talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: talexander:nix
Branches Tags
talexander:main talexander:kubernetes talexander:nix talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook
..
compare: talexander:starship
Branches Tags
talexander:kubernetes talexander:nix talexander:main talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook

3 Commits
nix ... starship

Author SHA1 Message Date
Tom Alexander
9513882870 Still not working. 2025-01-27 20:38:45 -05:00
Tom Alexander
71a6843b37 Same issue with package based on 2ship2harkinian. 2025-01-27 19:26:38 -05:00
Tom Alexander
7d9d1ca80e Add a package for starship (Star Fox 64). 2025-01-27 19:26:38 -05:00
327 changed files with 2925 additions and 41027 deletions
Expand all files Collapse all files

1
ansible/roles/base/files/gitconfig_home
View File

@@ -8,7 +8,6 @@
lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
bh = log --oneline --branches=* --remotes=* --graph --decorate bh = log --oneline --branches=* --remotes=* --graph --decorate
amend = commit --amend --no-edit amend = commit --amend --no-edit
authorcount = shortlog --summary --numbered --all --no-merges
[core] [core]
excludesfile = ~/.gitignore_global excludesfile = ~/.gitignore_global
[commit] [commit]

1
ansible/roles/base/files/gitconfig_work
View File

@@ -8,7 +8,6 @@
lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
bh = log --oneline --branches=* --remotes=* --graph --decorate bh = log --oneline --branches=* --remotes=* --graph --decorate
amend = commit --amend --no-edit amend = commit --amend --no-edit
authorcount = shortlog --summary --numbered --all --no-merges
[core] [core]
excludesfile = ~/.gitignore_global excludesfile = ~/.gitignore_global
[commit] [commit]

2
ansible/roles/sshd/files/keys/yubikey.pub
View File

@@ -1 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky cardno:000611194908

1
nix/configuration/.gitignore vendored
View File

@@ -1 +0,0 @@
result

483
nix/configuration/configuration.nix
View File

@@ -2,280 +2,253 @@
config, config,
lib, lib,
pkgs, pkgs,
home-manager,
... ...
}: }:
let
alias_nix_pin_revision = pkgs.writeShellScriptBin "nix-pin-revision" ''
# Usage: nix-pin-revision nixpkgs 'github:NixOS/nixpkgs/00c21e4c93d963c50d4c0c89bfa84ed6e0694df2'
exec nix flake lock --override-input "''${@}"
'';
in
{ {
imports = [ imports = [
./roles/2ship2harkinian ./roles/reset
./roles/alacritty
./roles/amd_s2idle
./roles/android
./roles/ansible
./roles/ares
./roles/base
./roles/bluetooth
./roles/boot
./roles/build_in_ram
./roles/chromecast
./roles/chromium
./roles/d2
./roles/direnv
./roles/disko
./roles/distributed_build
./roles/doas
./roles/docker
./roles/dont_use_substituters
./roles/ecc
./roles/emacs
./roles/emulate_isa
./roles/esim
./roles/firefox
./roles/firewall
./roles/flux
./roles/fonts
./roles/gcloud
./roles/git
./roles/global_options ./roles/global_options
./roles/gnome_keyring ./util/unfree_polyfill
./roles/gnuplot
./roles/gpg
./roles/graphics
./roles/graphviz
./roles/hydra
./roles/image_based_appliance
./roles/iso ./roles/iso
./roles/iso_mount "${
./roles/jujutsu builtins.fetchTarball {
url = "https://github.com/nix-community/disko/archive/refs/tags/v1.9.0.tar.gz";
sha256 = "0j76ar4qz320fakdii4659w5lww8wiz6yb7g47npywqvf2lbp388";
}
}/module.nix"
./roles/boot
./roles/zfs
./roles/network
./roles/firewall
./roles/zsh
./roles/zrepl
./roles/graphics
./roles/sound
./roles/sway
./roles/kanshi ./roles/kanshi
./roles/kodi ./roles/alacritty
./roles/firefox
./roles/chromium
./roles/emacs
./roles/git
./roles/fonts
./roles/gpg
./roles/waybar
./roles/qemu
./roles/wireguard
./roles/ares
./roles/ssh
./roles/python
./roles/docker
./roles/kubernetes ./roles/kubernetes
./roles/rust
./roles/media
./roles/steam
./roles/latex ./roles/latex
./roles/launch_keyboard ./roles/launch_keyboard
./roles/lvfs ./roles/lvfs
./roles/media
./roles/memtest86
./roles/minimal_base
./roles/network
./roles/nix_index
./roles/nix_repl
./roles/nix_worker
./roles/nixdev
./roles/nvme ./roles/nvme
./roles/openpgp_card_tools
./roles/optimized_build
./roles/pcsx2
./roles/podman
./roles/postgresql_client
./roles/python
./roles/qemu
./roles/recovery
./roles/reset
./roles/rpcs3
./roles/rust
./roles/sequoia
./roles/shadps4
./roles/shikane
./roles/shipwright
./roles/sm64ex
./roles/sops
./roles/sound
./roles/spaghettikart
./roles/ssh
./roles/sshd
./roles/steam
./roles/steam_run_free
./roles/sway
./roles/tekton
./roles/terraform ./roles/terraform
./roles/thunderbolt
./roles/user
./roles/uutils
./roles/vnc_client
./roles/vscode ./roles/vscode
./roles/wasm ./roles/wasm
./roles/waybar ./roles/vnc_client
./roles/webcam ./roles/chromecast
./roles/wine ./roles/memtest86
./roles/wireguard ./roles/kodi
./roles/yubikey ./roles/ansible
./roles/zfs ./roles/bluetooth
./roles/zrepl ./roles/sm64ex
./roles/zsh ./roles/shipwright
./util/install_files ./roles/2ship2harkinian
./util/unfree_polyfill ./roles/nix_index
]; ];
config = { nix.settings.experimental-features = [
nix.settings.experimental-features = [ "nix-command"
"nix-command" "flakes"
"flakes" ];
"ca-derivations" nix.settings.trusted-users = [ "@wheel" ];
# "blake3-hashes"
# "git-hashing"
];
nix.settings.trusted-users = [ "@wheel" ];
nix.settings.connect-timeout = 5;
nix.settings.min-free = 128000000;
nix.settings.max-free = 1000000000;
nix.settings.fallback = true;
nix.settings.warn-dirty = false;
nix.settings.fsync-metadata = true;
# Ensure store paths are durably written to disk before registering the paths so a crash mid-build does not leave us in a corrupted state.
nix.settings.fsync-store-paths = true;
hardware.enableRedistributableFirmware = true; # boot.kernelPackages = pkgs.linuxPackages_6_11;
hardware.enableRedistributableFirmware = true;
# Keep outputs so we can build offline. services.getty = {
nix.settings.keep-outputs = true; autologinUser = "talexander"; # I use full disk encryption so the user password is irrelevant.
nix.settings.keep-derivations = true; autologinOnce = true;
# Automatic garbage collection
nix.gc = lib.mkIf (!config.me.buildingPortable) {
# Runs nix-collect-garbage --delete-older-than 5d
automatic = true;
persistent = true;
dates = "monthly";
# randomizedDelaySec = "14m";
options = "--delete-older-than 30d";
};
nix.settings.auto-optimise-store = !config.me.buildingPortable;
environment.systemPackages = [
alias_nix_pin_revision
];
environment.persistence."/persist" = lib.mkIf (config.me.mountPersistence) {
hideMounts = true;
directories = [
"/var/lib/nixos" # Contains user information (uids/gids)
"/var/lib/systemd" # Systemd state directory for random seed, persistent timers, core dumps, persist hardware state like backlight and rfkill
"/var/log/journal" # Logs, alternatively set `services.journald.storage = "volatile";` to write to /run/log/journal
];
files = [
"/etc/machine-id" # Systemd unique machine id "otherwise, the system journal may fail to list earlier boots, etc"
];
};
# Write a list of the currently installed packages to /etc/current-system-packages
# environment.etc."current-system-packages".text =
# let
# packages = builtins.map (p: "${p.name}") config.environment.systemPackages;
# sortedUnique = builtins.sort builtins.lessThan (lib.unique packages);
# formatted = builtins.concatStringsSep "\n" sortedUnique;
# in
# formatted;
# nixpkgs.overlays = [
# (final: prev: {
# foot = throw "foo";
# })
# ];
nixpkgs.overlays =
let
disableTests = (
# Example: (disableTests "coreutils")
package_name:
(final: prev: {
"${package_name}" = prev."${package_name}".overrideAttrs (old: {
doCheck = false;
doInstallCheck = false;
});
})
);
disableTestsPython = (
# Example: (disableTestsPython "scipy")
package_name:
(final: prev: {
pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
(python-final: python-prev: {
"${package_name}" = python-prev."${package_name}".overridePythonAttrs (oldAttrs: {
doCheck = false;
});
})
];
})
);
disableOptimizations = (
# Example: (disableOptimizations "coreutils")
package_name:
(final: prev: {
"${package_name}" = final.unoptimized."${package_name}";
})
);
disableOptimizationsScope = (
# Example: (disableOptimizationsScope "kdePackages" "qtbase")
scope: package_name:
(final: prev: {
"${scope}" = prev."${scope}".overrideScope (
scopeFinal: scopePrev: {
"${package_name}" = final.unoptimized."${scope}"."${package_name}";
}
);
})
);
disableOptimizationsPython3 = (
# Example: (disableOptimizationsPython3 "scipy")
package_name:
(final: prev: {
python3Packages = prev.python3Packages.override {
overrides = python-final: python-prev: {
"${package_name}" = final.unoptimized.python3.pkgs."${package_name}";
};
};
})
);
in
[
(disableTests "coreutils")
(disableTests "coreutils-full")
(disableTests "deno") # Tests use too much disk space
(disableTests "libuv")
(final: prev: {
inherit (final.unoptimized)
libtpms
libjxl
ddrescueview
deno
mesa
;
})
(disableOptimizationsPython3 "scipy")
# Works but probably sets python2's scipy to be python3:
#
# (final: prev: {
# pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
# (python-final: python-prev: {
# scipy = final.unoptimized.python3Packages.scipy;
# })
# ];
# })
];
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
}; };
users.mutableUsers = false;
users.users.talexander = {
isNormalUser = true;
createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481
group = "talexander";
extraGroups = [ "wheel" ];
uid = 11235;
packages = with pkgs; [
tree
];
# Generate with `mkpasswd -m scrypt`
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
];
};
users.groups.talexander.gid = 11235;
home-manager.users.talexander =
{ pkgs, ... }:
{
home.packages = [
pkgs.atool
pkgs.httpie
];
programs.bash.enable = true;
# The state version is required and should stay at the version you
# originally installed.
home.stateVersion = "24.11";
};
# Automatic garbage collection
nix.gc = lib.mkIf (!config.me.buildingIso) {
# Runs nix-collect-garbage --delete-older-than 5d
automatic = true;
randomizedDelaySec = "14m";
options = "--delete-older-than 30d";
};
nix.settings.auto-optimise-store = !config.me.buildingIso;
# Use doas instead of sudo
security.doas.enable = true;
security.doas.wheelNeedsPassword = false;
security.sudo.enable = false;
security.doas.extraRules = [
{
# Retain environment (for example NIX_PATH)
keepEnv = true;
persist = true; # Only ask for a password the first time.
}
];
environment.systemPackages = with pkgs; [
wget
mg
rsync
libinput
htop
tmux
file
usbutils # for lsusb
pciutils # for lspci
ripgrep
strace
ltrace
trace-cmd # ftrace
tcpdump
git-crypt
gnumake
ncdu
nix-tree
libarchive # bsdtar
];
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
hostKeys = [
{
path = "/persist/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
{
path = "/persist/ssh/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}
];
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
"/var/lib/iwd" # Wifi settings
"/var/lib/nixos" # Contains user information (uids/gids)
"/var/lib/systemd" # Systemd state directory for random seed, persistent timers, core dumps, persist hardware state like backlight and rfkill
"/var/log/journal" # Logs, alternatively set `services.journald.storage = "volatile";` to write to /run/log/journal
];
files = [
"/etc/machine-id" # Systemd unique machine id "otherwise, the system journal may fail to list earlier boots, etc"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
];
users.talexander = {
directories = [
{
directory = "persist";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
# Write a list of the currently installed packages to /etc/current-system-packages
environment.etc."current-system-packages".text =
let
packages = builtins.map (p: "${p.name}") config.environment.systemPackages;
sortedUnique = builtins.sort builtins.lessThan (lib.unique packages);
formatted = builtins.concatStringsSep "\n" sortedUnique;
in
formatted;
# environment.etc."system-packages-with-source".text = builtins.concatStringsSep "\n\n" (
# builtins.map (
# x: x.file + "\n" + builtins.concatStringsSep "\n" (builtins.map (s: " " + s) x.value)
# ) config.environment.systemPackages.definitionsWithLocations
# );
# nixpkgs.overlays = [
# (final: prev: {
# nix = pkgs-unstable.nix;
# })
# ];
# nixpkgs.overlays = [
# (final: prev: {
# foot = throw "foo";
# })
# ];
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
} }

170
nix/configuration/flake.lock generated
View File

@@ -1,5 +1,23 @@
{ {
"nodes": { "nodes": {
"ansible-sshjail": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1,
"narHash": "sha256-c4Ds4E/10Zj5AQLuJ3JvJTuDK8o2WjVXLcIL7eyhTfw=",
"path": "flakes/ansible-sshjail",
"type": "path"
},
"original": {
"path": "flakes/ansible-sshjail",
"type": "path"
}
},
"crane": { "crane": {
"locked": { "locked": {
"lastModified": 1731098351, "lastModified": 1731098351,
@@ -15,26 +33,6 @@
"type": "github" "type": "github"
} }
}, },
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1776613567,
"narHash": "sha256-gC9Cp5ibBmGD5awCA9z7xy6MW6iJufhazTYJOiGlCUI=",
"owner": "nix-community",
"repo": "disko",
"rev": "32f4236bfc141ae930b5ba2fb604f561fed5219d",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
@@ -72,6 +70,42 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": { "gitignore": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -97,16 +131,15 @@
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"impermanence",
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1768598210, "lastModified": 1737762889,
"narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=", "narHash": "sha256-5HGG09bh/Yx0JA8wtBMAzt0HMCL1bYZ93x4IqzVExio=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "c47b2cc64a629f8e075de52e4742de688f930dc6", "rev": "daf04c5950b676f47a794300657f1d3d14c1a120",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -116,18 +149,12 @@
} }
}, },
"impermanence": { "impermanence": {
"inputs": {
"home-manager": "home-manager",
"nixpkgs": [
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1769548169, "lastModified": 1737831083,
"narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=", "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "7b1d382faf603b6d264f58627330f9faa5cba149", "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -164,11 +191,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1777268161, "lastModified": 1737885589,
"narHash": "sha256-bxrdOn8SCOv8tN4JbTF/TXq7kjo9ag4M+C8yzzIRYbE=", "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "1c3fe55ad329cbcb28471bb30f05c9827f724c76", "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -178,6 +205,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-b93b4e9b5": {
"locked": {
"lastModified": 1713721570,
"narHash": "sha256-R0s+O5UjTePQRb72XPgtkTmEiOOW8n+1q9Gxt/OJnKU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b93b4e9b527904aadf52dba6ca35efde2067cbd4",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b93b4e9b527904aadf52dba6ca35efde2067cbd4",
"type": "github"
}
},
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1730741070, "lastModified": 1730741070,
@@ -223,10 +266,13 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"disko": "disko", "ansible-sshjail": "ansible-sshjail",
"home-manager": "home-manager",
"impermanence": "impermanence", "impermanence": "impermanence",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs",
"nixpkgs-b93b4e9b5": "nixpkgs-b93b4e9b5",
"zsh-histdb": "zsh-histdb"
} }
}, },
"rust-overlay": { "rust-overlay": {
@@ -249,6 +295,54 @@
"repo": "rust-overlay", "repo": "rust-overlay",
"type": "github" "type": "github"
} }
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"zsh-histdb": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1,
"narHash": "sha256-5DWw7GnwVZ98HUp/UUJcyUmmy9Bh/mcQB8MQQ0t3ZRo=",
"path": "flakes/zsh-histdb",
"type": "path"
},
"original": {
"path": "flakes/zsh-histdb",
"type": "path"
}
} }
}, },
"root": "root", "root": "root",

219
nix/configuration/flake.nix
View File

@@ -1,31 +1,55 @@
# TODO maybe use `nix eval --raw .#odo.iso.outPath` # Build ISO image
# nix build --extra-experimental-features nix-command --extra-experimental-features flakes .#iso.odo
# output: result/iso/nixos.iso
# Run the ISO image
# "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \
# -accel kvm \
# -cpu host \
# -smp cores=8 \
# -m 32768 \
# -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" \
# -drive if=pflash,format=raw,file="/tmp/OVMF_VARS.fd" \
# -nic user,hostfwd=tcp::60022-:22 \
# -boot order=d \
# -cdrom "$(readlink -f ./result/iso/nixos.iso)" \
# -display vnc=127.0.0.1:0
# #
# Install on a new machine: # doas cp "$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF_VARS.fd" /tmp/OVMF_VARS.fd
# # doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" -accel kvm -cpu host -smp cores=8 -m 32768 -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" -drive if=pflash,format=raw,file="/tmp/OVMF_VARS.fd" -nic user,hostfwd=tcp::60022-:22 -boot order=d -cdrom /persist/machine_setup/nix/configuration/result/iso/nixos*.iso -display vnc=127.0.0.1:0
# Set
# me.disko.enable = true; # Get a repl for this flake
# me.disko.offline.enable = true; # nix repl --expr "builtins.getFlake \"$PWD\""
#
# Run # TODO maybe use `nix eval --raw .#iso.odo.outPath`
# doas disko --mode destroy,format,mount hosts/recovery/disk-config.nix # iso.odo.isoName == "nixos.iso"
# doas nixos-install --substituters "http://10.0.2.2:8080?trusted=1 https://cache.nixos.org/" --flake ".#recovery" # full path = <outPath> / iso / <isoName>
{ {
description = "My system configuration"; description = "My system configuration";
inputs = { inputs = {
impermanence = { impermanence.url = "github:nix-community/impermanence";
url = "github:nix-community/impermanence";
inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-b93b4e9b5.url = "github:NixOS/nixpkgs/b93b4e9b527904aadf52dba6ca35efde2067cbd4";
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
lanzaboote = { lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.2"; url = "github:nix-community/lanzaboote/v0.4.2";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
disko = { zsh-histdb = {
url = "github:nix-community/disko"; url = "path:flakes/zsh-histdb";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
ansible-sshjail = {
url = "path:flakes/ansible-sshjail";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
}; };
@@ -34,97 +58,96 @@
{ {
self, self,
nixpkgs, nixpkgs,
disko, nixpkgs-b93b4e9b5,
impermanence, impermanence,
home-manager,
lanzaboote, lanzaboote,
zsh-histdb,
ansible-sshjail,
... ...
}: }@inputs:
let let
forAllSystems = nixpkgs.lib.genAttrs nixpkgs.lib.systems.flakeExposed; base_x86_64_linux = rec {
nodes = { system = "x86_64-linux";
specialArgs = {
pkgs-b93b4e9b5 = import nixpkgs-b93b4e9b5 {
inherit system;
};
};
modules = [
impermanence.nixosModules.impermanence
home-manager.nixosModules.home-manager
lanzaboote.nixosModules.lanzaboote
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
}
{
nixpkgs.overlays = [
zsh-histdb.overlays.default
ansible-sshjail.overlays.default
];
}
./configuration.nix
];
};
systems = {
odo = { odo = {
system = "x86_64-linux"; main = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [
./hosts/odo
];
}
);
iso = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [
./hosts/odo
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
# TODO: Figure out how to do image based appliances
# (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix")
{
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
me.buildingIso = true;
}
];
}
);
}; };
odowork = { neelix = {
system = "x86_64-linux"; main = nixpkgs.lib.nixosSystem (
}; base_x86_64_linux
quark = { // {
system = "x86_64-linux"; modules = base_x86_64_linux.modules ++ [
}; ./hosts/neelix
recovery = { ];
system = "x86_64-linux"; }
}; );
i_only_boot_zfs = { iso = nixpkgs.lib.nixosSystem (
system = "x86_64-linux"; base_x86_64_linux
}; // {
hydra = { modules = base_x86_64_linux.modules ++ [
system = "x86_64-linux"; ./hosts/neelix
}; (nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
family_disks = { {
system = "x86_64-linux"; isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
me.buildingIso = true;
}
];
}
);
}; };
}; };
nixosConfigs = builtins.mapAttrs (
hostname: nodeConfig: format:
nixpkgs.lib.nixosSystem {
specialArgs = {
inherit self;
this_nixos_config = self.nixosConfigurations."${hostname}";
all_nixos_configs = self.nixosConfigurations;
};
modules = [
impermanence.nixosModules.impermanence
lanzaboote.nixosModules.lanzaboote
disko.nixosModules.disko
./configuration.nix
(./. + "/hosts/${hostname}")
(./. + "/formats/${format}.nix")
{
config = {
nixpkgs.hostPlatform.system = nodeConfig.system;
nixpkgs.overlays = [
(final: prev: {
# stable = nixpkgs-stable.legacyPackages."${prev.stdenv.hostPlatform.system}";
unoptimized = import nixpkgs {
system = prev.stdenv.hostPlatform.system;
hostPlatform.gcc.arch = "default";
hostPlatform.gcc.tune = "default";
};
})
];
};
}
];
}
) nodes;
installerConfig =
hostname: nodeConfig:
nixpkgs.lib.nixosSystem {
specialArgs = {
targetSystem = self.nixosConfigurations."${hostname}";
};
modules = [
./formats/installer.nix
({ nixpkgs.hostPlatform.system = nodeConfig.system; })
];
};
in in
{ {
nixosConfigurations = (builtins.mapAttrs (name: value: value "toplevel") nixosConfigs); nixosConfigurations.odo = systems.odo.main;
} iso.odo = systems.odo.iso.config.system.build.isoImage;
// { nixosConfigurations.neelix = systems.neelix.main;
packages = ( iso.neelix = systems.neelix.iso.config.system.build.isoImage;
forAllSystems (
system:
(builtins.mapAttrs (hostname: nodeConfig: {
iso = (nixosConfigs."${hostname}" "iso").config.system.build.isoImage;
vm_iso = (nixosConfigs."${hostname}" "vm_iso").config.system.build.isoImage;
sd = (nixosConfigs."${hostname}" "sd").config.system.build.sdImage;
installer = (installerConfig hostname nodes."${hostname}").config.system.build.isoImage;
}) (nixpkgs.lib.attrsets.filterAttrs (hostname: nodeConfig: nodeConfig.system == system) nodes))
)
);
}; };
} }

61
nix/configuration/flakes/ansible-sshjail/flake.lock generated Normal file
View File

@@ -0,0 +1,61 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735141468,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

34
nix/configuration/flakes/ansible-sshjail/flake.nix Normal file
View File

@@ -0,0 +1,34 @@
{
description = "A slightly better history for zsh";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
inputs.flake-utils.url = "github:numtide/flake-utils";
outputs =
{
self,
nixpkgs,
flake-utils,
...
}:
let
out =
system:
let
pkgs = nixpkgs.legacyPackages.${system};
# Maybe pkgs = import nixpkgs { inherit system; }; ?
appliedOverlay = self.overlays.default pkgs pkgs;
in
{
packages = rec {
default = ansible-sshjail;
ansible-sshjail = appliedOverlay.ansible-sshjail;
};
};
in
flake-utils.lib.eachDefaultSystem out
// {
overlays.default = final: prev: {
ansible-sshjail = final.callPackage ./package.nix { };
};
};
}

0
nix/configuration/roles/ansible/package/ansible-sshjail/package.nix → nix/configuration/flakes/ansible-sshjail/package.nix
View File

61
nix/configuration/flakes/starship-game/flake.lock generated Normal file
View File

@@ -0,0 +1,61 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735141468,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

34
nix/configuration/flakes/starship-game/flake.nix Normal file
View File

@@ -0,0 +1,34 @@
{
description = "A slightly better history for zsh";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
inputs.flake-utils.url = "github:numtide/flake-utils";
outputs =
{
self,
nixpkgs,
flake-utils,
...
}:
let
out =
system:
let
pkgs = nixpkgs.legacyPackages.${system};
# Maybe pkgs = import nixpkgs { inherit system; }; ?
appliedOverlay = self.overlays.default pkgs pkgs;
in
{
packages = rec {
default = starship-game;
starship-game = appliedOverlay.starship-game;
};
};
in
flake-utils.lib.eachDefaultSystem out
// {
overlays.default = final: prev: {
starship-game = final.callPackage ./package.nix { };
};
};
}

261
nix/configuration/flakes/starship-game/package.nix Normal file
View File

@@ -0,0 +1,261 @@
{
lib,
stdenv,
SDL2,
cmake,
copyDesktopItems,
fetchFromGitHub,
fetchpatch,
fetchurl,
imagemagick,
imgui,
libpng,
libpulseaudio,
libzip,
lsb-release,
makeDesktopItem,
makeWrapper,
ninja,
nlohmann_json,
pkg-config,
python3,
spdlog,
stormlib,
tinyxml-2,
writeTextFile,
zenity,
}:
let
# This would get fetched at build time otherwise, see:
# https://github.com/HarbourMasters/2ship2harkinian/blob/1.0.2/mm/CMakeLists.txt#L708
gamecontrollerdb = fetchurl {
name = "gamecontrollerdb.txt";
url = "https://raw.githubusercontent.com/gabomdq/SDL_GameControllerDB/b1759cf84028aab89caa1c395e198c340b8dfd89/gamecontrollerdb.txt";
hash = "sha256-7C5EkqBIhLGNJuhi3832y0ffW5Ep7iuTYXb1bL5h2Js=";
};
# 2ship needs a specific imgui version
imgui' = imgui.overrideAttrs rec {
version = "1.90.6";
src = fetchFromGitHub {
owner = "ocornut";
repo = "imgui";
rev = "v${version}-docking";
hash = "sha256-Y8lZb1cLJF48sbuxQ3vXq6GLru/WThR78pq7LlORIzc=";
};
};
libgfxd = fetchFromGitHub {
owner = "glankk";
repo = "libgfxd";
rev = "96fd3b849f38b3a7c7b7f3ff03c5921d328e6cdf";
hash = "sha256-dedZuV0BxU6goT+rPvrofYqTz9pTA/f6eQcsvpDWdvQ=";
};
yaml_cpp = fetchFromGitHub {
owner = "jbeder";
repo = "yaml-cpp";
rev = "f7320141120f720aecc4c32be25586e7da9eb978";
hash = "sha256-J87oS6Az1/vNdyXu3L7KmUGWzU0IAkGrGMUUha+xDXI=";
};
# spdlog = fetchFromGitHub {
# owner = "gabime";
# repo = "spdlog";
# rev = "7e635fca68d014934b4af8a1cf874f63989352b7";
# hash = "sha256-cxTaOuLXHRU8xMz9gluYz0a93O0ez2xOxbloyc1m1ns=";
# };
# stb_impl = writeTextFile {
# name = "stb_impl.c";
# text = ''
# #define STB_IMAGE_IMPLEMENTATION
# #include "stb_image.h"
# '';
# };
# stb' = fetchurl {
# name = "stb_image.h";
# url = "https://raw.githubusercontent.com/nothings/stb/0bc88af4de5fb022db643c2d8e549a0927749354/stb_image.h";
# hash = "sha256-xUsVponmofMsdeLsI6+kQuPg436JS3PBl00IZ5sg3Vw=";
# };
# Apply 2ship's patch for stormlib
stormlib' = stormlib.overrideAttrs (prev: rec {
version = "9.25";
src = fetchFromGitHub {
owner = "ladislav-zezula";
repo = "StormLib";
rev = "v${version}";
hash = "sha256-HTi2FKzKCbRaP13XERUmHkJgw8IfKaRJvsK3+YxFFdc=";
};
nativeBuildInputs = prev.nativeBuildInputs ++ [ pkg-config ];
patches = (prev.patches or [ ]) ++ [
(fetchpatch {
name = "stormlib-optimizations.patch";
url = "https://github.com/briaguya-ai/StormLib/commit/ff338b230544f8b2bb68d2fbe075175ed2fd758c.patch";
hash = "sha256-Jbnsu5E6PkBifcx/yULMVC//ab7tszYgktS09Azs5+4=";
})
];
});
thread_pool = fetchFromGitHub {
owner = "bshoshany";
repo = "thread-pool";
rev = "v4.1.0";
hash = "sha256-zhRFEmPYNFLqQCfvdAaG5VBNle9Qm8FepIIIrT9sh88=";
};
in
stdenv.mkDerivation (finalAttrs: {
pname = "starship-game";
version = "v1.0.0";
src = fetchFromGitHub {
owner = "HarbourMasters";
repo = "starship";
# rev = "5e5e49da93e066f51c3010ba38f09331d866f2db";
tag = finalAttrs.version;
hash = "sha256-kaLLlLuonqE2DJcRlWR4tCEBNjwIYFlzeDLcYsvMO7I=";
fetchSubmodules = true;
};
# patches = [
# # remove fetching stb as we will patch our own
# ./0001-deps.patch
# ];
nativeBuildInputs = [
cmake
copyDesktopItems
imagemagick
lsb-release
makeWrapper
ninja
pkg-config
python3
];
buildInputs = [
SDL2
imgui'
libpng
libpulseaudio
libzip
nlohmann_json
spdlog
stormlib'
tinyxml-2
zenity
];
cmakeFlags = [
(lib.cmakeBool "NON_PORTABLE" true)
(lib.cmakeFeature "CMAKE_INSTALL_PREFIX" "${placeholder "out"}/starship-game")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_IMGUI" "${imgui'.src}")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_LIBGFXD" "${libgfxd}")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_STORMLIB" "${stormlib'}")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_THREADPOOL" "${thread_pool}")
];
dontAddPrefix = true;
# Linking fails without this
hardeningDisable = [ "format" ];
# Pie needs to be enabled or else it segfaults
hardeningEnable = [ "pie" ];
# preConfigure = ''
# # mirror 2ship's stb
# mkdir stb
# cp ${stb'} ./stb/${stb'.name}
# cp ${stb_impl} ./stb/${stb_impl.name}
# substituteInPlace libultraship/cmake/dependencies/common.cmake \
# --replace-fail "\''${STB_DIR}" "/build/source/stb"
# '';
# (cd tools/Torch && cmake -H. -Bbuild-cmake -GNinja \
# -DFETCHCONTENT_SOURCE_DIR_LIBGFXD=${libgfxd} \
# -DFETCHCONTENT_SOURCE_DIR_YAML-CPP=${finalAttrs.yaml_cpp_src} \
# -DFETCHCONTENT_SOURCE_DIR_SPDLOG=${finalAttrs.spdlog_src}
# )
configurePhase = ''
cmake -H. -Bbuild-cmake -GNinja \
-DFETCHCONTENT_SOURCE_DIR_IMGUI=${imgui'.src} \
-DFETCHCONTENT_SOURCE_DIR_STORMLIB=${stormlib'} \
-DFETCHCONTENT_SOURCE_DIR_THREADPOOL=${thread_pool}
(cd tools/Torch && cmake -H. -Bbuild-cmake -GNinja \
-DFETCHCONTENT_SOURCE_DIR_LIBGFXD=${libgfxd} \
-DFETCHCONTENT_SOURCE_DIR_YAML-CPP=${yaml_cpp} \
-DFETCHCONTENT_SOURCE_DIR_SPDLOG=${spdlog}
)
(cd libultraship && cmake -H. -Bbuild-cmake -GNinja \
-DFETCHCONTENT_SOURCE_DIR_LIBGFXD=${libgfxd} \
-DFETCHCONTENT_SOURCE_DIR_IMGUI=${imgui'.src} \
-DFETCHCONTENT_SOURCE_DIR_STORMLIB=${stormlib'} \
-DFETCHCONTENT_SOURCE_DIR_THREADPOOL=${thread_pool}
)
'';
buildPhase = ''
cmake --build build-cmake
'';
postBuild = ''
cp ${gamecontrollerdb} ${gamecontrollerdb.name}
pushd ../OTRExporter
python3 ./extract_assets.py -z ../build/ZAPD/ZAPD.out --norom --xml-root ../mm/assets/xml --custom-assets-path ../mm/assets/custom --custom-otr-file 2ship.o2r --port-ver ${finalAttrs.version}
popd
'';
preInstall = ''
# Cmake likes it here for its install paths
cp ../OTRExporter/2ship.o2r mm/
'';
postInstall = ''
mkdir -p $out/bin
ln -s $out/2s2h/2s2h.elf $out/bin/2s2h
install -Dm644 ../mm/linux/2s2hIcon.png $out/share/pixmaps/2s2h.png
'';
postFixup = ''
wrapProgram $out/2s2h/2s2h.elf --prefix PATH ":" ${lib.makeBinPath [ zenity ]}
'';
desktopItems = [
(makeDesktopItem {
name = "starship";
icon = "starship";
exec = "starship";
comment = finalAttrs.meta.description;
genericName = "Starship";
desktopName = "starship";
categories = [ "Game" ];
})
];
meta = {
homepage = "https://github.com/HarbourMasters/2ship2harkinian";
description = "A PC port of Majora's Mask with modern controls, widescreen, high-resolution, and more";
mainProgram = "starship";
platforms = [ "x86_64-linux" ];
maintainers = with lib.maintainers; [ ];
license = with lib.licenses; [
# # OTRExporter, OTRGui, ZAPDTR, libultraship
# mit
# # 2 Ship 2 Harkinian
# cc0
# # Reverse engineering
# unfree
];
};
})

61
nix/configuration/flakes/zsh-histdb/flake.lock generated Normal file
View File

@@ -0,0 +1,61 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735141468,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

34
nix/configuration/flakes/zsh-histdb/flake.nix Normal file
View File

@@ -0,0 +1,34 @@
{
description = "A slightly better history for zsh";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
inputs.flake-utils.url = "github:numtide/flake-utils";
outputs =
{
self,
nixpkgs,
flake-utils,
...
}:
let
out =
system:
let
pkgs = nixpkgs.legacyPackages.${system};
# Maybe pkgs = import nixpkgs { inherit system; }; ?
appliedOverlay = self.overlays.default pkgs pkgs;
in
{
packages = rec {
default = zsh-histdb;
zsh-histdb = appliedOverlay.zsh-histdb;
};
};
in
flake-utils.lib.eachDefaultSystem out
// {
overlays.default = final: prev: {
zsh-histdb = final.callPackage ./package.nix { };
};
};
}

0
nix/configuration/roles/zsh/package/zsh-histdb/package.nix → nix/configuration/flakes/zsh-histdb/package.nix
View File

74
nix/configuration/formats/installer.nix
View File

@@ -1,74 +0,0 @@
{
config,
pkgs,
lib,
modulesPath,
targetSystem,
...
}:
let
installer = pkgs.writeShellApplication {
name = "installer";
runtimeInputs = with pkgs; [
# clevis
dosfstools
e2fsprogs
gawk
nixos-install-tools
util-linux
config.nix.package
];
text = ''
set -euo pipefail
${targetSystem.config.system.build.diskoScript}
nixos-install --no-channel-copy --no-root-password --option substituters "" --system ${targetSystem.config.system.build.toplevel}
'';
};
installerFailsafe = pkgs.writeShellScript "failsafe" ''
${lib.getExe installer} || echo "ERROR: Installation failure!"
sleep 3600
'';
in
{
imports = [
(modulesPath + "/installer/cd-dvd/iso-image.nix")
(modulesPath + "/profiles/all-hardware.nix")
];
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_18;
# boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux;
boot.zfs.package = pkgs.zfs_unstable;
boot.kernelParams = [
"quiet"
"systemd.unit=getty.target"
];
boot.supportedFilesystems.zfs = true;
boot.initrd.systemd.enable = true;
networking.hostId = "04581ecf";
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
isoImage.squashfsCompression = "zstd -Xcompression-level 15";
environment.systemPackages = [
installer
];
systemd.services."getty@tty1" = {
overrideStrategy = "asDropin";
serviceConfig = {
ExecStart = [
""
installerFailsafe
];
Restart = "no";
StandardInput = "null";
};
};
# system.stateVersion = lib.mkDefault lib.trivial.release;
system.stateVersion = "24.11";
}

36
nix/configuration/formats/iso.nix
View File

@@ -1,36 +0,0 @@
{
config,
lib,
modulesPath,
pkgs,
...
}:
{
imports = [
(modulesPath + "/installer/cd-dvd/iso-image.nix")
];
config = {
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
networking.dhcpcd.enable = true;
networking.useDHCP = true;
me.buildingPortable = true;
me.disko.enable = true;
me.disko.offline.enable = true;
me.mountPersistence = lib.mkForce false;
# me.optimizations.enable = lib.mkForce false;
# Not doing image_based_appliance because this might be an install ISO, in which case we'd need nix to do the install.
# me.image_based_appliance.enable = true;
# TODO: Should I use this instead of doing a mkIf for the disk config?
# disko.enableConfig = false;
# Faster image generation for testing/development.
isoImage.squashfsCompression = "zstd -Xcompression-level 15";
};
}

32
nix/configuration/formats/sd.nix
View File

@@ -1,32 +0,0 @@
{
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/sd-card/sd-image.nix")
];
config = {
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
boot.loader.grub.enable = false;
boot.loader.generic-extlinux-compatible.enable = true;
# TODO: image based appliance?
# TODO: Maybe this?
# fileSystems = {
# "/" = {
# device = "/dev/disk/by-label/NIXOS_SD";
# fsType = "ext4";
# options = [
# "noatime"
# "norelatime"
# ];
# };
# };
};
}

1
nix/configuration/formats/toplevel.nix
View File

@@ -1 +0,0 @@
{ }

22
nix/configuration/formats/vm_iso.nix
View File

@@ -1,22 +0,0 @@
{
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/cd-dvd/iso-image.nix")
(modulesPath + "/profiles/qemu-guest.nix") # VirtIO kernel modules
];
config = {
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
networking.dhcpcd.enable = true;
networking.useDHCP = true;
me.image_based_appliance.enable = true;
};
}

13
nix/configuration/hosts/family_disks/DEPLOY_BOOT
View File

@@ -1,13 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
TARGET=family_disks
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#family_disks" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

13
nix/configuration/hosts/family_disks/DEPLOY_SWITCH
View File

@@ -1,13 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
TARGET=family_disks
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#family_disks" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/family_disks/ISO
View File

@@ -1,10 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#family_disks.iso" --repair --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/family_disks/SELF_BOOT
View File

@@ -1,10 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#family_disks" --repair --log-format internal-json -v "${@}" |& nom --json

12
nix/configuration/hosts/family_disks/SELF_BUILD
View File

@@ -1,12 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
: "${NOM:="true"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#family_disks" --repair --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/family_disks/SELF_SWITCH
View File

@@ -1,10 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#family_disks" --repair --log-format internal-json -v "${@}" |& nom --json

75
nix/configuration/hosts/family_disks/default.nix
View File

@@ -1,75 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./hardware-configuration.nix
./wrapped-disk-config.nix
./distributed_build.nix
./power_management.nix
];
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "908cbf04";
networking.hostName = "family_disks"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.boot.enable = true;
me.boot.secure = false;
me.mountPersistence = true;
# Toggle to start writing the extlinux config which will be used by zfsbootmenu
boot.loader.generic-extlinux-compatible.enable = true;
boot.loader.systemd-boot.enable = lib.mkForce false;
me.rollback.dataset = [
"zroot/linux/nix/root@blank"
"zroot/linux/nix/home@blank"
];
me.optimizations = {
enable = true;
arch = "skylake";
# build_arch = "x86-64-v3";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
"gccarch-kabylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Early KMS
# boot.initrd.kernelModules = [ "amdgpu" ];
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
# Enable light sensor
# hardware.sensor.iio.enable = lib.mkDefault true;
# Enable TRIM
# services.fstrim.enable = lib.mkDefault true;
# Only run nix builders at idle priority for a more responsive system. Do not set on servers, just end-user devices.
nix.daemonCPUSchedPolicy = "idle";
me.build_in_ram.enable = true;
me.dont_use_substituters.enable = true;
me.minimal_base.enable = true;
me.recovery.enable = true;
};
}

155
nix/configuration/hosts/family_disks/disk-config.nix
View File

@@ -1,155 +0,0 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/efi";
mountOptions = [
"umask=0077"
"noatime"
"discard"
];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
# mode = "mirror";
# Workaround: cannot import 'zroot': I/O error in disko tests
options.cachefile = "none";
options = {
ashift = "12";
compatibility = "openzfs-2.2-freebsd";
autotrim = "on";
};
rootFsOptions = {
acltype = "posixacl";
atime = "off";
relatime = "off";
xattr = "sa";
mountpoint = "none";
compression = "lz4";
canmount = "off";
utf8only = "on";
dnodesize = "auto";
normalization = "formD";
};
datasets = {
"linux/nix" = {
type = "zfs_fs";
options.mountpoint = "none";
options = {
# encryption = "aes-256-gcm";
# keyformat = "passphrase";
# # keylocation = "file:///tmp/secret.key";
};
};
"linux/nix/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
};
"linux/nix/boot" = {
type = "zfs_fs";
options = {
mountpoint = "legacy";
"org.zfsbootmenu:active" = "on";
};
mountpoint = "/boot";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/boot@blank$' || zfs snapshot zroot/linux/nix/boot@blank";
};
"linux/nix/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
options = {
# recordsize = "16MiB";
# compression = "zstd-19";
};
};
"linux/nix/home" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/home";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
};
"linux/nix/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
};
"linux/nix/state" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/state";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
};
};
};
};
};
# Make sure all persistent volumes are marked as neededForBoot
#
# Also mounts /home so it is mounted before the user home directories are created.
fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
fileSystems."/".options = [
"noatime"
"norelatime"
];
fileSystems."/boot".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [
"noatime"
"norelatime"
];
fileSystems."/persist".options = [
"noatime"
"norelatime"
];
fileSystems."/state".options = [
"noatime"
"norelatime"
];
fileSystems."/home".options = [
"noatime"
"norelatime"
];
# Only attempt to decrypt the main pool. Otherwise it attempts to decrypt pools that aren't even used.
boot.zfs.requestEncryptionCredentials = [ "zroot/linux/nix" ];
}

19
nix/configuration/hosts/family_disks/distributed_build.nix
View File

@@ -1,19 +0,0 @@
{
imports = [ ];
config = {
me.distributed_build.enable = true;
me.distributed_build.machines.quark = {
enable = false;
additional_config = {
speedFactor = 2;
};
};
me.distributed_build.machines.hydra = {
enable = true;
additional_config = {
speedFactor = 2;
};
};
};
}

33
nix/configuration/hosts/family_disks/hardware-configuration.nix
View File

@@ -1,33 +0,0 @@
{
config,
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
config = {
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
}

75
nix/configuration/hosts/family_disks/power_management.nix
View File

@@ -1,75 +0,0 @@
{
pkgs,
...
}:
{
imports = [ ];
config = {
environment.systemPackages = with pkgs; [
powertop
];
# amdgpu.abmlevel=3 :: Automatically reduce screen brightness but tweak colors to compensate for power reduction.
# pcie_aspm=force pcie_aspm.policy=powersupersave :: Enable PCIe active state power management for power reduction.
# nowatchdog :: Disable watchdog for power savings (related to disable_sp5100_watchdog above).
# amd_pstate=passive :: Fully automated hardware pstate control.
# amd_pstate=active :: Same as passive except we can set the energy performance preference (EPP) to suggest how much we prefer performance or energy efficiency.
# amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds.
# amdgpu.dcdebugmask=0x10 :: Allegedly disables Panel Replay from https://community.frame.work/t/tracking-freezing-arch-linux-amd/39495/32
boot.kernelParams = [
"amdgpu.abmlevel=2"
"pcie_aspm=force"
# "pcie_aspm.policy=powersupersave"
"nowatchdog"
# I don't see a measurable benefit from these two:
# "cpufreq.default_governor=powersave"
# "initcall_blacklist=cpufreq_gov_userspace_init"
];
systemd.tmpfiles.rules = [
"w- /sys/firmware/acpi/platform_profile - - - - low-power"
"w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy4/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy5/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy6/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy7/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy8/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy9/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy10/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy11/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy12/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpu0/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu1/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu2/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu3/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu4/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu5/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu6/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu7/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu8/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu9/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu10/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu11/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu12/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu13/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu14/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu15/cpufreq/boost - - - - 0"
];
boot.extraModprobeConfig = ''
# Disable the hardware watchdog inside AMD 700 chipset series for power savings.
blacklist sp5100_tco
# Sound power-saving was causing chat notifications to be inaudible.
# options snd_hda_intel power_save=1
'';
};
}

7
nix/configuration/hosts/family_disks/wrapped-disk-config.nix
View File

@@ -1,7 +0,0 @@
{
config,
lib,
...
}:
lib.mkIf (!config.me.buildingPortable) (import ./disk-config.nix)

13
nix/configuration/hosts/hydra/DEPLOY_BOOT
View File

@@ -1,13 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
TARGET=hydra
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

13
nix/configuration/hosts/hydra/DEPLOY_SWITCH
View File

@@ -1,13 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
TARGET=hydra
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/hydra/ISO
View File

@@ -1,10 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#hydra.iso" --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/hydra/SELF_BOOT
View File

@@ -1,10 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#hydra" --repair --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/hydra/SELF_BUILD
View File

@@ -1,10 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#hydra" --repair --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/hydra/SELF_SWITCH
View File

@@ -1,10 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#hydra" --repair --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/hydra/VM_ISO
View File

@@ -1,10 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#hydra.vm_iso" --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

138
nix/configuration/hosts/hydra/default.nix
View File

@@ -1,138 +0,0 @@
# MANUAL: On client machines generate signing keys:
# nix-store --generate-binary-cache-key some-name /persist/manual/nix/nix-cache-key.sec /persist/manual/nix/nix-cache-key.pub
#
# Trust other machines and add the substituters:
# nix.binaryCachePublicKeys = [ "some-name:AzNW1MOlkNEsUAXS1jIFZ1QCFKXjV+Y/LrF37quAZ1A=" ];
# nix.binaryCaches = [ "https://test.example/nix-cache" ];
{
config,
lib,
pkgs,
...
}:
{
imports = [
./hardware-configuration.nix
./vm_disk.nix
];
config = {
networking =
let
interface = "enp0s2";
in
{
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
hostId = "6fbf418b";
hostName = "hydra"; # Define your hostname.
interfaces = {
"${interface}" = {
ipv4.addresses = [
{
address = "10.215.1.219";
prefixLength = 24;
}
];
ipv6.addresses = [
{
address = "2620:11f:7001:7:ffff:ffff:0ad7:01db";
prefixLength = 64;
}
];
};
};
defaultGateway = "10.215.1.1";
defaultGateway6 = {
# address = "2620:11f:7001:7::1";
address = "2620:11f:7001:7:ffff:ffff:0ad7:0101";
inherit interface;
};
dhcpcd.enable = lib.mkForce false;
useDHCP = lib.mkForce false;
};
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.boot.enable = true;
me.boot.secure = false;
me.mountPersistence = true;
boot.loader.timeout = lib.mkForce 0; # We can always generate a new ISO if we need to access other boot options.
me.optimizations = {
enable = true;
arch = "znver4";
# build_arch = "x86-64-v3";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
"gccarch-kabylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
# Enable TRIM
# services.fstrim.enable = lib.mkDefault true;
# nix.optimise.automatic = true;
# nix.optimise.dates = [ "03:45" ];
# nix.optimise.persistent = true;
me.image_based_appliance.enable = lib.mkForce false;
environment.systemPackages = with pkgs; [
htop
git # for building on hydra
tmux # for building on hydra
nix-output-monitor # for building on hydra
];
# nix.sshServe.enable = true;
# nix.sshServe.keys = [ "ssh-dss AAAAB3NzaC1k... bob@example.org" ];
# Override garbage collection to keep things longer
# Automatic garbage collection
nix.gc = lib.mkForce {
automatic = true;
persistent = true;
dates = "weekly";
# randomizedDelaySec = "14m";
options = "--delete-older-than 60d";
};
# The default limit of files is 1024 which is too low for some nix builds.
#
# Check with `ulimit -n`
security.pam.loginLimits = [
{
domain = "*";
item = "nofile";
type = "-";
value = "8192";
}
];
# systemd.user.extraConfig = "DefaultLimitNOFILE=8192";
# systemd.services."user@11400".serviceConfig.LimitNOFILE = "8192";
me.build_in_ram.enable = true;
me.dont_use_substituters.enable = true;
me.hydra.enable = true;
me.minimal_base.enable = true;
me.nix_worker.enable = true;
};
}

31
nix/configuration/hosts/hydra/hardware-configuration.nix
View File

@@ -1,31 +0,0 @@
{
config,
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
config = {
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
};
}

95
nix/configuration/hosts/hydra/vm_disk.nix
View File

@@ -1,95 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = {
# environment.systemPackages = with pkgs; [
# e2fsprogs # mkfs.ext4
# gptfdisk # cgdisk
# ];
# Mount the local disk
fileSystems = lib.mkIf config.me.mountPersistence {
"/.disk" = lib.mkForce {
device = "/dev/nvme0n1p1";
fsType = "ext4";
options = [
"noatime"
"discard"
];
neededForBoot = true;
};
# "/.persist" = lib.mkForce {
# device = "bind9p";
# fsType = "9p";
# options = [
# "noatime"
# "trans=virtio"
# "version=9p2000.L"
# "cache=mmap"
# "msize=512000"
# "uname=root"
# "dfltuid=0"
# "dfltgid=0"
# "nodevmap"
# # "noauto"
# # "x-systemd.automount"
# ];
# neededForBoot = true;
# };
"/persist" = {
fsType = "none";
device = "/.disk/persist";
options = [
"bind"
"rw"
];
depends = [
"/.disk/persist"
];
neededForBoot = true;
};
"/state" = {
fsType = "none";
device = "/.disk/state";
options = [
"bind"
"rw"
];
depends = [
"/.disk/state"
];
neededForBoot = true;
};
# "/nix/store" = lib.mkForce {
# overlay = {
# lowerdir = [ "/nix/.ro-store" ];
# upperdir = "/.disk/persist/store";
# workdir = "/.disk/state/work";
# };
# # fsType = "overlay";
# # device = "overlay";
# # options = [
# # "lowerdir=/nix/.ro-store"
# # "upperdir=/.disk/persist/store"
# # "workdir=/.disk/state/work"
# # ];
# depends = [
# "/nix/.ro-store"
# "/.disk/persist/store"
# "/.disk/state/work"
# ];
# };
};
};
}

13
nix/configuration/hosts/i_only_boot_zfs/DEPLOY_BOOT
View File

@@ -1,13 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
TARGET=i_only_boot_zfs
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#i_only_boot_zfs" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

13
nix/configuration/hosts/i_only_boot_zfs/DEPLOY_SWITCH
View File

@@ -1,13 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
TARGET=i_only_boot_zfs
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#i_only_boot_zfs" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/i_only_boot_zfs/ISO
View File

@@ -1,10 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#i_only_boot_zfs.iso" --repair --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/i_only_boot_zfs/SELF_BOOT
View File

@@ -1,10 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#i_only_boot_zfs" --repair --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/i_only_boot_zfs/SELF_BUILD
View File

@@ -1,10 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#i_only_boot_zfs" --repair --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/i_only_boot_zfs/SELF_SWITCH
View File

@@ -1,10 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#i_only_boot_zfs" --repair --log-format internal-json -v "${@}" |& nom --json

63
nix/configuration/hosts/i_only_boot_zfs/default.nix
View File

@@ -1,63 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./hardware-configuration.nix
./wrapped-disk-config.nix
./distributed_build.nix
./power_management.nix
];
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "6a05d86e";
networking.hostName = "i_only_boot_zfs"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.boot.enable = true;
me.boot.secure = false;
me.mountPersistence = true;
# Toggle to start writing the extlinux config which will be used by zfsbootmenu
# boot.loader.generic-extlinux-compatible.enable = true;
# boot.loader.systemd-boot.enable = lib.mkForce false;
me.optimizations = {
# enable = true;
# arch = "kabylake";
# build_arch = "x86-64-v3";
system_features = [
# "gccarch-kabylake"
"gccarch-x86-64-v3"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Early KMS
# boot.initrd.kernelModules = [ "amdgpu" ];
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
# Enable TRIM
# services.fstrim.enable = lib.mkDefault true;
# Even when installed, we want to dhcp because this is for a VM.
networking.dhcpcd.enable = true;
networking.useDHCP = true;
me.build_in_ram.enable = true;
me.dont_use_substituters.enable = true;
me.minimal_base.enable = true;
};
}

155
nix/configuration/hosts/i_only_boot_zfs/disk-config.nix
View File

@@ -1,155 +0,0 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/efi";
mountOptions = [
"umask=0077"
"noatime"
"discard"
];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
# mode = "mirror";
# Workaround: cannot import 'zroot': I/O error in disko tests
options.cachefile = "none";
options = {
ashift = "12";
compatibility = "openzfs-2.2-freebsd";
autotrim = "on";
};
rootFsOptions = {
acltype = "posixacl";
atime = "off";
relatime = "off";
xattr = "sa";
mountpoint = "none";
compression = "lz4";
canmount = "off";
utf8only = "on";
dnodesize = "auto";
normalization = "formD";
};
datasets = {
"linux/nix" = {
type = "zfs_fs";
options.mountpoint = "none";
options = {
# encryption = "aes-256-gcm";
# keyformat = "passphrase";
# keylocation = "file:///tmp/secret.key";
};
};
"linux/nix/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
};
"linux/nix/boot" = {
type = "zfs_fs";
options = {
mountpoint = "legacy";
"org.zfsbootmenu:active" = "on";
};
mountpoint = "/boot";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/boot@blank$' || zfs snapshot zroot/linux/nix/boot@blank";
};
"linux/nix/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
options = {
recordsize = "16MiB";
compression = "zstd-19";
};
};
"linux/nix/home" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/home";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
};
"linux/nix/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
};
"linux/nix/state" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/state";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
};
};
};
};
};
# Make sure all persistent volumes are marked as neededForBoot
#
# Also mounts /home so it is mounted before the user home directories are created.
fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
fileSystems."/".options = [
"noatime"
"norelatime"
];
fileSystems."/boot".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [
"noatime"
"norelatime"
];
fileSystems."/persist".options = [
"noatime"
"norelatime"
];
fileSystems."/state".options = [
"noatime"
"norelatime"
];
fileSystems."/home".options = [
"noatime"
"norelatime"
];
# Only attempt to decrypt the main pool. Otherwise it attempts to decrypt pools that aren't even used.
# boot.zfs.requestEncryptionCredentials = [ "zroot/linux/nix" ];
}

13
nix/configuration/hosts/i_only_boot_zfs/distributed_build.nix
View File

@@ -1,13 +0,0 @@
{
imports = [ ];
config = {
me.distributed_build.enable = true;
me.distributed_build.machines.quark = {
enable = true;
additional_config = {
speedFactor = 2;
};
};
};
}

33
nix/configuration/hosts/i_only_boot_zfs/hardware-configuration.nix
View File

@@ -1,33 +0,0 @@
{
config,
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
config = {
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
}

63
nix/configuration/hosts/i_only_boot_zfs/power_management.nix
View File

@@ -1,63 +0,0 @@
{
pkgs,
...
}:
{
imports = [ ];
config = {
environment.systemPackages = with pkgs; [
powertop
];
# pcie_aspm=force pcie_aspm.policy=powersupersave :: Enable PCIe active state power management for power reduction.
# nowatchdog :: Disable watchdog for power savings (related to disable_sp5100_watchdog above).
boot.kernelParams = [
"pcie_aspm=force"
# "pcie_aspm.policy=powersupersave"
"nowatchdog"
];
systemd.tmpfiles.rules = [
"w- /sys/firmware/acpi/platform_profile - - - - low-power"
"w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy4/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy5/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy6/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy7/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy8/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy9/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy10/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy11/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy12/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpu0/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu1/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu2/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu3/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu4/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu5/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu6/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu7/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu8/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu9/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu10/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu11/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu12/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu13/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu14/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu15/cpufreq/boost - - - - 0"
];
boot.extraModprobeConfig = ''
# Sound power-saving was causing chat notifications to be inaudible.
# options snd_hda_intel power_save=1
'';
};
}

7
nix/configuration/hosts/i_only_boot_zfs/wrapped-disk-config.nix
View File

@@ -1,7 +0,0 @@
{
config,
lib,
...
}:
lib.mkIf (!config.me.buildingPortable) (import ./disk-config.nix)

17
nix/configuration/hosts/neelix/DEPLOY_BOOT
View File

@@ -1,17 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=neelix
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#neelix'

17
nix/configuration/hosts/neelix/DEPLOY_SWITCH
View File

@@ -1,17 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=neelix
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#neelix'

72
nix/configuration/hosts/neelix/default.nix
View File

@@ -3,64 +3,36 @@
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./disk-config.nix ./disk-config.nix
./optimized_build.nix
./power_management.nix ./power_management.nix
]; ];
config = { # Generate with `head -c4 /dev/urandom | od -A none -t x4`
# Generate with `head -c4 /dev/urandom | od -A none -t x4` networking.hostId = "fbd233d8";
networking.hostId = "bca9d0a5";
networking.hostName = "neelix"; # Define your hostname. networking.hostName = "neelix"; # Define your hostname.
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
me.boot.secure = false; me.secureBoot.enable = false;
me.mountPersistence = true;
me.optimizations = { # Early KMS
enable = false; boot.initrd.kernelModules = [ "i915" ];
arch = "alderlake";
system_features = [
"gccarch-alderlake"
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Early KMS # Mount tmpfs at /tmp
boot.initrd.kernelModules = [ "i915" ]; boot.tmp.useTmpfs = true;
# Mount tmpfs at /tmp me.bluetooth.enable = true;
# boot.tmp.useTmpfs = true; me.emacs_flavor = "plainmacs";
me.graphical = true;
me.graphics_card_type = "intel";
me.kodi.enable = true;
me.lvfs.enable = true;
me.sound.enable = true;
me.wireguard.activated = [ "wgh" ];
me.wireguard.deactivated = [ "wgf" ];
me.zrepl.enable = true;
me.zsh.enable = true;
me.base.enable = true;
me.bluetooth.enable = true;
me.boot.enable = true;
me.doas.enable = true;
me.emacs_flavor = "plainmacs";
me.firewall.enable = true;
me.font.enable = true;
me.git.enable = true;
me.graphical = true;
me.graphics_card_type = "intel";
me.kodi.enable = true;
me.lvfs.enable = true;
me.memtest.enable = true;
me.network.enable = true;
me.nvme.enable = true;
me.sound.enable = true;
me.ssh.enable = true;
me.sshd.enable = true;
me.user.enable = true;
me.wireguard.activated = [ "wgh" ];
me.wireguard.deactivated = [ "wgf" ];
me.zfs.enable = true;
me.zrepl.enable = true;
me.zsh.enable = true;
};
} }

38
nix/configuration/hosts/neelix/hardware-configuration.nix
View File

@@ -1,6 +1,10 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ {
config, config,
lib, lib,
pkgs,
modulesPath, modulesPath,
... ...
}: }:
@@ -10,27 +14,19 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
config = { boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.availableKernelModules = [ boot.initrd.kernelModules = [ ];
"xhci_pci" boot.kernelModules = [ ];
"nvme" boot.extraModulePackages = [ ];
"usbhid"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
# networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

78
nix/configuration/hosts/neelix/optimized_build.nix Normal file
View File

@@ -0,0 +1,78 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{ }
(lib.mkIf (!config.me.buildingIso) {
nix.settings.system-features = lib.mkForce [
"gccarch-alderlake"
"gccarch-x86-64-v3"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
# nixpkgs.hostPlatform = {
# gcc.arch = "alderlake";
# gcc.tune = "alderlake";
# system = "x86_64-linux";
# };
nixpkgs.overlays = [
(
self: super:
let
optimizeWithFlags =
pkg: flags:
pkg.overrideAttrs (old: {
NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags;
});
addConfig =
additionalConfig: pkg:
pkg.override (oldconfig: {
structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
});
in
{
linux_alderlake =
addConfig
{
# Full preemption
PREEMPT = lib.mkOverride 60 lib.kernel.yes;
PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
# Google's BBRv3 TCP congestion Control
TCP_CONG_BBR = lib.kernel.yes;
DEFAULT_BBR = lib.kernel.yes;
# Preemptive Full Tickless Kernel at 300Hz
HZ = lib.kernel.freeform "300";
HZ_300 = lib.kernel.yes;
HZ_1000 = lib.kernel.no;
}
(
optimizeWithFlags super.linux_6_12 [
"-march=alderlake"
"-mtune=alderlake"
]
);
}
)
];
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_alderlake;
})
(lib.mkIf (config.me.buildingIso) {
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_12;
boot.supportedFilesystems = [ "zfs" ];
})
];
}

46
nix/configuration/hosts/neelix/power_management.nix
View File

@@ -1,4 +1,6 @@
{ {
config,
lib,
pkgs, pkgs,
... ...
}: }:
@@ -6,30 +8,28 @@
{ {
imports = [ ]; imports = [ ];
config = { environment.systemPackages = with pkgs; [
environment.systemPackages = with pkgs; [ powertop
powertop ];
];
# pcie_aspm=force pcie_aspm.policy=powersupersave :: Enable PCIe active state power management for power reduction. # pcie_aspm=force pcie_aspm.policy=powersupersave :: Enable PCIe active state power management for power reduction.
# nowatchdog :: Disable watchdog for power savings (related to disable_sp5100_watchdog above). # nowatchdog :: Disable watchdog for power savings (related to disable_sp5100_watchdog above).
boot.kernelParams = [ boot.kernelParams = [
"pcie_aspm=force" "pcie_aspm=force"
# "pcie_aspm.policy=powersupersave" # "pcie_aspm.policy=powersupersave"
"nowatchdog" "nowatchdog"
]; ];
# default performance balance_performance balance_power power # default performance balance_performance balance_power power
# defaults to balance_performance # defaults to balance_performance
# systemd.tmpfiles.rules = [ # systemd.tmpfiles.rules = [
# "w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power" # "w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power" # "w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power" # "w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power" # "w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power"
# ]; # ];
boot.extraModprobeConfig = '' boot.extraModprobeConfig = ''
options snd_hda_intel power_save=1 options snd_hda_intel power_save=1
''; '';
};
} }

13
nix/configuration/hosts/odo/DEPLOY_BOOT
View File

@@ -1,13 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
TARGET=odo
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

13
nix/configuration/hosts/odo/DEPLOY_SWITCH
View File

@@ -1,13 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
TARGET=odo
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/odo/ISO
View File

@@ -1,10 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#odo.iso" --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/odo/SELF_BOOT
View File

@@ -1,10 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --repair --log-format internal-json -v "${@}" |& nom --json

11
nix/configuration/hosts/odo/SELF_BUILD
View File

@@ -1,11 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --repair --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/odo/SELF_SWITCH
View File

@@ -1,10 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --repair --log-format internal-json -v "${@}" |& nom --json

211
nix/configuration/hosts/odo/default.nix
View File

@@ -1,170 +1,75 @@
{ { config, pkgs, ... }:
config,
lib,
pkgs,
...
}:
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./wrapped-disk-config.nix ./disk-config.nix
./distributed_build.nix ./optimized_build.nix
./power_management.nix ./power_management.nix
./screen_brightness.nix ./screen_brightness.nix
./wifi.nix ./wifi.nix
./framework_module.nix
]; ];
config = { # Generate with `head -c4 /dev/urandom | od -A none -t x4`
# Generate with `head -c4 /dev/urandom | od -A none -t x4` networking.hostId = "908cbf04";
networking.hostId = "908cbf04";
networking.hostName = "odo"; # Define your hostname. networking.hostName = "odo"; # Define your hostname.
time.timeZone = "America/New_York"; time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
me.boot.enable = true; me.secureBoot.enable = true;
me.boot.secure = false;
me.mountPersistence = true;
# Toggle to start writing the extlinux config which will be used by zfsbootmenu # Early KMS
boot.loader.generic-extlinux-compatible.enable = true; boot.initrd.kernelModules = [ "amdgpu" ];
boot.loader.systemd-boot.enable = lib.mkForce false;
me.rollback.dataset = [ # Mount tmpfs at /tmp
"zroot/linux/nix/root@blank" boot.tmp.useTmpfs = true;
"zroot/linux/nix/home@blank"
];
me.optimizations = { environment.systemPackages = with pkgs; [
enable = true; fw-ectool
arch = "znver4"; ];
# build_arch = "x86-64-v3";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
"gccarch-kabylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Early KMS me.alacritty.enable = true;
boot.initrd.kernelModules = [ "amdgpu" ]; me.ansible.enable = true;
me.ares.enable = true;
me.bluetooth.enable = true;
me.chromecast.enable = true;
me.chromium.enable = true;
me.docker.enable = true;
me.emacs_flavor = "full";
me.firefox.enable = true;
me.git.config = ../../roles/git/files/gitconfig_home;
me.gpg.enable = true;
me.graphical = true;
me.graphics_card_type = "amd";
me.kanshi.enable = true;
me.kubernetes.enable = true;
me.latex.enable = true;
me.launch_keyboard.enable = true;
me.lvfs.enable = true;
me.media.enable = true;
me.nix_index.enable = true;
me.python.enable = true;
me.qemu.enable = true;
me.rust.enable = true;
me.sound.enable = true;
me.steam.enable = true;
me.sway.enable = true;
me.terraform.enable = true;
me.vnc_client.enable = true;
me.vscode.enable = true;
me.wasm.enable = true;
me.waybar.enable = true;
me.wireguard.activated = [
"drmario"
"wgh"
"colo"
];
me.wireguard.deactivated = [ "wgf" ];
me.zrepl.enable = true;
me.zsh.enable = true;
# Mount tmpfs at /tmp me.sm64ex.enable = true;
boot.tmp.useTmpfs = true; me.shipwright.enable = true;
me.ship2harkinian.enable = true;
environment.systemPackages = with pkgs; [
fw-ectool
framework-tool
];
# Enable light sensor
# hardware.sensor.iio.enable = lib.mkDefault true;
# Enable TRIM
# services.fstrim.enable = lib.mkDefault true;
# Only run nix builders at idle priority for a more responsive system. Do not set on servers, just end-user devices.
nix.daemonCPUSchedPolicy = "idle";
me.alacritty.enable = true;
me.amd_s2idle.enable = true;
me.android.enable = true;
me.ansible.enable = true;
me.ares.enable = true;
me.base.enable = true;
me.bluetooth.enable = true;
me.build_in_ram.enable = true;
me.chromecast.enable = true;
me.chromium.enable = true;
me.d2.enable = true;
me.direnv.enable = true;
me.doas.enable = true;
me.docker.enable = false;
me.dont_use_substituters.enable = true;
me.ecc.enable = false;
me.emacs_flavor = "full";
me.emulate_isa.enable = true;
me.esim.enable = true;
me.firefox.enable = true;
me.firewall.enable = true;
me.flux.enable = true;
me.font.enable = true;
me.gcloud.enable = true;
me.git.config = ../../roles/git/files/gitconfig_home;
me.git.enable = true;
me.gnuplot.enable = true;
me.gpg.enable = true;
me.graphical = true;
me.graphics_card_type = "amd";
me.graphviz.enable = true;
me.iso_mount.enable = true;
me.jujutsu.config = ../../roles/jujutsu/files/jujutsu_config_home.toml;
me.jujutsu.enable = true;
me.kanshi.enable = false;
me.kubernetes.enable = true;
me.latex.enable = true;
me.launch_keyboard.enable = true;
me.lvfs.enable = true;
me.media.enable = true;
me.memtest.enable = true;
me.network.enable = true;
me.nix_index.enable = true;
me.nix_repl.enable = true;
me.nixdev.enable = true;
me.nvme.enable = true;
me.openpgp_card_tools.enable = true;
me.pcsx2.enable = true;
me.podman.enable = true;
me.postgresql_client.enable = true;
me.python.enable = true;
me.qemu.enable = true;
me.recovery.enable = true;
me.rpcs3.enable = true;
me.rust.enable = true;
me.sequoia.enable = true;
me.shadps4.enable = false;
me.shikane.enable = true;
me.sops.enable = true;
me.sound.enable = true;
me.spaghettikart.enable = true;
me.ssh.enable = true;
me.sshd.enable = true;
me.steam.enable = true;
me.steam_run_free.enable = true;
me.sway.enable = true;
me.tekton.enable = true;
me.terraform.enable = true;
me.thunderbolt.enable = true;
me.user.enable = true;
me.uutils.enable = false;
me.vnc_client.enable = true;
me.vscode.enable = true;
me.wasm.enable = true;
me.waybar.enable = true;
me.webcam.enable = true;
me.wine.enable = false;
me.wireguard.activated = [
"drmario"
"wgh"
"colo"
];
me.wireguard.deactivated = [ "wgf" ];
me.yubikey.enable = true;
me.zfs.enable = true;
me.zrepl.enable = true;
me.zsh.enable = true;
me.sm64ex.enable = true;
me.shipwright.enable = true;
me.ship2harkinian.enable = true;
};
} }

23
nix/configuration/hosts/odo/disk-config.nix
View File

@@ -1,8 +1,14 @@
# Manual Step: # Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1 # Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1 # Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{ {
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) {
disko.devices = { disko.devices = {
disk = { disk = {
main = { main = {
@@ -17,7 +23,7 @@
content = { content = {
type = "filesystem"; type = "filesystem";
format = "vfat"; format = "vfat";
mountpoint = "/efi"; mountpoint = "/boot";
mountOptions = [ mountOptions = [
"umask=0077" "umask=0077"
"noatime" "noatime"
@@ -76,15 +82,6 @@
mountpoint = "/"; mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank"; postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
}; };
"linux/nix/boot" = {
type = "zfs_fs";
options = {
mountpoint = "legacy";
"org.zfsbootmenu:active" = "on";
};
mountpoint = "/boot";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/boot@blank$' || zfs snapshot zroot/linux/nix/boot@blank";
};
"linux/nix/nix" = { "linux/nix/nix" = {
type = "zfs_fs"; type = "zfs_fs";
options.mountpoint = "legacy"; options.mountpoint = "legacy";
@@ -129,10 +126,6 @@
"noatime" "noatime"
"norelatime" "norelatime"
]; ];
fileSystems."/boot".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [ fileSystems."/nix".options = [
"noatime" "noatime"
"norelatime" "norelatime"

19
nix/configuration/hosts/odo/distributed_build.nix
View File

@@ -1,19 +0,0 @@
{
imports = [ ];
config = {
me.distributed_build.enable = true;
me.distributed_build.machines.quark = {
enable = false;
additional_config = {
speedFactor = 2;
};
};
me.distributed_build.machines.hydra = {
enable = true;
additional_config = {
speedFactor = 2;
};
};
};
}

19
nix/configuration/hosts/odo/framework_module.nix
View File

@@ -1,19 +0,0 @@
{
config,
...
}:
{
imports = [ ];
config = {
boot.extraModulePackages = with config.boot.kernelPackages; [
framework-laptop-kmod
];
# https://github.com/DHowett/framework-laptop-kmod?tab=readme-ov-file#usage
boot.kernelModules = [
"cros_ec"
"cros_ec_lpcs"
];
};
}

39
nix/configuration/hosts/odo/hardware-configuration.nix
View File

@@ -1,6 +1,10 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ {
config, config,
lib, lib,
pkgs,
modulesPath, modulesPath,
... ...
}: }:
@@ -10,24 +14,23 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
config = { boot.initrd.availableKernelModules = [
boot.initrd.availableKernelModules = [ "nvme"
"nvme" "xhci_pci"
"xhci_pci" "thunderbolt"
"thunderbolt" ];
]; boot.initrd.kernelModules = [ ];
boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ];
boot.kernelModules = [ ]; boot.extraModulePackages = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
# networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

81
nix/configuration/hosts/odo/optimized_build.nix Normal file
View File

@@ -0,0 +1,81 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{ }
(lib.mkIf (!config.me.buildingIso) {
nix.settings.system-features = lib.mkForce [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
# nixpkgs.hostPlatform = {
# gcc.arch = "znver4";
# gcc.tune = "znver4";
# system = "x86_64-linux";
# };
nixpkgs.overlays = [
(
self: super:
let
optimizeWithFlags =
pkg: flags:
pkg.overrideAttrs (old: {
NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags;
});
addConfig =
additionalConfig: pkg:
pkg.override (oldconfig: {
structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
});
in
{
linux_znver4 =
addConfig
{
# Full preemption
PREEMPT = lib.mkOverride 60 lib.kernel.yes;
PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
# Google's BBRv3 TCP congestion Control
TCP_CONG_BBR = lib.kernel.yes;
DEFAULT_BBR = lib.kernel.yes;
# Preemptive Full Tickless Kernel at 300Hz
HZ = lib.kernel.freeform "300";
HZ_300 = lib.kernel.yes;
HZ_1000 = lib.kernel.no;
}
(
optimizeWithFlags super.linux_6_12 [
"-march=znver4"
"-mtune=znver4"
]
);
}
)
];
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_znver4;
})
(lib.mkIf (config.me.buildingIso) {
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_12;
boot.supportedFilesystems.zfs = true;
})
];
}

108
nix/configuration/hosts/odo/power_management.nix
View File

@@ -1,4 +1,6 @@
{ {
config,
lib,
pkgs, pkgs,
... ...
}: }:
@@ -6,70 +8,52 @@
{ {
imports = [ ]; imports = [ ];
config = { environment.systemPackages = with pkgs; [
environment.systemPackages = with pkgs; [ powertop
powertop ];
];
# amdgpu.abmlevel=3 :: Automatically reduce screen brightness but tweak colors to compensate for power reduction. # amdgpu.abmlevel=3 :: Automatically reduce screen brightness but tweak colors to compensate for power reduction.
# pcie_aspm=force pcie_aspm.policy=powersupersave :: Enable PCIe active state power management for power reduction. # pcie_aspm=force pcie_aspm.policy=powersupersave :: Enable PCIe active state power management for power reduction.
# nowatchdog :: Disable watchdog for power savings (related to disable_sp5100_watchdog above). # nowatchdog :: Disable watchdog for power savings (related to disable_sp5100_watchdog above).
# amd_pstate=passive :: Fully automated hardware pstate control. # amd_pstate=passive :: Fully automated hardware pstate control.
# amd_pstate=active :: Same as passive except we can set the energy performance preference (EPP) to suggest how much we prefer performance or energy efficiency. # amd_pstate=active :: Same as passive except we can set the energy performance preference (EPP) to suggest how much we prefer performance or energy efficiency.
# amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds. # amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds.
# amdgpu.dcdebugmask=0x10 :: Allegedly disables Panel Replay from https://community.frame.work/t/tracking-freezing-arch-linux-amd/39495/32 # amdgpu.dcdebugmask=0x10 :: Allegedly disables Panel Replay from https://community.frame.work/t/tracking-freezing-arch-linux-amd/39495/32
boot.kernelParams = [ boot.kernelParams = [
"amdgpu.abmlevel=2" "amdgpu.abmlevel=3"
"pcie_aspm=force" "pcie_aspm=force"
# "pcie_aspm.policy=powersupersave" # "pcie_aspm.policy=powersupersave"
"nowatchdog" "nowatchdog"
# I don't see a measurable benefit from these two: # I don't see a measurable benefit from these two:
# "cpufreq.default_governor=powersave" # "cpufreq.default_governor=powersave"
# "initcall_blacklist=cpufreq_gov_userspace_init" # "initcall_blacklist=cpufreq_gov_userspace_init"
]; ];
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"w- /sys/firmware/acpi/platform_profile - - - - low-power" "w- /sys/firmware/acpi/platform_profile - - - - low-power"
"w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy4/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy4/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy5/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy5/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy6/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy6/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy7/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy7/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy8/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy8/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy9/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy9/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy10/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy10/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy11/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy11/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy12/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy12/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpu0/cpufreq/boost - - - - 0" ];
"w- /sys/devices/system/cpu/cpu1/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu2/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu3/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu4/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu5/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu6/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu7/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu8/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu9/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu10/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu11/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu12/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu13/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu14/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu15/cpufreq/boost - - - - 0"
];
boot.extraModprobeConfig = '' boot.extraModprobeConfig = ''
# Disable the hardware watchdog inside AMD 700 chipset series for power savings. # Disable the hardware watchdog inside AMD 700 chipset series for power savings.
blacklist sp5100_tco blacklist sp5100_tco
# Sound power-saving was causing chat notifications to be inaudible. # Sound power-saving was causing chat notifications to be inaudible.
# options snd_hda_intel power_save=1 # options snd_hda_intel power_save=1
''; '';
};
} }

15
nix/configuration/hosts/odo/screen_brightness.nix
View File

@@ -1,9 +1,14 @@
{
config,
lib,
pkgs,
...
}:
{ {
imports = [ ]; imports = [ ];
config = { systemd.tmpfiles.rules = [
systemd.tmpfiles.rules = [ "w- /sys/class/backlight/amdgpu_bl1/brightness - - - - 85"
"w- /sys/class/backlight/amdgpu_bl1/brightness - - - - 32767" ];
];
};
} }

11
nix/configuration/hosts/odo/wifi.nix
View File

@@ -1,7 +1,18 @@
{
config,
lib,
pkgs,
...
}:
{ {
imports = [ ]; imports = [ ];
config = { config = {
environment.loginShellInit = lib.mkIf (!config.me.buildingIso) ''
doas iw dev wlan0 set power_save off
'';
# Enable debug logging for ath12k wifi card. # Enable debug logging for ath12k wifi card.
boot.kernelParams = [ boot.kernelParams = [
"ath12k.debug_mask=0xffffffff" "ath12k.debug_mask=0xffffffff"

7
nix/configuration/hosts/odo/wrapped-disk-config.nix
View File

@@ -1,7 +0,0 @@
{
config,
lib,
...
}:
lib.mkIf (!config.me.buildingPortable) (import ./disk-config.nix)

11
nix/configuration/hosts/odowork/DEPLOY_BOOT
View File

@@ -1,11 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
TARGET=odowork
nixos-rebuild boot --flake "$DIR/../../#odowork" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

11
nix/configuration/hosts/odowork/DEPLOY_SWITCH
View File

@@ -1,11 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
TARGET=odowork
nixos-rebuild switch --flake "$DIR/../../#odowork" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

9
nix/configuration/hosts/odowork/INSTALLER
View File

@@ -1,9 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#odowork.installer" --repair --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

9
nix/configuration/hosts/odowork/ISO
View File

@@ -1,9 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#odowork.iso" --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

9
nix/configuration/hosts/odowork/SELF_BOOT
View File

@@ -1,9 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odowork" --repair --log-format internal-json -v "${@}" |& nom --json

9
nix/configuration/hosts/odowork/SELF_BUILD
View File

@@ -1,9 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odowork" --repair --log-format internal-json -v "${@}" |& nom --json

9
nix/configuration/hosts/odowork/SELF_SWITCH
View File

@@ -1,9 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odowork" --repair --log-format internal-json -v "${@}" |& nom --json

156
nix/configuration/hosts/odowork/default.nix
View File

@@ -1,156 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./hardware-configuration.nix
./wrapped-disk-config.nix
./distributed_build.nix
./power_management.nix
./screen_brightness.nix
./wifi.nix
./framework_module.nix
./ssh_config.nix
];
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "133cb66e";
networking.hostName = "odowork"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.boot.enable = true;
me.boot.secure = false;
me.mountPersistence = true;
# Toggle to start writing the extlinux config which will be used by zfsbootmenu
boot.loader.generic-extlinux-compatible.enable = true;
boot.loader.systemd-boot.enable = lib.mkForce false;
me.rollback.dataset = [
"zroot/linux/nixwork/root@blank"
"zroot/linux/nixwork/home@blank"
];
me.optimizations = {
enable = true;
arch = "znver4";
# build_arch = "x86-64-v3";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
"gccarch-kabylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Early KMS
boot.initrd.kernelModules = [ "amdgpu" ];
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
environment.systemPackages = with pkgs; [
fw-ectool
framework-tool
];
# Enable light sensor
# hardware.sensor.iio.enable = lib.mkDefault true;
# Enable TRIM
# services.fstrim.enable = lib.mkDefault true;
# Only run nix builders at idle priority for a more responsive system. Do not set on servers, just end-user devices.
nix.daemonCPUSchedPolicy = "idle";
fonts.enableDefaultPackages = lib.mkForce true;
fonts.packages = with pkgs; [
corefonts
];
allowedUnfree = [ "corefonts" ];
me.alacritty.enable = true;
me.amd_s2idle.enable = true;
me.android.enable = true;
me.ansible.enable = true;
me.base.enable = true;
me.bluetooth.enable = true;
me.build_in_ram.enable = true;
me.chromium.enable = true;
me.d2.enable = true;
me.direnv.enable = true;
me.doas.enable = true;
me.docker.enable = false;
me.dont_use_substituters.enable = true;
me.emacs_flavor = "full";
me.firefox.enable = true;
me.firewall.enable = true;
me.font.enable = true;
me.gcloud.enable = true;
me.git.config = ../../roles/git/files/gitconfig_work;
me.git.enable = true;
me.gnome_keyring.enable = true;
me.gnuplot.enable = true;
me.gpg.enable = true;
me.graphical = true;
me.graphics_card_type = "amd";
me.graphviz.enable = true;
me.iso_mount.enable = true;
me.jujutsu.config = ../../roles/jujutsu/files/jujutsu_config_home.toml;
me.jujutsu.enable = true;
me.latex.enable = true;
me.launch_keyboard.enable = true;
me.lvfs.enable = true;
me.media.enable = true;
me.memtest.enable = true;
me.network.enable = true;
me.nix_index.enable = true;
me.nix_repl.enable = true;
me.nixdev.enable = true;
me.nvme.enable = true;
me.openpgp_card_tools.enable = true;
me.podman.enable = true;
me.postgresql_client.enable = true;
me.python.enable = true;
me.rust.enable = true;
me.sequoia.enable = true;
me.shikane.enable = true;
me.sops.enable = true;
me.sound.enable = true;
me.ssh.enable = true;
me.sshd.enable = true;
me.steam_run_free.enable = true;
me.sway.enable = true;
me.terraform.enable = true;
me.thunderbolt.enable = true;
me.user.enable = true;
me.vscode.enable = true;
me.vscode.enable_work_profile = true;
me.waybar.enable = true;
me.webcam.enable = true;
me.wireguard.activated = [
"wgh"
];
me.wireguard.deactivated = [
"wgf"
"colo"
];
me.yubikey.enable = true;
me.zfs.enable = true;
me.zrepl.enable = true;
me.zsh.enable = true;
};
}

155
nix/configuration/hosts/odowork/disk-config.nix
View File

@@ -1,155 +0,0 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/efi";
mountOptions = [
"umask=0077"
"noatime"
"discard"
];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
# mode = "mirror";
# Workaround: cannot import 'zroot': I/O error in disko tests
options.cachefile = "none";
options = {
ashift = "12";
compatibility = "openzfs-2.2-freebsd";
autotrim = "on";
};
rootFsOptions = {
acltype = "posixacl";
atime = "off";
relatime = "off";
xattr = "sa";
mountpoint = "none";
compression = "lz4";
canmount = "off";
utf8only = "on";
dnodesize = "auto";
normalization = "formD";
};
datasets = {
"linux/nixwork" = {
type = "zfs_fs";
options.mountpoint = "none";
options = {
encryption = "aes-256-gcm";
keyformat = "passphrase";
# keylocation = "file:///tmp/secret.key";
};
};
"linux/nixwork/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nixwork/root@blank$' || zfs snapshot zroot/linux/nixwork/root@blank";
};
"linux/nixwork/boot" = {
type = "zfs_fs";
options = {
mountpoint = "legacy";
"org.zfsbootmenu:active" = "on";
};
mountpoint = "/boot";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nixwork/boot@blank$' || zfs snapshot zroot/linux/nixwork/boot@blank";
};
"linux/nixwork/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nixwork/nix@blank$' || zfs snapshot zroot/linux/nixwork/nix@blank";
options = {
recordsize = "16MiB";
compression = "zstd-19";
};
};
"linux/nixwork/home" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/home";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nixwork/home@blank$' || zfs snapshot zroot/linux/nixwork/home@blank";
};
"linux/nixwork/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nixwork/persist@blank$' || zfs snapshot zroot/linux/nixwork/persist@blank";
};
"linux/nixwork/state" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/state";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nixwork/state@blank$' || zfs snapshot zroot/linux/nixwork/state@blank";
};
};
};
};
};
# Make sure all persistent volumes are marked as neededForBoot
#
# Also mounts /home so it is mounted before the user home directories are created.
fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
fileSystems."/".options = [
"noatime"
"norelatime"
];
fileSystems."/boot".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [
"noatime"
"norelatime"
];
fileSystems."/persist".options = [
"noatime"
"norelatime"
];
fileSystems."/state".options = [
"noatime"
"norelatime"
];
fileSystems."/home".options = [
"noatime"
"norelatime"
];
# Only attempt to decrypt the main pool. Otherwise it attempts to decrypt pools that aren't even used.
boot.zfs.requestEncryptionCredentials = [ "zroot/linux/nixwork" ];
}

19
nix/configuration/hosts/odowork/distributed_build.nix
View File

@@ -1,19 +0,0 @@
{
imports = [ ];
config = {
me.distributed_build.enable = true;
me.distributed_build.machines.quark = {
enable = false;
additional_config = {
speedFactor = 2;
};
};
me.distributed_build.machines.hydra = {
enable = true;
additional_config = {
speedFactor = 2;
};
};
};
}

19
nix/configuration/hosts/odowork/framework_module.nix
View File

@@ -1,19 +0,0 @@
{
config,
...
}:
{
imports = [ ];
config = {
boot.extraModulePackages = with config.boot.kernelPackages; [
framework-laptop-kmod
];
# https://github.com/DHowett/framework-laptop-kmod?tab=readme-ov-file#usage
boot.kernelModules = [
"cros_ec"
"cros_ec_lpcs"
];
};
}

33
nix/configuration/hosts/odowork/hardware-configuration.nix
View File

@@ -1,33 +0,0 @@
{
config,
lib,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
config = {
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
};
}

75
nix/configuration/hosts/odowork/power_management.nix
View File

@@ -1,75 +0,0 @@
{
pkgs,
...
}:
{
imports = [ ];
config = {
environment.systemPackages = with pkgs; [
powertop
];
# amdgpu.abmlevel=3 :: Automatically reduce screen brightness but tweak colors to compensate for power reduction.
# pcie_aspm=force pcie_aspm.policy=powersupersave :: Enable PCIe active state power management for power reduction.
# nowatchdog :: Disable watchdog for power savings (related to disable_sp5100_watchdog above).
# amd_pstate=passive :: Fully automated hardware pstate control.
# amd_pstate=active :: Same as passive except we can set the energy performance preference (EPP) to suggest how much we prefer performance or energy efficiency.
# amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds.
# amdgpu.dcdebugmask=0x10 :: Allegedly disables Panel Replay from https://community.frame.work/t/tracking-freezing-arch-linux-amd/39495/32
boot.kernelParams = [
"amdgpu.abmlevel=2"
"pcie_aspm=force"
# "pcie_aspm.policy=powersupersave"
"nowatchdog"
# I don't see a measurable benefit from these two:
# "cpufreq.default_governor=powersave"
# "initcall_blacklist=cpufreq_gov_userspace_init"
];
systemd.tmpfiles.rules = [
"w- /sys/firmware/acpi/platform_profile - - - - low-power"
"w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy4/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy5/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy6/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy7/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy8/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy9/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy10/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy11/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy12/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpu0/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu1/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu2/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu3/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu4/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu5/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu6/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu7/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu8/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu9/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu10/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu11/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu12/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu13/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu14/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu15/cpufreq/boost - - - - 0"
];
boot.extraModprobeConfig = ''
# Disable the hardware watchdog inside AMD 700 chipset series for power savings.
blacklist sp5100_tco
# Sound power-saving was causing chat notifications to be inaudible.
# options snd_hda_intel power_save=1
'';
};
}

9
nix/configuration/hosts/odowork/screen_brightness.nix
View File

@@ -1,9 +0,0 @@
{
imports = [ ];
config = {
systemd.tmpfiles.rules = [
"w- /sys/class/backlight/amdgpu_bl1/brightness - - - - 32767"
];
};
}

15
nix/configuration/hosts/odowork/ssh_config.nix
View File

@@ -1,15 +0,0 @@
{
lib,
...
}:
{
imports = [ ];
config = {
me.install.user.talexander.file = {
".ssh/config" = {
source = lib.mkForce "/persist/manual/ssh/talexander/config";
};
};
};
}

10
nix/configuration/hosts/odowork/wifi.nix
View File

@@ -1,10 +0,0 @@
{
imports = [ ];
config = {
# Enable debug logging for ath12k wifi card.
boot.kernelParams = [
"ath12k.debug_mask=0xffffffff"
];
};
}

7
nix/configuration/hosts/odowork/wrapped-disk-config.nix
View File

@@ -1,7 +0,0 @@
{
config,
lib,
...
}:
lib.mkIf (!config.me.buildingPortable) (import ./disk-config.nix)

13
nix/configuration/hosts/quark/DEPLOY_BOOT
View File

@@ -1,13 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
TARGET=quark
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

13
nix/configuration/hosts/quark/DEPLOY_SWITCH
View File

@@ -1,13 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
TARGET=quark
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --sudo --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/quark/ISO
View File

@@ -1,10 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#quark.iso" --max-jobs "$JOBS" --repair --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/quark/SELF_BOOT
View File

@@ -1,10 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --repair --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/quark/SELF_BUILD
View File

@@ -1,10 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --repair --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/quark/SELF_SWITCH
View File

@@ -1,10 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --repair --log-format internal-json -v "${@}" |& nom --json

Some files were not shown because too many files have changed in this diff Show More