talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: talexander:d9bc4f15d8adaeccbc494dc33e67a9fafbe4363a
Branches Tags
talexander:main
talexander:nix
talexander:install_files_mixin
talexander:starship
talexander:pixelbook
..
compare: talexander:aae534308a46db3f52885119575bc30b21a2c70c
Branches Tags
talexander:nix
talexander:install_files_mixin
talexander:main
talexander:starship
talexander:pixelbook

No commits in common. "d9bc4f15d8adaeccbc494dc33e67a9fafbe4363a" and "aae534308a46db3f52885119575bc30b21a2c70c" have entirely different histories.
d9bc4f15d8 ... aae534308a

17 changed files with 12 additions and 233 deletions
Show Stats Expand all files Collapse all files

0
nix/configuration/roles/boot/default.nix → nix/configuration/boot.nix
View File

11
nix/configuration/configuration.nix
View File

@ -18,9 +18,9 @@
sha256 = "0j76ar4qz320fakdii4659w5lww8wiz6yb7g47npywqvf2lbp388"; sha256 = "0j76ar4qz320fakdii4659w5lww8wiz6yb7g47npywqvf2lbp388";
} }
}/module.nix" }/module.nix"
./roles/boot ./boot.nix
./roles/zfs ./zfs.nix
./roles/network ./network.nix
./roles/firewall ./roles/firewall
./roles/zsh ./roles/zsh
./roles/graphics ./roles/graphics
@ -35,10 +35,6 @@
./roles/gpg ./roles/gpg
./roles/waybar ./roles/waybar
./roles/qemu ./roles/qemu
./roles/wireguard
./roles/bsnes
./roles/ssh
./roles/python
]; ];
nix.settings.experimental-features = [ nix.settings.experimental-features = [
@ -126,7 +122,6 @@
ripgrep ripgrep
strace strace
tcpdump tcpdump
git-crypt
]; ];
services.openssh = { services.openssh = {

8
nix/configuration/flake.lock generated
View File

@ -181,11 +181,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1735141468, "lastModified": 1734991663,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=", "narHash": "sha256-8T660guvdaOD+2/Cj970bWlQwAyZLKrrbkhYOFcY1YE=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce", "rev": "6c90912761c43e22b6fb000025ab96dd31c971ff",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -345,7 +345,7 @@
}, },
"locked": { "locked": {
"lastModified": 1, "lastModified": 1,
"narHash": "sha256-TFks1dvPwAXKQeePh9jmxj06ZfXArH1pN9yXVQWeL6w=", "narHash": "sha256-Cf8NVSnjPiAi29Df1Tb1Ea6uqISWps5nx3qJl5yAbOo=",
"path": "flakes/zsh-histdb", "path": "flakes/zsh-histdb",
"type": "path" "type": "path"
}, },

6
nix/configuration/flakes/zsh-histdb/flake.lock generated
View File

@ -20,11 +20,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1735141468, "lastModified": 1734991663,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=", "narHash": "sha256-8T660guvdaOD+2/Cj970bWlQwAyZLKrrbkhYOFcY1YE=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce", "rev": "6c90912761c43e22b6fb000025ab96dd31c971ff",
"type": "github" "type": "github"
}, },
"original": { "original": {

7
nix/configuration/hosts/odo/default.nix
View File

@ -4,7 +4,6 @@
./hardware-configuration.nix ./hardware-configuration.nix
./disk-config.nix ./disk-config.nix
./optimized_build.nix ./optimized_build.nix
./power_management.nix
]; ];
# Generate with `head -c4 /dev/urandom | od -A none -t x4` # Generate with `head -c4 /dev/urandom | od -A none -t x4`
@ -15,10 +14,4 @@
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
me.secureBoot.enable = true; me.secureBoot.enable = true;
# Early KMS
boot.initrd.kernelModules = [ "amdgpu" ];
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
} }

21
nix/configuration/hosts/odo/optimized_build.nix
View File

@ -2,29 +2,11 @@
config, config,
lib, lib,
pkgs, pkgs,
pkgs-unstable,
... ...
}: }:
{ {
imports = [ ]; imports = [ ];
nix.settings.system-features = lib.mkForce [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing pkgwait
"gccarch-x86-64-v3"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
# nixpkgs.hostPlatform = {
# gcc.arch = "znver4";
# gcc.tune = "znver4";
# system = "x86_64-linux";
# };
nixpkgs.overlays = [ nixpkgs.overlays = [
( (
self: super: self: super:
@ -42,9 +24,6 @@
]; ];
} }
) )
(final: prev: {
linux-firmware = pkgs-unstable.linux-firmware;
})
]; ];
boot.kernelPackages = lib.mkIf (!config.me.buildingIso) (pkgs.linuxPackagesFor pkgs.linux_znver4); boot.kernelPackages = lib.mkIf (!config.me.buildingIso) (pkgs.linuxPackagesFor pkgs.linux_znver4);

14
nix/configuration/hosts/odo/power_management.nix
View File

@ -1,14 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
environment.systemPackages = with pkgs; [
powertop
];
}

11
nix/configuration/roles/network/default.nix → nix/configuration/network.nix
View File

@ -16,7 +16,7 @@
]; ];
services.resolved = { services.resolved = {
enable = true; enable = true;
# dnssec = "true"; dnssec = "true";
domains = [ "~." ]; domains = [ "~." ];
fallbackDns = [ ]; fallbackDns = [ ];
dnsovertls = "true"; dnsovertls = "true";
@ -25,14 +25,7 @@
# Without this, systemd-resolved will send DNS requests for <X>.home.arpa to the per-link DNS server (172.16.0.1) which does not support DNS-over-TLS. This leads to the connection anging and timing out. This causes firefox startup to take an extra 10+ seconds. # Without this, systemd-resolved will send DNS requests for <X>.home.arpa to the per-link DNS server (172.16.0.1) which does not support DNS-over-TLS. This leads to the connection anging and timing out. This causes firefox startup to take an extra 10+ seconds.
# #
# Test with: drill @127.0.0.53 odo.home.arpa # Test with: drill @127.0.0.53 odo.home.arpa
networking.extraHosts = '' networking.extraHosts = "127.0.0.1 odo.home.arpa";
127.0.0.1 odo.home.arpa
10.216.1.1 homeserver
10.216.1.6 media
10.216.1.12 odo
10.217.1.1 drmario
10.217.2.1 mrmanager
'';
networking.wireless.iwd = { networking.wireless.iwd = {
enable = true; enable = true;

14
nix/configuration/roles/bsnes/default.nix
View File

@ -1,14 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
environment.systemPackages = with pkgs; [
bsnes-hd
];
}

64
nix/configuration/roles/gpg/default.nix
View File

@ -2,7 +2,6 @@
config, config,
lib, lib,
pkgs, pkgs,
pkgs-unstable,
... ...
}: }:
@ -14,36 +13,9 @@
# #
# gpg -vvv --auto-key-locate local,wkd --locate-keys tom@fizz.buzz # gpg -vvv --auto-key-locate local,wkd --locate-keys tom@fizz.buzz
hardware.gpgSmartcards.enable = true;
services.udev.packages = [ pkgs.yubikey-personalization ];
services.pcscd.enable = true;
# services.gnome.gnome-keyring.enable = true;
# services.dbus.packages = [ pkgs.gcr ];
# services.pcscd.plugins = lib.mkForce [ ];
# programs.gpg.scdaemonSettings = {
# disable-ccid = true;
# };
# .gnupg/scdaemon.conf
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".gnupg/scdaemon.conf" = {
source = ./files/scdaemon.conf;
};
};
programs.gnupg.dirmngr.enable = true;
programs.gnupg.agent = { programs.gnupg.agent = {
enable = true; enable = true;
enableSSHSupport = true; enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-qt;
# settings = {
# disable-ccid = true;
# };
}; };
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
@ -60,40 +32,4 @@
}; };
}; };
# nixpkgs.overlays = [
# (final: prev: {
# pcsclite = prev.pcsclite.overrideAttrs (old: {
# postPatch = ''
# substituteInPlace src/libredirect.c src/spy/libpcscspy.c \
# --replace-fail "libpcsclite_real.so.1" "$lib/lib/libpcsclite_real.so.1"
# '';
# });
# })
# ];
# security.polkit.extraConfig = ''
# polkit.addRule(function(action, subject) {
# if (action.id == "org.debian.pcsc-lite.access_card") {
# return polkit.Result.YES;
# }
# });
# polkit.addRule(function(action, subject) {
# if (action.id == "org.debian.pcsc-lite.access_pcsc") {
# return polkit.Result.YES;
# }
# });
# '';
environment.systemPackages = with pkgs; [
pcsctools
];
# nixpkgs.overlays = [
# (final: prev: {
# gnupg = pkgs-unstable.gnupg;
# scdaemon = pkgs-unstable.scdaemon;
# })
# ];
} }

2
nix/configuration/roles/gpg/files/scdaemon.conf
View File

@ -1,2 +0,0 @@
reader-port Yubico Yubi
disable-ccid

18
nix/configuration/roles/python/default.nix
View File

@ -1,18 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
environment.systemPackages = with pkgs; [
python3
poetry
pyright
isort
black
];
}

10
nix/configuration/roles/sound/default.nix
View File

@ -60,14 +60,4 @@
'') '')
]; ];
}; };
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
".local/state/wireplumber" # Sound settings
];
};
};
} }

19
nix/configuration/roles/ssh/default.nix
View File

@ -1,19 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
files = [
".ssh/known_hosts"
];
};
};
}

3
nix/configuration/roles/sway/default.nix
View File

@ -374,7 +374,4 @@ in
}; };
}; };
}; };
# For mounting drives in pcmanfm
services.gvfs.enable = true;
} }

37
nix/configuration/roles/wireguard/default.nix
View File

@ -1,37 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkIf (!config.me.buildingIso) {
networking.firewall.allowedUDPPorts = [ 51821 ];
networking.wireguard.enable = true;
networking.wg-quick.interfaces.drmario.configFile = "/persist/manual/wireguard/drmario.conf";
systemd.services."wg-quick-drmario".after = [
"nss-lookup.target"
"systemd-resolved.service"
"multi-user.target"
];
systemd.services."wg-quick-drmario".preStart = "${pkgs.toybox}/bin/sleep 10";
networking.wg-quick.interfaces.wgh.configFile = "/persist/manual/wireguard/wgh.conf";
systemd.services."wg-quick-wgh".after = [
"nss-lookup.target"
"systemd-resolved.service"
"multi-user.target"
];
systemd.services."wg-quick-wgh".preStart = "${pkgs.toybox}/bin/sleep 10";
};
# environment.systemPackages = with pkgs; [
# wireguard-tools
# ];
}

0
nix/configuration/roles/zfs/default.nix → nix/configuration/zfs.nix
View File