talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: talexander:install_files_mixin
Branches Tags
talexander:main talexander:nix talexander:kubernetes talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook
..
compare: talexander:eebbf9f4aa3893f01889c91afce1012252a021a9
Branches Tags
talexander:nix talexander:kubernetes talexander:main talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook

115 Commits
install_fi ... eebbf9f4aa

Author SHA1 Message Date
Tom Alexander
eebbf9f4aa Automatically set distributed build's supportedFeatures based on that host's actual config. 
Previously, we had two copies of the supported features for each host.
 2025-11-19 22:42:43 -05:00
Tom Alexander
3bf912f3be Trim down odowork's install. 2025-11-19 21:50:57 -05:00
Tom Alexander
331651bf23 Switch odowork to i_only_boot_zfs. 2025-11-19 20:50:45 -05:00
Tom Alexander
b16871c701 Fix rollback during boot. 2025-11-18 23:29:00 -05:00
Tom Alexander
381448b338 Switch odo to i_only_boot_zfs. 2025-11-18 23:02:40 -05:00
Tom Alexander
300dfc68cf Fix build. 2025-11-18 23:00:16 -05:00
Tom Alexander
8ccd34aba9 Add odowork. 2025-11-18 21:30:56 -05:00
Tom Alexander
a94df0944b gtkmm build failing. 2025-11-17 21:39:32 -05:00
Tom Alexander
b63df577d9 Add a role for wine. 2025-11-17 05:46:36 -05:00
Tom Alexander
73335b080f Disable rofimoji because the build is failing. 2025-11-17 05:23:01 -05:00
Tom Alexander
e01863cfc7 ffmpeg-headless tests failing. 2025-11-17 05:23:01 -05:00
Tom Alexander
fc343d7897 Switch odo and quark to i_only_boot_zfs. 2025-11-16 18:58:58 -05:00
Tom Alexander
09e36de78e Enable /boot partition. 2025-11-16 18:58:46 -05:00
Tom Alexander
f13689e2c1 Update packages. 2025-11-16 18:58:46 -05:00
Tom Alexander
57b83f7175 Switch to using i_only_boot_zfs. 2025-11-15 19:28:29 -05:00
Tom Alexander
f27aae960f Add an alias to ripgrep all files. 2025-11-15 19:28:28 -05:00
Tom Alexander
5b849c266e Enable python typechecking by default in vscode. 2025-11-08 14:41:28 -05:00
Tom Alexander
588e434b56 Add a host for testing i_only_boot_zfs. 2025-10-28 19:20:48 -04:00
Tom Alexander
09355dd927 Try to fix install. 2025-10-27 11:46:17 -04:00
Tom Alexander
4276f63c59 Install disko in the ISOs. 2025-10-27 11:25:09 -04:00
Tom Alexander
614ef2e5cf Add a minimal base role to record what is needed for a minimal useful system. 2025-10-26 17:28:09 -04:00
Tom Alexander
888613a229 Fix building many things in nix. 
Nix 2.30.0 (2025-07-07) changed the build directory from /tmp to /nix/var/nix/builds which broke a number of builds because my ZFS datasets were utf8only. This adds a role to mount tmpfs to /nix/var/nix/builds to restore the old behavior.
 2025-10-26 17:24:41 -04:00
Tom Alexander
24b089a313 Add a config for the disc recovery machine. 2025-10-26 17:24:41 -04:00
Tom Alexander
2f05b9e600 Add support for specifying a build arch. 2025-10-26 12:54:47 -04:00
Tom Alexander
e4225a82bb Add a role for jujutsu. 2025-10-26 12:54:47 -04:00
Tom Alexander
4a0f0bd8c8 Add cleanup_temporary_files script to base. 2025-10-25 20:38:41 -04:00
Tom Alexander
381eb1523e Disable more firefox AI stuff. 2025-10-25 12:18:19 -04:00
Tom Alexander
8888838457 Fix mounting CDs in qemurc. 2025-10-25 09:03:05 -04:00
Tom Alexander
3918775c1d Specify waybar config in nix. 
This is to facilitate having different waybar configs for each machine.
 2025-10-25 09:03:05 -04:00
Tom Alexander
3bf84445a3 Restructure flake.nix for a simpler config for building different images off the same NixOS config. 2025-10-25 09:03:05 -04:00
Tom Alexander
69b5cf9217 Update packages. 2025-10-10 22:03:53 -04:00
Tom Alexander
3d9513f2c5 Move ansible-sshjail and zsh-histdb into my config instead of living as separate flakes. 2025-10-05 21:37:57 -04:00
Tom Alexander
ae6cce96a2 Support running arm code on x86. 2025-10-05 20:43:04 -04:00
Tom Alexander
3274d1903f Replace GNU coreutils with uutils. 2025-10-05 20:04:03 -04:00
Tom Alexander
a01b58f6ac use-remote-sudo has been replaced with sudo. 2025-10-05 15:17:34 -04:00
Tom Alexander
fb7b1322da Remove hack for turning off wifi power saving from quark shell init. 2025-10-05 14:55:42 -04:00
Tom Alexander
69b6a81b8b Update packages. 2025-10-05 14:07:04 -04:00
Tom Alexander
f5c30860ab Install uv. 2025-10-05 14:04:01 -04:00
Tom Alexander
255b39df0a Disable the nix binary cache. 
It is technically a risk and since I build most of my software anyway, I'm not getting much benefit.
 2025-10-05 14:04:01 -04:00
Tom Alexander
da66a6917b Update amd-debug-tools to 0.2.8. 2025-09-29 21:17:30 -04:00
Tom Alexander
ad2c4809d7 Fix building the hydra vm ISO. 2025-09-28 11:38:18 -04:00
Tom Alexander
fe49204e3f Enable optimizations on some packages that are no longer broken. 2025-09-28 11:38:17 -04:00
Tom Alexander
fa44003fad Disable wifi powersaving. 2025-09-26 22:35:04 -04:00
Tom Alexander
bc0a64fb8b Update packages. 2025-09-26 22:34:43 -04:00
Tom Alexander
3048b62834 ControlPortOverNL80211 no longer needs to be disabled for the QCNCM865 in my laptop. 2025-09-26 20:22:22 -04:00
Tom Alexander
08b424e1f3 Minor cleanups for emacs. 2025-09-25 20:15:52 -04:00
Tom Alexander
185c43761c Add sequoia. 2025-09-25 20:13:56 -04:00
Tom Alexander
37abf58271 Add a qemu port of my bhyverc script for running virtual machines on Linux. 2025-09-19 21:04:58 -04:00
Tom Alexander
3b007f8bc5 Support transcoding from 10bit to 8bit video. 2025-09-17 19:50:07 -04:00
Tom Alexander
d358e9383e Add noto fonts for ⏵ in nix output monitor. 2025-09-14 12:42:21 -04:00
Tom Alexander
f036ec4b96 Add back duckstation. 2025-09-13 12:28:29 -04:00
Tom Alexander
74ee87a111 Switch to bundled packages to fix build. 2025-09-13 12:00:09 -04:00
Tom Alexander
d0f23c0cb1 Add Spaghetti Kart to the Steam Deck. 2025-09-13 11:28:29 -04:00
Tom Alexander
c72141e070 Install SpaghettiKart. 2025-09-12 19:02:22 -04:00
Tom Alexander
e77c0ed330 Merge branch 'podman' into nix 2025-09-08 21:14:54 -04:00
Tom Alexander
70c2fb694a Switch to podman. 2025-09-08 21:14:41 -04:00
Tom Alexander
b32635fe71 Allow first-party canvas use. 2025-09-07 22:03:38 -04:00
Tom Alexander
b179bee277 Pull in improvements from nixpkgs PR. 2025-09-06 20:32:25 -04:00
Tom Alexander
b1c85417e1 Update to linux 6.16. 2025-09-06 17:39:04 -04:00
Tom Alexander
96ea6c4232 Reduce abmlevel to 2. 
Everything got dimmer in 6.14 so I am reducing the abmlevel.
 2025-09-04 18:51:14 -04:00
Tom Alexander
2a584915e4 Install d2. 2025-09-04 18:51:14 -04:00
Tom Alexander
a6a50d7c22 Add d2 to emacs. 2025-09-04 18:51:14 -04:00
Tom Alexander
edfafd1017 Add latex packages for org export. 2025-09-04 18:51:13 -04:00
Tom Alexander
9adff4ebc1 Add laptop-only entry in shikane. 2025-09-01 18:48:42 -04:00
Tom Alexander
a788879d92 Preserve poetry venvs. 2025-09-01 18:48:38 -04:00
Tom Alexander
955c5963c8 Disable machine learning in firefox. 2025-08-31 22:21:34 -04:00
Tom Alexander
11436c0efe Set vscode navigate backwards to be scoped to the editor. 2025-08-27 20:33:37 -04:00
Tom Alexander
5b487330e1 Use json for talking to nix output monitor. 2025-08-24 17:36:06 -04:00
Tom Alexander
d25e9173dd Merge branch 'amd_s2idle' into nix 2025-08-21 20:30:35 -04:00
Tom Alexander
8bddf10e9d Fix description. 2025-08-21 20:30:23 -04:00
Tom Alexander
64c94e9b06 Add run-time dependencies. 2025-08-17 20:48:35 -04:00
Tom Alexander
c87957b8cb Introduce a cysystemd package. 2025-08-17 20:32:20 -04:00
Tom Alexander
bf419b6f4a Switch to buildPythonApplication. 2025-08-17 19:01:07 -04:00
Tom Alexander
b224a78b89 Add amd_s2idle script for debugging s2idle. 2025-08-17 10:37:51 -04:00
Tom Alexander
748584c78e Merge branch 'copy_files_mixin' into nix 2025-08-10 16:22:19 -04:00
Tom Alexander
64e8903ae4 Remove test code. 2025-08-10 16:19:13 -04:00
Tom Alexander
f4338ec8df Replace uses of home-manager. 2025-08-10 16:12:09 -04:00
Tom Alexander
c947def321 Fix handling ownership of parent directories. 2025-08-10 12:54:34 -04:00
Tom Alexander
f1eaaf12b3 Support separate permissions for containing directories. 2025-08-10 11:52:55 -04:00
Tom Alexander
2b485f7f1d Support recursive. 2025-08-10 11:41:06 -04:00
Tom Alexander
6db8e01309 Honor ownership. 2025-08-09 21:19:13 -04:00
Tom Alexander
03e389195c Filter out blank lines. 2025-08-09 21:01:35 -04:00
Tom Alexander
2c3e5483e9 Centralize the logic for escaping the shell values. 2025-08-09 20:54:54 -04:00
Tom Alexander
6b42a09468 Make the paths relative to the user's home directory. 2025-08-09 20:43:01 -04:00
Tom Alexander
eb5815048f Add a check and uninstall phase. 2025-08-09 20:27:27 -04:00
Tom Alexander
1cb4fa4234 Add support for symlinking. 2025-08-09 20:05:29 -04:00
Tom Alexander
146dc5f79a Switch to nested attrsets. 2025-08-09 19:13:37 -04:00
Tom Alexander
f667c9daa6 Switch to a systemd unit file to remove the need for home-manager. 2025-08-09 11:09:21 -04:00
Tom Alexander
83eaba357f Fix bug where it used the path in the option name rather than the target value inside the option. 2025-08-09 11:09:21 -04:00
Tom Alexander
6284ce8d86 Add method parameter. 2025-08-09 11:09:21 -04:00
Tom Alexander
c26d6f34ea Start a user-specific variant of the install file command. 2025-08-09 11:09:21 -04:00
Tom Alexander
c3f715d010 Add the install_file module from the steam deck config. 2025-08-09 11:09:21 -04:00
Tom Alexander
45514d147c Disable turboboost. 2025-08-09 10:42:20 -04:00
Tom Alexander
aafa880b7c Fix accelerated video decode on chromium. 2025-08-06 22:56:02 -04:00
Tom Alexander
dde8be4d9f Do not update refs when rebasing. 2025-08-06 22:23:16 -04:00
Tom Alexander
03ae8d3b0a Change how we bundle meld into git. 2025-07-19 18:41:57 -04:00
Tom Alexander
03f0721e1f Set up typescript language server and add meld to git. 2025-07-15 22:57:03 -04:00
Tom Alexander
8847063948 Install direnv. 2025-07-13 16:51:58 -04:00
Tom Alexander
399379cea0 Fix eglot rust-analyzer settings. 2025-07-07 19:26:55 -04:00
Tom Alexander
1cdfebf392 Disable cranelift. 
It was causing problems (errors during build) while not providing much benefit for my use-cases.
 2025-07-07 18:44:12 -04:00
Tom Alexander
045fed0748 Fix crashes on shadps4 launch. 2025-07-05 17:08:33 -04:00
Tom Alexander
7fe153bfd3 Update packages. 2025-07-05 10:01:09 -04:00
Tom Alexander
52490457f0 Install shadps4. 2025-06-29 10:22:09 -04:00
Tom Alexander
e5e9bba2a5 Pin old version of linux-firmware to fix wifi on laptop. 2025-06-28 09:47:40 -04:00
Tom Alexander
7ef079afc0 Update to Linux kernel 6.15. 2025-06-28 01:10:47 -04:00
Tom Alexander
a06fece8f1 Update packages. 2025-06-26 23:31:12 -04:00
Tom Alexander
51c7888347 Add dhcpcd for USB tethering and use upstream linux-firmware. 2025-06-23 13:02:10 -04:00
Tom Alexander
7656c30a29 Update packages. 2025-06-22 01:12:03 -04:00
Tom Alexander
929401b359 Switch to memtest86+. 2025-06-22 01:11:41 -04:00
Tom Alexander
16746d58d2 Add a git alias to list the number of commits from each author. 2025-06-20 17:55:06 -04:00
Tom Alexander
82a016ec68 Reduce risk of crashing from savestates. 2025-06-10 17:21:27 -04:00
Tom Alexander
eed2bd4f13 Persist Demon's Souls settings. 2025-06-08 12:08:47 -04:00
Tom Alexander
99f1b1a51b Update packages. 2025-06-01 20:12:34 -04:00
Tom Alexander
99bc8c6d79 Pin the version of linux-firmware. 
New versions of linux-firmware break my wifi on my laptop. I am pinning the firmware version so I can update the rest of my software.
 2025-06-01 20:10:25 -04:00
Tom Alexander
0f2c595538 Perform weekly garbage collects. 2025-06-01 11:21:57 -04:00
250 changed files with 33378 additions and 3758 deletions
Expand all files Collapse all files

1
ansible/roles/base/files/gitconfig_home
View File

@@ -8,6 +8,7 @@
lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
bh = log --oneline --branches=* --remotes=* --graph --decorate bh = log --oneline --branches=* --remotes=* --graph --decorate
amend = commit --amend --no-edit amend = commit --amend --no-edit
authorcount = shortlog --summary --numbered --all --no-merges
[core] [core]
excludesfile = ~/.gitignore_global excludesfile = ~/.gitignore_global
[commit] [commit]

1
ansible/roles/base/files/gitconfig_work
View File

@@ -8,6 +8,7 @@
lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
bh = log --oneline --branches=* --remotes=* --graph --decorate bh = log --oneline --branches=* --remotes=* --graph --decorate
amend = commit --amend --no-edit amend = commit --amend --no-edit
authorcount = shortlog --summary --numbered --all --no-merges
[core] [core]
excludesfile = ~/.gitignore_global excludesfile = ~/.gitignore_global
[commit] [commit]

2
ansible/roles/sshd/files/keys/yubikey.pub
View File

@@ -1 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky cardno:000611194908 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8

229
nix/configuration/configuration.nix
View File

@@ -1,8 +1,6 @@
{ {
config, config,
lib, lib,
pkgs,
home-manager,
... ...
}: }:
@@ -10,20 +8,30 @@
imports = [ imports = [
./roles/2ship2harkinian ./roles/2ship2harkinian
./roles/alacritty ./roles/alacritty
./roles/amd_s2idle
./roles/ansible ./roles/ansible
./roles/ares ./roles/ares
./roles/base
./roles/bluetooth ./roles/bluetooth
./roles/boot ./roles/boot
./roles/build_in_ram
./roles/chromecast ./roles/chromecast
./roles/chromium ./roles/chromium
./roles/d2
./roles/direnv
./roles/disko
./roles/distributed_build ./roles/distributed_build
./roles/doas
./roles/docker ./roles/docker
./roles/dont_use_substituters
./roles/ecc ./roles/ecc
./roles/emacs ./roles/emacs
./roles/emulate_isa
./roles/firefox ./roles/firefox
./roles/firewall ./roles/firewall
./roles/flux ./roles/flux
./roles/fonts ./roles/fonts
./roles/image_based_appliance
./roles/gcloud ./roles/gcloud
./roles/git ./roles/git
./roles/global_options ./roles/global_options
@@ -33,6 +41,7 @@
./roles/hydra ./roles/hydra
./roles/iso ./roles/iso
./roles/iso_mount ./roles/iso_mount
./roles/jujutsu
./roles/kanshi ./roles/kanshi
./roles/kodi ./roles/kodi
./roles/kubernetes ./roles/kubernetes
@@ -41,34 +50,46 @@
./roles/lvfs ./roles/lvfs
./roles/media ./roles/media
./roles/memtest86 ./roles/memtest86
./roles/minimal_base
./roles/network ./roles/network
./roles/nix_index ./roles/nix_index
./roles/nix_worker ./roles/nix_worker
./roles/nvme ./roles/nvme
./roles/openpgp_card_tools
./roles/optimized_build ./roles/optimized_build
./roles/pcsx2 ./roles/pcsx2
./roles/podman
./roles/python ./roles/python
./roles/qemu ./roles/qemu
./roles/recovery
./roles/reset ./roles/reset
./roles/rpcs3 ./roles/rpcs3
./roles/rust ./roles/rust
./roles/sequoia
./roles/shadps4
./roles/shikane ./roles/shikane
./roles/shipwright ./roles/shipwright
./roles/sm64ex ./roles/sm64ex
./roles/sops ./roles/sops
./roles/sound ./roles/sound
./roles/spaghettikart
./roles/ssh ./roles/ssh
./roles/sshd
./roles/steam ./roles/steam
./roles/steam_run_free ./roles/steam_run_free
./roles/sway ./roles/sway
./roles/tekton ./roles/tekton
./roles/terraform ./roles/terraform
./roles/thunderbolt ./roles/thunderbolt
./roles/user
./roles/uutils
./roles/vnc_client ./roles/vnc_client
./roles/vscode ./roles/vscode
./roles/wasm ./roles/wasm
./roles/waybar ./roles/waybar
./roles/wine
./roles/wireguard ./roles/wireguard
./roles/yubikey
./roles/zfs ./roles/zfs
./roles/zrepl ./roles/zrepl
./roles/zsh ./roles/zsh
@@ -76,187 +97,52 @@
./util/unfree_polyfill ./util/unfree_polyfill
]; ];
me.install.user.talexander.file."/home/talexander/flake.nix" = { config = {
source = ./flake.nix;
};
nix.settings.experimental-features = [ nix.settings.experimental-features = [
"nix-command" "nix-command"
"flakes" "flakes"
]; ];
nix.settings.trusted-users = [ "@wheel" ]; nix.settings.trusted-users = [ "@wheel" ];
# boot.kernelPackages = pkgs.linuxPackages_6_11;
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
# Use nixos-rebuild-ng
# system.rebuild.enableNg = true;
# Keep outputs so we can build offline. # Keep outputs so we can build offline.
nix.extraOptions = '' nix.extraOptions = ''
keep-outputs = true keep-outputs = true
keep-derivations = true keep-derivations = true
''; '';
# Technically only needed when building the ISO because nix detects ZFS in the filesystem list normally. I basically always want this so I'm just setting it to always be on.
boot.supportedFilesystems.zfs = true;
# TODO: Is this different from boot.supportedFilesystems = [ "zfs" ]; ?
services.getty = {
autologinUser = "talexander"; # I use full disk encryption so the user password is irrelevant.
autologinOnce = true;
};
users.mutableUsers = false;
users.users.talexander = {
isNormalUser = true;
createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481
group = "talexander";
extraGroups = [ "wheel" ];
uid = 11235;
packages = with pkgs; [
tree
];
# Generate with `mkpasswd -m scrypt`
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
];
};
users.groups.talexander.gid = 11235;
home-manager.users.talexander =
{ pkgs, ... }:
{
# The state version is required and should stay at the version you
# originally installed.
home.stateVersion = "24.11";
};
home-manager.users.root =
{ pkgs, ... }:
{
# The state version is required and should stay at the version you
# originally installed.
home.stateVersion = "24.11";
};
# Automatic garbage collection # Automatic garbage collection
nix.gc = lib.mkIf (!config.me.buildingIso) { nix.gc = lib.mkIf (!config.me.buildingPortable) {
# Runs nix-collect-garbage --delete-older-than 5d # Runs nix-collect-garbage --delete-older-than 5d
automatic = true; automatic = true;
randomizedDelaySec = "14m"; persistent = true;
dates = "monthly";
# randomizedDelaySec = "14m";
options = "--delete-older-than 30d"; options = "--delete-older-than 30d";
}; };
nix.settings.auto-optimise-store = !config.me.buildingIso; nix.settings.auto-optimise-store = !config.me.buildingPortable;
# Use doas instead of sudo environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
security.doas.enable = true;
security.doas.wheelNeedsPassword = false;
security.sudo.enable = false;
security.doas.extraRules = [
{
# Retain environment (for example NIX_PATH)
keepEnv = true;
persist = true; # Only ask for a password the first time.
}
];
environment.systemPackages = with pkgs; [
wget
mg
rsync
libinput
htop
tmux
file
usbutils # for lsusb
pciutils # for lspci
ripgrep
strace
ltrace
trace-cmd # ftrace
tcpdump
git-crypt
gnumake
ncdu
nix-tree
libarchive # bsdtar
lsof
doas-sudo-shim # To support --use-remote-sudo for remote builds
dmidecode # Read SMBIOS information.
ipcalc
gptfdisk # for cgdisk
nix-output-monitor # For better view into nixos-rebuild
nix-serve-ng # Serve nix store over http
];
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
hostKeys = [
{
path = "/persist/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
{
path = "/persist/ssh/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}
];
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true; hideMounts = true;
directories = [ directories = [
"/var/lib/iwd" # Wifi settings
"/var/lib/nixos" # Contains user information (uids/gids) "/var/lib/nixos" # Contains user information (uids/gids)
"/var/lib/systemd" # Systemd state directory for random seed, persistent timers, core dumps, persist hardware state like backlight and rfkill "/var/lib/systemd" # Systemd state directory for random seed, persistent timers, core dumps, persist hardware state like backlight and rfkill
"/var/log/journal" # Logs, alternatively set `services.journald.storage = "volatile";` to write to /run/log/journal "/var/log/journal" # Logs, alternatively set `services.journald.storage = "volatile";` to write to /run/log/journal
]; ];
files = [ files = [
"/etc/machine-id" # Systemd unique machine id "otherwise, the system journal may fail to list earlier boots, etc" "/etc/machine-id" # Systemd unique machine id "otherwise, the system journal may fail to list earlier boots, etc"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
]; ];
users.talexander = {
directories = [
{
directory = "persist";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
}; };
# Write a list of the currently installed packages to /etc/current-system-packages # Write a list of the currently installed packages to /etc/current-system-packages
environment.etc."current-system-packages".text = # environment.etc."current-system-packages".text =
let # let
packages = builtins.map (p: "${p.name}") config.environment.systemPackages; # packages = builtins.map (p: "${p.name}") config.environment.systemPackages;
sortedUnique = builtins.sort builtins.lessThan (lib.unique packages); # sortedUnique = builtins.sort builtins.lessThan (lib.unique packages);
formatted = builtins.concatStringsSep "\n" sortedUnique; # formatted = builtins.concatStringsSep "\n" sortedUnique;
in # in
formatted; # formatted;
# environment.etc."system-packages-with-source".text = builtins.concatStringsSep "\n\n" (
# builtins.map (
# x: x.file + "\n" + builtins.concatStringsSep "\n" (builtins.map (s: " " + s) x.value)
# ) config.environment.systemPackages.definitionsWithLocations
# );
# nixpkgs.overlays = [
# (final: prev: {
# nix = pkgs-unstable.nix;
# })
# ];
# nixpkgs.overlays = [ # nixpkgs.overlays = [
# (final: prev: { # (final: prev: {
@@ -264,10 +150,41 @@
# }) # })
# ]; # ];
# Copy the NixOS configuration file and link it from the resulting system nixpkgs.overlays =
# (/run/current-system/configuration.nix). This is useful in case you let
# accidentally delete configuration.nix. disableTests = (
# system.copySystemConfiguration = true; package_name:
(final: prev: {
"${package_name}" = prev."${package_name}".overrideAttrs (old: {
doCheck = false;
doInstallCheck = false;
});
})
);
in
[
(final: prev: {
imagemagick = prev.imagemagick.overrideAttrs (old: rec {
# 7.1.2-6 seems to no longer exist, so use 7.1.2-7
version = "7.1.2-7";
src = final.fetchFromGitHub {
owner = "ImageMagick";
repo = "ImageMagick";
tag = version;
hash = "sha256-9ARCYftoXiilpJoj+Y+aLCEqLmhHFYSrHfgA5DQHbGo=";
};
});
})
(final: prev: {
grub2 = (final.callPackage ./package/grub { });
})
(final: prev: {
rpcs3 = prev.rpcs3.override {
ffmpeg = final.ffmpeg_7;
};
})
];
# This option defines the first version of NixOS you have installed on this particular machine, # This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
@@ -287,5 +204,5 @@
# #
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment? system.stateVersion = "24.11"; # Did you read the comment?
};
} }

160
nix/configuration/flake.lock generated
View File

@@ -1,22 +1,5 @@
{ {
"nodes": { "nodes": {
"ansible-sshjail": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"path": "flakes/ansible-sshjail",
"type": "path"
},
"original": {
"path": "flakes/ansible-sshjail",
"type": "path"
},
"parent": []
},
"crane": { "crane": {
"locked": { "locked": {
"lastModified": 1731098351, "lastModified": 1731098351,
@@ -39,11 +22,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1746729224, "lastModified": 1762276996,
"narHash": "sha256-9R4sOLAK1w3Bq54H3XOJogdc7a6C2bLLmatOQ+5pf5w=", "narHash": "sha256-TtcPgPmp2f0FAnc+DMEw4ardEgv1SGNR3/WFGH0N19M=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "85555d27ded84604ad6657ecca255a03fd878607", "rev": "af087d076d3860760b3323f6b583f4d828c1ac17",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -89,42 +72,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": { "gitignore": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -147,26 +94,6 @@
"type": "github" "type": "github"
} }
}, },
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1746981801,
"narHash": "sha256-+Bfr0KqZV6gZdA7e2kupeoawozaLIHLuiPtC54uxbFc=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "ff915842e4a2e63c4c8c5c08c6870b9d5b3c3ee9",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1737831083, "lastModified": 1737831083,
@@ -210,11 +137,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1746663147, "lastModified": 1762977756,
"narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=", "narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54", "rev": "c5ae371f1a6a7fd27823bc500d9390b38c05fa55",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -224,22 +151,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-b93b4e9b5": {
"locked": {
"lastModified": 1713721570,
"narHash": "sha256-R0s+O5UjTePQRb72XPgtkTmEiOOW8n+1q9Gxt/OJnKU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b93b4e9b527904aadf52dba6ca35efde2067cbd4",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b93b4e9b527904aadf52dba6ca35efde2067cbd4",
"type": "github"
}
},
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1730741070, "lastModified": 1730741070,
@@ -258,11 +169,11 @@
}, },
"nixpkgs-unoptimized": { "nixpkgs-unoptimized": {
"locked": { "locked": {
"lastModified": 1746663147, "lastModified": 1762977756,
"narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=", "narHash": "sha256-4PqRErxfe+2toFJFgcRKZ0UI9NSIOJa+7RXVtBhy4KE=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54", "rev": "c5ae371f1a6a7fd27823bc500d9390b38c05fa55",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -301,15 +212,11 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"ansible-sshjail": "ansible-sshjail",
"disko": "disko", "disko": "disko",
"home-manager": "home-manager",
"impermanence": "impermanence", "impermanence": "impermanence",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-b93b4e9b5": "nixpkgs-b93b4e9b5", "nixpkgs-unoptimized": "nixpkgs-unoptimized"
"nixpkgs-unoptimized": "nixpkgs-unoptimized",
"zsh-histdb": "zsh-histdb"
} }
}, },
"rust-overlay": { "rust-overlay": {
@@ -332,53 +239,6 @@
"repo": "rust-overlay", "repo": "rust-overlay",
"type": "github" "type": "github"
} }
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"zsh-histdb": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"path": "flakes/zsh-histdb",
"type": "path"
},
"original": {
"path": "flakes/zsh-histdb",
"type": "path"
},
"parent": []
} }
}, },
"root": "root", "root": "root",

272
nix/configuration/flake.nix
View File

@@ -1,41 +1,18 @@
# Build ISO image
# nix build --extra-experimental-features nix-command --extra-experimental-features flakes .#iso.odo
# output: result/iso/nixos.iso
# Run the ISO image
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \
# -accel kvm \
# -cpu host \
# -smp cores=8 \
# -m 32768 \
# -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" \
# -drive if=pflash,format=raw,file="/tmp/OVMF_VARS.fd" \
# -nic user,hostfwd=tcp::60022-:22 \
# -boot order=d \
# -cdrom "$(readlink -f ./result/iso/nixos*.iso)" \
# -display vnc=127.0.0.1:0
#
# doas cp "$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF_VARS.fd" /tmp/OVMF_VARS.fd
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" -accel kvm -cpu host -smp cores=8 -m 32768 -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" -drive if=pflash,format=raw,file="/tmp/OVMF_VARS.fd" -nic user,hostfwd=tcp::60022-:22 -boot order=d -cdrom /persist/machine_setup/nix/configuration/result/iso/nixos*.iso -display vnc=127.0.0.1:0
# Get a repl for this flake # Get a repl for this flake
# nix repl --expr "builtins.getFlake \"$PWD\"" # nix repl --expr "builtins.getFlake \"$PWD\""
# TODO maybe use `nix eval --raw .#iso.odo.outPath` # TODO maybe use `nix eval --raw .#odo.iso.outPath`
# iso.odo.isoName == "nixos.iso"
# full path = <outPath> / iso / <isoName>
# #
# Install on a new machine: # Install on a new machine:
# #
# Set
# me.disko.enable = true;
# me.disko.offline.enable = true;
# #
# doas nix --substituters "http://10.0.2.2:8080?trusted=1 https://cache.nixos.org/" --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount hosts/odo/disk-config.nix # Run
# doas disko --mode destroy,format,mount hosts/recovery/disk-config.nix
# nix flake update zsh-histdb --flake . # doas nixos-install --substituters "http://10.0.2.2:8080?trusted=1 https://cache.nixos.org/" --flake ".#recovery"
# nix flake update ansible-sshjail --flake .
# for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
# nixos-install --substituters "http://10.0.2.2:8080?trusted=1 https://cache.nixos.org/" --flake ".#vm_ionlybootzfs"
#
{ {
description = "My system configuration"; description = "My system configuration";
@@ -43,26 +20,9 @@
inputs = { inputs = {
impermanence.url = "github:nix-community/impermanence"; impermanence.url = "github:nix-community/impermanence";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-b93b4e9b5.url = "github:NixOS/nixpkgs/b93b4e9b527904aadf52dba6ca35efde2067cbd4";
nixpkgs-unoptimized.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-unoptimized.url = "github:NixOS/nixpkgs/nixos-unstable";
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
lanzaboote = { lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.2"; url = "github:nix-community/lanzaboote/v0.4.2";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
zsh-histdb = {
url = "path:flakes/zsh-histdb";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
ansible-sshjail = {
url = "path:flakes/ansible-sshjail";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
disko = { disko = {
@@ -76,197 +36,71 @@
self, self,
nixpkgs, nixpkgs,
nixpkgs-unoptimized, nixpkgs-unoptimized,
nixpkgs-b93b4e9b5, disko,
impermanence, impermanence,
home-manager,
lanzaboote, lanzaboote,
zsh-histdb,
ansible-sshjail,
... ...
}@inputs: }:
let let
base_x86_64_linux = rec { forAllSystems = nixpkgs.lib.genAttrs nixpkgs.lib.systems.flakeExposed;
nodes = {
odo = {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = {
pkgs-b93b4e9b5 = import nixpkgs-b93b4e9b5 {
inherit system;
}; };
odowork = {
system = "x86_64-linux";
};
quark = {
system = "x86_64-linux";
};
recovery = {
system = "x86_64-linux";
};
i_only_boot_zfs = {
system = "x86_64-linux";
};
};
nixosConfigs = builtins.mapAttrs (
hostname: nodeConfig: format:
nixpkgs.lib.nixosSystem {
inherit (nodeConfig) system;
specialArgs = {
inherit self;
this_nixos_config = self.nixosConfigurations."${hostname}";
all_nixos_configs = self.nixosConfigurations;
pkgs-unoptimized = import nixpkgs-unoptimized { pkgs-unoptimized = import nixpkgs-unoptimized {
inherit system; inherit (nodeConfig) system;
hostPlatform.gcc.arch = "default"; hostPlatform.gcc.arch = "default";
hostPlatform.gcc.tune = "default"; hostPlatform.gcc.tune = "default";
}; };
}; };
modules = [ modules = [
impermanence.nixosModules.impermanence impermanence.nixosModules.impermanence
home-manager.nixosModules.home-manager
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
inputs.disko.nixosModules.disko disko.nixosModules.disko
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
}
{
nixpkgs.overlays = [
zsh-histdb.overlays.default
ansible-sshjail.overlays.default
];
}
./configuration.nix ./configuration.nix
(./. + "/hosts/${hostname}")
(./. + "/formats/${format}.nix")
]; ];
};
systems =
let
additional_iso_modules = [
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
# TODO: Figure out how to do image based appliances
# (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix")
{
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
me.buildingIso = true;
me.optimizations.enable = nixpkgs.lib.mkForce false;
} }
{ ) nodes;
# These are big space hogs. The chance that I need them on an ISO is slim.
me.steam.enable = nixpkgs.lib.mkForce false;
me.pcsx2.enable = nixpkgs.lib.mkForce false;
}
];
additional_vm_modules = [
(nixpkgs + "/nixos/modules/profiles/qemu-guest.nix")
{
networking.dhcpcd.enable = true;
networking.useDHCP = true;
me.optimizations.enable = nixpkgs.lib.mkForce false;
}
{
# I don't need games on a virtual machine.
me.steam.enable = nixpkgs.lib.mkForce false;
me.pcsx2.enable = nixpkgs.lib.mkForce false;
me.sm64ex.enable = nixpkgs.lib.mkForce false;
me.shipwright.enable = nixpkgs.lib.mkForce false;
me.ship2harkinian.enable = nixpkgs.lib.mkForce false;
}
];
in in
{ {
odo = rec { nixosConfigurations = (builtins.mapAttrs (name: value: value "toplevel") nixosConfigs);
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/odo
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
quark = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/quark
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
neelix = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/neelix
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
hydra =
let
additional_iso_modules = additional_iso_modules ++ [
{
me.optimizations.enable = true;
} }
]; // {
in packages = (
rec { forAllSystems (
main = base_x86_64_linux // { system:
modules = base_x86_64_linux.modules ++ [ (builtins.mapAttrs (hostname: nodeConfig: {
./hosts/hydra iso = (nixosConfigs."${hostname}" "iso").config.system.build.isoImage;
]; vm_iso = (nixosConfigs."${hostname}" "vm_iso").config.system.build.isoImage;
}; sd = (nixosConfigs."${hostname}" "sd").config.system.build.sdImage;
iso = main // { }) (nixpkgs.lib.attrsets.filterAttrs (hostname: nodeConfig: nodeConfig.system == system) nodes))
modules = main.modules ++ additional_iso_modules; )
}; );
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
ionlybootzfs = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/ionlybootzfs
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
};
in
{
nixosConfigurations.odo = nixpkgs.lib.nixosSystem systems.odo.main;
iso.odo = (nixpkgs.lib.nixosSystem systems.odo.iso).config.system.build.isoImage;
nixosConfigurations.vm_odo = nixpkgs.lib.nixosSystem systems.odo.vm;
vm_iso.odo = (nixpkgs.lib.nixosSystem systems.odo.vm_iso).config.system.build.isoImage;
nixosConfigurations.quark = nixpkgs.lib.nixosSystem systems.quark.main;
iso.quark = (nixpkgs.lib.nixosSystem systems.quark.iso).config.system.build.isoImage;
nixosConfigurations.vm_quark = nixpkgs.lib.nixosSystem systems.quark.vm;
vm_iso.quark = (nixpkgs.lib.nixosSystem systems.quark.vm_iso).config.system.build.isoImage;
nixosConfigurations.neelix = nixpkgs.lib.nixosSystem systems.neelix.main;
iso.neelix = (nixpkgs.lib.nixosSystem systems.neelix.iso).config.system.build.isoImage;
nixosConfigurations.vm_neelix = nixpkgs.lib.nixosSystem systems.neelix.vm;
vm_iso.neelix = (nixpkgs.lib.nixosSystem systems.neelix.vm_iso).config.system.build.isoImage;
nixosConfigurations.hydra = nixpkgs.lib.nixosSystem systems.hydra.main;
iso.hydra = (nixpkgs.lib.nixosSystem systems.hydra.iso).config.system.build.isoImage;
nixosConfigurations.vm_hydra = nixpkgs.lib.nixosSystem systems.hydra.vm;
vm_iso.hydra = (nixpkgs.lib.nixosSystem systems.hydra.vm_iso).config.system.build.isoImage;
nixosConfigurations.ionlybootzfs = nixpkgs.lib.nixosSystem systems.ionlybootzfs.main;
iso.ionlybootzfs = (nixpkgs.lib.nixosSystem systems.ionlybootzfs.iso).config.system.build.isoImage;
nixosConfigurations.vm_ionlybootzfs = nixpkgs.lib.nixosSystem systems.ionlybootzfs.vm;
vm_iso.ionlybootzfs =
(nixpkgs.lib.nixosSystem systems.ionlybootzfs.vm_iso).config.system.build.isoImage;
}; };
} }

61
nix/configuration/flakes/ansible-sshjail/flake.lock generated
View File

@@ -1,61 +0,0 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735141468,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

34
nix/configuration/flakes/ansible-sshjail/flake.nix
View File

@@ -1,34 +0,0 @@
{
description = "A slightly better history for zsh";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
inputs.flake-utils.url = "github:numtide/flake-utils";
outputs =
{
self,
nixpkgs,
flake-utils,
...
}:
let
out =
system:
let
pkgs = nixpkgs.legacyPackages.${system};
# Maybe pkgs = import nixpkgs { inherit system; }; ?
appliedOverlay = self.overlays.default pkgs pkgs;
in
{
packages = rec {
default = ansible-sshjail;
ansible-sshjail = appliedOverlay.ansible-sshjail;
};
};
in
flake-utils.lib.eachDefaultSystem out
// {
overlays.default = final: prev: {
ansible-sshjail = final.callPackage ./package.nix { };
};
};
}

61
nix/configuration/flakes/zsh-histdb/flake.lock generated
View File

@@ -1,61 +0,0 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735141468,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

34
nix/configuration/flakes/zsh-histdb/flake.nix
View File

@@ -1,34 +0,0 @@
{
description = "A slightly better history for zsh";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
inputs.flake-utils.url = "github:numtide/flake-utils";
outputs =
{
self,
nixpkgs,
flake-utils,
...
}:
let
out =
system:
let
pkgs = nixpkgs.legacyPackages.${system};
# Maybe pkgs = import nixpkgs { inherit system; }; ?
appliedOverlay = self.overlays.default pkgs pkgs;
in
{
packages = rec {
default = zsh-histdb;
zsh-histdb = appliedOverlay.zsh-histdb;
};
};
in
flake-utils.lib.eachDefaultSystem out
// {
overlays.default = final: prev: {
zsh-histdb = final.callPackage ./package.nix { };
};
};
}

31
nix/configuration/formats/iso.nix Normal file
View File

@@ -0,0 +1,31 @@
{
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/cd-dvd/iso-image.nix")
];
config = {
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
networking.dhcpcd.enable = true;
networking.useDHCP = true;
me.buildingPortable = true;
me.disko.enable = true;
me.disko.offline.enable = true;
me.mountPersistence = lib.mkForce false;
me.optimizations.enable = lib.mkForce false;
# Not doing image_based_appliance because this might be an install ISO, in which case we'd need nix to do the install.
# me.image_based_appliance.enable = true;
# TODO: Should I use this instead of doing a mkIf for the disk config?
# disko.enableConfig = false;
};
}

32
nix/configuration/formats/sd.nix Normal file
View File

@@ -0,0 +1,32 @@
{
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/sd-card/sd-image.nix")
];
config = {
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true;
# TODO: image based appliance?
# TODO: Maybe this?
# fileSystems = {
# "/" = {
# device = "/dev/disk/by-label/NIXOS_SD";
# fsType = "ext4";
# options = [
# "noatime"
# "norelatime"
# ];
# };
# };
};
}

1
nix/configuration/formats/toplevel.nix Normal file
View File

@@ -0,0 +1 @@
{ }

22
nix/configuration/formats/vm_iso.nix Normal file
View File

@@ -0,0 +1,22 @@
{
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/cd-dvd/iso-image.nix")
(modulesPath + "/profiles/qemu-guest.nix") # VirtIO kernel modules
];
config = {
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
networking.dhcpcd.enable = true;
networking.useDHCP = true;
me.image_based_appliance.enable = true;
};
}

4
nix/configuration/hosts/hydra/DEPLOY_BOOT
View File

@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250 # TARGET=192.168.211.250
TARGET=hydra TARGET=hydra
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom nixos-rebuild boot --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#hydra' # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#hydra'

4
nix/configuration/hosts/hydra/DEPLOY_SWITCH
View File

@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250 # TARGET=192.168.211.250
TARGET=hydra TARGET=hydra
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom nixos-rebuild switch --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#hydra' # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#hydra'

4
nix/configuration/hosts/hydra/ISO
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.hydra" --max-jobs "$JOBS" "${@}" |& nom nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.hydra" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

13
nix/configuration/hosts/hydra/VM_ISO Executable file
View File

@@ -0,0 +1,13 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#vm_iso.hydra" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
install -m 0644 result/iso/nixos-*-x86_64-linux.iso ~/hydra.iso
unlink ./result

26
nix/configuration/hosts/hydra/default.nix
View File

@@ -14,20 +14,14 @@
# -display vnc=127.0.0.1:0 # -display vnc=127.0.0.1:0
# #
{
config,
lib,
pkgs,
...
}:
{ {
imports = [ imports = [
./disk-config.nix ./disk-config.nix
./hardware-configuration.nix ./hardware-configuration.nix
./optimized_build.nix
./vm_disk.nix ./vm_disk.nix
]; ];
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4` # Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "fbd233d8"; networking.hostId = "fbd233d8";
@@ -36,7 +30,8 @@
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = false; me.boot.secure = false;
me.mountPersistence = true;
me.optimizations = { me.optimizations = {
enable = true; enable = true;
@@ -44,6 +39,7 @@
system_features = [ system_features = [
"gccarch-znver4" "gccarch-znver4"
"gccarch-skylake" "gccarch-skylake"
"gccarch-kabylake"
# "gccarch-alderlake" missing WAITPKG # "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3" "gccarch-x86-64-v3"
"gccarch-x86-64-v4" "gccarch-x86-64-v4"
@@ -57,12 +53,26 @@
# Mount tmpfs at /tmp # Mount tmpfs at /tmp
boot.tmp.useTmpfs = true; boot.tmp.useTmpfs = true;
me.base.enable = true;
me.boot.enable = true;
me.doas.enable = true;
me.emacs_flavor = "plainmacs"; me.emacs_flavor = "plainmacs";
me.firewall.enable = true;
me.font.enable = true;
me.git.enable = true;
me.graphical = false; me.graphical = false;
me.hydra.enable = false; me.hydra.enable = false;
me.memtest.enable = true;
me.network.enable = true;
me.nix_worker.enable = true; me.nix_worker.enable = true;
me.nvme.enable = true;
me.ssh.enable = true;
me.sshd.enable = true;
me.user.enable = true;
me.vm_disk.enable = true; me.vm_disk.enable = true;
me.wireguard.activated = [ ]; me.wireguard.activated = [ ];
me.wireguard.deactivated = [ ]; me.wireguard.deactivated = [ ];
me.zfs.enable = true;
me.zsh.enable = true; me.zsh.enable = true;
};
} }

1
nix/configuration/hosts/hydra/disk-config.nix
View File

@@ -4,7 +4,6 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:

7
nix/configuration/hosts/hydra/hardware-configuration.nix
View File

@@ -1,10 +1,5 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ {
config,
lib, lib,
pkgs,
modulesPath, modulesPath,
... ...
}: }:
@@ -14,6 +9,7 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
config = {
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [
"xhci_pci" "xhci_pci"
"nvme" "nvme"
@@ -36,4 +32,5 @@
# systemd.network.enable = true; # systemd.network.enable = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
};
} }

9
nix/configuration/hosts/hydra/vm_disk.nix
View File

@@ -1,7 +1,6 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:
@@ -17,9 +16,7 @@
}; };
}; };
config = lib.mkIf config.me.vm_disk.enable ( config = lib.mkIf config.me.vm_disk.enable {
lib.mkMerge [
{
# Mount the local disk # Mount the local disk
fileSystems = { fileSystems = {
"/.disk" = lib.mkForce { "/.disk" = lib.mkForce {
@@ -71,7 +68,5 @@
]; ];
}; };
}; };
} };
]
);
} }

13
nix/configuration/hosts/i_only_boot_zfs/DEPLOY_BOOT Executable file
View File

@@ -0,0 +1,13 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
TARGET=i_only_boot_zfs
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#i_only_boot_zfs" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

13
nix/configuration/hosts/i_only_boot_zfs/DEPLOY_SWITCH Executable file
View File

@@ -0,0 +1,13 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
TARGET=i_only_boot_zfs
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#i_only_boot_zfs" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

4
nix/configuration/hosts/ionlybootzfs/ISO → nix/configuration/hosts/i_only_boot_zfs/ISO
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.ionlybootzfs" --max-jobs "$JOBS" "${@}" |& nom nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#i_only_boot_zfs.iso" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/i_only_boot_zfs/SELF_BOOT Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#i_only_boot_zfs" --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/i_only_boot_zfs/SELF_BUILD Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#i_only_boot_zfs" --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/i_only_boot_zfs/SELF_SWITCH Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#i_only_boot_zfs" --log-format internal-json -v "${@}" |& nom --json

63
nix/configuration/hosts/i_only_boot_zfs/default.nix Normal file
View File

@@ -0,0 +1,63 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./hardware-configuration.nix
./wrapped-disk-config.nix
./distributed_build.nix
./power_management.nix
];
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "6a05d86e";
networking.hostName = "i_only_boot_zfs"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.boot.enable = true;
me.boot.secure = false;
me.mountPersistence = true;
# Toggle to start writing the extlinux config which will be used by zfsbootmenu
# boot.loader.generic-extlinux-compatible.enable = true;
# boot.loader.systemd-boot.enable = lib.mkForce false;
me.optimizations = {
# enable = true;
# arch = "kabylake";
# build_arch = "x86-64-v3";
system_features = [
# "gccarch-kabylake"
"gccarch-x86-64-v3"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Early KMS
# boot.initrd.kernelModules = [ "amdgpu" ];
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
# Enable TRIM
# services.fstrim.enable = lib.mkDefault true;
# Even when installed, we want to dhcp because this is for a VM.
networking.dhcpcd.enable = true;
networking.useDHCP = true;
me.build_in_ram.enable = true;
me.dont_use_substituters.enable = true;
me.minimal_base.enable = true;
};
}

155
nix/configuration/hosts/i_only_boot_zfs/disk-config.nix Normal file
View File

@@ -0,0 +1,155 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/efi";
mountOptions = [
"umask=0077"
"noatime"
"discard"
];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
# mode = "mirror";
# Workaround: cannot import 'zroot': I/O error in disko tests
options.cachefile = "none";
options = {
ashift = "12";
compatibility = "openzfs-2.2-freebsd";
autotrim = "on";
};
rootFsOptions = {
acltype = "posixacl";
atime = "off";
relatime = "off";
xattr = "sa";
mountpoint = "none";
compression = "lz4";
canmount = "off";
utf8only = "on";
dnodesize = "auto";
normalization = "formD";
};
datasets = {
"linux/nix" = {
type = "zfs_fs";
options.mountpoint = "none";
options = {
# encryption = "aes-256-gcm";
# keyformat = "passphrase";
# keylocation = "file:///tmp/secret.key";
};
};
"linux/nix/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
};
"linux/nix/boot" = {
type = "zfs_fs";
options = {
mountpoint = "legacy";
"org.zfsbootmenu:active" = "on";
};
mountpoint = "/boot";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/boot@blank$' || zfs snapshot zroot/linux/nix/boot@blank";
};
"linux/nix/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
options = {
recordsize = "16MiB";
compression = "zstd-19";
};
};
"linux/nix/home" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/home";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
};
"linux/nix/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
};
"linux/nix/state" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/state";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
};
};
};
};
};
# Make sure all persistent volumes are marked as neededForBoot
#
# Also mounts /home so it is mounted before the user home directories are created.
fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
fileSystems."/".options = [
"noatime"
"norelatime"
];
fileSystems."/boot".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [
"noatime"
"norelatime"
];
fileSystems."/persist".options = [
"noatime"
"norelatime"
];
fileSystems."/state".options = [
"noatime"
"norelatime"
];
fileSystems."/home".options = [
"noatime"
"norelatime"
];
# Only attempt to decrypt the main pool. Otherwise it attempts to decrypt pools that aren't even used.
# boot.zfs.requestEncryptionCredentials = [ "zroot/linux/nix" ];
}

13
nix/configuration/hosts/i_only_boot_zfs/distributed_build.nix Normal file
View File

@@ -0,0 +1,13 @@
{
imports = [ ];
config = {
me.distributed_build.enable = true;
me.distributed_build.machines.quark = {
enable = true;
additional_config = {
speedFactor = 2;
};
};
};
}

34
nix/configuration/hosts/i_only_boot_zfs/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,34 @@
{
config,
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
config = {
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
}

63
nix/configuration/hosts/i_only_boot_zfs/power_management.nix Normal file
View File

@@ -0,0 +1,63 @@
{
pkgs,
...
}:
{
imports = [ ];
config = {
environment.systemPackages = with pkgs; [
powertop
];
# pcie_aspm=force pcie_aspm.policy=powersupersave :: Enable PCIe active state power management for power reduction.
# nowatchdog :: Disable watchdog for power savings (related to disable_sp5100_watchdog above).
boot.kernelParams = [
"pcie_aspm=force"
# "pcie_aspm.policy=powersupersave"
"nowatchdog"
];
systemd.tmpfiles.rules = [
"w- /sys/firmware/acpi/platform_profile - - - - low-power"
"w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy4/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy5/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy6/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy7/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy8/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy9/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy10/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy11/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy12/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpu0/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu1/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu2/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu3/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu4/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu5/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu6/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu7/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu8/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu9/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu10/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu11/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu12/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu13/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu14/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu15/cpufreq/boost - - - - 0"
];
boot.extraModprobeConfig = ''
# Sound power-saving was causing chat notifications to be inaudible.
# options snd_hda_intel power_save=1
'';
};
}

7
nix/configuration/hosts/i_only_boot_zfs/wrapped-disk-config.nix Normal file
View File

@@ -0,0 +1,7 @@
{
config,
lib,
...
}:
lib.mkIf (!config.me.buildingPortable) (import ./disk-config.nix)

19
nix/configuration/hosts/ionlybootzfs/DEPLOY_BOOT
View File

@@ -1,19 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET="ionlybootzfs"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#ionlybootzfs'

19
nix/configuration/hosts/ionlybootzfs/DEPLOY_SWITCH
View File

@@ -1,19 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=ionlybootzfs
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#ionlybootzfs'

63
nix/configuration/hosts/ionlybootzfs/default.nix
View File

@@ -1,63 +0,0 @@
#
# Testing:
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \
# -accel kvm \
# -cpu host \
# -smp cores=8 \
# -m 32768 \
# -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" \
# -drive file=/tmp/localdisk.img,if=none,id=nvm,format=raw \
# -device nvme,serial=deadbeef,drive=nvm \
# -nic user,hostfwd=tcp::60022-:22 \
# -boot order=d \
# -cdrom "$(readlink -f /persist/machine_setup/nix/configuration/result/iso/nixos*.iso)" \
# -display vnc=127.0.0.1:0
#
{
config,
lib,
pkgs,
...
}:
{
imports = [
./wrapped-disk-config.nix
./hardware-configuration.nix
];
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "fbd233d8";
networking.hostName = "ionlybootzfs"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = true;
me.optimizations = {
enable = false;
arch = "znver4";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
me.emacs_flavor = "plainmacs";
me.graphical = false;
me.wireguard.activated = [ ];
me.wireguard.deactivated = [ ];
me.zsh.enable = true;
}

38
nix/configuration/hosts/ionlybootzfs/hardware-configuration.nix
View File

@@ -1,38 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.dhcpcd.enable = lib.mkForce true;
networking.useDHCP = lib.mkForce true;
# systemd.network.enable = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

131
nix/configuration/hosts/ionlybootzfs/optimized_build.nix
View File

@@ -1,131 +0,0 @@
{
config,
lib,
pkgs,
pkgs-unoptimized,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{ }
(lib.mkIf (!config.me.optimizations.enable) {
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_14;
})
(lib.mkIf (config.me.optimizations.enable) {
nixpkgs.hostPlatform = {
gcc.arch = "znver4";
gcc.tune = "znver4";
system = "x86_64-linux";
};
nixpkgs.overlays = [
(
final: prev:
let
addConfig =
additionalConfig: pkg:
pkg.override (oldconfig: {
structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
});
in
{
linux_me = addConfig {
# Full preemption
PREEMPT = lib.mkOverride 60 lib.kernel.yes;
PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
# Google's BBRv3 TCP congestion Control
TCP_CONG_BBR = lib.kernel.yes;
DEFAULT_BBR = lib.kernel.yes;
# Preemptive Full Tickless Kernel at 300Hz
HZ = lib.kernel.freeform "300";
HZ_300 = lib.kernel.yes;
HZ_1000 = lib.kernel.no;
} prev.linux_6_14;
# gsl = prev.gsl.overrideAttrs (old: {
# # gsl tests fails when optimizations are enabled.
# # > FAIL: cholesky_invert unscaled hilbert ( 4, 4)[0,2]: 2.55795384873636067e-13 0
# # > (2.55795384873636067e-13 observed vs 0 expected) [28259614]
# doCheck = false;
# });
}
)
(final: prev: {
haskellPackages = prev.haskellPackages.extend (
final': prev': {
inherit (pkgs-unoptimized.haskellPackages)
crypton
crypton-connection
crypton-x509
crypton-x509-store
crypton-x509-system
crypton-x509-validation
hspec-wai
http-client-tls
http2
pandoc
pandoc-cli
pandoc-lua-engine
pandoc-server
servant-server
tls
wai-app-static
wai-extra
warp
;
}
);
})
(final: prev: {
inherit (pkgs-unoptimized)
gsl
redis
valkey
;
})
];
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_me;
})
(lib.mkIf (!config.me.buildingIso) {
nix.settings.system-features = lib.mkForce [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
# Keep ALL dependencies so we can rebuild offline. This DRASTICALLY increase disk usage, but disk space is cheap.
# system.includeBuildDependencies = true;
# This also should enable building offline? TODO: test.
nix.extraOptions = ''
keep-outputs = true
keep-derivations = true
'';
# # building ON
# nixpkgs.localSystem = { system = "aarch64-linux"; };
# # building FOR
# nixpkgs.crossSystem = { system = "aarch64-linux"; };
# nixpkgs.config = {
# replaceStdenv = ({ pkgs }: pkgs.clangStdenv);
# };
# or maybe an overlay
# stdenv = prev.clangStdenv;
})
(lib.mkIf (config.me.buildingIso) {
boot.supportedFilesystems.zfs = true;
})
];
}

8
nix/configuration/hosts/ionlybootzfs/wrapped-disk-config.nix
View File

@@ -1,8 +0,0 @@
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) (import ./disk-config.nix)

4
nix/configuration/hosts/neelix/DEPLOY_BOOT
View File

@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250 # TARGET=192.168.211.250
TARGET=neelix TARGET=neelix
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom nixos-rebuild boot --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#neelix' # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#neelix'

4
nix/configuration/hosts/neelix/DEPLOY_SWITCH
View File

@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250 # TARGET=192.168.211.250
TARGET=neelix TARGET=neelix
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom nixos-rebuild switch --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#neelix' # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#neelix'

19
nix/configuration/hosts/neelix/default.nix
View File

@@ -6,6 +6,7 @@
./power_management.nix ./power_management.nix
]; ];
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4` # Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "bca9d0a5"; networking.hostId = "bca9d0a5";
@@ -14,7 +15,8 @@
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = false; me.boot.secure = false;
me.mountPersistence = true;
me.optimizations = { me.optimizations = {
enable = false; enable = false;
@@ -36,16 +38,29 @@
# Mount tmpfs at /tmp # Mount tmpfs at /tmp
# boot.tmp.useTmpfs = true; # boot.tmp.useTmpfs = true;
me.base.enable = true;
me.bluetooth.enable = true; me.bluetooth.enable = true;
me.boot.enable = true;
me.doas.enable = true;
me.emacs_flavor = "plainmacs"; me.emacs_flavor = "plainmacs";
me.firewall.enable = true;
me.font.enable = true;
me.git.enable = true;
me.graphical = true; me.graphical = true;
me.graphics_card_type = "intel"; me.graphics_card_type = "intel";
me.kodi.enable = true; me.kodi.enable = true;
me.lvfs.enable = true; me.lvfs.enable = true;
me.memtest.enable = true;
me.network.enable = true;
me.nvme.enable = true;
me.sound.enable = true; me.sound.enable = true;
me.ssh.enable = true;
me.sshd.enable = true;
me.user.enable = true;
me.wireguard.activated = [ "wgh" ]; me.wireguard.activated = [ "wgh" ];
me.wireguard.deactivated = [ "wgf" ]; me.wireguard.deactivated = [ "wgf" ];
me.zfs.enable = true;
me.zrepl.enable = true; me.zrepl.enable = true;
me.zsh.enable = true; me.zsh.enable = true;
};
} }

6
nix/configuration/hosts/neelix/hardware-configuration.nix
View File

@@ -1,10 +1,6 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ {
config, config,
lib, lib,
pkgs,
modulesPath, modulesPath,
... ...
}: }:
@@ -14,6 +10,7 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
config = {
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [
"xhci_pci" "xhci_pci"
"nvme" "nvme"
@@ -36,4 +33,5 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
} }

4
nix/configuration/hosts/neelix/power_management.nix
View File

@@ -1,6 +1,4 @@
{ {
config,
lib,
pkgs, pkgs,
... ...
}: }:
@@ -8,6 +6,7 @@
{ {
imports = [ ]; imports = [ ];
config = {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
powertop powertop
]; ];
@@ -32,4 +31,5 @@
boot.extraModprobeConfig = '' boot.extraModprobeConfig = ''
options snd_hda_intel power_save=1 options snd_hda_intel power_save=1
''; '';
};
} }

8
nix/configuration/hosts/odo/DEPLOY_BOOT
View File

@@ -6,14 +6,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
# TARGET=10.216.1.15
# TARGET=192.168.211.250
TARGET=odo TARGET=odo
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom nixos-rebuild boot --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#odo'

8
nix/configuration/hosts/odo/DEPLOY_SWITCH
View File

@@ -6,14 +6,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=odo TARGET=odo
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom nixos-rebuild switch --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#odo'

4
nix/configuration/hosts/odo/ISO
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.odo" --max-jobs "$JOBS" "${@}" |& nom nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#odo.iso" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

4
nix/configuration/hosts/odo/SELF_BOOT
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" "${@}" |& nom nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json

4
nix/configuration/hosts/odo/SELF_BUILD
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" "${@}" |& nom nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json

4
nix/configuration/hosts/odo/SELF_SWITCH
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" "${@}" |& nom nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json

44
nix/configuration/hosts/odo/default.nix
View File

@@ -15,6 +15,7 @@
./framework_module.nix ./framework_module.nix
]; ];
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4` # Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "908cbf04"; networking.hostId = "908cbf04";
@@ -23,14 +24,22 @@
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = true; me.boot.enable = true;
me.boot.secure = false;
me.mountPersistence = true;
# Toggle to start writing the extlinux config which will be used by zfsbootmenu
boot.loader.generic-extlinux-compatible.enable = true;
boot.loader.systemd-boot.enable = lib.mkForce false;
me.optimizations = { me.optimizations = {
enable = true; enable = true;
arch = "znver4"; arch = "znver4";
# build_arch = "x86-64-v3";
system_features = [ system_features = [
"gccarch-znver4" "gccarch-znver4"
"gccarch-skylake" "gccarch-skylake"
"gccarch-kabylake"
# "gccarch-alderlake" missing WAITPKG # "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3" "gccarch-x86-64-v3"
"gccarch-x86-64-v4" "gccarch-x86-64-v4"
@@ -59,58 +68,87 @@
# services.fstrim.enable = lib.mkDefault true; # services.fstrim.enable = lib.mkDefault true;
me.alacritty.enable = true; me.alacritty.enable = true;
me.amd_s2idle.enable = true;
me.ansible.enable = true; me.ansible.enable = true;
me.ares.enable = true; me.ares.enable = true;
me.base.enable = true;
me.bluetooth.enable = true; me.bluetooth.enable = true;
me.build_in_ram.enable = true;
me.chromecast.enable = true; me.chromecast.enable = true;
me.chromium.enable = true; me.chromium.enable = true;
me.docker.enable = true; me.d2.enable = true;
me.ecc.enable = true; me.direnv.enable = true;
me.doas.enable = true;
me.docker.enable = false;
me.dont_use_substituters.enable = true;
me.ecc.enable = false;
me.emacs_flavor = "full"; me.emacs_flavor = "full";
me.emulate_isa.enable = true;
me.firefox.enable = true; me.firefox.enable = true;
me.firewall.enable = true;
me.flux.enable = true; me.flux.enable = true;
me.font.enable = true;
me.gcloud.enable = true; me.gcloud.enable = true;
me.git.config = ../../roles/git/files/gitconfig_home; me.git.config = ../../roles/git/files/gitconfig_home;
me.git.enable = true;
me.gnuplot.enable = true; me.gnuplot.enable = true;
me.gpg.enable = true; me.gpg.enable = true;
me.graphical = true; me.graphical = true;
me.graphics_card_type = "amd"; me.graphics_card_type = "amd";
me.iso_mount.enable = true; me.iso_mount.enable = true;
me.jujutsu.enable = true;
me.kanshi.enable = false; me.kanshi.enable = false;
me.kubernetes.enable = true; me.kubernetes.enable = true;
me.latex.enable = true; me.latex.enable = true;
me.launch_keyboard.enable = true; me.launch_keyboard.enable = true;
me.lvfs.enable = true; me.lvfs.enable = true;
me.media.enable = true; me.media.enable = true;
me.memtest.enable = true;
me.network.enable = true;
me.nix_index.enable = true; me.nix_index.enable = true;
me.nvme.enable = true;
me.openpgp_card_tools.enable = true;
me.pcsx2.enable = true; me.pcsx2.enable = true;
me.podman.enable = true;
me.python.enable = true; me.python.enable = true;
me.qemu.enable = true; me.qemu.enable = true;
me.recovery.enable = true;
me.rpcs3.enable = true; me.rpcs3.enable = true;
me.rust.enable = true; me.rust.enable = true;
me.sequoia.enable = true;
me.shadps4.enable = false;
me.shikane.enable = true; me.shikane.enable = true;
me.sops.enable = true; me.sops.enable = true;
me.sound.enable = true; me.sound.enable = true;
me.spaghettikart.enable = true;
me.ssh.enable = true;
me.sshd.enable = true;
me.steam.enable = true; me.steam.enable = true;
me.steam_run_free.enable = true; me.steam_run_free.enable = true;
me.sway.enable = true; me.sway.enable = true;
me.tekton.enable = true; me.tekton.enable = true;
me.terraform.enable = true; me.terraform.enable = true;
me.thunderbolt.enable = true; me.thunderbolt.enable = true;
me.user.enable = true;
me.uutils.enable = false;
me.vnc_client.enable = true; me.vnc_client.enable = true;
me.vscode.enable = true; me.vscode.enable = true;
me.wasm.enable = true; me.wasm.enable = true;
me.waybar.enable = true; me.waybar.enable = true;
me.wine.enable = false;
me.wireguard.activated = [ me.wireguard.activated = [
"drmario" "drmario"
"wgh" "wgh"
"colo" "colo"
]; ];
me.wireguard.deactivated = [ "wgf" ]; me.wireguard.deactivated = [ "wgf" ];
me.yubikey.enable = true;
me.zfs.enable = true;
me.zrepl.enable = true; me.zrepl.enable = true;
me.zsh.enable = true; me.zsh.enable = true;
me.sm64ex.enable = true; me.sm64ex.enable = true;
me.shipwright.enable = true; me.shipwright.enable = true;
me.ship2harkinian.enable = true; me.ship2harkinian.enable = true;
};
} }

15
nix/configuration/hosts/odo/disk-config.nix
View File

@@ -17,7 +17,7 @@
content = { content = {
type = "filesystem"; type = "filesystem";
format = "vfat"; format = "vfat";
mountpoint = "/boot"; mountpoint = "/efi";
mountOptions = [ mountOptions = [
"umask=0077" "umask=0077"
"noatime" "noatime"
@@ -76,6 +76,15 @@
mountpoint = "/"; mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank"; postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
}; };
"linux/nix/boot" = {
type = "zfs_fs";
options = {
mountpoint = "legacy";
"org.zfsbootmenu:active" = "on";
};
mountpoint = "/boot";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/boot@blank$' || zfs snapshot zroot/linux/nix/boot@blank";
};
"linux/nix/nix" = { "linux/nix/nix" = {
type = "zfs_fs"; type = "zfs_fs";
options.mountpoint = "legacy"; options.mountpoint = "legacy";
@@ -120,6 +129,10 @@
"noatime" "noatime"
"norelatime" "norelatime"
]; ];
fileSystems."/boot".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [ fileSystems."/nix".options = [
"noatime" "noatime"
"norelatime" "norelatime"

18
nix/configuration/hosts/odo/distributed_build.nix
View File

@@ -1,27 +1,13 @@
{
config,
lib,
pkgs,
...
}:
{ {
imports = [ ]; imports = [ ];
config = lib.mkMerge [ config = {
{
me.distributed_build.enable = true; me.distributed_build.enable = true;
me.distributed_build.machines.hydra = {
enable = true;
additional_config = {
speedFactor = 2;
};
};
me.distributed_build.machines.quark = { me.distributed_build.machines.quark = {
enable = true; enable = true;
additional_config = { additional_config = {
speedFactor = 2; speedFactor = 2;
}; };
}; };
} };
];
} }

8
nix/configuration/hosts/odo/framework_module.nix
View File

@@ -1,15 +1,12 @@
{ {
config, config,
lib,
pkgs,
... ...
}: }:
{ {
imports = [ ]; imports = [ ];
config = lib.mkMerge [ config = {
{
boot.extraModulePackages = with config.boot.kernelPackages; [ boot.extraModulePackages = with config.boot.kernelPackages; [
framework-laptop-kmod framework-laptop-kmod
]; ];
@@ -18,6 +15,5 @@
"cros_ec" "cros_ec"
"cros_ec_lpcs" "cros_ec_lpcs"
]; ];
} };
];
} }

6
nix/configuration/hosts/odo/hardware-configuration.nix
View File

@@ -1,10 +1,6 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ {
config, config,
lib, lib,
pkgs,
modulesPath, modulesPath,
... ...
}: }:
@@ -14,6 +10,7 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
config = {
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [
"nvme" "nvme"
"xhci_pci" "xhci_pci"
@@ -33,4 +30,5 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
} }

22
nix/configuration/hosts/odo/power_management.nix
View File

@@ -1,6 +1,4 @@
{ {
config,
lib,
pkgs, pkgs,
... ...
}: }:
@@ -8,6 +6,7 @@
{ {
imports = [ ]; imports = [ ];
config = {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
powertop powertop
]; ];
@@ -20,7 +19,7 @@
# amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds. # amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds.
# amdgpu.dcdebugmask=0x10 :: Allegedly disables Panel Replay from https://community.frame.work/t/tracking-freezing-arch-linux-amd/39495/32 # amdgpu.dcdebugmask=0x10 :: Allegedly disables Panel Replay from https://community.frame.work/t/tracking-freezing-arch-linux-amd/39495/32
boot.kernelParams = [ boot.kernelParams = [
"amdgpu.abmlevel=3" "amdgpu.abmlevel=2"
"pcie_aspm=force" "pcie_aspm=force"
# "pcie_aspm.policy=powersupersave" # "pcie_aspm.policy=powersupersave"
"nowatchdog" "nowatchdog"
@@ -47,6 +46,22 @@
"w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpu0/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu1/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu2/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu3/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu4/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu5/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu6/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu7/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu8/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu9/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu10/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu11/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu12/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu13/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu14/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu15/cpufreq/boost - - - - 0"
]; ];
boot.extraModprobeConfig = '' boot.extraModprobeConfig = ''
@@ -56,4 +71,5 @@
# Sound power-saving was causing chat notifications to be inaudible. # Sound power-saving was causing chat notifications to be inaudible.
# options snd_hda_intel power_save=1 # options snd_hda_intel power_save=1
''; '';
};
} }

11
nix/configuration/hosts/odo/screen_brightness.nix
View File

@@ -1,14 +1,9 @@
{
config,
lib,
pkgs,
...
}:
{ {
imports = [ ]; imports = [ ];
config = {
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"w- /sys/class/backlight/amdgpu_bl1/brightness - - - - 85" "w- /sys/class/backlight/amdgpu_bl1/brightness - - - - 32767"
]; ];
};
} }

12
nix/configuration/hosts/odo/wifi.nix
View File

@@ -1,19 +1,7 @@
{
config,
lib,
pkgs,
...
}:
{ {
imports = [ ]; imports = [ ];
config = { config = {
# Doesn't seem necessary starting with 6.13
# environment.loginShellInit = lib.mkIf (!config.me.buildingIso) ''
# doas iw dev wlan0 set power_save off
# '';
# Enable debug logging for ath12k wifi card. # Enable debug logging for ath12k wifi card.
boot.kernelParams = [ boot.kernelParams = [
"ath12k.debug_mask=0xffffffff" "ath12k.debug_mask=0xffffffff"

3
nix/configuration/hosts/odo/wrapped-disk-config.nix
View File

@@ -1,8 +1,7 @@
{ {
config, config,
lib, lib,
pkgs,
... ...
}: }:
lib.mkIf (!config.me.buildingIso) (import ./disk-config.nix) lib.mkIf (!config.me.buildingPortable) (import ./disk-config.nix)

13
nix/configuration/hosts/odowork/DEPLOY_BOOT Executable file
View File

@@ -0,0 +1,13 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
TARGET=odowork
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#odowork" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

13
nix/configuration/hosts/odowork/DEPLOY_SWITCH Executable file
View File

@@ -0,0 +1,13 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
TARGET=odowork
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#odowork" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/odowork/ISO Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#odowork.iso" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/odowork/SELF_BOOT Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odowork" --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/odowork/SELF_BUILD Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odowork" --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/odowork/SELF_SWITCH Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odowork" --log-format internal-json -v "${@}" |& nom --json

129
nix/configuration/hosts/odowork/default.nix Normal file
View File

@@ -0,0 +1,129 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./hardware-configuration.nix
./wrapped-disk-config.nix
./distributed_build.nix
./power_management.nix
./screen_brightness.nix
./wifi.nix
./framework_module.nix
];
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "133cb66e";
networking.hostName = "odowork"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.boot.enable = true;
me.boot.secure = false;
me.mountPersistence = true;
# Toggle to start writing the extlinux config which will be used by zfsbootmenu
boot.loader.generic-extlinux-compatible.enable = true;
boot.loader.systemd-boot.enable = lib.mkForce false;
me.optimizations = {
enable = true;
arch = "znver4";
# build_arch = "x86-64-v3";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
"gccarch-kabylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Early KMS
boot.initrd.kernelModules = [ "amdgpu" ];
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
environment.systemPackages = with pkgs; [
fw-ectool
framework-tool
];
# Enable light sensor
# hardware.sensor.iio.enable = lib.mkDefault true;
# Enable TRIM
# services.fstrim.enable = lib.mkDefault true;
me.alacritty.enable = true;
me.amd_s2idle.enable = true;
me.ansible.enable = true;
me.base.enable = true;
me.bluetooth.enable = true;
me.build_in_ram.enable = true;
me.chromium.enable = true;
me.d2.enable = true;
me.direnv.enable = true;
me.doas.enable = true;
me.docker.enable = false;
me.dont_use_substituters.enable = true;
me.emacs_flavor = "full";
me.firefox.enable = true;
me.firewall.enable = true;
me.font.enable = true;
me.gcloud.enable = true;
me.git.config = ../../roles/git/files/gitconfig_work;
me.git.enable = true;
me.gnuplot.enable = true;
me.gpg.enable = true;
me.graphical = true;
me.graphics_card_type = "amd";
me.iso_mount.enable = true;
me.jujutsu.enable = true;
me.latex.enable = true;
me.launch_keyboard.enable = true;
me.lvfs.enable = true;
me.media.enable = true;
me.memtest.enable = true;
me.network.enable = true;
me.nix_index.enable = true;
me.nvme.enable = true;
me.openpgp_card_tools.enable = true;
me.podman.enable = true;
me.python.enable = true;
me.rust.enable = true;
me.sequoia.enable = true;
me.shikane.enable = true;
me.sops.enable = true;
me.sound.enable = true;
me.ssh.enable = true;
me.sshd.enable = true;
me.steam_run_free.enable = true;
me.sway.enable = true;
me.terraform.enable = true;
me.thunderbolt.enable = true;
me.user.enable = true;
me.vscode.enable = true;
me.waybar.enable = true;
me.wireguard.activated = [
"wgh"
];
me.wireguard.deactivated = [ "wgf" ];
me.yubikey.enable = true;
me.zfs.enable = true;
me.zrepl.enable = true;
me.zsh.enable = true;
};
}

155
nix/configuration/hosts/odowork/disk-config.nix Normal file
View File

@@ -0,0 +1,155 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/efi";
mountOptions = [
"umask=0077"
"noatime"
"discard"
];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
# mode = "mirror";
# Workaround: cannot import 'zroot': I/O error in disko tests
options.cachefile = "none";
options = {
ashift = "12";
compatibility = "openzfs-2.2-freebsd";
autotrim = "on";
};
rootFsOptions = {
acltype = "posixacl";
atime = "off";
relatime = "off";
xattr = "sa";
mountpoint = "none";
compression = "lz4";
canmount = "off";
utf8only = "on";
dnodesize = "auto";
normalization = "formD";
};
datasets = {
"linux/nixwork" = {
type = "zfs_fs";
options.mountpoint = "none";
options = {
encryption = "aes-256-gcm";
keyformat = "passphrase";
# keylocation = "file:///tmp/secret.key";
};
};
"linux/nixwork/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nixwork/root@blank$' || zfs snapshot zroot/linux/nixwork/root@blank";
};
"linux/nixwork/boot" = {
type = "zfs_fs";
options = {
mountpoint = "legacy";
"org.zfsbootmenu:active" = "on";
};
mountpoint = "/boot";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nixwork/boot@blank$' || zfs snapshot zroot/linux/nixwork/boot@blank";
};
"linux/nixwork/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nixwork/nix@blank$' || zfs snapshot zroot/linux/nixwork/nix@blank";
options = {
recordsize = "16MiB";
compression = "zstd-19";
};
};
"linux/nixwork/home" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/home";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nixwork/home@blank$' || zfs snapshot zroot/linux/nixwork/home@blank";
};
"linux/nixwork/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nixwork/persist@blank$' || zfs snapshot zroot/linux/nixwork/persist@blank";
};
"linux/nixwork/state" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/state";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nixwork/state@blank$' || zfs snapshot zroot/linux/nixwork/state@blank";
};
};
};
};
};
# Make sure all persistent volumes are marked as neededForBoot
#
# Also mounts /home so it is mounted before the user home directories are created.
fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
fileSystems."/".options = [
"noatime"
"norelatime"
];
fileSystems."/boot".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [
"noatime"
"norelatime"
];
fileSystems."/persist".options = [
"noatime"
"norelatime"
];
fileSystems."/state".options = [
"noatime"
"norelatime"
];
fileSystems."/home".options = [
"noatime"
"norelatime"
];
# Only attempt to decrypt the main pool. Otherwise it attempts to decrypt pools that aren't even used.
boot.zfs.requestEncryptionCredentials = [ "zroot/linux/nixwork" ];
}

13
nix/configuration/hosts/odowork/distributed_build.nix Normal file
View File

@@ -0,0 +1,13 @@
{
imports = [ ];
config = {
me.distributed_build.enable = true;
me.distributed_build.machines.quark = {
enable = true;
additional_config = {
speedFactor = 2;
};
};
};
}

19
nix/configuration/hosts/odowork/framework_module.nix Normal file
View File

@@ -0,0 +1,19 @@
{
config,
...
}:
{
imports = [ ];
config = {
boot.extraModulePackages = with config.boot.kernelPackages; [
framework-laptop-kmod
];
# https://github.com/DHowett/framework-laptop-kmod?tab=readme-ov-file#usage
boot.kernelModules = [
"cros_ec"
"cros_ec_lpcs"
];
};
}

34
nix/configuration/hosts/odowork/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,34 @@
{
config,
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
config = {
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
}

75
nix/configuration/hosts/odowork/power_management.nix Normal file
View File

@@ -0,0 +1,75 @@
{
pkgs,
...
}:
{
imports = [ ];
config = {
environment.systemPackages = with pkgs; [
powertop
];
# amdgpu.abmlevel=3 :: Automatically reduce screen brightness but tweak colors to compensate for power reduction.
# pcie_aspm=force pcie_aspm.policy=powersupersave :: Enable PCIe active state power management for power reduction.
# nowatchdog :: Disable watchdog for power savings (related to disable_sp5100_watchdog above).
# amd_pstate=passive :: Fully automated hardware pstate control.
# amd_pstate=active :: Same as passive except we can set the energy performance preference (EPP) to suggest how much we prefer performance or energy efficiency.
# amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds.
# amdgpu.dcdebugmask=0x10 :: Allegedly disables Panel Replay from https://community.frame.work/t/tracking-freezing-arch-linux-amd/39495/32
boot.kernelParams = [
"amdgpu.abmlevel=2"
"pcie_aspm=force"
# "pcie_aspm.policy=powersupersave"
"nowatchdog"
# I don't see a measurable benefit from these two:
# "cpufreq.default_governor=powersave"
# "initcall_blacklist=cpufreq_gov_userspace_init"
];
systemd.tmpfiles.rules = [
"w- /sys/firmware/acpi/platform_profile - - - - low-power"
"w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy4/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy5/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy6/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy7/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy8/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy9/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy10/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy11/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy12/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpu0/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu1/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu2/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu3/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu4/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu5/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu6/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu7/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu8/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu9/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu10/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu11/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu12/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu13/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu14/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu15/cpufreq/boost - - - - 0"
];
boot.extraModprobeConfig = ''
# Disable the hardware watchdog inside AMD 700 chipset series for power savings.
blacklist sp5100_tco
# Sound power-saving was causing chat notifications to be inaudible.
# options snd_hda_intel power_save=1
'';
};
}

9
nix/configuration/hosts/odowork/screen_brightness.nix Normal file
View File

@@ -0,0 +1,9 @@
{
imports = [ ];
config = {
systemd.tmpfiles.rules = [
"w- /sys/class/backlight/amdgpu_bl1/brightness - - - - 32767"
];
};
}

10
nix/configuration/hosts/odowork/wifi.nix Normal file
View File

@@ -0,0 +1,10 @@
{
imports = [ ];
config = {
# Enable debug logging for ath12k wifi card.
boot.kernelParams = [
"ath12k.debug_mask=0xffffffff"
];
};
}

7
nix/configuration/hosts/odowork/wrapped-disk-config.nix Normal file
View File

@@ -0,0 +1,7 @@
{
config,
lib,
...
}:
lib.mkIf (!config.me.buildingPortable) (import ./disk-config.nix)

8
nix/configuration/hosts/quark/DEPLOY_BOOT
View File

@@ -6,14 +6,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
#TARGET=10.216.1.15
# TARGET=192.168.211.250
TARGET=quark TARGET=quark
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom nixos-rebuild boot --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#quark'

8
nix/configuration/hosts/quark/DEPLOY_SWITCH
View File

@@ -6,14 +6,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=quark TARGET=quark
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom nixos-rebuild switch --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#quark'

4
nix/configuration/hosts/quark/ISO
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.quark" --max-jobs "$JOBS" "${@}" |& nom nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#quark.iso" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

4
nix/configuration/hosts/quark/SELF_BOOT
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" "${@}" |& nom nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json

4
nix/configuration/hosts/quark/SELF_BUILD
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" "${@}" |& nom nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json

4
nix/configuration/hosts/quark/SELF_SWITCH
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" "${@}" |& nom nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json

46
nix/configuration/hosts/quark/default.nix
View File

@@ -6,11 +6,11 @@
}: }:
{ {
imports = [ imports = [
./disk-config.nix ./wrapped-disk-config.nix
./distributed_build.nix ./distributed_build.nix
./hardware-configuration.nix ./hardware-configuration.nix
./power_management.nix ./power_management.nix
./wifi.nix ./waybar.nix
]; ];
config = { config = {
@@ -22,15 +22,23 @@
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = true; me.boot.enable = true;
me.boot.secure = false;
me.mountPersistence = true;
# Toggle to start writing the extlinux config which will be used by zfsbootmenu
boot.loader.generic-extlinux-compatible.enable = true;
boot.loader.systemd-boot.enable = lib.mkForce false;
me.optimizations = { me.optimizations = {
enable = true; enable = true;
arch = "znver5"; arch = "znver4";
# build_arch = "x86-64-v3";
system_features = [ system_features = [
"gccarch-znver4" "gccarch-znver4"
"gccarch-znver5" "gccarch-znver5"
"gccarch-skylake" "gccarch-skylake"
"gccarch-kabylake"
# "gccarch-alderlake" missing WAITPKG # "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3" "gccarch-x86-64-v3"
"gccarch-x86-64-v4" "gccarch-x86-64-v4"
@@ -54,55 +62,83 @@
me.rpcs3.config.Core."Use LLVM CPU" = "znver4"; me.rpcs3.config.Core."Use LLVM CPU" = "znver4";
me.alacritty.enable = true; me.alacritty.enable = true;
me.amd_s2idle.enable = true;
me.ansible.enable = true; me.ansible.enable = true;
me.ares.enable = true; me.ares.enable = true;
me.base.enable = true;
me.bluetooth.enable = true; me.bluetooth.enable = true;
me.build_in_ram.enable = true;
me.chromecast.enable = true; me.chromecast.enable = true;
me.chromium.enable = true; me.chromium.enable = true;
me.docker.enable = true; me.d2.enable = true;
me.direnv.enable = true;
me.doas.enable = true;
me.docker.enable = false;
me.dont_use_substituters.enable = true;
me.ecc.enable = true; me.ecc.enable = true;
me.emacs_flavor = "full"; me.emacs_flavor = "full";
me.emulate_isa.enable = true;
me.firefox.enable = true; me.firefox.enable = true;
me.firewall.enable = true;
me.flux.enable = true; me.flux.enable = true;
me.font.enable = true;
me.gcloud.enable = true; me.gcloud.enable = true;
me.git.config = ../../roles/git/files/gitconfig_home; me.git.config = ../../roles/git/files/gitconfig_home;
me.git.enable = true;
me.gnuplot.enable = true; me.gnuplot.enable = true;
me.gpg.enable = true; me.gpg.enable = true;
me.graphical = true; me.graphical = true;
me.graphics_card_type = "amd"; me.graphics_card_type = "amd";
me.iso_mount.enable = true; me.iso_mount.enable = true;
me.jujutsu.enable = true;
me.kanshi.enable = false; me.kanshi.enable = false;
me.kubernetes.enable = true; me.kubernetes.enable = true;
me.latex.enable = true; me.latex.enable = true;
me.launch_keyboard.enable = true; me.launch_keyboard.enable = true;
me.lvfs.enable = true; me.lvfs.enable = true;
me.media.enable = true; me.media.enable = true;
me.memtest.enable = true;
me.network.enable = true;
me.nix_index.enable = true; me.nix_index.enable = true;
me.nix_worker.enable = true; me.nix_worker.enable = true;
me.nvme.enable = true;
me.openpgp_card_tools.enable = true;
me.pcsx2.enable = true; me.pcsx2.enable = true;
me.podman.enable = true;
me.python.enable = true; me.python.enable = true;
me.qemu.enable = true; me.qemu.enable = true;
me.recovery.enable = true;
me.rpcs3.enable = true; me.rpcs3.enable = true;
me.rust.enable = true; me.rust.enable = true;
me.sequoia.enable = true;
me.shadps4.enable = false;
me.shikane.enable = true; me.shikane.enable = true;
me.sops.enable = true; me.sops.enable = true;
me.sound.enable = true; me.sound.enable = true;
me.spaghettikart.enable = true;
me.ssh.enable = true;
me.sshd.enable = true;
me.steam.enable = true; me.steam.enable = true;
me.steam_run_free.enable = true; me.steam_run_free.enable = true;
me.sway.enable = true; me.sway.enable = true;
me.tekton.enable = true; me.tekton.enable = true;
me.terraform.enable = true; me.terraform.enable = true;
me.thunderbolt.enable = true; me.thunderbolt.enable = true;
me.user.enable = true;
me.uutils.enable = false;
me.vnc_client.enable = true; me.vnc_client.enable = true;
me.vscode.enable = true; me.vscode.enable = true;
me.wasm.enable = true; me.wasm.enable = true;
me.waybar.enable = true; me.waybar.enable = true;
me.wine.enable = false;
me.wireguard.activated = [ me.wireguard.activated = [
"drmario" "drmario"
"wgh" "wgh"
"colo" "colo"
]; ];
me.wireguard.deactivated = [ "wgf" ]; me.wireguard.deactivated = [ "wgf" ];
me.yubikey.enable = true;
me.zfs.enable = true;
me.zrepl.enable = true; me.zrepl.enable = true;
me.zsh.enable = true; me.zsh.enable = true;

9
nix/configuration/hosts/quark/disk-config.nix
View File

@@ -2,13 +2,6 @@
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1 # Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1 # Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{ {
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) {
disko.devices = { disko.devices = {
disk = { disk = {
main = { main = {
@@ -23,7 +16,7 @@ lib.mkIf (!config.me.buildingIso) {
content = { content = {
type = "filesystem"; type = "filesystem";
format = "vfat"; format = "vfat";
mountpoint = "/boot"; mountpoint = "/efi";
mountOptions = [ mountOptions = [
"umask=0077" "umask=0077"
"noatime" "noatime"

16
nix/configuration/hosts/quark/distributed_build.nix
View File

@@ -1,21 +1,7 @@
{
config,
lib,
pkgs,
...
}:
{ {
imports = [ ]; imports = [ ];
config = lib.mkMerge [ config = {
{
me.distributed_build.enable = true; me.distributed_build.enable = true;
me.distributed_build.machines.hydra = {
enable = true;
additional_config = {
speedFactor = 2;
};
}; };
} }
];
}

6
nix/configuration/hosts/quark/hardware-configuration.nix
View File

@@ -1,10 +1,6 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ {
config, config,
lib, lib,
pkgs,
modulesPath, modulesPath,
... ...
}: }:
@@ -14,6 +10,7 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
config = {
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [
"nvme" "nvme"
"xhci_pci" "xhci_pci"
@@ -32,4 +29,5 @@
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
} }

2
nix/configuration/hosts/quark/power_management.nix
View File

@@ -8,6 +8,7 @@
{ {
imports = [ ]; imports = [ ];
config = {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
powertop powertop
]; ];
@@ -45,4 +46,5 @@
# destination = "/etc/udev/rules.d/30-amdgpu-low-power.rules"; # destination = "/etc/udev/rules.d/30-amdgpu-low-power.rules";
# }) # })
# ]; # ];
};
} }

75
nix/configuration/hosts/quark/waybar.nix Normal file
View File

@@ -0,0 +1,75 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = {
me.waybar.config = lib.mkForce {
# "height": 10, # Waybar height (to be removed for auto height)
"modules-left" = [
"sway/workspaces"
"sway/mode"
];
"modules-center" = [ "sway/window" ];
"modules-right" = [
"custom/night_mode"
# "custom/temperature" # /sys/class/thermal/thermal_zone* does not currently exist on quark
"custom/sound"
"custom/available_memory"
"idle_inhibitor"
"custom/clock"
"tray"
];
"sway/workspaces" = {
"disable-scroll" = true;
};
"sway/mode" = {
"format" = "<span style=\"italic\">{}</span>";
};
"sway/window" = {
"format" = "{title}";
};
"idle_inhibitor" = {
"format" = "{icon}";
"format-icons" = {
"activated" = ""; # ☕
"deactivated" = "💤"; # ☾☁⛾⛔⏾⌛⏳💤
};
};
"tray" = {
# "icon-size" = 21;
"spacing" = 10;
};
"custom/clock" = {
"exec" = "waybar_custom_clock";
"return-type" = "json";
"restart-interval" = 30;
};
"custom/available_memory" = {
"exec" = "waybar_custom_available_memory";
"return-type" = "json";
"restart-interval" = 30;
};
"custom/sound" = {
"exec" = "waybar_custom_sound";
"return-type" = "json";
"restart-interval" = 30;
};
# "custom/temperature" = {
# "exec" = "waybar_custom_temperature";
# "return-type" = "json";
# "restart-interval" = 30;
# };
"custom/night_mode" = {
"exec" = "waybar_night_mode";
"return-type" = "json";
"restart-interval" = 30;
"on-click" = "pkill -USR1 -f waybar_night_mode";
};
};
};
}

16
nix/configuration/hosts/quark/wifi.nix
View File

@@ -1,16 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = {
environment.loginShellInit = lib.mkIf (!config.me.buildingIso) ''
doas iw dev wlan0 set power_save off
'';
};
}

7
nix/configuration/hosts/quark/wrapped-disk-config.nix Normal file
View File

@@ -0,0 +1,7 @@
{
config,
lib,
...
}:
lib.mkIf (!config.me.buildingPortable) (import ./disk-config.nix)

13
nix/configuration/hosts/recovery/DEPLOY_BOOT Executable file
View File

@@ -0,0 +1,13 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
TARGET=recovery
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#recovery" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

13
nix/configuration/hosts/recovery/DEPLOY_SWITCH Executable file
View File

@@ -0,0 +1,13 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
TARGET=recovery
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#recovery" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/recovery/ISO Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#recovery.iso" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/recovery/SELF_BOOT Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#recovery" --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/recovery/SELF_BUILD Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#recovery" --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/recovery/SELF_SWITCH Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#recovery" --log-format internal-json -v "${@}" |& nom --json

56
nix/configuration/hosts/recovery/default.nix Normal file
View File

@@ -0,0 +1,56 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./hardware-configuration.nix
./wrapped-disk-config.nix
./distributed_build.nix
./power_management.nix
];
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "46b62d92";
networking.hostName = "recovery"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.boot.enable = true;
me.boot.secure = true;
me.mountPersistence = true;
me.optimizations = {
# enable = true;
arch = "kabylake";
# build_arch = "x86-64-v3";
system_features = [
"gccarch-kabylake"
"gccarch-x86-64-v3"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Early KMS
# boot.initrd.kernelModules = [ "amdgpu" ];
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
# Enable TRIM
# services.fstrim.enable = lib.mkDefault true;
me.build_in_ram.enable = true;
me.dont_use_substituters.enable = true;
me.minimal_base.enable = true;
me.recovery.enable = true;
};
}

6
nix/configuration/hosts/ionlybootzfs/disk-config.nix → nix/configuration/hosts/recovery/disk-config.nix
View File

@@ -65,8 +65,8 @@
type = "zfs_fs"; type = "zfs_fs";
options.mountpoint = "none"; options.mountpoint = "none";
options = { options = {
encryption = "aes-256-gcm"; # encryption = "aes-256-gcm";
keyformat = "passphrase"; # keyformat = "passphrase";
# keylocation = "file:///tmp/secret.key"; # keylocation = "file:///tmp/secret.key";
}; };
}; };
@@ -138,5 +138,5 @@
]; ];
# Only attempt to decrypt the main pool. Otherwise it attempts to decrypt pools that aren't even used. # Only attempt to decrypt the main pool. Otherwise it attempts to decrypt pools that aren't even used.
boot.zfs.requestEncryptionCredentials = [ "zroot/linux/nix" ]; # boot.zfs.requestEncryptionCredentials = [ "zroot/linux/nix" ];
} }

13
nix/configuration/hosts/recovery/distributed_build.nix Normal file
View File

@@ -0,0 +1,13 @@
{
imports = [ ];
config = {
me.distributed_build.enable = true;
me.distributed_build.machines.quark = {
enable = true;
additional_config = {
speedFactor = 2;
};
};
};
}

34
nix/configuration/hosts/recovery/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,34 @@
{
config,
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
config = {
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
}

63
nix/configuration/hosts/recovery/power_management.nix Normal file
View File

@@ -0,0 +1,63 @@
{
pkgs,
...
}:
{
imports = [ ];
config = {
environment.systemPackages = with pkgs; [
powertop
];
# pcie_aspm=force pcie_aspm.policy=powersupersave :: Enable PCIe active state power management for power reduction.
# nowatchdog :: Disable watchdog for power savings (related to disable_sp5100_watchdog above).
boot.kernelParams = [
"pcie_aspm=force"
# "pcie_aspm.policy=powersupersave"
"nowatchdog"
];
systemd.tmpfiles.rules = [
"w- /sys/firmware/acpi/platform_profile - - - - low-power"
"w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy4/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy5/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy6/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy7/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy8/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy9/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy10/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy11/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy12/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpu0/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu1/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu2/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu3/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu4/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu5/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu6/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu7/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu8/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu9/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu10/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu11/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu12/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu13/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu14/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu15/cpufreq/boost - - - - 0"
];
boot.extraModprobeConfig = ''
# Sound power-saving was causing chat notifications to be inaudible.
# options snd_hda_intel power_save=1
'';
};
}

Some files were not shown because too many files have changed in this diff Show More