From 26f0bde4b3469c0df233c7b8dd3b68592d2bf129 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 18 Jan 2024 14:59:17 +0000 Subject: [PATCH] WIP everything --- Justfile | 10 +- README.md | 18 +- flake.lock | 376 +++++++++--------- flake.nix | 348 +++++++++------- nix/devShells.nix | 2 +- .../configuration/graphical-fullblown.nix | 7 + nix/home-manager/programs/espanso.nix | 4 + nix/home-manager/programs/pass.nix | 11 +- nix/os/containers/webserver.nix | 11 +- nix/os/devices/router0-dmz0/configuration.nix | 36 +- .../devices/sj-bm-hostkey0/configuration.nix | 3 + nix/os/devices/sj-vps-htz0/system.nix | 47 +-- nix/os/devices/steveej-t14/configuration.nix | 56 +++ nix/os/devices/steveej-t14/hw.nix | 22 +- nix/os/devices/steveej-t14/pkg.nix | 20 + nix/os/devices/steveej-t14/system.nix | 83 ++-- nix/os/devices/steveej-x13s/.gitignore | 1 + nix/os/devices/steveej-x13s/configuration.nix | 82 ++++ nix/os/devices/steveej-x13s/default.nix | 35 ++ nix/os/devices/steveej-x13s/flake.lock | 159 ++++++++ nix/os/devices/steveej-x13s/flake.nix | 270 +++++++++++++ nix/os/devices/voodoo/.gitignore | 1 + nix/os/devices/voodoo/configuration.nix | 85 ++++ nix/os/devices/voodoo/default.nix | 35 ++ nix/os/devices/voodoo/flake.lock | 225 +++++++++++ nix/os/devices/voodoo/flake.nix | 80 ++++ nix/os/lib/default.nix | 1 + nix/os/modules/opinionatedDisk.nix | 14 +- nix/os/profiles/graphical/system.nix | 11 +- 29 files changed, 1630 insertions(+), 423 deletions(-) create mode 100644 nix/os/devices/steveej-x13s/.gitignore create mode 100644 nix/os/devices/steveej-x13s/configuration.nix create mode 100644 nix/os/devices/steveej-x13s/default.nix create mode 100644 nix/os/devices/steveej-x13s/flake.lock create mode 100644 nix/os/devices/steveej-x13s/flake.nix create mode 100644 nix/os/devices/voodoo/.gitignore create mode 100644 nix/os/devices/voodoo/configuration.nix create mode 100644 nix/os/devices/voodoo/default.nix create mode 100644 nix/os/devices/voodoo/flake.lock create mode 100644 nix/os/devices/voodoo/flake.nix diff --git a/Justfile b/Justfile index e9cbfd7..0b3bb36 100755 --- a/Justfile +++ b/Justfile @@ -1,5 +1,5 @@ -_DEFAULT_VERSION_TMPL: - echo "{{invocation_directory()}}/nix/variables/versions.tmpl.nix" +# _DEFAULT_VERSION_TMPL: +# echo "{{invocation_directory()}}/nix/variables/versions.tmpl.nix" _usage: just -l @@ -53,7 +53,7 @@ update-remote-device devicename +rebuildargs='build': git commit -v nix/os/devices/{{devicename}}/flake.{nix,lock} -m "nix/os/devices/{{devicename}}: bump versions" # Re-render the versions of the current device and rebuild its environment -update-this-device rebuild-mode='switch': +update-this-device rebuild-mode='switch' +moreargs='': #!/usr/bin/env bash set -e @@ -63,7 +63,7 @@ update-this-device rebuild-mode='switch': nix flake update ) - just -v rebuild-this-device {{rebuild-mode}} + just -v rebuild-this-device {{rebuild-mode}} {{moreargs}} git commit -v nix/os/devices/$(hostname -s)/flake.{nix,lock} -m "nix/os/devices/$(hostname -s): bump versions" @@ -261,7 +261,7 @@ test-connection: #! nix-shell -i zsh #! nix-shell --pure - while true; do + while true; do FAILURE="false" output=$( echo "$(date)\n---" diff --git a/README.md b/README.md index 1eb1888..d59de56 100644 --- a/README.md +++ b/README.md @@ -95,4 +95,20 @@ just --list 1. offline-bitwise copy of drive 2. disconnect remove the previous drive 3. replace the driveId in the device's hw.nix -4. run the `just disk-relabel nix/os/devices/ ` command to rename the filesystem and volume group \ No newline at end of file +4. run the `just disk-relabel nix/os/devices/ ` command to rename the filesystem and volume group + +## Rebuilding an offline system + +``` +( +sudo cryptsetup open /dev/sdb3 steveej-t14s-cryptroot +sleep 5 + +sudo mkdir -p /mnt/root +sudo mount /dev/mapper/nvme--WD_BLACK_SN850X_4000GB_2227DT443901-root /mnt/root -o subvol=nixos +sudo mount /dev/sdb2 /mnt/root/boot +sudo mount /dev/mapper/nvme--WD_BLACK_SN850X_4000GB_2227DT443901-root /mnt/root/home -o subvol=home + +sudo nixos-install -v --flake .#steveej-t14 --root /mnt/root/ --no-root-password +) +``` diff --git a/flake.lock b/flake.lock index ea8adae..af15232 100644 --- a/flake.lock +++ b/flake.lock @@ -3,11 +3,11 @@ "aphorme_launcher": { "flake": false, "locked": { - "lastModified": 1683977169, - "narHash": "sha256-juRiokIk5x+eGJm+QuCdFPUjEggDmscpy2Ip7pU9KI4=", + "lastModified": 1699523648, + "narHash": "sha256-OmeelrddWuPQL84W/1Fi3FczKfrR+XdosRfKofc2o6w=", "owner": "Iaphetes", "repo": "aphorme_launcher", - "rev": "211bc27de061b61e3119a7966cff09f4b8c3a1fe", + "rev": "3404dd1ac0c448d517efc0a20f554da0f1d5550c", "type": "github" }, "original": { @@ -42,19 +42,16 @@ }, "crane": { "inputs": { - "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_2", "nixpkgs": [ "nixpkgs" - ], - "rust-overlay": "rust-overlay" + ] }, "locked": { - "lastModified": 1691423162, - "narHash": "sha256-cReUZCo83YEEmFcHX8CcOVTZYUrcWgHQO34zxQzy7WI=", + "lastModified": 1703439018, + "narHash": "sha256-VT+06ft/x3eMZ1MJxWzQP3zXFGcrxGo5VR2rB7t88hs=", "owner": "ipetkov", "repo": "crane", - "rev": "b5d9d42ea3fa8fea1805d9af1416fe207d0dd1dc", + "rev": "afdcd41180e3dfe4dac46b5ee396e3b12ccc967a", "type": "github" }, "original": { @@ -71,11 +68,11 @@ ] }, "locked": { - "lastModified": 1687747614, - "narHash": "sha256-KXspKgtdO2YRL12Jv0sUgkwOwHrAFwdIG/90pDx8Ydg=", + "lastModified": 1701905325, + "narHash": "sha256-lda63LmEIlDMeCgWfjr3/wb487XPllBByfrGRieyEk4=", "owner": "nix-community", "repo": "disko", - "rev": "fef67a1ddc293b595d62a660f57deabbcb70ff95", + "rev": "1144887c6f4d2dcbb2316a24364ef53e25b0fcfe", "type": "github" }, "original": { @@ -93,11 +90,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1691648495, - "narHash": "sha256-JULr+eKL9rjfex17hZYn0K/fBxxfK/FM9TOCcxPQay4=", + "lastModified": 1704176544, + "narHash": "sha256-A6PfA1DB6cF3cQerysGK8zIumGTrXucdHoFRU+8H7Lc=", "owner": "nix-community", "repo": "fenix", - "rev": "6c9f0709358f212766cff5ce79f6e8300ec1eb91", + "rev": "54df821cae7bd492a049ef213336810247128110", "type": "github" }, "original": { @@ -123,22 +120,6 @@ } }, "flake-compat_2": { - "flake": false, - "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_3": { "locked": { "lastModified": 1688025799, "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=", @@ -158,11 +139,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1690933134, - "narHash": "sha256-ab989mN63fQZBFrkk4Q8bYxQCktuHmBIBqUG1jl6/FQ=", + "lastModified": 1704152458, + "narHash": "sha256-DS+dGw7SKygIWf9w4eNBUZsK+4Ug27NwEWmn2tnbycg=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "59cf3f1447cfc75087e7273b04b31e689a8599fb", + "rev": "88a2cd8166694ba0b6cb374700799cec53aef527", "type": "github" }, "original": { @@ -179,11 +160,11 @@ ] }, "locked": { - "lastModified": 1687762428, - "narHash": "sha256-DIf7mi45PKo+s8dOYF+UlXHzE0Wl/+k3tXUyAoAnoGE=", + "lastModified": 1701473968, + "narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "37dd7bb15791c86d55c5121740a1887ab55ee836", + "rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5", "type": "github" }, "original": { @@ -201,11 +182,11 @@ ] }, "locked": { - "lastModified": 1690933134, - "narHash": "sha256-ab989mN63fQZBFrkk4Q8bYxQCktuHmBIBqUG1jl6/FQ=", + "lastModified": 1701473968, + "narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "59cf3f1447cfc75087e7273b04b31e689a8599fb", + "rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5", "type": "github" }, "original": { @@ -234,11 +215,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1689068808, - "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", + "lastModified": 1701680307, + "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", "owner": "numtide", "repo": "flake-utils", - "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", + "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", "type": "github" }, "original": { @@ -248,24 +229,6 @@ } }, "flake-utils_3": { - "inputs": { - "systems": "systems_2" - }, - "locked": { - "lastModified": 1689068808, - "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_4": { "locked": { "lastModified": 1667395993, "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", @@ -282,11 +245,11 @@ }, "get-flake": { "locked": { - "lastModified": 1673819588, - "narHash": "sha256-gRtwKAlu4htvS6dxyZnW3n+vMS1acqnMGVHqxUdETeY=", + "lastModified": 1694475786, + "narHash": "sha256-s5wDmPooMUNIAAsxxCMMh9g68AueGg63DYk2hVZJbc8=", "owner": "ursi", "repo": "get-flake", - "rev": "e0917b6f564aa5acefb1484b5baf76da21746c3c", + "rev": "ac54750e3b95dab6ec0726d77f440efe6045bec1", "type": "github" }, "original": { @@ -298,11 +261,11 @@ "jay": { "flake": false, "locked": { - "lastModified": 1689440887, - "narHash": "sha256-+61dHuxk3FCP+H2PCoup6lZDlaTuJBqDzkiBNY6yaJ4=", + "lastModified": 1698077919, + "narHash": "sha256-X4bMOBS2WFcbiOiynvSId1XoWgQW3wbO7/atJ9V7buk=", "owner": "mahkoh", "repo": "jay", - "rev": "eb83505e39ec8c2383ac233a8b8449803db52549", + "rev": "b4d73064d9c112c69ff16200231145ccffcb3e81", "type": "github" }, "original": { @@ -313,15 +276,15 @@ }, "lib-aggregate": { "inputs": { - "flake-utils": "flake-utils_3", + "flake-utils": "flake-utils_2", "nixpkgs-lib": "nixpkgs-lib_2" }, "locked": { - "lastModified": 1691323683, - "narHash": "sha256-G7kMLDbYN03VNO+QYymFIp0o9jv+gflUpde8V4iYri8=", + "lastModified": 1704024543, + "narHash": "sha256-hmKcKSuTqVK47l2G0PkLAinZN1oCOb6XdPPJhNCQ2rg=", "owner": "nix-community", "repo": "lib-aggregate", - "rev": "99d95d9ca592022832e9f1b4d2a8327b8d50eb60", + "rev": "4608880f02f8f868e1b7f85c60abdfc5cb0cf9ec", "type": "github" }, "original": { @@ -333,11 +296,11 @@ "magmawm": { "flake": false, "locked": { - "lastModified": 1687543996, - "narHash": "sha256-S8vRKXCHF7OHestoGNe6fqqxJIc8slhaOFjvGS3oflc=", + "lastModified": 1703542178, + "narHash": "sha256-HuCAz+B+cg7HoEEL67heaYRc8zmQCnPBR+DgmuiIZBk=", "owner": "MagmaWM", "repo": "MagmaWM", - "rev": "c16fa624b2c86328081a1647f483273e131df29d", + "rev": "24dc21f228efb034cd0237fb5ff9a8310f1929b7", "type": "github" }, "original": { @@ -349,15 +312,16 @@ "nix-eval-jobs": { "inputs": { "flake-parts": "flake-parts_3", + "nix-github-actions": "nix-github-actions", "nixpkgs": "nixpkgs", "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1691371197, - "narHash": "sha256-YazAJxDjmAG9kiIEuqc+1CmmYIIt4wRIbEFb+TXf8WA=", + "lastModified": 1703466376, + "narHash": "sha256-Wy8iF8u5KSzrTxg1hStTBmUjzzKdKyCyMOg8b/eTvVQ=", "owner": "nix-community", "repo": "nix-eval-jobs", - "rev": "b02b4e287fddc969fc490478b5666603f4ab0d3c", + "rev": "64104a3c55593c903af78af86a4c9d2e5487a2d7", "type": "github" }, "original": { @@ -366,19 +330,25 @@ "type": "github" } }, - "nixos-2305": { + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "nixpkgs-wayland", + "nix-eval-jobs", + "nixpkgs" + ] + }, "locked": { - "lastModified": 1687938137, - "narHash": "sha256-Z00c0Pk3aE1aw9x44lVcqHmvx+oX7dxCXCvKcUuE150=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ba2ded3227a2992f2040fad4ba6f218a701884a5", + "lastModified": 1701208414, + "narHash": "sha256-xrQ0FyhwTZK6BwKhahIkUVZhMNk21IEI1nUcWSONtpo=", + "owner": "nix-community", + "repo": "nix-github-actions", + "rev": "93e39cc1a087d65bcf7a132e75a650c44dd2b734", "type": "github" }, "original": { - "owner": "NixOS", - "ref": "release-23.05", - "repo": "nixpkgs", + "owner": "nix-community", + "repo": "nix-github-actions", "type": "github" } }, @@ -386,19 +356,19 @@ "inputs": { "disko": "disko", "flake-parts": "flake-parts_2", - "nixos-2305": "nixos-2305", "nixos-images": "nixos-images", + "nixos-stable": "nixos-stable", "nixpkgs": [ "nixpkgs" ], "treefmt-nix": "treefmt-nix" }, "locked": { - "lastModified": 1691224484, - "narHash": "sha256-0oodXqRRHXjUL7ssi1nIOKC8EzYD4f1e3eAaWexuF4M=", + "lastModified": 1704071157, + "narHash": "sha256-p8KFWE16nu8ltY17psLU4KTcxXTpjvc1fCzMVPel080=", "owner": "numtide", "repo": "nixos-anywhere", - "rev": "9df79870b04667f2d16f1a78a1ab87d124403fb7", + "rev": "d2911784c30a6c94d3a581bc99c94d3ce0deba0b", "type": "github" }, "original": { @@ -410,9 +380,9 @@ }, "nixos-images": { "inputs": { - "nixos-2305": [ + "nixos-2311": [ "nixos-anywhere", - "nixos-2305" + "nixos-stable" ], "nixos-unstable": [ "nixos-anywhere", @@ -420,11 +390,11 @@ ] }, "locked": { - "lastModified": 1686819168, - "narHash": "sha256-IbRVStbKoMC2fUX6TxNO82KgpVfI8LL4Cq0bTgdYhnY=", + "lastModified": 1702375325, + "narHash": "sha256-kEdrh6IB7xh7YDwZ0ZVCngCs+uoS9gx4ydEoJRnM1Is=", "owner": "nix-community", "repo": "nixos-images", - "rev": "ccc1a2c08ce2fc38bcece85d2a6e7bf17bac9e37", + "rev": "d655cc02fcb9ecdcca4f3fb307e291a4b5be1339", "type": "github" }, "original": { @@ -433,18 +403,50 @@ "type": "github" } }, - "nixpkgs": { + "nixos-stable": { "locked": { - "lastModified": 1691370583, - "narHash": "sha256-LnKMx9NQ0Qx0DTYQVewkcRr+7uW5NY7xU9kjh+Lxnb0=", + "lastModified": 1702233072, + "narHash": "sha256-H5G2wgbim2Ku6G6w+NSaQaauv6B6DlPhY9fMvArKqRo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b51660a128c09baf31c614284b500eb53772496f", + "rev": "781e2a9797ecf0f146e81425c822dca69fe4a348", "type": "github" }, "original": { "owner": "NixOS", - "ref": "master", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixos-stable_2": { + "locked": { + "lastModified": 1703900474, + "narHash": "sha256-Zu+chYVYG2cQ4FCbhyo6rc5Lu0ktZCjRbSPE0fDgukI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "9dd7699928e26c3c00d5d46811f1358524081062", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1703134684, + "narHash": "sha256-SQmng1EnBFLzS7WSRyPM9HgmZP2kLJcPAz+Ug/nug6o=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d6863cbcbbb80e71cecfc03356db1cda38919523", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", "repo": "nixpkgs", "type": "github" } @@ -467,11 +469,27 @@ }, "nixpkgs-2305": { "locked": { - "lastModified": 1691592289, - "narHash": "sha256-Lqpw7lrXlLkYra33tp57ms8tZ0StWhbcl80vk4D90F8=", + "lastModified": 1704018918, + "narHash": "sha256-erjg/HrpC9liEfm7oLqb8GXCqsxaFwIIPqCsknW5aFY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "9034b46dc4c7596a87ab837bb8a07ef2d887e8c7", + "rev": "2c9c58e98243930f8cb70387934daa4bc8b00373", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.05", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-2311": { + "locked": { + "lastModified": 1704018918, + "narHash": "sha256-erjg/HrpC9liEfm7oLqb8GXCqsxaFwIIPqCsknW5aFY=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "2c9c58e98243930f8cb70387934daa4bc8b00373", "type": "github" }, "original": { @@ -484,11 +502,11 @@ "nixpkgs-lib": { "locked": { "dir": "lib", - "lastModified": 1690881714, - "narHash": "sha256-h/nXluEqdiQHs1oSgkOOWF+j8gcJMWhwnZ9PFabN6q0=", + "lastModified": 1703961334, + "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9e1960bc196baf6881340d53dccb203a951745a2", + "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9", "type": "github" }, "original": { @@ -501,11 +519,11 @@ }, "nixpkgs-lib_2": { "locked": { - "lastModified": 1691282883, - "narHash": "sha256-YLu1Fs+J+hw0BebUhWIeFzSqhlsnf0K88RqhVJebF9E=", + "lastModified": 1703983607, + "narHash": "sha256-YECXW8P0bqFM5e65Mu2fL4wZlonNWCuNEk7UQPsuJZ0=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "b1d35b759161787e1cda815c460050142bda9adb", + "rev": "a6c99b57d2e58f7fc6d52a08b0ba40160e75f738", "type": "github" }, "original": { @@ -516,11 +534,11 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1690066826, - "narHash": "sha256-6L2qb+Zc0BFkh72OS9uuX637gniOjzU6qCDBpjB2LGY=", + "lastModified": 1703950681, + "narHash": "sha256-veU5bE4eLOmi7aOzhE7LfZXcSOONRMay0BKv01WHojo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ce45b591975d070044ca24e3003c830d26fea1c8", + "rev": "0aad9113182747452dbfc68b93c86e168811fa6c", "type": "github" }, "original": { @@ -532,11 +550,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1691565530, - "narHash": "sha256-qZZ6DxvS1X/tjxXNUwJrPiaIWLZyWUDM2gkJCi5uZpE=", + "lastModified": 1703961334, + "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "e528fa15d5f740a25b5f536c33932db64cb10fc8", + "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9", "type": "github" }, "original": { @@ -548,11 +566,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1691644995, - "narHash": "sha256-/OL3sk+9iPv+pto8hs/3cPhGmcS+ugKowQ8FvopLMEA=", + "lastModified": 1704177376, + "narHash": "sha256-6AV8TWX/juwV8delRDtlbUzi1X8irrtCfrtcYByVhCs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "f6f59fdce76ca4ee03852417a642b77a960229cd", + "rev": "e2e36d8af3b7c465311f11913b7dedd209633c84", "type": "github" }, "original": { @@ -564,17 +582,17 @@ }, "nixpkgs-wayland": { "inputs": { - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_2", "lib-aggregate": "lib-aggregate", "nix-eval-jobs": "nix-eval-jobs", "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1691518836, - "narHash": "sha256-sY9Unk1pCbMxMSX/SuoSUg8TY4TDN+edKY83cCEqb8g=", + "lastModified": 1704201485, + "narHash": "sha256-pFDUR45wmq1HehY3WlJOJydFkLOzKC2pWqvMykLj2Qk=", "owner": "nix-community", "repo": "nixpkgs-wayland", - "rev": "982c0c1ee398e8584d8c9cce011ec98392d2e3cc", + "rev": "b0c06873775fe978bd9384ab14c24903bde92e74", "type": "github" }, "original": { @@ -585,11 +603,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1691368598, - "narHash": "sha256-ia7li22keBBbj02tEdqjVeLtc7ZlSBuhUk+7XTUFr14=", + "lastModified": 1703961334, + "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5a8e9243812ba528000995b294292d3b5e120947", + "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9", "type": "github" }, "original": { @@ -602,11 +620,11 @@ "ofi-pass": { "flake": false, "locked": { - "lastModified": 1687009458, - "narHash": "sha256-SgndtGEd3zDztqLJYSdun6IbOqgXsvw0Q8flicPHonY=", + "lastModified": 1691863924, + "narHash": "sha256-Vkm3QXjkLIu0RnM0w+upzAF9M7atKBPYqiV7f+eBKJY=", "owner": "sereinity", "repo": "ofi-pass", - "rev": "e99b15857438bbb6013f7f65513c13ea3f5ebdfa", + "rev": "b20bd3440686429b113821c51a68b799675d5bb0", "type": "github" }, "original": { @@ -615,6 +633,23 @@ "type": "github" } }, + "prs": { + "flake": false, + "locked": { + "lastModified": 1692545676, + "narHash": "sha256-jA97WxXBgWtttXnTBxfb4lPEEFqRMflL1BYfDCYeVfo=", + "owner": "timvisee", + "repo": "prs", + "rev": "308e753f769e5ddcda14d13eeeb7b40c5887e0ca", + "type": "gitlab" + }, + "original": { + "owner": "timvisee", + "ref": "master", + "repo": "prs", + "type": "gitlab" + } + }, "root": { "inputs": { "aphorme_launcher": "aphorme_launcher", @@ -631,14 +666,16 @@ "magmawm": "magmawm", "nixos-anywhere": "nixos-anywhere", "nixpkgs": [ - "nixpkgs-2305" + "nixpkgs-2311" ], "nixpkgs-2211": "nixpkgs-2211", "nixpkgs-2305": "nixpkgs-2305", + "nixpkgs-2311": "nixpkgs-2311", "nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable-small": "nixpkgs-unstable-small", "nixpkgs-wayland": "nixpkgs-wayland", "ofi-pass": "ofi-pass", + "prs": "prs", "salut": "salut", "sops-nix": "sops-nix", "srvos": "srvos", @@ -648,11 +685,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1691604464, - "narHash": "sha256-nNc/c9r1O8ajE/LkMhGcvJGlyR6ykenR3aRkEkhutxA=", + "lastModified": 1704114818, + "narHash": "sha256-/0gMZ32JaUTQ0THA/S9rcQSAmEKfL3hGorX5En8lG98=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "05b061205179dab9a5cd94ae66d1c0e9b8febe08", + "rev": "a8d935eedc80df8b453d90539cbe78b7e2c75e3c", "type": "github" }, "original": { @@ -662,31 +699,6 @@ "type": "github" } }, - "rust-overlay": { - "inputs": { - "flake-utils": [ - "crane", - "flake-utils" - ], - "nixpkgs": [ - "crane", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1691029059, - "narHash": "sha256-QwVeE9YTgH3LmL7yw2V/hgswL6yorIvYSp4YGI8lZYM=", - "owner": "oxalica", - "repo": "rust-overlay", - "rev": "99df4908445be37ddb2d332580365fce512a7dcf", - "type": "github" - }, - "original": { - "owner": "oxalica", - "repo": "rust-overlay", - "type": "github" - } - }, "salut": { "flake": false, "locked": { @@ -711,11 +723,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1690199016, - "narHash": "sha256-yTLL72q6aqGmzHq+C3rDp3rIjno7EJZkFLof6Ika7cE=", + "lastModified": 1703991717, + "narHash": "sha256-XfBg2dmDJXPQEB8EdNBnzybvnhswaiAkUeeDj7fa/hQ=", "owner": "Mic92", "repo": "sops-nix", - "rev": "c36df4fe4bf4bb87759b1891cab21e7a05219500", + "rev": "cfdbaf68d00bc2f9e071f17ae77be4b27ff72fa6", "type": "github" }, "original": { @@ -726,16 +738,17 @@ }, "srvos": { "inputs": { + "nixos-stable": "nixos-stable_2", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1691630941, - "narHash": "sha256-4+KVSa32impg0aBqXVEEty8uu3Urb64CjmseDkETofg=", + "lastModified": 1704204620, + "narHash": "sha256-u7C59X3s706W9ptqfYHLlZlropun5Fzr9eYaKAsEuN8=", "owner": "numtide", "repo": "srvos", - "rev": "b7407c2dc143402de6f140575398020175f3ae1a", + "rev": "e5eecdf21bdf048cef7cb9e52bf573fdf959d491", "type": "github" }, "original": { @@ -775,21 +788,6 @@ "type": "github" } }, - "systems_2": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "treefmt-nix": { "inputs": { "nixpkgs": [ @@ -798,11 +796,11 @@ ] }, "locked": { - "lastModified": 1687940979, - "narHash": "sha256-D4ZFkgIG2s9Fyi78T3fVG9mqMD+/UnFDB62jS4gjZKY=", + "lastModified": 1702376629, + "narHash": "sha256-9uAY8a7JN4DvLe/g4OoldqPbcNZ09YOVXID+CkIqL70=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "0a4f06c27610a99080b69433873885df82003aae", + "rev": "390018a9398f9763bfc05ffe6443ce0622cb9ba6", "type": "github" }, "original": { @@ -820,11 +818,11 @@ ] }, "locked": { - "lastModified": 1690874496, - "narHash": "sha256-qYZJVAfilFbUL6U+euMjKLXUADueMNQBqwihpNzTbDU=", + "lastModified": 1702979157, + "narHash": "sha256-RnFBbLbpqtn4AoJGXKevQMCGhra4h6G2MPcuTSZZQ+g=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "fab56c8ce88f593300cd8c7351c9f97d10c333c5", + "rev": "2961375283668d867e64129c22af532de8e77734", "type": "github" }, "original": { @@ -835,17 +833,17 @@ }, "yofi": { "inputs": { - "flake-utils": "flake-utils_4", + "flake-utils": "flake-utils_3", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1678976029, - "narHash": "sha256-AZ2+FQtVwUFgv4kiZqMKmiXS2qygMktDE185O19BXiM=", + "lastModified": 1702939607, + "narHash": "sha256-nPIt1JIQ3g6lBE7+qI8gV1cmJ+uA55aAzho2dGOIFik=", "owner": "l4l", "repo": "yofi", - "rev": "811a4358913aed527348f9584d6c0767983299bb", + "rev": "c0ca3365a702e7a2852a801ca357df5eb87d0cf9", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 7efe41a..9400ed8 100644 --- a/flake.nix +++ b/flake.nix @@ -4,9 +4,10 @@ # flake and infra basics nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; nixpkgs-2305.url = "github:nixos/nixpkgs/nixos-23.05"; + nixpkgs-2311.url = "github:nixos/nixpkgs/nixos-23.05"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small"; - nixpkgs.follows = "nixpkgs-2305"; + nixpkgs.follows = "nixpkgs-2311"; flake-parts.url = "github:hercules-ci/flake-parts"; get-flake.url = "github:ursi/get-flake"; @@ -67,162 +68,219 @@ url = "gitlab:snakedye/salut"; flake = false; }; + + prs = { + url = "gitlab:timvisee/prs/master"; + flake = false; + }; }; - outputs = inputs @ { - self, - flake-parts, - nixpkgs, - ... - }: let - inherit (nixpkgs) lib; + outputs = + inputs @ { self + , flake-parts + , nixpkgs + , ... + }: + let + inherit (nixpkgs) lib; - systems = [ - "x86_64-linux" - "aarch64-linux" - ]; - in - flake-parts.lib.mkFlake {inherit inputs;} - ({withSystem, ...}: { - flake.colmena = - lib.lists.foldl (sum: cur: lib.attrsets.recursiveUpdate sum cur) - { - meta.nixpkgs = import inputs.nixpkgs.outPath { - system = builtins.elemAt systems 0; - }; - } - # FIXME: this doesn't seem to work to apply overlays into a node's nixpkgs import - # try this instead: https://github.com/zhaofengli/colmena/issues/60#issuecomment-1510496861 - (builtins.map (nodeName: - import ./nix/os/devices/${nodeName} { - inherit nodeName; - repoFlake = self; - repoFlakeWithSystem = withSystem; - nodeFlake = self.inputs.get-flake ./nix/os/devices/${nodeName}; - }) [ - "steveej-t14" - "elias-e525" - "justyna-p300" + systems = [ + "x86_64-linux" + "aarch64-linux" + ]; + in + flake-parts.lib.mkFlake { inherit inputs; } + ({ withSystem, ... }: { + flake.colmena = + lib.lists.foldl (sum: cur: lib.attrsets.recursiveUpdate sum cur) + { + meta.nixpkgs = import inputs.nixpkgs.outPath { + system = builtins.elemAt systems 0; + }; + } + # FIXME: this doesn't seem to work to apply overlays into a node's nixpkgs import + # try this instead: https://github.com/zhaofengli/colmena/issues/60#issuecomment-1510496861 + (builtins.map + (nodeName: + import ./nix/os/devices/${nodeName} { + inherit nodeName; + repoFlake = self; + repoFlakeWithSystem = withSystem; + nodeFlake = self.inputs.get-flake ./nix/os/devices/${nodeName}; + }) [ + "steveej-t14" + # "elias-e525" + # "justyna-p300" - "srv0-dmz0" - "router0-dmz0" + # "srv0-dmz0" + # # "router0-dmz0" - "sj-vps-htz0" - "sj-bm-hostkey0" - ]); + # "sj-vps-htz0" + "sj-bm-hostkey0" - # this makes nixos-anywhere work - flake.nixosConfigurations = - (inputs.colmena.lib.makeHive self.outputs.colmena).nodes - // (let - router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations; - in { - router0-dmz0 = router0-dmz0.native; + # "retro" + ]); - # for now deploy directly with: - # nixos-rebuild switch --flake .\#cross_router0-dmz0 --build-host localhost --target-host root@192.168.10.1 - cross_router0-dmz0 = router0-dmz0.cross; - }); + # this makes nixos-anywhere work + flake.nixosConfigurations = + (inputs.colmena.lib.makeHive self.outputs.colmena).nodes + // ( + let + router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations; + steveej-x13s = (inputs.get-flake ./nix/os/devices/steveej-x13s).nixosConfigurations; + retro = (inputs.get-flake ./nix/os/devices/retro).nixosConfigurations; + in + { + router0-dmz0 = router0-dmz0.native; - inherit systems; + # for now deploy directly with: + # nixos-rebuild switch --flake .\#router0-dmz0_cross --build-host localhost --target-host root@192.168.10.1 + router0-dmz0_cross = router0-dmz0.cross; - perSystem = { - inputs', - system, - config, - lib, - pkgs, - ... - }: rec { - imports = [ - ./nix/modules/flake-parts/perSystem/default.nix - ]; + # nixos-install --flake .\#retro_cross + retro_cross = retro.cross; - packages = let - dcpj4110dw = pkgs.callPackage (self + /nix/pkgs/dcpj4110dw) {}; + steveej-x13s_cross = steveej-x13s.cross; + } + ); - craneLib = - inputs.crane.lib.${system}.overrideToolchain - inputs'.fenix.packages.stable.toolchain; + inherit systems; - craneLibOfiPass = - inputs.crane.lib.${system}.overrideToolchain - ( - inputs'.fenix.packages.stable.toolchain - # .override { - # date = "1.60.0"; - # } - ); - in { - dcpj4110dwDriver = dcpj4110dw.driver; - dcpj4110dwCupswrapper = dcpj4110dw.cupswrapper; - - # broken as of 2023-04-27 because it doesn't load without a config - # aphorme_launcher = craneLib.buildPackage {src = inputs.aphorme_launcher;}; - # yofi = inputs'.yofi.packages.default; - # ofi-pass = craneLibOfiPass.buildPackage {src = inputs.ofi-pass;}; - - inherit (inputs'.colmena.packages) colmena; - - # jay = pkgs.callPackage (self + /nix/pkgs/jay.nix) { - # src = inputs.jay; - # rustPlatform = pkgs.makeRustPlatform { - # cargo = inputs'.fenix.packages.stable.toolchain; - # rustc = inputs'.fenix.packages.stable.toolchain; - # }; - # }; - - # magmawm = pkgs.callPackage (self + /nix/pkgs/magmawm.nix) { - # inherit craneLib; - # src = inputs.magmawm; - # }; - - salut = craneLib.buildPackage { - src = inputs.salut; - nativeBuildInputs = [ - pkgs.pkg-config - ]; - buildInputs = [ - pkgs.libxkbcommon - pkgs.fontconfig + perSystem = + { inputs' + , system + , config + , lib + , pkgs + , ... + }: rec { + imports = [ + ./nix/modules/flake-parts/perSystem/default.nix ]; + + packages = + let + dcpj4110dw = pkgs.callPackage (self + /nix/pkgs/dcpj4110dw) { }; + + craneLib = + inputs.crane.lib.${system}.overrideToolchain + inputs'.fenix.packages.stable.toolchain; + + craneLibOfiPass = + inputs.crane.lib.${system}.overrideToolchain + ( + inputs'.fenix.packages.stable.toolchain + # .override { + # date = "1.60.0"; + # } + ); + in + { + dcpj4110dwDriver = dcpj4110dw.driver; + dcpj4110dwCupswrapper = dcpj4110dw.cupswrapper; + + # broken as of 2023-04-27 because it doesn't load without a config + # aphorme_launcher = craneLib.buildPackage {src = inputs.aphorme_launcher;}; + # yofi = inputs'.yofi.packages.default; + # ofi-pass = craneLibOfiPass.buildPackage {src = inputs.ofi-pass;}; + + inherit (inputs'.colmena.packages) colmena; + + # jay = pkgs.callPackage (self + /nix/pkgs/jay.nix) { + # src = inputs.jay; + # rustPlatform = pkgs.makeRustPlatform { + # cargo = inputs'.fenix.packages.stable.toolchain; + # rustc = inputs'.fenix.packages.stable.toolchain; + # }; + # }; + + # magmawm = pkgs.callPackage (self + /nix/pkgs/magmawm.nix) { + # inherit craneLib; + # src = inputs.magmawm; + # }; + + salut = craneLib.buildPackage { + src = inputs.salut; + nativeBuildInputs = [ + pkgs.pkg-config + ]; + buildInputs = [ + pkgs.libxkbcommon + pkgs.fontconfig + ]; + }; + + prs = pkgs.callPackage + ({ pkgs + , dbus + , glib + , gpgme + , gtk3 + , libxcb + , libxkbcommon + , installShellFiles + , pkg-config + , python3 + }: craneLib.buildPackage { + pname = "prs"; + version = inputs.prs.shortRev; + src = inputs.prs; + nativeBuildInputs = [ gpgme installShellFiles pkg-config python3 ]; + + buildInputs = [ + dbus + glib + gpgme + gtk3 + libxcb + libxkbcommon + ]; + + cargoExtraArgs = "--features backend-gpgme"; + + postInstall = '' + for shell in bash fish zsh; do + installShellCompletion --cmd prs --$shell <($out/bin/prs internal completions $shell --stdout) + done + ''; + }) + { }; + + nomad = inputs'.nixpkgs-unstable.legacyPackages.nomad_1_6; + + ledger-live-desktop-wrapped = pkgs.writeShellScriptBin "ledger-live-desktop-wrapped" '' + set -x + pkill -9 wayland-proxy-v + export NIXOS_OZONE_WL="" + ${pkgs.wayland-proxy-virtwl}/bin/wayland-proxy-virtwl \ + --wayland-display=wayland-3 \ + --xwayland-binary=${pkgs.xwayland}/bin/Xwayland \ + --x-display=3 \ + & + # --x-unscale=3 \ + #--verbose \ + + export PROXYPID="$!" + + trap "kill -9 \$PROXYPID" EXIT + # trap "pkill -9 wayland-proxy-v" EXIT + + env \ + WAYLAND_DISPLAY=wayland-3 \ + DISPLAY=:3 \ + ledger-live-desktop + ''; + + syncthing-container-webui = pkgs.writeShellScriptBin "reverse-port-forward-syncthing-container" '' + ssh root@${self.colmena.sj-vps-htz0.deployment.targetHost} -L 8385:syncthing.containers:8384 + ''; + }; + + formatter = pkgs.alejandra; + devShells.default = import ./nix/devShells.nix { + inherit inputs' pkgs; + packages' = packages; + }; }; - - nomad = inputs'.nixpkgs-unstable.legacyPackages.nomad_1_6; - - ledger-live-desktop-wrapped = pkgs.writeShellScriptBin "ledger-live-desktop-wrapped" '' - set -x - pkill -9 wayland-proxy-v - export NIXOS_OZONE_WL="" - ${pkgs.wayland-proxy-virtwl}/bin/wayland-proxy-virtwl \ - --wayland-display=wayland-3 \ - --xwayland-binary=${pkgs.xwayland}/bin/Xwayland \ - --x-display=3 \ - & - # --x-unscale=3 \ - #--verbose \ - - export PROXYPID="$!" - - trap "kill -9 \$PROXYPID" EXIT - # trap "pkill -9 wayland-proxy-v" EXIT - - env \ - WAYLAND_DISPLAY=wayland-3 \ - DISPLAY=:3 \ - ledger-live-desktop - ''; - - syncthing-container-webui = pkgs.writeShellScriptBin "reverse-port-forward-syncthing-container" '' - ssh root@${self.colmena.sj-vps-htz0.deployment.targetHost} -L 8385:syncthing.containers:8384 - ''; - }; - - formatter = pkgs.alejandra; - devShells.default = import ./nix/devShells.nix { - inherit inputs' pkgs; - packages' = packages; - }; - }; - }); + }); } diff --git a/nix/devShells.nix b/nix/devShells.nix index 37ac5e4..3f59c5b 100644 --- a/nix/devShells.nix +++ b/nix/devShells.nix @@ -30,7 +30,6 @@ pkgs.stdenv.mkDerivation { ripgrep lm_sensors pass - prs fuzzel wofi age @@ -76,6 +75,7 @@ pkgs.stdenv.mkDerivation { (pkgs.writeShellScriptBin "r11" '' exec env NIXOS_OZONE_WL="" WAYLAND_DISPLAY="" $@ '') + ]); # Set Environment Variables diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 6bf8d93..8ef7cc4 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -343,6 +343,13 @@ in { # qtWrapperArgs+=("''${gappsWrapperArgs[@]}") # ''; })) + + + snes9x + snes9x-gtk + # this is a displaymanager! + # libretro.snes9x2010 + # retroarchFull ]); systemd.user.startServices = true; diff --git a/nix/home-manager/programs/espanso.nix b/nix/home-manager/programs/espanso.nix index 9de6eea..23f727a 100644 --- a/nix/home-manager/programs/espanso.nix +++ b/nix/home-manager/programs/espanso.nix @@ -62,6 +62,10 @@ trigger = ":dunno"; replace = "¯\\_(ツ)_/¯"; } + { + trigger = ":shrug"; + replace = "¯\\_(ツ)_/¯"; + } ]; }; }; diff --git a/nix/home-manager/programs/pass.nix b/nix/home-manager/programs/pass.nix index e20bbb4..a17e9a0 100644 --- a/nix/home-manager/programs/pass.nix +++ b/nix/home-manager/programs/pass.nix @@ -1,9 +1,8 @@ -{pkgs, ...}: { +{repoFlake, pkgs, ...}: { # required by pass-otp - home.sessionVariables.PASSWORD_STORE_EXTENSIONS_DIR = "$HOME/.nix-profile/lib/password-store/extensions"; - home.sessionVariables.PASSWORD_STORE_ENABLE_EXTENSIONS = "true"; - - programs.browserpass.enable = true; + # home.sessionVariables.PASSWORD_STORE_EXTENSIONS_DIR = "$HOME/.nix-profile/lib/password-store/extensions"; + # home.sessionVariables.PASSWORD_STORE_ENABLE_EXTENSIONS = "true"; + # programs.browserpass.enable = true; home.packages = with pkgs; [ gnupg @@ -12,6 +11,6 @@ # broken on wayland # rofi-pass - prs + repoFlake.packages.${pkgs.system}.prs ]; } diff --git a/nix/os/containers/webserver.nix b/nix/os/containers/webserver.nix index f894185..df3c445 100644 --- a/nix/os/containers/webserver.nix +++ b/nix/os/containers/webserver.nix @@ -39,7 +39,14 @@ in { in '' redir /hedgedoc* https://hedgedoc.${domain} - respond "Hi!" + file_server /*/* { + browse + root /var/www/stefanjunker.de/htdocs/caddy + pass_thru + } + + # respond "Hi" + # respond (not /*/*) "Hi" ''; }; @@ -99,7 +106,7 @@ in { }; services.jitsi-meet = { - enable = true; + enable = false; hostName = "meet.${domain}"; config = { prejoinPageEnabled = true; diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index 5c90210..75ca38f 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -184,10 +184,11 @@ in { after = ["hook"]; rules = let wanInterfaces = builtins.concatStringsSep ", " config.networking.nftables.firewall.zones.wan.interfaces; - exposedHost = "192.168.22.121"; + exposedHost = "srv0-dmz0.dmz.internal"; in [ "iifname { ${wanInterfaces} } tcp dport 220 redirect to 22" - "iifname { ${wanInterfaces} } dnat ip to ${exposedHost}" + # TODO: if this hostname doesn't resolve it'll break the whole ruleset + # "iifname { ${wanInterfaces} } dnat ip to ${exposedHost}" ]; }; }; @@ -574,7 +575,8 @@ in { # sae_password_file = config.sops.secrets.wlan0_saePasswordsFile.path; # enables debug logging - # logger_stdout_level= lib.mkForce 0; + logger_stdout_level= lib.mkForce 0; + logger_stdout = -1; # logger_syslog_level= lib.mkForce 0; # resources on vlan tagging @@ -583,6 +585,7 @@ in { dynamic_vlan = 1; + # this option currently requires a patch to hostapd vlan_no_bridge = 1; /* not used due to the above vlan_no_bridge setting @@ -620,14 +623,36 @@ in { # "SAE" ]); + # wpa_psk_radius = 0; + wpa_pairwise = "CCMP"; + wmm_enabled = 1; + # IEEE 802.11i (authentication) related configuration # Encrypt management frames to protect against deauthentication and similar attacks ieee80211w = 1; sae_require_mfp = 1; sae_groups = "19 20 21"; + + # [ENABLE-TLSv1.3] = enable TLSv1.3 (experimental - disabled by default) + tls_flags= "[ENABLE-TLSv1.3]"; + + ieee8021x=0; + eap_server=0; }; }; + # wlan0-1 = { + # ssid = "mlsia-testing"; + # authentication = { + # mode = "wpa3-sae-transition"; + # }; + + # bssid = mkBssid 1; + # settings = { + # bridge = bridgeInterfaceName; + # }; + # }; + # wlan0-1 = { # ssid = "justtestingwifi-wpa3"; # authentication = { @@ -777,7 +802,7 @@ in { tag (mkVlanIpv4HostAddr { inherit vlanid; host = 100; cidr = false; }) (mkVlanIpv4HostAddr { inherit vlanid; host = 199; cidr = false; }) - "30m" + "12h" ]; in builtins.map @@ -843,7 +868,8 @@ in { }; # The service irqbalance is useful as it assigns certain IRQ calls to specific CPUs instead of letting the first CPU core to handle everything. This is supposed to increase performance by hitting CPU cache more often. - services.irqbalance.enable = true; + # disable for now as i think it causes wifi issues + services.irqbalance.enable = false; system.stateVersion = "23.05"; diff --git a/nix/os/devices/sj-bm-hostkey0/configuration.nix b/nix/os/devices/sj-bm-hostkey0/configuration.nix index ee50d8a..76ddb97 100644 --- a/nix/os/devices/sj-bm-hostkey0/configuration.nix +++ b/nix/os/devices/sj-bm-hostkey0/configuration.nix @@ -162,5 +162,8 @@ boot.binfmt.emulatedSystems = [ "aarch64-linux" + "i686-linux" + # "i386-linux" + # "i586-linux" ]; } diff --git a/nix/os/devices/sj-vps-htz0/system.nix b/nix/os/devices/sj-vps-htz0/system.nix index 5bb2317..0657935 100644 --- a/nix/os/devices/sj-vps-htz0/system.nix +++ b/nix/os/devices/sj-vps-htz0/system.nix @@ -1,13 +1,14 @@ -{ - pkgs, - lib, - config, - repoFlake, - nodeName, - ... -}: let +{ pkgs +, lib +, config +, repoFlake +, nodeName +, ... +}: +let wireguardPort = 51820; -in { +in +{ imports = [ ../../snippets/systemd-resolved.nix ]; @@ -31,14 +32,14 @@ in { networking.interfaces.eth0 = { mtu = 1400; - useDHCP = false; + useDHCP = true; ipv4.addresses = [ { "address" = "167.233.1.14"; "prefixLength" = 29; } ]; - ipv6.addresses = []; + ipv6.addresses = [ ]; }; networking.defaultGateway = { @@ -53,7 +54,7 @@ in { networking.nat = { enable = true; - internalInterfaces = ["ve-*" "wg*"]; + internalInterfaces = [ "ve-*" "wg*" ]; externalInterface = "eth0"; }; @@ -78,7 +79,7 @@ in { privateKeyFile = config.sops.secrets.wg0-private.path; peers = [ { - allowedIPs = ["192.168.99.2/32"]; + allowedIPs = [ "192.168.99.2/32" ]; publicKey = "O3k4jEdX6jkV1fHP/J8KSH5tvi+n1VvnBTD5na6Naw0="; presharedKeyFile = config.sops.secrets.wg0-psk-steveej-psk.path; } @@ -86,12 +87,12 @@ in { }; # virtualization - virtualisation = {docker.enable = false;}; + virtualisation = { docker.enable = false; }; services.spice-vdagentd.enable = true; services.qemuGuest.enable = true; - nix.gc = {automatic = true;}; + nix.gc = { automatic = true; }; containers = { mailserver = import ../../containers/mailserver.nix { @@ -108,17 +109,17 @@ in { webserver = import ../../containers/webserver.nix - { - inherit repoFlake; + { + inherit repoFlake; - autoStart = true; + autoStart = true; - hostAddress = "192.168.100.12"; - localAddress = "192.168.100.13"; + hostAddress = "192.168.100.12"; + localAddress = "192.168.100.13"; - httpPort = 80; - httpsPort = 443; - }; + httpPort = 80; + httpsPort = 443; + }; syncthing = import ../../containers/syncthing.nix { autoStart = true; diff --git a/nix/os/devices/steveej-t14/configuration.nix b/nix/os/devices/steveej-t14/configuration.nix index 8d578b7..2a655c5 100644 --- a/nix/os/devices/steveej-t14/configuration.nix +++ b/nix/os/devices/steveej-t14/configuration.nix @@ -11,5 +11,61 @@ ./user.nix ./boot.nix ./secrets.nix + + # samba seerver + ({ lib, ... }: { + + # networking.firewall.enable = lib.mkForce false; + services.samba-wsdd.enable = true; # make shares visible for windows 10 clients + networking.firewall.allowedTCPPorts = [ + 5357 # wsdd + ]; + networking.firewall.allowedUDPPorts = [ + 3702 # wsdd + ]; + services.samba = { + enable = true; + + securityType = "user"; + + extraConfig = '' + workgroup = ARBEITSGRUPPE + server string = steveej-t14 + netbios name = steveej-t14 + security = user + + # use sendfile = yes + + # for executables on windows + acl allow execute always = True + + # legacy windows quirks + max protocol = NT1 + min protocol = NT1 + ntlm auth = yes + + # client max protocol = SMB1 + # client min protocol = NT1 + + # note: localhost is the ipv6 localhost ::1 + hosts allow = 192.168. 127.0.0.1 localhost + hosts deny = 0.0.0.0/0 + guest account = nobody + map to guest = bad user + ''; + shares = { + voodoo = { + path = "/home/steveej/Desktop/voodoo"; + browseable = "yes"; + "read only" = "no"; + "guest ok" = "no"; + "create mask" = "0644"; + "directory mask" = "0755"; + # "force user" = "steveej"; + # "force group" = "users"; + }; + }; + }; + }) ]; } diff --git a/nix/os/devices/steveej-t14/hw.nix b/nix/os/devices/steveej-t14/hw.nix index c766ced..5c8c9b4 100644 --- a/nix/os/devices/steveej-t14/hw.nix +++ b/nix/os/devices/steveej-t14/hw.nix @@ -1,4 +1,4 @@ -{...}: let +{lib, ...}: let stage1Modules = [ "aesni_intel" "kvm_amd" @@ -7,6 +7,22 @@ "thunderbolt" "e1000e" + + "usbcore" + "xhci_hcd" + "usbnet" + "snd_usb_audio" + "usbhid" + "snd_usbmidi_lib" + "cdc_mbim" + "cdc_ncm" + "usb_storage" + "cdc_wdm" + "uvcvideo" + "btusb" + "xhci_pci" + "cdc_ether" + "uas" ]; in { # TASK: new device @@ -14,8 +30,11 @@ in { enable = true; encrypted = true; diskId = "nvme-WD_BLACK_SN850X_4000GB_2227DT443901"; + earlyDiskIdOverride = "usb-JMicron_Generic_0123456789ABCDEF-0:0"; }; + # boot.loader.grub.device = lib.mkForce "/dev/disk/by-id/usb-JMicron_Generic_0123456789ABCDEF-0:0"; + # see https://linrunner.de/tlp/ services.tlp = { enable = true; @@ -90,6 +109,7 @@ in { ]; }; + hardware.enableRedistributableFirmware = true; # boot.initrd.availableKernelModules = stage1Modules; boot.initrd.kernelModules = stage1Modules; } diff --git a/nix/os/devices/steveej-t14/pkg.nix b/nix/os/devices/steveej-t14/pkg.nix index 95dc2d4..1ff1a59 100644 --- a/nix/os/devices/steveej-t14/pkg.nix +++ b/nix/os/devices/steveej-t14/pkg.nix @@ -59,6 +59,25 @@ sway ''; + + # autologin steveej on tty1 + systemd.services."autovt@tty1".description = "Autologin at the TTY1"; + systemd.services."autovt@tty1".after = [ "systemd-logind.service" ]; # without it user session not started and xorg can't be run from this tty + systemd.services."autovt@tty1".wantedBy = [ "multi-user.target" ]; + systemd.services."autovt@tty1".serviceConfig = + { ExecStart = [ + "" # override upstream default with an empty ExecStart + "@${pkgs.utillinux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login --autologin steveej --noclear %I $TERM" + ]; + Restart = "always"; + Type = "idle"; + }; + programs.zsh.loginShellInit = '' + if test $(id --user steveej) = $(id -u) && test $(tty) = "/dev/tty1"; then + exec sway + fi + ''; + # fonts = let # prefs.font = rec { # size = 13; @@ -109,6 +128,7 @@ # rtkit is optional but recommended security.rtkit.enable = true; services.pipewire = { + audio.enable = true; enable = true; alsa.enable = true; alsa.support32Bit = true; diff --git a/nix/os/devices/steveej-t14/system.nix b/nix/os/devices/steveej-t14/system.nix index e39601a..3e35163 100644 --- a/nix/os/devices/steveej-t14/system.nix +++ b/nix/os/devices/steveej-t14/system.nix @@ -1,11 +1,11 @@ -{ - pkgs, - lib, - config, - nodeName, - repoFlake, - ... -}: let +{ pkgs +, lib +, config +, nodeName +, repoFlake +, ... +}: +let passwords = import ../../../variables/passwords.crypt.nix; localTcpPorts = [ @@ -24,7 +24,8 @@ 21027 ]; -in { +in +{ imports = [ ../../snippets/nix-settings-holo-chain.nix ]; @@ -44,16 +45,16 @@ in { sshUser = "nix-remote-builder"; protocol = "ssh-ng"; system = "x86_64-linux"; - maxJobs = 24; + maxJobs = 32; speedFactor = 100; - supportedFeatures = repoFlake.nixosConfigurations.router0-dmz0.config.nix.settings.system-features ++ []; + supportedFeatures = repoFlake.nixosConfigurations.router0-dmz0.config.nix.settings.system-features ++ [ ]; } ]; networking.extraHosts = '' ''; - networking.bridges."virbr1".interfaces = []; + networking.bridges."virbr1".interfaces = [ ]; networking.interfaces."virbr1".ipv4.addresses = [ { address = "10.254.254.254"; @@ -86,7 +87,7 @@ in { # virtualization virtualisation = { - libvirtd = {enable = true;}; + libvirtd = { enable = true; }; virtualbox.host = { enable = false; @@ -107,11 +108,11 @@ in { enable = true; package = lib.mkForce pkgs.gnome3.gvfs; }; - environment.systemPackages = with pkgs; [lxqt.lxqt-policykit]; # provides a default authentification client for policykit + environment.systemPackages = with pkgs; [ lxqt.lxqt-policykit ]; # provides a default authentification client for policykit - security.pki.certificateFiles = ["${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"]; + security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]; - services.xserver.videoDrivers = lib.mkForce ["amdgpu"]; + services.xserver.videoDrivers = lib.mkForce [ "amdgpu" ]; services.xserver.serverFlagsSection = '' Option "BlankTime" "0" Option "StandbyTime" "0" @@ -123,35 +124,37 @@ in { hardware.ledger.enable = true; - services.zerotierone = { - enable = true; - joinNetworks = [ - # moved to the service below as it's now secret - ]; - }; + # services.zerotierone = { + # enable = false; + # joinNetworks = [ + # # moved to the service below as it's now secret + # ]; + # }; - systemd.services.zerotieroneSecretNetworks = { - enable = false; - requiredBy = ["zerotierone.service"]; - partOf = ["zerotierone.service"]; + # systemd.services.zerotieroneSecretNetworks = { + # enable = false; + # requiredBy = [ "zerotierone.service" ]; + # partOf = [ "zerotierone.service" ]; - serviceConfig.Type = "oneshot"; - serviceConfig.RemainAfterExit = true; + # serviceConfig.Type = "oneshot"; + # serviceConfig.RemainAfterExit = true; - script = let - secret = config.sops.secrets.zerotieroneNetworks; - in '' - # include the secret's hash to trigger a restart on change - # ${builtins.hashString "sha256" (builtins.toJSON secret)} + # script = + # let + # secret = config.sops.secrets.zerotieroneNetworks; + # in + # '' + # # include the secret's hash to trigger a restart on change + # # ${builtins.hashString "sha256" (builtins.toJSON secret)} - ${config.systemd.services.zerotierone.preStart} + # ${config.systemd.services.zerotierone.preStart} - rm -rf /var/lib/zerotier-one/networks.d/*.conf - for network in `grep -v '#' ${secret.path}`; do - touch /var/lib/zerotier-one/networks.d/''${network}.conf - done - ''; - }; + # rm -rf /var/lib/zerotier-one/networks.d/*.conf + # for network in `grep -v '#' ${secret.path}`; do + # touch /var/lib/zerotier-one/networks.d/''${network}.conf + # done + # ''; + # }; sops.secrets.zerotieroneNetworks = { sopsFile = ../../../../secrets/zerotierone.txt; diff --git a/nix/os/devices/steveej-x13s/.gitignore b/nix/os/devices/steveej-x13s/.gitignore new file mode 100644 index 0000000..b2be92b --- /dev/null +++ b/nix/os/devices/steveej-x13s/.gitignore @@ -0,0 +1 @@ +result diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix new file mode 100644 index 0000000..8bbc5c9 --- /dev/null +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -0,0 +1,82 @@ +{ repoFlake +, pkgs +, lib +, config +, nodeFlake +, nodeName +, localDomainName +, system +, ... +}: + +{ + imports = [ + # repoFlake.inputs.sops-nix.nixosModules.sops + + # ../../profiles/common/user.nix + + { + nix.nixPath = [ + "nixpkgs=${pkgs.path}" + ]; + + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + + nix.settings.max-jobs = lib.mkDefault "auto"; + nix.settings.cores = lib.mkDefault 0; + } + + { + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "yes"; + + # users.commonUsers = { + # enable = true; + # enableNonRoot = false; + # rootPasswordFile = config.sops.secrets.passwords-root.path; + # }; + + users.users.root.password = "install"; + + # sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + # sops.defaultSopsFormat = "yaml"; + + # sops.secrets.passwords-root.neededForUsers = true; + } + ]; + + networking = { + hostName = nodeName; + useNetworkd = false; + + networkmanager.enable = false; + + firewall.enable = false; + }; + + system.stateVersion = "23.11"; + + # We exclude a number of modules included in the default list. A non-insignificant amount do + # not apply to embedded hardware like this, so simply skip the defaults. + # + # Custom kernel is required as a lot of MTK components misbehave when built as modules. + # They fail to load properly, leaving the system without working ethernet, they'll oops on + # remove. MTK-DSA parts and PCIe were observed to do this. + + # boot.initrd.includeDefaultModules = false; + # boot.initrd.kernelModules = ["rfkill" "cfg80211" "mt7915e"]; + # boot.initrd.availableKernelModules = ["nvme"]; + + nixpkgs.config.allowUnfree = true; + + # hardware.enableRedistributableFirmware = true; + + environment.systemPackages = [ + pkgs.busybox + ]; + + fileSystems."/".label = "x13s_root"; +} diff --git a/nix/os/devices/steveej-x13s/default.nix b/nix/os/devices/steveej-x13s/default.nix new file mode 100644 index 0000000..3961f0b --- /dev/null +++ b/nix/os/devices/steveej-x13s/default.nix @@ -0,0 +1,35 @@ +{ + system ? "aarch64-linux", + nodeName, + repoFlake, + nodeFlake, + localDomainName ? "internal", + ... +}: { + meta.nodeSpecialArgs.${nodeName} = { + inherit repoFlake nodeName nodeFlake system; + packages' = repoFlake.packages.${system}; + nodePackages' = nodeFlake.packages.${system}; + + inherit localDomainName; + }; + + meta.nodeNixpkgs.${nodeName} = + import nodeFlake.inputs.nixpkgs.outPath + { + inherit system; + }; + + ${nodeName} = { + deployment.targetHost = "${nodeName}.${localDomainName}"; + deployment.replaceUnknownProfiles = true; + + # nixpkgs.pkgs = nodeFlake.inputs.nixpkgs.legacyPackages.${system}; + + imports = [ + ./configuration.nix + ]; + + networking.hostName = nodeName; + }; +} diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock new file mode 100644 index 0000000..be88708 --- /dev/null +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -0,0 +1,159 @@ +{ + "nodes": { + "brainwart_x13s-nixos": { + "flake": false, + "locked": { + "lastModified": 1701822673, + "narHash": "sha256-F2LBV8tqGPhEAvmn5Frxj79RPWgPGUYxJRYz8Pn9uj0=", + "owner": "BrainWart", + "repo": "x13s-nixos", + "rev": "ba245df7a72a78ec93aa500ba1a0cb29f0f65f37", + "type": "github" + }, + "original": { + "owner": "BrainWart", + "ref": "main", + "repo": "x13s-nixos", + "type": "github" + } + }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1705348229, + "narHash": "sha256-CssPema1sBxZkrT95KFuKCNNiqxNe1lnf2QNeXk88Xk=", + "owner": "nix-community", + "repo": "disko", + "rev": "d0b4408eaf782a1ada0a9133bb1cecefdd59c696", + "type": "github" + }, + "original": { + "id": "disko", + "type": "indirect" + } + }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": [ + "srvos", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1704982712, + "narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "07f6395285469419cf9d078f59b5b49993198c00", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "get-flake": { + "locked": { + "lastModified": 1694475786, + "narHash": "sha256-s5wDmPooMUNIAAsxxCMMh9g68AueGg63DYk2hVZJbc8=", + "owner": "ursi", + "repo": "get-flake", + "rev": "ac54750e3b95dab6ec0726d77f440efe6045bec1", + "type": "github" + }, + "original": { + "owner": "ursi", + "repo": "get-flake", + "type": "github" + } + }, + "linux_x13s": { + "flake": false, + "locked": { + "lastModified": 1705487080, + "narHash": "sha256-DTOPiUGaeH5Ey+AZaO1c1n/QFikIXmvo2tTzgFtJ70k=", + "owner": "jhovold", + "repo": "linux", + "rev": "dd209a8fb4840e48ca4963bb23057f38b1066a6d", + "type": "github" + }, + "original": { + "owner": "jhovold", + "ref": "wip/sc8280xp-v6.7", + "repo": "linux", + "type": "github" + } + }, + "mobile-nixos": { + "flake": false, + "locked": { + "lastModified": 1705008488, + "narHash": "sha256-Gj97fDFZaK6gLb3ayZgTTtD+MFE1YjoyYHWkB1TIAe0=", + "owner": "NixOS", + "repo": "mobile-nixos", + "rev": "56e55df7b07b5e5c6d050732d851cec62b41df95", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "mobile-nixos", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1705316053, + "narHash": "sha256-J2Ey5mPFT8gdfL2XC0JTZvKaBw/b2pnyudEXFvl+dQM=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "c3e128f3c0ecc1fb04aef9f72b3dcc2f6cecf370", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "brainwart_x13s-nixos": "brainwart_x13s-nixos", + "disko": "disko", + "get-flake": "get-flake", + "linux_x13s": "linux_x13s", + "mobile-nixos": "mobile-nixos", + "nixpkgs": "nixpkgs", + "srvos": "srvos" + } + }, + "srvos": { + "inputs": { + "flake-parts": "flake-parts", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1705346686, + "narHash": "sha256-lTf1b2I6wwNDhV5eEKIAMT5DOa43bK5KaPqDWH2yfek=", + "owner": "numtide", + "repo": "srvos", + "rev": "8e03bea707212a7225b0ab02a8186af8b1e98e0a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "srvos", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix new file mode 100644 index 0000000..05b3765 --- /dev/null +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -0,0 +1,270 @@ +{ + inputs = + { + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + + get-flake.url = "github:ursi/get-flake"; + + disko.inputs.nixpkgs.follows = "nixpkgs"; + srvos.url = "github:numtide/srvos"; + srvos.inputs.nixpkgs.follows = "nixpkgs"; + + mobile-nixos.url = "github:NixOS/mobile-nixos"; + mobile-nixos.flake = false; + + # see https://github.com/jhovold/linux/wiki/X13s for status updates + linux_x13s.url = "github:jhovold/linux/wip/sc8280xp-v6.7"; + linux_x13s.flake = false; + + brainwart_x13s-nixos = { + url = "github:BrainWart/x13s-nixos/main"; + flake = false; + }; + }; + + outputs = + { self + , get-flake + , nixpkgs + , ... + }: + let + targetPlatform = "aarch64-linux"; + buildPlatform = "x86_64-linux"; + nodeName = "steveej-x13s"; + + pkgs = nixpkgs.legacyPackages.${targetPlatform}; + pkgsCross = import self.inputs.nixpkgs { + system = buildPlatform; + crossSystem = { + config = "pentium2-unknown-linux-gnu"; + }; + }; + + mkNixosConfiguration = { extraModules ? [ ], ... } @ attrs: + nixpkgs.lib.nixosSystem ( + nixpkgs.lib.attrsets.recursiveUpdate + attrs + { + specialArgs = (import ./default.nix { + system = targetPlatform; + inherit nodeName; + + repoFlake = get-flake ../../../..; + nodeFlake = self; + }).meta.nodeSpecialArgs.${nodeName}; + + modules = + [ + self.nixosModules.hardware-x13s + + ./configuration.nix + + # flake registry + { + nix.registry.nixpkgs.flake = nixpkgs; + } + + { + nixpkgs.overlays = [ + (final: prev: + { + qrtr = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/qrtr.nix" { }; + qmic = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/qmic.nix" { }; + rmtfs = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/rmtfs.nix" { }; + pd-mapper = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/pd-mapper.nix" { + inherit (final) qrtr; + }; + compressFirmwareXz = prev.lib.id; #this leaves all firmware uncompressed :) for pd-mapper + }) + ]; + } + ] + ++ extraModules; + } + ); + in + { + nixosConfigurations = { + native = mkNixosConfiguration { + system = targetPlatform; + }; + + cross = mkNixosConfiguration { + extraModules = [ + { + nixpkgs.buildPlatform.system = buildPlatform; + nixpkgs.hostPlatform.system = targetPlatform; + } + ]; + }; + }; + + nixosModules.hardware-x13s = { pkgs, config, lib, options, ... }: + let + # TODO: introduce options for these + kernelPdMapper = true; + in + { + config = + let + inherit (config.boot.loader) efi; + kp = [ + { + name = "x13s-cfg"; + patch = null; + extraStructuredConfig = with lib.kernel; { + EFI_ARMSTUB_DTB_LOADER = lib.mkForce yes; + OF_OVERLAY = lib.mkForce yes; + BTRFS_FS = lib.mkForce yes; + BTRFS_FS_POSIX_ACL = lib.mkForce yes; + MEDIA_CONTROLLER = lib.mkForce yes; + SND_USB_AUDIO_USE_MEDIA_CONTROLLER = lib.mkForce yes; + SND_USB = lib.mkForce yes; + SND_USB_AUDIO = lib.mkForce module; + USB_XHCI_PCI = lib.mkForce module; + NO_HZ_FULL = lib.mkForce yes; + HZ_100 = lib.mkForce yes; + HZ_250 = lib.mkForce no; + DRM_AMDGPU = lib.mkForce no; + DRM_NOUVEAU = lib.mkForce no; + QCOM_TSENS = lib.mkForce yes; + NVMEM_QCOM_QFPROM = lib.mkForce yes; + ARM_QCOM_CPUFREQ_NVMEM = lib.mkForce yes; + } // lib.optionalAttrs kernelPdMapper { + QCOM_PD_MAPPER = lib.mkForce yes; + QRTR = lib.mkForce yes; + }; + } + ]; + + # We can't quite move to mainline linux + linux_x13s_pkg = { buildLinux, ... } @ args: + buildLinux (args // rec { + version = "6.7.0"; + modDirVersion = lib.versions.pad 3 version; + extraMeta.branch = lib.versions.majorMinor version; + + src = self.inputs.linux_x13s; + kernelPatches = (args.kernelPatches or [ ]) ++ kp; + } // (args.argsOverride or { })); + + # we add additional configuration on top of te normal configuration above + # using the extraStructuredConfig option on the kernel patch + linux_x13s = pkgs.callPackage linux_x13s_pkg { + defconfig = "johan_defconfig"; + }; + + uncompressed-fw = pkgs.callPackage + ({ lib, runCommand, buildEnv, firmwareFilesList }: + runCommand "qcom-modem-uncompressed-firmware-share" + { + firmwareFiles = buildEnv { + name = "qcom-modem-uncompressed-firmware"; + paths = firmwareFilesList; + pathsToLink = [ + "/lib/firmware/rmtfs" + "/lib/firmware/qcom" + ]; + }; + } '' + PS4=" $ " + ( + set -x + mkdir -p $out/share/ + ln -s $firmwareFiles/lib/firmware/ $out/share/uncompressed-firmware + ) + '') + { + firmwareFilesList = lib.flatten options.hardware.firmware.definitions; + }; + + linuxPackages_x13s = pkgs.linuxPackagesFor linux_x13s; + dtb = "${linuxPackages_x13s.kernel}/dtbs/qcom/sc8280xp-lenovo-thinkpad-x13s.dtb"; + + dtbName = "x13s63rc4.dtb"; + in + { + boot = { + loader.systemd-boot.enable = true; + loader.systemd-boot.extraFiles = { + "${dtbName}" = dtb; + }; + loader.efi.canTouchEfiVariables = true; + loader.efi.efiSysMountPoint = "/boot"; + + kernelPackages = linuxPackages_x13s; + + kernelParams = [ + "boot.shell_on_fail" + "clk_ignore_unused" + "pd_ignore_unused" + "arm64.nopauth" + "cma=128M" + "nvme.noacpi=1" + "iommu.strict=0" + "dtb=${dtbName}" + ]; + initrd = { + includeDefaultModules = false; + availableKernelModules = [ + "i2c_hid" + "i2c_hid_of" + "i2c_qcom_geni" + "leds_qcom_lpg" + "pwm_bl" + "qrtr" + "pmic_glink_altmode" + "gpio_sbu_mux" + "phy_qcom_qmp_combo" + "panel-edp" + "msm" + "phy_qcom_edp" + "i2c-core" + "i2c-hid" + "i2c-hid-of" + "i2c-qcom-geni" + "pcie-qcom" + "phy-qcom-qmp-combo" + "phy-qcom-qmp-pcie" + "phy-qcom-qmp-usb" + "phy-qcom-snps-femto-v2" + "phy-qcom-usb-hs" + "nvme" + ]; + }; + }; + + # power management, etc. + environment.systemPackages = with pkgs; [ + qrtr + qmic + rmtfs + pd-mapper + uncompressed-fw + ]; + environment.pathsToLink = [ "share/uncompressed-firmware" ]; + + # ensure the x13s' dtb file is in the boot partition + system.activationScripts.x13s-dtb = '' + in_package="${dtb}" + esp_tool_folder="${efi.efiSysMountPoint}/" + in_esp="''${esp_tool_folder}${dtbName}" + >&2 echo "Ensuring $in_esp in EFI System Partition" + if ! ${pkgs.diffutils}/bin/cmp --silent "$in_package" "$in_esp"; then + >&2 echo "Copying $in_package -> $in_esp" + mkdir -p "$esp_tool_folder" + cp "$in_package" "$in_esp" + sync + fi + ''; + + hardware.enableAllFirmware = true; + hardware.firmware = [ + pkgs.linux-firmware + (pkgs.callPackage "${self.inputs.brainwart_x13s-nixos}/pkgs/x13s-firmware.nix" { }) + ]; + }; + }; + }; +} diff --git a/nix/os/devices/voodoo/.gitignore b/nix/os/devices/voodoo/.gitignore new file mode 100644 index 0000000..b2be92b --- /dev/null +++ b/nix/os/devices/voodoo/.gitignore @@ -0,0 +1 @@ +result diff --git a/nix/os/devices/voodoo/configuration.nix b/nix/os/devices/voodoo/configuration.nix new file mode 100644 index 0000000..d6ae93c --- /dev/null +++ b/nix/os/devices/voodoo/configuration.nix @@ -0,0 +1,85 @@ +{ + repoFlake, + pkgs, + lib, + config, + nodeFlake, + nodeName, + localDomainName, + system, + ... +}: let +in { + imports = [ + # repoFlake.inputs.sops-nix.nixosModules.sops + + # ../../profiles/common/user.nix + + { + nix.nixPath = [ + "nixpkgs=${pkgs.path}" + ]; + + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + + nix.settings.max-jobs = lib.mkDefault "auto"; + nix.settings.cores = lib.mkDefault 0; + } + + { + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "yes"; + + # users.commonUsers = { + # enable = true; + # enableNonRoot = false; + # rootPasswordFile = config.sops.secrets.passwords-root.path; + # }; + + users.users.root.password = "voodoo"; + + # sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + # sops.defaultSopsFormat = "yaml"; + + # sops.secrets.passwords-root.neededForUsers = true; + } + ]; + + networking = { + hostName = nodeName; + useNetworkd = false; + useDHCP = true; + firewall.enable = false; + }; + + system.stateVersion = "23.11"; + + # We exclude a number of modules included in the default list. A non-insignificant amount do + # not apply to embedded hardware like this, so simply skip the defaults. + # + # Custom kernel is required as a lot of MTK components misbehave when built as modules. + # They fail to load properly, leaving the system without working ethernet, they'll oops on + # remove. MTK-DSA parts and PCIe were observed to do this. + + # boot.initrd.includeDefaultModules = false; + # boot.initrd.kernelModules = ["rfkill" "cfg80211" "mt7915e"]; + # boot.initrd.availableKernelModules = ["nvme"]; + + hardware.enableRedistributableFirmware = false; + + # Extlinux compatible with custom uboot patches in this repo, which also provide unique + # MAC addresses instead of the non-unique one that gets used by a lot of MTK devices... + boot.loader.grub.enable = true; + + environment.systemPackages = [ + # pkgs.pciutils + ]; + + fileSystems."/".label = "voodoo_root"; + boot.loader.grub.devices = [ + "/dev/disk/by-id/usb-ST313640_A_20171021-0" + ]; +} diff --git a/nix/os/devices/voodoo/default.nix b/nix/os/devices/voodoo/default.nix new file mode 100644 index 0000000..e43dbc4 --- /dev/null +++ b/nix/os/devices/voodoo/default.nix @@ -0,0 +1,35 @@ +{ + system ? "i586-linux", + nodeName, + repoFlake, + nodeFlake, + localDomainName ? "internal", + ... +}: { + meta.nodeSpecialArgs.${nodeName} = { + inherit repoFlake nodeName nodeFlake system; + packages' = repoFlake.packages.${system}; + nodePackages' = nodeFlake.packages.${system}; + + inherit localDomainName; + }; + + meta.nodeNixpkgs.${nodeName} = + import nodeFlake.inputs.nixpkgs.outPath + { + inherit system; + }; + + ${nodeName} = { + deployment.targetHost = "${nodeName}.${localDomainName}"; + deployment.replaceUnknownProfiles = true; + + # nixpkgs.pkgs = nodeFlake.inputs.nixpkgs.legacyPackages.${system}; + + imports = [ + ./configuration.nix + ]; + + networking.hostName = nodeName; + }; +} diff --git a/nix/os/devices/voodoo/flake.lock b/nix/os/devices/voodoo/flake.lock new file mode 100644 index 0000000..089ad5e --- /dev/null +++ b/nix/os/devices/voodoo/flake.lock @@ -0,0 +1,225 @@ +{ + "nodes": { + "bpir3": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703603768, + "narHash": "sha256-ZViXHNt7ClqNtlRO9iot+LxiSbBvZi/RR+/6Q7W6UV8=", + "owner": "steveej-forks", + "repo": "nixos-bpir3", + "rev": "47cb545b92c136d1482a66b940c4719c40eb5fe3", + "type": "github" + }, + "original": { + "owner": "steveej-forks", + "ref": "linux-6.6", + "repo": "nixos-bpir3", + "type": "github" + } + }, + "dependencyDagOfSubmodule": { + "inputs": { + "nixpkgs": [ + "nixos-nftables-firewall", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1656615370, + "narHash": "sha256-IZDqz1aSySoqf1qtVQg+oJMHfC4IlT55Zoa7EkjvPug=", + "owner": "thelegy", + "repo": "nix-dependencyDagOfSubmodule", + "rev": "98eb563d80b35acafbfc1abb9ccee569c1efb19c", + "type": "github" + }, + "original": { + "owner": "thelegy", + "repo": "nix-dependencyDagOfSubmodule", + "type": "github" + } + }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703532766, + "narHash": "sha256-ojjW3cuNmqL5uqDWohwLoO8dYpheM5+AfgsNmGIMwG8=", + "owner": "nix-community", + "repo": "disko", + "rev": "1b191113874dee97796749bb21eac3d84735c70a", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, + "get-flake": { + "locked": { + "lastModified": 1694475786, + "narHash": "sha256-s5wDmPooMUNIAAsxxCMMh9g68AueGg63DYk2hVZJbc8=", + "owner": "ursi", + "repo": "get-flake", + "rev": "ac54750e3b95dab6ec0726d77f440efe6045bec1", + "type": "github" + }, + "original": { + "owner": "ursi", + "repo": "get-flake", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703527373, + "narHash": "sha256-AjypRssRtS6F3xkf7rE3/bXkIF2WJOZLbTIspjcE1zM=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "80679ea5074ab7190c4cce478c600057cfb5edae", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "master", + "repo": "home-manager", + "type": "github" + } + }, + "hostapd": { + "flake": false, + "locked": { + "lastModified": 1703346062, + "narHash": "sha256-SHSBKIgKc5zEGhKDT2v+yGERTJHf8pe+9ZPUwJBTJKQ=", + "ref": "refs/heads/main", + "rev": "196d6c83b9cb7d298fdc92684dc37115348b159e", + "revCount": 19119, + "type": "git", + "url": "git://w1.fi/hostap.git?branch=main" + }, + "original": { + "type": "git", + "url": "git://w1.fi/hostap.git?branch=main" + } + }, + "nixos-nftables-firewall": { + "inputs": { + "dependencyDagOfSubmodule": "dependencyDagOfSubmodule", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703279052, + "narHash": "sha256-0rbG/9SwaWtXT7ZuifMq+7wvfxDpZrjr0zdMcM4KK+E=", + "owner": "thelegy", + "repo": "nixos-nftables-firewall", + "rev": "3bf23aeb346e772d157816e6b72a742a6c97db80", + "type": "github" + }, + "original": { + "owner": "thelegy", + "repo": "nixos-nftables-firewall", + "type": "github" + } + }, + "nixos-stable": { + "locked": { + "lastModified": 1703068421, + "narHash": "sha256-WSw5Faqlw75McIflnl5v7qVD/B3S2sLh+968bpOGrWA=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "d65bceaee0fb1e64363f7871bc43dc1c6ecad99f", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1703255338, + "narHash": "sha256-Z6wfYJQKmDN9xciTwU3cOiOk+NElxdZwy/FiHctCzjU=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "6df37dc6a77654682fe9f071c62b4242b5342e04", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "openwrt": { + "flake": false, + "locked": { + "lastModified": 1691699580, + "narHash": "sha256-CV+ufXPEr5Nz2O2FBnnuPeHNsFQ7c5s0uW39u/q3cUo=", + "ref": "main", + "rev": "847984c773d819d5579d5abae4b80a4983103ed9", + "revCount": 58166, + "type": "git", + "url": "https://github.com/openwrt/openwrt.git" + }, + "original": { + "ref": "main", + "rev": "847984c773d819d5579d5abae4b80a4983103ed9", + "type": "git", + "url": "https://github.com/openwrt/openwrt.git" + } + }, + "root": { + "inputs": { + "bpir3": "bpir3", + "disko": "disko", + "get-flake": "get-flake", + "home-manager": "home-manager", + "hostapd": "hostapd", + "nixos-nftables-firewall": "nixos-nftables-firewall", + "nixpkgs": "nixpkgs", + "openwrt": "openwrt", + "srvos": "srvos" + } + }, + "srvos": { + "inputs": { + "nixos-stable": "nixos-stable", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1703469109, + "narHash": "sha256-hTQJ9uV43Vt8UXwervEj9mbDoQSN1mD3lwwPChG8jy8=", + "owner": "numtide", + "repo": "srvos", + "rev": "52d07db520046c4775f1047e68a05dcb53bba9ec", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "srvos", + "type": "github" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/nix/os/devices/voodoo/flake.nix b/nix/os/devices/voodoo/flake.nix new file mode 100644 index 0000000..6282785 --- /dev/null +++ b/nix/os/devices/voodoo/flake.nix @@ -0,0 +1,80 @@ +{ + inputs = { + nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + + get-flake.url = "github:ursi/get-flake"; + + disko.inputs.nixpkgs.follows = "nixpkgs"; + srvos.url = "github:numtide/srvos"; + srvos.inputs.nixpkgs.follows = "nixpkgs"; + }; + + outputs = { + self, + get-flake, + nixpkgs, + ... + }: let + targetPlatform = "i686-linux"; + buildPlatform = "x86_64-linux"; + nodeName = "voodoo"; + + pkgs = nixpkgs.legacyPackages.${targetPlatform}; + pkgsCross = import self.inputs.nixpkgs { + system = buildPlatform; + crossSystem = { + config = "pentium2-unknown-linux-gnu"; + }; + }; + + mkNixosConfiguration = {extraModules ? [], ...} @ attrs: + nixpkgs.lib.nixosSystem ( + nixpkgs.lib.attrsets.recursiveUpdate + attrs + { + specialArgs = (import ./default.nix { + system = targetPlatform; + inherit nodeName; + + repoFlake = get-flake ../../../..; + nodeFlake = self; + }).meta.nodeSpecialArgs.${nodeName}; + + modules = + [ + ./configuration.nix + + # flake registry + { + nix.registry.nixpkgs.flake = nixpkgs; + } + + { + nixpkgs.overlays = [ + (final: previous: + { + }) + + ]; + } + ] + ++ extraModules; + } + ); + in { + nixosConfigurations = { + native = mkNixosConfiguration { + system = targetPlatform; + }; + + cross = mkNixosConfiguration { + extraModules = [ + { + nixpkgs.buildPlatform.system = buildPlatform; + nixpkgs.hostPlatform.system = targetPlatform; + } + ]; + }; + }; + }; +} diff --git a/nix/os/lib/default.nix b/nix/os/lib/default.nix index 5ed886d..9871d3b 100644 --- a/nix/os/lib/default.nix +++ b/nix/os/lib/default.nix @@ -20,6 +20,7 @@ in { "cdrom" "adbusers" "dialout" + "cdrom" ]; openssh.authorizedKeys.keys = keys.users.steveej.openssh; diff --git a/nix/os/modules/opinionatedDisk.nix b/nix/os/modules/opinionatedDisk.nix index 758c50e..399eb43 100644 --- a/nix/os/modules/opinionatedDisk.nix +++ b/nix/os/modules/opinionatedDisk.nix @@ -7,6 +7,12 @@ with lib; let cfg = config.hardware.opinionatedDisk; ownLib = pkgs.callPackage ../lib/default.nix {}; + + earlyDiskId = cfg: + if cfg.earlyDiskIdOverride != "" + then cfg.earlyDiskIdOverride + else cfg.diskId + ; in { options.hardware.opinionatedDisk = { enable = mkEnableOption "Enable opinionated filesystem layout"; @@ -15,6 +21,11 @@ in { default = true; type = types.bool; }; + + earlyDiskIdOverride = mkOption { + default = ""; + type = types.string; + }; }; config = lib.mkIf cfg.enable { @@ -38,7 +49,7 @@ in { swapDevices = [{device = ownLib.disk.swapFsDevice cfg.diskId;}]; boot.loader.grub = { - device = ownLib.disk.bootGrubDevice cfg.diskId; + device = ownLib.disk.bootGrubDevice (earlyDiskId cfg); enableCryptodisk = cfg.encrypted; }; @@ -54,6 +65,7 @@ in { builtins.elemAt splitstring lastelem; value = { device = ownLib.disk.bootLuksDevice cfg.diskId; + preLVM = true; allowDiscards = true; }; diff --git a/nix/os/profiles/graphical/system.nix b/nix/os/profiles/graphical/system.nix index 87b1bd0..1eb2d07 100644 --- a/nix/os/profiles/graphical/system.nix +++ b/nix/os/profiles/graphical/system.nix @@ -42,10 +42,13 @@ SUBSYSTEM=="usb", ATTR{idVendor}=="1050", ATTR{idProduct}=="0406", ENV{ID_SECURITY_TOKEN}="1", GROUP="wheel" ''; - services.samba.enable = true; - services.samba.extraConfig = '' - client max protocol = SMB3 - ''; + # services.samba.enable = true; + # services.samba.extraConfig = '' + # client max protocol = SMB3 + # # client min protocol = SMB2_10 + # # client min protocol = NT1 + # # ntlm auth = yes + # ''; services.logind.lidSwitchExternalPower = "ignore";