talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: talexander:install_files_mixin
Branches Tags
talexander:main talexander:kubernetes talexander:nix talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook
...
pull from: talexander:yubipi
Branches Tags
talexander:kubernetes talexander:nix talexander:main talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook

85 Commits
install_fi ... yubipi

Author SHA1 Message Date
Tom Alexander
3733e76d18 Add a build for the yubikey management raspberry pi image. 2025-10-08 21:24:44 -04:00
Tom Alexander
3d9513f2c5 Move ansible-sshjail and zsh-histdb into my config instead of living as separate flakes. 2025-10-05 21:37:57 -04:00
Tom Alexander
ae6cce96a2 Support running arm code on x86. 2025-10-05 20:43:04 -04:00
Tom Alexander
3274d1903f Replace GNU coreutils with uutils. 2025-10-05 20:04:03 -04:00
Tom Alexander
a01b58f6ac use-remote-sudo has been replaced with sudo. 2025-10-05 15:17:34 -04:00
Tom Alexander
fb7b1322da Remove hack for turning off wifi power saving from quark shell init. 2025-10-05 14:55:42 -04:00
Tom Alexander
69b6a81b8b Update packages. 2025-10-05 14:07:04 -04:00
Tom Alexander
f5c30860ab Install uv. 2025-10-05 14:04:01 -04:00
Tom Alexander
255b39df0a Disable the nix binary cache. 
It is technically a risk and since I build most of my software anyway, I'm not getting much benefit.
 2025-10-05 14:04:01 -04:00
Tom Alexander
da66a6917b Update amd-debug-tools to 0.2.8. 2025-09-29 21:17:30 -04:00
Tom Alexander
ad2c4809d7 Fix building the hydra vm ISO. 2025-09-28 11:38:18 -04:00
Tom Alexander
fe49204e3f Enable optimizations on some packages that are no longer broken. 2025-09-28 11:38:17 -04:00
Tom Alexander
fa44003fad Disable wifi powersaving. 2025-09-26 22:35:04 -04:00
Tom Alexander
bc0a64fb8b Update packages. 2025-09-26 22:34:43 -04:00
Tom Alexander
3048b62834 ControlPortOverNL80211 no longer needs to be disabled for the QCNCM865 in my laptop. 2025-09-26 20:22:22 -04:00
Tom Alexander
08b424e1f3 Minor cleanups for emacs. 2025-09-25 20:15:52 -04:00
Tom Alexander
185c43761c Add sequoia. 2025-09-25 20:13:56 -04:00
Tom Alexander
37abf58271 Add a qemu port of my bhyverc script for running virtual machines on Linux. 2025-09-19 21:04:58 -04:00
Tom Alexander
3b007f8bc5 Support transcoding from 10bit to 8bit video. 2025-09-17 19:50:07 -04:00
Tom Alexander
d358e9383e Add noto fonts for ⏵ in nix output monitor. 2025-09-14 12:42:21 -04:00
Tom Alexander
f036ec4b96 Add back duckstation. 2025-09-13 12:28:29 -04:00
Tom Alexander
74ee87a111 Switch to bundled packages to fix build. 2025-09-13 12:00:09 -04:00
Tom Alexander
d0f23c0cb1 Add Spaghetti Kart to the Steam Deck. 2025-09-13 11:28:29 -04:00
Tom Alexander
c72141e070 Install SpaghettiKart. 2025-09-12 19:02:22 -04:00
Tom Alexander
e77c0ed330 Merge branch 'podman' into nix 2025-09-08 21:14:54 -04:00
Tom Alexander
70c2fb694a Switch to podman. 2025-09-08 21:14:41 -04:00
Tom Alexander
b32635fe71 Allow first-party canvas use. 2025-09-07 22:03:38 -04:00
Tom Alexander
b179bee277 Pull in improvements from nixpkgs PR. 2025-09-06 20:32:25 -04:00
Tom Alexander
b1c85417e1 Update to linux 6.16. 2025-09-06 17:39:04 -04:00
Tom Alexander
96ea6c4232 Reduce abmlevel to 2. 
Everything got dimmer in 6.14 so I am reducing the abmlevel.
 2025-09-04 18:51:14 -04:00
Tom Alexander
2a584915e4 Install d2. 2025-09-04 18:51:14 -04:00
Tom Alexander
a6a50d7c22 Add d2 to emacs. 2025-09-04 18:51:14 -04:00
Tom Alexander
edfafd1017 Add latex packages for org export. 2025-09-04 18:51:13 -04:00
Tom Alexander
9adff4ebc1 Add laptop-only entry in shikane. 2025-09-01 18:48:42 -04:00
Tom Alexander
a788879d92 Preserve poetry venvs. 2025-09-01 18:48:38 -04:00
Tom Alexander
955c5963c8 Disable machine learning in firefox. 2025-08-31 22:21:34 -04:00
Tom Alexander
11436c0efe Set vscode navigate backwards to be scoped to the editor. 2025-08-27 20:33:37 -04:00
Tom Alexander
5b487330e1 Use json for talking to nix output monitor. 2025-08-24 17:36:06 -04:00
Tom Alexander
d25e9173dd Merge branch 'amd_s2idle' into nix 2025-08-21 20:30:35 -04:00
Tom Alexander
8bddf10e9d Fix description. 2025-08-21 20:30:23 -04:00
Tom Alexander
64c94e9b06 Add run-time dependencies. 2025-08-17 20:48:35 -04:00
Tom Alexander
c87957b8cb Introduce a cysystemd package. 2025-08-17 20:32:20 -04:00
Tom Alexander
bf419b6f4a Switch to buildPythonApplication. 2025-08-17 19:01:07 -04:00
Tom Alexander
b224a78b89 Add amd_s2idle script for debugging s2idle. 2025-08-17 10:37:51 -04:00
Tom Alexander
748584c78e Merge branch 'copy_files_mixin' into nix 2025-08-10 16:22:19 -04:00
Tom Alexander
64e8903ae4 Remove test code. 2025-08-10 16:19:13 -04:00
Tom Alexander
f4338ec8df Replace uses of home-manager. 2025-08-10 16:12:09 -04:00
Tom Alexander
c947def321 Fix handling ownership of parent directories. 2025-08-10 12:54:34 -04:00
Tom Alexander
f1eaaf12b3 Support separate permissions for containing directories. 2025-08-10 11:52:55 -04:00
Tom Alexander
2b485f7f1d Support recursive. 2025-08-10 11:41:06 -04:00
Tom Alexander
6db8e01309 Honor ownership. 2025-08-09 21:19:13 -04:00
Tom Alexander
03e389195c Filter out blank lines. 2025-08-09 21:01:35 -04:00
Tom Alexander
2c3e5483e9 Centralize the logic for escaping the shell values. 2025-08-09 20:54:54 -04:00
Tom Alexander
6b42a09468 Make the paths relative to the user's home directory. 2025-08-09 20:43:01 -04:00
Tom Alexander
eb5815048f Add a check and uninstall phase. 2025-08-09 20:27:27 -04:00
Tom Alexander
1cb4fa4234 Add support for symlinking. 2025-08-09 20:05:29 -04:00
Tom Alexander
146dc5f79a Switch to nested attrsets. 2025-08-09 19:13:37 -04:00
Tom Alexander
f667c9daa6 Switch to a systemd unit file to remove the need for home-manager. 2025-08-09 11:09:21 -04:00
Tom Alexander
83eaba357f Fix bug where it used the path in the option name rather than the target value inside the option. 2025-08-09 11:09:21 -04:00
Tom Alexander
6284ce8d86 Add method parameter. 2025-08-09 11:09:21 -04:00
Tom Alexander
c26d6f34ea Start a user-specific variant of the install file command. 2025-08-09 11:09:21 -04:00
Tom Alexander
c3f715d010 Add the install_file module from the steam deck config. 2025-08-09 11:09:21 -04:00
Tom Alexander
45514d147c Disable turboboost. 2025-08-09 10:42:20 -04:00
Tom Alexander
aafa880b7c Fix accelerated video decode on chromium. 2025-08-06 22:56:02 -04:00
Tom Alexander
dde8be4d9f Do not update refs when rebasing. 2025-08-06 22:23:16 -04:00
Tom Alexander
03ae8d3b0a Change how we bundle meld into git. 2025-07-19 18:41:57 -04:00
Tom Alexander
03f0721e1f Set up typescript language server and add meld to git. 2025-07-15 22:57:03 -04:00
Tom Alexander
8847063948 Install direnv. 2025-07-13 16:51:58 -04:00
Tom Alexander
399379cea0 Fix eglot rust-analyzer settings. 2025-07-07 19:26:55 -04:00
Tom Alexander
1cdfebf392 Disable cranelift. 
It was causing problems (errors during build) while not providing much benefit for my use-cases.
 2025-07-07 18:44:12 -04:00
Tom Alexander
045fed0748 Fix crashes on shadps4 launch. 2025-07-05 17:08:33 -04:00
Tom Alexander
7fe153bfd3 Update packages. 2025-07-05 10:01:09 -04:00
Tom Alexander
52490457f0 Install shadps4. 2025-06-29 10:22:09 -04:00
Tom Alexander
e5e9bba2a5 Pin old version of linux-firmware to fix wifi on laptop. 2025-06-28 09:47:40 -04:00
Tom Alexander
7ef079afc0 Update to Linux kernel 6.15. 2025-06-28 01:10:47 -04:00
Tom Alexander
a06fece8f1 Update packages. 2025-06-26 23:31:12 -04:00
Tom Alexander
51c7888347 Add dhcpcd for USB tethering and use upstream linux-firmware. 2025-06-23 13:02:10 -04:00
Tom Alexander
7656c30a29 Update packages. 2025-06-22 01:12:03 -04:00
Tom Alexander
929401b359 Switch to memtest86+. 2025-06-22 01:11:41 -04:00
Tom Alexander
16746d58d2 Add a git alias to list the number of commits from each author. 2025-06-20 17:55:06 -04:00
Tom Alexander
82a016ec68 Reduce risk of crashing from savestates. 2025-06-10 17:21:27 -04:00
Tom Alexander
eed2bd4f13 Persist Demon's Souls settings. 2025-06-08 12:08:47 -04:00
Tom Alexander
99f1b1a51b Update packages. 2025-06-01 20:12:34 -04:00
Tom Alexander
99bc8c6d79 Pin the version of linux-firmware. 
New versions of linux-firmware break my wifi on my laptop. I am pinning the firmware version so I can update the rest of my software.
 2025-06-01 20:10:25 -04:00
Tom Alexander
0f2c595538 Perform weekly garbage collects. 2025-06-01 11:21:57 -04:00
148 changed files with 29455 additions and 878 deletions
Expand all files Collapse all files

1
ansible/roles/base/files/gitconfig_home
View File

@@ -8,6 +8,7 @@
lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
bh = log --oneline --branches=* --remotes=* --graph --decorate
amend = commit --amend --no-edit
authorcount = shortlog --summary --numbered --all --no-merges
[core]
excludesfile = ~/.gitignore_global
[commit]

1
ansible/roles/base/files/gitconfig_work
View File

@@ -8,6 +8,7 @@
lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
bh = log --oneline --branches=* --remotes=* --graph --decorate
amend = commit --amend --no-edit
authorcount = shortlog --summary --numbered --all --no-merges
[core]
excludesfile = ~/.gitignore_global
[commit]

2
ansible/roles/sshd/files/keys/yubikey.pub
View File

@@ -1 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky cardno:000611194908
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8

40
nix/configuration/configuration.nix
View File

@@ -2,7 +2,6 @@
config,
lib,
pkgs,
home-manager,
...
}:
@@ -10,16 +9,20 @@
imports = [
./roles/2ship2harkinian
./roles/alacritty
./roles/amd_s2idle
./roles/ansible
./roles/ares
./roles/bluetooth
./roles/boot
./roles/chromecast
./roles/chromium
./roles/d2
./roles/direnv
./roles/distributed_build
./roles/docker
./roles/ecc
./roles/emacs
./roles/emulate_isa
./roles/firefox
./roles/firewall
./roles/flux
@@ -45,18 +48,23 @@
./roles/nix_index
./roles/nix_worker
./roles/nvme
./roles/openpgp_card_tools
./roles/optimized_build
./roles/pcsx2
./roles/podman
./roles/python
./roles/qemu
./roles/reset
./roles/rpcs3
./roles/rust
./roles/sequoia
./roles/shadps4
./roles/shikane
./roles/shipwright
./roles/sm64ex
./roles/sops
./roles/sound
./roles/spaghettikart
./roles/ssh
./roles/steam
./roles/steam_run_free
@@ -64,14 +72,17 @@
./roles/tekton
./roles/terraform
./roles/thunderbolt
./roles/uutils
./roles/vnc_client
./roles/vscode
./roles/wasm
./roles/waybar
./roles/wireguard
./roles/yubikey
./roles/zfs
./roles/zrepl
./roles/zsh
./util/install_files
./util/unfree_polyfill
];
@@ -91,6 +102,7 @@
nix.extraOptions = ''
keep-outputs = true
keep-derivations = true
substitute = false
'';
# Technically only needed when building the ISO because nix detects ZFS in the filesystem list normally. I basically always want this so I'm just setting it to always be on.
@@ -114,36 +126,24 @@
# Generate with `mkpasswd -m scrypt`
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
];
};
users.groups.talexander.gid = 11235;
home-manager.users.talexander =
{ pkgs, ... }:
{
# The state version is required and should stay at the version you
# originally installed.
home.stateVersion = "24.11";
};
home-manager.users.root =
{ pkgs, ... }:
{
# The state version is required and should stay at the version you
# originally installed.
home.stateVersion = "24.11";
};
# Automatic garbage collection
nix.gc = lib.mkIf (!config.me.buildingIso) {
# Runs nix-collect-garbage --delete-older-than 5d
automatic = true;
randomizedDelaySec = "14m";
persistent = true;
dates = "monthly";
# randomizedDelaySec = "14m";
options = "--delete-older-than 30d";
};
nix.settings.auto-optimise-store = !config.me.buildingIso;
nix.settings.substituters = lib.mkForce [ ];
# Use doas instead of sudo
security.doas.enable = true;
@@ -169,7 +169,7 @@
pciutils # for lspci
ripgrep
strace
ltrace
# ltrace # Disabled because it uses more than 48GB of /tmp space during test phase.
trace-cmd # ftrace
tcpdump
git-crypt
@@ -178,7 +178,7 @@
nix-tree
libarchive # bsdtar
lsof
doas-sudo-shim # To support --use-remote-sudo for remote builds
doas-sudo-shim # To support --sudo for remote builds
dmidecode # Read SMBIOS information.
ipcalc
gptfdisk # for cgdisk

155
nix/configuration/flake.lock generated
View File

@@ -1,22 +1,5 @@
{
"nodes": {
"ansible-sshjail": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"path": "flakes/ansible-sshjail",
"type": "path"
},
"original": {
"path": "flakes/ansible-sshjail",
"type": "path"
},
"parent": []
},
"crane": {
"locked": {
"lastModified": 1731098351,
@@ -39,11 +22,11 @@
]
},
"locked": {
"lastModified": 1746729224,
"narHash": "sha256-9R4sOLAK1w3Bq54H3XOJogdc7a6C2bLLmatOQ+5pf5w=",
"lastModified": 1758287904,
"narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=",
"owner": "nix-community",
"repo": "disko",
"rev": "85555d27ded84604ad6657ecca255a03fd878607",
"rev": "67ff9807dd148e704baadbd4fd783b54282ca627",
"type": "github"
},
"original": {
@@ -89,42 +72,6 @@
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
@@ -147,26 +94,6 @@
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1746981801,
"narHash": "sha256-+Bfr0KqZV6gZdA7e2kupeoawozaLIHLuiPtC54uxbFc=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "ff915842e4a2e63c4c8c5c08c6870b9d5b3c3ee9",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": {
"locked": {
"lastModified": 1737831083,
@@ -210,11 +137,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1746663147,
"narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=",
"lastModified": 1759381078,
"narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54",
"rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
"type": "github"
},
"original": {
@@ -224,19 +151,19 @@
"type": "github"
}
},
"nixpkgs-b93b4e9b5": {
"nixpkgs-dda3dcd3f": {
"locked": {
"lastModified": 1713721570,
"narHash": "sha256-R0s+O5UjTePQRb72XPgtkTmEiOOW8n+1q9Gxt/OJnKU=",
"lastModified": 1746663147,
"narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b93b4e9b527904aadf52dba6ca35efde2067cbd4",
"rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b93b4e9b527904aadf52dba6ca35efde2067cbd4",
"rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54",
"type": "github"
}
},
@@ -258,11 +185,11 @@
},
"nixpkgs-unoptimized": {
"locked": {
"lastModified": 1746663147,
"narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=",
"lastModified": 1759381078,
"narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54",
"rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
"type": "github"
},
"original": {
@@ -301,15 +228,12 @@
},
"root": {
"inputs": {
"ansible-sshjail": "ansible-sshjail",
"disko": "disko",
"home-manager": "home-manager",
"impermanence": "impermanence",
"lanzaboote": "lanzaboote",
"nixpkgs": "nixpkgs",
"nixpkgs-b93b4e9b5": "nixpkgs-b93b4e9b5",
"nixpkgs-unoptimized": "nixpkgs-unoptimized",
"zsh-histdb": "zsh-histdb"
"nixpkgs-dda3dcd3f": "nixpkgs-dda3dcd3f",
"nixpkgs-unoptimized": "nixpkgs-unoptimized"
}
},
"rust-overlay": {
@@ -332,53 +256,6 @@
"repo": "rust-overlay",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"zsh-histdb": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"path": "flakes/zsh-histdb",
"type": "path"
},
"original": {
"path": "flakes/zsh-histdb",
"type": "path"
},
"parent": []
}
},
"root": "root",

42
nix/configuration/flake.nix
View File

@@ -31,8 +31,6 @@
#
# doas nix --substituters "http://10.0.2.2:8080?trusted=1 https://cache.nixos.org/" --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount hosts/odo/disk-config.nix
# nix flake update zsh-histdb --flake .
# nix flake update ansible-sshjail --flake .
# for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
# nixos-install --substituters "http://10.0.2.2:8080?trusted=1 https://cache.nixos.org/" --flake ".#vm_ionlybootzfs"
#
@@ -43,28 +41,14 @@
inputs = {
impermanence.url = "github:nix-community/impermanence";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-b93b4e9b5.url = "github:NixOS/nixpkgs/b93b4e9b527904aadf52dba6ca35efde2067cbd4";
nixpkgs-dda3dcd3f.url = "github:NixOS/nixpkgs/dda3dcd3fe03e991015e9a74b22d35950f264a54";
nixpkgs-unoptimized.url = "github:NixOS/nixpkgs/nixos-unstable";
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.2";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
zsh-histdb = {
url = "path:flakes/zsh-histdb";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
ansible-sshjail = {
url = "path:flakes/ansible-sshjail";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
@@ -76,19 +60,16 @@
self,
nixpkgs,
nixpkgs-unoptimized,
nixpkgs-b93b4e9b5,
nixpkgs-dda3dcd3f,
impermanence,
home-manager,
lanzaboote,
zsh-histdb,
ansible-sshjail,
...
}@inputs:
let
base_x86_64_linux = rec {
system = "x86_64-linux";
specialArgs = {
pkgs-b93b4e9b5 = import nixpkgs-b93b4e9b5 {
pkgs-dda3dcd3f = import nixpkgs-dda3dcd3f {
inherit system;
};
pkgs-unoptimized = import nixpkgs-unoptimized {
@@ -99,19 +80,8 @@
};
modules = [
impermanence.nixosModules.impermanence
home-manager.nixosModules.home-manager
lanzaboote.nixosModules.lanzaboote
inputs.disko.nixosModules.disko
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
}
{
nixpkgs.overlays = [
zsh-histdb.overlays.default
ansible-sshjail.overlays.default
];
}
./configuration.nix
];
};
@@ -201,7 +171,7 @@
};
hydra =
let
additional_iso_modules = additional_iso_modules ++ [
hydra_additional_iso_modules = additional_iso_modules ++ [
{
me.optimizations.enable = true;
}
@@ -214,13 +184,13 @@
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
modules = main.modules ++ hydra_additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
modules = main.modules ++ additional_vm_modules ++ hydra_additional_iso_modules;
};
};
ionlybootzfs = rec {

61
nix/configuration/flakes/ansible-sshjail/flake.lock generated
View File

@@ -1,61 +0,0 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735141468,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

34
nix/configuration/flakes/ansible-sshjail/flake.nix
View File

@@ -1,34 +0,0 @@
{
description = "A slightly better history for zsh";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
inputs.flake-utils.url = "github:numtide/flake-utils";
outputs =
{
self,
nixpkgs,
flake-utils,
...
}:
let
out =
system:
let
pkgs = nixpkgs.legacyPackages.${system};
# Maybe pkgs = import nixpkgs { inherit system; }; ?
appliedOverlay = self.overlays.default pkgs pkgs;
in
{
packages = rec {
default = ansible-sshjail;
ansible-sshjail = appliedOverlay.ansible-sshjail;
};
};
in
flake-utils.lib.eachDefaultSystem out
// {
overlays.default = final: prev: {
ansible-sshjail = final.callPackage ./package.nix { };
};
};
}

61
nix/configuration/flakes/zsh-histdb/flake.lock generated
View File

@@ -1,61 +0,0 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735141468,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

34
nix/configuration/flakes/zsh-histdb/flake.nix
View File

@@ -1,34 +0,0 @@
{
description = "A slightly better history for zsh";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
inputs.flake-utils.url = "github:numtide/flake-utils";
outputs =
{
self,
nixpkgs,
flake-utils,
...
}:
let
out =
system:
let
pkgs = nixpkgs.legacyPackages.${system};
# Maybe pkgs = import nixpkgs { inherit system; }; ?
appliedOverlay = self.overlays.default pkgs pkgs;
in
{
packages = rec {
default = zsh-histdb;
zsh-histdb = appliedOverlay.zsh-histdb;
};
};
in
flake-utils.lib.eachDefaultSystem out
// {
overlays.default = final: prev: {
zsh-histdb = final.callPackage ./package.nix { };
};
};
}

4
nix/configuration/hosts/hydra/DEPLOY_BOOT
View File

@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250
TARGET=hydra
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
nixos-rebuild boot --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#hydra'

4
nix/configuration/hosts/hydra/DEPLOY_SWITCH
View File

@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250
TARGET=hydra
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
nixos-rebuild switch --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#hydra'

4
nix/configuration/hosts/hydra/ISO
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.hydra" --max-jobs "$JOBS" "${@}" |& nom
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.hydra" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

13
nix/configuration/hosts/hydra/VM_ISO Executable file
View File

@@ -0,0 +1,13 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#vm_iso.hydra" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
install -m 0644 result/iso/nixos-*-x86_64-linux.iso ~/hydra.iso
unlink ./result

1
nix/configuration/hosts/hydra/default.nix
View File

@@ -24,7 +24,6 @@
imports = [
./disk-config.nix
./hardware-configuration.nix
./optimized_build.nix
./vm_disk.nix
];

4
nix/configuration/hosts/ionlybootzfs/DEPLOY_BOOT
View File

@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250
TARGET="ionlybootzfs"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
nixos-rebuild boot --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#ionlybootzfs'

4
nix/configuration/hosts/ionlybootzfs/DEPLOY_SWITCH
View File

@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250
TARGET=ionlybootzfs
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
nixos-rebuild switch --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#ionlybootzfs'

4
nix/configuration/hosts/ionlybootzfs/ISO
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.ionlybootzfs" --max-jobs "$JOBS" "${@}" |& nom
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.ionlybootzfs" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

4
nix/configuration/hosts/neelix/DEPLOY_BOOT
View File

@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250
TARGET=neelix
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
nixos-rebuild boot --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#neelix'

4
nix/configuration/hosts/neelix/DEPLOY_SWITCH
View File

@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250
TARGET=neelix
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
nixos-rebuild switch --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#neelix'

4
nix/configuration/hosts/odo/DEPLOY_BOOT
View File

@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250
TARGET=odo
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
nixos-rebuild boot --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#odo'

4
nix/configuration/hosts/odo/DEPLOY_SWITCH
View File

@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250
TARGET=odo
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
nixos-rebuild switch --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#odo'

4
nix/configuration/hosts/odo/ISO
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.odo" --max-jobs "$JOBS" "${@}" |& nom
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.odo" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

4
nix/configuration/hosts/odo/SELF_BOOT
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" "${@}" |& nom
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json

4
nix/configuration/hosts/odo/SELF_BUILD
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" "${@}" |& nom
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json

4
nix/configuration/hosts/odo/SELF_SWITCH
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" "${@}" |& nom
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json

197
nix/configuration/hosts/odo/default.nix
View File

@@ -15,102 +15,115 @@
./framework_module.nix
];
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "908cbf04";
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "908cbf04";
networking.hostName = "odo"; # Define your hostname.
networking.hostName = "odo"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = true;
me.secureBoot.enable = true;
me.optimizations = {
enable = true;
arch = "znver4";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
me.optimizations = {
enable = true;
arch = "znver4";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Early KMS
boot.initrd.kernelModules = [ "amdgpu" ];
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
environment.systemPackages = with pkgs; [
fw-ectool
framework-tool
];
# Enable light sensor
# hardware.sensor.iio.enable = lib.mkDefault true;
# Enable TRIM
# services.fstrim.enable = lib.mkDefault true;
me.alacritty.enable = true;
me.amd_s2idle.enable = true;
me.ansible.enable = true;
me.ares.enable = true;
me.bluetooth.enable = true;
me.chromecast.enable = true;
me.chromium.enable = true;
me.d2.enable = true;
me.direnv.enable = true;
me.docker.enable = false;
me.ecc.enable = false;
me.emacs_flavor = "full";
me.emulate_isa.enable = true;
me.firefox.enable = true;
me.flux.enable = true;
me.gcloud.enable = true;
me.git.config = ../../roles/git/files/gitconfig_home;
me.gnuplot.enable = true;
me.gpg.enable = true;
me.graphical = true;
me.graphics_card_type = "amd";
me.iso_mount.enable = true;
me.kanshi.enable = false;
me.kubernetes.enable = true;
me.latex.enable = true;
me.launch_keyboard.enable = true;
me.lvfs.enable = true;
me.media.enable = true;
me.nix_index.enable = true;
me.openpgp_card_tools.enable = true;
me.pcsx2.enable = true;
me.podman.enable = true;
me.python.enable = true;
me.qemu.enable = true;
me.rpcs3.enable = true;
me.rust.enable = true;
me.sequoia.enable = true;
me.shadps4.enable = true;
me.shikane.enable = true;
me.sops.enable = true;
me.sound.enable = true;
me.spaghettikart.enable = true;
me.steam.enable = true;
me.steam_run_free.enable = true;
me.sway.enable = true;
me.tekton.enable = true;
me.terraform.enable = true;
me.thunderbolt.enable = true;
me.uutils.enable = false;
me.vnc_client.enable = true;
me.vscode.enable = true;
me.wasm.enable = true;
me.waybar.enable = true;
me.wireguard.activated = [
"drmario"
"wgh"
"colo"
];
me.wireguard.deactivated = [ "wgf" ];
me.yubikey.enable = true;
me.zrepl.enable = true;
me.zsh.enable = true;
me.sm64ex.enable = true;
me.shipwright.enable = true;
me.ship2harkinian.enable = true;
};
# Early KMS
boot.initrd.kernelModules = [ "amdgpu" ];
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
environment.systemPackages = with pkgs; [
fw-ectool
framework-tool
];
# Enable light sensor
# hardware.sensor.iio.enable = lib.mkDefault true;
# Enable TRIM
# services.fstrim.enable = lib.mkDefault true;
me.alacritty.enable = true;
me.ansible.enable = true;
me.ares.enable = true;
me.bluetooth.enable = true;
me.chromecast.enable = true;
me.chromium.enable = true;
me.docker.enable = true;
me.ecc.enable = true;
me.emacs_flavor = "full";
me.firefox.enable = true;
me.flux.enable = true;
me.gcloud.enable = true;
me.git.config = ../../roles/git/files/gitconfig_home;
me.gnuplot.enable = true;
me.gpg.enable = true;
me.graphical = true;
me.graphics_card_type = "amd";
me.iso_mount.enable = true;
me.kanshi.enable = false;
me.kubernetes.enable = true;
me.latex.enable = true;
me.launch_keyboard.enable = true;
me.lvfs.enable = true;
me.media.enable = true;
me.nix_index.enable = true;
me.pcsx2.enable = true;
me.python.enable = true;
me.qemu.enable = true;
me.rpcs3.enable = true;
me.rust.enable = true;
me.shikane.enable = true;
me.sops.enable = true;
me.sound.enable = true;
me.steam.enable = true;
me.steam_run_free.enable = true;
me.sway.enable = true;
me.tekton.enable = true;
me.terraform.enable = true;
me.thunderbolt.enable = true;
me.vnc_client.enable = true;
me.vscode.enable = true;
me.wasm.enable = true;
me.waybar.enable = true;
me.wireguard.activated = [
"drmario"
"wgh"
"colo"
];
me.wireguard.deactivated = [ "wgf" ];
me.zrepl.enable = true;
me.zsh.enable = true;
me.sm64ex.enable = true;
me.shipwright.enable = true;
me.ship2harkinian.enable = true;
}

18
nix/configuration/hosts/odo/power_management.nix
View File

@@ -20,7 +20,7 @@
# amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds.
# amdgpu.dcdebugmask=0x10 :: Allegedly disables Panel Replay from https://community.frame.work/t/tracking-freezing-arch-linux-amd/39495/32
boot.kernelParams = [
"amdgpu.abmlevel=3"
"amdgpu.abmlevel=2"
"pcie_aspm=force"
# "pcie_aspm.policy=powersupersave"
"nowatchdog"
@@ -47,6 +47,22 @@
"w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpu0/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu1/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu2/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu3/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu4/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu5/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu6/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu7/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu8/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu9/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu10/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu11/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu12/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu13/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu14/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu15/cpufreq/boost - - - - 0"
];
boot.extraModprobeConfig = ''

2
nix/configuration/hosts/odo/screen_brightness.nix
View File

@@ -9,6 +9,6 @@
imports = [ ];
systemd.tmpfiles.rules = [
"w- /sys/class/backlight/amdgpu_bl1/brightness - - - - 85"
"w- /sys/class/backlight/amdgpu_bl1/brightness - - - - 21845"
];
}

4
nix/configuration/hosts/quark/DEPLOY_BOOT
View File

@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250
TARGET=quark
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
nixos-rebuild boot --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#quark'

4
nix/configuration/hosts/quark/DEPLOY_SWITCH
View File

@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250
TARGET=quark
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
nixos-rebuild switch --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#quark'

4
nix/configuration/hosts/quark/ISO
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.quark" --max-jobs "$JOBS" "${@}" |& nom
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.quark" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

4
nix/configuration/hosts/quark/SELF_BOOT
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" "${@}" |& nom
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json

4
nix/configuration/hosts/quark/SELF_BUILD
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" "${@}" |& nom
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json

4
nix/configuration/hosts/quark/SELF_SWITCH
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" "${@}" |& nom
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json

16
nix/configuration/hosts/quark/default.nix
View File

@@ -10,7 +10,6 @@
./distributed_build.nix
./hardware-configuration.nix
./power_management.nix
./wifi.nix
];
config = {
@@ -26,7 +25,7 @@
me.optimizations = {
enable = true;
arch = "znver5";
arch = "znver4";
system_features = [
"gccarch-znver4"
"gccarch-znver5"
@@ -54,14 +53,18 @@
me.rpcs3.config.Core."Use LLVM CPU" = "znver4";
me.alacritty.enable = true;
me.amd_s2idle.enable = true;
me.ansible.enable = true;
me.ares.enable = true;
me.bluetooth.enable = true;
me.chromecast.enable = true;
me.chromium.enable = true;
me.docker.enable = true;
me.d2.enable = true;
me.direnv.enable = true;
me.docker.enable = false;
me.ecc.enable = true;
me.emacs_flavor = "full";
me.emulate_isa.enable = true;
me.firefox.enable = true;
me.flux.enable = true;
me.gcloud.enable = true;
@@ -79,20 +82,26 @@
me.media.enable = true;
me.nix_index.enable = true;
me.nix_worker.enable = true;
me.openpgp_card_tools.enable = true;
me.pcsx2.enable = true;
me.podman.enable = true;
me.python.enable = true;
me.qemu.enable = true;
me.rpcs3.enable = true;
me.rust.enable = true;
me.sequoia.enable = true;
me.shadps4.enable = true;
me.shikane.enable = true;
me.sops.enable = true;
me.sound.enable = true;
me.spaghettikart.enable = true;
me.steam.enable = true;
me.steam_run_free.enable = true;
me.sway.enable = true;
me.tekton.enable = true;
me.terraform.enable = true;
me.thunderbolt.enable = true;
me.uutils.enable = false;
me.vnc_client.enable = true;
me.vscode.enable = true;
me.wasm.enable = true;
@@ -103,6 +112,7 @@
"colo"
];
me.wireguard.deactivated = [ "wgf" ];
me.yubikey.enable = true;
me.zrepl.enable = true;
me.zsh.enable = true;

16
nix/configuration/hosts/quark/wifi.nix
View File

@@ -1,16 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = {
environment.loginShellInit = lib.mkIf (!config.me.buildingIso) ''
doas iw dev wlan0 set power_save off
'';
};
}

10
nix/configuration/roles/alacritty/default.nix
View File

@@ -24,13 +24,11 @@
xdg-utils # for xdg-open
];
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".config/alacritty/alacritty.toml" = {
source = ./files/alacritty.toml;
};
me.install.user.talexander.file = {
".config/alacritty/alacritty.toml" = {
source = ./files/alacritty.toml;
};
};
})
]
);

48
nix/configuration/roles/amd_s2idle/cysystemd.nix Normal file
View File

@@ -0,0 +1,48 @@
{
lib,
pkgs,
buildPythonPackage,
fetchFromGitHub,
pythonOlder,
cython,
pkg-config,
setuptools,
}:
let
version = "1.6.3";
in
buildPythonPackage {
pname = "cysystemd";
inherit version;
pyproject = true;
src = fetchFromGitHub {
owner = "mosquito";
repo = "cysystemd";
tag = version;
hash = "sha256-xumrQgoKfFeKdRQUIYXXiXEcNd76i4wo/EIDm8BN7oU=";
};
disabled = pythonOlder "3.6";
build-system = [
setuptools
cython
];
nativeBuildInputs = [
pkg-config
];
buildInputs = [ pkgs.systemd ];
pythonImportsCheck = [ "cysystemd" ];
meta = {
description = "systemd wrapper on Cython";
homepage = "https://github.com/mosquito/cysystemd";
license = lib.licenses.asl20;
platforms = lib.platforms.linux;
};
}

47
nix/configuration/roles/amd_s2idle/default.nix Normal file
View File

@@ -0,0 +1,47 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
amd_s2idle.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install amd_s2idle.";
};
};
config = lib.mkIf config.me.amd_s2idle.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
amd-debug-tools
];
nixpkgs.overlays = [
(
final: prev:
let
innerPackage = (final.callPackage ./package.nix { });
in
{
amd-debug-tools = innerPackage;
}
)
(final: prev: {
pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
(python-final: python-prev: {
cysystemd = (python-final.callPackage ./cysystemd.nix { });
})
];
})
];
}
]
);
}

60
nix/configuration/roles/amd_s2idle/package.nix Normal file
View File

@@ -0,0 +1,60 @@
{
lib,
fetchgit,
python3Packages,
acpica-tools,
ethtool,
libdisplay-info,
}:
let
version = "0.2.8";
in
python3Packages.buildPythonApplication {
pname = "amd-debug-tools";
inherit version;
pyproject = true;
build-system = with python3Packages; [
pyudev
setuptools
setuptools-git
setuptools-git-versioning
];
dependencies = with python3Packages; [
acpica-tools
cysystemd
dbus-fast
ethtool
jinja2
libdisplay-info
matplotlib
pandas
pyudev
seaborn
tabulate
];
src = fetchgit {
url = "https://git.kernel.org/pub/scm/linux/kernel/git/superm1/amd-debug-tools.git";
tag = version;
hash = "sha256-EmXsW7Q5WMFL32LWr29W3GnGpw5aj53wlp9KbFV1r0Q=";
leaveDotGit = true;
};
disabled = python3Packages.pythonOlder "3.7";
postPatch = ''
substituteInPlace pyproject.toml \
--replace-fail ', "setuptools-git-versioning>=2.0,<3"' ""
'';
pythonImportsCheck = [ "amd_debug" ];
meta = {
description = "Debug tools for AMD zen systems";
homepage = "https://git.kernel.org/pub/scm/linux/kernel/git/superm1/amd-debug-tools.git/";
changelog = "https://git.kernel.org/pub/scm/linux/kernel/git/superm1/amd-debug-tools.git/tag/?h=${version}";
license = lib.licenses.mit;
platforms = lib.platforms.linux;
};
}

3
nix/configuration/roles/ansible/default.nix
View File

@@ -25,6 +25,9 @@
];
nixpkgs.overlays = [
(final: prev: {
ansible-sshjail = (final.callPackage ./package/ansible-sshjail/package.nix { });
})
(final: prev: {
ansible = pkgs.symlinkJoin {
name = "ansible";

0
nix/configuration/flakes/ansible-sshjail/package.nix → nix/configuration/roles/ansible/package/ansible-sshjail/package.nix
View File

16
nix/configuration/roles/chromium/default.nix
View File

@@ -22,7 +22,7 @@
{ }
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
(chromium.override { enableWideVine = true; })
chromium
];
allowedUnfree = [
"chromium"
@@ -57,8 +57,18 @@
};
};
# Enabling vulkan causes video to render as white
# nixpkgs.config.chromium.commandLineArgs = "--enable-features=Vulkan";
nixpkgs.overlays = [
(final: prev: {
chromium = prev.chromium.override {
enableWideVine = true;
commandLineArgs = [
"--enable-features=VaapiVideoDecoder,VaapiIgnoreDriverChecks,Vulkan,DefaultANGLEVulkan,VulkanFromANGLE,AcceleratedVideoEncoder"
# Enabling vulkan causes video to render as white
# "--enable-features=Vulkan";
];
};
})
];
})
]
);

29
nix/configuration/roles/d2/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
d2.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install d2.";
};
};
config = lib.mkIf config.me.d2.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
d2
];
}
]
);
}

55
nix/configuration/roles/direnv/default.nix Normal file
View File

@@ -0,0 +1,55 @@
{
config,
lib,
pkgs,
...
}:
let
direnv_zsh_hook = pkgs.writeTextFile {
name = "direnv_zsh_hook.zsh";
text = ''
eval "$(direnv hook zsh)"
'';
};
in
{
imports = [ ];
options.me = {
direnv.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install direnv.";
};
};
config = lib.mkIf config.me.direnv.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
direnv
nix-direnv
];
me.zsh.includes = [ direnv_zsh_hook ];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
# List of allowed directories from `direnv allow`.
directory = ".local/share/direnv";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
}
]
);
}

11
nix/configuration/roles/distributed_build/default.nix
View File

@@ -58,12 +58,13 @@ in
];
maxJobs = 1;
supportedFeatures = [
# "nixos-test"
"nixos-test"
"benchmark"
"big-parallel"
# "kvm"
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"gccarch-skylake"
"gccarch-znver4"
];
}
@@ -86,12 +87,16 @@ in
];
maxJobs = 1;
supportedFeatures = [
# "nixos-test"
"gccarch-armv6"
"gccarch-aarch64"
"gccarch-riscv64"
"nixos-test"
"benchmark"
"big-parallel"
# "kvm"
"kvm"
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"gccarch-skylake"
"gccarch-znver4"
"gccarch-znver5"
];

8
nix/configuration/roles/docker/default.nix
View File

@@ -19,6 +19,14 @@
config = lib.mkIf config.me.docker.enable (
lib.mkMerge [
{
assertions = [
{
assertion = !config.me.podman.enable;
message = "docker conflicts with podman";
}
];
}
{
virtualisation.docker.enable = true;
# Use docker activation

16
nix/configuration/roles/emacs/default.nix
View File

@@ -131,8 +131,10 @@ in
final.cmake-language-server
final.cmake # Used by cmake-language-server
final.rust-analyzer
final.nodePackages_latest.prettier # Format yaml, json, and JS
final.prettier # Format yaml, json, and JS
final.terraform-ls
final.typescript-language-server
final.tex
]
}
'';
@@ -140,14 +142,12 @@ in
})
];
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".config/emacs" = {
source = ./files/emacs;
recursive = true;
};
me.install.user.talexander.file = {
".config/emacs" = {
source = ./files/emacs;
recursive = true;
};
};
})
(lib.mkIf (config.me.emacs_flavor == "plainmacs") {
nixpkgs.overlays = [

15
nix/configuration/roles/emacs/files/emacs/elisp/base.el
View File

@@ -6,11 +6,13 @@
)
(use-package auto-package-update
:ensure t
:config
(setq auto-package-update-delete-old-versions t
auto-package-update-interval 14)
(auto-package-update-maybe))
:ensure t
:custom
(auto-package-update-interval 14)
(auto-package-update-delete-old-versions t)
:config
(auto-package-update-maybe)
)
(defun assert-directory (p)
(unless (file-exists-p p) (make-directory p t))
@@ -110,9 +112,6 @@
;; (setq-default fringes-outside-margins t)
;; Per-pixel scrolling instead of per-line
(pixel-scroll-precision-mode)
;; Typed text replaces selection
(delete-selection-mode)

16
nix/configuration/roles/emacs/files/emacs/elisp/lang-d2.el Normal file
View File

@@ -0,0 +1,16 @@
(defun d2-format-buffer ()
"Run prettier."
(interactive)
(run-command-on-buffer "d2" "fmt" "-")
)
(use-package d2-mode
:commands (d2-mode)
:hook (
(d2-mode . (lambda ()
;; (add-hook 'before-save-hook 'd2-format-buffer nil 'local)
))
)
)
(provide 'lang-d2)

10
nix/configuration/roles/emacs/files/emacs/elisp/lang-javascript.el
View File

@@ -1,6 +1,12 @@
(require 'common-lsp)
(require 'util-tree-sitter)
(defun js-format-buffer ()
"Run prettier."
(interactive)
(run-command-on-buffer "prettier" "--stdin-filepath" buffer-file-name)
)
(use-package json-ts-mode
:ensure nil
:pin manual
@@ -113,10 +119,14 @@
("\\.js\\'" . js-ts-mode)
)
:commands (js-ts-mode)
:custom (
(js-indent-level 2)
)
:hook (
(js-ts-mode . (lambda ()
(when-linux
(eglot-ensure)
(add-hook 'before-save-hook 'js-format-buffer nil 'local)
)
))
)

4
nix/configuration/roles/emacs/files/emacs/elisp/lang-org.el
View File

@@ -87,4 +87,8 @@
(use-package gnuplot)
(use-package graphviz-dot-mode)
(use-package htmlize
;; For syntax highlighting when exporting to HTML.
)
(provide 'lang-org)

2
nix/configuration/roles/emacs/files/emacs/elisp/lang-rust.el
View File

@@ -46,7 +46,7 @@
(when rust-analyzer-command
;; (add-to-list 'eglot-server-programs `(rust-ts-mode . (,rust-analyzer-command)))
(add-to-list 'eglot-server-programs `(rust-ts-mode . (,rust-analyzer-command :initializationOptions (:imports (:granularity (:enforce t :group "item")
:merge (:glob nil)
:merge (:glob :json-false)
:prefix "self")
))))
)

2
nix/configuration/roles/emacs/files/emacs/init.el
View File

@@ -40,4 +40,6 @@
(require 'lang-cmake)
(require 'lang-d2)
(load-directory autoload-directory)

41
nix/configuration/roles/emulate_isa/default.nix Normal file
View File

@@ -0,0 +1,41 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
emulate_isa.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to enable emulating other CPU architectures.";
};
};
config = lib.mkIf config.me.emulate_isa.enable (
lib.mkMerge [
{
boot.binfmt.emulatedSystems = [
"aarch64-linux" # Raspberry Pi gen 3
"riscv64-linux"
# TODO: Should "x86_64-linux" be in this list or should this list be dependent on the host CPU?
"armv6l-linux" # Raspberry Pi gen 1
];
me.optimizations = {
system_features = [
"gccarch-armv6"
"gccarch-aarch64"
"gccarch-riscv64"
];
};
}
]
);
}
# NOTE: build nixosConfigurations.<name>.config.system.build.sdImage

5
nix/configuration/roles/firefox/default.nix
View File

@@ -70,9 +70,12 @@
# Allow sending dark mode preference to websites.
# Allow sending timezone to websites.
"privacy.fingerprintingProtection.overrides" =
"+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked";
"+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt";
# Disable weather on new tab page
"browser.newtabpage.activity-stream.showWeather" = false;
# Disable AI stuff that wastes battery life
"browser.ml.chat.enabled" = false;
"browser.ml.enabled" = false;
};
# Check about:policies#documentation and https://mozilla.github.io/policy-templates/ for options.
policies = {

1
nix/configuration/roles/fonts/default.nix
View File

@@ -15,6 +15,7 @@
cascadia-code
source-sans-pro
source-serif-pro
noto-fonts
noto-fonts-cjk-sans
noto-fonts-cjk-serif
noto-fonts-color-emoji

106
nix/configuration/roles/git/default.nix
View File

@@ -5,6 +5,18 @@
...
}:
let
git_wrapped =
package: prog:
pkgs.writeShellScriptBin "${prog}" ''
export PATH="${
lib.makeBinPath [
pkgs.meld
]
}:$PATH"
exec ${package}/bin/${prog} "''${@}"
'';
in
{
imports = [ ];
@@ -20,66 +32,48 @@
config = lib.mkMerge [
{
environment.systemPackages = with pkgs; [
git
my_git
];
}
(lib.mkIf (config.me.git.config != null) {
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".gitconfig" = {
source = config.me.git.config;
};
me.install.user.talexander.file = {
".gitconfig" = {
source = config.me.git.config;
};
};
})
(lib.mkIf (config.me.graphical) {
nixpkgs.overlays = [
(final: prev: {
my_git = (
pkgs.buildEnv {
name = prev.git.name;
version = prev.git.version;
paths =
(builtins.map (git_wrapped prev.git) [
"git"
])
++ [
prev.git
];
extraOutputsToInstall = [
"man"
"doc"
"info"
];
nativeBuildInputs = [ final.makeWrapper ];
ignoreCollisions = true;
}
);
})
];
})
(lib.mkIf (!config.me.graphical) {
nixpkgs.overlays = [
(final: prev: {
my_git = prev.git;
})
];
})
# (lib.mkIf (config.me.graphical) {
# nixpkgs.overlays = [
# (final: prev: {
# git = pkgs.buildEnv {
# name = prev.git.name;
# paths = [
# prev.git
# ];
# extraOutputsToInstall = [
# "man"
# "doc"
# "info"
# ];
# buildInputs = [ final.makeWrapper ];
# postBuild = ''
# wrapProgram $out/bin/git --prefix PATH : ${
# lib.makeBinPath [
# final.meld
# ]
# }
# '';
# };
# })
# ];
# })
# (lib.mkIf (!config.me.graphical) {
# nixpkgs.overlays = [
# (final: prev: {
# git = pkgs.buildEnv {
# name = prev.git.name;
# paths = [
# prev.git
# ];
# extraOutputsToInstall = [
# "man"
# "doc"
# "info"
# ];
# buildInputs = [ final.makeWrapper ];
# postBuild = ''
# wrapProgram $out/bin/git --prefix PATH : ${
# lib.makeBinPath [
# ]
# }
# '';
# };
# })
# ];
# })
];
}

9
nix/configuration/roles/git/files/gitconfig_home
View File

@@ -1,13 +1,14 @@
[user]
email = tom@fizz.buzz
name = Tom Alexander
signingkey = D3A179C9A53C0EDE
signingkey = 36C99E8B3C39D85F
[push]
default = simple # (default since 2.0)
[alias]
lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
bh = log --oneline --branches=* --remotes=* --graph --decorate
amend = commit --amend --no-edit
authorcount = shortlog --summary --numbered --all --no-merges
[core]
excludesfile = ~/.gitignore_global
[commit]
@@ -50,4 +51,8 @@
[rebase]
autoSquash = true
autoStash = true
updateRefs = true
# updateRefs was annoying when you want to split a branch in two by rebasing away from commits from one branch and rebasing away some commits from another branch.
updateRefs = false
# Disabled because ephemeral pin storage is not yet ready in openpgp-card-state
# [gpg]
# program = oct-git

73
nix/configuration/roles/gpg/default.nix
View File

@@ -29,9 +29,7 @@ in
lib.mkMerge [
{
# Fetch public keys:
# gpg --locate-keys tom@fizz.buzz
#
# gpg -vvv --auto-key-locate local,wkd --locate-keys tom@fizz.buzz
# gpg --locate-external-keys tom@fizz.buzz
hardware.gpgSmartcards.enable = true;
services.udev.packages = [
@@ -47,35 +45,64 @@ in
})
];
services.pcscd.enable = true;
# services.gnome.gnome-keyring.enable = true;
# services.dbus.packages = [ pkgs.gcr ];
# services.pcscd.plugins = lib.mkForce [ ];
# programs.gpg.scdaemonSettings = {
# disable-ccid = true;
# };
# .gnupg/scdaemon.conf
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".gnupg/scdaemon.conf" = {
source = ./files/scdaemon.conf;
};
me.install.user.talexander.file = {
".gnupg/scdaemon.conf" = {
source = ./files/scdaemon.conf;
};
};
# programs.gnupg.dirmngr.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-qt;
# Settings block populates /etc/gnupg/gpg-agent.conf
# settings = {
# disable-ccid = true;
# };
};
# Disabled because it breaks signing git commits because gpg wants to copy pubring.kbx. Unfortunately, this makes the install of scdaemon.conf do nothing since this mount of the full .gnupg directory goes over it.
#
# environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
# hideMounts = true;
# users.talexander = {
# files = [
# {
# file = ".gnupg/trustdb.gpg";
# parentDirectory = {
# mode = "u=rwx,g=,o=";
# };
# }
# {
# file = ".gnupg/pubring.kbx";
# parentDirectory = {
# mode = "u=rwx,g=,o=";
# };
# }
# {
# file = ".gnupg/tofu.db";
# parentDirectory = {
# mode = "u=rwx,g=,o=";
# };
# }
# ];
# directories = [
# {
# directory = ".gnupg/crls.d";
# user = "talexander";
# group = "talexander";
# mode = "0700";
# }
# {
# directory = ".gnupg/private-keys-v1.d";
# user = "talexander";
# group = "talexander";
# mode = "0700";
# }
# ];
# };
# };
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
@@ -85,7 +112,7 @@ in
user = "talexander";
group = "talexander";
mode = "0700";
} # Local keyring
}
];
};
};
@@ -93,8 +120,6 @@ in
environment.systemPackages = with pkgs; [
pcsclite
pcsctools
yubikey-personalization
yubikey-manager
glibcLocales
ccid
libusb-compat-0_1

3
nix/configuration/roles/gpg/files/gpg_test_wkd.bash
View File

@@ -6,3 +6,6 @@ IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
gpg --no-default-keyring --keyring /tmp/gpg-$$ --auto-key-locate clear,wkd --locate-keys "${@}"
# To generate files for the WKD:
# gpg-wks-client --directory ./pgp/.well-known/openpgpkey --install-key <keyid> <email>

3
nix/configuration/roles/gpg/files/scdaemon.conf
View File

@@ -1,6 +1,9 @@
#reader-port Yubico Yubi
disable-ccid
# This setting enables other backends like oct to access the pgp card simultaneously but it also means that gpg will ask for the pin for EVERY ssh session which is annoying in scripts.
#pcsc-shared
#log-file /home/talexander/scd.log
#verbose
#debug cardio

12
nix/configuration/roles/kanshi/default.nix
View File

@@ -41,15 +41,11 @@ in
exec_kanshi
];
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file = {
".config/kanshi/config" = {
source = ./files/config_kanshi;
};
};
me.install.user.talexander.file = {
".config/kanshi/config" = {
source = ./files/config_kanshi;
};
};
})
]
);

20
nix/configuration/roles/kodi/default.nix
View File

@@ -51,7 +51,7 @@
# Generate with `mkpasswd -m scrypt`
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
];
@@ -78,21 +78,13 @@
};
};
home-manager.users.kodi =
{ pkgs, ... }:
{
# home.file.".kodi/userdata/mediasources.xml".source = ./files/mediasources.xml;
# home.file.".kodi/userdata/mediasources.xml".source = ./files/mediasources.xml;
# home.file.".kodi/userdata/addon_data/peripheral.joystick/resources/buttonmaps/xml/linux/DualSense_Wireless_Controller_13b_8a.xml".source =
# ./files/DualSense_Wireless_Controller_13b_8a.xml;
# home.file.".kodi/userdata/addon_data/peripheral.joystick/resources/buttonmaps/xml/linux/DualSense_Wireless_Controller_13b_8a.xml".source =
# ./files/DualSense_Wireless_Controller_13b_8a.xml;
# TODO: Maybe .kodi/userdata/sources.xml
# TODO: ./userdata/guisettings.xml:303: <setting id="filecache.memorysize">128</setting>
# The state version is required and should stay at the version you
# originally installed.
home.stateVersion = "24.11";
};
# TODO: Maybe .kodi/userdata/sources.xml
# TODO: ./userdata/guisettings.xml:303: <setting id="filecache.memorysize">128</setting>
})
]
);

45
nix/configuration/roles/latex/default.nix
View File

@@ -5,22 +5,6 @@
...
}:
let
tex = (
pkgs.texlive.combine {
inherit (pkgs.texlive)
scheme-basic
dvisvgm
dvipng # for preview and export as html in org-mode
wrapfig
amsmath
ulem
hyperref
capt-of
;
}
);
in
{
imports = [ ];
@@ -40,6 +24,35 @@ in
tex
];
}
{
nixpkgs.overlays = [
(final: prev: {
tex = (
pkgs.texlive.combine {
inherit (pkgs.texlive)
scheme-basic
dvisvgm
dvipng # for preview and export as html in org-mode
wrapfig
amsmath
ulem
hyperref
capt-of
svg # emacs org-mode pdf export
catchfile # emacs org-mode pdf export
xcolor # emacs org-mode pdf export
transparent # emacs org-mode pdf export
pgf # emacs org-mode pdf export
minted # emacs org-mode pdf export code block highlighting
upquote # emacs org-mode pdf export
lineno # emacs org-mode pdf export
;
}
);
})
];
}
]
);
}

10
nix/configuration/roles/media/default.nix
View File

@@ -52,13 +52,11 @@ in
imv
];
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".config/mpv/mpv.conf" = {
source = ./files/mpv.conf;
};
me.install.user.talexander.file = {
".config/mpv/mpv.conf" = {
source = ./files/mpv.conf;
};
};
})
(lib.mkIf (config.me.graphics_card_type == "amd" || config.me.graphics_card_type == "intel") {
environment.systemPackages = with pkgs; [

2
nix/configuration/roles/media/files/cast_file_vaapi
View File

@@ -123,11 +123,13 @@ function convert {
if [ "$acceleration_type" == "software" ]; then
args+=(-c:v h264)
args+=(-profile:v high)
args+=(-vf format=yuv420p)
args+=(-b:v "$VIDEO_BITRATE")
elif [ "$acceleration_type" == "hardware" ]; then
args+=(-vf 'format=nv12|vaapi,hwupload')
args+=(-c:v h264_vulkan)
args+=(-profile:v high)
args+=(-vf format=yuv420p)
args+=(-b:v "$VIDEO_BITRATE")
fi
elif [ "$codec" == "av1" ]; then

14
nix/configuration/roles/memtest86/default.nix
View File

@@ -8,10 +8,14 @@
{
imports = [ ];
config = lib.mkMerge [
{ }
(lib.mkIf (config.me.buildingIso) {
# boot.loader.systemd-boot.memtest86.enable = true;
boot.loader.grub.memtest86.enable = true;
})
{
environment.systemPackages = with pkgs; [
memtest86plus
];
}
# (lib.mkIf (config.me.buildingIso) {
# boot.loader.systemd-boot.memtest86.enable = true;
# boot.loader.grub.memtest86.enable = true;
# })
];
}

40
nix/configuration/roles/network/default.nix
View File

@@ -2,6 +2,7 @@
config,
lib,
pkgs,
pkgs-dda3dcd3f,
...
}:
@@ -54,8 +55,20 @@
General = {
EnableNetworkConfiguration = true;
AddressRandomization = "network";
ControlPortOverNL80211 = false;
};
# Rank = {
# BandModifier2_4GHz = 1.0;
# BandModifier5GHz = 1.0;
# BandModifier6GHz = 1.0;
# };
DriverQuirks = {
PowerSaveDisable = "*";
# ath12k_pci
};
# Scan = {
# DisablePeriodicScan = true;
# DisableRoamingScan = true;
# };
};
};
environment.systemPackages = with pkgs; [
@@ -64,6 +77,7 @@
ldns # for drill
arp-scan # To find devices on the network
wavemon
dhcpcd # For Android USB tethering.
];
boot.extraModprobeConfig = ''
@@ -91,4 +105,28 @@
# This is enabled by default in nixos.
# "net.ipv6.conf.default.use_tempaddr" = 2;
};
# nixpkgs.overlays = [
# (final: prev: {
# inherit (pkgs-dda3dcd3f)
# linux-firmware
# ;
# })
# ];
# nixpkgs.overlays = [
# (final: prev: {
# linux-firmware = prev.linux-firwmare.overrideAttrs (old: rec {
# version = "20250917";
# src = final.fetchFromGitLab {
# owner = "kernel-firmware";
# repo = "linux-firmware";
# tag = version;
# hash = "sha256-tecFB6WYEfBK9FB7Rv8nHLdefIoaFnHrpzXBl+iSd08=";
# };
# });
# })
# ];
}

2
nix/configuration/roles/nix_worker/default.nix
View File

@@ -43,7 +43,7 @@
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [
# Normal keys:
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
# Key for nix to connect:

49
nix/configuration/roles/openpgp_card_tools/default.nix Normal file
View File

@@ -0,0 +1,49 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./openpgp-card-ssh-agent.nix
];
options.me = {
openpgp_card_tools.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install openpgp-card-tools.";
};
};
config = lib.mkIf config.me.openpgp_card_tools.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
openpgp-card-tools
openpgp-card-tool-git
openpgp-card-ssh-agent
];
nixpkgs.overlays = [
(final: prev: {
openpgp-card-tool-git = (final.callPackage ./package/openpgp-card-tool-git/package.nix { });
openpgp-card-ssh-agent = (final.callPackage ./package/openpgp-card-ssh-agent/package.nix { });
})
];
me.install.user.talexander.file = {
".config/openpgp-card-state/config.toml" = {
source = ./files/openpgp-card-state.toml;
};
};
# The current openpgp-card-ssh-agent has an outdated dependency on openpgp-card-state which makes it not handle my current openpgp-card-state.toml
# services.openpgp-card-ssh-agent.enable = true;
}
]
);
}

1
nix/configuration/roles/openpgp_card_tools/files/openpgp-card-state.toml Normal file
View File

@@ -0,0 +1 @@
default_pin_storage = "Pinentry"

94
nix/configuration/roles/openpgp_card_tools/openpgp-card-ssh-agent.nix Normal file
View File

@@ -0,0 +1,94 @@
# Upstream to nixpkgs/nixos/modules/services/networking/ssh/openpgp-card-ssh-agent.nix
{
config,
lib,
pkgs,
...
}:
let
inherit (lib)
mkIf
mkOption
mkEnableOption
mkPackageOption
mkDefault
types
concatMapStringsSep
generators
;
cfg = config.services.openpgp-card-ssh-agent;
in
{
options.services.openpgp-card-ssh-agent = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Whether to start openpgp-card-ssh-agent when you log in.
Also sets SSH_AUTH_SOCK to point at openpgp-card-ssh-agent.
'';
};
package = mkPackageOption pkgs "openpgp-card-ssh-agent" { };
};
config = mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
systemd.user.sockets.openpgp-card-ssh-agent = {
wantedBy = [ "sockets.target" ];
description = "A simple ssh-agent backed by OpenPGP card authentication keys";
documentation = [
"https://codeberg.org/openpgp-card/ssh-agent"
"man:ssh-add(1)"
"man:ssh-agent(1)"
"man:ssh(1)"
];
socketConfig = {
ListenStream = "%t/openpgp-card/ssh-agent.sock";
SocketMode = "0600";
DirectoryMode = "0700";
};
};
systemd.user.services.openpgp-card-ssh-agent = {
description = "A simple ssh-agent backed by OpenPGP card authentication keys";
documentation = [
"https://codeberg.org/openpgp-card/ssh-agent"
"man:ssh-add(1)"
"man:ssh-agent(1)"
"man:ssh(1)"
];
after = [ "local-fs.target" ];
requires = [
"openpgp-card-ssh-agent.socket"
# "gnome-keyring-daemon.service"
];
serviceConfig = {
ExecStart = ''
${cfg.package}/bin/openpgp-card-ssh-agent -H fd://
'';
};
};
environment.extraInit = ''
if [ -z "$SSH_AUTH_SOCK" ] && [ -n "$XDG_RUNTIME_DIR" ]; then
export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/openpgp-card/ssh-agent.sock"
fi
'';
assertions = [
{
assertion = cfg.enable -> !config.programs.ssh.startAgent;
message = "You can't use ssh-agent and GnuPG agent with SSH support enabled at the same time!";
}
{
assertion = cfg.enable -> !config.programs.gnupg.agent.enableSSHSupport;
message = "You can't use GnuPG agent with SSH support enabled and openpgp-card-ssh-agent at the same time!";
}
];
};
}

52
nix/configuration/roles/openpgp_card_tools/package/openpgp-card-ssh-agent/package.nix Normal file
View File

@@ -0,0 +1,52 @@
{
lib,
rustPlatform,
fetchFromGitea,
pkg-config,
pcsclite,
dbus,
openssl,
testers,
openpgp-card-ssh-agent,
}:
rustPlatform.buildRustPackage rec {
pname = "openpgp-card-ssh-agent";
version = "0.3.4";
src = fetchFromGitea {
domain = "codeberg.org";
owner = "openpgp-card";
repo = "ssh-agent";
rev = "v${version}";
hash = "sha256-nWbvEsVa7YJsBtVZfLQDB4CiaHP3GEYeYS32+WZv8PE=";
};
cargoHash = "sha256-nG7xebypXv7UAfu7sWbcp4DIhLv4lfzMrQUY6m2iDmw=";
nativeBuildInputs = [
pkg-config
];
buildInputs = [
openssl
pcsclite
dbus
];
passthru = {
tests.version = testers.testVersion {
package = openpgp-card-ssh-agent;
};
};
meta = with lib; {
description = "An ssh agent that uses OpenPGP cards for your key";
homepage = "https://codeberg.org/openpgp-card/ssh-agent";
license = with licenses; [
asl20 # OR
mit
];
mainProgram = "openpgp-card-ssh-agent";
};
}

54
nix/configuration/roles/openpgp_card_tools/package/openpgp-card-tool-git/package.nix Normal file
View File

@@ -0,0 +1,54 @@
{
lib,
rustPlatform,
fetchFromGitea,
pkg-config,
pcsclite,
dbus,
openssl,
sqlite,
testers,
openpgp-card-tool-git,
}:
rustPlatform.buildRustPackage rec {
pname = "openpgp-card-tool-git";
version = "0.1.6";
src = fetchFromGitea {
domain = "codeberg.org";
owner = "openpgp-card";
repo = "oct-git";
rev = "v${version}";
hash = "sha256-38/JHzCkL3+0IbOacH54A5Hj03oDe9jDzcwp672a8LE=";
};
cargoHash = "sha256-j1Osj2rjLxrSKh82ym6PiIHVO1wLE7Ax2/5+pdRcv+E=";
nativeBuildInputs = [
pkg-config
];
buildInputs = [
openssl
pcsclite
dbus
sqlite
];
passthru = {
tests.version = testers.testVersion {
package = openpgp-card-tool-git;
};
};
meta = with lib; {
description = "Tool for using OpenPGP cards with git";
homepage = "https://codeberg.org/openpgp-card/oct-git";
license = with licenses; [
asl20 # OR
mit
];
mainProgram = "oct-git";
};
}

38
nix/configuration/roles/optimized_build/default.nix
View File

@@ -47,7 +47,7 @@
(lib.mkIf (!config.me.optimizations.enable) (
lib.mkMerge [
{
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_14;
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_16;
}
]
))
@@ -94,44 +94,14 @@
HZ = lib.kernel.freeform "300";
HZ_300 = lib.kernel.yes;
HZ_1000 = lib.kernel.no;
} prev.linux_6_14;
} prev.linux_6_16;
}
)
(final: prev: {
haskellPackages = prev.haskellPackages.extend (
final': prev': {
inherit (pkgs-unoptimized.haskellPackages)
crypto-token
crypton
crypton-connection
crypton-x509
crypton-x509-store
crypton-x509-system
crypton-x509-validation
hspec-wai
http-client-tls
http2
pandoc
pandoc-cli
pandoc-lua-engine
pandoc-server
servant-server
tls
tls-session-manager
wai-app-static
wai-extra
warp
warp-tls
;
}
);
})
(final: prev: {
inherit (pkgs-unoptimized)
gsl
redis
valkey
nix-serve-ng
rapidjson
assimp
;
})
];

10
nix/configuration/roles/pcsx2/default.nix
View File

@@ -82,13 +82,11 @@
};
};
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".config/PCSX2/inis/PCSX2.ini" = {
source = ./files/PCSX2.ini;
};
me.install.user.talexander.file = {
".config/PCSX2/inis/PCSX2.ini" = {
source = ./files/PCSX2.ini;
};
};
})
]
);

80
nix/configuration/roles/podman/default.nix Normal file
View File

@@ -0,0 +1,80 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
podman.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install podman.";
};
};
config = lib.mkIf config.me.podman.enable (
lib.mkMerge [
{
assertions = [
{
assertion = !config.me.docker.enable;
message = "podman conflicts with docker";
}
];
}
{
environment.systemPackages = with pkgs; [
dive
podman-tui
podman-compose
];
# Write config files in /etc/containers
virtualisation.containers.enable = true;
# By default this includes "quay.io" which leads to prompting for which registry to download from.
virtualisation.containers.registries.search = [ "docker.io" ];
virtualisation = {
podman = {
enable = true;
# Install docker shim
dockerCompat = true;
# Support name resolution in podman-compose.
defaultNetwork.settings.dns_enabled = true;
};
};
environment.variables = {
# For compatibility with tools expecting a docker socket (like dive).
DOCKER_HOST = "unix://$XDG_RUNTIME_DIR/podman/podman.sock";
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
{
directory = "/var/lib/containers";
user = "root";
group = "root";
mode = "0755";
}
];
users.talexander = {
directories = [
{
directory = ".local/share/containers";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
}
]
);
}

16
nix/configuration/roles/python/default.nix
View File

@@ -31,7 +31,23 @@
pyright
isort
black
uv
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
# Poetry virtual environments.
directory = ".cache/pypoetry";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
}
]
);

36
nix/configuration/roles/qemu/default.nix
View File

@@ -5,6 +5,41 @@
...
}:
let
qemurc =
(pkgs.writeScriptBin "qemurc" (
builtins.readFile (
pkgs.replaceVars ./files/qemurc.bash {
"OVMFfd" = "${pkgs.OVMF.fd}";
mount_root = "/vm";
zfs_root = "zroot/linux/nix/vm";
}
)
)).overrideAttrs
(old: {
buildCommand = ''
${old.buildCommand}
patchShebangs $out
'';
});
qemurc_wrapped =
(pkgs.writeScriptBin "qemurc" ''
#!/usr/bin/env bash
export "PATH=${
lib.makeBinPath [
pkgs.swtpm
pkgs.tmux
]
}:''${PATH}"
exec ${qemurc}/bin/qemurc "''${@}"
'').overrideAttrs
(old: {
buildCommand = ''
${old.buildCommand}
patchShebangs $out
'';
});
in
{
imports = [ ];
@@ -22,6 +57,7 @@
{
environment.systemPackages = with pkgs; [
qemu
qemurc_wrapped
];
}
]

375
nix/configuration/roles/qemu/files/qemurc.bash Normal file
View File

@@ -0,0 +1,375 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# Share a host directory to the guest via 9pfs.
#
# Inside the VM run:
# mount -t virtfs -o trans=virtio sharename /some/vm/path
# mount -t 9p -o cache=mmap -o msize=512000 sharename /mnt/9p
# mount -t 9p -o trans=virtio,cache=mmap,msize=512000 bind9p /path/to/mountpoint
# Example usage:
#
# doas qemurc create-disk mint 10
# doas env CD=/vm/iso/linuxmint-22.2-cinnamon-64bit.iso qemurc start mint
# doas qemurc start mint
# doas env WAYLAND_DISPLAY="$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY" XDG_RUNTIME_DIR=/run/user/0 qemurc start mint
: ${VERBOSE:="NO"} # or YES
if [ "$VERBOSE" = "YES" ]; then
set -x
fi
: ${CPU_CORES:="1"}
: ${MEMORY:="1G"}
: ${GTK_ENABLE:="NO"} # Only enable one, either GTK or VNC
: ${VNC_ENABLE:="NO"} # Only enable one, either GTK or VNC
: ${VNC_LISTEN:="127.0.0.1:0"}
: ${VNC_WIDTH:="1920"}
: ${VNC_HEIGHT:="1080"}
: ${AUDIO_ENABLE:="NO"}
: ${TPM_ENABLE:="NO"}
: ${BIND9P:=""}
: "${CD:=}"
: ${SHUTDOWN_TIMEOUT:="600"}
: ${MOUNT_ROOT:="@mount_root@"}
: ${ZFS_ROOT:="@zfs_root@"}
############## Setup #########################
function cleanup {
sync
for p in "${pids[@]}"; do
log "Killing $p"
kill "$p"
log "Killed $p"
done
for vm in "${vms[@]}"; do
log "Stopping $vm"
stop_one "$vm"
log "Stopped $vm"
done
}
pids=()
vms=()
trap "set +e; cleanup" EXIT
function die {
local status_code="$1"
shift
(>&2 echo "${@}")
exit "$status_code"
}
function log {
(>&2 echo "${@}")
}
############## Program #########################
function main {
local cmd
cmd=$1
shift
if [ "$cmd" = "start" ]; then
init
start "${@}"
elif [ "$cmd" = "stop" ]; then
init
stop "${@}"
elif [ "$cmd" = "status" ]; then
init
status "${@}"
elif [ "$cmd" = "console" ]; then
init
console "${@}"
elif [ "$cmd" = "_start_body" ]; then
init
start_body "${@}"
elif [ "$cmd" = "create-disk" ]; then
create_disk "${@}"
else
(>&2 echo "Unknown command: $cmd")
exit 1
fi
}
function start {
local num_vms="$#"
if [ "$num_vms" -eq 0 ]; then
log "No VMs specified."
return 0
fi
while [ "$#" -gt 0 ]; do
local name="$1"
shift 1
log "Starting VM $name."
start_one "$name"
[ "$#" -eq 0 ] || sleep 5
done
}
function start_one {
local name="$1"
local tmux_name="$name"
tmux new-session -d -s "$tmux_name" "$0" "_start_body" "$name"
}
function launch_pidfile {
local pidfile="$1"
shift 1
mkdir -p "$(dirname "$pidfile")"
cat > "${pidfile}" <<< "$$"
set -x
exec "${@}"
}
export -f launch_pidfile
function stop {
local num_vms="$#"
if [ "$num_vms" -eq 0 ]; then
log "No VMs specified."
return 0
fi
while [ "$#" -gt 0 ]; do
local name="$1"
shift 1
log "Stopping VM $name."
stop_one "$name"
[ "$#" -eq 0 ] || sleep 5
done
}
function stop_one {
local name="$1"
local pidfile="/run/qemurc/${name}/pid"
if [ ! -e "$pidfile" ]; then
log "Pid file $pidfile does not exist."
return 0
fi
local qemu_pid
qemu_pid=$(cat "$pidfile")
if ps -p "$qemu_pid" >/dev/null; then
# We cannot send a graceful shutdown command externally to qemu: https://gitlab.com/qemu-project/qemu/-/issues/148
log "Killing ${name}:${qemu_pid}."
kill -SIGTERM "$qemu_pid"
fi
local timeout_start timeout_end
timeout_start=$(date +%s)
while ps -p "$qemu_pid" >/dev/null; do
timeout_end=$(date +%s)
if [ $((timeout_end-timeout_start)) -ge "$SHUTDOWN_TIMEOUT" ]; then
log "${name}:${qemu_pid} took more than $SHUTDOWN_TIMEOUT seconds to shut down. Hard powering down."
break
fi
log "Waiting for ${name}:${qemu_pid} to exit."
sleep 2
done
kill -9 "$qemu_pid"
local timeout_start timeout_end
timeout_start=$(date +%s)
while ps -p "$qemu_pid" >/dev/null; do
timeout_end=$(date +%s)
if [ $((timeout_end-timeout_start)) -ge "$SHUTDOWN_TIMEOUT" ]; then
log "${name}:${qemu_pid} took more than $SHUTDOWN_TIMEOUT seconds to hard power down. Giving up."
break
fi
log "Waiting for ${name}:${qemu_pid} to hard power down."
sleep 2
done
rm -f "$pidfile"
log "Finished stopping $name."
}
function status {
local num_vms="$#"
if [ "$num_vms" -gt 0 ]; then
for name in "$@"; do
status_one "$name"
done
else
log "No VMs specified."
fi
}
function status_one {
local name="$1"
local pidfile="/run/qemurc/${name}/pid"
if [ ! -e "$pidfile" ]; then
log "$name is not running."
return 0
fi
local qemu_pid
qemu_pid=$(cat "$pidfile")
if ! ps -p "$qemu_pid" >/dev/null; then
log "$name is not running."
return 0
fi
log "$name is running as pid $qemu_pid."
}
function console {
local num_vms="$#"
if [ "$num_vms" -gt 0 ]; then
for name in "$@"; do
log "Attaching to console of VM $name."
console_one "$name"
done
else
log "No VMs specified."
fi
}
function console_one {
local name="$1"
local tmux_name="$name"
exec tmux a -t "$tmux_name"
}
function init {
mkdir -p /run/qemurc
}
############## qemu ############################
function create_disk {
local name="$1"
local gigabytes="$2"
local zfs_path="${ZFS_ROOT}/${name}"
local mount_path="${MOUNT_ROOT}/${name}"
zfs create -o mountpoint=none -o canmount=off "$zfs_path"
zfs create -o "mountpoint=$mount_path" -o canmount=on "$zfs_path/settings"
zfs create -s "-V${gigabytes}G" -o volmode=dev -o primarycache=metadata -o secondarycache=none "$zfs_path/disk0"
zfs snapshot -r "$zfs_path@empty"
install -m0600 "@OVMFfd@/FV/OVMF_VARS.fd" "${mount_path}/"
tee "${mount_path}/settings" <<EOF
CPU_CORES="$CPU_CORES"
MEMORY="$MEMORY"
GTK_ENABLE="$GTK_ENABLE"
VNC_ENABLE="$VNC_ENABLE"
VNC_LISTEN="$VNC_LISTEN"
VNC_WIDTH="$VNC_WIDTH"
VNC_HEIGHT="$VNC_HEIGHT"
AUDIO_ENABLE="$AUDIO_ENABLE"
TPM_ENABLE="$TPM_ENABLE"
BIND9P="$BIND9P"
EOF
}
function start_body {
local name="$1"
local zfs_path="${ZFS_ROOT}/${name}"
local mount_path="${MOUNT_ROOT}/${name}"
local run_path="/run/qemurc/${name}"
local mount_cd="$CD"
local swtpm_sock="${run_path}/swtpm.sock"
local swtpm_path="${MOUNT_ROOT}/${name}/swtpm"
install -d -m 0700 "$run_path"
if [ -e "${mount_path}/settings" ]; then
source "${mount_path}/settings"
fi
local additional_args=()
if [ -n "$BIND9P" ]; then
additional_args+=(-device "virtio-9p-type,fsdev=${BIND9P},mount_tag=bind9p")
fi
if [ -n "$mount_cd" ]; then
additional_args+=(-cdrom "$mount_cd")
fi
if [ "$VNC_ENABLE" = "YES" ]; then
additional_args+=(-vnc "${VNC_LISTEN},power-control=on")
fi
if [ "$AUDIO_ENABLE" = "YES" ]; then
additional_args+=(-audio "driver=pa,model=virtio,server=/run/user/11235/pulse/native")
fi
if [ "$TPM_ENABLE" = "YES" ]; then
install -d -m 0700 "$swtpm_path"
swtpm socket --tpm2 --tpmstate dir="$swtpm_path" --ctrl type=unixio,path="$swtpm_sock" &
local tpm_pid=$!
pids+=("$tpm_pid")
additional_args+=(-chardev "socket,id=chrtpm,path=$swtpm_sock"
-tpmdev "emulator,id=tpm0,chardev=chrtpm"
-device "tpm-tis,tpmdev=tpm0")
fi
if [ "$GTK_ENABLE" = "YES" ]; then
additional_args+=(
-device 'virtio-gpu-gl,hostmem=8G,blob=true,venus=true'
-display 'gtk,gl=on'
-vga virtio
)
fi
vms+=("$name")
local pidfile="/run/qemurc/${name}/pid"
local launch_cmd=()
launch_cmd+=(
launch_pidfile "$pidfile"
qemu-system-x86_64
-accel kvm
-cpu host
-smp cores="$CPU_CORES"
-m "$MEMORY"
-rtc base=localtime
-drive "file=\"@OVMFfd@/FV/OVMF_CODE.fd\",if=pflash,format=raw,readonly=on"
-drive "if=pflash,format=raw,file=\"$(readlink -f "${mount_path}/OVMF_VARS.fd")\""
-drive "if=none,file=/dev/zvol/${zfs_path}/disk0,format=raw,id=hd0"
-device 'nvme,serial=deadbeef,drive=hd0'
-nic 'user,hostfwd=tcp::60022-:22'
-boot order=d
"${additional_args[@]}"
)
set +e
rm -f "$pidfile"
(
IFS=$' \n\t'
set -ex
bash -c "${launch_cmd[*]}"
)
local exit_code=$?
log "Exit code ${exit_code}"
set -e
}
main "${@}"

36
nix/configuration/roles/rpcs3/default.nix
View File

@@ -70,16 +70,26 @@ in
}
];
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".config/rpcs3/config.yml" = lib.mkIf (config.me.rpcs3.config != null) {
source = rpcs3_config_yaml;
};
home.file.".config/rpcs3/GuiConfigs/CurrentSettings.ini" = {
source = ./files/CurrentSettings.ini;
};
me.install.user.talexander.file = {
".config/rpcs3/config.yml" = lib.mkIf (config.me.rpcs3.config != null) {
source = rpcs3_config_yaml;
};
".config/rpcs3/GuiConfigs/CurrentSettings.ini" = {
source = ./files/CurrentSettings.ini;
};
".config/rpcs3/custom_configs/config_BLUS30443.yml" = {
# Demon's Souls per-game config.
source = ./files/config_BLUS30443.yml;
};
".config/rpcs3/patches/patch.yml" = {
# All of the available patches.
source = ./files/patch.yml;
};
".config/rpcs3/patch_config.yml" = {
# Patches that I have enabled.
source = ./files/patch_config.yml;
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
@@ -146,6 +156,13 @@ in
mode = "0755";
};
}
{
# Netplay (RPCN) config and credentials
file = ".config/rpcs3/rpcn.yml";
parentDirectory = {
mode = "0755";
};
}
];
};
};
@@ -155,7 +172,6 @@ in
users.talexander = {
directories = [
{
# Game saves
directory = ".cache/rpcs3";
user = "talexander";
group = "talexander";

14
nix/configuration/roles/rpcs3/files/config_BLUS30443.yml Normal file
View File

@@ -0,0 +1,14 @@
Core:
SPU Block Size: Safe
Video:
Write Color Buffers: true
Minimum Scalable Dimension: 640
Net:
Internet enabled: Connected
IP address: 0.0.0.0
Bind address: 0.0.0.0
DNS address: 8.8.8.8
IP swap list: "ds-eu-c.scej-online.jp=206.189.232.242&&ds-eu-g.scej-online.jp=206.189.232.242&&c.demons-souls.com=206.189.232.242&&g.demons-souls.com=206.189.232.242&&cmnap.scej-online.jp=206.189.232.242&&demons-souls.scej-online.jp=206.189.232.242"
UPNP Enabled: false
PSN status: RPCN
PSN Country: us

24771
nix/configuration/roles/rpcs3/files/patch.yml Normal file
View File

File diff suppressed because it is too large Load Diff

6
nix/configuration/roles/rpcs3/files/patch_config.yml Normal file
View File

@@ -0,0 +1,6 @@
PPU-83681f6110d33442329073b72b8dc88a2f677172:
Unlock FPS:
Demon's Souls:
BLUS30443:
01.00:
Enabled: true

18
nix/configuration/roles/rust/default.nix
View File

@@ -48,18 +48,14 @@ in
# ? cargo-public-api
];
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file = {
".cargo/config.toml" = {
source = ./files/cargo_config.toml;
};
".rustup/settings.toml" = {
source = ./files/rustup_settings.toml;
};
};
me.install.user.talexander.file = {
".cargo/config.toml" = {
source = ./files/cargo_config.toml;
};
".rustup/settings.toml" = {
source = ./files/rustup_settings.toml;
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;

14
nix/configuration/roles/rust/files/cargo_config.toml
View File

@@ -1,12 +1,12 @@
[target.x86_64-unknown-linux-gnu]
rustflags = ["-C", "target-cpu=native", "-Zthreads=0"]
# [target.x86_64-unknown-linux-gnu]
# rustflags = ["-C", "target-cpu=native", "-Zthreads=0"]
[unstable]
codegen-backend = true
# [unstable]
# codegen-backend = true
[profile.dev]
codegen-backend = "cranelift"
# [profile.dev]
# codegen-backend = "cranelift"
[profile.dev.package."*"]
codegen-backend = "llvm"
# codegen-backend = "llvm"
opt-level = 3

29
nix/configuration/roles/sequoia/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
sequoia.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install sequoia.";
};
};
config = lib.mkIf config.me.sequoia.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
sequoia-sq
];
}
]
);
}

110
nix/configuration/roles/shadps4/default.nix Normal file
View File

@@ -0,0 +1,110 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
shadps4.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install shadps4.";
};
};
config = lib.mkIf config.me.shadps4.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
shadps4
];
me.install.user.talexander.file = {
".local/share/shadPS4/config.toml" = {
source = ./files/config.toml;
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
# Location of ROMs.
directory = ".local/share/shadPS4/games";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Firmware.
directory = ".local/share/shadPS4/sys_modules";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Game saves.
directory = ".local/share/shadPS4/savedata";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# DLC.
directory = ".local/share/shadPS4/addcont";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
files = [
{
# play times and recently played
file = ".local/share/shadPS4/play_time.txt";
parentDirectory = {
mode = "0755";
};
}
];
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
# Cache.
directory = ".local/share/shadPS4/data";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
nixpkgs.overlays = [
(final: prev: {
shadps4 = prev.shadps4.overrideAttrs (old: {
version = "0.9.0";
src = final.fetchFromGitHub {
owner = "AzaharPlus";
repo = "shadPS4Plus";
tag = "SHADPS4PLUS_0_9_0_A";
hash = "sha256-ZwP+bOE4roWt51Ii53blDZzdq/SxK4Q69I4rLCNARLA=";
fetchSubmodules = true;
};
});
})
];
})
]
);
}

15
nix/configuration/roles/shadps4/files/config.toml Normal file
View File

@@ -0,0 +1,15 @@
[General]
# Without this, we get:
# /run/current-system/sw/bin/xdg-mime: line 1002: /nix/store/wd9bigydk9x8bsvnslrvb5klbgmh98v5-hm_mimeapps.list.new: Read-only file system
enableDiscordRPC = false
[GUI]
addonInstallDir = "/home/talexander/.local/share/shadPS4/addcont"
installDirs = ["/home/talexander/.local/share/shadPS4/games"]
installDirsEnabled = [true]
# Without the geometry settings shadps4 crashes instantly with a floating point error.
geometry_h = 981
geometry_w = 748
geometry_x = 0
geometry_y = 0

12
nix/configuration/roles/shikane/default.nix
View File

@@ -36,15 +36,11 @@ in
exec_shikane
];
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file = {
".config/shikane/config.toml" = {
source = ./files/config.toml;
};
};
me.install.user.talexander.file = {
".config/shikane/config.toml" = {
source = ./files/config.toml;
};
};
})
]
);

12
nix/configuration/roles/shikane/files/config.toml
View File

@@ -1,3 +1,15 @@
[[profile]]
name = "laptop"
[[profile.output]]
enable = true
search = ["m=0x0BCA", "s=", "v=BOE"]
mode = "2256x1504@59.999Hz"
position = "0,0"
scale = 1.5
transform = "normal"
adaptive_sync = false
[[profile]]
name = "homedesk"
exec = ["notify-send shikane \"Profile $SHIKANE_PROFILE_NAME has been applied\""]

49
nix/configuration/roles/spaghettikart/default.nix Normal file
View File

@@ -0,0 +1,49 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
spaghettikart.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install spaghettikart.";
};
};
config = lib.mkIf config.me.spaghettikart.enable (
lib.mkMerge [
{
allowedUnfree = [ "spaghettikart" ];
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
spaghettikart
];
me.install.user.talexander.file = {
".local/share/spaghettikart/spaghettify.cfg.json" = {
source = ./files/spaghettify.cfg.json;
method = "overwrite";
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
files = [
".local/share/spaghettikart/default.sav"
".local/share/spaghettikart/mk64.o2r"
];
};
};
})
]
);
}

14
nix/configuration/roles/spaghettikart/files/spaghettify.cfg.json Normal file
View File

@@ -0,0 +1,14 @@
{
"CVars": {
"gDisableLod": 1,
"gMSAAValue": 2,
"gShowSpaghettiVersion": 0,
"gSkipIntro": 1,
"gVsyncEnabled": 1
},
"Window": {
"Fullscreen": {
"Enabled": true
}
}
}

21
nix/configuration/roles/ssh/default.nix
View File

@@ -27,19 +27,14 @@
};
};
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".ssh/config" = {
source = ./files/ssh_config;
};
me.install.user.root.file = {
".ssh/config" = {
source = ./files/ssh_config_root;
};
home-manager.users.root =
{ pkgs, ... }:
{
home.file.".ssh/config" = {
source = ./files/ssh_config_root;
};
};
me.install.user.talexander.file = {
".ssh/config" = {
source = ./files/ssh_config;
};
};
}

30
nix/configuration/roles/sway/default.nix
View File

@@ -376,26 +376,18 @@ in
};
};
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file = {
# Configure default programs (for example, default browser)
".config/mimeapps.list" = {
source = ./files/mimeapps.list;
};
};
home.file = {
".config/gtk-3.0/settings.ini" = {
source = ./files/settings.ini;
};
};
home.file = {
".icons/default" = {
source = "${pkgs.adwaita-icon-theme}/share/icons/Adwaita";
};
};
me.install.user.talexander.file = {
".config/mimeapps.list" = {
# Configure default programs (for example, default browser)
source = ./files/mimeapps.list;
};
".config/gtk-3.0/settings.ini" = {
source = ./files/settings.ini;
};
".icons/default" = {
source = "${pkgs.adwaita-icon-theme}/share/icons/Adwaita";
};
};
# For mounting drives in pcmanfm
services.gvfs.enable = true;

33
nix/configuration/roles/uutils/default.nix Normal file
View File

@@ -0,0 +1,33 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
uutils.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to replace GNU coreutils with uutils (a rust drop-in replacement).";
};
};
config = lib.mkIf config.me.uutils.enable (
lib.mkMerge [
{
# environment.corePackages automatically installes coreutils-full, so merely installing uutils-coreutils-noprefix is insufficient for replacing GNU coreutils.
nixpkgs.overlays = [
(final: prev: {
coreutils = final.uutils-coreutils-noprefix;
coreutils-full = final.uutils-coreutils-noprefix;
})
];
}
]
);
}

16
nix/configuration/roles/vscode/default.nix
View File

@@ -48,16 +48,14 @@
})
];
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".config/Code/User/settings.json" = {
source = ./files/settings.json;
};
home.file.".config/Code/User/keybindings.json" = {
source = ./files/keybindings.json;
};
me.install.user.talexander.file = {
".config/Code/User/settings.json" = {
source = ./files/settings.json;
};
".config/Code/User/keybindings.json" = {
source = ./files/keybindings.json;
};
};
})
]
);

6
nix/configuration/roles/vscode/files/keybindings.json
View File

@@ -20,6 +20,12 @@
"command": "-workbench.action.navigateBack",
"when": "canNavigateBack"
},
{
// This isn't quite right. In emacs it would go back to the last location you performed an action which could include navigation. This goes back to the place where you last changed the text. Either way, close enough.
"key": "ctrl+x ctrl+x",
"command": "workbench.action.navigateToLastEditLocation",
"when": "canNavigateToLastEditLocation"
},
{
"key": "shift+alt+/",
"command": "editor.action.goToReferences",

Some files were not shown because too many files have changed in this diff Show More