steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

nix fmt

Browse source
This commit is contained in:
steveej 2024-02-08 20:53:22 +01:00
parent a9218a80e6
commit 7137e93805
49 changed files with 2034 additions and 2002 deletions
Download patch file Download diff file Expand all files Collapse all files

419
flake.nix
View file

@ -75,7 +75,6 @@
flake = false; flake = false;
}; };
### inputs for thinkpad x13s ### inputs for thinkpad x13s
# see https://github.com/jhovold/linux/wiki/X13s for status updates # see https://github.com/jhovold/linux/wiki/X13s for status updates
linux_x13s.url = "github:jhovold/linux/wip/sc8280xp-v6.7"; linux_x13s.url = "github:jhovold/linux/wip/sc8280xp-v6.7";
@ -91,242 +90,236 @@
url = "git+https://codeberg.org/adamcstephens/stop-export.git"; url = "git+https://codeberg.org/adamcstephens/stop-export.git";
}; };
# alsa-ucm-conf = { # alsa-ucm-conf = {
# flake = false; # flake = false;
# url = "github:alsa-project/alsa-ucm-conf/master"; # url = "github:alsa-project/alsa-ucm-conf/master";
# }; # };
logseq_0_10_5_aarch64_appimage = { logseq_0_10_5_aarch64_appimage = {
flake = false; flake = false;
url = "https://www.stefanjunker.de/downloads/Logseq-0.10.5.AppImage"; url = "https://www.stefanjunker.de/downloads/Logseq-0.10.5.AppImage";
}; };
}; };
outputs = outputs = inputs @ {
inputs @ { self self,
, flake-parts flake-parts,
, nixpkgs nixpkgs,
, ... ...
}: }: let
let inherit (nixpkgs) lib;
inherit (nixpkgs) lib;
systems = [ systems = [
"x86_64-linux" "x86_64-linux"
"aarch64-linux" "aarch64-linux"
]; ];
in in
flake-parts.lib.mkFlake { inherit inputs; } flake-parts.lib.mkFlake {inherit inputs;}
({ withSystem, ... }: { ({withSystem, ...}: {
flake.colmena = flake.colmena =
lib.lists.foldl (sum: cur: lib.attrsets.recursiveUpdate sum cur) lib.lists.foldl (sum: cur: lib.attrsets.recursiveUpdate sum cur)
{ {
meta.nixpkgs = import inputs.nixpkgs.outPath { meta.nixpkgs = import inputs.nixpkgs.outPath {
system = builtins.elemAt systems 0; system = builtins.elemAt systems 0;
}; };
} }
# FIXME: this doesn't seem to work to apply overlays into a node's nixpkgs import # FIXME: this doesn't seem to work to apply overlays into a node's nixpkgs import
# try this instead: https://github.com/zhaofengli/colmena/issues/60#issuecomment-1510496861 # try this instead: https://github.com/zhaofengli/colmena/issues/60#issuecomment-1510496861
(builtins.map (builtins.map
(nodeName: (nodeName:
import ./nix/os/devices/${nodeName} { import ./nix/os/devices/${nodeName} {
inherit nodeName; inherit nodeName;
repoFlake = self; repoFlake = self;
repoFlakeWithSystem = withSystem; repoFlakeWithSystem = withSystem;
nodeFlake = self.inputs.get-flake ./nix/os/devices/${nodeName}; nodeFlake = self.inputs.get-flake ./nix/os/devices/${nodeName};
}) [ }) [
"steveej-t14" "steveej-t14"
"steveej-x13s" "steveej-x13s"
"steveej-x13s-rmvbl" "steveej-x13s-rmvbl"
# "elias-e525" # "elias-e525"
# "justyna-p300" # "justyna-p300"
# "srv0-dmz0" # "srv0-dmz0"
# # "router0-dmz0" # # "router0-dmz0"
"sj-srv1" "sj-srv1"
"sj-bm-hostkey0" "sj-bm-hostkey0"
# "retro" # "retro"
]); ]);
# this makes nixos-anywhere work # this makes nixos-anywhere work
flake.nixosConfigurations = flake.nixosConfigurations = let
let colmenaHive = (inputs.colmena.lib.makeHive self.outputs.colmena).nodes;
colmenaHive = (inputs.colmena.lib.makeHive self.outputs.colmena).nodes; router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations;
router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations; retro = (inputs.get-flake ./nix/os/devices/retro).nixosConfigurations;
retro = (inputs.get-flake ./nix/os/devices/retro).nixosConfigurations; in (
in colmenaHive
( // {
colmenaHive // router0-dmz0 = router0-dmz0.native;
{ # for now deploy directly with:
router0-dmz0 = router0-dmz0.native; # nixos-rebuild switch --flake .\#router0-dmz0_cross --build-host localhost --target-host root@192.168.10.1
router0-dmz0_cross = router0-dmz0.cross;
# for now deploy directly with: # nixos-install --flake .\#retro_cross
# nixos-rebuild switch --flake .\#router0-dmz0_cross --build-host localhost --target-host root@192.168.10.1 retro_cross = retro.cross;
router0-dmz0_cross = router0-dmz0.cross;
# nixos-install --flake .\#retro_cross steveej-x13s_cross = (inputs.get-flake ./nix/os/devices/steveej-x13s).nixosConfigurations.cross;
retro_cross = retro.cross; steveej-x13s-rmvbl_cross = (inputs.get-flake ./nix/os/devices/steveej-x13s-rmvbl).nixosConfigurations.cross;
}
);
steveej-x13s_cross = (inputs.get-flake ./nix/os/devices/steveej-x13s).nixosConfigurations.cross; inherit systems;
steveej-x13s-rmvbl_cross = (inputs.get-flake ./nix/os/devices/steveej-x13s-rmvbl).nixosConfigurations.cross;
}
);
inherit systems; perSystem = {
self',
inputs',
system,
config,
lib,
pkgs,
...
}: {
imports = [
./nix/modules/flake-parts/perSystem/default.nix
];
perSystem = packages = let
{ self' dcpj4110dw = pkgs.callPackage (self + /nix/pkgs/dcpj4110dw) {};
, inputs'
, system craneLib =
, config inputs.crane.lib.${system}.overrideToolchain
, lib inputs'.fenix.packages.stable.toolchain;
, pkgs
, ... craneLibOfiPass =
}: { inputs.crane.lib.${system}.overrideToolchain
imports = [ (
./nix/modules/flake-parts/perSystem/default.nix inputs'.fenix.packages.stable.toolchain
# .override {
# date = "1.60.0";
# }
);
in {
dcpj4110dwDriver = dcpj4110dw.driver;
dcpj4110dwCupswrapper = dcpj4110dw.cupswrapper;
# broken as of 2023-04-27 because it doesn't load without a config
# aphorme_launcher = craneLib.buildPackage {src = inputs.aphorme_launcher;};
# yofi = inputs'.yofi.packages.default;
# ofi-pass = craneLibOfiPass.buildPackage {src = inputs.ofi-pass;};
inherit (inputs'.colmena.packages) colmena;
# jay = pkgs.callPackage (self + /nix/pkgs/jay.nix) {
# src = inputs.jay;
# rustPlatform = pkgs.makeRustPlatform {
# cargo = inputs'.fenix.packages.stable.toolchain;
# rustc = inputs'.fenix.packages.stable.toolchain;
# };
# };
salut = craneLib.buildPackage {
src = inputs.salut;
nativeBuildInputs = [
pkgs.pkg-config
];
buildInputs = [
pkgs.libxkbcommon
pkgs.fontconfig
]; ];
packages =
let
dcpj4110dw = pkgs.callPackage (self + /nix/pkgs/dcpj4110dw) { };
craneLib =
inputs.crane.lib.${system}.overrideToolchain
inputs'.fenix.packages.stable.toolchain;
craneLibOfiPass =
inputs.crane.lib.${system}.overrideToolchain
(
inputs'.fenix.packages.stable.toolchain
# .override {
# date = "1.60.0";
# }
);
in
{
dcpj4110dwDriver = dcpj4110dw.driver;
dcpj4110dwCupswrapper = dcpj4110dw.cupswrapper;
# broken as of 2023-04-27 because it doesn't load without a config
# aphorme_launcher = craneLib.buildPackage {src = inputs.aphorme_launcher;};
# yofi = inputs'.yofi.packages.default;
# ofi-pass = craneLibOfiPass.buildPackage {src = inputs.ofi-pass;};
inherit (inputs'.colmena.packages) colmena;
# jay = pkgs.callPackage (self + /nix/pkgs/jay.nix) {
# src = inputs.jay;
# rustPlatform = pkgs.makeRustPlatform {
# cargo = inputs'.fenix.packages.stable.toolchain;
# rustc = inputs'.fenix.packages.stable.toolchain;
# };
# };
salut = craneLib.buildPackage {
src = inputs.salut;
nativeBuildInputs = [
pkgs.pkg-config
];
buildInputs = [
pkgs.libxkbcommon
pkgs.fontconfig
];
};
prs = pkgs.callPackage
({ pkgs
, dbus
, glib
, gpgme
, gtk3
, libxcb
, libxkbcommon
, installShellFiles
, pkg-config
, python3
}: craneLib.buildPackage {
pname = "prs";
version = inputs.prs.shortRev;
src = inputs.prs;
nativeBuildInputs = [ gpgme installShellFiles pkg-config python3 ];
buildInputs = [
dbus
glib
gpgme
gtk3
libxcb
libxkbcommon
];
cargoExtraArgs = "--features backend-gpgme";
postInstall = ''
for shell in bash fish zsh; do
installShellCompletion --cmd prs --$shell <($out/bin/prs internal completions $shell --stdout)
done
'';
})
{ };
nomad = inputs'.nixpkgs-unstable-small.legacyPackages.nomad_1_6;
ledger-live-desktop-wrapped = pkgs.writeShellScriptBin "ledger-live-desktop-wrapped" ''
set -x
pkill -9 wayland-proxy-v
export NIXOS_OZONE_WL=""
${pkgs.wayland-proxy-virtwl}/bin/wayland-proxy-virtwl \
--wayland-display=wayland-3 \
--xwayland-binary=${pkgs.xwayland}/bin/Xwayland \
--x-display=3 \
&
# --x-unscale=3 \
#--verbose \
export PROXYPID="$!"
trap "kill -9 \$PROXYPID" EXIT
# trap "pkill -9 wayland-proxy-v" EXIT
env \
WAYLAND_DISPLAY=wayland-3 \
DISPLAY=:3 \
ledger-live-desktop
'';
syncthing-container-webui = pkgs.writeShellScriptBin "reverse-port-forward-syncthing-container" ''
ssh root@${self.colmena.sj-vps-htz0.deployment.targetHost} -L 8385:syncthing.containers:8384
'';
logseq = pkgs.callPackage ./nix/pkgs/logseq
(lib.attrsets.optionalAttrs pkgs.stdenv.isAarch64 {
overrideSrc = self.inputs.logseq_0_10_5_aarch64_appimage;
});
};
formatter = pkgs.alejandra;
devShells =
let
all = import ./nix/devShells.nix {
inherit
self'
inputs'
pkgs
;
};
in
(all // { default = all.develop; });
}; };
flake.nixosModules = { prs =
# thinkpad-x13s = { pkgs, config, lib, options, ... } @ args: (import ./nix/os/modules/hardware.thinkpad-x13s.nix (args // { inherit self; })); pkgs.callPackage
({
pkgs,
dbus,
glib,
gpgme,
gtk3,
libxcb,
libxkbcommon,
installShellFiles,
pkg-config,
python3,
}:
craneLib.buildPackage {
pname = "prs";
version = inputs.prs.shortRev;
src = inputs.prs;
nativeBuildInputs = [gpgme installShellFiles pkg-config python3];
buildInputs = [
dbus
glib
gpgme
gtk3
libxcb
libxkbcommon
];
cargoExtraArgs = "--features backend-gpgme";
postInstall = ''
for shell in bash fish zsh; do
installShellCompletion --cmd prs --$shell <($out/bin/prs internal completions $shell --stdout)
done
'';
})
{};
nomad = inputs'.nixpkgs-unstable-small.legacyPackages.nomad_1_6;
ledger-live-desktop-wrapped = pkgs.writeShellScriptBin "ledger-live-desktop-wrapped" ''
set -x
pkill -9 wayland-proxy-v
export NIXOS_OZONE_WL=""
${pkgs.wayland-proxy-virtwl}/bin/wayland-proxy-virtwl \
--wayland-display=wayland-3 \
--xwayland-binary=${pkgs.xwayland}/bin/Xwayland \
--x-display=3 \
&
# --x-unscale=3 \
#--verbose \
export PROXYPID="$!"
trap "kill -9 \$PROXYPID" EXIT
# trap "pkill -9 wayland-proxy-v" EXIT
env \
WAYLAND_DISPLAY=wayland-3 \
DISPLAY=:3 \
ledger-live-desktop
'';
syncthing-container-webui = pkgs.writeShellScriptBin "reverse-port-forward-syncthing-container" ''
ssh root@${self.colmena.sj-vps-htz0.deployment.targetHost} -L 8385:syncthing.containers:8384
'';
logseq =
pkgs.callPackage ./nix/pkgs/logseq
(lib.attrsets.optionalAttrs pkgs.stdenv.isAarch64 {
overrideSrc = self.inputs.logseq_0_10_5_aarch64_appimage;
});
}; };
});
formatter = pkgs.alejandra;
devShells = let
all = import ./nix/devShells.nix {
inherit
self'
inputs'
pkgs
;
};
in (all // {default = all.develop;});
};
flake.nixosModules = {
# thinkpad-x13s = { pkgs, config, lib, options, ... } @ args: (import ./nix/os/modules/hardware.thinkpad-x13s.nix (args // { inherit self; }));
};
});
} }

9
nix/devShells.nix
View file

@ -1,9 +1,8 @@
{ self'
, inputs'
, pkgs
}:
{ {
self',
inputs',
pkgs,
}: {
install = pkgs.mkShell { install = pkgs.mkShell {
name = "infra-install"; name = "infra-install";
packages = with pkgs; [ packages = with pkgs; [

65
nix/home-manager/configuration/graphical-fullblown.nix
View file

@ -1,16 +1,15 @@
{ pkgs
, lib
, config
, # these come in via home-manager.extraSpecialArgs and are specific to each node
nodeFlake
, packages'
, ...
}:
let
# pkgsMaster = nodeFlake.inputs.nixpkgs-master.legacyPackages.${pkgs.system};
pkgsUnstableSmall = import nodeFlake.inputs.nixpkgs-unstable-small { inherit (pkgs) system config; };
in
{ {
pkgs,
lib,
config,
# these come in via home-manager.extraSpecialArgs and are specific to each node
nodeFlake,
packages',
...
}: let
# pkgsMaster = nodeFlake.inputs.nixpkgs-master.legacyPackages.${pkgs.system};
pkgsUnstableSmall = import nodeFlake.inputs.nixpkgs-unstable-small {inherit (pkgs) system config;};
in {
imports = [ imports = [
../profiles/common.nix ../profiles/common.nix
# ../profiles/dotfiles.nix # ../profiles/dotfiles.nix
@ -37,7 +36,7 @@ in
home.sessionVariables.HM_CONFIG = "graphical-fullblown"; home.sessionVariables.HM_CONFIG = "graphical-fullblown";
home.sessionVariables.GOPATH = "$HOME/src/go"; home.sessionVariables.GOPATH = "$HOME/src/go";
home.sessionVariables.PATH = pkgs.lib.concatStringsSep ":" [ "$HOME/.local/bin" "$PATH" ]; home.sessionVariables.PATH = pkgs.lib.concatStringsSep ":" ["$HOME/.local/bin" "$PATH"];
nixpkgs.config.permittedInsecurePackages = [ nixpkgs.config.permittedInsecurePackages = [
"electron-24.8.6" "electron-24.8.6"
@ -45,7 +44,7 @@ in
]; ];
home.packages = home.packages =
[ ] []
++ (with pkgs; [ ++ (with pkgs; [
# Authentication # Authentication
# cacert # cacert
@ -114,26 +113,24 @@ in
let let
version = "6.44.0"; version = "6.44.0";
in in
pkgsUnstableSmall.signal-desktop.overrideAttrs (old: pkgsUnstableSmall.signal-desktop.overrideAttrs (old:
lib.attrsets.optionalAttrs pkgs.stdenv.isAarch64 { lib.attrsets.optionalAttrs pkgs.stdenv.isAarch64 {
inherit version; inherit version;
src = builtins.fetchurl src =
{ builtins.fetchurl
url = "https://github.com/0mniteck/Signal-Desktop-Mobian/raw/master/builds/release/signal-desktop_${version}_arm64.deb"; {
sha256 = url = "https://github.com/0mniteck/Signal-Desktop-Mobian/raw/master/builds/release/signal-desktop_${version}_arm64.deb";
# lib.fakeSha256 sha256 =
"sha256:0svb5vz08n3j4lx4kdjmx5lw9619kvvxg981rs6chh83qz5y519k" # lib.fakeSha256
; "sha256:0svb5vz08n3j4lx4kdjmx5lw9619kvvxg981rs6chh83qz5y519k";
} };
; })
})
) )
thunderbird thunderbird
# gnome.cheese # gnome.cheese
# Virtualization # Virtualization
# virtmanager # virtmanager
@ -141,8 +138,6 @@ in
remmina remmina
# freerdp # freerdp
# Audio/Video Players # Audio/Video Players
ffmpeg ffmpeg
vlc vlc
@ -193,7 +188,6 @@ in
# mendeley # mendeley
evince evince
# File Synchronzation # File Synchronzation
maestral maestral
rsync rsync
@ -208,7 +202,6 @@ in
# gparted # gparted
# smartmontools # smartmontools
## Python ## Python
# packages'.myPython # packages'.myPython
@ -257,9 +250,10 @@ in
# '') # '')
]) ])
++ (lib.lists.optionals (!pkgs.stdenv.targetPlatform.isAarch64) [ ++ (lib.lists.optionals (!pkgs.stdenv.targetPlatform.isAarch64) [
]) ])
++ (lib.lists.optionals (!pkgs.stdenv.targetPlatform.isAarch64) [ ++ (lib.lists.optionals (!pkgs.stdenv.targetPlatform.isAarch64) [
(pkgs.banana-accounting.overrideDerivation (
pkgs.banana-accounting.overrideDerivation
(attrs: (attrs:
with nodeFlake.inputs'.nixpkgs-2211.legacyPackages; { with nodeFlake.inputs'.nixpkgs-2211.legacyPackages; {
# dontWrapGApps = true; # dontWrapGApps = true;
@ -300,8 +294,7 @@ in
pkgs.discord pkgs.discord
pkgsUnstableSmall.session-desktop pkgsUnstableSmall.session-desktop
pkgsUnstableSmall.rustdesk pkgsUnstableSmall.rustdesk
]) ]);
;
systemd.user.startServices = true; systemd.user.startServices = true;
services.syncthing.enable = true; services.syncthing.enable = true;

10
nix/home-manager/profiles/common.nix
View file

@ -1,4 +1,8 @@
{ pkgs, lib, ... }: { {
pkgs,
lib,
...
}: {
# TODO: re-enable this with the appropriate version? # TODO: re-enable this with the appropriate version?
# programs.home-manager.enable = true; # programs.home-manager.enable = true;
# programs.home-manager.path = https://github.com/rycee/home-manager/archive/445c0b1482c38172a9f8294ee16a7ca7462388e5.tar.gz; # programs.home-manager.path = https://github.com/rycee/home-manager/archive/445c0b1482c38172a9f8294ee16a7ca7462388e5.tar.gz;
@ -8,7 +12,7 @@
allowBroken = false; allowBroken = false;
allowUnfree = true; allowUnfree = true;
permittedInsecurePackages = [ ]; permittedInsecurePackages = [];
}; };
home.keyboard = { home.keyboard = {
@ -32,7 +36,7 @@
programs.fzf.enable = true; programs.fzf.enable = true;
home.packages = home.packages =
[ ] []
++ (with pkgs; [ ++ (with pkgs; [
coreutils coreutils

30
nix/home-manager/profiles/dotfiles.nix
View file

@ -1,18 +1,18 @@
{ repoFlake {
, pkgs repoFlake,
, config pkgs,
, repoHttps ? "https://gitlab.com/steveeJ/dotfiles.git" config,
, repoSsh ? "git@gitlab.com:/steveeJ/dotfiles.git" repoHttps ? "https://gitlab.com/steveeJ/dotfiles.git",
, ... repoSsh ? "git@gitlab.com:/steveeJ/dotfiles.git",
}: ...
let }: let
repoBareLocal = repoBareLocal =
pkgs.runCommand "fetchbare" pkgs.runCommand "fetchbare"
{ {
outputHashMode = "recursive"; outputHashMode = "recursive";
outputHashAlgo = "sha256"; outputHashAlgo = "sha256";
outputHash = "0000000000000000000000000000000000000000000000000000"; outputHash = "0000000000000000000000000000000000000000000000000000";
} '' } ''
( (
set -xe set -xe
export GIT_SSL_CAINFO=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt export GIT_SSL_CAINFO=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
@ -39,9 +39,7 @@ let
set_remotes ${repoHttps} ${repoSsh} set_remotes ${repoHttps} ${repoSsh}
fi fi
''; '';
in {
in
{
# TODO: fix the dotfiles # TODO: fix the dotfiles
# home.activation.vcsh = config.lib.dag.entryAfter["linkGeneration"] '' # home.activation.vcsh = config.lib.dag.entryAfter["linkGeneration"] ''
# $DRY_RUN_CMD ${vcshActivationScript} # $DRY_RUN_CMD ${vcshActivationScript}

211
nix/home-manager/profiles/sway-desktop.nix
View file

@ -1,19 +1,18 @@
{ pkgs {
, config pkgs,
, lib config,
, # packages', lib,
repoFlakeInputs' # packages',
, ... repoFlakeInputs',
}: ...
let }: let
inherit (import ../lib.nix { }) mkSimpleTrayService; inherit (import ../lib.nix {}) mkSimpleTrayService;
lockCmd = "${pkgs.swaylock}/bin/swaylock -efF --color '#000000'"; lockCmd = "${pkgs.swaylock}/bin/swaylock -efF --color '#000000'";
displayOffCmd = "${pkgs.sway}/bin/swaymsg 'output * power off'"; displayOffCmd = "${pkgs.sway}/bin/swaymsg 'output * power off'";
displayOnCmd = "${pkgs.sway}/bin/swaymsg 'output * power on'"; displayOnCmd = "${pkgs.sway}/bin/swaymsg 'output * power on'";
swapOutputWorkspaces = ../../../scripts/sway-swapoutputworkspaces.sh; swapOutputWorkspaces = ../../../scripts/sway-swapoutputworkspaces.sh;
in in {
{
imports = [ imports = [
../profiles/wayland-desktop.nix ../profiles/wayland-desktop.nix
../programs/waybar.nix ../programs/waybar.nix
@ -86,106 +85,104 @@ in
systemd.enable = true; systemd.enable = true;
xwayland = true; xwayland = true;
config = config = let
let modifier = "Mod4";
modifier = "Mod4"; inherit (config.wayland.windowManager.sway.config) left right up down;
inherit (config.wayland.windowManager.sway.config) left right up down; in {
in inherit modifier;
{ bars = [];
inherit modifier;
bars = [ ];
input = { input = {
"type:keyboard" = "type:keyboard" =
{ {
xkb_layout = config.home.keyboard.layout; xkb_layout = config.home.keyboard.layout;
xkb_variant = config.home.keyboard.variant; xkb_variant = config.home.keyboard.variant;
} }
// lib.attrsets.optionalAttrs (builtins.length (config.home.keyboard.options or [ ]) > 0) { // lib.attrsets.optionalAttrs (builtins.length (config.home.keyboard.options or []) > 0) {
xkb_options = builtins.concatStringsSep "," config.home.keyboard.options; xkb_options = builtins.concatStringsSep "," config.home.keyboard.options;
};
"type:touchpad" = {
natural_scroll = "enabled";
}; };
"type:touchpad" = {
natural_scroll = "enabled";
}; };
keybindings = lib.mkOptionDefault {
# as of 2023-05-21 the `!!` arg parsing mode was broken for me on yofi
# "${modifier}+d" = "exec ${packages'.yofi}/bin/yofi binapps";
"${modifier}+d" = "exec ${pkgs.fuzzel}/bin/fuzzel --show-actions";
# only 1-9 exist on the default config
"${modifier}+0" = "workspace number 0";
"${modifier}+Shift+0" = "move container to workspace number 0";
# disable splitting for now as i sometimes trigger it accidentally and then get stuck with it
"${modifier}+b" = "nop";
"${modifier}+v" = "nop";
# move workspace to output
"${modifier}+Control+Shift+${left}" = "move workspace to output left";
"${modifier}+Control+Shift+${right}" = "move workspace to output right";
"${modifier}+Control+Shift+${up}" = "move workspace to output up";
"${modifier}+Control+Shift+${down}" = "move workspace to output down";
# move workspace to output with arrow keys
"${modifier}+Control+Shift+Left" = "move workspace to output left";
"${modifier}+Control+Shift+Right" = "move workspace to output right";
"${modifier}+Control+Shift+Up" = "move workspace to output up";
"${modifier}+Control+Shift+Down" = "move workspace to output down";
"${modifier}+Shift+e" = "exec ${pkgs.sway}/bin/swaymsg exit";
"${modifier}+q" = "kill";
"${modifier}+Shift+q" = "exec ${pkgs.sway}/bin/swaymsg -t get_tree | ${pkgs.jq}/bin/jq 'recurse(.nodes[], .floating_nodes[]) | select(.focused).pid' | ${pkgs.findutils}/bin/xargs -L1 kill -9";
"${modifier}+x" = "exec ${swapOutputWorkspaces}";
"${modifier}+Ctrl+l" = "exec ${lockCmd}";
"--locked XF86AudioPlay" = "exec ${pkgs.playerctl}/bin/playerctl play-pause";
"XF86AudioPrev" = "exec ${pkgs.playerctl}/bin/playerctl previous";
"XF86AudioNext" = "exec ${pkgs.playerctl}/bin/playerctl next";
"XF86AudioRaiseVolume" = "exec ${pkgs.pulsemixer}/bin/pulsemixer --change-volume +5";
"XF86AudioLowerVolume" = "exec ${pkgs.pulsemixer}/bin/pulsemixer --change-volume -5";
"--locked XF86AudioMute" = "exec ${pkgs.pulsemixer}/bin/pulsemixer --toggle-mute";
"Print" = "exec ${pkgs.shotman}/bin/shotman --capture region";
};
terminal = "alacritty";
startup =
[
{
command = builtins.toString (pkgs.writeShellScript "ensure-graphical-session" ''
(
${pkgs.coreutils}/bin/sleep 0.2
${pkgs.systemd}/bin/systemctl --user restart graphical-session.target
) &
'');
}
]
++ lib.optionals config.services.swayidle.enable [
{
command = builtins.toString (pkgs.writeShellScript "ensure-graphical-session" ''
(
${pkgs.coreutils}/bin/sleep 0.2
${pkgs.systemd}/bin/systemctl --user restart swayidle
) &
'');
}
];
colors.focused = lib.mkOptionDefault {
childBorder = lib.mkForce "#ffa500";
};
window.titlebar = false;
window.border = 4;
# this maps to focus_on_window_activation
focus.newWindow = "urgent";
}; };
keybindings = lib.mkOptionDefault {
# as of 2023-05-21 the `!!` arg parsing mode was broken for me on yofi
# "${modifier}+d" = "exec ${packages'.yofi}/bin/yofi binapps";
"${modifier}+d" = "exec ${pkgs.fuzzel}/bin/fuzzel --show-actions";
# only 1-9 exist on the default config
"${modifier}+0" = "workspace number 0";
"${modifier}+Shift+0" = "move container to workspace number 0";
# disable splitting for now as i sometimes trigger it accidentally and then get stuck with it
"${modifier}+b" = "nop";
"${modifier}+v" = "nop";
# move workspace to output
"${modifier}+Control+Shift+${left}" = "move workspace to output left";
"${modifier}+Control+Shift+${right}" = "move workspace to output right";
"${modifier}+Control+Shift+${up}" = "move workspace to output up";
"${modifier}+Control+Shift+${down}" = "move workspace to output down";
# move workspace to output with arrow keys
"${modifier}+Control+Shift+Left" = "move workspace to output left";
"${modifier}+Control+Shift+Right" = "move workspace to output right";
"${modifier}+Control+Shift+Up" = "move workspace to output up";
"${modifier}+Control+Shift+Down" = "move workspace to output down";
"${modifier}+Shift+e" = "exec ${pkgs.sway}/bin/swaymsg exit";
"${modifier}+q" = "kill";
"${modifier}+Shift+q" = "exec ${pkgs.sway}/bin/swaymsg -t get_tree | ${pkgs.jq}/bin/jq 'recurse(.nodes[], .floating_nodes[]) | select(.focused).pid' | ${pkgs.findutils}/bin/xargs -L1 kill -9";
"${modifier}+x" = "exec ${swapOutputWorkspaces}";
"${modifier}+Ctrl+l" = "exec ${lockCmd}";
"--locked XF86AudioPlay" = "exec ${pkgs.playerctl}/bin/playerctl play-pause";
"XF86AudioPrev" = "exec ${pkgs.playerctl}/bin/playerctl previous";
"XF86AudioNext" = "exec ${pkgs.playerctl}/bin/playerctl next";
"XF86AudioRaiseVolume" = "exec ${pkgs.pulsemixer}/bin/pulsemixer --change-volume +5";
"XF86AudioLowerVolume" = "exec ${pkgs.pulsemixer}/bin/pulsemixer --change-volume -5";
"--locked XF86AudioMute" = "exec ${pkgs.pulsemixer}/bin/pulsemixer --toggle-mute";
"Print" = "exec ${pkgs.shotman}/bin/shotman --capture region";
};
terminal = "alacritty";
startup =
[
{
command = builtins.toString (pkgs.writeShellScript "ensure-graphical-session" ''
(
${pkgs.coreutils}/bin/sleep 0.2
${pkgs.systemd}/bin/systemctl --user restart graphical-session.target
) &
'');
}
]
++ lib.optionals config.services.swayidle.enable [
{
command = builtins.toString (pkgs.writeShellScript "ensure-graphical-session" ''
(
${pkgs.coreutils}/bin/sleep 0.2
${pkgs.systemd}/bin/systemctl --user restart swayidle
) &
'');
}
];
colors.focused = lib.mkOptionDefault {
childBorder = lib.mkForce "#ffa500";
};
window.titlebar = false;
window.border = 4;
# this maps to focus_on_window_activation
focus.newWindow = "urgent";
};
}; };
services.swayidle = { services.swayidle = {

88
nix/home-manager/profiles/wayland-desktop.nix
View file

@ -1,17 +1,16 @@
{ pkgs {
, config pkgs,
, lib config,
, repoFlake lib,
, nodeFlake repoFlake,
, ... nodeFlake,
}: ...
let }: let
inherit (import ../lib.nix { }) mkSimpleTrayService; inherit (import ../lib.nix {}) mkSimpleTrayService;
nixpkgs-wayland' = repoFlake.inputs.nixpkgs-wayland.packages.${pkgs.system}; nixpkgs-wayland' = repoFlake.inputs.nixpkgs-wayland.packages.${pkgs.system};
wayprompt = nixpkgs-wayland'.wayprompt; wayprompt = nixpkgs-wayland'.wayprompt;
in in {
{
fonts.fontconfig.enable = true; fonts.fontconfig.enable = true;
# services.gpg-agent.pinentryFlavor = lib.mkForce null; # services.gpg-agent.pinentryFlavor = lib.mkForce null;
@ -27,43 +26,46 @@ in
systemd.user.targets.tray = { systemd.user.targets.tray = {
Unit = { Unit = {
Description = "Home Manager System Tray"; Description = "Home Manager System Tray";
Requires = [ "graphical-session-pre.target" ]; Requires = ["graphical-session-pre.target"];
}; };
}; };
home.packages = with pkgs; [ home.packages = with pkgs;
# required by network-manager-applet
pkgs.networkmanagerapplet
wlr-randr
wayout
wl-clipboard
wmctrl
nixpkgs-wayland'.shotman
# identifies key input syms
wev
# TODO: whwat's this for?
# wltype
pavucontrol
playerctl
pasystray
qt5.qtwayland
qt6.qtwayland
# libsForQt5.qt5.qtwayland
# libsForQt6.qt6.qtwayland
# probably required by flameshot
# xdg-desktop-portal xdg-desktop-portal-wlr
# grim
] ++ (lib.lists.optionals (!pkgs.stdenv.isAarch64)
# TODO: broken on aarch64
[ [
# required by network-manager-applet
pkgs.networkmanagerapplet
wlr-randr
wayout
wl-clipboard
wmctrl
nixpkgs-wayland'.shotman
# identifies key input syms
wev
# TODO: whwat's this for?
# wltype
pavucontrol
playerctl
pasystray
qt5.qtwayland
qt6.qtwayland
# libsForQt5.qt5.qtwayland
# libsForQt6.qt6.qtwayland
# probably required by flameshot
# xdg-desktop-portal xdg-desktop-portal-wlr
# grim
] ]
); ++ (
lib.lists.optionals (!pkgs.stdenv.isAarch64)
# TODO: broken on aarch64
[
]
);
home.sessionVariables = { home.sessionVariables = {
XDG_SESSION_TYPE = "wayland"; XDG_SESSION_TYPE = "wayland";

37
nix/home-manager/programs/chromium.nix
View file

@ -1,16 +1,16 @@
{ name {
, lib name,
, pkgs lib,
, ... pkgs,
}: ...
let }: let
extensions = extensions =
[ [
#undetectable adblocker #undetectable adblocker
{ id = "gcfcpohokifjldeandkfjoboemihipmb"; } {id = "gcfcpohokifjldeandkfjoboemihipmb";}
# ublock origin # ublock origin
{ id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } {id = "cjpalhdlnbpafiamejdnhcphjbkeiagm";}
# # YT ad block # # YT ad block
# {id = "cmedhionkhpnakcndndgjdbohmhepckk";} # {id = "cmedhionkhpnakcndndgjdbohmhepckk";}
@ -19,15 +19,15 @@ let
# {id = "cfhdojbkjhnklbpkdaibdccddilifddb";} # {id = "cfhdojbkjhnklbpkdaibdccddilifddb";}
# Cookie Notice Blocker # Cookie Notice Blocker
{ id = "odhmfmnoejhihkmfebnolljiibpnednn"; } {id = "odhmfmnoejhihkmfebnolljiibpnednn";}
# i don't care about cookies # i don't care about cookies
{ id = "fihnjjcciajhdojfnbdddfaoknhalnja"; } {id = "fihnjjcciajhdojfnbdddfaoknhalnja";}
# NopeCHA # NopeCHA
{ id = "dknlfmjaanfblgfdfebhijalfmhmjjjo"; } {id = "dknlfmjaanfblgfdfebhijalfmhmjjjo";}
# h264ify # h264ify
{ id = "aleakchihdccplidncghkekgioiakgal"; } {id = "aleakchihdccplidncghkekgioiakgal";}
# clippy # clippy
# {id = "honbeilkanbghjimjoniipnnehlmhggk"} # {id = "honbeilkanbghjimjoniipnnehlmhggk"}
@ -38,20 +38,19 @@ let
} }
# cookie autodelete # cookie autodelete
{ id = "fhcgjolkccmbidfldomjliifgaodjagh"; } {id = "fhcgjolkccmbidfldomjliifgaodjagh";}
# unhook # unhook
{ id = "khncfooichmfjbepaaaebmommgaepoid"; } {id = "khncfooichmfjbepaaaebmommgaepoid";}
] ]
++ (lib.lists.optionals ((builtins.match "^steveej.*" name) != null) [ ++ (lib.lists.optionals ((builtins.match "^steveej.*" name) != null) [
# Vimium C # Vimium C
{ id = "hfjbmagddngcpeloejdejnfgbamkjaeg"; } {id = "hfjbmagddngcpeloejdejnfgbamkjaeg";}
# always right # always right
{ id = "npjpaghfnndnnmjiliibnkmdfgbojokj"; } {id = "npjpaghfnndnnmjiliibnkmdfgbojokj";}
]); ]);
in in {
{
programs.chromium = { programs.chromium = {
enable = true; enable = true;
inherit extensions; inherit extensions;
@ -63,5 +62,5 @@ in
inherit extensions; inherit extensions;
}; };
programs.browserpass = { browsers = [ "chromium" "brave" ]; }; programs.browserpass = {browsers = ["chromium" "brave"];};
} }

116
nix/home-manager/programs/espanso.nix
View file

@ -1,4 +1,4 @@
{ pkgs, ... }: { {pkgs, ...}: {
services.espanso = { services.espanso = {
# package = pkgs.espanso.overrideAttrs(_: { # package = pkgs.espanso.overrideAttrs(_: {
# # src = # # src =
@ -10,66 +10,64 @@
# backend = "Clipboard"; # backend = "Clipboard";
}; };
}; };
matches = matches = let
let playerctl = ''
playerctl = '' ${pkgs.coreutils}/bin/env DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$(${pkgs.coreutils}/bin/id -u)/bus" ${pkgs.playerctl}/bin/playerctl'';
${pkgs.coreutils}/bin/env DBUS_SESSION_BUS_ADDRESS="unix:path=/run/user/$(${pkgs.coreutils}/bin/id -u)/bus" ${pkgs.playerctl}/bin/playerctl''; in {
in default = {
{ matches = [
default = { {
matches = [ trigger = ":vpos";
{ replace = "{{output}}";
trigger = ":vpos"; vars = [
replace = "{{output}}"; {
vars = [ name = "output";
{ type = "script";
name = "output"; params = {
type = "script"; args = [
params = { (pkgs.writeScript "espanso" ''
args = [ #! ${pkgs.python3}/bin/python
(pkgs.writeScript "espanso" '' import subprocess, os, math, datetime
#! ${pkgs.python3}/bin/python
import subprocess, os, math, datetime
id=str(os.getuid()) id=str(os.getuid())
result=subprocess.run(args=["${pkgs.playerctl}/bin/playerctl", "position"], env={"DBUS_SESSION_BUS_ADDRESS": "unix:path=/run/user/"+id+"/bus"},capture_output=True) result=subprocess.run(args=["${pkgs.playerctl}/bin/playerctl", "position"], env={"DBUS_SESSION_BUS_ADDRESS": "unix:path=/run/user/"+id+"/bus"},capture_output=True)
result.check_returncode() result.check_returncode()
position_secs = math.trunc(float(result.stdout)) position_secs = math.trunc(float(result.stdout))
position_human = datetime.timedelta(seconds=position_secs) position_human = datetime.timedelta(seconds=position_secs)
print("%s - %s" % (position_human, position_secs)) print("%s - %s" % (position_human, position_secs))
'') '')
]; ];
}; };
} }
]; ];
} }
{ {
trigger = ":vtit"; trigger = ":vtit";
replace = "{{output}}"; replace = "{{output}}";
vars = [ vars = [
{ {
name = "output"; name = "output";
type = "script"; type = "script";
params = { params = {
args = [ args = [
(pkgs.writeShellScript "espanso" (pkgs.writeShellScript "espanso"
"${playerctl} metadata title") "${playerctl} metadata title")
]; ];
}; };
} }
]; ];
} }
{ {
trigger = ":dunno"; trigger = ":dunno";
replace = "¯\\_()_/¯"; replace = "¯\\_()_/¯";
} }
{ {
trigger = ":shrug"; trigger = ":shrug";
replace = "¯\\_()_/¯"; replace = "¯\\_()_/¯";
} }
]; ];
};
}; };
};
}; };
} }

6
nix/home-manager/programs/pass.nix
View file

@ -1,4 +1,8 @@
{repoFlake, pkgs, ...}: { {
repoFlake,
pkgs,
...
}: {
# required by pass-otp # required by pass-otp
# home.sessionVariables.PASSWORD_STORE_EXTENSIONS_DIR = "$HOME/.nix-profile/lib/password-store/extensions"; # home.sessionVariables.PASSWORD_STORE_EXTENSIONS_DIR = "$HOME/.nix-profile/lib/password-store/extensions";
# home.sessionVariables.PASSWORD_STORE_ENABLE_EXTENSIONS = "true"; # home.sessionVariables.PASSWORD_STORE_ENABLE_EXTENSIONS = "true";

89
nix/home-manager/programs/radicale.nix
View file

@ -1,10 +1,10 @@
{ config {
, lib config,
, pkgs lib,
, osConfig pkgs,
, ... osConfig,
}: ...
let }: let
libdecsync = pkgs.python3Packages.buildPythonPackage rec { libdecsync = pkgs.python3Packages.buildPythonPackage rec {
pname = "libdecsync"; pname = "libdecsync";
version = "2.2.1"; version = "2.2.1";
@ -38,53 +38,50 @@ let
# pkgs.libxcrypt # pkgs.libxcrypt
]; ];
propagatedBuildInputs = [ libdecsync pkgs.python3Packages.setuptools ]; propagatedBuildInputs = [libdecsync pkgs.python3Packages.setuptools];
}; };
radicale-decsync = pkgs.radicale.overrideAttrs (old: { radicale-decsync = pkgs.radicale.overrideAttrs (old: {
propagatedBuildInputs = propagatedBuildInputs =
old.propagatedBuildInputs old.propagatedBuildInputs
++ [ radicale-storage-decsync ]; ++ [radicale-storage-decsync];
}); });
mkRadicaleService = mkRadicaleService = {
{ suffix suffix,
, port port,
, }: let
}: radicale-config = pkgs.writeText "radicale-config-${suffix}" ''
let [server]
radicale-config = pkgs.writeText "radicale-config-${suffix}" '' hosts = localhost:${builtins.toString port}
[server]
hosts = localhost:${builtins.toString port}
[auth] [auth]
type = htpasswd type = htpasswd
htpasswd_filename = ${osConfig.sops.secrets.radicale_htpasswd.path} htpasswd_filename = ${osConfig.sops.secrets.radicale_htpasswd.path}
htpasswd_encryption = bcrypt htpasswd_encryption = bcrypt
[storage] [storage]
type = radicale_storage_decsync type = radicale_storage_decsync
filesystem_folder = ${config.xdg.dataHome}/radicale/radicale-${suffix} filesystem_folder = ${config.xdg.dataHome}/radicale/radicale-${suffix}
decsync_dir = ${config.xdg.dataHome}/decsync/decsync-${suffix} decsync_dir = ${config.xdg.dataHome}/decsync/decsync-${suffix}
''; '';
in in {
{ systemd.user.services."radicale-${suffix}" = {
systemd.user.services."radicale-${suffix}" = { Unit.Description = "Radicale with DecSync (${suffix})";
Unit.Description = "Radicale with DecSync (${suffix})"; Service = {
Service = { ExecStart = "${radicale-decsync}/bin/radicale -C ${radicale-config}";
ExecStart = "${radicale-decsync}/bin/radicale -C ${radicale-config}"; Restart = "on-failure";
Restart = "on-failure";
};
Install.WantedBy = [ "default.target" ];
}; };
Install.WantedBy = ["default.target"];
}; };
};
in in
builtins.foldl' (sum: cur: lib.recursiveUpdate sum (mkRadicaleService cur)) { } [ builtins.foldl' (sum: cur: lib.recursiveUpdate sum (mkRadicaleService cur)) {} [
{ {
suffix = "personal"; suffix = "personal";
port = 5232; port = 5232;
} }
{ {
suffix = "family"; suffix = "family";
port = 5233; port = 5233;
} }
] ]

24
nix/home-manager/programs/vscode/default.nix
View file

@ -1,17 +1,21 @@
{ pkgs, nodeFlake, ... }:
{ {
pkgs,
nodeFlake,
...
}: {
programs.vscode = { programs.vscode = {
enable = true; enable = true;
package = pkgs.vscodium; package = pkgs.vscodium;
extensions = [ extensions =
# TODO: how can i install (this) vsix(s) directly?
# (builtins.fetchurl {
# # https://open-vsx.org/extension/jeanp413/open-remote-ssh
# url = "https://open-vsx.org/api/jeanp413/open-remote-ssh/0.0.45/file/jeanp413.open-remote-ssh-0.0.45.vsix";
# sha256 = "1qc1qsahfx1nvznq4adplx63w5d94xhafngv76vnqjjbzhv991v2";
# })
] ++ (with pkgs.vscode-extensions;
[ [
# TODO: how can i install (this) vsix(s) directly?
# (builtins.fetchurl {
# # https://open-vsx.org/extension/jeanp413/open-remote-ssh
# url = "https://open-vsx.org/api/jeanp413/open-remote-ssh/0.0.45/file/jeanp413.open-remote-ssh-0.0.45.vsix";
# sha256 = "1qc1qsahfx1nvznq4adplx63w5d94xhafngv76vnqjjbzhv991v2";
# })
]
++ (with pkgs.vscode-extensions; [
bbenoist.nix bbenoist.nix
eamodio.gitlens eamodio.gitlens
mkhl.direnv mkhl.direnv
@ -34,7 +38,7 @@
mutableExtensionsDir = true; mutableExtensionsDir = true;
}; };
home.packages = [ pkgs.nixpkgs-fmt pkgs.alejandra ]; home.packages = [pkgs.nixpkgs-fmt pkgs.alejandra];
} }
# TODO: automate # TODO: automate
### original list: ### original list:

130
nix/home-manager/programs/zsh.nix
View file

@ -1,30 +1,29 @@
{ config {
, lib config,
, pkgs lib,
, ... pkgs,
}: ...
let }: let
just-plugin = just-plugin = let
let plugin_file = pkgs.writeText "_just" ''
plugin_file = pkgs.writeText "_just" '' #compdef just
#compdef just #autload
#autload
alias justl="\just --list" alias justl="\just --list"
alias juste="\just --evaluate" alias juste="\just --evaluate"
local subcmds=() local subcmds=()
while read -r line ; do while read -r line ; do
if [[ ! $line == Available* ]] ; if [[ ! $line == Available* ]] ;
then then
subcmds+=(''${line/[[:space:]]*\#/:}) subcmds+=(''${line/[[:space:]]*\#/:})
fi fi
done < <(just --list) done < <(just --list)
_describe 'command' subcmds _describe 'command' subcmds
''; '';
in in
pkgs.stdenv.mkDerivation { pkgs.stdenv.mkDerivation {
name = "just-completions"; name = "just-completions";
version = "0.1.0"; version = "0.1.0";
@ -36,8 +35,7 @@ let
chmod --recursive a-w $out chmod --recursive a-w $out
''; '';
}; };
in in {
{
programs.zsh = { programs.zsh = {
enable = true; enable = true;
@ -48,58 +46,56 @@ in
# will be called again by oh-my-zsh # will be called again by oh-my-zsh
enableCompletion = false; enableCompletion = false;
enableAutosuggestions = true; enableAutosuggestions = true;
initExtra = initExtra = let
let inNixShell = ''$([[ -n "$IN_NIX_SHELL" ]] && printf " 🐚")'';
inNixShell = ''$([[ -n "$IN_NIX_SHELL" ]] && printf " 🐚")''; in ''
in if test ! -n "$TMPDIR" -a -z "$TMPDIR"; then
'' unset TMPDIR
if test ! -n "$TMPDIR" -a -z "$TMPDIR"; then fi
unset TMPDIR
fi
if test ! -n "$TMP" -a -z "$TMP"; then if test ! -n "$TMP" -a -z "$TMP"; then
unset TMP unset TMP
fi fi
PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}%f.%F{red} ($?%))%f %F{blue}%~%f${inNixShell}%F{magenta}$(git_prompt_info)%f$prompt_newline%_%F{%(!.red.green)}$(prompt_char)%f ' PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}%f.%F{red} ($?%))%f %F{blue}%~%f${inNixShell}%F{magenta}$(git_prompt_info)%f$prompt_newline%_%F{%(!.red.green)}$(prompt_char)%f '
RPROMPT="" RPROMPT=""
# Automatic rehash # Automatic rehash
zstyle ':completion:*' rehash true zstyle ':completion:*' rehash true
if [ -f $HOME/.shrc.d/sh_aliases ]; then if [ -f $HOME/.shrc.d/sh_aliases ]; then
. $HOME/.shrc.d/sh_aliases . $HOME/.shrc.d/sh_aliases
fi fi
${ ${
if builtins.hasAttr "homeshick" pkgs if builtins.hasAttr "homeshick" pkgs
then '' then ''
source ${pkgs.homeshick}/homeshick.sh source ${pkgs.homeshick}/homeshick.sh
fpath=(${pkgs.homeshick}/completions $fpath) fpath=(${pkgs.homeshick}/completions $fpath)
'' ''
else "" else ""
} }
# Disable intercepting of ctrl-s and ctrl-q as flow control. # Disable intercepting of ctrl-s and ctrl-q as flow control.
stty stop ''' -ixoff -ixon stty stop ''' -ixoff -ixon
# don't cd into directories when executed # don't cd into directories when executed
unsetopt AUTO_CD unsetopt AUTO_CD
# print lines without termination # print lines without termination
setopt PROMPT_CR setopt PROMPT_CR
setopt PROMPT_SP setopt PROMPT_SP
export PROMPT_EOL_MARK="" export PROMPT_EOL_MARK=""
${lib.optionalString config.services.gpg-agent.enable '' ${lib.optionalString config.services.gpg-agent.enable ''
export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/gnupg/S.gpg-agent.ssh" export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/gnupg/S.gpg-agent.ssh"
''} ''}
${lib.optionalString config.programs.neovim.enable '' ${lib.optionalString config.programs.neovim.enable ''
export EDITOR="nvim" export EDITOR="nvim"
''} ''}
''; '';
plugins = [ plugins = [
{ {
@ -132,7 +128,7 @@ in
oh-my-zsh = { oh-my-zsh = {
enable = true; enable = true;
theme = "tjkirch"; theme = "tjkirch";
plugins = [ "git" "sudo" ]; plugins = ["git" "sudo"];
}; };
}; };
} }

1206
nix/os/devices/router0-dmz0/configuration.nix
View file

File diff suppressed because it is too large Load diff

43
nix/os/devices/router0-dmz0/flake.nix
View file

@ -19,7 +19,6 @@
bpir3.inputs.nixpkgs.follows = "nixpkgs"; bpir3.inputs.nixpkgs.follows = "nixpkgs";
nixos-nftables-firewall.url = "github:thelegy/nixos-nftables-firewall"; nixos-nftables-firewall.url = "github:thelegy/nixos-nftables-firewall";
nixos-nftables-firewall.inputs.nixpkgs.follows = "nixpkgs"; nixos-nftables-firewall.inputs.nixpkgs.follows = "nixpkgs";
@ -60,13 +59,17 @@
nixpkgs.lib.attrsets.recursiveUpdate nixpkgs.lib.attrsets.recursiveUpdate
attrs attrs
{ {
specialArgs = (import ./default.nix { specialArgs =
system = nativeSystem; (import ./default.nix {
inherit nodeName; system = nativeSystem;
inherit nodeName;
repoFlake = get-flake ../../../..; repoFlake = get-flake ../../../..;
nodeFlake = self; nodeFlake = self;
}).meta.nodeSpecialArgs.${nodeName}; })
.meta
.nodeSpecialArgs
.${nodeName};
modules = modules =
[ [
@ -88,7 +91,6 @@
linuxPackages_bpir3_latest linuxPackages_bpir3_latest
; ;
}) })
]; ];
} }
] ]
@ -112,19 +114,22 @@
}; };
packages = let packages = let
mkPatchedHostapd = pkgs: pkgs.hostapd.overrideDerivation(attrs: { mkPatchedHostapd = pkgs:
patches = attrs.patches ++ [ pkgs.hostapd.overrideDerivation (attrs: {
"${self.inputs.openwrt}/package/network/services/hostapd/patches/710-vlan_no_bridge.patch" patches =
]; attrs.patches
}); ++ [
"${self.inputs.openwrt}/package/network/services/hostapd/patches/710-vlan_no_bridge.patch"
];
});
in { in {
"${nativeSystem}" = { "${nativeSystem}" = {
hostapd_patched = mkPatchedHostapd pkgs; hostapd_patched = mkPatchedHostapd pkgs;
}; };
cross = { cross = {
hostapd_patched = mkPatchedHostapd pkgsCross; hostapd_patched = mkPatchedHostapd pkgsCross;
}; };
}; };
}; };
} }

99
nix/os/devices/sj-bm-hostkey0/configuration.nix
View file

@ -1,13 +1,14 @@
{ modulesPath {
, repoFlake modulesPath,
, packages' repoFlake,
, pkgs packages',
, lib pkgs,
, config lib,
, nodeFlake config,
, nodeName nodeFlake,
, system nodeName,
, ... system,
...
}: { }: {
disabledModules = [ disabledModules = [
]; ];
@ -34,7 +35,7 @@
inherit pkgs; inherit pkgs;
}; };
home-manager.users.steveej = { pkgs, ... }: { home-manager.users.steveej = {pkgs, ...}: {
imports = [ imports = [
../../../home-manager/configuration/text-minimal.nix ../../../home-manager/configuration/text-minimal.nix
]; ];
@ -51,7 +52,7 @@
programs.zsh.enable = true; programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh; users.defaultUserShell = pkgs.zsh;
environment.pathsToLink = [ "/share/zsh" ]; environment.pathsToLink = ["/share/zsh"];
} }
]; ];
@ -82,54 +83,52 @@
firewall.enable = false; firewall.enable = false;
}; };
disko.devices = disko.devices = let
let disk = id: {
disk = id: { type = "disk";
type = "disk"; device = "/dev/${id}";
device = "/dev/${id}"; content = {
content = { type = "gpt";
type = "gpt"; partitions = {
partitions = { boot = {
boot = { size = "1M";
size = "1M"; type = "EF02"; # for grub MBR
type = "EF02"; # for grub MBR };
}; mdadm = {
mdadm = { size = "100%";
size = "100%"; content = {
content = { type = "mdraid";
type = "mdraid"; name = "raid0";
name = "raid0";
};
}; };
}; };
}; };
}; };
in };
{ in {
disk = { disk = {
sda = disk "sda"; sda = disk "sda";
sdb = disk "sdb"; sdb = disk "sdb";
}; };
mdadm = { mdadm = {
raid0 = { raid0 = {
type = "mdadm"; type = "mdadm";
level = 0; level = 0;
content = { content = {
type = "gpt"; type = "gpt";
partitions = { partitions = {
primary = { primary = {
size = "100%"; size = "100%";
content = { content = {
type = "filesystem"; type = "filesystem";
format = "btrfs"; format = "btrfs";
mountpoint = "/"; mountpoint = "/";
};
}; };
}; };
}; };
}; };
}; };
}; };
};
system.stateVersion = "23.11"; system.stateVersion = "23.11";

11
nix/os/devices/sj-srv1/configuration.nix
View file

@ -1,9 +1,10 @@
{ nodeName {
, config nodeName,
, pkgs config,
, ... pkgs,
...
}: { }: {
disabledModules = [ ]; disabledModules = [];
imports = [ imports = [
../../profiles/common/configuration.nix ../../profiles/common/configuration.nix
{ {

2
nix/os/devices/sj-srv1/hw.nix
View file

@ -43,7 +43,7 @@ in {
enable = true; enable = true;
encrypted = false; encrypted = false;
diskId = "virtio-virtio-paeNi8Fof9Oe"; diskId = "virtio-virtio-paeNi8Fof9Oe";
earlyDiskIdOverride = "ata-INTEL_SSDSC2KB019TZ_PHYI315001FW1P9DGN"; earlyDiskIdOverride = "ata-INTEL_SSDSC2KB019TZ_PHYI315001FW1P9DGN";
}; };
boot.initrd.kernelModules = stage1Modules; boot.initrd.kernelModules = stage1Modules;

93
nix/os/devices/sj-srv1/system.nix
View file

@ -1,12 +1,11 @@
{ pkgs
, lib
, config
, repoFlake
, nodeName
, ...
}:
{ {
pkgs,
lib,
config,
repoFlake,
nodeName,
...
}: {
imports = [ imports = [
../../snippets/systemd-resolved.nix ../../snippets/systemd-resolved.nix
]; ];
@ -28,52 +27,50 @@
networking.nat = { networking.nat = {
enable = true; enable = true;
internalInterfaces = [ "ve-*" ]; internalInterfaces = ["ve-*"];
externalInterface = "eth0"; externalInterface = "eth0";
}; };
# virtualization # virtualization
virtualisation = { docker.enable = false; }; virtualisation = {docker.enable = false;};
nix.gc = { automatic = true; }; nix.gc = {automatic = true;};
sops.secrets.restic-password.sopsFile = ../../../../secrets/${nodeName}/secrets.yaml; sops.secrets.restic-password.sopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
# adapted from https://github.com/lilyinstarlight/foosteros/blob/5c75ded111878970fd4f600c7adc013f971d5e71/config/restic.nix # adapted from https://github.com/lilyinstarlight/foosteros/blob/5c75ded111878970fd4f600c7adc013f971d5e71/config/restic.nix
services.restic.backups.${nodeName} = services.restic.backups.${nodeName} = let
let btrfs = "${pkgs.btrfs-progs}/bin/btrfs";
btrfs = "${pkgs.btrfs-progs}/bin/btrfs"; in {
in initialize = true;
{ repository = "sftp://u217879-sub3@u217879-sub3.your-storagebox.de:23/restic/${nodeName}";
initialize = true;
repository = "sftp://u217879-sub3@u217879-sub3.your-storagebox.de:23/restic/${nodeName}";
paths = [ paths = [
"/backup" "/backup"
]; ];
pruneOpts = [ pruneOpts = [
"--keep-daily 7" "--keep-daily 7"
"--keep-weekly 5" "--keep-weekly 5"
"--keep-monthly 12" "--keep-monthly 12"
"--keep-yearly 2" "--keep-yearly 2"
]; ];
timerConfig = { timerConfig = {
OnCalendar = lib.mkDefault "daily"; OnCalendar = lib.mkDefault "daily";
Persistent = true; Persistent = true;
};
passwordFile = config.sops.secrets.restic-password.path;
backupPrepareCommand = ''
${btrfs} su snapshot -r /var/lib/container-volumes /backup/container-volumes
'';
backupCleanupCommand = ''
${btrfs} su delete /backup/container-volumes
'';
}; };
passwordFile = config.sops.secrets.restic-password.path;
backupPrepareCommand = ''
${btrfs} su snapshot -r /var/lib/container-volumes /backup/container-volumes
'';
backupCleanupCommand = ''
${btrfs} su delete /backup/container-volumes
'';
};
containers = { containers = {
mailserver = import ../../containers/mailserver.nix { mailserver = import ../../containers/mailserver.nix {
inherit repoFlake; inherit repoFlake;
@ -89,17 +86,17 @@
webserver = webserver =
import ../../containers/webserver.nix import ../../containers/webserver.nix
{ {
inherit repoFlake; inherit repoFlake;
autoStart = true; autoStart = true;
hostAddress = "192.168.100.12"; hostAddress = "192.168.100.12";
localAddress = "192.168.100.13"; localAddress = "192.168.100.13";
httpPort = 80; httpPort = 80;
httpsPort = 443; httpsPort = 443;
}; };
syncthing = import ../../containers/syncthing.nix { syncthing = import ../../containers/syncthing.nix {
autoStart = true; autoStart = true;

30
nix/os/devices/sj-vps-htz0/system.nix
View file

@ -1,14 +1,13 @@
{ pkgs
, lib
, config
, repoFlake
, nodeName
, ...
}:
let
wireguardPort = 51820;
in
{ {
pkgs,
lib,
config,
repoFlake,
nodeName,
...
}: let
wireguardPort = 51820;
in {
imports = [ imports = [
../../snippets/systemd-resolved.nix ../../snippets/systemd-resolved.nix
]; ];
@ -39,7 +38,7 @@ in
"prefixLength" = 29; "prefixLength" = 29;
} }
]; ];
ipv6.addresses = [ ]; ipv6.addresses = [];
}; };
networking.defaultGateway = { networking.defaultGateway = {
@ -54,7 +53,7 @@ in
networking.nat = { networking.nat = {
enable = true; enable = true;
internalInterfaces = [ "ve-*" "wg*" ]; internalInterfaces = ["ve-*" "wg*"];
externalInterface = "eth0"; externalInterface = "eth0";
}; };
@ -79,7 +78,7 @@ in
privateKeyFile = config.sops.secrets.wg0-private.path; privateKeyFile = config.sops.secrets.wg0-private.path;
peers = [ peers = [
{ {
allowedIPs = [ "192.168.99.2/32" ]; allowedIPs = ["192.168.99.2/32"];
publicKey = "O3k4jEdX6jkV1fHP/J8KSH5tvi+n1VvnBTD5na6Naw0="; publicKey = "O3k4jEdX6jkV1fHP/J8KSH5tvi+n1VvnBTD5na6Naw0=";
presharedKeyFile = config.sops.secrets.wg0-psk-steveej-psk.path; presharedKeyFile = config.sops.secrets.wg0-psk-steveej-psk.path;
} }
@ -87,15 +86,14 @@ in
}; };
# virtualization # virtualization
virtualisation = { docker.enable = false; }; virtualisation = {docker.enable = false;};
services.spice-vdagentd.enable = true; services.spice-vdagentd.enable = true;
services.qemuGuest.enable = true; services.qemuGuest.enable = true;
nix.gc = { automatic = true; }; nix.gc = {automatic = true;};
containers = { containers = {
}; };
home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix { home-manager.users.steveej = import ../../../home-manager/configuration/text-minimal.nix {

5
nix/os/devices/steveej-t14/configuration.nix
View file

@ -1,4 +1,4 @@
{ ... }: { {...}: {
imports = [ imports = [
../../snippets/home-manager-with-zsh.nix ../../snippets/home-manager-with-zsh.nix
../../snippets/nix-settings-holo-chain.nix ../../snippets/nix-settings-holo-chain.nix
@ -19,8 +19,7 @@
./boot.nix ./boot.nix
# samba seerver # samba seerver
({ lib, ... }: { ({lib, ...}: {
# networking.firewall.enable = lib.mkForce false; # networking.firewall.enable = lib.mkForce false;
services.samba-wsdd.enable = true; # make shares visible for windows 10 clients services.samba-wsdd.enable = true; # make shares visible for windows 10 clients
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [

19
nix/os/devices/steveej-t14/default.nix
View file

@ -1,17 +1,16 @@
{ nodeName
, repoFlake
, repoFlakeWithSystem
, nodeFlake
, ...
}:
let
system = "x86_64-linux";
in
{ {
nodeName,
repoFlake,
repoFlakeWithSystem,
nodeFlake,
...
}: let
system = "x86_64-linux";
in {
meta.nodeSpecialArgs.${nodeName} = { meta.nodeSpecialArgs.${nodeName} = {
inherit repoFlake nodeName nodeFlake; inherit repoFlake nodeName nodeFlake;
packages' = repoFlake.packages.${system}; packages' = repoFlake.packages.${system};
repoFlakeInputs' = repoFlakeWithSystem system ({ inputs', ... }: inputs'); repoFlakeInputs' = repoFlakeWithSystem system ({inputs', ...}: inputs');
}; };
meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath {

26
nix/os/devices/steveej-t14/hw.nix
View file

@ -1,7 +1,5 @@
{ lib, ... }: {lib, ...}: let
let in {
in
{
# TASK: new device # TASK: new device
hardware.opinionatedDisk = { hardware.opinionatedDisk = {
enable = true; enable = true;
@ -68,16 +66,16 @@ in
enable = false; enable = false;
levels = [ levels = [
# ["level auto" 0 60] # ["level auto" 0 60]
[ 0 0 60 ] [0 0 60]
[ 1 60 65 ] [1 60 65]
[ 1 65 75 ] [1 65 75]
[ 2 75 78 ] [2 75 78]
[ 3 78 80 ] [3 78 80]
[ 4 80 82 ] [4 80 82]
[ 5 82 84 ] [5 82 84]
[ 6 84 86 ] [6 84 86]
[ 7 86 88 ] [7 86 88]
[ "level full-speed" 88 999 ] ["level full-speed" 88 999]
]; ];
extraArgs = [ extraArgs = [

52
nix/os/devices/steveej-t14/pkg.nix
View file

@ -1,8 +1,9 @@
{ pkgs {
, lib pkgs,
, repoFlake lib,
, nodeFlake repoFlake,
, ... nodeFlake,
...
}: { }: {
system.stateVersion = "23.05"; system.stateVersion = "23.05";
home-manager.users.root = _: { home-manager.users.root = _: {
@ -20,7 +21,7 @@
}) })
]; ];
home.sessionVariables = { }; home.sessionVariables = {};
home.packages = with pkgs; [ home.packages = with pkgs; [
]; ];
@ -37,28 +38,26 @@
# #
# (regreet:505614): Gtk-WARNING **: 10:31:42.532: Theme parser warning: <data>:6:17-18: Empty declaration # (regreet:505614): Gtk-WARNING **: 10:31:42.532: Theme parser warning: <data>:6:17-18: Empty declaration
# Failed to create /var/empty/.cache for shader cache (Operation not permitted)---disabling. # Failed to create /var/empty/.cache for shader cache (Operation not permitted)---disabling.
services.greetd = services.greetd = let
let # exec "${pkgs.greetd.gtkgreet}/bin/gtkgreet -l; swaymsg exit"
# exec "${pkgs.greetd.gtkgreet}/bin/gtkgreet -l; swaymsg exit" swayConfig = pkgs.writeText "greetd-sway-config" ''
swayConfig = pkgs.writeText "greetd-sway-config" '' # `-l` activates layer-shell mode. Notice that `swaymsg exit` will run after gtkgreet.
# `-l` activates layer-shell mode. Notice that `swaymsg exit` will run after gtkgreet. exec "dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK; ${pkgs.greetd.regreet}/bin/regreet; swaymsg exit"
exec "dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK; ${pkgs.greetd.regreet}/bin/regreet; swaymsg exit" bindsym Mod4+shift+e exec swaynag \
bindsym Mod4+shift+e exec swaynag \ -t warning \
-t warning \ -m 'What do you want to do?' \
-m 'What do you want to do?' \ -b 'Poweroff' 'systemctl poweroff' \
-b 'Poweroff' 'systemctl poweroff' \ -b 'Reboot' 'systemctl reboot'
-b 'Reboot' 'systemctl reboot' '';
''; in {
in enable = false;
{ settings = {
enable = false; vt = 1;
settings = { default_session = {
vt = 1; command = "${pkgs.sway}/bin/sway --config ${swayConfig}";
default_session = {
command = "${pkgs.sway}/bin/sway --config ${swayConfig}";
};
}; };
}; };
};
environment.etc."greetd/environments".text = '' environment.etc."greetd/environments".text = ''
sway sway
@ -107,5 +106,4 @@
# # }; # # };
# # }; # # };
# }; # };
} }

32
nix/os/devices/steveej-t14/system.nix
View file

@ -1,11 +1,11 @@
{ pkgs {
, lib pkgs,
, config lib,
, nodeName config,
, repoFlake nodeName,
, ... repoFlake,
}: ...
let }: let
localTcpPorts = [ localTcpPorts = [
22 22
@ -21,9 +21,7 @@ let
22000 22000
21027 21027
]; ];
in {
in
{
nix.settings = { nix.settings = {
substituters = [ substituters = [
]; ];
@ -41,7 +39,7 @@ in
system = "x86_64-linux"; system = "x86_64-linux";
maxJobs = 32; maxJobs = 32;
speedFactor = 100; speedFactor = 100;
supportedFeatures = repoFlake.nixosConfigurations.steveej-t14.config.nix.settings.system-features ++ [ ]; supportedFeatures = repoFlake.nixosConfigurations.steveej-t14.config.nix.settings.system-features ++ [];
} }
{ {
@ -52,7 +50,7 @@ in
system = "aarch64-linux"; system = "aarch64-linux";
maxJobs = 32; maxJobs = 32;
speedFactor = 100; speedFactor = 100;
supportedFeatures = repoFlake.nixosConfigurations.router0-dmz0.config.nix.settings.system-features ++ [ ]; supportedFeatures = repoFlake.nixosConfigurations.router0-dmz0.config.nix.settings.system-features ++ [];
} }
]; ];
@ -61,7 +59,7 @@ in
networking.extraHosts = '' networking.extraHosts = ''
''; '';
networking.bridges."virbr1".interfaces = [ ]; networking.bridges."virbr1".interfaces = [];
networking.interfaces."virbr1".ipv4.addresses = [ networking.interfaces."virbr1".ipv4.addresses = [
{ {
address = "10.254.254.254"; address = "10.254.254.254";
@ -94,7 +92,7 @@ in
# virtualization # virtualization
virtualisation = { virtualisation = {
libvirtd = { enable = true; }; libvirtd = {enable = true;};
virtualbox.host = { virtualbox.host = {
enable = false; enable = false;
@ -112,9 +110,9 @@ in
# client min protocol = NT1 # client min protocol = NT1
''; '';
security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]; security.pki.certificateFiles = ["${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt"];
services.xserver.videoDrivers = lib.mkForce [ "amdgpu" ]; services.xserver.videoDrivers = lib.mkForce ["amdgpu"];
hardware.ledger.enable = true; hardware.ledger.enable = true;

19
nix/os/devices/steveej-t14/user.nix
View file

@ -1,20 +1,19 @@
{ config
, pkgs
, lib
, ...
}:
let
keys = import ../../../variables/keys.nix;
inherit (pkgs.callPackage ../../lib/default.nix { }) mkUser;
in
{ {
config,
pkgs,
lib,
...
}: let
keys = import ../../../variables/keys.nix;
inherit (pkgs.callPackage ../../lib/default.nix {}) mkUser;
in {
users.users.steveej2 = mkUser { users.users.steveej2 = mkUser {
uid = 1001; uid = 1001;
openssh.authorizedKeys.keys = keys.users.steveej.openssh; openssh.authorizedKeys.keys = keys.users.steveej.openssh;
hashedPasswordFile = config.sops.secrets.sharedUsers-steveej.path; hashedPasswordFile = config.sops.secrets.sharedUsers-steveej.path;
}; };
nix.settings.trusted-users = [ "steveej" ]; nix.settings.trusted-users = ["steveej"];
security.pam.u2f.enable = true; security.pam.u2f.enable = true;
security.pam.services.steveej.u2fAuth = true; security.pam.services.steveej.u2fAuth = true;

30
nix/os/devices/steveej-x13s-rmvbl/configuration.nix
View file

@ -1,15 +1,14 @@
{ repoFlake
, nodeFlake
, pkgs
, lib
, config
, nodeName
, localDomainName
, system
, ...
}:
{ {
repoFlake,
nodeFlake,
pkgs,
lib,
config,
nodeName,
localDomainName,
system,
...
}: {
nixos-x13s = { nixos-x13s = {
enable = true; enable = true;
# TODO: use hardware address # TODO: use hardware address
@ -42,8 +41,8 @@
echo $? echo $?
) )
''; '';
requiredBy = [ "bluetooth.service" ]; requiredBy = ["bluetooth.service"];
before = [ "bluetooth.service" ]; before = ["bluetooth.service"];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
RemainAfterExit = true; RemainAfterExit = true;
@ -80,7 +79,6 @@
}; };
} }
../../snippets/home-manager-with-zsh.nix ../../snippets/home-manager-with-zsh.nix
../../snippets/sway-desktop.nix ../../snippets/sway-desktop.nix
../../snippets/bluetooth.nix ../../snippets/bluetooth.nix
@ -115,7 +113,7 @@
../../../home-manager/configuration/graphical-fullblown.nix ../../../home-manager/configuration/graphical-fullblown.nix
]; ];
home.sessionVariables = { }; home.sessionVariables = {};
home.packages = with pkgs; [ home.packages = with pkgs; [
]; ];
@ -129,7 +127,7 @@
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = lib.mkForce false; loader.efi.canTouchEfiVariables = lib.mkForce false;
loader.efi.efiSysMountPoint = "/boot"; loader.efi.efiSysMountPoint = "/boot";
blacklistedKernelModules = [ "wwan" ]; blacklistedKernelModules = ["wwan"];
initrd.kernelModules = [ initrd.kernelModules = [
"phy_qcom_qmp_usb" "phy_qcom_qmp_usb"

23
nix/os/devices/steveej-x13s-rmvbl/default.nix
View file

@ -1,25 +1,26 @@
{ system ? "aarch64-linux" {
, nodeName system ? "aarch64-linux",
, repoFlake nodeName,
, repoFlakeWithSystem repoFlake,
, nodeFlake repoFlakeWithSystem,
, localDomainName ? "internal" nodeFlake,
, ... localDomainName ? "internal",
...
}: { }: {
meta.nodeSpecialArgs.${nodeName} = { meta.nodeSpecialArgs.${nodeName} = {
inherit repoFlake nodeName nodeFlake system; inherit repoFlake nodeName nodeFlake system;
packages' = repoFlake.packages.${system}; packages' = repoFlake.packages.${system};
nodePackages' = nodeFlake.packages.${system}; nodePackages' = nodeFlake.packages.${system};
repoFlakeInputs' = repoFlakeWithSystem system ({ inputs', ... }: inputs'); repoFlakeInputs' = repoFlakeWithSystem system ({inputs', ...}: inputs');
inherit localDomainName; inherit localDomainName;
}; };
meta.nodeNixpkgs.${nodeName} = meta.nodeNixpkgs.${nodeName} =
import nodeFlake.inputs.nixpkgs.outPath import nodeFlake.inputs.nixpkgs.outPath
{ {
inherit system; inherit system;
}; };
${nodeName} = { ${nodeName} = {
deployment.targetHost = "${nodeName}.${localDomainName}"; deployment.targetHost = "${nodeName}.${localDomainName}";

10
nix/os/devices/steveej-x13s-rmvbl/disko.nix
View file

@ -24,7 +24,7 @@
content = { content = {
type = "luks"; type = "luks";
name = "x13s-usb-crypt"; name = "x13s-usb-crypt";
extraOpenArgs = [ ]; extraOpenArgs = [];
# disable settings.keyFile if you want to use interactive password entry # disable settings.keyFile if you want to use interactive password entry
#passwordFile = "/tmp/secret.key"; # Interactive #passwordFile = "/tmp/secret.key"; # Interactive
settings = { settings = {
@ -36,19 +36,19 @@
# additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; # additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
content = { content = {
type = "btrfs"; type = "btrfs";
extraArgs = [ "-f" ]; extraArgs = ["-f"];
subvolumes = { subvolumes = {
"/root" = { "/root" = {
mountpoint = "/"; mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ]; mountOptions = ["compress=zstd" "noatime"];
}; };
"/home" = { "/home" = {
mountpoint = "/home"; mountpoint = "/home";
mountOptions = [ "compress=zstd" "noatime" ]; mountOptions = ["compress=zstd" "noatime"];
}; };
"/nix" = { "/nix" = {
mountpoint = "/nix"; mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ]; mountOptions = ["compress=zstd" "noatime"];
}; };
"/swap" = { "/swap" = {
mountpoint = "/.swapvol"; mountpoint = "/.swapvol";

151
nix/os/devices/steveej-x13s-rmvbl/flake.nix
View file

@ -1,89 +1,92 @@
{ {
inputs = inputs = {
{ nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
# required for home-manager modules # required for home-manager modules
nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small"; nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11";
get-flake.url = "github:ursi/get-flake"; get-flake.url = "github:ursi/get-flake";
disko.inputs.nixpkgs.follows = "nixpkgs"; disko.inputs.nixpkgs.follows = "nixpkgs";
mobile-nixos.url = "github:NixOS/mobile-nixos"; mobile-nixos.url = "github:NixOS/mobile-nixos";
mobile-nixos.flake = false; mobile-nixos.flake = false;
home-manager = { home-manager = {
url = "github:nix-community/home-manager/release-23.11"; url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
};
nixos-x13s.url = "git+https://codeberg.org/steveej/nixos-x13s";
nixos-x13s.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = nixos-x13s.url = "git+https://codeberg.org/steveej/nixos-x13s";
{ self nixos-x13s.inputs.nixpkgs.follows = "nixpkgs";
, get-flake };
, nixpkgs
, ...
}:
let
system = "aarch64-linux";
buildPlatform = "x86_64-linux";
repoFlake = get-flake ../../../..;
in
{
lib = {
mkNixosConfiguration = { nodeName, extraModules ? [ ], ... } @ attrs:
nixpkgs.lib.nixosSystem (
nixpkgs.lib.attrsets.recursiveUpdate
attrs
{
specialArgs = (import ./default.nix {
inherit system;
inherit nodeName repoFlake;
nodeFlake = self; outputs = {
}).meta.nodeSpecialArgs.${nodeName}; self,
get-flake,
nixpkgs,
...
}: let
system = "aarch64-linux";
buildPlatform = "x86_64-linux";
repoFlake = get-flake ../../../..;
in {
lib = {
mkNixosConfiguration = {
nodeName,
extraModules ? [],
...
} @ attrs:
nixpkgs.lib.nixosSystem (
nixpkgs.lib.attrsets.recursiveUpdate
attrs
{
specialArgs =
(import ./default.nix {
inherit system;
inherit nodeName repoFlake;
modules = nodeFlake = self;
[ })
# repoFlake.nixosModules.hardware-x13s .meta
] .nodeSpecialArgs
++ extraModules; .${nodeName};
}
); modules =
[
# repoFlake.nixosModules.hardware-x13s
]
++ extraModules;
}
);
};
nixosConfigurations = let
nodeName = "steveej-x13s-rmvbl";
in {
native = self.lib.mkNixosConfiguration {
inherit system nodeName;
extraModules = [
./configuration.nix
{
users.commonUsers.installPassword = "install";
}
];
}; };
nixosConfigurations = cross = self.lib.mkNixosConfiguration {
let inherit nodeName;
nodeName = "steveej-x13s-rmvbl"; extraModules = [
in ./configuration.nix
{
native = self.lib.mkNixosConfiguration {
inherit system nodeName;
extraModules = [
./configuration.nix
{ {
users.commonUsers.installPassword = "install"; nixpkgs.buildPlatform.system = buildPlatform;
} nixpkgs.hostPlatform.system = system;
]; }
}; ];
};
cross = self.lib.mkNixosConfiguration {
inherit nodeName;
extraModules = [
./configuration.nix
{
nixpkgs.buildPlatform.system = buildPlatform;
nixpkgs.hostPlatform.system = system;
}
];
};
};
}; };
};
} }

30
nix/os/devices/steveej-x13s/configuration.nix
View file

@ -1,15 +1,14 @@
{ repoFlake
, nodeFlake
, pkgs
, lib
, config
, nodeName
, localDomainName
, system
, ...
}:
{ {
repoFlake,
nodeFlake,
pkgs,
lib,
config,
nodeName,
localDomainName,
system,
...
}: {
nixos-x13s = { nixos-x13s = {
enable = true; enable = true;
# TODO: use hardware address # TODO: use hardware address
@ -44,8 +43,8 @@
echo $? echo $?
) )
''; '';
requiredBy = [ "bluetooth.service" ]; requiredBy = ["bluetooth.service"];
before = [ "bluetooth.service" ]; before = ["bluetooth.service"];
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
RemainAfterExit = true; RemainAfterExit = true;
@ -82,7 +81,6 @@
}; };
} }
../../snippets/home-manager-with-zsh.nix ../../snippets/home-manager-with-zsh.nix
../../snippets/sway-desktop.nix ../../snippets/sway-desktop.nix
../../snippets/bluetooth.nix ../../snippets/bluetooth.nix
@ -117,7 +115,7 @@
../../../home-manager/configuration/graphical-fullblown.nix ../../../home-manager/configuration/graphical-fullblown.nix
]; ];
home.sessionVariables = { }; home.sessionVariables = {};
home.packages = with pkgs; [ home.packages = with pkgs; [
]; ];
@ -131,7 +129,7 @@
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = lib.mkForce false; loader.efi.canTouchEfiVariables = lib.mkForce false;
loader.efi.efiSysMountPoint = "/boot"; loader.efi.efiSysMountPoint = "/boot";
blacklistedKernelModules = [ "wwan" ]; blacklistedKernelModules = ["wwan"];
}; };
# see https://linrunner.de/tlp/ # see https://linrunner.de/tlp/

23
nix/os/devices/steveej-x13s/default.nix
View file

@ -1,25 +1,26 @@
{ system ? "aarch64-linux" {
, nodeName system ? "aarch64-linux",
, repoFlake nodeName,
, repoFlakeWithSystem repoFlake,
, nodeFlake repoFlakeWithSystem,
, localDomainName ? "internal" nodeFlake,
, ... localDomainName ? "internal",
...
}: { }: {
meta.nodeSpecialArgs.${nodeName} = { meta.nodeSpecialArgs.${nodeName} = {
inherit repoFlake nodeName nodeFlake system; inherit repoFlake nodeName nodeFlake system;
packages' = repoFlake.packages.${system}; packages' = repoFlake.packages.${system};
nodePackages' = nodeFlake.packages.${system}; nodePackages' = nodeFlake.packages.${system};
repoFlakeInputs' = repoFlakeWithSystem system ({ inputs', ... }: inputs'); repoFlakeInputs' = repoFlakeWithSystem system ({inputs', ...}: inputs');
inherit localDomainName; inherit localDomainName;
}; };
meta.nodeNixpkgs.${nodeName} = meta.nodeNixpkgs.${nodeName} =
import nodeFlake.inputs.nixpkgs.outPath import nodeFlake.inputs.nixpkgs.outPath
{ {
inherit system; inherit system;
}; };
${nodeName} = { ${nodeName} = {
deployment.targetHost = "${nodeName}.${localDomainName}"; deployment.targetHost = "${nodeName}.${localDomainName}";

10
nix/os/devices/steveej-x13s/disko.nix
View file

@ -24,7 +24,7 @@
content = { content = {
type = "luks"; type = "luks";
name = "x13s-nvme-crypt"; name = "x13s-nvme-crypt";
extraOpenArgs = [ ]; extraOpenArgs = [];
# disable settings.keyFile if you want to use interactive password entry # disable settings.keyFile if you want to use interactive password entry
#passwordFile = "/tmp/secret.key"; # Interactive #passwordFile = "/tmp/secret.key"; # Interactive
settings = { settings = {
@ -36,19 +36,19 @@
# additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; # additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
content = { content = {
type = "btrfs"; type = "btrfs";
extraArgs = [ "-f" ]; extraArgs = ["-f"];
subvolumes = { subvolumes = {
"/root" = { "/root" = {
mountpoint = "/"; mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ]; mountOptions = ["compress=zstd" "noatime"];
}; };
"/home" = { "/home" = {
mountpoint = "/home"; mountpoint = "/home";
mountOptions = [ "compress=zstd" "noatime" ]; mountOptions = ["compress=zstd" "noatime"];
}; };
"/nix" = { "/nix" = {
mountpoint = "/nix"; mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ]; mountOptions = ["compress=zstd" "noatime"];
}; };
"/swap" = { "/swap" = {
mountpoint = "/.swapvol"; mountpoint = "/.swapvol";

151
nix/os/devices/steveej-x13s/flake.nix
View file

@ -1,89 +1,92 @@
{ {
inputs = inputs = {
{ nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
# required for home-manager modules # required for home-manager modules
nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small"; nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11";
get-flake.url = "github:ursi/get-flake"; get-flake.url = "github:ursi/get-flake";
disko.inputs.nixpkgs.follows = "nixpkgs"; disko.inputs.nixpkgs.follows = "nixpkgs";
mobile-nixos.url = "github:NixOS/mobile-nixos"; mobile-nixos.url = "github:NixOS/mobile-nixos";
mobile-nixos.flake = false; mobile-nixos.flake = false;
home-manager = { home-manager = {
url = "github:nix-community/home-manager/release-23.11"; url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
};
# nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s?rev=5044811f7804e7cf83923908d1b35322f34fb3fc"; # 6.7.0-1
nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s";
nixos-x13s.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = # nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s?rev=5044811f7804e7cf83923908d1b35322f34fb3fc"; # 6.7.0-1
{ self nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s";
, get-flake nixos-x13s.inputs.nixpkgs.follows = "nixpkgs";
, nixpkgs };
, ...
}:
let
targetPlatform = "aarch64-linux";
buildPlatform = "x86_64-linux";
repoFlake = get-flake ../../../..;
mkNixosConfiguration = { nodeName, extraModules ? [ ], ... } @ attrs: outputs = {
nixpkgs.lib.nixosSystem ( self,
nixpkgs.lib.attrsets.recursiveUpdate get-flake,
attrs nixpkgs,
{ ...
specialArgs = (import ./default.nix { }: let
system = targetPlatform; targetPlatform = "aarch64-linux";
inherit nodeName repoFlake; buildPlatform = "x86_64-linux";
repoFlake = get-flake ../../../..;
nodeFlake = self; mkNixosConfiguration = {
}).meta.nodeSpecialArgs.${nodeName}; nodeName,
extraModules ? [],
modules = ...
[ } @ attrs:
# repoFlake.nixosModules.hardware-x13s nixpkgs.lib.nixosSystem (
] nixpkgs.lib.attrsets.recursiveUpdate
++ extraModules; attrs
}
);
in
{
lib = {
inherit mkNixosConfiguration;
};
nixosConfigurations =
let
nodeName = "steveej-x13s";
in
{ {
native = mkNixosConfiguration { specialArgs =
inherit nodeName; (import ./default.nix {
system = targetPlatform; system = targetPlatform;
extraModules = [ inherit nodeName repoFlake;
./configuration.nix
];
};
cross = mkNixosConfiguration { nodeFlake = self;
inherit nodeName; })
extraModules = [ .meta
./configuration.nix .nodeSpecialArgs
.${nodeName};
{ modules =
nixpkgs.buildPlatform.system = buildPlatform; [
nixpkgs.hostPlatform.system = targetPlatform; # repoFlake.nixosModules.hardware-x13s
} ]
]; ++ extraModules;
}; }
}; );
in {
lib = {
inherit mkNixosConfiguration;
}; };
nixosConfigurations = let
nodeName = "steveej-x13s";
in {
native = mkNixosConfiguration {
inherit nodeName;
system = targetPlatform;
extraModules = [
./configuration.nix
];
};
cross = mkNixosConfiguration {
inherit nodeName;
extraModules = [
./configuration.nix
{
nixpkgs.buildPlatform.system = buildPlatform;
nixpkgs.hostPlatform.system = targetPlatform;
}
];
};
};
};
} }

20
nix/os/devices/voodoo/flake.nix
View file

@ -32,13 +32,17 @@
nixpkgs.lib.attrsets.recursiveUpdate nixpkgs.lib.attrsets.recursiveUpdate
attrs attrs
{ {
specialArgs = (import ./default.nix { specialArgs =
system = targetPlatform; (import ./default.nix {
inherit nodeName; system = targetPlatform;
inherit nodeName;
repoFlake = get-flake ../../../..; repoFlake = get-flake ../../../..;
nodeFlake = self; nodeFlake = self;
}).meta.nodeSpecialArgs.${nodeName}; })
.meta
.nodeSpecialArgs
.${nodeName};
modules = modules =
[ [
@ -51,10 +55,8 @@
{ {
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: previous: (final: previous: {
{
}) })
]; ];
} }
] ]

69
nix/os/lib/default.nix
View file

@ -1,39 +1,38 @@
{ lib
, config
,
}:
let
keys = import ../../variables/keys.nix;
in
{ {
mkUser = args: lib.mkMerge [ lib,
{ config,
isNormalUser = true; }: let
extraGroups = [ keys = import ../../variables/keys.nix;
"docker" in {
"wheel" mkUser = args:
"libvirtd" lib.mkMerge [
"networkmanager" {
"vboxusers" isNormalUser = true;
"users" extraGroups = [
"input" "docker"
"audio" "wheel"
"video" "libvirtd"
"cdrom" "networkmanager"
"adbusers" "vboxusers"
"dialout" "users"
"cdrom" "input"
"fuse" "audio"
]; "video"
openssh.authorizedKeys.keys = keys.users.steveej.openssh; "cdrom"
"adbusers"
"dialout"
"cdrom"
"fuse"
];
openssh.authorizedKeys.keys = keys.users.steveej.openssh;
# TODO: investigate why this secret cannot be found # TODO: investigate why this secret cannot be found
# openssh.authorizedKeys.keyFiles = [ # openssh.authorizedKeys.keyFiles = [
# config.sops.secrets.sharedSshKeys-steveej.path # config.sops.secrets.sharedSshKeys-steveej.path
# ]; # ];
} }
args args
]; ];
disk = rec { disk = rec {
# TODO: verify the GPT PARTLABEL cap at 36 chars # TODO: verify the GPT PARTLABEL cap at 36 chars
@ -41,7 +40,7 @@ in
# LVM doesn't allow most characters in VG names # LVM doesn't allow most characters in VG names
# TODO: replace this with a whitelist for: [a-zA-Z0-9.-_+] # TODO: replace this with a whitelist for: [a-zA-Z0-9.-_+]
volumeGroup = diskId: builtins.replaceStrings [ ":" ] [ "" ] diskId; volumeGroup = diskId: builtins.replaceStrings [":"] [""] diskId;
# This is important at install-time # This is important at install-time
bootGrubDevice = diskId: "/dev/disk/by-id/" + diskId; bootGrubDevice = diskId: "/dev/disk/by-id/" + diskId;

404
nix/os/modules/hardware.thinkpad-x13s.nix
View file

@ -1,10 +1,15 @@
{ self, pkgs, config, lib, options, ... }: {
let self,
pkgs,
config,
lib,
options,
...
}: let
# TODO: introduce options for these # TODO: introduce options for these
kernelPdMapper = true; kernelPdMapper = true;
cfg = config.hardware.thinkpad-x13s; cfg = config.hardware.thinkpad-x13s;
in in {
{
options.hardware.thinkpad-x13s = { options.hardware.thinkpad-x13s = {
# TODO: respect this # TODO: respect this
enable = lib.mkEnableOption "x13s hardware support"; enable = lib.mkEnableOption "x13s hardware support";
@ -14,223 +19,222 @@ in
description = "mac address to set on boot"; description = "mac address to set on boot";
}; };
}; };
config = config = let
let inherit (config.boot.loader) efi;
inherit (config.boot.loader) efi; kp = [
kp = [ {
{ name = "x13s-cfg";
name = "x13s-cfg"; patch = null;
patch = null; extraStructuredConfig = with lib.kernel; {
extraStructuredConfig = with lib.kernel; { EFI_ARMSTUB_DTB_LOADER = lib.mkForce yes;
EFI_ARMSTUB_DTB_LOADER = lib.mkForce yes; OF_OVERLAY = lib.mkForce yes;
OF_OVERLAY = lib.mkForce yes; BTRFS_FS = lib.mkForce yes;
BTRFS_FS = lib.mkForce yes; BTRFS_FS_POSIX_ACL = lib.mkForce yes;
BTRFS_FS_POSIX_ACL = lib.mkForce yes; MEDIA_CONTROLLER = lib.mkForce yes;
MEDIA_CONTROLLER = lib.mkForce yes; SND_USB_AUDIO_USE_MEDIA_CONTROLLER = lib.mkForce yes;
SND_USB_AUDIO_USE_MEDIA_CONTROLLER = lib.mkForce yes; SND_USB = lib.mkForce yes;
SND_USB = lib.mkForce yes; SND_USB_AUDIO = lib.mkForce module;
SND_USB_AUDIO = lib.mkForce module; USB_XHCI_PCI = lib.mkForce module;
USB_XHCI_PCI = lib.mkForce module; NO_HZ_FULL = lib.mkForce yes;
NO_HZ_FULL = lib.mkForce yes; HZ_100 = lib.mkForce yes;
HZ_100 = lib.mkForce yes; HZ_250 = lib.mkForce no;
HZ_250 = lib.mkForce no; DRM_AMDGPU = lib.mkForce no;
DRM_AMDGPU = lib.mkForce no; DRM_NOUVEAU = lib.mkForce no;
DRM_NOUVEAU = lib.mkForce no; QCOM_TSENS = lib.mkForce yes;
QCOM_TSENS = lib.mkForce yes; NVMEM_QCOM_QFPROM = lib.mkForce yes;
NVMEM_QCOM_QFPROM = lib.mkForce yes; ARM_QCOM_CPUFREQ_NVMEM = lib.mkForce yes;
ARM_QCOM_CPUFREQ_NVMEM = lib.mkForce yes; VIRTIO_PCI = lib.mkForce module;
VIRTIO_PCI = lib.mkForce module; # forthcoming kernel work: QCOM_PD_MAPPER = lib.mkForce module;
# forthcoming kernel work: QCOM_PD_MAPPER = lib.mkForce module; };
}; }
} ];
];
qrtr = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/qrtr.nix" { }; qrtr = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/qrtr.nix" {};
pd-mapper = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/pd-mapper.nix" { pd-mapper = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/pd-mapper.nix" {
inherit qrtr; inherit qrtr;
}; };
# We can't quite move to mainline linux
# We can't quite move to mainline linux linux_x13s_pkg = {buildLinux, ...} @ args:
linux_x13s_pkg = { buildLinux, ... } @ args: buildLinux (args
buildLinux (args // rec { // rec {
version = "6.7.0"; version = "6.7.0";
modDirVersion = lib.versions.pad 3 version; modDirVersion = lib.versions.pad 3 version;
extraMeta.branch = lib.versions.majorMinor version; extraMeta.branch = lib.versions.majorMinor version;
src = self.inputs.linux_x13s; src = self.inputs.linux_x13s;
kernelPatches = (args.kernelPatches or [ ]) ++ kp; kernelPatches = (args.kernelPatches or []) ++ kp;
} // (args.argsOverride or { })); }
// (args.argsOverride or {}));
# we add additional configuration on top of te normal configuration above # we add additional configuration on top of te normal configuration above
# using the extraStructuredConfig option on the kernel patch # using the extraStructuredConfig option on the kernel patch
linux_x13s = pkgs.callPackage linux_x13s_pkg { linux_x13s = pkgs.callPackage linux_x13s_pkg {
defconfig = "johan_defconfig"; defconfig = "johan_defconfig";
}; };
linuxPackages_x13s = pkgs.linuxPackagesFor linux_x13s; linuxPackages_x13s = pkgs.linuxPackagesFor linux_x13s;
dtbName = "sc8280xp-lenovo-thinkpad-x13s.dtb"; dtbName = "sc8280xp-lenovo-thinkpad-x13s.dtb";
dtb = "${linuxPackages_x13s.kernel}/dtbs/qcom/${dtbName}"; dtb = "${linuxPackages_x13s.kernel}/dtbs/qcom/${dtbName}";
x13s_alsa-ucm-conf = pkgs.alsa-ucm-conf.overrideAttrs (prev: { x13s_alsa-ucm-conf = pkgs.alsa-ucm-conf.overrideAttrs (prev: {
src = self.inputs.alsa-ucm-conf; src = self.inputs.alsa-ucm-conf;
}); });
alsa-ucm-conf-env.ALSA_CONFIG_UCM2 = "${x13s_alsa-ucm-conf}/share/alsa/ucm2"; alsa-ucm-conf-env.ALSA_CONFIG_UCM2 = "${x13s_alsa-ucm-conf}/share/alsa/ucm2";
in
in
lib.mkIf cfg.enable lib.mkIf cfg.enable
{ {
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: prev: (
{ final: prev: {
x13s_extra-firmware = pkgs.callPackage x13s_extra-firmware =
"${self.inputs.adamcstephens_stop-export}/hardware/x13s/extra-firmware.nix" pkgs.callPackage
{ }; "${self.inputs.adamcstephens_stop-export}/hardware/x13s/extra-firmware.nix"
{};
inherit qrtr pd-mapper; inherit qrtr pd-mapper;
} }
) )
];
# ensure the x13s' dtb file is in the boot partition
# TODO:: is this needed for the VT display somehow?
system.activationScripts.x13s-dtb = ''
in_package="${dtb}"
esp_tool_folder="${efi.efiSysMountPoint}/"
in_esp="''${esp_tool_folder}${dtbName}"
>&2 echo "Ensuring $in_esp in EFI System Partition"
if ! ${pkgs.diffutils}/bin/cmp --silent "$in_package" "$in_esp"; then
>&2 echo "Copying $in_package -> $in_esp"
mkdir -p "$esp_tool_folder"
cp "$in_package" "$in_esp"
sync
fi
'';
boot = {
loader.systemd-boot.enable = true;
loader.systemd-boot.extraFiles = {
"${dtbName}" = dtb;
};
loader.efi.canTouchEfiVariables = false;
loader.efi.efiSysMountPoint = "/boot";
blacklistedKernelModules = ["wwan"];
kernelPackages = linuxPackages_x13s;
kernelParams = [
"dtb=${dtbName}"
"boot.shell_on_fail"
# jhovold recommended
"efi=noruntime"
"clk_ignore_unused"
"pd_ignore_unused"
"arm64.nopauth"
# blacklist graphics in initrd so the firmware can load from disk
"rd.driver.blacklist=msm"
]; ];
# ensure the x13s' dtb file is in the boot partition initrd = {
# TODO:: is this needed for the VT display somehow? includeDefaultModules = false;
system.activationScripts.x13s-dtb = ''
in_package="${dtb}"
esp_tool_folder="${efi.efiSysMountPoint}/"
in_esp="''${esp_tool_folder}${dtbName}"
>&2 echo "Ensuring $in_esp in EFI System Partition"
if ! ${pkgs.diffutils}/bin/cmp --silent "$in_package" "$in_esp"; then
>&2 echo "Copying $in_package -> $in_esp"
mkdir -p "$esp_tool_folder"
cp "$in_package" "$in_esp"
sync
fi
'';
boot = { # kernelModules = [
loader.systemd-boot.enable = true; # "nvme"
loader.systemd-boot.extraFiles = { # "phy_qcom_qmp_pcie"
"${dtbName}" = dtb; # "pcie_qcom"
};
loader.efi.canTouchEfiVariables = false;
loader.efi.efiSysMountPoint = "/boot";
blacklistedKernelModules = [ "wwan" ]; # "i2c_core"
# "i2c_hid"
# "i2c_hid_of"
# "i2c_qcom_geni"
kernelPackages = linuxPackages_x13s; # "leds_qcom_lpg"
# "pwm_bl"
# "qrtr"
# "pmic_glink_altmode"
# "gpio_sbu_mux"
# "phy_qcom_qmp_combo"
# "gpucc_sc8280xp"
# "dispcc_sc8280xp"
# "phy_qcom_edp"
# "panel_edp"
# # "msm"
kernelParams = [ # ];
"dtb=${dtbName}"
"boot.shell_on_fail" availableKernelModules = [
"i2c_hid"
"i2c_hid_of"
"i2c_qcom_geni"
"leds_qcom_lpg"
"pwm_bl"
"qrtr"
"pmic_glink_altmode"
"gpio_sbu_mux"
"phy_qcom_qmp_combo"
"panel_edp"
# "msm"
"phy_qcom_edp"
"i2c_core"
"i2c_hid"
"i2c_hid_of"
"i2c_qcom_geni"
"pcie_qcom"
"phy_qcom_qmp_combo"
"phy_qcom_qmp_pcie"
"phy_qcom_qmp_usb"
"phy_qcom_snps_femto_v2"
"phy_qcom_usb_hs"
"nvme"
# jhovold recommended "usbcore"
"efi=noruntime" "xhci_hcd"
"clk_ignore_unused" "usbhid"
"pd_ignore_unused" "usb_storage"
"arm64.nopauth" "uas"
# blacklist graphics in initrd so the firmware can load from disk
"rd.driver.blacklist=msm"
]; ];
initrd = {
includeDefaultModules = false;
# kernelModules = [
# "nvme"
# "phy_qcom_qmp_pcie"
# "pcie_qcom"
# "i2c_core"
# "i2c_hid"
# "i2c_hid_of"
# "i2c_qcom_geni"
# "leds_qcom_lpg"
# "pwm_bl"
# "qrtr"
# "pmic_glink_altmode"
# "gpio_sbu_mux"
# "phy_qcom_qmp_combo"
# "gpucc_sc8280xp"
# "dispcc_sc8280xp"
# "phy_qcom_edp"
# "panel_edp"
# # "msm"
# ];
availableKernelModules = [
"i2c_hid"
"i2c_hid_of"
"i2c_qcom_geni"
"leds_qcom_lpg"
"pwm_bl"
"qrtr"
"pmic_glink_altmode"
"gpio_sbu_mux"
"phy_qcom_qmp_combo"
"panel_edp"
# "msm"
"phy_qcom_edp"
"i2c_core"
"i2c_hid"
"i2c_hid_of"
"i2c_qcom_geni"
"pcie_qcom"
"phy_qcom_qmp_combo"
"phy_qcom_qmp_pcie"
"phy_qcom_qmp_usb"
"phy_qcom_snps_femto_v2"
"phy_qcom_usb_hs"
"nvme"
"usbcore"
"xhci_hcd"
"usbhid"
"usb_storage"
"uas"
];
};
};
# default is performance
powerManagement.cpuFreqGovernor = "ondemand";
hardware.enableAllFirmware = true;
hardware.firmware = [
# pkgs.linux-firmware
pkgs.x13s_extra-firmware
];
systemd.services.pd-mapper = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${lib.getExe pd-mapper}";
Restart = "always";
};
};
environment.sessionVariables = alsa-ucm-conf-env;
systemd.user.services.pipewire.environment = alsa-ucm-conf-env;
systemd.user.services.wireplumber.environment = alsa-ucm-conf-env;
systemd.services.bluetooth = {
serviceConfig = {
# disabled because btmgmt call hangs
ExecStartPre = [
""
"${pkgs.util-linux}/bin/rfkill block bluetooth"
"${pkgs.bluez5-experimental}/bin/btmgmt public-addr ${cfg.bluetoothMac}"
"${pkgs.util-linux}/bin/rfkill unblock bluetooth"
];
RestartSec = 5;
Restart = "on-failure";
};
}; };
}; };
# default is performance
powerManagement.cpuFreqGovernor = "ondemand";
hardware.enableAllFirmware = true;
hardware.firmware = [
# pkgs.linux-firmware
pkgs.x13s_extra-firmware
];
systemd.services.pd-mapper = {
wantedBy = ["multi-user.target"];
serviceConfig = {
ExecStart = "${lib.getExe pd-mapper}";
Restart = "always";
};
};
environment.sessionVariables = alsa-ucm-conf-env;
systemd.user.services.pipewire.environment = alsa-ucm-conf-env;
systemd.user.services.wireplumber.environment = alsa-ucm-conf-env;
systemd.services.bluetooth = {
serviceConfig = {
# disabled because btmgmt call hangs
ExecStartPre = [
""
"${pkgs.util-linux}/bin/rfkill block bluetooth"
"${pkgs.bluez5-experimental}/bin/btmgmt public-addr ${cfg.bluetoothMac}"
"${pkgs.util-linux}/bin/rfkill unblock bluetooth"
];
RestartSec = 5;
Restart = "on-failure";
};
};
};
} }

3
nix/os/modules/opinionatedDisk.nix
View file

@ -11,8 +11,7 @@ with lib; let
earlyDiskId = cfg: earlyDiskId = cfg:
if cfg.earlyDiskIdOverride != "" if cfg.earlyDiskIdOverride != ""
then cfg.earlyDiskIdOverride then cfg.earlyDiskIdOverride
else cfg.diskId else cfg.diskId;
;
in { in {
options.hardware.opinionatedDisk = { options.hardware.opinionatedDisk = {
enable = mkEnableOption "Enable opinionated filesystem layout"; enable = mkEnableOption "Enable opinionated filesystem layout";

17
nix/os/profiles/common/configuration.nix
View file

@ -1,10 +1,11 @@
{ config {
, pkgs config,
, repoFlake pkgs,
, nodeFlake repoFlake,
, repoFlakeInputs' nodeFlake,
, packages' repoFlakeInputs',
, ... packages',
...
}: { }: {
imports = [ imports = [
repoFlake.inputs.sops-nix.nixosModules.sops repoFlake.inputs.sops-nix.nixosModules.sops
@ -29,7 +30,7 @@
boot.tmp.useTmpfs = true; boot.tmp.useTmpfs = true;
# Workaround for nm-pptp to enforce module load # Workaround for nm-pptp to enforce module load
boot.kernelModules = [ "nf_conntrack_proto_gre" "nf_conntrack_pptp" ]; boot.kernelModules = ["nf_conntrack_proto_gre" "nf_conntrack_pptp"];
nixpkgs.config = { nixpkgs.config = {
allowBroken = false; allowBroken = false;

15
nix/os/profiles/common/system.nix
View file

@ -1,8 +1,9 @@
{ config {
, pkgs config,
, lib pkgs,
, nodeName lib,
, ... nodeName,
...
}: { }: {
networking.hostName = builtins.elemAt (builtins.split "\\." nodeName) 0; # Define your hostname. networking.hostName = builtins.elemAt (builtins.split "\\." nodeName) 0; # Define your hostname.
networking.domain = builtins.elemAt (builtins.split "(^[^\\.]+\.)" nodeName) 2; networking.domain = builtins.elemAt (builtins.split "(^[^\\.]+\.)" nodeName) 2;
@ -14,11 +15,11 @@
''; '';
# Fonts, I18N, Date ... # Fonts, I18N, Date ...
fonts.packages = [ pkgs.corefonts ]; fonts.packages = [pkgs.corefonts];
console.font = "lat9w-16"; console.font = "lat9w-16";
i18n = { defaultLocale = "en_US.UTF-8"; }; i18n = {defaultLocale = "en_US.UTF-8";};
time.timeZone = "Etc/UTC"; time.timeZone = "Etc/UTC";
services.gpm.enable = true; services.gpm.enable = true;

16
nix/os/profiles/common/user.nix
View file

@ -1,9 +1,9 @@
{ config {
, pkgs config,
, lib pkgs,
, ... lib,
}: ...
let }: let
keys = import ../../../variables/keys.nix; keys = import ../../../variables/keys.nix;
inherit inherit
(import ../../lib/default.nix { (import ../../lib/default.nix {
@ -16,8 +16,7 @@ let
inherit (lib) types; inherit (lib) types;
cfg = config.users.commonUsers; cfg = config.users.commonUsers;
in in {
{
options.users.commonUsers = { options.users.commonUsers = {
enable = lib.mkOption { enable = lib.mkOption {
default = true; default = true;
@ -77,7 +76,6 @@ in
}) })
]; ];
users.users.steveej = lib.mkIf cfg.enableNonRoot (mkUser (lib.mkMerge [ users.users.steveej = lib.mkIf cfg.enableNonRoot (mkUser (lib.mkMerge [
{ {
uid = 1000; uid = 1000;

11
nix/os/profiles/graphical/system.nix
View file

@ -1,6 +1,7 @@
{ pkgs {
, lib pkgs,
, ... lib,
...
}: { }: {
imports = [ imports = [
../../snippets/bluetooth.nix ../../snippets/bluetooth.nix
@ -25,7 +26,7 @@
services.pcscd.enable = true; services.pcscd.enable = true;
hardware.opengl.enable = true; hardware.opengl.enable = true;
services.udev.packages = [ pkgs.libu2f-host pkgs.yubikey-personalization pkgs.android-udev-rules ]; services.udev.packages = [pkgs.libu2f-host pkgs.yubikey-personalization pkgs.android-udev-rules];
services.udev.extraRules = '' services.udev.extraRules = ''
# OnePlusOne # OnePlusOne
ATTR{idVendor}=="05c6", ATTR{idProduct}=="6764", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess" ATTR{idVendor}=="05c6", ATTR{idProduct}=="6764", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess"
@ -52,6 +53,6 @@
services.printing = { services.printing = {
enable = true; enable = true;
drivers = with pkgs; [ mfcl3770cdwlpr mfcl3770cdwcupswrapper ]; drivers = with pkgs; [mfcl3770cdwlpr mfcl3770cdwcupswrapper];
}; };
} }

9
nix/os/snippets/bluetooth.nix
View file

@ -1,9 +1,10 @@
{ pkgs {
, lib pkgs,
, ... lib,
...
}: { }: {
# required for running blueman-applet in user sessions # required for running blueman-applet in user sessions
services.dbus.packages = with pkgs; [ blueman ]; services.dbus.packages = with pkgs; [blueman];
hardware.bluetooth.enable = true; hardware.bluetooth.enable = true;
services.blueman.enable = true; services.blueman.enable = true;
} }

22
nix/os/snippets/home-manager-with-zsh.nix
View file

@ -1,12 +1,11 @@
{ nodeFlake {
, repoFlake nodeFlake,
, repoFlakeInputs' repoFlake,
, packages' repoFlakeInputs',
, pkgs packages',
, ... pkgs,
}: ...
}: let
let
# TODO: make this configurable # TODO: make this configurable
homeUser = "steveej"; homeUser = "steveej";
commonHomeImports = [ commonHomeImports = [
@ -14,8 +13,7 @@ let
../../home-manager/programs/neovim.nix ../../home-manager/programs/neovim.nix
../../home-manager/programs/zsh.nix ../../home-manager/programs/zsh.nix
]; ];
in in {
{
imports = [ imports = [
nodeFlake.inputs.home-manager.nixosModules.home-manager nodeFlake.inputs.home-manager.nixosModules.home-manager
]; ];
@ -45,5 +43,5 @@ in
programs.zsh.enable = true; programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh; users.defaultUserShell = pkgs.zsh;
environment.pathsToLink = [ "/share/zsh" ]; environment.pathsToLink = ["/share/zsh"];
} }

10
nix/os/snippets/nix-settings.nix
View file

@ -1,7 +1,8 @@
{ nodeFlake {
, pkgs nodeFlake,
, lib pkgs,
, ... lib,
...
}: { }: {
nix.daemonCPUSchedPolicy = "idle"; nix.daemonCPUSchedPolicy = "idle";
nix.daemonIOSchedClass = "idle"; nix.daemonIOSchedClass = "idle";
@ -25,5 +26,4 @@
]; ];
nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs; nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs;
} }

30
nix/os/snippets/radicale.nix
View file

@ -1,15 +1,13 @@
{ config {
, lib config,
, pkgs lib,
, repoFlakeInputs' pkgs,
, ... repoFlakeInputs',
}: ...
}: let
let
# TODO: make configurable # TODO: make configurable
homeUser = "steveej"; homeUser = "steveej";
in in {
{
sops.secrets.radicale_htpasswd = { sops.secrets.radicale_htpasswd = {
sopsFile = ../../../secrets/desktop/radicale_htpasswd; sopsFile = ../../../secrets/desktop/radicale_htpasswd;
format = "binary"; format = "binary";
@ -19,11 +17,13 @@ in
home-manager.users.${homeUser} = _: { home-manager.users.${homeUser} = _: {
imports = [ imports = [
# TODO: bump these to latest and make it work # TODO: bump these to latest and make it work
(args: (
import ../../home-manager/programs/radicale.nix (args // { args:
osConfig = config; import ../../home-manager/programs/radicale.nix (args
pkgs = repoFlakeInputs'.radicalePkgs.legacyPackages; // {
}) osConfig = config;
pkgs = repoFlakeInputs'.radicalePkgs.legacyPackages;
})
) )
]; ];
}; };

47
nix/os/snippets/sway-desktop.nix
View file

@ -1,14 +1,12 @@
{ pkgs {
, lib pkgs,
, config lib,
, ... config,
}: ...
}: let
let
# TODO: make this configurable # TODO: make this configurable
homeUser = "steveej"; homeUser = "steveej";
in in {
{
services.xserver.serverFlagsSection = '' services.xserver.serverFlagsSection = ''
Option "BlankTime" "0" Option "BlankTime" "0"
Option "StandbyTime" "0" Option "StandbyTime" "0"
@ -30,7 +28,7 @@ in
# required by swaywm # required by swaywm
security.polkit.enable = true; security.polkit.enable = true;
security.pam.services.swaylock = { }; security.pam.services.swaylock = {};
# test these on https://mozilla.github.io/webrtc-landing/gum_test.html # test these on https://mozilla.github.io/webrtc-landing/gum_test.html
xdg.portal = { xdg.portal = {
@ -54,7 +52,6 @@ in
]; ];
}; };
# rtkit is optional but recommended # rtkit is optional but recommended
security.rtkit.enable = true; security.rtkit.enable = true;
services.pipewire = { services.pipewire = {
@ -74,8 +71,8 @@ in
# autologin steveej on tty1 # autologin steveej on tty1
# TODO: make user configurable # TODO: make user configurable
systemd.services."autovt@tty1".description = "Autologin at the TTY1"; systemd.services."autovt@tty1".description = "Autologin at the TTY1";
systemd.services."autovt@tty1".after = [ "systemd-logind.service" ]; # without it user session not started and xorg can't be run from this tty systemd.services."autovt@tty1".after = ["systemd-logind.service"]; # without it user session not started and xorg can't be run from this tty
systemd.services."autovt@tty1".wantedBy = [ "multi-user.target" ]; systemd.services."autovt@tty1".wantedBy = ["multi-user.target"];
systemd.services."autovt@tty1".serviceConfig = { systemd.services."autovt@tty1".serviceConfig = {
ExecStart = [ ExecStart = [
"" # override upstream default with an empty ExecStart "" # override upstream default with an empty ExecStart
@ -85,19 +82,17 @@ in
Type = "idle"; Type = "idle";
}; };
programs = programs = let
let steveejSwayOnTty1 = ''
steveejSwayOnTty1 = '' if test $(id --user steveej) = $(id -u) && test $(tty) = "/dev/tty1"; then
if test $(id --user steveej) = $(id -u) && test $(tty) = "/dev/tty1"; then exec sway
exec sway fi
fi '';
''; in {
in bash.loginShellInit = steveejSwayOnTty1;
{ # TODO: only do this when zsh is enabled. first naiv attempt lead infinite recursion
bash.loginShellInit = steveejSwayOnTty1; zsh.loginShellInit = steveejSwayOnTty1;
# TODO: only do this when zsh is enabled. first naiv attempt lead infinite recursion };
zsh.loginShellInit = steveejSwayOnTty1;
};
home-manager.users."${homeUser}" = _: { home-manager.users."${homeUser}" = _: {
imports = [ imports = [

8
nix/os/snippets/timezone.nix
View file

@ -1,9 +1,5 @@
{ lib, ... }: {lib, ...}: let
let
passwords = import ../../variables/passwords.crypt.nix; passwords = import ../../variables/passwords.crypt.nix;
in {
in
{
time.timeZone = lib.mkDefault passwords.timeZone.stefan; time.timeZone = lib.mkDefault passwords.timeZone.stefan;
} }

56
nix/pkgs/logseq/default.nix
View file

@ -1,30 +1,30 @@
{ lib
, stdenv
, fetchurl
, appimageTools
, makeWrapper
# graphs will not sync without matching upstream's major electron version
, electron_27
, git
, nix-update-script
, overrideSrc ? null
}:
stdenv.mkDerivation (finalAttrs:
let
inherit (finalAttrs) pname version src appimageContents;
in
{ {
lib,
stdenv,
fetchurl,
appimageTools,
makeWrapper,
# graphs will not sync without matching upstream's major electron version
electron_27,
git,
nix-update-script,
overrideSrc ? null,
}:
stdenv.mkDerivation (finalAttrs: let
inherit (finalAttrs) pname version src appimageContents;
in {
pname = "logseq"; pname = "logseq";
version = "0.10.5"; version = "0.10.5";
src = if overrideSrc != null then overrideSrc else src =
(fetchurl { if overrideSrc != null
url = "https://github.com/logseq/logseq/releases/download/${version}/logseq-linux-x64-${version}.AppImage"; then overrideSrc
hash = "sha256-F3YbqgvL04P0nXaIVkJlCq/z8hUE0M0UutkBs2omuBE="; else
name = "${pname}-${version}.AppImage"; (fetchurl {
}); url = "https://github.com/logseq/logseq/releases/download/${version}/logseq-linux-x64-${version}.AppImage";
hash = "sha256-F3YbqgvL04P0nXaIVkJlCq/z8hUE0M0UutkBs2omuBE=";
name = "${pname}-${version}.AppImage";
});
appimageContents = appimageTools.extract { appimageContents = appimageTools.extract {
inherit pname src version; inherit pname src version;
@ -34,7 +34,7 @@ in
dontConfigure = true; dontConfigure = true;
dontBuild = true; dontBuild = true;
nativeBuildInputs = [ makeWrapper ]; nativeBuildInputs = [makeWrapper];
installPhase = '' installPhase = ''
runHook preInstall runHook preInstall
@ -67,17 +67,17 @@ in
--set "LOCAL_GIT_DIRECTORY" ${git} \ --set "LOCAL_GIT_DIRECTORY" ${git} \
--add-flags $out/share/${pname}/resources/app \ --add-flags $out/share/${pname}/resources/app \
--add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \ --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \
--prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [ stdenv.cc.cc.lib ]}" --prefix LD_LIBRARY_PATH : "${lib.makeLibraryPath [stdenv.cc.cc.lib]}"
''; '';
passthru.updateScript = nix-update-script { }; passthru.updateScript = nix-update-script {};
meta = { meta = {
description = "A local-first, non-linear, outliner notebook for organizing and sharing your personal knowledge base"; description = "A local-first, non-linear, outliner notebook for organizing and sharing your personal knowledge base";
homepage = "https://github.com/logseq/logseq"; homepage = "https://github.com/logseq/logseq";
changelog = "https://github.com/logseq/logseq/releases/tag/${version}"; changelog = "https://github.com/logseq/logseq/releases/tag/${version}";
license = lib.licenses.agpl3Plus; license = lib.licenses.agpl3Plus;
maintainers = with lib.maintainers; [ ]; maintainers = with lib.maintainers; [];
platforms = [ "x86_64-linux" "aarch64-linux" ]; platforms = ["x86_64-linux" "aarch64-linux"];
}; };
}) })