talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

merge into: talexander:starship
Branches Tags
talexander:main talexander:kubernetes talexander:nix talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook
...
pull from: talexander:yubipi
Branches Tags
talexander:kubernetes talexander:nix talexander:main talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook

208 Commits
starship ... yubipi

Author SHA1 Message Date
Tom Alexander
3733e76d18 Add a build for the yubikey management raspberry pi image. 2025-10-08 21:24:44 -04:00
Tom Alexander
3d9513f2c5 Move ansible-sshjail and zsh-histdb into my config instead of living as separate flakes. 2025-10-05 21:37:57 -04:00
Tom Alexander
ae6cce96a2 Support running arm code on x86. 2025-10-05 20:43:04 -04:00
Tom Alexander
3274d1903f Replace GNU coreutils with uutils. 2025-10-05 20:04:03 -04:00
Tom Alexander
a01b58f6ac use-remote-sudo has been replaced with sudo. 2025-10-05 15:17:34 -04:00
Tom Alexander
fb7b1322da Remove hack for turning off wifi power saving from quark shell init. 2025-10-05 14:55:42 -04:00
Tom Alexander
69b6a81b8b Update packages. 2025-10-05 14:07:04 -04:00
Tom Alexander
f5c30860ab Install uv. 2025-10-05 14:04:01 -04:00
Tom Alexander
255b39df0a Disable the nix binary cache. 
It is technically a risk and since I build most of my software anyway, I'm not getting much benefit.
 2025-10-05 14:04:01 -04:00
Tom Alexander
da66a6917b Update amd-debug-tools to 0.2.8. 2025-09-29 21:17:30 -04:00
Tom Alexander
ad2c4809d7 Fix building the hydra vm ISO. 2025-09-28 11:38:18 -04:00
Tom Alexander
fe49204e3f Enable optimizations on some packages that are no longer broken. 2025-09-28 11:38:17 -04:00
Tom Alexander
fa44003fad Disable wifi powersaving. 2025-09-26 22:35:04 -04:00
Tom Alexander
bc0a64fb8b Update packages. 2025-09-26 22:34:43 -04:00
Tom Alexander
3048b62834 ControlPortOverNL80211 no longer needs to be disabled for the QCNCM865 in my laptop. 2025-09-26 20:22:22 -04:00
Tom Alexander
08b424e1f3 Minor cleanups for emacs. 2025-09-25 20:15:52 -04:00
Tom Alexander
185c43761c Add sequoia. 2025-09-25 20:13:56 -04:00
Tom Alexander
37abf58271 Add a qemu port of my bhyverc script for running virtual machines on Linux. 2025-09-19 21:04:58 -04:00
Tom Alexander
3b007f8bc5 Support transcoding from 10bit to 8bit video. 2025-09-17 19:50:07 -04:00
Tom Alexander
d358e9383e Add noto fonts for ⏵ in nix output monitor. 2025-09-14 12:42:21 -04:00
Tom Alexander
f036ec4b96 Add back duckstation. 2025-09-13 12:28:29 -04:00
Tom Alexander
74ee87a111 Switch to bundled packages to fix build. 2025-09-13 12:00:09 -04:00
Tom Alexander
d0f23c0cb1 Add Spaghetti Kart to the Steam Deck. 2025-09-13 11:28:29 -04:00
Tom Alexander
c72141e070 Install SpaghettiKart. 2025-09-12 19:02:22 -04:00
Tom Alexander
e77c0ed330 Merge branch 'podman' into nix 2025-09-08 21:14:54 -04:00
Tom Alexander
70c2fb694a Switch to podman. 2025-09-08 21:14:41 -04:00
Tom Alexander
b32635fe71 Allow first-party canvas use. 2025-09-07 22:03:38 -04:00
Tom Alexander
b179bee277 Pull in improvements from nixpkgs PR. 2025-09-06 20:32:25 -04:00
Tom Alexander
b1c85417e1 Update to linux 6.16. 2025-09-06 17:39:04 -04:00
Tom Alexander
96ea6c4232 Reduce abmlevel to 2. 
Everything got dimmer in 6.14 so I am reducing the abmlevel.
 2025-09-04 18:51:14 -04:00
Tom Alexander
2a584915e4 Install d2. 2025-09-04 18:51:14 -04:00
Tom Alexander
a6a50d7c22 Add d2 to emacs. 2025-09-04 18:51:14 -04:00
Tom Alexander
edfafd1017 Add latex packages for org export. 2025-09-04 18:51:13 -04:00
Tom Alexander
9adff4ebc1 Add laptop-only entry in shikane. 2025-09-01 18:48:42 -04:00
Tom Alexander
a788879d92 Preserve poetry venvs. 2025-09-01 18:48:38 -04:00
Tom Alexander
955c5963c8 Disable machine learning in firefox. 2025-08-31 22:21:34 -04:00
Tom Alexander
11436c0efe Set vscode navigate backwards to be scoped to the editor. 2025-08-27 20:33:37 -04:00
Tom Alexander
5b487330e1 Use json for talking to nix output monitor. 2025-08-24 17:36:06 -04:00
Tom Alexander
d25e9173dd Merge branch 'amd_s2idle' into nix 2025-08-21 20:30:35 -04:00
Tom Alexander
8bddf10e9d Fix description. 2025-08-21 20:30:23 -04:00
Tom Alexander
64c94e9b06 Add run-time dependencies. 2025-08-17 20:48:35 -04:00
Tom Alexander
c87957b8cb Introduce a cysystemd package. 2025-08-17 20:32:20 -04:00
Tom Alexander
bf419b6f4a Switch to buildPythonApplication. 2025-08-17 19:01:07 -04:00
Tom Alexander
b224a78b89 Add amd_s2idle script for debugging s2idle. 2025-08-17 10:37:51 -04:00
Tom Alexander
748584c78e Merge branch 'copy_files_mixin' into nix 2025-08-10 16:22:19 -04:00
Tom Alexander
64e8903ae4 Remove test code. 2025-08-10 16:19:13 -04:00
Tom Alexander
f4338ec8df Replace uses of home-manager. 2025-08-10 16:12:09 -04:00
Tom Alexander
c947def321 Fix handling ownership of parent directories. 2025-08-10 12:54:34 -04:00
Tom Alexander
f1eaaf12b3 Support separate permissions for containing directories. 2025-08-10 11:52:55 -04:00
Tom Alexander
2b485f7f1d Support recursive. 2025-08-10 11:41:06 -04:00
Tom Alexander
6db8e01309 Honor ownership. 2025-08-09 21:19:13 -04:00
Tom Alexander
03e389195c Filter out blank lines. 2025-08-09 21:01:35 -04:00
Tom Alexander
2c3e5483e9 Centralize the logic for escaping the shell values. 2025-08-09 20:54:54 -04:00
Tom Alexander
6b42a09468 Make the paths relative to the user's home directory. 2025-08-09 20:43:01 -04:00
Tom Alexander
eb5815048f Add a check and uninstall phase. 2025-08-09 20:27:27 -04:00
Tom Alexander
1cb4fa4234 Add support for symlinking. 2025-08-09 20:05:29 -04:00
Tom Alexander
146dc5f79a Switch to nested attrsets. 2025-08-09 19:13:37 -04:00
Tom Alexander
f667c9daa6 Switch to a systemd unit file to remove the need for home-manager. 2025-08-09 11:09:21 -04:00
Tom Alexander
83eaba357f Fix bug where it used the path in the option name rather than the target value inside the option. 2025-08-09 11:09:21 -04:00
Tom Alexander
6284ce8d86 Add method parameter. 2025-08-09 11:09:21 -04:00
Tom Alexander
c26d6f34ea Start a user-specific variant of the install file command. 2025-08-09 11:09:21 -04:00
Tom Alexander
c3f715d010 Add the install_file module from the steam deck config. 2025-08-09 11:09:21 -04:00
Tom Alexander
45514d147c Disable turboboost. 2025-08-09 10:42:20 -04:00
Tom Alexander
aafa880b7c Fix accelerated video decode on chromium. 2025-08-06 22:56:02 -04:00
Tom Alexander
dde8be4d9f Do not update refs when rebasing. 2025-08-06 22:23:16 -04:00
Tom Alexander
03ae8d3b0a Change how we bundle meld into git. 2025-07-19 18:41:57 -04:00
Tom Alexander
03f0721e1f Set up typescript language server and add meld to git. 2025-07-15 22:57:03 -04:00
Tom Alexander
8847063948 Install direnv. 2025-07-13 16:51:58 -04:00
Tom Alexander
399379cea0 Fix eglot rust-analyzer settings. 2025-07-07 19:26:55 -04:00
Tom Alexander
1cdfebf392 Disable cranelift. 
It was causing problems (errors during build) while not providing much benefit for my use-cases.
 2025-07-07 18:44:12 -04:00
Tom Alexander
045fed0748 Fix crashes on shadps4 launch. 2025-07-05 17:08:33 -04:00
Tom Alexander
7fe153bfd3 Update packages. 2025-07-05 10:01:09 -04:00
Tom Alexander
52490457f0 Install shadps4. 2025-06-29 10:22:09 -04:00
Tom Alexander
e5e9bba2a5 Pin old version of linux-firmware to fix wifi on laptop. 2025-06-28 09:47:40 -04:00
Tom Alexander
7ef079afc0 Update to Linux kernel 6.15. 2025-06-28 01:10:47 -04:00
Tom Alexander
a06fece8f1 Update packages. 2025-06-26 23:31:12 -04:00
Tom Alexander
51c7888347 Add dhcpcd for USB tethering and use upstream linux-firmware. 2025-06-23 13:02:10 -04:00
Tom Alexander
7656c30a29 Update packages. 2025-06-22 01:12:03 -04:00
Tom Alexander
929401b359 Switch to memtest86+. 2025-06-22 01:11:41 -04:00
Tom Alexander
16746d58d2 Add a git alias to list the number of commits from each author. 2025-06-20 17:55:06 -04:00
Tom Alexander
82a016ec68 Reduce risk of crashing from savestates. 2025-06-10 17:21:27 -04:00
Tom Alexander
eed2bd4f13 Persist Demon's Souls settings. 2025-06-08 12:08:47 -04:00
Tom Alexander
99f1b1a51b Update packages. 2025-06-01 20:12:34 -04:00
Tom Alexander
99bc8c6d79 Pin the version of linux-firmware. 
New versions of linux-firmware break my wifi on my laptop. I am pinning the firmware version so I can update the rest of my software.
 2025-06-01 20:10:25 -04:00
Tom Alexander
0f2c595538 Perform weekly garbage collects. 2025-06-01 11:21:57 -04:00
Tom Alexander
996cb27a89 Merge branch 'rpcs3' into nix 2025-05-26 19:26:13 -04:00
Tom Alexander
9008d9b7c6 Clean up steam rom manager. 2025-05-26 19:25:10 -04:00
Tom Alexander
38a1168a32 Persist persistent_settings.dat on steam deck. 2025-05-26 18:23:10 -04:00
Tom Alexander
3a4344a112 Copy the RPCS3 setup improvements to the steam deck config. 2025-05-26 16:26:48 -04:00
Tom Alexander
18cb758986 Fix lag in the home button menu. 2025-05-26 16:02:34 -04:00
Tom Alexander
e28c7f8968 Persist icons and play stats. 2025-05-26 15:46:10 -04:00
Tom Alexander
5c17148635 Write color buffers to fix black screen on Demon's Souls. 2025-05-26 15:32:10 -04:00
Tom Alexander
199bb38dfb Fix rpcs3 config. 2025-05-26 15:24:50 -04:00
Tom Alexander
5af4a95940 Add the rpcs3 config.yml file. 2025-05-26 14:51:13 -04:00
Tom Alexander
daf35778c5 Add rpcs3 (ps3 emulator). 2025-05-26 14:51:12 -04:00
Tom Alexander
1866cf6290 Disable cargo in emacs because it is causing errors. 2025-05-24 22:46:38 -04:00
Tom Alexander
23ef4d50b9 Add a comment about how to read ECC memory errors. 2025-05-23 18:01:24 -04:00
Tom Alexander
4aec400388 Auto-format typescript in vscode. 2025-05-19 19:11:21 -04:00
Tom Alexander
f211282376 Fix the build after the software update. 2025-05-15 20:13:27 -04:00
Tom Alexander
96a96a0bc4 Move CPU optimizations into their own role. 
This is remove duplication between the individual hosts folders.
 2025-05-12 22:53:56 -04:00
Tom Alexander
554a6aff65 Update software. 2025-05-11 14:39:36 -04:00
Tom Alexander
14c5c7d0fd Improve video convert script. 2025-05-11 00:11:29 -04:00
Tom Alexander
22f9a0efcd I think I figured out howto enable cross compiling between zen versions. 2025-05-10 23:11:33 -04:00
Tom Alexander
3e80452235 Merge branch '9pfs' into nix 2025-05-10 22:24:43 -04:00
Tom Alexander
c68c069667 Add a new ionlybootzfs host for the test VM. 
This way it will install far less software.
 2025-05-10 22:11:59 -04:00
Tom Alexander
e08d93425a Remove games from VMs. 2025-05-10 21:14:34 -04:00
Tom Alexander
5b7cae49c3 Removing the 9pfs nix store. 
The experiment was good for mounting directories with various overlay patterns from the host to the guest, but using it specifically for /nix/store was a bad idea. It would be better to just serve the host nix store with nix-serve -p 8080 and add that as a substituter during install.
 2025-05-10 20:47:45 -04:00
Tom Alexander
e65504b5f3 Add a role for mounting the nix store over 9pfs. 
This is useful for virtual machines since we can have a persistent /nix/store on the host machine.
 2025-05-10 20:47:45 -04:00
Tom Alexander
158188c4c6 Fix disabling optimizations in iso builds. 2025-05-10 16:41:55 -04:00
Tom Alexander
c587fcc2ac Re-enable fwupd. Without it, gnome-firmwarm seems to not work. 2025-05-10 15:34:50 -04:00
Tom Alexander
9d16c7bd7b Update emacs config. 2025-05-10 12:44:12 -04:00
Tom Alexander
2b3b9af70b Disable teleparty. 
The firefox version has been buggy.
 2025-05-10 12:04:48 -04:00
Tom Alexander
53f370b1ee Add yt-dlp. 2025-05-10 11:58:55 -04:00
Tom Alexander
25c8c30488 Add mkvmerge. 2025-05-07 23:31:17 -04:00
Tom Alexander
4d754355b7 Merge branch 'nix_worker' into nix 2025-05-04 16:40:24 -04:00
Tom Alexander
902c6e1127 Switch to quark's buildMachine config being entirely in nix rather than in root's ssh config. 2025-05-04 16:26:41 -04:00
Tom Alexander
98f98a8895 Centralize the config for buildMachines. 2025-05-04 16:22:02 -04:00
Tom Alexander
4a303d17d8 Add a nix_worker role for nix builders. 2025-05-04 15:53:49 -04:00
Tom Alexander
7f4c41bb32 Add odo deploy scripts. 2025-05-04 15:16:44 -04:00
Tom Alexander
c68a6aaa19 Introduce config.me.optimizations.enable to toggle optimizations. 
This is more granular than the buildingIso setting.
 2025-05-04 15:12:41 -04:00
Tom Alexander
a36ebbf94c Switching --no-build-nix to --fast because it fixes remote deploys to machines with different architectures. 
I thought these flags were synonymous?
 2025-05-04 14:50:14 -04:00
Tom Alexander
1044aa16b0 Update to linux 6.14. 2025-05-04 12:09:57 -04:00
Tom Alexander
efcefc129a Update versions and regenerate lockfile. 2025-04-28 18:24:37 -04:00
Tom Alexander
16dd93668d Keep build outputs on odo. 2025-04-27 22:44:12 -04:00
Tom Alexander
c457f6414b Fix sm64ex. 2025-04-25 20:14:24 -04:00
Tom Alexander
844466c2ca Update versions. 2025-04-21 08:14:20 -04:00
Tom Alexander
6cf6e61193 Add quark as a /etc/hosts entry. 2025-04-19 21:14:40 -04:00
Tom Alexander
ca3ef67533 Disable lvfs and minor bug fix in copy_files util. 2025-04-19 20:58:16 -04:00
Tom Alexander
56c0add33f Add Quark to nix config. 2025-04-19 20:47:10 -04:00
Tom Alexander
ba81687d42 Add duckstation to the steam deck. 2025-04-15 21:44:53 -04:00
Tom Alexander
144f83982d Copy over some networking sysctls from my ansible playbook. 2025-04-11 19:38:14 -04:00
Tom Alexander
a97a03f642 Sort imports. 2025-04-11 17:41:55 -04:00
Tom Alexander
fc47359184 Add support for yuzu and ryujinx. 2025-04-05 21:53:36 -04:00
Tom Alexander
812a762652 Import disko through the flake inputs instead of fetchTarball. 2025-04-05 12:22:33 -04:00
Tom Alexander
fb785e036b Add a comment. 2025-04-05 12:22:33 -04:00
Tom Alexander
cdc7d13225 Fix screen scaling during screen sharing. 2025-04-05 12:22:33 -04:00
Tom Alexander
ec4583b79e Switch to shikane. 
Kanshi has been fine, but I want to see if I am missing anything that shikane offers.
 2025-04-05 12:22:32 -04:00
Tom Alexander
cab8c8d955 Switch to regular emacs package instead of pinned-version. 2025-04-05 12:22:32 -04:00
Tom Alexander
33f582d17a Enable optimization for hydra ISO. 2025-04-05 12:22:32 -04:00
Tom Alexander
295ac24361 Verify all the optimized builds. 2025-04-05 12:22:32 -04:00
Tom Alexander
42dd67f9da Enable optimizations for shipwright (Ocarina of Time PC Port). 2025-03-30 18:43:15 -04:00
Tom Alexander
c173ea87cf Auto-create persist directories. 2025-03-30 18:32:32 -04:00
Tom Alexander
33f45c56bf Add dolphin for gamecube and wii. 2025-03-30 17:10:43 -04:00
Tom Alexander
83389cb5cf Add ares for snes and nintendo 64. 2025-03-30 13:51:50 -04:00
Tom Alexander
4db3ef1ed3 Put steam rom manager data in the persist folder. 2025-03-29 19:19:41 -04:00
Tom Alexander
fe7a083a7b Pass along args in steam wrappers. 2025-03-29 16:46:52 -04:00
Tom Alexander
cd0578d0a6 Stop forcing cascadia. 2025-03-29 16:30:27 -04:00
Tom Alexander
f56dcc7c42 Start a hydra role. 2025-03-29 16:30:27 -04:00
Tom Alexander
83de1e3708 Add support for persistent disks in the hydra iso. 2025-03-29 16:30:27 -04:00
Tom Alexander
2b20ab5123 Fix remote builder config. 2025-03-27 22:15:53 -04:00
Tom Alexander
3ecb2fc790 Enable optimized builds for steam deck. 2025-03-24 21:59:43 -04:00
Tom Alexander
44a49d7ac7 Add rpcs3 (PS3 emulator) to steam deck. 2025-03-24 21:59:43 -04:00
Tom Alexander
acfc9ac1a4 Add hydra as a distributed build machine. 2025-03-24 21:59:42 -04:00
Tom Alexander
e733dcdcbf Add a target for the hydra server. 2025-03-23 18:19:49 -04:00
Tom Alexander
3099a18424 Enable optimization on odo. 2025-03-23 18:19:49 -04:00
Tom Alexander
15c209fdd9 Add support for pcsx2. 2025-03-22 13:39:13 -04:00
Tom Alexander
ee181b535e Compiling with optimizations still failing. 2025-03-17 08:26:39 -04:00
Tom Alexander
4d0fc61e13 Upgrade to 6.13. 2025-03-14 23:17:30 -04:00
Tom Alexander
2b54630053 Add some scripts that are helpful for configuring kubernetes. 2025-03-08 17:22:32 -05:00
Tom Alexander
84bd6be8e6 Hide the libultraship splash screen for a more authentic feel. 2025-03-01 22:53:33 -05:00
Tom Alexander
dd96520ad1 Add support for authenticating to GKE with gcloud. 2025-03-01 14:49:19 -05:00
Tom Alexander
11a1d61581 Integrate some git config suggestions from https://blog.gitbutler.com/how-git-core-devs-configure-git/ . 2025-02-26 17:06:44 -05:00
Tom Alexander
bab2cfdc7b Update to emacs 30. 2025-02-24 22:09:23 -05:00
Tom Alexander
fd0c92f3eb Persist the gcloud config directory. 2025-02-23 18:44:59 -05:00
Tom Alexander
6ac33d2538 Update lockfile. 2025-02-21 19:30:58 -05:00
Tom Alexander
8d4b345414 Install ipcalc. 2025-02-19 20:43:27 -05:00
Tom Alexander
8beaf00693 Add terraform-ls to emacs. 2025-02-18 18:23:40 -05:00
Tom Alexander
181e650094 Install steam-run-free. 2025-02-18 17:58:35 -05:00
Tom Alexander
449f288214 Add gcloud. 2025-02-18 17:52:50 -05:00
Tom Alexander
f6df27d7a9 Remove config that was causing extra prompts with no noticeable impact. 2025-02-16 20:57:08 -05:00
Tom Alexander
e3a7a410c4 Merge branch 'steam_deck' into nix 2025-02-16 09:18:07 -05:00
Tom Alexander
345c62a477 Add wrappers for 2ship2harkinian and sm64ex also. 
Set the steam launcher to run /home/deck/.nix-profile/bin/steam_<GAME> to have it work inside steam gaming mode.
 2025-02-15 20:50:34 -05:00
Tom Alexander
e7528765a9 Add a wrapper script to launch ship of harkinian in gaming mode. 2025-02-15 20:22:29 -05:00
Tom Alexander
54860370c0 Add a desktop file for sm64ex. 2025-02-15 19:31:16 -05:00
Tom Alexander
46b21370bd Auto-clean-up steam deck nix store. 2025-02-15 12:18:59 -05:00
Tom Alexander
381e3fb591 Switch to deploying 2ship2harkinian config file and fix launching it from KDE plasma's start menu. 2025-02-15 12:15:58 -05:00
Tom Alexander
5d4ebf90b3 Fix launching ship of harkinian from KDE plasma's start menu. 2025-02-15 11:53:19 -05:00
Tom Alexander
7dcdcc906c Switch to deploying the ship of harkinian config file. 2025-02-15 11:53:19 -05:00
Tom Alexander
a4abb96de3 Switch to deploying the sm64ex config file. 2025-02-15 10:57:18 -05:00
Tom Alexander
5859a06c5d Add icon to steam rom manager. 2025-02-15 10:32:50 -05:00
Tom Alexander
02223deb64 Switch steam rom manager to using the AppImage. 2025-02-15 08:50:58 -05:00
Tom Alexander
20e247f8ed Add a role for sm64ex for the deck. 2025-02-13 21:24:31 -05:00
Tom Alexander
b0186dc85b Add a role for 2ship2harkinian (Majora's Mask PC port). 2025-02-13 20:45:49 -05:00
Tom Alexander
cac15febfa Add impermanence for ship of harkinian's files. 2025-02-13 20:10:59 -05:00
Tom Alexander
48fa3c7436 Move steam rom manager to a role. 2025-02-13 19:33:07 -05:00
Tom Alexander
7dd922c2a2 Add a blank role. 2025-02-13 19:26:52 -05:00
Tom Alexander
ab6f7dbea5 Add a role for ship of harkinian (the pc port of Ocarina of Time). 2025-02-13 19:21:53 -05:00
Tom Alexander
fea86b00b4 Install nixGL to support running graphical programs on non-nixos. 2025-02-13 17:57:33 -05:00
Tom Alexander
197b8fcced Add ssh config. 2025-02-10 18:14:18 -05:00
Tom Alexander
0bec3dbe63 Switch to home-manager. 2025-02-10 01:17:58 -05:00
Tom Alexander
53caf8bc81 Add a steam deck nix config. 2025-02-10 00:09:26 -05:00
Tom Alexander
c37d0d9b9e Add decrypt k8s secret script. 2025-02-09 20:24:13 -05:00
Tom Alexander
a663a90ada Install sops for encrypting kubernetes secrets. 2025-02-09 11:06:53 -05:00
Tom Alexander
2d976a1cf3 Install dmidecode. 2025-02-09 10:08:32 -05:00
Tom Alexander
d8e8781287 Support compiling openssl-sys with rust. 2025-02-08 20:41:37 -05:00
Tom Alexander
502e18fdec Set up vdpau. 2025-02-08 16:06:57 -05:00
Tom Alexander
24d83e95a5 Fix shift-arrowkey hotkeys in org mode. 2025-02-07 19:01:49 -05:00
Tom Alexander
3ed43b1b8a Configure rustup toolchain, cargo credentials, and put dependencies under cargo. 2025-02-02 08:30:26 -05:00
Tom Alexander
64e735abbf Add role for gnuplot. 2025-02-01 14:38:51 -05:00
Tom Alexander
ed11bf1e65 Link docker credentials. 2025-02-01 13:34:19 -05:00
Tom Alexander
c0afe006b8 Add prettier to emacs. 2025-02-01 12:27:29 -05:00
Tom Alexander
1fe305576b Add a role for tekton. 2025-02-01 11:32:25 -05:00
Tom Alexander
fc400a98db Add role for flux. 2025-02-01 11:30:52 -05:00
Tom Alexander
4a63e1c23e Move rust-analyzer to inside emacs' path. 2025-02-01 00:03:02 -05:00
Tom Alexander
379795f6e8 Disable tmpfs on neelix so it can compile the kernel. 2025-01-31 22:46:36 -05:00
Tom Alexander
edd3c6a266 Add doas-sudo-shim to support remote builds. 2025-01-31 21:29:05 -05:00
Tom Alexander
dd785692ce Add lsof and fix styling of right-click menu in waybar. 2025-01-29 19:40:44 -05:00
Tom Alexander
c6ff6a1f24 Install wavemon. 2025-01-28 21:28:34 -05:00
230 changed files with 36839 additions and 1020 deletions
Expand all files Collapse all files

1
ansible/roles/base/files/gitconfig_home
View File

@@ -8,6 +8,7 @@
lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
bh = log --oneline --branches=* --remotes=* --graph --decorate bh = log --oneline --branches=* --remotes=* --graph --decorate
amend = commit --amend --no-edit amend = commit --amend --no-edit
authorcount = shortlog --summary --numbered --all --no-merges
[core] [core]
excludesfile = ~/.gitignore_global excludesfile = ~/.gitignore_global
[commit] [commit]

1
ansible/roles/base/files/gitconfig_work
View File

@@ -8,6 +8,7 @@
lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
bh = log --oneline --branches=* --remotes=* --graph --decorate bh = log --oneline --branches=* --remotes=* --graph --decorate
amend = commit --amend --no-edit amend = commit --amend --no-edit
authorcount = shortlog --summary --numbered --all --no-merges
[core] [core]
excludesfile = ~/.gitignore_global excludesfile = ~/.gitignore_global
[commit] [commit]

2
ansible/roles/sshd/files/keys/yubikey.pub
View File

@@ -1 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky cardno:000611194908 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8

1
nix/configuration/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
result

154
nix/configuration/configuration.nix
View File

@@ -2,67 +2,88 @@
config, config,
lib, lib,
pkgs, pkgs,
home-manager,
... ...
}: }:
{ {
imports = [ imports = [
./roles/reset ./roles/2ship2harkinian
./roles/global_options
./util/unfree_polyfill
./roles/iso
"${
builtins.fetchTarball {
url = "https://github.com/nix-community/disko/archive/refs/tags/v1.9.0.tar.gz";
sha256 = "0j76ar4qz320fakdii4659w5lww8wiz6yb7g47npywqvf2lbp388";
}
}/module.nix"
./roles/boot
./roles/zfs
./roles/network
./roles/firewall
./roles/zsh
./roles/zrepl
./roles/graphics
./roles/sound
./roles/sway
./roles/kanshi
./roles/alacritty ./roles/alacritty
./roles/firefox ./roles/amd_s2idle
./roles/chromium ./roles/ansible
./roles/emacs
./roles/git
./roles/fonts
./roles/gpg
./roles/waybar
./roles/qemu
./roles/wireguard
./roles/ares ./roles/ares
./roles/ssh ./roles/bluetooth
./roles/python ./roles/boot
./roles/chromecast
./roles/chromium
./roles/d2
./roles/direnv
./roles/distributed_build
./roles/docker ./roles/docker
./roles/ecc
./roles/emacs
./roles/emulate_isa
./roles/firefox
./roles/firewall
./roles/flux
./roles/fonts
./roles/gcloud
./roles/git
./roles/global_options
./roles/gnuplot
./roles/gpg
./roles/graphics
./roles/hydra
./roles/iso
./roles/iso_mount
./roles/kanshi
./roles/kodi
./roles/kubernetes ./roles/kubernetes
./roles/rust
./roles/media
./roles/steam
./roles/latex ./roles/latex
./roles/launch_keyboard ./roles/launch_keyboard
./roles/lvfs ./roles/lvfs
./roles/media
./roles/memtest86
./roles/network
./roles/nix_index
./roles/nix_worker
./roles/nvme ./roles/nvme
./roles/openpgp_card_tools
./roles/optimized_build
./roles/pcsx2
./roles/podman
./roles/python
./roles/qemu
./roles/reset
./roles/rpcs3
./roles/rust
./roles/sequoia
./roles/shadps4
./roles/shikane
./roles/shipwright
./roles/sm64ex
./roles/sops
./roles/sound
./roles/spaghettikart
./roles/ssh
./roles/steam
./roles/steam_run_free
./roles/sway
./roles/tekton
./roles/terraform ./roles/terraform
./roles/thunderbolt
./roles/uutils
./roles/vnc_client
./roles/vscode ./roles/vscode
./roles/wasm ./roles/wasm
./roles/vnc_client ./roles/waybar
./roles/chromecast ./roles/wireguard
./roles/memtest86 ./roles/yubikey
./roles/kodi ./roles/zfs
./roles/ansible ./roles/zrepl
./roles/bluetooth ./roles/zsh
./roles/sm64ex ./util/install_files
./roles/shipwright ./util/unfree_polyfill
./roles/2ship2harkinian
./roles/nix_index
]; ];
nix.settings.experimental-features = [ nix.settings.experimental-features = [
@@ -74,6 +95,20 @@
# boot.kernelPackages = pkgs.linuxPackages_6_11; # boot.kernelPackages = pkgs.linuxPackages_6_11;
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
# Use nixos-rebuild-ng
# system.rebuild.enableNg = true;
# Keep outputs so we can build offline.
nix.extraOptions = ''
keep-outputs = true
keep-derivations = true
substitute = false
'';
# Technically only needed when building the ISO because nix detects ZFS in the filesystem list normally. I basically always want this so I'm just setting it to always be on.
boot.supportedFilesystems.zfs = true;
# TODO: Is this different from boot.supportedFilesystems = [ "zfs" ]; ?
services.getty = { services.getty = {
autologinUser = "talexander"; # I use full disk encryption so the user password is irrelevant. autologinUser = "talexander"; # I use full disk encryption so the user password is irrelevant.
autologinOnce = true; autologinOnce = true;
@@ -91,34 +126,24 @@
# Generate with `mkpasswd -m scrypt` # Generate with `mkpasswd -m scrypt`
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48"; hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo=" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo=" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
]; ];
}; };
users.groups.talexander.gid = 11235; users.groups.talexander.gid = 11235;
home-manager.users.talexander =
{ pkgs, ... }:
{
home.packages = [
pkgs.atool
pkgs.httpie
];
programs.bash.enable = true;
# The state version is required and should stay at the version you
# originally installed.
home.stateVersion = "24.11";
};
# Automatic garbage collection # Automatic garbage collection
nix.gc = lib.mkIf (!config.me.buildingIso) { nix.gc = lib.mkIf (!config.me.buildingIso) {
# Runs nix-collect-garbage --delete-older-than 5d # Runs nix-collect-garbage --delete-older-than 5d
automatic = true; automatic = true;
randomizedDelaySec = "14m"; persistent = true;
dates = "monthly";
# randomizedDelaySec = "14m";
options = "--delete-older-than 30d"; options = "--delete-older-than 30d";
}; };
nix.settings.auto-optimise-store = !config.me.buildingIso; nix.settings.auto-optimise-store = !config.me.buildingIso;
nix.settings.substituters = lib.mkForce [ ];
# Use doas instead of sudo # Use doas instead of sudo
security.doas.enable = true; security.doas.enable = true;
@@ -144,7 +169,7 @@
pciutils # for lspci pciutils # for lspci
ripgrep ripgrep
strace strace
ltrace # ltrace # Disabled because it uses more than 48GB of /tmp space during test phase.
trace-cmd # ftrace trace-cmd # ftrace
tcpdump tcpdump
git-crypt git-crypt
@@ -152,6 +177,13 @@
ncdu ncdu
nix-tree nix-tree
libarchive # bsdtar libarchive # bsdtar
lsof
doas-sudo-shim # To support --sudo for remote builds
dmidecode # Read SMBIOS information.
ipcalc
gptfdisk # for cgdisk
nix-output-monitor # For better view into nixos-rebuild
nix-serve-ng # Serve nix store over http
]; ];
services.openssh = { services.openssh = {

181
nix/configuration/flake.lock generated
View File

@@ -1,23 +1,5 @@
{ {
"nodes": { "nodes": {
"ansible-sshjail": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1,
"narHash": "sha256-c4Ds4E/10Zj5AQLuJ3JvJTuDK8o2WjVXLcIL7eyhTfw=",
"path": "flakes/ansible-sshjail",
"type": "path"
},
"original": {
"path": "flakes/ansible-sshjail",
"type": "path"
}
},
"crane": { "crane": {
"locked": { "locked": {
"lastModified": 1731098351, "lastModified": 1731098351,
@@ -33,6 +15,26 @@
"type": "github" "type": "github"
} }
}, },
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1758287904,
"narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=",
"owner": "nix-community",
"repo": "disko",
"rev": "67ff9807dd148e704baadbd4fd783b54282ca627",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
@@ -70,42 +72,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": { "gitignore": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -128,26 +94,6 @@
"type": "github" "type": "github"
} }
}, },
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1737762889,
"narHash": "sha256-5HGG09bh/Yx0JA8wtBMAzt0HMCL1bYZ93x4IqzVExio=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "daf04c5950b676f47a794300657f1d3d14c1a120",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1737831083, "lastModified": 1737831083,
@@ -191,11 +137,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1737885589, "lastModified": 1759381078,
"narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=", "narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8", "rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -205,19 +151,19 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-b93b4e9b5": { "nixpkgs-dda3dcd3f": {
"locked": { "locked": {
"lastModified": 1713721570, "lastModified": 1746663147,
"narHash": "sha256-R0s+O5UjTePQRb72XPgtkTmEiOOW8n+1q9Gxt/OJnKU=", "narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b93b4e9b527904aadf52dba6ca35efde2067cbd4", "rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b93b4e9b527904aadf52dba6ca35efde2067cbd4", "rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54",
"type": "github" "type": "github"
} }
}, },
@@ -237,6 +183,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-unoptimized": {
"locked": {
"lastModified": 1759381078,
"narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"pre-commit-hooks-nix": { "pre-commit-hooks-nix": {
"inputs": { "inputs": {
"flake-compat": [ "flake-compat": [
@@ -266,13 +228,12 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"ansible-sshjail": "ansible-sshjail", "disko": "disko",
"home-manager": "home-manager",
"impermanence": "impermanence", "impermanence": "impermanence",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-b93b4e9b5": "nixpkgs-b93b4e9b5", "nixpkgs-dda3dcd3f": "nixpkgs-dda3dcd3f",
"zsh-histdb": "zsh-histdb" "nixpkgs-unoptimized": "nixpkgs-unoptimized"
} }
}, },
"rust-overlay": { "rust-overlay": {
@@ -295,54 +256,6 @@
"repo": "rust-overlay", "repo": "rust-overlay",
"type": "github" "type": "github"
} }
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"zsh-histdb": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1,
"narHash": "sha256-5DWw7GnwVZ98HUp/UUJcyUmmy9Bh/mcQB8MQQ0t3ZRo=",
"path": "flakes/zsh-histdb",
"type": "path"
},
"original": {
"path": "flakes/zsh-histdb",
"type": "path"
}
} }
}, },
"root": "root", "root": "root",

235
nix/configuration/flake.nix
View File

@@ -3,7 +3,7 @@
# output: result/iso/nixos.iso # output: result/iso/nixos.iso
# Run the ISO image # Run the ISO image
# "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \ # doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \
# -accel kvm \ # -accel kvm \
# -cpu host \ # -cpu host \
# -smp cores=8 \ # -smp cores=8 \
@@ -12,7 +12,7 @@
# -drive if=pflash,format=raw,file="/tmp/OVMF_VARS.fd" \ # -drive if=pflash,format=raw,file="/tmp/OVMF_VARS.fd" \
# -nic user,hostfwd=tcp::60022-:22 \ # -nic user,hostfwd=tcp::60022-:22 \
# -boot order=d \ # -boot order=d \
# -cdrom "$(readlink -f ./result/iso/nixos.iso)" \ # -cdrom "$(readlink -f ./result/iso/nixos*.iso)" \
# -display vnc=127.0.0.1:0 # -display vnc=127.0.0.1:0
# #
# doas cp "$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF_VARS.fd" /tmp/OVMF_VARS.fd # doas cp "$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF_VARS.fd" /tmp/OVMF_VARS.fd
@@ -25,31 +25,32 @@
# iso.odo.isoName == "nixos.iso" # iso.odo.isoName == "nixos.iso"
# full path = <outPath> / iso / <isoName> # full path = <outPath> / iso / <isoName>
#
# Install on a new machine:
#
#
# doas nix --substituters "http://10.0.2.2:8080?trusted=1 https://cache.nixos.org/" --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount hosts/odo/disk-config.nix
# for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
# nixos-install --substituters "http://10.0.2.2:8080?trusted=1 https://cache.nixos.org/" --flake ".#vm_ionlybootzfs"
#
{ {
description = "My system configuration"; description = "My system configuration";
inputs = { inputs = {
impermanence.url = "github:nix-community/impermanence"; impermanence.url = "github:nix-community/impermanence";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-b93b4e9b5.url = "github:NixOS/nixpkgs/b93b4e9b527904aadf52dba6ca35efde2067cbd4"; nixpkgs-dda3dcd3f.url = "github:NixOS/nixpkgs/dda3dcd3fe03e991015e9a74b22d35950f264a54";
home-manager.url = "github:nix-community/home-manager"; nixpkgs-unoptimized.url = "github:NixOS/nixpkgs/nixos-unstable";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
lanzaboote = { lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.2"; url = "github:nix-community/lanzaboote/v0.4.2";
# Optional but recommended to limit the size of your system closure. # Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
zsh-histdb = { disko = {
url = "path:flakes/zsh-histdb"; url = "github:nix-community/disko";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
ansible-sshjail = {
url = "path:flakes/ansible-sshjail";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
}; };
@@ -58,54 +59,35 @@
{ {
self, self,
nixpkgs, nixpkgs,
nixpkgs-b93b4e9b5, nixpkgs-unoptimized,
nixpkgs-dda3dcd3f,
impermanence, impermanence,
home-manager,
lanzaboote, lanzaboote,
zsh-histdb,
ansible-sshjail,
... ...
}@inputs: }@inputs:
let let
base_x86_64_linux = rec { base_x86_64_linux = rec {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { specialArgs = {
pkgs-b93b4e9b5 = import nixpkgs-b93b4e9b5 { pkgs-dda3dcd3f = import nixpkgs-dda3dcd3f {
inherit system; inherit system;
}; };
pkgs-unoptimized = import nixpkgs-unoptimized {
inherit system;
hostPlatform.gcc.arch = "default";
hostPlatform.gcc.tune = "default";
};
}; };
modules = [ modules = [
impermanence.nixosModules.impermanence impermanence.nixosModules.impermanence
home-manager.nixosModules.home-manager
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
{ inputs.disko.nixosModules.disko
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
}
{
nixpkgs.overlays = [
zsh-histdb.overlays.default
ansible-sshjail.overlays.default
];
}
./configuration.nix ./configuration.nix
]; ];
}; };
systems = { systems =
odo = { let
main = nixpkgs.lib.nixosSystem ( additional_iso_modules = [
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [
./hosts/odo
];
}
);
iso = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [
./hosts/odo
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix") (nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
# TODO: Figure out how to do image based appliances # TODO: Figure out how to do image based appliances
# (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix") # (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix")
@@ -113,41 +95,148 @@
isoImage.makeEfiBootable = true; isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true; isoImage.makeUsbBootable = true;
me.buildingIso = true; me.buildingIso = true;
me.optimizations.enable = nixpkgs.lib.mkForce false;
} }
];
}
);
};
neelix = {
main = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [
./hosts/neelix
];
}
);
iso = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [
./hosts/neelix
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
{ {
isoImage.makeEfiBootable = true; # These are big space hogs. The chance that I need them on an ISO is slim.
isoImage.makeUsbBootable = true; me.steam.enable = nixpkgs.lib.mkForce false;
me.buildingIso = true; me.pcsx2.enable = nixpkgs.lib.mkForce false;
} }
]; ];
additional_vm_modules = [
(nixpkgs + "/nixos/modules/profiles/qemu-guest.nix")
{
networking.dhcpcd.enable = true;
networking.useDHCP = true;
me.optimizations.enable = nixpkgs.lib.mkForce false;
} }
); {
# I don't need games on a virtual machine.
me.steam.enable = nixpkgs.lib.mkForce false;
me.pcsx2.enable = nixpkgs.lib.mkForce false;
me.sm64ex.enable = nixpkgs.lib.mkForce false;
me.shipwright.enable = nixpkgs.lib.mkForce false;
me.ship2harkinian.enable = nixpkgs.lib.mkForce false;
}
];
in
{
odo = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/odo
];
}; };
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
quark = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/quark
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
neelix = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/neelix
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
hydra =
let
hydra_additional_iso_modules = additional_iso_modules ++ [
{
me.optimizations.enable = true;
}
];
in
rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/hydra
];
};
iso = main // {
modules = main.modules ++ hydra_additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ hydra_additional_iso_modules;
};
};
ionlybootzfs = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/ionlybootzfs
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
}; };
in in
{ {
nixosConfigurations.odo = systems.odo.main; nixosConfigurations.odo = nixpkgs.lib.nixosSystem systems.odo.main;
iso.odo = systems.odo.iso.config.system.build.isoImage; iso.odo = (nixpkgs.lib.nixosSystem systems.odo.iso).config.system.build.isoImage;
nixosConfigurations.neelix = systems.neelix.main; nixosConfigurations.vm_odo = nixpkgs.lib.nixosSystem systems.odo.vm;
iso.neelix = systems.neelix.iso.config.system.build.isoImage; vm_iso.odo = (nixpkgs.lib.nixosSystem systems.odo.vm_iso).config.system.build.isoImage;
nixosConfigurations.quark = nixpkgs.lib.nixosSystem systems.quark.main;
iso.quark = (nixpkgs.lib.nixosSystem systems.quark.iso).config.system.build.isoImage;
nixosConfigurations.vm_quark = nixpkgs.lib.nixosSystem systems.quark.vm;
vm_iso.quark = (nixpkgs.lib.nixosSystem systems.quark.vm_iso).config.system.build.isoImage;
nixosConfigurations.neelix = nixpkgs.lib.nixosSystem systems.neelix.main;
iso.neelix = (nixpkgs.lib.nixosSystem systems.neelix.iso).config.system.build.isoImage;
nixosConfigurations.vm_neelix = nixpkgs.lib.nixosSystem systems.neelix.vm;
vm_iso.neelix = (nixpkgs.lib.nixosSystem systems.neelix.vm_iso).config.system.build.isoImage;
nixosConfigurations.hydra = nixpkgs.lib.nixosSystem systems.hydra.main;
iso.hydra = (nixpkgs.lib.nixosSystem systems.hydra.iso).config.system.build.isoImage;
nixosConfigurations.vm_hydra = nixpkgs.lib.nixosSystem systems.hydra.vm;
vm_iso.hydra = (nixpkgs.lib.nixosSystem systems.hydra.vm_iso).config.system.build.isoImage;
nixosConfigurations.ionlybootzfs = nixpkgs.lib.nixosSystem systems.ionlybootzfs.main;
iso.ionlybootzfs = (nixpkgs.lib.nixosSystem systems.ionlybootzfs.iso).config.system.build.isoImage;
nixosConfigurations.vm_ionlybootzfs = nixpkgs.lib.nixosSystem systems.ionlybootzfs.vm;
vm_iso.ionlybootzfs =
(nixpkgs.lib.nixosSystem systems.ionlybootzfs.vm_iso).config.system.build.isoImage;
}; };
} }

61
nix/configuration/flakes/ansible-sshjail/flake.lock generated
View File

@@ -1,61 +0,0 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735141468,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

34
nix/configuration/flakes/ansible-sshjail/flake.nix
View File

@@ -1,34 +0,0 @@
{
description = "A slightly better history for zsh";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
inputs.flake-utils.url = "github:numtide/flake-utils";
outputs =
{
self,
nixpkgs,
flake-utils,
...
}:
let
out =
system:
let
pkgs = nixpkgs.legacyPackages.${system};
# Maybe pkgs = import nixpkgs { inherit system; }; ?
appliedOverlay = self.overlays.default pkgs pkgs;
in
{
packages = rec {
default = ansible-sshjail;
ansible-sshjail = appliedOverlay.ansible-sshjail;
};
};
in
flake-utils.lib.eachDefaultSystem out
// {
overlays.default = final: prev: {
ansible-sshjail = final.callPackage ./package.nix { };
};
};
}

61
nix/configuration/flakes/zsh-histdb/flake.lock generated
View File

@@ -1,61 +0,0 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735141468,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

34
nix/configuration/flakes/zsh-histdb/flake.nix
View File

@@ -1,34 +0,0 @@
{
description = "A slightly better history for zsh";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
inputs.flake-utils.url = "github:numtide/flake-utils";
outputs =
{
self,
nixpkgs,
flake-utils,
...
}:
let
out =
system:
let
pkgs = nixpkgs.legacyPackages.${system};
# Maybe pkgs = import nixpkgs { inherit system; }; ?
appliedOverlay = self.overlays.default pkgs pkgs;
in
{
packages = rec {
default = zsh-histdb;
zsh-histdb = appliedOverlay.zsh-histdb;
};
};
in
flake-utils.lib.eachDefaultSystem out
// {
overlays.default = final: prev: {
zsh-histdb = final.callPackage ./package.nix { };
};
};
}

17
nix/configuration/hosts/hydra/DEPLOY_BOOT Executable file
View File

@@ -0,0 +1,17 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=hydra
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#hydra'

17
nix/configuration/hosts/hydra/DEPLOY_SWITCH Executable file
View File

@@ -0,0 +1,17 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=hydra
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#hydra'

10
nix/configuration/hosts/hydra/ISO Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.hydra" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

13
nix/configuration/hosts/hydra/VM_ISO Executable file
View File

@@ -0,0 +1,13 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#vm_iso.hydra" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
install -m 0644 result/iso/nixos-*-x86_64-linux.iso ~/hydra.iso
unlink ./result

67
nix/configuration/hosts/hydra/default.nix Normal file
View File

@@ -0,0 +1,67 @@
#
# Testing:
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \
# -accel kvm \
# -cpu host \
# -smp cores=8 \
# -m 32768 \
# -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" \
# -drive file=/tmp/localdisk.img,if=none,id=nvm,format=raw \
# -device nvme,serial=deadbeef,drive=nvm \
# -nic user,hostfwd=tcp::60022-:22 \
# -boot order=d \
# -cdrom "$(readlink -f /persist/machine_setup/nix/configuration/result/iso/nixos*.iso)" \
# -display vnc=127.0.0.1:0
#
{
config,
lib,
pkgs,
...
}:
{
imports = [
./disk-config.nix
./hardware-configuration.nix
./vm_disk.nix
];
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "fbd233d8";
networking.hostName = "hydra"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = false;
me.optimizations = {
enable = true;
arch = "znver4";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
me.emacs_flavor = "plainmacs";
me.graphical = false;
me.hydra.enable = false;
me.nix_worker.enable = true;
me.vm_disk.enable = true;
me.wireguard.activated = [ ];
me.wireguard.deactivated = [ ];
me.zsh.enable = true;
}

140
nix/configuration/hosts/hydra/disk-config.nix Normal file
View File

@@ -0,0 +1,140 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) {
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"umask=0077"
"noatime"
"discard"
];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
# mode = "mirror";
# Workaround: cannot import 'zroot': I/O error in disko tests
options.cachefile = "none";
options = {
ashift = "12";
compatibility = "openzfs-2.2-freebsd";
autotrim = "on";
};
rootFsOptions = {
acltype = "posixacl";
atime = "off";
relatime = "off";
xattr = "sa";
mountpoint = "none";
compression = "lz4";
canmount = "off";
utf8only = "on";
dnodesize = "auto";
normalization = "formD";
};
datasets = {
"linux/nix" = {
type = "zfs_fs";
options.mountpoint = "none";
};
"linux/nix/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
};
"linux/nix/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
options = {
recordsize = "1MiB";
compression = "lz4";
};
};
"linux/nix/home" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/home";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
};
"linux/nix/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
};
"linux/nix/state" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/state";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
};
};
};
};
};
# Make sure all persistent volumes are marked as neededForBoot
#
# Also mounts /home so it is mounted before the user home directories are created.
fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
fileSystems."/".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [
"noatime"
"norelatime"
];
fileSystems."/persist".options = [
"noatime"
"norelatime"
];
fileSystems."/state".options = [
"noatime"
"norelatime"
];
fileSystems."/home".options = [
"noatime"
"norelatime"
];
}

39
nix/configuration/hosts/hydra/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,39 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.dhcpcd.enable = lib.mkForce true;
networking.useDHCP = lib.mkForce true;
networking.interfaces.enp0s2.useDHCP = lib.mkForce true;
# systemd.network.enable = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

77
nix/configuration/hosts/hydra/vm_disk.nix Normal file
View File

@@ -0,0 +1,77 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
vm_disk.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to mount the local disk for persistent storage.";
};
};
config = lib.mkIf config.me.vm_disk.enable (
lib.mkMerge [
{
# Mount the local disk
fileSystems = {
"/.disk" = lib.mkForce {
device = "/dev/nvme0n1p1";
fsType = "ext4";
options = [
"noatime"
"discard"
];
neededForBoot = true;
};
"/persist" = {
fsType = "none";
device = "/.disk/persist";
options = [
"bind"
"rw"
];
depends = [
"/.disk/persist"
];
};
"/state" = {
fsType = "none";
device = "/.disk/state";
options = [
"bind"
"rw"
];
depends = [
"/.disk/state"
];
};
"/nix/store" = lib.mkForce {
fsType = "overlay";
device = "overlay";
options = [
"lowerdir=/nix/.ro-store"
"upperdir=/.disk/persist/store"
"workdir=/.disk/state/work"
];
depends = [
"/nix/.ro-store"
"/.disk/persist/store"
"/.disk/state/work"
];
};
};
}
]
);
}

17
nix/configuration/hosts/ionlybootzfs/DEPLOY_BOOT Executable file
View File

@@ -0,0 +1,17 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET="ionlybootzfs"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#ionlybootzfs'

17
nix/configuration/hosts/ionlybootzfs/DEPLOY_SWITCH Executable file
View File

@@ -0,0 +1,17 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=ionlybootzfs
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#ionlybootzfs'

10
nix/configuration/hosts/ionlybootzfs/ISO Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.ionlybootzfs" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

63
nix/configuration/hosts/ionlybootzfs/default.nix Normal file
View File

@@ -0,0 +1,63 @@
#
# Testing:
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \
# -accel kvm \
# -cpu host \
# -smp cores=8 \
# -m 32768 \
# -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" \
# -drive file=/tmp/localdisk.img,if=none,id=nvm,format=raw \
# -device nvme,serial=deadbeef,drive=nvm \
# -nic user,hostfwd=tcp::60022-:22 \
# -boot order=d \
# -cdrom "$(readlink -f /persist/machine_setup/nix/configuration/result/iso/nixos*.iso)" \
# -display vnc=127.0.0.1:0
#
{
config,
lib,
pkgs,
...
}:
{
imports = [
./wrapped-disk-config.nix
./hardware-configuration.nix
];
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "fbd233d8";
networking.hostName = "ionlybootzfs"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = true;
me.optimizations = {
enable = false;
arch = "znver4";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
me.emacs_flavor = "plainmacs";
me.graphical = false;
me.wireguard.activated = [ ];
me.wireguard.deactivated = [ ];
me.zsh.enable = true;
}

142
nix/configuration/hosts/ionlybootzfs/disk-config.nix Normal file
View File

@@ -0,0 +1,142 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"umask=0077"
"noatime"
"discard"
];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
# mode = "mirror";
# Workaround: cannot import 'zroot': I/O error in disko tests
options.cachefile = "none";
options = {
ashift = "12";
compatibility = "openzfs-2.2-freebsd";
autotrim = "on";
};
rootFsOptions = {
acltype = "posixacl";
atime = "off";
relatime = "off";
xattr = "sa";
mountpoint = "none";
compression = "lz4";
canmount = "off";
utf8only = "on";
dnodesize = "auto";
normalization = "formD";
};
datasets = {
"linux/nix" = {
type = "zfs_fs";
options.mountpoint = "none";
options = {
encryption = "aes-256-gcm";
keyformat = "passphrase";
# keylocation = "file:///tmp/secret.key";
};
};
"linux/nix/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
};
"linux/nix/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
options = {
recordsize = "16MiB";
compression = "zstd-19";
};
};
"linux/nix/home" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/home";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
};
"linux/nix/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
};
"linux/nix/state" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/state";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
};
};
};
};
};
# Make sure all persistent volumes are marked as neededForBoot
#
# Also mounts /home so it is mounted before the user home directories are created.
fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
fileSystems."/".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [
"noatime"
"norelatime"
];
fileSystems."/persist".options = [
"noatime"
"norelatime"
];
fileSystems."/state".options = [
"noatime"
"norelatime"
];
fileSystems."/home".options = [
"noatime"
"norelatime"
];
# Only attempt to decrypt the main pool. Otherwise it attempts to decrypt pools that aren't even used.
boot.zfs.requestEncryptionCredentials = [ "zroot/linux/nix" ];
}

38
nix/configuration/hosts/ionlybootzfs/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,38 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.dhcpcd.enable = lib.mkForce true;
networking.useDHCP = lib.mkForce true;
# systemd.network.enable = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

131
nix/configuration/hosts/ionlybootzfs/optimized_build.nix Normal file
View File

@@ -0,0 +1,131 @@
{
config,
lib,
pkgs,
pkgs-unoptimized,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{ }
(lib.mkIf (!config.me.optimizations.enable) {
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_14;
})
(lib.mkIf (config.me.optimizations.enable) {
nixpkgs.hostPlatform = {
gcc.arch = "znver4";
gcc.tune = "znver4";
system = "x86_64-linux";
};
nixpkgs.overlays = [
(
final: prev:
let
addConfig =
additionalConfig: pkg:
pkg.override (oldconfig: {
structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
});
in
{
linux_me = addConfig {
# Full preemption
PREEMPT = lib.mkOverride 60 lib.kernel.yes;
PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
# Google's BBRv3 TCP congestion Control
TCP_CONG_BBR = lib.kernel.yes;
DEFAULT_BBR = lib.kernel.yes;
# Preemptive Full Tickless Kernel at 300Hz
HZ = lib.kernel.freeform "300";
HZ_300 = lib.kernel.yes;
HZ_1000 = lib.kernel.no;
} prev.linux_6_14;
# gsl = prev.gsl.overrideAttrs (old: {
# # gsl tests fails when optimizations are enabled.
# # > FAIL: cholesky_invert unscaled hilbert ( 4, 4)[0,2]: 2.55795384873636067e-13 0
# # > (2.55795384873636067e-13 observed vs 0 expected) [28259614]
# doCheck = false;
# });
}
)
(final: prev: {
haskellPackages = prev.haskellPackages.extend (
final': prev': {
inherit (pkgs-unoptimized.haskellPackages)
crypton
crypton-connection
crypton-x509
crypton-x509-store
crypton-x509-system
crypton-x509-validation
hspec-wai
http-client-tls
http2
pandoc
pandoc-cli
pandoc-lua-engine
pandoc-server
servant-server
tls
wai-app-static
wai-extra
warp
;
}
);
})
(final: prev: {
inherit (pkgs-unoptimized)
gsl
redis
valkey
;
})
];
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_me;
})
(lib.mkIf (!config.me.buildingIso) {
nix.settings.system-features = lib.mkForce [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
# Keep ALL dependencies so we can rebuild offline. This DRASTICALLY increase disk usage, but disk space is cheap.
# system.includeBuildDependencies = true;
# This also should enable building offline? TODO: test.
nix.extraOptions = ''
keep-outputs = true
keep-derivations = true
'';
# # building ON
# nixpkgs.localSystem = { system = "aarch64-linux"; };
# # building FOR
# nixpkgs.crossSystem = { system = "aarch64-linux"; };
# nixpkgs.config = {
# replaceStdenv = ({ pkgs }: pkgs.clangStdenv);
# };
# or maybe an overlay
# stdenv = prev.clangStdenv;
})
(lib.mkIf (config.me.buildingIso) {
boot.supportedFilesystems.zfs = true;
})
];
}

8
nix/configuration/hosts/ionlybootzfs/wrapped-disk-config.nix Normal file
View File

@@ -0,0 +1,8 @@
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) (import ./disk-config.nix)

17
nix/configuration/hosts/neelix/DEPLOY_BOOT Executable file
View File

@@ -0,0 +1,17 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=neelix
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#neelix'

17
nix/configuration/hosts/neelix/DEPLOY_SWITCH Executable file
View File

@@ -0,0 +1,17 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=neelix
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#neelix'

19
nix/configuration/hosts/neelix/default.nix
View File

@@ -3,12 +3,11 @@
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./disk-config.nix ./disk-config.nix
./optimized_build.nix
./power_management.nix ./power_management.nix
]; ];
# Generate with `head -c4 /dev/urandom | od -A none -t x4` # Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "fbd233d8"; networking.hostId = "bca9d0a5";
networking.hostName = "neelix"; # Define your hostname. networking.hostName = "neelix"; # Define your hostname.
@@ -17,11 +16,25 @@
me.secureBoot.enable = false; me.secureBoot.enable = false;
me.optimizations = {
enable = false;
arch = "alderlake";
system_features = [
"gccarch-alderlake"
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Early KMS # Early KMS
boot.initrd.kernelModules = [ "i915" ]; boot.initrd.kernelModules = [ "i915" ];
# Mount tmpfs at /tmp # Mount tmpfs at /tmp
boot.tmp.useTmpfs = true; # boot.tmp.useTmpfs = true;
me.bluetooth.enable = true; me.bluetooth.enable = true;
me.emacs_flavor = "plainmacs"; me.emacs_flavor = "plainmacs";

11
nix/configuration/hosts/neelix/hardware-configuration.nix
View File

@@ -14,7 +14,14 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ]; boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
@@ -23,7 +30,7 @@
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; # networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;

78
nix/configuration/hosts/neelix/optimized_build.nix
View File

@@ -1,78 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{ }
(lib.mkIf (!config.me.buildingIso) {
nix.settings.system-features = lib.mkForce [
"gccarch-alderlake"
"gccarch-x86-64-v3"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
# nixpkgs.hostPlatform = {
# gcc.arch = "alderlake";
# gcc.tune = "alderlake";
# system = "x86_64-linux";
# };
nixpkgs.overlays = [
(
self: super:
let
optimizeWithFlags =
pkg: flags:
pkg.overrideAttrs (old: {
NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags;
});
addConfig =
additionalConfig: pkg:
pkg.override (oldconfig: {
structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
});
in
{
linux_alderlake =
addConfig
{
# Full preemption
PREEMPT = lib.mkOverride 60 lib.kernel.yes;
PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
# Google's BBRv3 TCP congestion Control
TCP_CONG_BBR = lib.kernel.yes;
DEFAULT_BBR = lib.kernel.yes;
# Preemptive Full Tickless Kernel at 300Hz
HZ = lib.kernel.freeform "300";
HZ_300 = lib.kernel.yes;
HZ_1000 = lib.kernel.no;
}
(
optimizeWithFlags super.linux_6_12 [
"-march=alderlake"
"-mtune=alderlake"
]
);
}
)
];
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_alderlake;
})
(lib.mkIf (config.me.buildingIso) {
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_12;
boot.supportedFilesystems = [ "zfs" ];
})
];
}

17
nix/configuration/hosts/odo/DEPLOY_BOOT Executable file
View File

@@ -0,0 +1,17 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
# TARGET=10.216.1.15
# TARGET=192.168.211.250
TARGET=odo
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#odo'

17
nix/configuration/hosts/odo/DEPLOY_SWITCH Executable file
View File

@@ -0,0 +1,17 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=odo
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#odo'

10
nix/configuration/hosts/odo/ISO Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.odo" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/odo/SELF_BOOT Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/odo/SELF_BUILD Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/odo/SELF_SWITCH Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json

64
nix/configuration/hosts/odo/default.nix
View File

@@ -1,14 +1,21 @@
{ config, pkgs, ... }: {
config,
lib,
pkgs,
...
}:
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./disk-config.nix ./wrapped-disk-config.nix
./optimized_build.nix ./distributed_build.nix
./power_management.nix ./power_management.nix
./screen_brightness.nix ./screen_brightness.nix
./wifi.nix ./wifi.nix
./framework_module.nix
]; ];
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4` # Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "908cbf04"; networking.hostId = "908cbf04";
@@ -19,6 +26,22 @@
me.secureBoot.enable = true; me.secureBoot.enable = true;
me.optimizations = {
enable = true;
arch = "znver4";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Early KMS # Early KMS
boot.initrd.kernelModules = [ "amdgpu" ]; boot.initrd.kernelModules = [ "amdgpu" ];
@@ -27,35 +50,64 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
fw-ectool fw-ectool
framework-tool
]; ];
# Enable light sensor
# hardware.sensor.iio.enable = lib.mkDefault true;
# Enable TRIM
# services.fstrim.enable = lib.mkDefault true;
me.alacritty.enable = true; me.alacritty.enable = true;
me.amd_s2idle.enable = true;
me.ansible.enable = true; me.ansible.enable = true;
me.ares.enable = true; me.ares.enable = true;
me.bluetooth.enable = true; me.bluetooth.enable = true;
me.chromecast.enable = true; me.chromecast.enable = true;
me.chromium.enable = true; me.chromium.enable = true;
me.docker.enable = true; me.d2.enable = true;
me.direnv.enable = true;
me.docker.enable = false;
me.ecc.enable = false;
me.emacs_flavor = "full"; me.emacs_flavor = "full";
me.emulate_isa.enable = true;
me.firefox.enable = true; me.firefox.enable = true;
me.flux.enable = true;
me.gcloud.enable = true;
me.git.config = ../../roles/git/files/gitconfig_home; me.git.config = ../../roles/git/files/gitconfig_home;
me.gnuplot.enable = true;
me.gpg.enable = true; me.gpg.enable = true;
me.graphical = true; me.graphical = true;
me.graphics_card_type = "amd"; me.graphics_card_type = "amd";
me.kanshi.enable = true; me.iso_mount.enable = true;
me.kanshi.enable = false;
me.kubernetes.enable = true; me.kubernetes.enable = true;
me.latex.enable = true; me.latex.enable = true;
me.launch_keyboard.enable = true; me.launch_keyboard.enable = true;
me.lvfs.enable = true; me.lvfs.enable = true;
me.media.enable = true; me.media.enable = true;
me.nix_index.enable = true; me.nix_index.enable = true;
me.openpgp_card_tools.enable = true;
me.pcsx2.enable = true;
me.podman.enable = true;
me.python.enable = true; me.python.enable = true;
me.qemu.enable = true; me.qemu.enable = true;
me.rpcs3.enable = true;
me.rust.enable = true; me.rust.enable = true;
me.sequoia.enable = true;
me.shadps4.enable = true;
me.shikane.enable = true;
me.sops.enable = true;
me.sound.enable = true; me.sound.enable = true;
me.spaghettikart.enable = true;
me.steam.enable = true; me.steam.enable = true;
me.steam_run_free.enable = true;
me.sway.enable = true; me.sway.enable = true;
me.tekton.enable = true;
me.terraform.enable = true; me.terraform.enable = true;
me.thunderbolt.enable = true;
me.uutils.enable = false;
me.vnc_client.enable = true; me.vnc_client.enable = true;
me.vscode.enable = true; me.vscode.enable = true;
me.wasm.enable = true; me.wasm.enable = true;
@@ -66,10 +118,12 @@
"colo" "colo"
]; ];
me.wireguard.deactivated = [ "wgf" ]; me.wireguard.deactivated = [ "wgf" ];
me.yubikey.enable = true;
me.zrepl.enable = true; me.zrepl.enable = true;
me.zsh.enable = true; me.zsh.enable = true;
me.sm64ex.enable = true; me.sm64ex.enable = true;
me.shipwright.enable = true; me.shipwright.enable = true;
me.ship2harkinian.enable = true; me.ship2harkinian.enable = true;
};
} }

8
nix/configuration/hosts/odo/disk-config.nix
View File

@@ -1,14 +1,8 @@
# Manual Step: # Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1 # Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1 # Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) { {
disko.devices = { disko.devices = {
disk = { disk = {
main = { main = {

27
nix/configuration/hosts/odo/distributed_build.nix Normal file
View File

@@ -0,0 +1,27 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{
me.distributed_build.enable = true;
me.distributed_build.machines.hydra = {
enable = true;
additional_config = {
speedFactor = 2;
};
};
me.distributed_build.machines.quark = {
enable = true;
additional_config = {
speedFactor = 2;
};
};
}
];
}

23
nix/configuration/hosts/odo/framework_module.nix Normal file
View File

@@ -0,0 +1,23 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{
boot.extraModulePackages = with config.boot.kernelPackages; [
framework-laptop-kmod
];
# https://github.com/DHowett/framework-laptop-kmod?tab=readme-ov-file#usage
boot.kernelModules = [
"cros_ec"
"cros_ec_lpcs"
];
}
];
}

2
nix/configuration/hosts/odo/hardware-configuration.nix
View File

@@ -27,7 +27,7 @@
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; # networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;

81
nix/configuration/hosts/odo/optimized_build.nix
View File

@@ -1,81 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{ }
(lib.mkIf (!config.me.buildingIso) {
nix.settings.system-features = lib.mkForce [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
# nixpkgs.hostPlatform = {
# gcc.arch = "znver4";
# gcc.tune = "znver4";
# system = "x86_64-linux";
# };
nixpkgs.overlays = [
(
self: super:
let
optimizeWithFlags =
pkg: flags:
pkg.overrideAttrs (old: {
NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags;
});
addConfig =
additionalConfig: pkg:
pkg.override (oldconfig: {
structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
});
in
{
linux_znver4 =
addConfig
{
# Full preemption
PREEMPT = lib.mkOverride 60 lib.kernel.yes;
PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
# Google's BBRv3 TCP congestion Control
TCP_CONG_BBR = lib.kernel.yes;
DEFAULT_BBR = lib.kernel.yes;
# Preemptive Full Tickless Kernel at 300Hz
HZ = lib.kernel.freeform "300";
HZ_300 = lib.kernel.yes;
HZ_1000 = lib.kernel.no;
}
(
optimizeWithFlags super.linux_6_12 [
"-march=znver4"
"-mtune=znver4"
]
);
}
)
];
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_znver4;
})
(lib.mkIf (config.me.buildingIso) {
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_12;
boot.supportedFilesystems.zfs = true;
})
];
}

18
nix/configuration/hosts/odo/power_management.nix
View File

@@ -20,7 +20,7 @@
# amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds. # amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds.
# amdgpu.dcdebugmask=0x10 :: Allegedly disables Panel Replay from https://community.frame.work/t/tracking-freezing-arch-linux-amd/39495/32 # amdgpu.dcdebugmask=0x10 :: Allegedly disables Panel Replay from https://community.frame.work/t/tracking-freezing-arch-linux-amd/39495/32
boot.kernelParams = [ boot.kernelParams = [
"amdgpu.abmlevel=3" "amdgpu.abmlevel=2"
"pcie_aspm=force" "pcie_aspm=force"
# "pcie_aspm.policy=powersupersave" # "pcie_aspm.policy=powersupersave"
"nowatchdog" "nowatchdog"
@@ -47,6 +47,22 @@
"w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpu0/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu1/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu2/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu3/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu4/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu5/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu6/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu7/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu8/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu9/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu10/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu11/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu12/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu13/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu14/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu15/cpufreq/boost - - - - 0"
]; ];
boot.extraModprobeConfig = '' boot.extraModprobeConfig = ''

2
nix/configuration/hosts/odo/screen_brightness.nix
View File

@@ -9,6 +9,6 @@
imports = [ ]; imports = [ ];
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"w- /sys/class/backlight/amdgpu_bl1/brightness - - - - 85" "w- /sys/class/backlight/amdgpu_bl1/brightness - - - - 21845"
]; ];
} }

7
nix/configuration/hosts/odo/wifi.nix
View File

@@ -9,9 +9,10 @@
imports = [ ]; imports = [ ];
config = { config = {
environment.loginShellInit = lib.mkIf (!config.me.buildingIso) '' # Doesn't seem necessary starting with 6.13
doas iw dev wlan0 set power_save off # environment.loginShellInit = lib.mkIf (!config.me.buildingIso) ''
''; # doas iw dev wlan0 set power_save off
# '';
# Enable debug logging for ath12k wifi card. # Enable debug logging for ath12k wifi card.
boot.kernelParams = [ boot.kernelParams = [

8
nix/configuration/hosts/odo/wrapped-disk-config.nix Normal file
View File

@@ -0,0 +1,8 @@
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) (import ./disk-config.nix)

17
nix/configuration/hosts/quark/DEPLOY_BOOT Executable file
View File

@@ -0,0 +1,17 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.15
# TARGET=192.168.211.250
TARGET=quark
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#quark'

17
nix/configuration/hosts/quark/DEPLOY_SWITCH Executable file
View File

@@ -0,0 +1,17 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=quark
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#quark'

10
nix/configuration/hosts/quark/ISO Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.quark" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/quark/SELF_BOOT Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/quark/SELF_BUILD Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/quark/SELF_SWITCH Executable file
View File

@@ -0,0 +1,10 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json

123
nix/configuration/hosts/quark/default.nix Normal file
View File

@@ -0,0 +1,123 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./disk-config.nix
./distributed_build.nix
./hardware-configuration.nix
./power_management.nix
];
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "47ee7d7c";
networking.hostName = "quark"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = true;
me.optimizations = {
enable = true;
arch = "znver4";
system_features = [
"gccarch-znver4"
"gccarch-znver5"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Early KMS
boot.initrd.kernelModules = [ "amdgpu" ];
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
# Enable TRIM
# services.fstrim.enable = lib.mkDefault true;
# RPCS3 has difficulty with znver5
me.rpcs3.config.Core."Use LLVM CPU" = "znver4";
me.alacritty.enable = true;
me.amd_s2idle.enable = true;
me.ansible.enable = true;
me.ares.enable = true;
me.bluetooth.enable = true;
me.chromecast.enable = true;
me.chromium.enable = true;
me.d2.enable = true;
me.direnv.enable = true;
me.docker.enable = false;
me.ecc.enable = true;
me.emacs_flavor = "full";
me.emulate_isa.enable = true;
me.firefox.enable = true;
me.flux.enable = true;
me.gcloud.enable = true;
me.git.config = ../../roles/git/files/gitconfig_home;
me.gnuplot.enable = true;
me.gpg.enable = true;
me.graphical = true;
me.graphics_card_type = "amd";
me.iso_mount.enable = true;
me.kanshi.enable = false;
me.kubernetes.enable = true;
me.latex.enable = true;
me.launch_keyboard.enable = true;
me.lvfs.enable = true;
me.media.enable = true;
me.nix_index.enable = true;
me.nix_worker.enable = true;
me.openpgp_card_tools.enable = true;
me.pcsx2.enable = true;
me.podman.enable = true;
me.python.enable = true;
me.qemu.enable = true;
me.rpcs3.enable = true;
me.rust.enable = true;
me.sequoia.enable = true;
me.shadps4.enable = true;
me.shikane.enable = true;
me.sops.enable = true;
me.sound.enable = true;
me.spaghettikart.enable = true;
me.steam.enable = true;
me.steam_run_free.enable = true;
me.sway.enable = true;
me.tekton.enable = true;
me.terraform.enable = true;
me.thunderbolt.enable = true;
me.uutils.enable = false;
me.vnc_client.enable = true;
me.vscode.enable = true;
me.wasm.enable = true;
me.waybar.enable = true;
me.wireguard.activated = [
"drmario"
"wgh"
"colo"
];
me.wireguard.deactivated = [ "wgf" ];
me.yubikey.enable = true;
me.zrepl.enable = true;
me.zsh.enable = true;
me.sm64ex.enable = true;
me.shipwright.enable = true;
me.ship2harkinian.enable = true;
};
}

148
nix/configuration/hosts/quark/disk-config.nix Normal file
View File

@@ -0,0 +1,148 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) {
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"umask=0077"
"noatime"
"discard"
];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
# mode = "mirror";
# Workaround: cannot import 'zroot': I/O error in disko tests
options.cachefile = "none";
options = {
ashift = "12";
compatibility = "openzfs-2.2-freebsd";
autotrim = "on";
};
rootFsOptions = {
acltype = "posixacl";
atime = "off";
relatime = "off";
xattr = "sa";
mountpoint = "none";
compression = "lz4";
canmount = "off";
utf8only = "on";
dnodesize = "auto";
normalization = "formD";
};
datasets = {
"linux/nix" = {
type = "zfs_fs";
options.mountpoint = "none";
options = {
encryption = "aes-256-gcm";
keyformat = "passphrase";
# keylocation = "file:///tmp/secret.key";
};
};
"linux/nix/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
};
"linux/nix/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
options = {
recordsize = "16MiB";
compression = "zstd-19";
};
};
"linux/nix/home" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/home";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
};
"linux/nix/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
};
"linux/nix/state" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/state";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
};
};
};
};
};
# Make sure all persistent volumes are marked as neededForBoot
#
# Also mounts /home so it is mounted before the user home directories are created.
fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
fileSystems."/".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [
"noatime"
"norelatime"
];
fileSystems."/persist".options = [
"noatime"
"norelatime"
];
fileSystems."/state".options = [
"noatime"
"norelatime"
];
fileSystems."/home".options = [
"noatime"
"norelatime"
];
# Only attempt to decrypt the main pool. Otherwise it attempts to decrypt pools that aren't even used.
boot.zfs.requestEncryptionCredentials = [ "zroot/linux/nix" ];
}

21
nix/configuration/hosts/quark/distributed_build.nix Normal file
View File

@@ -0,0 +1,21 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{
me.distributed_build.enable = true;
me.distributed_build.machines.hydra = {
enable = true;
additional_config = {
speedFactor = 2;
};
};
}
];
}

35
nix/configuration/hosts/quark/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,35 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

48
nix/configuration/hosts/quark/power_management.nix Normal file
View File

@@ -0,0 +1,48 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
environment.systemPackages = with pkgs; [
powertop
];
boot.kernelParams = [
# Enable undervolting GPU.
# "amdgpu.ppfeaturemask=0xfff7ffff"
];
systemd.tmpfiles.rules = [
# "w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy4/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy5/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy6/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy7/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy8/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy9/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy10/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy11/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy12/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power"
];
# services.udev.packages = [
# (pkgs.writeTextFile {
# name = "amdgpu-low-power";
# text = ''
# ACTION=="add", SUBSYSTEM=="drm", DRIVERS=="amdgpu", ATTR{device/power_dpm_force_performance_level}="low"
# '';
# destination = "/etc/udev/rules.d/30-amdgpu-low-power.rules";
# })
# ];
}

6
nix/configuration/roles/alacritty/default.nix
View File

@@ -24,10 +24,8 @@
xdg-utils # for xdg-open xdg-utils # for xdg-open
]; ];
home-manager.users.talexander = me.install.user.talexander.file = {
{ pkgs, ... }: ".config/alacritty/alacritty.toml" = {
{
home.file.".config/alacritty/alacritty.toml" = {
source = ./files/alacritty.toml; source = ./files/alacritty.toml;
}; };
}; };

48
nix/configuration/roles/amd_s2idle/cysystemd.nix Normal file
View File

@@ -0,0 +1,48 @@
{
lib,
pkgs,
buildPythonPackage,
fetchFromGitHub,
pythonOlder,
cython,
pkg-config,
setuptools,
}:
let
version = "1.6.3";
in
buildPythonPackage {
pname = "cysystemd";
inherit version;
pyproject = true;
src = fetchFromGitHub {
owner = "mosquito";
repo = "cysystemd";
tag = version;
hash = "sha256-xumrQgoKfFeKdRQUIYXXiXEcNd76i4wo/EIDm8BN7oU=";
};
disabled = pythonOlder "3.6";
build-system = [
setuptools
cython
];
nativeBuildInputs = [
pkg-config
];
buildInputs = [ pkgs.systemd ];
pythonImportsCheck = [ "cysystemd" ];
meta = {
description = "systemd wrapper on Cython";
homepage = "https://github.com/mosquito/cysystemd";
license = lib.licenses.asl20;
platforms = lib.platforms.linux;
};
}

47
nix/configuration/roles/amd_s2idle/default.nix Normal file
View File

@@ -0,0 +1,47 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
amd_s2idle.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install amd_s2idle.";
};
};
config = lib.mkIf config.me.amd_s2idle.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
amd-debug-tools
];
nixpkgs.overlays = [
(
final: prev:
let
innerPackage = (final.callPackage ./package.nix { });
in
{
amd-debug-tools = innerPackage;
}
)
(final: prev: {
pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
(python-final: python-prev: {
cysystemd = (python-final.callPackage ./cysystemd.nix { });
})
];
})
];
}
]
);
}

60
nix/configuration/roles/amd_s2idle/package.nix Normal file
View File

@@ -0,0 +1,60 @@
{
lib,
fetchgit,
python3Packages,
acpica-tools,
ethtool,
libdisplay-info,
}:
let
version = "0.2.8";
in
python3Packages.buildPythonApplication {
pname = "amd-debug-tools";
inherit version;
pyproject = true;
build-system = with python3Packages; [
pyudev
setuptools
setuptools-git
setuptools-git-versioning
];
dependencies = with python3Packages; [
acpica-tools
cysystemd
dbus-fast
ethtool
jinja2
libdisplay-info
matplotlib
pandas
pyudev
seaborn
tabulate
];
src = fetchgit {
url = "https://git.kernel.org/pub/scm/linux/kernel/git/superm1/amd-debug-tools.git";
tag = version;
hash = "sha256-EmXsW7Q5WMFL32LWr29W3GnGpw5aj53wlp9KbFV1r0Q=";
leaveDotGit = true;
};
disabled = python3Packages.pythonOlder "3.7";
postPatch = ''
substituteInPlace pyproject.toml \
--replace-fail ', "setuptools-git-versioning>=2.0,<3"' ""
'';
pythonImportsCheck = [ "amd_debug" ];
meta = {
description = "Debug tools for AMD zen systems";
homepage = "https://git.kernel.org/pub/scm/linux/kernel/git/superm1/amd-debug-tools.git/";
changelog = "https://git.kernel.org/pub/scm/linux/kernel/git/superm1/amd-debug-tools.git/tag/?h=${version}";
license = lib.licenses.mit;
platforms = lib.platforms.linux;
};
}

3
nix/configuration/roles/ansible/default.nix
View File

@@ -25,6 +25,9 @@
]; ];
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: prev: {
ansible-sshjail = (final.callPackage ./package/ansible-sshjail/package.nix { });
})
(final: prev: { (final: prev: {
ansible = pkgs.symlinkJoin { ansible = pkgs.symlinkJoin {
name = "ansible"; name = "ansible";

0
nix/configuration/flakes/ansible-sshjail/package.nix → nix/configuration/roles/ansible/package/ansible-sshjail/package.nix
View File

13
nix/configuration/roles/boot/default.nix
View File

@@ -75,9 +75,14 @@
# options root=PARTUUID=17e325bf-a378-4d1d-be6a-f6df5476f0fa # options root=PARTUUID=17e325bf-a378-4d1d-be6a-f6df5476f0fa
# ''; # '';
# }; # };
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
"/var/lib/sbctl" # Secure Boot Keys
];
};
}) })
(lib.mkIf (config.me.secureBoot.enable) { (lib.mkIf (config.me.secureBoot.enable) {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
sbctl sbctl
]; ];
@@ -86,12 +91,6 @@
enable = true; enable = true;
pkiBundle = "/var/lib/sbctl"; pkiBundle = "/var/lib/sbctl";
}; };
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
"/var/lib/sbctl" # Secure Boot Keys
];
};
}) })
]; ];
} }

14
nix/configuration/roles/chromium/default.nix
View File

@@ -22,7 +22,7 @@
{ } { }
(lib.mkIf config.me.graphical { (lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
(chromium.override { enableWideVine = true; }) chromium
]; ];
allowedUnfree = [ allowedUnfree = [
"chromium" "chromium"
@@ -57,8 +57,18 @@
}; };
}; };
nixpkgs.overlays = [
(final: prev: {
chromium = prev.chromium.override {
enableWideVine = true;
commandLineArgs = [
"--enable-features=VaapiVideoDecoder,VaapiIgnoreDriverChecks,Vulkan,DefaultANGLEVulkan,VulkanFromANGLE,AcceleratedVideoEncoder"
# Enabling vulkan causes video to render as white # Enabling vulkan causes video to render as white
# nixpkgs.config.chromium.commandLineArgs = "--enable-features=Vulkan"; # "--enable-features=Vulkan";
];
};
})
];
}) })
] ]
); );

29
nix/configuration/roles/d2/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
d2.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install d2.";
};
};
config = lib.mkIf config.me.d2.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
d2
];
}
]
);
}

55
nix/configuration/roles/direnv/default.nix Normal file
View File

@@ -0,0 +1,55 @@
{
config,
lib,
pkgs,
...
}:
let
direnv_zsh_hook = pkgs.writeTextFile {
name = "direnv_zsh_hook.zsh";
text = ''
eval "$(direnv hook zsh)"
'';
};
in
{
imports = [ ];
options.me = {
direnv.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install direnv.";
};
};
config = lib.mkIf config.me.direnv.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
direnv
nix-direnv
];
me.zsh.includes = [ direnv_zsh_hook ];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
# List of allowed directories from `direnv allow`.
directory = ".local/share/direnv";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
}
]
);
}

110
nix/configuration/roles/distributed_build/default.nix Normal file
View File

@@ -0,0 +1,110 @@
{
config,
lib,
pkgs,
...
}:
let
make_machine_config = name: {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to use the ${name} machine during distributed builds.";
};
additional_config = lib.mkOption {
type = lib.types.attrs;
default = { };
example = lib.literalExpression {
speedFactor = 2;
};
description = "Additional config values for the buildMachines entry. For example, speedFactor.";
};
};
in
{
imports = [ ];
options.me = {
distributed_build.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to use multiple machines to perform a nixos-rebuild.";
};
distributed_build.machines.hydra = make_machine_config "hydra";
distributed_build.machines.quark = make_machine_config "quark";
};
config = lib.mkIf config.me.distributed_build.enable (
lib.mkMerge [
{
nix.distributedBuilds = true;
}
(lib.mkIf config.me.distributed_build.machines.hydra.enable {
nix.buildMachines = [
(
{
hostName = "hydra";
sshUser = "nixworker";
# sshKey = "";
# publicHostKey = "";
systems = [
"x86_64-linux"
# "aarch64-linux"
];
maxJobs = 1;
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
# "kvm"
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"gccarch-skylake"
"gccarch-znver4"
];
}
// config.me.distributed_build.machines.hydra.additional_config
)
];
})
(lib.mkIf config.me.distributed_build.machines.quark.enable {
nix.buildMachines = [
(
{
hostName = "quark";
sshUser = "nixworker";
sshKey = "/persist/manual/ssh/root/keys/id_ed25519";
# From: base64 -w0 /persist/ssh/ssh_host_ed25519_key.pub
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUx0alplYlVYTkRkU3Y1enVGbjM3eFNMZUN3S2hPKzFMdWovM2FYNFJRTEEgcm9vdEBxdWFyawo=";
systems = [
"x86_64-linux"
# "aarch64-linux"
];
maxJobs = 1;
supportedFeatures = [
"gccarch-armv6"
"gccarch-aarch64"
"gccarch-riscv64"
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"gccarch-skylake"
"gccarch-znver4"
"gccarch-znver5"
];
}
// config.me.distributed_build.machines.quark.additional_config
)
];
})
]
);
}

34
nix/configuration/roles/docker/default.nix
View File

@@ -19,6 +19,14 @@
config = lib.mkIf config.me.docker.enable ( config = lib.mkIf config.me.docker.enable (
lib.mkMerge [ lib.mkMerge [
{
assertions = [
{
assertion = !config.me.podman.enable;
message = "docker conflicts with podman";
}
];
}
{ {
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
# Use docker activation # Use docker activation
@@ -56,6 +64,32 @@
# }; # };
}; };
systemd.services.link-docker-creds = {
# Contains credentials so it cannot be added to the nix store
enable = true;
description = "link-docker-creds";
wantedBy = [ "multi-user.target" ];
wants = [ "multi-user.target" ];
after = [ "multi-user.target" ];
# path = with pkgs; [
# zfs
# ];
unitConfig.DefaultDependencies = "no";
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
};
script = ''
if [ -e /persist/manual/docker/config.json ]; then
install --directory --owner talexander --group talexander --mode 0700 /home/talexander/.docker
ln -s /persist/manual/docker/config.json /home/talexander/.docker/config.json
fi
'';
preStop = ''
rm -f /home/talexander/.docker/config.json
'';
};
# Needed for non-rootless docker # Needed for non-rootless docker
users.users.talexander.extraGroups = [ "docker" ]; users.users.talexander.extraGroups = [ "docker" ];
} }

28
nix/configuration/roles/ecc/default.nix Normal file
View File

@@ -0,0 +1,28 @@
# Check memory errors with: ras-mc-ctl --error-count
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
ecc.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install ecc.";
};
};
config = lib.mkIf config.me.ecc.enable (
lib.mkMerge [
{
hardware.rasdaemon.enable = true;
}
]
);
}

16
nix/configuration/roles/emacs/default.nix
View File

@@ -89,7 +89,7 @@ in
(lib.mkIf (config.me.graphical) { (lib.mkIf (config.me.graphical) {
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: prev: { (final: prev: {
my_emacs = final.emacs29-pgtk; my_emacs = final.emacs-pgtk;
}) })
]; ];
}) })
@@ -113,7 +113,7 @@ in
"doc" "doc"
"info" "info"
]; ];
buildInputs = [ final.makeWrapper ]; nativeBuildInputs = [ final.makeWrapper ];
postBuild = '' postBuild = ''
wrapProgram $out/bin/emacs --prefix PATH : ${ wrapProgram $out/bin/emacs --prefix PATH : ${
lib.makeBinPath [ lib.makeBinPath [
@@ -121,6 +121,7 @@ in
dicts: with dicts; [ dicts: with dicts; [
en en
en-computers en-computers
# en-science # TODO: Why is en-science non-free?
] ]
)) ))
final.nixd # nix language server final.nixd # nix language server
@@ -129,6 +130,11 @@ in
final.shellcheck final.shellcheck
final.cmake-language-server final.cmake-language-server
final.cmake # Used by cmake-language-server final.cmake # Used by cmake-language-server
final.rust-analyzer
final.prettier # Format yaml, json, and JS
final.terraform-ls
final.typescript-language-server
final.tex
] ]
} }
''; '';
@@ -136,10 +142,8 @@ in
}) })
]; ];
home-manager.users.talexander = me.install.user.talexander.file = {
{ pkgs, ... }: ".config/emacs" = {
{
home.file.".config/emacs" = {
source = ./files/emacs; source = ./files/emacs;
recursive = true; recursive = true;
}; };

25
nix/configuration/roles/emacs/files/emacs/elisp/base-extensions.el
View File

@@ -14,17 +14,6 @@
;; Other packages ;; Other packages
(use-package emacs
:config
(setq enable-recursive-minibuffers t)
;; Filter the M-x list base on the current mode
(setq read-extended-command-predicate #'command-completion-default-include-p)
;; Enable triggering completion with the tab key.
(setq tab-always-indent 'complete)
)
(use-package dashboard (use-package dashboard
:config :config
(dashboard-setup-startup-hook)) (dashboard-setup-startup-hook))
@@ -51,17 +40,27 @@
;; Persist history over Emacs restarts. Vertico sorts by history position. ;; Persist history over Emacs restarts. Vertico sorts by history position.
(use-package savehist (use-package savehist
;; This is an emacs built-in but we're pulling the latest version ;; This is an emacs built-in but we're pulling the latest version
:pin gnu
:config :config
(savehist-mode)) (savehist-mode))
(use-package which-key (use-package which-key
:pin gnu
:diminish :diminish
:config :config
(which-key-mode)) (which-key-mode))
(use-package windmove (use-package windmove
:config ;; This is an emacs built-in but we're pulling the latest version
(windmove-default-keybindings)) :pin gnu
:bind
(
("S-<up>" . windmove-up)
("S-<right>" . windmove-right)
("S-<down>" . windmove-down)
("S-<left>" . windmove-left)
)
)
(setq tramp-default-method "ssh") (setq tramp-default-method "ssh")

68
nix/configuration/roles/emacs/files/emacs/elisp/base.el
View File

@@ -7,10 +7,12 @@
(use-package auto-package-update (use-package auto-package-update
:ensure t :ensure t
:custom
(auto-package-update-interval 14)
(auto-package-update-delete-old-versions t)
:config :config
(setq auto-package-update-delete-old-versions t (auto-package-update-maybe)
auto-package-update-interval 14) )
(auto-package-update-maybe))
(defun assert-directory (p) (defun assert-directory (p)
(unless (file-exists-p p) (make-directory p t)) (unless (file-exists-p p) (make-directory p t))
@@ -24,11 +26,51 @@
(setq autoload-directory (concat user-emacs-directory (file-name-as-directory "elisp") (file-name-as-directory "autoload"))) (setq autoload-directory (concat user-emacs-directory (file-name-as-directory "elisp") (file-name-as-directory "autoload")))
(add-to-list 'load-path (assert-directory autoload-directory)) (add-to-list 'load-path (assert-directory autoload-directory))
(setq-default (use-package emacs
:ensure nil
:bind
(("C-z" . nil)
("C-x C-z" . nil)
("RET" . newline-and-indent)
)
:custom
;; Replace highlighted text if you start typing.
(delete-selection-mode 1)
(history-length 300)
;; Enable auto-revert for buffers like dired
(global-auto-revert-non-file-buffers t)
;; If the underlying file changes, reload it automatically. This is useful for moving around in git without confusing language servers.
(auto-revert-avoid-polling t)
(auto-revert-interval 5)
(auto-revert-check-vc-info t)
(global-auto-revert-mode t)
;; Disable backup files and lockfiles ;; Disable backup files and lockfiles
make-backup-files nil (create-lockfiles nil)
auto-save-default nil (make-backup-files nil)
create-lockfiles nil (backup-inhibited t)
;; Do not auto-save files
(auto-save-default nil)
(pixel-scroll-precision-mode t)
(pixel-scroll-precision-use-momentum nil)
:config
(setq enable-recursive-minibuffers t)
;; Filter the M-x list base on the current mode
(setq read-extended-command-predicate #'command-completion-default-include-p)
;; Enable triggering completion with the tab key.
(setq tab-always-indent 'complete)
)
(setq-default
;; Unless otherwise specified, always install packages if they are absent. ;; Unless otherwise specified, always install packages if they are absent.
use-package-always-ensure t use-package-always-ensure t
;; Point custom-file at /dev/null so emacs does not write any settings to my dotfiles. ;; Point custom-file at /dev/null so emacs does not write any settings to my dotfiles.
@@ -63,13 +105,13 @@
show-trailing-whitespace t show-trailing-whitespace t
;; Remove the line when killing it with ctrl-k ;; Remove the line when killing it with ctrl-k
kill-whole-line t kill-whole-line t
;; Show the current project in the mode line
project-mode-line t
) )
;; (setq-default fringes-outside-margins t) ;; (setq-default fringes-outside-margins t)
;; Per-pixel scrolling instead of per-line
(pixel-scroll-precision-mode)
;; Typed text replaces selection ;; Typed text replaces selection
(delete-selection-mode) (delete-selection-mode)
@@ -77,12 +119,6 @@
;; Delete trailing whitespace before save ;; Delete trailing whitespace before save
(add-hook 'before-save-hook 'delete-trailing-whitespace) (add-hook 'before-save-hook 'delete-trailing-whitespace)
;; If the underlying file changes, reload it automatically. This is useful for moving around in git without confusing language servers.
(setopt auto-revert-avoid-polling t)
(setopt auto-revert-interval 5)
(setopt auto-revert-check-vc-info t)
(global-auto-revert-mode)
;;;;; Performance ;;;;; Performance
;; Run garbage collect when emacs is idle ;; Run garbage collect when emacs is idle
(run-with-idle-timer 5 t (lambda () (garbage-collect))) (run-with-idle-timer 5 t (lambda () (garbage-collect)))

16
nix/configuration/roles/emacs/files/emacs/elisp/lang-d2.el Normal file
View File

@@ -0,0 +1,16 @@
(defun d2-format-buffer ()
"Run prettier."
(interactive)
(run-command-on-buffer "d2" "fmt" "-")
)
(use-package d2-mode
:commands (d2-mode)
:hook (
(d2-mode . (lambda ()
;; (add-hook 'before-save-hook 'd2-format-buffer nil 'local)
))
)
)
(provide 'lang-d2)

10
nix/configuration/roles/emacs/files/emacs/elisp/lang-javascript.el
View File

@@ -1,6 +1,12 @@
(require 'common-lsp) (require 'common-lsp)
(require 'util-tree-sitter) (require 'util-tree-sitter)
(defun js-format-buffer ()
"Run prettier."
(interactive)
(run-command-on-buffer "prettier" "--stdin-filepath" buffer-file-name)
)
(use-package json-ts-mode (use-package json-ts-mode
:ensure nil :ensure nil
:pin manual :pin manual
@@ -113,10 +119,14 @@
("\\.js\\'" . js-ts-mode) ("\\.js\\'" . js-ts-mode)
) )
:commands (js-ts-mode) :commands (js-ts-mode)
:custom (
(js-indent-level 2)
)
:hook ( :hook (
(js-ts-mode . (lambda () (js-ts-mode . (lambda ()
(when-linux (when-linux
(eglot-ensure) (eglot-ensure)
(add-hook 'before-save-hook 'js-format-buffer nil 'local)
) )
)) ))
) )

17
nix/configuration/roles/emacs/files/emacs/elisp/lang-org.el
View File

@@ -1,16 +1,23 @@
(use-package org (use-package org
:ensure nil :ensure nil
:commands org-mode :commands org-mode
:bind ( :bind (:map org-mode-map
("C-c l" . org-store-link) ("C-c l" . org-store-link)
("C-c a" . org-agenda) ("C-c a" . org-agenda)
("C--" . org-timestamp-down) ("S-<up>" . org-shiftup)
("C-=" . org-timestamp-up) ("S-<right>" . org-shiftright)
("S-<down>" . org-shiftdown)
("S-<left>" . org-shiftleft)
) )
:hook ( :hook (
(org-mode . (lambda () (org-mode . (lambda ()
(org-indent-mode +1) (org-indent-mode +1)
)) ))
;; Make windmove work in Org mode:
(org-shiftup-final . windmove-up)
(org-shiftleft-final . windmove-left)
(org-shiftdown-final . windmove-down)
(org-shiftright-final . windmove-right)
) )
:config :config
(require 'org-tempo) (require 'org-tempo)
@@ -80,4 +87,8 @@
(use-package gnuplot) (use-package gnuplot)
(use-package graphviz-dot-mode) (use-package graphviz-dot-mode)
(use-package htmlize
;; For syntax highlighting when exporting to HTML.
)
(provide 'lang-org) (provide 'lang-org)

6
nix/configuration/roles/emacs/files/emacs/elisp/lang-rust.el
View File

@@ -46,7 +46,7 @@
(when rust-analyzer-command (when rust-analyzer-command
;; (add-to-list 'eglot-server-programs `(rust-ts-mode . (,rust-analyzer-command))) ;; (add-to-list 'eglot-server-programs `(rust-ts-mode . (,rust-analyzer-command)))
(add-to-list 'eglot-server-programs `(rust-ts-mode . (,rust-analyzer-command :initializationOptions (:imports (:granularity (:enforce t :group "item") (add-to-list 'eglot-server-programs `(rust-ts-mode . (,rust-analyzer-command :initializationOptions (:imports (:granularity (:enforce t :group "item")
:merge (:glob nil) :merge (:glob :json-false)
:prefix "self") :prefix "self")
)))) ))))
) )
@@ -60,8 +60,8 @@
(unless (treesit-ready-p 'rust) (treesit-install-language-grammar 'rust)) (unless (treesit-ready-p 'rust) (treesit-install-language-grammar 'rust))
:config :config
;; Add keybindings for interacting with Cargo ;; Add keybindings for interacting with Cargo
(use-package cargo ;; (use-package cargo
:hook (rust-ts-mode . cargo-minor-mode)) ;; :hook (rust-ts-mode . cargo-minor-mode))
) )
(use-package toml-ts-mode (use-package toml-ts-mode

2
nix/configuration/roles/emacs/files/emacs/init.el
View File

@@ -40,4 +40,6 @@
(require 'lang-cmake) (require 'lang-cmake)
(require 'lang-d2)
(load-directory autoload-directory) (load-directory autoload-directory)

41
nix/configuration/roles/emulate_isa/default.nix Normal file
View File

@@ -0,0 +1,41 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
emulate_isa.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to enable emulating other CPU architectures.";
};
};
config = lib.mkIf config.me.emulate_isa.enable (
lib.mkMerge [
{
boot.binfmt.emulatedSystems = [
"aarch64-linux" # Raspberry Pi gen 3
"riscv64-linux"
# TODO: Should "x86_64-linux" be in this list or should this list be dependent on the host CPU?
"armv6l-linux" # Raspberry Pi gen 1
];
me.optimizations = {
system_features = [
"gccarch-armv6"
"gccarch-aarch64"
"gccarch-riscv64"
];
};
}
]
);
}
# NOTE: build nixosConfigurations.<name>.config.system.build.sdImage

13
nix/configuration/roles/firefox/default.nix
View File

@@ -70,9 +70,12 @@
# Allow sending dark mode preference to websites. # Allow sending dark mode preference to websites.
# Allow sending timezone to websites. # Allow sending timezone to websites.
"privacy.fingerprintingProtection.overrides" = "privacy.fingerprintingProtection.overrides" =
"+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked"; "+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt";
# Disable weather on new tab page # Disable weather on new tab page
"browser.newtabpage.activity-stream.showWeather" = false; "browser.newtabpage.activity-stream.showWeather" = false;
# Disable AI stuff that wastes battery life
"browser.ml.chat.enabled" = false;
"browser.ml.enabled" = false;
}; };
# Check about:policies#documentation and https://mozilla.github.io/policy-templates/ for options. # Check about:policies#documentation and https://mozilla.github.io/policy-templates/ for options.
policies = { policies = {
@@ -88,10 +91,10 @@
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"; install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
installation_mode = "force_installed"; installation_mode = "force_installed";
}; };
"firefox@teleparty.com" = { # "firefox@teleparty.com" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/netflix-party-is-now-teleparty/latest.xpi"; # install_url = "https://addons.mozilla.org/firefox/downloads/latest/netflix-party-is-now-teleparty/latest.xpi";
installation_mode = "normal_installed"; # installation_mode = "normal_installed";
}; # };
"@ublacklist" = { "@ublacklist" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublacklist/latest.xpi"; install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublacklist/latest.xpi";
installation_mode = "normal_installed"; installation_mode = "normal_installed";

29
nix/configuration/roles/flux/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
flux.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install flux.";
};
};
config = lib.mkIf config.me.flux.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
fluxcd
];
}
]
);
}

1
nix/configuration/roles/fonts/default.nix
View File

@@ -15,6 +15,7 @@
cascadia-code cascadia-code
source-sans-pro source-sans-pro
source-serif-pro source-serif-pro
noto-fonts
noto-fonts-cjk-sans noto-fonts-cjk-sans
noto-fonts-cjk-serif noto-fonts-cjk-serif
noto-fonts-color-emoji noto-fonts-color-emoji

18
nix/configuration/roles/fonts/files/fonts.conf
View File

@@ -47,17 +47,17 @@
</alias> </alias>
<!-- Screw it. Force Liberation Mono to be source code pro. --> <!-- Screw it. Force Liberation Mono to be cascadia mono. -->
<match target="pattern"> <!-- <match target="pattern"> -->
<test qual="any" name="family"><string>Liberation Mono</string></test> <!-- <test qual="any" name="family"><string>Liberation Mono</string></test> -->
<edit name="family" mode="assign" binding="same"><string>Cascadia Mono</string></edit> <!-- <edit name="family" mode="assign" binding="same"><string>Cascadia Mono</string></edit> -->
</match> <!-- </match> -->
<!-- Dejavu Sans Mono keeps coming back when I query "monospace". Doesn't happen when I'm using Souce Code Pro but does happen with cascadia... force it to cascadia --> <!-- Dejavu Sans Mono keeps coming back when I query "monospace". Doesn't happen when I'm using Souce Code Pro but does happen with cascadia... force it to cascadia -->
<match target="pattern"> <!-- <match target="pattern"> -->
<test qual="any" name="family"><string>monospace</string></test> <!-- <test qual="any" name="family"><string>monospace</string></test> -->
<edit name="family" mode="assign" binding="same"><string>Cascadia Mono</string></edit> <!-- <edit name="family" mode="assign" binding="same"><string>Cascadia Mono</string></edit> -->
</match> <!-- </match> -->
<!-- Disable ligatures in monospace fonts. --> <!-- Disable ligatures in monospace fonts. -->
<match target="font"> <match target="font">

43
nix/configuration/roles/gcloud/default.nix Normal file
View File

@@ -0,0 +1,43 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
gcloud.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install gcloud.";
};
};
config = lib.mkIf config.me.gcloud.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
(google-cloud-sdk.withExtraComponents [ google-cloud-sdk.components.gke-gcloud-auth-plugin ])
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".config/gcloud";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
}
]
);
}

102
nix/configuration/roles/git/default.nix
View File

@@ -5,6 +5,18 @@
... ...
}: }:
let
git_wrapped =
package: prog:
pkgs.writeShellScriptBin "${prog}" ''
export PATH="${
lib.makeBinPath [
pkgs.meld
]
}:$PATH"
exec ${package}/bin/${prog} "''${@}"
'';
in
{ {
imports = [ ]; imports = [ ];
@@ -20,66 +32,48 @@
config = lib.mkMerge [ config = lib.mkMerge [
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
git my_git
]; ];
} }
(lib.mkIf (config.me.git.config != null) { (lib.mkIf (config.me.git.config != null) {
home-manager.users.talexander = me.install.user.talexander.file = {
{ pkgs, ... }: ".gitconfig" = {
{
home.file.".gitconfig" = {
source = config.me.git.config; source = config.me.git.config;
}; };
}; };
}) })
# (lib.mkIf (config.me.graphical) { (lib.mkIf (config.me.graphical) {
# nixpkgs.overlays = [ nixpkgs.overlays = [
# (final: prev: { (final: prev: {
# git = pkgs.buildEnv { my_git = (
# name = prev.git.name; pkgs.buildEnv {
# paths = [ name = prev.git.name;
# prev.git version = prev.git.version;
# ]; paths =
# extraOutputsToInstall = [ (builtins.map (git_wrapped prev.git) [
# "man" "git"
# "doc" ])
# "info" ++ [
# ]; prev.git
# buildInputs = [ final.makeWrapper ]; ];
# postBuild = '' extraOutputsToInstall = [
# wrapProgram $out/bin/git --prefix PATH : ${ "man"
# lib.makeBinPath [ "doc"
# final.meld "info"
# ] ];
# } nativeBuildInputs = [ final.makeWrapper ];
# ''; ignoreCollisions = true;
# }; }
# }) );
# ]; })
# }) ];
# (lib.mkIf (!config.me.graphical) { })
# nixpkgs.overlays = [ (lib.mkIf (!config.me.graphical) {
# (final: prev: { nixpkgs.overlays = [
# git = pkgs.buildEnv { (final: prev: {
# name = prev.git.name; my_git = prev.git;
# paths = [ })
# prev.git ];
# ]; })
# extraOutputsToInstall = [
# "man"
# "doc"
# "info"
# ];
# buildInputs = [ final.makeWrapper ];
# postBuild = ''
# wrapProgram $out/bin/git --prefix PATH : ${
# lib.makeBinPath [
# ]
# }
# '';
# };
# })
# ];
# })
]; ];
} }

33
nix/configuration/roles/git/files/gitconfig_home
View File

@@ -1,35 +1,58 @@
[user] [user]
email = tom@fizz.buzz email = tom@fizz.buzz
name = Tom Alexander name = Tom Alexander
signingkey = D3A179C9A53C0EDE signingkey = 36C99E8B3C39D85F
[push] [push]
default = simple default = simple # (default since 2.0)
[alias] [alias]
lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
bh = log --oneline --branches=* --remotes=* --graph --decorate bh = log --oneline --branches=* --remotes=* --graph --decorate
amend = commit --amend --no-edit amend = commit --amend --no-edit
authorcount = shortlog --summary --numbered --all --no-merges
[core] [core]
excludesfile = ~/.gitignore_global excludesfile = ~/.gitignore_global
[commit] [commit]
gpgsign = true gpgsign = true
verbose = true
[pull] [pull]
rebase = true rebase = true
[log] [log]
date = local date = local
[init] [init]
defaultBranch = main defaultBranch = main
# Use meld for `git difftool` and `git mergetool`
[diff] [diff]
tool = meld tool = meld # Use meld for `git difftool` and `git mergetool`
algorithm = histogram
colorMoved = plain
mnemonicPrefix = true
renames = true
[difftool] [difftool]
prompt = false prompt = false
[difftool "meld"] [difftool "meld"]
cmd = meld "$LOCAL" "$REMOTE" cmd = meld "$LOCAL" "$REMOTE"
[merge] [merge]
tool = meld tool = meld
conflictStyle = zdiff3
[mergetool "meld"] [mergetool "meld"]
# Make the middle pane start with partially-merged contents: # Make the middle pane start with partially-merged contents:
cmd = meld "$LOCAL" "$MERGED" "$REMOTE" --output "$MERGED" cmd = meld "$LOCAL" "$MERGED" "$REMOTE" --output "$MERGED"
# Make the middle pane start without any merge progress: # Make the middle pane start without any merge progress:
# cmd = meld "$LOCAL" "$BASE" "$REMOTE" --output "$MERGED" # cmd = meld "$LOCAL" "$BASE" "$REMOTE" --output "$MERGED"
[column]
ui = auto
[branch]
sort = -committerdate
[tag]
sort = version:refname
[fetch]
prune = true
pruneTags = true
all = true
[rebase]
autoSquash = true
autoStash = true
# updateRefs was annoying when you want to split a branch in two by rebasing away from commits from one branch and rebasing away some commits from another branch.
updateRefs = false
# Disabled because ephemeral pin storage is not yet ready in openpgp-card-state
# [gpg]
# program = oct-git

4
nix/configuration/roles/global_options/default.nix
View File

@@ -8,10 +8,6 @@
{ {
imports = [ ]; imports = [ ];
options.me = {
};
# options.me.graphics_card_type = lib.mkOption { # options.me.graphics_card_type = lib.mkOption {
# type = lib.types.nullOr ( # type = lib.types.nullOr (
# lib.types.enum [ # lib.types.enum [

29
nix/configuration/roles/gnuplot/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
gnuplot.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install gnuplot.";
};
};
config = lib.mkIf config.me.gnuplot.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
gnuplot
];
}
]
);
}

69
nix/configuration/roles/gpg/default.nix
View File

@@ -29,9 +29,7 @@ in
lib.mkMerge [ lib.mkMerge [
{ {
# Fetch public keys: # Fetch public keys:
# gpg --locate-keys tom@fizz.buzz # gpg --locate-external-keys tom@fizz.buzz
#
# gpg -vvv --auto-key-locate local,wkd --locate-keys tom@fizz.buzz
hardware.gpgSmartcards.enable = true; hardware.gpgSmartcards.enable = true;
services.udev.packages = [ services.udev.packages = [
@@ -47,35 +45,64 @@ in
}) })
]; ];
services.pcscd.enable = true; services.pcscd.enable = true;
# services.gnome.gnome-keyring.enable = true;
# services.dbus.packages = [ pkgs.gcr ]; me.install.user.talexander.file = {
".gnupg/scdaemon.conf" = {
# services.pcscd.plugins = lib.mkForce [ ];
# programs.gpg.scdaemonSettings = {
# disable-ccid = true;
# };
# .gnupg/scdaemon.conf
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".gnupg/scdaemon.conf" = {
source = ./files/scdaemon.conf; source = ./files/scdaemon.conf;
}; };
}; };
# programs.gnupg.dirmngr.enable = true;
programs.gnupg.agent = { programs.gnupg.agent = {
enable = true; enable = true;
enableSSHSupport = true; enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-qt; pinentryPackage = pkgs.pinentry-qt;
# Settings block populates /etc/gnupg/gpg-agent.conf
# settings = { # settings = {
# disable-ccid = true;
# }; # };
}; };
# Disabled because it breaks signing git commits because gpg wants to copy pubring.kbx. Unfortunately, this makes the install of scdaemon.conf do nothing since this mount of the full .gnupg directory goes over it.
#
# environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
# hideMounts = true;
# users.talexander = {
# files = [
# {
# file = ".gnupg/trustdb.gpg";
# parentDirectory = {
# mode = "u=rwx,g=,o=";
# };
# }
# {
# file = ".gnupg/pubring.kbx";
# parentDirectory = {
# mode = "u=rwx,g=,o=";
# };
# }
# {
# file = ".gnupg/tofu.db";
# parentDirectory = {
# mode = "u=rwx,g=,o=";
# };
# }
# ];
# directories = [
# {
# directory = ".gnupg/crls.d";
# user = "talexander";
# group = "talexander";
# mode = "0700";
# }
# {
# directory = ".gnupg/private-keys-v1.d";
# user = "talexander";
# group = "talexander";
# mode = "0700";
# }
# ];
# };
# };
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
@@ -85,7 +112,7 @@ in
user = "talexander"; user = "talexander";
group = "talexander"; group = "talexander";
mode = "0700"; mode = "0700";
} # Local keyring }
]; ];
}; };
}; };
@@ -93,8 +120,6 @@ in
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
pcsclite pcsclite
pcsctools pcsctools
yubikey-personalization
yubikey-manager
glibcLocales glibcLocales
ccid ccid
libusb-compat-0_1 libusb-compat-0_1

3
nix/configuration/roles/gpg/files/gpg_test_wkd.bash
View File

@@ -6,3 +6,6 @@ IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
gpg --no-default-keyring --keyring /tmp/gpg-$$ --auto-key-locate clear,wkd --locate-keys "${@}" gpg --no-default-keyring --keyring /tmp/gpg-$$ --auto-key-locate clear,wkd --locate-keys "${@}"
# To generate files for the WKD:
# gpg-wks-client --directory ./pgp/.well-known/openpgpkey --install-key <keyid> <email>

3
nix/configuration/roles/gpg/files/scdaemon.conf
View File

@@ -1,6 +1,9 @@
#reader-port Yubico Yubi #reader-port Yubico Yubi
disable-ccid disable-ccid
# This setting enables other backends like oct to access the pgp card simultaneously but it also means that gpg will ask for the pin for EVERY ssh session which is annoying in scripts.
#pcsc-shared
#log-file /home/talexander/scd.log #log-file /home/talexander/scd.log
#verbose #verbose
#debug cardio #debug cardio

20
nix/configuration/roles/graphics/default.nix
View File

@@ -37,6 +37,26 @@
xorg.xeyes # to test which windows are using x11 xorg.xeyes # to test which windows are using x11
]; ];
hardware.graphics.enable = true; hardware.graphics.enable = true;
# hardware.graphics.enable32Bit = true;
# Vulkan Support (64-bit is enabled by default, 32-bit is disabled by default)
# hardware.opengl.driSupport = true; # This is already enabled by default
# hardware.opengl.driSupport32Bit = true; # For 32 bit applications
})
(lib.mkIf (config.me.graphics_card_type == "amd") {
environment.systemPackages = with pkgs; [
nvtopPackages.amd
];
})
(lib.mkIf (config.me.graphics_card_type == "intel") {
environment.systemPackages = with pkgs; [
nvtopPackages.intel
];
})
(lib.mkIf (config.me.graphics_card_type == "nvidia") {
environment.systemPackages = with pkgs; [
nvtopPackages.nvidia
];
}) })
] ]
); );

49
nix/configuration/roles/hydra/default.nix Normal file
View File

@@ -0,0 +1,49 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
hydra.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install hydra.";
};
};
config = lib.mkIf config.me.hydra.enable (
lib.mkMerge [
{
services.hydra = {
enable = true;
hydraURL = "http://localhost:3000"; # Externally visible URL
notificationSender = "hydra@localhost"; # "From" address for hydra emails.
# a standalone Hydra will require you to unset the buildMachinesFiles list to avoid using a nonexistant /etc/nix/machines
buildMachinesFiles = [ ];
useSubstitutes = true;
};
# nix.buildMachines = [
# {
# hostName = "localhost";
# protocol = null;
# system = "x86_64-linux";
# supportedFeatures = [
# "kvm"
# "nixos-test"
# "big-parallel"
# "benchmark"
# ];
# maxJobs = 8;
# }
# ];
}
]
);
}

45
nix/configuration/roles/iso_mount/default.nix Normal file
View File

@@ -0,0 +1,45 @@
{
config,
lib,
pkgs,
...
}:
let
iso_mount =
(pkgs.writeScriptBin "iso_mount" (builtins.readFile ./files/iso_mount.bash)).overrideAttrs
(old: {
buildCommand = "${old.buildCommand}\n patchShebangs $out";
});
iso_unmount =
(pkgs.writeScriptBin "iso_unmount" (builtins.readFile ./files/iso_unmount.bash)).overrideAttrs
(old: {
buildCommand = "${old.buildCommand}\n patchShebangs $out";
});
in
{
imports = [ ];
options.me = {
iso_mount.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install iso_mount.";
};
};
config = lib.mkIf config.me.iso_mount.enable (
lib.mkMerge [
{
environment.systemPackages = [
iso_mount
iso_unmount
];
}
]
);
}

8
nix/configuration/roles/iso_mount/files/iso_mount.bash Normal file
View File

@@ -0,0 +1,8 @@
#!/usr/bin/env bash
#
# Mount a full-disk image as a loopback device so you can mount individual partitions from inside of it.
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
exec udisksctl loop-setup -r -f "${@}"

8
nix/configuration/roles/iso_mount/files/iso_unmount.bash Normal file
View File

@@ -0,0 +1,8 @@
#!/usr/bin/env bash
#
# Mount a full-disk image as a loopback device so you can mount individual partitions from inside of it.
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
exec udisksctl loop-delete "${@}"

6
nix/configuration/roles/kanshi/default.nix
View File

@@ -41,15 +41,11 @@ in
exec_kanshi exec_kanshi
]; ];
home-manager.users.talexander = me.install.user.talexander.file = {
{ pkgs, ... }:
{
home.file = {
".config/kanshi/config" = { ".config/kanshi/config" = {
source = ./files/config_kanshi; source = ./files/config_kanshi;
}; };
}; };
};
}) })
] ]
); );

10
nix/configuration/roles/kodi/default.nix
View File

@@ -51,7 +51,7 @@
# Generate with `mkpasswd -m scrypt` # Generate with `mkpasswd -m scrypt`
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48"; hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo=" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo=" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
]; ];
@@ -78,9 +78,6 @@
}; };
}; };
home-manager.users.kodi =
{ pkgs, ... }:
{
# home.file.".kodi/userdata/mediasources.xml".source = ./files/mediasources.xml; # home.file.".kodi/userdata/mediasources.xml".source = ./files/mediasources.xml;
# home.file.".kodi/userdata/addon_data/peripheral.joystick/resources/buttonmaps/xml/linux/DualSense_Wireless_Controller_13b_8a.xml".source = # home.file.".kodi/userdata/addon_data/peripheral.joystick/resources/buttonmaps/xml/linux/DualSense_Wireless_Controller_13b_8a.xml".source =
@@ -88,11 +85,6 @@
# TODO: Maybe .kodi/userdata/sources.xml # TODO: Maybe .kodi/userdata/sources.xml
# TODO: ./userdata/guisettings.xml:303: <setting id="filecache.memorysize">128</setting> # TODO: ./userdata/guisettings.xml:303: <setting id="filecache.memorysize">128</setting>
# The state version is required and should stay at the version you
# originally installed.
home.stateVersion = "24.11";
};
}) })
] ]
); );

Some files were not shown because too many files have changed in this diff Show More