steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

WIP everything

Browse source
This commit is contained in:
steveej 2024-01-18 14:59:17 +00:00
parent 2a23c7fdbe
commit 26f0bde4b3
29 changed files with 1630 additions and 423 deletions
Download patch file Download diff file Expand all files Collapse all files

8
Justfile
View file

@ -1,5 +1,5 @@
_DEFAULT_VERSION_TMPL: # _DEFAULT_VERSION_TMPL:
echo "{{invocation_directory()}}/nix/variables/versions.tmpl.nix" # echo "{{invocation_directory()}}/nix/variables/versions.tmpl.nix"
_usage: _usage:
just -l just -l
@ -53,7 +53,7 @@ update-remote-device devicename +rebuildargs='build':
git commit -v nix/os/devices/{{devicename}}/flake.{nix,lock} -m "nix/os/devices/{{devicename}}: bump versions" git commit -v nix/os/devices/{{devicename}}/flake.{nix,lock} -m "nix/os/devices/{{devicename}}: bump versions"
# Re-render the versions of the current device and rebuild its environment # Re-render the versions of the current device and rebuild its environment
update-this-device rebuild-mode='switch': update-this-device rebuild-mode='switch' +moreargs='':
#!/usr/bin/env bash #!/usr/bin/env bash
set -e set -e
@ -63,7 +63,7 @@ update-this-device rebuild-mode='switch':
nix flake update nix flake update
) )
just -v rebuild-this-device {{rebuild-mode}} just -v rebuild-this-device {{rebuild-mode}} {{moreargs}}
git commit -v nix/os/devices/$(hostname -s)/flake.{nix,lock} -m "nix/os/devices/$(hostname -s): bump versions" git commit -v nix/os/devices/$(hostname -s)/flake.{nix,lock} -m "nix/os/devices/$(hostname -s): bump versions"

16
README.md
View file

@ -96,3 +96,19 @@ just --list
2. disconnect remove the previous drive 2. disconnect remove the previous drive
3. replace the driveId in the device's hw.nix 3. replace the driveId in the device's hw.nix
4. run the `just disk-relabel nix/os/devices/<deviceName> <prevDiskId>` command to rename the filesystem and volume group 4. run the `just disk-relabel nix/os/devices/<deviceName> <prevDiskId>` command to rename the filesystem and volume group
## Rebuilding an offline system
```
(
sudo cryptsetup open /dev/sdb3 steveej-t14s-cryptroot
sleep 5
sudo mkdir -p /mnt/root
sudo mount /dev/mapper/nvme--WD_BLACK_SN850X_4000GB_2227DT443901-root /mnt/root -o subvol=nixos
sudo mount /dev/sdb2 /mnt/root/boot
sudo mount /dev/mapper/nvme--WD_BLACK_SN850X_4000GB_2227DT443901-root /mnt/root/home -o subvol=home
sudo nixos-install -v --flake .#steveej-t14 --root /mnt/root/ --no-root-password
)
```

376
flake.lock generated
View file

@ -3,11 +3,11 @@
"aphorme_launcher": { "aphorme_launcher": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1683977169, "lastModified": 1699523648,
"narHash": "sha256-juRiokIk5x+eGJm+QuCdFPUjEggDmscpy2Ip7pU9KI4=", "narHash": "sha256-OmeelrddWuPQL84W/1Fi3FczKfrR+XdosRfKofc2o6w=",
"owner": "Iaphetes", "owner": "Iaphetes",
"repo": "aphorme_launcher", "repo": "aphorme_launcher",
"rev": "211bc27de061b61e3119a7966cff09f4b8c3a1fe", "rev": "3404dd1ac0c448d517efc0a20f554da0f1d5550c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -42,19 +42,16 @@
}, },
"crane": { "crane": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils_2",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ]
"rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1691423162, "lastModified": 1703439018,
"narHash": "sha256-cReUZCo83YEEmFcHX8CcOVTZYUrcWgHQO34zxQzy7WI=", "narHash": "sha256-VT+06ft/x3eMZ1MJxWzQP3zXFGcrxGo5VR2rB7t88hs=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "b5d9d42ea3fa8fea1805d9af1416fe207d0dd1dc", "rev": "afdcd41180e3dfe4dac46b5ee396e3b12ccc967a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -71,11 +68,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1687747614, "lastModified": 1701905325,
"narHash": "sha256-KXspKgtdO2YRL12Jv0sUgkwOwHrAFwdIG/90pDx8Ydg=", "narHash": "sha256-lda63LmEIlDMeCgWfjr3/wb487XPllBByfrGRieyEk4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "fef67a1ddc293b595d62a660f57deabbcb70ff95", "rev": "1144887c6f4d2dcbb2316a24364ef53e25b0fcfe",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -93,11 +90,11 @@
"rust-analyzer-src": "rust-analyzer-src" "rust-analyzer-src": "rust-analyzer-src"
}, },
"locked": { "locked": {
"lastModified": 1691648495, "lastModified": 1704176544,
"narHash": "sha256-JULr+eKL9rjfex17hZYn0K/fBxxfK/FM9TOCcxPQay4=", "narHash": "sha256-A6PfA1DB6cF3cQerysGK8zIumGTrXucdHoFRU+8H7Lc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "fenix", "repo": "fenix",
"rev": "6c9f0709358f212766cff5ce79f6e8300ec1eb91", "rev": "54df821cae7bd492a049ef213336810247128110",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -123,22 +120,6 @@
} }
}, },
"flake-compat_2": { "flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"locked": { "locked": {
"lastModified": 1688025799, "lastModified": 1688025799,
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=", "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
@ -158,11 +139,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1690933134, "lastModified": 1704152458,
"narHash": "sha256-ab989mN63fQZBFrkk4Q8bYxQCktuHmBIBqUG1jl6/FQ=", "narHash": "sha256-DS+dGw7SKygIWf9w4eNBUZsK+4Ug27NwEWmn2tnbycg=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "59cf3f1447cfc75087e7273b04b31e689a8599fb", "rev": "88a2cd8166694ba0b6cb374700799cec53aef527",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -179,11 +160,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1687762428, "lastModified": 1701473968,
"narHash": "sha256-DIf7mi45PKo+s8dOYF+UlXHzE0Wl/+k3tXUyAoAnoGE=", "narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "37dd7bb15791c86d55c5121740a1887ab55ee836", "rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -201,11 +182,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1690933134, "lastModified": 1701473968,
"narHash": "sha256-ab989mN63fQZBFrkk4Q8bYxQCktuHmBIBqUG1jl6/FQ=", "narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "59cf3f1447cfc75087e7273b04b31e689a8599fb", "rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -234,11 +215,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1689068808, "lastModified": 1701680307,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=", "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4", "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -248,24 +229,6 @@
} }
}, },
"flake-utils_3": { "flake-utils_3": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1689068808,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"locked": { "locked": {
"lastModified": 1667395993, "lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
@ -282,11 +245,11 @@
}, },
"get-flake": { "get-flake": {
"locked": { "locked": {
"lastModified": 1673819588, "lastModified": 1694475786,
"narHash": "sha256-gRtwKAlu4htvS6dxyZnW3n+vMS1acqnMGVHqxUdETeY=", "narHash": "sha256-s5wDmPooMUNIAAsxxCMMh9g68AueGg63DYk2hVZJbc8=",
"owner": "ursi", "owner": "ursi",
"repo": "get-flake", "repo": "get-flake",
"rev": "e0917b6f564aa5acefb1484b5baf76da21746c3c", "rev": "ac54750e3b95dab6ec0726d77f440efe6045bec1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -298,11 +261,11 @@
"jay": { "jay": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1689440887, "lastModified": 1698077919,
"narHash": "sha256-+61dHuxk3FCP+H2PCoup6lZDlaTuJBqDzkiBNY6yaJ4=", "narHash": "sha256-X4bMOBS2WFcbiOiynvSId1XoWgQW3wbO7/atJ9V7buk=",
"owner": "mahkoh", "owner": "mahkoh",
"repo": "jay", "repo": "jay",
"rev": "eb83505e39ec8c2383ac233a8b8449803db52549", "rev": "b4d73064d9c112c69ff16200231145ccffcb3e81",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -313,15 +276,15 @@
}, },
"lib-aggregate": { "lib-aggregate": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_2",
"nixpkgs-lib": "nixpkgs-lib_2" "nixpkgs-lib": "nixpkgs-lib_2"
}, },
"locked": { "locked": {
"lastModified": 1691323683, "lastModified": 1704024543,
"narHash": "sha256-G7kMLDbYN03VNO+QYymFIp0o9jv+gflUpde8V4iYri8=", "narHash": "sha256-hmKcKSuTqVK47l2G0PkLAinZN1oCOb6XdPPJhNCQ2rg=",
"owner": "nix-community", "owner": "nix-community",
"repo": "lib-aggregate", "repo": "lib-aggregate",
"rev": "99d95d9ca592022832e9f1b4d2a8327b8d50eb60", "rev": "4608880f02f8f868e1b7f85c60abdfc5cb0cf9ec",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -333,11 +296,11 @@
"magmawm": { "magmawm": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1687543996, "lastModified": 1703542178,
"narHash": "sha256-S8vRKXCHF7OHestoGNe6fqqxJIc8slhaOFjvGS3oflc=", "narHash": "sha256-HuCAz+B+cg7HoEEL67heaYRc8zmQCnPBR+DgmuiIZBk=",
"owner": "MagmaWM", "owner": "MagmaWM",
"repo": "MagmaWM", "repo": "MagmaWM",
"rev": "c16fa624b2c86328081a1647f483273e131df29d", "rev": "24dc21f228efb034cd0237fb5ff9a8310f1929b7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -349,15 +312,16 @@
"nix-eval-jobs": { "nix-eval-jobs": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_3", "flake-parts": "flake-parts_3",
"nix-github-actions": "nix-github-actions",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"treefmt-nix": "treefmt-nix_2" "treefmt-nix": "treefmt-nix_2"
}, },
"locked": { "locked": {
"lastModified": 1691371197, "lastModified": 1703466376,
"narHash": "sha256-YazAJxDjmAG9kiIEuqc+1CmmYIIt4wRIbEFb+TXf8WA=", "narHash": "sha256-Wy8iF8u5KSzrTxg1hStTBmUjzzKdKyCyMOg8b/eTvVQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-eval-jobs", "repo": "nix-eval-jobs",
"rev": "b02b4e287fddc969fc490478b5666603f4ab0d3c", "rev": "64104a3c55593c903af78af86a4c9d2e5487a2d7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -366,19 +330,25 @@
"type": "github" "type": "github"
} }
}, },
"nixos-2305": { "nix-github-actions": {
"inputs": {
"nixpkgs": [
"nixpkgs-wayland",
"nix-eval-jobs",
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1687938137, "lastModified": 1701208414,
"narHash": "sha256-Z00c0Pk3aE1aw9x44lVcqHmvx+oX7dxCXCvKcUuE150=", "narHash": "sha256-xrQ0FyhwTZK6BwKhahIkUVZhMNk21IEI1nUcWSONtpo=",
"owner": "NixOS", "owner": "nix-community",
"repo": "nixpkgs", "repo": "nix-github-actions",
"rev": "ba2ded3227a2992f2040fad4ba6f218a701884a5", "rev": "93e39cc1a087d65bcf7a132e75a650c44dd2b734",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "nix-community",
"ref": "release-23.05", "repo": "nix-github-actions",
"repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
@ -386,19 +356,19 @@
"inputs": { "inputs": {
"disko": "disko", "disko": "disko",
"flake-parts": "flake-parts_2", "flake-parts": "flake-parts_2",
"nixos-2305": "nixos-2305",
"nixos-images": "nixos-images", "nixos-images": "nixos-images",
"nixos-stable": "nixos-stable",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1691224484, "lastModified": 1704071157,
"narHash": "sha256-0oodXqRRHXjUL7ssi1nIOKC8EzYD4f1e3eAaWexuF4M=", "narHash": "sha256-p8KFWE16nu8ltY17psLU4KTcxXTpjvc1fCzMVPel080=",
"owner": "numtide", "owner": "numtide",
"repo": "nixos-anywhere", "repo": "nixos-anywhere",
"rev": "9df79870b04667f2d16f1a78a1ab87d124403fb7", "rev": "d2911784c30a6c94d3a581bc99c94d3ce0deba0b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -410,9 +380,9 @@
}, },
"nixos-images": { "nixos-images": {
"inputs": { "inputs": {
"nixos-2305": [ "nixos-2311": [
"nixos-anywhere", "nixos-anywhere",
"nixos-2305" "nixos-stable"
], ],
"nixos-unstable": [ "nixos-unstable": [
"nixos-anywhere", "nixos-anywhere",
@ -420,11 +390,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1686819168, "lastModified": 1702375325,
"narHash": "sha256-IbRVStbKoMC2fUX6TxNO82KgpVfI8LL4Cq0bTgdYhnY=", "narHash": "sha256-kEdrh6IB7xh7YDwZ0ZVCngCs+uoS9gx4ydEoJRnM1Is=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-images", "repo": "nixos-images",
"rev": "ccc1a2c08ce2fc38bcece85d2a6e7bf17bac9e37", "rev": "d655cc02fcb9ecdcca4f3fb307e291a4b5be1339",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -433,18 +403,50 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs": { "nixos-stable": {
"locked": { "locked": {
"lastModified": 1691370583, "lastModified": 1702233072,
"narHash": "sha256-LnKMx9NQ0Qx0DTYQVewkcRr+7uW5NY7xU9kjh+Lxnb0=", "narHash": "sha256-H5G2wgbim2Ku6G6w+NSaQaauv6B6DlPhY9fMvArKqRo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b51660a128c09baf31c614284b500eb53772496f", "rev": "781e2a9797ecf0f146e81425c822dca69fe4a348",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "master", "ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixos-stable_2": {
"locked": {
"lastModified": 1703900474,
"narHash": "sha256-Zu+chYVYG2cQ4FCbhyo6rc5Lu0ktZCjRbSPE0fDgukI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9dd7699928e26c3c00d5d46811f1358524081062",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1703134684,
"narHash": "sha256-SQmng1EnBFLzS7WSRyPM9HgmZP2kLJcPAz+Ug/nug6o=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d6863cbcbbb80e71cecfc03356db1cda38919523",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -467,11 +469,27 @@
}, },
"nixpkgs-2305": { "nixpkgs-2305": {
"locked": { "locked": {
"lastModified": 1691592289, "lastModified": 1704018918,
"narHash": "sha256-Lqpw7lrXlLkYra33tp57ms8tZ0StWhbcl80vk4D90F8=", "narHash": "sha256-erjg/HrpC9liEfm7oLqb8GXCqsxaFwIIPqCsknW5aFY=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9034b46dc4c7596a87ab837bb8a07ef2d887e8c7", "rev": "2c9c58e98243930f8cb70387934daa4bc8b00373",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-2311": {
"locked": {
"lastModified": 1704018918,
"narHash": "sha256-erjg/HrpC9liEfm7oLqb8GXCqsxaFwIIPqCsknW5aFY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "2c9c58e98243930f8cb70387934daa4bc8b00373",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -484,11 +502,11 @@
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"dir": "lib", "dir": "lib",
"lastModified": 1690881714, "lastModified": 1703961334,
"narHash": "sha256-h/nXluEqdiQHs1oSgkOOWF+j8gcJMWhwnZ9PFabN6q0=", "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9e1960bc196baf6881340d53dccb203a951745a2", "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -501,11 +519,11 @@
}, },
"nixpkgs-lib_2": { "nixpkgs-lib_2": {
"locked": { "locked": {
"lastModified": 1691282883, "lastModified": 1703983607,
"narHash": "sha256-YLu1Fs+J+hw0BebUhWIeFzSqhlsnf0K88RqhVJebF9E=", "narHash": "sha256-YECXW8P0bqFM5e65Mu2fL4wZlonNWCuNEk7UQPsuJZ0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "b1d35b759161787e1cda815c460050142bda9adb", "rev": "a6c99b57d2e58f7fc6d52a08b0ba40160e75f738",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -516,11 +534,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1690066826, "lastModified": 1703950681,
"narHash": "sha256-6L2qb+Zc0BFkh72OS9uuX637gniOjzU6qCDBpjB2LGY=", "narHash": "sha256-veU5bE4eLOmi7aOzhE7LfZXcSOONRMay0BKv01WHojo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ce45b591975d070044ca24e3003c830d26fea1c8", "rev": "0aad9113182747452dbfc68b93c86e168811fa6c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -532,11 +550,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1691565530, "lastModified": 1703961334,
"narHash": "sha256-qZZ6DxvS1X/tjxXNUwJrPiaIWLZyWUDM2gkJCi5uZpE=", "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e528fa15d5f740a25b5f536c33932db64cb10fc8", "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -548,11 +566,11 @@
}, },
"nixpkgs-unstable-small": { "nixpkgs-unstable-small": {
"locked": { "locked": {
"lastModified": 1691644995, "lastModified": 1704177376,
"narHash": "sha256-/OL3sk+9iPv+pto8hs/3cPhGmcS+ugKowQ8FvopLMEA=", "narHash": "sha256-6AV8TWX/juwV8delRDtlbUzi1X8irrtCfrtcYByVhCs=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "f6f59fdce76ca4ee03852417a642b77a960229cd", "rev": "e2e36d8af3b7c465311f11913b7dedd209633c84",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -564,17 +582,17 @@
}, },
"nixpkgs-wayland": { "nixpkgs-wayland": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat_2",
"lib-aggregate": "lib-aggregate", "lib-aggregate": "lib-aggregate",
"nix-eval-jobs": "nix-eval-jobs", "nix-eval-jobs": "nix-eval-jobs",
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1691518836, "lastModified": 1704201485,
"narHash": "sha256-sY9Unk1pCbMxMSX/SuoSUg8TY4TDN+edKY83cCEqb8g=", "narHash": "sha256-pFDUR45wmq1HehY3WlJOJydFkLOzKC2pWqvMykLj2Qk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs-wayland", "repo": "nixpkgs-wayland",
"rev": "982c0c1ee398e8584d8c9cce011ec98392d2e3cc", "rev": "b0c06873775fe978bd9384ab14c24903bde92e74",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -585,11 +603,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1691368598, "lastModified": 1703961334,
"narHash": "sha256-ia7li22keBBbj02tEdqjVeLtc7ZlSBuhUk+7XTUFr14=", "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5a8e9243812ba528000995b294292d3b5e120947", "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -602,11 +620,11 @@
"ofi-pass": { "ofi-pass": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1687009458, "lastModified": 1691863924,
"narHash": "sha256-SgndtGEd3zDztqLJYSdun6IbOqgXsvw0Q8flicPHonY=", "narHash": "sha256-Vkm3QXjkLIu0RnM0w+upzAF9M7atKBPYqiV7f+eBKJY=",
"owner": "sereinity", "owner": "sereinity",
"repo": "ofi-pass", "repo": "ofi-pass",
"rev": "e99b15857438bbb6013f7f65513c13ea3f5ebdfa", "rev": "b20bd3440686429b113821c51a68b799675d5bb0",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -615,6 +633,23 @@
"type": "github" "type": "github"
} }
}, },
"prs": {
"flake": false,
"locked": {
"lastModified": 1692545676,
"narHash": "sha256-jA97WxXBgWtttXnTBxfb4lPEEFqRMflL1BYfDCYeVfo=",
"owner": "timvisee",
"repo": "prs",
"rev": "308e753f769e5ddcda14d13eeeb7b40c5887e0ca",
"type": "gitlab"
},
"original": {
"owner": "timvisee",
"ref": "master",
"repo": "prs",
"type": "gitlab"
}
},
"root": { "root": {
"inputs": { "inputs": {
"aphorme_launcher": "aphorme_launcher", "aphorme_launcher": "aphorme_launcher",
@ -631,14 +666,16 @@
"magmawm": "magmawm", "magmawm": "magmawm",
"nixos-anywhere": "nixos-anywhere", "nixos-anywhere": "nixos-anywhere",
"nixpkgs": [ "nixpkgs": [
"nixpkgs-2305" "nixpkgs-2311"
], ],
"nixpkgs-2211": "nixpkgs-2211", "nixpkgs-2211": "nixpkgs-2211",
"nixpkgs-2305": "nixpkgs-2305", "nixpkgs-2305": "nixpkgs-2305",
"nixpkgs-2311": "nixpkgs-2311",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"nixpkgs-unstable-small": "nixpkgs-unstable-small", "nixpkgs-unstable-small": "nixpkgs-unstable-small",
"nixpkgs-wayland": "nixpkgs-wayland", "nixpkgs-wayland": "nixpkgs-wayland",
"ofi-pass": "ofi-pass", "ofi-pass": "ofi-pass",
"prs": "prs",
"salut": "salut", "salut": "salut",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"srvos": "srvos", "srvos": "srvos",
@ -648,11 +685,11 @@
"rust-analyzer-src": { "rust-analyzer-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1691604464, "lastModified": 1704114818,
"narHash": "sha256-nNc/c9r1O8ajE/LkMhGcvJGlyR6ykenR3aRkEkhutxA=", "narHash": "sha256-/0gMZ32JaUTQ0THA/S9rcQSAmEKfL3hGorX5En8lG98=",
"owner": "rust-lang", "owner": "rust-lang",
"repo": "rust-analyzer", "repo": "rust-analyzer",
"rev": "05b061205179dab9a5cd94ae66d1c0e9b8febe08", "rev": "a8d935eedc80df8b453d90539cbe78b7e2c75e3c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -662,31 +699,6 @@
"type": "github" "type": "github"
} }
}, },
"rust-overlay": {
"inputs": {
"flake-utils": [
"crane",
"flake-utils"
],
"nixpkgs": [
"crane",
"nixpkgs"
]
},
"locked": {
"lastModified": 1691029059,
"narHash": "sha256-QwVeE9YTgH3LmL7yw2V/hgswL6yorIvYSp4YGI8lZYM=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "99df4908445be37ddb2d332580365fce512a7dcf",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"salut": { "salut": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -711,11 +723,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1690199016, "lastModified": 1703991717,
"narHash": "sha256-yTLL72q6aqGmzHq+C3rDp3rIjno7EJZkFLof6Ika7cE=", "narHash": "sha256-XfBg2dmDJXPQEB8EdNBnzybvnhswaiAkUeeDj7fa/hQ=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "c36df4fe4bf4bb87759b1891cab21e7a05219500", "rev": "cfdbaf68d00bc2f9e071f17ae77be4b27ff72fa6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -726,16 +738,17 @@
}, },
"srvos": { "srvos": {
"inputs": { "inputs": {
"nixos-stable": "nixos-stable_2",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1691630941, "lastModified": 1704204620,
"narHash": "sha256-4+KVSa32impg0aBqXVEEty8uu3Urb64CjmseDkETofg=", "narHash": "sha256-u7C59X3s706W9ptqfYHLlZlropun5Fzr9eYaKAsEuN8=",
"owner": "numtide", "owner": "numtide",
"repo": "srvos", "repo": "srvos",
"rev": "b7407c2dc143402de6f140575398020175f3ae1a", "rev": "e5eecdf21bdf048cef7cb9e52bf573fdf959d491",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -775,21 +788,6 @@
"type": "github" "type": "github"
} }
}, },
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": { "treefmt-nix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -798,11 +796,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1687940979, "lastModified": 1702376629,
"narHash": "sha256-D4ZFkgIG2s9Fyi78T3fVG9mqMD+/UnFDB62jS4gjZKY=", "narHash": "sha256-9uAY8a7JN4DvLe/g4OoldqPbcNZ09YOVXID+CkIqL70=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "0a4f06c27610a99080b69433873885df82003aae", "rev": "390018a9398f9763bfc05ffe6443ce0622cb9ba6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -820,11 +818,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1690874496, "lastModified": 1702979157,
"narHash": "sha256-qYZJVAfilFbUL6U+euMjKLXUADueMNQBqwihpNzTbDU=", "narHash": "sha256-RnFBbLbpqtn4AoJGXKevQMCGhra4h6G2MPcuTSZZQ+g=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "fab56c8ce88f593300cd8c7351c9f97d10c333c5", "rev": "2961375283668d867e64129c22af532de8e77734",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -835,17 +833,17 @@
}, },
"yofi": { "yofi": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_4", "flake-utils": "flake-utils_3",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ]
}, },
"locked": { "locked": {
"lastModified": 1678976029, "lastModified": 1702939607,
"narHash": "sha256-AZ2+FQtVwUFgv4kiZqMKmiXS2qygMktDE185O19BXiM=", "narHash": "sha256-nPIt1JIQ3g6lBE7+qI8gV1cmJ+uA55aAzho2dGOIFik=",
"owner": "l4l", "owner": "l4l",
"repo": "yofi", "repo": "yofi",
"rev": "811a4358913aed527348f9584d6c0767983299bb", "rev": "c0ca3365a702e7a2852a801ca357df5eb87d0cf9",
"type": "github" "type": "github"
}, },
"original": { "original": {

348
flake.nix
View file

@ -4,9 +4,10 @@
# flake and infra basics # flake and infra basics
nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11";
nixpkgs-2305.url = "github:nixos/nixpkgs/nixos-23.05"; nixpkgs-2305.url = "github:nixos/nixpkgs/nixos-23.05";
nixpkgs-2311.url = "github:nixos/nixpkgs/nixos-23.05";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small"; nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
nixpkgs.follows = "nixpkgs-2305"; nixpkgs.follows = "nixpkgs-2311";
flake-parts.url = "github:hercules-ci/flake-parts"; flake-parts.url = "github:hercules-ci/flake-parts";
get-flake.url = "github:ursi/get-flake"; get-flake.url = "github:ursi/get-flake";
@ -67,162 +68,219 @@
url = "gitlab:snakedye/salut"; url = "gitlab:snakedye/salut";
flake = false; flake = false;
}; };
prs = {
url = "gitlab:timvisee/prs/master";
flake = false;
};
}; };
outputs = inputs @ { outputs =
self, inputs @ { self
flake-parts, , flake-parts
nixpkgs, , nixpkgs
... , ...
}: let }:
inherit (nixpkgs) lib; let
inherit (nixpkgs) lib;
systems = [ systems = [
"x86_64-linux" "x86_64-linux"
"aarch64-linux" "aarch64-linux"
]; ];
in in
flake-parts.lib.mkFlake {inherit inputs;} flake-parts.lib.mkFlake { inherit inputs; }
({withSystem, ...}: { ({ withSystem, ... }: {
flake.colmena = flake.colmena =
lib.lists.foldl (sum: cur: lib.attrsets.recursiveUpdate sum cur) lib.lists.foldl (sum: cur: lib.attrsets.recursiveUpdate sum cur)
{ {
meta.nixpkgs = import inputs.nixpkgs.outPath { meta.nixpkgs = import inputs.nixpkgs.outPath {
system = builtins.elemAt systems 0; system = builtins.elemAt systems 0;
}; };
} }
# FIXME: this doesn't seem to work to apply overlays into a node's nixpkgs import # FIXME: this doesn't seem to work to apply overlays into a node's nixpkgs import
# try this instead: https://github.com/zhaofengli/colmena/issues/60#issuecomment-1510496861 # try this instead: https://github.com/zhaofengli/colmena/issues/60#issuecomment-1510496861
(builtins.map (nodeName: (builtins.map
import ./nix/os/devices/${nodeName} { (nodeName:
inherit nodeName; import ./nix/os/devices/${nodeName} {
repoFlake = self; inherit nodeName;
repoFlakeWithSystem = withSystem; repoFlake = self;
nodeFlake = self.inputs.get-flake ./nix/os/devices/${nodeName}; repoFlakeWithSystem = withSystem;
}) [ nodeFlake = self.inputs.get-flake ./nix/os/devices/${nodeName};
"steveej-t14" }) [
"elias-e525" "steveej-t14"
"justyna-p300" # "elias-e525"
# "justyna-p300"
"srv0-dmz0" # "srv0-dmz0"
"router0-dmz0" # # "router0-dmz0"
"sj-vps-htz0" # "sj-vps-htz0"
"sj-bm-hostkey0" "sj-bm-hostkey0"
]);
# this makes nixos-anywhere work # "retro"
flake.nixosConfigurations = ]);
(inputs.colmena.lib.makeHive self.outputs.colmena).nodes
// (let
router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations;
in {
router0-dmz0 = router0-dmz0.native;
# for now deploy directly with: # this makes nixos-anywhere work
# nixos-rebuild switch --flake .\#cross_router0-dmz0 --build-host localhost --target-host root@192.168.10.1 flake.nixosConfigurations =
cross_router0-dmz0 = router0-dmz0.cross; (inputs.colmena.lib.makeHive self.outputs.colmena).nodes
}); // (
let
router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations;
steveej-x13s = (inputs.get-flake ./nix/os/devices/steveej-x13s).nixosConfigurations;
retro = (inputs.get-flake ./nix/os/devices/retro).nixosConfigurations;
in
{
router0-dmz0 = router0-dmz0.native;
inherit systems; # for now deploy directly with:
# nixos-rebuild switch --flake .\#router0-dmz0_cross --build-host localhost --target-host root@192.168.10.1
router0-dmz0_cross = router0-dmz0.cross;
perSystem = { # nixos-install --flake .\#retro_cross
inputs', retro_cross = retro.cross;
system,
config,
lib,
pkgs,
...
}: rec {
imports = [
./nix/modules/flake-parts/perSystem/default.nix
];
packages = let steveej-x13s_cross = steveej-x13s.cross;
dcpj4110dw = pkgs.callPackage (self + /nix/pkgs/dcpj4110dw) {}; }
);
craneLib = inherit systems;
inputs.crane.lib.${system}.overrideToolchain
inputs'.fenix.packages.stable.toolchain;
craneLibOfiPass = perSystem =
inputs.crane.lib.${system}.overrideToolchain { inputs'
( , system
inputs'.fenix.packages.stable.toolchain , config
# .override { , lib
# date = "1.60.0"; , pkgs
# } , ...
); }: rec {
in { imports = [
dcpj4110dwDriver = dcpj4110dw.driver; ./nix/modules/flake-parts/perSystem/default.nix
dcpj4110dwCupswrapper = dcpj4110dw.cupswrapper;
# broken as of 2023-04-27 because it doesn't load without a config
# aphorme_launcher = craneLib.buildPackage {src = inputs.aphorme_launcher;};
# yofi = inputs'.yofi.packages.default;
# ofi-pass = craneLibOfiPass.buildPackage {src = inputs.ofi-pass;};
inherit (inputs'.colmena.packages) colmena;
# jay = pkgs.callPackage (self + /nix/pkgs/jay.nix) {
# src = inputs.jay;
# rustPlatform = pkgs.makeRustPlatform {
# cargo = inputs'.fenix.packages.stable.toolchain;
# rustc = inputs'.fenix.packages.stable.toolchain;
# };
# };
# magmawm = pkgs.callPackage (self + /nix/pkgs/magmawm.nix) {
# inherit craneLib;
# src = inputs.magmawm;
# };
salut = craneLib.buildPackage {
src = inputs.salut;
nativeBuildInputs = [
pkgs.pkg-config
];
buildInputs = [
pkgs.libxkbcommon
pkgs.fontconfig
]; ];
packages =
let
dcpj4110dw = pkgs.callPackage (self + /nix/pkgs/dcpj4110dw) { };
craneLib =
inputs.crane.lib.${system}.overrideToolchain
inputs'.fenix.packages.stable.toolchain;
craneLibOfiPass =
inputs.crane.lib.${system}.overrideToolchain
(
inputs'.fenix.packages.stable.toolchain
# .override {
# date = "1.60.0";
# }
);
in
{
dcpj4110dwDriver = dcpj4110dw.driver;
dcpj4110dwCupswrapper = dcpj4110dw.cupswrapper;
# broken as of 2023-04-27 because it doesn't load without a config
# aphorme_launcher = craneLib.buildPackage {src = inputs.aphorme_launcher;};
# yofi = inputs'.yofi.packages.default;
# ofi-pass = craneLibOfiPass.buildPackage {src = inputs.ofi-pass;};
inherit (inputs'.colmena.packages) colmena;
# jay = pkgs.callPackage (self + /nix/pkgs/jay.nix) {
# src = inputs.jay;
# rustPlatform = pkgs.makeRustPlatform {
# cargo = inputs'.fenix.packages.stable.toolchain;
# rustc = inputs'.fenix.packages.stable.toolchain;
# };
# };
# magmawm = pkgs.callPackage (self + /nix/pkgs/magmawm.nix) {
# inherit craneLib;
# src = inputs.magmawm;
# };
salut = craneLib.buildPackage {
src = inputs.salut;
nativeBuildInputs = [
pkgs.pkg-config
];
buildInputs = [
pkgs.libxkbcommon
pkgs.fontconfig
];
};
prs = pkgs.callPackage
({ pkgs
, dbus
, glib
, gpgme
, gtk3
, libxcb
, libxkbcommon
, installShellFiles
, pkg-config
, python3
}: craneLib.buildPackage {
pname = "prs";
version = inputs.prs.shortRev;
src = inputs.prs;
nativeBuildInputs = [ gpgme installShellFiles pkg-config python3 ];
buildInputs = [
dbus
glib
gpgme
gtk3
libxcb
libxkbcommon
];
cargoExtraArgs = "--features backend-gpgme";
postInstall = ''
for shell in bash fish zsh; do
installShellCompletion --cmd prs --$shell <($out/bin/prs internal completions $shell --stdout)
done
'';
})
{ };
nomad = inputs'.nixpkgs-unstable.legacyPackages.nomad_1_6;
ledger-live-desktop-wrapped = pkgs.writeShellScriptBin "ledger-live-desktop-wrapped" ''
set -x
pkill -9 wayland-proxy-v
export NIXOS_OZONE_WL=""
${pkgs.wayland-proxy-virtwl}/bin/wayland-proxy-virtwl \
--wayland-display=wayland-3 \
--xwayland-binary=${pkgs.xwayland}/bin/Xwayland \
--x-display=3 \
&
# --x-unscale=3 \
#--verbose \
export PROXYPID="$!"
trap "kill -9 \$PROXYPID" EXIT
# trap "pkill -9 wayland-proxy-v" EXIT
env \
WAYLAND_DISPLAY=wayland-3 \
DISPLAY=:3 \
ledger-live-desktop
'';
syncthing-container-webui = pkgs.writeShellScriptBin "reverse-port-forward-syncthing-container" ''
ssh root@${self.colmena.sj-vps-htz0.deployment.targetHost} -L 8385:syncthing.containers:8384
'';
};
formatter = pkgs.alejandra;
devShells.default = import ./nix/devShells.nix {
inherit inputs' pkgs;
packages' = packages;
};
}; };
});
nomad = inputs'.nixpkgs-unstable.legacyPackages.nomad_1_6;
ledger-live-desktop-wrapped = pkgs.writeShellScriptBin "ledger-live-desktop-wrapped" ''
set -x
pkill -9 wayland-proxy-v
export NIXOS_OZONE_WL=""
${pkgs.wayland-proxy-virtwl}/bin/wayland-proxy-virtwl \
--wayland-display=wayland-3 \
--xwayland-binary=${pkgs.xwayland}/bin/Xwayland \
--x-display=3 \
&
# --x-unscale=3 \
#--verbose \
export PROXYPID="$!"
trap "kill -9 \$PROXYPID" EXIT
# trap "pkill -9 wayland-proxy-v" EXIT
env \
WAYLAND_DISPLAY=wayland-3 \
DISPLAY=:3 \
ledger-live-desktop
'';
syncthing-container-webui = pkgs.writeShellScriptBin "reverse-port-forward-syncthing-container" ''
ssh root@${self.colmena.sj-vps-htz0.deployment.targetHost} -L 8385:syncthing.containers:8384
'';
};
formatter = pkgs.alejandra;
devShells.default = import ./nix/devShells.nix {
inherit inputs' pkgs;
packages' = packages;
};
};
});
} }

2
nix/devShells.nix
View file

@ -30,7 +30,6 @@ pkgs.stdenv.mkDerivation {
ripgrep ripgrep
lm_sensors lm_sensors
pass pass
prs
fuzzel fuzzel
wofi wofi
age age
@ -76,6 +75,7 @@ pkgs.stdenv.mkDerivation {
(pkgs.writeShellScriptBin "r11" '' (pkgs.writeShellScriptBin "r11" ''
exec env NIXOS_OZONE_WL="" WAYLAND_DISPLAY="" $@ exec env NIXOS_OZONE_WL="" WAYLAND_DISPLAY="" $@
'') '')
]); ]);
# Set Environment Variables # Set Environment Variables

7
nix/home-manager/configuration/graphical-fullblown.nix
View file

@ -343,6 +343,13 @@ in {
# qtWrapperArgs+=("''${gappsWrapperArgs[@]}") # qtWrapperArgs+=("''${gappsWrapperArgs[@]}")
# ''; # '';
})) }))
snes9x
snes9x-gtk
# this is a displaymanager!
# libretro.snes9x2010
# retroarchFull
]); ]);
systemd.user.startServices = true; systemd.user.startServices = true;

4
nix/home-manager/programs/espanso.nix
View file

@ -62,6 +62,10 @@
trigger = ":dunno"; trigger = ":dunno";
replace = "¯\\_()_/¯"; replace = "¯\\_()_/¯";
} }
{
trigger = ":shrug";
replace = "¯\\_()_/¯";
}
]; ];
}; };
}; };

11
nix/home-manager/programs/pass.nix
View file

@ -1,9 +1,8 @@
{pkgs, ...}: { {repoFlake, pkgs, ...}: {
# required by pass-otp # required by pass-otp
home.sessionVariables.PASSWORD_STORE_EXTENSIONS_DIR = "$HOME/.nix-profile/lib/password-store/extensions"; # home.sessionVariables.PASSWORD_STORE_EXTENSIONS_DIR = "$HOME/.nix-profile/lib/password-store/extensions";
home.sessionVariables.PASSWORD_STORE_ENABLE_EXTENSIONS = "true"; # home.sessionVariables.PASSWORD_STORE_ENABLE_EXTENSIONS = "true";
# programs.browserpass.enable = true;
programs.browserpass.enable = true;
home.packages = with pkgs; [ home.packages = with pkgs; [
gnupg gnupg
@ -12,6 +11,6 @@
# broken on wayland # broken on wayland
# rofi-pass # rofi-pass
prs repoFlake.packages.${pkgs.system}.prs
]; ];
} }

11
nix/os/containers/webserver.nix
View file

@ -39,7 +39,14 @@ in {
in '' in ''
redir /hedgedoc* https://hedgedoc.${domain} redir /hedgedoc* https://hedgedoc.${domain}
respond "Hi!" file_server /*/* {
browse
root /var/www/stefanjunker.de/htdocs/caddy
pass_thru
}
# respond "Hi"
# respond (not /*/*) "Hi"
''; '';
}; };
@ -99,7 +106,7 @@ in {
}; };
services.jitsi-meet = { services.jitsi-meet = {
enable = true; enable = false;
hostName = "meet.${domain}"; hostName = "meet.${domain}";
config = { config = {
prejoinPageEnabled = true; prejoinPageEnabled = true;

36
nix/os/devices/router0-dmz0/configuration.nix
View file

@ -184,10 +184,11 @@ in {
after = ["hook"]; after = ["hook"];
rules = let rules = let
wanInterfaces = builtins.concatStringsSep ", " config.networking.nftables.firewall.zones.wan.interfaces; wanInterfaces = builtins.concatStringsSep ", " config.networking.nftables.firewall.zones.wan.interfaces;
exposedHost = "192.168.22.121"; exposedHost = "srv0-dmz0.dmz.internal";
in [ in [
"iifname { ${wanInterfaces} } tcp dport 220 redirect to 22" "iifname { ${wanInterfaces} } tcp dport 220 redirect to 22"
"iifname { ${wanInterfaces} } dnat ip to ${exposedHost}" # TODO: if this hostname doesn't resolve it'll break the whole ruleset
# "iifname { ${wanInterfaces} } dnat ip to ${exposedHost}"
]; ];
}; };
}; };
@ -574,7 +575,8 @@ in {
# sae_password_file = config.sops.secrets.wlan0_saePasswordsFile.path; # sae_password_file = config.sops.secrets.wlan0_saePasswordsFile.path;
# enables debug logging # enables debug logging
# logger_stdout_level= lib.mkForce 0; logger_stdout_level= lib.mkForce 0;
logger_stdout = -1;
# logger_syslog_level= lib.mkForce 0; # logger_syslog_level= lib.mkForce 0;
# resources on vlan tagging # resources on vlan tagging
@ -583,6 +585,7 @@ in {
dynamic_vlan = 1; dynamic_vlan = 1;
# this option currently requires a patch to hostapd
vlan_no_bridge = 1; vlan_no_bridge = 1;
/* not used due to the above vlan_no_bridge setting /* not used due to the above vlan_no_bridge setting
@ -620,14 +623,36 @@ in {
# "SAE" # "SAE"
]); ]);
# wpa_psk_radius = 0;
wpa_pairwise = "CCMP";
wmm_enabled = 1;
# IEEE 802.11i (authentication) related configuration # IEEE 802.11i (authentication) related configuration
# Encrypt management frames to protect against deauthentication and similar attacks # Encrypt management frames to protect against deauthentication and similar attacks
ieee80211w = 1; ieee80211w = 1;
sae_require_mfp = 1; sae_require_mfp = 1;
sae_groups = "19 20 21"; sae_groups = "19 20 21";
# [ENABLE-TLSv1.3] = enable TLSv1.3 (experimental - disabled by default)
tls_flags= "[ENABLE-TLSv1.3]";
ieee8021x=0;
eap_server=0;
}; };
}; };
# wlan0-1 = {
# ssid = "mlsia-testing";
# authentication = {
# mode = "wpa3-sae-transition";
# };
# bssid = mkBssid 1;
# settings = {
# bridge = bridgeInterfaceName;
# };
# };
# wlan0-1 = { # wlan0-1 = {
# ssid = "justtestingwifi-wpa3"; # ssid = "justtestingwifi-wpa3";
# authentication = { # authentication = {
@ -777,7 +802,7 @@ in {
tag tag
(mkVlanIpv4HostAddr { inherit vlanid; host = 100; cidr = false; }) (mkVlanIpv4HostAddr { inherit vlanid; host = 100; cidr = false; })
(mkVlanIpv4HostAddr { inherit vlanid; host = 199; cidr = false; }) (mkVlanIpv4HostAddr { inherit vlanid; host = 199; cidr = false; })
"30m" "12h"
]; ];
in in
builtins.map builtins.map
@ -843,7 +868,8 @@ in {
}; };
# The service irqbalance is useful as it assigns certain IRQ calls to specific CPUs instead of letting the first CPU core to handle everything. This is supposed to increase performance by hitting CPU cache more often. # The service irqbalance is useful as it assigns certain IRQ calls to specific CPUs instead of letting the first CPU core to handle everything. This is supposed to increase performance by hitting CPU cache more often.
services.irqbalance.enable = true; # disable for now as i think it causes wifi issues
services.irqbalance.enable = false;
system.stateVersion = "23.05"; system.stateVersion = "23.05";

3
nix/os/devices/sj-bm-hostkey0/configuration.nix
View file

@ -162,5 +162,8 @@
boot.binfmt.emulatedSystems = [ boot.binfmt.emulatedSystems = [
"aarch64-linux" "aarch64-linux"
"i686-linux"
# "i386-linux"
# "i586-linux"
]; ];
} }

47
nix/os/devices/sj-vps-htz0/system.nix
View file

@ -1,13 +1,14 @@
{ { pkgs
pkgs, , lib
lib, , config
config, , repoFlake
repoFlake, , nodeName
nodeName, , ...
... }:
}: let let
wireguardPort = 51820; wireguardPort = 51820;
in { in
{
imports = [ imports = [
../../snippets/systemd-resolved.nix ../../snippets/systemd-resolved.nix
]; ];
@ -31,14 +32,14 @@ in {
networking.interfaces.eth0 = { networking.interfaces.eth0 = {
mtu = 1400; mtu = 1400;
useDHCP = false; useDHCP = true;
ipv4.addresses = [ ipv4.addresses = [
{ {
"address" = "167.233.1.14"; "address" = "167.233.1.14";
"prefixLength" = 29; "prefixLength" = 29;
} }
]; ];
ipv6.addresses = []; ipv6.addresses = [ ];
}; };
networking.defaultGateway = { networking.defaultGateway = {
@ -53,7 +54,7 @@ in {
networking.nat = { networking.nat = {
enable = true; enable = true;
internalInterfaces = ["ve-*" "wg*"]; internalInterfaces = [ "ve-*" "wg*" ];
externalInterface = "eth0"; externalInterface = "eth0";
}; };
@ -78,7 +79,7 @@ in {
privateKeyFile = config.sops.secrets.wg0-private.path; privateKeyFile = config.sops.secrets.wg0-private.path;
peers = [ peers = [
{ {
allowedIPs = ["192.168.99.2/32"]; allowedIPs = [ "192.168.99.2/32" ];
publicKey = "O3k4jEdX6jkV1fHP/J8KSH5tvi+n1VvnBTD5na6Naw0="; publicKey = "O3k4jEdX6jkV1fHP/J8KSH5tvi+n1VvnBTD5na6Naw0=";
presharedKeyFile = config.sops.secrets.wg0-psk-steveej-psk.path; presharedKeyFile = config.sops.secrets.wg0-psk-steveej-psk.path;
} }
@ -86,12 +87,12 @@ in {
}; };
# virtualization # virtualization
virtualisation = {docker.enable = false;}; virtualisation = { docker.enable = false; };
services.spice-vdagentd.enable = true; services.spice-vdagentd.enable = true;
services.qemuGuest.enable = true; services.qemuGuest.enable = true;
nix.gc = {automatic = true;}; nix.gc = { automatic = true; };
containers = { containers = {
mailserver = import ../../containers/mailserver.nix { mailserver = import ../../containers/mailserver.nix {
@ -108,17 +109,17 @@ in {
webserver = webserver =
import ../../containers/webserver.nix import ../../containers/webserver.nix
{ {
inherit repoFlake; inherit repoFlake;
autoStart = true; autoStart = true;
hostAddress = "192.168.100.12"; hostAddress = "192.168.100.12";
localAddress = "192.168.100.13"; localAddress = "192.168.100.13";
httpPort = 80; httpPort = 80;
httpsPort = 443; httpsPort = 443;
}; };
syncthing = import ../../containers/syncthing.nix { syncthing = import ../../containers/syncthing.nix {
autoStart = true; autoStart = true;

56
nix/os/devices/steveej-t14/configuration.nix
View file

@ -11,5 +11,61 @@
./user.nix ./user.nix
./boot.nix ./boot.nix
./secrets.nix ./secrets.nix
# samba seerver
({ lib, ... }: {
# networking.firewall.enable = lib.mkForce false;
services.samba-wsdd.enable = true; # make shares visible for windows 10 clients
networking.firewall.allowedTCPPorts = [
5357 # wsdd
];
networking.firewall.allowedUDPPorts = [
3702 # wsdd
];
services.samba = {
enable = true;
securityType = "user";
extraConfig = ''
workgroup = ARBEITSGRUPPE
server string = steveej-t14
netbios name = steveej-t14
security = user
# use sendfile = yes
# for executables on windows
acl allow execute always = True
# legacy windows quirks
max protocol = NT1
min protocol = NT1
ntlm auth = yes
# client max protocol = SMB1
# client min protocol = NT1
# note: localhost is the ipv6 localhost ::1
hosts allow = 192.168. 127.0.0.1 localhost
hosts deny = 0.0.0.0/0
guest account = nobody
map to guest = bad user
'';
shares = {
voodoo = {
path = "/home/steveej/Desktop/voodoo";
browseable = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0644";
"directory mask" = "0755";
# "force user" = "steveej";
# "force group" = "users";
};
};
};
})
]; ];
} }

22
nix/os/devices/steveej-t14/hw.nix
View file

@ -1,4 +1,4 @@
{...}: let {lib, ...}: let
stage1Modules = [ stage1Modules = [
"aesni_intel" "aesni_intel"
"kvm_amd" "kvm_amd"
@ -7,6 +7,22 @@
"thunderbolt" "thunderbolt"
"e1000e" "e1000e"
"usbcore"
"xhci_hcd"
"usbnet"
"snd_usb_audio"
"usbhid"
"snd_usbmidi_lib"
"cdc_mbim"
"cdc_ncm"
"usb_storage"
"cdc_wdm"
"uvcvideo"
"btusb"
"xhci_pci"
"cdc_ether"
"uas"
]; ];
in { in {
# TASK: new device # TASK: new device
@ -14,8 +30,11 @@ in {
enable = true; enable = true;
encrypted = true; encrypted = true;
diskId = "nvme-WD_BLACK_SN850X_4000GB_2227DT443901"; diskId = "nvme-WD_BLACK_SN850X_4000GB_2227DT443901";
earlyDiskIdOverride = "usb-JMicron_Generic_0123456789ABCDEF-0:0";
}; };
# boot.loader.grub.device = lib.mkForce "/dev/disk/by-id/usb-JMicron_Generic_0123456789ABCDEF-0:0";
# see https://linrunner.de/tlp/ # see https://linrunner.de/tlp/
services.tlp = { services.tlp = {
enable = true; enable = true;
@ -90,6 +109,7 @@ in {
]; ];
}; };
hardware.enableRedistributableFirmware = true;
# boot.initrd.availableKernelModules = stage1Modules; # boot.initrd.availableKernelModules = stage1Modules;
boot.initrd.kernelModules = stage1Modules; boot.initrd.kernelModules = stage1Modules;
} }

20
nix/os/devices/steveej-t14/pkg.nix
View file

@ -59,6 +59,25 @@
sway sway
''; '';
# autologin steveej on tty1
systemd.services."autovt@tty1".description = "Autologin at the TTY1";
systemd.services."autovt@tty1".after = [ "systemd-logind.service" ]; # without it user session not started and xorg can't be run from this tty
systemd.services."autovt@tty1".wantedBy = [ "multi-user.target" ];
systemd.services."autovt@tty1".serviceConfig =
{ ExecStart = [
"" # override upstream default with an empty ExecStart
"@${pkgs.utillinux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login --autologin steveej --noclear %I $TERM"
];
Restart = "always";
Type = "idle";
};
programs.zsh.loginShellInit = ''
if test $(id --user steveej) = $(id -u) && test $(tty) = "/dev/tty1"; then
exec sway
fi
'';
# fonts = let # fonts = let
# prefs.font = rec { # prefs.font = rec {
# size = 13; # size = 13;
@ -109,6 +128,7 @@
# rtkit is optional but recommended # rtkit is optional but recommended
security.rtkit.enable = true; security.rtkit.enable = true;
services.pipewire = { services.pipewire = {
audio.enable = true;
enable = true; enable = true;
alsa.enable = true; alsa.enable = true;
alsa.support32Bit = true; alsa.support32Bit = true;

83
nix/os/devices/steveej-t14/system.nix
View file

@ -1,11 +1,11 @@
{ { pkgs
pkgs, , lib
lib, , config
config, , nodeName
nodeName, , repoFlake
repoFlake, , ...
... }:
}: let let
passwords = import ../../../variables/passwords.crypt.nix; passwords = import ../../../variables/passwords.crypt.nix;
localTcpPorts = [ localTcpPorts = [
@ -24,7 +24,8 @@
21027 21027
]; ];
in { in
{
imports = [ imports = [
../../snippets/nix-settings-holo-chain.nix ../../snippets/nix-settings-holo-chain.nix
]; ];
@ -44,16 +45,16 @@ in {
sshUser = "nix-remote-builder"; sshUser = "nix-remote-builder";
protocol = "ssh-ng"; protocol = "ssh-ng";
system = "x86_64-linux"; system = "x86_64-linux";
maxJobs = 24; maxJobs = 32;
speedFactor = 100; speedFactor = 100;
supportedFeatures = repoFlake.nixosConfigurations.router0-dmz0.config.nix.settings.system-features ++ []; supportedFeatures = repoFlake.nixosConfigurations.router0-dmz0.config.nix.settings.system-features ++ [ ];
} }
]; ];
networking.extraHosts = '' networking.extraHosts = ''
''; '';
networking.bridges."virbr1".interfaces = []; networking.bridges."virbr1".interfaces = [ ];
networking.interfaces."virbr1".ipv4.addresses = [ networking.interfaces."virbr1".ipv4.addresses = [
{ {
address = "10.254.254.254"; address = "10.254.254.254";
@ -86,7 +87,7 @@ in {
# virtualization # virtualization
virtualisation = { virtualisation = {
libvirtd = {enable = true;}; libvirtd = { enable = true; };
virtualbox.host = { virtualbox.host = {
enable = false; enable = false;
@ -107,11 +108,11 @@ in {
enable = true; enable = true;
package = lib.mkForce pkgs.gnome3.gvfs; package = lib.mkForce pkgs.gnome3.gvfs;
}; };
environment.systemPackages = with pkgs; [lxqt.lxqt-policykit]; # provides a default authentification client for policykit environment.systemPackages = with pkgs; [ lxqt.lxqt-policykit ]; # provides a default authentification client for policykit
security.pki.certificateFiles = ["${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"]; security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
services.xserver.videoDrivers = lib.mkForce ["amdgpu"]; services.xserver.videoDrivers = lib.mkForce [ "amdgpu" ];
services.xserver.serverFlagsSection = '' services.xserver.serverFlagsSection = ''
Option "BlankTime" "0" Option "BlankTime" "0"
Option "StandbyTime" "0" Option "StandbyTime" "0"
@ -123,35 +124,37 @@ in {
hardware.ledger.enable = true; hardware.ledger.enable = true;
services.zerotierone = { # services.zerotierone = {
enable = true; # enable = false;
joinNetworks = [ # joinNetworks = [
# moved to the service below as it's now secret # # moved to the service below as it's now secret
]; # ];
}; # };
systemd.services.zerotieroneSecretNetworks = { # systemd.services.zerotieroneSecretNetworks = {
enable = false; # enable = false;
requiredBy = ["zerotierone.service"]; # requiredBy = [ "zerotierone.service" ];
partOf = ["zerotierone.service"]; # partOf = [ "zerotierone.service" ];
serviceConfig.Type = "oneshot"; # serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true; # serviceConfig.RemainAfterExit = true;
script = let # script =
secret = config.sops.secrets.zerotieroneNetworks; # let
in '' # secret = config.sops.secrets.zerotieroneNetworks;
# include the secret's hash to trigger a restart on change # in
# ${builtins.hashString "sha256" (builtins.toJSON secret)} # ''
# # include the secret's hash to trigger a restart on change
# # ${builtins.hashString "sha256" (builtins.toJSON secret)}
${config.systemd.services.zerotierone.preStart} # ${config.systemd.services.zerotierone.preStart}
rm -rf /var/lib/zerotier-one/networks.d/*.conf # rm -rf /var/lib/zerotier-one/networks.d/*.conf
for network in `grep -v '#' ${secret.path}`; do # for network in `grep -v '#' ${secret.path}`; do
touch /var/lib/zerotier-one/networks.d/''${network}.conf # touch /var/lib/zerotier-one/networks.d/''${network}.conf
done # done
''; # '';
}; # };
sops.secrets.zerotieroneNetworks = { sops.secrets.zerotieroneNetworks = {
sopsFile = ../../../../secrets/zerotierone.txt; sopsFile = ../../../../secrets/zerotierone.txt;

1
nix/os/devices/steveej-x13s/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
result

82
nix/os/devices/steveej-x13s/configuration.nix Normal file
View file

@ -0,0 +1,82 @@
{ repoFlake
, pkgs
, lib
, config
, nodeFlake
, nodeName
, localDomainName
, system
, ...
}:
{
imports = [
# repoFlake.inputs.sops-nix.nixosModules.sops
# ../../profiles/common/user.nix
{
nix.nixPath = [
"nixpkgs=${pkgs.path}"
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings.max-jobs = lib.mkDefault "auto";
nix.settings.cores = lib.mkDefault 0;
}
{
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "yes";
# users.commonUsers = {
# enable = true;
# enableNonRoot = false;
# rootPasswordFile = config.sops.secrets.passwords-root.path;
# };
users.users.root.password = "install";
# sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
# sops.defaultSopsFormat = "yaml";
# sops.secrets.passwords-root.neededForUsers = true;
}
];
networking = {
hostName = nodeName;
useNetworkd = false;
networkmanager.enable = false;
firewall.enable = false;
};
system.stateVersion = "23.11";
# We exclude a number of modules included in the default list. A non-insignificant amount do
# not apply to embedded hardware like this, so simply skip the defaults.
#
# Custom kernel is required as a lot of MTK components misbehave when built as modules.
# They fail to load properly, leaving the system without working ethernet, they'll oops on
# remove. MTK-DSA parts and PCIe were observed to do this.
# boot.initrd.includeDefaultModules = false;
# boot.initrd.kernelModules = ["rfkill" "cfg80211" "mt7915e"];
# boot.initrd.availableKernelModules = ["nvme"];
nixpkgs.config.allowUnfree = true;
# hardware.enableRedistributableFirmware = true;
environment.systemPackages = [
pkgs.busybox
];
fileSystems."/".label = "x13s_root";
}

35
nix/os/devices/steveej-x13s/default.nix Normal file
View file

@ -0,0 +1,35 @@
{
system ? "aarch64-linux",
nodeName,
repoFlake,
nodeFlake,
localDomainName ? "internal",
...
}: {
meta.nodeSpecialArgs.${nodeName} = {
inherit repoFlake nodeName nodeFlake system;
packages' = repoFlake.packages.${system};
nodePackages' = nodeFlake.packages.${system};
inherit localDomainName;
};
meta.nodeNixpkgs.${nodeName} =
import nodeFlake.inputs.nixpkgs.outPath
{
inherit system;
};
${nodeName} = {
deployment.targetHost = "${nodeName}.${localDomainName}";
deployment.replaceUnknownProfiles = true;
# nixpkgs.pkgs = nodeFlake.inputs.nixpkgs.legacyPackages.${system};
imports = [
./configuration.nix
];
networking.hostName = nodeName;
};
}

159
nix/os/devices/steveej-x13s/flake.lock generated Normal file
View file

@ -0,0 +1,159 @@
{
"nodes": {
"brainwart_x13s-nixos": {
"flake": false,
"locked": {
"lastModified": 1701822673,
"narHash": "sha256-F2LBV8tqGPhEAvmn5Frxj79RPWgPGUYxJRYz8Pn9uj0=",
"owner": "BrainWart",
"repo": "x13s-nixos",
"rev": "ba245df7a72a78ec93aa500ba1a0cb29f0f65f37",
"type": "github"
},
"original": {
"owner": "BrainWart",
"ref": "main",
"repo": "x13s-nixos",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1705348229,
"narHash": "sha256-CssPema1sBxZkrT95KFuKCNNiqxNe1lnf2QNeXk88Xk=",
"owner": "nix-community",
"repo": "disko",
"rev": "d0b4408eaf782a1ada0a9133bb1cecefdd59c696",
"type": "github"
},
"original": {
"id": "disko",
"type": "indirect"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"srvos",
"nixpkgs"
]
},
"locked": {
"lastModified": 1704982712,
"narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "07f6395285469419cf9d078f59b5b49993198c00",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"get-flake": {
"locked": {
"lastModified": 1694475786,
"narHash": "sha256-s5wDmPooMUNIAAsxxCMMh9g68AueGg63DYk2hVZJbc8=",
"owner": "ursi",
"repo": "get-flake",
"rev": "ac54750e3b95dab6ec0726d77f440efe6045bec1",
"type": "github"
},
"original": {
"owner": "ursi",
"repo": "get-flake",
"type": "github"
}
},
"linux_x13s": {
"flake": false,
"locked": {
"lastModified": 1705487080,
"narHash": "sha256-DTOPiUGaeH5Ey+AZaO1c1n/QFikIXmvo2tTzgFtJ70k=",
"owner": "jhovold",
"repo": "linux",
"rev": "dd209a8fb4840e48ca4963bb23057f38b1066a6d",
"type": "github"
},
"original": {
"owner": "jhovold",
"ref": "wip/sc8280xp-v6.7",
"repo": "linux",
"type": "github"
}
},
"mobile-nixos": {
"flake": false,
"locked": {
"lastModified": 1705008488,
"narHash": "sha256-Gj97fDFZaK6gLb3ayZgTTtD+MFE1YjoyYHWkB1TIAe0=",
"owner": "NixOS",
"repo": "mobile-nixos",
"rev": "56e55df7b07b5e5c6d050732d851cec62b41df95",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "mobile-nixos",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1705316053,
"narHash": "sha256-J2Ey5mPFT8gdfL2XC0JTZvKaBw/b2pnyudEXFvl+dQM=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "c3e128f3c0ecc1fb04aef9f72b3dcc2f6cecf370",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"brainwart_x13s-nixos": "brainwart_x13s-nixos",
"disko": "disko",
"get-flake": "get-flake",
"linux_x13s": "linux_x13s",
"mobile-nixos": "mobile-nixos",
"nixpkgs": "nixpkgs",
"srvos": "srvos"
}
},
"srvos": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1705346686,
"narHash": "sha256-lTf1b2I6wwNDhV5eEKIAMT5DOa43bK5KaPqDWH2yfek=",
"owner": "numtide",
"repo": "srvos",
"rev": "8e03bea707212a7225b0ab02a8186af8b1e98e0a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "srvos",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

270
nix/os/devices/steveej-x13s/flake.nix Normal file
View file

@ -0,0 +1,270 @@
{
inputs =
{
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
get-flake.url = "github:ursi/get-flake";
disko.inputs.nixpkgs.follows = "nixpkgs";
srvos.url = "github:numtide/srvos";
srvos.inputs.nixpkgs.follows = "nixpkgs";
mobile-nixos.url = "github:NixOS/mobile-nixos";
mobile-nixos.flake = false;
# see https://github.com/jhovold/linux/wiki/X13s for status updates
linux_x13s.url = "github:jhovold/linux/wip/sc8280xp-v6.7";
linux_x13s.flake = false;
brainwart_x13s-nixos = {
url = "github:BrainWart/x13s-nixos/main";
flake = false;
};
};
outputs =
{ self
, get-flake
, nixpkgs
, ...
}:
let
targetPlatform = "aarch64-linux";
buildPlatform = "x86_64-linux";
nodeName = "steveej-x13s";
pkgs = nixpkgs.legacyPackages.${targetPlatform};
pkgsCross = import self.inputs.nixpkgs {
system = buildPlatform;
crossSystem = {
config = "pentium2-unknown-linux-gnu";
};
};
mkNixosConfiguration = { extraModules ? [ ], ... } @ attrs:
nixpkgs.lib.nixosSystem (
nixpkgs.lib.attrsets.recursiveUpdate
attrs
{
specialArgs = (import ./default.nix {
system = targetPlatform;
inherit nodeName;
repoFlake = get-flake ../../../..;
nodeFlake = self;
}).meta.nodeSpecialArgs.${nodeName};
modules =
[
self.nixosModules.hardware-x13s
./configuration.nix
# flake registry
{
nix.registry.nixpkgs.flake = nixpkgs;
}
{
nixpkgs.overlays = [
(final: prev:
{
qrtr = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/qrtr.nix" { };
qmic = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/qmic.nix" { };
rmtfs = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/rmtfs.nix" { };
pd-mapper = final.callPackage "${self.inputs.mobile-nixos}/overlay/qrtr/pd-mapper.nix" {
inherit (final) qrtr;
};
compressFirmwareXz = prev.lib.id; #this leaves all firmware uncompressed :) for pd-mapper
})
];
}
]
++ extraModules;
}
);
in
{
nixosConfigurations = {
native = mkNixosConfiguration {
system = targetPlatform;
};
cross = mkNixosConfiguration {
extraModules = [
{
nixpkgs.buildPlatform.system = buildPlatform;
nixpkgs.hostPlatform.system = targetPlatform;
}
];
};
};
nixosModules.hardware-x13s = { pkgs, config, lib, options, ... }:
let
# TODO: introduce options for these
kernelPdMapper = true;
in
{
config =
let
inherit (config.boot.loader) efi;
kp = [
{
name = "x13s-cfg";
patch = null;
extraStructuredConfig = with lib.kernel; {
EFI_ARMSTUB_DTB_LOADER = lib.mkForce yes;
OF_OVERLAY = lib.mkForce yes;
BTRFS_FS = lib.mkForce yes;
BTRFS_FS_POSIX_ACL = lib.mkForce yes;
MEDIA_CONTROLLER = lib.mkForce yes;
SND_USB_AUDIO_USE_MEDIA_CONTROLLER = lib.mkForce yes;
SND_USB = lib.mkForce yes;
SND_USB_AUDIO = lib.mkForce module;
USB_XHCI_PCI = lib.mkForce module;
NO_HZ_FULL = lib.mkForce yes;
HZ_100 = lib.mkForce yes;
HZ_250 = lib.mkForce no;
DRM_AMDGPU = lib.mkForce no;
DRM_NOUVEAU = lib.mkForce no;
QCOM_TSENS = lib.mkForce yes;
NVMEM_QCOM_QFPROM = lib.mkForce yes;
ARM_QCOM_CPUFREQ_NVMEM = lib.mkForce yes;
} // lib.optionalAttrs kernelPdMapper {
QCOM_PD_MAPPER = lib.mkForce yes;
QRTR = lib.mkForce yes;
};
}
];
# We can't quite move to mainline linux
linux_x13s_pkg = { buildLinux, ... } @ args:
buildLinux (args // rec {
version = "6.7.0";
modDirVersion = lib.versions.pad 3 version;
extraMeta.branch = lib.versions.majorMinor version;
src = self.inputs.linux_x13s;
kernelPatches = (args.kernelPatches or [ ]) ++ kp;
} // (args.argsOverride or { }));
# we add additional configuration on top of te normal configuration above
# using the extraStructuredConfig option on the kernel patch
linux_x13s = pkgs.callPackage linux_x13s_pkg {
defconfig = "johan_defconfig";
};
uncompressed-fw = pkgs.callPackage
({ lib, runCommand, buildEnv, firmwareFilesList }:
runCommand "qcom-modem-uncompressed-firmware-share"
{
firmwareFiles = buildEnv {
name = "qcom-modem-uncompressed-firmware";
paths = firmwareFilesList;
pathsToLink = [
"/lib/firmware/rmtfs"
"/lib/firmware/qcom"
];
};
} ''
PS4=" $ "
(
set -x
mkdir -p $out/share/
ln -s $firmwareFiles/lib/firmware/ $out/share/uncompressed-firmware
)
'')
{
firmwareFilesList = lib.flatten options.hardware.firmware.definitions;
};
linuxPackages_x13s = pkgs.linuxPackagesFor linux_x13s;
dtb = "${linuxPackages_x13s.kernel}/dtbs/qcom/sc8280xp-lenovo-thinkpad-x13s.dtb";
dtbName = "x13s63rc4.dtb";
in
{
boot = {
loader.systemd-boot.enable = true;
loader.systemd-boot.extraFiles = {
"${dtbName}" = dtb;
};
loader.efi.canTouchEfiVariables = true;
loader.efi.efiSysMountPoint = "/boot";
kernelPackages = linuxPackages_x13s;
kernelParams = [
"boot.shell_on_fail"
"clk_ignore_unused"
"pd_ignore_unused"
"arm64.nopauth"
"cma=128M"
"nvme.noacpi=1"
"iommu.strict=0"
"dtb=${dtbName}"
];
initrd = {
includeDefaultModules = false;
availableKernelModules = [
"i2c_hid"
"i2c_hid_of"
"i2c_qcom_geni"
"leds_qcom_lpg"
"pwm_bl"
"qrtr"
"pmic_glink_altmode"
"gpio_sbu_mux"
"phy_qcom_qmp_combo"
"panel-edp"
"msm"
"phy_qcom_edp"
"i2c-core"
"i2c-hid"
"i2c-hid-of"
"i2c-qcom-geni"
"pcie-qcom"
"phy-qcom-qmp-combo"
"phy-qcom-qmp-pcie"
"phy-qcom-qmp-usb"
"phy-qcom-snps-femto-v2"
"phy-qcom-usb-hs"
"nvme"
];
};
};
# power management, etc.
environment.systemPackages = with pkgs; [
qrtr
qmic
rmtfs
pd-mapper
uncompressed-fw
];
environment.pathsToLink = [ "share/uncompressed-firmware" ];
# ensure the x13s' dtb file is in the boot partition
system.activationScripts.x13s-dtb = ''
in_package="${dtb}"
esp_tool_folder="${efi.efiSysMountPoint}/"
in_esp="''${esp_tool_folder}${dtbName}"
>&2 echo "Ensuring $in_esp in EFI System Partition"
if ! ${pkgs.diffutils}/bin/cmp --silent "$in_package" "$in_esp"; then
>&2 echo "Copying $in_package -> $in_esp"
mkdir -p "$esp_tool_folder"
cp "$in_package" "$in_esp"
sync
fi
'';
hardware.enableAllFirmware = true;
hardware.firmware = [
pkgs.linux-firmware
(pkgs.callPackage "${self.inputs.brainwart_x13s-nixos}/pkgs/x13s-firmware.nix" { })
];
};
};
};
}

1
nix/os/devices/voodoo/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
result

85
nix/os/devices/voodoo/configuration.nix Normal file
View file

@ -0,0 +1,85 @@
{
repoFlake,
pkgs,
lib,
config,
nodeFlake,
nodeName,
localDomainName,
system,
...
}: let
in {
imports = [
# repoFlake.inputs.sops-nix.nixosModules.sops
# ../../profiles/common/user.nix
{
nix.nixPath = [
"nixpkgs=${pkgs.path}"
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings.max-jobs = lib.mkDefault "auto";
nix.settings.cores = lib.mkDefault 0;
}
{
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "yes";
# users.commonUsers = {
# enable = true;
# enableNonRoot = false;
# rootPasswordFile = config.sops.secrets.passwords-root.path;
# };
users.users.root.password = "voodoo";
# sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
# sops.defaultSopsFormat = "yaml";
# sops.secrets.passwords-root.neededForUsers = true;
}
];
networking = {
hostName = nodeName;
useNetworkd = false;
useDHCP = true;
firewall.enable = false;
};
system.stateVersion = "23.11";
# We exclude a number of modules included in the default list. A non-insignificant amount do
# not apply to embedded hardware like this, so simply skip the defaults.
#
# Custom kernel is required as a lot of MTK components misbehave when built as modules.
# They fail to load properly, leaving the system without working ethernet, they'll oops on
# remove. MTK-DSA parts and PCIe were observed to do this.
# boot.initrd.includeDefaultModules = false;
# boot.initrd.kernelModules = ["rfkill" "cfg80211" "mt7915e"];
# boot.initrd.availableKernelModules = ["nvme"];
hardware.enableRedistributableFirmware = false;
# Extlinux compatible with custom uboot patches in this repo, which also provide unique
# MAC addresses instead of the non-unique one that gets used by a lot of MTK devices...
boot.loader.grub.enable = true;
environment.systemPackages = [
# pkgs.pciutils
];
fileSystems."/".label = "voodoo_root";
boot.loader.grub.devices = [
"/dev/disk/by-id/usb-ST313640_A_20171021-0"
];
}

35
nix/os/devices/voodoo/default.nix Normal file
View file

@ -0,0 +1,35 @@
{
system ? "i586-linux",
nodeName,
repoFlake,
nodeFlake,
localDomainName ? "internal",
...
}: {
meta.nodeSpecialArgs.${nodeName} = {
inherit repoFlake nodeName nodeFlake system;
packages' = repoFlake.packages.${system};
nodePackages' = nodeFlake.packages.${system};
inherit localDomainName;
};
meta.nodeNixpkgs.${nodeName} =
import nodeFlake.inputs.nixpkgs.outPath
{
inherit system;
};
${nodeName} = {
deployment.targetHost = "${nodeName}.${localDomainName}";
deployment.replaceUnknownProfiles = true;
# nixpkgs.pkgs = nodeFlake.inputs.nixpkgs.legacyPackages.${system};
imports = [
./configuration.nix
];
networking.hostName = nodeName;
};
}

225
nix/os/devices/voodoo/flake.lock generated Normal file
View file

@ -0,0 +1,225 @@
{
"nodes": {
"bpir3": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1703603768,
"narHash": "sha256-ZViXHNt7ClqNtlRO9iot+LxiSbBvZi/RR+/6Q7W6UV8=",
"owner": "steveej-forks",
"repo": "nixos-bpir3",
"rev": "47cb545b92c136d1482a66b940c4719c40eb5fe3",
"type": "github"
},
"original": {
"owner": "steveej-forks",
"ref": "linux-6.6",
"repo": "nixos-bpir3",
"type": "github"
}
},
"dependencyDagOfSubmodule": {
"inputs": {
"nixpkgs": [
"nixos-nftables-firewall",
"nixpkgs"
]
},
"locked": {
"lastModified": 1656615370,
"narHash": "sha256-IZDqz1aSySoqf1qtVQg+oJMHfC4IlT55Zoa7EkjvPug=",
"owner": "thelegy",
"repo": "nix-dependencyDagOfSubmodule",
"rev": "98eb563d80b35acafbfc1abb9ccee569c1efb19c",
"type": "github"
},
"original": {
"owner": "thelegy",
"repo": "nix-dependencyDagOfSubmodule",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1703532766,
"narHash": "sha256-ojjW3cuNmqL5uqDWohwLoO8dYpheM5+AfgsNmGIMwG8=",
"owner": "nix-community",
"repo": "disko",
"rev": "1b191113874dee97796749bb21eac3d84735c70a",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "disko",
"type": "github"
}
},
"get-flake": {
"locked": {
"lastModified": 1694475786,
"narHash": "sha256-s5wDmPooMUNIAAsxxCMMh9g68AueGg63DYk2hVZJbc8=",
"owner": "ursi",
"repo": "get-flake",
"rev": "ac54750e3b95dab6ec0726d77f440efe6045bec1",
"type": "github"
},
"original": {
"owner": "ursi",
"repo": "get-flake",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1703527373,
"narHash": "sha256-AjypRssRtS6F3xkf7rE3/bXkIF2WJOZLbTIspjcE1zM=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "80679ea5074ab7190c4cce478c600057cfb5edae",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "home-manager",
"type": "github"
}
},
"hostapd": {
"flake": false,
"locked": {
"lastModified": 1703346062,
"narHash": "sha256-SHSBKIgKc5zEGhKDT2v+yGERTJHf8pe+9ZPUwJBTJKQ=",
"ref": "refs/heads/main",
"rev": "196d6c83b9cb7d298fdc92684dc37115348b159e",
"revCount": 19119,
"type": "git",
"url": "git://w1.fi/hostap.git?branch=main"
},
"original": {
"type": "git",
"url": "git://w1.fi/hostap.git?branch=main"
}
},
"nixos-nftables-firewall": {
"inputs": {
"dependencyDagOfSubmodule": "dependencyDagOfSubmodule",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1703279052,
"narHash": "sha256-0rbG/9SwaWtXT7ZuifMq+7wvfxDpZrjr0zdMcM4KK+E=",
"owner": "thelegy",
"repo": "nixos-nftables-firewall",
"rev": "3bf23aeb346e772d157816e6b72a742a6c97db80",
"type": "github"
},
"original": {
"owner": "thelegy",
"repo": "nixos-nftables-firewall",
"type": "github"
}
},
"nixos-stable": {
"locked": {
"lastModified": 1703068421,
"narHash": "sha256-WSw5Faqlw75McIflnl5v7qVD/B3S2sLh+968bpOGrWA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d65bceaee0fb1e64363f7871bc43dc1c6ecad99f",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1703255338,
"narHash": "sha256-Z6wfYJQKmDN9xciTwU3cOiOk+NElxdZwy/FiHctCzjU=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "6df37dc6a77654682fe9f071c62b4242b5342e04",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"openwrt": {
"flake": false,
"locked": {
"lastModified": 1691699580,
"narHash": "sha256-CV+ufXPEr5Nz2O2FBnnuPeHNsFQ7c5s0uW39u/q3cUo=",
"ref": "main",
"rev": "847984c773d819d5579d5abae4b80a4983103ed9",
"revCount": 58166,
"type": "git",
"url": "https://github.com/openwrt/openwrt.git"
},
"original": {
"ref": "main",
"rev": "847984c773d819d5579d5abae4b80a4983103ed9",
"type": "git",
"url": "https://github.com/openwrt/openwrt.git"
}
},
"root": {
"inputs": {
"bpir3": "bpir3",
"disko": "disko",
"get-flake": "get-flake",
"home-manager": "home-manager",
"hostapd": "hostapd",
"nixos-nftables-firewall": "nixos-nftables-firewall",
"nixpkgs": "nixpkgs",
"openwrt": "openwrt",
"srvos": "srvos"
}
},
"srvos": {
"inputs": {
"nixos-stable": "nixos-stable",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1703469109,
"narHash": "sha256-hTQJ9uV43Vt8UXwervEj9mbDoQSN1mD3lwwPChG8jy8=",
"owner": "numtide",
"repo": "srvos",
"rev": "52d07db520046c4775f1047e68a05dcb53bba9ec",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "srvos",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

80
nix/os/devices/voodoo/flake.nix Normal file
View file

@ -0,0 +1,80 @@
{
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
get-flake.url = "github:ursi/get-flake";
disko.inputs.nixpkgs.follows = "nixpkgs";
srvos.url = "github:numtide/srvos";
srvos.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = {
self,
get-flake,
nixpkgs,
...
}: let
targetPlatform = "i686-linux";
buildPlatform = "x86_64-linux";
nodeName = "voodoo";
pkgs = nixpkgs.legacyPackages.${targetPlatform};
pkgsCross = import self.inputs.nixpkgs {
system = buildPlatform;
crossSystem = {
config = "pentium2-unknown-linux-gnu";
};
};
mkNixosConfiguration = {extraModules ? [], ...} @ attrs:
nixpkgs.lib.nixosSystem (
nixpkgs.lib.attrsets.recursiveUpdate
attrs
{
specialArgs = (import ./default.nix {
system = targetPlatform;
inherit nodeName;
repoFlake = get-flake ../../../..;
nodeFlake = self;
}).meta.nodeSpecialArgs.${nodeName};
modules =
[
./configuration.nix
# flake registry
{
nix.registry.nixpkgs.flake = nixpkgs;
}
{
nixpkgs.overlays = [
(final: previous:
{
})
];
}
]
++ extraModules;
}
);
in {
nixosConfigurations = {
native = mkNixosConfiguration {
system = targetPlatform;
};
cross = mkNixosConfiguration {
extraModules = [
{
nixpkgs.buildPlatform.system = buildPlatform;
nixpkgs.hostPlatform.system = targetPlatform;
}
];
};
};
};
}

1
nix/os/lib/default.nix
View file

@ -20,6 +20,7 @@ in {
"cdrom" "cdrom"
"adbusers" "adbusers"
"dialout" "dialout"
"cdrom"
]; ];
openssh.authorizedKeys.keys = keys.users.steveej.openssh; openssh.authorizedKeys.keys = keys.users.steveej.openssh;

14
nix/os/modules/opinionatedDisk.nix
View file

@ -7,6 +7,12 @@
with lib; let with lib; let
cfg = config.hardware.opinionatedDisk; cfg = config.hardware.opinionatedDisk;
ownLib = pkgs.callPackage ../lib/default.nix {}; ownLib = pkgs.callPackage ../lib/default.nix {};
earlyDiskId = cfg:
if cfg.earlyDiskIdOverride != ""
then cfg.earlyDiskIdOverride
else cfg.diskId
;
in { in {
options.hardware.opinionatedDisk = { options.hardware.opinionatedDisk = {
enable = mkEnableOption "Enable opinionated filesystem layout"; enable = mkEnableOption "Enable opinionated filesystem layout";
@ -15,6 +21,11 @@ in {
default = true; default = true;
type = types.bool; type = types.bool;
}; };
earlyDiskIdOverride = mkOption {
default = "";
type = types.string;
};
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
@ -38,7 +49,7 @@ in {
swapDevices = [{device = ownLib.disk.swapFsDevice cfg.diskId;}]; swapDevices = [{device = ownLib.disk.swapFsDevice cfg.diskId;}];
boot.loader.grub = { boot.loader.grub = {
device = ownLib.disk.bootGrubDevice cfg.diskId; device = ownLib.disk.bootGrubDevice (earlyDiskId cfg);
enableCryptodisk = cfg.encrypted; enableCryptodisk = cfg.encrypted;
}; };
@ -54,6 +65,7 @@ in {
builtins.elemAt splitstring lastelem; builtins.elemAt splitstring lastelem;
value = { value = {
device = ownLib.disk.bootLuksDevice cfg.diskId; device = ownLib.disk.bootLuksDevice cfg.diskId;
preLVM = true; preLVM = true;
allowDiscards = true; allowDiscards = true;
}; };

11
nix/os/profiles/graphical/system.nix
View file

@ -42,10 +42,13 @@
SUBSYSTEM=="usb", ATTR{idVendor}=="1050", ATTR{idProduct}=="0406", ENV{ID_SECURITY_TOKEN}="1", GROUP="wheel" SUBSYSTEM=="usb", ATTR{idVendor}=="1050", ATTR{idProduct}=="0406", ENV{ID_SECURITY_TOKEN}="1", GROUP="wheel"
''; '';
services.samba.enable = true; # services.samba.enable = true;
services.samba.extraConfig = '' # services.samba.extraConfig = ''
client max protocol = SMB3 # client max protocol = SMB3
''; # # client min protocol = SMB2_10
# # client min protocol = NT1
# # ntlm auth = yes
# '';
services.logind.lidSwitchExternalPower = "ignore"; services.logind.lidSwitchExternalPower = "ignore";