steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

nix fmt

Browse source
This commit is contained in:
steveej 2024-02-08 20:53:22 +01:00
parent a9218a80e6
commit 7137e93805
49 changed files with 2034 additions and 2002 deletions
Download patch file Download diff file Expand all files Collapse all files

1206
nix/os/devices/router0-dmz0/configuration.nix
View file

File diff suppressed because it is too large Load diff

43
nix/os/devices/router0-dmz0/flake.nix
View file

@ -19,7 +19,6 @@
bpir3.inputs.nixpkgs.follows = "nixpkgs";
nixos-nftables-firewall.url = "github:thelegy/nixos-nftables-firewall";
nixos-nftables-firewall.inputs.nixpkgs.follows = "nixpkgs";
@ -60,13 +59,17 @@
nixpkgs.lib.attrsets.recursiveUpdate
attrs
{
specialArgs = (import ./default.nix {
system = nativeSystem;
inherit nodeName;
specialArgs =
(import ./default.nix {
system = nativeSystem;
inherit nodeName;
repoFlake = get-flake ../../../..;
nodeFlake = self;
}).meta.nodeSpecialArgs.${nodeName};
repoFlake = get-flake ../../../..;
nodeFlake = self;
})
.meta
.nodeSpecialArgs
.${nodeName};
modules =
[
@ -88,7 +91,6 @@
linuxPackages_bpir3_latest
;
})
];
}
]
@ -112,19 +114,22 @@
};
packages = let
mkPatchedHostapd = pkgs: pkgs.hostapd.overrideDerivation(attrs: {
patches = attrs.patches ++ [
"${self.inputs.openwrt}/package/network/services/hostapd/patches/710-vlan_no_bridge.patch"
];
});
mkPatchedHostapd = pkgs:
pkgs.hostapd.overrideDerivation (attrs: {
patches =
attrs.patches
++ [
"${self.inputs.openwrt}/package/network/services/hostapd/patches/710-vlan_no_bridge.patch"
];
});
in {
"${nativeSystem}" = {
hostapd_patched = mkPatchedHostapd pkgs;
};
"${nativeSystem}" = {
hostapd_patched = mkPatchedHostapd pkgs;
};
cross = {
hostapd_patched = mkPatchedHostapd pkgsCross;
};
cross = {
hostapd_patched = mkPatchedHostapd pkgsCross;
};
};
};
}

99
nix/os/devices/sj-bm-hostkey0/configuration.nix
View file

@ -1,13 +1,14 @@
{ modulesPath
, repoFlake
, packages'
, pkgs
, lib
, config
, nodeFlake
, nodeName
, system
, ...
{
modulesPath,
repoFlake,
packages',
pkgs,
lib,
config,
nodeFlake,
nodeName,
system,
...
}: {
disabledModules = [
];
@ -34,7 +35,7 @@
inherit pkgs;
};
home-manager.users.steveej = { pkgs, ... }: {
home-manager.users.steveej = {pkgs, ...}: {
imports = [
../../../home-manager/configuration/text-minimal.nix
];
@ -51,7 +52,7 @@
programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh;
environment.pathsToLink = [ "/share/zsh" ];
environment.pathsToLink = ["/share/zsh"];
}
];
@ -82,54 +83,52 @@
firewall.enable = false;
};
disko.devices =
let
disk = id: {
type = "disk";
device = "/dev/${id}";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
};
mdadm = {
size = "100%";
content = {
type = "mdraid";
name = "raid0";
};
disko.devices = let
disk = id: {
type = "disk";
device = "/dev/${id}";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02"; # for grub MBR
};
mdadm = {
size = "100%";
content = {
type = "mdraid";
name = "raid0";
};
};
};
};
in
{
disk = {
sda = disk "sda";
sdb = disk "sdb";
};
mdadm = {
raid0 = {
type = "mdadm";
level = 0;
content = {
type = "gpt";
partitions = {
primary = {
size = "100%";
content = {
type = "filesystem";
format = "btrfs";
mountpoint = "/";
};
};
in {
disk = {
sda = disk "sda";
sdb = disk "sdb";
};
mdadm = {
raid0 = {
type = "mdadm";
level = 0;
content = {
type = "gpt";
partitions = {
primary = {
size = "100%";
content = {
type = "filesystem";
format = "btrfs";
mountpoint = "/";
};
};
};
};
};
};
};
system.stateVersion = "23.11";

11
nix/os/devices/sj-srv1/configuration.nix
View file

@ -1,9 +1,10 @@
{ nodeName
, config
, pkgs
, ...
{
nodeName,
config,
pkgs,
...
}: {
disabledModules = [ ];
disabledModules = [];
imports = [
../../profiles/common/configuration.nix
{

2
nix/os/devices/sj-srv1/hw.nix
View file

@ -43,7 +43,7 @@ in {
enable = true;
encrypted = false;
diskId = "virtio-virtio-paeNi8Fof9Oe";
earlyDiskIdOverride = "ata-INTEL_SSDSC2KB019TZ_PHYI315001FW1P9DGN";
earlyDiskIdOverride = "ata-INTEL_SSDSC2KB019TZ_PHYI315001FW1P9DGN";
};
boot.initrd.kernelModules = stage1Modules;

93
nix/os/devices/sj-srv1/system.nix
View file

@ -1,12 +1,11 @@
{ pkgs
, lib
, config
, repoFlake
, nodeName
, ...
}:
{
pkgs,
lib,
config,
repoFlake,
nodeName,
...
}: {
imports = [
../../snippets/systemd-resolved.nix
];
@ -28,52 +27,50 @@
networking.nat = {
enable = true;
internalInterfaces = [ "ve-*" ];
internalInterfaces = ["ve-*"];
externalInterface = "eth0";
};
# virtualization
virtualisation = { docker.enable = false; };
virtualisation = {docker.enable = false;};
nix.gc = { automatic = true; };
nix.gc = {automatic = true;};
sops.secrets.restic-password.sopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
# adapted from https://github.com/lilyinstarlight/foosteros/blob/5c75ded111878970fd4f600c7adc013f971d5e71/config/restic.nix
services.restic.backups.${nodeName} =
let
btrfs = "${pkgs.btrfs-progs}/bin/btrfs";
in
{
initialize = true;
repository = "sftp://u217879-sub3@u217879-sub3.your-storagebox.de:23/restic/${nodeName}";
services.restic.backups.${nodeName} = let
btrfs = "${pkgs.btrfs-progs}/bin/btrfs";
in {
initialize = true;
repository = "sftp://u217879-sub3@u217879-sub3.your-storagebox.de:23/restic/${nodeName}";
paths = [
"/backup"
];
paths = [
"/backup"
];
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 5"
"--keep-monthly 12"
"--keep-yearly 2"
];
pruneOpts = [
"--keep-daily 7"
"--keep-weekly 5"
"--keep-monthly 12"
"--keep-yearly 2"
];
timerConfig = {
OnCalendar = lib.mkDefault "daily";
Persistent = true;
};
passwordFile = config.sops.secrets.restic-password.path;
backupPrepareCommand = ''
${btrfs} su snapshot -r /var/lib/container-volumes /backup/container-volumes
'';
backupCleanupCommand = ''
${btrfs} su delete /backup/container-volumes
'';
timerConfig = {
OnCalendar = lib.mkDefault "daily";
Persistent = true;
};
passwordFile = config.sops.secrets.restic-password.path;
backupPrepareCommand = ''
${btrfs} su snapshot -r /var/lib/container-volumes /backup/container-volumes
'';
backupCleanupCommand = ''
${btrfs} su delete /backup/container-volumes
'';
};
containers = {
mailserver = import ../../containers/mailserver.nix {
inherit repoFlake;
@ -89,17 +86,17 @@
webserver =
import ../../containers/webserver.nix
{
inherit repoFlake;
{
inherit repoFlake;
autoStart = true;
autoStart = true;
hostAddress = "192.168.100.12";
localAddress = "192.168.100.13";
hostAddress = "192.168.100.12";
localAddress = "192.168.100.13";
httpPort = 80;
httpsPort = 443;
};
httpPort = 80;
httpsPort = 443;
};
syncthing = import ../../containers/syncthing.nix {
autoStart = true;

30
nix/os/devices/sj-vps-htz0/system.nix
View file

@ -1,14 +1,13 @@
{ pkgs
, lib
, config
, repoFlake
, nodeName
, ...
}:
let
wireguardPort = 51820;
in
{
pkgs,
lib,
config,
repoFlake,
nodeName,
...
}: let
wireguardPort = 51820;
in {
imports = [
../../snippets/systemd-resolved.nix
];
@ -39,7 +38,7 @@ in
"prefixLength" = 29;
}
];
ipv6.addresses = [ ];
ipv6.addresses = [];
};
networking.defaultGateway = {
@ -54,7 +53,7 @@ in
networking.nat = {
enable = true;
internalInterfaces = [ "ve-*" "wg*" ];
internalInterfaces = ["ve-*" "wg*"];
externalInterface = "eth0";
};
@ -79,7 +78,7 @@ in
privateKeyFile = config.sops.secrets.wg0-private.path;
peers = [
{
allowedIPs = [ "192.168.99.2/32" ];
allowedIPs = ["192.168.99.2/32"];
publicKey = "O3k4jEdX6jkV1fHP/J8KSH5tvi+n1VvnBTD5na6Naw0=";
presharedKeyFile = config.sops.secrets.wg0-psk-steveej-psk.path;
}
@ -87,15 +86,14 @@ in
};
# virtualization
virtualisation = { docker.enable = false; };
virtualisation = {docker.enable = false;};
services.spice-vdagentd.enable = true;
services.qemuGuest.enable = true;
nix.gc = { automatic = true; };
nix.gc = {automatic = true;};
containers = {
};
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix {

5
nix/os/devices/steveej-t14/configuration.nix
View file

@ -1,4 +1,4 @@
{ ... }: {
{...}: {
imports = [
../../snippets/home-manager-with-zsh.nix
../../snippets/nix-settings-holo-chain.nix
@ -19,8 +19,7 @@
./boot.nix
# samba seerver
({ lib, ... }: {
({lib, ...}: {
# networking.firewall.enable = lib.mkForce false;
services.samba-wsdd.enable = true; # make shares visible for windows 10 clients
networking.firewall.allowedTCPPorts = [

19
nix/os/devices/steveej-t14/default.nix
View file

@ -1,17 +1,16 @@
{ nodeName
, repoFlake
, repoFlakeWithSystem
, nodeFlake
, ...
}:
let
system = "x86_64-linux";
in
{
nodeName,
repoFlake,
repoFlakeWithSystem,
nodeFlake,
...
}: let
system = "x86_64-linux";
in {
meta.nodeSpecialArgs.${nodeName} = {
inherit repoFlake nodeName nodeFlake;
packages' = repoFlake.packages.${system};
repoFlakeInputs' = repoFlakeWithSystem system ({ inputs', ... }: inputs');
repoFlakeInputs' = repoFlakeWithSystem system ({inputs', ...}: inputs');
};
meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath {

26
nix/os/devices/steveej-t14/hw.nix
View file

@ -1,7 +1,5 @@
{ lib, ... }:
let
in
{
{lib, ...}: let
in {
# TASK: new device
hardware.opinionatedDisk = {
enable = true;
@ -68,16 +66,16 @@ in
enable = false;
levels = [
# ["level auto" 0 60]
[ 0 0 60 ]
[ 1 60 65 ]
[ 1 65 75 ]
[ 2 75 78 ]
[ 3 78 80 ]
[ 4 80 82 ]
[ 5 82 84 ]
[ 6 84 86 ]
[ 7 86 88 ]
[ "level full-speed" 88 999 ]
[0 0 60]
[1 60 65]
[1 65 75]
[2 75 78]
[3 78 80]
[4 80 82]
[5 82 84]
[6 84 86]
[7 86 88]
["level full-speed" 88 999]
];
extraArgs = [

52
nix/os/devices/steveej-t14/pkg.nix
View file

@ -1,8 +1,9 @@
{ pkgs
, lib
, repoFlake
, nodeFlake
, ...
{
pkgs,
lib,
repoFlake,
nodeFlake,
...
}: {
system.stateVersion = "23.05";
home-manager.users.root = _: {
@ -20,7 +21,7 @@
})
];
home.sessionVariables = { };
home.sessionVariables = {};
home.packages = with pkgs; [
];
@ -37,28 +38,26 @@
#
# (regreet:505614): Gtk-WARNING **: 10:31:42.532: Theme parser warning: <data>:6:17-18: Empty declaration
# Failed to create /var/empty/.cache for shader cache (Operation not permitted)---disabling.
services.greetd =
let
# exec "${pkgs.greetd.gtkgreet}/bin/gtkgreet -l; swaymsg exit"
swayConfig = pkgs.writeText "greetd-sway-config" ''
# `-l` activates layer-shell mode. Notice that `swaymsg exit` will run after gtkgreet.
exec "dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK; ${pkgs.greetd.regreet}/bin/regreet; swaymsg exit"
bindsym Mod4+shift+e exec swaynag \
-t warning \
-m 'What do you want to do?' \
-b 'Poweroff' 'systemctl poweroff' \
-b 'Reboot' 'systemctl reboot'
'';
in
{
enable = false;
settings = {
vt = 1;
default_session = {
command = "${pkgs.sway}/bin/sway --config ${swayConfig}";
};
services.greetd = let
# exec "${pkgs.greetd.gtkgreet}/bin/gtkgreet -l; swaymsg exit"
swayConfig = pkgs.writeText "greetd-sway-config" ''
# `-l` activates layer-shell mode. Notice that `swaymsg exit` will run after gtkgreet.
exec "dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK; ${pkgs.greetd.regreet}/bin/regreet; swaymsg exit"
bindsym Mod4+shift+e exec swaynag \
-t warning \
-m 'What do you want to do?' \
-b 'Poweroff' 'systemctl poweroff' \
-b 'Reboot' 'systemctl reboot'
'';
in {
enable = false;
settings = {
vt = 1;
default_session = {
command = "${pkgs.sway}/bin/sway --config ${swayConfig}";
};
};
};
environment.etc."greetd/environments".text = ''
sway
@ -107,5 +106,4 @@
# # };
# # };
# };
}

32
nix/os/devices/steveej-t14/system.nix
View file

@ -1,11 +1,11 @@
{ pkgs
, lib
, config
, nodeName
, repoFlake
, ...
}:
let
{
pkgs,
lib,
config,
nodeName,
repoFlake,
...
}: let
localTcpPorts = [
22
@ -21,9 +21,7 @@ let
22000
21027
];
in
{
in {
nix.settings = {
substituters = [
];
@ -41,7 +39,7 @@ in
system = "x86_64-linux";
maxJobs = 32;
speedFactor = 100;
supportedFeatures = repoFlake.nixosConfigurations.steveej-t14.config.nix.settings.system-features ++ [ ];
supportedFeatures = repoFlake.nixosConfigurations.steveej-t14.config.nix.settings.system-features ++ [];
}
{
@ -52,7 +50,7 @@ in
system = "aarch64-linux";
maxJobs = 32;
speedFactor = 100;
supportedFeatures = repoFlake.nixosConfigurations.router0-dmz0.config.nix.settings.system-features ++ [ ];
supportedFeatures = repoFlake.nixosConfigurations.router0-dmz0.config.nix.settings.system-features ++ [];
}
];
@ -61,7 +59,7 @@ in
networking.extraHosts = ''
'';
networking.bridges."virbr1".interfaces = [ ];
networking.bridges."virbr1".interfaces = [];
networking.interfaces."virbr1".ipv4.addresses = [
{
address = "10.254.254.254";
@ -94,7 +92,7 @@ in
# virtualization
virtualisation = {
libvirtd = { enable = true; };
libvirtd = {enable = true;};
virtualbox.host = {
enable = false;
@ -112,9 +110,9 @@ in
# client min protocol = NT1
'';
security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
security.pki.certificateFiles = ["${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"];
services.xserver.videoDrivers = lib.mkForce [ "amdgpu" ];
services.xserver.videoDrivers = lib.mkForce ["amdgpu"];
hardware.ledger.enable = true;

19
nix/os/devices/steveej-t14/user.nix
View file

@ -1,20 +1,19 @@
{ config
, pkgs
, lib
, ...
}:
let
keys = import ../../../variables/keys.nix;
inherit (pkgs.callPackage ../../lib/default.nix { }) mkUser;
in
{
config,
pkgs,
lib,
...
}: let
keys = import ../../../variables/keys.nix;
inherit (pkgs.callPackage ../../lib/default.nix {}) mkUser;
in {
users.users.steveej2 = mkUser {
uid = 1001;
openssh.authorizedKeys.keys = keys.users.steveej.openssh;
hashedPasswordFile = config.sops.secrets.sharedUsers-steveej.path;
};
nix.settings.trusted-users = [ "steveej" ];
nix.settings.trusted-users = ["steveej"];
security.pam.u2f.enable = true;
security.pam.services.steveej.u2fAuth = true;

30
nix/os/devices/steveej-x13s-rmvbl/configuration.nix
View file

@ -1,15 +1,14 @@
{ repoFlake
, nodeFlake
, pkgs
, lib
, config
, nodeName
, localDomainName
, system
, ...
}:
{
repoFlake,
nodeFlake,
pkgs,
lib,
config,
nodeName,
localDomainName,
system,
...
}: {
nixos-x13s = {
enable = true;
# TODO: use hardware address
@ -42,8 +41,8 @@
echo $?
)
'';
requiredBy = [ "bluetooth.service" ];
before = [ "bluetooth.service" ];
requiredBy = ["bluetooth.service"];
before = ["bluetooth.service"];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
@ -80,7 +79,6 @@
};
}
../../snippets/home-manager-with-zsh.nix
../../snippets/sway-desktop.nix
../../snippets/bluetooth.nix
@ -115,7 +113,7 @@
../../../home-manager/configuration/graphical-fullblown.nix
];
home.sessionVariables = { };
home.sessionVariables = {};
home.packages = with pkgs; [
];
@ -129,7 +127,7 @@
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = lib.mkForce false;
loader.efi.efiSysMountPoint = "/boot";
blacklistedKernelModules = [ "wwan" ];
blacklistedKernelModules = ["wwan"];
initrd.kernelModules = [
"phy_qcom_qmp_usb"

23
nix/os/devices/steveej-x13s-rmvbl/default.nix
View file

@ -1,25 +1,26 @@
{ system ? "aarch64-linux"
, nodeName
, repoFlake
, repoFlakeWithSystem
, nodeFlake
, localDomainName ? "internal"
, ...
{
system ? "aarch64-linux",
nodeName,
repoFlake,
repoFlakeWithSystem,
nodeFlake,
localDomainName ? "internal",
...
}: {
meta.nodeSpecialArgs.${nodeName} = {
inherit repoFlake nodeName nodeFlake system;
packages' = repoFlake.packages.${system};
nodePackages' = nodeFlake.packages.${system};
repoFlakeInputs' = repoFlakeWithSystem system ({ inputs', ... }: inputs');
repoFlakeInputs' = repoFlakeWithSystem system ({inputs', ...}: inputs');
inherit localDomainName;
};
meta.nodeNixpkgs.${nodeName} =
import nodeFlake.inputs.nixpkgs.outPath
{
inherit system;
};
{
inherit system;
};
${nodeName} = {
deployment.targetHost = "${nodeName}.${localDomainName}";

10
nix/os/devices/steveej-x13s-rmvbl/disko.nix
View file

@ -24,7 +24,7 @@
content = {
type = "luks";
name = "x13s-usb-crypt";
extraOpenArgs = [ ];
extraOpenArgs = [];
# disable settings.keyFile if you want to use interactive password entry
#passwordFile = "/tmp/secret.key"; # Interactive
settings = {
@ -36,19 +36,19 @@
# additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
content = {
type = "btrfs";
extraArgs = [ "-f" ];
extraArgs = ["-f"];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ];
mountOptions = ["compress=zstd" "noatime"];
};
"/home" = {
mountpoint = "/home";
mountOptions = [ "compress=zstd" "noatime" ];
mountOptions = ["compress=zstd" "noatime"];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
mountOptions = ["compress=zstd" "noatime"];
};
"/swap" = {
mountpoint = "/.swapvol";

151
nix/os/devices/steveej-x13s-rmvbl/flake.nix
View file

@ -1,89 +1,92 @@
{
inputs =
{
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
# required for home-manager modules
nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11";
# required for home-manager modules
nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11";
get-flake.url = "github:ursi/get-flake";
get-flake.url = "github:ursi/get-flake";
disko.inputs.nixpkgs.follows = "nixpkgs";
disko.inputs.nixpkgs.follows = "nixpkgs";
mobile-nixos.url = "github:NixOS/mobile-nixos";
mobile-nixos.flake = false;
mobile-nixos.url = "github:NixOS/mobile-nixos";
mobile-nixos.flake = false;
home-manager = {
url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-x13s.url = "git+https://codeberg.org/steveej/nixos-x13s";
nixos-x13s.inputs.nixpkgs.follows = "nixpkgs";
home-manager = {
url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs";
};
outputs =
{ self
, get-flake
, nixpkgs
, ...
}:
let
system = "aarch64-linux";
buildPlatform = "x86_64-linux";
repoFlake = get-flake ../../../..;
in
{
lib = {
mkNixosConfiguration = { nodeName, extraModules ? [ ], ... } @ attrs:
nixpkgs.lib.nixosSystem (
nixpkgs.lib.attrsets.recursiveUpdate
attrs
{
specialArgs = (import ./default.nix {
inherit system;
inherit nodeName repoFlake;
nixos-x13s.url = "git+https://codeberg.org/steveej/nixos-x13s";
nixos-x13s.inputs.nixpkgs.follows = "nixpkgs";
};
nodeFlake = self;
}).meta.nodeSpecialArgs.${nodeName};
outputs = {
self,
get-flake,
nixpkgs,
...
}: let
system = "aarch64-linux";
buildPlatform = "x86_64-linux";
repoFlake = get-flake ../../../..;
in {
lib = {
mkNixosConfiguration = {
nodeName,
extraModules ? [],
...
} @ attrs:
nixpkgs.lib.nixosSystem (
nixpkgs.lib.attrsets.recursiveUpdate
attrs
{
specialArgs =
(import ./default.nix {
inherit system;
inherit nodeName repoFlake;
modules =
[
# repoFlake.nixosModules.hardware-x13s
]
++ extraModules;
}
);
nodeFlake = self;
})
.meta
.nodeSpecialArgs
.${nodeName};
modules =
[
# repoFlake.nixosModules.hardware-x13s
]
++ extraModules;
}
);
};
nixosConfigurations = let
nodeName = "steveej-x13s-rmvbl";
in {
native = self.lib.mkNixosConfiguration {
inherit system nodeName;
extraModules = [
./configuration.nix
{
users.commonUsers.installPassword = "install";
}
];
};
nixosConfigurations =
let
nodeName = "steveej-x13s-rmvbl";
in
{
native = self.lib.mkNixosConfiguration {
inherit system nodeName;
extraModules = [
./configuration.nix
cross = self.lib.mkNixosConfiguration {
inherit nodeName;
extraModules = [
./configuration.nix
{
users.commonUsers.installPassword = "install";
}
];
};
cross = self.lib.mkNixosConfiguration {
inherit nodeName;
extraModules = [
./configuration.nix
{
nixpkgs.buildPlatform.system = buildPlatform;
nixpkgs.hostPlatform.system = system;
}
];
};
};
{
nixpkgs.buildPlatform.system = buildPlatform;
nixpkgs.hostPlatform.system = system;
}
];
};
};
};
}

30
nix/os/devices/steveej-x13s/configuration.nix
View file

@ -1,15 +1,14 @@
{ repoFlake
, nodeFlake
, pkgs
, lib
, config
, nodeName
, localDomainName
, system
, ...
}:
{
repoFlake,
nodeFlake,
pkgs,
lib,
config,
nodeName,
localDomainName,
system,
...
}: {
nixos-x13s = {
enable = true;
# TODO: use hardware address
@ -44,8 +43,8 @@
echo $?
)
'';
requiredBy = [ "bluetooth.service" ];
before = [ "bluetooth.service" ];
requiredBy = ["bluetooth.service"];
before = ["bluetooth.service"];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
@ -82,7 +81,6 @@
};
}
../../snippets/home-manager-with-zsh.nix
../../snippets/sway-desktop.nix
../../snippets/bluetooth.nix
@ -117,7 +115,7 @@
../../../home-manager/configuration/graphical-fullblown.nix
];
home.sessionVariables = { };
home.sessionVariables = {};
home.packages = with pkgs; [
];
@ -131,7 +129,7 @@
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = lib.mkForce false;
loader.efi.efiSysMountPoint = "/boot";
blacklistedKernelModules = [ "wwan" ];
blacklistedKernelModules = ["wwan"];
};
# see https://linrunner.de/tlp/

23
nix/os/devices/steveej-x13s/default.nix
View file

@ -1,25 +1,26 @@
{ system ? "aarch64-linux"
, nodeName
, repoFlake
, repoFlakeWithSystem
, nodeFlake
, localDomainName ? "internal"
, ...
{
system ? "aarch64-linux",
nodeName,
repoFlake,
repoFlakeWithSystem,
nodeFlake,
localDomainName ? "internal",
...
}: {
meta.nodeSpecialArgs.${nodeName} = {
inherit repoFlake nodeName nodeFlake system;
packages' = repoFlake.packages.${system};
nodePackages' = nodeFlake.packages.${system};
repoFlakeInputs' = repoFlakeWithSystem system ({ inputs', ... }: inputs');
repoFlakeInputs' = repoFlakeWithSystem system ({inputs', ...}: inputs');
inherit localDomainName;
};
meta.nodeNixpkgs.${nodeName} =
import nodeFlake.inputs.nixpkgs.outPath
{
inherit system;
};
{
inherit system;
};
${nodeName} = {
deployment.targetHost = "${nodeName}.${localDomainName}";

10
nix/os/devices/steveej-x13s/disko.nix
View file

@ -24,7 +24,7 @@
content = {
type = "luks";
name = "x13s-nvme-crypt";
extraOpenArgs = [ ];
extraOpenArgs = [];
# disable settings.keyFile if you want to use interactive password entry
#passwordFile = "/tmp/secret.key"; # Interactive
settings = {
@ -36,19 +36,19 @@
# additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
content = {
type = "btrfs";
extraArgs = [ "-f" ];
extraArgs = ["-f"];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ];
mountOptions = ["compress=zstd" "noatime"];
};
"/home" = {
mountpoint = "/home";
mountOptions = [ "compress=zstd" "noatime" ];
mountOptions = ["compress=zstd" "noatime"];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
mountOptions = ["compress=zstd" "noatime"];
};
"/swap" = {
mountpoint = "/.swapvol";

151
nix/os/devices/steveej-x13s/flake.nix
View file

@ -1,89 +1,92 @@
{
inputs =
{
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
# required for home-manager modules
nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11";
# required for home-manager modules
nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11";
get-flake.url = "github:ursi/get-flake";
get-flake.url = "github:ursi/get-flake";
disko.inputs.nixpkgs.follows = "nixpkgs";
disko.inputs.nixpkgs.follows = "nixpkgs";
mobile-nixos.url = "github:NixOS/mobile-nixos";
mobile-nixos.flake = false;
mobile-nixos.url = "github:NixOS/mobile-nixos";
mobile-nixos.flake = false;
home-manager = {
url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs";
};
# nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s?rev=5044811f7804e7cf83923908d1b35322f34fb3fc"; # 6.7.0-1
nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s";
nixos-x13s.inputs.nixpkgs.follows = "nixpkgs";
home-manager = {
url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs";
};
outputs =
{ self
, get-flake
, nixpkgs
, ...
}:
let
targetPlatform = "aarch64-linux";
buildPlatform = "x86_64-linux";
repoFlake = get-flake ../../../..;
# nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s?rev=5044811f7804e7cf83923908d1b35322f34fb3fc"; # 6.7.0-1
nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s";
nixos-x13s.inputs.nixpkgs.follows = "nixpkgs";
};
mkNixosConfiguration = { nodeName, extraModules ? [ ], ... } @ attrs:
nixpkgs.lib.nixosSystem (
nixpkgs.lib.attrsets.recursiveUpdate
attrs
{
specialArgs = (import ./default.nix {
system = targetPlatform;
inherit nodeName repoFlake;
outputs = {
self,
get-flake,
nixpkgs,
...
}: let
targetPlatform = "aarch64-linux";
buildPlatform = "x86_64-linux";
repoFlake = get-flake ../../../..;
nodeFlake = self;
}).meta.nodeSpecialArgs.${nodeName};
modules =
[
# repoFlake.nixosModules.hardware-x13s
]
++ extraModules;
}
);
in
{
lib = {
inherit mkNixosConfiguration;
};
nixosConfigurations =
let
nodeName = "steveej-x13s";
in
mkNixosConfiguration = {
nodeName,
extraModules ? [],
...
} @ attrs:
nixpkgs.lib.nixosSystem (
nixpkgs.lib.attrsets.recursiveUpdate
attrs
{
native = mkNixosConfiguration {
inherit nodeName;
system = targetPlatform;
extraModules = [
./configuration.nix
];
};
specialArgs =
(import ./default.nix {
system = targetPlatform;
inherit nodeName repoFlake;
cross = mkNixosConfiguration {
inherit nodeName;
extraModules = [
./configuration.nix
nodeFlake = self;
})
.meta
.nodeSpecialArgs
.${nodeName};
{
nixpkgs.buildPlatform.system = buildPlatform;
nixpkgs.hostPlatform.system = targetPlatform;
}
];
};
};
modules =
[
# repoFlake.nixosModules.hardware-x13s
]
++ extraModules;
}
);
in {
lib = {
inherit mkNixosConfiguration;
};
nixosConfigurations = let
nodeName = "steveej-x13s";
in {
native = mkNixosConfiguration {
inherit nodeName;
system = targetPlatform;
extraModules = [
./configuration.nix
];
};
cross = mkNixosConfiguration {
inherit nodeName;
extraModules = [
./configuration.nix
{
nixpkgs.buildPlatform.system = buildPlatform;
nixpkgs.hostPlatform.system = targetPlatform;
}
];
};
};
};
}

20
nix/os/devices/voodoo/flake.nix
View file

@ -32,13 +32,17 @@
nixpkgs.lib.attrsets.recursiveUpdate
attrs
{
specialArgs = (import ./default.nix {
system = targetPlatform;
inherit nodeName;
specialArgs =
(import ./default.nix {
system = targetPlatform;
inherit nodeName;
repoFlake = get-flake ../../../..;
nodeFlake = self;
}).meta.nodeSpecialArgs.${nodeName};
repoFlake = get-flake ../../../..;
nodeFlake = self;
})
.meta
.nodeSpecialArgs
.${nodeName};
modules =
[
@ -51,10 +55,8 @@
{
nixpkgs.overlays = [
(final: previous:
{
(final: previous: {
})
];
}
]

69
nix/os/lib/default.nix
View file

@ -1,39 +1,38 @@
{ lib
, config
,
}:
let
keys = import ../../variables/keys.nix;
in
{
mkUser = args: lib.mkMerge [
{
isNormalUser = true;
extraGroups = [
"docker"
"wheel"
"libvirtd"
"networkmanager"
"vboxusers"
"users"
"input"
"audio"
"video"
"cdrom"
"adbusers"
"dialout"
"cdrom"
"fuse"
];
openssh.authorizedKeys.keys = keys.users.steveej.openssh;
lib,
config,
}: let
keys = import ../../variables/keys.nix;
in {
mkUser = args:
lib.mkMerge [
{
isNormalUser = true;
extraGroups = [
"docker"
"wheel"
"libvirtd"
"networkmanager"
"vboxusers"
"users"
"input"
"audio"
"video"
"cdrom"
"adbusers"
"dialout"
"cdrom"
"fuse"
];
openssh.authorizedKeys.keys = keys.users.steveej.openssh;
# TODO: investigate why this secret cannot be found
# openssh.authorizedKeys.keyFiles = [
# config.sops.secrets.sharedSshKeys-steveej.path
# ];
}
args
];
# TODO: investigate why this secret cannot be found
# openssh.authorizedKeys.keyFiles = [
# config.sops.secrets.sharedSshKeys-steveej.path
# ];
}
args
];
disk = rec {
# TODO: verify the GPT PARTLABEL cap at 36 chars
@ -41,7 +40,7 @@ in
# LVM doesn't allow most characters in VG names
# TODO: replace this with a whitelist for: [a-zA-Z0-9.-_+]
volumeGroup = diskId: builtins.replaceStrings [ ":" ] [ "" ] diskId;
volumeGroup = diskId: builtins.replaceStrings [":"] [""] diskId;
# This is important at install-time
bootGrubDevice = diskId: "/dev/disk/by-id/" + diskId;

404
nix/os/modules/hardware.thinkpad-x13s.nix
View file

@ -1,10 +1,15 @@
{ self, pkgs, config, lib, options, ... }:
let
{
self,
pkgs,
config,
lib,
options,
...
}: let
# TODO: introduce options for these
kernelPdMapper = true;
cfg = config.hardware.thinkpad-x13s;
in
{
in {
options.hardware.thinkpad-x13s = {
# TODO: respect this
enable = lib.mkEnableOption "x13s hardware support";
@ -14,223 +19,222 @@ in
description = "mac address to set on boot";
};
};
config =
let
inherit (config.boot.loader) efi;
kp = [
{
name = "x13s-cfg";
patch = null;
extraStructuredConfig = with lib.kernel; {
EFI_ARMSTUB_DTB_LOADER = lib.mkForce yes;
OF_OVERLAY = lib.mkForce yes;
BTRFS_FS = lib.mkForce yes;
BTRFS_FS_POSIX_ACL = lib.mkForce yes;
MEDIA_CONTROLLER = lib.mkForce yes;
SND_USB_AUDIO_USE_MEDIA_CONTROLLER = lib.mkForce yes;
SND_USB = lib.mkForce yes;
SND_USB_AUDIO = lib.mkForce module;
USB_XHCI_PCI = lib.mkForce module;
NO_HZ_FULL = lib.mkForce yes;
HZ_100 = lib.mkForce yes;
HZ_250 = lib.mkForce no;
DRM_AMDGPU = lib.mkForce no;
DRM_NOUVEAU = lib.mkForce no;
QCOM_TSENS = lib.mkForce yes;
NVMEM_QCOM_QFPROM = lib.mkForce yes;
ARM_QCOM_CPUFREQ_NVMEM = lib.mkForce yes;
VIRTIO_PCI = lib.mkForce module;
# forthcoming kernel work: QCOM_PD_MAPPER = lib.mkForce module;
};
}
];
config = let
inherit (config.boot.loader) efi;
kp = [
{
name = "x13s-cfg";
patch = null;
extraStructuredConfig = with lib.kernel; {
EFI_ARMSTUB_DTB_LOADER = lib.mkForce yes;
OF_OVERLAY = lib.mkForce yes;
BTRFS_FS = lib.mkForce yes;
BTRFS_FS_POSIX_ACL = lib.mkForce yes;
MEDIA_CONTROLLER = lib.mkForce yes;
SND_USB_AUDIO_USE_MEDIA_CONTROLLER = lib.mkForce yes;
SND_USB = lib.mkForce yes;
SND_USB_AUDIO = lib.mkForce module;
USB_XHCI_PCI = lib.mkForce module;
NO_HZ_FULL = lib.mkForce yes;
HZ_100 = lib.mkForce yes;
HZ_250 = lib.mkForce no;
DRM_AMDGPU = lib.mkForce no;
DRM_NOUVEAU = lib.mkForce no;
QCOM_TSENS = lib.mkForce yes;
NVMEM_QCOM_QFPROM = lib.mkForce yes;
ARM_QCOM_CPUFREQ_NVMEM = lib.mkForce yes;
VIRTIO_PCI = lib.mkForce module;
# forthcoming kernel work: QCOM_PD_MAPPER = lib.mkForce module;
};
}
];
qrtr = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/qrtr.nix" { };
pd-mapper = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/pd-mapper.nix" {
inherit qrtr;
};
qrtr = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/qrtr.nix" {};
pd-mapper = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/pd-mapper.nix" {
inherit qrtr;
};
# We can't quite move to mainline linux
linux_x13s_pkg = { buildLinux, ... } @ args:
buildLinux (args // rec {
# We can't quite move to mainline linux
linux_x13s_pkg = {buildLinux, ...} @ args:
buildLinux (args
// rec {
version = "6.7.0";
modDirVersion = lib.versions.pad 3 version;
extraMeta.branch = lib.versions.majorMinor version;
src = self.inputs.linux_x13s;
kernelPatches = (args.kernelPatches or [ ]) ++ kp;
} // (args.argsOverride or { }));
kernelPatches = (args.kernelPatches or []) ++ kp;
}
// (args.argsOverride or {}));
# we add additional configuration on top of te normal configuration above
# using the extraStructuredConfig option on the kernel patch
linux_x13s = pkgs.callPackage linux_x13s_pkg {
defconfig = "johan_defconfig";
};
# we add additional configuration on top of te normal configuration above
# using the extraStructuredConfig option on the kernel patch
linux_x13s = pkgs.callPackage linux_x13s_pkg {
defconfig = "johan_defconfig";
};
linuxPackages_x13s = pkgs.linuxPackagesFor linux_x13s;
dtbName = "sc8280xp-lenovo-thinkpad-x13s.dtb";
dtb = "${linuxPackages_x13s.kernel}/dtbs/qcom/${dtbName}";
linuxPackages_x13s = pkgs.linuxPackagesFor linux_x13s;
dtbName = "sc8280xp-lenovo-thinkpad-x13s.dtb";
dtb = "${linuxPackages_x13s.kernel}/dtbs/qcom/${dtbName}";
x13s_alsa-ucm-conf = pkgs.alsa-ucm-conf.overrideAttrs (prev: {
src = self.inputs.alsa-ucm-conf;
});
alsa-ucm-conf-env.ALSA_CONFIG_UCM2 = "${x13s_alsa-ucm-conf}/share/alsa/ucm2";
in
x13s_alsa-ucm-conf = pkgs.alsa-ucm-conf.overrideAttrs (prev: {
src = self.inputs.alsa-ucm-conf;
});
alsa-ucm-conf-env.ALSA_CONFIG_UCM2 = "${x13s_alsa-ucm-conf}/share/alsa/ucm2";
in
lib.mkIf cfg.enable
{
nixpkgs.overlays = [
(final: prev:
{
x13s_extra-firmware = pkgs.callPackage
"${self.inputs.adamcstephens_stop-export}/hardware/x13s/extra-firmware.nix"
{ };
{
nixpkgs.overlays = [
(
final: prev: {
x13s_extra-firmware =
pkgs.callPackage
"${self.inputs.adamcstephens_stop-export}/hardware/x13s/extra-firmware.nix"
{};
inherit qrtr pd-mapper;
}
)
inherit qrtr pd-mapper;
}
)
];
# ensure the x13s' dtb file is in the boot partition
# TODO:: is this needed for the VT display somehow?
system.activationScripts.x13s-dtb = ''
in_package="${dtb}"
esp_tool_folder="${efi.efiSysMountPoint}/"
in_esp="''${esp_tool_folder}${dtbName}"
>&2 echo "Ensuring $in_esp in EFI System Partition"
if ! ${pkgs.diffutils}/bin/cmp --silent "$in_package" "$in_esp"; then
>&2 echo "Copying $in_package -> $in_esp"
mkdir -p "$esp_tool_folder"
cp "$in_package" "$in_esp"
sync
fi
'';
boot = {
loader.systemd-boot.enable = true;
loader.systemd-boot.extraFiles = {
"${dtbName}" = dtb;
};
loader.efi.canTouchEfiVariables = false;
loader.efi.efiSysMountPoint = "/boot";
blacklistedKernelModules = ["wwan"];
kernelPackages = linuxPackages_x13s;
kernelParams = [
"dtb=${dtbName}"
"boot.shell_on_fail"
# jhovold recommended
"efi=noruntime"
"clk_ignore_unused"
"pd_ignore_unused"
"arm64.nopauth"
# blacklist graphics in initrd so the firmware can load from disk
"rd.driver.blacklist=msm"
];
# ensure the x13s' dtb file is in the boot partition
# TODO:: is this needed for the VT display somehow?
system.activationScripts.x13s-dtb = ''
in_package="${dtb}"
esp_tool_folder="${efi.efiSysMountPoint}/"
in_esp="''${esp_tool_folder}${dtbName}"
>&2 echo "Ensuring $in_esp in EFI System Partition"
if ! ${pkgs.diffutils}/bin/cmp --silent "$in_package" "$in_esp"; then
>&2 echo "Copying $in_package -> $in_esp"
mkdir -p "$esp_tool_folder"
cp "$in_package" "$in_esp"
sync
fi
'';
initrd = {
includeDefaultModules = false;
boot = {
loader.systemd-boot.enable = true;
loader.systemd-boot.extraFiles = {
"${dtbName}" = dtb;
};
loader.efi.canTouchEfiVariables = false;
loader.efi.efiSysMountPoint = "/boot";
# kernelModules = [
# "nvme"
# "phy_qcom_qmp_pcie"
# "pcie_qcom"
blacklistedKernelModules = [ "wwan" ];
# "i2c_core"
# "i2c_hid"
# "i2c_hid_of"
# "i2c_qcom_geni"
kernelPackages = linuxPackages_x13s;
# "leds_qcom_lpg"
# "pwm_bl"
# "qrtr"
# "pmic_glink_altmode"
# "gpio_sbu_mux"
# "phy_qcom_qmp_combo"
# "gpucc_sc8280xp"
# "dispcc_sc8280xp"
# "phy_qcom_edp"
# "panel_edp"
# # "msm"
kernelParams = [
"dtb=${dtbName}"
# ];
"boot.shell_on_fail"
availableKernelModules = [
"i2c_hid"
"i2c_hid_of"
"i2c_qcom_geni"
"leds_qcom_lpg"
"pwm_bl"
"qrtr"
"pmic_glink_altmode"
"gpio_sbu_mux"
"phy_qcom_qmp_combo"
"panel_edp"
# "msm"
"phy_qcom_edp"
"i2c_core"
"i2c_hid"
"i2c_hid_of"
"i2c_qcom_geni"
"pcie_qcom"
"phy_qcom_qmp_combo"
"phy_qcom_qmp_pcie"
"phy_qcom_qmp_usb"
"phy_qcom_snps_femto_v2"
"phy_qcom_usb_hs"
"nvme"
# jhovold recommended
"efi=noruntime"
"clk_ignore_unused"
"pd_ignore_unused"
"arm64.nopauth"
# blacklist graphics in initrd so the firmware can load from disk
"rd.driver.blacklist=msm"
"usbcore"
"xhci_hcd"
"usbhid"
"usb_storage"
"uas"
];
initrd = {
includeDefaultModules = false;
# kernelModules = [
# "nvme"
# "phy_qcom_qmp_pcie"
# "pcie_qcom"
# "i2c_core"
# "i2c_hid"
# "i2c_hid_of"
# "i2c_qcom_geni"
# "leds_qcom_lpg"
# "pwm_bl"
# "qrtr"
# "pmic_glink_altmode"
# "gpio_sbu_mux"
# "phy_qcom_qmp_combo"
# "gpucc_sc8280xp"
# "dispcc_sc8280xp"
# "phy_qcom_edp"
# "panel_edp"
# # "msm"
# ];
availableKernelModules = [
"i2c_hid"
"i2c_hid_of"
"i2c_qcom_geni"
"leds_qcom_lpg"
"pwm_bl"
"qrtr"
"pmic_glink_altmode"
"gpio_sbu_mux"
"phy_qcom_qmp_combo"
"panel_edp"
# "msm"
"phy_qcom_edp"
"i2c_core"
"i2c_hid"
"i2c_hid_of"
"i2c_qcom_geni"
"pcie_qcom"
"phy_qcom_qmp_combo"
"phy_qcom_qmp_pcie"
"phy_qcom_qmp_usb"
"phy_qcom_snps_femto_v2"
"phy_qcom_usb_hs"
"nvme"
"usbcore"
"xhci_hcd"
"usbhid"
"usb_storage"
"uas"
];
};
};
# default is performance
powerManagement.cpuFreqGovernor = "ondemand";
hardware.enableAllFirmware = true;
hardware.firmware = [
# pkgs.linux-firmware
pkgs.x13s_extra-firmware
];
systemd.services.pd-mapper = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${lib.getExe pd-mapper}";
Restart = "always";
};
};
environment.sessionVariables = alsa-ucm-conf-env;
systemd.user.services.pipewire.environment = alsa-ucm-conf-env;
systemd.user.services.wireplumber.environment = alsa-ucm-conf-env;
systemd.services.bluetooth = {
serviceConfig = {
# disabled because btmgmt call hangs
ExecStartPre = [
""
"${pkgs.util-linux}/bin/rfkill block bluetooth"
"${pkgs.bluez5-experimental}/bin/btmgmt public-addr ${cfg.bluetoothMac}"
"${pkgs.util-linux}/bin/rfkill unblock bluetooth"
];
RestartSec = 5;
Restart = "on-failure";
};
};
};
# default is performance
powerManagement.cpuFreqGovernor = "ondemand";
hardware.enableAllFirmware = true;
hardware.firmware = [
# pkgs.linux-firmware
pkgs.x13s_extra-firmware
];
systemd.services.pd-mapper = {
wantedBy = ["multi-user.target"];
serviceConfig = {
ExecStart = "${lib.getExe pd-mapper}";
Restart = "always";
};
};
environment.sessionVariables = alsa-ucm-conf-env;
systemd.user.services.pipewire.environment = alsa-ucm-conf-env;
systemd.user.services.wireplumber.environment = alsa-ucm-conf-env;
systemd.services.bluetooth = {
serviceConfig = {
# disabled because btmgmt call hangs
ExecStartPre = [
""
"${pkgs.util-linux}/bin/rfkill block bluetooth"
"${pkgs.bluez5-experimental}/bin/btmgmt public-addr ${cfg.bluetoothMac}"
"${pkgs.util-linux}/bin/rfkill unblock bluetooth"
];
RestartSec = 5;
Restart = "on-failure";
};
};
};
}

3
nix/os/modules/opinionatedDisk.nix
View file

@ -11,8 +11,7 @@ with lib; let
earlyDiskId = cfg:
if cfg.earlyDiskIdOverride != ""
then cfg.earlyDiskIdOverride
else cfg.diskId
;
else cfg.diskId;
in {
options.hardware.opinionatedDisk = {
enable = mkEnableOption "Enable opinionated filesystem layout";

17
nix/os/profiles/common/configuration.nix
View file

@ -1,10 +1,11 @@
{ config
, pkgs
, repoFlake
, nodeFlake
, repoFlakeInputs'
, packages'
, ...
{
config,
pkgs,
repoFlake,
nodeFlake,
repoFlakeInputs',
packages',
...
}: {
imports = [
repoFlake.inputs.sops-nix.nixosModules.sops
@ -29,7 +30,7 @@
boot.tmp.useTmpfs = true;
# Workaround for nm-pptp to enforce module load
boot.kernelModules = [ "nf_conntrack_proto_gre" "nf_conntrack_pptp" ];
boot.kernelModules = ["nf_conntrack_proto_gre" "nf_conntrack_pptp"];
nixpkgs.config = {
allowBroken = false;

15
nix/os/profiles/common/system.nix
View file

@ -1,8 +1,9 @@
{ config
, pkgs
, lib
, nodeName
, ...
{
config,
pkgs,
lib,
nodeName,
...
}: {
networking.hostName = builtins.elemAt (builtins.split "\\." nodeName) 0; # Define your hostname.
networking.domain = builtins.elemAt (builtins.split "(^[^\\.]+\.)" nodeName) 2;
@ -14,11 +15,11 @@
'';
# Fonts, I18N, Date ...
fonts.packages = [ pkgs.corefonts ];
fonts.packages = [pkgs.corefonts];
console.font = "lat9w-16";
i18n = { defaultLocale = "en_US.UTF-8"; };
i18n = {defaultLocale = "en_US.UTF-8";};
time.timeZone = "Etc/UTC";
services.gpm.enable = true;

16
nix/os/profiles/common/user.nix
View file

@ -1,9 +1,9 @@
{ config
, pkgs
, lib
, ...
}:
let
{
config,
pkgs,
lib,
...
}: let
keys = import ../../../variables/keys.nix;
inherit
(import ../../lib/default.nix {
@ -16,8 +16,7 @@ let
inherit (lib) types;
cfg = config.users.commonUsers;
in
{
in {
options.users.commonUsers = {
enable = lib.mkOption {
default = true;
@ -77,7 +76,6 @@ in
})
];
users.users.steveej = lib.mkIf cfg.enableNonRoot (mkUser (lib.mkMerge [
{
uid = 1000;

11
nix/os/profiles/graphical/system.nix
View file

@ -1,6 +1,7 @@
{ pkgs
, lib
, ...
{
pkgs,
lib,
...
}: {
imports = [
../../snippets/bluetooth.nix
@ -25,7 +26,7 @@
services.pcscd.enable = true;
hardware.opengl.enable = true;
services.udev.packages = [ pkgs.libu2f-host pkgs.yubikey-personalization pkgs.android-udev-rules ];
services.udev.packages = [pkgs.libu2f-host pkgs.yubikey-personalization pkgs.android-udev-rules];
services.udev.extraRules = ''
# OnePlusOne
ATTR{idVendor}=="05c6", ATTR{idProduct}=="6764", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess"
@ -52,6 +53,6 @@
services.printing = {
enable = true;
drivers = with pkgs; [ mfcl3770cdwlpr mfcl3770cdwcupswrapper ];
drivers = with pkgs; [mfcl3770cdwlpr mfcl3770cdwcupswrapper];
};
}

9
nix/os/snippets/bluetooth.nix
View file

@ -1,9 +1,10 @@
{ pkgs
, lib
, ...
{
pkgs,
lib,
...
}: {
# required for running blueman-applet in user sessions
services.dbus.packages = with pkgs; [ blueman ];
services.dbus.packages = with pkgs; [blueman];
hardware.bluetooth.enable = true;
services.blueman.enable = true;
}

22
nix/os/snippets/home-manager-with-zsh.nix
View file

@ -1,12 +1,11 @@
{ nodeFlake
, repoFlake
, repoFlakeInputs'
, packages'
, pkgs
, ...
}:
let
{
nodeFlake,
repoFlake,
repoFlakeInputs',
packages',
pkgs,
...
}: let
# TODO: make this configurable
homeUser = "steveej";
commonHomeImports = [
@ -14,8 +13,7 @@ let
../../home-manager/programs/neovim.nix
../../home-manager/programs/zsh.nix
];
in
{
in {
imports = [
nodeFlake.inputs.home-manager.nixosModules.home-manager
];
@ -45,5 +43,5 @@ in
programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh;
environment.pathsToLink = [ "/share/zsh" ];
environment.pathsToLink = ["/share/zsh"];
}

10
nix/os/snippets/nix-settings.nix
View file

@ -1,7 +1,8 @@
{ nodeFlake
, pkgs
, lib
, ...
{
nodeFlake,
pkgs,
lib,
...
}: {
nix.daemonCPUSchedPolicy = "idle";
nix.daemonIOSchedClass = "idle";
@ -25,5 +26,4 @@
];
nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs;
}

30
nix/os/snippets/radicale.nix
View file

@ -1,15 +1,13 @@
{ config
, lib
, pkgs
, repoFlakeInputs'
, ...
}:
let
{
config,
lib,
pkgs,
repoFlakeInputs',
...
}: let
# TODO: make configurable
homeUser = "steveej";
in
{
in {
sops.secrets.radicale_htpasswd = {
sopsFile = ../../../secrets/desktop/radicale_htpasswd;
format = "binary";
@ -19,11 +17,13 @@ in
home-manager.users.${homeUser} = _: {
imports = [
# TODO: bump these to latest and make it work
(args:
import ../../home-manager/programs/radicale.nix (args // {
osConfig = config;
pkgs = repoFlakeInputs'.radicalePkgs.legacyPackages;
})
(
args:
import ../../home-manager/programs/radicale.nix (args
// {
osConfig = config;
pkgs = repoFlakeInputs'.radicalePkgs.legacyPackages;
})
)
];
};

47
nix/os/snippets/sway-desktop.nix
View file

@ -1,14 +1,12 @@
{ pkgs
, lib
, config
, ...
}:
let
{
pkgs,
lib,
config,
...
}: let
# TODO: make this configurable
homeUser = "steveej";
in
{
in {
services.xserver.serverFlagsSection = ''
Option "BlankTime" "0"
Option "StandbyTime" "0"
@ -30,7 +28,7 @@ in
# required by swaywm
security.polkit.enable = true;
security.pam.services.swaylock = { };
security.pam.services.swaylock = {};
# test these on https://mozilla.github.io/webrtc-landing/gum_test.html
xdg.portal = {
@ -54,7 +52,6 @@ in
];
};
# rtkit is optional but recommended
security.rtkit.enable = true;
services.pipewire = {
@ -74,8 +71,8 @@ in
# autologin steveej on tty1
# TODO: make user configurable
systemd.services."autovt@tty1".description = "Autologin at the TTY1";
systemd.services."autovt@tty1".after = [ "systemd-logind.service" ]; # without it user session not started and xorg can't be run from this tty
systemd.services."autovt@tty1".wantedBy = [ "multi-user.target" ];
systemd.services."autovt@tty1".after = ["systemd-logind.service"]; # without it user session not started and xorg can't be run from this tty
systemd.services."autovt@tty1".wantedBy = ["multi-user.target"];
systemd.services."autovt@tty1".serviceConfig = {
ExecStart = [
"" # override upstream default with an empty ExecStart
@ -85,19 +82,17 @@ in
Type = "idle";
};
programs =
let
steveejSwayOnTty1 = ''
if test $(id --user steveej) = $(id -u) && test $(tty) = "/dev/tty1"; then
exec sway
fi
'';
in
{
bash.loginShellInit = steveejSwayOnTty1;
# TODO: only do this when zsh is enabled. first naiv attempt lead infinite recursion
zsh.loginShellInit = steveejSwayOnTty1;
};
programs = let
steveejSwayOnTty1 = ''
if test $(id --user steveej) = $(id -u) && test $(tty) = "/dev/tty1"; then
exec sway
fi
'';
in {
bash.loginShellInit = steveejSwayOnTty1;
# TODO: only do this when zsh is enabled. first naiv attempt lead infinite recursion
zsh.loginShellInit = steveejSwayOnTty1;
};
home-manager.users."${homeUser}" = _: {
imports = [

8
nix/os/snippets/timezone.nix
View file

@ -1,9 +1,5 @@
{ lib, ... }:
let
{lib, ...}: let
passwords = import ../../variables/passwords.crypt.nix;
in
{
in {
time.timeZone = lib.mkDefault passwords.timeZone.stefan;
}