talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: talexander:starship
Branches Tags
talexander:main talexander:kubernetes talexander:nix talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook
..
compare: talexander:install_files_mixin
Branches Tags
talexander:kubernetes talexander:nix talexander:mt7927 talexander:main talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook

126 Commits
starship ... install_fi

Author SHA1 Message Date
Tom Alexander
504f8ecf09 Add support for setting the group owning the file. 2025-05-26 21:17:11 -04:00
Tom Alexander
7254bc8c7c Add test invocation. 2025-05-26 21:05:56 -04:00
Tom Alexander
a32f6bf0d1 Add a mixin to install files instead of using home-manager. 2025-05-26 21:05:56 -04:00
Tom Alexander
996cb27a89 Merge branch 'rpcs3' into nix 2025-05-26 19:26:13 -04:00
Tom Alexander
9008d9b7c6 Clean up steam rom manager. 2025-05-26 19:25:10 -04:00
Tom Alexander
38a1168a32 Persist persistent_settings.dat on steam deck. 2025-05-26 18:23:10 -04:00
Tom Alexander
3a4344a112 Copy the RPCS3 setup improvements to the steam deck config. 2025-05-26 16:26:48 -04:00
Tom Alexander
18cb758986 Fix lag in the home button menu. 2025-05-26 16:02:34 -04:00
Tom Alexander
e28c7f8968 Persist icons and play stats. 2025-05-26 15:46:10 -04:00
Tom Alexander
5c17148635 Write color buffers to fix black screen on Demon's Souls. 2025-05-26 15:32:10 -04:00
Tom Alexander
199bb38dfb Fix rpcs3 config. 2025-05-26 15:24:50 -04:00
Tom Alexander
5af4a95940 Add the rpcs3 config.yml file. 2025-05-26 14:51:13 -04:00
Tom Alexander
daf35778c5 Add rpcs3 (ps3 emulator). 2025-05-26 14:51:12 -04:00
Tom Alexander
1866cf6290 Disable cargo in emacs because it is causing errors. 2025-05-24 22:46:38 -04:00
Tom Alexander
23ef4d50b9 Add a comment about how to read ECC memory errors. 2025-05-23 18:01:24 -04:00
Tom Alexander
4aec400388 Auto-format typescript in vscode. 2025-05-19 19:11:21 -04:00
Tom Alexander
f211282376 Fix the build after the software update. 2025-05-15 20:13:27 -04:00
Tom Alexander
96a96a0bc4 Move CPU optimizations into their own role. 
This is remove duplication between the individual hosts folders.
 2025-05-12 22:53:56 -04:00
Tom Alexander
554a6aff65 Update software. 2025-05-11 14:39:36 -04:00
Tom Alexander
14c5c7d0fd Improve video convert script. 2025-05-11 00:11:29 -04:00
Tom Alexander
22f9a0efcd I think I figured out howto enable cross compiling between zen versions. 2025-05-10 23:11:33 -04:00
Tom Alexander
3e80452235 Merge branch '9pfs' into nix 2025-05-10 22:24:43 -04:00
Tom Alexander
c68c069667 Add a new ionlybootzfs host for the test VM. 
This way it will install far less software.
 2025-05-10 22:11:59 -04:00
Tom Alexander
e08d93425a Remove games from VMs. 2025-05-10 21:14:34 -04:00
Tom Alexander
5b7cae49c3 Removing the 9pfs nix store. 
The experiment was good for mounting directories with various overlay patterns from the host to the guest, but using it specifically for /nix/store was a bad idea. It would be better to just serve the host nix store with nix-serve -p 8080 and add that as a substituter during install.
 2025-05-10 20:47:45 -04:00
Tom Alexander
e65504b5f3 Add a role for mounting the nix store over 9pfs. 
This is useful for virtual machines since we can have a persistent /nix/store on the host machine.
 2025-05-10 20:47:45 -04:00
Tom Alexander
158188c4c6 Fix disabling optimizations in iso builds. 2025-05-10 16:41:55 -04:00
Tom Alexander
c587fcc2ac Re-enable fwupd. Without it, gnome-firmwarm seems to not work. 2025-05-10 15:34:50 -04:00
Tom Alexander
9d16c7bd7b Update emacs config. 2025-05-10 12:44:12 -04:00
Tom Alexander
2b3b9af70b Disable teleparty. 
The firefox version has been buggy.
 2025-05-10 12:04:48 -04:00
Tom Alexander
53f370b1ee Add yt-dlp. 2025-05-10 11:58:55 -04:00
Tom Alexander
25c8c30488 Add mkvmerge. 2025-05-07 23:31:17 -04:00
Tom Alexander
4d754355b7 Merge branch 'nix_worker' into nix 2025-05-04 16:40:24 -04:00
Tom Alexander
902c6e1127 Switch to quark's buildMachine config being entirely in nix rather than in root's ssh config. 2025-05-04 16:26:41 -04:00
Tom Alexander
98f98a8895 Centralize the config for buildMachines. 2025-05-04 16:22:02 -04:00
Tom Alexander
4a303d17d8 Add a nix_worker role for nix builders. 2025-05-04 15:53:49 -04:00
Tom Alexander
7f4c41bb32 Add odo deploy scripts. 2025-05-04 15:16:44 -04:00
Tom Alexander
c68a6aaa19 Introduce config.me.optimizations.enable to toggle optimizations. 
This is more granular than the buildingIso setting.
 2025-05-04 15:12:41 -04:00
Tom Alexander
a36ebbf94c Switching --no-build-nix to --fast because it fixes remote deploys to machines with different architectures. 
I thought these flags were synonymous?
 2025-05-04 14:50:14 -04:00
Tom Alexander
1044aa16b0 Update to linux 6.14. 2025-05-04 12:09:57 -04:00
Tom Alexander
efcefc129a Update versions and regenerate lockfile. 2025-04-28 18:24:37 -04:00
Tom Alexander
16dd93668d Keep build outputs on odo. 2025-04-27 22:44:12 -04:00
Tom Alexander
c457f6414b Fix sm64ex. 2025-04-25 20:14:24 -04:00
Tom Alexander
844466c2ca Update versions. 2025-04-21 08:14:20 -04:00
Tom Alexander
6cf6e61193 Add quark as a /etc/hosts entry. 2025-04-19 21:14:40 -04:00
Tom Alexander
ca3ef67533 Disable lvfs and minor bug fix in copy_files util. 2025-04-19 20:58:16 -04:00
Tom Alexander
56c0add33f Add Quark to nix config. 2025-04-19 20:47:10 -04:00
Tom Alexander
ba81687d42 Add duckstation to the steam deck. 2025-04-15 21:44:53 -04:00
Tom Alexander
144f83982d Copy over some networking sysctls from my ansible playbook. 2025-04-11 19:38:14 -04:00
Tom Alexander
a97a03f642 Sort imports. 2025-04-11 17:41:55 -04:00
Tom Alexander
fc47359184 Add support for yuzu and ryujinx. 2025-04-05 21:53:36 -04:00
Tom Alexander
812a762652 Import disko through the flake inputs instead of fetchTarball. 2025-04-05 12:22:33 -04:00
Tom Alexander
fb785e036b Add a comment. 2025-04-05 12:22:33 -04:00
Tom Alexander
cdc7d13225 Fix screen scaling during screen sharing. 2025-04-05 12:22:33 -04:00
Tom Alexander
ec4583b79e Switch to shikane. 
Kanshi has been fine, but I want to see if I am missing anything that shikane offers.
 2025-04-05 12:22:32 -04:00
Tom Alexander
cab8c8d955 Switch to regular emacs package instead of pinned-version. 2025-04-05 12:22:32 -04:00
Tom Alexander
33f582d17a Enable optimization for hydra ISO. 2025-04-05 12:22:32 -04:00
Tom Alexander
295ac24361 Verify all the optimized builds. 2025-04-05 12:22:32 -04:00
Tom Alexander
42dd67f9da Enable optimizations for shipwright (Ocarina of Time PC Port). 2025-03-30 18:43:15 -04:00
Tom Alexander
c173ea87cf Auto-create persist directories. 2025-03-30 18:32:32 -04:00
Tom Alexander
33f45c56bf Add dolphin for gamecube and wii. 2025-03-30 17:10:43 -04:00
Tom Alexander
83389cb5cf Add ares for snes and nintendo 64. 2025-03-30 13:51:50 -04:00
Tom Alexander
4db3ef1ed3 Put steam rom manager data in the persist folder. 2025-03-29 19:19:41 -04:00
Tom Alexander
fe7a083a7b Pass along args in steam wrappers. 2025-03-29 16:46:52 -04:00
Tom Alexander
cd0578d0a6 Stop forcing cascadia. 2025-03-29 16:30:27 -04:00
Tom Alexander
f56dcc7c42 Start a hydra role. 2025-03-29 16:30:27 -04:00
Tom Alexander
83de1e3708 Add support for persistent disks in the hydra iso. 2025-03-29 16:30:27 -04:00
Tom Alexander
2b20ab5123 Fix remote builder config. 2025-03-27 22:15:53 -04:00
Tom Alexander
3ecb2fc790 Enable optimized builds for steam deck. 2025-03-24 21:59:43 -04:00
Tom Alexander
44a49d7ac7 Add rpcs3 (PS3 emulator) to steam deck. 2025-03-24 21:59:43 -04:00
Tom Alexander
acfc9ac1a4 Add hydra as a distributed build machine. 2025-03-24 21:59:42 -04:00
Tom Alexander
e733dcdcbf Add a target for the hydra server. 2025-03-23 18:19:49 -04:00
Tom Alexander
3099a18424 Enable optimization on odo. 2025-03-23 18:19:49 -04:00
Tom Alexander
15c209fdd9 Add support for pcsx2. 2025-03-22 13:39:13 -04:00
Tom Alexander
ee181b535e Compiling with optimizations still failing. 2025-03-17 08:26:39 -04:00
Tom Alexander
4d0fc61e13 Upgrade to 6.13. 2025-03-14 23:17:30 -04:00
Tom Alexander
2b54630053 Add some scripts that are helpful for configuring kubernetes. 2025-03-08 17:22:32 -05:00
Tom Alexander
84bd6be8e6 Hide the libultraship splash screen for a more authentic feel. 2025-03-01 22:53:33 -05:00
Tom Alexander
dd96520ad1 Add support for authenticating to GKE with gcloud. 2025-03-01 14:49:19 -05:00
Tom Alexander
11a1d61581 Integrate some git config suggestions from https://blog.gitbutler.com/how-git-core-devs-configure-git/ . 2025-02-26 17:06:44 -05:00
Tom Alexander
bab2cfdc7b Update to emacs 30. 2025-02-24 22:09:23 -05:00
Tom Alexander
fd0c92f3eb Persist the gcloud config directory. 2025-02-23 18:44:59 -05:00
Tom Alexander
6ac33d2538 Update lockfile. 2025-02-21 19:30:58 -05:00
Tom Alexander
8d4b345414 Install ipcalc. 2025-02-19 20:43:27 -05:00
Tom Alexander
8beaf00693 Add terraform-ls to emacs. 2025-02-18 18:23:40 -05:00
Tom Alexander
181e650094 Install steam-run-free. 2025-02-18 17:58:35 -05:00
Tom Alexander
449f288214 Add gcloud. 2025-02-18 17:52:50 -05:00
Tom Alexander
f6df27d7a9 Remove config that was causing extra prompts with no noticeable impact. 2025-02-16 20:57:08 -05:00
Tom Alexander
e3a7a410c4 Merge branch 'steam_deck' into nix 2025-02-16 09:18:07 -05:00
Tom Alexander
345c62a477 Add wrappers for 2ship2harkinian and sm64ex also. 
Set the steam launcher to run /home/deck/.nix-profile/bin/steam_<GAME> to have it work inside steam gaming mode.
 2025-02-15 20:50:34 -05:00
Tom Alexander
e7528765a9 Add a wrapper script to launch ship of harkinian in gaming mode. 2025-02-15 20:22:29 -05:00
Tom Alexander
54860370c0 Add a desktop file for sm64ex. 2025-02-15 19:31:16 -05:00
Tom Alexander
46b21370bd Auto-clean-up steam deck nix store. 2025-02-15 12:18:59 -05:00
Tom Alexander
381e3fb591 Switch to deploying 2ship2harkinian config file and fix launching it from KDE plasma's start menu. 2025-02-15 12:15:58 -05:00
Tom Alexander
5d4ebf90b3 Fix launching ship of harkinian from KDE plasma's start menu. 2025-02-15 11:53:19 -05:00
Tom Alexander
7dcdcc906c Switch to deploying the ship of harkinian config file. 2025-02-15 11:53:19 -05:00
Tom Alexander
a4abb96de3 Switch to deploying the sm64ex config file. 2025-02-15 10:57:18 -05:00
Tom Alexander
5859a06c5d Add icon to steam rom manager. 2025-02-15 10:32:50 -05:00
Tom Alexander
02223deb64 Switch steam rom manager to using the AppImage. 2025-02-15 08:50:58 -05:00
Tom Alexander
20e247f8ed Add a role for sm64ex for the deck. 2025-02-13 21:24:31 -05:00
Tom Alexander
b0186dc85b Add a role for 2ship2harkinian (Majora's Mask PC port). 2025-02-13 20:45:49 -05:00
Tom Alexander
cac15febfa Add impermanence for ship of harkinian's files. 2025-02-13 20:10:59 -05:00
Tom Alexander
48fa3c7436 Move steam rom manager to a role. 2025-02-13 19:33:07 -05:00
Tom Alexander
7dd922c2a2 Add a blank role. 2025-02-13 19:26:52 -05:00
Tom Alexander
ab6f7dbea5 Add a role for ship of harkinian (the pc port of Ocarina of Time). 2025-02-13 19:21:53 -05:00
Tom Alexander
fea86b00b4 Install nixGL to support running graphical programs on non-nixos. 2025-02-13 17:57:33 -05:00
Tom Alexander
197b8fcced Add ssh config. 2025-02-10 18:14:18 -05:00
Tom Alexander
0bec3dbe63 Switch to home-manager. 2025-02-10 01:17:58 -05:00
Tom Alexander
53caf8bc81 Add a steam deck nix config. 2025-02-10 00:09:26 -05:00
Tom Alexander
c37d0d9b9e Add decrypt k8s secret script. 2025-02-09 20:24:13 -05:00
Tom Alexander
a663a90ada Install sops for encrypting kubernetes secrets. 2025-02-09 11:06:53 -05:00
Tom Alexander
2d976a1cf3 Install dmidecode. 2025-02-09 10:08:32 -05:00
Tom Alexander
d8e8781287 Support compiling openssl-sys with rust. 2025-02-08 20:41:37 -05:00
Tom Alexander
502e18fdec Set up vdpau. 2025-02-08 16:06:57 -05:00
Tom Alexander
24d83e95a5 Fix shift-arrowkey hotkeys in org mode. 2025-02-07 19:01:49 -05:00
Tom Alexander
3ed43b1b8a Configure rustup toolchain, cargo credentials, and put dependencies under cargo. 2025-02-02 08:30:26 -05:00
Tom Alexander
64e735abbf Add role for gnuplot. 2025-02-01 14:38:51 -05:00
Tom Alexander
ed11bf1e65 Link docker credentials. 2025-02-01 13:34:19 -05:00
Tom Alexander
c0afe006b8 Add prettier to emacs. 2025-02-01 12:27:29 -05:00
Tom Alexander
1fe305576b Add a role for tekton. 2025-02-01 11:32:25 -05:00
Tom Alexander
fc400a98db Add role for flux. 2025-02-01 11:30:52 -05:00
Tom Alexander
4a63e1c23e Move rust-analyzer to inside emacs' path. 2025-02-01 00:03:02 -05:00
Tom Alexander
379795f6e8 Disable tmpfs on neelix so it can compile the kernel. 2025-01-31 22:46:36 -05:00
Tom Alexander
edd3c6a266 Add doas-sudo-shim to support remote builds. 2025-01-31 21:29:05 -05:00
Tom Alexander
dd785692ce Add lsof and fix styling of right-click menu in waybar. 2025-01-29 19:40:44 -05:00
Tom Alexander
c6ff6a1f24 Install wavemon. 2025-01-28 21:28:34 -05:00
142 changed files with 7818 additions and 748 deletions
Expand all files Collapse all files

1
nix/configuration/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
result

135
nix/configuration/configuration.nix
View File

@@ -8,63 +8,78 @@
{
imports = [
./roles/reset
./roles/global_options
./util/unfree_polyfill
./roles/iso
"${
builtins.fetchTarball {
url = "https://github.com/nix-community/disko/archive/refs/tags/v1.9.0.tar.gz";
sha256 = "0j76ar4qz320fakdii4659w5lww8wiz6yb7g47npywqvf2lbp388";
}
}/module.nix"
./roles/boot
./roles/zfs
./roles/network
./roles/firewall
./roles/zsh
./roles/zrepl
./roles/graphics
./roles/sound
./roles/sway
./roles/kanshi
./roles/2ship2harkinian
./roles/alacritty
./roles/firefox
./roles/chromium
./roles/emacs
./roles/git
./roles/fonts
./roles/gpg
./roles/waybar
./roles/qemu
./roles/wireguard
./roles/ansible
./roles/ares
./roles/ssh
./roles/python
./roles/bluetooth
./roles/boot
./roles/chromecast
./roles/chromium
./roles/distributed_build
./roles/docker
./roles/ecc
./roles/emacs
./roles/firefox
./roles/firewall
./roles/flux
./roles/fonts
./roles/gcloud
./roles/git
./roles/global_options
./roles/gnuplot
./roles/gpg
./roles/graphics
./roles/hydra
./roles/iso
./roles/iso_mount
./roles/kanshi
./roles/kodi
./roles/kubernetes
./roles/rust
./roles/media
./roles/steam
./roles/latex
./roles/launch_keyboard
./roles/lvfs
./roles/media
./roles/memtest86
./roles/network
./roles/nix_index
./roles/nix_worker
./roles/nvme
./roles/optimized_build
./roles/pcsx2
./roles/python
./roles/qemu
./roles/reset
./roles/rpcs3
./roles/rust
./roles/shikane
./roles/shipwright
./roles/sm64ex
./roles/sops
./roles/sound
./roles/ssh
./roles/steam
./roles/steam_run_free
./roles/sway
./roles/tekton
./roles/terraform
./roles/thunderbolt
./roles/vnc_client
./roles/vscode
./roles/wasm
./roles/vnc_client
./roles/chromecast
./roles/memtest86
./roles/kodi
./roles/ansible
./roles/bluetooth
./roles/sm64ex
./roles/shipwright
./roles/2ship2harkinian
./roles/nix_index
./roles/waybar
./roles/wireguard
./roles/zfs
./roles/zrepl
./roles/zsh
./util/install_files
./util/unfree_polyfill
];
me.install.user.talexander.file."/home/talexander/flake.nix" = {
source = ./flake.nix;
};
nix.settings.experimental-features = [
"nix-command"
"flakes"
@@ -74,6 +89,19 @@
# boot.kernelPackages = pkgs.linuxPackages_6_11;
hardware.enableRedistributableFirmware = true;
# Use nixos-rebuild-ng
# system.rebuild.enableNg = true;
# Keep outputs so we can build offline.
nix.extraOptions = ''
keep-outputs = true
keep-derivations = true
'';
# Technically only needed when building the ISO because nix detects ZFS in the filesystem list normally. I basically always want this so I'm just setting it to always be on.
boot.supportedFilesystems.zfs = true;
# TODO: Is this different from boot.supportedFilesystems = [ "zfs" ]; ?
services.getty = {
autologinUser = "talexander"; # I use full disk encryption so the user password is irrelevant.
autologinOnce = true;
@@ -100,12 +128,14 @@
home-manager.users.talexander =
{ pkgs, ... }:
{
home.packages = [
pkgs.atool
pkgs.httpie
];
programs.bash.enable = true;
# The state version is required and should stay at the version you
# originally installed.
home.stateVersion = "24.11";
};
home-manager.users.root =
{ pkgs, ... }:
{
# The state version is required and should stay at the version you
# originally installed.
home.stateVersion = "24.11";
@@ -152,6 +182,13 @@
ncdu
nix-tree
libarchive # bsdtar
lsof
doas-sudo-shim # To support --use-remote-sudo for remote builds
dmidecode # Read SMBIOS information.
ipcalc
gptfdisk # for cgdisk
nix-output-monitor # For better view into nixos-rebuild
nix-serve-ng # Serve nix store over http
];
services.openssh = {

60
nix/configuration/flake.lock generated
View File

@@ -8,15 +8,14 @@
]
},
"locked": {
"lastModified": 1,
"narHash": "sha256-c4Ds4E/10Zj5AQLuJ3JvJTuDK8o2WjVXLcIL7eyhTfw=",
"path": "flakes/ansible-sshjail",
"type": "path"
},
"original": {
"path": "flakes/ansible-sshjail",
"type": "path"
}
},
"parent": []
},
"crane": {
"locked": {
@@ -33,6 +32,26 @@
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1746729224,
"narHash": "sha256-9R4sOLAK1w3Bq54H3XOJogdc7a6C2bLLmatOQ+5pf5w=",
"owner": "nix-community",
"repo": "disko",
"rev": "85555d27ded84604ad6657ecca255a03fd878607",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
@@ -135,11 +154,11 @@
]
},
"locked": {
"lastModified": 1737762889,
"narHash": "sha256-5HGG09bh/Yx0JA8wtBMAzt0HMCL1bYZ93x4IqzVExio=",
"lastModified": 1746981801,
"narHash": "sha256-+Bfr0KqZV6gZdA7e2kupeoawozaLIHLuiPtC54uxbFc=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "daf04c5950b676f47a794300657f1d3d14c1a120",
"rev": "ff915842e4a2e63c4c8c5c08c6870b9d5b3c3ee9",
"type": "github"
},
"original": {
@@ -191,11 +210,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1737885589,
"narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=",
"lastModified": 1746663147,
"narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8",
"rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54",
"type": "github"
},
"original": {
@@ -237,6 +256,22 @@
"type": "github"
}
},
"nixpkgs-unoptimized": {
"locked": {
"lastModified": 1746663147,
"narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"pre-commit-hooks-nix": {
"inputs": {
"flake-compat": [
@@ -267,11 +302,13 @@
"root": {
"inputs": {
"ansible-sshjail": "ansible-sshjail",
"disko": "disko",
"home-manager": "home-manager",
"impermanence": "impermanence",
"lanzaboote": "lanzaboote",
"nixpkgs": "nixpkgs",
"nixpkgs-b93b4e9b5": "nixpkgs-b93b4e9b5",
"nixpkgs-unoptimized": "nixpkgs-unoptimized",
"zsh-histdb": "zsh-histdb"
}
},
@@ -334,15 +371,14 @@
]
},
"locked": {
"lastModified": 1,
"narHash": "sha256-5DWw7GnwVZ98HUp/UUJcyUmmy9Bh/mcQB8MQQ0t3ZRo=",
"path": "flakes/zsh-histdb",
"type": "path"
},
"original": {
"path": "flakes/zsh-histdb",
"type": "path"
}
},
"parent": []
}
},
"root": "root",

211
nix/configuration/flake.nix
View File

@@ -3,7 +3,7 @@
# output: result/iso/nixos.iso
# Run the ISO image
# "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \
# -accel kvm \
# -cpu host \
# -smp cores=8 \
@@ -12,7 +12,7 @@
# -drive if=pflash,format=raw,file="/tmp/OVMF_VARS.fd" \
# -nic user,hostfwd=tcp::60022-:22 \
# -boot order=d \
# -cdrom "$(readlink -f ./result/iso/nixos.iso)" \
# -cdrom "$(readlink -f ./result/iso/nixos*.iso)" \
# -display vnc=127.0.0.1:0
#
# doas cp "$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF_VARS.fd" /tmp/OVMF_VARS.fd
@@ -25,6 +25,18 @@
# iso.odo.isoName == "nixos.iso"
# full path = <outPath> / iso / <isoName>
#
# Install on a new machine:
#
#
# doas nix --substituters "http://10.0.2.2:8080?trusted=1 https://cache.nixos.org/" --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount hosts/odo/disk-config.nix
# nix flake update zsh-histdb --flake .
# nix flake update ansible-sshjail --flake .
# for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
# nixos-install --substituters "http://10.0.2.2:8080?trusted=1 https://cache.nixos.org/" --flake ".#vm_ionlybootzfs"
#
{
description = "My system configuration";
@@ -32,6 +44,7 @@
impermanence.url = "github:nix-community/impermanence";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-b93b4e9b5.url = "github:NixOS/nixpkgs/b93b4e9b527904aadf52dba6ca35efde2067cbd4";
nixpkgs-unoptimized.url = "github:NixOS/nixpkgs/nixos-unstable";
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
lanzaboote = {
@@ -52,12 +65,17 @@
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
{
self,
nixpkgs,
nixpkgs-unoptimized,
nixpkgs-b93b4e9b5,
impermanence,
home-manager,
@@ -73,11 +91,17 @@
pkgs-b93b4e9b5 = import nixpkgs-b93b4e9b5 {
inherit system;
};
pkgs-unoptimized = import nixpkgs-unoptimized {
inherit system;
hostPlatform.gcc.arch = "default";
hostPlatform.gcc.tune = "default";
};
};
modules = [
impermanence.nixosModules.impermanence
home-manager.nixosModules.home-manager
lanzaboote.nixosModules.lanzaboote
inputs.disko.nixosModules.disko
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
@@ -91,63 +115,158 @@
./configuration.nix
];
};
systems = {
odo = {
main = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
systems =
let
additional_iso_modules = [
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
# TODO: Figure out how to do image based appliances
# (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix")
{
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
me.buildingIso = true;
me.optimizations.enable = nixpkgs.lib.mkForce false;
}
{
# These are big space hogs. The chance that I need them on an ISO is slim.
me.steam.enable = nixpkgs.lib.mkForce false;
me.pcsx2.enable = nixpkgs.lib.mkForce false;
}
];
additional_vm_modules = [
(nixpkgs + "/nixos/modules/profiles/qemu-guest.nix")
{
networking.dhcpcd.enable = true;
networking.useDHCP = true;
me.optimizations.enable = nixpkgs.lib.mkForce false;
}
{
# I don't need games on a virtual machine.
me.steam.enable = nixpkgs.lib.mkForce false;
me.pcsx2.enable = nixpkgs.lib.mkForce false;
me.sm64ex.enable = nixpkgs.lib.mkForce false;
me.shipwright.enable = nixpkgs.lib.mkForce false;
me.ship2harkinian.enable = nixpkgs.lib.mkForce false;
}
];
in
{
odo = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/odo
];
}
);
iso = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
quark = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/odo
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
# TODO: Figure out how to do image based appliances
# (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix")
{
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
me.buildingIso = true;
}
./hosts/quark
];
}
);
};
neelix = {
main = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
neelix = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/neelix
];
}
);
iso = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [
./hosts/neelix
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
hydra =
let
additional_iso_modules = additional_iso_modules ++ [
{
isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
me.buildingIso = true;
me.optimizations.enable = true;
}
];
}
);
in
rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/hydra
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
ionlybootzfs = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/ionlybootzfs
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
};
};
in
{
nixosConfigurations.odo = systems.odo.main;
iso.odo = systems.odo.iso.config.system.build.isoImage;
nixosConfigurations.neelix = systems.neelix.main;
iso.neelix = systems.neelix.iso.config.system.build.isoImage;
nixosConfigurations.odo = nixpkgs.lib.nixosSystem systems.odo.main;
iso.odo = (nixpkgs.lib.nixosSystem systems.odo.iso).config.system.build.isoImage;
nixosConfigurations.vm_odo = nixpkgs.lib.nixosSystem systems.odo.vm;
vm_iso.odo = (nixpkgs.lib.nixosSystem systems.odo.vm_iso).config.system.build.isoImage;
nixosConfigurations.quark = nixpkgs.lib.nixosSystem systems.quark.main;
iso.quark = (nixpkgs.lib.nixosSystem systems.quark.iso).config.system.build.isoImage;
nixosConfigurations.vm_quark = nixpkgs.lib.nixosSystem systems.quark.vm;
vm_iso.quark = (nixpkgs.lib.nixosSystem systems.quark.vm_iso).config.system.build.isoImage;
nixosConfigurations.neelix = nixpkgs.lib.nixosSystem systems.neelix.main;
iso.neelix = (nixpkgs.lib.nixosSystem systems.neelix.iso).config.system.build.isoImage;
nixosConfigurations.vm_neelix = nixpkgs.lib.nixosSystem systems.neelix.vm;
vm_iso.neelix = (nixpkgs.lib.nixosSystem systems.neelix.vm_iso).config.system.build.isoImage;
nixosConfigurations.hydra = nixpkgs.lib.nixosSystem systems.hydra.main;
iso.hydra = (nixpkgs.lib.nixosSystem systems.hydra.iso).config.system.build.isoImage;
nixosConfigurations.vm_hydra = nixpkgs.lib.nixosSystem systems.hydra.vm;
vm_iso.hydra = (nixpkgs.lib.nixosSystem systems.hydra.vm_iso).config.system.build.isoImage;
nixosConfigurations.ionlybootzfs = nixpkgs.lib.nixosSystem systems.ionlybootzfs.main;
iso.ionlybootzfs = (nixpkgs.lib.nixosSystem systems.ionlybootzfs.iso).config.system.build.isoImage;
nixosConfigurations.vm_ionlybootzfs = nixpkgs.lib.nixosSystem systems.ionlybootzfs.vm;
vm_iso.ionlybootzfs =
(nixpkgs.lib.nixosSystem systems.ionlybootzfs.vm_iso).config.system.build.isoImage;
};
}

61
nix/configuration/flakes/starship-game/flake.lock generated
View File

@@ -1,61 +0,0 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735141468,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

34
nix/configuration/flakes/starship-game/flake.nix
View File

@@ -1,34 +0,0 @@
{
description = "A slightly better history for zsh";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
inputs.flake-utils.url = "github:numtide/flake-utils";
outputs =
{
self,
nixpkgs,
flake-utils,
...
}:
let
out =
system:
let
pkgs = nixpkgs.legacyPackages.${system};
# Maybe pkgs = import nixpkgs { inherit system; }; ?
appliedOverlay = self.overlays.default pkgs pkgs;
in
{
packages = rec {
default = starship-game;
starship-game = appliedOverlay.starship-game;
};
};
in
flake-utils.lib.eachDefaultSystem out
// {
overlays.default = final: prev: {
starship-game = final.callPackage ./package.nix { };
};
};
}

261
nix/configuration/flakes/starship-game/package.nix
View File

@@ -1,261 +0,0 @@
{
lib,
stdenv,
SDL2,
cmake,
copyDesktopItems,
fetchFromGitHub,
fetchpatch,
fetchurl,
imagemagick,
imgui,
libpng,
libpulseaudio,
libzip,
lsb-release,
makeDesktopItem,
makeWrapper,
ninja,
nlohmann_json,
pkg-config,
python3,
spdlog,
stormlib,
tinyxml-2,
writeTextFile,
zenity,
}:
let
# This would get fetched at build time otherwise, see:
# https://github.com/HarbourMasters/2ship2harkinian/blob/1.0.2/mm/CMakeLists.txt#L708
gamecontrollerdb = fetchurl {
name = "gamecontrollerdb.txt";
url = "https://raw.githubusercontent.com/gabomdq/SDL_GameControllerDB/b1759cf84028aab89caa1c395e198c340b8dfd89/gamecontrollerdb.txt";
hash = "sha256-7C5EkqBIhLGNJuhi3832y0ffW5Ep7iuTYXb1bL5h2Js=";
};
# 2ship needs a specific imgui version
imgui' = imgui.overrideAttrs rec {
version = "1.90.6";
src = fetchFromGitHub {
owner = "ocornut";
repo = "imgui";
rev = "v${version}-docking";
hash = "sha256-Y8lZb1cLJF48sbuxQ3vXq6GLru/WThR78pq7LlORIzc=";
};
};
libgfxd = fetchFromGitHub {
owner = "glankk";
repo = "libgfxd";
rev = "96fd3b849f38b3a7c7b7f3ff03c5921d328e6cdf";
hash = "sha256-dedZuV0BxU6goT+rPvrofYqTz9pTA/f6eQcsvpDWdvQ=";
};
yaml_cpp = fetchFromGitHub {
owner = "jbeder";
repo = "yaml-cpp";
rev = "f7320141120f720aecc4c32be25586e7da9eb978";
hash = "sha256-J87oS6Az1/vNdyXu3L7KmUGWzU0IAkGrGMUUha+xDXI=";
};
# spdlog = fetchFromGitHub {
# owner = "gabime";
# repo = "spdlog";
# rev = "7e635fca68d014934b4af8a1cf874f63989352b7";
# hash = "sha256-cxTaOuLXHRU8xMz9gluYz0a93O0ez2xOxbloyc1m1ns=";
# };
# stb_impl = writeTextFile {
# name = "stb_impl.c";
# text = ''
# #define STB_IMAGE_IMPLEMENTATION
# #include "stb_image.h"
# '';
# };
# stb' = fetchurl {
# name = "stb_image.h";
# url = "https://raw.githubusercontent.com/nothings/stb/0bc88af4de5fb022db643c2d8e549a0927749354/stb_image.h";
# hash = "sha256-xUsVponmofMsdeLsI6+kQuPg436JS3PBl00IZ5sg3Vw=";
# };
# Apply 2ship's patch for stormlib
stormlib' = stormlib.overrideAttrs (prev: rec {
version = "9.25";
src = fetchFromGitHub {
owner = "ladislav-zezula";
repo = "StormLib";
rev = "v${version}";
hash = "sha256-HTi2FKzKCbRaP13XERUmHkJgw8IfKaRJvsK3+YxFFdc=";
};
nativeBuildInputs = prev.nativeBuildInputs ++ [ pkg-config ];
patches = (prev.patches or [ ]) ++ [
(fetchpatch {
name = "stormlib-optimizations.patch";
url = "https://github.com/briaguya-ai/StormLib/commit/ff338b230544f8b2bb68d2fbe075175ed2fd758c.patch";
hash = "sha256-Jbnsu5E6PkBifcx/yULMVC//ab7tszYgktS09Azs5+4=";
})
];
});
thread_pool = fetchFromGitHub {
owner = "bshoshany";
repo = "thread-pool";
rev = "v4.1.0";
hash = "sha256-zhRFEmPYNFLqQCfvdAaG5VBNle9Qm8FepIIIrT9sh88=";
};
in
stdenv.mkDerivation (finalAttrs: {
pname = "starship-game";
version = "v1.0.0";
src = fetchFromGitHub {
owner = "HarbourMasters";
repo = "starship";
# rev = "5e5e49da93e066f51c3010ba38f09331d866f2db";
tag = finalAttrs.version;
hash = "sha256-kaLLlLuonqE2DJcRlWR4tCEBNjwIYFlzeDLcYsvMO7I=";
fetchSubmodules = true;
};
# patches = [
# # remove fetching stb as we will patch our own
# ./0001-deps.patch
# ];
nativeBuildInputs = [
cmake
copyDesktopItems
imagemagick
lsb-release
makeWrapper
ninja
pkg-config
python3
];
buildInputs = [
SDL2
imgui'
libpng
libpulseaudio
libzip
nlohmann_json
spdlog
stormlib'
tinyxml-2
zenity
];
cmakeFlags = [
(lib.cmakeBool "NON_PORTABLE" true)
(lib.cmakeFeature "CMAKE_INSTALL_PREFIX" "${placeholder "out"}/starship-game")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_IMGUI" "${imgui'.src}")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_LIBGFXD" "${libgfxd}")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_STORMLIB" "${stormlib'}")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_THREADPOOL" "${thread_pool}")
];
dontAddPrefix = true;
# Linking fails without this
hardeningDisable = [ "format" ];
# Pie needs to be enabled or else it segfaults
hardeningEnable = [ "pie" ];
# preConfigure = ''
# # mirror 2ship's stb
# mkdir stb
# cp ${stb'} ./stb/${stb'.name}
# cp ${stb_impl} ./stb/${stb_impl.name}
# substituteInPlace libultraship/cmake/dependencies/common.cmake \
# --replace-fail "\''${STB_DIR}" "/build/source/stb"
# '';
# (cd tools/Torch && cmake -H. -Bbuild-cmake -GNinja \
# -DFETCHCONTENT_SOURCE_DIR_LIBGFXD=${libgfxd} \
# -DFETCHCONTENT_SOURCE_DIR_YAML-CPP=${finalAttrs.yaml_cpp_src} \
# -DFETCHCONTENT_SOURCE_DIR_SPDLOG=${finalAttrs.spdlog_src}
# )
configurePhase = ''
cmake -H. -Bbuild-cmake -GNinja \
-DFETCHCONTENT_SOURCE_DIR_IMGUI=${imgui'.src} \
-DFETCHCONTENT_SOURCE_DIR_STORMLIB=${stormlib'} \
-DFETCHCONTENT_SOURCE_DIR_THREADPOOL=${thread_pool}
(cd tools/Torch && cmake -H. -Bbuild-cmake -GNinja \
-DFETCHCONTENT_SOURCE_DIR_LIBGFXD=${libgfxd} \
-DFETCHCONTENT_SOURCE_DIR_YAML-CPP=${yaml_cpp} \
-DFETCHCONTENT_SOURCE_DIR_SPDLOG=${spdlog}
)
(cd libultraship && cmake -H. -Bbuild-cmake -GNinja \
-DFETCHCONTENT_SOURCE_DIR_LIBGFXD=${libgfxd} \
-DFETCHCONTENT_SOURCE_DIR_IMGUI=${imgui'.src} \
-DFETCHCONTENT_SOURCE_DIR_STORMLIB=${stormlib'} \
-DFETCHCONTENT_SOURCE_DIR_THREADPOOL=${thread_pool}
)
'';
buildPhase = ''
cmake --build build-cmake
'';
postBuild = ''
cp ${gamecontrollerdb} ${gamecontrollerdb.name}
pushd ../OTRExporter
python3 ./extract_assets.py -z ../build/ZAPD/ZAPD.out --norom --xml-root ../mm/assets/xml --custom-assets-path ../mm/assets/custom --custom-otr-file 2ship.o2r --port-ver ${finalAttrs.version}
popd
'';
preInstall = ''
# Cmake likes it here for its install paths
cp ../OTRExporter/2ship.o2r mm/
'';
postInstall = ''
mkdir -p $out/bin
ln -s $out/2s2h/2s2h.elf $out/bin/2s2h
install -Dm644 ../mm/linux/2s2hIcon.png $out/share/pixmaps/2s2h.png
'';
postFixup = ''
wrapProgram $out/2s2h/2s2h.elf --prefix PATH ":" ${lib.makeBinPath [ zenity ]}
'';
desktopItems = [
(makeDesktopItem {
name = "starship";
icon = "starship";
exec = "starship";
comment = finalAttrs.meta.description;
genericName = "Starship";
desktopName = "starship";
categories = [ "Game" ];
})
];
meta = {
homepage = "https://github.com/HarbourMasters/2ship2harkinian";
description = "A PC port of Majora's Mask with modern controls, widescreen, high-resolution, and more";
mainProgram = "starship";
platforms = [ "x86_64-linux" ];
maintainers = with lib.maintainers; [ ];
license = with lib.licenses; [
# # OTRExporter, OTRGui, ZAPDTR, libultraship
# mit
# # 2 Ship 2 Harkinian
# cc0
# # Reverse engineering
# unfree
];
};
})

19
nix/configuration/hosts/hydra/DEPLOY_BOOT Executable file
View File

@@ -0,0 +1,19 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=hydra
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#hydra'

19
nix/configuration/hosts/hydra/DEPLOY_SWITCH Executable file
View File

@@ -0,0 +1,19 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=hydra
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#hydra'

12
nix/configuration/hosts/hydra/ISO Executable file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.hydra" --max-jobs "$JOBS" "${@}" |& nom

68
nix/configuration/hosts/hydra/default.nix Normal file
View File

@@ -0,0 +1,68 @@
#
# Testing:
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \
# -accel kvm \
# -cpu host \
# -smp cores=8 \
# -m 32768 \
# -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" \
# -drive file=/tmp/localdisk.img,if=none,id=nvm,format=raw \
# -device nvme,serial=deadbeef,drive=nvm \
# -nic user,hostfwd=tcp::60022-:22 \
# -boot order=d \
# -cdrom "$(readlink -f /persist/machine_setup/nix/configuration/result/iso/nixos*.iso)" \
# -display vnc=127.0.0.1:0
#
{
config,
lib,
pkgs,
...
}:
{
imports = [
./disk-config.nix
./hardware-configuration.nix
./optimized_build.nix
./vm_disk.nix
];
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "fbd233d8";
networking.hostName = "hydra"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = false;
me.optimizations = {
enable = true;
arch = "znver4";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
me.emacs_flavor = "plainmacs";
me.graphical = false;
me.hydra.enable = false;
me.nix_worker.enable = true;
me.vm_disk.enable = true;
me.wireguard.activated = [ ];
me.wireguard.deactivated = [ ];
me.zsh.enable = true;
}

140
nix/configuration/hosts/hydra/disk-config.nix Normal file
View File

@@ -0,0 +1,140 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) {
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"umask=0077"
"noatime"
"discard"
];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
# mode = "mirror";
# Workaround: cannot import 'zroot': I/O error in disko tests
options.cachefile = "none";
options = {
ashift = "12";
compatibility = "openzfs-2.2-freebsd";
autotrim = "on";
};
rootFsOptions = {
acltype = "posixacl";
atime = "off";
relatime = "off";
xattr = "sa";
mountpoint = "none";
compression = "lz4";
canmount = "off";
utf8only = "on";
dnodesize = "auto";
normalization = "formD";
};
datasets = {
"linux/nix" = {
type = "zfs_fs";
options.mountpoint = "none";
};
"linux/nix/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
};
"linux/nix/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
options = {
recordsize = "1MiB";
compression = "lz4";
};
};
"linux/nix/home" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/home";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
};
"linux/nix/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
};
"linux/nix/state" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/state";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
};
};
};
};
};
# Make sure all persistent volumes are marked as neededForBoot
#
# Also mounts /home so it is mounted before the user home directories are created.
fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
fileSystems."/".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [
"noatime"
"norelatime"
];
fileSystems."/persist".options = [
"noatime"
"norelatime"
];
fileSystems."/state".options = [
"noatime"
"norelatime"
];
fileSystems."/home".options = [
"noatime"
"norelatime"
];
}

39
nix/configuration/hosts/hydra/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,39 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.dhcpcd.enable = lib.mkForce true;
networking.useDHCP = lib.mkForce true;
networking.interfaces.enp0s2.useDHCP = lib.mkForce true;
# systemd.network.enable = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

77
nix/configuration/hosts/hydra/vm_disk.nix Normal file
View File

@@ -0,0 +1,77 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
vm_disk.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to mount the local disk for persistent storage.";
};
};
config = lib.mkIf config.me.vm_disk.enable (
lib.mkMerge [
{
# Mount the local disk
fileSystems = {
"/.disk" = lib.mkForce {
device = "/dev/nvme0n1p1";
fsType = "ext4";
options = [
"noatime"
"discard"
];
neededForBoot = true;
};
"/persist" = {
fsType = "none";
device = "/.disk/persist";
options = [
"bind"
"rw"
];
depends = [
"/.disk/persist"
];
};
"/state" = {
fsType = "none";
device = "/.disk/state";
options = [
"bind"
"rw"
];
depends = [
"/.disk/state"
];
};
"/nix/store" = lib.mkForce {
fsType = "overlay";
device = "overlay";
options = [
"lowerdir=/nix/.ro-store"
"upperdir=/.disk/persist/store"
"workdir=/.disk/state/work"
];
depends = [
"/nix/.ro-store"
"/.disk/persist/store"
"/.disk/state/work"
];
};
};
}
]
);
}

19
nix/configuration/hosts/ionlybootzfs/DEPLOY_BOOT Executable file
View File

@@ -0,0 +1,19 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET="ionlybootzfs"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#ionlybootzfs'

19
nix/configuration/hosts/ionlybootzfs/DEPLOY_SWITCH Executable file
View File

@@ -0,0 +1,19 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=ionlybootzfs
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#ionlybootzfs'

12
nix/configuration/hosts/ionlybootzfs/ISO Executable file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.ionlybootzfs" --max-jobs "$JOBS" "${@}" |& nom

63
nix/configuration/hosts/ionlybootzfs/default.nix Normal file
View File

@@ -0,0 +1,63 @@
#
# Testing:
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \
# -accel kvm \
# -cpu host \
# -smp cores=8 \
# -m 32768 \
# -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" \
# -drive file=/tmp/localdisk.img,if=none,id=nvm,format=raw \
# -device nvme,serial=deadbeef,drive=nvm \
# -nic user,hostfwd=tcp::60022-:22 \
# -boot order=d \
# -cdrom "$(readlink -f /persist/machine_setup/nix/configuration/result/iso/nixos*.iso)" \
# -display vnc=127.0.0.1:0
#
{
config,
lib,
pkgs,
...
}:
{
imports = [
./wrapped-disk-config.nix
./hardware-configuration.nix
];
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "fbd233d8";
networking.hostName = "ionlybootzfs"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = true;
me.optimizations = {
enable = false;
arch = "znver4";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
me.emacs_flavor = "plainmacs";
me.graphical = false;
me.wireguard.activated = [ ];
me.wireguard.deactivated = [ ];
me.zsh.enable = true;
}

142
nix/configuration/hosts/ionlybootzfs/disk-config.nix Normal file
View File

@@ -0,0 +1,142 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"umask=0077"
"noatime"
"discard"
];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
# mode = "mirror";
# Workaround: cannot import 'zroot': I/O error in disko tests
options.cachefile = "none";
options = {
ashift = "12";
compatibility = "openzfs-2.2-freebsd";
autotrim = "on";
};
rootFsOptions = {
acltype = "posixacl";
atime = "off";
relatime = "off";
xattr = "sa";
mountpoint = "none";
compression = "lz4";
canmount = "off";
utf8only = "on";
dnodesize = "auto";
normalization = "formD";
};
datasets = {
"linux/nix" = {
type = "zfs_fs";
options.mountpoint = "none";
options = {
encryption = "aes-256-gcm";
keyformat = "passphrase";
# keylocation = "file:///tmp/secret.key";
};
};
"linux/nix/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
};
"linux/nix/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
options = {
recordsize = "16MiB";
compression = "zstd-19";
};
};
"linux/nix/home" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/home";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
};
"linux/nix/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
};
"linux/nix/state" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/state";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
};
};
};
};
};
# Make sure all persistent volumes are marked as neededForBoot
#
# Also mounts /home so it is mounted before the user home directories are created.
fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
fileSystems."/".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [
"noatime"
"norelatime"
];
fileSystems."/persist".options = [
"noatime"
"norelatime"
];
fileSystems."/state".options = [
"noatime"
"norelatime"
];
fileSystems."/home".options = [
"noatime"
"norelatime"
];
# Only attempt to decrypt the main pool. Otherwise it attempts to decrypt pools that aren't even used.
boot.zfs.requestEncryptionCredentials = [ "zroot/linux/nix" ];
}

38
nix/configuration/hosts/ionlybootzfs/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,38 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.dhcpcd.enable = lib.mkForce true;
networking.useDHCP = lib.mkForce true;
# systemd.network.enable = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

131
nix/configuration/hosts/ionlybootzfs/optimized_build.nix Normal file
View File

@@ -0,0 +1,131 @@
{
config,
lib,
pkgs,
pkgs-unoptimized,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{ }
(lib.mkIf (!config.me.optimizations.enable) {
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_14;
})
(lib.mkIf (config.me.optimizations.enable) {
nixpkgs.hostPlatform = {
gcc.arch = "znver4";
gcc.tune = "znver4";
system = "x86_64-linux";
};
nixpkgs.overlays = [
(
final: prev:
let
addConfig =
additionalConfig: pkg:
pkg.override (oldconfig: {
structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
});
in
{
linux_me = addConfig {
# Full preemption
PREEMPT = lib.mkOverride 60 lib.kernel.yes;
PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
# Google's BBRv3 TCP congestion Control
TCP_CONG_BBR = lib.kernel.yes;
DEFAULT_BBR = lib.kernel.yes;
# Preemptive Full Tickless Kernel at 300Hz
HZ = lib.kernel.freeform "300";
HZ_300 = lib.kernel.yes;
HZ_1000 = lib.kernel.no;
} prev.linux_6_14;
# gsl = prev.gsl.overrideAttrs (old: {
# # gsl tests fails when optimizations are enabled.
# # > FAIL: cholesky_invert unscaled hilbert ( 4, 4)[0,2]: 2.55795384873636067e-13 0
# # > (2.55795384873636067e-13 observed vs 0 expected) [28259614]
# doCheck = false;
# });
}
)
(final: prev: {
haskellPackages = prev.haskellPackages.extend (
final': prev': {
inherit (pkgs-unoptimized.haskellPackages)
crypton
crypton-connection
crypton-x509
crypton-x509-store
crypton-x509-system
crypton-x509-validation
hspec-wai
http-client-tls
http2
pandoc
pandoc-cli
pandoc-lua-engine
pandoc-server
servant-server
tls
wai-app-static
wai-extra
warp
;
}
);
})
(final: prev: {
inherit (pkgs-unoptimized)
gsl
redis
valkey
;
})
];
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_me;
})
(lib.mkIf (!config.me.buildingIso) {
nix.settings.system-features = lib.mkForce [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
# Keep ALL dependencies so we can rebuild offline. This DRASTICALLY increase disk usage, but disk space is cheap.
# system.includeBuildDependencies = true;
# This also should enable building offline? TODO: test.
nix.extraOptions = ''
keep-outputs = true
keep-derivations = true
'';
# # building ON
# nixpkgs.localSystem = { system = "aarch64-linux"; };
# # building FOR
# nixpkgs.crossSystem = { system = "aarch64-linux"; };
# nixpkgs.config = {
# replaceStdenv = ({ pkgs }: pkgs.clangStdenv);
# };
# or maybe an overlay
# stdenv = prev.clangStdenv;
})
(lib.mkIf (config.me.buildingIso) {
boot.supportedFilesystems.zfs = true;
})
];
}

8
nix/configuration/hosts/ionlybootzfs/wrapped-disk-config.nix Normal file
View File

@@ -0,0 +1,8 @@
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) (import ./disk-config.nix)

19
nix/configuration/hosts/neelix/DEPLOY_BOOT Executable file
View File

@@ -0,0 +1,19 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=neelix
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#neelix'

19
nix/configuration/hosts/neelix/DEPLOY_SWITCH Executable file
View File

@@ -0,0 +1,19 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=neelix
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#neelix'

19
nix/configuration/hosts/neelix/default.nix
View File

@@ -3,12 +3,11 @@
imports = [
./hardware-configuration.nix
./disk-config.nix
./optimized_build.nix
./power_management.nix
];
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "fbd233d8";
networking.hostId = "bca9d0a5";
networking.hostName = "neelix"; # Define your hostname.
@@ -17,11 +16,25 @@
me.secureBoot.enable = false;
me.optimizations = {
enable = false;
arch = "alderlake";
system_features = [
"gccarch-alderlake"
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Early KMS
boot.initrd.kernelModules = [ "i915" ];
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
# boot.tmp.useTmpfs = true;
me.bluetooth.enable = true;
me.emacs_flavor = "plainmacs";

11
nix/configuration/hosts/neelix/hardware-configuration.nix
View File

@@ -14,7 +14,14 @@
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
@@ -23,7 +30,7 @@
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;

78
nix/configuration/hosts/neelix/optimized_build.nix
View File

@@ -1,78 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{ }
(lib.mkIf (!config.me.buildingIso) {
nix.settings.system-features = lib.mkForce [
"gccarch-alderlake"
"gccarch-x86-64-v3"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
# nixpkgs.hostPlatform = {
# gcc.arch = "alderlake";
# gcc.tune = "alderlake";
# system = "x86_64-linux";
# };
nixpkgs.overlays = [
(
self: super:
let
optimizeWithFlags =
pkg: flags:
pkg.overrideAttrs (old: {
NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags;
});
addConfig =
additionalConfig: pkg:
pkg.override (oldconfig: {
structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
});
in
{
linux_alderlake =
addConfig
{
# Full preemption
PREEMPT = lib.mkOverride 60 lib.kernel.yes;
PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
# Google's BBRv3 TCP congestion Control
TCP_CONG_BBR = lib.kernel.yes;
DEFAULT_BBR = lib.kernel.yes;
# Preemptive Full Tickless Kernel at 300Hz
HZ = lib.kernel.freeform "300";
HZ_300 = lib.kernel.yes;
HZ_1000 = lib.kernel.no;
}
(
optimizeWithFlags super.linux_6_12 [
"-march=alderlake"
"-mtune=alderlake"
]
);
}
)
];
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_alderlake;
})
(lib.mkIf (config.me.buildingIso) {
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_12;
boot.supportedFilesystems = [ "zfs" ];
})
];
}

19
nix/configuration/hosts/odo/DEPLOY_BOOT Executable file
View File

@@ -0,0 +1,19 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
# TARGET=10.216.1.15
# TARGET=192.168.211.250
TARGET=odo
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#odo'

19
nix/configuration/hosts/odo/DEPLOY_SWITCH Executable file
View File

@@ -0,0 +1,19 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=odo
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#odo'

12
nix/configuration/hosts/odo/ISO Executable file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.odo" --max-jobs "$JOBS" "${@}" |& nom

12
nix/configuration/hosts/odo/SELF_BOOT Executable file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" "${@}" |& nom

12
nix/configuration/hosts/odo/SELF_BUILD Executable file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" "${@}" |& nom

12
nix/configuration/hosts/odo/SELF_SWITCH Executable file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" "${@}" |& nom

49
nix/configuration/hosts/odo/default.nix
View File

@@ -1,12 +1,18 @@
{ config, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
{
imports = [
./hardware-configuration.nix
./disk-config.nix
./optimized_build.nix
./wrapped-disk-config.nix
./distributed_build.nix
./power_management.nix
./screen_brightness.nix
./wifi.nix
./framework_module.nix
];
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
@@ -19,6 +25,22 @@
me.secureBoot.enable = true;
me.optimizations = {
enable = true;
arch = "znver4";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Early KMS
boot.initrd.kernelModules = [ "amdgpu" ];
@@ -27,8 +49,15 @@
environment.systemPackages = with pkgs; [
fw-ectool
framework-tool
];
# Enable light sensor
# hardware.sensor.iio.enable = lib.mkDefault true;
# Enable TRIM
# services.fstrim.enable = lib.mkDefault true;
me.alacritty.enable = true;
me.ansible.enable = true;
me.ares.enable = true;
@@ -36,26 +65,38 @@
me.chromecast.enable = true;
me.chromium.enable = true;
me.docker.enable = true;
me.ecc.enable = true;
me.emacs_flavor = "full";
me.firefox.enable = true;
me.flux.enable = true;
me.gcloud.enable = true;
me.git.config = ../../roles/git/files/gitconfig_home;
me.gnuplot.enable = true;
me.gpg.enable = true;
me.graphical = true;
me.graphics_card_type = "amd";
me.kanshi.enable = true;
me.iso_mount.enable = true;
me.kanshi.enable = false;
me.kubernetes.enable = true;
me.latex.enable = true;
me.launch_keyboard.enable = true;
me.lvfs.enable = true;
me.media.enable = true;
me.nix_index.enable = true;
me.pcsx2.enable = true;
me.python.enable = true;
me.qemu.enable = true;
me.rpcs3.enable = true;
me.rust.enable = true;
me.shikane.enable = true;
me.sops.enable = true;
me.sound.enable = true;
me.steam.enable = true;
me.steam_run_free.enable = true;
me.sway.enable = true;
me.tekton.enable = true;
me.terraform.enable = true;
me.thunderbolt.enable = true;
me.vnc_client.enable = true;
me.vscode.enable = true;
me.wasm.enable = true;

8
nix/configuration/hosts/odo/disk-config.nix
View File

@@ -1,14 +1,8 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) {
{
disko.devices = {
disk = {
main = {

27
nix/configuration/hosts/odo/distributed_build.nix Normal file
View File

@@ -0,0 +1,27 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{
me.distributed_build.enable = true;
me.distributed_build.machines.hydra = {
enable = true;
additional_config = {
speedFactor = 2;
};
};
me.distributed_build.machines.quark = {
enable = true;
additional_config = {
speedFactor = 2;
};
};
}
];
}

23
nix/configuration/hosts/odo/framework_module.nix Normal file
View File

@@ -0,0 +1,23 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{
boot.extraModulePackages = with config.boot.kernelPackages; [
framework-laptop-kmod
];
# https://github.com/DHowett/framework-laptop-kmod?tab=readme-ov-file#usage
boot.kernelModules = [
"cros_ec"
"cros_ec_lpcs"
];
}
];
}

2
nix/configuration/hosts/odo/hardware-configuration.nix
View File

@@ -27,7 +27,7 @@
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;

81
nix/configuration/hosts/odo/optimized_build.nix
View File

@@ -1,81 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{ }
(lib.mkIf (!config.me.buildingIso) {
nix.settings.system-features = lib.mkForce [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
# nixpkgs.hostPlatform = {
# gcc.arch = "znver4";
# gcc.tune = "znver4";
# system = "x86_64-linux";
# };
nixpkgs.overlays = [
(
self: super:
let
optimizeWithFlags =
pkg: flags:
pkg.overrideAttrs (old: {
NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags;
});
addConfig =
additionalConfig: pkg:
pkg.override (oldconfig: {
structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
});
in
{
linux_znver4 =
addConfig
{
# Full preemption
PREEMPT = lib.mkOverride 60 lib.kernel.yes;
PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
# Google's BBRv3 TCP congestion Control
TCP_CONG_BBR = lib.kernel.yes;
DEFAULT_BBR = lib.kernel.yes;
# Preemptive Full Tickless Kernel at 300Hz
HZ = lib.kernel.freeform "300";
HZ_300 = lib.kernel.yes;
HZ_1000 = lib.kernel.no;
}
(
optimizeWithFlags super.linux_6_12 [
"-march=znver4"
"-mtune=znver4"
]
);
}
)
];
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_znver4;
})
(lib.mkIf (config.me.buildingIso) {
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_12;
boot.supportedFilesystems.zfs = true;
})
];
}

7
nix/configuration/hosts/odo/wifi.nix
View File

@@ -9,9 +9,10 @@
imports = [ ];
config = {
environment.loginShellInit = lib.mkIf (!config.me.buildingIso) ''
doas iw dev wlan0 set power_save off
'';
# Doesn't seem necessary starting with 6.13
# environment.loginShellInit = lib.mkIf (!config.me.buildingIso) ''
# doas iw dev wlan0 set power_save off
# '';
# Enable debug logging for ath12k wifi card.
boot.kernelParams = [

8
nix/configuration/hosts/odo/wrapped-disk-config.nix Normal file
View File

@@ -0,0 +1,8 @@
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) (import ./disk-config.nix)

19
nix/configuration/hosts/quark/DEPLOY_BOOT Executable file
View File

@@ -0,0 +1,19 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.15
# TARGET=192.168.211.250
TARGET=quark
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#quark'

19
nix/configuration/hosts/quark/DEPLOY_SWITCH Executable file
View File

@@ -0,0 +1,19 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=quark
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#quark'

12
nix/configuration/hosts/quark/ISO Executable file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.quark" --max-jobs "$JOBS" "${@}" |& nom

12
nix/configuration/hosts/quark/SELF_BOOT Executable file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" "${@}" |& nom

12
nix/configuration/hosts/quark/SELF_BUILD Executable file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" "${@}" |& nom

12
nix/configuration/hosts/quark/SELF_SWITCH Executable file
View File

@@ -0,0 +1,12 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" "${@}" |& nom

113
nix/configuration/hosts/quark/default.nix Normal file
View File

@@ -0,0 +1,113 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./disk-config.nix
./distributed_build.nix
./hardware-configuration.nix
./power_management.nix
./wifi.nix
];
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "47ee7d7c";
networking.hostName = "quark"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = true;
me.optimizations = {
enable = true;
arch = "znver5";
system_features = [
"gccarch-znver4"
"gccarch-znver5"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Early KMS
boot.initrd.kernelModules = [ "amdgpu" ];
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
# Enable TRIM
# services.fstrim.enable = lib.mkDefault true;
# RPCS3 has difficulty with znver5
me.rpcs3.config.Core."Use LLVM CPU" = "znver4";
me.alacritty.enable = true;
me.ansible.enable = true;
me.ares.enable = true;
me.bluetooth.enable = true;
me.chromecast.enable = true;
me.chromium.enable = true;
me.docker.enable = true;
me.ecc.enable = true;
me.emacs_flavor = "full";
me.firefox.enable = true;
me.flux.enable = true;
me.gcloud.enable = true;
me.git.config = ../../roles/git/files/gitconfig_home;
me.gnuplot.enable = true;
me.gpg.enable = true;
me.graphical = true;
me.graphics_card_type = "amd";
me.iso_mount.enable = true;
me.kanshi.enable = false;
me.kubernetes.enable = true;
me.latex.enable = true;
me.launch_keyboard.enable = true;
me.lvfs.enable = true;
me.media.enable = true;
me.nix_index.enable = true;
me.nix_worker.enable = true;
me.pcsx2.enable = true;
me.python.enable = true;
me.qemu.enable = true;
me.rpcs3.enable = true;
me.rust.enable = true;
me.shikane.enable = true;
me.sops.enable = true;
me.sound.enable = true;
me.steam.enable = true;
me.steam_run_free.enable = true;
me.sway.enable = true;
me.tekton.enable = true;
me.terraform.enable = true;
me.thunderbolt.enable = true;
me.vnc_client.enable = true;
me.vscode.enable = true;
me.wasm.enable = true;
me.waybar.enable = true;
me.wireguard.activated = [
"drmario"
"wgh"
"colo"
];
me.wireguard.deactivated = [ "wgf" ];
me.zrepl.enable = true;
me.zsh.enable = true;
me.sm64ex.enable = true;
me.shipwright.enable = true;
me.ship2harkinian.enable = true;
};
}

148
nix/configuration/hosts/quark/disk-config.nix Normal file
View File

@@ -0,0 +1,148 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) {
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"umask=0077"
"noatime"
"discard"
];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
# mode = "mirror";
# Workaround: cannot import 'zroot': I/O error in disko tests
options.cachefile = "none";
options = {
ashift = "12";
compatibility = "openzfs-2.2-freebsd";
autotrim = "on";
};
rootFsOptions = {
acltype = "posixacl";
atime = "off";
relatime = "off";
xattr = "sa";
mountpoint = "none";
compression = "lz4";
canmount = "off";
utf8only = "on";
dnodesize = "auto";
normalization = "formD";
};
datasets = {
"linux/nix" = {
type = "zfs_fs";
options.mountpoint = "none";
options = {
encryption = "aes-256-gcm";
keyformat = "passphrase";
# keylocation = "file:///tmp/secret.key";
};
};
"linux/nix/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
};
"linux/nix/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
options = {
recordsize = "16MiB";
compression = "zstd-19";
};
};
"linux/nix/home" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/home";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
};
"linux/nix/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
};
"linux/nix/state" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/state";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
};
};
};
};
};
# Make sure all persistent volumes are marked as neededForBoot
#
# Also mounts /home so it is mounted before the user home directories are created.
fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
fileSystems."/".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [
"noatime"
"norelatime"
];
fileSystems."/persist".options = [
"noatime"
"norelatime"
];
fileSystems."/state".options = [
"noatime"
"norelatime"
];
fileSystems."/home".options = [
"noatime"
"norelatime"
];
# Only attempt to decrypt the main pool. Otherwise it attempts to decrypt pools that aren't even used.
boot.zfs.requestEncryptionCredentials = [ "zroot/linux/nix" ];
}

21
nix/configuration/hosts/quark/distributed_build.nix Normal file
View File

@@ -0,0 +1,21 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{
me.distributed_build.enable = true;
me.distributed_build.machines.hydra = {
enable = true;
additional_config = {
speedFactor = 2;
};
};
}
];
}

35
nix/configuration/hosts/quark/hardware-configuration.nix Normal file
View File

@@ -0,0 +1,35 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

48
nix/configuration/hosts/quark/power_management.nix Normal file
View File

@@ -0,0 +1,48 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
environment.systemPackages = with pkgs; [
powertop
];
boot.kernelParams = [
# Enable undervolting GPU.
# "amdgpu.ppfeaturemask=0xfff7ffff"
];
systemd.tmpfiles.rules = [
# "w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy4/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy5/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy6/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy7/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy8/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy9/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy10/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy11/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy12/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power"
];
# services.udev.packages = [
# (pkgs.writeTextFile {
# name = "amdgpu-low-power";
# text = ''
# ACTION=="add", SUBSYSTEM=="drm", DRIVERS=="amdgpu", ATTR{device/power_dpm_force_performance_level}="low"
# '';
# destination = "/etc/udev/rules.d/30-amdgpu-low-power.rules";
# })
# ];
}

16
nix/configuration/hosts/quark/wifi.nix Normal file
View File

@@ -0,0 +1,16 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = {
environment.loginShellInit = lib.mkIf (!config.me.buildingIso) ''
doas iw dev wlan0 set power_save off
'';
};
}

13
nix/configuration/roles/boot/default.nix
View File

@@ -75,9 +75,14 @@
# options root=PARTUUID=17e325bf-a378-4d1d-be6a-f6df5476f0fa
# '';
# };
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
"/var/lib/sbctl" # Secure Boot Keys
];
};
})
(lib.mkIf (config.me.secureBoot.enable) {
environment.systemPackages = with pkgs; [
sbctl
];
@@ -86,12 +91,6 @@
enable = true;
pkiBundle = "/var/lib/sbctl";
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
"/var/lib/sbctl" # Secure Boot Keys
];
};
})
];
}

105
nix/configuration/roles/distributed_build/default.nix Normal file
View File

@@ -0,0 +1,105 @@
{
config,
lib,
pkgs,
...
}:
let
make_machine_config = name: {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to use the ${name} machine during distributed builds.";
};
additional_config = lib.mkOption {
type = lib.types.attrs;
default = { };
example = lib.literalExpression {
speedFactor = 2;
};
description = "Additional config values for the buildMachines entry. For example, speedFactor.";
};
};
in
{
imports = [ ];
options.me = {
distributed_build.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to use multiple machines to perform a nixos-rebuild.";
};
distributed_build.machines.hydra = make_machine_config "hydra";
distributed_build.machines.quark = make_machine_config "quark";
};
config = lib.mkIf config.me.distributed_build.enable (
lib.mkMerge [
{
nix.distributedBuilds = true;
}
(lib.mkIf config.me.distributed_build.machines.hydra.enable {
nix.buildMachines = [
(
{
hostName = "hydra";
sshUser = "nixworker";
# sshKey = "";
# publicHostKey = "";
systems = [
"x86_64-linux"
# "aarch64-linux"
];
maxJobs = 1;
supportedFeatures = [
# "nixos-test"
"benchmark"
"big-parallel"
# "kvm"
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"gccarch-znver4"
];
}
// config.me.distributed_build.machines.hydra.additional_config
)
];
})
(lib.mkIf config.me.distributed_build.machines.quark.enable {
nix.buildMachines = [
(
{
hostName = "quark";
sshUser = "nixworker";
sshKey = "/persist/manual/ssh/root/keys/id_ed25519";
# From: base64 -w0 /persist/ssh/ssh_host_ed25519_key.pub
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUx0alplYlVYTkRkU3Y1enVGbjM3eFNMZUN3S2hPKzFMdWovM2FYNFJRTEEgcm9vdEBxdWFyawo=";
systems = [
"x86_64-linux"
# "aarch64-linux"
];
maxJobs = 1;
supportedFeatures = [
# "nixos-test"
"benchmark"
"big-parallel"
# "kvm"
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"gccarch-znver4"
"gccarch-znver5"
];
}
// config.me.distributed_build.machines.quark.additional_config
)
];
})
]
);
}

26
nix/configuration/roles/docker/default.nix
View File

@@ -56,6 +56,32 @@
# };
};
systemd.services.link-docker-creds = {
# Contains credentials so it cannot be added to the nix store
enable = true;
description = "link-docker-creds";
wantedBy = [ "multi-user.target" ];
wants = [ "multi-user.target" ];
after = [ "multi-user.target" ];
# path = with pkgs; [
# zfs
# ];
unitConfig.DefaultDependencies = "no";
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
};
script = ''
if [ -e /persist/manual/docker/config.json ]; then
install --directory --owner talexander --group talexander --mode 0700 /home/talexander/.docker
ln -s /persist/manual/docker/config.json /home/talexander/.docker/config.json
fi
'';
preStop = ''
rm -f /home/talexander/.docker/config.json
'';
};
# Needed for non-rootless docker
users.users.talexander.extraGroups = [ "docker" ];
}

28
nix/configuration/roles/ecc/default.nix Normal file
View File

@@ -0,0 +1,28 @@
# Check memory errors with: ras-mc-ctl --error-count
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
ecc.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install ecc.";
};
};
config = lib.mkIf config.me.ecc.enable (
lib.mkMerge [
{
hardware.rasdaemon.enable = true;
}
]
);
}

8
nix/configuration/roles/emacs/default.nix
View File

@@ -89,7 +89,7 @@ in
(lib.mkIf (config.me.graphical) {
nixpkgs.overlays = [
(final: prev: {
my_emacs = final.emacs29-pgtk;
my_emacs = final.emacs-pgtk;
})
];
})
@@ -113,7 +113,7 @@ in
"doc"
"info"
];
buildInputs = [ final.makeWrapper ];
nativeBuildInputs = [ final.makeWrapper ];
postBuild = ''
wrapProgram $out/bin/emacs --prefix PATH : ${
lib.makeBinPath [
@@ -121,6 +121,7 @@ in
dicts: with dicts; [
en
en-computers
# en-science # TODO: Why is en-science non-free?
]
))
final.nixd # nix language server
@@ -129,6 +130,9 @@ in
final.shellcheck
final.cmake-language-server
final.cmake # Used by cmake-language-server
final.rust-analyzer
final.nodePackages_latest.prettier # Format yaml, json, and JS
final.terraform-ls
]
}
'';

25
nix/configuration/roles/emacs/files/emacs/elisp/base-extensions.el
View File

@@ -14,17 +14,6 @@
;; Other packages
(use-package emacs
:config
(setq enable-recursive-minibuffers t)
;; Filter the M-x list base on the current mode
(setq read-extended-command-predicate #'command-completion-default-include-p)
;; Enable triggering completion with the tab key.
(setq tab-always-indent 'complete)
)
(use-package dashboard
:config
(dashboard-setup-startup-hook))
@@ -51,17 +40,27 @@
;; Persist history over Emacs restarts. Vertico sorts by history position.
(use-package savehist
;; This is an emacs built-in but we're pulling the latest version
:pin gnu
:config
(savehist-mode))
(use-package which-key
:pin gnu
:diminish
:config
(which-key-mode))
(use-package windmove
:config
(windmove-default-keybindings))
;; This is an emacs built-in but we're pulling the latest version
:pin gnu
:bind
(
("S-<up>" . windmove-up)
("S-<right>" . windmove-right)
("S-<down>" . windmove-down)
("S-<left>" . windmove-left)
)
)
(setq tramp-default-method "ssh")

57
nix/configuration/roles/emacs/files/emacs/elisp/base.el
View File

@@ -24,11 +24,51 @@
(setq autoload-directory (concat user-emacs-directory (file-name-as-directory "elisp") (file-name-as-directory "autoload")))
(add-to-list 'load-path (assert-directory autoload-directory))
(use-package emacs
:ensure nil
:bind
(("C-z" . nil)
("C-x C-z" . nil)
("RET" . newline-and-indent)
)
:custom
;; Replace highlighted text if you start typing.
(delete-selection-mode 1)
(history-length 300)
;; Enable auto-revert for buffers like dired
(global-auto-revert-non-file-buffers t)
;; If the underlying file changes, reload it automatically. This is useful for moving around in git without confusing language servers.
(auto-revert-avoid-polling t)
(auto-revert-interval 5)
(auto-revert-check-vc-info t)
(global-auto-revert-mode t)
;; Disable backup files and lockfiles
(create-lockfiles nil)
(make-backup-files nil)
(backup-inhibited t)
;; Do not auto-save files
(auto-save-default nil)
(pixel-scroll-precision-mode t)
(pixel-scroll-precision-use-momentum nil)
:config
(setq enable-recursive-minibuffers t)
;; Filter the M-x list base on the current mode
(setq read-extended-command-predicate #'command-completion-default-include-p)
;; Enable triggering completion with the tab key.
(setq tab-always-indent 'complete)
)
(setq-default
;; Disable backup files and lockfiles
make-backup-files nil
auto-save-default nil
create-lockfiles nil
;; Unless otherwise specified, always install packages if they are absent.
use-package-always-ensure t
;; Point custom-file at /dev/null so emacs does not write any settings to my dotfiles.
@@ -63,6 +103,9 @@
show-trailing-whitespace t
;; Remove the line when killing it with ctrl-k
kill-whole-line t
;; Show the current project in the mode line
project-mode-line t
)
;; (setq-default fringes-outside-margins t)
@@ -77,12 +120,6 @@
;; Delete trailing whitespace before save
(add-hook 'before-save-hook 'delete-trailing-whitespace)
;; If the underlying file changes, reload it automatically. This is useful for moving around in git without confusing language servers.
(setopt auto-revert-avoid-polling t)
(setopt auto-revert-interval 5)
(setopt auto-revert-check-vc-info t)
(global-auto-revert-mode)
;;;;; Performance
;; Run garbage collect when emacs is idle
(run-with-idle-timer 5 t (lambda () (garbage-collect)))

15
nix/configuration/roles/emacs/files/emacs/elisp/lang-org.el
View File

@@ -1,16 +1,23 @@
(use-package org
:ensure nil
:commands org-mode
:bind (
:bind (:map org-mode-map
("C-c l" . org-store-link)
("C-c a" . org-agenda)
("C--" . org-timestamp-down)
("C-=" . org-timestamp-up)
("S-<up>" . org-shiftup)
("S-<right>" . org-shiftright)
("S-<down>" . org-shiftdown)
("S-<left>" . org-shiftleft)
)
:hook (
(org-mode . (lambda ()
(org-indent-mode +1)
))
))
;; Make windmove work in Org mode:
(org-shiftup-final . windmove-up)
(org-shiftleft-final . windmove-left)
(org-shiftdown-final . windmove-down)
(org-shiftright-final . windmove-right)
)
:config
(require 'org-tempo)

4
nix/configuration/roles/emacs/files/emacs/elisp/lang-rust.el
View File

@@ -60,8 +60,8 @@
(unless (treesit-ready-p 'rust) (treesit-install-language-grammar 'rust))
:config
;; Add keybindings for interacting with Cargo
(use-package cargo
:hook (rust-ts-mode . cargo-minor-mode))
;; (use-package cargo
;; :hook (rust-ts-mode . cargo-minor-mode))
)
(use-package toml-ts-mode

8
nix/configuration/roles/firefox/default.nix
View File

@@ -88,10 +88,10 @@
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
installation_mode = "force_installed";
};
"firefox@teleparty.com" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/netflix-party-is-now-teleparty/latest.xpi";
installation_mode = "normal_installed";
};
# "firefox@teleparty.com" = {
# install_url = "https://addons.mozilla.org/firefox/downloads/latest/netflix-party-is-now-teleparty/latest.xpi";
# installation_mode = "normal_installed";
# };
"@ublacklist" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublacklist/latest.xpi";
installation_mode = "normal_installed";

29
nix/configuration/roles/flux/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
flux.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install flux.";
};
};
config = lib.mkIf config.me.flux.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
fluxcd
];
}
]
);
}

18
nix/configuration/roles/fonts/files/fonts.conf
View File

@@ -47,17 +47,17 @@
</alias>
<!-- Screw it. Force Liberation Mono to be source code pro. -->
<match target="pattern">
<test qual="any" name="family"><string>Liberation Mono</string></test>
<edit name="family" mode="assign" binding="same"><string>Cascadia Mono</string></edit>
</match>
<!-- Screw it. Force Liberation Mono to be cascadia mono. -->
<!-- <match target="pattern"> -->
<!-- <test qual="any" name="family"><string>Liberation Mono</string></test> -->
<!-- <edit name="family" mode="assign" binding="same"><string>Cascadia Mono</string></edit> -->
<!-- </match> -->
<!-- Dejavu Sans Mono keeps coming back when I query "monospace". Doesn't happen when I'm using Souce Code Pro but does happen with cascadia... force it to cascadia -->
<match target="pattern">
<test qual="any" name="family"><string>monospace</string></test>
<edit name="family" mode="assign" binding="same"><string>Cascadia Mono</string></edit>
</match>
<!-- <match target="pattern"> -->
<!-- <test qual="any" name="family"><string>monospace</string></test> -->
<!-- <edit name="family" mode="assign" binding="same"><string>Cascadia Mono</string></edit> -->
<!-- </match> -->
<!-- Disable ligatures in monospace fonts. -->
<match target="font">

43
nix/configuration/roles/gcloud/default.nix Normal file
View File

@@ -0,0 +1,43 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
gcloud.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install gcloud.";
};
};
config = lib.mkIf config.me.gcloud.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
(google-cloud-sdk.withExtraComponents [ google-cloud-sdk.components.gke-gcloud-auth-plugin ])
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".config/gcloud";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
}
]
);
}

26
nix/configuration/roles/git/files/gitconfig_home
View File

@@ -3,7 +3,7 @@
name = Tom Alexander
signingkey = D3A179C9A53C0EDE
[push]
default = simple
default = simple # (default since 2.0)
[alias]
lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
bh = log --oneline --branches=* --remotes=* --graph --decorate
@@ -12,24 +12,42 @@
excludesfile = ~/.gitignore_global
[commit]
gpgsign = true
verbose = true
[pull]
rebase = true
[log]
date = local
[init]
defaultBranch = main
# Use meld for `git difftool` and `git mergetool`
[diff]
tool = meld
tool = meld # Use meld for `git difftool` and `git mergetool`
algorithm = histogram
colorMoved = plain
mnemonicPrefix = true
renames = true
[difftool]
prompt = false
[difftool "meld"]
cmd = meld "$LOCAL" "$REMOTE"
[merge]
tool = meld
conflictStyle = zdiff3
[mergetool "meld"]
# Make the middle pane start with partially-merged contents:
cmd = meld "$LOCAL" "$MERGED" "$REMOTE" --output "$MERGED"
# Make the middle pane start without any merge progress:
# cmd = meld "$LOCAL" "$BASE" "$REMOTE" --output "$MERGED"
[column]
ui = auto
[branch]
sort = -committerdate
[tag]
sort = version:refname
[fetch]
prune = true
pruneTags = true
all = true
[rebase]
autoSquash = true
autoStash = true
updateRefs = true

4
nix/configuration/roles/global_options/default.nix
View File

@@ -8,10 +8,6 @@
{
imports = [ ];
options.me = {
};
# options.me.graphics_card_type = lib.mkOption {
# type = lib.types.nullOr (
# lib.types.enum [

29
nix/configuration/roles/gnuplot/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
gnuplot.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install gnuplot.";
};
};
config = lib.mkIf config.me.gnuplot.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
gnuplot
];
}
]
);
}

20
nix/configuration/roles/graphics/default.nix
View File

@@ -37,6 +37,26 @@
xorg.xeyes # to test which windows are using x11
];
hardware.graphics.enable = true;
# hardware.graphics.enable32Bit = true;
# Vulkan Support (64-bit is enabled by default, 32-bit is disabled by default)
# hardware.opengl.driSupport = true; # This is already enabled by default
# hardware.opengl.driSupport32Bit = true; # For 32 bit applications
})
(lib.mkIf (config.me.graphics_card_type == "amd") {
environment.systemPackages = with pkgs; [
nvtopPackages.amd
];
})
(lib.mkIf (config.me.graphics_card_type == "intel") {
environment.systemPackages = with pkgs; [
nvtopPackages.intel
];
})
(lib.mkIf (config.me.graphics_card_type == "nvidia") {
environment.systemPackages = with pkgs; [
nvtopPackages.nvidia
];
})
]
);

49
nix/configuration/roles/hydra/default.nix Normal file
View File

@@ -0,0 +1,49 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
hydra.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install hydra.";
};
};
config = lib.mkIf config.me.hydra.enable (
lib.mkMerge [
{
services.hydra = {
enable = true;
hydraURL = "http://localhost:3000"; # Externally visible URL
notificationSender = "hydra@localhost"; # "From" address for hydra emails.
# a standalone Hydra will require you to unset the buildMachinesFiles list to avoid using a nonexistant /etc/nix/machines
buildMachinesFiles = [ ];
useSubstitutes = true;
};
# nix.buildMachines = [
# {
# hostName = "localhost";
# protocol = null;
# system = "x86_64-linux";
# supportedFeatures = [
# "kvm"
# "nixos-test"
# "big-parallel"
# "benchmark"
# ];
# maxJobs = 8;
# }
# ];
}
]
);
}

45
nix/configuration/roles/iso_mount/default.nix Normal file
View File

@@ -0,0 +1,45 @@
{
config,
lib,
pkgs,
...
}:
let
iso_mount =
(pkgs.writeScriptBin "iso_mount" (builtins.readFile ./files/iso_mount.bash)).overrideAttrs
(old: {
buildCommand = "${old.buildCommand}\n patchShebangs $out";
});
iso_unmount =
(pkgs.writeScriptBin "iso_unmount" (builtins.readFile ./files/iso_unmount.bash)).overrideAttrs
(old: {
buildCommand = "${old.buildCommand}\n patchShebangs $out";
});
in
{
imports = [ ];
options.me = {
iso_mount.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install iso_mount.";
};
};
config = lib.mkIf config.me.iso_mount.enable (
lib.mkMerge [
{
environment.systemPackages = [
iso_mount
iso_unmount
];
}
]
);
}

8
nix/configuration/roles/iso_mount/files/iso_mount.bash Normal file
View File

@@ -0,0 +1,8 @@
#!/usr/bin/env bash
#
# Mount a full-disk image as a loopback device so you can mount individual partitions from inside of it.
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
exec udisksctl loop-setup -r -f "${@}"

8
nix/configuration/roles/iso_mount/files/iso_unmount.bash Normal file
View File

@@ -0,0 +1,8 @@
#!/usr/bin/env bash
#
# Mount a full-disk image as a loopback device so you can mount individual partitions from inside of it.
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
exec udisksctl loop-delete "${@}"

17
nix/configuration/roles/kubernetes/default.nix
View File

@@ -28,6 +28,21 @@ let
alias_klog = pkgs.writeShellScriptBin "klog" ''
exec ${pkgs.kubectl}/bin/kubectl logs --all-containers "$@"
'';
decrypt_k8s_secret =
(pkgs.writeScriptBin "decrypt_k8s_secret" (builtins.readFile ./files/decrypt_k8s_secret.bash))
.overrideAttrs
(old: {
buildCommand = "${old.buildCommand}\n patchShebangs $out";
nativeBuildInputs = [ pkgs.makeWrapper ];
postBuild = ''
wrapProgram $out/bin/decrypt_k8s_secret --prefix PATH : ${
lib.makeBinPath [
pkgs.kubectl
pkgs.jq
]
}
'';
});
in
{
imports = [ ];
@@ -55,6 +70,8 @@ in
alias_kdel
alias_kd
alias_klog
decrypt_k8s_secret
ingress2gateway # Convert ingress yaml to gateway yaml
];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {

7
nix/configuration/roles/kubernetes/files/decrypt_k8s_secret.bash Normal file
View File

@@ -0,0 +1,7 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
kubectl get secret -o json "${@}" | jq '.data[] |= @base64d | .data'

1
nix/configuration/roles/lvfs/default.nix
View File

@@ -20,6 +20,7 @@
config = lib.mkIf config.me.lvfs.enable (
lib.mkMerge [
{
# TODO: Is this installing firmware or just downloading it?
services.fwupd.enable = true;
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;

23
nix/configuration/roles/media/default.nix
View File

@@ -17,6 +17,8 @@ let
buildCommand = "${old.buildCommand}\n patchShebangs $out";
});
kernel_version_check = lib.versionAtLeast config.boot.kernelPackages.kernel.version "6.12";
nixos_version_check = lib.versionAtLeast (lib.versions.majorMinor lib.version) "25.05";
in
{
imports = [ ];
@@ -26,7 +28,7 @@ in
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install media.";
description = "Whether we want to install media utilities.";
};
};
@@ -35,6 +37,10 @@ in
{
environment.systemPackages = with pkgs; [
ffmpeg
libva-utils # for vainfo
vdpauinfo
mkvtoolnix-cli # for mkvmerge
yt-dlp
];
}
(lib.mkIf config.me.graphical {
@@ -59,6 +65,21 @@ in
cast_file_vaapi
];
})
(lib.mkIf (config.me.graphics_card_type == "amd") {
environment.sessionVariables = {
VDPAU_DRIVER = "radeonsi";
};
})
(lib.mkIf (config.me.graphics_card_type == "intel") {
hardware.graphics.extraPackages = with pkgs; [
intel-media-driver
libvdpau-va-gl # Support vdpau applications using va-api
];
environment.sessionVariables = {
VDPAU_DRIVER = "va_gl";
};
})
]
);
}

53
nix/configuration/roles/media/files/cast_file_vaapi
View File

@@ -6,6 +6,7 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: ${VIDEO_BITRATE:="1M"} # Only for encoding modes targeting bitrate
: ${AUDIO_BITRATE:="192k"}
: ${SPEED:="1"}
############## Setup #########################
@@ -62,6 +63,8 @@ function copy {
"rtsp://$USERNAME:$PASSWORD@172.16.16.251:8554/fetch"
}
# benchmark vulkan decode:
# ffmpeg -init_hw_device "vulkan=vk:0" -hwaccel vulkan -hwaccel_output_format vulkan -i INPUT -f null - -benchmark
function convert {
local args=()
local acceleration_type="$1" # "software" or "hardware"
@@ -99,11 +102,23 @@ function convert {
if [ "$acceleration_type" == "software" ]; then
true
elif [ "$acceleration_type" == "hardware" ]; then
args+=(-vaapi_device /dev/dri/renderD128)
if [ "$codec" == "h264" ]; then
args+=(-init_hw_device vulkan)
elif [ "$codec" == "av1" ]; then
args+=(-vaapi_device /dev/dri/renderD128)
fi
fi
args+=(-i "$file_to_cast")
if [ "$SPEED" != "1" ]; then
local audio_speed video_speed
video_speed=$(bc -l <<< "1/${SPEED}")
audio_speed=$(bc -l <<< "${SPEED}/1")
args+=(-filter:v "setpts=${video_speed}*PTS")
args+=(-filter:a "atempo=${audio_speed}")
fi
if [ "$codec" == "h264" ]; then
if [ "$acceleration_type" == "software" ]; then
args+=(-c:v h264)
@@ -111,7 +126,7 @@ function convert {
args+=(-b:v "$VIDEO_BITRATE")
elif [ "$acceleration_type" == "hardware" ]; then
args+=(-vf 'format=nv12|vaapi,hwupload')
args+=(-c:v h264_vaapi)
args+=(-c:v h264_vulkan)
args+=(-profile:v high)
args+=(-b:v "$VIDEO_BITRATE")
fi
@@ -119,12 +134,14 @@ function convert {
if [ "$acceleration_type" == "software" ]; then
args+=(-c:v libsvtav1)
args+=(-preset 4) # [0-13] default 10, lower = higher quality / slower encode
args+=(-crf 20) # [0-63] default 35, lower = higher quality / larger file
# args+=(-crf 20) # [0-63] default 35, lower = higher quality / larger file
# Parameters: https://gitlab.com/AOMediaCodec/SVT-AV1/-/blob/master/Docs/Parameters.md
# fast-decode [0-2] default 0 (off), higher = faster decode
# tune [0-2] default 1, Specifies whether to use PSNR or VQ as the tuning metric [0 = VQ, 1 = PSNR, 2 = SSIM]
# film-grain-denoise, setting to 0 uses the original frames instead of denoising the film grain
args+=(-svtav1-params "fast-decode=1:film-grain-denoise=0")
# rc 1 = vbr 2 = cbr
# tbr = average bitrate
args+=(-svtav1-params "fast-decode=1:film-grain-denoise=0:tbr=${VIDEO_BITRATE}:rc=1:passes=2")
elif [ "$acceleration_type" == "hardware" ]; then
# -c:v av1_amf -quality quality
args+=(-vf 'format=nv12|vaapi,hwupload')
@@ -206,32 +223,4 @@ function encode_webcam {
"rtsp://$USERNAME:$PASSWORD@172.16.16.251:8554/fetch"
}
function speed_up_preprocess_vp8 {
local file_to_cast file_to_save
file_to_cast="$1"
file_to_save="$2"
set -x
# -bf 0 :: Disable b-frames because webrtc doesn't support h264 streams with b-frames.
# -strict -2 :: Enable support for experimental codecs like opus.
# -b:v 2M :: Target 2 megabit/s
# -crf 10 :: Target a quality level and adjust bitrate accordingly. This should be preferred, but ideally both should be used.
# Could also use -filter_complex "[0:v]setpts=0.5*PTS[v];[0:a]atempo=2.0[a]" -map "[v]" -map "[a]"
</dev/null exec ffmpeg \
-i "$file_to_cast" \
-filter:v "setpts=0.66666666*PTS" \
-filter:a "atempo=1.5" \
-c:v vp8 \
-b:v 2M \
-crf 10 \
-bf 0 \
-c:a opus \
-b:a 320k \
-ar 48000 \
-strict -2 \
"$file_to_save"
}
main "${@}"

34
nix/configuration/roles/network/default.nix
View File

@@ -18,8 +18,8 @@
{
imports = [ ];
networking.dhcpcd.enable = false;
networking.useDHCP = false;
networking.dhcpcd.enable = lib.mkDefault false;
networking.useDHCP = lib.mkDefault false;
networking.nameservers = [
"194.242.2.2#doh.mullvad.net"
"2a07:e340::2#doh.mullvad.net"
@@ -32,15 +32,17 @@
dnsovertls = "true";
};
# Without this, systemd-resolved will send DNS requests for <X>.home.arpa to the per-link DNS server (172.16.0.1) which does not support DNS-over-TLS. This leads to the connection anging and timing out. This causes firefox startup to take an extra 10+ seconds.
# Without this, systemd-resolved will send DNS requests for <X>.home.arpa to the per-link DNS server (172.16.0.1) which does not support DNS-over-TLS. This leads to the connection hanging and timing out. This causes firefox startup to take an extra 10+ seconds.
#
# Test with: drill @127.0.0.53 odo.home.arpa
# TODO: The 127.0.0.1 address should probably be moved to a host-specific file.
networking.extraHosts = ''
127.0.0.1 odo.home.arpa
127.0.0.1 ${config.networking.hostName}.home.arpa
10.216.1.1 homeserver
10.216.1.6 media
#10.216.1.12 odo
10.216.1.12 odo
10.216.1.14 neelix
10.216.1.15 quark
10.217.1.1 drmario
10.217.2.1 mrmanager
'';
@@ -61,10 +63,32 @@
iwd
ldns # for drill
arp-scan # To find devices on the network
wavemon
];
boot.extraModprobeConfig = ''
# Set wifi to US
options cfg80211 ieee80211_regdom=US
'';
boot.kernel.sysctl = {
# Enable TCP packetization-layer PMTUD when an ICMP black hole is detected.
"net.ipv4.tcp_mtu_probing" = 1;
# Switch to bbr tcp congestion control which should be better on lossy connections like bad wifi.
# We set this in the kernel config, but include this here for unoptimized builds.
"net.ipv4.tcp_congestion_control" = "bbr";
# Don't do a slow start after a connection has been idle for a single RTO.
"net.ipv4.tcp_slow_start_after_idle" = 0;
# 3x time to accumulate filesystem changes before flushing to disk.
"vm.dirty_writeback_centisecs" = 1500;
# Adjust ttl
"net.ipv4.ip_default_ttl" = 65;
"net.ipv6.conf.all.hop_limit" = 65;
"net.ipv6.conf.default.hop_limit" = 65;
# Enable IPv6 Privacy Extensions
"net.ipv6.conf.all.use_tempaddr" = 2;
# Enable IPv6 Privacy Extensions
# This is enabled by default in nixos.
# "net.ipv6.conf.default.use_tempaddr" = 2;
};
}

57
nix/configuration/roles/nix_worker/default.nix Normal file
View File

@@ -0,0 +1,57 @@
# MANUAL: Remember to set up root's ssh config with any necessary values. For example:
# Host foo
# HostName ns1.fizz.buzz
# Port 65122
# User nixworker
# IdentitiesOnly yes
# IdentityFile /persist/manual/ssh/root/keys/id_ed25519
# Host *
# Compression yes
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
nix_worker.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether this machine should be set up to function as a nix.buildMachines. This does not configure nix.buildMachines, but only does the necessary setup to get the machine ready/capable of being a nix.buildMachines.";
};
};
config = lib.mkIf config.me.nix_worker.enable (
lib.mkMerge [
{
nix.settings.trusted-users = [ "nixworker" ];
users.users.nixworker = {
isNormalUser = true;
createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481
group = "nixworker";
# extraGroups = [ "wheel" ];
# Generate with `mkpasswd -m scrypt`
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [
# Normal keys:
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
# Key for nix to connect:
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB/IlYTQ0M5pFN5tdoswh37CDl/gbULI3h+SsKXCansh talexander@odo"
];
};
users.groups.nixworker = { };
}
]
);
}

150
nix/configuration/roles/optimized_build/default.nix Normal file
View File

@@ -0,0 +1,150 @@
{
config,
lib,
pkgs,
pkgs-unoptimized,
...
}:
{
imports = [ ];
options.me = {
optimizations.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to enable CPU optimizations (will trigger a rebuild from source).";
};
optimizations.arch = lib.mkOption {
type = lib.types.str;
default = null;
example = "znver4";
description = "The CPU arch for which programs should be optimized.";
};
optimizations.system_features = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
example = [
"gccarch-znver4"
"gccarch-znver5"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
description = "The list of CPU features that should be enabled on this machine.";
};
};
config = lib.mkMerge [
(lib.mkIf (!config.me.optimizations.enable) (
lib.mkMerge [
{
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_14;
}
]
))
(lib.mkIf config.me.optimizations.enable (
lib.mkMerge [
{
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_me;
nixpkgs.hostPlatform = {
gcc.arch = config.me.optimizations.arch;
gcc.tune = config.me.optimizations.arch;
system = "x86_64-linux";
};
# Uncomment on of these to enable cross compiling:
# nixpkgs.buildPlatform = builtins.currentSystem;
# nixpkgs.buildPlatform = {
# gcc.arch = "znver4";
# gcc.tune = "znver4";
# system = "x86_64-linux";
# };
nixpkgs.overlays = [
(
final: prev:
let
addConfig =
additionalConfig: pkg:
pkg.override (oldconfig: {
structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
});
in
{
linux_me = addConfig {
# Full preemption
PREEMPT = lib.mkOverride 60 lib.kernel.yes;
PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
# Google's BBRv3 TCP congestion Control
TCP_CONG_BBR = lib.kernel.yes;
DEFAULT_BBR = lib.kernel.yes;
# Preemptive Full Tickless Kernel at 300Hz
HZ = lib.kernel.freeform "300";
HZ_300 = lib.kernel.yes;
HZ_1000 = lib.kernel.no;
} prev.linux_6_14;
}
)
(final: prev: {
haskellPackages = prev.haskellPackages.extend (
final': prev': {
inherit (pkgs-unoptimized.haskellPackages)
crypto-token
crypton
crypton-connection
crypton-x509
crypton-x509-store
crypton-x509-system
crypton-x509-validation
hspec-wai
http-client-tls
http2
pandoc
pandoc-cli
pandoc-lua-engine
pandoc-server
servant-server
tls
tls-session-manager
wai-app-static
wai-extra
warp
warp-tls
;
}
);
})
(final: prev: {
inherit (pkgs-unoptimized)
gsl
redis
valkey
nix-serve-ng
;
})
];
}
]
))
(lib.mkIf (config.me.optimizations.system_features != [ ]) (
lib.mkMerge [
{
nix.settings.system-features = lib.mkForce config.me.optimizations.system_features;
}
]
))
];
}

95
nix/configuration/roles/pcsx2/default.nix Normal file
View File

@@ -0,0 +1,95 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
pcsx2.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install pcsx2.";
};
};
config = lib.mkIf config.me.pcsx2.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
pcsx2
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
# Shaders, games list, and achievement data.
directory = ".config/PCSX2/cache";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Save states.
directory = ".config/PCSX2/sstates";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Screenshots.
directory = ".config/PCSX2/snaps";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Game covers.
directory = ".config/PCSX2/covers";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Video recordings.
directory = ".config/PCSX2/videos";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
# Game saves
directory = ".config/PCSX2/memcards";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".config/PCSX2/inis/PCSX2.ini" = {
source = ./files/PCSX2.ini;
};
};
})
]
);
}

104
nix/configuration/roles/pcsx2/files/PCSX2.ini Normal file
View File

@@ -0,0 +1,104 @@
[UI]
SettingsVersion = 1
InhibitScreensaver = true
ConfirmShutdown = false
StartPaused = false
PauseOnFocusLoss = true
StartFullscreen = true
[Folders]
Bios = ../../persist/games/ps2/bios
Snapshots = snaps
Savestates = sstates
MemoryCards = memcards
Logs = logs
Cheats = cheats
Patches = patches
UserResources = resources
Cache = cache
Textures = textures
InputProfiles = inputprofiles
Videos = videos
[EmuCore/GS]
VsyncEnable = true
# Internal resolution aspect corrected
ScreenshotSize = 1
# webp
ScreenshotFormat = 2
OsdShowFPS = true
# Capture video at internal resolution
VideoCaptureAutoResolution = true
# 2x native resolution
upscale_multiplier = 2
CaptureContainer = mkv
VideoCaptureCodec = av1_vaapi
AudioCaptureCodec = flac
[Filenames]
BIOS = ps2-0230a-20080220.bin
[MemoryCards]
Slot1_Enable = true
Slot1_Filename = Mcd001.ps2
Slot2_Enable = true
Slot2_Filename = Mcd002.ps2
[InputSources]
Keyboard = false
Mouse = false
SDL = true
# Enhanced ps4 and ps5 controller support
SDLControllerEnhancedMode = true
SDLPS5PlayerLED = true
[Pad1]
Type = DualShock2
InvertL = 0
InvertR = 0
Deadzone = 0
AxisScale = 1.33
LargeMotorScale = 1
SmallMotorScale = 1
ButtonDeadzone = 0
PressureModifier = 0.5
Up = SDL-0/DPadUp
Right = SDL-0/DPadRight
Down = SDL-0/DPadDown
Left = SDL-0/DPadLeft
Triangle = SDL-0/Y
Circle = SDL-0/B
Cross = SDL-0/A
Square = SDL-0/X
Select = SDL-0/Back
Start = SDL-0/Start
L1 = SDL-0/LeftShoulder
L2 = SDL-0/+LeftTrigger
R1 = SDL-0/RightShoulder
R2 = SDL-0/+RightTrigger
L3 = SDL-0/LeftStick
R3 = SDL-0/RightStick
LUp = SDL-0/-LeftY
LRight = SDL-0/+LeftX
LDown = SDL-0/+LeftY
LLeft = SDL-0/-LeftX
RUp = SDL-0/-RightY
RRight = SDL-0/+RightX
RDown = SDL-0/+RightY
RLeft = SDL-0/-RightX
Analog = SDL-0/Guide
LargeMotor = SDL-0/LargeMotor
SmallMotor = SDL-0/SmallMotor
[AutoUpdater]
CheckAtStartup = false
[GameList]
RecursivePaths = /home/talexander/persist/games/ps2/roms

170
nix/configuration/roles/rpcs3/default.nix Normal file
View File

@@ -0,0 +1,170 @@
{
config,
lib,
pkgs,
...
}:
let
rpcs3_config_yaml = settingsFormat.generate "config.yml" config.me.rpcs3.config;
settingsFormat = pkgs.formats.yaml { };
in
{
imports = [ ];
options.me = {
rpcs3.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install rpcs3.";
};
rpcs3.config = lib.mkOption rec {
apply = lib.recursiveUpdate default;
inherit (settingsFormat) type;
default = {
Core = {
"Use LLVM CPU" = lib.mkIf (config.me.optimizations.enable) config.me.optimizations.arch;
};
VFS = {
"Enable /host_root/" = false;
};
Video = {
"Write Color Buffers" = true;
VSync = true;
"Performance Overlay" = {
Enabled = false;
};
};
Miscellaneous = {
"Pause emulation on RPCS3 focus loss" = true;
"Start games in fullscreen mode" = true;
"Pause Emulation During Home Menu" = false; # true makes the home menu slow
};
};
example = null;
description = "RPCS3's config.yml in nix form.";
};
};
config = lib.mkIf config.me.rpcs3.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
rpcs3
];
security.pam.loginLimits = [
{
domain = "@wheel";
item = "memlock";
type = "hard";
value = "unlimited";
}
{
domain = "@wheel";
item = "memlock";
type = "soft";
value = "unlimited";
}
];
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".config/rpcs3/config.yml" = lib.mkIf (config.me.rpcs3.config != null) {
source = rpcs3_config_yaml;
};
home.file.".config/rpcs3/GuiConfigs/CurrentSettings.ini" = {
source = ./files/CurrentSettings.ini;
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
# Location of ROMs.
directory = ".config/rpcs3/games";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
directory = ".config/rpcs3/dev_hdd0";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
directory = ".config/rpcs3/dev_hdd1";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
directory = ".config/rpcs3/savestates";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
directory = ".config/rpcs3/dev_usb000";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Seems to be where the firmware is installed.
directory = ".config/rpcs3/dev_flash";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Controller config.
directory = ".config/rpcs3/input_configs";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Game icons.
directory = ".config/rpcs3/Icons";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
files = [
{
# play times and recently played
file = ".config/rpcs3/GuiConfigs/persistent_settings.dat";
parentDirectory = {
mode = "0755";
};
}
];
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
# Game saves
directory = ".cache/rpcs3";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
})
]
);
}

5
nix/configuration/roles/rpcs3/files/CurrentSettings.ini Normal file
View File

@@ -0,0 +1,5 @@
[Meta]
currentStylesheet=Darker Style by TheMitoSan
[main_window]
infoBoxEnabledWelcome=false

101
nix/configuration/roles/rust/default.nix
View File

@@ -1,3 +1,6 @@
# MANUAL: rustup target add x86_64-unknown-linux-musl
# MANUAL: rustup target add wasm32-unknown-unknown
# MANUAL: rustup component add rustc-codegen-cranelift
{
config,
lib,
@@ -5,6 +8,21 @@
...
}:
let
cargo_wrapped =
package: prog:
pkgs.writeShellScriptBin "${prog}" ''
export PATH="$PATH:${
lib.makeBinPath [
pkgs.clang
pkgs.pkg-config # Needed for openssl-sys
]
}"
# Needed for openssl-sys
export PKG_CONFIG_PATH="$PKG_CONFIG_PATH:${pkgs.openssl.dev}/lib/pkgconfig"
exec ${package}/bin/${prog} "''${@}"
'';
in
{
imports = [ ];
@@ -24,7 +42,6 @@
rustup
lldb # for lldb-vscode
musl # for building static binaries
rust-analyzer
cargo-semver-checks
# ? cargo-bloat
# ? cargo-outdated
@@ -38,17 +55,89 @@
".cargo/config.toml" = {
source = ./files/cargo_config.toml;
};
# # TODO: Figure out what to do with credentials.
# ".cargo/credentials.toml" = {
# source = ./files/cargo_credentials.toml;
# };
".rustup/settings.toml" = {
source = ./files/rustup_settings.toml;
};
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".rustup";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
directory = ".cargo/registry";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
systemd.services.link-rust-creds = {
# Contains credentials so it cannot be added to the nix store
enable = true;
description = "link-rust-creds";
wantedBy = [ "multi-user.target" ];
wants = [ "multi-user.target" ];
after = [ "multi-user.target" ];
# path = with pkgs; [
# zfs
# ];
unitConfig.DefaultDependencies = "no";
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
};
script = ''
if [ -e /persist/manual/rust/cargo_credentials.toml ]; then
install --directory --owner talexander --group talexander --mode 0755 /home/talexander/.cargo
ln -s /persist/manual/rust/cargo_credentials.toml /home/talexander/.cargo/credentials.toml
fi
'';
preStop = ''
rm -f /home/talexander/.cargo/credentials.toml
'';
};
nixpkgs.overlays = [
(final: prev: {
rustup = pkgs.symlinkJoin {
name = "rustup";
paths =
(builtins.map (cargo_wrapped prev.rustup) [
"cargo"
"cargo-clippy"
"cargo-fmt"
"cargo-miri"
"clippy-driver"
"rls"
"rust-analyzer"
"rust-gdb"
"rust-gdbgui"
"rust-lldb"
"rustc"
"rustdoc"
"rustfmt"
"rustup"
])
++ [
prev.rustup
];
nativeBuildInputs = [ pkgs.makeWrapper ];
};
})
];
}
]
);
}
# TODO: Install clippy, cranelift, rust-src
# TODO: Install rust targets x86_64-unknown-linux-musl and wasm32-unknown-unknown

5
nix/configuration/roles/rust/files/rustup_settings.toml Normal file
View File

@@ -0,0 +1,5 @@
default_toolchain = "nightly-x86_64-unknown-linux-gnu"
profile = "default"
version = "12"
[overrides]

51
nix/configuration/roles/shikane/default.nix Normal file
View File

@@ -0,0 +1,51 @@
{
config,
lib,
pkgs,
...
}:
let
exec_shikane = pkgs.writeTextFile {
name = "exec_shikane.conf";
text = ''
exec shikane
'';
};
in
{
imports = [ ];
options.me = {
shikane.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install shikane.";
};
};
config = lib.mkIf config.me.shikane.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
shikane
];
me.swayIncludes = [
exec_shikane
];
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file = {
".config/shikane/config.toml" = {
source = ./files/config.toml;
};
};
};
})
]
);
}

17
nix/configuration/roles/shikane/files/config.toml Normal file
View File

@@ -0,0 +1,17 @@
[[profile]]
name = "homedesk"
exec = ["notify-send shikane \"Profile $SHIKANE_PROFILE_NAME has been applied\""]
[[profile.output]]
enable = false
search = ["m=0x0BCA", "s=", "v=BOE"]
[[profile.output]]
enable = true
search = ["m=DELL U3014", "s=P1V6N35M329L", "v=Dell Inc."]
mode = "2560x1600@59.972Hz"
position = "0,0"
scale = 1.0
transform = "normal"
adaptive_sync = false
exec = ["echo This is output $SHIKANE_OUTPUT_NAME"]

8
nix/configuration/roles/sm64ex/default.nix
View File

@@ -34,6 +34,14 @@
# })
# ];
nixpkgs.overlays = [
(final: prev: {
sm64ex = prev.sm64ex.overrideAttrs (old: {
buildInputs = old.buildInputs ++ [ final.libGL ];
});
})
];
# TODO perhaps install ~/.local/share/sm64ex/sm64config.txt
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {

29
nix/configuration/roles/sops/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
sops.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install sops.";
};
};
config = lib.mkIf config.me.sops.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
sops # For encrypting kubernetes secrets.
];
}
]
);
}

22
nix/configuration/roles/ssh/default.nix
View File

@@ -19,5 +19,27 @@
".ssh/known_hosts"
];
};
users.root = {
home = "/root";
files = [
".ssh/known_hosts"
];
};
};
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".ssh/config" = {
source = ./files/ssh_config;
};
};
home-manager.users.root =
{ pkgs, ... }:
{
home.file.".ssh/config" = {
source = ./files/ssh_config_root;
};
};
}

42
nix/configuration/roles/ssh/files/ssh_config Normal file
View File

@@ -0,0 +1,42 @@
Host poudriere
ProxyJump talexander@mrmanager
HostName 10.215.1.203
Host controller0
ProxyJump talexander@mrmanager
HostName 10.215.1.204
Host controller1
ProxyJump talexander@mrmanager
HostName 10.215.1.205
Host controller2
ProxyJump talexander@mrmanager
HostName 10.215.1.206
Host worker0
ProxyJump talexander@mrmanager
HostName 10.215.1.207
Host worker1
ProxyJump talexander@mrmanager
HostName 10.215.1.208
Host worker2
ProxyJump talexander@mrmanager
HostName 10.215.1.209
Host brianai
ProxyJump talexander@mrmanager
HostName 10.215.1.215
Host hydra
ProxyJump talexander@mrmanager
HostName 10.215.1.219
Host ionlybootzfs
HostName 127.0.0.1
Port 60022
Host *
Compression yes

9
nix/configuration/roles/ssh/files/ssh_config_root Normal file
View File

@@ -0,0 +1,9 @@
Host hydra
HostName ns1.fizz.buzz
Port 65122
User nixworker
IdentitiesOnly yes
IdentityFile /persist/manual/ssh/root/keys/id_ed25519
Host *
Compression yes

29
nix/configuration/roles/steam_run_free/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
steam_run_free.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install steam_run_free.";
};
};
config = lib.mkIf config.me.steam_run_free.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
steam-run-free
];
}
]
);
}

4
nix/configuration/roles/sway/default.nix
View File

@@ -240,7 +240,7 @@ let
IFS=$'\n\t'
DIR="$( cd "$( dirname "''${BASH_SOURCE[0]}" )" && pwd )"
makoctl set-mode do-not-disturb
makoctl mode -s do-not-disturb
swaymsg output "'Dell Inc. DELL U3014 P1V6N35M329L'" scale 2
'';
@@ -250,7 +250,7 @@ let
IFS=$'\n\t'
DIR="$( cd "$( dirname "''${BASH_SOURCE [ 0 ]}" )" && pwd )"
makoctl set-mode default
makoctl mode -s default
swaymsg output "'Dell Inc. DELL U3014 P1V6N35M329L'" scale 1
'';

29
nix/configuration/roles/tekton/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
tekton.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install tekton.";
};
};
config = lib.mkIf config.me.tekton.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
tektoncd-cli
];
}
]
);
}

6
nix/configuration/roles/terraform/default.nix
View File

@@ -48,6 +48,12 @@ in
};
};
}
(lib.mkIf config.me.kubernetes.enable {
environment.systemPackages = with pkgs; [
tfk8s # Converts k8s yaml manifests to terraform kubernetes_manifest.
k2tf # Converts k8s yaml manifests to terraform real types.
];
})
]
);
}

29
nix/configuration/roles/thunderbolt/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
thunderbolt.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install thunderbolt.";
};
};
config = lib.mkIf config.me.thunderbolt.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
bolt # For boltctl
];
}
]
);
}

Some files were not shown because too many files have changed in this diff Show More