talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: talexander:upstream_amd_debug_tools
Branches Tags
talexander:main talexander:kubernetes talexander:nix talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook
..
compare: talexander:yubipi
Branches Tags
talexander:kubernetes talexander:nix talexander:mt7927 talexander:main talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook

27 Commits
upstream_a ... yubipi

Author SHA1 Message Date
Tom Alexander
3733e76d18 Add a build for the yubikey management raspberry pi image. 2025-10-08 21:24:44 -04:00
Tom Alexander
3d9513f2c5 Move ansible-sshjail and zsh-histdb into my config instead of living as separate flakes. 2025-10-05 21:37:57 -04:00
Tom Alexander
ae6cce96a2 Support running arm code on x86. 2025-10-05 20:43:04 -04:00
Tom Alexander
3274d1903f Replace GNU coreutils with uutils. 2025-10-05 20:04:03 -04:00
Tom Alexander
a01b58f6ac use-remote-sudo has been replaced with sudo. 2025-10-05 15:17:34 -04:00
Tom Alexander
fb7b1322da Remove hack for turning off wifi power saving from quark shell init. 2025-10-05 14:55:42 -04:00
Tom Alexander
69b6a81b8b Update packages. 2025-10-05 14:07:04 -04:00
Tom Alexander
f5c30860ab Install uv. 2025-10-05 14:04:01 -04:00
Tom Alexander
255b39df0a Disable the nix binary cache. 
It is technically a risk and since I build most of my software anyway, I'm not getting much benefit.
 2025-10-05 14:04:01 -04:00
Tom Alexander
da66a6917b Update amd-debug-tools to 0.2.8. 2025-09-29 21:17:30 -04:00
Tom Alexander
ad2c4809d7 Fix building the hydra vm ISO. 2025-09-28 11:38:18 -04:00
Tom Alexander
fe49204e3f Enable optimizations on some packages that are no longer broken. 2025-09-28 11:38:17 -04:00
Tom Alexander
fa44003fad Disable wifi powersaving. 2025-09-26 22:35:04 -04:00
Tom Alexander
bc0a64fb8b Update packages. 2025-09-26 22:34:43 -04:00
Tom Alexander
3048b62834 ControlPortOverNL80211 no longer needs to be disabled for the QCNCM865 in my laptop. 2025-09-26 20:22:22 -04:00
Tom Alexander
08b424e1f3 Minor cleanups for emacs. 2025-09-25 20:15:52 -04:00
Tom Alexander
185c43761c Add sequoia. 2025-09-25 20:13:56 -04:00
Tom Alexander
37abf58271 Add a qemu port of my bhyverc script for running virtual machines on Linux. 2025-09-19 21:04:58 -04:00
Tom Alexander
3b007f8bc5 Support transcoding from 10bit to 8bit video. 2025-09-17 19:50:07 -04:00
Tom Alexander
d358e9383e Add noto fonts for ⏵ in nix output monitor. 2025-09-14 12:42:21 -04:00
Tom Alexander
f036ec4b96 Add back duckstation. 2025-09-13 12:28:29 -04:00
Tom Alexander
74ee87a111 Switch to bundled packages to fix build. 2025-09-13 12:00:09 -04:00
Tom Alexander
d0f23c0cb1 Add Spaghetti Kart to the Steam Deck. 2025-09-13 11:28:29 -04:00
Tom Alexander
c72141e070 Install SpaghettiKart. 2025-09-12 19:02:22 -04:00
Tom Alexander
e77c0ed330 Merge branch 'podman' into nix 2025-09-08 21:14:54 -04:00
Tom Alexander
70c2fb694a Switch to podman. 2025-09-08 21:14:41 -04:00
Tom Alexander
b32635fe71 Allow first-party canvas use. 2025-09-07 22:03:38 -04:00
110 changed files with 3699 additions and 628 deletions
Expand all files Collapse all files

2
ansible/roles/sshd/files/keys/yubikey.pub
View File

@@ -1 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky cardno:000611194908
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8

13
nix/configuration/configuration.nix
View File

@@ -22,6 +22,7 @@
./roles/docker
./roles/ecc
./roles/emacs
./roles/emulate_isa
./roles/firefox
./roles/firewall
./roles/flux
@@ -47,19 +48,23 @@
./roles/nix_index
./roles/nix_worker
./roles/nvme
./roles/openpgp_card_tools
./roles/optimized_build
./roles/pcsx2
./roles/podman
./roles/python
./roles/qemu
./roles/reset
./roles/rpcs3
./roles/rust
./roles/sequoia
./roles/shadps4
./roles/shikane
./roles/shipwright
./roles/sm64ex
./roles/sops
./roles/sound
./roles/spaghettikart
./roles/ssh
./roles/steam
./roles/steam_run_free
@@ -67,11 +72,13 @@
./roles/tekton
./roles/terraform
./roles/thunderbolt
./roles/uutils
./roles/vnc_client
./roles/vscode
./roles/wasm
./roles/waybar
./roles/wireguard
./roles/yubikey
./roles/zfs
./roles/zrepl
./roles/zsh
@@ -95,6 +102,7 @@
nix.extraOptions = ''
keep-outputs = true
keep-derivations = true
substitute = false
'';
# Technically only needed when building the ISO because nix detects ZFS in the filesystem list normally. I basically always want this so I'm just setting it to always be on.
@@ -118,7 +126,7 @@
# Generate with `mkpasswd -m scrypt`
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
];
@@ -135,6 +143,7 @@
options = "--delete-older-than 30d";
};
nix.settings.auto-optimise-store = !config.me.buildingIso;
nix.settings.substituters = lib.mkForce [ ];
# Use doas instead of sudo
security.doas.enable = true;
@@ -169,7 +178,7 @@
nix-tree
libarchive # bsdtar
lsof
doas-sudo-shim # To support --use-remote-sudo for remote builds
doas-sudo-shim # To support --sudo for remote builds
dmidecode # Read SMBIOS information.
ipcalc
gptfdisk # for cgdisk

150
nix/configuration/flake.lock generated
View File

@@ -1,22 +1,5 @@
{
"nodes": {
"ansible-sshjail": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"path": "flakes/ansible-sshjail",
"type": "path"
},
"original": {
"path": "flakes/ansible-sshjail",
"type": "path"
},
"parent": []
},
"crane": {
"locked": {
"lastModified": 1731098351,
@@ -39,11 +22,11 @@
]
},
"locked": {
"lastModified": 1758160037,
"narHash": "sha256-fXelTdjdILspZ1IUU9aICB1+PXwSFiF8j+7ujwo1VpQ=",
"lastModified": 1758287904,
"narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=",
"owner": "nix-community",
"repo": "disko",
"rev": "4f554162fff88e77655073d352eec0cea71103a2",
"rev": "67ff9807dd148e704baadbd4fd783b54282ca627",
"type": "github"
},
"original": {
@@ -89,42 +72,6 @@
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
@@ -190,18 +137,18 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1758242085,
"narHash": "sha256-hnrtEiy8qLMskZr0FBp0vbtMJ9xA4HvDdzuFRLxRiFg=",
"ref": "og-amd-debug-tools",
"rev": "7b0f433195e299008850d16e85a862177419cef6",
"revCount": 862645,
"type": "git",
"url": "https://github.com/tomalexander/nixpkgs.git"
"lastModified": 1759381078,
"narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
"type": "github"
},
"original": {
"ref": "og-amd-debug-tools",
"type": "git",
"url": "https://github.com/tomalexander/nixpkgs.git"
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-dda3dcd3f": {
@@ -238,18 +185,18 @@
},
"nixpkgs-unoptimized": {
"locked": {
"lastModified": 1758242085,
"narHash": "sha256-hnrtEiy8qLMskZr0FBp0vbtMJ9xA4HvDdzuFRLxRiFg=",
"ref": "og-amd-debug-tools",
"rev": "7b0f433195e299008850d16e85a862177419cef6",
"revCount": 862645,
"type": "git",
"url": "https://github.com/tomalexander/nixpkgs.git"
"lastModified": 1759381078,
"narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
"type": "github"
},
"original": {
"ref": "og-amd-debug-tools",
"type": "git",
"url": "https://github.com/tomalexander/nixpkgs.git"
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"pre-commit-hooks-nix": {
@@ -281,14 +228,12 @@
},
"root": {
"inputs": {
"ansible-sshjail": "ansible-sshjail",
"disko": "disko",
"impermanence": "impermanence",
"lanzaboote": "lanzaboote",
"nixpkgs": "nixpkgs",
"nixpkgs-dda3dcd3f": "nixpkgs-dda3dcd3f",
"nixpkgs-unoptimized": "nixpkgs-unoptimized",
"zsh-histdb": "zsh-histdb"
"nixpkgs-unoptimized": "nixpkgs-unoptimized"
}
},
"rust-overlay": {
@@ -311,53 +256,6 @@
"repo": "rust-overlay",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"zsh-histdb": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"path": "flakes/zsh-histdb",
"type": "path"
},
"original": {
"path": "flakes/zsh-histdb",
"type": "path"
},
"parent": []
}
},
"root": "root",

34
nix/configuration/flake.nix
View File

@@ -31,8 +31,6 @@
#
# doas nix --substituters "http://10.0.2.2:8080?trusted=1 https://cache.nixos.org/" --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount hosts/odo/disk-config.nix
# nix flake update zsh-histdb --flake .
# nix flake update ansible-sshjail --flake .
# for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
# nixos-install --substituters "http://10.0.2.2:8080?trusted=1 https://cache.nixos.org/" --flake ".#vm_ionlybootzfs"
#
@@ -42,29 +40,15 @@
inputs = {
impermanence.url = "github:nix-community/impermanence";
# nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
# nixpkgs.url = "github:tomalexander/nixpkgs/amd-debug-tools";
nixpkgs.url = "git+https://github.com/tomalexander/nixpkgs.git?ref=og-amd-debug-tools";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-dda3dcd3f.url = "github:NixOS/nixpkgs/dda3dcd3fe03e991015e9a74b22d35950f264a54";
nixpkgs-unoptimized.url = "git+https://github.com/tomalexander/nixpkgs.git?ref=og-amd-debug-tools";
nixpkgs-unoptimized.url = "github:NixOS/nixpkgs/nixos-unstable";
lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.2";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
zsh-histdb = {
url = "path:flakes/zsh-histdb";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
ansible-sshjail = {
url = "path:flakes/ansible-sshjail";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
disko = {
url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs";
@@ -79,8 +63,6 @@
nixpkgs-dda3dcd3f,
impermanence,
lanzaboote,
zsh-histdb,
ansible-sshjail,
...
}@inputs:
let
@@ -100,12 +82,6 @@
impermanence.nixosModules.impermanence
lanzaboote.nixosModules.lanzaboote
inputs.disko.nixosModules.disko
{
nixpkgs.overlays = [
zsh-histdb.overlays.default
ansible-sshjail.overlays.default
];
}
./configuration.nix
];
};
@@ -195,7 +171,7 @@
};
hydra =
let
additional_iso_modules = additional_iso_modules ++ [
hydra_additional_iso_modules = additional_iso_modules ++ [
{
me.optimizations.enable = true;
}
@@ -208,13 +184,13 @@
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
modules = main.modules ++ hydra_additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
modules = main.modules ++ additional_vm_modules ++ hydra_additional_iso_modules;
};
};
ionlybootzfs = rec {

61
nix/configuration/flakes/ansible-sshjail/flake.lock generated
View File

@@ -1,61 +0,0 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735141468,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

34
nix/configuration/flakes/ansible-sshjail/flake.nix
View File

@@ -1,34 +0,0 @@
{
description = "A slightly better history for zsh";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
inputs.flake-utils.url = "github:numtide/flake-utils";
outputs =
{
self,
nixpkgs,
flake-utils,
...
}:
let
out =
system:
let
pkgs = nixpkgs.legacyPackages.${system};
# Maybe pkgs = import nixpkgs { inherit system; }; ?
appliedOverlay = self.overlays.default pkgs pkgs;
in
{
packages = rec {
default = ansible-sshjail;
ansible-sshjail = appliedOverlay.ansible-sshjail;
};
};
in
flake-utils.lib.eachDefaultSystem out
// {
overlays.default = final: prev: {
ansible-sshjail = final.callPackage ./package.nix { };
};
};
}

61
nix/configuration/flakes/zsh-histdb/flake.lock generated
View File

@@ -1,61 +0,0 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735141468,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

34
nix/configuration/flakes/zsh-histdb/flake.nix
View File

@@ -1,34 +0,0 @@
{
description = "A slightly better history for zsh";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
inputs.flake-utils.url = "github:numtide/flake-utils";
outputs =
{
self,
nixpkgs,
flake-utils,
...
}:
let
out =
system:
let
pkgs = nixpkgs.legacyPackages.${system};
# Maybe pkgs = import nixpkgs { inherit system; }; ?
appliedOverlay = self.overlays.default pkgs pkgs;
in
{
packages = rec {
default = zsh-histdb;
zsh-histdb = appliedOverlay.zsh-histdb;
};
};
in
flake-utils.lib.eachDefaultSystem out
// {
overlays.default = final: prev: {
zsh-histdb = final.callPackage ./package.nix { };
};
};
}

4
nix/configuration/hosts/hydra/DEPLOY_BOOT
View File

@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250
TARGET=hydra
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
nixos-rebuild boot --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#hydra'

4
nix/configuration/hosts/hydra/DEPLOY_SWITCH
View File

@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250
TARGET=hydra
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
nixos-rebuild switch --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#hydra'

2
nix/configuration/hosts/hydra/ISO
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.hydra" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

13
nix/configuration/hosts/hydra/VM_ISO Executable file
View File

@@ -0,0 +1,13 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#vm_iso.hydra" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
install -m 0644 result/iso/nixos-*-x86_64-linux.iso ~/hydra.iso
unlink ./result

1
nix/configuration/hosts/hydra/default.nix
View File

@@ -24,7 +24,6 @@
imports = [
./disk-config.nix
./hardware-configuration.nix
./optimized_build.nix
./vm_disk.nix
];

4
nix/configuration/hosts/ionlybootzfs/DEPLOY_BOOT
View File

@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250
TARGET="ionlybootzfs"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
nixos-rebuild boot --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#ionlybootzfs'

4
nix/configuration/hosts/ionlybootzfs/DEPLOY_SWITCH
View File

@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250
TARGET=ionlybootzfs
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
nixos-rebuild switch --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#ionlybootzfs'

2
nix/configuration/hosts/ionlybootzfs/ISO
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.ionlybootzfs" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

4
nix/configuration/hosts/neelix/DEPLOY_BOOT
View File

@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250
TARGET=neelix
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
nixos-rebuild boot --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#neelix'

4
nix/configuration/hosts/neelix/DEPLOY_SWITCH
View File

@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250
TARGET=neelix
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
nixos-rebuild switch --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#neelix'

4
nix/configuration/hosts/odo/DEPLOY_BOOT
View File

@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250
TARGET=odo
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
nixos-rebuild boot --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#odo'

4
nix/configuration/hosts/odo/DEPLOY_SWITCH
View File

@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250
TARGET=odo
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
nixos-rebuild switch --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#odo'

2
nix/configuration/hosts/odo/ISO
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.odo" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

4
nix/configuration/hosts/odo/SELF_BOOT
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json

4
nix/configuration/hosts/odo/SELF_BUILD
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json

4
nix/configuration/hosts/odo/SELF_SWITCH
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json

201
nix/configuration/hosts/odo/default.nix
View File

@@ -15,106 +15,115 @@
./framework_module.nix
];
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "908cbf04";
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "908cbf04";
networking.hostName = "odo"; # Define your hostname.
networking.hostName = "odo"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = true;
me.secureBoot.enable = true;
me.optimizations = {
enable = false;
arch = "znver4";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
me.optimizations = {
enable = true;
arch = "znver4";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Early KMS
boot.initrd.kernelModules = [ "amdgpu" ];
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
environment.systemPackages = with pkgs; [
fw-ectool
framework-tool
];
# Enable light sensor
# hardware.sensor.iio.enable = lib.mkDefault true;
# Enable TRIM
# services.fstrim.enable = lib.mkDefault true;
me.alacritty.enable = true;
me.amd_s2idle.enable = true;
me.ansible.enable = true;
me.ares.enable = true;
me.bluetooth.enable = true;
me.chromecast.enable = true;
me.chromium.enable = true;
me.d2.enable = true;
me.direnv.enable = true;
me.docker.enable = false;
me.ecc.enable = false;
me.emacs_flavor = "full";
me.emulate_isa.enable = true;
me.firefox.enable = true;
me.flux.enable = true;
me.gcloud.enable = true;
me.git.config = ../../roles/git/files/gitconfig_home;
me.gnuplot.enable = true;
me.gpg.enable = true;
me.graphical = true;
me.graphics_card_type = "amd";
me.iso_mount.enable = true;
me.kanshi.enable = false;
me.kubernetes.enable = true;
me.latex.enable = true;
me.launch_keyboard.enable = true;
me.lvfs.enable = true;
me.media.enable = true;
me.nix_index.enable = true;
me.openpgp_card_tools.enable = true;
me.pcsx2.enable = true;
me.podman.enable = true;
me.python.enable = true;
me.qemu.enable = true;
me.rpcs3.enable = true;
me.rust.enable = true;
me.sequoia.enable = true;
me.shadps4.enable = true;
me.shikane.enable = true;
me.sops.enable = true;
me.sound.enable = true;
me.spaghettikart.enable = true;
me.steam.enable = true;
me.steam_run_free.enable = true;
me.sway.enable = true;
me.tekton.enable = true;
me.terraform.enable = true;
me.thunderbolt.enable = true;
me.uutils.enable = false;
me.vnc_client.enable = true;
me.vscode.enable = true;
me.wasm.enable = true;
me.waybar.enable = true;
me.wireguard.activated = [
"drmario"
"wgh"
"colo"
];
me.wireguard.deactivated = [ "wgf" ];
me.yubikey.enable = true;
me.zrepl.enable = true;
me.zsh.enable = true;
me.sm64ex.enable = true;
me.shipwright.enable = true;
me.ship2harkinian.enable = true;
};
# Early KMS
boot.initrd.kernelModules = [ "amdgpu" ];
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
environment.systemPackages = with pkgs; [
fw-ectool
framework-tool
];
# Enable light sensor
# hardware.sensor.iio.enable = lib.mkDefault true;
# Enable TRIM
# services.fstrim.enable = lib.mkDefault true;
me.alacritty.enable = true;
me.amd_s2idle.enable = true;
me.ansible.enable = true;
me.ares.enable = true;
me.bluetooth.enable = true;
me.chromecast.enable = true;
me.chromium.enable = true;
me.d2.enable = true;
me.direnv.enable = true;
me.docker.enable = true;
me.ecc.enable = false;
me.emacs_flavor = "full";
me.firefox.enable = true;
me.flux.enable = true;
me.gcloud.enable = true;
me.git.config = ../../roles/git/files/gitconfig_home;
me.gnuplot.enable = true;
me.gpg.enable = true;
me.graphical = true;
me.graphics_card_type = "amd";
me.iso_mount.enable = true;
me.kanshi.enable = false;
me.kubernetes.enable = true;
me.latex.enable = true;
me.launch_keyboard.enable = true;
me.lvfs.enable = true;
me.media.enable = true;
me.nix_index.enable = true;
me.pcsx2.enable = true;
me.python.enable = true;
me.qemu.enable = true;
me.rpcs3.enable = true;
me.rust.enable = true;
me.shadps4.enable = true;
me.shikane.enable = true;
me.sops.enable = true;
me.sound.enable = true;
me.steam.enable = true;
me.steam_run_free.enable = true;
me.sway.enable = true;
me.tekton.enable = true;
me.terraform.enable = true;
me.thunderbolt.enable = true;
me.vnc_client.enable = true;
me.vscode.enable = true;
me.wasm.enable = true;
me.waybar.enable = true;
me.wireguard.activated = [
"drmario"
"wgh"
"colo"
];
me.wireguard.deactivated = [ "wgf" ];
me.zrepl.enable = true;
me.zsh.enable = true;
me.sm64ex.enable = true;
me.shipwright.enable = true;
me.ship2harkinian.enable = true;
}

4
nix/configuration/hosts/quark/DEPLOY_BOOT
View File

@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250
TARGET=quark
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
nixos-rebuild boot --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#quark'

4
nix/configuration/hosts/quark/DEPLOY_SWITCH
View File

@@ -10,10 +10,8 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250
TARGET=quark
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
nixos-rebuild switch --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#quark'

2
nix/configuration/hosts/quark/ISO
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.quark" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

4
nix/configuration/hosts/quark/SELF_BOOT
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json

4
nix/configuration/hosts/quark/SELF_BUILD
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json

4
nix/configuration/hosts/quark/SELF_SWITCH
View File

@@ -6,7 +6,5 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json

12
nix/configuration/hosts/quark/default.nix
View File

@@ -10,7 +10,6 @@
./distributed_build.nix
./hardware-configuration.nix
./power_management.nix
./wifi.nix
];
config = {
@@ -26,7 +25,7 @@
me.optimizations = {
enable = true;
arch = "znver5";
arch = "znver4";
system_features = [
"gccarch-znver4"
"gccarch-znver5"
@@ -62,9 +61,10 @@
me.chromium.enable = true;
me.d2.enable = true;
me.direnv.enable = true;
me.docker.enable = true;
me.docker.enable = false;
me.ecc.enable = true;
me.emacs_flavor = "full";
me.emulate_isa.enable = true;
me.firefox.enable = true;
me.flux.enable = true;
me.gcloud.enable = true;
@@ -82,21 +82,26 @@
me.media.enable = true;
me.nix_index.enable = true;
me.nix_worker.enable = true;
me.openpgp_card_tools.enable = true;
me.pcsx2.enable = true;
me.podman.enable = true;
me.python.enable = true;
me.qemu.enable = true;
me.rpcs3.enable = true;
me.rust.enable = true;
me.sequoia.enable = true;
me.shadps4.enable = true;
me.shikane.enable = true;
me.sops.enable = true;
me.sound.enable = true;
me.spaghettikart.enable = true;
me.steam.enable = true;
me.steam_run_free.enable = true;
me.sway.enable = true;
me.tekton.enable = true;
me.terraform.enable = true;
me.thunderbolt.enable = true;
me.uutils.enable = false;
me.vnc_client.enable = true;
me.vscode.enable = true;
me.wasm.enable = true;
@@ -107,6 +112,7 @@
"colo"
];
me.wireguard.deactivated = [ "wgf" ];
me.yubikey.enable = true;
me.zrepl.enable = true;
me.zsh.enable = true;

16
nix/configuration/hosts/quark/wifi.nix
View File

@@ -1,16 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = {
environment.loginShellInit = lib.mkIf (!config.me.buildingIso) ''
doas iw dev wlan0 set power_save off
'';
};
}

48
nix/configuration/roles/amd_s2idle/cysystemd.nix Normal file
View File

@@ -0,0 +1,48 @@
{
lib,
pkgs,
buildPythonPackage,
fetchFromGitHub,
pythonOlder,
cython,
pkg-config,
setuptools,
}:
let
version = "1.6.3";
in
buildPythonPackage {
pname = "cysystemd";
inherit version;
pyproject = true;
src = fetchFromGitHub {
owner = "mosquito";
repo = "cysystemd";
tag = version;
hash = "sha256-xumrQgoKfFeKdRQUIYXXiXEcNd76i4wo/EIDm8BN7oU=";
};
disabled = pythonOlder "3.6";
build-system = [
setuptools
cython
];
nativeBuildInputs = [
pkg-config
];
buildInputs = [ pkgs.systemd ];
pythonImportsCheck = [ "cysystemd" ];
meta = {
description = "systemd wrapper on Cython";
homepage = "https://github.com/mosquito/cysystemd";
license = lib.licenses.asl20;
platforms = lib.platforms.linux;
};
}

18
nix/configuration/roles/amd_s2idle/default.nix
View File

@@ -23,6 +23,24 @@
environment.systemPackages = with pkgs; [
amd-debug-tools
];
nixpkgs.overlays = [
(
final: prev:
let
innerPackage = (final.callPackage ./package.nix { });
in
{
amd-debug-tools = innerPackage;
}
)
(final: prev: {
pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
(python-final: python-prev: {
cysystemd = (python-final.callPackage ./cysystemd.nix { });
})
];
})
];
}
]
);

60
nix/configuration/roles/amd_s2idle/package.nix Normal file
View File

@@ -0,0 +1,60 @@
{
lib,
fetchgit,
python3Packages,
acpica-tools,
ethtool,
libdisplay-info,
}:
let
version = "0.2.8";
in
python3Packages.buildPythonApplication {
pname = "amd-debug-tools";
inherit version;
pyproject = true;
build-system = with python3Packages; [
pyudev
setuptools
setuptools-git
setuptools-git-versioning
];
dependencies = with python3Packages; [
acpica-tools
cysystemd
dbus-fast
ethtool
jinja2
libdisplay-info
matplotlib
pandas
pyudev
seaborn
tabulate
];
src = fetchgit {
url = "https://git.kernel.org/pub/scm/linux/kernel/git/superm1/amd-debug-tools.git";
tag = version;
hash = "sha256-EmXsW7Q5WMFL32LWr29W3GnGpw5aj53wlp9KbFV1r0Q=";
leaveDotGit = true;
};
disabled = python3Packages.pythonOlder "3.7";
postPatch = ''
substituteInPlace pyproject.toml \
--replace-fail ', "setuptools-git-versioning>=2.0,<3"' ""
'';
pythonImportsCheck = [ "amd_debug" ];
meta = {
description = "Debug tools for AMD zen systems";
homepage = "https://git.kernel.org/pub/scm/linux/kernel/git/superm1/amd-debug-tools.git/";
changelog = "https://git.kernel.org/pub/scm/linux/kernel/git/superm1/amd-debug-tools.git/tag/?h=${version}";
license = lib.licenses.mit;
platforms = lib.platforms.linux;
};
}

3
nix/configuration/roles/ansible/default.nix
View File

@@ -25,6 +25,9 @@
];
nixpkgs.overlays = [
(final: prev: {
ansible-sshjail = (final.callPackage ./package/ansible-sshjail/package.nix { });
})
(final: prev: {
ansible = pkgs.symlinkJoin {
name = "ansible";

0
nix/configuration/flakes/ansible-sshjail/package.nix → nix/configuration/roles/ansible/package/ansible-sshjail/package.nix
View File

11
nix/configuration/roles/distributed_build/default.nix
View File

@@ -58,12 +58,13 @@ in
];
maxJobs = 1;
supportedFeatures = [
# "nixos-test"
"nixos-test"
"benchmark"
"big-parallel"
# "kvm"
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"gccarch-skylake"
"gccarch-znver4"
];
}
@@ -86,12 +87,16 @@ in
];
maxJobs = 1;
supportedFeatures = [
# "nixos-test"
"gccarch-armv6"
"gccarch-aarch64"
"gccarch-riscv64"
"nixos-test"
"benchmark"
"big-parallel"
# "kvm"
"kvm"
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"gccarch-skylake"
"gccarch-znver4"
"gccarch-znver5"
];

8
nix/configuration/roles/docker/default.nix
View File

@@ -19,6 +19,14 @@
config = lib.mkIf config.me.docker.enable (
lib.mkMerge [
{
assertions = [
{
assertion = !config.me.podman.enable;
message = "docker conflicts with podman";
}
];
}
{
virtualisation.docker.enable = true;
# Use docker activation

15
nix/configuration/roles/emacs/files/emacs/elisp/base.el
View File

@@ -6,11 +6,13 @@
)
(use-package auto-package-update
:ensure t
:config
(setq auto-package-update-delete-old-versions t
auto-package-update-interval 14)
(auto-package-update-maybe))
:ensure t
:custom
(auto-package-update-interval 14)
(auto-package-update-delete-old-versions t)
:config
(auto-package-update-maybe)
)
(defun assert-directory (p)
(unless (file-exists-p p) (make-directory p t))
@@ -110,9 +112,6 @@
;; (setq-default fringes-outside-margins t)
;; Per-pixel scrolling instead of per-line
(pixel-scroll-precision-mode)
;; Typed text replaces selection
(delete-selection-mode)

41
nix/configuration/roles/emulate_isa/default.nix Normal file
View File

@@ -0,0 +1,41 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
emulate_isa.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to enable emulating other CPU architectures.";
};
};
config = lib.mkIf config.me.emulate_isa.enable (
lib.mkMerge [
{
boot.binfmt.emulatedSystems = [
"aarch64-linux" # Raspberry Pi gen 3
"riscv64-linux"
# TODO: Should "x86_64-linux" be in this list or should this list be dependent on the host CPU?
"armv6l-linux" # Raspberry Pi gen 1
];
me.optimizations = {
system_features = [
"gccarch-armv6"
"gccarch-aarch64"
"gccarch-riscv64"
];
};
}
]
);
}
# NOTE: build nixosConfigurations.<name>.config.system.build.sdImage

2
nix/configuration/roles/firefox/default.nix
View File

@@ -70,7 +70,7 @@
# Allow sending dark mode preference to websites.
# Allow sending timezone to websites.
"privacy.fingerprintingProtection.overrides" =
"+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked";
"+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt";
# Disable weather on new tab page
"browser.newtabpage.activity-stream.showWeather" = false;
# Disable AI stuff that wastes battery life

1
nix/configuration/roles/fonts/default.nix
View File

@@ -15,6 +15,7 @@
cascadia-code
source-sans-pro
source-serif-pro
noto-fonts
noto-fonts-cjk-sans
noto-fonts-cjk-serif
noto-fonts-color-emoji

5
nix/configuration/roles/git/files/gitconfig_home
View File

@@ -1,7 +1,7 @@
[user]
email = tom@fizz.buzz
name = Tom Alexander
signingkey = D3A179C9A53C0EDE
signingkey = 36C99E8B3C39D85F
[push]
default = simple # (default since 2.0)
[alias]
@@ -53,3 +53,6 @@
autoStash = true
# updateRefs was annoying when you want to split a branch in two by rebasing away from commits from one branch and rebasing away some commits from another branch.
updateRefs = false
# Disabled because ephemeral pin storage is not yet ready in openpgp-card-state
# [gpg]
# program = oct-git

62
nix/configuration/roles/gpg/default.nix
View File

@@ -29,9 +29,7 @@ in
lib.mkMerge [
{
# Fetch public keys:
# gpg --locate-keys tom@fizz.buzz
#
# gpg -vvv --auto-key-locate local,wkd --locate-keys tom@fizz.buzz
# gpg --locate-external-keys tom@fizz.buzz
hardware.gpgSmartcards.enable = true;
services.udev.packages = [
@@ -47,15 +45,6 @@ in
})
];
services.pcscd.enable = true;
# services.gnome.gnome-keyring.enable = true;
# services.dbus.packages = [ pkgs.gcr ];
# services.pcscd.plugins = lib.mkForce [ ];
# programs.gpg.scdaemonSettings = {
# disable-ccid = true;
# };
me.install.user.talexander.file = {
".gnupg/scdaemon.conf" = {
@@ -63,16 +52,57 @@ in
};
};
# programs.gnupg.dirmngr.enable = true;
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-qt;
# Settings block populates /etc/gnupg/gpg-agent.conf
# settings = {
# disable-ccid = true;
# };
};
# Disabled because it breaks signing git commits because gpg wants to copy pubring.kbx. Unfortunately, this makes the install of scdaemon.conf do nothing since this mount of the full .gnupg directory goes over it.
#
# environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
# hideMounts = true;
# users.talexander = {
# files = [
# {
# file = ".gnupg/trustdb.gpg";
# parentDirectory = {
# mode = "u=rwx,g=,o=";
# };
# }
# {
# file = ".gnupg/pubring.kbx";
# parentDirectory = {
# mode = "u=rwx,g=,o=";
# };
# }
# {
# file = ".gnupg/tofu.db";
# parentDirectory = {
# mode = "u=rwx,g=,o=";
# };
# }
# ];
# directories = [
# {
# directory = ".gnupg/crls.d";
# user = "talexander";
# group = "talexander";
# mode = "0700";
# }
# {
# directory = ".gnupg/private-keys-v1.d";
# user = "talexander";
# group = "talexander";
# mode = "0700";
# }
# ];
# };
# };
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
@@ -82,7 +112,7 @@ in
user = "talexander";
group = "talexander";
mode = "0700";
} # Local keyring
}
];
};
};
@@ -90,8 +120,6 @@ in
environment.systemPackages = with pkgs; [
pcsclite
pcsctools
yubikey-personalization
yubikey-manager
glibcLocales
ccid
libusb-compat-0_1

3
nix/configuration/roles/gpg/files/gpg_test_wkd.bash
View File

@@ -6,3 +6,6 @@ IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
gpg --no-default-keyring --keyring /tmp/gpg-$$ --auto-key-locate clear,wkd --locate-keys "${@}"
# To generate files for the WKD:
# gpg-wks-client --directory ./pgp/.well-known/openpgpkey --install-key <keyid> <email>

3
nix/configuration/roles/gpg/files/scdaemon.conf
View File

@@ -1,6 +1,9 @@
#reader-port Yubico Yubi
disable-ccid
# This setting enables other backends like oct to access the pgp card simultaneously but it also means that gpg will ask for the pin for EVERY ssh session which is annoying in scripts.
#pcsc-shared
#log-file /home/talexander/scd.log
#verbose
#debug cardio

2
nix/configuration/roles/kodi/default.nix
View File

@@ -51,7 +51,7 @@
# Generate with `mkpasswd -m scrypt`
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
];

2
nix/configuration/roles/media/files/cast_file_vaapi
View File

@@ -123,11 +123,13 @@ function convert {
if [ "$acceleration_type" == "software" ]; then
args+=(-c:v h264)
args+=(-profile:v high)
args+=(-vf format=yuv420p)
args+=(-b:v "$VIDEO_BITRATE")
elif [ "$acceleration_type" == "hardware" ]; then
args+=(-vf 'format=nv12|vaapi,hwupload')
args+=(-c:v h264_vulkan)
args+=(-profile:v high)
args+=(-vf format=yuv420p)
args+=(-b:v "$VIDEO_BITRATE")
fi
elif [ "$codec" == "av1" ]; then

29
nix/configuration/roles/network/default.nix
View File

@@ -55,8 +55,20 @@
General = {
EnableNetworkConfiguration = true;
AddressRandomization = "network";
ControlPortOverNL80211 = false;
};
# Rank = {
# BandModifier2_4GHz = 1.0;
# BandModifier5GHz = 1.0;
# BandModifier6GHz = 1.0;
# };
DriverQuirks = {
PowerSaveDisable = "*";
# ath12k_pci
};
# Scan = {
# DisablePeriodicScan = true;
# DisableRoamingScan = true;
# };
};
};
environment.systemPackages = with pkgs; [
@@ -102,4 +114,19 @@
# })
# ];
# nixpkgs.overlays = [
# (final: prev: {
# linux-firmware = prev.linux-firwmare.overrideAttrs (old: rec {
# version = "20250917";
# src = final.fetchFromGitLab {
# owner = "kernel-firmware";
# repo = "linux-firmware";
# tag = version;
# hash = "sha256-tecFB6WYEfBK9FB7Rv8nHLdefIoaFnHrpzXBl+iSd08=";
# };
# });
# })
# ];
}

2
nix/configuration/roles/nix_worker/default.nix
View File

@@ -43,7 +43,7 @@
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [
# Normal keys:
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
# Key for nix to connect:

49
nix/configuration/roles/openpgp_card_tools/default.nix Normal file
View File

@@ -0,0 +1,49 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./openpgp-card-ssh-agent.nix
];
options.me = {
openpgp_card_tools.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install openpgp-card-tools.";
};
};
config = lib.mkIf config.me.openpgp_card_tools.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
openpgp-card-tools
openpgp-card-tool-git
openpgp-card-ssh-agent
];
nixpkgs.overlays = [
(final: prev: {
openpgp-card-tool-git = (final.callPackage ./package/openpgp-card-tool-git/package.nix { });
openpgp-card-ssh-agent = (final.callPackage ./package/openpgp-card-ssh-agent/package.nix { });
})
];
me.install.user.talexander.file = {
".config/openpgp-card-state/config.toml" = {
source = ./files/openpgp-card-state.toml;
};
};
# The current openpgp-card-ssh-agent has an outdated dependency on openpgp-card-state which makes it not handle my current openpgp-card-state.toml
# services.openpgp-card-ssh-agent.enable = true;
}
]
);
}

1
nix/configuration/roles/openpgp_card_tools/files/openpgp-card-state.toml Normal file
View File

@@ -0,0 +1 @@
default_pin_storage = "Pinentry"

94
nix/configuration/roles/openpgp_card_tools/openpgp-card-ssh-agent.nix Normal file
View File

@@ -0,0 +1,94 @@
# Upstream to nixpkgs/nixos/modules/services/networking/ssh/openpgp-card-ssh-agent.nix
{
config,
lib,
pkgs,
...
}:
let
inherit (lib)
mkIf
mkOption
mkEnableOption
mkPackageOption
mkDefault
types
concatMapStringsSep
generators
;
cfg = config.services.openpgp-card-ssh-agent;
in
{
options.services.openpgp-card-ssh-agent = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Whether to start openpgp-card-ssh-agent when you log in.
Also sets SSH_AUTH_SOCK to point at openpgp-card-ssh-agent.
'';
};
package = mkPackageOption pkgs "openpgp-card-ssh-agent" { };
};
config = mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
systemd.user.sockets.openpgp-card-ssh-agent = {
wantedBy = [ "sockets.target" ];
description = "A simple ssh-agent backed by OpenPGP card authentication keys";
documentation = [
"https://codeberg.org/openpgp-card/ssh-agent"
"man:ssh-add(1)"
"man:ssh-agent(1)"
"man:ssh(1)"
];
socketConfig = {
ListenStream = "%t/openpgp-card/ssh-agent.sock";
SocketMode = "0600";
DirectoryMode = "0700";
};
};
systemd.user.services.openpgp-card-ssh-agent = {
description = "A simple ssh-agent backed by OpenPGP card authentication keys";
documentation = [
"https://codeberg.org/openpgp-card/ssh-agent"
"man:ssh-add(1)"
"man:ssh-agent(1)"
"man:ssh(1)"
];
after = [ "local-fs.target" ];
requires = [
"openpgp-card-ssh-agent.socket"
# "gnome-keyring-daemon.service"
];
serviceConfig = {
ExecStart = ''
${cfg.package}/bin/openpgp-card-ssh-agent -H fd://
'';
};
};
environment.extraInit = ''
if [ -z "$SSH_AUTH_SOCK" ] && [ -n "$XDG_RUNTIME_DIR" ]; then
export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/openpgp-card/ssh-agent.sock"
fi
'';
assertions = [
{
assertion = cfg.enable -> !config.programs.ssh.startAgent;
message = "You can't use ssh-agent and GnuPG agent with SSH support enabled at the same time!";
}
{
assertion = cfg.enable -> !config.programs.gnupg.agent.enableSSHSupport;
message = "You can't use GnuPG agent with SSH support enabled and openpgp-card-ssh-agent at the same time!";
}
];
};
}

52
nix/configuration/roles/openpgp_card_tools/package/openpgp-card-ssh-agent/package.nix Normal file
View File

@@ -0,0 +1,52 @@
{
lib,
rustPlatform,
fetchFromGitea,
pkg-config,
pcsclite,
dbus,
openssl,
testers,
openpgp-card-ssh-agent,
}:
rustPlatform.buildRustPackage rec {
pname = "openpgp-card-ssh-agent";
version = "0.3.4";
src = fetchFromGitea {
domain = "codeberg.org";
owner = "openpgp-card";
repo = "ssh-agent";
rev = "v${version}";
hash = "sha256-nWbvEsVa7YJsBtVZfLQDB4CiaHP3GEYeYS32+WZv8PE=";
};
cargoHash = "sha256-nG7xebypXv7UAfu7sWbcp4DIhLv4lfzMrQUY6m2iDmw=";
nativeBuildInputs = [
pkg-config
];
buildInputs = [
openssl
pcsclite
dbus
];
passthru = {
tests.version = testers.testVersion {
package = openpgp-card-ssh-agent;
};
};
meta = with lib; {
description = "An ssh agent that uses OpenPGP cards for your key";
homepage = "https://codeberg.org/openpgp-card/ssh-agent";
license = with licenses; [
asl20 # OR
mit
];
mainProgram = "openpgp-card-ssh-agent";
};
}

54
nix/configuration/roles/openpgp_card_tools/package/openpgp-card-tool-git/package.nix Normal file
View File

@@ -0,0 +1,54 @@
{
lib,
rustPlatform,
fetchFromGitea,
pkg-config,
pcsclite,
dbus,
openssl,
sqlite,
testers,
openpgp-card-tool-git,
}:
rustPlatform.buildRustPackage rec {
pname = "openpgp-card-tool-git";
version = "0.1.6";
src = fetchFromGitea {
domain = "codeberg.org";
owner = "openpgp-card";
repo = "oct-git";
rev = "v${version}";
hash = "sha256-38/JHzCkL3+0IbOacH54A5Hj03oDe9jDzcwp672a8LE=";
};
cargoHash = "sha256-j1Osj2rjLxrSKh82ym6PiIHVO1wLE7Ax2/5+pdRcv+E=";
nativeBuildInputs = [
pkg-config
];
buildInputs = [
openssl
pcsclite
dbus
sqlite
];
passthru = {
tests.version = testers.testVersion {
package = openpgp-card-tool-git;
};
};
meta = with lib; {
description = "Tool for using OpenPGP cards with git";
homepage = "https://codeberg.org/openpgp-card/oct-git";
license = with licenses; [
asl20 # OR
mit
];
mainProgram = "oct-git";
};
}

55
nix/configuration/roles/optimized_build/default.nix
View File

@@ -97,64 +97,9 @@
} prev.linux_6_16;
}
)
(final: prev: {
haskellPackages = prev.haskellPackages.extend (
final': prev': {
inherit (pkgs-unoptimized.haskellPackages)
crypto-token
crypton
crypton-connection
crypton-x509
crypton-x509-store
crypton-x509-system
crypton-x509-validation
hspec-wai
http-client-tls
http2
pandoc
pandoc-cli
pandoc-lua-engine
pandoc-server
servant-server
tls
tls-session-manager
wai-app-static
wai-extra
warp
warp-tls
;
}
);
})
# (final: prev: {
# python = prev.python.override {
# packageOverrides = python-final: python-prev: {
# inherit (pkgs-unoptimized.pythonPackages) coverage;
# };
# };
# })
# (final: prev: {
# pythonPackagesOverlays = prev.pythonPackagesOverlays.extend (
# final': prev': {
# inherit (pkgs-unoptimized.pythonPackagesOverlays)
# coverage
# ;
# }
# );
# })
# (final: prev: {
# pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
# (python-final: python-prev: {
# inherit (pkgs-unoptimized.pythonPackages) coverage;
# })
# ];
# })
(final: prev: {
inherit (pkgs-unoptimized)
gsl
redis
valkey
nix-serve-ng
rapidjson
assimp
;

80
nix/configuration/roles/podman/default.nix Normal file
View File

@@ -0,0 +1,80 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
podman.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install podman.";
};
};
config = lib.mkIf config.me.podman.enable (
lib.mkMerge [
{
assertions = [
{
assertion = !config.me.docker.enable;
message = "podman conflicts with docker";
}
];
}
{
environment.systemPackages = with pkgs; [
dive
podman-tui
podman-compose
];
# Write config files in /etc/containers
virtualisation.containers.enable = true;
# By default this includes "quay.io" which leads to prompting for which registry to download from.
virtualisation.containers.registries.search = [ "docker.io" ];
virtualisation = {
podman = {
enable = true;
# Install docker shim
dockerCompat = true;
# Support name resolution in podman-compose.
defaultNetwork.settings.dns_enabled = true;
};
};
environment.variables = {
# For compatibility with tools expecting a docker socket (like dive).
DOCKER_HOST = "unix://$XDG_RUNTIME_DIR/podman/podman.sock";
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
{
directory = "/var/lib/containers";
user = "root";
group = "root";
mode = "0755";
}
];
users.talexander = {
directories = [
{
directory = ".local/share/containers";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
}
]
);
}

1
nix/configuration/roles/python/default.nix
View File

@@ -31,6 +31,7 @@
pyright
isort
black
uv
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {

36
nix/configuration/roles/qemu/default.nix
View File

@@ -5,6 +5,41 @@
...
}:
let
qemurc =
(pkgs.writeScriptBin "qemurc" (
builtins.readFile (
pkgs.replaceVars ./files/qemurc.bash {
"OVMFfd" = "${pkgs.OVMF.fd}";
mount_root = "/vm";
zfs_root = "zroot/linux/nix/vm";
}
)
)).overrideAttrs
(old: {
buildCommand = ''
${old.buildCommand}
patchShebangs $out
'';
});
qemurc_wrapped =
(pkgs.writeScriptBin "qemurc" ''
#!/usr/bin/env bash
export "PATH=${
lib.makeBinPath [
pkgs.swtpm
pkgs.tmux
]
}:''${PATH}"
exec ${qemurc}/bin/qemurc "''${@}"
'').overrideAttrs
(old: {
buildCommand = ''
${old.buildCommand}
patchShebangs $out
'';
});
in
{
imports = [ ];
@@ -22,6 +57,7 @@
{
environment.systemPackages = with pkgs; [
qemu
qemurc_wrapped
];
}
]

375
nix/configuration/roles/qemu/files/qemurc.bash Normal file
View File

@@ -0,0 +1,375 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# Share a host directory to the guest via 9pfs.
#
# Inside the VM run:
# mount -t virtfs -o trans=virtio sharename /some/vm/path
# mount -t 9p -o cache=mmap -o msize=512000 sharename /mnt/9p
# mount -t 9p -o trans=virtio,cache=mmap,msize=512000 bind9p /path/to/mountpoint
# Example usage:
#
# doas qemurc create-disk mint 10
# doas env CD=/vm/iso/linuxmint-22.2-cinnamon-64bit.iso qemurc start mint
# doas qemurc start mint
# doas env WAYLAND_DISPLAY="$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY" XDG_RUNTIME_DIR=/run/user/0 qemurc start mint
: ${VERBOSE:="NO"} # or YES
if [ "$VERBOSE" = "YES" ]; then
set -x
fi
: ${CPU_CORES:="1"}
: ${MEMORY:="1G"}
: ${GTK_ENABLE:="NO"} # Only enable one, either GTK or VNC
: ${VNC_ENABLE:="NO"} # Only enable one, either GTK or VNC
: ${VNC_LISTEN:="127.0.0.1:0"}
: ${VNC_WIDTH:="1920"}
: ${VNC_HEIGHT:="1080"}
: ${AUDIO_ENABLE:="NO"}
: ${TPM_ENABLE:="NO"}
: ${BIND9P:=""}
: "${CD:=}"
: ${SHUTDOWN_TIMEOUT:="600"}
: ${MOUNT_ROOT:="@mount_root@"}
: ${ZFS_ROOT:="@zfs_root@"}
############## Setup #########################
function cleanup {
sync
for p in "${pids[@]}"; do
log "Killing $p"
kill "$p"
log "Killed $p"
done
for vm in "${vms[@]}"; do
log "Stopping $vm"
stop_one "$vm"
log "Stopped $vm"
done
}
pids=()
vms=()
trap "set +e; cleanup" EXIT
function die {
local status_code="$1"
shift
(>&2 echo "${@}")
exit "$status_code"
}
function log {
(>&2 echo "${@}")
}
############## Program #########################
function main {
local cmd
cmd=$1
shift
if [ "$cmd" = "start" ]; then
init
start "${@}"
elif [ "$cmd" = "stop" ]; then
init
stop "${@}"
elif [ "$cmd" = "status" ]; then
init
status "${@}"
elif [ "$cmd" = "console" ]; then
init
console "${@}"
elif [ "$cmd" = "_start_body" ]; then
init
start_body "${@}"
elif [ "$cmd" = "create-disk" ]; then
create_disk "${@}"
else
(>&2 echo "Unknown command: $cmd")
exit 1
fi
}
function start {
local num_vms="$#"
if [ "$num_vms" -eq 0 ]; then
log "No VMs specified."
return 0
fi
while [ "$#" -gt 0 ]; do
local name="$1"
shift 1
log "Starting VM $name."
start_one "$name"
[ "$#" -eq 0 ] || sleep 5
done
}
function start_one {
local name="$1"
local tmux_name="$name"
tmux new-session -d -s "$tmux_name" "$0" "_start_body" "$name"
}
function launch_pidfile {
local pidfile="$1"
shift 1
mkdir -p "$(dirname "$pidfile")"
cat > "${pidfile}" <<< "$$"
set -x
exec "${@}"
}
export -f launch_pidfile
function stop {
local num_vms="$#"
if [ "$num_vms" -eq 0 ]; then
log "No VMs specified."
return 0
fi
while [ "$#" -gt 0 ]; do
local name="$1"
shift 1
log "Stopping VM $name."
stop_one "$name"
[ "$#" -eq 0 ] || sleep 5
done
}
function stop_one {
local name="$1"
local pidfile="/run/qemurc/${name}/pid"
if [ ! -e "$pidfile" ]; then
log "Pid file $pidfile does not exist."
return 0
fi
local qemu_pid
qemu_pid=$(cat "$pidfile")
if ps -p "$qemu_pid" >/dev/null; then
# We cannot send a graceful shutdown command externally to qemu: https://gitlab.com/qemu-project/qemu/-/issues/148
log "Killing ${name}:${qemu_pid}."
kill -SIGTERM "$qemu_pid"
fi
local timeout_start timeout_end
timeout_start=$(date +%s)
while ps -p "$qemu_pid" >/dev/null; do
timeout_end=$(date +%s)
if [ $((timeout_end-timeout_start)) -ge "$SHUTDOWN_TIMEOUT" ]; then
log "${name}:${qemu_pid} took more than $SHUTDOWN_TIMEOUT seconds to shut down. Hard powering down."
break
fi
log "Waiting for ${name}:${qemu_pid} to exit."
sleep 2
done
kill -9 "$qemu_pid"
local timeout_start timeout_end
timeout_start=$(date +%s)
while ps -p "$qemu_pid" >/dev/null; do
timeout_end=$(date +%s)
if [ $((timeout_end-timeout_start)) -ge "$SHUTDOWN_TIMEOUT" ]; then
log "${name}:${qemu_pid} took more than $SHUTDOWN_TIMEOUT seconds to hard power down. Giving up."
break
fi
log "Waiting for ${name}:${qemu_pid} to hard power down."
sleep 2
done
rm -f "$pidfile"
log "Finished stopping $name."
}
function status {
local num_vms="$#"
if [ "$num_vms" -gt 0 ]; then
for name in "$@"; do
status_one "$name"
done
else
log "No VMs specified."
fi
}
function status_one {
local name="$1"
local pidfile="/run/qemurc/${name}/pid"
if [ ! -e "$pidfile" ]; then
log "$name is not running."
return 0
fi
local qemu_pid
qemu_pid=$(cat "$pidfile")
if ! ps -p "$qemu_pid" >/dev/null; then
log "$name is not running."
return 0
fi
log "$name is running as pid $qemu_pid."
}
function console {
local num_vms="$#"
if [ "$num_vms" -gt 0 ]; then
for name in "$@"; do
log "Attaching to console of VM $name."
console_one "$name"
done
else
log "No VMs specified."
fi
}
function console_one {
local name="$1"
local tmux_name="$name"
exec tmux a -t "$tmux_name"
}
function init {
mkdir -p /run/qemurc
}
############## qemu ############################
function create_disk {
local name="$1"
local gigabytes="$2"
local zfs_path="${ZFS_ROOT}/${name}"
local mount_path="${MOUNT_ROOT}/${name}"
zfs create -o mountpoint=none -o canmount=off "$zfs_path"
zfs create -o "mountpoint=$mount_path" -o canmount=on "$zfs_path/settings"
zfs create -s "-V${gigabytes}G" -o volmode=dev -o primarycache=metadata -o secondarycache=none "$zfs_path/disk0"
zfs snapshot -r "$zfs_path@empty"
install -m0600 "@OVMFfd@/FV/OVMF_VARS.fd" "${mount_path}/"
tee "${mount_path}/settings" <<EOF
CPU_CORES="$CPU_CORES"
MEMORY="$MEMORY"
GTK_ENABLE="$GTK_ENABLE"
VNC_ENABLE="$VNC_ENABLE"
VNC_LISTEN="$VNC_LISTEN"
VNC_WIDTH="$VNC_WIDTH"
VNC_HEIGHT="$VNC_HEIGHT"
AUDIO_ENABLE="$AUDIO_ENABLE"
TPM_ENABLE="$TPM_ENABLE"
BIND9P="$BIND9P"
EOF
}
function start_body {
local name="$1"
local zfs_path="${ZFS_ROOT}/${name}"
local mount_path="${MOUNT_ROOT}/${name}"
local run_path="/run/qemurc/${name}"
local mount_cd="$CD"
local swtpm_sock="${run_path}/swtpm.sock"
local swtpm_path="${MOUNT_ROOT}/${name}/swtpm"
install -d -m 0700 "$run_path"
if [ -e "${mount_path}/settings" ]; then
source "${mount_path}/settings"
fi
local additional_args=()
if [ -n "$BIND9P" ]; then
additional_args+=(-device "virtio-9p-type,fsdev=${BIND9P},mount_tag=bind9p")
fi
if [ -n "$mount_cd" ]; then
additional_args+=(-cdrom "$mount_cd")
fi
if [ "$VNC_ENABLE" = "YES" ]; then
additional_args+=(-vnc "${VNC_LISTEN},power-control=on")
fi
if [ "$AUDIO_ENABLE" = "YES" ]; then
additional_args+=(-audio "driver=pa,model=virtio,server=/run/user/11235/pulse/native")
fi
if [ "$TPM_ENABLE" = "YES" ]; then
install -d -m 0700 "$swtpm_path"
swtpm socket --tpm2 --tpmstate dir="$swtpm_path" --ctrl type=unixio,path="$swtpm_sock" &
local tpm_pid=$!
pids+=("$tpm_pid")
additional_args+=(-chardev "socket,id=chrtpm,path=$swtpm_sock"
-tpmdev "emulator,id=tpm0,chardev=chrtpm"
-device "tpm-tis,tpmdev=tpm0")
fi
if [ "$GTK_ENABLE" = "YES" ]; then
additional_args+=(
-device 'virtio-gpu-gl,hostmem=8G,blob=true,venus=true'
-display 'gtk,gl=on'
-vga virtio
)
fi
vms+=("$name")
local pidfile="/run/qemurc/${name}/pid"
local launch_cmd=()
launch_cmd+=(
launch_pidfile "$pidfile"
qemu-system-x86_64
-accel kvm
-cpu host
-smp cores="$CPU_CORES"
-m "$MEMORY"
-rtc base=localtime
-drive "file=\"@OVMFfd@/FV/OVMF_CODE.fd\",if=pflash,format=raw,readonly=on"
-drive "if=pflash,format=raw,file=\"$(readlink -f "${mount_path}/OVMF_VARS.fd")\""
-drive "if=none,file=/dev/zvol/${zfs_path}/disk0,format=raw,id=hd0"
-device 'nvme,serial=deadbeef,drive=hd0'
-nic 'user,hostfwd=tcp::60022-:22'
-boot order=d
"${additional_args[@]}"
)
set +e
rm -f "$pidfile"
(
IFS=$' \n\t'
set -ex
bash -c "${launch_cmd[*]}"
)
local exit_code=$?
log "Exit code ${exit_code}"
set -e
}
main "${@}"

29
nix/configuration/roles/sequoia/default.nix Normal file
View File

@@ -0,0 +1,29 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
sequoia.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install sequoia.";
};
};
config = lib.mkIf config.me.sequoia.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
sequoia-sq
];
}
]
);
}

49
nix/configuration/roles/spaghettikart/default.nix Normal file
View File

@@ -0,0 +1,49 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
spaghettikart.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install spaghettikart.";
};
};
config = lib.mkIf config.me.spaghettikart.enable (
lib.mkMerge [
{
allowedUnfree = [ "spaghettikart" ];
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
spaghettikart
];
me.install.user.talexander.file = {
".local/share/spaghettikart/spaghettify.cfg.json" = {
source = ./files/spaghettify.cfg.json;
method = "overwrite";
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
files = [
".local/share/spaghettikart/default.sav"
".local/share/spaghettikart/mk64.o2r"
];
};
};
})
]
);
}

14
nix/configuration/roles/spaghettikart/files/spaghettify.cfg.json Normal file
View File

@@ -0,0 +1,14 @@
{
"CVars": {
"gDisableLod": 1,
"gMSAAValue": 2,
"gShowSpaghettiVersion": 0,
"gSkipIntro": 1,
"gVsyncEnabled": 1
},
"Window": {
"Fullscreen": {
"Enabled": true
}
}
}

33
nix/configuration/roles/uutils/default.nix Normal file
View File

@@ -0,0 +1,33 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
uutils.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to replace GNU coreutils with uutils (a rust drop-in replacement).";
};
};
config = lib.mkIf config.me.uutils.enable (
lib.mkMerge [
{
# environment.corePackages automatically installes coreutils-full, so merely installing uutils-coreutils-noprefix is insufficient for replacing GNU coreutils.
nixpkgs.overlays = [
(final: prev: {
coreutils = final.uutils-coreutils-noprefix;
coreutils-full = final.uutils-coreutils-noprefix;
})
];
}
]
);
}

30
nix/configuration/roles/yubikey/default.nix Normal file
View File

@@ -0,0 +1,30 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
yubikey.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install yubikey.";
};
};
config = lib.mkIf config.me.yubikey.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
yubikey-personalization
yubikey-manager
];
}
]
);
}

6
nix/configuration/roles/zsh/default.nix
View File

@@ -109,6 +109,12 @@ in
];
};
};
nixpkgs.overlays = [
(final: prev: {
zsh-histdb = (final.callPackage ./package/zsh-histdb/package.nix { });
})
];
}
]
);

0
nix/configuration/flakes/zsh-histdb/package.nix → nix/configuration/roles/zsh/package/zsh-histdb/package.nix
View File

42
nix/steam_deck/configuration/flake.lock generated
View File

@@ -1,12 +1,15 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1659877975,
"narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
@@ -22,11 +25,11 @@
]
},
"locked": {
"lastModified": 1739314552,
"narHash": "sha256-ggVf2BclyIW3jexc/uvgsgJH4e2cuG6Nyg54NeXgbFI=",
"lastModified": 1757698511,
"narHash": "sha256-UqHHGydF/q3jfYXCpvYLA0TWtvByOp1NwOKCUjhYmPs=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "83bd3a26ac0526ae04fa74df46738bb44b89dcdd",
"rev": "a3fcc92180c7462082cd849498369591dfb20855",
"type": "github"
},
"original": {
@@ -58,11 +61,11 @@
]
},
"locked": {
"lastModified": 1713543440,
"narHash": "sha256-lnzZQYG0+EXl/6NkGpyIz+FEOc/DSEG57AP1VsdeNrM=",
"lastModified": 1752054764,
"narHash": "sha256-Ob/HuUhANoDs+nvYqyTKrkcPXf4ZgXoqMTQoCK0RFgQ=",
"owner": "nix-community",
"repo": "nixGL",
"rev": "310f8e49a149e4c9ea52f1adf70cdc768ec53f8a",
"rev": "a8e1ce7d49a149ed70df676785b07f63288f53c5",
"type": "github"
},
"original": {
@@ -73,11 +76,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1739138025,
"narHash": "sha256-M4ilIfGxzbBZuURokv24aqJTbdjPA9K+DtKUzrJaES4=",
"lastModified": 1757746433,
"narHash": "sha256-fEvTiU4s9lWgW7mYEU/1QUPirgkn+odUBTaindgiziY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "b2243f41e860ac85c0b446eadc6930359b294e79",
"rev": "6d7ec06d6868ac6d94c371458fc2391ded9ff13d",
"type": "github"
},
"original": {
@@ -94,6 +97,21 @@
"nixgl": "nixgl",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",

9
nix/steam_deck/configuration/flake.nix
View File

@@ -4,8 +4,10 @@
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable";
nixgl.url = "github:nix-community/nixGL";
nixgl.inputs.nixpkgs.follows = "nixpkgs";
nixgl = {
url = "github:nix-community/nixGL";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
@@ -23,6 +25,7 @@
...
}:
let
forAllSystems = nixpkgs.lib.genAttrs nixpkgs.lib.systems.flakeExposed;
system = "x86_64-linux";
pkgs = import nixpkgs {
inherit system;
@@ -31,7 +34,7 @@
in
# pkgs = nixpkgs.legacyPackages.${system};
{
defaultPackage.${system} = home-manager.defaultPackage.${system};
defaultPackage.${system} = home-manager.packages.${system}.default;
homeConfigurations."deck" = home-manager.lib.homeManagerConfiguration {
inherit pkgs;

1
nix/steam_deck/configuration/home.nix
View File

@@ -18,6 +18,7 @@
./roles/ryujinx
./roles/shipwright
./roles/sm64ex
./roles/spaghettikart
./roles/steam_rom_manager
./roles/yuzu
./util/copy_files

1
nix/steam_deck/configuration/hosts/deck/default.nix
View File

@@ -20,6 +20,7 @@
me.ship2harkinian.enable = true;
me.shipwright.enable = true;
me.sm64ex.enable = true;
me.spaghettikart.enable = true;
me.steam_rom_manager.enable = true; # Steam rom manager UI does not render. I think it wants to be in an AppImage.
me.yuzu.enable = true;
};

7
nix/steam_deck/configuration/roles/duckstation/default.nix
View File

@@ -51,6 +51,7 @@ in
(
final: prev:
let
modified_package = (pkgs.callPackage ./package/package.nix { });
optimizeWithFlags =
pkg: flags:
pkg.overrideAttrs (old: {
@@ -58,16 +59,16 @@ in
});
original_package =
if config.me.optimizations.enable then
(optimizeWithFlags prev.duckstation [
(optimizeWithFlags modified_package [
"-march=znver2"
"-mtune=znver2"
])
else
prev.duckstation;
modified_package;
in
{
duckstation = pkgs.buildEnv {
name = prev.duckstation.name;
name = original_package.name;
paths = [
(config.lib.nixGL.wrap original_package)
];

11
nix/steam_deck/configuration/roles/duckstation/package/001-fix-test-inclusion.diff Normal file
View File

@@ -0,0 +1,11 @@
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 879d46bc..95570f6b 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -20,5 +20,5 @@ if(BUILD_REGTEST)
endif()
if(BUILD_TESTS)
- add_subdirectory(common-tests EXCLUDE_FROM_ALL)
+ add_subdirectory(common-tests)
endif()

19
nix/steam_deck/configuration/roles/duckstation/package/002-hardcode-vars.diff Normal file
View File

@@ -0,0 +1,19 @@
diff --git a/src/scmversion/gen_scmversion.sh b/src/scmversion/gen_scmversion.sh
index 9122cd8..50ed8f9 100755
--- a/src/scmversion/gen_scmversion.sh
+++ b/src/scmversion/gen_scmversion.sh
@@ -10,10 +10,10 @@ else
fi
-HASH=$(git rev-parse HEAD)
-BRANCH=$(git rev-parse --abbrev-ref HEAD | tr -d '\r\n')
-TAG=$(git describe --dirty | tr -d '\r\n')
-DATE=$(git log -1 --date=iso8601-strict --format=%cd)
+HASH="@gitHash@"
+BRANCH="@gitBranch@"
+TAG="@gitTag@"
+DATE="@gitDate@"
cd $CURDIR

70
nix/steam_deck/configuration/roles/duckstation/package/003-fix-NEON-intrinsics.patch Normal file
View File

@@ -0,0 +1,70 @@
From 19e094e5c7aaaf375a13424044521701e85c8313 Mon Sep 17 00:00:00 2001
From: OPNA2608 <opna2608@protonmail.com>
Date: Thu, 9 Jan 2025 17:46:25 +0100
Subject: [PATCH] Fix usage of NEON intrinsics
---
src/common/gsvector_neon.h | 12 ++++++------
1 file changed, 6 insertions(+), 6 deletions(-)
diff --git a/src/common/gsvector_neon.h b/src/common/gsvector_neon.h
index e4991af5e..61b8dc09b 100644
--- a/src/common/gsvector_neon.h
+++ b/src/common/gsvector_neon.h
@@ -867,7 +867,7 @@ public:
ALWAYS_INLINE int mask() const
{
- const uint32x2_t masks = vshr_n_u32(vreinterpret_u32_s32(v2s), 31);
+ const uint32x2_t masks = vshr_n_u32(vreinterpret_u32_f32(v2s), 31);
return (vget_lane_u32(masks, 0) | (vget_lane_u32(masks, 1) << 1));
}
@@ -2882,7 +2882,7 @@ public:
ALWAYS_INLINE GSVector4 gt64(const GSVector4& v) const
{
#ifdef CPU_ARCH_ARM64
- return GSVector4(vreinterpretq_f32_f64(vcgtq_f64(vreinterpretq_f64_f32(v4s), vreinterpretq_f64_f32(v.v4s))));
+ return GSVector4(vreinterpretq_f32_u64(vcgtq_f64(vreinterpretq_f64_f32(v4s), vreinterpretq_f64_f32(v.v4s))));
#else
GSVector4 ret;
ret.U64[0] = (F64[0] > v.F64[0]) ? 0xFFFFFFFFFFFFFFFFULL : 0;
@@ -2894,7 +2894,7 @@ public:
ALWAYS_INLINE GSVector4 eq64(const GSVector4& v) const
{
#ifdef CPU_ARCH_ARM64
- return GSVector4(vreinterpretq_f32_f64(vceqq_f64(vreinterpretq_f64_f32(v4s), vreinterpretq_f64_f32(v.v4s))));
+ return GSVector4(vreinterpretq_f32_u64(vceqq_f64(vreinterpretq_f64_f32(v4s), vreinterpretq_f64_f32(v.v4s))));
#else
GSVector4 ret;
ret.U64[0] = (F64[0] == v.F64[0]) ? 0xFFFFFFFFFFFFFFFFULL : 0;
@@ -2906,7 +2906,7 @@ public:
ALWAYS_INLINE GSVector4 lt64(const GSVector4& v) const
{
#ifdef CPU_ARCH_ARM64
- return GSVector4(vreinterpretq_f32_f64(vcgtq_f64(vreinterpretq_f64_f32(v4s), vreinterpretq_f64_f32(v.v4s))));
+ return GSVector4(vreinterpretq_f32_u64(vcgtq_f64(vreinterpretq_f64_f32(v4s), vreinterpretq_f64_f32(v.v4s))));
#else
GSVector4 ret;
ret.U64[0] = (F64[0] < v.F64[0]) ? 0xFFFFFFFFFFFFFFFFULL : 0;
@@ -2918,7 +2918,7 @@ public:
ALWAYS_INLINE GSVector4 ge64(const GSVector4& v) const
{
#ifdef CPU_ARCH_ARM64
- return GSVector4(vreinterpretq_f32_f64(vcgeq_f64(vreinterpretq_f64_f32(v4s), vreinterpretq_f64_f32(v.v4s))));
+ return GSVector4(vreinterpretq_f32_u64(vcgeq_f64(vreinterpretq_f64_f32(v4s), vreinterpretq_f64_f32(v.v4s))));
#else
GSVector4 ret;
ret.U64[0] = (F64[0] >= v.F64[0]) ? 0xFFFFFFFFFFFFFFFFULL : 0;
@@ -2930,7 +2930,7 @@ public:
ALWAYS_INLINE GSVector4 le64(const GSVector4& v) const
{
#ifdef CPU_ARCH_ARM64
- return GSVector4(vreinterpretq_f32_f64(vcleq_f64(vreinterpretq_f64_f32(v4s), vreinterpretq_f64_f32(v.v4s))));
+ return GSVector4(vreinterpretq_f32_u64(vcleq_f64(vreinterpretq_f64_f32(v4s), vreinterpretq_f64_f32(v.v4s))));
#else
GSVector4 ret;
ret.U64[0] = (F64[0] <= v.F64[0]) ? 0xFFFFFFFFFFFFFFFFULL : 0;
--
2.47.0

26
nix/steam_deck/configuration/roles/duckstation/package/LICENSE Normal file
View File

@@ -0,0 +1,26 @@
# The files in this folder are imported from nixpkg https://github.com/NixOS/nixpkgs .
#
# They have slight modifications to fix the package build on my home-manager systems.
#
# The original license is reproduced below:
Copyright (c) 2003-2025 Eelco Dolstra and the Nixpkgs/NixOS contributors
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

147
nix/steam_deck/configuration/roles/duckstation/package/package.nix Normal file
View File

@@ -0,0 +1,147 @@
{
lib,
stdenv,
llvmPackages,
SDL2,
callPackage,
cmake,
cpuinfo,
cubeb,
curl,
extra-cmake-modules,
libXrandr,
libbacktrace,
libwebp,
makeWrapper,
ninja,
pkg-config,
qt6,
vulkan-loader,
wayland,
wayland-scanner,
}:
let
sources = callPackage ./sources.nix { };
inherit (qt6)
qtbase
qtsvg
qttools
qtwayland
wrapQtAppsHook
;
in
llvmPackages.stdenv.mkDerivation (finalAttrs: {
inherit (sources.duckstation) pname version src;
patches = [
# Tests are not built by default
./001-fix-test-inclusion.diff
# Patching yet another script that fills data based on git commands . . .
./002-hardcode-vars.diff
# Fix NEON intrinsics usage
./003-fix-NEON-intrinsics.patch
./remove-cubeb-vendor.patch
];
nativeBuildInputs = [
cmake
extra-cmake-modules
ninja
pkg-config
qttools
wayland-scanner
wrapQtAppsHook
];
buildInputs = [
SDL2
cpuinfo
cubeb
curl
libXrandr
libbacktrace
libwebp
qtbase
qtsvg
qtwayland
sources.discord-rpc-patched
sources.lunasvg
sources.shaderc-patched
sources.soundtouch-patched
sources.spirv-cross-patched
wayland
];
cmakeFlags = [
(lib.cmakeBool "BUILD_TESTS" true)
];
strictDeps = true;
doInstallCheck = true;
postPatch = ''
gitHash=$(cat .nixpkgs-auxfiles/git_hash) \
gitBranch=$(cat .nixpkgs-auxfiles/git_branch) \
gitTag=$(cat .nixpkgs-auxfiles/git_tag) \
gitDate=$(cat .nixpkgs-auxfiles/git_date) \
substituteAllInPlace src/scmversion/gen_scmversion.sh
'';
# error: cannot convert 'int16x8_t' to '__Int32x4_t'
env.NIX_CFLAGS_COMPILE = lib.optionalString stdenv.hostPlatform.isAarch64 "-flax-vector-conversions";
installCheckPhase = ''
runHook preInstallCheck
$out/share/duckstation/common-tests
runHook postInstallCheck
'';
installPhase = ''
runHook preInstall
mkdir -p $out/bin $out/share
cp -r bin $out/share/duckstation
ln -s $out/share/duckstation/duckstation-qt $out/bin/
install -Dm644 $src/scripts/org.duckstation.DuckStation.desktop $out/share/applications/org.duckstation.DuckStation.desktop
install -Dm644 $src/scripts/org.duckstation.DuckStation.png $out/share/pixmaps/org.duckstation.DuckStation.png
runHook postInstall
'';
qtWrapperArgs =
let
libPath = lib.makeLibraryPath ([
sources.shaderc-patched
sources.spirv-cross-patched
vulkan-loader
]);
in
[
"--prefix LD_LIBRARY_PATH : ${libPath}"
];
# https://github.com/stenzek/duckstation/blob/master/scripts/appimage/apprun-hooks/default-to-x11.sh
# Can't avoid the double wrapping, the binary wrapper from qtWrapperArgs doesn't support --run
postFixup = ''
source "${makeWrapper}/nix-support/setup-hook"
wrapProgram $out/bin/duckstation-qt \
--run 'if [[ -z $I_WANT_A_BROKEN_WAYLAND_UI ]]; then export QT_QPA_PLATFORM=xcb; fi'
'';
meta = {
homepage = "https://github.com/stenzek/duckstation";
description = "Fast PlayStation 1 emulator for x86-64/AArch32/AArch64";
license = lib.licenses.gpl3Only;
mainProgram = "duckstation-qt";
maintainers = with lib.maintainers; [
guibou
];
platforms = lib.platforms.linux;
};
})

33
nix/steam_deck/configuration/roles/duckstation/package/remove-cubeb-vendor.patch Normal file
View File

@@ -0,0 +1,33 @@
diff --git a/dep/CMakeLists.txt b/dep/CMakeLists.txt
index af35687..8347825 100644
--- a/dep/CMakeLists.txt
+++ b/dep/CMakeLists.txt
@@ -22,9 +22,8 @@ add_subdirectory(rcheevos EXCLUDE_FROM_ALL)
disable_compiler_warnings_for_target(rcheevos)
add_subdirectory(rapidyaml EXCLUDE_FROM_ALL)
disable_compiler_warnings_for_target(rapidyaml)
-add_subdirectory(cubeb EXCLUDE_FROM_ALL)
-disable_compiler_warnings_for_target(cubeb)
-disable_compiler_warnings_for_target(speex)
+find_package(cubeb REQUIRED GLOBAL)
+add_library(cubeb ALIAS cubeb::cubeb)
add_subdirectory(kissfft EXCLUDE_FROM_ALL)
disable_compiler_warnings_for_target(kissfft)
diff --git a/src/util/cubeb_audio_stream.cpp b/src/util/cubeb_audio_stream.cpp
index 85579c4..339190a 100644
--- a/src/util/cubeb_audio_stream.cpp
+++ b/src/util/cubeb_audio_stream.cpp
@@ -261,9 +261,9 @@ std::vector<std::pair<std::string, std::string>> AudioStream::GetCubebDriverName
std::vector<std::pair<std::string, std::string>> names;
names.emplace_back(std::string(), TRANSLATE_STR("AudioStream", "Default"));
- const char** cubeb_names = cubeb_get_backend_names();
- for (u32 i = 0; cubeb_names[i] != nullptr; i++)
- names.emplace_back(cubeb_names[i], cubeb_names[i]);
+ cubeb_backend_names backends = cubeb_get_backend_names();
+ for (u32 i = 0; i < backends.count; i++)
+ names.emplace_back(backends.names[i], backends.names[i]);
return names;
}

20
nix/steam_deck/configuration/roles/duckstation/package/shaderc-patched.nix Normal file
View File

@@ -0,0 +1,20 @@
{
fetchpatch,
duckstation,
shaderc,
}:
shaderc.overrideAttrs (old: {
pname = "shaderc-patched-for-duckstation";
patches = (old.patches or [ ]) ++ [
(fetchpatch {
url = "file://${duckstation.src}/scripts/shaderc-changes.patch";
hash = "sha256-Ps/D+CdSbjVWg3ZGOEcgbpQbCNkI5Nuizm4E5qiM9Wo=";
excludes = [
"CHANGES"
"CMakeLists.txt"
"libshaderc/CMakeLists.txt"
];
})
];
})

166
nix/steam_deck/configuration/roles/duckstation/package/sources.nix Normal file
View File

@@ -0,0 +1,166 @@
{
lib,
duckstation,
fetchFromGitHub,
fetchpatch,
shaderc,
spirv-cross,
discord-rpc,
stdenv,
cmake,
ninja,
}:
{
duckstation =
let
self = {
pname = "duckstation";
version = "0.1-7465";
src = fetchFromGitHub {
owner = "stenzek";
repo = "duckstation";
rev = "aa955b8ae28314ae061613f0ddf13183a98aca03";
#
# Some files are filled by using Git commands; it requires deepClone.
# More info at `checkout_ref` function in nix-prefetch-git.
# However, `.git` is a bit nondeterministic (and Git itself makes no
# guarantees whatsoever).
# Then, in order to enhance reproducibility, what we will do here is:
#
# - Execute the desired Git commands;
# - Save the obtained info into files;
# - Remove `.git` afterwards.
#
deepClone = true;
postFetch = ''
cd $out
mkdir -p .nixpkgs-auxfiles/
git rev-parse HEAD > .nixpkgs-auxfiles/git_hash
git rev-parse --abbrev-ref HEAD | tr -d '\r\n' > .nixpkgs-auxfiles/git_branch
git describe --dirty | tr -d '\r\n' > .nixpkgs-auxfiles/git_tag
git log -1 --date=iso8601-strict --format=%cd > .nixpkgs-auxfiles/git_date
find $out -name .git -print0 | xargs -0 rm -fr
'';
hash = "sha256-ixrlr7Rm6GZAn/kh2sSeCCiK/qdmQ5+5jbbhAKjTx/E=";
};
};
in
self;
shaderc-patched = shaderc.overrideAttrs (
old:
let
version = "2024.3-unstable-2024-08-24";
src = fetchFromGitHub {
owner = "stenzek";
repo = "shaderc";
rev = "f60bb80e255144e71776e2ad570d89b78ea2ab4f";
hash = "sha256-puZxkrEVhhUT4UcCtEDmtOMX4ugkB6ooMhKRBlb++lE=";
};
in
{
pname = "shaderc-patched-for-duckstation";
inherit version src;
patches = (old.patches or [ ]);
cmakeFlags = (old.cmakeFlags or [ ]) ++ [
(lib.cmakeBool "SHADERC_SKIP_EXAMPLES" true)
(lib.cmakeBool "SHADERC_SKIP_TESTS" true)
];
outputs = [
"out"
"lib"
"dev"
];
postFixup = '''';
}
);
spirv-cross-patched = spirv-cross.overrideAttrs (
old:
let
version = "1.3.290.0";
src = fetchFromGitHub {
owner = "KhronosGroup";
repo = "SPIRV-Cross";
rev = "vulkan-sdk-${version}";
hash = "sha256-h5My9PbPq1l03xpXQQFolNy7G1RhExtTH6qPg7vVF/8=";
};
in
{
pname = "spirv-cross-patched-for-duckstation";
inherit version src;
patches = (old.patches or [ ]);
cmakeFlags = (old.cmakeFlags or [ ]) ++ [
(lib.cmakeBool "SPIRV_CROSS_CLI" false)
(lib.cmakeBool "SPIRV_CROSS_ENABLE_CPP" false)
(lib.cmakeBool "SPIRV_CROSS_ENABLE_C_API" true)
(lib.cmakeBool "SPIRV_CROSS_ENABLE_GLSL" true)
(lib.cmakeBool "SPIRV_CROSS_ENABLE_HLSL" false)
(lib.cmakeBool "SPIRV_CROSS_ENABLE_MSL" false)
(lib.cmakeBool "SPIRV_CROSS_ENABLE_REFLECT" false)
(lib.cmakeBool "SPIRV_CROSS_ENABLE_TESTS" false)
(lib.cmakeBool "SPIRV_CROSS_ENABLE_UTIL" true)
(lib.cmakeBool "SPIRV_CROSS_SHARED" true)
(lib.cmakeBool "SPIRV_CROSS_STATIC" false)
];
}
);
discord-rpc-patched = discord-rpc.overrideAttrs (old: {
pname = "discord-rpc-patched-for-duckstation";
version = "3.4.0-unstable-2024-08-02";
src = fetchFromGitHub {
owner = "stenzek";
repo = "discord-rpc";
rev = "144f3a3f1209994d8d9e8a87964a989cb9911c1e";
hash = "sha256-VyL8bEjY001eHWcEoUPIAFDAmaAbwcNb1hqlV2a3cWs=";
};
patches = (old.patches or [ ]);
});
soundtouch-patched = stdenv.mkDerivation (finalAttrs: {
pname = "soundtouch-patched-for-duckstation";
version = "2.2.3-unstable-2024-08-02";
src = fetchFromGitHub {
owner = "stenzek";
repo = "soundtouch";
rev = "463ade388f3a51da078dc9ed062bf28e4ba29da7";
hash = "sha256-hvBW/z+fmh/itNsJnlDBtiI1DZmUMO9TpHEztjo2pA0=";
};
nativeBuildInputs = [
cmake
ninja
];
meta = {
homepage = "https://github.com/stenzek/soundtouch";
description = "SoundTouch Audio Processing Library (forked from https://codeberg.org/soundtouch/soundtouch)";
license = lib.licenses.lgpl21;
platforms = lib.platforms.linux;
};
});
lunasvg = stdenv.mkDerivation (finalAttrs: {
pname = "lunasvg-patched-for-duckstation";
version = "2.4.1-unstable-2024-08-24";
src = fetchFromGitHub {
owner = "stenzek";
repo = "lunasvg";
rev = "9af1ac7b90658a279b372add52d6f77a4ebb482c";
hash = "sha256-ZzOe84ZF5JRrJ9Lev2lwYOccqtEGcf76dyCDBDTvI2o=";
};
nativeBuildInputs = [
cmake
ninja
];
meta = {
homepage = "https://github.com/stenzek/lunasvg";
description = "Standalone SVG rendering library in C++";
license = lib.licenses.mit;
platforms = lib.platforms.linux;
};
});
}

5
nix/steam_deck/configuration/roles/shipwright/default.nix
View File

@@ -49,6 +49,7 @@ in
(
final: prev:
let
modified_package = (pkgs.callPackage ./package/package.nix { });
optimizeWithFlags =
pkg: flags:
pkg.overrideAttrs (old: {
@@ -57,12 +58,12 @@ in
});
original_package =
if config.me.optimizations.enable then
(optimizeWithFlags prev.shipwright [
(optimizeWithFlags modified_package [
"-march=znver2"
"-mtune=znver2"
])
else
prev.shipwright;
modified_package;
in
{
shipwright = pkgs.buildEnv {

26
nix/steam_deck/configuration/roles/shipwright/package/LICENSE Normal file
View File

@@ -0,0 +1,26 @@
# The files in this folder are imported from nixpkg https://github.com/NixOS/nixpkgs .
#
# They have slight modifications to fix the package build on my home-manager systems.
#
# The original license is reproduced below:
Copyright (c) 2003-2025 Eelco Dolstra and the Nixpkgs/NixOS contributors
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

37
nix/steam_deck/configuration/roles/shipwright/package/darwin-fixes.patch Normal file
View File

@@ -0,0 +1,37 @@
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 2771ee8c..0702adad 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -250,17 +250,13 @@ endif()
if(CMAKE_SYSTEM_NAME MATCHES "Darwin")
add_custom_target(CreateOSXIcons
COMMAND mkdir -p ${CMAKE_BINARY_DIR}/macosx/soh.iconset
- COMMAND sips -z 16 16 ${CMAKE_SOURCE_DIR}/soh/macosx/sohIcon.png --out ${CMAKE_BINARY_DIR}/macosx/soh.iconset/icon_16x16.png
- COMMAND sips -z 32 32 ${CMAKE_SOURCE_DIR}/soh/macosx/sohIcon.png --out ${CMAKE_BINARY_DIR}/macosx/soh.iconset/icon_16x16@2x.png
- COMMAND sips -z 32 32 ${CMAKE_SOURCE_DIR}/soh/macosx/sohIcon.png --out ${CMAKE_BINARY_DIR}/macosx/soh.iconset/icon_32x32.png
- COMMAND sips -z 64 64 ${CMAKE_SOURCE_DIR}/soh/macosx/sohIcon.png --out ${CMAKE_BINARY_DIR}/macosx/soh.iconset/icon_32x32@2x.png
- COMMAND sips -z 128 128 ${CMAKE_SOURCE_DIR}/soh/macosx/sohIcon.png --out ${CMAKE_BINARY_DIR}/macosx/soh.iconset/icon_128x128.png
- COMMAND sips -z 256 256 ${CMAKE_SOURCE_DIR}/soh/macosx/sohIcon.png --out ${CMAKE_BINARY_DIR}/macosx/soh.iconset/icon_128x128@2x.png
- COMMAND sips -z 256 256 ${CMAKE_SOURCE_DIR}/soh/macosx/sohIcon.png --out ${CMAKE_BINARY_DIR}/macosx/soh.iconset/icon_256x256.png
- COMMAND sips -z 512 512 ${CMAKE_SOURCE_DIR}/soh/macosx/sohIcon.png --out ${CMAKE_BINARY_DIR}/macosx/soh.iconset/icon_256x256@2x.png
- COMMAND sips -z 512 512 ${CMAKE_SOURCE_DIR}/soh/macosx/sohIcon.png --out ${CMAKE_BINARY_DIR}/macosx/soh.iconset/icon_512x512.png
- COMMAND cp ${CMAKE_SOURCE_DIR}/soh/macosx/sohIcon.png ${CMAKE_BINARY_DIR}/macosx/soh.iconset/icon_512x512@2x.png
- COMMAND iconutil -c icns -o ${CMAKE_BINARY_DIR}/macosx/soh.icns ${CMAKE_BINARY_DIR}/macosx/soh.iconset
+ COMMAND convert ${CMAKE_SOURCE_DIR}/soh/macosx/sohIcon.png -resize 16x16 ${CMAKE_BINARY_DIR}/macosx/soh.iconset/icon_16.png
+ COMMAND convert ${CMAKE_SOURCE_DIR}/soh/macosx/sohIcon.png -resize 32x32 ${CMAKE_BINARY_DIR}/macosx/soh.iconset/icon_32.png
+ COMMAND convert ${CMAKE_SOURCE_DIR}/soh/macosx/sohIcon.png -resize 64x64 ${CMAKE_BINARY_DIR}/macosx/soh.iconset/icon_64.png
+ COMMAND convert ${CMAKE_SOURCE_DIR}/soh/macosx/sohIcon.png -resize 128x128 ${CMAKE_BINARY_DIR}/macosx/soh.iconset/icon_128.png
+ COMMAND convert ${CMAKE_SOURCE_DIR}/soh/macosx/sohIcon.png -resize 256x256 ${CMAKE_BINARY_DIR}/macosx/soh.iconset/icon_256.png
+ COMMAND convert ${CMAKE_SOURCE_DIR}/soh/macosx/sohIcon.png -resize 512x512 ${CMAKE_BINARY_DIR}/macosx/soh.iconset/icon_512.png
+ COMMAND png2icns ${CMAKE_BINARY_DIR}/macosx/soh.icns ${CMAKE_BINARY_DIR}/macosx/soh.iconset/icon_{16,32,64,128,256,512}.png
WORKING_DIRECTORY ${CMAKE_SOURCE_DIR}
COMMENT "Creating OSX icons ..."
)
@@ -288,7 +284,6 @@ INSTALL(CODE "FILE(RENAME \${CMAKE_INSTALL_PREFIX}/../MacOS/soh-macos \${CMAKE_I
install(CODE "
include(BundleUtilities)
- fixup_bundle(\"\${CMAKE_INSTALL_PREFIX}/../MacOS/soh\" \"\" \"${dirs}\")
")
endif()

16
nix/steam_deck/configuration/roles/shipwright/package/disable-downloading-stb_image.patch Normal file
View File

@@ -0,0 +1,16 @@
Submodule libultraship contains modified content
diff --git a/libultraship/cmake/dependencies/common.cmake b/libultraship/cmake/dependencies/common.cmake
index 596158c..c62d7b2 100644
--- a/libultraship/cmake/dependencies/common.cmake
+++ b/libultraship/cmake/dependencies/common.cmake
@@ -47,10 +47,6 @@ set(stormlib_optimizations_patch git apply ${CMAKE_CURRENT_SOURCE_DIR}/cmake/dep
endif()
#=================== STB ===================
-set(STB_DIR ${CMAKE_BINARY_DIR}/_deps/stb)
-file(DOWNLOAD "https://github.com/nothings/stb/raw/0bc88af4de5fb022db643c2d8e549a0927749354/stb_image.h" "${STB_DIR}/stb_image.h")
-file(WRITE "${STB_DIR}/stb_impl.c" "#define STB_IMAGE_IMPLEMENTATION\n#include \"stb_image.h\"")
-
add_library(stb STATIC)
target_sources(stb PRIVATE

291
nix/steam_deck/configuration/roles/shipwright/package/package.nix Normal file
View File

@@ -0,0 +1,291 @@
{
apple-sdk_13,
stdenv,
cmake,
lsb-release,
ninja,
lib,
fetchFromGitHub,
fetchurl,
copyDesktopItems,
makeDesktopItem,
python3,
glew,
boost,
SDL2,
SDL2_net,
pkg-config,
libpulseaudio,
libpng,
imagemagick,
zenity,
makeWrapper,
darwin,
libicns,
libzip,
nlohmann_json,
tinyxml-2,
spdlog,
writeTextFile,
fixDarwinDylibNames,
applyPatches,
}:
let
# The following would normally get fetched at build time, or a specific version is required
shipwright_version = "9.0.5";
shipwright_src = fetchFromGitHub {
owner = "harbourmasters";
repo = "shipwright";
tag = shipwright_version;
hash = "sha256-F5d4u3Nq/+yYiOgkH/bwWPhZDxgBpJ5ktee0Hc5UmEo=";
fetchSubmodules = true;
deepClone = true;
postFetch = ''
cd $out
git branch --show-current > GIT_BRANCH
git rev-parse --short=7 HEAD > GIT_COMMIT_HASH
(git describe --tags --abbrev=0 --exact-match HEAD 2>/dev/null || echo "") > GIT_COMMIT_TAG
rm -rf .git
'';
};
gamecontrollerdb = fetchFromGitHub {
owner = "mdqinc";
repo = "SDL_GameControllerDB";
rev = "a74711e1e87733ccdf02d7020d8fa9e4fa67176e";
hash = "sha256-rXC4akz9BaKzr/C2CryZC6RGk6+fGVG7RsQryUFUUk0=";
};
imgui' = applyPatches {
src = fetchFromGitHub {
owner = "ocornut";
repo = "imgui";
tag = "v1.91.6-docking";
hash = "sha256-28wyzzwXE02W5vbEdRCw2iOF8ONkb3M3Al8XlYBvz1A=";
};
patches = [
"${shipwright_src}/libultraship/cmake/dependencies/patches/imgui-fixes-and-config.patch"
];
};
libgfxd = fetchFromGitHub {
owner = "glankk";
repo = "libgfxd";
rev = "008f73dca8ebc9151b205959b17773a19c5bd0da";
hash = "sha256-AmHAa3/cQdh7KAMFOtz5TQpcM6FqO9SppmDpKPTjTt8=";
};
prism = fetchFromGitHub {
owner = "KiritoDv";
repo = "prism-processor";
rev = "fb3f8b4a2d14dfcbae654d0f0e59a73b6f6ca850";
hash = "sha256-gGdQSpX/TgCNZ0uyIDdnazgVHpAQhl30e+V0aVvTFMM=";
};
stb_impl = writeTextFile {
name = "stb_impl.c";
text = ''
#define STB_IMAGE_IMPLEMENTATION
#include "stb_image.h"
'';
};
stb' = fetchurl {
name = "stb_image.h";
url = "https://raw.githubusercontent.com/nothings/stb/0bc88af4de5fb022db643c2d8e549a0927749354/stb_image.h";
hash = "sha256-xUsVponmofMsdeLsI6+kQuPg436JS3PBl00IZ5sg3Vw=";
};
stormlib' = applyPatches {
src = fetchFromGitHub {
owner = "ladislav-zezula";
repo = "StormLib";
tag = "v9.25";
hash = "sha256-HTi2FKzKCbRaP13XERUmHkJgw8IfKaRJvsK3+YxFFdc=";
};
patches = [
"${shipwright_src}/libultraship/cmake/dependencies/patches/stormlib-optimizations.patch"
];
};
thread_pool = fetchFromGitHub {
owner = "bshoshany";
repo = "thread-pool";
tag = "v4.1.0";
hash = "sha256-zhRFEmPYNFLqQCfvdAaG5VBNle9Qm8FepIIIrT9sh88=";
};
metalcpp = fetchFromGitHub {
owner = "briaguya-ai";
repo = "single-header-metal-cpp";
tag = "macOS13_iOS16";
hash = "sha256-CSYIpmq478bla2xoPL/cGYKIWAeiORxyFFZr0+ixd7I";
};
in
stdenv.mkDerivation (finalAttrs: {
pname = "shipwright";
version = shipwright_version;
src = shipwright_src;
patches = [
./darwin-fixes.patch
./disable-downloading-stb_image.patch
];
nativeBuildInputs = [
cmake
ninja
pkg-config
python3
imagemagick
makeWrapper
]
++ lib.optionals stdenv.hostPlatform.isLinux [
lsb-release
copyDesktopItems
]
++ lib.optionals stdenv.hostPlatform.isDarwin [
libicns
darwin.sigtool
fixDarwinDylibNames
];
buildInputs = [
boost
glew
SDL2
SDL2_net
libpng
libzip
nlohmann_json
tinyxml-2
spdlog
]
++ lib.optionals stdenv.hostPlatform.isLinux [
libpulseaudio
zenity
]
++ lib.optionals stdenv.hostPlatform.isDarwin [
# Metal.hpp requires macOS 13.x min.
apple-sdk_13
];
cmakeFlags = [
(lib.cmakeBool "BUILD_REMOTE_CONTROL" true)
(lib.cmakeBool "NON_PORTABLE" true)
(lib.cmakeFeature "CMAKE_INSTALL_PREFIX" "${placeholder "out"}/lib")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_IMGUI" "${imgui'}")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_LIBGFXD" "${libgfxd}")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_PRISM" "${prism}")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_STORMLIB" "${stormlib'}")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_THREADPOOL" "${thread_pool}")
]
++ lib.optionals stdenv.hostPlatform.isDarwin [
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_METALCPP" "${metalcpp}")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_SPDLOG" "${spdlog}")
];
env.NIX_CFLAGS_COMPILE = lib.optionalString stdenv.hostPlatform.isDarwin "-Wno-int-conversion -Wno-implicit-int -Wno-elaborated-enum-base";
dontAddPrefix = true;
# Linking fails without this
hardeningDisable = [ "format" ];
preConfigure = ''
mkdir stb
cp ${stb'} ./stb/${stb'.name}
cp ${stb_impl} ./stb/${stb_impl.name}
substituteInPlace libultraship/cmake/dependencies/common.cmake \
--replace-fail "\''${STB_DIR}" "$(readlink -f ./stb)"
'';
postPatch = ''
substituteInPlace soh/src/boot/build.c.in \
--replace-fail "@CMAKE_PROJECT_GIT_BRANCH@" "$(cat GIT_BRANCH)" \
--replace-fail "@CMAKE_PROJECT_GIT_COMMIT_HASH@" "$(cat GIT_COMMIT_HASH)" \
--replace-fail "@CMAKE_PROJECT_GIT_COMMIT_TAG@" "$(cat GIT_COMMIT_TAG)"
'';
postBuild = ''
port_ver=$(grep CMAKE_PROJECT_VERSION: "$PWD/CMakeCache.txt" | cut -d= -f2)
cp ${gamecontrollerdb}/gamecontrollerdb.txt gamecontrollerdb.txt
mv ../libultraship/src/graphic/Fast3D/shaders ../soh/assets/custom
pushd ../OTRExporter
python3 ./extract_assets.py -z ../build/ZAPD/ZAPD.out --norom --xml-root ../soh/assets/xml --custom-assets-path ../soh/assets/custom --custom-otr-file soh.otr --port-ver $port_ver
popd
'';
preInstall = ''
# Cmake likes it here for its install paths
cp ../OTRExporter/soh.otr soh/soh.otr
'';
postInstall =
lib.optionalString stdenv.hostPlatform.isLinux ''
mkdir -p $out/bin
ln -s $out/lib/soh.elf $out/bin/soh
install -Dm644 ../soh/macosx/sohIcon.png $out/share/pixmaps/soh.png
''
+ lib.optionalString stdenv.hostPlatform.isDarwin ''
# Recreate the macOS bundle (without using cpack)
# We mirror the structure of the bundle distributed by the project
mkdir -p $out/Applications/soh.app/Contents
cp $src/soh/macosx/Info.plist.in $out/Applications/soh.app/Contents/Info.plist
substituteInPlace $out/Applications/soh.app/Contents/Info.plist \
--replace-fail "@CMAKE_PROJECT_VERSION@" "${finalAttrs.version}"
mv $out/MacOS $out/Applications/soh.app/Contents/MacOS
# "lib" contains all resources that are in "Resources" in the official bundle.
# We move them to the right place and symlink them back to $out/lib,
# as that's where the game expects them.
mv $out/Resources $out/Applications/soh.app/Contents/Resources
mv $out/lib/** $out/Applications/soh.app/Contents/Resources
rm -rf $out/lib
ln -s $out/Applications/soh.app/Contents/Resources $out/lib
# Copy icons
cp -r ../build/macosx/soh.icns $out/Applications/soh.app/Contents/Resources/soh.icns
# Codesign (ad-hoc)
codesign -f -s - $out/Applications/soh.app/Contents/MacOS/soh
'';
fixupPhase = lib.optionalString stdenv.hostPlatform.isLinux ''
wrapProgram $out/lib/soh.elf --prefix PATH ":" ${lib.makeBinPath [ zenity ]}
'';
desktopItems = [
(makeDesktopItem {
name = "soh";
icon = "soh";
exec = "soh";
comment = finalAttrs.meta.description;
genericName = "Ship of Harkinian";
desktopName = "soh";
categories = [ "Game" ];
})
];
meta = {
homepage = "https://github.com/HarbourMasters/Shipwright";
description = "PC port of Ocarina of Time with modern controls, widescreen, high-resolution, and more";
mainProgram = "soh";
platforms = lib.platforms.linux ++ lib.platforms.darwin;
maintainers = with lib.maintainers; [
j0lol
matteopacini
];
license = with lib.licenses; [
# OTRExporter, OTRGui, ZAPDTR, libultraship
mit
# Ship of Harkinian itself
unfree
];
};
})

89
nix/steam_deck/configuration/roles/spaghettikart/default.nix Normal file
View File

@@ -0,0 +1,89 @@
{
config,
lib,
pkgs,
...
}:
let
steam_spaghettikart = pkgs.writeScriptBin "steam_Spaghettify" ''
export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:${pkgs.libglvnd}/lib"
exec ${pkgs.spaghettikart}/bin/Spaghettify "''${@}"
'';
in
{
imports = [ ];
options.me = {
spaghettikart.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install spaghettikart.";
};
};
config = lib.mkIf config.me.spaghettikart.enable (
lib.mkMerge [
{
allowedUnfree = [ "spaghettikart" ];
}
(lib.mkIf config.me.graphical {
home.packages = with pkgs; [
spaghettikart
steam_spaghettikart
];
home.file.".local/share/spaghettikart/spaghettify.cfg.json" = {
source = ./files/spaghettify.cfg.json;
};
home.persistence."/home/deck/.persist" = {
files = [
".local/share/spaghettikart/default.sav"
".local/share/spaghettikart/mk64.o2r"
];
};
nixpkgs.overlays = [
(
final: prev:
let
modified_package = (pkgs.callPackage ./package/package.nix { });
optimizeWithFlags =
pkg: flags:
pkg.overrideAttrs (old: {
NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags;
});
original_package =
if config.me.optimizations.enable then
(optimizeWithFlags modified_package [
"-march=znver2"
"-mtune=znver2"
])
else
modified_package;
in
{
spaghettikart = pkgs.buildEnv {
name = prev.spaghettikart.name;
paths = [
(config.lib.nixGL.wrap original_package)
];
extraOutputsToInstall = [
"man"
"doc"
"info"
];
# We have to use 555 instead of the normal 444 here because the .desktop file ends up inside $HOME on steam deck and desktop files must be either not in $HOME or must be executable, otherwise KDE Plasma refuses to execute them.
postBuild = ''
chmod 0555 $out/share/applications/spaghettikart.desktop
'';
};
}
)
];
})
]
);
}

14
nix/steam_deck/configuration/roles/spaghettikart/files/spaghettify.cfg.json Normal file
View File

@@ -0,0 +1,14 @@
{
"CVars": {
"gDisableLod": 1,
"gMSAAValue": 2,
"gShowSpaghettiVersion": 0,
"gSkipIntro": 1,
"gVsyncEnabled": 1
},
"Window": {
"Fullscreen": {
"Enabled": true
}
}
}

26
nix/steam_deck/configuration/roles/spaghettikart/package/LICENSE Normal file
View File

@@ -0,0 +1,26 @@
# The files in this folder are imported from nixpkg https://github.com/NixOS/nixpkgs .
#
# They have slight modifications to fix the package build on my home-manager systems.
#
# The original license is reproduced below:
Copyright (c) 2003-2025 Eelco Dolstra and the Nixpkgs/NixOS contributors
Permission is hereby granted, free of charge, to any person obtaining
a copy of this software and associated documentation files (the
"Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish,
distribute, sublicense, and/or sell copies of the Software, and to
permit persons to whom the Software is furnished to do so, subject to
the following conditions:
The above copyright notice and this permission notice shall be
included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

16
nix/steam_deck/configuration/roles/spaghettikart/package/dont-fetch-stb.patch Normal file
View File

@@ -0,0 +1,16 @@
Submodule libultraship contains modified content
diff --git a/libultraship/cmake/dependencies/common.cmake b/libultraship/cmake/dependencies/common.cmake
index 596158c..c62d7b2 100644
--- a/libultraship/cmake/dependencies/common.cmake
+++ b/libultraship/cmake/dependencies/common.cmake
@@ -47,10 +47,6 @@ set(stormlib_optimizations_patch git apply ${CMAKE_CURRENT_SOURCE_DIR}/cmake/dep
endif()
#=================== STB ===================
-set(STB_DIR ${CMAKE_BINARY_DIR}/_deps/stb)
-file(DOWNLOAD "https://github.com/nothings/stb/raw/0bc88af4de5fb022db643c2d8e549a0927749354/stb_image.h" "${STB_DIR}/stb_image.h")
-file(WRITE "${STB_DIR}/stb_impl.c" "#define STB_IMAGE_IMPLEMENTATION\n#include \"stb_image.h\"")
-
add_library(stb STATIC)
target_sources(stb PRIVATE

44
nix/steam_deck/configuration/roles/spaghettikart/package/git-deps.patch Normal file
View File

@@ -0,0 +1,44 @@
diff --git a/torch/CMakeLists.txt b/torch/CMakeLists.txt
index ba3859a..cf3da99 100644
--- a/torch/CMakeLists.txt
+++ b/torch/CMakeLists.txt
@@ -36,8 +36,7 @@ if(USE_STANDALONE)
# Because libgfxd is not a CMake project, we have to manually fetch it and add it to the build
FetchContent_Declare(
libgfxd
- GIT_REPOSITORY https://github.com/glankk/libgfxd.git
- GIT_TAG 96fd3b849f38b3a7c7b7f3ff03c5921d328e6cdf
+ URL @libgfxd_src@
)
FetchContent_GetProperties(libgfxd)
@@ -205,8 +204,7 @@ set(YAML_CPP_BUILD_TESTS OFF)
set(YAML_CPP_DISABLE_UNINSTALL ON)
FetchContent_Declare(
yaml-cpp
- GIT_REPOSITORY https://github.com/jbeder/yaml-cpp.git
- GIT_TAG 2f86d13775d119edbb69af52e5f566fd65c6953b
+ URL @yaml-cpp_src@
)
set(YAML_CPP_BUILD_TESTS OFF)
FetchContent_MakeAvailable(yaml-cpp)
@@ -219,8 +217,7 @@ endif()
if(USE_STANDALONE)
FetchContent_Declare(
spdlog
- GIT_REPOSITORY https://github.com/gabime/spdlog.git
- GIT_TAG 7e635fca68d014934b4af8a1cf874f63989352b7
+ URL @spdlog_src@
)
FetchContent_MakeAvailable(spdlog)
@@ -234,8 +231,7 @@ endif()
set(tinyxml2_BUILD_TESTING OFF)
FetchContent_Declare(
tinyxml2
- GIT_REPOSITORY https://github.com/leethomason/tinyxml2.git
- GIT_TAG 10.0.0
+ URL @tinyxml2_src@
OVERRIDE_FIND_PACKAGE
)
FetchContent_MakeAvailable(tinyxml2)

264
nix/steam_deck/configuration/roles/spaghettikart/package/package.nix Normal file
View File

@@ -0,0 +1,264 @@
{
lib,
fetchFromGitHub,
applyPatches,
writeTextFile,
fetchurl,
stdenv,
replaceVars,
yaml-cpp,
srcOnly,
cmake,
copyDesktopItems,
installShellFiles,
lsb-release,
makeWrapper,
ninja,
pkg-config,
libGL,
libvorbis,
libX11,
libzip,
nlohmann_json,
SDL2,
SDL2_net,
spdlog,
tinyxml-2,
zenity,
sdl_gamecontrollerdb,
makeDesktopItem,
}:
let
# The following are either normally fetched during build time or a specific version is required
spaghettikart_src = fetchFromGitHub {
owner = "HarbourMasters";
repo = "SpaghettiKart";
rev = "334fdeafd26c15e03b4f198002ad86b8422c0e2f";
hash = "sha256-0nDaX34C7stg7S2mzPChz0fRz/t7yyevKEAPmIR+lak=";
fetchSubmodules = true;
deepClone = true;
postFetch = ''
cd $out
(git describe --tags HEAD 2>/dev/null || echo "") > PROJECT_VERSION
git log --pretty=format:%h -1 > PROJECT_VERSION_PATCH
rm -rf .git
'';
};
dr_libs = fetchFromGitHub {
owner = "mackron";
repo = "dr_libs";
rev = "da35f9d6c7374a95353fd1df1d394d44ab66cf01";
hash = "sha256-ydFhQ8LTYDBnRTuETtfWwIHZpRciWfqGsZC6SuViEn0=";
};
imgui' = applyPatches {
src = fetchFromGitHub {
owner = "ocornut";
repo = "imgui";
tag = "v1.91.9b-docking";
hash = "sha256-mQOJ6jCN+7VopgZ61yzaCnt4R1QLrW7+47xxMhFRHLQ=";
};
patches = [
"${spaghettikart_src}/libultraship/cmake/dependencies/patches/imgui-fixes-and-config.patch"
];
};
libgfxd = fetchFromGitHub {
owner = "glankk";
repo = "libgfxd";
rev = "008f73dca8ebc9151b205959b17773a19c5bd0da";
hash = "sha256-AmHAa3/cQdh7KAMFOtz5TQpcM6FqO9SppmDpKPTjTt8=";
};
prism = fetchFromGitHub {
owner = "KiritoDv";
repo = "prism-processor";
rev = "7ae724a6fb7df8cbf547445214a1a848aefef747";
hash = "sha256-G7koDUxD6PgZWmoJtKTNubDHg6Eoq8I+AxIJR0h3i+A=";
};
stb_impl = writeTextFile {
name = "stb_impl.c";
text = ''
#define STB_IMAGE_IMPLEMENTATION
#include "stb_image.h"
'';
};
stb' = fetchurl {
name = "stb_image.h";
url = "https://raw.githubusercontent.com/nothings/stb/0bc88af4de5fb022db643c2d8e549a0927749354/stb_image.h";
hash = "sha256-xUsVponmofMsdeLsI6+kQuPg436JS3PBl00IZ5sg3Vw=";
};
stormlib' = applyPatches {
src = fetchFromGitHub {
owner = "ladislav-zezula";
repo = "StormLib";
tag = "v9.25";
hash = "sha256-HTi2FKzKCbRaP13XERUmHkJgw8IfKaRJvsK3+YxFFdc=";
};
patches = [
"${spaghettikart_src}/libultraship/cmake/dependencies/patches/stormlib-optimizations.patch"
];
};
thread_pool = fetchFromGitHub {
owner = "bshoshany";
repo = "thread-pool";
tag = "v4.1.0";
hash = "sha256-zhRFEmPYNFLqQCfvdAaG5VBNle9Qm8FepIIIrT9sh88=";
};
in
stdenv.mkDerivation (finalAttrs: {
pname = "spaghettikart";
version = "0-unstable-2025-08-07";
src = spaghettikart_src;
patches = [
# Don't fetch stb as we will patch our own
./dont-fetch-stb.patch
# Can't fetch these torch deps in the sandbox
(replaceVars ./git-deps.patch {
libgfxd_src = fetchFromGitHub {
owner = "glankk";
repo = "libgfxd";
rev = "96fd3b849f38b3a7c7b7f3ff03c5921d328e6cdf";
hash = "sha256-dedZuV0BxU6goT+rPvrofYqTz9pTA/f6eQcsvpDWdvQ=";
};
spdlog_src = fetchFromGitHub {
owner = "gabime";
repo = "spdlog";
rev = "7e635fca68d014934b4af8a1cf874f63989352b7";
hash = "sha256-cxTaOuLXHRU8xMz9gluYz0a93O0ez2xOxbloyc1m1ns=";
};
yaml-cpp_src = fetchFromGitHub {
owner = "jbeder";
repo = "yaml-cpp";
rev = "28f93bdec6387d42332220afa9558060c8016795";
hash = "sha256-59/s4Rqiiw7LKQw0UwH3vOaT/YsNVcoq3vblK0FiO5c=";
};
tinyxml2_src = srcOnly tinyxml-2;
})
];
# Recent builds enabled LTO which won't build with nix
NIX_CFLAGS_COMPILE = "-fno-lto";
nativeBuildInputs = [
cmake
copyDesktopItems
installShellFiles
lsb-release
makeWrapper
ninja
pkg-config
];
buildInputs = [
libGL
libvorbis
libX11
libzip
nlohmann_json
SDL2
SDL2_net
spdlog
tinyxml-2
zenity
];
cmakeFlags = [
(lib.cmakeFeature "CMAKE_INSTALL_PREFIX" "${placeholder "out"}")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_DR_LIBS" "${dr_libs}")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_IMGUI" "${imgui'}")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_LIBGFXD" "${libgfxd}")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_PRISM" "${prism}")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_STORMLIB" "${stormlib'}")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_THREADPOOL" "${thread_pool}")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_TINYXML2" "${tinyxml-2}")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_YAML-CPP" "${yaml-cpp.src}")
];
strictDeps = true;
# Linking fails without this
hardeningDisable = [ "format" ];
preConfigure = ''
mkdir stb
cp ${stb'} ./stb/${stb'.name}
cp ${stb_impl} ./stb/${stb_impl.name}
substituteInPlace libultraship/cmake/dependencies/common.cmake \
--replace-fail "\''${STB_DIR}" "$(readlink -f ./stb)"
'';
postPatch = ''
substituteInPlace CMakeLists.txt \
--replace-fail "COMMAND git describe --tags" "COMMAND echo $(cat PROJECT_VERSION)" \
--replace-fail "COMMAND git log --pretty=format:%h -1" "COMMAND echo $(cat PROJECT_VERSION_PATCH)"
'';
postBuild = ''
cp ${sdl_gamecontrollerdb}/share/gamecontrollerdb.txt gamecontrollerdb.txt
./TorchExternal/src/TorchExternal-build/torch pack ../assets spaghetti.o2r o2r
'';
postInstall = ''
installBin Spaghettify
mkdir -p $out/share/spaghettikart
cp -r ../yamls $out/share/spaghettikart/
install -Dm644 -t $out/share/spaghettikart {spaghetti.o2r,config.yml,gamecontrollerdb.txt}
install -Dm644 ../icon.png $out/share/pixmaps/spaghettikart.png
install -Dm644 -t $out/share/licenses/spaghettikart/libgfxd ${libgfxd}/LICENSE
install -Dm644 -t $out/share/licenses/spaghettikart/libultraship ../libultraship/LICENSE
install -Dm644 -t $out/share/licenses/spaghettikart/thread_pool ${thread_pool}/LICENSE.txt
'';
# Unfortunately, spaghettikart really wants a writable working directory
# Create $HOME/.local/share/spaghettikart and symlink required files
postFixup = ''
wrapProgram $out/bin/Spaghettify \
--prefix PATH ":" ${lib.makeBinPath [ zenity ]} \
--run 'mkdir -p ~/.local/share/spaghettikart' \
--run "ln -sf $out/share/spaghettikart/spaghetti.o2r ~/.local/share/spaghettikart/spaghetti.o2r" \
--run "ln -sf $out/share/spaghettikart/config.yml ~/.local/share/spaghettikart/config.yml" \
--run "ln -sfT $out/share/spaghettikart/yamls ~/.local/share/spaghettikart/yamls" \
--run "ln -sf $out/share/spaghettikart/gamecontrollerdb.txt ~/.local/share/spaghettikart/gamecontrollerdb.txt" \
--run 'cd ~/.local/share/spaghettikart'
'';
desktopItems = [
(makeDesktopItem {
name = "spaghettikart";
icon = "spaghettikart";
exec = "Spaghettify";
comment = finalAttrs.meta.description;
genericName = "spaghettikart";
desktopName = "spaghettikart";
categories = [ "Game" ];
})
];
meta = {
homepage = "https://github.com/HarbourMasters/SpaghettiKart";
description = "Mario Kart 64 PC Port";
mainProgram = "Spaghettify";
platforms = [ "x86_64-linux" ];
maintainers = with lib.maintainers; [ qubitnano ];
license = with lib.licenses; [
# libultraship, libgfxd, thread_pool, dr_libs, prism-processor
mit
# Reverse engineering
unfree
];
};
})

1
nix/yubipi/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
result

177
nix/yubipi/configuration.nix Normal file
View File

@@ -0,0 +1,177 @@
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
"${modulesPath}/installer/sd-card/sd-image.nix"
./roles/image_based_appliance
./roles/optimized_build
./roles/raspberry_pi_sd_image
./roles/reset
# ./util/install_files
./util/unfree_polyfill
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings.trusted-users = [ "@wheel" ];
hardware.enableRedistributableFirmware = true;
# Keep outputs so we can build offline.
nix.extraOptions = ''
keep-outputs = true
keep-derivations = true
substitute = false
'';
# Technically only needed when building the ISO because nix detects ZFS in the filesystem list normally. I basically always want this so I'm just setting it to always be on.
boot.supportedFilesystems.zfs = true;
# TODO: Is this different from boot.supportedFilesystems = [ "zfs" ]; ?
services.getty = {
autologinUser = "talexander";
autologinOnce = true;
};
users.mutableUsers = false;
users.users.talexander = {
isNormalUser = true;
createHome = true; # https://github.com/NixOS/nixpkgs/issues/6481
group = "talexander";
extraGroups = [ "wheel" ];
uid = 11235;
packages = with pkgs; [
tree
];
# Generate with `mkpasswd -m scrypt`
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
];
};
users.groups.talexander.gid = 11235;
# Automatic garbage collection
nix.gc = lib.mkIf (!config.me.image_based_appliance.enable) {
# Runs nix-collect-garbage --delete-older-than 5d
automatic = true;
persistent = true;
dates = "monthly";
# randomizedDelaySec = "14m";
options = "--delete-older-than 30d";
};
nix.settings.auto-optimise-store = true;
nix.settings.substituters = lib.mkForce [ ];
# Use doas instead of sudo
security.doas.enable = true;
security.doas.wheelNeedsPassword = false;
security.sudo.enable = false;
security.doas.extraRules = [
{
# Retain environment (for example NIX_PATH)
keepEnv = true;
persist = true; # Only ask for a password the first time.
}
];
environment.systemPackages = with pkgs; [
# wget
# mg
# rsync
# libinput
# htop
# tmux
# file
# usbutils # for lsusb
# pciutils # for lspci
# ripgrep
# strace
# # ltrace # Disabled because it uses more than 48GB of /tmp space during test phase.
# trace-cmd # ftrace
# tcpdump
# git-crypt
# gnumake
# ncdu
# nix-tree
# libarchive # bsdtar
# lsof
# doas-sudo-shim # To support --sudo for remote builds
# dmidecode # Read SMBIOS information.
# ipcalc
# gptfdisk # for cgdisk
# nix-output-monitor # For better view into nixos-rebuild
# nix-serve-ng # Serve nix store over http
];
services.openssh = {
enable = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
hostKeys = [
{
path = "/persist/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
{
path = "/persist/ssh/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}
];
};
boot.initrd.kernelModules = [
# "vc4"
# "bcm2835_dma"
# "i2c_bcm2835"
];
# Compressing through emulation is slow and we're just going to decompress the image anyway.
sdImage.compressImage = false;
# Write a list of the currently installed packages to /etc/current-system-packages
environment.etc."current-system-packages".text =
let
packages = builtins.map (p: "${p.name}") config.environment.systemPackages;
sortedUnique = builtins.sort builtins.lessThan (lib.unique packages);
formatted = builtins.concatStringsSep "\n" sortedUnique;
in
formatted;
nixpkgs.overlays = [
(final: prev: {
efivar = throw "foo";
})
];
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "25.11"; # Did you read the comment?
}

44
nix/yubipi/flake.lock generated Normal file
View File

@@ -0,0 +1,44 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1759381078,
"narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unoptimized": {
"locked": {
"lastModified": 1759381078,
"narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs",
"nixpkgs-unoptimized": "nixpkgs-unoptimized"
}
}
},
"root": "root",
"version": 7
}

43
nix/yubipi/flake.nix Normal file
View File

@@ -0,0 +1,43 @@
{
description = "My system configuration";
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-unoptimized.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs =
{
self,
nixpkgs,
nixpkgs-unoptimized,
...
}@inputs:
let
base_armv6l_linux = rec {
system = "armv6l-linux-linux";
specialArgs = {
pkgs-unoptimized = import nixpkgs-unoptimized {
inherit system;
hostPlatform.gcc.arch = "default";
hostPlatform.gcc.tune = "default";
};
};
modules = [
./configuration.nix
];
};
systems = {
yubipi = rec {
main = base_armv6l_linux // {
modules = base_armv6l_linux.modules ++ [
./hosts/yubipi
];
};
};
};
in
{
nixosConfigurations.yubipi = nixpkgs.lib.nixosSystem systems.yubipi.main;
};
}

9
nix/yubipi/hosts/yubipi/ISO Executable file
View File

@@ -0,0 +1,9 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#nixosConfigurations.yubipi.config.system.build.sdImage" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

46
nix/yubipi/hosts/yubipi/default.nix Normal file
View File

@@ -0,0 +1,46 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./hardware-configuration.nix
./wrapped-disk-config.nix
];
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "61f81c12";
networking.hostName = "yubipi"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.optimizations = {
enable = true;
arch = "armv6";
system_features = [
"gccarch-armv6l"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Early KMS
boot.initrd.kernelModules = [ ];
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
# Enable TRIM
services.fstrim.enable = lib.mkDefault true;
me.image_based_appliance.enable = true;
me.raspberry_pi_sd_image.enable = true;
};
}

12
nix/yubipi/hosts/yubipi/disk-config.nix Normal file
View File

@@ -0,0 +1,12 @@
{
fileSystems = {
"/" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
options = [
"noatime"
"norelatime"
];
};
};
}

Some files were not shown because too many files have changed in this diff Show More