hosts/quark/SELF_BUILD Executable file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json

12
nix/configuration/hosts/quark/SELF_SWITCH Executable file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json

117
nix/configuration/hosts/quark/default.nix Normal file
View File

@@ -0,0 +1,117 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./disk-config.nix
./distributed_build.nix
./hardware-configuration.nix
./power_management.nix
./wifi.nix
];
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "47ee7d7c";
networking.hostName = "quark"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = true;
me.optimizations = {
enable = true;
arch = "znver5";
system_features = [
"gccarch-znver4"
"gccarch-znver5"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Early KMS
boot.initrd.kernelModules = [ "amdgpu" ];
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
# Enable TRIM
# services.fstrim.enable = lib.mkDefault true;
# RPCS3 has difficulty with znver5
me.rpcs3.config.Core."Use LLVM CPU" = "znver4";
me.alacritty.enable = true;
me.amd_s2idle.enable = true;
me.ansible.enable = true;
me.ares.enable = true;
me.bluetooth.enable = true;
me.chromecast.enable = true;
me.chromium.enable = true;
me.d2.enable = true;
me.direnv.enable = true;
me.docker.enable = true;
me.ecc.enable = true;
me.emacs_flavor = "full";
me.firefox.enable = true;
me.flux.enable = true;
me.gcloud.enable = true;
me.git.config = ../../roles/git/files/gitconfig_home;
me.gnuplot.enable = true;
me.gpg.enable = true;
me.graphical = true;
me.graphics_card_type = "amd";
me.iso_mount.enable = true;
me.kanshi.enable = false;
me.kubernetes.enable = true;
me.latex.enable = true;
me.launch_keyboard.enable = true;
me.lvfs.enable = true;
me.media.enable = true;
me.nix_index.enable = true;
me.nix_worker.enable = true;
me.pcsx2.enable = true;
me.python.enable = true;
me.qemu.enable = true;
me.rpcs3.enable = true;
me.rust.enable = true;
me.shadps4.enable = true;
me.shikane.enable = true;
me.sops.enable = true;
me.sound.enable = true;
me.steam.enable = true;
me.steam_run_free.enable = true;
me.sway.enable = true;
me.tekton.enable = true;
me.terraform.enable = true;
me.thunderbolt.enable = true;
me.vnc_client.enable = true;
me.vscode.enable = true;
me.wasm.enable = true;
me.waybar.enable = true;
me.wireguard.activated = [
"drmario"
"wgh"
"colo"
];
me.wireguard.deactivated = [ "wgf" ];
me.zrepl.enable = true;
me.zsh.enable = true;
me.sm64ex.enable = true;
me.shipwright.enable = true;
me.ship2harkinian.enable = true;
};
}

148
nix/configuration/hosts/quark/disk-config.nix Normal file
View File

@@ -0,0 +1,148 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) {
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"umask=0077"
"noatime"
"discard"
];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
# mode = "mirror";
# Workaround: cannot import 'zroot': I/O error in disko tests
options.cachefile = "none";
options = {
ashift = "12";
compatibility = "openzfs-2.2-freebsd";
autotrim = "on";
};
rootFsOptions = {
acltype = "posixacl";
atime = "off";
relatime = "off";
xattr = "sa";
mountpoint = "none";
compression = "lz4";
canmount = "off";
utf8only = "on";
dnodesize = "auto";
normalization = "formD";
};
datasets = {
"linux/nix" = {
type = "zfs_fs";
options.mountpoint = "none";
options = {
encryption = "aes-256-gcm";
keyformat = "passphrase";
# keylocation = "file:///tmp/secret.key";
};
};
"linux/nix/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
};
"linux/nix/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
options = {
recordsize = "16MiB";
compression = "zstd-19";
};
};
"linux/nix/home" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/home";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
};
"linux/nix/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
};
"linux/nix/state" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/state";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
};
};
};
};
};
# Make sure all persistent volumes are marked as neededForBoot
#
# Also mounts /home so it is mounted before the user home directories are created.
fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
fileSystems."/".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [
"noatime"
"norelatime"
];
fileSystems."/persist".options = [
"noatime"
"norelatime"
];
fileSystems."/state".options = [
"noatime"
"norelatime"
];
fileSystems."/home".options = [
"noatime"
"norelatime"
];
# Only attempt to decrypt the main pool. Otherwise it attempts to decrypt pools that aren't even used.
boot.zfs.requestEncryptionCredentials = [ "zroot/linux/nix" ];
}

21
nix/configuration/hosts/quark/distributed_build.nix Normal file
View File

@@ -0,0 +1,21 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{
me.distributed_build.enable = true;
me.distributed_build.machines.hydra = {
enable = true;
additional_config = {
speedFactor = 2;
};
};
}
];
}

35
nix/configuration/hosts/quark/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,35 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

48
nix/configuration/hosts/quark/power_management.nix Normal file
View File

@@ -0,0 +1,48 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
environment.systemPackages = with pkgs; [
powertop
];
boot.kernelParams = [
# Enable undervolting GPU.
# "amdgpu.ppfeaturemask=0xfff7ffff"
];
systemd.tmpfiles.rules = [
# "w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy4/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy5/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy6/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy7/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy8/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy9/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy10/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy11/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy12/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power"
];
# services.udev.packages = [
# (pkgs.writeTextFile {
# name = "amdgpu-low-power";
# text = ''
# ACTION=="add", SUBSYSTEM=="drm", DRIVERS=="amdgpu", ATTR{device/power_dpm_force_performance_level}="low"
# '';
# destination = "/etc/udev/rules.d/30-amdgpu-low-power.rules";
# })
# ];
}

16
nix/configuration/hosts/quark/wifi.nix Normal file
View File

@@ -0,0 +1,16 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = {
environment.loginShellInit = lib.mkIf (!config.me.buildingIso) ''
doas iw dev wlan0 set power_save off
'';
};
}

48
nix/configuration/roles/2ship2harkinian/default.nix Normal file
View File

@@ -0,0 +1,48 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
ship2harkinian.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install 2ship2harkinian.";
};
};
config = lib.mkIf config.me.ship2harkinian.enable (
lib.mkMerge [
{
allowedUnfree = [ "2ship2harkinian" ];
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
_2ship2harkinian
];
# TODO perhaps install ~/.local/share/2ship/2ship2harkinian.json
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".local/share/2ship";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
})
]
);
}

36
nix/configuration/roles/alacritty/default.nix
View File

@@ -7,18 +7,30 @@
{
imports = [ ];
environment.systemPackages = with pkgs; [
alacritty
xdg-utils # for xdg-open
];
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".config/alacritty/alacritty.toml" = {
source = ./files/alacritty.toml;
};
options.me = {
alacritty.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install alacritty.";
};
};
config = lib.mkIf config.me.alacritty.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
alacritty
xdg-utils # for xdg-open
];
me.install.user.talexander.file = {
".config/alacritty/alacritty.toml" = {
source = ./files/alacritty.toml;
};
};
})
]
);
}

29
nix/configuration/roles/amd_s2idle/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
amd_s2idle.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install amd_s2idle.";
};
};
config = lib.mkIf config.me.amd_s2idle.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
amd-debug-tools
];
}
]
);
}

86
nix/configuration/roles/ansible/default.nix Normal file
View File

@@ -0,0 +1,86 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
ansible.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install ansible.";
};
};
config = lib.mkIf config.me.ansible.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
ansible
];
nixpkgs.overlays = [
(final: prev: {
ansible = pkgs.symlinkJoin {
name = "ansible";
paths = [
(prev.ansible.overridePythonAttrs {
propagatedBuildInputs = prev.ansible.propagatedBuildInputs ++ [ prev.python3Packages.jmespath ];
})
pkgs.ansible-sshjail
];
buildInputs = [ pkgs.makeWrapper ];
postBuild = ''
${lib.concatMapStringsSep "\n"
(
prog:
(
"wrapProgram $out/bin/${prog} ${
lib.concatMapStringsSep " "
(
plugin_type:
"--set ANSIBLE_${lib.toUpper plugin_type}_PLUGINS $out/share/ansible/plugins/${lib.toLower plugin_type}_plugins"
)
[
"action"
"cache"
"callback"
"connection"
"filter"
"inventory"
"lookup"
"shell"
"strategy"
"test"
"vars"
]
} --prefix PATH : ${lib.makeBinPath [ ]}"
)
)
[
"ansible"
"ansible-config"
"ansible-console"
"ansible-doc"
"ansible-galaxy"
"ansible-inventory"
"ansible-playbook"
"ansible-pull"
"ansible-test"
"ansible-vault"
]
}
'';
};
})
];
}
]
);
}

36
nix/configuration/roles/ares/default.nix
View File

@@ -8,7 +8,37 @@
{
imports = [ ];
environment.systemPackages = with pkgs; [
ares
];
options.me = {
ares.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install ares.";
};
};
config = lib.mkIf config.me.ares.enable (
lib.mkMerge [
{ }
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
ares
];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".local/share/ares";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
})
]
);
}

21
nix/configuration/roles/blank/default.nix
View File

@@ -8,6 +8,23 @@
{
imports = [ ];
environment.systemPackages = with pkgs; [
];
options.me = {
blank.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install blank.";
};
};
config = lib.mkIf config.me.blank.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
];
}
(lib.mkIf config.me.graphical {
})
]
);
}

46
nix/configuration/roles/bluetooth/default.nix Normal file
View File

@@ -0,0 +1,46 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
bluetooth.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install bluetooth.";
};
};
config = lib.mkIf config.me.bluetooth.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
];
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
settings = {
General = {
# Enable support for showing battery charge level.
Experimental = true;
};
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
"/var/lib/bluetooth" # Bluetooth pairing information.
];
};
}
]
);
}

15
nix/configuration/roles/boot/default.nix
View File

@@ -41,6 +41,8 @@
# Automatically delete old generations
boot.loader.systemd-boot.configurationLimit = 3;
boot.loader.systemd-boot.memtest86.enable = true;
# Check what will be lost with `zfs diff zroot/linux/root@blank`
boot.initrd.systemd.enable = lib.mkDefault true;
boot.initrd.systemd.services.zfs-rollback = {
@@ -73,9 +75,14 @@
# options root=PARTUUID=17e325bf-a378-4d1d-be6a-f6df5476f0fa
# '';
# };
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
"/var/lib/sbctl" # Secure Boot Keys
];
};
})
(lib.mkIf (config.me.secureBoot.enable) {
environment.systemPackages = with pkgs; [
sbctl
];
@@ -84,12 +91,6 @@
enable = true;
pkiBundle = "/var/lib/sbctl";
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
"/var/lib/sbctl" # Secure Boot Keys
];
};
})
];
}

23
nix/configuration/roles/chromecast/default.nix
View File

@@ -8,7 +8,24 @@
{
imports = [ ];
environment.systemPackages = with pkgs; [
catt
];
options.me = {
chromecast.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install chromecast.";
};
};
config = lib.mkIf config.me.chromecast.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
catt
];
}
(lib.mkIf config.me.graphical {
})
]
);
}

99
nix/configuration/roles/chromium/default.nix
View File

@@ -8,45 +8,68 @@
{
imports = [ ];
# TODO: Read https://bbs.archlinux.org/viewtopic.php?pid=2209507#p2209507 and apply desired settings.
environment.systemPackages = with pkgs; [
(chromium.override { enableWideVine = true; })
];
allowedUnfree = [
"chromium"
"chromium-unwrapped"
"widevine-cdm"
];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".config/chromium";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".cache/chromium";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
options.me = {
chromium.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install chromium.";
};
};
# Enabling vulkan causes video to render as white
# nixpkgs.config.chromium.commandLineArgs = "--enable-features=Vulkan";
config = lib.mkIf config.me.chromium.enable (
lib.mkMerge [
{ }
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
chromium
];
allowedUnfree = [
"chromium"
"chromium-unwrapped"
"widevine-cdm"
];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".config/chromium";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".cache/chromium";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
nixpkgs.overlays = [
(final: prev: {
chromium = prev.chromium.override {
enableWideVine = true;
commandLineArgs = [
"--enable-features=VaapiVideoDecoder,VaapiIgnoreDriverChecks,Vulkan,DefaultANGLEVulkan,VulkanFromANGLE,AcceleratedVideoEncoder"
# Enabling vulkan causes video to render as white
# "--enable-features=Vulkan";
];
};
})
];
})
]
);
}

29
nix/configuration/roles/d2/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
d2.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install d2.";
};
};
config = lib.mkIf config.me.d2.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
d2
];
}
]
);
}

55
nix/configuration/roles/direnv/default.nix Normal file
View File

@@ -0,0 +1,55 @@
{
config,
lib,
pkgs,
...
}:
let
direnv_zsh_hook = pkgs.writeTextFile {
name = "direnv_zsh_hook.zsh";
text = ''
eval "$(direnv hook zsh)"
'';
};
in
{
imports = [ ];
options.me = {
direnv.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install direnv.";
};
};
config = lib.mkIf config.me.direnv.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
direnv
nix-direnv
];
me.zsh.includes = [ direnv_zsh_hook ];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
# List of allowed directories from `direnv allow`.
directory = ".local/share/direnv";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
}
]
);
}

105
nix/configuration/roles/distributed_build/default.nix Normal file
View File

@@ -0,0 +1,105 @@
{
config,
lib,
pkgs,
...
}:
let
make_machine_config = name: {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to use the ${name} machine during distributed builds.";
};
additional_config = lib.mkOption {
type = lib.types.attrs;
default = { };
example = lib.literalExpression {
speedFactor = 2;
};
description = "Additional config values for the buildMachines entry. For example, speedFactor.";
};
};
in
{
imports = [ ];
options.me = {
distributed_build.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to use multiple machines to perform a nixos-rebuild.";
};
distributed_build.machines.hydra = make_machine_config "hydra";
distributed_build.machines.quark = make_machine_config "quark";
};
config = lib.mkIf config.me.distributed_build.enable (
lib.mkMerge [
{
nix.distributedBuilds = true;
}
(lib.mkIf config.me.distributed_build.machines.hydra.enable {
nix.buildMachines = [
(
{
hostName = "hydra";
sshUser = "nixworker";
# sshKey = "";
# publicHostKey = "";
systems = [
"x86_64-linux"
# "aarch64-linux"
];
maxJobs = 1;
supportedFeatures = [
# "nixos-test"
"benchmark"
"big-parallel"
# "kvm"
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"gccarch-znver4"
];
}
// config.me.distributed_build.machines.hydra.additional_config
)
];
})
(lib.mkIf config.me.distributed_build.machines.quark.enable {
nix.buildMachines = [
(
{
hostName = "quark";
sshUser = "nixworker";
sshKey = "/persist/manual/ssh/root/keys/id_ed25519";
# From: base64 -w0 /persist/ssh/ssh_host_ed25519_key.pub
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUx0alplYlVYTkRkU3Y1enVGbjM3eFNMZUN3S2hPKzFMdWovM2FYNFJRTEEgcm9vdEBxdWFyawo=";
systems = [
"x86_64-linux"
# "aarch64-linux"
];
maxJobs = 1;
supportedFeatures = [
# "nixos-test"
"benchmark"
"big-parallel"
# "kvm"
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"gccarch-znver4"
"gccarch-znver5"
];
}
// config.me.distributed_build.machines.quark.additional_config
)
];
})
]
);
}

113
nix/configuration/roles/docker/default.nix
View File

@@ -8,42 +8,83 @@
{
imports = [ ];
virtualisation.docker.enable = true;
# Use docker activation
virtualisation.docker.enableOnBoot = false;
# Rootless docker breaks access to ssh for buildkit.
# virtualisation.docker.rootless = {
# enable = true;
# setSocketVariable = true;
# };
# Give docker access to ssh for fetching repos with buildkit.
virtualisation.docker.extraPackages = [ pkgs.openssh ];
environment.systemPackages = with pkgs; [
docker-buildx
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
{
directory = "/var/lib/docker";
user = "root";
group = "root";
mode = "0740";
}
];
# users.talexander = {
# directories = [
# {
# directory = ".local/share/docker";
# user = "talexander";
# group = "talexander";
# mode = "0740";
# }
# ];
# };
options.me = {
docker.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install docker.";
};
};
# Needed for non-rootless docker
users.users.talexander.extraGroups = [ "docker" ];
config = lib.mkIf config.me.docker.enable (
lib.mkMerge [
{
virtualisation.docker.enable = true;
# Use docker activation
virtualisation.docker.enableOnBoot = false;
# Rootless docker breaks access to ssh for buildkit.
# virtualisation.docker.rootless = {
# enable = true;
# setSocketVariable = true;
# };
# Give docker access to ssh for fetching repos with buildkit.
virtualisation.docker.extraPackages = [ pkgs.openssh ];
environment.systemPackages = with pkgs; [
docker-buildx
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
{
directory = "/var/lib/docker";
user = "root";
group = "root";
mode = "0740";
}
];
# users.talexander = {
# directories = [
# {
# directory = ".local/share/docker";
# user = "talexander";
# group = "talexander";
# mode = "0740";
# }
# ];
# };
};
systemd.services.link-docker-creds = {
# Contains credentials so it cannot be added to the nix store
enable = true;
description = "link-docker-creds";
wantedBy = [ "multi-user.target" ];
wants = [ "multi-user.target" ];
after = [ "multi-user.target" ];
# path = with pkgs; [
# zfs
# ];
unitConfig.DefaultDependencies = "no";
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
};
script = ''
if [ -e /persist/manual/docker/config.json ]; then
install --directory --owner talexander --group talexander --mode 0700 /home/talexander/.docker
ln -s /persist/manual/docker/config.json /home/talexander/.docker/config.json
fi
'';
preStop = ''
rm -f /home/talexander/.docker/config.json
'';
};
# Needed for non-rootless docker
users.users.talexander.extraGroups = [ "docker" ];
}
]
);
}

28
nix/configuration/roles/ecc/default.nix Normal file
View File

@@ -0,0 +1,28 @@
# Check memory errors with: ras-mc-ctl --error-count
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
ecc.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install ecc.";
};
};
config = lib.mkIf config.me.ecc.enable (
lib.mkMerge [
{
hardware.rasdaemon.enable = true;
}
]
);
}

234
nix/configuration/roles/emacs/default.nix
View File

@@ -6,102 +6,166 @@
}:
let
plainmacs = pkgs.writeShellScriptBin "plainmacs" ''
INIT_SCRIPT=$(cat <<EOF
(progn
(setq make-backup-files nil auto-save-default nil create-lockfiles nil)
(load-theme 'tango-dark t)
(set-face-attribute 'default nil :background "black")
;; Bright yellow highlighting for selected region
(set-face-attribute 'region nil :background "#ffff50" :foreground "black")
;; Bright green cursor to distinguish from yellow region
(set-cursor-color "#ccff66")
;; Hightlight the current line
(set-face-attribute 'line-number-current-line nil :foreground "white")
;; Set default font
(set-face-attribute 'default nil :height 100 :width 'regular :weight 'regular :family "Cascadia Mono")
;; Set fallback font for unicode glyphs
(when (display-graphic-p)
(set-fontset-font "fontset-default" nil (font-spec :name "Noto Color Emoji")))
(menu-bar-mode -1)
(when (fboundp 'tool-bar-mode)
(tool-bar-mode -1))
(when ( fboundp 'scroll-bar-mode)
(scroll-bar-mode -1))
(pixel-scroll-precision-mode)
(setq frame-resize-pixelwise t)
plainmacs =
emacs_package:
pkgs.writeShellScriptBin "plainmacs" ''
INIT_SCRIPT=$(cat <<EOF
(progn
(setq make-backup-files nil auto-save-default nil create-lockfiles nil)
(load-theme 'tango-dark t)
(set-face-attribute 'default nil :background "black")
;; Bright yellow highlighting for selected region
(set-face-attribute 'region nil :background "#ffff50" :foreground "black")
;; Bright green cursor to distinguish from yellow region
(set-cursor-color "#ccff66")
;; Hightlight the current line
(set-face-attribute 'line-number-current-line nil :foreground "white")
;; Set default font
(set-face-attribute 'default nil :height 100 :width 'regular :weight 'regular :family "Cascadia Mono")
;; Set fallback font for unicode glyphs
(when (display-graphic-p)
(set-fontset-font "fontset-default" nil (font-spec :name "Noto Color Emoji")))
(menu-bar-mode -1)
(when (fboundp 'tool-bar-mode)
(tool-bar-mode -1))
(when ( fboundp 'scroll-bar-mode)
(scroll-bar-mode -1))
(pixel-scroll-precision-mode)
(setq frame-resize-pixelwise t)
)
EOF
)
EOF
)
exec ${pkgs.emacs29-pgtk}/bin/emacs -q --eval "$INIT_SCRIPT" "''${@}"
'';
e_shorthand = pkgs.writeShellScriptBin "e" ''
exec ${pkgs.emacs_full}/bin/emacs "''${@}"
'';
exec ${emacs_package}/bin/emacs -q --eval "$INIT_SCRIPT" "''${@}"
'';
e_shorthand =
emacs_package:
pkgs.writeShellScriptBin "e" ''
exec ${emacs_package}/bin/emacs "''${@}"
'';
in
{
imports = [ ];
config = lib.mkMerge [
{
environment.systemPackages = with pkgs; [
plainmacs
e_shorthand
emacs_full
];
options.me.emacs_flavor = lib.mkOption {
type = lib.types.nullOr (
lib.types.enum [
"full"
"plainmacs"
]
);
default = null;
example = "full";
description = "What flavor of emacs to set up.";
};
nixpkgs.overlays = [
(final: prev: {
emacs_full = pkgs.symlinkJoin {
name = "emacs_full";
paths = [ pkgs.emacs29-pgtk ];
buildInputs = [ pkgs.makeWrapper ];
postBuild = ''
wrapProgram $out/bin/emacs --prefix PATH : ${
lib.makeBinPath [
(pkgs.aspellWithDicts (
dicts: with dicts; [
en
en-computers
]
))
pkgs.nixd # nix language server
pkgs.nixfmt-rfc-style # auto-formatting nix files through nixd
pkgs.clang # To compile tree-sitter grammars
]
}
'';
config = lib.mkIf (config.me.emacs_flavor != null) (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
my_emacs
(plainmacs my_emacs)
(e_shorthand my_emacs)
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
".config/emacs/eln-cache" # Installed packages
".config/emacs/elpa" # Installed packages
".config/emacs/private" # For recentf
".config/emacs/tree-sitter" # Compiled tree-sitter grammars
];
files = [
".config/emacs/history" # For savehist
".config/emacs/.last-package-update-day" # For use-package
];
};
})
];
};
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".config/emacs" = {
environment.variables.EDITOR = "plainmacs";
}
(lib.mkIf (config.me.graphical) {
nixpkgs.overlays = [
(final: prev: {
my_emacs = final.emacs-pgtk;
})
];
})
(lib.mkIf (!config.me.graphical) {
nixpkgs.overlays = [
(final: prev: {
my_emacs = final.emacs-nox;
})
];
})
(lib.mkIf (config.me.emacs_flavor == "full") {
nixpkgs.overlays = [
(final: prev: {
my_emacs = pkgs.buildEnv {
name = prev.my_emacs.name;
paths = with prev; [
my_emacs
];
extraOutputsToInstall = [
"man"
"doc"
"info"
];
nativeBuildInputs = [ final.makeWrapper ];
postBuild = ''
wrapProgram $out/bin/emacs --prefix PATH : ${
lib.makeBinPath [
(final.aspellWithDicts (
dicts: with dicts; [
en
en-computers
# en-science # TODO: Why is en-science non-free?
]
))
final.nixd # nix language server
final.nixfmt-rfc-style # auto-formatting nix files through nixd
final.clang # To compile tree-sitter grammars
final.shellcheck
final.cmake-language-server
final.cmake # Used by cmake-language-server
final.rust-analyzer
final.prettier # Format yaml, json, and JS
final.terraform-ls
final.typescript-language-server
final.tex
]
}
'';
};
})
];
me.install.user.talexander.file = {
".config/emacs" = {
source = ./files/emacs;
recursive = true;
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
".config/emacs/eln-cache" # Installed packages
".config/emacs/elpa" # Installed packages
".config/emacs/private" # For recentf
".config/emacs/tree-sitter" # Compiled tree-sitter grammars
];
files = [
".config/emacs/history" # For savehist
".config/emacs/.last-package-update-day" # For use-package
];
};
};
environment.variables.EDITOR = "${plainmacs}/bin/plainmacs";
}
];
})
(lib.mkIf (config.me.emacs_flavor == "plainmacs") {
nixpkgs.overlays = [
(final: prev: {
my_emacs = pkgs.buildEnv {
name = prev.my_emacs.name;
paths = with prev; [
my_emacs
];
extraOutputsToInstall = [
"man"
"doc"
"info"
];
};
})
];
})
]
);
}

25
nix/configuration/roles/emacs/files/emacs/elisp/base-extensions.el
View File

@@ -14,17 +14,6 @@
;; Other packages
(use-package emacs
:config
(setq enable-recursive-minibuffers t)
;; Filter the M-x list base on the current mode
(setq read-extended-command-predicate #'command-completion-default-include-p)
;; Enable triggering completion with the tab key.
(setq tab-always-indent 'complete)
)
(use-package dashboard
:config
(dashboard-setup-startup-hook))
@@ -51,17 +40,27 @@
;; Persist history over Emacs restarts. Vertico sorts by history position.
(use-package savehist
;; This is an emacs built-in but we're pulling the latest version
:pin gnu
:config
(savehist-mode))
(use-package which-key
:pin gnu
:diminish
:config
(which-key-mode))
(use-package windmove
:config
(windmove-default-keybindings))
;; This is an emacs built-in but we're pulling the latest version
:pin gnu
:bind
(
("S-<up>" . windmove-up)
("S-<right>" . windmove-right)
("S-<down>" . windmove-down)
("S-<left>" . windmove-left)
)
)
(setq tramp-default-method "ssh")

57
nix/configuration/roles/emacs/files/emacs/elisp/base.el
View File

@@ -24,11 +24,51 @@
(setq autoload-directory (concat user-emacs-directory (file-name-as-directory "elisp") (file-name-as-directory "autoload")))
(add-to-list 'load-path (assert-directory autoload-directory))
(use-package emacs
:ensure nil
:bind
(("C-z" . nil)
("C-x C-z" . nil)
("RET" . newline-and-indent)
)
:custom
;; Replace highlighted text if you start typing.
(delete-selection-mode 1)
(history-length 300)
;; Enable auto-revert for buffers like dired
(global-auto-revert-non-file-buffers t)
;; If the underlying file changes, reload it automatically. This is useful for moving around in git without confusing language servers.
(auto-revert-avoid-polling t)
(auto-revert-interval 5)
(auto-revert-check-vc-info t)
(global-auto-revert-mode t)
;; Disable backup files and lockfiles
(create-lockfiles nil)
(make-backup-files nil)
(backup-inhibited t)
;; Do not auto-save files
(auto-save-default nil)
(pixel-scroll-precision-mode t)
(pixel-scroll-precision-use-momentum nil)
:config
(setq enable-recursive-minibuffers t)
;; Filter the M-x list base on the current mode
(setq read-extended-command-predicate #'command-completion-default-include-p)
;; Enable triggering completion with the tab key.
(setq tab-always-indent 'complete)
)
(setq-default
;; Disable backup files and lockfiles
make-backup-files nil
auto-save-default nil
create-lockfiles nil
;; Unless otherwise specified, always install packages if they are absent.
use-package-always-ensure t
;; Point custom-file at /dev/null so emacs does not write any settings to my dotfiles.
@@ -63,6 +103,9 @@
show-trailing-whitespace t
;; Remove the line when killing it with ctrl-k
kill-whole-line t
;; Show the current project in the mode line
project-mode-line t
)
;; (setq-default fringes-outside-margins t)
@@ -77,12 +120,6 @@
;; Delete trailing whitespace before save
(add-hook 'before-save-hook 'delete-trailing-whitespace)
;; If the underlying file changes, reload it automatically. This is useful for moving around in git without confusing language servers.
(setopt auto-revert-avoid-polling t)
(setopt auto-revert-interval 5)
(setopt auto-revert-check-vc-info t)
(global-auto-revert-mode)
;;;;; Performance
;; Run garbage collect when emacs is idle
(run-with-idle-timer 5 t (lambda () (garbage-collect)))

18
nix/configuration/roles/emacs/files/emacs/elisp/lang-cmake.el Normal file
View File

@@ -0,0 +1,18 @@
(require 'common-lsp)
(use-package cmake-mode
:commands cmake-mode
:hook (
(cmake-mode . (lambda ()
(eglot-ensure)
(defclass my/eglot-cmake (eglot-lsp-server) ()
:documentation
"Own eglot server class.")
(add-to-list 'eglot-server-programs
'(cmake-mode . (my/eglot-cmake "cmake-language-server")))
))
)
)
(provide 'lang-cmake)

16
nix/configuration/roles/emacs/files/emacs/elisp/lang-d2.el Normal file
View File

@@ -0,0 +1,16 @@
(defun d2-format-buffer ()
"Run prettier."
(interactive)
(run-command-on-buffer "d2" "fmt" "-")
)
(use-package d2-mode
:commands (d2-mode)
:hook (
(d2-mode . (lambda ()
;; (add-hook 'before-save-hook 'd2-format-buffer nil 'local)
))
)
)
(provide 'lang-d2)

10
nix/configuration/roles/emacs/files/emacs/elisp/lang-javascript.el
View File

@@ -1,6 +1,12 @@
(require 'common-lsp)
(require 'util-tree-sitter)
(defun js-format-buffer ()
"Run prettier."
(interactive)
(run-command-on-buffer "prettier" "--stdin-filepath" buffer-file-name)
)
(use-package json-ts-mode
:ensure nil
:pin manual
@@ -113,10 +119,14 @@
("\\.js\\'" . js-ts-mode)
)
:commands (js-ts-mode)
:custom (
(js-indent-level 2)
)
:hook (
(js-ts-mode . (lambda ()
(when-linux
(eglot-ensure)
(add-hook 'before-save-hook 'js-format-buffer nil 'local)
)
))
)

19
nix/configuration/roles/emacs/files/emacs/elisp/lang-org.el
View File

@@ -1,16 +1,23 @@
(use-package org
:ensure nil
:commands org-mode
:bind (
:bind (:map org-mode-map
("C-c l" . org-store-link)
("C-c a" . org-agenda)
("C--" . org-timestamp-down)
("C-=" . org-timestamp-up)
("S-<up>" . org-shiftup)
("S-<right>" . org-shiftright)
("S-<down>" . org-shiftdown)
("S-<left>" . org-shiftleft)
)
:hook (
(org-mode . (lambda ()
(org-indent-mode +1)
))
))
;; Make windmove work in Org mode:
(org-shiftup-final . windmove-up)
(org-shiftleft-final . windmove-left)
(org-shiftdown-final . windmove-down)
(org-shiftright-final . windmove-right)
)
:config
(require 'org-tempo)
@@ -80,4 +87,8 @@
(use-package gnuplot)
(use-package graphviz-dot-mode)
(use-package htmlize
;; For syntax highlighting when exporting to HTML.
)
(provide 'lang-org)

6
nix/configuration/roles/emacs/files/emacs/elisp/lang-rust.el
View File

@@ -46,7 +46,7 @@
(when rust-analyzer-command
;; (add-to-list 'eglot-server-programs `(rust-ts-mode . (,rust-analyzer-command)))
(add-to-list 'eglot-server-programs `(rust-ts-mode . (,rust-analyzer-command :initializationOptions (:imports (:granularity (:enforce t :group "item")
:merge (:glob nil)
:merge (:glob :json-false)
:prefix "self")
))))
)
@@ -60,8 +60,8 @@
(unless (treesit-ready-p 'rust) (treesit-install-language-grammar 'rust))
:config
;; Add keybindings for interacting with Cargo
(use-package cargo
:hook (rust-ts-mode . cargo-minor-mode))
;; (use-package cargo
;; :hook (rust-ts-mode . cargo-minor-mode))
)
(use-package toml-ts-mode

4
nix/configuration/roles/emacs/files/emacs/init.el
View File

@@ -38,4 +38,8 @@
(require 'lang-nix)
(require 'lang-cmake)
(require 'lang-d2)
(load-directory autoload-directory)

232
nix/configuration/roles/firefox/default.nix
View File

@@ -8,114 +8,132 @@
{
imports = [ ];
programs.firefox = {
enable = true;
package = (pkgs.wrapFirefox (pkgs.firefox-unwrapped.override { pipewireSupport = true; }) { });
languagePacks = [ "en-US" ];
preferences = {
# "identity.sync.tokenserver.uri": "https://ffsync.fizz.buzz/token/1.0/sync/1.5";
"media.hardware-video-decoding.force-enabled" = true;
"media.ffmpeg.vaapi.enabled" = true;
"doh-rollout.doorhanger-decision" = "UIDisabled";
"dom.security.https_only_mode" = true;
"dom.security.https_only_mode_ever_enabled" = true;
"extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
# Disable ads
"extensions.pocket.enabled" = false;
"browser.newtabpage.activity-stream.showSponsored" = false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
"browser.newtabpage.activity-stream.feeds.section.topstories" = false;
"browser.newtabpage.pinned" = "[]";
"browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
"browser.topsites.contile.enabled" = false;
# Disable cache when devtools are open.
"devtools.cache.disabled" = true;
# Do not track header.
"privacy.donottrackheader.enabled" = true;
# Tell websites not to share or sell my data.
"privacy.globalprivacycontrol.enabled" = true;
# Disable "studies" (slice testing)
"app.shield.optoutstudies.enabled" = false;
# Disable attribution which is used by advertisers to track you.
"dom.private-attribution.submission.enabled" = false;
# Disable battery status, used to track users.
"dom.battery.enabled" = false;
# Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
#
# This breaks copying from BigQuery https://github.com/microsoft/monaco-editor/issues/1540
# dom.event.clipboardevents.enabled: false
# Isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains.
"privacy.firstparty.isolate" = true;
# Do not preload URLs that auto-complete in the address bar.
"browser.urlbar.speculativeConnect.enabled" = false;
# Do not resist fingerprinting because that tells websites to use light mode.
# https://bugzilla.mozilla.org/show_bug.cgi?id=1732114
"privacy.resistFingerprinting" = false; # (default false)
# Instead, enable fingerprinting protection, which allows configuring an override.
"privacy.fingerprintingProtection" = true;
# Allow sending dark mode preference to websites.
# Allow sending timezone to websites.
"privacy.fingerprintingProtection.overrides" =
"+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked";
# Disable weather on new tab page
"browser.newtabpage.activity-stream.showWeather" = false;
};
# Check about:policies#documentation and https://mozilla.github.io/policy-templates/ for options.
policies = {
DisableTelemetry = true;
DisplayBookmarksToolbar = "newtab";
# Check about:support for extension/add-on ID strings.
# Valid strings for installation_mode are "allowed", "blocked",
# "force_installed" and "normal_installed".
ExtensionSettings = {
# "*".installation_mode = "blocked"; # blocks all addons except the ones specified below
"uBlock0@raymondhill.net" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
installation_mode = "force_installed";
};
"firefox@teleparty.com" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/netflix-party-is-now-teleparty/latest.xpi";
installation_mode = "normal_installed";
};
"@ublacklist" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublacklist/latest.xpi";
installation_mode = "normal_installed";
};
"@react-devtools" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/react-devtools/latest.xpi";
installation_mode = "normal_installed";
};
};
options.me = {
firefox.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install firefox.";
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".mozilla";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".cache/mozilla";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
config = lib.mkIf config.me.firefox.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
programs.firefox = {
enable = true;
package = (pkgs.wrapFirefox (pkgs.firefox-unwrapped.override { pipewireSupport = true; }) { });
languagePacks = [ "en-US" ];
preferences = {
# "identity.sync.tokenserver.uri": "https://ffsync.fizz.buzz/token/1.0/sync/1.5";
"media.hardware-video-decoding.force-enabled" = true;
"media.ffmpeg.vaapi.enabled" = true;
"doh-rollout.doorhanger-decision" = "UIDisabled";
"dom.security.https_only_mode" = true;
"dom.security.https_only_mode_ever_enabled" = true;
"extensions.activeThemeID" = "firefox-compact-dark@mozilla.org";
# Disable ads
"extensions.pocket.enabled" = false;
"browser.newtabpage.activity-stream.showSponsored" = false;
"browser.newtabpage.activity-stream.showSponsoredTopSites" = false;
"browser.newtabpage.activity-stream.feeds.section.topstories" = false;
"browser.newtabpage.pinned" = "[]";
"browser.newtabpage.activity-stream.section.highlights.includePocket" = false;
"browser.topsites.contile.enabled" = false;
# Disable cache when devtools are open.
"devtools.cache.disabled" = true;
# Do not track header.
"privacy.donottrackheader.enabled" = true;
# Tell websites not to share or sell my data.
"privacy.globalprivacycontrol.enabled" = true;
# Disable "studies" (slice testing)
"app.shield.optoutstudies.enabled" = false;
# Disable attribution which is used by advertisers to track you.
"dom.private-attribution.submission.enabled" = false;
# Disable battery status, used to track users.
"dom.battery.enabled" = false;
# Disable that websites can get notifications if you copy, paste, or cut something from a web page, and it lets them know which part of the page had been selected.
#
# This breaks copying from BigQuery https://github.com/microsoft/monaco-editor/issues/1540
# dom.event.clipboardevents.enabled: false
# Isolates all browser identifier sources (e.g. cookies) to the first party domain, with the goal of preventing tracking across different domains.
"privacy.firstparty.isolate" = true;
# Do not preload URLs that auto-complete in the address bar.
"browser.urlbar.speculativeConnect.enabled" = false;
# Do not resist fingerprinting because that tells websites to use light mode.
# https://bugzilla.mozilla.org/show_bug.cgi?id=1732114
"privacy.resistFingerprinting" = false; # (default false)
# Instead, enable fingerprinting protection, which allows configuring an override.
"privacy.fingerprintingProtection" = true;
# Allow sending dark mode preference to websites.
# Allow sending timezone to websites.
"privacy.fingerprintingProtection.overrides" =
"+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked";
# Disable weather on new tab page
"browser.newtabpage.activity-stream.showWeather" = false;
# Disable AI stuff that wastes battery life
"browser.ml.chat.enabled" = false;
"browser.ml.enabled" = false;
};
# Check about:policies#documentation and https://mozilla.github.io/policy-templates/ for options.
policies = {
DisableTelemetry = true;
DisplayBookmarksToolbar = "newtab";
# Check about:support for extension/add-on ID strings.
# Valid strings for installation_mode are "allowed", "blocked",
# "force_installed" and "normal_installed".
ExtensionSettings = {
# "*".installation_mode = "blocked"; # blocks all addons except the ones specified below
"uBlock0@raymondhill.net" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
installation_mode = "force_installed";
};
# "firefox@teleparty.com" = {
# install_url = "https://addons.mozilla.org/firefox/downloads/latest/netflix-party-is-now-teleparty/latest.xpi";
# installation_mode = "normal_installed";
# };
"@ublacklist" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublacklist/latest.xpi";
installation_mode = "normal_installed";
};
"@react-devtools" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/react-devtools/latest.xpi";
installation_mode = "normal_installed";
};
};
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".mozilla";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".cache/mozilla";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
})
]
);
}

29
nix/configuration/roles/flux/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
flux.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install flux.";
};
};
config = lib.mkIf config.me.flux.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
fluxcd
];
}
]
);
}

28
nix/configuration/roles/fonts/default.nix
View File

@@ -8,20 +8,22 @@
{
imports = [ ];
fonts = {
enableDefaultPackages = false;
packages = with pkgs; [
cascadia-code
source-sans-pro
source-serif-pro
noto-fonts-cjk-sans
noto-fonts-cjk-serif
noto-fonts-color-emoji
];
config = lib.mkIf config.me.graphical {
fonts = {
enableDefaultPackages = false;
packages = with pkgs; [
cascadia-code
source-sans-pro
source-serif-pro
noto-fonts-cjk-sans
noto-fonts-cjk-serif
noto-fonts-color-emoji
];
fontconfig = {
localConf = (builtins.readFile ./files/fonts.conf);
useEmbeddedBitmaps = true;
fontconfig = {
localConf = (builtins.readFile ./files/fonts.conf);
useEmbeddedBitmaps = true;
};
};
};
}

18
nix/configuration/roles/fonts/files/fonts.conf
View File

@@ -47,17 +47,17 @@
</alias>
<!-- Screw it. Force Liberation Mono to be source code pro. -->
<match target="pattern">
<test qual="any" name="family"><string>Liberation Mono</string></test>
<edit name="family" mode="assign" binding="same"><string>Cascadia Mono</string></edit>
</match>
<!-- Screw it. Force Liberation Mono to be cascadia mono. -->
<!-- <match target="pattern"> -->
<!-- <test qual="any" name="family"><string>Liberation Mono</string></test> -->
<!-- <edit name="family" mode="assign" binding="same"><string>Cascadia Mono</string></edit> -->
<!-- </match> -->
<!-- Dejavu Sans Mono keeps coming back when I query "monospace". Doesn't happen when I'm using Souce Code Pro but does happen with cascadia... force it to cascadia -->
<match target="pattern">
<test qual="any" name="family"><string>monospace</string></test>
<edit name="family" mode="assign" binding="same"><string>Cascadia Mono</string></edit>
</match>
<!-- <match target="pattern"> -->
<!-- <test qual="any" name="family"><string>monospace</string></test> -->
<!-- <edit name="family" mode="assign" binding="same"><string>Cascadia Mono</string></edit> -->
<!-- </match> -->
<!-- Disable ligatures in monospace fonts. -->
<match target="font">

43
nix/configuration/roles/gcloud/default.nix Normal file
View File

@@ -0,0 +1,43 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
gcloud.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install gcloud.";
};
};
config = lib.mkIf config.me.gcloud.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
(google-cloud-sdk.withExtraComponents [ google-cloud-sdk.components.gke-gcloud-auth-plugin ])
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".config/gcloud";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
}
]
);
}

77
nix/configuration/roles/git/default.nix
View File

@@ -5,18 +5,75 @@
...
}:
let
git_wrapped =
package: prog:
pkgs.writeShellScriptBin "${prog}" ''
export PATH="${
lib.makeBinPath [
pkgs.meld
]
}:$PATH"
exec ${package}/bin/${prog} "''${@}"
'';
in
{
imports = [ ];
environment.systemPackages = with pkgs; [
git
];
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".gitconfig" = {
source = ./files/gitconfig_home;
};
options.me = {
git.config = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
example = ./files/gitconfig_home;
description = "A git config file.";
};
};
config = lib.mkMerge [
{
environment.systemPackages = with pkgs; [
my_git
];
}
(lib.mkIf (config.me.git.config != null) {
me.install.user.talexander.file = {
".gitconfig" = {
source = config.me.git.config;
};
};
})
(lib.mkIf (config.me.graphical) {
nixpkgs.overlays = [
(final: prev: {
my_git = (
pkgs.buildEnv {
name = prev.git.name;
version = prev.git.version;
paths =
(builtins.map (git_wrapped prev.git) [
"git"
])
++ [
prev.git
];
extraOutputsToInstall = [
"man"
"doc"
"info"
];
nativeBuildInputs = [ final.makeWrapper ];
ignoreCollisions = true;
}
);
})
];
})
(lib.mkIf (!config.me.graphical) {
nixpkgs.overlays = [
(final: prev: {
my_git = prev.git;
})
];
})
];
}

28
nix/configuration/roles/git/files/gitconfig_home
View File

@@ -3,33 +3,53 @@
name = Tom Alexander
signingkey = D3A179C9A53C0EDE
[push]
default = simple
default = simple # (default since 2.0)
[alias]
lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
bh = log --oneline --branches=* --remotes=* --graph --decorate
amend = commit --amend --no-edit
authorcount = shortlog --summary --numbered --all --no-merges
[core]
excludesfile = ~/.gitignore_global
[commit]
gpgsign = true
verbose = true
[pull]
rebase = true
[log]
date = local
[init]
defaultBranch = main
# Use meld for `git difftool` and `git mergetool`
[diff]
tool = meld
tool = meld # Use meld for `git difftool` and `git mergetool`
algorithm = histogram
colorMoved = plain
mnemonicPrefix = true
renames = true
[difftool]
prompt = false
[difftool "meld"]
cmd = meld "$LOCAL" "$REMOTE"
[merge]
tool = meld
conflictStyle = zdiff3
[mergetool "meld"]
# Make the middle pane start with partially-merged contents:
cmd = meld "$LOCAL" "$MERGED" "$REMOTE" --output "$MERGED"
# Make the middle pane start without any merge progress:
# cmd = meld "$LOCAL" "$BASE" "$REMOTE" --output "$MERGED"
[column]
ui = auto
[branch]
sort = -committerdate
[tag]
sort = version:refname
[fetch]
prune = true
pruneTags = true
all = true
[rebase]
autoSquash = true
autoStash = true
# updateRefs was annoying when you want to split a branch in two by rebasing away from commits from one branch and rebasing away some commits from another branch.
updateRefs = false

30
nix/configuration/roles/global_options/default.nix Normal file
View File

@@ -0,0 +1,30 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
# options.me.graphics_card_type = lib.mkOption {
# type = lib.types.nullOr (
# lib.types.enum [
# "amd"
# "intel"
# "nvidia"
# ]
# );
# default = null;
# example = "amd";
# description = "What graphics card type is in the computer.";
# };
# options.me.graphical = lib.mkOption {
# type = lib.types.bool;
# default = false;
# example = true;
# description = "Whether we want to install graphical programs.";
# };
}

29
nix/configuration/roles/gnuplot/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
gnuplot.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install gnuplot.";
};
};
config = lib.mkIf config.me.gnuplot.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
gnuplot
];
}
]
);
}

216
nix/configuration/roles/gpg/default.nix
View File

@@ -16,158 +16,90 @@ in
{
imports = [ ];
# Fetch public keys:
# gpg --locate-keys tom@fizz.buzz
#
# gpg -vvv --auto-key-locate local,wkd --locate-keys tom@fizz.buzz
hardware.gpgSmartcards.enable = true;
services.udev.packages = [
pkgs.yubikey-personalization
pkgs.libfido2
(pkgs.writeTextFile {
name = "my-rules";
text = ''
ACTION=="add", SUBSYSTEM=="usb", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0406", MODE="660", GROUP="wheel"
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0406", TAG+="uaccess", GROUP="wheel", MODE="0660"
'';
destination = "/etc/udev/rules.d/50-yubikey.rules";
})
];
services.pcscd.enable = true;
# services.gnome.gnome-keyring.enable = true;
# services.dbus.packages = [ pkgs.gcr ];
# services.pcscd.plugins = lib.mkForce [ ];
# programs.gpg.scdaemonSettings = {
# disable-ccid = true;
# };
# .gnupg/scdaemon.conf
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".gnupg/scdaemon.conf" = {
source = ./files/scdaemon.conf;
};
};
# programs.gnupg.dirmngr.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-qt;
# settings = {
# disable-ccid = true;
# };
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".gnupg";
user = "talexander";
group = "talexander";
mode = "0700";
} # Local keyring
];
options.me = {
gpg.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install gpg.";
};
};
nixpkgs.overlays = [
(final: prev: {
# pcsclite = prev.pcsclite.overrideAttrs (old: {
# postPatch = ''
# substituteInPlace src/libredirect.c src/spy/libpcscspy.c \
# --replace-fail "libpcsclite_real.so.1" "$lib/lib/libpcsclite_real.so.1"
# '';
# });
config = lib.mkIf config.me.gpg.enable (
lib.mkMerge [
{
# Fetch public keys:
# gpg --locate-keys tom@fizz.buzz
#
# gpg -vvv --auto-key-locate local,wkd --locate-keys tom@fizz.buzz
# pcsclite = prev.pcsclite.overrideAttrs (old: {
# postPatch =
# old.postPatch
# + (lib.optionalString
# (!(lib.strings.hasInfix ''--replace-fail "libpcsclite_real.so.1"'' old.postPatch))
# ''
# substituteInPlace src/libredirect.c src/spy/libpcscspy.c \
# --replace-fail "libpcsclite_real.so.1" "$lib/lib/libpcsclite_real.so.1"
# ''
# );
# });
hardware.gpgSmartcards.enable = true;
services.udev.packages = [
pkgs.yubikey-personalization
pkgs.libfido2
(pkgs.writeTextFile {
name = "my-rules";
text = ''
ACTION=="add", SUBSYSTEM=="usb", ENV{ID_VENDOR_ID}=="1050", ENV{ID_MODEL_ID}=="0406", MODE="660", GROUP="wheel"
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0406", TAG+="uaccess", GROUP="wheel", MODE="0660"
'';
destination = "/etc/udev/rules.d/50-yubikey.rules";
})
];
services.pcscd.enable = true;
# services.gnome.gnome-keyring.enable = true;
# pcsclite = prev.pcsclite.overrideAttrs (old: {
# postPatch =
# old.postPatch
# + ''
# substituteInPlace src/libredirect.c src/spy/libpcscspy.c \
# --replace-fail "libpcsclite_real.so.1" "$lib/lib/libpcsclite_real.so.1"
# '';
# });
# services.dbus.packages = [ pkgs.gcr ];
# gnupg = prev.gnupg.override {
# pcsclite = pkgs.pcsclite.overrideAttrs (old: {
# postPatch =
# old.postPatch
# + (lib.optionalString
# (!(lib.strings.hasInfix ''--replace-fail "libpcsclite_real.so.1"'' old.postPatch))
# ''
# substituteInPlace src/libredirect.c src/spy/libpcscspy.c \
# --replace-fail "libpcsclite_real.so.1" "$lib/lib/libpcsclite_real.so.1"
# ''
# );
# });
# };
})
];
# services.pcscd.plugins = lib.mkForce [ ];
# security.polkit.extraConfig = ''
# polkit.addRule(function(action, subject) {
# if (action.id == "org.debian.pcsc-lite.access_card") {
# return polkit.Result.YES;
# }
# });
# programs.gpg.scdaemonSettings = {
# disable-ccid = true;
# };
# polkit.addRule(function(action, subject) {
# if (action.id == "org.debian.pcsc-lite.access_pcsc") {
# return polkit.Result.YES;
# }
# });
# '';
me.install.user.talexander.file = {
".gnupg/scdaemon.conf" = {
source = ./files/scdaemon.conf;
};
};
environment.systemPackages = with pkgs; [
pcsclite
pcsctools
yubikey-personalization
yubikey-manager
glibcLocales
ccid
libusb-compat-0_1
gpg_test_wkd
];
# programs.gnupg.dirmngr.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-qt;
# settings = {
# disable-ccid = true;
# };
};
# nixpkgs.overlays = [
# (final: prev: {
# gnupg = pkgs-unstable.gnupg;
# scdaemon = pkgs-unstable.scdaemon;
# libgcrypt = pkgs-unstable.libgcrypt;
# })
# ];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".gnupg";
user = "talexander";
group = "talexander";
mode = "0700";
} # Local keyring
];
};
};
# nixpkgs.overlays = [
# (final: prev: {
# gnupg = prev.gnupg.overrideAttrs (old: rec {
# version = "2.4.7";
# src = prev.fetchurl {
# url = "https://www.gnupg.org/ftp/gcrypt/gnupg/gnupg-${version}.tar.bz2";
# hash = "sha256-eyRwbk2n4OOwbKBoIxAnQB8jgQLEHJCWMTSdzDuF60Y=";
# };
# });
# })
# ];
environment.systemPackages = with pkgs; [
pcsclite
pcsctools
yubikey-personalization
yubikey-manager
glibcLocales
ccid
libusb-compat-0_1
gpg_test_wkd
];
programs.gnupg.agent.enableExtraSocket = true;
programs.gnupg.agent.enableExtraSocket = true;
}
]
);
}

10
nix/configuration/roles/gpg/files/scdaemon.conf
View File

@@ -1,7 +1,7 @@
reader-port Yubico Yubi
#reader-port Yubico Yubi
disable-ccid
log-file /home/talexander/scd.log
verbose
debug cardio
debug-level 5
#log-file /home/talexander/scd.log
#verbose
#debug cardio
#debug-level 5

22
nix/configuration/roles/graphics/default.nix
View File

@@ -8,7 +8,7 @@
{
imports = [ ];
options.me.graphicsCardType = lib.mkOption {
options.me.graphics_card_type = lib.mkOption {
type = lib.types.nullOr (
lib.types.enum [
"amd"
@@ -37,6 +37,26 @@
xorg.xeyes # to test which windows are using x11
];
hardware.graphics.enable = true;
# hardware.graphics.enable32Bit = true;
# Vulkan Support (64-bit is enabled by default, 32-bit is disabled by default)
# hardware.opengl.driSupport = true; # This is already enabled by default
# hardware.opengl.driSupport32Bit = true; # For 32 bit applications
})
(lib.mkIf (config.me.graphics_card_type == "amd") {
environment.systemPackages = with pkgs; [
nvtopPackages.amd
];
})
(lib.mkIf (config.me.graphics_card_type == "intel") {
environment.systemPackages = with pkgs; [
nvtopPackages.intel
];
})
(lib.mkIf (config.me.graphics_card_type == "nvidia") {
environment.systemPackages = with pkgs; [
nvtopPackages.nvidia
];
})
]
);

49
nix/configuration/roles/hydra/default.nix Normal file
View File

@@ -0,0 +1,49 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
hydra.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install hydra.";
};
};
config = lib.mkIf config.me.hydra.enable (
lib.mkMerge [
{
services.hydra = {
enable = true;
hydraURL = "http://localhost:3000"; # Externally visible URL
notificationSender = "hydra@localhost"; # "From" address for hydra emails.
# a standalone Hydra will require you to unset the buildMachinesFiles list to avoid using a nonexistant /etc/nix/machines
buildMachinesFiles = [ ];
useSubstitutes = true;
};
# nix.buildMachines = [
# {
# hostName = "localhost";
# protocol = null;
# system = "x86_64-linux";
# supportedFeatures = [
# "kvm"
# "nixos-test"
# "big-parallel"
# "benchmark"
# ];
# maxJobs = 8;
# }
# ];
}
]
);
}

45
nix/configuration/roles/iso_mount/default.nix Normal file
View File

@@ -0,0 +1,45 @@
{
config,
lib,
pkgs,
...
}:
let
iso_mount =
(pkgs.writeScriptBin "iso_mount" (builtins.readFile ./files/iso_mount.bash)).overrideAttrs
(old: {
buildCommand = "${old.buildCommand}\n patchShebangs $out";
});
iso_unmount =
(pkgs.writeScriptBin "iso_unmount" (builtins.readFile ./files/iso_unmount.bash)).overrideAttrs
(old: {
buildCommand = "${old.buildCommand}\n patchShebangs $out";
});
in
{
imports = [ ];
options.me = {
iso_mount.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install iso_mount.";
};
};
config = lib.mkIf config.me.iso_mount.enable (
lib.mkMerge [
{
environment.systemPackages = [
iso_mount
iso_unmount
];
}
]
);
}

8
nix/configuration/roles/iso_mount/files/iso_mount.bash Normal file
View File

@@ -0,0 +1,8 @@
#!/usr/bin/env bash
#
# Mount a full-disk image as a loopback device so you can mount individual partitions from inside of it.
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
exec udisksctl loop-setup -r -f "${@}"

8
nix/configuration/roles/iso_mount/files/iso_unmount.bash Normal file
View File

@@ -0,0 +1,8 @@
#!/usr/bin/env bash
#
# Mount a full-disk image as a loopback device so you can mount individual partitions from inside of it.
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
exec udisksctl loop-delete "${@}"

47
nix/configuration/roles/kanshi/default.nix
View File

@@ -17,21 +17,36 @@ in
{
imports = [ ];
environment.systemPackages = with pkgs; [
kanshi
];
me.swayIncludes = [
exec_kanshi
];
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file = {
".config/kanshi/config" = {
source = ./files/config_kanshi;
};
};
options.me = {
kanshi.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install kanshi.";
};
};
config = lib.mkIf config.me.kanshi.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
];
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
kanshi
];
me.swayIncludes = [
exec_kanshi
];
me.install.user.talexander.file = {
".config/kanshi/config" = {
source = ./files/config_kanshi;
};
};
})
]
);
}

Some files were not shown because too many files have changed in this diff Show More