diff --git a/Justfile b/Justfile index e9cbfd7..0b3bb36 100755 --- a/Justfile +++ b/Justfile @@ -1,5 +1,5 @@ -_DEFAULT_VERSION_TMPL: - echo "{{invocation_directory()}}/nix/variables/versions.tmpl.nix" +# _DEFAULT_VERSION_TMPL: +# echo "{{invocation_directory()}}/nix/variables/versions.tmpl.nix" _usage: just -l @@ -53,7 +53,7 @@ update-remote-device devicename +rebuildargs='build': git commit -v nix/os/devices/{{devicename}}/flake.{nix,lock} -m "nix/os/devices/{{devicename}}: bump versions" # Re-render the versions of the current device and rebuild its environment -update-this-device rebuild-mode='switch': +update-this-device rebuild-mode='switch' +moreargs='': #!/usr/bin/env bash set -e @@ -63,7 +63,7 @@ update-this-device rebuild-mode='switch': nix flake update ) - just -v rebuild-this-device {{rebuild-mode}} + just -v rebuild-this-device {{rebuild-mode}} {{moreargs}} git commit -v nix/os/devices/$(hostname -s)/flake.{nix,lock} -m "nix/os/devices/$(hostname -s): bump versions" @@ -261,7 +261,7 @@ test-connection: #! nix-shell -i zsh #! nix-shell --pure - while true; do + while true; do FAILURE="false" output=$( echo "$(date)\n---" diff --git a/README.md b/README.md index 1eb1888..d59de56 100644 --- a/README.md +++ b/README.md @@ -95,4 +95,20 @@ just --list 1. offline-bitwise copy of drive 2. disconnect remove the previous drive 3. replace the driveId in the device's hw.nix -4. run the `just disk-relabel nix/os/devices/ ` command to rename the filesystem and volume group \ No newline at end of file +4. run the `just disk-relabel nix/os/devices/ ` command to rename the filesystem and volume group + +## Rebuilding an offline system + +``` +( +sudo cryptsetup open /dev/sdb3 steveej-t14s-cryptroot +sleep 5 + +sudo mkdir -p /mnt/root +sudo mount /dev/mapper/nvme--WD_BLACK_SN850X_4000GB_2227DT443901-root /mnt/root -o subvol=nixos +sudo mount /dev/sdb2 /mnt/root/boot +sudo mount /dev/mapper/nvme--WD_BLACK_SN850X_4000GB_2227DT443901-root /mnt/root/home -o subvol=home + +sudo nixos-install -v --flake .#steveej-t14 --root /mnt/root/ --no-root-password +) +``` diff --git a/flake.lock b/flake.lock index ea8adae..af15232 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "aphorme_launcher": { "flake": false, "locked": { - "lastModified": 1683977169, - "narHash": "sha256-juRiokIk5x+eGJm+QuCdFPUjEggDmscpy2Ip7pU9KI4=", + "lastModified": 1699523648, + "narHash": "sha256-OmeelrddWuPQL84W/1Fi3FczKfrR+XdosRfKofc2o6w=", "owner": "Iaphetes", "repo": "aphorme_launcher", - "rev": "211bc27de061b61e3119a7966cff09f4b8c3a1fe", + "rev": "3404dd1ac0c448d517efc0a20f554da0f1d5550c", "type": "github" }, "original": { @@ -42,19 +42,16 @@ }, "crane": { "inputs": { - "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" - ], - "rust-overlay": "rust-overlay" + ] }, "locked": { - "lastModified": 1691423162, - "narHash": "sha256-cReUZCo83YEEmFcHX8CcOVTZYUrcWgHQO34zxQzy7WI=", + "lastModified": 1703439018, + "narHash": "sha256-VT+06ft/x3eMZ1MJxWzQP3zXFGcrxGo5VR2rB7t88hs=", "owner": "ipetkov", "repo": "crane", - "rev": "b5d9d42ea3fa8fea1805d9af1416fe207d0dd1dc", + "rev": "afdcd41180e3dfe4dac46b5ee396e3b12ccc967a", "type": "github" }, "original": { @@ -71,11 +68,11 @@ ] }, "locked": { - "lastModified": 1687747614, - "narHash": "sha256-KXspKgtdO2YRL12Jv0sUgkwOwHrAFwdIG/90pDx8Ydg=", + "lastModified": 1701905325, + "narHash": "sha256-lda63LmEIlDMeCgWfjr3/wb487XPllBByfrGRieyEk4=", "owner": "nix-community", "repo": "disko", - "rev": "fef67a1ddc293b595d62a660f57deabbcb70ff95", + "rev": "1144887c6f4d2dcbb2316a24364ef53e25b0fcfe", "type": "github" }, "original": { @@ -93,11 +90,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1691648495, - "narHash": "sha256-JULr+eKL9rjfex17hZYn0K/fBxxfK/FM9TOCcxPQay4=", + "lastModified": 1704176544, + "narHash": "sha256-A6PfA1DB6cF3cQerysGK8zIumGTrXucdHoFRU+8H7Lc=", "owner": "nix-community", "repo": "fenix", - "rev": "6c9f0709358f212766cff5ce79f6e8300ec1eb91", + "rev": "54df821cae7bd492a049ef213336810247128110", "type": "github" }, "original": { @@ -123,22 +120,6 @@ } }, "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_3": { "locked": { "lastModified": 1688025799, "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=", @@ -158,11 +139,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1690933134, - "narHash": "sha256-ab989mN63fQZBFrkk4Q8bYxQCktuHmBIBqUG1jl6/FQ=", + "lastModified": 1704152458, + "narHash": "sha256-DS+dGw7SKygIWf9w4eNBUZsK+4Ug27NwEWmn2tnbycg=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "59cf3f1447cfc75087e7273b04b31e689a8599fb", + "rev": "88a2cd8166694ba0b6cb374700799cec53aef527", "type": "github" }, "original": { @@ -179,11 +160,11 @@ ] }, "locked": { - "lastModified": 1687762428, - "narHash": "sha256-DIf7mi45PKo+s8dOYF+UlXHzE0Wl/+k3tXUyAoAnoGE=", + "lastModified": 1701473968, + "narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "37dd7bb15791c86d55c5121740a1887ab55ee836", + "rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5", "type": "github" }, "original": { @@ -201,11 +182,11 @@ ] }, "locked": { - "lastModified": 1690933134, - "narHash": "sha256-ab989mN63fQZBFrkk4Q8bYxQCktuHmBIBqUG1jl6/FQ=", + "lastModified": 1701473968, + "narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "59cf3f1447cfc75087e7273b04b31e689a8599fb", + "rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5", "type": "github" }, "original": { @@ -234,11 +215,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1689068808, - "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", "owner": "numtide", "repo": "flake-utils", - "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", "type": "github" }, "original": { @@ -248,24 +229,6 @@ } }, "flake-utils_3": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1689068808, - "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_4": { "locked": { "lastModified": 1667395993, "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", @@ -282,11 +245,11 @@ }, "get-flake": { "locked": { - "lastModified": 1673819588, - "narHash": "sha256-gRtwKAlu4htvS6dxyZnW3n+vMS1acqnMGVHqxUdETeY=", + "lastModified": 1694475786, + "narHash": "sha256-s5wDmPooMUNIAAsxxCMMh9g68AueGg63DYk2hVZJbc8=", "owner": "ursi", "repo": "get-flake", - "rev": "e0917b6f564aa5acefb1484b5baf76da21746c3c", + "rev": "ac54750e3b95dab6ec0726d77f440efe6045bec1", "type": "github" }, "original": { @@ -298,11 +261,11 @@ "jay": { "flake": false, "locked": { - "lastModified": 1689440887, - "narHash": "sha256-+61dHuxk3FCP+H2PCoup6lZDlaTuJBqDzkiBNY6yaJ4=", + "lastModified": 1698077919, + "narHash": "sha256-X4bMOBS2WFcbiOiynvSId1XoWgQW3wbO7/atJ9V7buk=", "owner": "mahkoh", "repo": "jay", - "rev": "eb83505e39ec8c2383ac233a8b8449803db52549", + "rev": "b4d73064d9c112c69ff16200231145ccffcb3e81", "type": "github" }, "original": { @@ -313,15 +276,15 @@ }, "lib-aggregate": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { - "lastModified": 1691323683, - "narHash": "sha256-G7kMLDbYN03VNO+QYymFIp0o9jv+gflUpde8V4iYri8=", + "lastModified": 1704024543, + "narHash": "sha256-hmKcKSuTqVK47l2G0PkLAinZN1oCOb6XdPPJhNCQ2rg=", "owner": "nix-community", "repo": "lib-aggregate", - "rev": "99d95d9ca592022832e9f1b4d2a8327b8d50eb60", + "rev": "4608880f02f8f868e1b7f85c60abdfc5cb0cf9ec", "type": "github" }, "original": { @@ -333,11 +296,11 @@ "magmawm": { "flake": false, "locked": { - "lastModified": 1687543996, - "narHash": "sha256-S8vRKXCHF7OHestoGNe6fqqxJIc8slhaOFjvGS3oflc=", + "lastModified": 1703542178, + "narHash": "sha256-HuCAz+B+cg7HoEEL67heaYRc8zmQCnPBR+DgmuiIZBk=", "owner": "MagmaWM", "repo": "MagmaWM", - "rev": "c16fa624b2c86328081a1647f483273e131df29d", + "rev": "24dc21f228efb034cd0237fb5ff9a8310f1929b7", "type": "github" }, "original": { @@ -349,15 +312,16 @@ "nix-eval-jobs": { "inputs": { "flake-parts": "flake-parts_3", + "nix-github-actions": "nix-github-actions", "nixpkgs": "nixpkgs", "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1691371197, - "narHash": "sha256-YazAJxDjmAG9kiIEuqc+1CmmYIIt4wRIbEFb+TXf8WA=", + "lastModified": 1703466376, + "narHash": "sha256-Wy8iF8u5KSzrTxg1hStTBmUjzzKdKyCyMOg8b/eTvVQ=", "owner": "nix-community", "repo": "nix-eval-jobs", - "rev": "b02b4e287fddc969fc490478b5666603f4ab0d3c", + "rev": "64104a3c55593c903af78af86a4c9d2e5487a2d7", "type": "github" }, "original": { @@ -366,19 +330,25 @@ "type": "github" } }, - "nixos-2305": { + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "nixpkgs-wayland", + "nix-eval-jobs", + "nixpkgs" + ] + }, "locked": { - "lastModified": 1687938137, - "narHash": "sha256-Z00c0Pk3aE1aw9x44lVcqHmvx+oX7dxCXCvKcUuE150=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ba2ded3227a2992f2040fad4ba6f218a701884a5", + "lastModified": 1701208414, + "narHash": "sha256-xrQ0FyhwTZK6BwKhahIkUVZhMNk21IEI1nUcWSONtpo=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "93e39cc1a087d65bcf7a132e75a650c44dd2b734", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "release-23.05", - "repo": "nixpkgs", + "owner": "nix-community", + "repo": "nix-github-actions", "type": "github" } }, @@ -386,19 +356,19 @@ "inputs": { "disko": "disko", "flake-parts": "flake-parts_2", - "nixos-2305": "nixos-2305", "nixos-images": "nixos-images", + "nixos-stable": "nixos-stable", "nixpkgs": [ "nixpkgs" ], "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1691224484, - "narHash": "sha256-0oodXqRRHXjUL7ssi1nIOKC8EzYD4f1e3eAaWexuF4M=", + "lastModified": 1704071157, + "narHash": "sha256-p8KFWE16nu8ltY17psLU4KTcxXTpjvc1fCzMVPel080=", "owner": "numtide", "repo": "nixos-anywhere", - "rev": "9df79870b04667f2d16f1a78a1ab87d124403fb7", + "rev": "d2911784c30a6c94d3a581bc99c94d3ce0deba0b", "type": "github" }, "original": { @@ -410,9 +380,9 @@ }, "nixos-images": { "inputs": { - "nixos-2305": [ + "nixos-2311": [ "nixos-anywhere", - "nixos-2305" + "nixos-stable" ], "nixos-unstable": [ "nixos-anywhere", @@ -420,11 +390,11 @@ ] }, "locked": { - "lastModified": 1686819168, - "narHash": "sha256-IbRVStbKoMC2fUX6TxNO82KgpVfI8LL4Cq0bTgdYhnY=", + "lastModified": 1702375325, + "narHash": "sha256-kEdrh6IB7xh7YDwZ0ZVCngCs+uoS9gx4ydEoJRnM1Is=", "owner": "nix-community", "repo": "nixos-images", - "rev": "ccc1a2c08ce2fc38bcece85d2a6e7bf17bac9e37", + "rev": "d655cc02fcb9ecdcca4f3fb307e291a4b5be1339", "type": "github" }, "original": { @@ -433,18 +403,50 @@ "type": "github" } }, - "nixpkgs": { + "nixos-stable": { "locked": { - "lastModified": 1691370583, - "narHash": "sha256-LnKMx9NQ0Qx0DTYQVewkcRr+7uW5NY7xU9kjh+Lxnb0=", + "lastModified": 1702233072, + "narHash": "sha256-H5G2wgbim2Ku6G6w+NSaQaauv6B6DlPhY9fMvArKqRo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b51660a128c09baf31c614284b500eb53772496f", + "rev": "781e2a9797ecf0f146e81425c822dca69fe4a348", "type": "github" }, "original": { "owner": "NixOS", - "ref": "master", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixos-stable_2": { + "locked": { + "lastModified": 1703900474, + "narHash": "sha256-Zu+chYVYG2cQ4FCbhyo6rc5Lu0ktZCjRbSPE0fDgukI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9dd7699928e26c3c00d5d46811f1358524081062", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1703134684, + "narHash": "sha256-SQmng1EnBFLzS7WSRyPM9HgmZP2kLJcPAz+Ug/nug6o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d6863cbcbbb80e71cecfc03356db1cda38919523", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -467,11 +469,27 @@ }, "nixpkgs-2305": { "locked": { - "lastModified": 1691592289, - "narHash": "sha256-Lqpw7lrXlLkYra33tp57ms8tZ0StWhbcl80vk4D90F8=", + "lastModified": 1704018918, + "narHash": "sha256-erjg/HrpC9liEfm7oLqb8GXCqsxaFwIIPqCsknW5aFY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9034b46dc4c7596a87ab837bb8a07ef2d887e8c7", + "rev": "2c9c58e98243930f8cb70387934daa4bc8b00373", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-2311": { + "locked": { + "lastModified": 1704018918, + "narHash": "sha256-erjg/HrpC9liEfm7oLqb8GXCqsxaFwIIPqCsknW5aFY=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "2c9c58e98243930f8cb70387934daa4bc8b00373", "type": "github" }, "original": { @@ -484,11 +502,11 @@ "nixpkgs-lib": { "locked": { "dir": "lib", - "lastModified": 1690881714, - "narHash": "sha256-h/nXluEqdiQHs1oSgkOOWF+j8gcJMWhwnZ9PFabN6q0=", + "lastModified": 1703961334, + "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9e1960bc196baf6881340d53dccb203a951745a2", + "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9", "type": "github" }, "original": { @@ -501,11 +519,11 @@ }, "nixpkgs-lib_2": { "locked": { - "lastModified": 1691282883, - "narHash": "sha256-YLu1Fs+J+hw0BebUhWIeFzSqhlsnf0K88RqhVJebF9E=", + "lastModified": 1703983607, + "narHash": "sha256-YECXW8P0bqFM5e65Mu2fL4wZlonNWCuNEk7UQPsuJZ0=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "b1d35b759161787e1cda815c460050142bda9adb", + "rev": "a6c99b57d2e58f7fc6d52a08b0ba40160e75f738", "type": "github" }, "original": { @@ -516,11 +534,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1690066826, - "narHash": "sha256-6L2qb+Zc0BFkh72OS9uuX637gniOjzU6qCDBpjB2LGY=", + "lastModified": 1703950681, + "narHash": "sha256-veU5bE4eLOmi7aOzhE7LfZXcSOONRMay0BKv01WHojo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ce45b591975d070044ca24e3003c830d26fea1c8", + "rev": "0aad9113182747452dbfc68b93c86e168811fa6c", "type": "github" }, "original": { @@ -532,11 +550,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1691565530, - "narHash": "sha256-qZZ6DxvS1X/tjxXNUwJrPiaIWLZyWUDM2gkJCi5uZpE=", + "lastModified": 1703961334, + "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e528fa15d5f740a25b5f536c33932db64cb10fc8", + "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9", "type": "github" }, "original": { @@ -548,11 +566,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1691644995, - "narHash": "sha256-/OL3sk+9iPv+pto8hs/3cPhGmcS+ugKowQ8FvopLMEA=", + "lastModified": 1704177376, + "narHash": "sha256-6AV8TWX/juwV8delRDtlbUzi1X8irrtCfrtcYByVhCs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f6f59fdce76ca4ee03852417a642b77a960229cd", + "rev": "e2e36d8af3b7c465311f11913b7dedd209633c84", "type": "github" }, "original": { @@ -564,17 +582,17 @@ }, "nixpkgs-wayland": { "inputs": { - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_2", "lib-aggregate": "lib-aggregate", "nix-eval-jobs": "nix-eval-jobs", "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1691518836, - "narHash": "sha256-sY9Unk1pCbMxMSX/SuoSUg8TY4TDN+edKY83cCEqb8g=", + "lastModified": 1704201485, + "narHash": "sha256-pFDUR45wmq1HehY3WlJOJydFkLOzKC2pWqvMykLj2Qk=", "owner": "nix-community", "repo": "nixpkgs-wayland", - "rev": "982c0c1ee398e8584d8c9cce011ec98392d2e3cc", + "rev": "b0c06873775fe978bd9384ab14c24903bde92e74", "type": "github" }, "original": { @@ -585,11 +603,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1691368598, - "narHash": "sha256-ia7li22keBBbj02tEdqjVeLtc7ZlSBuhUk+7XTUFr14=", + "lastModified": 1703961334, + "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5a8e9243812ba528000995b294292d3b5e120947", + "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9", "type": "github" }, "original": { @@ -602,11 +620,11 @@ "ofi-pass": { "flake": false, "locked": { - "lastModified": 1687009458, - "narHash": "sha256-SgndtGEd3zDztqLJYSdun6IbOqgXsvw0Q8flicPHonY=", + "lastModified": 1691863924, + "narHash": "sha256-Vkm3QXjkLIu0RnM0w+upzAF9M7atKBPYqiV7f+eBKJY=", "owner": "sereinity", "repo": "ofi-pass", - "rev": "e99b15857438bbb6013f7f65513c13ea3f5ebdfa", + "rev": "b20bd3440686429b113821c51a68b799675d5bb0", "type": "github" }, "original": { @@ -615,6 +633,23 @@ "type": "github" } }, + "prs": { + "flake": false, + "locked": { + "lastModified": 1692545676, + "narHash": "sha256-jA97WxXBgWtttXnTBxfb4lPEEFqRMflL1BYfDCYeVfo=", + "owner": "timvisee", + "repo": "prs", + "rev": "308e753f769e5ddcda14d13eeeb7b40c5887e0ca", + "type": "gitlab" + }, + "original": { + "owner": "timvisee", + "ref": "master", + "repo": "prs", + "type": "gitlab" + } + }, "root": { "inputs": { "aphorme_launcher": "aphorme_launcher", @@ -631,14 +666,16 @@ "magmawm": "magmawm", "nixos-anywhere": "nixos-anywhere", "nixpkgs": [ - "nixpkgs-2305" + "nixpkgs-2311" ], "nixpkgs-2211": "nixpkgs-2211", "nixpkgs-2305": "nixpkgs-2305", + "nixpkgs-2311": "nixpkgs-2311", "nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable-small": "nixpkgs-unstable-small", "nixpkgs-wayland": "nixpkgs-wayland", "ofi-pass": "ofi-pass", + "prs": "prs", "salut": "salut", "sops-nix": "sops-nix", "srvos": "srvos", @@ -648,11 +685,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1691604464, - "narHash": "sha256-nNc/c9r1O8ajE/LkMhGcvJGlyR6ykenR3aRkEkhutxA=", + "lastModified": 1704114818, + "narHash": "sha256-/0gMZ32JaUTQ0THA/S9rcQSAmEKfL3hGorX5En8lG98=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "05b061205179dab9a5cd94ae66d1c0e9b8febe08", + "rev": "a8d935eedc80df8b453d90539cbe78b7e2c75e3c", "type": "github" }, "original": { @@ -662,31 +699,6 @@ "type": "github" } }, - "rust-overlay": { - "inputs": { - "flake-utils": [ - "crane", - "flake-utils" - ], - "nixpkgs": [ - "crane", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1691029059, - "narHash": "sha256-QwVeE9YTgH3LmL7yw2V/hgswL6yorIvYSp4YGI8lZYM=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "99df4908445be37ddb2d332580365fce512a7dcf", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, "salut": { "flake": false, "locked": { @@ -711,11 +723,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1690199016, - "narHash": "sha256-yTLL72q6aqGmzHq+C3rDp3rIjno7EJZkFLof6Ika7cE=", + "lastModified": 1703991717, + "narHash": "sha256-XfBg2dmDJXPQEB8EdNBnzybvnhswaiAkUeeDj7fa/hQ=", "owner": "Mic92", "repo": "sops-nix", - "rev": "c36df4fe4bf4bb87759b1891cab21e7a05219500", + "rev": "cfdbaf68d00bc2f9e071f17ae77be4b27ff72fa6", "type": "github" }, "original": { @@ -726,16 +738,17 @@ }, "srvos": { "inputs": { + "nixos-stable": "nixos-stable_2", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1691630941, - "narHash": "sha256-4+KVSa32impg0aBqXVEEty8uu3Urb64CjmseDkETofg=", + "lastModified": 1704204620, + "narHash": "sha256-u7C59X3s706W9ptqfYHLlZlropun5Fzr9eYaKAsEuN8=", "owner": "numtide", "repo": "srvos", - "rev": "b7407c2dc143402de6f140575398020175f3ae1a", + "rev": "e5eecdf21bdf048cef7cb9e52bf573fdf959d491", "type": "github" }, "original": { @@ -775,21 +788,6 @@ "type": "github" } }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -798,11 +796,11 @@ ] }, "locked": { - "lastModified": 1687940979, - "narHash": "sha256-D4ZFkgIG2s9Fyi78T3fVG9mqMD+/UnFDB62jS4gjZKY=", + "lastModified": 1702376629, + "narHash": "sha256-9uAY8a7JN4DvLe/g4OoldqPbcNZ09YOVXID+CkIqL70=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "0a4f06c27610a99080b69433873885df82003aae", + "rev": "390018a9398f9763bfc05ffe6443ce0622cb9ba6", "type": "github" }, "original": { @@ -820,11 +818,11 @@ ] }, "locked": { - "lastModified": 1690874496, - "narHash": "sha256-qYZJVAfilFbUL6U+euMjKLXUADueMNQBqwihpNzTbDU=", + "lastModified": 1702979157, + "narHash": "sha256-RnFBbLbpqtn4AoJGXKevQMCGhra4h6G2MPcuTSZZQ+g=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "fab56c8ce88f593300cd8c7351c9f97d10c333c5", + "rev": "2961375283668d867e64129c22af532de8e77734", "type": "github" }, "original": { @@ -835,17 +833,17 @@ }, "yofi": { "inputs": { - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1678976029, - "narHash": "sha256-AZ2+FQtVwUFgv4kiZqMKmiXS2qygMktDE185O19BXiM=", + "lastModified": 1702939607, + "narHash": "sha256-nPIt1JIQ3g6lBE7+qI8gV1cmJ+uA55aAzho2dGOIFik=", "owner": "l4l", "repo": "yofi", - "rev": "811a4358913aed527348f9584d6c0767983299bb", + "rev": "c0ca3365a702e7a2852a801ca357df5eb87d0cf9", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 7efe41a..9400ed8 100644 --- a/flake.nix +++ b/flake.nix @@ -4,9 +4,10 @@ # flake and infra basics nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; nixpkgs-2305.url = "github:nixos/nixpkgs/nixos-23.05"; + nixpkgs-2311.url = "github:nixos/nixpkgs/nixos-23.05"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small"; - nixpkgs.follows = "nixpkgs-2305"; + nixpkgs.follows = "nixpkgs-2311"; flake-parts.url = "github:hercules-ci/flake-parts"; get-flake.url = "github:ursi/get-flake"; @@ -67,162 +68,219 @@ url = "gitlab:snakedye/salut"; flake = false; }; + + prs = { + url = "gitlab:timvisee/prs/master"; + flake = false; + }; }; - outputs = inputs @ { - self, - flake-parts, - nixpkgs, - ... - }: let - inherit (nixpkgs) lib; + outputs = + inputs @ { self + , flake-parts + , nixpkgs + , ... + }: + let + inherit (nixpkgs) lib; - systems = [ - "x86_64-linux" - "aarch64-linux" - ]; - in - flake-parts.lib.mkFlake {inherit inputs;} - ({withSystem, ...}: { - flake.colmena = - lib.lists.foldl (sum: cur: lib.attrsets.recursiveUpdate sum cur) - { - meta.nixpkgs = import inputs.nixpkgs.outPath { - system = builtins.elemAt systems 0; - }; - } - # FIXME: this doesn't seem to work to apply overlays into a node's nixpkgs import - # try this instead: https://github.com/zhaofengli/colmena/issues/60#issuecomment-1510496861 - (builtins.map (nodeName: - import ./nix/os/devices/${nodeName} { - inherit nodeName; - repoFlake = self; - repoFlakeWithSystem = withSystem; - nodeFlake = self.inputs.get-flake ./nix/os/devices/${nodeName}; - }) [ - "steveej-t14" - "elias-e525" - "justyna-p300" + systems = [ + "x86_64-linux" + "aarch64-linux" + ]; + in + flake-parts.lib.mkFlake { inherit inputs; } + ({ withSystem, ... }: { + flake.colmena = + lib.lists.foldl (sum: cur: lib.attrsets.recursiveUpdate sum cur) + { + meta.nixpkgs = import inputs.nixpkgs.outPath { + system = builtins.elemAt systems 0; + }; + } + # FIXME: this doesn't seem to work to apply overlays into a node's nixpkgs import + # try this instead: https://github.com/zhaofengli/colmena/issues/60#issuecomment-1510496861 + (builtins.map + (nodeName: + import ./nix/os/devices/${nodeName} { + inherit nodeName; + repoFlake = self; + repoFlakeWithSystem = withSystem; + nodeFlake = self.inputs.get-flake ./nix/os/devices/${nodeName}; + }) [ + "steveej-t14" + # "elias-e525" + # "justyna-p300" - "srv0-dmz0" - "router0-dmz0" + # "srv0-dmz0" + # # "router0-dmz0" - "sj-vps-htz0" - "sj-bm-hostkey0" - ]); + # "sj-vps-htz0" + "sj-bm-hostkey0" - # this makes nixos-anywhere work - flake.nixosConfigurations = - (inputs.colmena.lib.makeHive self.outputs.colmena).nodes - // (let - router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations; - in { - router0-dmz0 = router0-dmz0.native; + # "retro" + ]); - # for now deploy directly with: - # nixos-rebuild switch --flake .\#cross_router0-dmz0 --build-host localhost --target-host root@192.168.10.1 - cross_router0-dmz0 = router0-dmz0.cross; - }); + # this makes nixos-anywhere work + flake.nixosConfigurations = + (inputs.colmena.lib.makeHive self.outputs.colmena).nodes + // ( + let + router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations; + steveej-x13s = (inputs.get-flake ./nix/os/devices/steveej-x13s).nixosConfigurations; + retro = (inputs.get-flake ./nix/os/devices/retro).nixosConfigurations; + in + { + router0-dmz0 = router0-dmz0.native; - inherit systems; + # for now deploy directly with: + # nixos-rebuild switch --flake .\#router0-dmz0_cross --build-host localhost --target-host root@192.168.10.1 + router0-dmz0_cross = router0-dmz0.cross; - perSystem = { - inputs', - system, - config, - lib, - pkgs, - ... - }: rec { - imports = [ - ./nix/modules/flake-parts/perSystem/default.nix - ]; + # nixos-install --flake .\#retro_cross + retro_cross = retro.cross; - packages = let - dcpj4110dw = pkgs.callPackage (self + /nix/pkgs/dcpj4110dw) {}; + steveej-x13s_cross = steveej-x13s.cross; + } + ); - craneLib = - inputs.crane.lib.${system}.overrideToolchain - inputs'.fenix.packages.stable.toolchain; + inherit systems; - craneLibOfiPass = - inputs.crane.lib.${system}.overrideToolchain - ( - inputs'.fenix.packages.stable.toolchain - # .override { - # date = "1.60.0"; - # } - ); - in { - dcpj4110dwDriver = dcpj4110dw.driver; - dcpj4110dwCupswrapper = dcpj4110dw.cupswrapper; - - # broken as of 2023-04-27 because it doesn't load without a config - # aphorme_launcher = craneLib.buildPackage {src = inputs.aphorme_launcher;}; - # yofi = inputs'.yofi.packages.default; - # ofi-pass = craneLibOfiPass.buildPackage {src = inputs.ofi-pass;}; - - inherit (inputs'.colmena.packages) colmena; - - # jay = pkgs.callPackage (self + /nix/pkgs/jay.nix) { - # src = inputs.jay; - # rustPlatform = pkgs.makeRustPlatform { - # cargo = inputs'.fenix.packages.stable.toolchain; - # rustc = inputs'.fenix.packages.stable.toolchain; - # }; - # }; - - # magmawm = pkgs.callPackage (self + /nix/pkgs/magmawm.nix) { - # inherit craneLib; - # src = inputs.magmawm; - # }; - - salut = craneLib.buildPackage { - src = inputs.salut; - nativeBuildInputs = [ - pkgs.pkg-config - ]; - buildInputs = [ - pkgs.libxkbcommon - pkgs.fontconfig + perSystem = + { inputs' + , system + , config + , lib + , pkgs + , ... + }: rec { + imports = [ + ./nix/modules/flake-parts/perSystem/default.nix ]; + + packages = + let + dcpj4110dw = pkgs.callPackage (self + /nix/pkgs/dcpj4110dw) { }; + + craneLib = + inputs.crane.lib.${system}.overrideToolchain + inputs'.fenix.packages.stable.toolchain; + + craneLibOfiPass = + inputs.crane.lib.${system}.overrideToolchain + ( + inputs'.fenix.packages.stable.toolchain + # .override { + # date = "1.60.0"; + # } + ); + in + { + dcpj4110dwDriver = dcpj4110dw.driver; + dcpj4110dwCupswrapper = dcpj4110dw.cupswrapper; + + # broken as of 2023-04-27 because it doesn't load without a config + # aphorme_launcher = craneLib.buildPackage {src = inputs.aphorme_launcher;}; + # yofi = inputs'.yofi.packages.default; + # ofi-pass = craneLibOfiPass.buildPackage {src = inputs.ofi-pass;}; + + inherit (inputs'.colmena.packages) colmena; + + # jay = pkgs.callPackage (self + /nix/pkgs/jay.nix) { + # src = inputs.jay; + # rustPlatform = pkgs.makeRustPlatform { + # cargo = inputs'.fenix.packages.stable.toolchain; + # rustc = inputs'.fenix.packages.stable.toolchain; + # }; + # }; + + # magmawm = pkgs.callPackage (self + /nix/pkgs/magmawm.nix) { + # inherit craneLib; + # src = inputs.magmawm; + # }; + + salut = craneLib.buildPackage { + src = inputs.salut; + nativeBuildInputs = [ + pkgs.pkg-config + ]; + buildInputs = [ + pkgs.libxkbcommon + pkgs.fontconfig + ]; + }; + + prs = pkgs.callPackage + ({ pkgs + , dbus + , glib + , gpgme + , gtk3 + , libxcb + , libxkbcommon + , installShellFiles + , pkg-config + , python3 + }: craneLib.buildPackage { + pname = "prs"; + version = inputs.prs.shortRev; + src = inputs.prs; + nativeBuildInputs = [ gpgme installShellFiles pkg-config python3 ]; + + buildInputs = [ + dbus + glib + gpgme + gtk3 + libxcb + libxkbcommon + ]; + + cargoExtraArgs = "--features backend-gpgme"; + + postInstall = '' + for shell in bash fish zsh; do + installShellCompletion --cmd prs --$shell <($out/bin/prs internal completions $shell --stdout) + done + ''; + }) + { }; + + nomad = inputs'.nixpkgs-unstable.legacyPackages.nomad_1_6; + + ledger-live-desktop-wrapped = pkgs.writeShellScriptBin "ledger-live-desktop-wrapped" '' + set -x + pkill -9 wayland-proxy-v + export NIXOS_OZONE_WL="" + ${pkgs.wayland-proxy-virtwl}/bin/wayland-proxy-virtwl \ + --wayland-display=wayland-3 \ + --xwayland-binary=${pkgs.xwayland}/bin/Xwayland \ + --x-display=3 \ + & + # --x-unscale=3 \ + #--verbose \ + + export PROXYPID="$!" + + trap "kill -9 \$PROXYPID" EXIT + # trap "pkill -9 wayland-proxy-v" EXIT + + env \ + WAYLAND_DISPLAY=wayland-3 \ + DISPLAY=:3 \ + ledger-live-desktop + ''; + + syncthing-container-webui = pkgs.writeShellScriptBin "reverse-port-forward-syncthing-container" '' + ssh root@${self.colmena.sj-vps-htz0.deployment.targetHost} -L 8385:syncthing.containers:8384 + ''; + }; + + formatter = pkgs.alejandra; + devShells.default = import ./nix/devShells.nix { + inherit inputs' pkgs; + packages' = packages; + }; }; - - nomad = inputs'.nixpkgs-unstable.legacyPackages.nomad_1_6; - - ledger-live-desktop-wrapped = pkgs.writeShellScriptBin "ledger-live-desktop-wrapped" '' - set -x - pkill -9 wayland-proxy-v - export NIXOS_OZONE_WL="" - ${pkgs.wayland-proxy-virtwl}/bin/wayland-proxy-virtwl \ - --wayland-display=wayland-3 \ - --xwayland-binary=${pkgs.xwayland}/bin/Xwayland \ - --x-display=3 \ - & - # --x-unscale=3 \ - #--verbose \ - - export PROXYPID="$!" - - trap "kill -9 \$PROXYPID" EXIT - # trap "pkill -9 wayland-proxy-v" EXIT - - env \ - WAYLAND_DISPLAY=wayland-3 \ - DISPLAY=:3 \ - ledger-live-desktop - ''; - - syncthing-container-webui = pkgs.writeShellScriptBin "reverse-port-forward-syncthing-container" '' - ssh root@${self.colmena.sj-vps-htz0.deployment.targetHost} -L 8385:syncthing.containers:8384 - ''; - }; - - formatter = pkgs.alejandra; - devShells.default = import ./nix/devShells.nix { - inherit inputs' pkgs; - packages' = packages; - }; - }; - }); + }); } diff --git a/nix/devShells.nix b/nix/devShells.nix index 37ac5e4..3f59c5b 100644 --- a/nix/devShells.nix +++ b/nix/devShells.nix @@ -30,7 +30,6 @@ pkgs.stdenv.mkDerivation { ripgrep lm_sensors pass - prs fuzzel wofi age @@ -76,6 +75,7 @@ pkgs.stdenv.mkDerivation { (pkgs.writeShellScriptBin "r11" '' exec env NIXOS_OZONE_WL="" WAYLAND_DISPLAY="" $@ '') + ]); # Set Environment Variables diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 6bf8d93..8ef7cc4 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -343,6 +343,13 @@ in { # qtWrapperArgs+=("''${gappsWrapperArgs[@]}") # ''; })) + + + snes9x + snes9x-gtk + # this is a displaymanager! + # libretro.snes9x2010 + # retroarchFull ]); systemd.user.startServices = true; diff --git a/nix/home-manager/programs/espanso.nix b/nix/home-manager/programs/espanso.nix index 9de6eea..23f727a 100644 --- a/nix/home-manager/programs/espanso.nix +++ b/nix/home-manager/programs/espanso.nix @@ -62,6 +62,10 @@ trigger = ":dunno"; replace = "¯\\_(ツ)_/¯"; } + { + trigger = ":shrug"; + replace = "¯\\_(ツ)_/¯"; + } ]; }; }; diff --git a/nix/home-manager/programs/pass.nix b/nix/home-manager/programs/pass.nix index e20bbb4..a17e9a0 100644 --- a/nix/home-manager/programs/pass.nix +++ b/nix/home-manager/programs/pass.nix @@ -1,9 +1,8 @@ -{pkgs, ...}: { +{repoFlake, pkgs, ...}: { # required by pass-otp - home.sessionVariables.PASSWORD_STORE_EXTENSIONS_DIR = "$HOME/.nix-profile/lib/password-store/extensions"; - home.sessionVariables.PASSWORD_STORE_ENABLE_EXTENSIONS = "true"; - - programs.browserpass.enable = true; + # home.sessionVariables.PASSWORD_STORE_EXTENSIONS_DIR = "$HOME/.nix-profile/lib/password-store/extensions"; + # home.sessionVariables.PASSWORD_STORE_ENABLE_EXTENSIONS = "true"; + # programs.browserpass.enable = true; home.packages = with pkgs; [ gnupg @@ -12,6 +11,6 @@ # broken on wayland # rofi-pass - prs + repoFlake.packages.${pkgs.system}.prs ]; } diff --git a/nix/os/containers/webserver.nix b/nix/os/containers/webserver.nix index f894185..df3c445 100644 --- a/nix/os/containers/webserver.nix +++ b/nix/os/containers/webserver.nix @@ -39,7 +39,14 @@ in { in '' redir /hedgedoc* https://hedgedoc.${domain} - respond "Hi!" + file_server /*/* { + browse + root /var/www/stefanjunker.de/htdocs/caddy + pass_thru + } + + # respond "Hi" + # respond (not /*/*) "Hi" ''; }; @@ -99,7 +106,7 @@ in { }; services.jitsi-meet = { - enable = true; + enable = false; hostName = "meet.${domain}"; config = { prejoinPageEnabled = true; diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index 5c90210..75ca38f 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -184,10 +184,11 @@ in { after = ["hook"]; rules = let wanInterfaces = builtins.concatStringsSep ", " config.networking.nftables.firewall.zones.wan.interfaces; - exposedHost = "192.168.22.121"; + exposedHost = "srv0-dmz0.dmz.internal"; in [ "iifname { ${wanInterfaces} } tcp dport 220 redirect to 22" - "iifname { ${wanInterfaces} } dnat ip to ${exposedHost}" + # TODO: if this hostname doesn't resolve it'll break the whole ruleset + # "iifname { ${wanInterfaces} } dnat ip to ${exposedHost}" ]; }; }; @@ -574,7 +575,8 @@ in { # sae_password_file = config.sops.secrets.wlan0_saePasswordsFile.path; # enables debug logging - # logger_stdout_level= lib.mkForce 0; + logger_stdout_level= lib.mkForce 0; + logger_stdout = -1; # logger_syslog_level= lib.mkForce 0; # resources on vlan tagging @@ -583,6 +585,7 @@ in { dynamic_vlan = 1; + # this option currently requires a patch to hostapd vlan_no_bridge = 1; /* not used due to the above vlan_no_bridge setting @@ -620,14 +623,36 @@ in { # "SAE" ]); + # wpa_psk_radius = 0; + wpa_pairwise = "CCMP"; + wmm_enabled = 1; + # IEEE 802.11i (authentication) related configuration # Encrypt management frames to protect against deauthentication and similar attacks ieee80211w = 1; sae_require_mfp = 1; sae_groups = "19 20 21"; + + # [ENABLE-TLSv1.3] = enable TLSv1.3 (experimental - disabled by default) + tls_flags= "[ENABLE-TLSv1.3]"; + + ieee8021x=0; + eap_server=0; }; }; + # wlan0-1 = { + # ssid = "mlsia-testing"; + # authentication = { + # mode = "wpa3-sae-transition"; + # }; + + # bssid = mkBssid 1; + # settings = { + # bridge = bridgeInterfaceName; + # }; + # }; + # wlan0-1 = { # ssid = "justtestingwifi-wpa3"; # authentication = { @@ -777,7 +802,7 @@ in { tag (mkVlanIpv4HostAddr { inherit vlanid; host = 100; cidr = false; }) (mkVlanIpv4HostAddr { inherit vlanid; host = 199; cidr = false; }) - "30m" + "12h" ]; in builtins.map @@ -843,7 +868,8 @@ in { }; # The service irqbalance is useful as it assigns certain IRQ calls to specific CPUs instead of letting the first CPU core to handle everything. This is supposed to increase performance by hitting CPU cache more often. - services.irqbalance.enable = true; + # disable for now as i think it causes wifi issues + services.irqbalance.enable = false; system.stateVersion = "23.05"; diff --git a/nix/os/devices/sj-bm-hostkey0/configuration.nix b/nix/os/devices/sj-bm-hostkey0/configuration.nix index ee50d8a..76ddb97 100644 --- a/nix/os/devices/sj-bm-hostkey0/configuration.nix +++ b/nix/os/devices/sj-bm-hostkey0/configuration.nix @@ -162,5 +162,8 @@ boot.binfmt.emulatedSystems = [ "aarch64-linux" + "i686-linux" + # "i386-linux" + # "i586-linux" ]; } diff --git a/nix/os/devices/sj-vps-htz0/system.nix b/nix/os/devices/sj-vps-htz0/system.nix index 5bb2317..0657935 100644 --- a/nix/os/devices/sj-vps-htz0/system.nix +++ b/nix/os/devices/sj-vps-htz0/system.nix @@ -1,13 +1,14 @@ -{ - pkgs, - lib, - config, - repoFlake, - nodeName, - ... -}: let +{ pkgs +, lib +, config +, repoFlake +, nodeName +, ... +}: +let wireguardPort = 51820; -in { +in +{ imports = [ ../../snippets/systemd-resolved.nix ]; @@ -31,14 +32,14 @@ in { networking.interfaces.eth0 = { mtu = 1400; - useDHCP = false; + useDHCP = true; ipv4.addresses = [ { "address" = "167.233.1.14"; "prefixLength" = 29; } ]; - ipv6.addresses = []; + ipv6.addresses = [ ]; }; networking.defaultGateway = { @@ -53,7 +54,7 @@ in { networking.nat = { enable = true; - internalInterfaces = ["ve-*" "wg*"]; + internalInterfaces = [ "ve-*" "wg*" ]; externalInterface = "eth0"; }; @@ -78,7 +79,7 @@ in { privateKeyFile = config.sops.secrets.wg0-private.path; peers = [ { - allowedIPs = ["192.168.99.2/32"]; + allowedIPs = [ "192.168.99.2/32" ]; publicKey = "O3k4jEdX6jkV1fHP/J8KSH5tvi+n1VvnBTD5na6Naw0="; presharedKeyFile = config.sops.secrets.wg0-psk-steveej-psk.path; } @@ -86,12 +87,12 @@ in { }; # virtualization - virtualisation = {docker.enable = false;}; + virtualisation = { docker.enable = false; }; services.spice-vdagentd.enable = true; services.qemuGuest.enable = true; - nix.gc = {automatic = true;}; + nix.gc = { automatic = true; }; containers = { mailserver = import ../../containers/mailserver.nix { @@ -108,17 +109,17 @@ in { webserver = import ../../containers/webserver.nix - { - inherit repoFlake; + { + inherit repoFlake; - autoStart = true; + autoStart = true; - hostAddress = "192.168.100.12"; - localAddress = "192.168.100.13"; + hostAddress = "192.168.100.12"; + localAddress = "192.168.100.13"; - httpPort = 80; - httpsPort = 443; - }; + httpPort = 80; + httpsPort = 443; + }; syncthing = import ../../containers/syncthing.nix { autoStart = true; diff --git a/nix/os/devices/steveej-t14/configuration.nix b/nix/os/devices/steveej-t14/configuration.nix index 8d578b7..2a655c5 100644 --- a/nix/os/devices/steveej-t14/configuration.nix +++ b/nix/os/devices/steveej-t14/configuration.nix @@ -11,5 +11,61 @@ ./user.nix ./boot.nix ./secrets.nix + + # samba seerver + ({ lib, ... }: { + + # networking.firewall.enable = lib.mkForce false; + services.samba-wsdd.enable = true; # make shares visible for windows 10 clients + networking.firewall.allowedTCPPorts = [ + 5357 # wsdd + ]; + networking.firewall.allowedUDPPorts = [ + 3702 # wsdd + ]; + services.samba = { + enable = true; + + securityType = "user"; + + extraConfig = '' + workgroup = ARBEITSGRUPPE + server string = steveej-t14 + netbios name = steveej-t14 + security = user + + # use sendfile = yes + + # for executables on windows + acl allow execute always = True + + # legacy windows quirks + max protocol = NT1 + min protocol = NT1 + ntlm auth = yes + + # client max protocol = SMB1 + # client min protocol = NT1 + + # note: localhost is the ipv6 localhost ::1 + hosts allow = 192.168. 127.0.0.1 localhost + hosts deny = 0.0.0.0/0 + guest account = nobody + map to guest = bad user + ''; + shares = { + voodoo = { + path = "/home/steveej/Desktop/voodoo"; + browseable = "yes"; + "read only" = "no"; + "guest ok" = "no"; + "create mask" = "0644"; + "directory mask" = "0755"; + # "force user" = "steveej"; + # "force group" = "users"; + }; + }; + }; + }) ]; } diff --git a/nix/os/devices/steveej-t14/hw.nix b/nix/os/devices/steveej-t14/hw.nix index c766ced..5c8c9b4 100644 --- a/nix/os/devices/steveej-t14/hw.nix +++ b/nix/os/devices/steveej-t14/hw.nix @@ -1,4 +1,4 @@ -{...}: let +{lib, ...}: let stage1Modules = [ "aesni_intel" "kvm_amd" @@ -7,6 +7,22 @@ "thunderbolt" "e1000e" + + "usbcore" + "xhci_hcd" + "usbnet" + "snd_usb_audio" + "usbhid" + "snd_usbmidi_lib" + "cdc_mbim" + "cdc_ncm" + "usb_storage" + "cdc_wdm" + "uvcvideo" + "btusb" + "xhci_pci" + "cdc_ether" + "uas" ]; in { # TASK: new device @@ -14,8 +30,11 @@ in { enable = true; encrypted = true; diskId = "nvme-WD_BLACK_SN850X_4000GB_2227DT443901"; + earlyDiskIdOverride = "usb-JMicron_Generic_0123456789ABCDEF-0:0"; }; + # boot.loader.grub.device = lib.mkForce "/dev/disk/by-id/usb-JMicron_Generic_0123456789ABCDEF-0:0"; + # see https://linrunner.de/tlp/ services.tlp = { enable = true; @@ -90,6 +109,7 @@ in { ]; }; + hardware.enableRedistributableFirmware = true; # boot.initrd.availableKernelModules = stage1Modules; boot.initrd.kernelModules = stage1Modules; } diff --git a/nix/os/devices/steveej-t14/pkg.nix b/nix/os/devices/steveej-t14/pkg.nix index 95dc2d4..1ff1a59 100644 --- a/nix/os/devices/steveej-t14/pkg.nix +++ b/nix/os/devices/steveej-t14/pkg.nix @@ -59,6 +59,25 @@ sway ''; + + # autologin steveej on tty1 + systemd.services."autovt@tty1".description = "Autologin at the TTY1"; + systemd.services."autovt@tty1".after = [ "systemd-logind.service" ]; # without it user session not started and xorg can't be run from this tty + systemd.services."autovt@tty1".wantedBy = [ "multi-user.target" ]; + systemd.services."autovt@tty1".serviceConfig = + { ExecStart = [ + "" # override upstream default with an empty ExecStart + "@${pkgs.utillinux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login --autologin steveej --noclear %I $TERM" + ]; + Restart = "always"; + Type = "idle"; + }; + programs.zsh.loginShellInit = '' + if test $(id --user steveej) = $(id -u) && test $(tty) = "/dev/tty1"; then + exec sway + fi + ''; + # fonts = let # prefs.font = rec { # size = 13; @@ -109,6 +128,7 @@ # rtkit is optional but recommended security.rtkit.enable = true; services.pipewire = { + audio.enable = true; enable = true; alsa.enable = true; alsa.support32Bit = true; diff --git a/nix/os/devices/steveej-t14/system.nix b/nix/os/devices/steveej-t14/system.nix index e39601a..3e35163 100644 --- a/nix/os/devices/steveej-t14/system.nix +++ b/nix/os/devices/steveej-t14/system.nix @@ -1,11 +1,11 @@ -{ - pkgs, - lib, - config, - nodeName, - repoFlake, - ... -}: let +{ pkgs +, lib +, config +, nodeName +, repoFlake +, ... +}: +let passwords = import ../../../variables/passwords.crypt.nix; localTcpPorts = [ @@ -24,7 +24,8 @@ 21027 ]; -in { +in +{ imports = [ ../../snippets/nix-settings-holo-chain.nix ]; @@ -44,16 +45,16 @@ in { sshUser = "nix-remote-builder"; protocol = "ssh-ng"; system = "x86_64-linux"; - maxJobs = 24; + maxJobs = 32; speedFactor = 100; - supportedFeatures = repoFlake.nixosConfigurations.router0-dmz0.config.nix.settings.system-features ++ []; + supportedFeatures = repoFlake.nixosConfigurations.router0-dmz0.config.nix.settings.system-features ++ [ ]; } ]; networking.extraHosts = '' ''; - networking.bridges."virbr1".interfaces = []; + networking.bridges."virbr1".interfaces = [ ]; networking.interfaces."virbr1".ipv4.addresses = [ { address = "10.254.254.254"; @@ -86,7 +87,7 @@ in { # virtualization virtualisation = { - libvirtd = {enable = true;}; + libvirtd = { enable = true; }; virtualbox.host = { enable = false; @@ -107,11 +108,11 @@ in { enable = true; package = lib.mkForce pkgs.gnome3.gvfs; }; - environment.systemPackages = with pkgs; [lxqt.lxqt-policykit]; # provides a default authentification client for policykit + environment.systemPackages = with pkgs; [ lxqt.lxqt-policykit ]; # provides a default authentification client for policykit - security.pki.certificateFiles = ["${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"]; + security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]; - services.xserver.videoDrivers = lib.mkForce ["amdgpu"]; + services.xserver.videoDrivers = lib.mkForce [ "amdgpu" ]; services.xserver.serverFlagsSection = '' Option "BlankTime" "0" Option "StandbyTime" "0" @@ -123,35 +124,37 @@ in { hardware.ledger.enable = true; - services.zerotierone = { - enable = true; - joinNetworks = [ - # moved to the service below as it's now secret - ]; - }; + # services.zerotierone = { + # enable = false; + # joinNetworks = [ + # # moved to the service below as it's now secret + # ]; + # }; - systemd.services.zerotieroneSecretNetworks = { - enable = false; - requiredBy = ["zerotierone.service"]; - partOf = ["zerotierone.service"]; + # systemd.services.zerotieroneSecretNetworks = { + # enable = false; + # requiredBy = [ "zerotierone.service" ]; + # partOf = [ "zerotierone.service" ]; - serviceConfig.Type = "oneshot"; - serviceConfig.RemainAfterExit = true; + # serviceConfig.Type = "oneshot"; + # serviceConfig.RemainAfterExit = true; - script = let - secret = config.sops.secrets.zerotieroneNetworks; - in '' - # include the secret's hash to trigger a restart on change - # ${builtins.hashString "sha256" (builtins.toJSON secret)} + # script = + # let + # secret = config.sops.secrets.zerotieroneNetworks; + # in + # '' + # # include the secret's hash to trigger a restart on change + # # ${builtins.hashString "sha256" (builtins.toJSON secret)} - ${config.systemd.services.zerotierone.preStart} + # ${config.systemd.services.zerotierone.preStart} - rm -rf /var/lib/zerotier-one/networks.d/*.conf - for network in `grep -v '#' ${secret.path}`; do - touch /var/lib/zerotier-one/networks.d/''${network}.conf - done - ''; - }; + # rm -rf /var/lib/zerotier-one/networks.d/*.conf + # for network in `grep -v '#' ${secret.path}`; do + # touch /var/lib/zerotier-one/networks.d/''${network}.conf + # done + # ''; + # }; sops.secrets.zerotieroneNetworks = { sopsFile = ../../../../secrets/zerotierone.txt; diff --git a/nix/os/devices/steveej-x13s/.gitignore b/nix/os/devices/steveej-x13s/.gitignore new file mode 100644 index 0000000..b2be92b --- /dev/null +++ b/nix/os/devices/steveej-x13s/.gitignore @@ -0,0 +1 @@ +result diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix new file mode 100644 index 0000000..8bbc5c9 --- /dev/null +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -0,0 +1,82 @@ +{ repoFlake +, pkgs +, lib +, config +, nodeFlake +, nodeName +, localDomainName +, system +, ... +}: + +{ + imports = [ + # repoFlake.inputs.sops-nix.nixosModules.sops + + # ../../profiles/common/user.nix + + { + nix.nixPath = [ + "nixpkgs=${pkgs.path}" + ]; + + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + + nix.settings.max-jobs = lib.mkDefault "auto"; + nix.settings.cores = lib.mkDefault 0; + } + + { + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "yes"; + + # users.commonUsers = { + # enable = true; + # enableNonRoot = false; + # rootPasswordFile = config.sops.secrets.passwords-root.path; + # }; + + users.users.root.password = "install"; + + # sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + # sops.defaultSopsFormat = "yaml"; + + # sops.secrets.passwords-root.neededForUsers = true; + } + ]; + + networking = { + hostName = nodeName; + useNetworkd = false; + + networkmanager.enable = false; + + firewall.enable = false; + }; + + system.stateVersion = "23.11"; + + # We exclude a number of modules included in the default list. A non-insignificant amount do + # not apply to embedded hardware like this, so simply skip the defaults. + # + # Custom kernel is required as a lot of MTK components misbehave when built as modules. + # They fail to load properly, leaving the system without working ethernet, they'll oops on + # remove. MTK-DSA parts and PCIe were observed to do this. + + # boot.initrd.includeDefaultModules = false; + # boot.initrd.kernelModules = ["rfkill" "cfg80211" "mt7915e"]; + # boot.initrd.availableKernelModules = ["nvme"]; + + nixpkgs.config.allowUnfree = true; + + # hardware.enableRedistributableFirmware = true; + + environment.systemPackages = [ + pkgs.busybox + ]; + + fileSystems."/".label = "x13s_root"; +} diff --git a/nix/os/devices/steveej-x13s/default.nix b/nix/os/devices/steveej-x13s/default.nix new file mode 100644 index 0000000..3961f0b --- /dev/null +++ b/nix/os/devices/steveej-x13s/default.nix @@ -0,0 +1,35 @@ +{ + system ? "aarch64-linux", + nodeName, + repoFlake, + nodeFlake, + localDomainName ? "internal", + ... +}: { + meta.nodeSpecialArgs.${nodeName} = { + inherit repoFlake nodeName nodeFlake system; + packages' = repoFlake.packages.${system}; + nodePackages' = nodeFlake.packages.${system}; + + inherit localDomainName; + }; + + meta.nodeNixpkgs.${nodeName} = + import nodeFlake.inputs.nixpkgs.outPath + { + inherit system; + }; + + ${nodeName} = { + deployment.targetHost = "${nodeName}.${localDomainName}"; + deployment.replaceUnknownProfiles = true; + + # nixpkgs.pkgs = nodeFlake.inputs.nixpkgs.legacyPackages.${system}; + + imports = [ + ./configuration.nix + ]; + + networking.hostName = nodeName; + }; +} diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock new file mode 100644 index 0000000..be88708 --- /dev/null +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -0,0 +1,159 @@ +{ + "nodes": { + "brainwart_x13s-nixos": { + "flake": false, + "locked": { + "lastModified": 1701822673, + "narHash": "sha256-F2LBV8tqGPhEAvmn5Frxj79RPWgPGUYxJRYz8Pn9uj0=", + "owner": "BrainWart", + "repo": "x13s-nixos", + "rev": "ba245df7a72a78ec93aa500ba1a0cb29f0f65f37", + "type": "github" + }, + "original": { + "owner": "BrainWart", + "ref": "main", + "repo": "x13s-nixos", + "type": "github" + } + }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1705348229, + "narHash": "sha256-CssPema1sBxZkrT95KFuKCNNiqxNe1lnf2QNeXk88Xk=", + "owner": "nix-community", + "repo": "disko", + "rev": "d0b4408eaf782a1ada0a9133bb1cecefdd59c696", + "type": "github" + }, + "original": { + "id": "disko", + "type": "indirect" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "srvos", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1704982712, + "narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "07f6395285469419cf9d078f59b5b49993198c00", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "get-flake": { + "locked": { + "lastModified": 1694475786, + "narHash": "sha256-s5wDmPooMUNIAAsxxCMMh9g68AueGg63DYk2hVZJbc8=", + "owner": "ursi", + "repo": "get-flake", + "rev": "ac54750e3b95dab6ec0726d77f440efe6045bec1", + "type": "github" + }, + "original": { + "owner": "ursi", + "repo": "get-flake", + "type": "github" + } + }, + "linux_x13s": { + "flake": false, + "locked": { + "lastModified": 1705487080, + "narHash": "sha256-DTOPiUGaeH5Ey+AZaO1c1n/QFikIXmvo2tTzgFtJ70k=", + "owner": "jhovold", + "repo": "linux", + "rev": "dd209a8fb4840e48ca4963bb23057f38b1066a6d", + "type": "github" + }, + "original": { + "owner": "jhovold", + "ref": "wip/sc8280xp-v6.7", + "repo": "linux", + "type": "github" + } + }, + "mobile-nixos": { + "flake": false, + "locked": { + "lastModified": 1705008488, + "narHash": "sha256-Gj97fDFZaK6gLb3ayZgTTtD+MFE1YjoyYHWkB1TIAe0=", + "owner": "NixOS", + "repo": "mobile-nixos", + "rev": "56e55df7b07b5e5c6d050732d851cec62b41df95", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "mobile-nixos", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1705316053, + "narHash": "sha256-J2Ey5mPFT8gdfL2XC0JTZvKaBw/b2pnyudEXFvl+dQM=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "c3e128f3c0ecc1fb04aef9f72b3dcc2f6cecf370", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "brainwart_x13s-nixos": "brainwart_x13s-nixos", + "disko": "disko", + "get-flake": "get-flake", + "linux_x13s": "linux_x13s", + "mobile-nixos": "mobile-nixos", + "nixpkgs": "nixpkgs", + "srvos": "srvos" + } + }, + "srvos": { + "inputs": { + "flake-parts": "flake-parts", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1705346686, + "narHash": "sha256-lTf1b2I6wwNDhV5eEKIAMT5DOa43bK5KaPqDWH2yfek=", + "owner": "numtide", + "repo": "srvos", + "rev": "8e03bea707212a7225b0ab02a8186af8b1e98e0a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "srvos", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix new file mode 100644 index 0000000..05b3765 --- /dev/null +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -0,0 +1,270 @@ +{ + inputs = + { + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + + get-flake.url = "github:ursi/get-flake"; + + disko.inputs.nixpkgs.follows = "nixpkgs"; + srvos.url = "github:numtide/srvos"; + srvos.inputs.nixpkgs.follows = "nixpkgs"; + + mobile-nixos.url = "github:NixOS/mobile-nixos"; + mobile-nixos.flake = false; + + # see https://github.com/jhovold/linux/wiki/X13s for status updates + linux_x13s.url = "github:jhovold/linux/wip/sc8280xp-v6.7"; + linux_x13s.flake = false; + + brainwart_x13s-nixos = { + url = "github:BrainWart/x13s-nixos/main"; + flake = false; + }; + }; + + outputs = + { self + , get-flake + , nixpkgs + , ... + }: + let + targetPlatform = "aarch64-linux"; + buildPlatform = "x86_64-linux"; + nodeName = "steveej-x13s"; + + pkgs = nixpkgs.legacyPackages.${targetPlatform}; + pkgsCross = import self.inputs.nixpkgs { + system = buildPlatform; + crossSystem = { + config = "pentium2-unknown-linux-gnu"; + }; + }; + + mkNixosConfiguration = { extraModules ? [ ], ... } @ attrs: + nixpkgs.lib.nixosSystem ( + nixpkgs.lib.attrsets.recursiveUpdate + attrs + { + specialArgs = (import ./default.nix { + system = targetPlatform; + inherit nodeName; + + repoFlake = get-flake ../../../..; + nodeFlake = self; + }).meta.nodeSpecialArgs.${nodeName}; + + modules = + [ + self.nixosModules.hardware-x13s + + ./configuration.nix + + # flake registry + { + nix.registry.nixpkgs.flake = nixpkgs; + } + + { + nixpkgs.overlays = [ + (final: prev: + { + qrtr = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/qrtr.nix" { }; + qmic = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/qmic.nix" { }; + rmtfs = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/rmtfs.nix" { }; + pd-mapper = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/pd-mapper.nix" { + inherit (final) qrtr; + }; + compressFirmwareXz = prev.lib.id; #this leaves all firmware uncompressed :) for pd-mapper + }) + ]; + } + ] + ++ extraModules; + } + ); + in + { + nixosConfigurations = { + native = mkNixosConfiguration { + system = targetPlatform; + }; + + cross = mkNixosConfiguration { + extraModules = [ + { + nixpkgs.buildPlatform.system = buildPlatform; + nixpkgs.hostPlatform.system = targetPlatform; + } + ]; + }; + }; + + nixosModules.hardware-x13s = { pkgs, config, lib, options, ... }: + let + # TODO: introduce options for these + kernelPdMapper = true; + in + { + config = + let + inherit (config.boot.loader) efi; + kp = [ + { + name = "x13s-cfg"; + patch = null; + extraStructuredConfig = with lib.kernel; { + EFI_ARMSTUB_DTB_LOADER = lib.mkForce yes; + OF_OVERLAY = lib.mkForce yes; + BTRFS_FS = lib.mkForce yes; + BTRFS_FS_POSIX_ACL = lib.mkForce yes; + MEDIA_CONTROLLER = lib.mkForce yes; + SND_USB_AUDIO_USE_MEDIA_CONTROLLER = lib.mkForce yes; + SND_USB = lib.mkForce yes; + SND_USB_AUDIO = lib.mkForce module; + USB_XHCI_PCI = lib.mkForce module; + NO_HZ_FULL = lib.mkForce yes; + HZ_100 = lib.mkForce yes; + HZ_250 = lib.mkForce no; + DRM_AMDGPU = lib.mkForce no; + DRM_NOUVEAU = lib.mkForce no; + QCOM_TSENS = lib.mkForce yes; + NVMEM_QCOM_QFPROM = lib.mkForce yes; + ARM_QCOM_CPUFREQ_NVMEM = lib.mkForce yes; + } // lib.optionalAttrs kernelPdMapper { + QCOM_PD_MAPPER = lib.mkForce yes; + QRTR = lib.mkForce yes; + }; + } + ]; + + # We can't quite move to mainline linux + linux_x13s_pkg = { buildLinux, ... } @ args: + buildLinux (args // rec { + version = "6.7.0"; + modDirVersion = lib.versions.pad 3 version; + extraMeta.branch = lib.versions.majorMinor version; + + src = self.inputs.linux_x13s; + kernelPatches = (args.kernelPatches or [ ]) ++ kp; + } // (args.argsOverride or { })); + + # we add additional configuration on top of te normal configuration above + # using the extraStructuredConfig option on the kernel patch + linux_x13s = pkgs.callPackage linux_x13s_pkg { + defconfig = "johan_defconfig"; + }; + + uncompressed-fw = pkgs.callPackage + ({ lib, runCommand, buildEnv, firmwareFilesList }: + runCommand "qcom-modem-uncompressed-firmware-share" + { + firmwareFiles = buildEnv { + name = "qcom-modem-uncompressed-firmware"; + paths = firmwareFilesList; + pathsToLink = [ + "/lib/firmware/rmtfs" + "/lib/firmware/qcom" + ]; + }; + } '' + PS4=" $ " + ( + set -x + mkdir -p $out/share/ + ln -s $firmwareFiles/lib/firmware/ $out/share/uncompressed-firmware + ) + '') + { + firmwareFilesList = lib.flatten options.hardware.firmware.definitions; + }; + + linuxPackages_x13s = pkgs.linuxPackagesFor linux_x13s; + dtb = "${linuxPackages_x13s.kernel}/dtbs/qcom/sc8280xp-lenovo-thinkpad-x13s.dtb"; + + dtbName = "x13s63rc4.dtb"; + in + { + boot = { + loader.systemd-boot.enable = true; + loader.systemd-boot.extraFiles = { + "${dtbName}" = dtb; + }; + loader.efi.canTouchEfiVariables = true; + loader.efi.efiSysMountPoint = "/boot"; + + kernelPackages = linuxPackages_x13s; + + kernelParams = [ + "boot.shell_on_fail" + "clk_ignore_unused" + "pd_ignore_unused" + "arm64.nopauth" + "cma=128M" + "nvme.noacpi=1" + "iommu.strict=0" + "dtb=${dtbName}" + ]; + initrd = { + includeDefaultModules = false; + availableKernelModules = [ + "i2c_hid" + "i2c_hid_of" + "i2c_qcom_geni" + "leds_qcom_lpg" + "pwm_bl" + "qrtr" + "pmic_glink_altmode" + "gpio_sbu_mux" + "phy_qcom_qmp_combo" + "panel-edp" + "msm" + "phy_qcom_edp" + "i2c-core" + "i2c-hid" + "i2c-hid-of" + "i2c-qcom-geni" + "pcie-qcom" + "phy-qcom-qmp-combo" + "phy-qcom-qmp-pcie" + "phy-qcom-qmp-usb" + "phy-qcom-snps-femto-v2" + "phy-qcom-usb-hs" + "nvme" + ]; + }; + }; + + # power management, etc. + environment.systemPackages = with pkgs; [ + qrtr + qmic + rmtfs + pd-mapper + uncompressed-fw + ]; + environment.pathsToLink = [ "share/uncompressed-firmware" ]; + + # ensure the x13s' dtb file is in the boot partition + system.activationScripts.x13s-dtb = '' + in_package="${dtb}" + esp_tool_folder="${efi.efiSysMountPoint}/" + in_esp="''${esp_tool_folder}${dtbName}" + >&2 echo "Ensuring $in_esp in EFI System Partition" + if ! ${pkgs.diffutils}/bin/cmp --silent "$in_package" "$in_esp"; then + >&2 echo "Copying $in_package -> $in_esp" + mkdir -p "$esp_tool_folder" + cp "$in_package" "$in_esp" + sync + fi + ''; + + hardware.enableAllFirmware = true; + hardware.firmware = [ + pkgs.linux-firmware + (pkgs.callPackage "${self.inputs.brainwart_x13s-nixos}/pkgs/x13s-firmware.nix" { }) + ]; + }; + }; + }; +} diff --git a/nix/os/devices/voodoo/.gitignore b/nix/os/devices/voodoo/.gitignore new file mode 100644 index 0000000..b2be92b --- /dev/null +++ b/nix/os/devices/voodoo/.gitignore @@ -0,0 +1 @@ +result diff --git a/nix/os/devices/voodoo/configuration.nix b/nix/os/devices/voodoo/configuration.nix new file mode 100644 index 0000000..d6ae93c --- /dev/null +++ b/nix/os/devices/voodoo/configuration.nix @@ -0,0 +1,85 @@ +{ + repoFlake, + pkgs, + lib, + config, + nodeFlake, + nodeName, + localDomainName, + system, + ... +}: let +in { + imports = [ + # repoFlake.inputs.sops-nix.nixosModules.sops + + # ../../profiles/common/user.nix + + { + nix.nixPath = [ + "nixpkgs=${pkgs.path}" + ]; + + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + + nix.settings.max-jobs = lib.mkDefault "auto"; + nix.settings.cores = lib.mkDefault 0; + } + + { + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "yes"; + + # users.commonUsers = { + # enable = true; + # enableNonRoot = false; + # rootPasswordFile = config.sops.secrets.passwords-root.path; + # }; + + users.users.root.password = "voodoo"; + + # sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + # sops.defaultSopsFormat = "yaml"; + + # sops.secrets.passwords-root.neededForUsers = true; + } + ]; + + networking = { + hostName = nodeName; + useNetworkd = false; + useDHCP = true; + firewall.enable = false; + }; + + system.stateVersion = "23.11"; + + # We exclude a number of modules included in the default list. A non-insignificant amount do + # not apply to embedded hardware like this, so simply skip the defaults. + # + # Custom kernel is required as a lot of MTK components misbehave when built as modules. + # They fail to load properly, leaving the system without working ethernet, they'll oops on + # remove. MTK-DSA parts and PCIe were observed to do this. + + # boot.initrd.includeDefaultModules = false; + # boot.initrd.kernelModules = ["rfkill" "cfg80211" "mt7915e"]; + # boot.initrd.availableKernelModules = ["nvme"]; + + hardware.enableRedistributableFirmware = false; + + # Extlinux compatible with custom uboot patches in this repo, which also provide unique + # MAC addresses instead of the non-unique one that gets used by a lot of MTK devices... + boot.loader.grub.enable = true; + + environment.systemPackages = [ + # pkgs.pciutils + ]; + + fileSystems."/".label = "voodoo_root"; + boot.loader.grub.devices = [ + "/dev/disk/by-id/usb-ST313640_A_20171021-0" + ]; +} diff --git a/nix/os/devices/voodoo/default.nix b/nix/os/devices/voodoo/default.nix new file mode 100644 index 0000000..e43dbc4 --- /dev/null +++ b/nix/os/devices/voodoo/default.nix @@ -0,0 +1,35 @@ +{ + system ? "i586-linux", + nodeName, + repoFlake, + nodeFlake, + localDomainName ? "internal", + ... +}: { + meta.nodeSpecialArgs.${nodeName} = { + inherit repoFlake nodeName nodeFlake system; + packages' = repoFlake.packages.${system}; + nodePackages' = nodeFlake.packages.${system}; + + inherit localDomainName; + }; + + meta.nodeNixpkgs.${nodeName} = + import nodeFlake.inputs.nixpkgs.outPath + { + inherit system; + }; + + ${nodeName} = { + deployment.targetHost = "${nodeName}.${localDomainName}"; + deployment.replaceUnknownProfiles = true; + + # nixpkgs.pkgs = nodeFlake.inputs.nixpkgs.legacyPackages.${system}; + + imports = [ + ./configuration.nix + ]; + + networking.hostName = nodeName; + }; +} diff --git a/nix/os/devices/voodoo/flake.lock b/nix/os/devices/voodoo/flake.lock new file mode 100644 index 0000000..089ad5e --- /dev/null +++ b/nix/os/devices/voodoo/flake.lock @@ -0,0 +1,225 @@ +{ + "nodes": { + "bpir3": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703603768, + "narHash": "sha256-ZViXHNt7ClqNtlRO9iot+LxiSbBvZi/RR+/6Q7W6UV8=", + "owner": "steveej-forks", + "repo": "nixos-bpir3", + "rev": "47cb545b92c136d1482a66b940c4719c40eb5fe3", + "type": "github" + }, + "original": { + "owner": "steveej-forks", + "ref": "linux-6.6", + "repo": "nixos-bpir3", + "type": "github" + } + }, + "dependencyDagOfSubmodule": { + "inputs": { + "nixpkgs": [ + "nixos-nftables-firewall", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1656615370, + "narHash": "sha256-IZDqz1aSySoqf1qtVQg+oJMHfC4IlT55Zoa7EkjvPug=", + "owner": "thelegy", + "repo": "nix-dependencyDagOfSubmodule", + "rev": "98eb563d80b35acafbfc1abb9ccee569c1efb19c", + "type": "github" + }, + "original": { + "owner": "thelegy", + "repo": "nix-dependencyDagOfSubmodule", + "type": "github" + } + }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703532766, + "narHash": "sha256-ojjW3cuNmqL5uqDWohwLoO8dYpheM5+AfgsNmGIMwG8=", + "owner": "nix-community", + "repo": "disko", + "rev": "1b191113874dee97796749bb21eac3d84735c70a", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "get-flake": { + "locked": { + "lastModified": 1694475786, + "narHash": "sha256-s5wDmPooMUNIAAsxxCMMh9g68AueGg63DYk2hVZJbc8=", + "owner": "ursi", + "repo": "get-flake", + "rev": "ac54750e3b95dab6ec0726d77f440efe6045bec1", + "type": "github" + }, + "original": { + "owner": "ursi", + "repo": "get-flake", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703527373, + "narHash": "sha256-AjypRssRtS6F3xkf7rE3/bXkIF2WJOZLbTIspjcE1zM=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "80679ea5074ab7190c4cce478c600057cfb5edae", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "master", + "repo": "home-manager", + "type": "github" + } + }, + "hostapd": { + "flake": false, + "locked": { + "lastModified": 1703346062, + "narHash": "sha256-SHSBKIgKc5zEGhKDT2v+yGERTJHf8pe+9ZPUwJBTJKQ=", + "ref": "refs/heads/main", + "rev": "196d6c83b9cb7d298fdc92684dc37115348b159e", + "revCount": 19119, + "type": "git", + "url": "git://w1.fi/hostap.git?branch=main" + }, + "original": { + "type": "git", + "url": "git://w1.fi/hostap.git?branch=main" + } + }, + "nixos-nftables-firewall": { + "inputs": { + "dependencyDagOfSubmodule": "dependencyDagOfSubmodule", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703279052, + "narHash": "sha256-0rbG/9SwaWtXT7ZuifMq+7wvfxDpZrjr0zdMcM4KK+E=", + "owner": "thelegy", + "repo": "nixos-nftables-firewall", + "rev": "3bf23aeb346e772d157816e6b72a742a6c97db80", + "type": "github" + }, + "original": { + "owner": "thelegy", + "repo": "nixos-nftables-firewall", + "type": "github" + } + }, + "nixos-stable": { + "locked": { + "lastModified": 1703068421, + "narHash": "sha256-WSw5Faqlw75McIflnl5v7qVD/B3S2sLh+968bpOGrWA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d65bceaee0fb1e64363f7871bc43dc1c6ecad99f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1703255338, + "narHash": "sha256-Z6wfYJQKmDN9xciTwU3cOiOk+NElxdZwy/FiHctCzjU=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "6df37dc6a77654682fe9f071c62b4242b5342e04", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "openwrt": { + "flake": false, + "locked": { + "lastModified": 1691699580, + "narHash": "sha256-CV+ufXPEr5Nz2O2FBnnuPeHNsFQ7c5s0uW39u/q3cUo=", + "ref": "main", + "rev": "847984c773d819d5579d5abae4b80a4983103ed9", + "revCount": 58166, + "type": "git", + "url": "https://github.com/openwrt/openwrt.git" + }, + "original": { + "ref": "main", + "rev": "847984c773d819d5579d5abae4b80a4983103ed9", + "type": "git", + "url": "https://github.com/openwrt/openwrt.git" + } + }, + "root": { + "inputs": { + "bpir3": "bpir3", + "disko": "disko", + "get-flake": "get-flake", + "home-manager": "home-manager", + "hostapd": "hostapd", + "nixos-nftables-firewall": "nixos-nftables-firewall", + "nixpkgs": "nixpkgs", + "openwrt": "openwrt", + "srvos": "srvos" + } + }, + "srvos": { + "inputs": { + "nixos-stable": "nixos-stable", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703469109, + "narHash": "sha256-hTQJ9uV43Vt8UXwervEj9mbDoQSN1mD3lwwPChG8jy8=", + "owner": "numtide", + "repo": "srvos", + "rev": "52d07db520046c4775f1047e68a05dcb53bba9ec", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "srvos", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/nix/os/devices/voodoo/flake.nix b/nix/os/devices/voodoo/flake.nix new file mode 100644 index 0000000..6282785 --- /dev/null +++ b/nix/os/devices/voodoo/flake.nix @@ -0,0 +1,80 @@ +{ + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + + get-flake.url = "github:ursi/get-flake"; + + disko.inputs.nixpkgs.follows = "nixpkgs"; + srvos.url = "github:numtide/srvos"; + srvos.inputs.nixpkgs.follows = "nixpkgs"; + }; + + outputs = { + self, + get-flake, + nixpkgs, + ... + }: let + targetPlatform = "i686-linux"; + buildPlatform = "x86_64-linux"; + nodeName = "voodoo"; + + pkgs = nixpkgs.legacyPackages.${targetPlatform}; + pkgsCross = import self.inputs.nixpkgs { + system = buildPlatform; + crossSystem = { + config = "pentium2-unknown-linux-gnu"; + }; + }; + + mkNixosConfiguration = {extraModules ? [], ...} @ attrs: + nixpkgs.lib.nixosSystem ( + nixpkgs.lib.attrsets.recursiveUpdate + attrs + { + specialArgs = (import ./default.nix { + system = targetPlatform; + inherit nodeName; + + repoFlake = get-flake ../../../..; + nodeFlake = self; + }).meta.nodeSpecialArgs.${nodeName}; + + modules = + [ + ./configuration.nix + + # flake registry + { + nix.registry.nixpkgs.flake = nixpkgs; + } + + { + nixpkgs.overlays = [ + (final: previous: + { + }) + + ]; + } + ] + ++ extraModules; + } + ); + in { + nixosConfigurations = { + native = mkNixosConfiguration { + system = targetPlatform; + }; + + cross = mkNixosConfiguration { + extraModules = [ + { + nixpkgs.buildPlatform.system = buildPlatform; + nixpkgs.hostPlatform.system = targetPlatform; + } + ]; + }; + }; + }; +} diff --git a/nix/os/lib/default.nix b/nix/os/lib/default.nix index 5ed886d..9871d3b 100644 --- a/nix/os/lib/default.nix +++ b/nix/os/lib/default.nix @@ -20,6 +20,7 @@ in { "cdrom" "adbusers" "dialout" + "cdrom" ]; openssh.authorizedKeys.keys = keys.users.steveej.openssh; diff --git a/nix/os/modules/opinionatedDisk.nix b/nix/os/modules/opinionatedDisk.nix index 758c50e..399eb43 100644 --- a/nix/os/modules/opinionatedDisk.nix +++ b/nix/os/modules/opinionatedDisk.nix @@ -7,6 +7,12 @@ with lib; let cfg = config.hardware.opinionatedDisk; ownLib = pkgs.callPackage ../lib/default.nix {}; + + earlyDiskId = cfg: + if cfg.earlyDiskIdOverride != "" + then cfg.earlyDiskIdOverride + else cfg.diskId + ; in { options.hardware.opinionatedDisk = { enable = mkEnableOption "Enable opinionated filesystem layout"; @@ -15,6 +21,11 @@ in { default = true; type = types.bool; }; + + earlyDiskIdOverride = mkOption { + default = ""; + type = types.string; + }; }; config = lib.mkIf cfg.enable { @@ -38,7 +49,7 @@ in { swapDevices = [{device = ownLib.disk.swapFsDevice cfg.diskId;}]; boot.loader.grub = { - device = ownLib.disk.bootGrubDevice cfg.diskId; + device = ownLib.disk.bootGrubDevice (earlyDiskId cfg); enableCryptodisk = cfg.encrypted; }; @@ -54,6 +65,7 @@ in { builtins.elemAt splitstring lastelem; value = { device = ownLib.disk.bootLuksDevice cfg.diskId; + preLVM = true; allowDiscards = true; }; diff --git a/nix/os/profiles/graphical/system.nix b/nix/os/profiles/graphical/system.nix index 87b1bd0..1eb2d07 100644 --- a/nix/os/profiles/graphical/system.nix +++ b/nix/os/profiles/graphical/system.nix @@ -42,10 +42,13 @@ SUBSYSTEM=="usb", ATTR{idVendor}=="1050", ATTR{idProduct}=="0406", ENV{ID_SECURITY_TOKEN}="1", GROUP="wheel" ''; - services.samba.enable = true; - services.samba.extraConfig = '' - client max protocol = SMB3 - ''; + # services.samba.enable = true; + # services.samba.extraConfig = '' + # client max protocol = SMB3 + # # client min protocol = SMB2_10 + # # client min protocol = NT1 + # # ntlm auth = yes + # ''; services.logind.lidSwitchExternalPower = "ignore";