steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

WIP everything

Browse source
This commit is contained in:
steveej 2024-01-18 14:59:17 +00:00
parent 2a23c7fdbe
commit 26f0bde4b3
29 changed files with 1630 additions and 423 deletions
Download patch file Download diff file Expand all files Collapse all files

10
Justfile
View file

@ -1,5 +1,5 @@
_DEFAULT_VERSION_TMPL:
echo "{{invocation_directory()}}/nix/variables/versions.tmpl.nix"
# _DEFAULT_VERSION_TMPL:
# echo "{{invocation_directory()}}/nix/variables/versions.tmpl.nix"
_usage:
just -l
@ -53,7 +53,7 @@ update-remote-device devicename +rebuildargs='build':
git commit -v nix/os/devices/{{devicename}}/flake.{nix,lock} -m "nix/os/devices/{{devicename}}: bump versions"
# Re-render the versions of the current device and rebuild its environment
update-this-device rebuild-mode='switch':
update-this-device rebuild-mode='switch' +moreargs='':
#!/usr/bin/env bash
set -e
@ -63,7 +63,7 @@ update-this-device rebuild-mode='switch':
nix flake update
)
just -v rebuild-this-device {{rebuild-mode}}
just -v rebuild-this-device {{rebuild-mode}} {{moreargs}}
git commit -v nix/os/devices/$(hostname -s)/flake.{nix,lock} -m "nix/os/devices/$(hostname -s): bump versions"
@ -261,7 +261,7 @@ test-connection:
#! nix-shell -i zsh
#! nix-shell --pure
while true; do
while true; do
FAILURE="false"
output=$(
echo "$(date)\n---"

18
README.md
View file

@ -95,4 +95,20 @@ just --list
1. offline-bitwise copy of drive
2. disconnect remove the previous drive
3. replace the driveId in the device's hw.nix
4. run the `just disk-relabel nix/os/devices/<deviceName> <prevDiskId>` command to rename the filesystem and volume group
4. run the `just disk-relabel nix/os/devices/<deviceName> <prevDiskId>` command to rename the filesystem and volume group
## Rebuilding an offline system
```
(
sudo cryptsetup open /dev/sdb3 steveej-t14s-cryptroot
sleep 5
sudo mkdir -p /mnt/root
sudo mount /dev/mapper/nvme--WD_BLACK_SN850X_4000GB_2227DT443901-root /mnt/root -o subvol=nixos
sudo mount /dev/sdb2 /mnt/root/boot
sudo mount /dev/mapper/nvme--WD_BLACK_SN850X_4000GB_2227DT443901-root /mnt/root/home -o subvol=home
sudo nixos-install -v --flake .#steveej-t14 --root /mnt/root/ --no-root-password
)
```

376
flake.lock generated
View file

@ -3,11 +3,11 @@
"aphorme_launcher": {
"flake": false,
"locked": {
"lastModified": 1683977169,
"narHash": "sha256-juRiokIk5x+eGJm+QuCdFPUjEggDmscpy2Ip7pU9KI4=",
"lastModified": 1699523648,
"narHash": "sha256-OmeelrddWuPQL84W/1Fi3FczKfrR+XdosRfKofc2o6w=",
"owner": "Iaphetes",
"repo": "aphorme_launcher",
"rev": "211bc27de061b61e3119a7966cff09f4b8c3a1fe",
"rev": "3404dd1ac0c448d517efc0a20f554da0f1d5550c",
"type": "github"
},
"original": {
@ -42,19 +42,16 @@
},
"crane": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay"
]
},
"locked": {
"lastModified": 1691423162,
"narHash": "sha256-cReUZCo83YEEmFcHX8CcOVTZYUrcWgHQO34zxQzy7WI=",
"lastModified": 1703439018,
"narHash": "sha256-VT+06ft/x3eMZ1MJxWzQP3zXFGcrxGo5VR2rB7t88hs=",
"owner": "ipetkov",
"repo": "crane",
"rev": "b5d9d42ea3fa8fea1805d9af1416fe207d0dd1dc",
"rev": "afdcd41180e3dfe4dac46b5ee396e3b12ccc967a",
"type": "github"
},
"original": {
@ -71,11 +68,11 @@
]
},
"locked": {
"lastModified": 1687747614,
"narHash": "sha256-KXspKgtdO2YRL12Jv0sUgkwOwHrAFwdIG/90pDx8Ydg=",
"lastModified": 1701905325,
"narHash": "sha256-lda63LmEIlDMeCgWfjr3/wb487XPllBByfrGRieyEk4=",
"owner": "nix-community",
"repo": "disko",
"rev": "fef67a1ddc293b595d62a660f57deabbcb70ff95",
"rev": "1144887c6f4d2dcbb2316a24364ef53e25b0fcfe",
"type": "github"
},
"original": {
@ -93,11 +90,11 @@
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1691648495,
"narHash": "sha256-JULr+eKL9rjfex17hZYn0K/fBxxfK/FM9TOCcxPQay4=",
"lastModified": 1704176544,
"narHash": "sha256-A6PfA1DB6cF3cQerysGK8zIumGTrXucdHoFRU+8H7Lc=",
"owner": "nix-community",
"repo": "fenix",
"rev": "6c9f0709358f212766cff5ce79f6e8300ec1eb91",
"rev": "54df821cae7bd492a049ef213336810247128110",
"type": "github"
},
"original": {
@ -123,22 +120,6 @@
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"locked": {
"lastModified": 1688025799,
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
@ -158,11 +139,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1690933134,
"narHash": "sha256-ab989mN63fQZBFrkk4Q8bYxQCktuHmBIBqUG1jl6/FQ=",
"lastModified": 1704152458,
"narHash": "sha256-DS+dGw7SKygIWf9w4eNBUZsK+4Ug27NwEWmn2tnbycg=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "59cf3f1447cfc75087e7273b04b31e689a8599fb",
"rev": "88a2cd8166694ba0b6cb374700799cec53aef527",
"type": "github"
},
"original": {
@ -179,11 +160,11 @@
]
},
"locked": {
"lastModified": 1687762428,
"narHash": "sha256-DIf7mi45PKo+s8dOYF+UlXHzE0Wl/+k3tXUyAoAnoGE=",
"lastModified": 1701473968,
"narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "37dd7bb15791c86d55c5121740a1887ab55ee836",
"rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5",
"type": "github"
},
"original": {
@ -201,11 +182,11 @@
]
},
"locked": {
"lastModified": 1690933134,
"narHash": "sha256-ab989mN63fQZBFrkk4Q8bYxQCktuHmBIBqUG1jl6/FQ=",
"lastModified": 1701473968,
"narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "59cf3f1447cfc75087e7273b04b31e689a8599fb",
"rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5",
"type": "github"
},
"original": {
@ -234,11 +215,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1689068808,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
@ -248,24 +229,6 @@
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1689068808,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@ -282,11 +245,11 @@
},
"get-flake": {
"locked": {
"lastModified": 1673819588,
"narHash": "sha256-gRtwKAlu4htvS6dxyZnW3n+vMS1acqnMGVHqxUdETeY=",
"lastModified": 1694475786,
"narHash": "sha256-s5wDmPooMUNIAAsxxCMMh9g68AueGg63DYk2hVZJbc8=",
"owner": "ursi",
"repo": "get-flake",
"rev": "e0917b6f564aa5acefb1484b5baf76da21746c3c",
"rev": "ac54750e3b95dab6ec0726d77f440efe6045bec1",
"type": "github"
},
"original": {
@ -298,11 +261,11 @@
"jay": {
"flake": false,
"locked": {
"lastModified": 1689440887,
"narHash": "sha256-+61dHuxk3FCP+H2PCoup6lZDlaTuJBqDzkiBNY6yaJ4=",
"lastModified": 1698077919,
"narHash": "sha256-X4bMOBS2WFcbiOiynvSId1XoWgQW3wbO7/atJ9V7buk=",
"owner": "mahkoh",
"repo": "jay",
"rev": "eb83505e39ec8c2383ac233a8b8449803db52549",
"rev": "b4d73064d9c112c69ff16200231145ccffcb3e81",
"type": "github"
},
"original": {
@ -313,15 +276,15 @@
},
"lib-aggregate": {
"inputs": {
"flake-utils": "flake-utils_3",
"flake-utils": "flake-utils_2",
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": {
"lastModified": 1691323683,
"narHash": "sha256-G7kMLDbYN03VNO+QYymFIp0o9jv+gflUpde8V4iYri8=",
"lastModified": 1704024543,
"narHash": "sha256-hmKcKSuTqVK47l2G0PkLAinZN1oCOb6XdPPJhNCQ2rg=",
"owner": "nix-community",
"repo": "lib-aggregate",
"rev": "99d95d9ca592022832e9f1b4d2a8327b8d50eb60",
"rev": "4608880f02f8f868e1b7f85c60abdfc5cb0cf9ec",
"type": "github"
},
"original": {
@ -333,11 +296,11 @@
"magmawm": {
"flake": false,
"locked": {
"lastModified": 1687543996,
"narHash": "sha256-S8vRKXCHF7OHestoGNe6fqqxJIc8slhaOFjvGS3oflc=",
"lastModified": 1703542178,
"narHash": "sha256-HuCAz+B+cg7HoEEL67heaYRc8zmQCnPBR+DgmuiIZBk=",
"owner": "MagmaWM",
"repo": "MagmaWM",
"rev": "c16fa624b2c86328081a1647f483273e131df29d",
"rev": "24dc21f228efb034cd0237fb5ff9a8310f1929b7",
"type": "github"
},
"original": {
@ -349,15 +312,16 @@
"nix-eval-jobs": {
"inputs": {
"flake-parts": "flake-parts_3",
"nix-github-actions": "nix-github-actions",
"nixpkgs": "nixpkgs",
"treefmt-nix": "treefmt-nix_2"
},
"locked": {
"lastModified": 1691371197,
"narHash": "sha256-YazAJxDjmAG9kiIEuqc+1CmmYIIt4wRIbEFb+TXf8WA=",
"lastModified": 1703466376,
"narHash": "sha256-Wy8iF8u5KSzrTxg1hStTBmUjzzKdKyCyMOg8b/eTvVQ=",
"owner": "nix-community",
"repo": "nix-eval-jobs",
"rev": "b02b4e287fddc969fc490478b5666603f4ab0d3c",
"rev": "64104a3c55593c903af78af86a4c9d2e5487a2d7",
"type": "github"
},
"original": {
@ -366,19 +330,25 @@
"type": "github"
}
},
"nixos-2305": {
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"nixpkgs-wayland",
"nix-eval-jobs",
"nixpkgs"
]
},
"locked": {
"lastModified": 1687938137,
"narHash": "sha256-Z00c0Pk3aE1aw9x44lVcqHmvx+oX7dxCXCvKcUuE150=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ba2ded3227a2992f2040fad4ba6f218a701884a5",
"lastModified": 1701208414,
"narHash": "sha256-xrQ0FyhwTZK6BwKhahIkUVZhMNk21IEI1nUcWSONtpo=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "93e39cc1a087d65bcf7a132e75a650c44dd2b734",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "release-23.05",
"repo": "nixpkgs",
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
@ -386,19 +356,19 @@
"inputs": {
"disko": "disko",
"flake-parts": "flake-parts_2",
"nixos-2305": "nixos-2305",
"nixos-images": "nixos-images",
"nixos-stable": "nixos-stable",
"nixpkgs": [
"nixpkgs"
],
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1691224484,
"narHash": "sha256-0oodXqRRHXjUL7ssi1nIOKC8EzYD4f1e3eAaWexuF4M=",
"lastModified": 1704071157,
"narHash": "sha256-p8KFWE16nu8ltY17psLU4KTcxXTpjvc1fCzMVPel080=",
"owner": "numtide",
"repo": "nixos-anywhere",
"rev": "9df79870b04667f2d16f1a78a1ab87d124403fb7",
"rev": "d2911784c30a6c94d3a581bc99c94d3ce0deba0b",
"type": "github"
},
"original": {
@ -410,9 +380,9 @@
},
"nixos-images": {
"inputs": {
"nixos-2305": [
"nixos-2311": [
"nixos-anywhere",
"nixos-2305"
"nixos-stable"
],
"nixos-unstable": [
"nixos-anywhere",
@ -420,11 +390,11 @@
]
},
"locked": {
"lastModified": 1686819168,
"narHash": "sha256-IbRVStbKoMC2fUX6TxNO82KgpVfI8LL4Cq0bTgdYhnY=",
"lastModified": 1702375325,
"narHash": "sha256-kEdrh6IB7xh7YDwZ0ZVCngCs+uoS9gx4ydEoJRnM1Is=",
"owner": "nix-community",
"repo": "nixos-images",
"rev": "ccc1a2c08ce2fc38bcece85d2a6e7bf17bac9e37",
"rev": "d655cc02fcb9ecdcca4f3fb307e291a4b5be1339",
"type": "github"
},
"original": {
@ -433,18 +403,50 @@
"type": "github"
}
},
"nixpkgs": {
"nixos-stable": {
"locked": {
"lastModified": 1691370583,
"narHash": "sha256-LnKMx9NQ0Qx0DTYQVewkcRr+7uW5NY7xU9kjh+Lxnb0=",
"lastModified": 1702233072,
"narHash": "sha256-H5G2wgbim2Ku6G6w+NSaQaauv6B6DlPhY9fMvArKqRo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b51660a128c09baf31c614284b500eb53772496f",
"rev": "781e2a9797ecf0f146e81425c822dca69fe4a348",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixos-stable_2": {
"locked": {
"lastModified": 1703900474,
"narHash": "sha256-Zu+chYVYG2cQ4FCbhyo6rc5Lu0ktZCjRbSPE0fDgukI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9dd7699928e26c3c00d5d46811f1358524081062",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1703134684,
"narHash": "sha256-SQmng1EnBFLzS7WSRyPM9HgmZP2kLJcPAz+Ug/nug6o=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d6863cbcbbb80e71cecfc03356db1cda38919523",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
@ -467,11 +469,27 @@
},
"nixpkgs-2305": {
"locked": {
"lastModified": 1691592289,
"narHash": "sha256-Lqpw7lrXlLkYra33tp57ms8tZ0StWhbcl80vk4D90F8=",
"lastModified": 1704018918,
"narHash": "sha256-erjg/HrpC9liEfm7oLqb8GXCqsxaFwIIPqCsknW5aFY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9034b46dc4c7596a87ab837bb8a07ef2d887e8c7",
"rev": "2c9c58e98243930f8cb70387934daa4bc8b00373",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-2311": {
"locked": {
"lastModified": 1704018918,
"narHash": "sha256-erjg/HrpC9liEfm7oLqb8GXCqsxaFwIIPqCsknW5aFY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "2c9c58e98243930f8cb70387934daa4bc8b00373",
"type": "github"
},
"original": {
@ -484,11 +502,11 @@
"nixpkgs-lib": {
"locked": {
"dir": "lib",
"lastModified": 1690881714,
"narHash": "sha256-h/nXluEqdiQHs1oSgkOOWF+j8gcJMWhwnZ9PFabN6q0=",
"lastModified": 1703961334,
"narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9e1960bc196baf6881340d53dccb203a951745a2",
"rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9",
"type": "github"
},
"original": {
@ -501,11 +519,11 @@
},
"nixpkgs-lib_2": {
"locked": {
"lastModified": 1691282883,
"narHash": "sha256-YLu1Fs+J+hw0BebUhWIeFzSqhlsnf0K88RqhVJebF9E=",
"lastModified": 1703983607,
"narHash": "sha256-YECXW8P0bqFM5e65Mu2fL4wZlonNWCuNEk7UQPsuJZ0=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "b1d35b759161787e1cda815c460050142bda9adb",
"rev": "a6c99b57d2e58f7fc6d52a08b0ba40160e75f738",
"type": "github"
},
"original": {
@ -516,11 +534,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1690066826,
"narHash": "sha256-6L2qb+Zc0BFkh72OS9uuX637gniOjzU6qCDBpjB2LGY=",
"lastModified": 1703950681,
"narHash": "sha256-veU5bE4eLOmi7aOzhE7LfZXcSOONRMay0BKv01WHojo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ce45b591975d070044ca24e3003c830d26fea1c8",
"rev": "0aad9113182747452dbfc68b93c86e168811fa6c",
"type": "github"
},
"original": {
@ -532,11 +550,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1691565530,
"narHash": "sha256-qZZ6DxvS1X/tjxXNUwJrPiaIWLZyWUDM2gkJCi5uZpE=",
"lastModified": 1703961334,
"narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "e528fa15d5f740a25b5f536c33932db64cb10fc8",
"rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9",
"type": "github"
},
"original": {
@ -548,11 +566,11 @@
},
"nixpkgs-unstable-small": {
"locked": {
"lastModified": 1691644995,
"narHash": "sha256-/OL3sk+9iPv+pto8hs/3cPhGmcS+ugKowQ8FvopLMEA=",
"lastModified": 1704177376,
"narHash": "sha256-6AV8TWX/juwV8delRDtlbUzi1X8irrtCfrtcYByVhCs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "f6f59fdce76ca4ee03852417a642b77a960229cd",
"rev": "e2e36d8af3b7c465311f11913b7dedd209633c84",
"type": "github"
},
"original": {
@ -564,17 +582,17 @@
},
"nixpkgs-wayland": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_2",
"lib-aggregate": "lib-aggregate",
"nix-eval-jobs": "nix-eval-jobs",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1691518836,
"narHash": "sha256-sY9Unk1pCbMxMSX/SuoSUg8TY4TDN+edKY83cCEqb8g=",
"lastModified": 1704201485,
"narHash": "sha256-pFDUR45wmq1HehY3WlJOJydFkLOzKC2pWqvMykLj2Qk=",
"owner": "nix-community",
"repo": "nixpkgs-wayland",
"rev": "982c0c1ee398e8584d8c9cce011ec98392d2e3cc",
"rev": "b0c06873775fe978bd9384ab14c24903bde92e74",
"type": "github"
},
"original": {
@ -585,11 +603,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1691368598,
"narHash": "sha256-ia7li22keBBbj02tEdqjVeLtc7ZlSBuhUk+7XTUFr14=",
"lastModified": 1703961334,
"narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "5a8e9243812ba528000995b294292d3b5e120947",
"rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9",
"type": "github"
},
"original": {
@ -602,11 +620,11 @@
"ofi-pass": {
"flake": false,
"locked": {
"lastModified": 1687009458,
"narHash": "sha256-SgndtGEd3zDztqLJYSdun6IbOqgXsvw0Q8flicPHonY=",
"lastModified": 1691863924,
"narHash": "sha256-Vkm3QXjkLIu0RnM0w+upzAF9M7atKBPYqiV7f+eBKJY=",
"owner": "sereinity",
"repo": "ofi-pass",
"rev": "e99b15857438bbb6013f7f65513c13ea3f5ebdfa",
"rev": "b20bd3440686429b113821c51a68b799675d5bb0",
"type": "github"
},
"original": {
@ -615,6 +633,23 @@
"type": "github"
}
},
"prs": {
"flake": false,
"locked": {
"lastModified": 1692545676,
"narHash": "sha256-jA97WxXBgWtttXnTBxfb4lPEEFqRMflL1BYfDCYeVfo=",
"owner": "timvisee",
"repo": "prs",
"rev": "308e753f769e5ddcda14d13eeeb7b40c5887e0ca",
"type": "gitlab"
},
"original": {
"owner": "timvisee",
"ref": "master",
"repo": "prs",
"type": "gitlab"
}
},
"root": {
"inputs": {
"aphorme_launcher": "aphorme_launcher",
@ -631,14 +666,16 @@
"magmawm": "magmawm",
"nixos-anywhere": "nixos-anywhere",
"nixpkgs": [
"nixpkgs-2305"
"nixpkgs-2311"
],
"nixpkgs-2211": "nixpkgs-2211",
"nixpkgs-2305": "nixpkgs-2305",
"nixpkgs-2311": "nixpkgs-2311",
"nixpkgs-unstable": "nixpkgs-unstable",
"nixpkgs-unstable-small": "nixpkgs-unstable-small",
"nixpkgs-wayland": "nixpkgs-wayland",
"ofi-pass": "ofi-pass",
"prs": "prs",
"salut": "salut",
"sops-nix": "sops-nix",
"srvos": "srvos",
@ -648,11 +685,11 @@
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1691604464,
"narHash": "sha256-nNc/c9r1O8ajE/LkMhGcvJGlyR6ykenR3aRkEkhutxA=",
"lastModified": 1704114818,
"narHash": "sha256-/0gMZ32JaUTQ0THA/S9rcQSAmEKfL3hGorX5En8lG98=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "05b061205179dab9a5cd94ae66d1c0e9b8febe08",
"rev": "a8d935eedc80df8b453d90539cbe78b7e2c75e3c",
"type": "github"
},
"original": {
@ -662,31 +699,6 @@
"type": "github"
}
},
"rust-overlay": {
"inputs": {
"flake-utils": [
"crane",
"flake-utils"
],
"nixpkgs": [
"crane",
"nixpkgs"
]
},
"locked": {
"lastModified": 1691029059,
"narHash": "sha256-QwVeE9YTgH3LmL7yw2V/hgswL6yorIvYSp4YGI8lZYM=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "99df4908445be37ddb2d332580365fce512a7dcf",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"salut": {
"flake": false,
"locked": {
@ -711,11 +723,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1690199016,
"narHash": "sha256-yTLL72q6aqGmzHq+C3rDp3rIjno7EJZkFLof6Ika7cE=",
"lastModified": 1703991717,
"narHash": "sha256-XfBg2dmDJXPQEB8EdNBnzybvnhswaiAkUeeDj7fa/hQ=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "c36df4fe4bf4bb87759b1891cab21e7a05219500",
"rev": "cfdbaf68d00bc2f9e071f17ae77be4b27ff72fa6",
"type": "github"
},
"original": {
@ -726,16 +738,17 @@
},
"srvos": {
"inputs": {
"nixos-stable": "nixos-stable_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1691630941,
"narHash": "sha256-4+KVSa32impg0aBqXVEEty8uu3Urb64CjmseDkETofg=",
"lastModified": 1704204620,
"narHash": "sha256-u7C59X3s706W9ptqfYHLlZlropun5Fzr9eYaKAsEuN8=",
"owner": "numtide",
"repo": "srvos",
"rev": "b7407c2dc143402de6f140575398020175f3ae1a",
"rev": "e5eecdf21bdf048cef7cb9e52bf573fdf959d491",
"type": "github"
},
"original": {
@ -775,21 +788,6 @@
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
@ -798,11 +796,11 @@
]
},
"locked": {
"lastModified": 1687940979,
"narHash": "sha256-D4ZFkgIG2s9Fyi78T3fVG9mqMD+/UnFDB62jS4gjZKY=",
"lastModified": 1702376629,
"narHash": "sha256-9uAY8a7JN4DvLe/g4OoldqPbcNZ09YOVXID+CkIqL70=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "0a4f06c27610a99080b69433873885df82003aae",
"rev": "390018a9398f9763bfc05ffe6443ce0622cb9ba6",
"type": "github"
},
"original": {
@ -820,11 +818,11 @@
]
},
"locked": {
"lastModified": 1690874496,
"narHash": "sha256-qYZJVAfilFbUL6U+euMjKLXUADueMNQBqwihpNzTbDU=",
"lastModified": 1702979157,
"narHash": "sha256-RnFBbLbpqtn4AoJGXKevQMCGhra4h6G2MPcuTSZZQ+g=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "fab56c8ce88f593300cd8c7351c9f97d10c333c5",
"rev": "2961375283668d867e64129c22af532de8e77734",
"type": "github"
},
"original": {
@ -835,17 +833,17 @@
},
"yofi": {
"inputs": {
"flake-utils": "flake-utils_4",
"flake-utils": "flake-utils_3",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1678976029,
"narHash": "sha256-AZ2+FQtVwUFgv4kiZqMKmiXS2qygMktDE185O19BXiM=",
"lastModified": 1702939607,
"narHash": "sha256-nPIt1JIQ3g6lBE7+qI8gV1cmJ+uA55aAzho2dGOIFik=",
"owner": "l4l",
"repo": "yofi",
"rev": "811a4358913aed527348f9584d6c0767983299bb",
"rev": "c0ca3365a702e7a2852a801ca357df5eb87d0cf9",
"type": "github"
},
"original": {

348
flake.nix
View file

@ -4,9 +4,10 @@
# flake and infra basics
nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11";
nixpkgs-2305.url = "github:nixos/nixpkgs/nixos-23.05";
nixpkgs-2311.url = "github:nixos/nixpkgs/nixos-23.05";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
nixpkgs.follows = "nixpkgs-2305";
nixpkgs.follows = "nixpkgs-2311";
flake-parts.url = "github:hercules-ci/flake-parts";
get-flake.url = "github:ursi/get-flake";
@ -67,162 +68,219 @@
url = "gitlab:snakedye/salut";
flake = false;
};
prs = {
url = "gitlab:timvisee/prs/master";
flake = false;
};
};
outputs = inputs @ {
self,
flake-parts,
nixpkgs,
...
}: let
inherit (nixpkgs) lib;
outputs =
inputs @ { self
, flake-parts
, nixpkgs
, ...
}:
let
inherit (nixpkgs) lib;
systems = [
"x86_64-linux"
"aarch64-linux"
];
in
flake-parts.lib.mkFlake {inherit inputs;}
({withSystem, ...}: {
flake.colmena =
lib.lists.foldl (sum: cur: lib.attrsets.recursiveUpdate sum cur)
{
meta.nixpkgs = import inputs.nixpkgs.outPath {
system = builtins.elemAt systems 0;
};
}
# FIXME: this doesn't seem to work to apply overlays into a node's nixpkgs import
# try this instead: https://github.com/zhaofengli/colmena/issues/60#issuecomment-1510496861
(builtins.map (nodeName:
import ./nix/os/devices/${nodeName} {
inherit nodeName;
repoFlake = self;
repoFlakeWithSystem = withSystem;
nodeFlake = self.inputs.get-flake ./nix/os/devices/${nodeName};
}) [
"steveej-t14"
"elias-e525"
"justyna-p300"
systems = [
"x86_64-linux"
"aarch64-linux"
];
in
flake-parts.lib.mkFlake { inherit inputs; }
({ withSystem, ... }: {
flake.colmena =
lib.lists.foldl (sum: cur: lib.attrsets.recursiveUpdate sum cur)
{
meta.nixpkgs = import inputs.nixpkgs.outPath {
system = builtins.elemAt systems 0;
};
}
# FIXME: this doesn't seem to work to apply overlays into a node's nixpkgs import
# try this instead: https://github.com/zhaofengli/colmena/issues/60#issuecomment-1510496861
(builtins.map
(nodeName:
import ./nix/os/devices/${nodeName} {
inherit nodeName;
repoFlake = self;
repoFlakeWithSystem = withSystem;
nodeFlake = self.inputs.get-flake ./nix/os/devices/${nodeName};
}) [
"steveej-t14"
# "elias-e525"
# "justyna-p300"
"srv0-dmz0"
"router0-dmz0"
# "srv0-dmz0"
# # "router0-dmz0"
"sj-vps-htz0"
"sj-bm-hostkey0"
]);
# "sj-vps-htz0"
"sj-bm-hostkey0"
# this makes nixos-anywhere work
flake.nixosConfigurations =
(inputs.colmena.lib.makeHive self.outputs.colmena).nodes
// (let
router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations;
in {
router0-dmz0 = router0-dmz0.native;
# "retro"
]);
# for now deploy directly with:
# nixos-rebuild switch --flake .\#cross_router0-dmz0 --build-host localhost --target-host root@192.168.10.1
cross_router0-dmz0 = router0-dmz0.cross;
});
# this makes nixos-anywhere work
flake.nixosConfigurations =
(inputs.colmena.lib.makeHive self.outputs.colmena).nodes
// (
let
router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations;
steveej-x13s = (inputs.get-flake ./nix/os/devices/steveej-x13s).nixosConfigurations;
retro = (inputs.get-flake ./nix/os/devices/retro).nixosConfigurations;
in
{
router0-dmz0 = router0-dmz0.native;
inherit systems;
# for now deploy directly with:
# nixos-rebuild switch --flake .\#router0-dmz0_cross --build-host localhost --target-host root@192.168.10.1
router0-dmz0_cross = router0-dmz0.cross;
perSystem = {
inputs',
system,
config,
lib,
pkgs,
...
}: rec {
imports = [
./nix/modules/flake-parts/perSystem/default.nix
];
# nixos-install --flake .\#retro_cross
retro_cross = retro.cross;
packages = let
dcpj4110dw = pkgs.callPackage (self + /nix/pkgs/dcpj4110dw) {};
steveej-x13s_cross = steveej-x13s.cross;
}
);
craneLib =
inputs.crane.lib.${system}.overrideToolchain
inputs'.fenix.packages.stable.toolchain;
inherit systems;
craneLibOfiPass =
inputs.crane.lib.${system}.overrideToolchain
(
inputs'.fenix.packages.stable.toolchain
# .override {
# date = "1.60.0";
# }
);
in {
dcpj4110dwDriver = dcpj4110dw.driver;
dcpj4110dwCupswrapper = dcpj4110dw.cupswrapper;
# broken as of 2023-04-27 because it doesn't load without a config
# aphorme_launcher = craneLib.buildPackage {src = inputs.aphorme_launcher;};
# yofi = inputs'.yofi.packages.default;
# ofi-pass = craneLibOfiPass.buildPackage {src = inputs.ofi-pass;};
inherit (inputs'.colmena.packages) colmena;
# jay = pkgs.callPackage (self + /nix/pkgs/jay.nix) {
# src = inputs.jay;
# rustPlatform = pkgs.makeRustPlatform {
# cargo = inputs'.fenix.packages.stable.toolchain;
# rustc = inputs'.fenix.packages.stable.toolchain;
# };
# };
# magmawm = pkgs.callPackage (self + /nix/pkgs/magmawm.nix) {
# inherit craneLib;
# src = inputs.magmawm;
# };
salut = craneLib.buildPackage {
src = inputs.salut;
nativeBuildInputs = [
pkgs.pkg-config
];
buildInputs = [
pkgs.libxkbcommon
pkgs.fontconfig
perSystem =
{ inputs'
, system
, config
, lib
, pkgs
, ...
}: rec {
imports = [
./nix/modules/flake-parts/perSystem/default.nix
];
packages =
let
dcpj4110dw = pkgs.callPackage (self + /nix/pkgs/dcpj4110dw) { };
craneLib =
inputs.crane.lib.${system}.overrideToolchain
inputs'.fenix.packages.stable.toolchain;
craneLibOfiPass =
inputs.crane.lib.${system}.overrideToolchain
(
inputs'.fenix.packages.stable.toolchain
# .override {
# date = "1.60.0";
# }
);
in
{
dcpj4110dwDriver = dcpj4110dw.driver;
dcpj4110dwCupswrapper = dcpj4110dw.cupswrapper;
# broken as of 2023-04-27 because it doesn't load without a config
# aphorme_launcher = craneLib.buildPackage {src = inputs.aphorme_launcher;};
# yofi = inputs'.yofi.packages.default;
# ofi-pass = craneLibOfiPass.buildPackage {src = inputs.ofi-pass;};
inherit (inputs'.colmena.packages) colmena;
# jay = pkgs.callPackage (self + /nix/pkgs/jay.nix) {
# src = inputs.jay;
# rustPlatform = pkgs.makeRustPlatform {
# cargo = inputs'.fenix.packages.stable.toolchain;
# rustc = inputs'.fenix.packages.stable.toolchain;
# };
# };
# magmawm = pkgs.callPackage (self + /nix/pkgs/magmawm.nix) {
# inherit craneLib;
# src = inputs.magmawm;
# };
salut = craneLib.buildPackage {
src = inputs.salut;
nativeBuildInputs = [
pkgs.pkg-config
];
buildInputs = [
pkgs.libxkbcommon
pkgs.fontconfig
];
};
prs = pkgs.callPackage
({ pkgs
, dbus
, glib
, gpgme
, gtk3
, libxcb
, libxkbcommon
, installShellFiles
, pkg-config
, python3
}: craneLib.buildPackage {
pname = "prs";
version = inputs.prs.shortRev;
src = inputs.prs;
nativeBuildInputs = [ gpgme installShellFiles pkg-config python3 ];
buildInputs = [
dbus
glib
gpgme
gtk3
libxcb
libxkbcommon
];
cargoExtraArgs = "--features backend-gpgme";
postInstall = ''
for shell in bash fish zsh; do
installShellCompletion --cmd prs --$shell <($out/bin/prs internal completions $shell --stdout)
done
'';
})
{ };
nomad = inputs'.nixpkgs-unstable.legacyPackages.nomad_1_6;
ledger-live-desktop-wrapped = pkgs.writeShellScriptBin "ledger-live-desktop-wrapped" ''
set -x
pkill -9 wayland-proxy-v
export NIXOS_OZONE_WL=""
${pkgs.wayland-proxy-virtwl}/bin/wayland-proxy-virtwl \
--wayland-display=wayland-3 \
--xwayland-binary=${pkgs.xwayland}/bin/Xwayland \
--x-display=3 \
&
# --x-unscale=3 \
#--verbose \
export PROXYPID="$!"
trap "kill -9 \$PROXYPID" EXIT
# trap "pkill -9 wayland-proxy-v" EXIT
env \
WAYLAND_DISPLAY=wayland-3 \
DISPLAY=:3 \
ledger-live-desktop
'';
syncthing-container-webui = pkgs.writeShellScriptBin "reverse-port-forward-syncthing-container" ''
ssh root@${self.colmena.sj-vps-htz0.deployment.targetHost} -L 8385:syncthing.containers:8384
'';
};
formatter = pkgs.alejandra;
devShells.default = import ./nix/devShells.nix {
inherit inputs' pkgs;
packages' = packages;
};
};
nomad = inputs'.nixpkgs-unstable.legacyPackages.nomad_1_6;
ledger-live-desktop-wrapped = pkgs.writeShellScriptBin "ledger-live-desktop-wrapped" ''
set -x
pkill -9 wayland-proxy-v
export NIXOS_OZONE_WL=""
${pkgs.wayland-proxy-virtwl}/bin/wayland-proxy-virtwl \
--wayland-display=wayland-3 \
--xwayland-binary=${pkgs.xwayland}/bin/Xwayland \
--x-display=3 \
&
# --x-unscale=3 \
#--verbose \
export PROXYPID="$!"
trap "kill -9 \$PROXYPID" EXIT
# trap "pkill -9 wayland-proxy-v" EXIT
env \
WAYLAND_DISPLAY=wayland-3 \
DISPLAY=:3 \
ledger-live-desktop
'';
syncthing-container-webui = pkgs.writeShellScriptBin "reverse-port-forward-syncthing-container" ''
ssh root@${self.colmena.sj-vps-htz0.deployment.targetHost} -L 8385:syncthing.containers:8384
'';
};
formatter = pkgs.alejandra;
devShells.default = import ./nix/devShells.nix {
inherit inputs' pkgs;
packages' = packages;
};
};
});
});
}

2
nix/devShells.nix
View file

@ -30,7 +30,6 @@ pkgs.stdenv.mkDerivation {
ripgrep
lm_sensors
pass
prs
fuzzel
wofi
age
@ -76,6 +75,7 @@ pkgs.stdenv.mkDerivation {
(pkgs.writeShellScriptBin "r11" ''
exec env NIXOS_OZONE_WL="" WAYLAND_DISPLAY="" $@
'')
]);
# Set Environment Variables

7
nix/home-manager/configuration/graphical-fullblown.nix
View file

@ -343,6 +343,13 @@ in {
# qtWrapperArgs+=("''${gappsWrapperArgs[@]}")
# '';
}))
snes9x
snes9x-gtk
# this is a displaymanager!
# libretro.snes9x2010
# retroarchFull
]);
systemd.user.startServices = true;

4
nix/home-manager/programs/espanso.nix
View file

@ -62,6 +62,10 @@
trigger = ":dunno";
replace = "¯\\_()_/¯";
}
{
trigger = ":shrug";
replace = "¯\\_()_/¯";
}
];
};
};

11
nix/home-manager/programs/pass.nix
View file

@ -1,9 +1,8 @@
{pkgs, ...}: {
{repoFlake, pkgs, ...}: {
# required by pass-otp
home.sessionVariables.PASSWORD_STORE_EXTENSIONS_DIR = "$HOME/.nix-profile/lib/password-store/extensions";
home.sessionVariables.PASSWORD_STORE_ENABLE_EXTENSIONS = "true";
programs.browserpass.enable = true;
# home.sessionVariables.PASSWORD_STORE_EXTENSIONS_DIR = "$HOME/.nix-profile/lib/password-store/extensions";
# home.sessionVariables.PASSWORD_STORE_ENABLE_EXTENSIONS = "true";
# programs.browserpass.enable = true;
home.packages = with pkgs; [
gnupg
@ -12,6 +11,6 @@
# broken on wayland
# rofi-pass
prs
repoFlake.packages.${pkgs.system}.prs
];
}

11
nix/os/containers/webserver.nix
View file

@ -39,7 +39,14 @@ in {
in ''
redir /hedgedoc* https://hedgedoc.${domain}
respond "Hi!"
file_server /*/* {
browse
root /var/www/stefanjunker.de/htdocs/caddy
pass_thru
}
# respond "Hi"
# respond (not /*/*) "Hi"
'';
};
@ -99,7 +106,7 @@ in {
};
services.jitsi-meet = {
enable = true;
enable = false;
hostName = "meet.${domain}";
config = {
prejoinPageEnabled = true;

36
nix/os/devices/router0-dmz0/configuration.nix
View file

@ -184,10 +184,11 @@ in {
after = ["hook"];
rules = let
wanInterfaces = builtins.concatStringsSep ", " config.networking.nftables.firewall.zones.wan.interfaces;
exposedHost = "192.168.22.121";
exposedHost = "srv0-dmz0.dmz.internal";
in [
"iifname { ${wanInterfaces} } tcp dport 220 redirect to 22"
"iifname { ${wanInterfaces} } dnat ip to ${exposedHost}"
# TODO: if this hostname doesn't resolve it'll break the whole ruleset
# "iifname { ${wanInterfaces} } dnat ip to ${exposedHost}"
];
};
};
@ -574,7 +575,8 @@ in {
# sae_password_file = config.sops.secrets.wlan0_saePasswordsFile.path;
# enables debug logging
# logger_stdout_level= lib.mkForce 0;
logger_stdout_level= lib.mkForce 0;
logger_stdout = -1;
# logger_syslog_level= lib.mkForce 0;
# resources on vlan tagging
@ -583,6 +585,7 @@ in {
dynamic_vlan = 1;
# this option currently requires a patch to hostapd
vlan_no_bridge = 1;
/* not used due to the above vlan_no_bridge setting
@ -620,14 +623,36 @@ in {
# "SAE"
]);
# wpa_psk_radius = 0;
wpa_pairwise = "CCMP";
wmm_enabled = 1;
# IEEE 802.11i (authentication) related configuration
# Encrypt management frames to protect against deauthentication and similar attacks
ieee80211w = 1;
sae_require_mfp = 1;
sae_groups = "19 20 21";
# [ENABLE-TLSv1.3] = enable TLSv1.3 (experimental - disabled by default)
tls_flags= "[ENABLE-TLSv1.3]";
ieee8021x=0;
eap_server=0;
};
};
# wlan0-1 = {
# ssid = "mlsia-testing";
# authentication = {
# mode = "wpa3-sae-transition";
# };
# bssid = mkBssid 1;
# settings = {
# bridge = bridgeInterfaceName;
# };
# };
# wlan0-1 = {
# ssid = "justtestingwifi-wpa3";
# authentication = {
@ -777,7 +802,7 @@ in {
tag
(mkVlanIpv4HostAddr { inherit vlanid; host = 100; cidr = false; })
(mkVlanIpv4HostAddr { inherit vlanid; host = 199; cidr = false; })
"30m"
"12h"
];
in
builtins.map
@ -843,7 +868,8 @@ in {
};
# The service irqbalance is useful as it assigns certain IRQ calls to specific CPUs instead of letting the first CPU core to handle everything. This is supposed to increase performance by hitting CPU cache more often.
services.irqbalance.enable = true;
# disable for now as i think it causes wifi issues
services.irqbalance.enable = false;
system.stateVersion = "23.05";

3
nix/os/devices/sj-bm-hostkey0/configuration.nix
View file

@ -162,5 +162,8 @@
boot.binfmt.emulatedSystems = [
"aarch64-linux"
"i686-linux"
# "i386-linux"
# "i586-linux"
];
}

47
nix/os/devices/sj-vps-htz0/system.nix
View file

@ -1,13 +1,14 @@
{
pkgs,
lib,
config,
repoFlake,
nodeName,
...
}: let
{ pkgs
, lib
, config
, repoFlake
, nodeName
, ...
}:
let
wireguardPort = 51820;
in {
in
{
imports = [
../../snippets/systemd-resolved.nix
];
@ -31,14 +32,14 @@ in {
networking.interfaces.eth0 = {
mtu = 1400;
useDHCP = false;
useDHCP = true;
ipv4.addresses = [
{
"address" = "167.233.1.14";
"prefixLength" = 29;
}
];
ipv6.addresses = [];
ipv6.addresses = [ ];
};
networking.defaultGateway = {
@ -53,7 +54,7 @@ in {
networking.nat = {
enable = true;
internalInterfaces = ["ve-*" "wg*"];
internalInterfaces = [ "ve-*" "wg*" ];
externalInterface = "eth0";
};
@ -78,7 +79,7 @@ in {
privateKeyFile = config.sops.secrets.wg0-private.path;
peers = [
{
allowedIPs = ["192.168.99.2/32"];
allowedIPs = [ "192.168.99.2/32" ];
publicKey = "O3k4jEdX6jkV1fHP/J8KSH5tvi+n1VvnBTD5na6Naw0=";
presharedKeyFile = config.sops.secrets.wg0-psk-steveej-psk.path;
}
@ -86,12 +87,12 @@ in {
};
# virtualization
virtualisation = {docker.enable = false;};
virtualisation = { docker.enable = false; };
services.spice-vdagentd.enable = true;
services.qemuGuest.enable = true;
nix.gc = {automatic = true;};
nix.gc = { automatic = true; };
containers = {
mailserver = import ../../containers/mailserver.nix {
@ -108,17 +109,17 @@ in {
webserver =
import ../../containers/webserver.nix
{
inherit repoFlake;
{
inherit repoFlake;
autoStart = true;
autoStart = true;
hostAddress = "192.168.100.12";
localAddress = "192.168.100.13";
hostAddress = "192.168.100.12";
localAddress = "192.168.100.13";
httpPort = 80;
httpsPort = 443;
};
httpPort = 80;
httpsPort = 443;
};
syncthing = import ../../containers/syncthing.nix {
autoStart = true;

56
nix/os/devices/steveej-t14/configuration.nix
View file

@ -11,5 +11,61 @@
./user.nix
./boot.nix
./secrets.nix
# samba seerver
({ lib, ... }: {
# networking.firewall.enable = lib.mkForce false;
services.samba-wsdd.enable = true; # make shares visible for windows 10 clients
networking.firewall.allowedTCPPorts = [
5357 # wsdd
];
networking.firewall.allowedUDPPorts = [
3702 # wsdd
];
services.samba = {
enable = true;
securityType = "user";
extraConfig = ''
workgroup = ARBEITSGRUPPE
server string = steveej-t14
netbios name = steveej-t14
security = user
# use sendfile = yes
# for executables on windows
acl allow execute always = True
# legacy windows quirks
max protocol = NT1
min protocol = NT1
ntlm auth = yes
# client max protocol = SMB1
# client min protocol = NT1
# note: localhost is the ipv6 localhost ::1
hosts allow = 192.168. 127.0.0.1 localhost
hosts deny = 0.0.0.0/0
guest account = nobody
map to guest = bad user
'';
shares = {
voodoo = {
path = "/home/steveej/Desktop/voodoo";
browseable = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0644";
"directory mask" = "0755";
# "force user" = "steveej";
# "force group" = "users";
};
};
};
})
];
}

22
nix/os/devices/steveej-t14/hw.nix
View file

@ -1,4 +1,4 @@
{...}: let
{lib, ...}: let
stage1Modules = [
"aesni_intel"
"kvm_amd"
@ -7,6 +7,22 @@
"thunderbolt"
"e1000e"
"usbcore"
"xhci_hcd"
"usbnet"
"snd_usb_audio"
"usbhid"
"snd_usbmidi_lib"
"cdc_mbim"
"cdc_ncm"
"usb_storage"
"cdc_wdm"
"uvcvideo"
"btusb"
"xhci_pci"
"cdc_ether"
"uas"
];
in {
# TASK: new device
@ -14,8 +30,11 @@ in {
enable = true;
encrypted = true;
diskId = "nvme-WD_BLACK_SN850X_4000GB_2227DT443901";
earlyDiskIdOverride = "usb-JMicron_Generic_0123456789ABCDEF-0:0";
};
# boot.loader.grub.device = lib.mkForce "/dev/disk/by-id/usb-JMicron_Generic_0123456789ABCDEF-0:0";
# see https://linrunner.de/tlp/
services.tlp = {
enable = true;
@ -90,6 +109,7 @@ in {
];
};
hardware.enableRedistributableFirmware = true;
# boot.initrd.availableKernelModules = stage1Modules;
boot.initrd.kernelModules = stage1Modules;
}

20
nix/os/devices/steveej-t14/pkg.nix
View file

@ -59,6 +59,25 @@
sway
'';
# autologin steveej on tty1
systemd.services."autovt@tty1".description = "Autologin at the TTY1";
systemd.services."autovt@tty1".after = [ "systemd-logind.service" ]; # without it user session not started and xorg can't be run from this tty
systemd.services."autovt@tty1".wantedBy = [ "multi-user.target" ];
systemd.services."autovt@tty1".serviceConfig =
{ ExecStart = [
"" # override upstream default with an empty ExecStart
"@${pkgs.utillinux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login --autologin steveej --noclear %I $TERM"
];
Restart = "always";
Type = "idle";
};
programs.zsh.loginShellInit = ''
if test $(id --user steveej) = $(id -u) && test $(tty) = "/dev/tty1"; then
exec sway
fi
'';
# fonts = let
# prefs.font = rec {
# size = 13;
@ -109,6 +128,7 @@
# rtkit is optional but recommended
security.rtkit.enable = true;
services.pipewire = {
audio.enable = true;
enable = true;
alsa.enable = true;
alsa.support32Bit = true;

83
nix/os/devices/steveej-t14/system.nix
View file

@ -1,11 +1,11 @@
{
pkgs,
lib,
config,
nodeName,
repoFlake,
...
}: let
{ pkgs
, lib
, config
, nodeName
, repoFlake
, ...
}:
let
passwords = import ../../../variables/passwords.crypt.nix;
localTcpPorts = [
@ -24,7 +24,8 @@
21027
];
in {
in
{
imports = [
../../snippets/nix-settings-holo-chain.nix
];
@ -44,16 +45,16 @@ in {
sshUser = "nix-remote-builder";
protocol = "ssh-ng";
system = "x86_64-linux";
maxJobs = 24;
maxJobs = 32;
speedFactor = 100;
supportedFeatures = repoFlake.nixosConfigurations.router0-dmz0.config.nix.settings.system-features ++ [];
supportedFeatures = repoFlake.nixosConfigurations.router0-dmz0.config.nix.settings.system-features ++ [ ];
}
];
networking.extraHosts = ''
'';
networking.bridges."virbr1".interfaces = [];
networking.bridges."virbr1".interfaces = [ ];
networking.interfaces."virbr1".ipv4.addresses = [
{
address = "10.254.254.254";
@ -86,7 +87,7 @@ in {
# virtualization
virtualisation = {
libvirtd = {enable = true;};
libvirtd = { enable = true; };
virtualbox.host = {
enable = false;
@ -107,11 +108,11 @@ in {
enable = true;
package = lib.mkForce pkgs.gnome3.gvfs;
};
environment.systemPackages = with pkgs; [lxqt.lxqt-policykit]; # provides a default authentification client for policykit
environment.systemPackages = with pkgs; [ lxqt.lxqt-policykit ]; # provides a default authentification client for policykit
security.pki.certificateFiles = ["${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"];
security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
services.xserver.videoDrivers = lib.mkForce ["amdgpu"];
services.xserver.videoDrivers = lib.mkForce [ "amdgpu" ];
services.xserver.serverFlagsSection = ''
Option "BlankTime" "0"
Option "StandbyTime" "0"
@ -123,35 +124,37 @@ in {
hardware.ledger.enable = true;
services.zerotierone = {
enable = true;
joinNetworks = [
# moved to the service below as it's now secret
];
};
# services.zerotierone = {
# enable = false;
# joinNetworks = [
# # moved to the service below as it's now secret
# ];
# };
systemd.services.zerotieroneSecretNetworks = {
enable = false;
requiredBy = ["zerotierone.service"];
partOf = ["zerotierone.service"];
# systemd.services.zerotieroneSecretNetworks = {
# enable = false;
# requiredBy = [ "zerotierone.service" ];
# partOf = [ "zerotierone.service" ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
# serviceConfig.Type = "oneshot";
# serviceConfig.RemainAfterExit = true;
script = let
secret = config.sops.secrets.zerotieroneNetworks;
in ''
# include the secret's hash to trigger a restart on change
# ${builtins.hashString "sha256" (builtins.toJSON secret)}
# script =
# let
# secret = config.sops.secrets.zerotieroneNetworks;
# in
# ''
# # include the secret's hash to trigger a restart on change
# # ${builtins.hashString "sha256" (builtins.toJSON secret)}
${config.systemd.services.zerotierone.preStart}
# ${config.systemd.services.zerotierone.preStart}
rm -rf /var/lib/zerotier-one/networks.d/*.conf
for network in `grep -v '#' ${secret.path}`; do
touch /var/lib/zerotier-one/networks.d/''${network}.conf
done
'';
};
# rm -rf /var/lib/zerotier-one/networks.d/*.conf
# for network in `grep -v '#' ${secret.path}`; do
# touch /var/lib/zerotier-one/networks.d/''${network}.conf
# done
# '';
# };
sops.secrets.zerotieroneNetworks = {
sopsFile = ../../../../secrets/zerotierone.txt;

1
nix/os/devices/steveej-x13s/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
result

82
nix/os/devices/steveej-x13s/configuration.nix Normal file
View file

@ -0,0 +1,82 @@
{ repoFlake
, pkgs
, lib
, config
, nodeFlake
, nodeName
, localDomainName
, system
, ...
}:
{
imports = [
# repoFlake.inputs.sops-nix.nixosModules.sops
# ../../profiles/common/user.nix
{
nix.nixPath = [
"nixpkgs=${pkgs.path}"
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings.max-jobs = lib.mkDefault "auto";
nix.settings.cores = lib.mkDefault 0;
}
{
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "yes";
# users.commonUsers = {
# enable = true;
# enableNonRoot = false;
# rootPasswordFile = config.sops.secrets.passwords-root.path;
# };
users.users.root.password = "install";
# sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
# sops.defaultSopsFormat = "yaml";
# sops.secrets.passwords-root.neededForUsers = true;
}
];
networking = {
hostName = nodeName;
useNetworkd = false;
networkmanager.enable = false;
firewall.enable = false;
};
system.stateVersion = "23.11";
# We exclude a number of modules included in the default list. A non-insignificant amount do
# not apply to embedded hardware like this, so simply skip the defaults.
#
# Custom kernel is required as a lot of MTK components misbehave when built as modules.
# They fail to load properly, leaving the system without working ethernet, they'll oops on
# remove. MTK-DSA parts and PCIe were observed to do this.
# boot.initrd.includeDefaultModules = false;
# boot.initrd.kernelModules = ["rfkill" "cfg80211" "mt7915e"];
# boot.initrd.availableKernelModules = ["nvme"];
nixpkgs.config.allowUnfree = true;
# hardware.enableRedistributableFirmware = true;
environment.systemPackages = [
pkgs.busybox
];
fileSystems."/".label = "x13s_root";
}

35
nix/os/devices/steveej-x13s/default.nix Normal file
View file

@ -0,0 +1,35 @@
{
system ? "aarch64-linux",
nodeName,
repoFlake,
nodeFlake,
localDomainName ? "internal",
...
}: {
meta.nodeSpecialArgs.${nodeName} = {
inherit repoFlake nodeName nodeFlake system;
packages' = repoFlake.packages.${system};
nodePackages' = nodeFlake.packages.${system};
inherit localDomainName;
};
meta.nodeNixpkgs.${nodeName} =
import nodeFlake.inputs.nixpkgs.outPath
{
inherit system;
};
${nodeName} = {
deployment.targetHost = "${nodeName}.${localDomainName}";
deployment.replaceUnknownProfiles = true;
# nixpkgs.pkgs = nodeFlake.inputs.nixpkgs.legacyPackages.${system};
imports = [
./configuration.nix
];
networking.hostName = nodeName;
};
}

159
nix/os/devices/steveej-x13s/flake.lock generated Normal file
View file

@ -0,0 +1,159 @@
{
"nodes": {
"brainwart_x13s-nixos": {
"flake": false,
"locked": {
"lastModified": 1701822673,
"narHash": "sha256-F2LBV8tqGPhEAvmn5Frxj79RPWgPGUYxJRYz8Pn9uj0=",
"owner": "BrainWart",
"repo": "x13s-nixos",
"rev": "ba245df7a72a78ec93aa500ba1a0cb29f0f65f37",
"type": "github"
},
"original": {
"owner": "BrainWart",
"ref": "main",
"repo": "x13s-nixos",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1705348229,
"narHash": "sha256-CssPema1sBxZkrT95KFuKCNNiqxNe1lnf2QNeXk88Xk=",
"owner": "nix-community",
"repo": "disko",
"rev": "d0b4408eaf782a1ada0a9133bb1cecefdd59c696",
"type": "github"
},
"original": {
"id": "disko",
"type": "indirect"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"srvos",
"nixpkgs"
]
},
"locked": {
"lastModified": 1704982712,
"narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "07f6395285469419cf9d078f59b5b49993198c00",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"get-flake": {
"locked": {
"lastModified": 1694475786,
"narHash": "sha256-s5wDmPooMUNIAAsxxCMMh9g68AueGg63DYk2hVZJbc8=",
"owner": "ursi",
"repo": "get-flake",
"rev": "ac54750e3b95dab6ec0726d77f440efe6045bec1",
"type": "github"
},
"original": {
"owner": "ursi",
"repo": "get-flake",
"type": "github"
}
},
"linux_x13s": {
"flake": false,
"locked": {
"lastModified": 1705487080,
"narHash": "sha256-DTOPiUGaeH5Ey+AZaO1c1n/QFikIXmvo2tTzgFtJ70k=",
"owner": "jhovold",
"repo": "linux",
"rev": "dd209a8fb4840e48ca4963bb23057f38b1066a6d",
"type": "github"
},
"original": {
"owner": "jhovold",
"ref": "wip/sc8280xp-v6.7",
"repo": "linux",
"type": "github"
}
},
"mobile-nixos": {
"flake": false,
"locked": {
"lastModified": 1705008488,
"narHash": "sha256-Gj97fDFZaK6gLb3ayZgTTtD+MFE1YjoyYHWkB1TIAe0=",
"owner": "NixOS",
"repo": "mobile-nixos",
"rev": "56e55df7b07b5e5c6d050732d851cec62b41df95",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "mobile-nixos",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1705316053,
"narHash": "sha256-J2Ey5mPFT8gdfL2XC0JTZvKaBw/b2pnyudEXFvl+dQM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "c3e128f3c0ecc1fb04aef9f72b3dcc2f6cecf370",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"brainwart_x13s-nixos": "brainwart_x13s-nixos",
"disko": "disko",
"get-flake": "get-flake",
"linux_x13s": "linux_x13s",
"mobile-nixos": "mobile-nixos",
"nixpkgs": "nixpkgs",
"srvos": "srvos"
}
},
"srvos": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1705346686,
"narHash": "sha256-lTf1b2I6wwNDhV5eEKIAMT5DOa43bK5KaPqDWH2yfek=",
"owner": "numtide",
"repo": "srvos",
"rev": "8e03bea707212a7225b0ab02a8186af8b1e98e0a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "srvos",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

270
nix/os/devices/steveej-x13s/flake.nix Normal file
View file

@ -0,0 +1,270 @@
{
inputs =
{
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
get-flake.url = "github:ursi/get-flake";
disko.inputs.nixpkgs.follows = "nixpkgs";
srvos.url = "github:numtide/srvos";
srvos.inputs.nixpkgs.follows = "nixpkgs";
mobile-nixos.url = "github:NixOS/mobile-nixos";
mobile-nixos.flake = false;
# see https://github.com/jhovold/linux/wiki/X13s for status updates
linux_x13s.url = "github:jhovold/linux/wip/sc8280xp-v6.7";
linux_x13s.flake = false;
brainwart_x13s-nixos = {
url = "github:BrainWart/x13s-nixos/main";
flake = false;
};
};
outputs =
{ self
, get-flake
, nixpkgs
, ...
}:
let
targetPlatform = "aarch64-linux";
buildPlatform = "x86_64-linux";
nodeName = "steveej-x13s";
pkgs = nixpkgs.legacyPackages.${targetPlatform};
pkgsCross = import self.inputs.nixpkgs {
system = buildPlatform;
crossSystem = {
config = "pentium2-unknown-linux-gnu";
};
};
mkNixosConfiguration = { extraModules ? [ ], ... } @ attrs:
nixpkgs.lib.nixosSystem (
nixpkgs.lib.attrsets.recursiveUpdate
attrs
{
specialArgs = (import ./default.nix {
system = targetPlatform;
inherit nodeName;
repoFlake = get-flake ../../../..;
nodeFlake = self;
}).meta.nodeSpecialArgs.${nodeName};
modules =
[
self.nixosModules.hardware-x13s
./configuration.nix
# flake registry
{
nix.registry.nixpkgs.flake = nixpkgs;
}
{
nixpkgs.overlays = [
(final: prev:
{
qrtr = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/qrtr.nix" { };
qmic = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/qmic.nix" { };
rmtfs = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/rmtfs.nix" { };
pd-mapper = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/pd-mapper.nix" {
inherit (final) qrtr;
};
compressFirmwareXz = prev.lib.id; #this leaves all firmware uncompressed :) for pd-mapper
})
];
}
]
++ extraModules;
}
);
in
{
nixosConfigurations = {
native = mkNixosConfiguration {
system = targetPlatform;
};
cross = mkNixosConfiguration {
extraModules = [
{
nixpkgs.buildPlatform.system = buildPlatform;
nixpkgs.hostPlatform.system = targetPlatform;
}
];
};
};
nixosModules.hardware-x13s = { pkgs, config, lib, options, ... }:
let
# TODO: introduce options for these
kernelPdMapper = true;
in
{
config =
let
inherit (config.boot.loader) efi;
kp = [
{
name = "x13s-cfg";
patch = null;
extraStructuredConfig = with lib.kernel; {
EFI_ARMSTUB_DTB_LOADER = lib.mkForce yes;
OF_OVERLAY = lib.mkForce yes;
BTRFS_FS = lib.mkForce yes;
BTRFS_FS_POSIX_ACL = lib.mkForce yes;
MEDIA_CONTROLLER = lib.mkForce yes;
SND_USB_AUDIO_USE_MEDIA_CONTROLLER = lib.mkForce yes;
SND_USB = lib.mkForce yes;
SND_USB_AUDIO = lib.mkForce module;
USB_XHCI_PCI = lib.mkForce module;
NO_HZ_FULL = lib.mkForce yes;
HZ_100 = lib.mkForce yes;
HZ_250 = lib.mkForce no;
DRM_AMDGPU = lib.mkForce no;
DRM_NOUVEAU = lib.mkForce no;
QCOM_TSENS = lib.mkForce yes;
NVMEM_QCOM_QFPROM = lib.mkForce yes;
ARM_QCOM_CPUFREQ_NVMEM = lib.mkForce yes;
} // lib.optionalAttrs kernelPdMapper {
QCOM_PD_MAPPER = lib.mkForce yes;
QRTR = lib.mkForce yes;
};
}
];
# We can't quite move to mainline linux
linux_x13s_pkg = { buildLinux, ... } @ args:
buildLinux (args // rec {
version = "6.7.0";
modDirVersion = lib.versions.pad 3 version;
extraMeta.branch = lib.versions.majorMinor version;
src = self.inputs.linux_x13s;
kernelPatches = (args.kernelPatches or [ ]) ++ kp;
} // (args.argsOverride or { }));
# we add additional configuration on top of te normal configuration above
# using the extraStructuredConfig option on the kernel patch
linux_x13s = pkgs.callPackage linux_x13s_pkg {
defconfig = "johan_defconfig";
};
uncompressed-fw = pkgs.callPackage
({ lib, runCommand, buildEnv, firmwareFilesList }:
runCommand "qcom-modem-uncompressed-firmware-share"
{
firmwareFiles = buildEnv {
name = "qcom-modem-uncompressed-firmware";
paths = firmwareFilesList;
pathsToLink = [
"/lib/firmware/rmtfs"
"/lib/firmware/qcom"
];
};
} ''
PS4=" $ "
(
set -x
mkdir -p $out/share/
ln -s $firmwareFiles/lib/firmware/ $out/share/uncompressed-firmware
)
'')
{
firmwareFilesList = lib.flatten options.hardware.firmware.definitions;
};
linuxPackages_x13s = pkgs.linuxPackagesFor linux_x13s;
dtb = "${linuxPackages_x13s.kernel}/dtbs/qcom/sc8280xp-lenovo-thinkpad-x13s.dtb";
dtbName = "x13s63rc4.dtb";
in
{
boot = {
loader.systemd-boot.enable = true;
loader.systemd-boot.extraFiles = {
"${dtbName}" = dtb;
};
loader.efi.canTouchEfiVariables = true;
loader.efi.efiSysMountPoint = "/boot";
kernelPackages = linuxPackages_x13s;
kernelParams = [
"boot.shell_on_fail"
"clk_ignore_unused"
"pd_ignore_unused"
"arm64.nopauth"
"cma=128M"
"nvme.noacpi=1"
"iommu.strict=0"
"dtb=${dtbName}"
];
initrd = {
includeDefaultModules = false;
availableKernelModules = [
"i2c_hid"
"i2c_hid_of"
"i2c_qcom_geni"
"leds_qcom_lpg"
"pwm_bl"
"qrtr"
"pmic_glink_altmode"
"gpio_sbu_mux"
"phy_qcom_qmp_combo"
"panel-edp"
"msm"
"phy_qcom_edp"
"i2c-core"
"i2c-hid"
"i2c-hid-of"
"i2c-qcom-geni"
"pcie-qcom"
"phy-qcom-qmp-combo"
"phy-qcom-qmp-pcie"
"phy-qcom-qmp-usb"
"phy-qcom-snps-femto-v2"
"phy-qcom-usb-hs"
"nvme"
];
};
};
# power management, etc.
environment.systemPackages = with pkgs; [
qrtr
qmic
rmtfs
pd-mapper
uncompressed-fw
];
environment.pathsToLink = [ "share/uncompressed-firmware" ];
# ensure the x13s' dtb file is in the boot partition
system.activationScripts.x13s-dtb = ''
in_package="${dtb}"
esp_tool_folder="${efi.efiSysMountPoint}/"
in_esp="''${esp_tool_folder}${dtbName}"
>&2 echo "Ensuring $in_esp in EFI System Partition"
if ! ${pkgs.diffutils}/bin/cmp --silent "$in_package" "$in_esp"; then
>&2 echo "Copying $in_package -> $in_esp"
mkdir -p "$esp_tool_folder"
cp "$in_package" "$in_esp"
sync
fi
'';
hardware.enableAllFirmware = true;
hardware.firmware = [
pkgs.linux-firmware
(pkgs.callPackage "${self.inputs.brainwart_x13s-nixos}/pkgs/x13s-firmware.nix" { })
];
};
};
};
}

1
nix/os/devices/voodoo/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
result

85
nix/os/devices/voodoo/configuration.nix Normal file
View file

@ -0,0 +1,85 @@
{
repoFlake,
pkgs,
lib,
config,
nodeFlake,
nodeName,
localDomainName,
system,
...
}: let
in {
imports = [
# repoFlake.inputs.sops-nix.nixosModules.sops
# ../../profiles/common/user.nix
{
nix.nixPath = [
"nixpkgs=${pkgs.path}"
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings.max-jobs = lib.mkDefault "auto";
nix.settings.cores = lib.mkDefault 0;
}
{
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "yes";
# users.commonUsers = {
# enable = true;
# enableNonRoot = false;
# rootPasswordFile = config.sops.secrets.passwords-root.path;
# };
users.users.root.password = "voodoo";
# sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
# sops.defaultSopsFormat = "yaml";
# sops.secrets.passwords-root.neededForUsers = true;
}
];
networking = {
hostName = nodeName;
useNetworkd = false;
useDHCP = true;
firewall.enable = false;
};
system.stateVersion = "23.11";
# We exclude a number of modules included in the default list. A non-insignificant amount do
# not apply to embedded hardware like this, so simply skip the defaults.
#
# Custom kernel is required as a lot of MTK components misbehave when built as modules.
# They fail to load properly, leaving the system without working ethernet, they'll oops on
# remove. MTK-DSA parts and PCIe were observed to do this.
# boot.initrd.includeDefaultModules = false;
# boot.initrd.kernelModules = ["rfkill" "cfg80211" "mt7915e"];
# boot.initrd.availableKernelModules = ["nvme"];
hardware.enableRedistributableFirmware = false;
# Extlinux compatible with custom uboot patches in this repo, which also provide unique
# MAC addresses instead of the non-unique one that gets used by a lot of MTK devices...
boot.loader.grub.enable = true;
environment.systemPackages = [
# pkgs.pciutils
];
fileSystems."/".label = "voodoo_root";
boot.loader.grub.devices = [
"/dev/disk/by-id/usb-ST313640_A_20171021-0"
];
}

35
nix/os/devices/voodoo/default.nix Normal file
View file

@ -0,0 +1,35 @@
{
system ? "i586-linux",
nodeName,
repoFlake,
nodeFlake,
localDomainName ? "internal",
...
}: {
meta.nodeSpecialArgs.${nodeName} = {
inherit repoFlake nodeName nodeFlake system;
packages' = repoFlake.packages.${system};
nodePackages' = nodeFlake.packages.${system};
inherit localDomainName;
};
meta.nodeNixpkgs.${nodeName} =
import nodeFlake.inputs.nixpkgs.outPath
{
inherit system;
};
${nodeName} = {
deployment.targetHost = "${nodeName}.${localDomainName}";
deployment.replaceUnknownProfiles = true;
# nixpkgs.pkgs = nodeFlake.inputs.nixpkgs.legacyPackages.${system};
imports = [
./configuration.nix
];
networking.hostName = nodeName;
};
}

225
nix/os/devices/voodoo/flake.lock generated Normal file
View file

@ -0,0 +1,225 @@
{
"nodes": {
"bpir3": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1703603768,
"narHash": "sha256-ZViXHNt7ClqNtlRO9iot+LxiSbBvZi/RR+/6Q7W6UV8=",
"owner": "steveej-forks",
"repo": "nixos-bpir3",
"rev": "47cb545b92c136d1482a66b940c4719c40eb5fe3",
"type": "github"
},
"original": {
"owner": "steveej-forks",
"ref": "linux-6.6",
"repo": "nixos-bpir3",
"type": "github"
}
},
"dependencyDagOfSubmodule": {
"inputs": {
"nixpkgs": [
"nixos-nftables-firewall",
"nixpkgs"
]
},
"locked": {
"lastModified": 1656615370,
"narHash": "sha256-IZDqz1aSySoqf1qtVQg+oJMHfC4IlT55Zoa7EkjvPug=",
"owner": "thelegy",
"repo": "nix-dependencyDagOfSubmodule",
"rev": "98eb563d80b35acafbfc1abb9ccee569c1efb19c",
"type": "github"
},
"original": {
"owner": "thelegy",
"repo": "nix-dependencyDagOfSubmodule",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1703532766,
"narHash": "sha256-ojjW3cuNmqL5uqDWohwLoO8dYpheM5+AfgsNmGIMwG8=",
"owner": "nix-community",
"repo": "disko",
"rev": "1b191113874dee97796749bb21eac3d84735c70a",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"get-flake": {
"locked": {
"lastModified": 1694475786,
"narHash": "sha256-s5wDmPooMUNIAAsxxCMMh9g68AueGg63DYk2hVZJbc8=",
"owner": "ursi",
"repo": "get-flake",
"rev": "ac54750e3b95dab6ec0726d77f440efe6045bec1",
"type": "github"
},
"original": {
"owner": "ursi",
"repo": "get-flake",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1703527373,
"narHash": "sha256-AjypRssRtS6F3xkf7rE3/bXkIF2WJOZLbTIspjcE1zM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "80679ea5074ab7190c4cce478c600057cfb5edae",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "home-manager",
"type": "github"
}
},
"hostapd": {
"flake": false,
"locked": {
"lastModified": 1703346062,
"narHash": "sha256-SHSBKIgKc5zEGhKDT2v+yGERTJHf8pe+9ZPUwJBTJKQ=",
"ref": "refs/heads/main",
"rev": "196d6c83b9cb7d298fdc92684dc37115348b159e",
"revCount": 19119,
"type": "git",
"url": "git://w1.fi/hostap.git?branch=main"
},
"original": {
"type": "git",
"url": "git://w1.fi/hostap.git?branch=main"
}
},
"nixos-nftables-firewall": {
"inputs": {
"dependencyDagOfSubmodule": "dependencyDagOfSubmodule",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1703279052,
"narHash": "sha256-0rbG/9SwaWtXT7ZuifMq+7wvfxDpZrjr0zdMcM4KK+E=",
"owner": "thelegy",
"repo": "nixos-nftables-firewall",
"rev": "3bf23aeb346e772d157816e6b72a742a6c97db80",
"type": "github"
},
"original": {
"owner": "thelegy",
"repo": "nixos-nftables-firewall",
"type": "github"
}
},
"nixos-stable": {
"locked": {
"lastModified": 1703068421,
"narHash": "sha256-WSw5Faqlw75McIflnl5v7qVD/B3S2sLh+968bpOGrWA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d65bceaee0fb1e64363f7871bc43dc1c6ecad99f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1703255338,
"narHash": "sha256-Z6wfYJQKmDN9xciTwU3cOiOk+NElxdZwy/FiHctCzjU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "6df37dc6a77654682fe9f071c62b4242b5342e04",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"openwrt": {
"flake": false,
"locked": {
"lastModified": 1691699580,
"narHash": "sha256-CV+ufXPEr5Nz2O2FBnnuPeHNsFQ7c5s0uW39u/q3cUo=",
"ref": "main",
"rev": "847984c773d819d5579d5abae4b80a4983103ed9",
"revCount": 58166,
"type": "git",
"url": "https://github.com/openwrt/openwrt.git"
},
"original": {
"ref": "main",
"rev": "847984c773d819d5579d5abae4b80a4983103ed9",
"type": "git",
"url": "https://github.com/openwrt/openwrt.git"
}
},
"root": {
"inputs": {
"bpir3": "bpir3",
"disko": "disko",
"get-flake": "get-flake",
"home-manager": "home-manager",
"hostapd": "hostapd",
"nixos-nftables-firewall": "nixos-nftables-firewall",
"nixpkgs": "nixpkgs",
"openwrt": "openwrt",
"srvos": "srvos"
}
},
"srvos": {
"inputs": {
"nixos-stable": "nixos-stable",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1703469109,
"narHash": "sha256-hTQJ9uV43Vt8UXwervEj9mbDoQSN1mD3lwwPChG8jy8=",
"owner": "numtide",
"repo": "srvos",
"rev": "52d07db520046c4775f1047e68a05dcb53bba9ec",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "srvos",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

80
nix/os/devices/voodoo/flake.nix Normal file
View file

@ -0,0 +1,80 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
get-flake.url = "github:ursi/get-flake";
disko.inputs.nixpkgs.follows = "nixpkgs";
srvos.url = "github:numtide/srvos";
srvos.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = {
self,
get-flake,
nixpkgs,
...
}: let
targetPlatform = "i686-linux";
buildPlatform = "x86_64-linux";
nodeName = "voodoo";
pkgs = nixpkgs.legacyPackages.${targetPlatform};
pkgsCross = import self.inputs.nixpkgs {
system = buildPlatform;
crossSystem = {
config = "pentium2-unknown-linux-gnu";
};
};
mkNixosConfiguration = {extraModules ? [], ...} @ attrs:
nixpkgs.lib.nixosSystem (
nixpkgs.lib.attrsets.recursiveUpdate
attrs
{
specialArgs = (import ./default.nix {
system = targetPlatform;
inherit nodeName;
repoFlake = get-flake ../../../..;
nodeFlake = self;
}).meta.nodeSpecialArgs.${nodeName};
modules =
[
./configuration.nix
# flake registry
{
nix.registry.nixpkgs.flake = nixpkgs;
}
{
nixpkgs.overlays = [
(final: previous:
{
})
];
}
]
++ extraModules;
}
);
in {
nixosConfigurations = {
native = mkNixosConfiguration {
system = targetPlatform;
};
cross = mkNixosConfiguration {
extraModules = [
{
nixpkgs.buildPlatform.system = buildPlatform;
nixpkgs.hostPlatform.system = targetPlatform;
}
];
};
};
};
}

1
nix/os/lib/default.nix
View file

@ -20,6 +20,7 @@ in {
"cdrom"
"adbusers"
"dialout"
"cdrom"
];
openssh.authorizedKeys.keys = keys.users.steveej.openssh;

14
nix/os/modules/opinionatedDisk.nix
View file

@ -7,6 +7,12 @@
with lib; let
cfg = config.hardware.opinionatedDisk;
ownLib = pkgs.callPackage ../lib/default.nix {};
earlyDiskId = cfg:
if cfg.earlyDiskIdOverride != ""
then cfg.earlyDiskIdOverride
else cfg.diskId
;
in {
options.hardware.opinionatedDisk = {
enable = mkEnableOption "Enable opinionated filesystem layout";
@ -15,6 +21,11 @@ in {
default = true;
type = types.bool;
};
earlyDiskIdOverride = mkOption {
default = "";
type = types.string;
};
};
config = lib.mkIf cfg.enable {
@ -38,7 +49,7 @@ in {
swapDevices = [{device = ownLib.disk.swapFsDevice cfg.diskId;}];
boot.loader.grub = {
device = ownLib.disk.bootGrubDevice cfg.diskId;
device = ownLib.disk.bootGrubDevice (earlyDiskId cfg);
enableCryptodisk = cfg.encrypted;
};
@ -54,6 +65,7 @@ in {
builtins.elemAt splitstring lastelem;
value = {
device = ownLib.disk.bootLuksDevice cfg.diskId;
preLVM = true;
allowDiscards = true;
};

11
nix/os/profiles/graphical/system.nix
View file

@ -42,10 +42,13 @@
SUBSYSTEM=="usb", ATTR{idVendor}=="1050", ATTR{idProduct}=="0406", ENV{ID_SECURITY_TOKEN}="1", GROUP="wheel"
'';
services.samba.enable = true;
services.samba.extraConfig = ''
client max protocol = SMB3
'';
# services.samba.enable = true;
# services.samba.extraConfig = ''
# client max protocol = SMB3
# # client min protocol = SMB2_10
# # client min protocol = NT1
# # ntlm auth = yes
# '';
services.logind.lidSwitchExternalPower = "ignore";