talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: talexander:install_files_mixin
Branches Tags
talexander:main talexander:kubernetes talexander:nix talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook
...
pull from: talexander:nix
Branches Tags
talexander:kubernetes talexander:nix talexander:main talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook

194 Commits
install_fi ... nix

Author SHA1 Message Date
Tom Alexander
8d3ebf7ba2 Update packages. 2026-05-01 20:16:45 -04:00
Tom Alexander
d35cfaacbd Add nix-pin-revision script. 2026-04-26 08:32:17 -04:00
Tom Alexander
8b1212e182 Support hardware accelerated RNG in qemurc. 2026-04-26 08:32:17 -04:00
Tom Alexander
7f0250cb9d Sync to the store before registering paths. 2026-04-26 08:32:17 -04:00
Tom Alexander
bc2636a54c New VPN address for home server. 2026-04-26 08:32:17 -04:00
Tom Alexander
c8147b5e9e Use direct paths for hydra's nix store. 
I was getting corrupted builds, so as a test I am using the direct path where the drive is mounted rather than going through bind mounts.
 2026-04-26 08:32:17 -04:00
Tom Alexander
4115e95bb6 Add a build of nixbsd to nix_builder. 2026-04-26 08:32:17 -04:00
Tom Alexander
4c1465c8d0 Update packages. 2026-04-26 08:32:17 -04:00
Tom Alexander
791f67eb82 Update nix_builder. 2026-04-02 22:03:45 -04:00
Tom Alexander
bf27504a5a Add repair flag to build scripts. 2026-04-02 14:14:11 -04:00
Tom Alexander
620c12eaa7 Add auto-formatting for d2. 2026-04-02 14:04:04 -04:00
Tom Alexander
e2658412ab Fix stuttery zoom on google maps. 2026-03-29 19:40:51 -04:00
Tom Alexander
a86e8c3a18 Fix rga alias. 2026-03-29 19:40:51 -04:00
Tom Alexander
299185970d Add stream to /etc/hosts 2026-03-19 18:16:57 -04:00
Tom Alexander
6670fdbe73 Merge branch 'family_disks' into nix 2026-03-08 13:01:20 -04:00
Tom Alexander
ed4eead5c0 Add a config for the machine to recover the family disks. 2026-03-08 13:01:11 -04:00
Tom Alexander
7f9f010217 Add support for a portable monitor. 2026-03-07 16:39:21 -05:00
Tom Alexander
ea133ded21 Add the next_hop script. 
This script determines the next hop for a packet leaving this machine destined for the given address.
 2026-03-04 21:13:40 -05:00
Tom Alexander
04ede4bfee Add a role for loading esims onto standalone sim cards. 2026-03-01 16:51:34 -05:00
Tom Alexander
2529ca4510 Disable some stuff in firefox. 2026-02-22 13:21:01 -05:00
Tom Alexander
69384f6cad Use rust nix-builder instead of bash script. 2026-02-22 13:21:01 -05:00
Tom Alexander
3df022ab3f Move org custom faces to a use-package :custom-face block. 
This prevent the faces from being written to custom.el.
 2026-02-22 13:21:01 -05:00
Tom Alexander
bf006a968b Update jujutsu config. 2026-02-22 13:21:01 -05:00
Tom Alexander
b1b2ea2109 Add git hide and git unhide scripts. 2026-02-14 12:33:06 -05:00
Tom Alexander
1211bc1c44 Remove programs.adb.enable. 2026-02-14 12:33:06 -05:00
Tom Alexander
776ed67675 Set up hydra as a remote build machine. 2026-02-13 10:37:29 -05:00
Tom Alexander
24e03ed8f7 Update packages in nix. 2026-02-13 10:36:49 -05:00
Tom Alexander
e75c4087c3 Add keep-alive to ssh connections. 2026-02-13 10:36:49 -05:00
Tom Alexander
43f3c1f955 Add some nix settings. 2026-02-13 10:36:47 -05:00
Tom Alexander
7ab1d4b9e1 Add the v4l utilities to control webcam settings. 2026-02-06 11:24:05 -05:00
Tom Alexander
ad88a526bc Add support for the android debug bridge. 2026-02-03 18:15:35 -05:00
Tom Alexander
b0cebc7973 Add a work monitor to shikane. 2026-02-03 11:10:45 -05:00
Tom Alexander
c90513cbea Install beamer with LaTeX. 2026-01-08 22:18:38 -05:00
Tom Alexander
07a8882766 Install graphviz. 2026-01-02 10:11:39 -05:00
Tom Alexander
e106a9fad1 Add nftables-mode to emacs. 2026-01-01 22:00:14 -05:00
Tom Alexander
70f3ae6894 Add a nix-flake-repl script. 2026-01-01 11:01:13 -05:00
Tom Alexander
d883dda34c Remove old TODO. 2025-12-27 20:45:20 -05:00
Tom Alexander
05a0459e5a Add toml2nix. 2025-12-16 18:43:37 -05:00
Tom Alexander
641c21c77f Add C/C++ debugging to personal vscode. 2025-12-13 23:15:59 -05:00
Tom Alexander
88634655d0 Fix firmware updating now that my UEFI system partition is mounted at /efi 2025-12-13 23:15:33 -05:00
Tom Alexander
0bd5931013 Fix the self repl script. 2025-12-10 21:35:50 -05:00
Tom Alexander
dc28b9a112 Inject the password-store flag to vscode. 2025-12-10 20:57:26 -05:00
Tom Alexander
d8d466e737 Update steam deck packages. 2025-12-09 20:38:18 -05:00
Tom Alexander
f94278e96d Re-enable rofimoji. 2025-12-09 13:52:45 -05:00
Tom Alexander
6452d591a7 Install yaml2nix. 2025-12-08 23:21:59 -05:00
Tom Alexander
4fbbec96c0 Another fix for screen scaling when sharing screen. 2025-12-08 13:01:42 -05:00
Tom Alexander
412c6d7220 Another fix for screen scaling when sharing screen. 2025-12-04 15:26:51 -05:00
Tom Alexander
519354fd2c Install pgformatter. 2025-12-03 16:12:36 -05:00
Tom Alexander
6d976d8319 Force cascadia mono. 2025-12-03 12:58:02 -05:00
Tom Alexander
910652e98c Fix scaling monitor when entering screen sharing. 2025-12-02 12:21:53 -05:00
Tom Alexander
e218973f1b Remove local copy of grub package. 2025-11-30 15:02:03 -05:00
Tom Alexander
b48d2b7b25 Disable the binary cache. 2025-11-30 14:16:48 -05:00
Tom Alexander
144d8fab6c Fix quark's updating. 2025-11-30 12:22:03 -05:00
Tom Alexander
15c99bc0b5 Remove the deprecated --fast flag. 2025-11-30 09:24:14 -05:00
Tom Alexander
a547b3b04b Enable content-addressed derivations. 
ref: https://www.tweag.io/blog/2020-09-10-nix-cas/
 2025-11-30 08:22:14 -05:00
Tom Alexander
5de1c0cb56 Remove an unnecessary line. 2025-11-29 23:00:25 -05:00
Tom Alexander
906741bfcf Remove uses of nix.extraOptions. 
This lets me override individual variables using nix's module system.
 2025-11-29 20:53:41 -05:00
Tom Alexander
568440f3f1 Trust odowork. 2025-11-29 19:59:10 -05:00
Tom Alexander
e428bd2f00 Add a note about ssh serve. 
Ref: https://nix.dev/manual/nix/2.26/package-management/ssh-substituter
 2025-11-29 18:57:33 -05:00
Tom Alexander
9bd896ff4b Install htop on hydra. 2025-11-29 18:43:12 -05:00
Tom Alexander
f663f794d0 Trust quark. 2025-11-29 18:40:37 -05:00
Tom Alexander
782253a557 Merge branch 'hydra' into nix 2025-11-29 18:36:38 -05:00
Tom Alexander
4ca486d7f8 Add a host for hydra. 2025-11-29 18:35:56 -05:00
Tom Alexander
8eb3c459bd Run nix daemon with idle priority on end-user devices. 2025-11-29 18:29:22 -05:00
Tom Alexander
1523e691d5 Build everything from source on steam deck. 2025-11-29 15:50:51 -05:00
Tom Alexander
c4ff96b847 Remove work-arounds. 2025-11-27 17:28:37 -05:00
Tom Alexander
aa05ab7289 Install microsoft fonts on odowork. 2025-11-27 13:20:16 -05:00
Tom Alexander
b743421749 Fix the installer image. 2025-11-27 13:20:14 -05:00
Tom Alexander
9099c4b67e Update packages. 2025-11-25 20:43:08 -05:00
Tom Alexander
b67b491efa Match extension versions for work. 2025-11-25 17:40:55 -05:00
Tom Alexander
ddd3200ca6 Add a role for gnome keyring. 2025-11-24 23:01:40 -05:00
Tom Alexander
d0968ab836 Install remote tunnels on odowork. 2025-11-24 22:55:31 -05:00
Tom Alexander
8c223a066d Add jq to the base role. 2025-11-24 20:29:35 -05:00
Tom Alexander
606b952304 Make rollback datasets configurable. 2025-11-24 20:16:47 -05:00
Tom Alexander
c542dcdee9 Use a local ssh config for odowork. 2025-11-24 19:31:56 -05:00
Tom Alexander
39997dc4d4 Recursively include inputs for all inputs in disko closure. 2025-11-24 19:06:58 -05:00
Tom Alexander
3348feb613 Add a command to launch a repl of the current flake. 2025-11-20 00:47:56 -05:00
Tom Alexander
f651241f20 Remove the pkgs-unoptimized input to instead import regular nixpkgs. 2025-11-19 23:56:26 -05:00
Tom Alexander
ff23d8ad20 Remove deprecated "system" parameter. 2025-11-19 23:37:33 -05:00
Tom Alexander
eebbf9f4aa Automatically set distributed build's supportedFeatures based on that host's actual config. 
Previously, we had two copies of the supported features for each host.
 2025-11-19 22:42:43 -05:00
Tom Alexander
3bf912f3be Trim down odowork's install. 2025-11-19 21:50:57 -05:00
Tom Alexander
331651bf23 Switch odowork to i_only_boot_zfs. 2025-11-19 20:50:45 -05:00
Tom Alexander
b16871c701 Fix rollback during boot. 2025-11-18 23:29:00 -05:00
Tom Alexander
381448b338 Switch odo to i_only_boot_zfs. 2025-11-18 23:02:40 -05:00
Tom Alexander
300dfc68cf Fix build. 2025-11-18 23:00:16 -05:00
Tom Alexander
8ccd34aba9 Add odowork. 2025-11-18 21:30:56 -05:00
Tom Alexander
a94df0944b gtkmm build failing. 2025-11-17 21:39:32 -05:00
Tom Alexander
b63df577d9 Add a role for wine. 2025-11-17 05:46:36 -05:00
Tom Alexander
73335b080f Disable rofimoji because the build is failing. 2025-11-17 05:23:01 -05:00
Tom Alexander
e01863cfc7 ffmpeg-headless tests failing. 2025-11-17 05:23:01 -05:00
Tom Alexander
fc343d7897 Switch odo and quark to i_only_boot_zfs. 2025-11-16 18:58:58 -05:00
Tom Alexander
09e36de78e Enable /boot partition. 2025-11-16 18:58:46 -05:00
Tom Alexander
f13689e2c1 Update packages. 2025-11-16 18:58:46 -05:00
Tom Alexander
57b83f7175 Switch to using i_only_boot_zfs. 2025-11-15 19:28:29 -05:00
Tom Alexander
f27aae960f Add an alias to ripgrep all files. 2025-11-15 19:28:28 -05:00
Tom Alexander
5b849c266e Enable python typechecking by default in vscode. 2025-11-08 14:41:28 -05:00
Tom Alexander
588e434b56 Add a host for testing i_only_boot_zfs. 2025-10-28 19:20:48 -04:00
Tom Alexander
09355dd927 Try to fix install. 2025-10-27 11:46:17 -04:00
Tom Alexander
4276f63c59 Install disko in the ISOs. 2025-10-27 11:25:09 -04:00
Tom Alexander
614ef2e5cf Add a minimal base role to record what is needed for a minimal useful system. 2025-10-26 17:28:09 -04:00
Tom Alexander
888613a229 Fix building many things in nix. 
Nix 2.30.0 (2025-07-07) changed the build directory from /tmp to /nix/var/nix/builds which broke a number of builds because my ZFS datasets were utf8only. This adds a role to mount tmpfs to /nix/var/nix/builds to restore the old behavior.
 2025-10-26 17:24:41 -04:00
Tom Alexander
24b089a313 Add a config for the disc recovery machine. 2025-10-26 17:24:41 -04:00
Tom Alexander
2f05b9e600 Add support for specifying a build arch. 2025-10-26 12:54:47 -04:00
Tom Alexander
e4225a82bb Add a role for jujutsu. 2025-10-26 12:54:47 -04:00
Tom Alexander
4a0f0bd8c8 Add cleanup_temporary_files script to base. 2025-10-25 20:38:41 -04:00
Tom Alexander
381eb1523e Disable more firefox AI stuff. 2025-10-25 12:18:19 -04:00
Tom Alexander
8888838457 Fix mounting CDs in qemurc. 2025-10-25 09:03:05 -04:00
Tom Alexander
3918775c1d Specify waybar config in nix. 
This is to facilitate having different waybar configs for each machine.
 2025-10-25 09:03:05 -04:00
Tom Alexander
3bf84445a3 Restructure flake.nix for a simpler config for building different images off the same NixOS config. 2025-10-25 09:03:05 -04:00
Tom Alexander
69b5cf9217 Update packages. 2025-10-10 22:03:53 -04:00
Tom Alexander
3d9513f2c5 Move ansible-sshjail and zsh-histdb into my config instead of living as separate flakes. 2025-10-05 21:37:57 -04:00
Tom Alexander
ae6cce96a2 Support running arm code on x86. 2025-10-05 20:43:04 -04:00
Tom Alexander
3274d1903f Replace GNU coreutils with uutils. 2025-10-05 20:04:03 -04:00
Tom Alexander
a01b58f6ac use-remote-sudo has been replaced with sudo. 2025-10-05 15:17:34 -04:00
Tom Alexander
fb7b1322da Remove hack for turning off wifi power saving from quark shell init. 2025-10-05 14:55:42 -04:00
Tom Alexander
69b6a81b8b Update packages. 2025-10-05 14:07:04 -04:00
Tom Alexander
f5c30860ab Install uv. 2025-10-05 14:04:01 -04:00
Tom Alexander
255b39df0a Disable the nix binary cache. 
It is technically a risk and since I build most of my software anyway, I'm not getting much benefit.
 2025-10-05 14:04:01 -04:00
Tom Alexander
da66a6917b Update amd-debug-tools to 0.2.8. 2025-09-29 21:17:30 -04:00
Tom Alexander
ad2c4809d7 Fix building the hydra vm ISO. 2025-09-28 11:38:18 -04:00
Tom Alexander
fe49204e3f Enable optimizations on some packages that are no longer broken. 2025-09-28 11:38:17 -04:00
Tom Alexander
fa44003fad Disable wifi powersaving. 2025-09-26 22:35:04 -04:00
Tom Alexander
bc0a64fb8b Update packages. 2025-09-26 22:34:43 -04:00
Tom Alexander
3048b62834 ControlPortOverNL80211 no longer needs to be disabled for the QCNCM865 in my laptop. 2025-09-26 20:22:22 -04:00
Tom Alexander
08b424e1f3 Minor cleanups for emacs. 2025-09-25 20:15:52 -04:00
Tom Alexander
185c43761c Add sequoia. 2025-09-25 20:13:56 -04:00
Tom Alexander
37abf58271 Add a qemu port of my bhyverc script for running virtual machines on Linux. 2025-09-19 21:04:58 -04:00
Tom Alexander
3b007f8bc5 Support transcoding from 10bit to 8bit video. 2025-09-17 19:50:07 -04:00
Tom Alexander
d358e9383e Add noto fonts for ⏵ in nix output monitor. 2025-09-14 12:42:21 -04:00
Tom Alexander
f036ec4b96 Add back duckstation. 2025-09-13 12:28:29 -04:00
Tom Alexander
74ee87a111 Switch to bundled packages to fix build. 2025-09-13 12:00:09 -04:00
Tom Alexander
d0f23c0cb1 Add Spaghetti Kart to the Steam Deck. 2025-09-13 11:28:29 -04:00
Tom Alexander
c72141e070 Install SpaghettiKart. 2025-09-12 19:02:22 -04:00
Tom Alexander
e77c0ed330 Merge branch 'podman' into nix 2025-09-08 21:14:54 -04:00
Tom Alexander
70c2fb694a Switch to podman. 2025-09-08 21:14:41 -04:00
Tom Alexander
b32635fe71 Allow first-party canvas use. 2025-09-07 22:03:38 -04:00
Tom Alexander
b179bee277 Pull in improvements from nixpkgs PR. 2025-09-06 20:32:25 -04:00
Tom Alexander
b1c85417e1 Update to linux 6.16. 2025-09-06 17:39:04 -04:00
Tom Alexander
96ea6c4232 Reduce abmlevel to 2. 
Everything got dimmer in 6.14 so I am reducing the abmlevel.
 2025-09-04 18:51:14 -04:00
Tom Alexander
2a584915e4 Install d2. 2025-09-04 18:51:14 -04:00
Tom Alexander
a6a50d7c22 Add d2 to emacs. 2025-09-04 18:51:14 -04:00
Tom Alexander
edfafd1017 Add latex packages for org export. 2025-09-04 18:51:13 -04:00
Tom Alexander
9adff4ebc1 Add laptop-only entry in shikane. 2025-09-01 18:48:42 -04:00
Tom Alexander
a788879d92 Preserve poetry venvs. 2025-09-01 18:48:38 -04:00
Tom Alexander
955c5963c8 Disable machine learning in firefox. 2025-08-31 22:21:34 -04:00
Tom Alexander
11436c0efe Set vscode navigate backwards to be scoped to the editor. 2025-08-27 20:33:37 -04:00
Tom Alexander
5b487330e1 Use json for talking to nix output monitor. 2025-08-24 17:36:06 -04:00
Tom Alexander
d25e9173dd Merge branch 'amd_s2idle' into nix 2025-08-21 20:30:35 -04:00
Tom Alexander
8bddf10e9d Fix description. 2025-08-21 20:30:23 -04:00
Tom Alexander
64c94e9b06 Add run-time dependencies. 2025-08-17 20:48:35 -04:00
Tom Alexander
c87957b8cb Introduce a cysystemd package. 2025-08-17 20:32:20 -04:00
Tom Alexander
bf419b6f4a Switch to buildPythonApplication. 2025-08-17 19:01:07 -04:00
Tom Alexander
b224a78b89 Add amd_s2idle script for debugging s2idle. 2025-08-17 10:37:51 -04:00
Tom Alexander
748584c78e Merge branch 'copy_files_mixin' into nix 2025-08-10 16:22:19 -04:00
Tom Alexander
64e8903ae4 Remove test code. 2025-08-10 16:19:13 -04:00
Tom Alexander
f4338ec8df Replace uses of home-manager. 2025-08-10 16:12:09 -04:00
Tom Alexander
c947def321 Fix handling ownership of parent directories. 2025-08-10 12:54:34 -04:00
Tom Alexander
f1eaaf12b3 Support separate permissions for containing directories. 2025-08-10 11:52:55 -04:00
Tom Alexander
2b485f7f1d Support recursive. 2025-08-10 11:41:06 -04:00
Tom Alexander
6db8e01309 Honor ownership. 2025-08-09 21:19:13 -04:00
Tom Alexander
03e389195c Filter out blank lines. 2025-08-09 21:01:35 -04:00
Tom Alexander
2c3e5483e9 Centralize the logic for escaping the shell values. 2025-08-09 20:54:54 -04:00
Tom Alexander
6b42a09468 Make the paths relative to the user's home directory. 2025-08-09 20:43:01 -04:00
Tom Alexander
eb5815048f Add a check and uninstall phase. 2025-08-09 20:27:27 -04:00
Tom Alexander
1cb4fa4234 Add support for symlinking. 2025-08-09 20:05:29 -04:00
Tom Alexander
146dc5f79a Switch to nested attrsets. 2025-08-09 19:13:37 -04:00
Tom Alexander
f667c9daa6 Switch to a systemd unit file to remove the need for home-manager. 2025-08-09 11:09:21 -04:00
Tom Alexander
83eaba357f Fix bug where it used the path in the option name rather than the target value inside the option. 2025-08-09 11:09:21 -04:00
Tom Alexander
6284ce8d86 Add method parameter. 2025-08-09 11:09:21 -04:00
Tom Alexander
c26d6f34ea Start a user-specific variant of the install file command. 2025-08-09 11:09:21 -04:00
Tom Alexander
c3f715d010 Add the install_file module from the steam deck config. 2025-08-09 11:09:21 -04:00
Tom Alexander
45514d147c Disable turboboost. 2025-08-09 10:42:20 -04:00
Tom Alexander
aafa880b7c Fix accelerated video decode on chromium. 2025-08-06 22:56:02 -04:00
Tom Alexander
dde8be4d9f Do not update refs when rebasing. 2025-08-06 22:23:16 -04:00
Tom Alexander
03ae8d3b0a Change how we bundle meld into git. 2025-07-19 18:41:57 -04:00
Tom Alexander
03f0721e1f Set up typescript language server and add meld to git. 2025-07-15 22:57:03 -04:00
Tom Alexander
8847063948 Install direnv. 2025-07-13 16:51:58 -04:00
Tom Alexander
399379cea0 Fix eglot rust-analyzer settings. 2025-07-07 19:26:55 -04:00
Tom Alexander
1cdfebf392 Disable cranelift. 
It was causing problems (errors during build) while not providing much benefit for my use-cases.
 2025-07-07 18:44:12 -04:00
Tom Alexander
045fed0748 Fix crashes on shadps4 launch. 2025-07-05 17:08:33 -04:00
Tom Alexander
7fe153bfd3 Update packages. 2025-07-05 10:01:09 -04:00
Tom Alexander
52490457f0 Install shadps4. 2025-06-29 10:22:09 -04:00
Tom Alexander
e5e9bba2a5 Pin old version of linux-firmware to fix wifi on laptop. 2025-06-28 09:47:40 -04:00
Tom Alexander
7ef079afc0 Update to Linux kernel 6.15. 2025-06-28 01:10:47 -04:00
Tom Alexander
a06fece8f1 Update packages. 2025-06-26 23:31:12 -04:00
Tom Alexander
51c7888347 Add dhcpcd for USB tethering and use upstream linux-firmware. 2025-06-23 13:02:10 -04:00
Tom Alexander
7656c30a29 Update packages. 2025-06-22 01:12:03 -04:00
Tom Alexander
929401b359 Switch to memtest86+. 2025-06-22 01:11:41 -04:00
Tom Alexander
16746d58d2 Add a git alias to list the number of commits from each author. 2025-06-20 17:55:06 -04:00
Tom Alexander
82a016ec68 Reduce risk of crashing from savestates. 2025-06-10 17:21:27 -04:00
Tom Alexander
eed2bd4f13 Persist Demon's Souls settings. 2025-06-08 12:08:47 -04:00
Tom Alexander
99f1b1a51b Update packages. 2025-06-01 20:12:34 -04:00
Tom Alexander
99bc8c6d79 Pin the version of linux-firmware. 
New versions of linux-firmware break my wifi on my laptop. I am pinning the firmware version so I can update the rest of my software.
 2025-06-01 20:10:25 -04:00
Tom Alexander
0f2c595538 Perform weekly garbage collects. 2025-06-01 11:21:57 -04:00
288 changed files with 34998 additions and 3782 deletions
Expand all files Collapse all files

1
ansible/roles/base/files/gitconfig_home
View File

@@ -8,6 +8,7 @@
lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
bh = log --oneline --branches=* --remotes=* --graph --decorate bh = log --oneline --branches=* --remotes=* --graph --decorate
amend = commit --amend --no-edit amend = commit --amend --no-edit
authorcount = shortlog --summary --numbered --all --no-merges
[core] [core]
excludesfile = ~/.gitignore_global excludesfile = ~/.gitignore_global
[commit] [commit]

1
ansible/roles/base/files/gitconfig_work
View File

@@ -8,6 +8,7 @@
lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
bh = log --oneline --branches=* --remotes=* --graph --decorate bh = log --oneline --branches=* --remotes=* --graph --decorate
amend = commit --amend --no-edit amend = commit --amend --no-edit
authorcount = shortlog --summary --numbered --all --no-merges
[core] [core]
excludesfile = ~/.gitignore_global excludesfile = ~/.gitignore_global
[commit] [commit]

2
ansible/roles/sshd/files/keys/yubikey.pub
View File

@@ -1 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky cardno:000611194908 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8

301
nix/configuration/configuration.nix
View File

@@ -2,24 +2,40 @@
config, config,
lib, lib,
pkgs, pkgs,
home-manager,
... ...
}: }:
let
alias_nix_pin_revision = pkgs.writeShellScriptBin "nix-pin-revision" ''
# Usage: nix-pin-revision nixpkgs 'github:NixOS/nixpkgs/00c21e4c93d963c50d4c0c89bfa84ed6e0694df2'
exec nix flake lock --override-input "''${@}"
'';
in
{ {
imports = [ imports = [
./roles/2ship2harkinian ./roles/2ship2harkinian
./roles/alacritty ./roles/alacritty
./roles/amd_s2idle
./roles/android
./roles/ansible ./roles/ansible
./roles/ares ./roles/ares
./roles/base
./roles/bluetooth ./roles/bluetooth
./roles/boot ./roles/boot
./roles/build_in_ram
./roles/chromecast ./roles/chromecast
./roles/chromium ./roles/chromium
./roles/d2
./roles/direnv
./roles/disko
./roles/distributed_build ./roles/distributed_build
./roles/doas
./roles/docker ./roles/docker
./roles/dont_use_substituters
./roles/ecc ./roles/ecc
./roles/emacs ./roles/emacs
./roles/emulate_isa
./roles/esim
./roles/firefox ./roles/firefox
./roles/firewall ./roles/firewall
./roles/flux ./roles/flux
@@ -27,12 +43,16 @@
./roles/gcloud ./roles/gcloud
./roles/git ./roles/git
./roles/global_options ./roles/global_options
./roles/gnome_keyring
./roles/gnuplot ./roles/gnuplot
./roles/gpg ./roles/gpg
./roles/graphics ./roles/graphics
./roles/graphviz
./roles/hydra ./roles/hydra
./roles/image_based_appliance
./roles/iso ./roles/iso
./roles/iso_mount ./roles/iso_mount
./roles/jujutsu
./roles/kanshi ./roles/kanshi
./roles/kodi ./roles/kodi
./roles/kubernetes ./roles/kubernetes
@@ -41,217 +61,116 @@
./roles/lvfs ./roles/lvfs
./roles/media ./roles/media
./roles/memtest86 ./roles/memtest86
./roles/minimal_base
./roles/network ./roles/network
./roles/nix_index ./roles/nix_index
./roles/nix_repl
./roles/nix_worker ./roles/nix_worker
./roles/nixdev
./roles/nvme ./roles/nvme
./roles/openpgp_card_tools
./roles/optimized_build ./roles/optimized_build
./roles/pcsx2 ./roles/pcsx2
./roles/podman
./roles/postgresql_client
./roles/python ./roles/python
./roles/qemu ./roles/qemu
./roles/recovery
./roles/reset ./roles/reset
./roles/rpcs3 ./roles/rpcs3
./roles/rust ./roles/rust
./roles/sequoia
./roles/shadps4
./roles/shikane ./roles/shikane
./roles/shipwright ./roles/shipwright
./roles/sm64ex ./roles/sm64ex
./roles/sops ./roles/sops
./roles/sound ./roles/sound
./roles/spaghettikart
./roles/ssh ./roles/ssh
./roles/sshd
./roles/steam ./roles/steam
./roles/steam_run_free ./roles/steam_run_free
./roles/sway ./roles/sway
./roles/tekton ./roles/tekton
./roles/terraform ./roles/terraform
./roles/thunderbolt ./roles/thunderbolt
./roles/user
./roles/uutils
./roles/vnc_client ./roles/vnc_client
./roles/vscode ./roles/vscode
./roles/wasm ./roles/wasm
./roles/waybar ./roles/waybar
./roles/webcam
./roles/wine
./roles/wireguard ./roles/wireguard
./roles/yubikey
./roles/zfs ./roles/zfs
./roles/zrepl ./roles/zrepl
./roles/zsh ./roles/zsh
./util/install_files
./util/unfree_polyfill ./util/unfree_polyfill
]; ];
config = {
nix.settings.experimental-features = [ nix.settings.experimental-features = [
"nix-command" "nix-command"
"flakes" "flakes"
"ca-derivations"
# "blake3-hashes"
# "git-hashing"
]; ];
nix.settings.trusted-users = [ "@wheel" ]; nix.settings.trusted-users = [ "@wheel" ];
nix.settings.connect-timeout = 5;
nix.settings.min-free = 128000000;
nix.settings.max-free = 1000000000;
nix.settings.fallback = true;
nix.settings.warn-dirty = false;
nix.settings.fsync-metadata = true;
# Ensure store paths are durably written to disk before registering the paths so a crash mid-build does not leave us in a corrupted state.
nix.settings.fsync-store-paths = true;
# boot.kernelPackages = pkgs.linuxPackages_6_11;
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
# Use nixos-rebuild-ng
# system.rebuild.enableNg = true;
# Keep outputs so we can build offline. # Keep outputs so we can build offline.
nix.extraOptions = '' nix.settings.keep-outputs = true;
keep-outputs = true nix.settings.keep-derivations = true;
keep-derivations = true
'';
# Technically only needed when building the ISO because nix detects ZFS in the filesystem list normally. I basically always want this so I'm just setting it to always be on.
boot.supportedFilesystems.zfs = true;
# TODO: Is this different from boot.supportedFilesystems = [ "zfs" ]; ?
services.getty = {
autologinUser = "talexander"; # I use full disk encryption so the user password is irrelevant.
autologinOnce = true;
};
users.mutableUsers = false;
users.users.talexander = {
isNormalUser = true;
createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481
group = "talexander";
extraGroups = [ "wheel" ];
uid = 11235;
packages = with pkgs; [
tree
];
# Generate with `mkpasswd -m scrypt`
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
];
};
users.groups.talexander.gid = 11235;
home-manager.users.talexander =
{ pkgs, ... }:
{
# The state version is required and should stay at the version you
# originally installed.
home.stateVersion = "24.11";
};
home-manager.users.root =
{ pkgs, ... }:
{
# The state version is required and should stay at the version you
# originally installed.
home.stateVersion = "24.11";
};
# Automatic garbage collection # Automatic garbage collection
nix.gc = lib.mkIf (!config.me.buildingIso) { nix.gc = lib.mkIf (!config.me.buildingPortable) {
# Runs nix-collect-garbage --delete-older-than 5d # Runs nix-collect-garbage --delete-older-than 5d
automatic = true; automatic = true;
randomizedDelaySec = "14m"; persistent = true;
dates = "monthly";
# randomizedDelaySec = "14m";
options = "--delete-older-than 30d"; options = "--delete-older-than 30d";
}; };
nix.settings.auto-optimise-store = !config.me.buildingIso; nix.settings.auto-optimise-store = !config.me.buildingPortable;
# Use doas instead of sudo environment.systemPackages = [
security.doas.enable = true; alias_nix_pin_revision
security.doas.wheelNeedsPassword = false;
security.sudo.enable = false;
security.doas.extraRules = [
{
# Retain environment (for example NIX_PATH)
keepEnv = true;
persist = true; # Only ask for a password the first time.
}
]; ];
environment.systemPackages = with pkgs; [ environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
wget
mg
rsync
libinput
htop
tmux
file
usbutils # for lsusb
pciutils # for lspci
ripgrep
strace
ltrace
trace-cmd # ftrace
tcpdump
git-crypt
gnumake
ncdu
nix-tree
libarchive # bsdtar
lsof
doas-sudo-shim # To support --use-remote-sudo for remote builds
dmidecode # Read SMBIOS information.
ipcalc
gptfdisk # for cgdisk
nix-output-monitor # For better view into nixos-rebuild
nix-serve-ng # Serve nix store over http
];
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
hostKeys = [
{
path = "/persist/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
{
path = "/persist/ssh/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}
];
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true; hideMounts = true;
directories = [ directories = [
"/var/lib/iwd" # Wifi settings
"/var/lib/nixos" # Contains user information (uids/gids) "/var/lib/nixos" # Contains user information (uids/gids)
"/var/lib/systemd" # Systemd state directory for random seed, persistent timers, core dumps, persist hardware state like backlight and rfkill "/var/lib/systemd" # Systemd state directory for random seed, persistent timers, core dumps, persist hardware state like backlight and rfkill
"/var/log/journal" # Logs, alternatively set `services.journald.storage = "volatile";` to write to /run/log/journal "/var/log/journal" # Logs, alternatively set `services.journald.storage = "volatile";` to write to /run/log/journal
]; ];
files = [ files = [
"/etc/machine-id" # Systemd unique machine id "otherwise, the system journal may fail to list earlier boots, etc" "/etc/machine-id" # Systemd unique machine id "otherwise, the system journal may fail to list earlier boots, etc"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
]; ];
users.talexander = {
directories = [
{
directory = "persist";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
}; };
# Write a list of the currently installed packages to /etc/current-system-packages # Write a list of the currently installed packages to /etc/current-system-packages
environment.etc."current-system-packages".text = # environment.etc."current-system-packages".text =
let # let
packages = builtins.map (p: "${p.name}") config.environment.systemPackages; # packages = builtins.map (p: "${p.name}") config.environment.systemPackages;
sortedUnique = builtins.sort builtins.lessThan (lib.unique packages); # sortedUnique = builtins.sort builtins.lessThan (lib.unique packages);
formatted = builtins.concatStringsSep "\n" sortedUnique; # formatted = builtins.concatStringsSep "\n" sortedUnique;
in # in
formatted; # formatted;
# environment.etc."system-packages-with-source".text = builtins.concatStringsSep "\n\n" (
# builtins.map (
# x: x.file + "\n" + builtins.concatStringsSep "\n" (builtins.map (s: " " + s) x.value)
# ) config.environment.systemPackages.definitionsWithLocations
# );
# nixpkgs.overlays = [
# (final: prev: {
# nix = pkgs-unstable.nix;
# })
# ];
# nixpkgs.overlays = [ # nixpkgs.overlays = [
# (final: prev: { # (final: prev: {
@@ -259,10 +178,86 @@
# }) # })
# ]; # ];
# Copy the NixOS configuration file and link it from the resulting system nixpkgs.overlays =
# (/run/current-system/configuration.nix). This is useful in case you let
# accidentally delete configuration.nix. disableTests = (
# system.copySystemConfiguration = true; # Example: (disableTests "coreutils")
package_name:
(final: prev: {
"${package_name}" = prev."${package_name}".overrideAttrs (old: {
doCheck = false;
doInstallCheck = false;
});
})
);
disableTestsPython = (
# Example: (disableTestsPython "scipy")
package_name:
(final: prev: {
pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
(python-final: python-prev: {
"${package_name}" = python-prev."${package_name}".overridePythonAttrs (oldAttrs: {
doCheck = false;
});
})
];
})
);
disableOptimizations = (
# Example: (disableOptimizations "coreutils")
package_name:
(final: prev: {
"${package_name}" = final.unoptimized."${package_name}";
})
);
disableOptimizationsScope = (
# Example: (disableOptimizationsScope "kdePackages" "qtbase")
scope: package_name:
(final: prev: {
"${scope}" = prev."${scope}".overrideScope (
scopeFinal: scopePrev: {
"${package_name}" = final.unoptimized."${scope}"."${package_name}";
}
);
})
);
disableOptimizationsPython3 = (
# Example: (disableOptimizationsPython3 "scipy")
package_name:
(final: prev: {
python3Packages = prev.python3Packages.override {
overrides = python-final: python-prev: {
"${package_name}" = final.unoptimized.python3.pkgs."${package_name}";
};
};
})
);
in
[
(disableTests "coreutils")
(disableTests "coreutils-full")
(disableTests "deno") # Tests use too much disk space
(disableTests "libuv")
(final: prev: {
inherit (final.unoptimized)
libtpms
libjxl
ddrescueview
deno
mesa
;
})
(disableOptimizationsPython3 "scipy")
# Works but probably sets python2's scipy to be python3:
#
# (final: prev: {
# pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
# (python-final: python-prev: {
# scipy = final.unoptimized.python3Packages.scipy;
# })
# ];
# })
];
# This option defines the first version of NixOS you have installed on this particular machine, # This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
@@ -282,5 +277,5 @@
# #
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment? system.stateVersion = "24.11"; # Did you read the comment?
};
} }

170
nix/configuration/flake.lock generated
View File

@@ -1,22 +1,5 @@
{ {
"nodes": { "nodes": {
"ansible-sshjail": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"path": "flakes/ansible-sshjail",
"type": "path"
},
"original": {
"path": "flakes/ansible-sshjail",
"type": "path"
},
"parent": []
},
"crane": { "crane": {
"locked": { "locked": {
"lastModified": 1731098351, "lastModified": 1731098351,
@@ -39,11 +22,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1746729224, "lastModified": 1776613567,
"narHash": "sha256-9R4sOLAK1w3Bq54H3XOJogdc7a6C2bLLmatOQ+5pf5w=", "narHash": "sha256-gC9Cp5ibBmGD5awCA9z7xy6MW6iJufhazTYJOiGlCUI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "85555d27ded84604ad6657ecca255a03fd878607", "rev": "32f4236bfc141ae930b5ba2fb604f561fed5219d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -89,42 +72,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": { "gitignore": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -150,15 +97,16 @@
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"impermanence",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1746981801, "lastModified": 1768598210,
"narHash": "sha256-+Bfr0KqZV6gZdA7e2kupeoawozaLIHLuiPtC54uxbFc=", "narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "ff915842e4a2e63c4c8c5c08c6870b9d5b3c3ee9", "rev": "c47b2cc64a629f8e075de52e4742de688f930dc6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -168,12 +116,18 @@
} }
}, },
"impermanence": { "impermanence": {
"inputs": {
"home-manager": "home-manager",
"nixpkgs": [
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1737831083, "lastModified": 1769548169,
"narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", "narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", "rev": "7b1d382faf603b6d264f58627330f9faa5cba149",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -210,11 +164,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1746663147, "lastModified": 1777268161,
"narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=", "narHash": "sha256-bxrdOn8SCOv8tN4JbTF/TXq7kjo9ag4M+C8yzzIRYbE=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54", "rev": "1c3fe55ad329cbcb28471bb30f05c9827f724c76",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -224,22 +178,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-b93b4e9b5": {
"locked": {
"lastModified": 1713721570,
"narHash": "sha256-R0s+O5UjTePQRb72XPgtkTmEiOOW8n+1q9Gxt/OJnKU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b93b4e9b527904aadf52dba6ca35efde2067cbd4",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b93b4e9b527904aadf52dba6ca35efde2067cbd4",
"type": "github"
}
},
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1730741070, "lastModified": 1730741070,
@@ -256,22 +194,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-unoptimized": {
"locked": {
"lastModified": 1746663147,
"narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"pre-commit-hooks-nix": { "pre-commit-hooks-nix": {
"inputs": { "inputs": {
"flake-compat": [ "flake-compat": [
@@ -301,15 +223,10 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"ansible-sshjail": "ansible-sshjail",
"disko": "disko", "disko": "disko",
"home-manager": "home-manager",
"impermanence": "impermanence", "impermanence": "impermanence",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs"
"nixpkgs-b93b4e9b5": "nixpkgs-b93b4e9b5",
"nixpkgs-unoptimized": "nixpkgs-unoptimized",
"zsh-histdb": "zsh-histdb"
} }
}, },
"rust-overlay": { "rust-overlay": {
@@ -332,53 +249,6 @@
"repo": "rust-overlay", "repo": "rust-overlay",
"type": "github" "type": "github"
} }
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"zsh-histdb": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"path": "flakes/zsh-histdb",
"type": "path"
},
"original": {
"path": "flakes/zsh-histdb",
"type": "path"
},
"parent": []
} }
}, },
"root": "root", "root": "root",

308
nix/configuration/flake.nix
View File

@@ -1,68 +1,27 @@
# Build ISO image # TODO maybe use `nix eval --raw .#odo.iso.outPath`
# nix build --extra-experimental-features nix-command --extra-experimental-features flakes .#iso.odo
# output: result/iso/nixos.iso
# Run the ISO image
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \
# -accel kvm \
# -cpu host \
# -smp cores=8 \
# -m 32768 \
# -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" \
# -drive if=pflash,format=raw,file="/tmp/OVMF_VARS.fd" \
# -nic user,hostfwd=tcp::60022-:22 \
# -boot order=d \
# -cdrom "$(readlink -f ./result/iso/nixos*.iso)" \
# -display vnc=127.0.0.1:0
#
# doas cp "$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF_VARS.fd" /tmp/OVMF_VARS.fd
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" -accel kvm -cpu host -smp cores=8 -m 32768 -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" -drive if=pflash,format=raw,file="/tmp/OVMF_VARS.fd" -nic user,hostfwd=tcp::60022-:22 -boot order=d -cdrom /persist/machine_setup/nix/configuration/result/iso/nixos*.iso -display vnc=127.0.0.1:0
# Get a repl for this flake
# nix repl --expr "builtins.getFlake \"$PWD\""
# TODO maybe use `nix eval --raw .#iso.odo.outPath`
# iso.odo.isoName == "nixos.iso"
# full path = <outPath> / iso / <isoName>
# #
# Install on a new machine: # Install on a new machine:
# #
# Set
# me.disko.enable = true;
# me.disko.offline.enable = true;
# #
# doas nix --substituters "http://10.0.2.2:8080?trusted=1 https://cache.nixos.org/" --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount hosts/odo/disk-config.nix # Run
# doas disko --mode destroy,format,mount hosts/recovery/disk-config.nix
# nix flake update zsh-histdb --flake . # doas nixos-install --substituters "http://10.0.2.2:8080?trusted=1 https://cache.nixos.org/" --flake ".#recovery"
# nix flake update ansible-sshjail --flake .
# for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
# nixos-install --substituters "http://10.0.2.2:8080?trusted=1 https://cache.nixos.org/" --flake ".#vm_ionlybootzfs"
#
{ {
description = "My system configuration"; description = "My system configuration";
inputs = { inputs = {
impermanence.url = "github:nix-community/impermanence"; impermanence = {
url = "github:nix-community/impermanence";
inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-b93b4e9b5.url = "github:NixOS/nixpkgs/b93b4e9b527904aadf52dba6ca35efde2067cbd4";
nixpkgs-unoptimized.url = "github:NixOS/nixpkgs/nixos-unstable";
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
lanzaboote = { lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.2"; url = "github:nix-community/lanzaboote/v0.4.2";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
zsh-histdb = {
url = "path:flakes/zsh-histdb";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
ansible-sshjail = {
url = "path:flakes/ansible-sshjail";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
disko = { disko = {
@@ -75,198 +34,97 @@
{ {
self, self,
nixpkgs, nixpkgs,
nixpkgs-unoptimized, disko,
nixpkgs-b93b4e9b5,
impermanence, impermanence,
home-manager,
lanzaboote, lanzaboote,
zsh-histdb,
ansible-sshjail,
... ...
}@inputs: }:
let let
base_x86_64_linux = rec { forAllSystems = nixpkgs.lib.genAttrs nixpkgs.lib.systems.flakeExposed;
nodes = {
odo = {
system = "x86_64-linux"; system = "x86_64-linux";
};
odowork = {
system = "x86_64-linux";
};
quark = {
system = "x86_64-linux";
};
recovery = {
system = "x86_64-linux";
};
i_only_boot_zfs = {
system = "x86_64-linux";
};
hydra = {
system = "x86_64-linux";
};
family_disks = {
system = "x86_64-linux";
};
};
nixosConfigs = builtins.mapAttrs (
hostname: nodeConfig: format:
nixpkgs.lib.nixosSystem {
specialArgs = { specialArgs = {
pkgs-b93b4e9b5 = import nixpkgs-b93b4e9b5 { inherit self;
inherit system;
}; this_nixos_config = self.nixosConfigurations."${hostname}";
pkgs-unoptimized = import nixpkgs-unoptimized {
inherit system; all_nixos_configs = self.nixosConfigurations;
hostPlatform.gcc.arch = "default";
hostPlatform.gcc.tune = "default";
};
}; };
modules = [ modules = [
impermanence.nixosModules.impermanence impermanence.nixosModules.impermanence
home-manager.nixosModules.home-manager
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
inputs.disko.nixosModules.disko disko.nixosModules.disko
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
}
{
nixpkgs.overlays = [
zsh-histdb.overlays.default
ansible-sshjail.overlays.default
];
}
./configuration.nix ./configuration.nix
(./. + "/hosts/${hostname}")
(./. + "/formats/${format}.nix")
{
config = {
nixpkgs.hostPlatform.system = nodeConfig.system;
nixpkgs.overlays = [
(final: prev: {
# stable = nixpkgs-stable.legacyPackages."${prev.stdenv.hostPlatform.system}";
unoptimized = import nixpkgs {
system = prev.stdenv.hostPlatform.system;
hostPlatform.gcc.arch = "default";
hostPlatform.gcc.tune = "default";
};
})
]; ];
}; };
systems =
let
additional_iso_modules = [
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
# TODO: Figure out how to do image based appliances
# (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix")
{
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
me.buildingIso = true;
me.optimizations.enable = nixpkgs.lib.mkForce false;
}
{
# These are big space hogs. The chance that I need them on an ISO is slim.
me.steam.enable = nixpkgs.lib.mkForce false;
me.pcsx2.enable = nixpkgs.lib.mkForce false;
} }
]; ];
additional_vm_modules = [
(nixpkgs + "/nixos/modules/profiles/qemu-guest.nix")
{
networking.dhcpcd.enable = true;
networking.useDHCP = true;
me.optimizations.enable = nixpkgs.lib.mkForce false;
}
{
# I don't need games on a virtual machine.
me.steam.enable = nixpkgs.lib.mkForce false;
me.pcsx2.enable = nixpkgs.lib.mkForce false;
me.sm64ex.enable = nixpkgs.lib.mkForce false;
me.shipwright.enable = nixpkgs.lib.mkForce false;
me.ship2harkinian.enable = nixpkgs.lib.mkForce false;
} }
) nodes;
installerConfig =
hostname: nodeConfig:
nixpkgs.lib.nixosSystem {
specialArgs = {
targetSystem = self.nixosConfigurations."${hostname}";
};
modules = [
./formats/installer.nix
({ nixpkgs.hostPlatform.system = nodeConfig.system; })
]; ];
in
{
odo = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/odo
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
quark = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/quark
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
neelix = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/neelix
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
hydra =
let
additional_iso_modules = additional_iso_modules ++ [
{
me.optimizations.enable = true;
}
];
in
rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/hydra
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
ionlybootzfs = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/ionlybootzfs
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
}; };
in in
{ {
nixosConfigurations.odo = nixpkgs.lib.nixosSystem systems.odo.main; nixosConfigurations = (builtins.mapAttrs (name: value: value "toplevel") nixosConfigs);
iso.odo = (nixpkgs.lib.nixosSystem systems.odo.iso).config.system.build.isoImage; }
nixosConfigurations.vm_odo = nixpkgs.lib.nixosSystem systems.odo.vm; // {
vm_iso.odo = (nixpkgs.lib.nixosSystem systems.odo.vm_iso).config.system.build.isoImage; packages = (
forAllSystems (
nixosConfigurations.quark = nixpkgs.lib.nixosSystem systems.quark.main; system:
iso.quark = (nixpkgs.lib.nixosSystem systems.quark.iso).config.system.build.isoImage; (builtins.mapAttrs (hostname: nodeConfig: {
nixosConfigurations.vm_quark = nixpkgs.lib.nixosSystem systems.quark.vm; iso = (nixosConfigs."${hostname}" "iso").config.system.build.isoImage;
vm_iso.quark = (nixpkgs.lib.nixosSystem systems.quark.vm_iso).config.system.build.isoImage; vm_iso = (nixosConfigs."${hostname}" "vm_iso").config.system.build.isoImage;
sd = (nixosConfigs."${hostname}" "sd").config.system.build.sdImage;
nixosConfigurations.neelix = nixpkgs.lib.nixosSystem systems.neelix.main; installer = (installerConfig hostname nodes."${hostname}").config.system.build.isoImage;
iso.neelix = (nixpkgs.lib.nixosSystem systems.neelix.iso).config.system.build.isoImage; }) (nixpkgs.lib.attrsets.filterAttrs (hostname: nodeConfig: nodeConfig.system == system) nodes))
nixosConfigurations.vm_neelix = nixpkgs.lib.nixosSystem systems.neelix.vm; )
vm_iso.neelix = (nixpkgs.lib.nixosSystem systems.neelix.vm_iso).config.system.build.isoImage; );
nixosConfigurations.hydra = nixpkgs.lib.nixosSystem systems.hydra.main;
iso.hydra = (nixpkgs.lib.nixosSystem systems.hydra.iso).config.system.build.isoImage;
nixosConfigurations.vm_hydra = nixpkgs.lib.nixosSystem systems.hydra.vm;
vm_iso.hydra = (nixpkgs.lib.nixosSystem systems.hydra.vm_iso).config.system.build.isoImage;
nixosConfigurations.ionlybootzfs = nixpkgs.lib.nixosSystem systems.ionlybootzfs.main;
iso.ionlybootzfs = (nixpkgs.lib.nixosSystem systems.ionlybootzfs.iso).config.system.build.isoImage;
nixosConfigurations.vm_ionlybootzfs = nixpkgs.lib.nixosSystem systems.ionlybootzfs.vm;
vm_iso.ionlybootzfs =
(nixpkgs.lib.nixosSystem systems.ionlybootzfs.vm_iso).config.system.build.isoImage;
}; };
} }

61
nix/configuration/flakes/ansible-sshjail/flake.lock generated
View File

@@ -1,61 +0,0 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735141468,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

34
nix/configuration/flakes/ansible-sshjail/flake.nix
View File

@@ -1,34 +0,0 @@
{
description = "A slightly better history for zsh";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
inputs.flake-utils.url = "github:numtide/flake-utils";
outputs =
{
self,
nixpkgs,
flake-utils,
...
}:
let
out =
system:
let
pkgs = nixpkgs.legacyPackages.${system};
# Maybe pkgs = import nixpkgs { inherit system; }; ?
appliedOverlay = self.overlays.default pkgs pkgs;
in
{
packages = rec {
default = ansible-sshjail;
ansible-sshjail = appliedOverlay.ansible-sshjail;
};
};
in
flake-utils.lib.eachDefaultSystem out
// {
overlays.default = final: prev: {
ansible-sshjail = final.callPackage ./package.nix { };
};
};
}

61
nix/configuration/flakes/zsh-histdb/flake.lock generated
View File

@@ -1,61 +0,0 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735141468,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

34
nix/configuration/flakes/zsh-histdb/flake.nix
View File

@@ -1,34 +0,0 @@
{
description = "A slightly better history for zsh";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
inputs.flake-utils.url = "github:numtide/flake-utils";
outputs =
{
self,
nixpkgs,
flake-utils,
...
}:
let
out =
system:
let
pkgs = nixpkgs.legacyPackages.${system};
# Maybe pkgs = import nixpkgs { inherit system; }; ?
appliedOverlay = self.overlays.default pkgs pkgs;
in
{
packages = rec {
default = zsh-histdb;
zsh-histdb = appliedOverlay.zsh-histdb;
};
};
in
flake-utils.lib.eachDefaultSystem out
// {
overlays.default = final: prev: {
zsh-histdb = final.callPackage ./package.nix { };
};
};
}

74
nix/configuration/formats/installer.nix Normal file
View File

@@ -0,0 +1,74 @@
{
config,
pkgs,
lib,
modulesPath,
targetSystem,
...
}:
let
installer = pkgs.writeShellApplication {
name = "installer";
runtimeInputs = with pkgs; [
# clevis
dosfstools
e2fsprogs
gawk
nixos-install-tools
util-linux
config.nix.package
];
text = ''
set -euo pipefail
${targetSystem.config.system.build.diskoScript}
nixos-install --no-channel-copy --no-root-password --option substituters "" --system ${targetSystem.config.system.build.toplevel}
'';
};
installerFailsafe = pkgs.writeShellScript "failsafe" ''
${lib.getExe installer} || echo "ERROR: Installation failure!"
sleep 3600
'';
in
{
imports = [
(modulesPath + "/installer/cd-dvd/iso-image.nix")
(modulesPath + "/profiles/all-hardware.nix")
];
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_18;
# boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux;
boot.zfs.package = pkgs.zfs_unstable;
boot.kernelParams = [
"quiet"
"systemd.unit=getty.target"
];
boot.supportedFilesystems.zfs = true;
boot.initrd.systemd.enable = true;
networking.hostId = "04581ecf";
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
isoImage.squashfsCompression = "zstd -Xcompression-level 15";
environment.systemPackages = [
installer
];
systemd.services."getty@tty1" = {
overrideStrategy = "asDropin";
serviceConfig = {
ExecStart = [
""
installerFailsafe
];
Restart = "no";
StandardInput = "null";
};
};
# system.stateVersion = lib.mkDefault lib.trivial.release;
system.stateVersion = "24.11";
}

36
nix/configuration/formats/iso.nix Normal file
View File

@@ -0,0 +1,36 @@
{
config,
lib,
modulesPath,
pkgs,
...
}:
{
imports = [
(modulesPath + "/installer/cd-dvd/iso-image.nix")
];
config = {
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
networking.dhcpcd.enable = true;
networking.useDHCP = true;
me.buildingPortable = true;
me.disko.enable = true;
me.disko.offline.enable = true;
me.mountPersistence = lib.mkForce false;
# me.optimizations.enable = lib.mkForce false;
# Not doing image_based_appliance because this might be an install ISO, in which case we'd need nix to do the install.
# me.image_based_appliance.enable = true;
# TODO: Should I use this instead of doing a mkIf for the disk config?
# disko.enableConfig = false;
# Faster image generation for testing/development.
isoImage.squashfsCompression = "zstd -Xcompression-level 15";
};
}

32
nix/configuration/formats/sd.nix Normal file
View File

@@ -0,0 +1,32 @@
{
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/sd-card/sd-image.nix")
];
config = {
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true;
# TODO: image based appliance?
# TODO: Maybe this?
# fileSystems = {
# "/" = {
# device = "/dev/disk/by-label/NIXOS_SD";
# fsType = "ext4";
# options = [
# "noatime"
# "norelatime"
# ];
# };
# };
};
}

1
nix/configuration/formats/toplevel.nix Normal file
View File

@@ -0,0 +1 @@
{ }

22
nix/configuration/formats/vm_iso.nix Normal file
View File

@@ -0,0 +1,22 @@
{
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/cd-dvd/iso-image.nix")
(modulesPath + "/profiles/qemu-guest.nix") # VirtIO kernel modules
];
config = {
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
networking.dhcpcd.enable = true;
networking.useDHCP = true;
me.image_based_appliance.enable = true;
};
}

13
nix/configuration/hosts/family_disks/DEPLOY_BOOT Executable file
View File

@@ -0,0 +1,13 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
TARGET=family_disks
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#family_disks" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

13
nix/configuration/hosts/family_disks/DEPLOY_SWITCH Executable file
View File

@@ -0,0 +1,13 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
TARGET=family_disks
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#family_disks" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

4
nix/configuration/hosts/ionlybootzfs/ISO → nix/configuration/hosts/family_disks/ISO
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.ionlybootzfs" --max-jobs "$JOBS" "${@}" |& nom nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#family_disks.iso" --repair --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/family_disks/SELF_BOOT Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#family_disks" --repair --log-format internal-json -v "${@}" |& nom --json

12
nix/configuration/hosts/family_disks/SELF_BUILD Executable file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
: "${NOM:="true"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#family_disks" --repair --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/family_disks/SELF_SWITCH Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#family_disks" --repair --log-format internal-json -v "${@}" |& nom --json

75
nix/configuration/hosts/family_disks/default.nix Normal file
View File

@@ -0,0 +1,75 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./hardware-configuration.nix
./wrapped-disk-config.nix
./distributed_build.nix
./power_management.nix
];
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "908cbf04";
networking.hostName = "family_disks"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.boot.enable = true;
me.boot.secure = false;
me.mountPersistence = true;
# Toggle to start writing the extlinux config which will be used by zfsbootmenu
boot.loader.generic-extlinux-compatible.enable = true;
boot.loader.systemd-boot.enable = lib.mkForce false;
me.rollback.dataset = [
"zroot/linux/nix/root@blank"
"zroot/linux/nix/home@blank"
];
me.optimizations = {
enable = true;
arch = "skylake";
# build_arch = "x86-64-v3";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
"gccarch-kabylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Early KMS
# boot.initrd.kernelModules = [ "amdgpu" ];
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
# Enable light sensor
# hardware.sensor.iio.enable = lib.mkDefault true;
# Enable TRIM
# services.fstrim.enable = lib.mkDefault true;
# Only run nix builders at idle priority for a more responsive system. Do not set on servers, just end-user devices.
nix.daemonCPUSchedPolicy = "idle";
me.build_in_ram.enable = true;
me.dont_use_substituters.enable = true;
me.minimal_base.enable = true;
me.recovery.enable = true;
};
}

155
nix/configuration/hosts/family_disks/disk-config.nix Normal file
View File

@@ -0,0 +1,155 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/efi";
mountOptions = [
"umask=0077"
"noatime"
"discard"
];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
# mode = "mirror";
# Workaround: cannot import 'zroot': I/O error in disko tests
options.cachefile = "none";
options = {
ashift = "12";
compatibility = "openzfs-2.2-freebsd";
autotrim = "on";
};
rootFsOptions = {
acltype = "posixacl";
atime = "off";
relatime = "off";
xattr = "sa";
mountpoint = "none";
compression = "lz4";
canmount = "off";
utf8only = "on";
dnodesize = "auto";
normalization = "formD";
};
datasets = {
"linux/nix" = {
type = "zfs_fs";
options.mountpoint = "none";
options = {
# encryption = "aes-256-gcm";
# keyformat = "passphrase";
# # keylocation = "file:///tmp/secret.key";
};
};
"linux/nix/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
};
"linux/nix/boot" = {
type = "zfs_fs";
options = {
mountpoint = "legacy";
"org.zfsbootmenu:active" = "on";
};
mountpoint = "/boot";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/boot@blank$' || zfs snapshot zroot/linux/nix/boot@blank";
};
"linux/nix/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
options = {
# recordsize = "16MiB";
# compression = "zstd-19";
};
};
"linux/nix/home" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/home";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
};
"linux/nix/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
};
"linux/nix/state" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/state";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
};
};
};
};
};
# Make sure all persistent volumes are marked as neededForBoot
#
# Also mounts /home so it is mounted before the user home directories are created.
fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
fileSystems."/".options = [
"noatime"
"norelatime"
];
fileSystems."/boot".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [
"noatime"
"norelatime"
];
fileSystems."/persist".options = [
"noatime"
"norelatime"
];
fileSystems."/state".options = [
"noatime"
"norelatime"
];
fileSystems."/home".options = [
"noatime"
"norelatime"
];
# Only attempt to decrypt the main pool. Otherwise it attempts to decrypt pools that aren't even used.
boot.zfs.requestEncryptionCredentials = [ "zroot/linux/nix" ];
}

19
nix/configuration/hosts/family_disks/distributed_build.nix Normal file
View File

@@ -0,0 +1,19 @@
{
imports = [ ];
config = {
me.distributed_build.enable = true;
me.distributed_build.machines.quark = {
enable = false;
additional_config = {
speedFactor = 2;
};
};
me.distributed_build.machines.hydra = {
enable = true;
additional_config = {
speedFactor = 2;
};
};
};
}

33
nix/configuration/hosts/family_disks/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,33 @@
{
config,
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
config = {
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
}

75
nix/configuration/hosts/family_disks/power_management.nix Normal file
View File

@@ -0,0 +1,75 @@
{
pkgs,
...
}:
{
imports = [ ];
config = {
environment.systemPackages = with pkgs; [
powertop
];
# amdgpu.abmlevel=3 :: Automatically reduce screen brightness but tweak colors to compensate for power reduction.
# pcie_aspm=force pcie_aspm.policy=powersupersave :: Enable PCIe active state power management for power reduction.
# nowatchdog :: Disable watchdog for power savings (related to disable_sp5100_watchdog above).
# amd_pstate=passive :: Fully automated hardware pstate control.
# amd_pstate=active :: Same as passive except we can set the energy performance preference (EPP) to suggest how much we prefer performance or energy efficiency.
# amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds.
# amdgpu.dcdebugmask=0x10 :: Allegedly disables Panel Replay from https://community.frame.work/t/tracking-freezing-arch-linux-amd/39495/32
boot.kernelParams = [
"amdgpu.abmlevel=2"
"pcie_aspm=force"
# "pcie_aspm.policy=powersupersave"
"nowatchdog"
# I don't see a measurable benefit from these two:
# "cpufreq.default_governor=powersave"
# "initcall_blacklist=cpufreq_gov_userspace_init"
];
systemd.tmpfiles.rules = [
"w- /sys/firmware/acpi/platform_profile - - - - low-power"
"w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy4/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy5/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy6/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy7/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy8/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy9/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy10/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy11/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy12/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpu0/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu1/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu2/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu3/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu4/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu5/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu6/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu7/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu8/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu9/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu10/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu11/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu12/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu13/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu14/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu15/cpufreq/boost - - - - 0"
];
boot.extraModprobeConfig = ''
# Disable the hardware watchdog inside AMD 700 chipset series for power savings.
blacklist sp5100_tco
# Sound power-saving was causing chat notifications to be inaudible.
# options snd_hda_intel power_save=1
'';
};
}

7
nix/configuration/hosts/family_disks/wrapped-disk-config.nix Normal file
View File

@@ -0,0 +1,7 @@
{
config,
lib,
...
}:
lib.mkIf (!config.me.buildingPortable) (import ./disk-config.nix)

8
nix/configuration/hosts/hydra/DEPLOY_BOOT
View File

@@ -6,14 +6,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=hydra TARGET=hydra
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom nixos-rebuild boot --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#hydra'

8
nix/configuration/hosts/hydra/DEPLOY_SWITCH
View File

@@ -6,14 +6,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=hydra TARGET=hydra
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom nixos-rebuild switch --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#hydra'

4
nix/configuration/hosts/hydra/ISO
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.hydra" --max-jobs "$JOBS" "${@}" |& nom nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#hydra.iso" --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/hydra/SELF_BOOT Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#hydra" --repair --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/hydra/SELF_BUILD Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#hydra" --repair --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/hydra/SELF_SWITCH Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#hydra" --repair --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/hydra/VM_ISO Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#hydra.vm_iso" --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

124
nix/configuration/hosts/hydra/default.nix
View File

@@ -1,18 +1,9 @@
# MANUAL: On client machines generate signing keys:
# nix-store --generate-binary-cache-key some-name /persist/manual/nix/nix-cache-key.sec /persist/manual/nix/nix-cache-key.pub
# #
# Testing: # Trust other machines and add the substituters:
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \ # nix.binaryCachePublicKeys = [ "some-name:AzNW1MOlkNEsUAXS1jIFZ1QCFKXjV+Y/LrF37quAZ1A=" ];
# -accel kvm \ # nix.binaryCaches = [ "https://test.example/nix-cache" ];
# -cpu host \
# -smp cores=8 \
# -m 32768 \
# -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" \
# -drive file=/tmp/localdisk.img,if=none,id=nvm,format=raw \
# -device nvme,serial=deadbeef,drive=nvm \
# -nic user,hostfwd=tcp::60022-:22 \
# -boot order=d \
# -cdrom "$(readlink -f /persist/machine_setup/nix/configuration/result/iso/nixos*.iso)" \
# -display vnc=127.0.0.1:0
#
{ {
config, config,
@@ -22,28 +13,65 @@
}: }:
{ {
imports = [ imports = [
./disk-config.nix
./hardware-configuration.nix ./hardware-configuration.nix
./optimized_build.nix
./vm_disk.nix ./vm_disk.nix
]; ];
config = {
networking =
let
interface = "enp0s2";
in
{
# Generate with `head -c4 /dev/urandom | od -A none -t x4` # Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "fbd233d8"; hostId = "6fbf418b";
networking.hostName = "hydra"; # Define your hostname. hostName = "hydra"; # Define your hostname.
interfaces = {
"${interface}" = {
ipv4.addresses = [
{
address = "10.215.1.219";
prefixLength = 24;
}
];
ipv6.addresses = [
{
address = "2620:11f:7001:7:ffff:ffff:0ad7:01db";
prefixLength = 64;
}
];
};
};
defaultGateway = "10.215.1.1";
defaultGateway6 = {
# address = "2620:11f:7001:7::1";
address = "2620:11f:7001:7:ffff:ffff:0ad7:0101";
inherit interface;
};
dhcpcd.enable = lib.mkForce false;
useDHCP = lib.mkForce false;
};
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = false; me.boot.enable = true;
me.boot.secure = false;
me.mountPersistence = true;
boot.loader.timeout = lib.mkForce 0; # We can always generate a new ISO if we need to access other boot options.
me.optimizations = { me.optimizations = {
enable = true; enable = true;
arch = "znver4"; arch = "znver4";
# build_arch = "x86-64-v3";
system_features = [ system_features = [
"gccarch-znver4" "gccarch-znver4"
"gccarch-skylake" "gccarch-skylake"
"gccarch-kabylake"
# "gccarch-alderlake" missing WAITPKG # "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3" "gccarch-x86-64-v3"
"gccarch-x86-64-v4" "gccarch-x86-64-v4"
@@ -57,12 +85,54 @@
# Mount tmpfs at /tmp # Mount tmpfs at /tmp
boot.tmp.useTmpfs = true; boot.tmp.useTmpfs = true;
me.emacs_flavor = "plainmacs"; # Enable TRIM
me.graphical = false; # services.fstrim.enable = lib.mkDefault true;
me.hydra.enable = false;
me.nix_worker.enable = true; # nix.optimise.automatic = true;
me.vm_disk.enable = true; # nix.optimise.dates = [ "03:45" ];
me.wireguard.activated = [ ]; # nix.optimise.persistent = true;
me.wireguard.deactivated = [ ];
me.zsh.enable = true; me.image_based_appliance.enable = lib.mkForce false;
environment.systemPackages = with pkgs; [
htop
git # for building on hydra
tmux # for building on hydra
nix-output-monitor # for building on hydra
];
# nix.sshServe.enable = true;
# nix.sshServe.keys = [ "ssh-dss AAAAB3NzaC1k... bob@example.org" ];
# Override garbage collection to keep things longer
# Automatic garbage collection
nix.gc = lib.mkForce {
automatic = true;
persistent = true;
dates = "weekly";
# randomizedDelaySec = "14m";
options = "--delete-older-than 60d";
};
# The default limit of files is 1024 which is too low for some nix builds.
#
# Check with `ulimit -n`
security.pam.loginLimits = [
{
domain = "*";
item = "nofile";
type = "-";
value = "8192";
}
];
# systemd.user.extraConfig = "DefaultLimitNOFILE=8192";
# systemd.services."user@11400".serviceConfig.LimitNOFILE = "8192";
me.build_in_ram.enable = true;
me.dont_use_substituters.enable = true;
me.hydra.enable = true;
me.minimal_base.enable = true;
me.nix_worker.enable = true;
};
} }

22
nix/configuration/hosts/hydra/hardware-configuration.nix
View File

@@ -1,10 +1,6 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ {
config, config,
lib, lib,
pkgs,
modulesPath, modulesPath,
... ...
}: }:
@@ -14,13 +10,11 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
config = {
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme" "nvme"
"usbhid" "xhci_pci"
"usb_storage" "thunderbolt"
"sd_mod"
"sdhci_pci"
]; ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ]; boot.kernelModules = [ ];
@@ -30,10 +24,8 @@
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.dhcpcd.enable = lib.mkForce true; # networking.useDHCP = lib.mkDefault true;
networking.useDHCP = lib.mkForce true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
networking.interfaces.enp0s2.useDHCP = lib.mkForce true; # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
# systemd.network.enable = true; };
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
} }

74
nix/configuration/hosts/hydra/vm_disk.nix
View File

@@ -8,20 +8,14 @@
{ {
imports = [ ]; imports = [ ];
options.me = { config = {
vm_disk.enable = lib.mkOption { # environment.systemPackages = with pkgs; [
type = lib.types.bool; # e2fsprogs # mkfs.ext4
default = false; # gptfdisk # cgdisk
example = true; # ];
description = "Whether we want to mount the local disk for persistent storage.";
};
};
config = lib.mkIf config.me.vm_disk.enable (
lib.mkMerge [
{
# Mount the local disk # Mount the local disk
fileSystems = { fileSystems = lib.mkIf config.me.mountPersistence {
"/.disk" = lib.mkForce { "/.disk" = lib.mkForce {
device = "/dev/nvme0n1p1"; device = "/dev/nvme0n1p1";
fsType = "ext4"; fsType = "ext4";
@@ -32,6 +26,25 @@
neededForBoot = true; neededForBoot = true;
}; };
# "/.persist" = lib.mkForce {
# device = "bind9p";
# fsType = "9p";
# options = [
# "noatime"
# "trans=virtio"
# "version=9p2000.L"
# "cache=mmap"
# "msize=512000"
# "uname=root"
# "dfltuid=0"
# "dfltgid=0"
# "nodevmap"
# # "noauto"
# # "x-systemd.automount"
# ];
# neededForBoot = true;
# };
"/persist" = { "/persist" = {
fsType = "none"; fsType = "none";
device = "/.disk/persist"; device = "/.disk/persist";
@@ -42,6 +55,7 @@
depends = [ depends = [
"/.disk/persist" "/.disk/persist"
]; ];
neededForBoot = true;
}; };
"/state" = { "/state" = {
@@ -54,24 +68,28 @@
depends = [ depends = [
"/.disk/state" "/.disk/state"
]; ];
neededForBoot = true;
}; };
"/nix/store" = lib.mkForce { # "/nix/store" = lib.mkForce {
fsType = "overlay"; # overlay = {
device = "overlay"; # lowerdir = [ "/nix/.ro-store" ];
options = [ # upperdir = "/.disk/persist/store";
"lowerdir=/nix/.ro-store" # workdir = "/.disk/state/work";
"upperdir=/.disk/persist/store" # };
"workdir=/.disk/state/work" # # fsType = "overlay";
]; # # device = "overlay";
depends = [ # # options = [
"/nix/.ro-store" # # "lowerdir=/nix/.ro-store"
"/.disk/persist/store" # # "upperdir=/.disk/persist/store"
"/.disk/state/work" # # "workdir=/.disk/state/work"
]; # # ];
# depends = [
# "/nix/.ro-store"
# "/.disk/persist/store"
# "/.disk/state/work"
# ];
# };
}; };
}; };
} }
]
);
}

13
nix/configuration/hosts/i_only_boot_zfs/DEPLOY_BOOT Executable file
View File

@@ -0,0 +1,13 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
TARGET=i_only_boot_zfs
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#i_only_boot_zfs" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

13
nix/configuration/hosts/i_only_boot_zfs/DEPLOY_SWITCH Executable file
View File

@@ -0,0 +1,13 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
TARGET=i_only_boot_zfs
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#i_only_boot_zfs" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/i_only_boot_zfs/ISO Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#i_only_boot_zfs.iso" --repair --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/i_only_boot_zfs/SELF_BOOT Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#i_only_boot_zfs" --repair --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/i_only_boot_zfs/SELF_BUILD Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#i_only_boot_zfs" --repair --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/i_only_boot_zfs/SELF_SWITCH Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#i_only_boot_zfs" --repair --log-format internal-json -v "${@}" |& nom --json

63
nix/configuration/hosts/i_only_boot_zfs/default.nix Normal file
View File

@@ -0,0 +1,63 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./hardware-configuration.nix
./wrapped-disk-config.nix
./distributed_build.nix
./power_management.nix
];
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "6a05d86e";
networking.hostName = "i_only_boot_zfs"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.boot.enable = true;
me.boot.secure = false;
me.mountPersistence = true;
# Toggle to start writing the extlinux config which will be used by zfsbootmenu
# boot.loader.generic-extlinux-compatible.enable = true;
# boot.loader.systemd-boot.enable = lib.mkForce false;
me.optimizations = {
# enable = true;
# arch = "kabylake";
# build_arch = "x86-64-v3";
system_features = [
# "gccarch-kabylake"
"gccarch-x86-64-v3"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Early KMS
# boot.initrd.kernelModules = [ "amdgpu" ];
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
# Enable TRIM
# services.fstrim.enable = lib.mkDefault true;
# Even when installed, we want to dhcp because this is for a VM.
networking.dhcpcd.enable = true;
networking.useDHCP = true;
me.build_in_ram.enable = true;
me.dont_use_substituters.enable = true;
me.minimal_base.enable = true;
};
}

35
nix/configuration/hosts/hydra/disk-config.nix → nix/configuration/hosts/i_only_boot_zfs/disk-config.nix
View File

@@ -1,14 +1,8 @@
# Manual Step: # Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1 # Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1 # Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) { {
disko.devices = { disko.devices = {
disk = { disk = {
main = { main = {
@@ -23,7 +17,7 @@ lib.mkIf (!config.me.buildingIso) {
content = { content = {
type = "filesystem"; type = "filesystem";
format = "vfat"; format = "vfat";
mountpoint = "/boot"; mountpoint = "/efi";
mountOptions = [ mountOptions = [
"umask=0077" "umask=0077"
"noatime" "noatime"
@@ -70,6 +64,11 @@ lib.mkIf (!config.me.buildingIso) {
"linux/nix" = { "linux/nix" = {
type = "zfs_fs"; type = "zfs_fs";
options.mountpoint = "none"; options.mountpoint = "none";
options = {
# encryption = "aes-256-gcm";
# keyformat = "passphrase";
# keylocation = "file:///tmp/secret.key";
};
}; };
"linux/nix/root" = { "linux/nix/root" = {
type = "zfs_fs"; type = "zfs_fs";
@@ -77,14 +76,23 @@ lib.mkIf (!config.me.buildingIso) {
mountpoint = "/"; mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank"; postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
}; };
"linux/nix/boot" = {
type = "zfs_fs";
options = {
mountpoint = "legacy";
"org.zfsbootmenu:active" = "on";
};
mountpoint = "/boot";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/boot@blank$' || zfs snapshot zroot/linux/nix/boot@blank";
};
"linux/nix/nix" = { "linux/nix/nix" = {
type = "zfs_fs"; type = "zfs_fs";
options.mountpoint = "legacy"; options.mountpoint = "legacy";
mountpoint = "/nix"; mountpoint = "/nix";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank"; postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
options = { options = {
recordsize = "1MiB"; recordsize = "16MiB";
compression = "lz4"; compression = "zstd-19";
}; };
}; };
"linux/nix/home" = { "linux/nix/home" = {
@@ -121,6 +129,10 @@ lib.mkIf (!config.me.buildingIso) {
"noatime" "noatime"
"norelatime" "norelatime"
]; ];
fileSystems."/boot".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [ fileSystems."/nix".options = [
"noatime" "noatime"
"norelatime" "norelatime"
@@ -137,4 +149,7 @@ lib.mkIf (!config.me.buildingIso) {
"noatime" "noatime"
"norelatime" "norelatime"
]; ];
# Only attempt to decrypt the main pool. Otherwise it attempts to decrypt pools that aren't even used.
# boot.zfs.requestEncryptionCredentials = [ "zroot/linux/nix" ];
} }

13
nix/configuration/hosts/i_only_boot_zfs/distributed_build.nix Normal file
View File

@@ -0,0 +1,13 @@
{
imports = [ ];
config = {
me.distributed_build.enable = true;
me.distributed_build.machines.quark = {
enable = true;
additional_config = {
speedFactor = 2;
};
};
};
}

33
nix/configuration/hosts/i_only_boot_zfs/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,33 @@
{
config,
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
config = {
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
}

63
nix/configuration/hosts/i_only_boot_zfs/power_management.nix Normal file
View File

@@ -0,0 +1,63 @@
{
pkgs,
...
}:
{
imports = [ ];
config = {
environment.systemPackages = with pkgs; [
powertop
];
# pcie_aspm=force pcie_aspm.policy=powersupersave :: Enable PCIe active state power management for power reduction.
# nowatchdog :: Disable watchdog for power savings (related to disable_sp5100_watchdog above).
boot.kernelParams = [
"pcie_aspm=force"
# "pcie_aspm.policy=powersupersave"
"nowatchdog"
];
systemd.tmpfiles.rules = [
"w- /sys/firmware/acpi/platform_profile - - - - low-power"
"w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy4/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy5/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy6/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy7/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy8/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy9/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy10/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy11/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy12/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpu0/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu1/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu2/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu3/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu4/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu5/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu6/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu7/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu8/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu9/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu10/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu11/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu12/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu13/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu14/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu15/cpufreq/boost - - - - 0"
];
boot.extraModprobeConfig = ''
# Sound power-saving was causing chat notifications to be inaudible.
# options snd_hda_intel power_save=1
'';
};
}

7
nix/configuration/hosts/i_only_boot_zfs/wrapped-disk-config.nix Normal file
View File

@@ -0,0 +1,7 @@
{
config,
lib,
...
}:
lib.mkIf (!config.me.buildingPortable) (import ./disk-config.nix)

19
nix/configuration/hosts/ionlybootzfs/DEPLOY_BOOT
View File

@@ -1,19 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET="ionlybootzfs"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#ionlybootzfs'

19
nix/configuration/hosts/ionlybootzfs/DEPLOY_SWITCH
View File

@@ -1,19 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=ionlybootzfs
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#ionlybootzfs'

63
nix/configuration/hosts/ionlybootzfs/default.nix
View File

@@ -1,63 +0,0 @@
#
# Testing:
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \
# -accel kvm \
# -cpu host \
# -smp cores=8 \
# -m 32768 \
# -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" \
# -drive file=/tmp/localdisk.img,if=none,id=nvm,format=raw \
# -device nvme,serial=deadbeef,drive=nvm \
# -nic user,hostfwd=tcp::60022-:22 \
# -boot order=d \
# -cdrom "$(readlink -f /persist/machine_setup/nix/configuration/result/iso/nixos*.iso)" \
# -display vnc=127.0.0.1:0
#
{
config,
lib,
pkgs,
...
}:
{
imports = [
./wrapped-disk-config.nix
./hardware-configuration.nix
];
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "fbd233d8";
networking.hostName = "ionlybootzfs"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = true;
me.optimizations = {
enable = false;
arch = "znver4";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
me.emacs_flavor = "plainmacs";
me.graphical = false;
me.wireguard.activated = [ ];
me.wireguard.deactivated = [ ];
me.zsh.enable = true;
}

38
nix/configuration/hosts/ionlybootzfs/hardware-configuration.nix
View File

@@ -1,38 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.dhcpcd.enable = lib.mkForce true;
networking.useDHCP = lib.mkForce true;
# systemd.network.enable = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

131
nix/configuration/hosts/ionlybootzfs/optimized_build.nix
View File

@@ -1,131 +0,0 @@
{
config,
lib,
pkgs,
pkgs-unoptimized,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{ }
(lib.mkIf (!config.me.optimizations.enable) {
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_14;
})
(lib.mkIf (config.me.optimizations.enable) {
nixpkgs.hostPlatform = {
gcc.arch = "znver4";
gcc.tune = "znver4";
system = "x86_64-linux";
};
nixpkgs.overlays = [
(
final: prev:
let
addConfig =
additionalConfig: pkg:
pkg.override (oldconfig: {
structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
});
in
{
linux_me = addConfig {
# Full preemption
PREEMPT = lib.mkOverride 60 lib.kernel.yes;
PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
# Google's BBRv3 TCP congestion Control
TCP_CONG_BBR = lib.kernel.yes;
DEFAULT_BBR = lib.kernel.yes;
# Preemptive Full Tickless Kernel at 300Hz
HZ = lib.kernel.freeform "300";
HZ_300 = lib.kernel.yes;
HZ_1000 = lib.kernel.no;
} prev.linux_6_14;
# gsl = prev.gsl.overrideAttrs (old: {
# # gsl tests fails when optimizations are enabled.
# # > FAIL: cholesky_invert unscaled hilbert ( 4, 4)[0,2]: 2.55795384873636067e-13 0
# # > (2.55795384873636067e-13 observed vs 0 expected) [28259614]
# doCheck = false;
# });
}
)
(final: prev: {
haskellPackages = prev.haskellPackages.extend (
final': prev': {
inherit (pkgs-unoptimized.haskellPackages)
crypton
crypton-connection
crypton-x509
crypton-x509-store
crypton-x509-system
crypton-x509-validation
hspec-wai
http-client-tls
http2
pandoc
pandoc-cli
pandoc-lua-engine
pandoc-server
servant-server
tls
wai-app-static
wai-extra
warp
;
}
);
})
(final: prev: {
inherit (pkgs-unoptimized)
gsl
redis
valkey
;
})
];
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_me;
})
(lib.mkIf (!config.me.buildingIso) {
nix.settings.system-features = lib.mkForce [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
# Keep ALL dependencies so we can rebuild offline. This DRASTICALLY increase disk usage, but disk space is cheap.
# system.includeBuildDependencies = true;
# This also should enable building offline? TODO: test.
nix.extraOptions = ''
keep-outputs = true
keep-derivations = true
'';
# # building ON
# nixpkgs.localSystem = { system = "aarch64-linux"; };
# # building FOR
# nixpkgs.crossSystem = { system = "aarch64-linux"; };
# nixpkgs.config = {
# replaceStdenv = ({ pkgs }: pkgs.clangStdenv);
# };
# or maybe an overlay
# stdenv = prev.clangStdenv;
})
(lib.mkIf (config.me.buildingIso) {
boot.supportedFilesystems.zfs = true;
})
];
}

8
nix/configuration/hosts/ionlybootzfs/wrapped-disk-config.nix
View File

@@ -1,8 +0,0 @@
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) (import ./disk-config.nix)

4
nix/configuration/hosts/neelix/DEPLOY_BOOT
View File

@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250 # TARGET=192.168.211.250
TARGET=neelix TARGET=neelix
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom nixos-rebuild boot --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#neelix' # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#neelix'

4
nix/configuration/hosts/neelix/DEPLOY_SWITCH
View File

@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250 # TARGET=192.168.211.250
TARGET=neelix TARGET=neelix
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom nixos-rebuild switch --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#neelix' # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#neelix'

19
nix/configuration/hosts/neelix/default.nix
View File

@@ -6,6 +6,7 @@
./power_management.nix ./power_management.nix
]; ];
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4` # Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "bca9d0a5"; networking.hostId = "bca9d0a5";
@@ -14,7 +15,8 @@
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = false; me.boot.secure = false;
me.mountPersistence = true;
me.optimizations = { me.optimizations = {
enable = false; enable = false;
@@ -36,16 +38,29 @@
# Mount tmpfs at /tmp # Mount tmpfs at /tmp
# boot.tmp.useTmpfs = true; # boot.tmp.useTmpfs = true;
me.base.enable = true;
me.bluetooth.enable = true; me.bluetooth.enable = true;
me.boot.enable = true;
me.doas.enable = true;
me.emacs_flavor = "plainmacs"; me.emacs_flavor = "plainmacs";
me.firewall.enable = true;
me.font.enable = true;
me.git.enable = true;
me.graphical = true; me.graphical = true;
me.graphics_card_type = "intel"; me.graphics_card_type = "intel";
me.kodi.enable = true; me.kodi.enable = true;
me.lvfs.enable = true; me.lvfs.enable = true;
me.memtest.enable = true;
me.network.enable = true;
me.nvme.enable = true;
me.sound.enable = true; me.sound.enable = true;
me.ssh.enable = true;
me.sshd.enable = true;
me.user.enable = true;
me.wireguard.activated = [ "wgh" ]; me.wireguard.activated = [ "wgh" ];
me.wireguard.deactivated = [ "wgf" ]; me.wireguard.deactivated = [ "wgf" ];
me.zfs.enable = true;
me.zrepl.enable = true; me.zrepl.enable = true;
me.zsh.enable = true; me.zsh.enable = true;
};
} }

7
nix/configuration/hosts/neelix/hardware-configuration.nix
View File

@@ -1,10 +1,6 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ {
config, config,
lib, lib,
pkgs,
modulesPath, modulesPath,
... ...
}: }:
@@ -14,6 +10,7 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
config = {
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [
"xhci_pci" "xhci_pci"
"nvme" "nvme"
@@ -34,6 +31,6 @@
# networking.interfaces.eno1.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
} }

4
nix/configuration/hosts/neelix/power_management.nix
View File

@@ -1,6 +1,4 @@
{ {
config,
lib,
pkgs, pkgs,
... ...
}: }:
@@ -8,6 +6,7 @@
{ {
imports = [ ]; imports = [ ];
config = {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
powertop powertop
]; ];
@@ -32,4 +31,5 @@
boot.extraModprobeConfig = '' boot.extraModprobeConfig = ''
options snd_hda_intel power_save=1 options snd_hda_intel power_save=1
''; '';
};
} }

8
nix/configuration/hosts/odo/DEPLOY_BOOT
View File

@@ -6,14 +6,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
# TARGET=10.216.1.15
# TARGET=192.168.211.250
TARGET=odo TARGET=odo
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom nixos-rebuild boot --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#odo'

8
nix/configuration/hosts/odo/DEPLOY_SWITCH
View File

@@ -6,14 +6,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=odo TARGET=odo
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom nixos-rebuild switch --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#odo'

4
nix/configuration/hosts/odo/ISO
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.odo" --max-jobs "$JOBS" "${@}" |& nom nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#odo.iso" --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

4
nix/configuration/hosts/odo/SELF_BOOT
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" "${@}" |& nom nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --repair --log-format internal-json -v "${@}" |& nom --json

5
nix/configuration/hosts/odo/SELF_BUILD
View File

@@ -6,7 +6,6 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" "${@}" |& nom
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --repair --log-format internal-json -v "${@}" |& nom --json

4
nix/configuration/hosts/odo/SELF_SWITCH
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" "${@}" |& nom nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --repair --log-format internal-json -v "${@}" |& nom --json

60
nix/configuration/hosts/odo/default.nix
View File

@@ -15,6 +15,7 @@
./framework_module.nix ./framework_module.nix
]; ];
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4` # Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "908cbf04"; networking.hostId = "908cbf04";
@@ -23,14 +24,27 @@
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = true; me.boot.enable = true;
me.boot.secure = false;
me.mountPersistence = true;
# Toggle to start writing the extlinux config which will be used by zfsbootmenu
boot.loader.generic-extlinux-compatible.enable = true;
boot.loader.systemd-boot.enable = lib.mkForce false;
me.rollback.dataset = [
"zroot/linux/nix/root@blank"
"zroot/linux/nix/home@blank"
];
me.optimizations = { me.optimizations = {
enable = true; enable = true;
arch = "znver4"; arch = "znver4";
# build_arch = "x86-64-v3";
system_features = [ system_features = [
"gccarch-znver4" "gccarch-znver4"
"gccarch-skylake" "gccarch-skylake"
"gccarch-kabylake"
# "gccarch-alderlake" missing WAITPKG # "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3" "gccarch-x86-64-v3"
"gccarch-x86-64-v4" "gccarch-x86-64-v4"
@@ -58,59 +72,99 @@
# Enable TRIM # Enable TRIM
# services.fstrim.enable = lib.mkDefault true; # services.fstrim.enable = lib.mkDefault true;
# Only run nix builders at idle priority for a more responsive system. Do not set on servers, just end-user devices.
nix.daemonCPUSchedPolicy = "idle";
me.alacritty.enable = true; me.alacritty.enable = true;
me.amd_s2idle.enable = true;
me.android.enable = true;
me.ansible.enable = true; me.ansible.enable = true;
me.ares.enable = true; me.ares.enable = true;
me.base.enable = true;
me.bluetooth.enable = true; me.bluetooth.enable = true;
me.build_in_ram.enable = true;
me.chromecast.enable = true; me.chromecast.enable = true;
me.chromium.enable = true; me.chromium.enable = true;
me.docker.enable = true; me.d2.enable = true;
me.ecc.enable = true; me.direnv.enable = true;
me.doas.enable = true;
me.docker.enable = false;
me.dont_use_substituters.enable = true;
me.ecc.enable = false;
me.emacs_flavor = "full"; me.emacs_flavor = "full";
me.emulate_isa.enable = true;
me.esim.enable = true;
me.firefox.enable = true; me.firefox.enable = true;
me.firewall.enable = true;
me.flux.enable = true; me.flux.enable = true;
me.font.enable = true;
me.gcloud.enable = true; me.gcloud.enable = true;
me.git.config = ../../roles/git/files/gitconfig_home; me.git.config = ../../roles/git/files/gitconfig_home;
me.git.enable = true;
me.gnuplot.enable = true; me.gnuplot.enable = true;
me.gpg.enable = true; me.gpg.enable = true;
me.graphical = true; me.graphical = true;
me.graphics_card_type = "amd"; me.graphics_card_type = "amd";
me.graphviz.enable = true;
me.iso_mount.enable = true; me.iso_mount.enable = true;
me.jujutsu.config = ../../roles/jujutsu/files/jujutsu_config_home.toml;
me.jujutsu.enable = true;
me.kanshi.enable = false; me.kanshi.enable = false;
me.kubernetes.enable = true; me.kubernetes.enable = true;
me.latex.enable = true; me.latex.enable = true;
me.launch_keyboard.enable = true; me.launch_keyboard.enable = true;
me.lvfs.enable = true; me.lvfs.enable = true;
me.media.enable = true; me.media.enable = true;
me.memtest.enable = true;
me.network.enable = true;
me.nix_index.enable = true; me.nix_index.enable = true;
me.nix_repl.enable = true;
me.nixdev.enable = true;
me.nvme.enable = true;
me.openpgp_card_tools.enable = true;
me.pcsx2.enable = true; me.pcsx2.enable = true;
me.podman.enable = true;
me.postgresql_client.enable = true;
me.python.enable = true; me.python.enable = true;
me.qemu.enable = true; me.qemu.enable = true;
me.recovery.enable = true;
me.rpcs3.enable = true; me.rpcs3.enable = true;
me.rust.enable = true; me.rust.enable = true;
me.sequoia.enable = true;
me.shadps4.enable = false;
me.shikane.enable = true; me.shikane.enable = true;
me.sops.enable = true; me.sops.enable = true;
me.sound.enable = true; me.sound.enable = true;
me.spaghettikart.enable = true;
me.ssh.enable = true;
me.sshd.enable = true;
me.steam.enable = true; me.steam.enable = true;
me.steam_run_free.enable = true; me.steam_run_free.enable = true;
me.sway.enable = true; me.sway.enable = true;
me.tekton.enable = true; me.tekton.enable = true;
me.terraform.enable = true; me.terraform.enable = true;
me.thunderbolt.enable = true; me.thunderbolt.enable = true;
me.user.enable = true;
me.uutils.enable = false;
me.vnc_client.enable = true; me.vnc_client.enable = true;
me.vscode.enable = true; me.vscode.enable = true;
me.wasm.enable = true; me.wasm.enable = true;
me.waybar.enable = true; me.waybar.enable = true;
me.webcam.enable = true;
me.wine.enable = false;
me.wireguard.activated = [ me.wireguard.activated = [
"drmario" "drmario"
"wgh" "wgh"
"colo" "colo"
]; ];
me.wireguard.deactivated = [ "wgf" ]; me.wireguard.deactivated = [ "wgf" ];
me.yubikey.enable = true;
me.zfs.enable = true;
me.zrepl.enable = true; me.zrepl.enable = true;
me.zsh.enable = true; me.zsh.enable = true;
me.sm64ex.enable = true; me.sm64ex.enable = true;
me.shipwright.enable = true; me.shipwright.enable = true;
me.ship2harkinian.enable = true; me.ship2harkinian.enable = true;
};
} }

15
nix/configuration/hosts/odo/disk-config.nix
View File

@@ -17,7 +17,7 @@
content = { content = {
type = "filesystem"; type = "filesystem";
format = "vfat"; format = "vfat";
mountpoint = "/boot"; mountpoint = "/efi";
mountOptions = [ mountOptions = [
"umask=0077" "umask=0077"
"noatime" "noatime"
@@ -76,6 +76,15 @@
mountpoint = "/"; mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank"; postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
}; };
"linux/nix/boot" = {
type = "zfs_fs";
options = {
mountpoint = "legacy";
"org.zfsbootmenu:active" = "on";
};
mountpoint = "/boot";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/boot@blank$' || zfs snapshot zroot/linux/nix/boot@blank";
};
"linux/nix/nix" = { "linux/nix/nix" = {
type = "zfs_fs"; type = "zfs_fs";
options.mountpoint = "legacy"; options.mountpoint = "legacy";
@@ -120,6 +129,10 @@
"noatime" "noatime"
"norelatime" "norelatime"
]; ];
fileSystems."/boot".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [ fileSystems."/nix".options = [
"noatime" "noatime"
"norelatime" "norelatime"

22
nix/configuration/hosts/odo/distributed_build.nix
View File

@@ -1,27 +1,19 @@
{
config,
lib,
pkgs,
...
}:
{ {
imports = [ ]; imports = [ ];
config = lib.mkMerge [ config = {
{
me.distributed_build.enable = true; me.distributed_build.enable = true;
me.distributed_build.machines.quark = {
enable = false;
additional_config = {
speedFactor = 2;
};
};
me.distributed_build.machines.hydra = { me.distributed_build.machines.hydra = {
enable = true; enable = true;
additional_config = { additional_config = {
speedFactor = 2; speedFactor = 2;
}; };
}; };
me.distributed_build.machines.quark = {
enable = true;
additional_config = {
speedFactor = 2;
};
}; };
} }
];
}

8
nix/configuration/hosts/odo/framework_module.nix
View File

@@ -1,15 +1,12 @@
{ {
config, config,
lib,
pkgs,
... ...
}: }:
{ {
imports = [ ]; imports = [ ];
config = lib.mkMerge [ config = {
{
boot.extraModulePackages = with config.boot.kernelPackages; [ boot.extraModulePackages = with config.boot.kernelPackages; [
framework-laptop-kmod framework-laptop-kmod
]; ];
@@ -18,6 +15,5 @@
"cros_ec" "cros_ec"
"cros_ec_lpcs" "cros_ec_lpcs"
]; ];
} };
];
} }

7
nix/configuration/hosts/odo/hardware-configuration.nix
View File

@@ -1,10 +1,6 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ {
config, config,
lib, lib,
pkgs,
modulesPath, modulesPath,
... ...
}: }:
@@ -14,6 +10,7 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
config = {
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [
"nvme" "nvme"
"xhci_pci" "xhci_pci"
@@ -31,6 +28,6 @@
# networking.interfaces.eno1.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
} }

22
nix/configuration/hosts/odo/power_management.nix
View File

@@ -1,6 +1,4 @@
{ {
config,
lib,
pkgs, pkgs,
... ...
}: }:
@@ -8,6 +6,7 @@
{ {
imports = [ ]; imports = [ ];
config = {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
powertop powertop
]; ];
@@ -20,7 +19,7 @@
# amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds. # amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds.
# amdgpu.dcdebugmask=0x10 :: Allegedly disables Panel Replay from https://community.frame.work/t/tracking-freezing-arch-linux-amd/39495/32 # amdgpu.dcdebugmask=0x10 :: Allegedly disables Panel Replay from https://community.frame.work/t/tracking-freezing-arch-linux-amd/39495/32
boot.kernelParams = [ boot.kernelParams = [
"amdgpu.abmlevel=3" "amdgpu.abmlevel=2"
"pcie_aspm=force" "pcie_aspm=force"
# "pcie_aspm.policy=powersupersave" # "pcie_aspm.policy=powersupersave"
"nowatchdog" "nowatchdog"
@@ -47,6 +46,22 @@
"w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpu0/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu1/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu2/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu3/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu4/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu5/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu6/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu7/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu8/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu9/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu10/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu11/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu12/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu13/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu14/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu15/cpufreq/boost - - - - 0"
]; ];
boot.extraModprobeConfig = '' boot.extraModprobeConfig = ''
@@ -56,4 +71,5 @@
# Sound power-saving was causing chat notifications to be inaudible. # Sound power-saving was causing chat notifications to be inaudible.
# options snd_hda_intel power_save=1 # options snd_hda_intel power_save=1
''; '';
};
} }

11
nix/configuration/hosts/odo/screen_brightness.nix
View File

@@ -1,14 +1,9 @@
{
config,
lib,
pkgs,
...
}:
{ {
imports = [ ]; imports = [ ];
config = {
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"w- /sys/class/backlight/amdgpu_bl1/brightness - - - - 85" "w- /sys/class/backlight/amdgpu_bl1/brightness - - - - 32767"
]; ];
};
} }

12
nix/configuration/hosts/odo/wifi.nix
View File

@@ -1,19 +1,7 @@
{
config,
lib,
pkgs,
...
}:
{ {
imports = [ ]; imports = [ ];
config = { config = {
# Doesn't seem necessary starting with 6.13
# environment.loginShellInit = lib.mkIf (!config.me.buildingIso) ''
# doas iw dev wlan0 set power_save off
# '';
# Enable debug logging for ath12k wifi card. # Enable debug logging for ath12k wifi card.
boot.kernelParams = [ boot.kernelParams = [
"ath12k.debug_mask=0xffffffff" "ath12k.debug_mask=0xffffffff"

3
nix/configuration/hosts/odo/wrapped-disk-config.nix
View File

@@ -1,8 +1,7 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:
lib.mkIf (!config.me.buildingIso) (import ./disk-config.nix) lib.mkIf (!config.me.buildingPortable) (import ./disk-config.nix)

11
nix/configuration/hosts/odowork/DEPLOY_BOOT Executable file
View File

@@ -0,0 +1,11 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
TARGET=odowork
nixos-rebuild boot --flake "$DIR/../../#odowork" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

11
nix/configuration/hosts/odowork/DEPLOY_SWITCH Executable file
View File

@@ -0,0 +1,11 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
TARGET=odowork
nixos-rebuild switch --flake "$DIR/../../#odowork" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

9
nix/configuration/hosts/odowork/INSTALLER Executable file
View File

@@ -0,0 +1,9 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#odowork.installer" --repair --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

9
nix/configuration/hosts/odowork/ISO Executable file
View File

@@ -0,0 +1,9 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#odowork.iso" --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

9
nix/configuration/hosts/odowork/SELF_BOOT Executable file
View File

@@ -0,0 +1,9 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odowork" --repair --log-format internal-json -v "${@}" |& nom --json

9
nix/configuration/hosts/odowork/SELF_BUILD Executable file
View File

@@ -0,0 +1,9 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odowork" --repair --log-format internal-json -v "${@}" |& nom --json

9
nix/configuration/hosts/odowork/SELF_SWITCH Executable file
View File

@@ -0,0 +1,9 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odowork" --repair --log-format internal-json -v "${@}" |& nom --json

156
nix/configuration/hosts/odowork/default.nix Normal file
View File

@@ -0,0 +1,156 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./hardware-configuration.nix
./wrapped-disk-config.nix
./distributed_build.nix
./power_management.nix
./screen_brightness.nix
./wifi.nix
./framework_module.nix
./ssh_config.nix
];
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "133cb66e";
networking.hostName = "odowork"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.boot.enable = true;
me.boot.secure = false;
me.mountPersistence = true;
# Toggle to start writing the extlinux config which will be used by zfsbootmenu
boot.loader.generic-extlinux-compatible.enable = true;
boot.loader.systemd-boot.enable = lib.mkForce false;
me.rollback.dataset = [
"zroot/linux/nixwork/root@blank"
"zroot/linux/nixwork/home@blank"
];
me.optimizations = {
enable = true;
arch = "znver4";
# build_arch = "x86-64-v3";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
"gccarch-kabylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Early KMS
boot.initrd.kernelModules = [ "amdgpu" ];
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
environment.systemPackages = with pkgs; [
fw-ectool
framework-tool
];
# Enable light sensor
# hardware.sensor.iio.enable = lib.mkDefault true;
# Enable TRIM
# services.fstrim.enable = lib.mkDefault true;
# Only run nix builders at idle priority for a more responsive system. Do not set on servers, just end-user devices.
nix.daemonCPUSchedPolicy = "idle";
fonts.enableDefaultPackages = lib.mkForce true;
fonts.packages = with pkgs; [
corefonts
];
allowedUnfree = [ "corefonts" ];
me.alacritty.enable = true;
me.amd_s2idle.enable = true;
me.android.enable = true;
me.ansible.enable = true;
me.base.enable = true;
me.bluetooth.enable = true;
me.build_in_ram.enable = true;
me.chromium.enable = true;
me.d2.enable = true;
me.direnv.enable = true;
me.doas.enable = true;
me.docker.enable = false;
me.dont_use_substituters.enable = true;
me.emacs_flavor = "full";
me.firefox.enable = true;
me.firewall.enable = true;
me.font.enable = true;
me.gcloud.enable = true;
me.git.config = ../../roles/git/files/gitconfig_work;
me.git.enable = true;
me.gnome_keyring.enable = true;
me.gnuplot.enable = true;
me.gpg.enable = true;
me.graphical = true;
me.graphics_card_type = "amd";
me.graphviz.enable = true;
me.iso_mount.enable = true;
me.jujutsu.config = ../../roles/jujutsu/files/jujutsu_config_home.toml;
me.jujutsu.enable = true;
me.latex.enable = true;
me.launch_keyboard.enable = true;
me.lvfs.enable = true;
me.media.enable = true;
me.memtest.enable = true;
me.network.enable = true;
me.nix_index.enable = true;
me.nix_repl.enable = true;
me.nixdev.enable = true;
me.nvme.enable = true;
me.openpgp_card_tools.enable = true;
me.podman.enable = true;
me.postgresql_client.enable = true;
me.python.enable = true;
me.rust.enable = true;
me.sequoia.enable = true;
me.shikane.enable = true;
me.sops.enable = true;
me.sound.enable = true;
me.ssh.enable = true;
me.sshd.enable = true;
me.steam_run_free.enable = true;
me.sway.enable = true;
me.terraform.enable = true;
me.thunderbolt.enable = true;
me.user.enable = true;
me.vscode.enable = true;
me.vscode.enable_work_profile = true;
me.waybar.enable = true;
me.webcam.enable = true;
me.wireguard.activated = [
"wgh"
];
me.wireguard.deactivated = [
"wgf"
"colo"
];
me.yubikey.enable = true;
me.zfs.enable = true;
me.zrepl.enable = true;
me.zsh.enable = true;
};
}

155
nix/configuration/hosts/odowork/disk-config.nix Normal file
View File

@@ -0,0 +1,155 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/efi";
mountOptions = [
"umask=0077"
"noatime"
"discard"
];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
# mode = "mirror";
# Workaround: cannot import 'zroot': I/O error in disko tests
options.cachefile = "none";
options = {
ashift = "12";
compatibility = "openzfs-2.2-freebsd";
autotrim = "on";
};
rootFsOptions = {
acltype = "posixacl";
atime = "off";
relatime = "off";
xattr = "sa";
mountpoint = "none";
compression = "lz4";
canmount = "off";
utf8only = "on";
dnodesize = "auto";
normalization = "formD";
};
datasets = {
"linux/nixwork" = {
type = "zfs_fs";
options.mountpoint = "none";
options = {
encryption = "aes-256-gcm";
keyformat = "passphrase";
# keylocation = "file:///tmp/secret.key";
};
};
"linux/nixwork/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nixwork/root@blank$' || zfs snapshot zroot/linux/nixwork/root@blank";
};
"linux/nixwork/boot" = {
type = "zfs_fs";
options = {
mountpoint = "legacy";
"org.zfsbootmenu:active" = "on";
};
mountpoint = "/boot";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nixwork/boot@blank$' || zfs snapshot zroot/linux/nixwork/boot@blank";
};
"linux/nixwork/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nixwork/nix@blank$' || zfs snapshot zroot/linux/nixwork/nix@blank";
options = {
recordsize = "16MiB";
compression = "zstd-19";
};
};
"linux/nixwork/home" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/home";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nixwork/home@blank$' || zfs snapshot zroot/linux/nixwork/home@blank";
};
"linux/nixwork/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nixwork/persist@blank$' || zfs snapshot zroot/linux/nixwork/persist@blank";
};
"linux/nixwork/state" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/state";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nixwork/state@blank$' || zfs snapshot zroot/linux/nixwork/state@blank";
};
};
};
};
};
# Make sure all persistent volumes are marked as neededForBoot
#
# Also mounts /home so it is mounted before the user home directories are created.
fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
fileSystems."/".options = [
"noatime"
"norelatime"
];
fileSystems."/boot".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [
"noatime"
"norelatime"
];
fileSystems."/persist".options = [
"noatime"
"norelatime"
];
fileSystems."/state".options = [
"noatime"
"norelatime"
];
fileSystems."/home".options = [
"noatime"
"norelatime"
];
# Only attempt to decrypt the main pool. Otherwise it attempts to decrypt pools that aren't even used.
boot.zfs.requestEncryptionCredentials = [ "zroot/linux/nixwork" ];
}

19
nix/configuration/hosts/odowork/distributed_build.nix Normal file
View File

@@ -0,0 +1,19 @@
{
imports = [ ];
config = {
me.distributed_build.enable = true;
me.distributed_build.machines.quark = {
enable = false;
additional_config = {
speedFactor = 2;
};
};
me.distributed_build.machines.hydra = {
enable = true;
additional_config = {
speedFactor = 2;
};
};
};
}

19
nix/configuration/hosts/odowork/framework_module.nix Normal file
View File

@@ -0,0 +1,19 @@
{
config,
...
}:
{
imports = [ ];
config = {
boot.extraModulePackages = with config.boot.kernelPackages; [
framework-laptop-kmod
];
# https://github.com/DHowett/framework-laptop-kmod?tab=readme-ov-file#usage
boot.kernelModules = [
"cros_ec"
"cros_ec_lpcs"
];
};
}

33
nix/configuration/hosts/odowork/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,33 @@
{
config,
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
config = {
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
}

75
nix/configuration/hosts/odowork/power_management.nix Normal file
View File

@@ -0,0 +1,75 @@
{
pkgs,
...
}:
{
imports = [ ];
config = {
environment.systemPackages = with pkgs; [
powertop
];
# amdgpu.abmlevel=3 :: Automatically reduce screen brightness but tweak colors to compensate for power reduction.
# pcie_aspm=force pcie_aspm.policy=powersupersave :: Enable PCIe active state power management for power reduction.
# nowatchdog :: Disable watchdog for power savings (related to disable_sp5100_watchdog above).
# amd_pstate=passive :: Fully automated hardware pstate control.
# amd_pstate=active :: Same as passive except we can set the energy performance preference (EPP) to suggest how much we prefer performance or energy efficiency.
# amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds.
# amdgpu.dcdebugmask=0x10 :: Allegedly disables Panel Replay from https://community.frame.work/t/tracking-freezing-arch-linux-amd/39495/32
boot.kernelParams = [
"amdgpu.abmlevel=2"
"pcie_aspm=force"
# "pcie_aspm.policy=powersupersave"
"nowatchdog"
# I don't see a measurable benefit from these two:
# "cpufreq.default_governor=powersave"
# "initcall_blacklist=cpufreq_gov_userspace_init"
];
systemd.tmpfiles.rules = [
"w- /sys/firmware/acpi/platform_profile - - - - low-power"
"w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy4/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy5/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy6/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy7/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy8/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy9/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy10/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy11/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy12/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpu0/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu1/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu2/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu3/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu4/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu5/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu6/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu7/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu8/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu9/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu10/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu11/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu12/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu13/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu14/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu15/cpufreq/boost - - - - 0"
];
boot.extraModprobeConfig = ''
# Disable the hardware watchdog inside AMD 700 chipset series for power savings.
blacklist sp5100_tco
# Sound power-saving was causing chat notifications to be inaudible.
# options snd_hda_intel power_save=1
'';
};
}

9
nix/configuration/hosts/odowork/screen_brightness.nix Normal file
View File

@@ -0,0 +1,9 @@
{
imports = [ ];
config = {
systemd.tmpfiles.rules = [
"w- /sys/class/backlight/amdgpu_bl1/brightness - - - - 32767"
];
};
}

15
nix/configuration/hosts/odowork/ssh_config.nix Normal file
View File

@@ -0,0 +1,15 @@
{
lib,
...
}:
{
imports = [ ];
config = {
me.install.user.talexander.file = {
".ssh/config" = {
source = lib.mkForce "/persist/manual/ssh/talexander/config";
};
};
};
}

10
nix/configuration/hosts/odowork/wifi.nix Normal file
View File

@@ -0,0 +1,10 @@
{
imports = [ ];
config = {
# Enable debug logging for ath12k wifi card.
boot.kernelParams = [
"ath12k.debug_mask=0xffffffff"
];
};
}

7
nix/configuration/hosts/odowork/wrapped-disk-config.nix Normal file
View File

@@ -0,0 +1,7 @@
{
config,
lib,
...
}:
lib.mkIf (!config.me.buildingPortable) (import ./disk-config.nix)

8
nix/configuration/hosts/quark/DEPLOY_BOOT
View File

@@ -6,14 +6,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
#TARGET=10.216.1.15
# TARGET=192.168.211.250
TARGET=quark TARGET=quark
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom nixos-rebuild boot --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#quark'

8
nix/configuration/hosts/quark/DEPLOY_SWITCH
View File

@@ -6,14 +6,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=quark TARGET=quark
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom nixos-rebuild switch --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#quark'

4
nix/configuration/hosts/quark/ISO
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.quark" --max-jobs "$JOBS" "${@}" |& nom nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#quark.iso" --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

4
nix/configuration/hosts/quark/SELF_BOOT
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" "${@}" |& nom nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --repair --log-format internal-json -v "${@}" |& nom --json

4
nix/configuration/hosts/quark/SELF_BUILD
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" "${@}" |& nom nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --repair --log-format internal-json -v "${@}" |& nom --json

4
nix/configuration/hosts/quark/SELF_SWITCH
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" "${@}" |& nom nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --repair --log-format internal-json -v "${@}" |& nom --json

62
nix/configuration/hosts/quark/default.nix
View File

@@ -6,11 +6,11 @@
}: }:
{ {
imports = [ imports = [
./disk-config.nix ./wrapped-disk-config.nix
./distributed_build.nix ./distributed_build.nix
./hardware-configuration.nix ./hardware-configuration.nix
./power_management.nix ./power_management.nix
./wifi.nix ./waybar.nix
]; ];
config = { config = {
@@ -22,15 +22,28 @@
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = true; me.boot.enable = true;
me.boot.secure = false;
me.mountPersistence = true;
# Toggle to start writing the extlinux config which will be used by zfsbootmenu
boot.loader.generic-extlinux-compatible.enable = true;
boot.loader.systemd-boot.enable = lib.mkForce false;
me.rollback.dataset = [
"zroot/linux/nix/root@blank"
"zroot/linux/nix/home@blank"
];
me.optimizations = { me.optimizations = {
enable = true; enable = true;
arch = "znver5"; arch = "znver4";
# build_arch = "x86-64-v3";
system_features = [ system_features = [
"gccarch-znver4" "gccarch-znver4"
"gccarch-znver5" "gccarch-znver5"
"gccarch-skylake" "gccarch-skylake"
"gccarch-kabylake"
# "gccarch-alderlake" missing WAITPKG # "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3" "gccarch-x86-64-v3"
"gccarch-x86-64-v4" "gccarch-x86-64-v4"
@@ -50,59 +63,98 @@
# Enable TRIM # Enable TRIM
# services.fstrim.enable = lib.mkDefault true; # services.fstrim.enable = lib.mkDefault true;
# Only run nix builders at idle priority for a more responsive system. Do not set on servers, just end-user devices.
nix.daemonCPUSchedPolicy = "idle";
# RPCS3 has difficulty with znver5 # RPCS3 has difficulty with znver5
me.rpcs3.config.Core."Use LLVM CPU" = "znver4"; me.rpcs3.config.Core."Use LLVM CPU" = "znver4";
me.alacritty.enable = true; me.alacritty.enable = true;
me.amd_s2idle.enable = true;
me.ansible.enable = true; me.ansible.enable = true;
me.android.enable = true;
me.ares.enable = true; me.ares.enable = true;
me.base.enable = true;
me.bluetooth.enable = true; me.bluetooth.enable = true;
me.build_in_ram.enable = true;
me.chromecast.enable = true; me.chromecast.enable = true;
me.chromium.enable = true; me.chromium.enable = true;
me.docker.enable = true; me.d2.enable = true;
me.direnv.enable = true;
me.doas.enable = true;
me.docker.enable = false;
me.dont_use_substituters.enable = true;
me.ecc.enable = true; me.ecc.enable = true;
me.emacs_flavor = "full"; me.emacs_flavor = "full";
me.emulate_isa.enable = true;
me.esim.enable = true;
me.firefox.enable = true; me.firefox.enable = true;
me.firewall.enable = true;
me.flux.enable = true; me.flux.enable = true;
me.font.enable = true;
me.gcloud.enable = true; me.gcloud.enable = true;
me.git.config = ../../roles/git/files/gitconfig_home; me.git.config = ../../roles/git/files/gitconfig_home;
me.git.enable = true;
me.gnuplot.enable = true; me.gnuplot.enable = true;
me.gpg.enable = true; me.gpg.enable = true;
me.graphical = true; me.graphical = true;
me.graphics_card_type = "amd"; me.graphics_card_type = "amd";
me.graphviz.enable = true;
me.iso_mount.enable = true; me.iso_mount.enable = true;
me.jujutsu.config = ../../roles/jujutsu/files/jujutsu_config_home.toml;
me.jujutsu.enable = true;
me.kanshi.enable = false; me.kanshi.enable = false;
me.kubernetes.enable = true; me.kubernetes.enable = true;
me.latex.enable = true; me.latex.enable = true;
me.launch_keyboard.enable = true; me.launch_keyboard.enable = true;
me.lvfs.enable = true; me.lvfs.enable = true;
me.media.enable = true; me.media.enable = true;
me.memtest.enable = true;
me.network.enable = true;
me.nix_index.enable = true; me.nix_index.enable = true;
me.nix_repl.enable = true;
me.nix_worker.enable = true; me.nix_worker.enable = true;
me.nixdev.enable = true;
me.nvme.enable = true;
me.openpgp_card_tools.enable = true;
me.pcsx2.enable = true; me.pcsx2.enable = true;
me.podman.enable = true;
me.postgresql_client.enable = true;
me.python.enable = true; me.python.enable = true;
me.qemu.enable = true; me.qemu.enable = true;
me.recovery.enable = true;
me.rpcs3.enable = true; me.rpcs3.enable = true;
me.rust.enable = true; me.rust.enable = true;
me.sequoia.enable = true;
me.shadps4.enable = false;
me.shikane.enable = true; me.shikane.enable = true;
me.sops.enable = true; me.sops.enable = true;
me.sound.enable = true; me.sound.enable = true;
me.spaghettikart.enable = true;
me.ssh.enable = true;
me.sshd.enable = true;
me.steam.enable = true; me.steam.enable = true;
me.steam_run_free.enable = true; me.steam_run_free.enable = true;
me.sway.enable = true; me.sway.enable = true;
me.tekton.enable = true; me.tekton.enable = true;
me.terraform.enable = true; me.terraform.enable = true;
me.thunderbolt.enable = true; me.thunderbolt.enable = true;
me.user.enable = true;
me.uutils.enable = false;
me.vnc_client.enable = true; me.vnc_client.enable = true;
me.vscode.enable = true; me.vscode.enable = true;
me.wasm.enable = true; me.wasm.enable = true;
me.waybar.enable = true; me.waybar.enable = true;
me.webcam.enable = true;
me.wine.enable = false;
me.wireguard.activated = [ me.wireguard.activated = [
"drmario" "drmario"
"wgh" "wgh"
"colo" "colo"
]; ];
me.wireguard.deactivated = [ "wgf" ]; me.wireguard.deactivated = [ "wgf" ];
me.yubikey.enable = true;
me.zfs.enable = true;
me.zrepl.enable = true; me.zrepl.enable = true;
me.zsh.enable = true; me.zsh.enable = true;

18
nix/configuration/hosts/quark/disk-config.nix
View File

@@ -2,13 +2,6 @@
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1 # Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1 # Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{ {
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) {
disko.devices = { disko.devices = {
disk = { disk = {
main = { main = {
@@ -23,7 +16,7 @@ lib.mkIf (!config.me.buildingIso) {
content = { content = {
type = "filesystem"; type = "filesystem";
format = "vfat"; format = "vfat";
mountpoint = "/boot"; mountpoint = "/efi";
mountOptions = [ mountOptions = [
"umask=0077" "umask=0077"
"noatime" "noatime"
@@ -82,6 +75,15 @@ lib.mkIf (!config.me.buildingIso) {
mountpoint = "/"; mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank"; postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
}; };
"linux/nix/boot" = {
type = "zfs_fs";
options = {
mountpoint = "legacy";
"org.zfsbootmenu:active" = "on";
};
mountpoint = "/boot";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/boot@blank$' || zfs snapshot zroot/linux/nix/boot@blank";
};
"linux/nix/nix" = { "linux/nix/nix" = {
type = "zfs_fs"; type = "zfs_fs";
options.mountpoint = "legacy"; options.mountpoint = "legacy";

Some files were not shown because too many files have changed in this diff Show More