talexander/machine_setup
1
0
Fork 0
Code Issues Pull Requests Releases Activity

Compare commits

base: talexander:yubipi
Branches Tags
talexander:main talexander:kubernetes talexander:nix talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook
..
compare: talexander:starship
Branches Tags
talexander:kubernetes talexander:nix talexander:main talexander:mt7927 talexander:yubipi talexander:upstream_amd_debug_tools talexander:install_files_mixin talexander:starship talexander:pixelbook

3 Commits
yubipi ... starship

Author SHA1 Message Date
Tom Alexander
9513882870 Still not working. 2025-01-27 20:38:45 -05:00
Tom Alexander
71a6843b37 Same issue with package based on 2ship2harkinian. 2025-01-27 19:26:38 -05:00
Tom Alexander
7d9d1ca80e Add a package for starship (Star Fox 64). 2025-01-27 19:26:38 -05:00
233 changed files with 1377 additions and 36840 deletions
Expand all files Collapse all files

1
ansible/roles/base/files/gitconfig_home
View File

@@ -8,7 +8,6 @@
lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
bh = log --oneline --branches=* --remotes=* --graph --decorate bh = log --oneline --branches=* --remotes=* --graph --decorate
amend = commit --amend --no-edit amend = commit --amend --no-edit
authorcount = shortlog --summary --numbered --all --no-merges
[core] [core]
excludesfile = ~/.gitignore_global excludesfile = ~/.gitignore_global
[commit] [commit]

1
ansible/roles/base/files/gitconfig_work
View File

@@ -8,7 +8,6 @@
lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
bh = log --oneline --branches=* --remotes=* --graph --decorate bh = log --oneline --branches=* --remotes=* --graph --decorate
amend = commit --amend --no-edit amend = commit --amend --no-edit
authorcount = shortlog --summary --numbered --all --no-merges
[core] [core]
excludesfile = ~/.gitignore_global excludesfile = ~/.gitignore_global
[commit] [commit]

2
ansible/roles/sshd/files/keys/yubikey.pub
View File

@@ -1 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky cardno:000611194908

1
nix/configuration/.gitignore vendored
View File

@@ -1 +0,0 @@
result

154
nix/configuration/configuration.nix
View File

@@ -2,88 +2,67 @@
config, config,
lib, lib,
pkgs, pkgs,
home-manager,
... ...
}: }:
{ {
imports = [ imports = [
./roles/2ship2harkinian ./roles/reset
./roles/alacritty
./roles/amd_s2idle
./roles/ansible
./roles/ares
./roles/bluetooth
./roles/boot
./roles/chromecast
./roles/chromium
./roles/d2
./roles/direnv
./roles/distributed_build
./roles/docker
./roles/ecc
./roles/emacs
./roles/emulate_isa
./roles/firefox
./roles/firewall
./roles/flux
./roles/fonts
./roles/gcloud
./roles/git
./roles/global_options ./roles/global_options
./roles/gnuplot ./util/unfree_polyfill
./roles/gpg
./roles/graphics
./roles/hydra
./roles/iso ./roles/iso
./roles/iso_mount "${
builtins.fetchTarball {
url = "https://github.com/nix-community/disko/archive/refs/tags/v1.9.0.tar.gz";
sha256 = "0j76ar4qz320fakdii4659w5lww8wiz6yb7g47npywqvf2lbp388";
}
}/module.nix"
./roles/boot
./roles/zfs
./roles/network
./roles/firewall
./roles/zsh
./roles/zrepl
./roles/graphics
./roles/sound
./roles/sway
./roles/kanshi ./roles/kanshi
./roles/kodi ./roles/alacritty
./roles/firefox
./roles/chromium
./roles/emacs
./roles/git
./roles/fonts
./roles/gpg
./roles/waybar
./roles/qemu
./roles/wireguard
./roles/ares
./roles/ssh
./roles/python
./roles/docker
./roles/kubernetes ./roles/kubernetes
./roles/rust
./roles/media
./roles/steam
./roles/latex ./roles/latex
./roles/launch_keyboard ./roles/launch_keyboard
./roles/lvfs ./roles/lvfs
./roles/media
./roles/memtest86
./roles/network
./roles/nix_index
./roles/nix_worker
./roles/nvme ./roles/nvme
./roles/openpgp_card_tools
./roles/optimized_build
./roles/pcsx2
./roles/podman
./roles/python
./roles/qemu
./roles/reset
./roles/rpcs3
./roles/rust
./roles/sequoia
./roles/shadps4
./roles/shikane
./roles/shipwright
./roles/sm64ex
./roles/sops
./roles/sound
./roles/spaghettikart
./roles/ssh
./roles/steam
./roles/steam_run_free
./roles/sway
./roles/tekton
./roles/terraform ./roles/terraform
./roles/thunderbolt
./roles/uutils
./roles/vnc_client
./roles/vscode ./roles/vscode
./roles/wasm ./roles/wasm
./roles/waybar ./roles/vnc_client
./roles/wireguard ./roles/chromecast
./roles/yubikey ./roles/memtest86
./roles/zfs ./roles/kodi
./roles/zrepl ./roles/ansible
./roles/zsh ./roles/bluetooth
./util/install_files ./roles/sm64ex
./util/unfree_polyfill ./roles/shipwright
./roles/2ship2harkinian
./roles/nix_index
]; ];
nix.settings.experimental-features = [ nix.settings.experimental-features = [
@@ -95,20 +74,6 @@
# boot.kernelPackages = pkgs.linuxPackages_6_11; # boot.kernelPackages = pkgs.linuxPackages_6_11;
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
# Use nixos-rebuild-ng
# system.rebuild.enableNg = true;
# Keep outputs so we can build offline.
nix.extraOptions = ''
keep-outputs = true
keep-derivations = true
substitute = false
'';
# Technically only needed when building the ISO because nix detects ZFS in the filesystem list normally. I basically always want this so I'm just setting it to always be on.
boot.supportedFilesystems.zfs = true;
# TODO: Is this different from boot.supportedFilesystems = [ "zfs" ]; ?
services.getty = { services.getty = {
autologinUser = "talexander"; # I use full disk encryption so the user password is irrelevant. autologinUser = "talexander"; # I use full disk encryption so the user password is irrelevant.
autologinOnce = true; autologinOnce = true;
@@ -126,24 +91,34 @@
# Generate with `mkpasswd -m scrypt` # Generate with `mkpasswd -m scrypt`
hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48"; hashedPassword = "$7$CU..../....VXvNQ8za3wSGpdzGXNT50/$HcFtn/yvwPMCw4888BelpiAPLAxe/zU87fD.d/N6U48";
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID0+4zi26M3eYWnIrciR54kOlGxzfgCXG+o4ea1zpzrk openpgp:0x7FF123C8" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGu+k5lrirokdW5zVdRVBOqEOAvAPlIkG/MdJNc9g5ky"
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo=" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIEI6mu6I5Jp+Ib0vJxapGHbEShZjyvzV8jz5DnzDrI39AAAABHNzaDo="
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo=" "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIAFNcSXwvy+brYTOGo56G93Ptuq2MmZsjvRWAfMqbmMLAAAABHNzaDo="
]; ];
}; };
users.groups.talexander.gid = 11235; users.groups.talexander.gid = 11235;
home-manager.users.talexander =
{ pkgs, ... }:
{
home.packages = [
pkgs.atool
pkgs.httpie
];
programs.bash.enable = true;
# The state version is required and should stay at the version you
# originally installed.
home.stateVersion = "24.11";
};
# Automatic garbage collection # Automatic garbage collection
nix.gc = lib.mkIf (!config.me.buildingIso) { nix.gc = lib.mkIf (!config.me.buildingIso) {
# Runs nix-collect-garbage --delete-older-than 5d # Runs nix-collect-garbage --delete-older-than 5d
automatic = true; automatic = true;
persistent = true; randomizedDelaySec = "14m";
dates = "monthly";
# randomizedDelaySec = "14m";
options = "--delete-older-than 30d"; options = "--delete-older-than 30d";
}; };
nix.settings.auto-optimise-store = !config.me.buildingIso; nix.settings.auto-optimise-store = !config.me.buildingIso;
nix.settings.substituters = lib.mkForce [ ];
# Use doas instead of sudo # Use doas instead of sudo
security.doas.enable = true; security.doas.enable = true;
@@ -169,7 +144,7 @@
pciutils # for lspci pciutils # for lspci
ripgrep ripgrep
strace strace
# ltrace # Disabled because it uses more than 48GB of /tmp space during test phase. ltrace
trace-cmd # ftrace trace-cmd # ftrace
tcpdump tcpdump
git-crypt git-crypt
@@ -177,13 +152,6 @@
ncdu ncdu
nix-tree nix-tree
libarchive # bsdtar libarchive # bsdtar
lsof
doas-sudo-shim # To support --sudo for remote builds
dmidecode # Read SMBIOS information.
ipcalc
gptfdisk # for cgdisk
nix-output-monitor # For better view into nixos-rebuild
nix-serve-ng # Serve nix store over http
]; ];
services.openssh = { services.openssh = {

181
nix/configuration/flake.lock generated
View File

@@ -1,5 +1,23 @@
{ {
"nodes": { "nodes": {
"ansible-sshjail": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1,
"narHash": "sha256-c4Ds4E/10Zj5AQLuJ3JvJTuDK8o2WjVXLcIL7eyhTfw=",
"path": "flakes/ansible-sshjail",
"type": "path"
},
"original": {
"path": "flakes/ansible-sshjail",
"type": "path"
}
},
"crane": { "crane": {
"locked": { "locked": {
"lastModified": 1731098351, "lastModified": 1731098351,
@@ -15,26 +33,6 @@
"type": "github" "type": "github"
} }
}, },
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1758287904,
"narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=",
"owner": "nix-community",
"repo": "disko",
"rev": "67ff9807dd148e704baadbd4fd783b54282ca627",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
@@ -72,6 +70,42 @@
"type": "github" "type": "github"
} }
}, },
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gitignore": { "gitignore": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -94,6 +128,26 @@
"type": "github" "type": "github"
} }
}, },
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1737762889,
"narHash": "sha256-5HGG09bh/Yx0JA8wtBMAzt0HMCL1bYZ93x4IqzVExio=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "daf04c5950b676f47a794300657f1d3d14c1a120",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1737831083, "lastModified": 1737831083,
@@ -137,11 +191,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1759381078, "lastModified": 1737885589,
"narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=", "narHash": "sha256-Zf0hSrtzaM1DEz8//+Xs51k/wdSajticVrATqDrfQjg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee", "rev": "852ff1d9e153d8875a83602e03fdef8a63f0ecf8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -151,19 +205,19 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-dda3dcd3f": { "nixpkgs-b93b4e9b5": {
"locked": { "locked": {
"lastModified": 1746663147, "lastModified": 1713721570,
"narHash": "sha256-Ua0drDHawlzNqJnclTJGf87dBmaO/tn7iZ+TCkTRpRc=", "narHash": "sha256-R0s+O5UjTePQRb72XPgtkTmEiOOW8n+1q9Gxt/OJnKU=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54", "rev": "b93b4e9b527904aadf52dba6ca35efde2067cbd4",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "dda3dcd3fe03e991015e9a74b22d35950f264a54", "rev": "b93b4e9b527904aadf52dba6ca35efde2067cbd4",
"type": "github" "type": "github"
} }
}, },
@@ -183,22 +237,6 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-unoptimized": {
"locked": {
"lastModified": 1759381078,
"narHash": "sha256-gTrEEp5gEspIcCOx9PD8kMaF1iEmfBcTbO0Jag2QhQs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "7df7ff7d8e00218376575f0acdcc5d66741351ee",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"pre-commit-hooks-nix": { "pre-commit-hooks-nix": {
"inputs": { "inputs": {
"flake-compat": [ "flake-compat": [
@@ -228,12 +266,13 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"disko": "disko", "ansible-sshjail": "ansible-sshjail",
"home-manager": "home-manager",
"impermanence": "impermanence", "impermanence": "impermanence",
"lanzaboote": "lanzaboote", "lanzaboote": "lanzaboote",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-dda3dcd3f": "nixpkgs-dda3dcd3f", "nixpkgs-b93b4e9b5": "nixpkgs-b93b4e9b5",
"nixpkgs-unoptimized": "nixpkgs-unoptimized" "zsh-histdb": "zsh-histdb"
} }
}, },
"rust-overlay": { "rust-overlay": {
@@ -256,6 +295,54 @@
"repo": "rust-overlay", "repo": "rust-overlay",
"type": "github" "type": "github"
} }
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"zsh-histdb": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1,
"narHash": "sha256-5DWw7GnwVZ98HUp/UUJcyUmmy9Bh/mcQB8MQQ0t3ZRo=",
"path": "flakes/zsh-histdb",
"type": "path"
},
"original": {
"path": "flakes/zsh-histdb",
"type": "path"
}
} }
}, },
"root": "root", "root": "root",

225
nix/configuration/flake.nix
View File

@@ -3,7 +3,7 @@
# output: result/iso/nixos.iso # output: result/iso/nixos.iso
# Run the ISO image # Run the ISO image
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \ # "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \
# -accel kvm \ # -accel kvm \
# -cpu host \ # -cpu host \
# -smp cores=8 \ # -smp cores=8 \
@@ -12,7 +12,7 @@
# -drive if=pflash,format=raw,file="/tmp/OVMF_VARS.fd" \ # -drive if=pflash,format=raw,file="/tmp/OVMF_VARS.fd" \
# -nic user,hostfwd=tcp::60022-:22 \ # -nic user,hostfwd=tcp::60022-:22 \
# -boot order=d \ # -boot order=d \
# -cdrom "$(readlink -f ./result/iso/nixos*.iso)" \ # -cdrom "$(readlink -f ./result/iso/nixos.iso)" \
# -display vnc=127.0.0.1:0 # -display vnc=127.0.0.1:0
# #
# doas cp "$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF_VARS.fd" /tmp/OVMF_VARS.fd # doas cp "$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF_VARS.fd" /tmp/OVMF_VARS.fd
@@ -25,32 +25,31 @@
# iso.odo.isoName == "nixos.iso" # iso.odo.isoName == "nixos.iso"
# full path = <outPath> / iso / <isoName> # full path = <outPath> / iso / <isoName>
#
# Install on a new machine:
#
#
# doas nix --substituters "http://10.0.2.2:8080?trusted=1 https://cache.nixos.org/" --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount hosts/odo/disk-config.nix
# for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
# nixos-install --substituters "http://10.0.2.2:8080?trusted=1 https://cache.nixos.org/" --flake ".#vm_ionlybootzfs"
#
{ {
description = "My system configuration"; description = "My system configuration";
inputs = { inputs = {
impermanence.url = "github:nix-community/impermanence"; impermanence.url = "github:nix-community/impermanence";
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-dda3dcd3f.url = "github:NixOS/nixpkgs/dda3dcd3fe03e991015e9a74b22d35950f264a54"; nixpkgs-b93b4e9b5.url = "github:NixOS/nixpkgs/b93b4e9b527904aadf52dba6ca35efde2067cbd4";
nixpkgs-unoptimized.url = "github:NixOS/nixpkgs/nixos-unstable"; home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
lanzaboote = { lanzaboote = {
url = "github:nix-community/lanzaboote/v0.4.2"; url = "github:nix-community/lanzaboote/v0.4.2";
# Optional but recommended to limit the size of your system closure. # Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
disko = { zsh-histdb = {
url = "github:nix-community/disko"; url = "path:flakes/zsh-histdb";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs";
};
ansible-sshjail = {
url = "path:flakes/ansible-sshjail";
# Optional but recommended to limit the size of your system closure.
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
}; };
@@ -59,35 +58,54 @@
{ {
self, self,
nixpkgs, nixpkgs,
nixpkgs-unoptimized, nixpkgs-b93b4e9b5,
nixpkgs-dda3dcd3f,
impermanence, impermanence,
home-manager,
lanzaboote, lanzaboote,
zsh-histdb,
ansible-sshjail,
... ...
}@inputs: }@inputs:
let let
base_x86_64_linux = rec { base_x86_64_linux = rec {
system = "x86_64-linux"; system = "x86_64-linux";
specialArgs = { specialArgs = {
pkgs-dda3dcd3f = import nixpkgs-dda3dcd3f { pkgs-b93b4e9b5 = import nixpkgs-b93b4e9b5 {
inherit system; inherit system;
}; };
pkgs-unoptimized = import nixpkgs-unoptimized {
inherit system;
hostPlatform.gcc.arch = "default";
hostPlatform.gcc.tune = "default";
};
}; };
modules = [ modules = [
impermanence.nixosModules.impermanence impermanence.nixosModules.impermanence
home-manager.nixosModules.home-manager
lanzaboote.nixosModules.lanzaboote lanzaboote.nixosModules.lanzaboote
inputs.disko.nixosModules.disko {
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
}
{
nixpkgs.overlays = [
zsh-histdb.overlays.default
ansible-sshjail.overlays.default
];
}
./configuration.nix ./configuration.nix
]; ];
}; };
systems = systems = {
let odo = {
additional_iso_modules = [ main = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [
./hosts/odo
];
}
);
iso = nixpkgs.lib.nixosSystem (
base_x86_64_linux
// {
modules = base_x86_64_linux.modules ++ [
./hosts/odo
(nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix") (nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
# TODO: Figure out how to do image based appliances # TODO: Figure out how to do image based appliances
# (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix") # (nixpkgs + "/nixos/modules/profiles/image-based-appliance.nix")
@@ -95,148 +113,41 @@
isoImage.makeEfiBootable = true; isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true; isoImage.makeUsbBootable = true;
me.buildingIso = true; me.buildingIso = true;
me.optimizations.enable = nixpkgs.lib.mkForce false;
}
{
# These are big space hogs. The chance that I need them on an ISO is slim.
me.steam.enable = nixpkgs.lib.mkForce false;
me.pcsx2.enable = nixpkgs.lib.mkForce false;
} }
]; ];
additional_vm_modules = [
(nixpkgs + "/nixos/modules/profiles/qemu-guest.nix")
{
networking.dhcpcd.enable = true;
networking.useDHCP = true;
me.optimizations.enable = nixpkgs.lib.mkForce false;
} }
{ );
# I don't need games on a virtual machine.
me.steam.enable = nixpkgs.lib.mkForce false;
me.pcsx2.enable = nixpkgs.lib.mkForce false;
me.sm64ex.enable = nixpkgs.lib.mkForce false;
me.shipwright.enable = nixpkgs.lib.mkForce false;
me.ship2harkinian.enable = nixpkgs.lib.mkForce false;
}
];
in
{
odo = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/odo
];
}; };
iso = main // { neelix = {
modules = main.modules ++ additional_iso_modules; main = nixpkgs.lib.nixosSystem (
}; base_x86_64_linux
vm = main // { // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
quark = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/quark
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
neelix = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [ modules = base_x86_64_linux.modules ++ [
./hosts/neelix ./hosts/neelix
]; ];
}; }
iso = main // { );
modules = main.modules ++ additional_iso_modules; iso = nixpkgs.lib.nixosSystem (
}; base_x86_64_linux
vm = main // { // {
modules = main.modules ++ additional_vm_modules; modules = base_x86_64_linux.modules ++ [
}; ./hosts/neelix
vm_iso = main // { (nixpkgs + "/nixos/modules/installer/cd-dvd/iso-image.nix")
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
hydra =
let
hydra_additional_iso_modules = additional_iso_modules ++ [
{ {
me.optimizations.enable = true; isoImage.makeEfiBootable = true;
isoImage.makeUsbBootable = true;
me.buildingIso = true;
} }
]; ];
in }
rec { );
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/hydra
];
}; };
iso = main // {
modules = main.modules ++ hydra_additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ hydra_additional_iso_modules;
};
};
ionlybootzfs = rec {
main = base_x86_64_linux // {
modules = base_x86_64_linux.modules ++ [
./hosts/ionlybootzfs
];
};
iso = main // {
modules = main.modules ++ additional_iso_modules;
};
vm = main // {
modules = main.modules ++ additional_vm_modules;
};
vm_iso = main // {
modules = main.modules ++ additional_vm_modules ++ additional_iso_modules;
};
};
}; };
in in
{ {
nixosConfigurations.odo = nixpkgs.lib.nixosSystem systems.odo.main; nixosConfigurations.odo = systems.odo.main;
iso.odo = (nixpkgs.lib.nixosSystem systems.odo.iso).config.system.build.isoImage; iso.odo = systems.odo.iso.config.system.build.isoImage;
nixosConfigurations.vm_odo = nixpkgs.lib.nixosSystem systems.odo.vm; nixosConfigurations.neelix = systems.neelix.main;
vm_iso.odo = (nixpkgs.lib.nixosSystem systems.odo.vm_iso).config.system.build.isoImage; iso.neelix = systems.neelix.iso.config.system.build.isoImage;
nixosConfigurations.quark = nixpkgs.lib.nixosSystem systems.quark.main;
iso.quark = (nixpkgs.lib.nixosSystem systems.quark.iso).config.system.build.isoImage;
nixosConfigurations.vm_quark = nixpkgs.lib.nixosSystem systems.quark.vm;
vm_iso.quark = (nixpkgs.lib.nixosSystem systems.quark.vm_iso).config.system.build.isoImage;
nixosConfigurations.neelix = nixpkgs.lib.nixosSystem systems.neelix.main;
iso.neelix = (nixpkgs.lib.nixosSystem systems.neelix.iso).config.system.build.isoImage;
nixosConfigurations.vm_neelix = nixpkgs.lib.nixosSystem systems.neelix.vm;
vm_iso.neelix = (nixpkgs.lib.nixosSystem systems.neelix.vm_iso).config.system.build.isoImage;
nixosConfigurations.hydra = nixpkgs.lib.nixosSystem systems.hydra.main;
iso.hydra = (nixpkgs.lib.nixosSystem systems.hydra.iso).config.system.build.isoImage;
nixosConfigurations.vm_hydra = nixpkgs.lib.nixosSystem systems.hydra.vm;
vm_iso.hydra = (nixpkgs.lib.nixosSystem systems.hydra.vm_iso).config.system.build.isoImage;
nixosConfigurations.ionlybootzfs = nixpkgs.lib.nixosSystem systems.ionlybootzfs.main;
iso.ionlybootzfs = (nixpkgs.lib.nixosSystem systems.ionlybootzfs.iso).config.system.build.isoImage;
nixosConfigurations.vm_ionlybootzfs = nixpkgs.lib.nixosSystem systems.ionlybootzfs.vm;
vm_iso.ionlybootzfs =
(nixpkgs.lib.nixosSystem systems.ionlybootzfs.vm_iso).config.system.build.isoImage;
}; };
} }

61
nix/configuration/flakes/ansible-sshjail/flake.lock generated Normal file
View File

@@ -0,0 +1,61 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735141468,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

34
nix/configuration/flakes/ansible-sshjail/flake.nix Normal file
View File

@@ -0,0 +1,34 @@
{
description = "A slightly better history for zsh";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
inputs.flake-utils.url = "github:numtide/flake-utils";
outputs =
{
self,
nixpkgs,
flake-utils,
...
}:
let
out =
system:
let
pkgs = nixpkgs.legacyPackages.${system};
# Maybe pkgs = import nixpkgs { inherit system; }; ?
appliedOverlay = self.overlays.default pkgs pkgs;
in
{
packages = rec {
default = ansible-sshjail;
ansible-sshjail = appliedOverlay.ansible-sshjail;
};
};
in
flake-utils.lib.eachDefaultSystem out
// {
overlays.default = final: prev: {
ansible-sshjail = final.callPackage ./package.nix { };
};
};
}

0
nix/configuration/roles/ansible/package/ansible-sshjail/package.nix → nix/configuration/flakes/ansible-sshjail/package.nix
View File

61
nix/configuration/flakes/starship-game/flake.lock generated Normal file
View File

@@ -0,0 +1,61 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735141468,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

34
nix/configuration/flakes/starship-game/flake.nix Normal file
View File

@@ -0,0 +1,34 @@
{
description = "A slightly better history for zsh";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
inputs.flake-utils.url = "github:numtide/flake-utils";
outputs =
{
self,
nixpkgs,
flake-utils,
...
}:
let
out =
system:
let
pkgs = nixpkgs.legacyPackages.${system};
# Maybe pkgs = import nixpkgs { inherit system; }; ?
appliedOverlay = self.overlays.default pkgs pkgs;
in
{
packages = rec {
default = starship-game;
starship-game = appliedOverlay.starship-game;
};
};
in
flake-utils.lib.eachDefaultSystem out
// {
overlays.default = final: prev: {
starship-game = final.callPackage ./package.nix { };
};
};
}

261
nix/configuration/flakes/starship-game/package.nix Normal file
View File

@@ -0,0 +1,261 @@
{
lib,
stdenv,
SDL2,
cmake,
copyDesktopItems,
fetchFromGitHub,
fetchpatch,
fetchurl,
imagemagick,
imgui,
libpng,
libpulseaudio,
libzip,
lsb-release,
makeDesktopItem,
makeWrapper,
ninja,
nlohmann_json,
pkg-config,
python3,
spdlog,
stormlib,
tinyxml-2,
writeTextFile,
zenity,
}:
let
# This would get fetched at build time otherwise, see:
# https://github.com/HarbourMasters/2ship2harkinian/blob/1.0.2/mm/CMakeLists.txt#L708
gamecontrollerdb = fetchurl {
name = "gamecontrollerdb.txt";
url = "https://raw.githubusercontent.com/gabomdq/SDL_GameControllerDB/b1759cf84028aab89caa1c395e198c340b8dfd89/gamecontrollerdb.txt";
hash = "sha256-7C5EkqBIhLGNJuhi3832y0ffW5Ep7iuTYXb1bL5h2Js=";
};
# 2ship needs a specific imgui version
imgui' = imgui.overrideAttrs rec {
version = "1.90.6";
src = fetchFromGitHub {
owner = "ocornut";
repo = "imgui";
rev = "v${version}-docking";
hash = "sha256-Y8lZb1cLJF48sbuxQ3vXq6GLru/WThR78pq7LlORIzc=";
};
};
libgfxd = fetchFromGitHub {
owner = "glankk";
repo = "libgfxd";
rev = "96fd3b849f38b3a7c7b7f3ff03c5921d328e6cdf";
hash = "sha256-dedZuV0BxU6goT+rPvrofYqTz9pTA/f6eQcsvpDWdvQ=";
};
yaml_cpp = fetchFromGitHub {
owner = "jbeder";
repo = "yaml-cpp";
rev = "f7320141120f720aecc4c32be25586e7da9eb978";
hash = "sha256-J87oS6Az1/vNdyXu3L7KmUGWzU0IAkGrGMUUha+xDXI=";
};
# spdlog = fetchFromGitHub {
# owner = "gabime";
# repo = "spdlog";
# rev = "7e635fca68d014934b4af8a1cf874f63989352b7";
# hash = "sha256-cxTaOuLXHRU8xMz9gluYz0a93O0ez2xOxbloyc1m1ns=";
# };
# stb_impl = writeTextFile {
# name = "stb_impl.c";
# text = ''
# #define STB_IMAGE_IMPLEMENTATION
# #include "stb_image.h"
# '';
# };
# stb' = fetchurl {
# name = "stb_image.h";
# url = "https://raw.githubusercontent.com/nothings/stb/0bc88af4de5fb022db643c2d8e549a0927749354/stb_image.h";
# hash = "sha256-xUsVponmofMsdeLsI6+kQuPg436JS3PBl00IZ5sg3Vw=";
# };
# Apply 2ship's patch for stormlib
stormlib' = stormlib.overrideAttrs (prev: rec {
version = "9.25";
src = fetchFromGitHub {
owner = "ladislav-zezula";
repo = "StormLib";
rev = "v${version}";
hash = "sha256-HTi2FKzKCbRaP13XERUmHkJgw8IfKaRJvsK3+YxFFdc=";
};
nativeBuildInputs = prev.nativeBuildInputs ++ [ pkg-config ];
patches = (prev.patches or [ ]) ++ [
(fetchpatch {
name = "stormlib-optimizations.patch";
url = "https://github.com/briaguya-ai/StormLib/commit/ff338b230544f8b2bb68d2fbe075175ed2fd758c.patch";
hash = "sha256-Jbnsu5E6PkBifcx/yULMVC//ab7tszYgktS09Azs5+4=";
})
];
});
thread_pool = fetchFromGitHub {
owner = "bshoshany";
repo = "thread-pool";
rev = "v4.1.0";
hash = "sha256-zhRFEmPYNFLqQCfvdAaG5VBNle9Qm8FepIIIrT9sh88=";
};
in
stdenv.mkDerivation (finalAttrs: {
pname = "starship-game";
version = "v1.0.0";
src = fetchFromGitHub {
owner = "HarbourMasters";
repo = "starship";
# rev = "5e5e49da93e066f51c3010ba38f09331d866f2db";
tag = finalAttrs.version;
hash = "sha256-kaLLlLuonqE2DJcRlWR4tCEBNjwIYFlzeDLcYsvMO7I=";
fetchSubmodules = true;
};
# patches = [
# # remove fetching stb as we will patch our own
# ./0001-deps.patch
# ];
nativeBuildInputs = [
cmake
copyDesktopItems
imagemagick
lsb-release
makeWrapper
ninja
pkg-config
python3
];
buildInputs = [
SDL2
imgui'
libpng
libpulseaudio
libzip
nlohmann_json
spdlog
stormlib'
tinyxml-2
zenity
];
cmakeFlags = [
(lib.cmakeBool "NON_PORTABLE" true)
(lib.cmakeFeature "CMAKE_INSTALL_PREFIX" "${placeholder "out"}/starship-game")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_IMGUI" "${imgui'.src}")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_LIBGFXD" "${libgfxd}")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_STORMLIB" "${stormlib'}")
(lib.cmakeFeature "FETCHCONTENT_SOURCE_DIR_THREADPOOL" "${thread_pool}")
];
dontAddPrefix = true;
# Linking fails without this
hardeningDisable = [ "format" ];
# Pie needs to be enabled or else it segfaults
hardeningEnable = [ "pie" ];
# preConfigure = ''
# # mirror 2ship's stb
# mkdir stb
# cp ${stb'} ./stb/${stb'.name}
# cp ${stb_impl} ./stb/${stb_impl.name}
# substituteInPlace libultraship/cmake/dependencies/common.cmake \
# --replace-fail "\''${STB_DIR}" "/build/source/stb"
# '';
# (cd tools/Torch && cmake -H. -Bbuild-cmake -GNinja \
# -DFETCHCONTENT_SOURCE_DIR_LIBGFXD=${libgfxd} \
# -DFETCHCONTENT_SOURCE_DIR_YAML-CPP=${finalAttrs.yaml_cpp_src} \
# -DFETCHCONTENT_SOURCE_DIR_SPDLOG=${finalAttrs.spdlog_src}
# )
configurePhase = ''
cmake -H. -Bbuild-cmake -GNinja \
-DFETCHCONTENT_SOURCE_DIR_IMGUI=${imgui'.src} \
-DFETCHCONTENT_SOURCE_DIR_STORMLIB=${stormlib'} \
-DFETCHCONTENT_SOURCE_DIR_THREADPOOL=${thread_pool}
(cd tools/Torch && cmake -H. -Bbuild-cmake -GNinja \
-DFETCHCONTENT_SOURCE_DIR_LIBGFXD=${libgfxd} \
-DFETCHCONTENT_SOURCE_DIR_YAML-CPP=${yaml_cpp} \
-DFETCHCONTENT_SOURCE_DIR_SPDLOG=${spdlog}
)
(cd libultraship && cmake -H. -Bbuild-cmake -GNinja \
-DFETCHCONTENT_SOURCE_DIR_LIBGFXD=${libgfxd} \
-DFETCHCONTENT_SOURCE_DIR_IMGUI=${imgui'.src} \
-DFETCHCONTENT_SOURCE_DIR_STORMLIB=${stormlib'} \
-DFETCHCONTENT_SOURCE_DIR_THREADPOOL=${thread_pool}
)
'';
buildPhase = ''
cmake --build build-cmake
'';
postBuild = ''
cp ${gamecontrollerdb} ${gamecontrollerdb.name}
pushd ../OTRExporter
python3 ./extract_assets.py -z ../build/ZAPD/ZAPD.out --norom --xml-root ../mm/assets/xml --custom-assets-path ../mm/assets/custom --custom-otr-file 2ship.o2r --port-ver ${finalAttrs.version}
popd
'';
preInstall = ''
# Cmake likes it here for its install paths
cp ../OTRExporter/2ship.o2r mm/
'';
postInstall = ''
mkdir -p $out/bin
ln -s $out/2s2h/2s2h.elf $out/bin/2s2h
install -Dm644 ../mm/linux/2s2hIcon.png $out/share/pixmaps/2s2h.png
'';
postFixup = ''
wrapProgram $out/2s2h/2s2h.elf --prefix PATH ":" ${lib.makeBinPath [ zenity ]}
'';
desktopItems = [
(makeDesktopItem {
name = "starship";
icon = "starship";
exec = "starship";
comment = finalAttrs.meta.description;
genericName = "Starship";
desktopName = "starship";
categories = [ "Game" ];
})
];
meta = {
homepage = "https://github.com/HarbourMasters/2ship2harkinian";
description = "A PC port of Majora's Mask with modern controls, widescreen, high-resolution, and more";
mainProgram = "starship";
platforms = [ "x86_64-linux" ];
maintainers = with lib.maintainers; [ ];
license = with lib.licenses; [
# # OTRExporter, OTRGui, ZAPDTR, libultraship
# mit
# # 2 Ship 2 Harkinian
# cc0
# # Reverse engineering
# unfree
];
};
})

61
nix/configuration/flakes/zsh-histdb/flake.lock generated Normal file
View File

@@ -0,0 +1,61 @@
{
"nodes": {
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1735141468,
"narHash": "sha256-VIAjBr1qGcEbmhLwQJD6TABppPMggzOvqFsqkDoMsAY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "4005c3ff7505313cbc21081776ad0ce5dfd7a3ce",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": "nixpkgs"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

34
nix/configuration/flakes/zsh-histdb/flake.nix Normal file
View File

@@ -0,0 +1,34 @@
{
description = "A slightly better history for zsh";
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11";
inputs.flake-utils.url = "github:numtide/flake-utils";
outputs =
{
self,
nixpkgs,
flake-utils,
...
}:
let
out =
system:
let
pkgs = nixpkgs.legacyPackages.${system};
# Maybe pkgs = import nixpkgs { inherit system; }; ?
appliedOverlay = self.overlays.default pkgs pkgs;
in
{
packages = rec {
default = zsh-histdb;
zsh-histdb = appliedOverlay.zsh-histdb;
};
};
in
flake-utils.lib.eachDefaultSystem out
// {
overlays.default = final: prev: {
zsh-histdb = final.callPackage ./package.nix { };
};
};
}

0
nix/configuration/roles/zsh/package/zsh-histdb/package.nix → nix/configuration/flakes/zsh-histdb/package.nix
View File

17
nix/configuration/hosts/hydra/DEPLOY_BOOT
View File

@@ -1,17 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=hydra
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#hydra'

17
nix/configuration/hosts/hydra/DEPLOY_SWITCH
View File

@@ -1,17 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=hydra
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#hydra" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#hydra'

10
nix/configuration/hosts/hydra/ISO
View File

@@ -1,10 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.hydra" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

13
nix/configuration/hosts/hydra/VM_ISO
View File

@@ -1,13 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#vm_iso.hydra" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
install -m 0644 result/iso/nixos-*-x86_64-linux.iso ~/hydra.iso
unlink ./result

67
nix/configuration/hosts/hydra/default.nix
View File

@@ -1,67 +0,0 @@
#
# Testing:
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \
# -accel kvm \
# -cpu host \
# -smp cores=8 \
# -m 32768 \
# -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" \
# -drive file=/tmp/localdisk.img,if=none,id=nvm,format=raw \
# -device nvme,serial=deadbeef,drive=nvm \
# -nic user,hostfwd=tcp::60022-:22 \
# -boot order=d \
# -cdrom "$(readlink -f /persist/machine_setup/nix/configuration/result/iso/nixos*.iso)" \
# -display vnc=127.0.0.1:0
#
{
config,
lib,
pkgs,
...
}:
{
imports = [
./disk-config.nix
./hardware-configuration.nix
./vm_disk.nix
];
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "fbd233d8";
networking.hostName = "hydra"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = false;
me.optimizations = {
enable = true;
arch = "znver4";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
me.emacs_flavor = "plainmacs";
me.graphical = false;
me.hydra.enable = false;
me.nix_worker.enable = true;
me.vm_disk.enable = true;
me.wireguard.activated = [ ];
me.wireguard.deactivated = [ ];
me.zsh.enable = true;
}

140
nix/configuration/hosts/hydra/disk-config.nix
View File

@@ -1,140 +0,0 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) {
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"umask=0077"
"noatime"
"discard"
];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
# mode = "mirror";
# Workaround: cannot import 'zroot': I/O error in disko tests
options.cachefile = "none";
options = {
ashift = "12";
compatibility = "openzfs-2.2-freebsd";
autotrim = "on";
};
rootFsOptions = {
acltype = "posixacl";
atime = "off";
relatime = "off";
xattr = "sa";
mountpoint = "none";
compression = "lz4";
canmount = "off";
utf8only = "on";
dnodesize = "auto";
normalization = "formD";
};
datasets = {
"linux/nix" = {
type = "zfs_fs";
options.mountpoint = "none";
};
"linux/nix/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
};
"linux/nix/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
options = {
recordsize = "1MiB";
compression = "lz4";
};
};
"linux/nix/home" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/home";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
};
"linux/nix/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
};
"linux/nix/state" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/state";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
};
};
};
};
};
# Make sure all persistent volumes are marked as neededForBoot
#
# Also mounts /home so it is mounted before the user home directories are created.
fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
fileSystems."/".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [
"noatime"
"norelatime"
];
fileSystems."/persist".options = [
"noatime"
"norelatime"
];
fileSystems."/state".options = [
"noatime"
"norelatime"
];
fileSystems."/home".options = [
"noatime"
"norelatime"
];
}

39
nix/configuration/hosts/hydra/hardware-configuration.nix
View File

@@ -1,39 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.dhcpcd.enable = lib.mkForce true;
networking.useDHCP = lib.mkForce true;
networking.interfaces.enp0s2.useDHCP = lib.mkForce true;
# systemd.network.enable = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

77
nix/configuration/hosts/hydra/vm_disk.nix
View File

@@ -1,77 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
vm_disk.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to mount the local disk for persistent storage.";
};
};
config = lib.mkIf config.me.vm_disk.enable (
lib.mkMerge [
{
# Mount the local disk
fileSystems = {
"/.disk" = lib.mkForce {
device = "/dev/nvme0n1p1";
fsType = "ext4";
options = [
"noatime"
"discard"
];
neededForBoot = true;
};
"/persist" = {
fsType = "none";
device = "/.disk/persist";
options = [
"bind"
"rw"
];
depends = [
"/.disk/persist"
];
};
"/state" = {
fsType = "none";
device = "/.disk/state";
options = [
"bind"
"rw"
];
depends = [
"/.disk/state"
];
};
"/nix/store" = lib.mkForce {
fsType = "overlay";
device = "overlay";
options = [
"lowerdir=/nix/.ro-store"
"upperdir=/.disk/persist/store"
"workdir=/.disk/state/work"
];
depends = [
"/nix/.ro-store"
"/.disk/persist/store"
"/.disk/state/work"
];
};
};
}
]
);
}

17
nix/configuration/hosts/ionlybootzfs/DEPLOY_BOOT
View File

@@ -1,17 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET="ionlybootzfs"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#ionlybootzfs'

17
nix/configuration/hosts/ionlybootzfs/DEPLOY_SWITCH
View File

@@ -1,17 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=ionlybootzfs
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#ionlybootzfs" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#ionlybootzfs'

10
nix/configuration/hosts/ionlybootzfs/ISO
View File

@@ -1,10 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.ionlybootzfs" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

63
nix/configuration/hosts/ionlybootzfs/default.nix
View File

@@ -1,63 +0,0 @@
#
# Testing:
# doas "$(nix-build '<nixpkgs>' --no-out-link -A 'qemu')/bin/qemu-system-x86_64" \
# -accel kvm \
# -cpu host \
# -smp cores=8 \
# -m 32768 \
# -drive "file=$(nix-build '<nixpkgs>' --no-out-link -A 'OVMF.fd')/FV/OVMF.fd,if=pflash,format=raw,readonly=on" \
# -drive file=/tmp/localdisk.img,if=none,id=nvm,format=raw \
# -device nvme,serial=deadbeef,drive=nvm \
# -nic user,hostfwd=tcp::60022-:22 \
# -boot order=d \
# -cdrom "$(readlink -f /persist/machine_setup/nix/configuration/result/iso/nixos*.iso)" \
# -display vnc=127.0.0.1:0
#
{
config,
lib,
pkgs,
...
}:
{
imports = [
./wrapped-disk-config.nix
./hardware-configuration.nix
];
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "fbd233d8";
networking.hostName = "ionlybootzfs"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = true;
me.optimizations = {
enable = false;
arch = "znver4";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
me.emacs_flavor = "plainmacs";
me.graphical = false;
me.wireguard.activated = [ ];
me.wireguard.deactivated = [ ];
me.zsh.enable = true;
}

142
nix/configuration/hosts/ionlybootzfs/disk-config.nix
View File

@@ -1,142 +0,0 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"umask=0077"
"noatime"
"discard"
];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
# mode = "mirror";
# Workaround: cannot import 'zroot': I/O error in disko tests
options.cachefile = "none";
options = {
ashift = "12";
compatibility = "openzfs-2.2-freebsd";
autotrim = "on";
};
rootFsOptions = {
acltype = "posixacl";
atime = "off";
relatime = "off";
xattr = "sa";
mountpoint = "none";
compression = "lz4";
canmount = "off";
utf8only = "on";
dnodesize = "auto";
normalization = "formD";
};
datasets = {
"linux/nix" = {
type = "zfs_fs";
options.mountpoint = "none";
options = {
encryption = "aes-256-gcm";
keyformat = "passphrase";
# keylocation = "file:///tmp/secret.key";
};
};
"linux/nix/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
};
"linux/nix/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
options = {
recordsize = "16MiB";
compression = "zstd-19";
};
};
"linux/nix/home" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/home";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
};
"linux/nix/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
};
"linux/nix/state" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/state";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
};
};
};
};
};
# Make sure all persistent volumes are marked as neededForBoot
#
# Also mounts /home so it is mounted before the user home directories are created.
fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
fileSystems."/".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [
"noatime"
"norelatime"
];
fileSystems."/persist".options = [
"noatime"
"norelatime"
];
fileSystems."/state".options = [
"noatime"
"norelatime"
];
fileSystems."/home".options = [
"noatime"
"norelatime"
];
# Only attempt to decrypt the main pool. Otherwise it attempts to decrypt pools that aren't even used.
boot.zfs.requestEncryptionCredentials = [ "zroot/linux/nix" ];
}

38
nix/configuration/hosts/ionlybootzfs/hardware-configuration.nix
View File

@@ -1,38 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.dhcpcd.enable = lib.mkForce true;
networking.useDHCP = lib.mkForce true;
# systemd.network.enable = true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

131
nix/configuration/hosts/ionlybootzfs/optimized_build.nix
View File

@@ -1,131 +0,0 @@
{
config,
lib,
pkgs,
pkgs-unoptimized,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{ }
(lib.mkIf (!config.me.optimizations.enable) {
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_14;
})
(lib.mkIf (config.me.optimizations.enable) {
nixpkgs.hostPlatform = {
gcc.arch = "znver4";
gcc.tune = "znver4";
system = "x86_64-linux";
};
nixpkgs.overlays = [
(
final: prev:
let
addConfig =
additionalConfig: pkg:
pkg.override (oldconfig: {
structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
});
in
{
linux_me = addConfig {
# Full preemption
PREEMPT = lib.mkOverride 60 lib.kernel.yes;
PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
# Google's BBRv3 TCP congestion Control
TCP_CONG_BBR = lib.kernel.yes;
DEFAULT_BBR = lib.kernel.yes;
# Preemptive Full Tickless Kernel at 300Hz
HZ = lib.kernel.freeform "300";
HZ_300 = lib.kernel.yes;
HZ_1000 = lib.kernel.no;
} prev.linux_6_14;
# gsl = prev.gsl.overrideAttrs (old: {
# # gsl tests fails when optimizations are enabled.
# # > FAIL: cholesky_invert unscaled hilbert ( 4, 4)[0,2]: 2.55795384873636067e-13 0
# # > (2.55795384873636067e-13 observed vs 0 expected) [28259614]
# doCheck = false;
# });
}
)
(final: prev: {
haskellPackages = prev.haskellPackages.extend (
final': prev': {
inherit (pkgs-unoptimized.haskellPackages)
crypton
crypton-connection
crypton-x509
crypton-x509-store
crypton-x509-system
crypton-x509-validation
hspec-wai
http-client-tls
http2
pandoc
pandoc-cli
pandoc-lua-engine
pandoc-server
servant-server
tls
wai-app-static
wai-extra
warp
;
}
);
})
(final: prev: {
inherit (pkgs-unoptimized)
gsl
redis
valkey
;
})
];
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_me;
})
(lib.mkIf (!config.me.buildingIso) {
nix.settings.system-features = lib.mkForce [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
# Keep ALL dependencies so we can rebuild offline. This DRASTICALLY increase disk usage, but disk space is cheap.
# system.includeBuildDependencies = true;
# This also should enable building offline? TODO: test.
nix.extraOptions = ''
keep-outputs = true
keep-derivations = true
'';
# # building ON
# nixpkgs.localSystem = { system = "aarch64-linux"; };
# # building FOR
# nixpkgs.crossSystem = { system = "aarch64-linux"; };
# nixpkgs.config = {
# replaceStdenv = ({ pkgs }: pkgs.clangStdenv);
# };
# or maybe an overlay
# stdenv = prev.clangStdenv;
})
(lib.mkIf (config.me.buildingIso) {
boot.supportedFilesystems.zfs = true;
})
];
}

8
nix/configuration/hosts/ionlybootzfs/wrapped-disk-config.nix
View File

@@ -1,8 +0,0 @@
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) (import ./disk-config.nix)

17
nix/configuration/hosts/neelix/DEPLOY_BOOT
View File

@@ -1,17 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=neelix
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#neelix'

17
nix/configuration/hosts/neelix/DEPLOY_SWITCH
View File

@@ -1,17 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=neelix
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#neelix" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#neelix'

19
nix/configuration/hosts/neelix/default.nix
View File

@@ -3,11 +3,12 @@
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./disk-config.nix ./disk-config.nix
./optimized_build.nix
./power_management.nix ./power_management.nix
]; ];
# Generate with `head -c4 /dev/urandom | od -A none -t x4` # Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "bca9d0a5"; networking.hostId = "fbd233d8";
networking.hostName = "neelix"; # Define your hostname. networking.hostName = "neelix"; # Define your hostname.
@@ -16,25 +17,11 @@
me.secureBoot.enable = false; me.secureBoot.enable = false;
me.optimizations = {
enable = false;
arch = "alderlake";
system_features = [
"gccarch-alderlake"
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Early KMS # Early KMS
boot.initrd.kernelModules = [ "i915" ]; boot.initrd.kernelModules = [ "i915" ];
# Mount tmpfs at /tmp # Mount tmpfs at /tmp
# boot.tmp.useTmpfs = true; boot.tmp.useTmpfs = true;
me.bluetooth.enable = true; me.bluetooth.enable = true;
me.emacs_flavor = "plainmacs"; me.emacs_flavor = "plainmacs";

11
nix/configuration/hosts/neelix/hardware-configuration.nix
View File

@@ -14,14 +14,7 @@
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" ];
"xhci_pci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
"sdhci_pci"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
@@ -30,7 +23,7 @@
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
# networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;

78
nix/configuration/hosts/neelix/optimized_build.nix Normal file
View File

@@ -0,0 +1,78 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{ }
(lib.mkIf (!config.me.buildingIso) {
nix.settings.system-features = lib.mkForce [
"gccarch-alderlake"
"gccarch-x86-64-v3"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
# nixpkgs.hostPlatform = {
# gcc.arch = "alderlake";
# gcc.tune = "alderlake";
# system = "x86_64-linux";
# };
nixpkgs.overlays = [
(
self: super:
let
optimizeWithFlags =
pkg: flags:
pkg.overrideAttrs (old: {
NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags;
});
addConfig =
additionalConfig: pkg:
pkg.override (oldconfig: {
structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
});
in
{
linux_alderlake =
addConfig
{
# Full preemption
PREEMPT = lib.mkOverride 60 lib.kernel.yes;
PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
# Google's BBRv3 TCP congestion Control
TCP_CONG_BBR = lib.kernel.yes;
DEFAULT_BBR = lib.kernel.yes;
# Preemptive Full Tickless Kernel at 300Hz
HZ = lib.kernel.freeform "300";
HZ_300 = lib.kernel.yes;
HZ_1000 = lib.kernel.no;
}
(
optimizeWithFlags super.linux_6_12 [
"-march=alderlake"
"-mtune=alderlake"
]
);
}
)
];
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_alderlake;
})
(lib.mkIf (config.me.buildingIso) {
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_12;
boot.supportedFilesystems = [ "zfs" ];
})
];
}

17
nix/configuration/hosts/odo/DEPLOY_BOOT
View File

@@ -1,17 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
# TARGET=10.216.1.15
# TARGET=192.168.211.250
TARGET=odo
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#odo'

17
nix/configuration/hosts/odo/DEPLOY_SWITCH
View File

@@ -1,17 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=odo
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#odo" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#odo'

10
nix/configuration/hosts/odo/ISO
View File

@@ -1,10 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.odo" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/odo/SELF_BOOT
View File

@@ -1,10 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/odo/SELF_BUILD
View File

@@ -1,10 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/odo/SELF_SWITCH
View File

@@ -1,10 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#odo" --log-format internal-json -v "${@}" |& nom --json

64
nix/configuration/hosts/odo/default.nix
View File

@@ -1,21 +1,14 @@
{ { config, pkgs, ... }:
config,
lib,
pkgs,
...
}:
{ {
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
./wrapped-disk-config.nix ./disk-config.nix
./distributed_build.nix ./optimized_build.nix
./power_management.nix ./power_management.nix
./screen_brightness.nix ./screen_brightness.nix
./wifi.nix ./wifi.nix
./framework_module.nix
]; ];
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4` # Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "908cbf04"; networking.hostId = "908cbf04";
@@ -26,22 +19,6 @@
me.secureBoot.enable = true; me.secureBoot.enable = true;
me.optimizations = {
enable = true;
arch = "znver4";
system_features = [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Early KMS # Early KMS
boot.initrd.kernelModules = [ "amdgpu" ]; boot.initrd.kernelModules = [ "amdgpu" ];
@@ -50,64 +27,35 @@
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
fw-ectool fw-ectool
framework-tool
]; ];
# Enable light sensor
# hardware.sensor.iio.enable = lib.mkDefault true;
# Enable TRIM
# services.fstrim.enable = lib.mkDefault true;
me.alacritty.enable = true; me.alacritty.enable = true;
me.amd_s2idle.enable = true;
me.ansible.enable = true; me.ansible.enable = true;
me.ares.enable = true; me.ares.enable = true;
me.bluetooth.enable = true; me.bluetooth.enable = true;
me.chromecast.enable = true; me.chromecast.enable = true;
me.chromium.enable = true; me.chromium.enable = true;
me.d2.enable = true; me.docker.enable = true;
me.direnv.enable = true;
me.docker.enable = false;
me.ecc.enable = false;
me.emacs_flavor = "full"; me.emacs_flavor = "full";
me.emulate_isa.enable = true;
me.firefox.enable = true; me.firefox.enable = true;
me.flux.enable = true;
me.gcloud.enable = true;
me.git.config = ../../roles/git/files/gitconfig_home; me.git.config = ../../roles/git/files/gitconfig_home;
me.gnuplot.enable = true;
me.gpg.enable = true; me.gpg.enable = true;
me.graphical = true; me.graphical = true;
me.graphics_card_type = "amd"; me.graphics_card_type = "amd";
me.iso_mount.enable = true; me.kanshi.enable = true;
me.kanshi.enable = false;
me.kubernetes.enable = true; me.kubernetes.enable = true;
me.latex.enable = true; me.latex.enable = true;
me.launch_keyboard.enable = true; me.launch_keyboard.enable = true;
me.lvfs.enable = true; me.lvfs.enable = true;
me.media.enable = true; me.media.enable = true;
me.nix_index.enable = true; me.nix_index.enable = true;
me.openpgp_card_tools.enable = true;
me.pcsx2.enable = true;
me.podman.enable = true;
me.python.enable = true; me.python.enable = true;
me.qemu.enable = true; me.qemu.enable = true;
me.rpcs3.enable = true;
me.rust.enable = true; me.rust.enable = true;
me.sequoia.enable = true;
me.shadps4.enable = true;
me.shikane.enable = true;
me.sops.enable = true;
me.sound.enable = true; me.sound.enable = true;
me.spaghettikart.enable = true;
me.steam.enable = true; me.steam.enable = true;
me.steam_run_free.enable = true;
me.sway.enable = true; me.sway.enable = true;
me.tekton.enable = true;
me.terraform.enable = true; me.terraform.enable = true;
me.thunderbolt.enable = true;
me.uutils.enable = false;
me.vnc_client.enable = true; me.vnc_client.enable = true;
me.vscode.enable = true; me.vscode.enable = true;
me.wasm.enable = true; me.wasm.enable = true;
@@ -118,12 +66,10 @@
"colo" "colo"
]; ];
me.wireguard.deactivated = [ "wgf" ]; me.wireguard.deactivated = [ "wgf" ];
me.yubikey.enable = true;
me.zrepl.enable = true; me.zrepl.enable = true;
me.zsh.enable = true; me.zsh.enable = true;
me.sm64ex.enable = true; me.sm64ex.enable = true;
me.shipwright.enable = true; me.shipwright.enable = true;
me.ship2harkinian.enable = true; me.ship2harkinian.enable = true;
};
} }

8
nix/configuration/hosts/odo/disk-config.nix
View File

@@ -1,8 +1,14 @@
# Manual Step: # Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1 # Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1 # Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{ {
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) {
disko.devices = { disko.devices = {
disk = { disk = {
main = { main = {

27
nix/configuration/hosts/odo/distributed_build.nix
View File

@@ -1,27 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{
me.distributed_build.enable = true;
me.distributed_build.machines.hydra = {
enable = true;
additional_config = {
speedFactor = 2;
};
};
me.distributed_build.machines.quark = {
enable = true;
additional_config = {
speedFactor = 2;
};
};
}
];
}

23
nix/configuration/hosts/odo/framework_module.nix
View File

@@ -1,23 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{
boot.extraModulePackages = with config.boot.kernelPackages; [
framework-laptop-kmod
];
# https://github.com/DHowett/framework-laptop-kmod?tab=readme-ov-file#usage
boot.kernelModules = [
"cros_ec"
"cros_ec_lpcs"
];
}
];
}

2
nix/configuration/hosts/odo/hardware-configuration.nix
View File

@@ -27,7 +27,7 @@
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
# networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true; # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;

81
nix/configuration/hosts/odo/optimized_build.nix Normal file
View File

@@ -0,0 +1,81 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{ }
(lib.mkIf (!config.me.buildingIso) {
nix.settings.system-features = lib.mkForce [
"gccarch-znver4"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
# nixpkgs.hostPlatform = {
# gcc.arch = "znver4";
# gcc.tune = "znver4";
# system = "x86_64-linux";
# };
nixpkgs.overlays = [
(
self: super:
let
optimizeWithFlags =
pkg: flags:
pkg.overrideAttrs (old: {
NIX_CFLAGS_COMPILE = [ (old.NIX_CFLAGS_COMPILE or "") ] ++ flags;
});
addConfig =
additionalConfig: pkg:
pkg.override (oldconfig: {
structuredExtraConfig = pkg.structuredExtraConfig // additionalConfig;
});
in
{
linux_znver4 =
addConfig
{
# Full preemption
PREEMPT = lib.mkOverride 60 lib.kernel.yes;
PREEMPT_VOLUNTARY = lib.mkOverride 60 lib.kernel.no;
# Google's BBRv3 TCP congestion Control
TCP_CONG_BBR = lib.kernel.yes;
DEFAULT_BBR = lib.kernel.yes;
# Preemptive Full Tickless Kernel at 300Hz
HZ = lib.kernel.freeform "300";
HZ_300 = lib.kernel.yes;
HZ_1000 = lib.kernel.no;
}
(
optimizeWithFlags super.linux_6_12 [
"-march=znver4"
"-mtune=znver4"
]
);
}
)
];
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_znver4;
})
(lib.mkIf (config.me.buildingIso) {
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_6_12;
boot.supportedFilesystems.zfs = true;
})
];
}

18
nix/configuration/hosts/odo/power_management.nix
View File

@@ -20,7 +20,7 @@
# amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds. # amd_pstate=guided :: Same as passive except we can set upper and lower frequency bounds.
# amdgpu.dcdebugmask=0x10 :: Allegedly disables Panel Replay from https://community.frame.work/t/tracking-freezing-arch-linux-amd/39495/32 # amdgpu.dcdebugmask=0x10 :: Allegedly disables Panel Replay from https://community.frame.work/t/tracking-freezing-arch-linux-amd/39495/32
boot.kernelParams = [ boot.kernelParams = [
"amdgpu.abmlevel=2" "amdgpu.abmlevel=3"
"pcie_aspm=force" "pcie_aspm=force"
# "pcie_aspm.policy=powersupersave" # "pcie_aspm.policy=powersupersave"
"nowatchdog" "nowatchdog"
@@ -47,22 +47,6 @@
"w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power" "w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power"
"w- /sys/devices/system/cpu/cpu0/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu1/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu2/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu3/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu4/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu5/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu6/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu7/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu8/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu9/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu10/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu11/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu12/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu13/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu14/cpufreq/boost - - - - 0"
"w- /sys/devices/system/cpu/cpu15/cpufreq/boost - - - - 0"
]; ];
boot.extraModprobeConfig = '' boot.extraModprobeConfig = ''

2
nix/configuration/hosts/odo/screen_brightness.nix
View File

@@ -9,6 +9,6 @@
imports = [ ]; imports = [ ];
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"w- /sys/class/backlight/amdgpu_bl1/brightness - - - - 21845" "w- /sys/class/backlight/amdgpu_bl1/brightness - - - - 85"
]; ];
} }

7
nix/configuration/hosts/odo/wifi.nix
View File

@@ -9,10 +9,9 @@
imports = [ ]; imports = [ ];
config = { config = {
# Doesn't seem necessary starting with 6.13 environment.loginShellInit = lib.mkIf (!config.me.buildingIso) ''
# environment.loginShellInit = lib.mkIf (!config.me.buildingIso) '' doas iw dev wlan0 set power_save off
# doas iw dev wlan0 set power_save off '';
# '';
# Enable debug logging for ath12k wifi card. # Enable debug logging for ath12k wifi card.
boot.kernelParams = [ boot.kernelParams = [

8
nix/configuration/hosts/odo/wrapped-disk-config.nix
View File

@@ -1,8 +0,0 @@
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) (import ./disk-config.nix)

17
nix/configuration/hosts/quark/DEPLOY_BOOT
View File

@@ -1,17 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.15
# TARGET=192.168.211.250
TARGET=quark
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild boot --flake /persist/manual/configuration#quark'

17
nix/configuration/hosts/quark/DEPLOY_SWITCH
View File

@@ -1,17 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
#TARGET=10.216.1.14
# TARGET=192.168.211.250
TARGET=quark
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --flake "$DIR/../../#quark" --target-host "$TARGET" --build-host "$TARGET" --fast --sudo --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json
# rsync -av --progress --delete --exclude=.git "$DIR/../../../configuration" "talexander@${TARGET}:/persist/manual/" && ssh talexander@${TARGET} 'cd /persist/manual/configuration && nix flake update zsh-histdb && nix flake update ansible-sshjail && doas nice -n 19 nixos-rebuild switch --flake /persist/manual/configuration#quark'

10
nix/configuration/hosts/quark/ISO
View File

@@ -1,10 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nix build --extra-experimental-features nix-command --extra-experimental-features flakes "$DIR/../..#iso.quark" --max-jobs "$JOBS" --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/quark/SELF_BOOT
View File

@@ -1,10 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild boot --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/quark/SELF_BUILD
View File

@@ -1,10 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild build --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json

10
nix/configuration/hosts/quark/SELF_SWITCH
View File

@@ -1,10 +0,0 @@
#!/usr/bin/env bash
#
set -euo pipefail
IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
: "${JOBS:="1"}"
for f in /persist/manual/manual_add_to_store/*; do nix-store --add-fixed sha256 "$f"; done
nixos-rebuild switch --show-trace --sudo --max-jobs "$JOBS" --flake "$DIR/../../#quark" --log-format internal-json -v "${@}" |& nom --json

123
nix/configuration/hosts/quark/default.nix
View File

@@ -1,123 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [
./disk-config.nix
./distributed_build.nix
./hardware-configuration.nix
./power_management.nix
];
config = {
# Generate with `head -c4 /dev/urandom | od -A none -t x4`
networking.hostId = "47ee7d7c";
networking.hostName = "quark"; # Define your hostname.
time.timeZone = "America/New_York";
i18n.defaultLocale = "en_US.UTF-8";
me.secureBoot.enable = true;
me.optimizations = {
enable = true;
arch = "znver4";
system_features = [
"gccarch-znver4"
"gccarch-znver5"
"gccarch-skylake"
# "gccarch-alderlake" missing WAITPKG
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"benchmark"
"big-parallel"
"kvm"
"nixos-test"
];
};
# Early KMS
boot.initrd.kernelModules = [ "amdgpu" ];
# Mount tmpfs at /tmp
boot.tmp.useTmpfs = true;
# Enable TRIM
# services.fstrim.enable = lib.mkDefault true;
# RPCS3 has difficulty with znver5
me.rpcs3.config.Core."Use LLVM CPU" = "znver4";
me.alacritty.enable = true;
me.amd_s2idle.enable = true;
me.ansible.enable = true;
me.ares.enable = true;
me.bluetooth.enable = true;
me.chromecast.enable = true;
me.chromium.enable = true;
me.d2.enable = true;
me.direnv.enable = true;
me.docker.enable = false;
me.ecc.enable = true;
me.emacs_flavor = "full";
me.emulate_isa.enable = true;
me.firefox.enable = true;
me.flux.enable = true;
me.gcloud.enable = true;
me.git.config = ../../roles/git/files/gitconfig_home;
me.gnuplot.enable = true;
me.gpg.enable = true;
me.graphical = true;
me.graphics_card_type = "amd";
me.iso_mount.enable = true;
me.kanshi.enable = false;
me.kubernetes.enable = true;
me.latex.enable = true;
me.launch_keyboard.enable = true;
me.lvfs.enable = true;
me.media.enable = true;
me.nix_index.enable = true;
me.nix_worker.enable = true;
me.openpgp_card_tools.enable = true;
me.pcsx2.enable = true;
me.podman.enable = true;
me.python.enable = true;
me.qemu.enable = true;
me.rpcs3.enable = true;
me.rust.enable = true;
me.sequoia.enable = true;
me.shadps4.enable = true;
me.shikane.enable = true;
me.sops.enable = true;
me.sound.enable = true;
me.spaghettikart.enable = true;
me.steam.enable = true;
me.steam_run_free.enable = true;
me.sway.enable = true;
me.tekton.enable = true;
me.terraform.enable = true;
me.thunderbolt.enable = true;
me.uutils.enable = false;
me.vnc_client.enable = true;
me.vscode.enable = true;
me.wasm.enable = true;
me.waybar.enable = true;
me.wireguard.activated = [
"drmario"
"wgh"
"colo"
];
me.wireguard.deactivated = [ "wgf" ];
me.yubikey.enable = true;
me.zrepl.enable = true;
me.zsh.enable = true;
me.sm64ex.enable = true;
me.shipwright.enable = true;
me.ship2harkinian.enable = true;
};
}

148
nix/configuration/hosts/quark/disk-config.nix
View File

@@ -1,148 +0,0 @@
# Manual Step:
# Check if drive supports 4kn: nvme id-ns -H /dev/nvme0n1
# Format the drive to 4kn: nvme format --lbaf=1 /dev/nvme0n1
{
config,
lib,
pkgs,
...
}:
lib.mkIf (!config.me.buildingIso) {
disko.devices = {
disk = {
main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"umask=0077"
"noatime"
"discard"
];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
};
zpool = {
zroot = {
type = "zpool";
# mode = "mirror";
# Workaround: cannot import 'zroot': I/O error in disko tests
options.cachefile = "none";
options = {
ashift = "12";
compatibility = "openzfs-2.2-freebsd";
autotrim = "on";
};
rootFsOptions = {
acltype = "posixacl";
atime = "off";
relatime = "off";
xattr = "sa";
mountpoint = "none";
compression = "lz4";
canmount = "off";
utf8only = "on";
dnodesize = "auto";
normalization = "formD";
};
datasets = {
"linux/nix" = {
type = "zfs_fs";
options.mountpoint = "none";
options = {
encryption = "aes-256-gcm";
keyformat = "passphrase";
# keylocation = "file:///tmp/secret.key";
};
};
"linux/nix/root" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/root@blank$' || zfs snapshot zroot/linux/nix/root@blank";
};
"linux/nix/nix" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/nix";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/nix@blank$' || zfs snapshot zroot/linux/nix/nix@blank";
options = {
recordsize = "16MiB";
compression = "zstd-19";
};
};
"linux/nix/home" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/home";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/home@blank$' || zfs snapshot zroot/linux/nix/home@blank";
};
"linux/nix/persist" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/persist";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/persist@blank$' || zfs snapshot zroot/linux/nix/persist@blank";
};
"linux/nix/state" = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/state";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot/linux/nix/state@blank$' || zfs snapshot zroot/linux/nix/state@blank";
};
};
};
};
};
# Make sure all persistent volumes are marked as neededForBoot
#
# Also mounts /home so it is mounted before the user home directories are created.
fileSystems."/persist".neededForBoot = true;
fileSystems."/state".neededForBoot = true;
fileSystems."/home".neededForBoot = true;
fileSystems."/".options = [
"noatime"
"norelatime"
];
fileSystems."/nix".options = [
"noatime"
"norelatime"
];
fileSystems."/persist".options = [
"noatime"
"norelatime"
];
fileSystems."/state".options = [
"noatime"
"norelatime"
];
fileSystems."/home".options = [
"noatime"
"norelatime"
];
# Only attempt to decrypt the main pool. Otherwise it attempts to decrypt pools that aren't even used.
boot.zfs.requestEncryptionCredentials = [ "zroot/linux/nix" ];
}

21
nix/configuration/hosts/quark/distributed_build.nix
View File

@@ -1,21 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
config = lib.mkMerge [
{
me.distributed_build.enable = true;
me.distributed_build.machines.hydra = {
enable = true;
additional_config = {
speedFactor = 2;
};
};
}
];
}

35
nix/configuration/hosts/quark/hardware-configuration.nix
View File

@@ -1,35 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
# networking.useDHCP = lib.mkDefault true;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp58s0.useDHCP = lib.mkDefault true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

48
nix/configuration/hosts/quark/power_management.nix
View File

@@ -1,48 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
environment.systemPackages = with pkgs; [
powertop
];
boot.kernelParams = [
# Enable undervolting GPU.
# "amdgpu.ppfeaturemask=0xfff7ffff"
];
systemd.tmpfiles.rules = [
# "w- /sys/devices/system/cpu/cpufreq/policy0/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy1/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy2/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy3/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy4/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy5/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy6/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy7/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy8/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy9/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy10/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy11/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy12/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy13/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy14/energy_performance_preference - - - - power"
# "w- /sys/devices/system/cpu/cpufreq/policy15/energy_performance_preference - - - - power"
];
# services.udev.packages = [
# (pkgs.writeTextFile {
# name = "amdgpu-low-power";
# text = ''
# ACTION=="add", SUBSYSTEM=="drm", DRIVERS=="amdgpu", ATTR{device/power_dpm_force_performance_level}="low"
# '';
# destination = "/etc/udev/rules.d/30-amdgpu-low-power.rules";
# })
# ];
}

6
nix/configuration/roles/alacritty/default.nix
View File

@@ -24,8 +24,10 @@
xdg-utils # for xdg-open xdg-utils # for xdg-open
]; ];
me.install.user.talexander.file = { home-manager.users.talexander =
".config/alacritty/alacritty.toml" = { { pkgs, ... }:
{
home.file.".config/alacritty/alacritty.toml" = {
source = ./files/alacritty.toml; source = ./files/alacritty.toml;
}; };
}; };

48
nix/configuration/roles/amd_s2idle/cysystemd.nix
View File

@@ -1,48 +0,0 @@
{
lib,
pkgs,
buildPythonPackage,
fetchFromGitHub,
pythonOlder,
cython,
pkg-config,
setuptools,
}:
let
version = "1.6.3";
in
buildPythonPackage {
pname = "cysystemd";
inherit version;
pyproject = true;
src = fetchFromGitHub {
owner = "mosquito";
repo = "cysystemd";
tag = version;
hash = "sha256-xumrQgoKfFeKdRQUIYXXiXEcNd76i4wo/EIDm8BN7oU=";
};
disabled = pythonOlder "3.6";
build-system = [
setuptools
cython
];
nativeBuildInputs = [
pkg-config
];
buildInputs = [ pkgs.systemd ];
pythonImportsCheck = [ "cysystemd" ];
meta = {
description = "systemd wrapper on Cython";
homepage = "https://github.com/mosquito/cysystemd";
license = lib.licenses.asl20;
platforms = lib.platforms.linux;
};
}

47
nix/configuration/roles/amd_s2idle/default.nix
View File

@@ -1,47 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
amd_s2idle.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install amd_s2idle.";
};
};
config = lib.mkIf config.me.amd_s2idle.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
amd-debug-tools
];
nixpkgs.overlays = [
(
final: prev:
let
innerPackage = (final.callPackage ./package.nix { });
in
{
amd-debug-tools = innerPackage;
}
)
(final: prev: {
pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
(python-final: python-prev: {
cysystemd = (python-final.callPackage ./cysystemd.nix { });
})
];
})
];
}
]
);
}

60
nix/configuration/roles/amd_s2idle/package.nix
View File

@@ -1,60 +0,0 @@
{
lib,
fetchgit,
python3Packages,
acpica-tools,
ethtool,
libdisplay-info,
}:
let
version = "0.2.8";
in
python3Packages.buildPythonApplication {
pname = "amd-debug-tools";
inherit version;
pyproject = true;
build-system = with python3Packages; [
pyudev
setuptools
setuptools-git
setuptools-git-versioning
];
dependencies = with python3Packages; [
acpica-tools
cysystemd
dbus-fast
ethtool
jinja2
libdisplay-info
matplotlib
pandas
pyudev
seaborn
tabulate
];
src = fetchgit {
url = "https://git.kernel.org/pub/scm/linux/kernel/git/superm1/amd-debug-tools.git";
tag = version;
hash = "sha256-EmXsW7Q5WMFL32LWr29W3GnGpw5aj53wlp9KbFV1r0Q=";
leaveDotGit = true;
};
disabled = python3Packages.pythonOlder "3.7";
postPatch = ''
substituteInPlace pyproject.toml \
--replace-fail ', "setuptools-git-versioning>=2.0,<3"' ""
'';
pythonImportsCheck = [ "amd_debug" ];
meta = {
description = "Debug tools for AMD zen systems";
homepage = "https://git.kernel.org/pub/scm/linux/kernel/git/superm1/amd-debug-tools.git/";
changelog = "https://git.kernel.org/pub/scm/linux/kernel/git/superm1/amd-debug-tools.git/tag/?h=${version}";
license = lib.licenses.mit;
platforms = lib.platforms.linux;
};
}

3
nix/configuration/roles/ansible/default.nix
View File

@@ -25,9 +25,6 @@
]; ];
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: prev: {
ansible-sshjail = (final.callPackage ./package/ansible-sshjail/package.nix { });
})
(final: prev: { (final: prev: {
ansible = pkgs.symlinkJoin { ansible = pkgs.symlinkJoin {
name = "ansible"; name = "ansible";

13
nix/configuration/roles/boot/default.nix
View File

@@ -75,14 +75,9 @@
# options root=PARTUUID=17e325bf-a378-4d1d-be6a-f6df5476f0fa # options root=PARTUUID=17e325bf-a378-4d1d-be6a-f6df5476f0fa
# ''; # '';
# }; # };
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
"/var/lib/sbctl" # Secure Boot Keys
];
};
}) })
(lib.mkIf (config.me.secureBoot.enable) { (lib.mkIf (config.me.secureBoot.enable) {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
sbctl sbctl
]; ];
@@ -91,6 +86,12 @@
enable = true; enable = true;
pkiBundle = "/var/lib/sbctl"; pkiBundle = "/var/lib/sbctl";
}; };
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
directories = [
"/var/lib/sbctl" # Secure Boot Keys
];
};
}) })
]; ];
} }

14
nix/configuration/roles/chromium/default.nix
View File

@@ -22,7 +22,7 @@
{ } { }
(lib.mkIf config.me.graphical { (lib.mkIf config.me.graphical {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
chromium (chromium.override { enableWideVine = true; })
]; ];
allowedUnfree = [ allowedUnfree = [
"chromium" "chromium"
@@ -57,18 +57,8 @@
}; };
}; };
nixpkgs.overlays = [
(final: prev: {
chromium = prev.chromium.override {
enableWideVine = true;
commandLineArgs = [
"--enable-features=VaapiVideoDecoder,VaapiIgnoreDriverChecks,Vulkan,DefaultANGLEVulkan,VulkanFromANGLE,AcceleratedVideoEncoder"
# Enabling vulkan causes video to render as white # Enabling vulkan causes video to render as white
# "--enable-features=Vulkan"; # nixpkgs.config.chromium.commandLineArgs = "--enable-features=Vulkan";
];
};
})
];
}) })
] ]
); );

29
nix/configuration/roles/d2/default.nix
View File

@@ -1,29 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
d2.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install d2.";
};
};
config = lib.mkIf config.me.d2.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
d2
];
}
]
);
}

55
nix/configuration/roles/direnv/default.nix
View File

@@ -1,55 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
direnv_zsh_hook = pkgs.writeTextFile {
name = "direnv_zsh_hook.zsh";
text = ''
eval "$(direnv hook zsh)"
'';
};
in
{
imports = [ ];
options.me = {
direnv.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install direnv.";
};
};
config = lib.mkIf config.me.direnv.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
direnv
nix-direnv
];
me.zsh.includes = [ direnv_zsh_hook ];
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
# List of allowed directories from `direnv allow`.
directory = ".local/share/direnv";
user = "talexander";
group = "talexander";
mode = "0755";
}
];
};
};
}
]
);
}

110
nix/configuration/roles/distributed_build/default.nix
View File

@@ -1,110 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
make_machine_config = name: {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to use the ${name} machine during distributed builds.";
};
additional_config = lib.mkOption {
type = lib.types.attrs;
default = { };
example = lib.literalExpression {
speedFactor = 2;
};
description = "Additional config values for the buildMachines entry. For example, speedFactor.";
};
};
in
{
imports = [ ];
options.me = {
distributed_build.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to use multiple machines to perform a nixos-rebuild.";
};
distributed_build.machines.hydra = make_machine_config "hydra";
distributed_build.machines.quark = make_machine_config "quark";
};
config = lib.mkIf config.me.distributed_build.enable (
lib.mkMerge [
{
nix.distributedBuilds = true;
}
(lib.mkIf config.me.distributed_build.machines.hydra.enable {
nix.buildMachines = [
(
{
hostName = "hydra";
sshUser = "nixworker";
# sshKey = "";
# publicHostKey = "";
systems = [
"x86_64-linux"
# "aarch64-linux"
];
maxJobs = 1;
supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
# "kvm"
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"gccarch-skylake"
"gccarch-znver4"
];
}
// config.me.distributed_build.machines.hydra.additional_config
)
];
})
(lib.mkIf config.me.distributed_build.machines.quark.enable {
nix.buildMachines = [
(
{
hostName = "quark";
sshUser = "nixworker";
sshKey = "/persist/manual/ssh/root/keys/id_ed25519";
# From: base64 -w0 /persist/ssh/ssh_host_ed25519_key.pub
publicHostKey = "c3NoLWVkMjU1MTkgQUFBQUMzTnphQzFsWkRJMU5URTVBQUFBSUx0alplYlVYTkRkU3Y1enVGbjM3eFNMZUN3S2hPKzFMdWovM2FYNFJRTEEgcm9vdEBxdWFyawo=";
systems = [
"x86_64-linux"
# "aarch64-linux"
];
maxJobs = 1;
supportedFeatures = [
"gccarch-armv6"
"gccarch-aarch64"
"gccarch-riscv64"
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
"gccarch-x86-64-v3"
"gccarch-x86-64-v4"
"gccarch-skylake"
"gccarch-znver4"
"gccarch-znver5"
];
}
// config.me.distributed_build.machines.quark.additional_config
)
];
})
]
);
}

34
nix/configuration/roles/docker/default.nix
View File

@@ -19,14 +19,6 @@
config = lib.mkIf config.me.docker.enable ( config = lib.mkIf config.me.docker.enable (
lib.mkMerge [ lib.mkMerge [
{
assertions = [
{
assertion = !config.me.podman.enable;
message = "docker conflicts with podman";
}
];
}
{ {
virtualisation.docker.enable = true; virtualisation.docker.enable = true;
# Use docker activation # Use docker activation
@@ -64,32 +56,6 @@
# }; # };
}; };
systemd.services.link-docker-creds = {
# Contains credentials so it cannot be added to the nix store
enable = true;
description = "link-docker-creds";
wantedBy = [ "multi-user.target" ];
wants = [ "multi-user.target" ];
after = [ "multi-user.target" ];
# path = with pkgs; [
# zfs
# ];
unitConfig.DefaultDependencies = "no";
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
};
script = ''
if [ -e /persist/manual/docker/config.json ]; then
install --directory --owner talexander --group talexander --mode 0700 /home/talexander/.docker
ln -s /persist/manual/docker/config.json /home/talexander/.docker/config.json
fi
'';
preStop = ''
rm -f /home/talexander/.docker/config.json
'';
};
# Needed for non-rootless docker # Needed for non-rootless docker
users.users.talexander.extraGroups = [ "docker" ]; users.users.talexander.extraGroups = [ "docker" ];
} }

28
nix/configuration/roles/ecc/default.nix
View File

@@ -1,28 +0,0 @@
# Check memory errors with: ras-mc-ctl --error-count
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
ecc.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install ecc.";
};
};
config = lib.mkIf config.me.ecc.enable (
lib.mkMerge [
{
hardware.rasdaemon.enable = true;
}
]
);
}

16
nix/configuration/roles/emacs/default.nix
View File

@@ -89,7 +89,7 @@ in
(lib.mkIf (config.me.graphical) { (lib.mkIf (config.me.graphical) {
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: prev: { (final: prev: {
my_emacs = final.emacs-pgtk; my_emacs = final.emacs29-pgtk;
}) })
]; ];
}) })
@@ -113,7 +113,7 @@ in
"doc" "doc"
"info" "info"
]; ];
nativeBuildInputs = [ final.makeWrapper ]; buildInputs = [ final.makeWrapper ];
postBuild = '' postBuild = ''
wrapProgram $out/bin/emacs --prefix PATH : ${ wrapProgram $out/bin/emacs --prefix PATH : ${
lib.makeBinPath [ lib.makeBinPath [
@@ -121,7 +121,6 @@ in
dicts: with dicts; [ dicts: with dicts; [
en en
en-computers en-computers
# en-science # TODO: Why is en-science non-free?
] ]
)) ))
final.nixd # nix language server final.nixd # nix language server
@@ -130,11 +129,6 @@ in
final.shellcheck final.shellcheck
final.cmake-language-server final.cmake-language-server
final.cmake # Used by cmake-language-server final.cmake # Used by cmake-language-server
final.rust-analyzer
final.prettier # Format yaml, json, and JS
final.terraform-ls
final.typescript-language-server
final.tex
] ]
} }
''; '';
@@ -142,8 +136,10 @@ in
}) })
]; ];
me.install.user.talexander.file = { home-manager.users.talexander =
".config/emacs" = { { pkgs, ... }:
{
home.file.".config/emacs" = {
source = ./files/emacs; source = ./files/emacs;
recursive = true; recursive = true;
}; };

25
nix/configuration/roles/emacs/files/emacs/elisp/base-extensions.el
View File

@@ -14,6 +14,17 @@
;; Other packages ;; Other packages
(use-package emacs
:config
(setq enable-recursive-minibuffers t)
;; Filter the M-x list base on the current mode
(setq read-extended-command-predicate #'command-completion-default-include-p)
;; Enable triggering completion with the tab key.
(setq tab-always-indent 'complete)
)
(use-package dashboard (use-package dashboard
:config :config
(dashboard-setup-startup-hook)) (dashboard-setup-startup-hook))
@@ -40,27 +51,17 @@
;; Persist history over Emacs restarts. Vertico sorts by history position. ;; Persist history over Emacs restarts. Vertico sorts by history position.
(use-package savehist (use-package savehist
;; This is an emacs built-in but we're pulling the latest version ;; This is an emacs built-in but we're pulling the latest version
:pin gnu
:config :config
(savehist-mode)) (savehist-mode))
(use-package which-key (use-package which-key
:pin gnu
:diminish :diminish
:config :config
(which-key-mode)) (which-key-mode))
(use-package windmove (use-package windmove
;; This is an emacs built-in but we're pulling the latest version :config
:pin gnu (windmove-default-keybindings))
:bind
(
("S-<up>" . windmove-up)
("S-<right>" . windmove-right)
("S-<down>" . windmove-down)
("S-<left>" . windmove-left)
)
)
(setq tramp-default-method "ssh") (setq tramp-default-method "ssh")

68
nix/configuration/roles/emacs/files/emacs/elisp/base.el
View File

@@ -7,12 +7,10 @@
(use-package auto-package-update (use-package auto-package-update
:ensure t :ensure t
:custom
(auto-package-update-interval 14)
(auto-package-update-delete-old-versions t)
:config :config
(auto-package-update-maybe) (setq auto-package-update-delete-old-versions t
) auto-package-update-interval 14)
(auto-package-update-maybe))
(defun assert-directory (p) (defun assert-directory (p)
(unless (file-exists-p p) (make-directory p t)) (unless (file-exists-p p) (make-directory p t))
@@ -26,51 +24,11 @@
(setq autoload-directory (concat user-emacs-directory (file-name-as-directory "elisp") (file-name-as-directory "autoload"))) (setq autoload-directory (concat user-emacs-directory (file-name-as-directory "elisp") (file-name-as-directory "autoload")))
(add-to-list 'load-path (assert-directory autoload-directory)) (add-to-list 'load-path (assert-directory autoload-directory))
(use-package emacs
:ensure nil
:bind
(("C-z" . nil)
("C-x C-z" . nil)
("RET" . newline-and-indent)
)
:custom
;; Replace highlighted text if you start typing.
(delete-selection-mode 1)
(history-length 300)
;; Enable auto-revert for buffers like dired
(global-auto-revert-non-file-buffers t)
;; If the underlying file changes, reload it automatically. This is useful for moving around in git without confusing language servers.
(auto-revert-avoid-polling t)
(auto-revert-interval 5)
(auto-revert-check-vc-info t)
(global-auto-revert-mode t)
;; Disable backup files and lockfiles
(create-lockfiles nil)
(make-backup-files nil)
(backup-inhibited t)
;; Do not auto-save files
(auto-save-default nil)
(pixel-scroll-precision-mode t)
(pixel-scroll-precision-use-momentum nil)
:config
(setq enable-recursive-minibuffers t)
;; Filter the M-x list base on the current mode
(setq read-extended-command-predicate #'command-completion-default-include-p)
;; Enable triggering completion with the tab key.
(setq tab-always-indent 'complete)
)
(setq-default (setq-default
;; Disable backup files and lockfiles
make-backup-files nil
auto-save-default nil
create-lockfiles nil
;; Unless otherwise specified, always install packages if they are absent. ;; Unless otherwise specified, always install packages if they are absent.
use-package-always-ensure t use-package-always-ensure t
;; Point custom-file at /dev/null so emacs does not write any settings to my dotfiles. ;; Point custom-file at /dev/null so emacs does not write any settings to my dotfiles.
@@ -105,13 +63,13 @@
show-trailing-whitespace t show-trailing-whitespace t
;; Remove the line when killing it with ctrl-k ;; Remove the line when killing it with ctrl-k
kill-whole-line t kill-whole-line t
;; Show the current project in the mode line
project-mode-line t
) )
;; (setq-default fringes-outside-margins t) ;; (setq-default fringes-outside-margins t)
;; Per-pixel scrolling instead of per-line
(pixel-scroll-precision-mode)
;; Typed text replaces selection ;; Typed text replaces selection
(delete-selection-mode) (delete-selection-mode)
@@ -119,6 +77,12 @@
;; Delete trailing whitespace before save ;; Delete trailing whitespace before save
(add-hook 'before-save-hook 'delete-trailing-whitespace) (add-hook 'before-save-hook 'delete-trailing-whitespace)
;; If the underlying file changes, reload it automatically. This is useful for moving around in git without confusing language servers.
(setopt auto-revert-avoid-polling t)
(setopt auto-revert-interval 5)
(setopt auto-revert-check-vc-info t)
(global-auto-revert-mode)
;;;;; Performance ;;;;; Performance
;; Run garbage collect when emacs is idle ;; Run garbage collect when emacs is idle
(run-with-idle-timer 5 t (lambda () (garbage-collect))) (run-with-idle-timer 5 t (lambda () (garbage-collect)))

16
nix/configuration/roles/emacs/files/emacs/elisp/lang-d2.el
View File

@@ -1,16 +0,0 @@
(defun d2-format-buffer ()
"Run prettier."
(interactive)
(run-command-on-buffer "d2" "fmt" "-")
)
(use-package d2-mode
:commands (d2-mode)
:hook (
(d2-mode . (lambda ()
;; (add-hook 'before-save-hook 'd2-format-buffer nil 'local)
))
)
)
(provide 'lang-d2)

10
nix/configuration/roles/emacs/files/emacs/elisp/lang-javascript.el
View File

@@ -1,12 +1,6 @@
(require 'common-lsp) (require 'common-lsp)
(require 'util-tree-sitter) (require 'util-tree-sitter)
(defun js-format-buffer ()
"Run prettier."
(interactive)
(run-command-on-buffer "prettier" "--stdin-filepath" buffer-file-name)
)
(use-package json-ts-mode (use-package json-ts-mode
:ensure nil :ensure nil
:pin manual :pin manual
@@ -119,14 +113,10 @@
("\\.js\\'" . js-ts-mode) ("\\.js\\'" . js-ts-mode)
) )
:commands (js-ts-mode) :commands (js-ts-mode)
:custom (
(js-indent-level 2)
)
:hook ( :hook (
(js-ts-mode . (lambda () (js-ts-mode . (lambda ()
(when-linux (when-linux
(eglot-ensure) (eglot-ensure)
(add-hook 'before-save-hook 'js-format-buffer nil 'local)
) )
)) ))
) )

17
nix/configuration/roles/emacs/files/emacs/elisp/lang-org.el
View File

@@ -1,23 +1,16 @@
(use-package org (use-package org
:ensure nil :ensure nil
:commands org-mode :commands org-mode
:bind (:map org-mode-map :bind (
("C-c l" . org-store-link) ("C-c l" . org-store-link)
("C-c a" . org-agenda) ("C-c a" . org-agenda)
("S-<up>" . org-shiftup) ("C--" . org-timestamp-down)
("S-<right>" . org-shiftright) ("C-=" . org-timestamp-up)
("S-<down>" . org-shiftdown)
("S-<left>" . org-shiftleft)
) )
:hook ( :hook (
(org-mode . (lambda () (org-mode . (lambda ()
(org-indent-mode +1) (org-indent-mode +1)
)) ))
;; Make windmove work in Org mode:
(org-shiftup-final . windmove-up)
(org-shiftleft-final . windmove-left)
(org-shiftdown-final . windmove-down)
(org-shiftright-final . windmove-right)
) )
:config :config
(require 'org-tempo) (require 'org-tempo)
@@ -87,8 +80,4 @@
(use-package gnuplot) (use-package gnuplot)
(use-package graphviz-dot-mode) (use-package graphviz-dot-mode)
(use-package htmlize
;; For syntax highlighting when exporting to HTML.
)
(provide 'lang-org) (provide 'lang-org)

6
nix/configuration/roles/emacs/files/emacs/elisp/lang-rust.el
View File

@@ -46,7 +46,7 @@
(when rust-analyzer-command (when rust-analyzer-command
;; (add-to-list 'eglot-server-programs `(rust-ts-mode . (,rust-analyzer-command))) ;; (add-to-list 'eglot-server-programs `(rust-ts-mode . (,rust-analyzer-command)))
(add-to-list 'eglot-server-programs `(rust-ts-mode . (,rust-analyzer-command :initializationOptions (:imports (:granularity (:enforce t :group "item") (add-to-list 'eglot-server-programs `(rust-ts-mode . (,rust-analyzer-command :initializationOptions (:imports (:granularity (:enforce t :group "item")
:merge (:glob :json-false) :merge (:glob nil)
:prefix "self") :prefix "self")
)))) ))))
) )
@@ -60,8 +60,8 @@
(unless (treesit-ready-p 'rust) (treesit-install-language-grammar 'rust)) (unless (treesit-ready-p 'rust) (treesit-install-language-grammar 'rust))
:config :config
;; Add keybindings for interacting with Cargo ;; Add keybindings for interacting with Cargo
;; (use-package cargo (use-package cargo
;; :hook (rust-ts-mode . cargo-minor-mode)) :hook (rust-ts-mode . cargo-minor-mode))
) )
(use-package toml-ts-mode (use-package toml-ts-mode

2
nix/configuration/roles/emacs/files/emacs/init.el
View File

@@ -40,6 +40,4 @@
(require 'lang-cmake) (require 'lang-cmake)
(require 'lang-d2)
(load-directory autoload-directory) (load-directory autoload-directory)

41
nix/configuration/roles/emulate_isa/default.nix
View File

@@ -1,41 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
emulate_isa.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to enable emulating other CPU architectures.";
};
};
config = lib.mkIf config.me.emulate_isa.enable (
lib.mkMerge [
{
boot.binfmt.emulatedSystems = [
"aarch64-linux" # Raspberry Pi gen 3
"riscv64-linux"
# TODO: Should "x86_64-linux" be in this list or should this list be dependent on the host CPU?
"armv6l-linux" # Raspberry Pi gen 1
];
me.optimizations = {
system_features = [
"gccarch-armv6"
"gccarch-aarch64"
"gccarch-riscv64"
];
};
}
]
);
}
# NOTE: build nixosConfigurations.<name>.config.system.build.sdImage

13
nix/configuration/roles/firefox/default.nix
View File

@@ -70,12 +70,9 @@
# Allow sending dark mode preference to websites. # Allow sending dark mode preference to websites.
# Allow sending timezone to websites. # Allow sending timezone to websites.
"privacy.fingerprintingProtection.overrides" = "privacy.fingerprintingProtection.overrides" =
"+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked,-CanvasImageExtractionPrompt"; "+AllTargets,-CSSPrefersColorScheme,-JSDateTimeUTC,-CanvasExtractionBeforeUserInputIsBlocked";
# Disable weather on new tab page # Disable weather on new tab page
"browser.newtabpage.activity-stream.showWeather" = false; "browser.newtabpage.activity-stream.showWeather" = false;
# Disable AI stuff that wastes battery life
"browser.ml.chat.enabled" = false;
"browser.ml.enabled" = false;
}; };
# Check about:policies#documentation and https://mozilla.github.io/policy-templates/ for options. # Check about:policies#documentation and https://mozilla.github.io/policy-templates/ for options.
policies = { policies = {
@@ -91,10 +88,10 @@
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi"; install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublock-origin/latest.xpi";
installation_mode = "force_installed"; installation_mode = "force_installed";
}; };
# "firefox@teleparty.com" = { "firefox@teleparty.com" = {
# install_url = "https://addons.mozilla.org/firefox/downloads/latest/netflix-party-is-now-teleparty/latest.xpi"; install_url = "https://addons.mozilla.org/firefox/downloads/latest/netflix-party-is-now-teleparty/latest.xpi";
# installation_mode = "normal_installed"; installation_mode = "normal_installed";
# }; };
"@ublacklist" = { "@ublacklist" = {
install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublacklist/latest.xpi"; install_url = "https://addons.mozilla.org/firefox/downloads/latest/ublacklist/latest.xpi";
installation_mode = "normal_installed"; installation_mode = "normal_installed";

29
nix/configuration/roles/flux/default.nix
View File

@@ -1,29 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
flux.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install flux.";
};
};
config = lib.mkIf config.me.flux.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
fluxcd
];
}
]
);
}

1
nix/configuration/roles/fonts/default.nix
View File

@@ -15,7 +15,6 @@
cascadia-code cascadia-code
source-sans-pro source-sans-pro
source-serif-pro source-serif-pro
noto-fonts
noto-fonts-cjk-sans noto-fonts-cjk-sans
noto-fonts-cjk-serif noto-fonts-cjk-serif
noto-fonts-color-emoji noto-fonts-color-emoji

18
nix/configuration/roles/fonts/files/fonts.conf
View File

@@ -47,17 +47,17 @@
</alias> </alias>
<!-- Screw it. Force Liberation Mono to be cascadia mono. --> <!-- Screw it. Force Liberation Mono to be source code pro. -->
<!-- <match target="pattern"> --> <match target="pattern">
<!-- <test qual="any" name="family"><string>Liberation Mono</string></test> --> <test qual="any" name="family"><string>Liberation Mono</string></test>
<!-- <edit name="family" mode="assign" binding="same"><string>Cascadia Mono</string></edit> --> <edit name="family" mode="assign" binding="same"><string>Cascadia Mono</string></edit>
<!-- </match> --> </match>
<!-- Dejavu Sans Mono keeps coming back when I query "monospace". Doesn't happen when I'm using Souce Code Pro but does happen with cascadia... force it to cascadia --> <!-- Dejavu Sans Mono keeps coming back when I query "monospace". Doesn't happen when I'm using Souce Code Pro but does happen with cascadia... force it to cascadia -->
<!-- <match target="pattern"> --> <match target="pattern">
<!-- <test qual="any" name="family"><string>monospace</string></test> --> <test qual="any" name="family"><string>monospace</string></test>
<!-- <edit name="family" mode="assign" binding="same"><string>Cascadia Mono</string></edit> --> <edit name="family" mode="assign" binding="same"><string>Cascadia Mono</string></edit>
<!-- </match> --> </match>
<!-- Disable ligatures in monospace fonts. --> <!-- Disable ligatures in monospace fonts. -->
<match target="font"> <match target="font">

43
nix/configuration/roles/gcloud/default.nix
View File

@@ -1,43 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
gcloud.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install gcloud.";
};
};
config = lib.mkIf config.me.gcloud.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
(google-cloud-sdk.withExtraComponents [ google-cloud-sdk.components.gke-gcloud-auth-plugin ])
];
environment.persistence."/state" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true;
users.talexander = {
directories = [
{
directory = ".config/gcloud";
user = "talexander";
group = "talexander";
mode = "0700";
}
];
};
};
}
]
);
}

102
nix/configuration/roles/git/default.nix
View File

@@ -5,18 +5,6 @@
... ...
}: }:
let
git_wrapped =
package: prog:
pkgs.writeShellScriptBin "${prog}" ''
export PATH="${
lib.makeBinPath [
pkgs.meld
]
}:$PATH"
exec ${package}/bin/${prog} "''${@}"
'';
in
{ {
imports = [ ]; imports = [ ];
@@ -32,48 +20,66 @@ in
config = lib.mkMerge [ config = lib.mkMerge [
{ {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
my_git git
]; ];
} }
(lib.mkIf (config.me.git.config != null) { (lib.mkIf (config.me.git.config != null) {
me.install.user.talexander.file = { home-manager.users.talexander =
".gitconfig" = { { pkgs, ... }:
{
home.file.".gitconfig" = {
source = config.me.git.config; source = config.me.git.config;
}; };
}; };
}) })
(lib.mkIf (config.me.graphical) { # (lib.mkIf (config.me.graphical) {
nixpkgs.overlays = [ # nixpkgs.overlays = [
(final: prev: { # (final: prev: {
my_git = ( # git = pkgs.buildEnv {
pkgs.buildEnv { # name = prev.git.name;
name = prev.git.name; # paths = [
version = prev.git.version; # prev.git
paths = # ];
(builtins.map (git_wrapped prev.git) [ # extraOutputsToInstall = [
"git" # "man"
]) # "doc"
++ [ # "info"
prev.git # ];
]; # buildInputs = [ final.makeWrapper ];
extraOutputsToInstall = [ # postBuild = ''
"man" # wrapProgram $out/bin/git --prefix PATH : ${
"doc" # lib.makeBinPath [
"info" # final.meld
]; # ]
nativeBuildInputs = [ final.makeWrapper ]; # }
ignoreCollisions = true; # '';
} # };
); # })
}) # ];
]; # })
}) # (lib.mkIf (!config.me.graphical) {
(lib.mkIf (!config.me.graphical) { # nixpkgs.overlays = [
nixpkgs.overlays = [ # (final: prev: {
(final: prev: { # git = pkgs.buildEnv {
my_git = prev.git; # name = prev.git.name;
}) # paths = [
]; # prev.git
}) # ];
# extraOutputsToInstall = [
# "man"
# "doc"
# "info"
# ];
# buildInputs = [ final.makeWrapper ];
# postBuild = ''
# wrapProgram $out/bin/git --prefix PATH : ${
# lib.makeBinPath [
# ]
# }
# '';
# };
# })
# ];
# })
]; ];
} }

33
nix/configuration/roles/git/files/gitconfig_home
View File

@@ -1,58 +1,35 @@
[user] [user]
email = tom@fizz.buzz email = tom@fizz.buzz
name = Tom Alexander name = Tom Alexander
signingkey = 36C99E8B3C39D85F signingkey = D3A179C9A53C0EDE
[push] [push]
default = simple # (default since 2.0) default = simple
[alias] [alias]
lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit lg = log --color --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr) %C(bold blue)<%an>%Creset' --abbrev-commit
bh = log --oneline --branches=* --remotes=* --graph --decorate bh = log --oneline --branches=* --remotes=* --graph --decorate
amend = commit --amend --no-edit amend = commit --amend --no-edit
authorcount = shortlog --summary --numbered --all --no-merges
[core] [core]
excludesfile = ~/.gitignore_global excludesfile = ~/.gitignore_global
[commit] [commit]
gpgsign = true gpgsign = true
verbose = true
[pull] [pull]
rebase = true rebase = true
[log] [log]
date = local date = local
[init] [init]
defaultBranch = main defaultBranch = main
# Use meld for `git difftool` and `git mergetool`
[diff] [diff]
tool = meld # Use meld for `git difftool` and `git mergetool` tool = meld
algorithm = histogram
colorMoved = plain
mnemonicPrefix = true
renames = true
[difftool] [difftool]
prompt = false prompt = false
[difftool "meld"] [difftool "meld"]
cmd = meld "$LOCAL" "$REMOTE" cmd = meld "$LOCAL" "$REMOTE"
[merge] [merge]
tool = meld tool = meld
conflictStyle = zdiff3
[mergetool "meld"] [mergetool "meld"]
# Make the middle pane start with partially-merged contents: # Make the middle pane start with partially-merged contents:
cmd = meld "$LOCAL" "$MERGED" "$REMOTE" --output "$MERGED" cmd = meld "$LOCAL" "$MERGED" "$REMOTE" --output "$MERGED"
# Make the middle pane start without any merge progress: # Make the middle pane start without any merge progress:
# cmd = meld "$LOCAL" "$BASE" "$REMOTE" --output "$MERGED" # cmd = meld "$LOCAL" "$BASE" "$REMOTE" --output "$MERGED"
[column]
ui = auto
[branch]
sort = -committerdate
[tag]
sort = version:refname
[fetch]
prune = true
pruneTags = true
all = true
[rebase]
autoSquash = true
autoStash = true
# updateRefs was annoying when you want to split a branch in two by rebasing away from commits from one branch and rebasing away some commits from another branch.
updateRefs = false
# Disabled because ephemeral pin storage is not yet ready in openpgp-card-state
# [gpg]
# program = oct-git

4
nix/configuration/roles/global_options/default.nix
View File

@@ -8,6 +8,10 @@
{ {
imports = [ ]; imports = [ ];
options.me = {
};
# options.me.graphics_card_type = lib.mkOption { # options.me.graphics_card_type = lib.mkOption {
# type = lib.types.nullOr ( # type = lib.types.nullOr (
# lib.types.enum [ # lib.types.enum [

29
nix/configuration/roles/gnuplot/default.nix
View File

@@ -1,29 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
gnuplot.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install gnuplot.";
};
};
config = lib.mkIf config.me.gnuplot.enable (
lib.mkMerge [
{
environment.systemPackages = with pkgs; [
gnuplot
];
}
]
);
}

69
nix/configuration/roles/gpg/default.nix
View File

@@ -29,7 +29,9 @@ in
lib.mkMerge [ lib.mkMerge [
{ {
# Fetch public keys: # Fetch public keys:
# gpg --locate-external-keys tom@fizz.buzz # gpg --locate-keys tom@fizz.buzz
#
# gpg -vvv --auto-key-locate local,wkd --locate-keys tom@fizz.buzz
hardware.gpgSmartcards.enable = true; hardware.gpgSmartcards.enable = true;
services.udev.packages = [ services.udev.packages = [
@@ -45,64 +47,35 @@ in
}) })
]; ];
services.pcscd.enable = true; services.pcscd.enable = true;
# services.gnome.gnome-keyring.enable = true;
me.install.user.talexander.file = { # services.dbus.packages = [ pkgs.gcr ];
".gnupg/scdaemon.conf" = {
# services.pcscd.plugins = lib.mkForce [ ];
# programs.gpg.scdaemonSettings = {
# disable-ccid = true;
# };
# .gnupg/scdaemon.conf
home-manager.users.talexander =
{ pkgs, ... }:
{
home.file.".gnupg/scdaemon.conf" = {
source = ./files/scdaemon.conf; source = ./files/scdaemon.conf;
}; };
}; };
# programs.gnupg.dirmngr.enable = true;
programs.gnupg.agent = { programs.gnupg.agent = {
enable = true; enable = true;
enableSSHSupport = true; enableSSHSupport = true;
pinentryPackage = pkgs.pinentry-qt; pinentryPackage = pkgs.pinentry-qt;
# Settings block populates /etc/gnupg/gpg-agent.conf
# settings = { # settings = {
# disable-ccid = true;
# }; # };
}; };
# Disabled because it breaks signing git commits because gpg wants to copy pubring.kbx. Unfortunately, this makes the install of scdaemon.conf do nothing since this mount of the full .gnupg directory goes over it.
#
# environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
# hideMounts = true;
# users.talexander = {
# files = [
# {
# file = ".gnupg/trustdb.gpg";
# parentDirectory = {
# mode = "u=rwx,g=,o=";
# };
# }
# {
# file = ".gnupg/pubring.kbx";
# parentDirectory = {
# mode = "u=rwx,g=,o=";
# };
# }
# {
# file = ".gnupg/tofu.db";
# parentDirectory = {
# mode = "u=rwx,g=,o=";
# };
# }
# ];
# directories = [
# {
# directory = ".gnupg/crls.d";
# user = "talexander";
# group = "talexander";
# mode = "0700";
# }
# {
# directory = ".gnupg/private-keys-v1.d";
# user = "talexander";
# group = "talexander";
# mode = "0700";
# }
# ];
# };
# };
environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) { environment.persistence."/persist" = lib.mkIf (!config.me.buildingIso) {
hideMounts = true; hideMounts = true;
users.talexander = { users.talexander = {
@@ -112,7 +85,7 @@ in
user = "talexander"; user = "talexander";
group = "talexander"; group = "talexander";
mode = "0700"; mode = "0700";
} } # Local keyring
]; ];
}; };
}; };
@@ -120,6 +93,8 @@ in
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
pcsclite pcsclite
pcsctools pcsctools
yubikey-personalization
yubikey-manager
glibcLocales glibcLocales
ccid ccid
libusb-compat-0_1 libusb-compat-0_1

3
nix/configuration/roles/gpg/files/gpg_test_wkd.bash
View File

@@ -6,6 +6,3 @@ IFS=$'\n\t'
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
gpg --no-default-keyring --keyring /tmp/gpg-$$ --auto-key-locate clear,wkd --locate-keys "${@}" gpg --no-default-keyring --keyring /tmp/gpg-$$ --auto-key-locate clear,wkd --locate-keys "${@}"
# To generate files for the WKD:
# gpg-wks-client --directory ./pgp/.well-known/openpgpkey --install-key <keyid> <email>

3
nix/configuration/roles/gpg/files/scdaemon.conf
View File

@@ -1,9 +1,6 @@
#reader-port Yubico Yubi #reader-port Yubico Yubi
disable-ccid disable-ccid
# This setting enables other backends like oct to access the pgp card simultaneously but it also means that gpg will ask for the pin for EVERY ssh session which is annoying in scripts.
#pcsc-shared
#log-file /home/talexander/scd.log #log-file /home/talexander/scd.log
#verbose #verbose
#debug cardio #debug cardio

20
nix/configuration/roles/graphics/default.nix
View File

@@ -37,26 +37,6 @@
xorg.xeyes # to test which windows are using x11 xorg.xeyes # to test which windows are using x11
]; ];
hardware.graphics.enable = true; hardware.graphics.enable = true;
# hardware.graphics.enable32Bit = true;
# Vulkan Support (64-bit is enabled by default, 32-bit is disabled by default)
# hardware.opengl.driSupport = true; # This is already enabled by default
# hardware.opengl.driSupport32Bit = true; # For 32 bit applications
})
(lib.mkIf (config.me.graphics_card_type == "amd") {
environment.systemPackages = with pkgs; [
nvtopPackages.amd
];
})
(lib.mkIf (config.me.graphics_card_type == "intel") {
environment.systemPackages = with pkgs; [
nvtopPackages.intel
];
})
(lib.mkIf (config.me.graphics_card_type == "nvidia") {
environment.systemPackages = with pkgs; [
nvtopPackages.nvidia
];
}) })
] ]
); );

49
nix/configuration/roles/hydra/default.nix
View File

@@ -1,49 +0,0 @@
{
config,
lib,
pkgs,
...
}:
{
imports = [ ];
options.me = {
hydra.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install hydra.";
};
};
config = lib.mkIf config.me.hydra.enable (
lib.mkMerge [
{
services.hydra = {
enable = true;
hydraURL = "http://localhost:3000"; # Externally visible URL
notificationSender = "hydra@localhost"; # "From" address for hydra emails.
# a standalone Hydra will require you to unset the buildMachinesFiles list to avoid using a nonexistant /etc/nix/machines
buildMachinesFiles = [ ];
useSubstitutes = true;
};
# nix.buildMachines = [
# {
# hostName = "localhost";
# protocol = null;
# system = "x86_64-linux";
# supportedFeatures = [
# "kvm"
# "nixos-test"
# "big-parallel"
# "benchmark"
# ];
# maxJobs = 8;
# }
# ];
}
]
);
}

45
nix/configuration/roles/iso_mount/default.nix
View File

@@ -1,45 +0,0 @@
{
config,
lib,
pkgs,
...
}:
let
iso_mount =
(pkgs.writeScriptBin "iso_mount" (builtins.readFile ./files/iso_mount.bash)).overrideAttrs
(old: {
buildCommand = "${old.buildCommand}\n patchShebangs $out";
});
iso_unmount =
(pkgs.writeScriptBin "iso_unmount" (builtins.readFile ./files/iso_unmount.bash)).overrideAttrs
(old: {
buildCommand = "${old.buildCommand}\n patchShebangs $out";
});
in
{
imports = [ ];
options.me = {
iso_mount.enable = lib.mkOption {
type = lib.types.bool;
default = false;
example = true;
description = "Whether we want to install iso_mount.";
};
};
config = lib.mkIf config.me.iso_mount.enable (
lib.mkMerge [
{
environment.systemPackages = [
iso_mount
iso_unmount
];
}
]
);
}

Some files were not shown because too many files have changed in this diff Show More