talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: talexander:yubipi
Branches Tags
talexander:main talexander:kubernetes talexander:nix talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook
..
compare: talexander:install_files_mixin
Branches Tags
talexander:kubernetes talexander:nix talexander:main talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook

3 Commits
yubipi ... install_fi

Author SHA1 Message Date
Tom Alexander
504f8ecf09 Add support for setting the group owning the file. 2025-05-26 21:17:11 -04:00
Tom Alexander
7254bc8c7c Add test invocation. 2025-05-26 21:05:56 -04:00
Tom Alexander
a32f6bf0d1 Add a mixin to install files instead of using home-manager. 2025-05-26 21:05:56 -04:00
148 changed files with 1027 additions and 29420 deletions
Expand all files Collapse all files

1
ansible/roles/base/files/gitconfig_home
View File

@@ -8,7 +8,6 @@
lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
bh = log --oneline --branches=* --remotes=* --graph --decorate bh = log --oneline --branches=* --remotes=* --graph --decorate
amend = commit --amend --no-edit amend = commit --amend --no-edit
authorcount = shortlog --summary --numbered --all --no-merges
[core] [core]
excludesfile = ~/.gitignore_global excludesfile = ~/.gitignore_global
[commit] [commit]

1
ansible/roles/base/files/gitconfig_work
View File

@@ -8,7 +8,6 @@
lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
bh = log --oneline --branches=* --remotes=* --graph --decorate bh = log --oneline --branches=* --remotes=* --graph --decorate
amend = commit --amend --no-edit amend = commit --amend --no-edit
authorcount = shortlog --summary --numbered --all --no-merges
[core] [core]
excludesfile = ~/.gitignore_global excludesfile = ~/.gitignore_global
[commit] [commit]

2
ansible/roles/sshd/files/keys/yubikey.pub
View File

@@ -1 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky cardno:000611194908

43
nix/configuration/configuration.nix
View File

@@ -2,6 +2,7 @@
config, config,
lib, lib,
pkgs, pkgs,
home-manager,
... ...
}: }:
@@ -9,20 +10,16 @@
imports = [ imports = [
./roles/2ship2harkinian ./roles/2ship2harkinian
./roles/alacritty ./roles/alacritty
./roles/amd_s2idle
./roles/ansible ./roles/ansible
./roles/ares ./roles/ares
./roles/bluetooth ./roles/bluetooth
./roles/boot ./roles/boot
./roles/chromecast ./roles/chromecast
./roles/chromium ./roles/chromium
./roles/d2
./roles/direnv
./roles/distributed_build ./roles/distributed_build
./roles/docker ./roles/docker
./roles/ecc ./roles/ecc
./roles/emacs ./roles/emacs
./roles/emulate_isa
./roles/firefox ./roles/firefox
./roles/firewall ./roles/firewall
./roles/flux ./roles/flux
@@ -48,23 +45,18 @@
./roles/nix_index ./roles/nix_index
./roles/nix_worker ./roles/nix_worker
./roles/nvme ./roles/nvme
./roles/openpgp_card_tools
./roles/optimized_build ./roles/optimized_build
./roles/pcsx2 ./roles/pcsx2
./roles/podman
./roles/python ./roles/python
./roles/qemu ./roles/qemu
./roles/reset ./roles/reset
./roles/rpcs3 ./roles/rpcs3
./roles/rust ./roles/rust
./roles/sequoia
./roles/shadps4
./roles/shikane ./roles/shikane
./roles/shipwright ./roles/shipwright
./roles/sm64ex ./roles/sm64ex
./roles/sops ./roles/sops
./roles/sound ./roles/sound
./roles/spaghettikart
./roles/ssh ./roles/ssh
./roles/steam ./roles/steam
./roles/steam_run_free ./roles/steam_run_free
@@ -72,13 +64,11 @@
./roles/tekton ./roles/tekton
./roles/terraform ./roles/terraform
./roles/thunderbolt ./roles/thunderbolt
./roles/uutils
./roles/vnc_client ./roles/vnc_client
./roles/vscode ./roles/vscode
./roles/wasm ./roles/wasm
./roles/waybar ./roles/waybar
./roles/wireguard ./roles/wireguard
./roles/yubikey
./roles/zfs ./roles/zfs
./roles/zrepl ./roles/zrepl
./roles/zsh ./roles/zsh
@@ -86,6 +76,10 @@
./util/unfree_polyfill ./util/unfree_polyfill
]; ];
me.install.user.talexander.file."/home/talexander/flake.nix" = {
source = ./flake.nix;
};
nix.settings.experimental-features = [ nix.settings.experimental-features = [
"nix-command" "nix-command"
"flakes" "flakes"
@@ -102,7 +96,6 @@
nix.extraOptions = '' nix.extraOptions = ''
keep-outputs = true keep-outputs = true
keep-derivations = true keep-derivations = true
substitute = false
''; '';
# Technically only needed when building the ISO because nix detects ZFS in the filesystem list normally. I basically always want this so I'm just setting it to always be on. # Technically only needed when building the ISO because nix detects ZFS in the filesystem list normally. I basically always want this so I'm just setting it to always be on.
@@ -126,24 +119,36 @@
# Generate with `mkpasswd -m scrypt` # Generate with `mkpasswd -m scrypt`
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48"; hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo=" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo=" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
]; ];
}; };
users.groups.talexander.gid = 11235; users.groups.talexander.gid = 11235;
home-manager.users.talexander =
{ pkgs, ... }:
{
# The state version is required and should stay at the version you
# originally installed.
home.stateVersion = "24.11";
};
home-manager.users.root =
{ pkgs, ... }:
{
# The state version is required and should stay at the version you
# originally installed.
home.stateVersion = "24.11";
};
# Automatic garbage collection # Automatic garbage collection
nix.gc = lib.mkIf (!config.me.buildingIso) { nix.gc = lib.mkIf (!config.me.buildingIso) {
# Runs nix-collect-garbage --delete-older-than 5d # Runs nix-collect-garbage --delete-older-than 5d
automatic = true; automatic = true;
persistent = true; randomizedDelaySec = "14m";
dates = "monthly";
# randomizedDelaySec = "14m";
options = "--delete-older-than 30d"; options = "--delete-older-than 30d";
}; };
nix.settings.auto-optimise-store = !config.me.buildingIso; nix.settings.auto-optimise-store = !config.me.buildingIso;
nix.settings.substituters = lib.mkForce [ ];
# Use doas instead of sudo # Use doas instead of sudo
security.doas.enable = true; security.doas.enable = true;
@@ -169,7 +174,7 @@
pciutils # for lspci pciutils # for lspci
ripgrep ripgrep
strace strace
# ltrace # Disabled because it uses more than 48GB of /tmp space during test phase. ltrace
trace-cmd # ftrace trace-cmd # ftrace
tcpdump tcpdump
git-crypt git-crypt
@@ -178,7 +183,7 @@
nix-tree nix-tree
libarchive # bsdtar libarchive # bsdtar
lsof lsof
doas-sudo-shim # To support --sudo for remote builds doas-sudo-shim # To support --use-remote-sudo for remote builds
dmidecode # Read SMBIOS information. dmidecode # Read SMBIOS information.
ipcalc ipcalc
gptfdisk # for cgdisk gptfdisk # for cgdisk

173
nix/configuration/flake.lock generated
View File

@@ -1,5 +1,22 @@
{ {
"nodes": { "nodes": {
"ansible-sshjail": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"path": "flakes/ansible-sshjail",
"type": "path"
},
"original": {
"path": "flakes/ansible-sshjail",
"type": "path"
},
"parent": []
},
"crane": { "crane": {
"locked": { "locked": {
"lastModified": 1731098351, "lastModified": 1731098351,
@@ -22,11 +39,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1758287904, "lastModified": 1746729224,
"narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=", "narHash": "sha256-9R4sOLAK1w3Bq54H3XOJogdc7a6C2bLLmatOQ+5pf5w=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "67ff9807dd148e704baadbd4fd783b54282ca627", "rev": "85555d27ded84604ad6657ecca255a03fd878607",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -72,6 +89,42 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": { "gitignore": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -94,6 +147,26 @@
"type": "github" "type": "github"
} }
}, },
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1746981801,
"narHash": "sha256-+Bfr0KqZV6gZdA7e2kupeoawozaLIHLuiPtC54uxbFc=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "ff915842e4a2e63c4c8c5c08c6870b9d5b3c3ee9",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1737831083, "lastModified": 1737831083,
@@ -136,22 +209,6 @@
} }
}, },
"nixpkgs": { "nixpkgs": {
"locked": {
"lastModified": 1759381078,
"narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-dda3dcd3f": {
"locked": { "locked": {
"lastModified": 1746663147, "lastModified": 1746663147,
"narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=", "narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=",
@@ -162,8 +219,24 @@
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54", "type": "github"
}
},
"nixpkgs-b93b4e9b5": {
"locked": {
"lastModified": 1713721570,
"narHash": "sha256-R0s+O5UjTePQRb72XPgtkTmEiOOW8n+1q9Gxt/OJnKU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b93b4e9b527904aadf52dba6ca35efde2067cbd4",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b93b4e9b527904aadf52dba6ca35efde2067cbd4",
"type": "github" "type": "github"
} }
}, },
@@ -185,11 +258,11 @@
}, },
"nixpkgs-unoptimized": { "nixpkgs-unoptimized": {
"locked": { "locked": {
"lastModified": 1759381078, "lastModified": 1746663147,
"narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", "narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee", "rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -228,12 +301,15 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"ansible-sshjail": "ansible-sshjail",
"disko": "disko", "disko": "disko",
"home-manager": "home-manager",
"impermanence": "impermanence", "impermanence": "impermanence",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-dda3dcd3f": "nixpkgs-dda3dcd3f", "nixpkgs-b93b4e9b5": "nixpkgs-b93b4e9b5",
"nixpkgs-unoptimized": "nixpkgs-unoptimized" "nixpkgs-unoptimized": "nixpkgs-unoptimized",
"zsh-histdb": "zsh-histdb"
} }
}, },
"rust-overlay": { "rust-overlay": {
@@ -256,6 +332,53 @@
"repo": "rust-overlay", "repo": "rust-overlay",
"type": "github" "type": "github"
} }
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"zsh-histdb": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"path": "flakes/zsh-histdb",
"type": "path"
},
"original": {
"path": "flakes/zsh-histdb",
"type": "path"
},
"parent": []
} }
}, },
"root": "root", "root": "root",

42
nix/configuration/flake.nix
View File

@@ -31,6 +31,8 @@
# #
# doas nix --substituters "http://10.0.2.2:8080?trusted=1 https://cache.nixos.org/" --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount hosts/odo/disk-config.nix # doas nix --substituters "http://10.0.2.2:8080?trusted=1 https://cache.nixos.org/" --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount hosts/odo/disk-config.nix
# nix flake update zsh-histdb --flake .
# nix flake update ansible-sshjail --flake .
# for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done # for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
# nixos-install --substituters "http://10.0.2.2:8080?trusted=1 https://cache.nixos.org/" --flake ".#vm_ionlybootzfs" # nixos-install --substituters "http://10.0.2.2:8080?trusted=1 https://cache.nixos.org/" --flake ".#vm_ionlybootzfs"
# #
@@ -41,14 +43,28 @@
inputs = { inputs = {
impermanence.url = "github:nix-community/impermanence"; impermanence.url = "github:nix-community/impermanence";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-dda3dcd3f.url = "github:NixOS/nixpkgs/dda3dcd3fe03e991015e9a74b22d35950f264a54"; nixpkgs-b93b4e9b5.url = "github:NixOS/nixpkgs/b93b4e9b527904aadf52dba6ca35efde2067cbd4";
nixpkgs-unoptimized.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs-unoptimized.url = "github:NixOS/nixpkgs/nixos-unstable";
home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
lanzaboote = { lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.2"; url = "github:nix-community/lanzaboote/v0.4.2";
# Optional but recommended to limit the size of your system closure. # Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
zsh-histdb = {
url = "path:flakes/zsh-histdb";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
ansible-sshjail = {
url = "path:flakes/ansible-sshjail";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
disko = { disko = {
url = "github:nix-community/disko"; url = "github:nix-community/disko";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@@ -60,16 +76,19 @@
self, self,
nixpkgs, nixpkgs,
nixpkgs-unoptimized, nixpkgs-unoptimized,
nixpkgs-dda3dcd3f, nixpkgs-b93b4e9b5,
impermanence, impermanence,
home-manager,
lanzaboote, lanzaboote,
zsh-histdb,
ansible-sshjail,
... ...
}@inputs: }@inputs:
let let
base_x86_64_linux = rec { base_x86_64_linux = rec {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { specialArgs = {
pkgs-dda3dcd3f = import nixpkgs-dda3dcd3f { pkgs-b93b4e9b5 = import nixpkgs-b93b4e9b5 {
inherit system; inherit system;
}; };
pkgs-unoptimized = import nixpkgs-unoptimized { pkgs-unoptimized = import nixpkgs-unoptimized {
@@ -80,8 +99,19 @@
}; };
modules = [ modules = [
impermanence.nixosModules.impermanence impermanence.nixosModules.impermanence
home-manager.nixosModules.home-manager
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
inputs.disko.nixosModules.disko inputs.disko.nixosModules.disko
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
}
{
nixpkgs.overlays = [
zsh-histdb.overlays.default
ansible-sshjail.overlays.default
];
}
./configuration.nix ./configuration.nix
]; ];
}; };
@@ -171,7 +201,7 @@
}; };
hydra = hydra =
let let
hydra_additional_iso_modules = additional_iso_modules ++ [ additional_iso_modules = additional_iso_modules ++ [
{ {
me.optimizations.enable = true; me.optimizations.enable = true;
} }
@@ -184,13 +214,13 @@
]; ];
}; };
iso = main // { iso = main // {
modules = main.modules ++ hydra_additional_iso_modules; modules = main.modules ++ additional_iso_modules;
}; };
vm = main // { vm = main // {
modules = main.modules ++ additional_vm_modules; modules = main.modules ++ additional_vm_modules;
}; };
vm_iso = main // { vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ hydra_additional_iso_modules; modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
}; };
}; };
ionlybootzfs = rec { ionlybootzfs = rec {

61
nix/configuration/flakes/ansible-sshjail/flake.lock generated Normal file
View File

@@ -0,0 +1,61 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735141468,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

34
nix/configuration/flakes/ansible-sshjail/flake.nix Normal file
View File

@@ -0,0 +1,34 @@
{
description = "A slightly better history for zsh";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
inputs.flake-utils.url = "github:numtide/flake-utils";
outputs =
{
self,
nixpkgs,
flake-utils,
...
}:
let
out =
system:
let
pkgs = nixpkgs.legacyPackages.${system};
# Maybe pkgs = import nixpkgs { inherit system; }; ?
appliedOverlay = self.overlays.default pkgs pkgs;
in
{
packages = rec {
default = ansible-sshjail;
ansible-sshjail = appliedOverlay.ansible-sshjail;
};
};
in
flake-utils.lib.eachDefaultSystem out
// {
overlays.default = final: prev: {
ansible-sshjail = final.callPackage ./package.nix { };
};
};
}

0
nix/configuration/roles/ansible/package/ansible-sshjail/package.nix → nix/configuration/flakes/ansible-sshjail/package.nix
View File

61
nix/configuration/flakes/zsh-histdb/flake.lock generated Normal file
View File

@@ -0,0 +1,61 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735141468,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

34
nix/configuration/flakes/zsh-histdb/flake.nix Normal file
View File

@@ -0,0 +1,34 @@
{
description = "A slightly better history for zsh";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
inputs.flake-utils.url = "github:numtide/flake-utils";
outputs =
{
self,
nixpkgs,
flake-utils,
...
}:
let
out =
system:
let
pkgs = nixpkgs.legacyPackages.${system};
# Maybe pkgs = import nixpkgs { inherit system; }; ?
appliedOverlay = self.overlays.default pkgs pkgs;
in
{
packages = rec {
default = zsh-histdb;
zsh-histdb = appliedOverlay.zsh-histdb;
};
};
in
flake-utils.lib.eachDefaultSystem out
// {
overlays.default = final: prev: {
zsh-histdb = final.callPackage ./package.nix { };
};
};
}

0
nix/configuration/roles/zsh/package/zsh-histdb/package.nix → nix/configuration/flakes/zsh-histdb/package.nix
View File

4
nix/configuration/hosts/hydra/DEPLOY_BOOT
View File

@@ -10,8 +10,10 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250 # TARGET=192.168.211.250
TARGET=hydra TARGET=hydra
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#hydra' # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#hydra'

4
nix/configuration/hosts/hydra/DEPLOY_SWITCH
View File

@@ -10,8 +10,10 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250 # TARGET=192.168.211.250
TARGET=hydra TARGET=hydra
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#hydra' # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#hydra'

4
nix/configuration/hosts/hydra/ISO
View File

@@ -6,5 +6,7 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.hydra" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.hydra" --max-jobs "$JOBS" "${@}" |& nom

13
nix/configuration/hosts/hydra/VM_ISO
View File

@@ -1,13 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#vm_iso.hydra" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
install -m 0644 result/iso/nixos-*-x86_64-linux.iso ~/hydra.iso
unlink ./result

1
nix/configuration/hosts/hydra/default.nix
View File

@@ -24,6 +24,7 @@
imports = [ imports = [
./disk-config.nix ./disk-config.nix
./hardware-configuration.nix ./hardware-configuration.nix
./optimized_build.nix
./vm_disk.nix ./vm_disk.nix
]; ];

4
nix/configuration/hosts/ionlybootzfs/DEPLOY_BOOT
View File

@@ -10,8 +10,10 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250 # TARGET=192.168.211.250
TARGET="ionlybootzfs" TARGET="ionlybootzfs"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#ionlybootzfs' # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#ionlybootzfs'

4
nix/configuration/hosts/ionlybootzfs/DEPLOY_SWITCH
View File

@@ -10,8 +10,10 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250 # TARGET=192.168.211.250
TARGET=ionlybootzfs TARGET=ionlybootzfs
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#ionlybootzfs' # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#ionlybootzfs'

4
nix/configuration/hosts/ionlybootzfs/ISO
View File

@@ -6,5 +6,7 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.ionlybootzfs" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.ionlybootzfs" --max-jobs "$JOBS" "${@}" |& nom

4
nix/configuration/hosts/neelix/DEPLOY_BOOT
View File

@@ -10,8 +10,10 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250 # TARGET=192.168.211.250
TARGET=neelix TARGET=neelix
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#neelix' # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#neelix'

4
nix/configuration/hosts/neelix/DEPLOY_SWITCH
View File

@@ -10,8 +10,10 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250 # TARGET=192.168.211.250
TARGET=neelix TARGET=neelix
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#neelix' # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#neelix'

4
nix/configuration/hosts/odo/DEPLOY_BOOT
View File

@@ -10,8 +10,10 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250 # TARGET=192.168.211.250
TARGET=odo TARGET=odo
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#odo' # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#odo'

4
nix/configuration/hosts/odo/DEPLOY_SWITCH
View File

@@ -10,8 +10,10 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250 # TARGET=192.168.211.250
TARGET=odo TARGET=odo
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#odo' # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#odo'

4
nix/configuration/hosts/odo/ISO
View File

@@ -6,5 +6,7 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.odo" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.odo" --max-jobs "$JOBS" "${@}" |& nom

4
nix/configuration/hosts/odo/SELF_BOOT
View File

@@ -6,5 +6,7 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" "${@}" |& nom

4
nix/configuration/hosts/odo/SELF_BUILD
View File

@@ -6,5 +6,7 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild build --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" "${@}" |& nom

4
nix/configuration/hosts/odo/SELF_SWITCH
View File

@@ -6,5 +6,7 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" "${@}" |& nom

17
nix/configuration/hosts/odo/default.nix
View File

@@ -15,7 +15,6 @@
./framework_module.nix ./framework_module.nix
]; ];
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4` # Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "908cbf04"; networking.hostId = "908cbf04";
@@ -60,18 +59,14 @@
# services.fstrim.enable = lib.mkDefault true; # services.fstrim.enable = lib.mkDefault true;
me.alacritty.enable = true; me.alacritty.enable = true;
me.amd_s2idle.enable = true;
me.ansible.enable = true; me.ansible.enable = true;
me.ares.enable = true; me.ares.enable = true;
me.bluetooth.enable = true; me.bluetooth.enable = true;
me.chromecast.enable = true; me.chromecast.enable = true;
me.chromium.enable = true; me.chromium.enable = true;
me.d2.enable = true; me.docker.enable = true;
me.direnv.enable = true; me.ecc.enable = true;
me.docker.enable = false;
me.ecc.enable = false;
me.emacs_flavor = "full"; me.emacs_flavor = "full";
me.emulate_isa.enable = true;
me.firefox.enable = true; me.firefox.enable = true;
me.flux.enable = true; me.flux.enable = true;
me.gcloud.enable = true; me.gcloud.enable = true;
@@ -88,26 +83,20 @@
me.lvfs.enable = true; me.lvfs.enable = true;
me.media.enable = true; me.media.enable = true;
me.nix_index.enable = true; me.nix_index.enable = true;
me.openpgp_card_tools.enable = true;
me.pcsx2.enable = true; me.pcsx2.enable = true;
me.podman.enable = true;
me.python.enable = true; me.python.enable = true;
me.qemu.enable = true; me.qemu.enable = true;
me.rpcs3.enable = true; me.rpcs3.enable = true;
me.rust.enable = true; me.rust.enable = true;
me.sequoia.enable = true;
me.shadps4.enable = true;
me.shikane.enable = true; me.shikane.enable = true;
me.sops.enable = true; me.sops.enable = true;
me.sound.enable = true; me.sound.enable = true;
me.spaghettikart.enable = true;
me.steam.enable = true; me.steam.enable = true;
me.steam_run_free.enable = true; me.steam_run_free.enable = true;
me.sway.enable = true; me.sway.enable = true;
me.tekton.enable = true; me.tekton.enable = true;
me.terraform.enable = true; me.terraform.enable = true;
me.thunderbolt.enable = true; me.thunderbolt.enable = true;
me.uutils.enable = false;
me.vnc_client.enable = true; me.vnc_client.enable = true;
me.vscode.enable = true; me.vscode.enable = true;
me.wasm.enable = true; me.wasm.enable = true;
@@ -118,12 +107,10 @@
"colo" "colo"
]; ];
me.wireguard.deactivated = [ "wgf" ]; me.wireguard.deactivated = [ "wgf" ];
me.yubikey.enable = true;
me.zrepl.enable = true; me.zrepl.enable = true;
me.zsh.enable = true; me.zsh.enable = true;
me.sm64ex.enable = true; me.sm64ex.enable = true;
me.shipwright.enable = true; me.shipwright.enable = true;
me.ship2harkinian.enable = true; me.ship2harkinian.enable = true;
};
} }

18
nix/configuration/hosts/odo/power_management.nix
View File

@@ -20,7 +20,7 @@
# amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds. # amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds.
# amdgpu.dcdebugmask=0x10 :: Allegedly disables Panel Replay from https://community.frame.work/t/tracking-freezing-arch-linux-amd/39495/32 # amdgpu.dcdebugmask=0x10 :: Allegedly disables Panel Replay from https://community.frame.work/t/tracking-freezing-arch-linux-amd/39495/32
boot.kernelParams = [ boot.kernelParams = [
"amdgpu.abmlevel=2" "amdgpu.abmlevel=3"
"pcie_aspm=force" "pcie_aspm=force"
# "pcie_aspm.policy=powersupersave" # "pcie_aspm.policy=powersupersave"
"nowatchdog" "nowatchdog"
@@ -47,22 +47,6 @@
"w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpu0/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu1/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu2/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu3/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu4/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu5/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu6/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu7/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu8/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu9/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu10/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu11/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu12/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu13/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu14/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu15/cpufreq/boost - - - - 0"
]; ];
boot.extraModprobeConfig = '' boot.extraModprobeConfig = ''

2
nix/configuration/hosts/odo/screen_brightness.nix
View File

@@ -9,6 +9,6 @@
imports = [ ]; imports = [ ];
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"w- /sys/class/backlight/amdgpu_bl1/brightness - - - - 21845" "w- /sys/class/backlight/amdgpu_bl1/brightness - - - - 85"
]; ];
} }

4
nix/configuration/hosts/quark/DEPLOY_BOOT
View File

@@ -10,8 +10,10 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250 # TARGET=192.168.211.250
TARGET=quark TARGET=quark
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#quark' # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#quark'

4
nix/configuration/hosts/quark/DEPLOY_SWITCH
View File

@@ -10,8 +10,10 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# TARGET=192.168.211.250 # TARGET=192.168.211.250
TARGET=quark TARGET=quark
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --use-remote-sudo --max-jobs "$JOBS" "${@}" |& nom
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#quark' # rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#quark'

4
nix/configuration/hosts/quark/ISO
View File

@@ -6,5 +6,7 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.quark" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.quark" --max-jobs "$JOBS" "${@}" |& nom

4
nix/configuration/hosts/quark/SELF_BOOT
View File

@@ -6,5 +6,7 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild boot --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" "${@}" |& nom

4
nix/configuration/hosts/quark/SELF_BUILD
View File

@@ -6,5 +6,7 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild build --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" "${@}" |& nom

4
nix/configuration/hosts/quark/SELF_SWITCH
View File

@@ -6,5 +6,7 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}" : "${JOBS:="1"}"
nix flake update zsh-histdb --flake "$DIR/../../"
nix flake update ansible-sshjail --flake "$DIR/../../"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json nixos-rebuild switch --show-trace --use-remote-sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" "${@}" |& nom

16
nix/configuration/hosts/quark/default.nix
View File

@@ -10,6 +10,7 @@
./distributed_build.nix ./distributed_build.nix
./hardware-configuration.nix ./hardware-configuration.nix
./power_management.nix ./power_management.nix
./wifi.nix
]; ];
config = { config = {
@@ -25,7 +26,7 @@
me.optimizations = { me.optimizations = {
enable = true; enable = true;
arch = "znver4"; arch = "znver5";
system_features = [ system_features = [
"gccarch-znver4" "gccarch-znver4"
"gccarch-znver5" "gccarch-znver5"
@@ -53,18 +54,14 @@
me.rpcs3.config.Core."Use LLVM CPU" = "znver4"; me.rpcs3.config.Core."Use LLVM CPU" = "znver4";
me.alacritty.enable = true; me.alacritty.enable = true;
me.amd_s2idle.enable = true;
me.ansible.enable = true; me.ansible.enable = true;
me.ares.enable = true; me.ares.enable = true;
me.bluetooth.enable = true; me.bluetooth.enable = true;
me.chromecast.enable = true; me.chromecast.enable = true;
me.chromium.enable = true; me.chromium.enable = true;
me.d2.enable = true; me.docker.enable = true;
me.direnv.enable = true;
me.docker.enable = false;
me.ecc.enable = true; me.ecc.enable = true;
me.emacs_flavor = "full"; me.emacs_flavor = "full";
me.emulate_isa.enable = true;
me.firefox.enable = true; me.firefox.enable = true;
me.flux.enable = true; me.flux.enable = true;
me.gcloud.enable = true; me.gcloud.enable = true;
@@ -82,26 +79,20 @@
me.media.enable = true; me.media.enable = true;
me.nix_index.enable = true; me.nix_index.enable = true;
me.nix_worker.enable = true; me.nix_worker.enable = true;
me.openpgp_card_tools.enable = true;
me.pcsx2.enable = true; me.pcsx2.enable = true;
me.podman.enable = true;
me.python.enable = true; me.python.enable = true;
me.qemu.enable = true; me.qemu.enable = true;
me.rpcs3.enable = true; me.rpcs3.enable = true;
me.rust.enable = true; me.rust.enable = true;
me.sequoia.enable = true;
me.shadps4.enable = true;
me.shikane.enable = true; me.shikane.enable = true;
me.sops.enable = true; me.sops.enable = true;
me.sound.enable = true; me.sound.enable = true;
me.spaghettikart.enable = true;
me.steam.enable = true; me.steam.enable = true;
me.steam_run_free.enable = true; me.steam_run_free.enable = true;
me.sway.enable = true; me.sway.enable = true;
me.tekton.enable = true; me.tekton.enable = true;
me.terraform.enable = true; me.terraform.enable = true;
me.thunderbolt.enable = true; me.thunderbolt.enable = true;
me.uutils.enable = false;
me.vnc_client.enable = true; me.vnc_client.enable = true;
me.vscode.enable = true; me.vscode.enable = true;
me.wasm.enable = true; me.wasm.enable = true;
@@ -112,7 +103,6 @@
"colo" "colo"
]; ];
me.wireguard.deactivated = [ "wgf" ]; me.wireguard.deactivated = [ "wgf" ];
me.yubikey.enable = true;
me.zrepl.enable = true; me.zrepl.enable = true;
me.zsh.enable = true; me.zsh.enable = true;

16
nix/configuration/hosts/quark/wifi.nix Normal file
View File

@@ -0,0 +1,16 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = {
environment.loginShellInit = lib.mkIf (!config.me.buildingIso) ''
doas iw dev wlan0 set power_save off
'';
};
}

6
nix/configuration/roles/alacritty/default.nix
View File

@@ -24,8 +24,10 @@
xdg-utils # for xdg-open xdg-utils # for xdg-open
]; ];
me.install.user.talexander.file = { home-manager.users.talexander =
".config/alacritty/alacritty.toml" = { { pkgs, ... }:
{
home.file.".config/alacritty/alacritty.toml" = {
source = ./files/alacritty.toml; source = ./files/alacritty.toml;
}; };
}; };

48
nix/configuration/roles/amd_s2idle/cysystemd.nix
View File

@@ -1,48 +0,0 @@
{
lib,
pkgs,
buildPythonPackage,
fetchFromGitHub,
pythonOlder,
cython,
pkg-config,
setuptools,
}:
let
version = "1.6.3";
in
buildPythonPackage {
pname = "cysystemd";
inherit version;
pyproject = true;
src = fetchFromGitHub {
owner = "mosquito";
repo = "cysystemd";
tag = version;
hash = "sha256-xumrQgoKfFeKdRQUIYXXiXEcNd76i4wo/EIDm8BN7oU=";
};
disabled = pythonOlder "3.6";
build-system = [
setuptools
cython
];
nativeBuildInputs = [
pkg-config
];
buildInputs = [ pkgs.systemd ];
pythonImportsCheck = [ "cysystemd" ];
meta = {
description = "systemd wrapper on Cython";
homepage = "https://github.com/mosquito/cysystemd";
license = lib.licenses.asl20;
platforms = lib.platforms.linux;
};
}

47
nix/configuration/roles/amd_s2idle/default.nix
View File

@@ -1,47 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
amd_s2idle.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install amd_s2idle.";
};
};
config = lib.mkIf config.me.amd_s2idle.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
amd-debug-tools
];
nixpkgs.overlays = [
(
final: prev:
let
innerPackage = (final.callPackage ./package.nix { });
in
{
amd-debug-tools = innerPackage;
}
)
(final: prev: {
pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
(python-final: python-prev: {
cysystemd = (python-final.callPackage ./cysystemd.nix { });
})
];
})
];
}
]
);
}

60
nix/configuration/roles/amd_s2idle/package.nix
View File

@@ -1,60 +0,0 @@
{
lib,
fetchgit,
python3Packages,
acpica-tools,
ethtool,
libdisplay-info,
}:
let
version = "0.2.8";
in
python3Packages.buildPythonApplication {
pname = "amd-debug-tools";
inherit version;
pyproject = true;
build-system = with python3Packages; [
pyudev
setuptools
setuptools-git
setuptools-git-versioning
];
dependencies = with python3Packages; [
acpica-tools
cysystemd
dbus-fast
ethtool
jinja2
libdisplay-info
matplotlib
pandas
pyudev
seaborn
tabulate
];
src = fetchgit {
url = "https://git.kernel.org/pub/scm/linux/kernel/git/superm1/amd-debug-tools.git";
tag = version;
hash = "sha256-EmXsW7Q5WMFL32LWr29W3GnGpw5aj53wlp9KbFV1r0Q=";
leaveDotGit = true;
};
disabled = python3Packages.pythonOlder "3.7";
postPatch = ''
substituteInPlace pyproject.toml \
--replace-fail ', "setuptools-git-versioning>=2.0,<3"' ""
'';
pythonImportsCheck = [ "amd_debug" ];
meta = {
description = "Debug tools for AMD zen systems";
homepage = "https://git.kernel.org/pub/scm/linux/kernel/git/superm1/amd-debug-tools.git/";
changelog = "https://git.kernel.org/pub/scm/linux/kernel/git/superm1/amd-debug-tools.git/tag/?h=${version}";
license = lib.licenses.mit;
platforms = lib.platforms.linux;
};
}

3
nix/configuration/roles/ansible/default.nix
View File

@@ -25,9 +25,6 @@
]; ];
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: prev: {
ansible-sshjail = (final.callPackage ./package/ansible-sshjail/package.nix { });
})
(final: prev: { (final: prev: {
ansible = pkgs.symlinkJoin { ansible = pkgs.symlinkJoin {
name = "ansible"; name = "ansible";

14
nix/configuration/roles/chromium/default.nix
View File

@@ -22,7 +22,7 @@
{ } { }
(lib.mkIf config.me.graphical { (lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
chromium (chromium.override { enableWideVine = true; })
]; ];
allowedUnfree = [ allowedUnfree = [
"chromium" "chromium"
@@ -57,18 +57,8 @@
}; };
}; };
nixpkgs.overlays = [
(final: prev: {
chromium = prev.chromium.override {
enableWideVine = true;
commandLineArgs = [
"--enable-features=VaapiVideoDecoder,VaapiIgnoreDriverChecks,Vulkan,DefaultANGLEVulkan,VulkanFromANGLE,AcceleratedVideoEncoder"
# Enabling vulkan causes video to render as white # Enabling vulkan causes video to render as white
# "--enable-features=Vulkan"; # nixpkgs.config.chromium.commandLineArgs = "--enable-features=Vulkan";
];
};
})
];
}) })
] ]
); );

29
nix/configuration/roles/d2/default.nix
View File

@@ -1,29 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
d2.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install d2.";
};
};
config = lib.mkIf config.me.d2.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
d2
];
}
]
);
}

55
nix/configuration/roles/direnv/default.nix
View File

@@ -1,55 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
direnv_zsh_hook = pkgs.writeTextFile {
name = "direnv_zsh_hook.zsh";
text = ''
eval "$(direnv hook zsh)"
'';
};
in
{
imports = [ ];
options.me = {
direnv.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install direnv.";
};
};
config = lib.mkIf config.me.direnv.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
direnv
nix-direnv
];
me.zsh.includes = [ direnv_zsh_hook ];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
# List of allowed directories from `direnv allow`.
directory = ".local/share/direnv";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
}
]
);
}

11
nix/configuration/roles/distributed_build/default.nix
View File

@@ -58,13 +58,12 @@ in
]; ];
maxJobs = 1; maxJobs = 1;
supportedFeatures = [ supportedFeatures = [
"nixos-test" # "nixos-test"
"benchmark" "benchmark"
"big-parallel" "big-parallel"
# "kvm" # "kvm"
"gccarch-x86-64-v3" "gccarch-x86-64-v3"
"gccarch-x86-64-v4" "gccarch-x86-64-v4"
"gccarch-skylake"
"gccarch-znver4" "gccarch-znver4"
]; ];
} }
@@ -87,16 +86,12 @@ in
]; ];
maxJobs = 1; maxJobs = 1;
supportedFeatures = [ supportedFeatures = [
"gccarch-armv6" # "nixos-test"
"gccarch-aarch64"
"gccarch-riscv64"
"nixos-test"
"benchmark" "benchmark"
"big-parallel" "big-parallel"
"kvm" # "kvm"
"gccarch-x86-64-v3" "gccarch-x86-64-v3"
"gccarch-x86-64-v4" "gccarch-x86-64-v4"
"gccarch-skylake"
"gccarch-znver4" "gccarch-znver4"
"gccarch-znver5" "gccarch-znver5"
]; ];

8
nix/configuration/roles/docker/default.nix
View File

@@ -19,14 +19,6 @@
config = lib.mkIf config.me.docker.enable ( config = lib.mkIf config.me.docker.enable (
lib.mkMerge [ lib.mkMerge [
{
assertions = [
{
assertion = !config.me.podman.enable;
message = "docker conflicts with podman";
}
];
}
{ {
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
# Use docker activation # Use docker activation

10
nix/configuration/roles/emacs/default.nix
View File

@@ -131,10 +131,8 @@ in
final.cmake-language-server final.cmake-language-server
final.cmake # Used by cmake-language-server final.cmake # Used by cmake-language-server
final.rust-analyzer final.rust-analyzer
final.prettier # Format yaml, json, and JS final.nodePackages_latest.prettier # Format yaml, json, and JS
final.terraform-ls final.terraform-ls
final.typescript-language-server
final.tex
] ]
} }
''; '';
@@ -142,8 +140,10 @@ in
}) })
]; ];
me.install.user.talexander.file = { home-manager.users.talexander =
".config/emacs" = { { pkgs, ... }:
{
home.file.".config/emacs" = {
source = ./files/emacs; source = ./files/emacs;
recursive = true; recursive = true;
}; };

11
nix/configuration/roles/emacs/files/emacs/elisp/base.el
View File

@@ -7,12 +7,10 @@
(use-package auto-package-update (use-package auto-package-update
:ensure t :ensure t
:custom
(auto-package-update-interval 14)
(auto-package-update-delete-old-versions t)
:config :config
(auto-package-update-maybe) (setq auto-package-update-delete-old-versions t
) auto-package-update-interval 14)
(auto-package-update-maybe))
(defun assert-directory (p) (defun assert-directory (p)
(unless (file-exists-p p) (make-directory p t)) (unless (file-exists-p p) (make-directory p t))
@@ -112,6 +110,9 @@
;; (setq-default fringes-outside-margins t) ;; (setq-default fringes-outside-margins t)
;; Per-pixel scrolling instead of per-line
(pixel-scroll-precision-mode)
;; Typed text replaces selection ;; Typed text replaces selection
(delete-selection-mode) (delete-selection-mode)

16
nix/configuration/roles/emacs/files/emacs/elisp/lang-d2.el
View File

@@ -1,16 +0,0 @@
(defun d2-format-buffer ()
"Run prettier."
(interactive)
(run-command-on-buffer "d2" "fmt" "-")
)
(use-package d2-mode
:commands (d2-mode)
:hook (
(d2-mode . (lambda ()
;; (add-hook 'before-save-hook 'd2-format-buffer nil 'local)
))
)
)
(provide 'lang-d2)

10
nix/configuration/roles/emacs/files/emacs/elisp/lang-javascript.el
View File

@@ -1,12 +1,6 @@
(require 'common-lsp) (require 'common-lsp)
(require 'util-tree-sitter) (require 'util-tree-sitter)
(defun js-format-buffer ()
"Run prettier."
(interactive)
(run-command-on-buffer "prettier" "--stdin-filepath" buffer-file-name)
)
(use-package json-ts-mode (use-package json-ts-mode
:ensure nil :ensure nil
:pin manual :pin manual
@@ -119,14 +113,10 @@
("\\.js\\'" . js-ts-mode) ("\\.js\\'" . js-ts-mode)
) )
:commands (js-ts-mode) :commands (js-ts-mode)
:custom (
(js-indent-level 2)
)
:hook ( :hook (
(js-ts-mode . (lambda () (js-ts-mode . (lambda ()
(when-linux (when-linux
(eglot-ensure) (eglot-ensure)
(add-hook 'before-save-hook 'js-format-buffer nil 'local)
) )
)) ))
) )

4
nix/configuration/roles/emacs/files/emacs/elisp/lang-org.el
View File

@@ -87,8 +87,4 @@
(use-package gnuplot) (use-package gnuplot)
(use-package graphviz-dot-mode) (use-package graphviz-dot-mode)
(use-package htmlize
;; For syntax highlighting when exporting to HTML.
)
(provide 'lang-org) (provide 'lang-org)

2
nix/configuration/roles/emacs/files/emacs/elisp/lang-rust.el
View File

@@ -46,7 +46,7 @@
(when rust-analyzer-command (when rust-analyzer-command
;; (add-to-list 'eglot-server-programs `(rust-ts-mode . (,rust-analyzer-command))) ;; (add-to-list 'eglot-server-programs `(rust-ts-mode . (,rust-analyzer-command)))
(add-to-list 'eglot-server-programs `(rust-ts-mode . (,rust-analyzer-command :initializationOptions (:imports (:granularity (:enforce t :group "item") (add-to-list 'eglot-server-programs `(rust-ts-mode . (,rust-analyzer-command :initializationOptions (:imports (:granularity (:enforce t :group "item")
:merge (:glob :json-false) :merge (:glob nil)
:prefix "self") :prefix "self")
)))) ))))
) )

2
nix/configuration/roles/emacs/files/emacs/init.el
View File

@@ -40,6 +40,4 @@
(require 'lang-cmake) (require 'lang-cmake)
(require 'lang-d2)
(load-directory autoload-directory) (load-directory autoload-directory)

41
nix/configuration/roles/emulate_isa/default.nix
View File

@@ -1,41 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
emulate_isa.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to enable emulating other CPU architectures.";
};
};
config = lib.mkIf config.me.emulate_isa.enable (
lib.mkMerge [
{
boot.binfmt.emulatedSystems = [
"aarch64-linux" # Raspberry Pi gen 3
"riscv64-linux"
# TODO: Should "x86_64-linux" be in this list or should this list be dependent on the host CPU?
"armv6l-linux" # Raspberry Pi gen 1
];
me.optimizations = {
system_features = [
"gccarch-armv6"
"gccarch-aarch64"
"gccarch-riscv64"
];
};
}
]
);
}
# NOTE: build nixosConfigurations.<name>.config.system.build.sdImage

5
nix/configuration/roles/firefox/default.nix
View File

@@ -70,12 +70,9 @@
# Allow sending dark mode preference to websites. # Allow sending dark mode preference to websites.
# Allow sending timezone to websites. # Allow sending timezone to websites.
"privacy.fingerprintingProtection.overrides" = "privacy.fingerprintingProtection.overrides" =
"+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"; "+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked";
# Disable weather on new tab page # Disable weather on new tab page
"browser.newtabpage.activity-stream.showWeather" = false; "browser.newtabpage.activity-stream.showWeather" = false;
# Disable AI stuff that wastes battery life
"browser.ml.chat.enabled" = false;
"browser.ml.enabled" = false;
}; };
# Check about:policies#documentation and https://mozilla.github.io/policy-templates/ for options. # Check about:policies#documentation and https://mozilla.github.io/policy-templates/ for options.
policies = { policies = {

1
nix/configuration/roles/fonts/default.nix
View File

@@ -15,7 +15,6 @@
cascadia-code cascadia-code
source-sans-pro source-sans-pro
source-serif-pro source-serif-pro
noto-fonts
noto-fonts-cjk-sans noto-fonts-cjk-sans
noto-fonts-cjk-serif noto-fonts-cjk-serif
noto-fonts-color-emoji noto-fonts-color-emoji

102
nix/configuration/roles/git/default.nix
View File

@@ -5,18 +5,6 @@
... ...
}: }:
let
git_wrapped =
package: prog:
pkgs.writeShellScriptBin "${prog}" ''
export PATH="${
lib.makeBinPath [
pkgs.meld
]
}:$PATH"
exec ${package}/bin/${prog} "''${@}"
'';
in
{ {
imports = [ ]; imports = [ ];
@@ -32,48 +20,66 @@ in
config = lib.mkMerge [ config = lib.mkMerge [
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
my_git git
]; ];
} }
(lib.mkIf (config.me.git.config != null) { (lib.mkIf (config.me.git.config != null) {
me.install.user.talexander.file = { home-manager.users.talexander =
".gitconfig" = { { pkgs, ... }:
{
home.file.".gitconfig" = {
source = config.me.git.config; source = config.me.git.config;
}; };
}; };
}) })
(lib.mkIf (config.me.graphical) { # (lib.mkIf (config.me.graphical) {
nixpkgs.overlays = [ # nixpkgs.overlays = [
(final: prev: { # (final: prev: {
my_git = ( # git = pkgs.buildEnv {
pkgs.buildEnv { # name = prev.git.name;
name = prev.git.name; # paths = [
version = prev.git.version; # prev.git
paths = # ];
(builtins.map (git_wrapped prev.git) [ # extraOutputsToInstall = [
"git" # "man"
]) # "doc"
++ [ # "info"
prev.git # ];
]; # buildInputs = [ final.makeWrapper ];
extraOutputsToInstall = [ # postBuild = ''
"man" # wrapProgram $out/bin/git --prefix PATH : ${
"doc" # lib.makeBinPath [
"info" # final.meld
]; # ]
nativeBuildInputs = [ final.makeWrapper ]; # }
ignoreCollisions = true; # '';
} # };
); # })
}) # ];
]; # })
}) # (lib.mkIf (!config.me.graphical) {
(lib.mkIf (!config.me.graphical) { # nixpkgs.overlays = [
nixpkgs.overlays = [ # (final: prev: {
(final: prev: { # git = pkgs.buildEnv {
my_git = prev.git; # name = prev.git.name;
}) # paths = [
]; # prev.git
}) # ];
# extraOutputsToInstall = [
# "man"
# "doc"
# "info"
# ];
# buildInputs = [ final.makeWrapper ];
# postBuild = ''
# wrapProgram $out/bin/git --prefix PATH : ${
# lib.makeBinPath [
# ]
# }
# '';
# };
# })
# ];
# })
]; ];
} }

9
nix/configuration/roles/git/files/gitconfig_home
View File

@@ -1,14 +1,13 @@
[user] [user]
email = tom@fizz.buzz email = tom@fizz.buzz
name = Tom Alexander name = Tom Alexander
signingkey = 36C99E8B3C39D85F signingkey = D3A179C9A53C0EDE
[push] [push]
default = simple # (default since 2.0) default = simple # (default since 2.0)
[alias] [alias]
lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
bh = log --oneline --branches=* --remotes=* --graph --decorate bh = log --oneline --branches=* --remotes=* --graph --decorate
amend = commit --amend --no-edit amend = commit --amend --no-edit
authorcount = shortlog --summary --numbered --all --no-merges
[core] [core]
excludesfile = ~/.gitignore_global excludesfile = ~/.gitignore_global
[commit] [commit]
@@ -51,8 +50,4 @@
[rebase] [rebase]
autoSquash = true autoSquash = true
autoStash = true autoStash = true
# updateRefs was annoying when you want to split a branch in two by rebasing away from commits from one branch and rebasing away some commits from another branch. updateRefs = true
updateRefs = false
# Disabled because ephemeral pin storage is not yet ready in openpgp-card-state
# [gpg]
# program = oct-git

69
nix/configuration/roles/gpg/default.nix
View File

@@ -29,7 +29,9 @@ in
lib.mkMerge [ lib.mkMerge [
{ {
# Fetch public keys: # Fetch public keys:
# gpg --locate-external-keys tom@fizz.buzz # gpg --locate-keys tom@fizz.buzz
#
# gpg -vvv --auto-key-locate local,wkd --locate-keys tom@fizz.buzz
hardware.gpgSmartcards.enable = true; hardware.gpgSmartcards.enable = true;
services.udev.packages = [ services.udev.packages = [
@@ -45,64 +47,35 @@ in
}) })
]; ];
services.pcscd.enable = true; services.pcscd.enable = true;
# services.gnome.gnome-keyring.enable = true;
me.install.user.talexander.file = { # services.dbus.packages = [ pkgs.gcr ];
".gnupg/scdaemon.conf" = {
# services.pcscd.plugins = lib.mkForce [ ];
# programs.gpg.scdaemonSettings = {
# disable-ccid = true;
# };
# .gnupg/scdaemon.conf
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".gnupg/scdaemon.conf" = {
source = ./files/scdaemon.conf; source = ./files/scdaemon.conf;
}; };
}; };
# programs.gnupg.dirmngr.enable = true;
programs.gnupg.agent = { programs.gnupg.agent = {
enable = true; enable = true;
enableSSHSupport = true; enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-qt; pinentryPackage = pkgs.pinentry-qt;
# Settings block populates /etc/gnupg/gpg-agent.conf
# settings = { # settings = {
# disable-ccid = true;
# }; # };
}; };
# Disabled because it breaks signing git commits because gpg wants to copy pubring.kbx. Unfortunately, this makes the install of scdaemon.conf do nothing since this mount of the full .gnupg directory goes over it.
#
# environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
# hideMounts = true;
# users.talexander = {
# files = [
# {
# file = ".gnupg/trustdb.gpg";
# parentDirectory = {
# mode = "u=rwx,g=,o=";
# };
# }
# {
# file = ".gnupg/pubring.kbx";
# parentDirectory = {
# mode = "u=rwx,g=,o=";
# };
# }
# {
# file = ".gnupg/tofu.db";
# parentDirectory = {
# mode = "u=rwx,g=,o=";
# };
# }
# ];
# directories = [
# {
# directory = ".gnupg/crls.d";
# user = "talexander";
# group = "talexander";
# mode = "0700";
# }
# {
# directory = ".gnupg/private-keys-v1.d";
# user = "talexander";
# group = "talexander";
# mode = "0700";
# }
# ];
# };
# };
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
@@ -112,7 +85,7 @@ in
user = "talexander"; user = "talexander";
group = "talexander"; group = "talexander";
mode = "0700"; mode = "0700";
} } # Local keyring
]; ];
}; };
}; };
@@ -120,6 +93,8 @@ in
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
pcsclite pcsclite
pcsctools pcsctools
yubikey-personalization
yubikey-manager
glibcLocales glibcLocales
ccid ccid
libusb-compat-0_1 libusb-compat-0_1

3
nix/configuration/roles/gpg/files/gpg_test_wkd.bash
View File

@@ -6,6 +6,3 @@ IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
gpg --no-default-keyring --keyring /tmp/gpg-$$ --auto-key-locate clear,wkd --locate-keys "${@}" gpg --no-default-keyring --keyring /tmp/gpg-$$ --auto-key-locate clear,wkd --locate-keys "${@}"
# To generate files for the WKD:
# gpg-wks-client --directory ./pgp/.well-known/openpgpkey --install-key <keyid> <email>

3
nix/configuration/roles/gpg/files/scdaemon.conf
View File

@@ -1,9 +1,6 @@
#reader-port Yubico Yubi #reader-port Yubico Yubi
disable-ccid disable-ccid
# This setting enables other backends like oct to access the pgp card simultaneously but it also means that gpg will ask for the pin for EVERY ssh session which is annoying in scripts.
#pcsc-shared
#log-file /home/talexander/scd.log #log-file /home/talexander/scd.log
#verbose #verbose
#debug cardio #debug cardio

6
nix/configuration/roles/kanshi/default.nix
View File

@@ -41,11 +41,15 @@ in
exec_kanshi exec_kanshi
]; ];
me.install.user.talexander.file = { home-manager.users.talexander =
{ pkgs, ... }:
{
home.file = {
".config/kanshi/config" = { ".config/kanshi/config" = {
source = ./files/config_kanshi; source = ./files/config_kanshi;
}; };
}; };
};
}) })
] ]
); );

10
nix/configuration/roles/kodi/default.nix
View File

@@ -51,7 +51,7 @@
# Generate with `mkpasswd -m scrypt` # Generate with `mkpasswd -m scrypt`
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48"; hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo=" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo=" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
]; ];
@@ -78,6 +78,9 @@
}; };
}; };
home-manager.users.kodi =
{ pkgs, ... }:
{
# home.file.".kodi/userdata/mediasources.xml".source = ./files/mediasources.xml; # home.file.".kodi/userdata/mediasources.xml".source = ./files/mediasources.xml;
# home.file.".kodi/userdata/addon_data/peripheral.joystick/resources/buttonmaps/xml/linux/DualSense_Wireless_Controller_13b_8a.xml".source = # home.file.".kodi/userdata/addon_data/peripheral.joystick/resources/buttonmaps/xml/linux/DualSense_Wireless_Controller_13b_8a.xml".source =
@@ -85,6 +88,11 @@
# TODO: Maybe .kodi/userdata/sources.xml # TODO: Maybe .kodi/userdata/sources.xml
# TODO: ./userdata/guisettings.xml:303: <setting id="filecache.memorysize">128</setting> # TODO: ./userdata/guisettings.xml:303: <setting id="filecache.memorysize">128</setting>
# The state version is required and should stay at the version you
# originally installed.
home.stateVersion = "24.11";
};
}) })
] ]
); );

45
nix/configuration/roles/latex/default.nix
View File

@@ -5,6 +5,22 @@
... ...
}: }:
let
tex = (
pkgs.texlive.combine {
inherit (pkgs.texlive)
scheme-basic
dvisvgm
dvipng # for preview and export as html in org-mode
wrapfig
amsmath
ulem
hyperref
capt-of
;
}
);
in
{ {
imports = [ ]; imports = [ ];
@@ -24,35 +40,6 @@
tex tex
]; ];
} }
{
nixpkgs.overlays = [
(final: prev: {
tex = (
pkgs.texlive.combine {
inherit (pkgs.texlive)
scheme-basic
dvisvgm
dvipng # for preview and export as html in org-mode
wrapfig
amsmath
ulem
hyperref
capt-of
svg # emacs org-mode pdf export
catchfile # emacs org-mode pdf export
xcolor # emacs org-mode pdf export
transparent # emacs org-mode pdf export
pgf # emacs org-mode pdf export
minted # emacs org-mode pdf export code block highlighting
upquote # emacs org-mode pdf export
lineno # emacs org-mode pdf export
;
}
);
})
];
}
] ]
); );
} }

6
nix/configuration/roles/media/default.nix
View File

@@ -52,8 +52,10 @@ in
imv imv
]; ];
me.install.user.talexander.file = { home-manager.users.talexander =
".config/mpv/mpv.conf" = { { pkgs, ... }:
{
home.file.".config/mpv/mpv.conf" = {
source = ./files/mpv.conf; source = ./files/mpv.conf;
}; };
}; };

2
nix/configuration/roles/media/files/cast_file_vaapi
View File

@@ -123,13 +123,11 @@ function convert {
if [ "$acceleration_type" == "software" ]; then if [ "$acceleration_type" == "software" ]; then
args+=(-c:v h264) args+=(-c:v h264)
args+=(-profile:v high) args+=(-profile:v high)
args+=(-vf format=yuv420p)
args+=(-b:v "$VIDEO_BITRATE") args+=(-b:v "$VIDEO_BITRATE")
elif [ "$acceleration_type" == "hardware" ]; then elif [ "$acceleration_type" == "hardware" ]; then
args+=(-vf 'format=nv12|vaapi,hwupload') args+=(-vf 'format=nv12|vaapi,hwupload')
args+=(-c:v h264_vulkan) args+=(-c:v h264_vulkan)
args+=(-profile:v high) args+=(-profile:v high)
args+=(-vf format=yuv420p)
args+=(-b:v "$VIDEO_BITRATE") args+=(-b:v "$VIDEO_BITRATE")
fi fi
elif [ "$codec" == "av1" ]; then elif [ "$codec" == "av1" ]; then

12
nix/configuration/roles/memtest86/default.nix
View File

@@ -8,14 +8,10 @@
{ {
imports = [ ]; imports = [ ];
config = lib.mkMerge [ config = lib.mkMerge [
{ { }
environment.systemPackages = with pkgs; [ (lib.mkIf (config.me.buildingIso) {
memtest86plus
];
}
# (lib.mkIf (config.me.buildingIso) {
# boot.loader.systemd-boot.memtest86.enable = true; # boot.loader.systemd-boot.memtest86.enable = true;
# boot.loader.grub.memtest86.enable = true; boot.loader.grub.memtest86.enable = true;
# }) })
]; ];
} }

40
nix/configuration/roles/network/default.nix
View File

@@ -2,7 +2,6 @@
config, config,
lib, lib,
pkgs, pkgs,
pkgs-dda3dcd3f,
... ...
}: }:
@@ -55,20 +54,8 @@
General = { General = {
EnableNetworkConfiguration = true; EnableNetworkConfiguration = true;
AddressRandomization = "network"; AddressRandomization = "network";
ControlPortOverNL80211 = false;
}; };
# Rank = {
# BandModifier2_4GHz = 1.0;
# BandModifier5GHz = 1.0;
# BandModifier6GHz = 1.0;
# };
DriverQuirks = {
PowerSaveDisable = "*";
# ath12k_pci
};
# Scan = {
# DisablePeriodicScan = true;
# DisableRoamingScan = true;
# };
}; };
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@@ -77,7 +64,6 @@
ldns # for drill ldns # for drill
arp-scan # To find devices on the network arp-scan # To find devices on the network
wavemon wavemon
dhcpcd # For Android USB tethering.
]; ];
boot.extraModprobeConfig = '' boot.extraModprobeConfig = ''
@@ -105,28 +91,4 @@
# This is enabled by default in nixos. # This is enabled by default in nixos.
# "net.ipv6.conf.default.use_tempaddr" = 2; # "net.ipv6.conf.default.use_tempaddr" = 2;
}; };
# nixpkgs.overlays = [
# (final: prev: {
# inherit (pkgs-dda3dcd3f)
# linux-firmware
# ;
# })
# ];
# nixpkgs.overlays = [
# (final: prev: {
# linux-firmware = prev.linux-firwmare.overrideAttrs (old: rec {
# version = "20250917";
# src = final.fetchFromGitLab {
# owner = "kernel-firmware";
# repo = "linux-firmware";
# tag = version;
# hash = "sha256-tecFB6WYEfBK9FB7Rv8nHLdefIoaFnHrpzXBl+iSd08=";
# };
# });
# })
# ];
} }

2
nix/configuration/roles/nix_worker/default.nix
View File

@@ -43,7 +43,7 @@
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48"; hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
# Normal keys: # Normal keys:
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo=" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo=" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
# Key for nix to connect: # Key for nix to connect:

49
nix/configuration/roles/openpgp_card_tools/default.nix
View File

@@ -1,49 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./openpgp-card-ssh-agent.nix
];
options.me = {
openpgp_card_tools.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install openpgp-card-tools.";
};
};
config = lib.mkIf config.me.openpgp_card_tools.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
openpgp-card-tools
openpgp-card-tool-git
openpgp-card-ssh-agent
];
nixpkgs.overlays = [
(final: prev: {
openpgp-card-tool-git = (final.callPackage ./package/openpgp-card-tool-git/package.nix { });
openpgp-card-ssh-agent = (final.callPackage ./package/openpgp-card-ssh-agent/package.nix { });
})
];
me.install.user.talexander.file = {
".config/openpgp-card-state/config.toml" = {
source = ./files/openpgp-card-state.toml;
};
};
# The current openpgp-card-ssh-agent has an outdated dependency on openpgp-card-state which makes it not handle my current openpgp-card-state.toml
# services.openpgp-card-ssh-agent.enable = true;
}
]
);
}

1
nix/configuration/roles/openpgp_card_tools/files/openpgp-card-state.toml
View File

@@ -1 +0,0 @@
default_pin_storage = "Pinentry"

94
nix/configuration/roles/openpgp_card_tools/openpgp-card-ssh-agent.nix
View File

@@ -1,94 +0,0 @@
# Upstream to nixpkgs/nixos/modules/services/networking/ssh/openpgp-card-ssh-agent.nix
{
config,
lib,
pkgs,
...
}:
let
inherit (lib)
mkIf
mkOption
mkEnableOption
mkPackageOption
mkDefault
types
concatMapStringsSep
generators
;
cfg = config.services.openpgp-card-ssh-agent;
in
{
options.services.openpgp-card-ssh-agent = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Whether to start openpgp-card-ssh-agent when you log in.
Also sets SSH_AUTH_SOCK to point at openpgp-card-ssh-agent.
'';
};
package = mkPackageOption pkgs "openpgp-card-ssh-agent" { };
};
config = mkIf cfg.enable {
environment.systemPackages = [ cfg.package ];
systemd.user.sockets.openpgp-card-ssh-agent = {
wantedBy = [ "sockets.target" ];
description = "A simple ssh-agent backed by OpenPGP card authentication keys";
documentation = [
"https://codeberg.org/openpgp-card/ssh-agent"
"man:ssh-add(1)"
"man:ssh-agent(1)"
"man:ssh(1)"
];
socketConfig = {
ListenStream = "%t/openpgp-card/ssh-agent.sock";
SocketMode = "0600";
DirectoryMode = "0700";
};
};
systemd.user.services.openpgp-card-ssh-agent = {
description = "A simple ssh-agent backed by OpenPGP card authentication keys";
documentation = [
"https://codeberg.org/openpgp-card/ssh-agent"
"man:ssh-add(1)"
"man:ssh-agent(1)"
"man:ssh(1)"
];
after = [ "local-fs.target" ];
requires = [
"openpgp-card-ssh-agent.socket"
# "gnome-keyring-daemon.service"
];
serviceConfig = {
ExecStart = ''
${cfg.package}/bin/openpgp-card-ssh-agent -H fd://
'';
};
};
environment.extraInit = ''
if [ -z "$SSH_AUTH_SOCK" ] && [ -n "$XDG_RUNTIME_DIR" ]; then
export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/openpgp-card/ssh-agent.sock"
fi
'';
assertions = [
{
assertion = cfg.enable -> !config.programs.ssh.startAgent;
message = "You can't use ssh-agent and GnuPG agent with SSH support enabled at the same time!";
}
{
assertion = cfg.enable -> !config.programs.gnupg.agent.enableSSHSupport;
message = "You can't use GnuPG agent with SSH support enabled and openpgp-card-ssh-agent at the same time!";
}
];
};
}

52
nix/configuration/roles/openpgp_card_tools/package/openpgp-card-ssh-agent/package.nix
View File

@@ -1,52 +0,0 @@
{
lib,
rustPlatform,
fetchFromGitea,
pkg-config,
pcsclite,
dbus,
openssl,
testers,
openpgp-card-ssh-agent,
}:
rustPlatform.buildRustPackage rec {
pname = "openpgp-card-ssh-agent";
version = "0.3.4";
src = fetchFromGitea {
domain = "codeberg.org";
owner = "openpgp-card";
repo = "ssh-agent";
rev = "v${version}";
hash = "sha256-nWbvEsVa7YJsBtVZfLQDB4CiaHP3GEYeYS32+WZv8PE=";
};
cargoHash = "sha256-nG7xebypXv7UAfu7sWbcp4DIhLv4lfzMrQUY6m2iDmw=";
nativeBuildInputs = [
pkg-config
];
buildInputs = [
openssl
pcsclite
dbus
];
passthru = {
tests.version = testers.testVersion {
package = openpgp-card-ssh-agent;
};
};
meta = with lib; {
description = "An ssh agent that uses OpenPGP cards for your key";
homepage = "https://codeberg.org/openpgp-card/ssh-agent";
license = with licenses; [
asl20 # OR
mit
];
mainProgram = "openpgp-card-ssh-agent";
};
}

54
nix/configuration/roles/openpgp_card_tools/package/openpgp-card-tool-git/package.nix
View File

@@ -1,54 +0,0 @@
{
lib,
rustPlatform,
fetchFromGitea,
pkg-config,
pcsclite,
dbus,
openssl,
sqlite,
testers,
openpgp-card-tool-git,
}:
rustPlatform.buildRustPackage rec {
pname = "openpgp-card-tool-git";
version = "0.1.6";
src = fetchFromGitea {
domain = "codeberg.org";
owner = "openpgp-card";
repo = "oct-git";
rev = "v${version}";
hash = "sha256-38/JHzCkL3+0IbOacH54A5Hj03oDe9jDzcwp672a8LE=";
};
cargoHash = "sha256-j1Osj2rjLxrSKh82ym6PiIHVO1wLE7Ax2/5+pdRcv+E=";
nativeBuildInputs = [
pkg-config
];
buildInputs = [
openssl
pcsclite
dbus
sqlite
];
passthru = {
tests.version = testers.testVersion {
package = openpgp-card-tool-git;
};
};
meta = with lib; {
description = "Tool for using OpenPGP cards with git";
homepage = "https://codeberg.org/openpgp-card/oct-git";
license = with licenses; [
asl20 # OR
mit
];
mainProgram = "oct-git";
};
}

38
nix/configuration/roles/optimized_build/default.nix
View File

@@ -47,7 +47,7 @@
(lib.mkIf (!config.me.optimizations.enable) ( (lib.mkIf (!config.me.optimizations.enable) (
lib.mkMerge [ lib.mkMerge [
{ {
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_16; boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_14;
} }
] ]
)) ))
@@ -94,14 +94,44 @@
HZ = lib.kernel.freeform "300"; HZ = lib.kernel.freeform "300";
HZ_300 = lib.kernel.yes; HZ_300 = lib.kernel.yes;
HZ_1000 = lib.kernel.no; HZ_1000 = lib.kernel.no;
} prev.linux_6_16; } prev.linux_6_14;
} }
) )
(final: prev: {
haskellPackages = prev.haskellPackages.extend (
final': prev': {
inherit (pkgs-unoptimized.haskellPackages)
crypto-token
crypton
crypton-connection
crypton-x509
crypton-x509-store
crypton-x509-system
crypton-x509-validation
hspec-wai
http-client-tls
http2
pandoc
pandoc-cli
pandoc-lua-engine
pandoc-server
servant-server
tls
tls-session-manager
wai-app-static
wai-extra
warp
warp-tls
;
}
);
})
(final: prev: { (final: prev: {
inherit (pkgs-unoptimized) inherit (pkgs-unoptimized)
gsl gsl
rapidjson redis
assimp valkey
nix-serve-ng
; ;
}) })
]; ];

6
nix/configuration/roles/pcsx2/default.nix
View File

@@ -82,8 +82,10 @@
}; };
}; };
me.install.user.talexander.file = { home-manager.users.talexander =
".config/PCSX2/inis/PCSX2.ini" = { { pkgs, ... }:
{
home.file.".config/PCSX2/inis/PCSX2.ini" = {
source = ./files/PCSX2.ini; source = ./files/PCSX2.ini;
}; };
}; };

80
nix/configuration/roles/podman/default.nix
View File

@@ -1,80 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
podman.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install podman.";
};
};
config = lib.mkIf config.me.podman.enable (
lib.mkMerge [
{
assertions = [
{
assertion = !config.me.docker.enable;
message = "podman conflicts with docker";
}
];
}
{
environment.systemPackages = with pkgs; [
dive
podman-tui
podman-compose
];
# Write config files in /etc/containers
virtualisation.containers.enable = true;
# By default this includes "quay.io" which leads to prompting for which registry to download from.
virtualisation.containers.registries.search = [ "docker.io" ];
virtualisation = {
podman = {
enable = true;
# Install docker shim
dockerCompat = true;
# Support name resolution in podman-compose.
defaultNetwork.settings.dns_enabled = true;
};
};
environment.variables = {
# For compatibility with tools expecting a docker socket (like dive).
DOCKER_HOST = "unix://$XDG_RUNTIME_DIR/podman/podman.sock";
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
{
directory = "/var/lib/containers";
user = "root";
group = "root";
mode = "0755";
}
];
users.talexander = {
directories = [
{
directory = ".local/share/containers";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
}
]
);
}

16
nix/configuration/roles/python/default.nix
View File

@@ -31,23 +31,7 @@
pyright pyright
isort isort
black black
uv
]; ];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
# Poetry virtual environments.
directory = ".cache/pypoetry";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
} }
] ]
); );

36
nix/configuration/roles/qemu/default.nix
View File

@@ -5,41 +5,6 @@
... ...
}: }:
let
qemurc =
(pkgs.writeScriptBin "qemurc" (
builtins.readFile (
pkgs.replaceVars ./files/qemurc.bash {
"OVMFfd" = "${pkgs.OVMF.fd}";
mount_root = "/vm";
zfs_root = "zroot/linux/nix/vm";
}
)
)).overrideAttrs
(old: {
buildCommand = ''
${old.buildCommand}
patchShebangs $out
'';
});
qemurc_wrapped =
(pkgs.writeScriptBin "qemurc" ''
#!/usr/bin/env bash
export "PATH=${
lib.makeBinPath [
pkgs.swtpm
pkgs.tmux
]
}:''${PATH}"
exec ${qemurc}/bin/qemurc "''${@}"
'').overrideAttrs
(old: {
buildCommand = ''
${old.buildCommand}
patchShebangs $out
'';
});
in
{ {
imports = [ ]; imports = [ ];
@@ -57,7 +22,6 @@ in
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
qemu qemu
qemurc_wrapped
]; ];
} }
] ]

375
nix/configuration/roles/qemu/files/qemurc.bash
View File

@@ -1,375 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
# Share a host directory to the guest via 9pfs.
#
# Inside the VM run:
# mount -t virtfs -o trans=virtio sharename /some/vm/path
# mount -t 9p -o cache=mmap -o msize=512000 sharename /mnt/9p
# mount -t 9p -o trans=virtio,cache=mmap,msize=512000 bind9p /path/to/mountpoint
# Example usage:
#
# doas qemurc create-disk mint 10
# doas env CD=/vm/iso/linuxmint-22.2-cinnamon-64bit.iso qemurc start mint
# doas qemurc start mint
# doas env WAYLAND_DISPLAY="$XDG_RUNTIME_DIR/$WAYLAND_DISPLAY" XDG_RUNTIME_DIR=/run/user/0 qemurc start mint
: ${VERBOSE:="NO"} # or YES
if [ "$VERBOSE" = "YES" ]; then
set -x
fi
: ${CPU_CORES:="1"}
: ${MEMORY:="1G"}
: ${GTK_ENABLE:="NO"} # Only enable one, either GTK or VNC
: ${VNC_ENABLE:="NO"} # Only enable one, either GTK or VNC
: ${VNC_LISTEN:="127.0.0.1:0"}
: ${VNC_WIDTH:="1920"}
: ${VNC_HEIGHT:="1080"}
: ${AUDIO_ENABLE:="NO"}
: ${TPM_ENABLE:="NO"}
: ${BIND9P:=""}
: "${CD:=}"
: ${SHUTDOWN_TIMEOUT:="600"}
: ${MOUNT_ROOT:="@mount_root@"}
: ${ZFS_ROOT:="@zfs_root@"}
############## Setup #########################
function cleanup {
sync
for p in "${pids[@]}"; do
log "Killing $p"
kill "$p"
log "Killed $p"
done
for vm in "${vms[@]}"; do
log "Stopping $vm"
stop_one "$vm"
log "Stopped $vm"
done
}
pids=()
vms=()
trap "set +e; cleanup" EXIT
function die {
local status_code="$1"
shift
(>&2 echo "${@}")
exit "$status_code"
}
function log {
(>&2 echo "${@}")
}
############## Program #########################
function main {
local cmd
cmd=$1
shift
if [ "$cmd" = "start" ]; then
init
start "${@}"
elif [ "$cmd" = "stop" ]; then
init
stop "${@}"
elif [ "$cmd" = "status" ]; then
init
status "${@}"
elif [ "$cmd" = "console" ]; then
init
console "${@}"
elif [ "$cmd" = "_start_body" ]; then
init
start_body "${@}"
elif [ "$cmd" = "create-disk" ]; then
create_disk "${@}"
else
(>&2 echo "Unknown command: $cmd")
exit 1
fi
}
function start {
local num_vms="$#"
if [ "$num_vms" -eq 0 ]; then
log "No VMs specified."
return 0
fi
while [ "$#" -gt 0 ]; do
local name="$1"
shift 1
log "Starting VM $name."
start_one "$name"
[ "$#" -eq 0 ] || sleep 5
done
}
function start_one {
local name="$1"
local tmux_name="$name"
tmux new-session -d -s "$tmux_name" "$0" "_start_body" "$name"
}
function launch_pidfile {
local pidfile="$1"
shift 1
mkdir -p "$(dirname "$pidfile")"
cat > "${pidfile}" <<< "$$"
set -x
exec "${@}"
}
export -f launch_pidfile
function stop {
local num_vms="$#"
if [ "$num_vms" -eq 0 ]; then
log "No VMs specified."
return 0
fi
while [ "$#" -gt 0 ]; do
local name="$1"
shift 1
log "Stopping VM $name."
stop_one "$name"
[ "$#" -eq 0 ] || sleep 5
done
}
function stop_one {
local name="$1"
local pidfile="/run/qemurc/${name}/pid"
if [ ! -e "$pidfile" ]; then
log "Pid file $pidfile does not exist."
return 0
fi
local qemu_pid
qemu_pid=$(cat "$pidfile")
if ps -p "$qemu_pid" >/dev/null; then
# We cannot send a graceful shutdown command externally to qemu: https://gitlab.com/qemu-project/qemu/-/issues/148
log "Killing ${name}:${qemu_pid}."
kill -SIGTERM "$qemu_pid"
fi
local timeout_start timeout_end
timeout_start=$(date +%s)
while ps -p "$qemu_pid" >/dev/null; do
timeout_end=$(date +%s)
if [ $((timeout_end-timeout_start)) -ge "$SHUTDOWN_TIMEOUT" ]; then
log "${name}:${qemu_pid} took more than $SHUTDOWN_TIMEOUT seconds to shut down. Hard powering down."
break
fi
log "Waiting for ${name}:${qemu_pid} to exit."
sleep 2
done
kill -9 "$qemu_pid"
local timeout_start timeout_end
timeout_start=$(date +%s)
while ps -p "$qemu_pid" >/dev/null; do
timeout_end=$(date +%s)
if [ $((timeout_end-timeout_start)) -ge "$SHUTDOWN_TIMEOUT" ]; then
log "${name}:${qemu_pid} took more than $SHUTDOWN_TIMEOUT seconds to hard power down. Giving up."
break
fi
log "Waiting for ${name}:${qemu_pid} to hard power down."
sleep 2
done
rm -f "$pidfile"
log "Finished stopping $name."
}
function status {
local num_vms="$#"
if [ "$num_vms" -gt 0 ]; then
for name in "$@"; do
status_one "$name"
done
else
log "No VMs specified."
fi
}
function status_one {
local name="$1"
local pidfile="/run/qemurc/${name}/pid"
if [ ! -e "$pidfile" ]; then
log "$name is not running."
return 0
fi
local qemu_pid
qemu_pid=$(cat "$pidfile")
if ! ps -p "$qemu_pid" >/dev/null; then
log "$name is not running."
return 0
fi
log "$name is running as pid $qemu_pid."
}
function console {
local num_vms="$#"
if [ "$num_vms" -gt 0 ]; then
for name in "$@"; do
log "Attaching to console of VM $name."
console_one "$name"
done
else
log "No VMs specified."
fi
}
function console_one {
local name="$1"
local tmux_name="$name"
exec tmux a -t "$tmux_name"
}
function init {
mkdir -p /run/qemurc
}
############## qemu ############################
function create_disk {
local name="$1"
local gigabytes="$2"
local zfs_path="${ZFS_ROOT}/${name}"
local mount_path="${MOUNT_ROOT}/${name}"
zfs create -o mountpoint=none -o canmount=off "$zfs_path"
zfs create -o "mountpoint=$mount_path" -o canmount=on "$zfs_path/settings"
zfs create -s "-V${gigabytes}G" -o volmode=dev -o primarycache=metadata -o secondarycache=none "$zfs_path/disk0"
zfs snapshot -r "$zfs_path@empty"
install -m0600 "@OVMFfd@/FV/OVMF_VARS.fd" "${mount_path}/"
tee "${mount_path}/settings" <<EOF
CPU_CORES="$CPU_CORES"
MEMORY="$MEMORY"
GTK_ENABLE="$GTK_ENABLE"
VNC_ENABLE="$VNC_ENABLE"
VNC_LISTEN="$VNC_LISTEN"
VNC_WIDTH="$VNC_WIDTH"
VNC_HEIGHT="$VNC_HEIGHT"
AUDIO_ENABLE="$AUDIO_ENABLE"
TPM_ENABLE="$TPM_ENABLE"
BIND9P="$BIND9P"
EOF
}
function start_body {
local name="$1"
local zfs_path="${ZFS_ROOT}/${name}"
local mount_path="${MOUNT_ROOT}/${name}"
local run_path="/run/qemurc/${name}"
local mount_cd="$CD"
local swtpm_sock="${run_path}/swtpm.sock"
local swtpm_path="${MOUNT_ROOT}/${name}/swtpm"
install -d -m 0700 "$run_path"
if [ -e "${mount_path}/settings" ]; then
source "${mount_path}/settings"
fi
local additional_args=()
if [ -n "$BIND9P" ]; then
additional_args+=(-device "virtio-9p-type,fsdev=${BIND9P},mount_tag=bind9p")
fi
if [ -n "$mount_cd" ]; then
additional_args+=(-cdrom "$mount_cd")
fi
if [ "$VNC_ENABLE" = "YES" ]; then
additional_args+=(-vnc "${VNC_LISTEN},power-control=on")
fi
if [ "$AUDIO_ENABLE" = "YES" ]; then
additional_args+=(-audio "driver=pa,model=virtio,server=/run/user/11235/pulse/native")
fi
if [ "$TPM_ENABLE" = "YES" ]; then
install -d -m 0700 "$swtpm_path"
swtpm socket --tpm2 --tpmstate dir="$swtpm_path" --ctrl type=unixio,path="$swtpm_sock" &
local tpm_pid=$!
pids+=("$tpm_pid")
additional_args+=(-chardev "socket,id=chrtpm,path=$swtpm_sock"
-tpmdev "emulator,id=tpm0,chardev=chrtpm"
-device "tpm-tis,tpmdev=tpm0")
fi
if [ "$GTK_ENABLE" = "YES" ]; then
additional_args+=(
-device 'virtio-gpu-gl,hostmem=8G,blob=true,venus=true'
-display 'gtk,gl=on'
-vga virtio
)
fi
vms+=("$name")
local pidfile="/run/qemurc/${name}/pid"
local launch_cmd=()
launch_cmd+=(
launch_pidfile "$pidfile"
qemu-system-x86_64
-accel kvm
-cpu host
-smp cores="$CPU_CORES"
-m "$MEMORY"
-rtc base=localtime
-drive "file=\"@OVMFfd@/FV/OVMF_CODE.fd\",if=pflash,format=raw,readonly=on"
-drive "if=pflash,format=raw,file=\"$(readlink -f "${mount_path}/OVMF_VARS.fd")\""
-drive "if=none,file=/dev/zvol/${zfs_path}/disk0,format=raw,id=hd0"
-device 'nvme,serial=deadbeef,drive=hd0'
-nic 'user,hostfwd=tcp::60022-:22'
-boot order=d
"${additional_args[@]}"
)
set +e
rm -f "$pidfile"
(
IFS=$' \n\t'
set -ex
bash -c "${launch_cmd[*]}"
)
local exit_code=$?
log "Exit code ${exit_code}"
set -e
}
main "${@}"

28
nix/configuration/roles/rpcs3/default.nix
View File

@@ -70,25 +70,15 @@ in
} }
]; ];
me.install.user.talexander.file = { home-manager.users.talexander =
".config/rpcs3/config.yml" = lib.mkIf (config.me.rpcs3.config != null) { { pkgs, ... }:
{
home.file.".config/rpcs3/config.yml" = lib.mkIf (config.me.rpcs3.config != null) {
source = rpcs3_config_yaml; source = rpcs3_config_yaml;
}; };
".config/rpcs3/GuiConfigs/CurrentSettings.ini" = { home.file.".config/rpcs3/GuiConfigs/CurrentSettings.ini" = {
source = ./files/CurrentSettings.ini; source = ./files/CurrentSettings.ini;
}; };
".config/rpcs3/custom_configs/config_BLUS30443.yml" = {
# Demon's Souls per-game config.
source = ./files/config_BLUS30443.yml;
};
".config/rpcs3/patches/patch.yml" = {
# All of the available patches.
source = ./files/patch.yml;
};
".config/rpcs3/patch_config.yml" = {
# Patches that I have enabled.
source = ./files/patch_config.yml;
};
}; };
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
@@ -156,13 +146,6 @@ in
mode = "0755"; mode = "0755";
}; };
} }
{
# Netplay (RPCN) config and credentials
file = ".config/rpcs3/rpcn.yml";
parentDirectory = {
mode = "0755";
};
}
]; ];
}; };
}; };
@@ -172,6 +155,7 @@ in
users.talexander = { users.talexander = {
directories = [ directories = [
{ {
# Game saves
directory = ".cache/rpcs3"; directory = ".cache/rpcs3";
user = "talexander"; user = "talexander";
group = "talexander"; group = "talexander";

14
nix/configuration/roles/rpcs3/files/config_BLUS30443.yml
View File

@@ -1,14 +0,0 @@
Core:
SPU Block Size: Safe
Video:
Write Color Buffers: true
Minimum Scalable Dimension: 640
Net:
Internet enabled: Connected
IP address: 0.0.0.0
Bind address: 0.0.0.0
DNS address: 8.8.8.8
IP swap list: "ds-eu-c.scej-online.jp=206.189.232.242&&ds-eu-g.scej-online.jp=206.189.232.242&&c.demons-souls.com=206.189.232.242&&g.demons-souls.com=206.189.232.242&&cmnap.scej-online.jp=206.189.232.242&&demons-souls.scej-online.jp=206.189.232.242"
UPNP Enabled: false
PSN status: RPCN
PSN Country: us

24771
nix/configuration/roles/rpcs3/files/patch.yml
View File

File diff suppressed because it is too large Load Diff

6
nix/configuration/roles/rpcs3/files/patch_config.yml
View File

@@ -1,6 +0,0 @@
PPU-83681f6110d33442329073b72b8dc88a2f677172:
Unlock FPS:
Demon's Souls:
BLUS30443:
01.00:
Enabled: true

6
nix/configuration/roles/rust/default.nix
View File

@@ -48,7 +48,10 @@ in
# ? cargo-public-api # ? cargo-public-api
]; ];
me.install.user.talexander.file = { home-manager.users.talexander =
{ pkgs, ... }:
{
home.file = {
".cargo/config.toml" = { ".cargo/config.toml" = {
source = ./files/cargo_config.toml; source = ./files/cargo_config.toml;
}; };
@@ -56,6 +59,7 @@ in
source = ./files/rustup_settings.toml; source = ./files/rustup_settings.toml;
}; };
}; };
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true; hideMounts = true;

14
nix/configuration/roles/rust/files/cargo_config.toml
View File

@@ -1,12 +1,12 @@
# [target.x86_64-unknown-linux-gnu] [target.x86_64-unknown-linux-gnu]
# rustflags = ["-C", "target-cpu=native", "-Zthreads=0"] rustflags = ["-C", "target-cpu=native", "-Zthreads=0"]
# [unstable] [unstable]
# codegen-backend = true codegen-backend = true
# [profile.dev] [profile.dev]
# codegen-backend = "cranelift" codegen-backend = "cranelift"
[profile.dev.package."*"] [profile.dev.package."*"]
# codegen-backend = "llvm" codegen-backend = "llvm"
opt-level = 3 opt-level = 3

29
nix/configuration/roles/sequoia/default.nix
View File

@@ -1,29 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
sequoia.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install sequoia.";
};
};
config = lib.mkIf config.me.sequoia.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
sequoia-sq
];
}
]
);
}

110
nix/configuration/roles/shadps4/default.nix
View File

@@ -1,110 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
shadps4.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install shadps4.";
};
};
config = lib.mkIf config.me.shadps4.enable (
lib.mkMerge [
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
shadps4
];
me.install.user.talexander.file = {
".local/share/shadPS4/config.toml" = {
source = ./files/config.toml;
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
# Location of ROMs.
directory = ".local/share/shadPS4/games";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Firmware.
directory = ".local/share/shadPS4/sys_modules";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# Game saves.
directory = ".local/share/shadPS4/savedata";
user = "talexander";
group = "talexander";
mode = "0755";
}
{
# DLC.
directory = ".local/share/shadPS4/addcont";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
files = [
{
# play times and recently played
file = ".local/share/shadPS4/play_time.txt";
parentDirectory = {
mode = "0755";
};
}
];
};
};
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
# Cache.
directory = ".local/share/shadPS4/data";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
nixpkgs.overlays = [
(final: prev: {
shadps4 = prev.shadps4.overrideAttrs (old: {
version = "0.9.0";
src = final.fetchFromGitHub {
owner = "AzaharPlus";
repo = "shadPS4Plus";
tag = "SHADPS4PLUS_0_9_0_A";
hash = "sha256-ZwP+bOE4roWt51Ii53blDZzdq/SxK4Q69I4rLCNARLA=";
fetchSubmodules = true;
};
});
})
];
})
]
);
}

15
nix/configuration/roles/shadps4/files/config.toml
View File

@@ -1,15 +0,0 @@
[General]
# Without this, we get:
# /run/current-system/sw/bin/xdg-mime: line 1002: /nix/store/wd9bigydk9x8bsvnslrvb5klbgmh98v5-hm_mimeapps.list.new: Read-only file system
enableDiscordRPC = false
[GUI]
addonInstallDir = "/home/talexander/.local/share/shadPS4/addcont"
installDirs = ["/home/talexander/.local/share/shadPS4/games"]
installDirsEnabled = [true]
# Without the geometry settings shadps4 crashes instantly with a floating point error.
geometry_h = 981
geometry_w = 748
geometry_x = 0
geometry_y = 0

6
nix/configuration/roles/shikane/default.nix
View File

@@ -36,11 +36,15 @@ in
exec_shikane exec_shikane
]; ];
me.install.user.talexander.file = { home-manager.users.talexander =
{ pkgs, ... }:
{
home.file = {
".config/shikane/config.toml" = { ".config/shikane/config.toml" = {
source = ./files/config.toml; source = ./files/config.toml;
}; };
}; };
};
}) })
] ]
); );

12
nix/configuration/roles/shikane/files/config.toml
View File

@@ -1,15 +1,3 @@
[[profile]]
name = "laptop"
[[profile.output]]
enable = true
search = ["m=0x0BCA", "s=", "v=BOE"]
mode = "2256x1504@59.999Hz"
position = "0,0"
scale = 1.5
transform = "normal"
adaptive_sync = false
[[profile]] [[profile]]
name = "homedesk" name = "homedesk"
exec = ["notify-send shikane \"Profile $SHIKANE_PROFILE_NAME has been applied\""] exec = ["notify-send shikane \"Profile $SHIKANE_PROFILE_NAME has been applied\""]

49
nix/configuration/roles/spaghettikart/default.nix
View File

@@ -1,49 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
spaghettikart.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install spaghettikart.";
};
};
config = lib.mkIf config.me.spaghettikart.enable (
lib.mkMerge [
{
allowedUnfree = [ "spaghettikart" ];
}
(lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [
spaghettikart
];
me.install.user.talexander.file = {
".local/share/spaghettikart/spaghettify.cfg.json" = {
source = ./files/spaghettify.cfg.json;
method = "overwrite";
};
};
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
files = [
".local/share/spaghettikart/default.sav"
".local/share/spaghettikart/mk64.o2r"
];
};
};
})
]
);
}

14
nix/configuration/roles/spaghettikart/files/spaghettify.cfg.json
View File

@@ -1,14 +0,0 @@
{
"CVars": {
"gDisableLod": 1,
"gMSAAValue": 2,
"gShowSpaghettiVersion": 0,
"gSkipIntro": 1,
"gVsyncEnabled": 1
},
"Window": {
"Fullscreen": {
"Enabled": true
}
}
}

19
nix/configuration/roles/ssh/default.nix
View File

@@ -27,14 +27,19 @@
}; };
}; };
me.install.user.root.file = { home-manager.users.talexander =
".ssh/config" = { { pkgs, ... }:
source = ./files/ssh_config_root; {
}; home.file.".ssh/config" = {
};
me.install.user.talexander.file = {
".ssh/config" = {
source = ./files/ssh_config; source = ./files/ssh_config;
}; };
}; };
home-manager.users.root =
{ pkgs, ... }:
{
home.file.".ssh/config" = {
source = ./files/ssh_config_root;
};
};
} }

12
nix/configuration/roles/sway/default.nix
View File

@@ -376,18 +376,26 @@ in
}; };
}; };
me.install.user.talexander.file = { home-manager.users.talexander =
".config/mimeapps.list" = { { pkgs, ... }:
{
home.file = {
# Configure default programs (for example, default browser) # Configure default programs (for example, default browser)
".config/mimeapps.list" = {
source = ./files/mimeapps.list; source = ./files/mimeapps.list;
}; };
};
home.file = {
".config/gtk-3.0/settings.ini" = { ".config/gtk-3.0/settings.ini" = {
source = ./files/settings.ini; source = ./files/settings.ini;
}; };
};
home.file = {
".icons/default" = { ".icons/default" = {
source = "${pkgs.adwaita-icon-theme}/share/icons/Adwaita"; source = "${pkgs.adwaita-icon-theme}/share/icons/Adwaita";
}; };
}; };
};
# For mounting drives in pcmanfm # For mounting drives in pcmanfm
services.gvfs.enable = true; services.gvfs.enable = true;

33
nix/configuration/roles/uutils/default.nix
View File

@@ -1,33 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
uutils.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to replace GNU coreutils with uutils (a rust drop-in replacement).";
};
};
config = lib.mkIf config.me.uutils.enable (
lib.mkMerge [
{
# environment.corePackages automatically installes coreutils-full, so merely installing uutils-coreutils-noprefix is insufficient for replacing GNU coreutils.
nixpkgs.overlays = [
(final: prev: {
coreutils = final.uutils-coreutils-noprefix;
coreutils-full = final.uutils-coreutils-noprefix;
})
];
}
]
);
}

8
nix/configuration/roles/vscode/default.nix
View File

@@ -48,11 +48,13 @@
}) })
]; ];
me.install.user.talexander.file = { home-manager.users.talexander =
".config/Code/User/settings.json" = { { pkgs, ... }:
{
home.file.".config/Code/User/settings.json" = {
source = ./files/settings.json; source = ./files/settings.json;
}; };
".config/Code/User/keybindings.json" = { home.file.".config/Code/User/keybindings.json" = {
source = ./files/keybindings.json; source = ./files/keybindings.json;
}; };
}; };

Some files were not shown because too many files have changed in this diff Show More