From a083c05b27fe807f4fdb7892264e168dd9b810b6 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Mon, 22 Jan 2024 22:50:51 +0100 Subject: [PATCH] WIP: x13s: install to nvme, refactor into module --- .sops.yaml | 7 + flake.lock | 74 +++++ flake.nix | 39 ++- .../configuration/graphical-fullblown.nix | 224 +++++++-------- nix/home-manager/profiles/common.nix | 14 +- nix/home-manager/profiles/wayland-desktop.nix | 10 +- nix/home-manager/programs/chromium.nix | 37 +-- nix/home-manager/programs/radicale.nix | 89 +++--- nix/home-manager/programs/zsh.nix | 118 ++++---- nix/os/devices/steveej-t14/configuration.nix | 3 +- nix/os/devices/steveej-t14/pkg.nix | 108 ++----- nix/os/devices/steveej-t14/system.nix | 13 +- .../steveej-x13s-rmvbl/configuration.nix | 35 ++- nix/os/devices/steveej-x13s-rmvbl/default.nix | 25 +- nix/os/devices/steveej-x13s-rmvbl/flake.lock | 70 ++++- nix/os/devices/steveej-x13s-rmvbl/flake.nix | 272 +----------------- nix/os/devices/steveej-x13s/.gitignore | 1 + nix/os/devices/steveej-x13s/configuration.nix | 107 +++++++ nix/os/devices/steveej-x13s/default.nix | 40 +++ nix/os/devices/steveej-x13s/disko.nix | 66 +++++ nix/os/devices/steveej-x13s/flake.lock | 207 +++++++++++++ nix/os/devices/steveej-x13s/flake.nix | 73 +++++ nix/os/modules/hardware.thinkpad-x13s.nix | 242 ++++++++++++++++ nix/os/modules/opinionatedDisk.nix | 2 +- nix/os/profiles/common/pkg.nix | 19 +- nix/os/snippets/radicale.nix | 107 ++----- nix/os/snippets/sway-desktop.nix | 90 ++++++ secrets/desktop/radicale_htpasswd | 6 +- 28 files changed, 1361 insertions(+), 737 deletions(-) create mode 100644 nix/os/devices/steveej-x13s/.gitignore create mode 100644 nix/os/devices/steveej-x13s/configuration.nix create mode 100644 nix/os/devices/steveej-x13s/default.nix create mode 100644 nix/os/devices/steveej-x13s/disko.nix create mode 100644 nix/os/devices/steveej-x13s/flake.lock create mode 100644 nix/os/devices/steveej-x13s/flake.nix create mode 100644 nix/os/modules/hardware.thinkpad-x13s.nix create mode 100644 nix/os/snippets/sway-desktop.nix diff --git a/.sops.yaml b/.sops.yaml index 4ac1cea..895ce81 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -41,6 +41,13 @@ creation_rules: - *steveej age: - *steveej-t14 + - path_regex: ^secrets/desktop/.+$ + key_groups: + - pgp: + - *steveej + age: + - *steveej-t14 + - *steveej-x13s-rmvbl - path_regex: ^secrets/servers/.+$ key_groups: - pgp: diff --git a/flake.lock b/flake.lock index 86a3f52..825f580 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,38 @@ { "nodes": { + "adamcstephens_stop-export": { + "flake": false, + "locked": { + "lastModified": 1705876512, + "narHash": "sha256-nvBqLyi8dMQf3xnROwEcUv4iqV55Mr8S8OGYepu14i4=", + "ref": "refs/heads/main", + "rev": "388684db5b529bbd6f3e948cf175df089eb09766", + "revCount": 14, + "type": "git", + "url": "https://codeberg.org/adamcstephens/stop-export.git" + }, + "original": { + "type": "git", + "url": "https://codeberg.org/adamcstephens/stop-export.git" + } + }, + "alsa-ucm-conf": { + "flake": false, + "locked": { + "lastModified": 1705501566, + "narHash": "sha256-Nyr7tjH5VBjocvaKaHCiK+zsjThYBtcr936aRWCBBpM=", + "owner": "alsa-project", + "repo": "alsa-ucm-conf", + "rev": "e87dde51d68950537f92af955ad0633437cc419a", + "type": "github" + }, + "original": { + "owner": "alsa-project", + "ref": "master", + "repo": "alsa-ucm-conf", + "type": "github" + } + }, "aphorme_launcher": { "flake": false, "locked": { @@ -17,6 +50,23 @@ "type": "github" } }, + "brainwart_x13s-nixos": { + "flake": false, + "locked": { + "lastModified": 1705565623, + "narHash": "sha256-sisr/dFIz8p3/Y7mz+arWxjeiBmUTQkMqkF9j3c2dWE=", + "owner": "BrainWart", + "repo": "x13s-nixos", + "rev": "29002122d86a1009ba70e7a4ca3063e5404c77a2", + "type": "github" + }, + "original": { + "owner": "BrainWart", + "ref": "flake", + "repo": "x13s-nixos", + "type": "github" + } + }, "colmena": { "inputs": { "flake-compat": "flake-compat", @@ -293,6 +343,23 @@ "type": "github" } }, + "linux_x13s": { + "flake": false, + "locked": { + "lastModified": 1705680516, + "narHash": "sha256-NjCuPYjYHBJcoJR1ZaWQ9sRh0VpY2Y0hawkbUBRfCvk=", + "owner": "jhovold", + "repo": "linux", + "rev": "bac95eabe6577faa2773cbe7e91c34fd17ab79a0", + "type": "github" + }, + "original": { + "owner": "jhovold", + "ref": "wip/sc8280xp-v6.7", + "repo": "linux", + "type": "github" + } + }, "nix-eval-jobs": { "inputs": { "flake-parts": "flake-parts_3", @@ -636,7 +703,10 @@ }, "root": { "inputs": { + "adamcstephens_stop-export": "adamcstephens_stop-export", + "alsa-ucm-conf": "alsa-ucm-conf", "aphorme_launcher": "aphorme_launcher", + "brainwart_x13s-nixos": "brainwart_x13s-nixos", "colmena": "colmena", "crane": "crane", "disko": [ @@ -647,6 +717,7 @@ "flake-parts": "flake-parts", "get-flake": "get-flake", "jay": "jay", + "linux_x13s": "linux_x13s", "nixos-anywhere": "nixos-anywhere", "nixpkgs": [ "nixpkgs-2311" @@ -659,6 +730,9 @@ "nixpkgs-wayland": "nixpkgs-wayland", "ofi-pass": "ofi-pass", "prs": "prs", + "radicalePkgs": [ + "nixpkgs-2211" + ], "salut": "salut", "sops-nix": "sops-nix", "srvos": "srvos", diff --git a/flake.nix b/flake.nix index 691edf1..3191f4c 100644 --- a/flake.nix +++ b/flake.nix @@ -3,6 +3,7 @@ inputs = { # flake and infra basics nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; + radicalePkgs.follows = "nixpkgs-2211"; nixpkgs-2305.url = "github:nixos/nixpkgs/nixos-23.05"; nixpkgs-2311.url = "github:nixos/nixpkgs/nixos-23.05"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; @@ -13,7 +14,7 @@ srvos.url = "github:numtide/srvos"; srvos.inputs.nixpkgs.follows = "nixpkgs"; - nixos-anywhere.url = github:numtide/nixos-anywhere/main; + nixos-anywhere.url = "github:numtide/nixos-anywhere/main"; nixos-anywhere.inputs.nixpkgs.follows = "nixpkgs"; disko.follows = "nixos-anywhere/disko"; @@ -68,6 +69,31 @@ url = "gitlab:timvisee/prs/master"; flake = false; }; + + + ### inputs for thinkpad x13s + # see https://github.com/jhovold/linux/wiki/X13s for status updates + linux_x13s.url = "github:jhovold/linux/wip/sc8280xp-v6.7"; + linux_x13s.flake = false; + + brainwart_x13s-nixos = { + url = "github:BrainWart/x13s-nixos/flake"; + flake = false; + }; + + adamcstephens_stop-export = { + flake = false; + url = "git+https://codeberg.org/adamcstephens/stop-export.git"; + }; + + + alsa-ucm-conf = { + flake = false; + url = "github:alsa-project/alsa-ucm-conf/master"; + }; + + + ### }; outputs = @@ -104,6 +130,7 @@ nodeFlake = self.inputs.get-flake ./nix/os/devices/${nodeName}; }) [ "steveej-t14" + "steveej-x13s" # "elias-e525" # "justyna-p300" @@ -122,7 +149,7 @@ // ( let router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations; - steveej-x13s-rmvbl = (inputs.get-flake ./nix/os/devices/steveej-x13s-rmvbl).nixosConfigurations; + steveej-x13s = (inputs.get-flake ./nix/os/devices/steveej-x13s).nixosConfigurations; retro = (inputs.get-flake ./nix/os/devices/retro).nixosConfigurations; in { @@ -135,8 +162,7 @@ # nixos-install --flake .\#retro_cross retro_cross = retro.cross; - steveej-x13s-rmvbl = steveej-x13s-rmvbl.native; - steveej-x13s-rmvbl_cross = steveej-x13s-rmvbl.cross; + steveej-x13s_cross = steveej-x13s.cross; } ); @@ -272,6 +298,11 @@ inherit inputs' pkgs; packages' = packages; }; + }; + + flake.nixosModules = { + thinkpad-x13s = { pkgs, config, lib, options, ... } @ args: (import ./nix/os/modules/hardware.thinkpad-x13s.nix (args // { inherit self; })); + }; }); } diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 0333dad..aa8f6e7 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -1,26 +1,23 @@ { pkgs +, lib , config , # these come in via home-manager.extraSpecialArgs and are specific to each node nodeFlake , packages' -, # repoFlake, - # repoFlakeInputs', - ... +, ... }: let # pkgsMaster = nodeFlake.inputs.nixpkgs-master.legacyPackages.${pkgs.system}; pkgsUnstableSmall = import nodeFlake.inputs.nixpkgs-unstable-small { inherit (pkgs) system config; }; - pkgs2211 = nodeFlake.inputs.nixpkgs-2211.legacyPackages.${pkgs.system}; in { imports = [ ../profiles/common.nix - ../profiles/dotfiles.nix + # ../profiles/dotfiles.nix # FIXME: fix homeshick when no WAN connection is available # ../programs/homeshick.nix # ../profiles/gnome-desktop.nix - ../profiles/sway-desktop.nix # ../profiles/experimental-desktop.nix ../programs/redshift.nix @@ -28,7 +25,7 @@ in ../programs/gpg-agent.nix ../programs/pass.nix - ../programs/espanso.nix + # ../programs/espanso.nix ../programs/firefox.nix ../programs/chromium.nix @@ -36,10 +33,6 @@ in ../programs/libreoffice.nix ../programs/neovim.nix ../programs/vscode - - # TODO: bump these to 23.05 and make it work - (args: import ../programs/radicale.nix (args // { pkgs = pkgs2211; })) - # (args: import ../programs/espanso.nix (args // {pkgs = pkgs2211;})) ]; home.sessionVariables.HM_CONFIG = "graphical-fullblown"; @@ -55,21 +48,19 @@ in [ ] ++ (with pkgs; [ # Authentication - cacert - fprintd - openssl - mkpasswd + # cacert + # fprintd + # openssl + # mkpasswd # Nix package related tools patchelf - nix-index + # nix-index nix-prefetch-scripts - # nix-prefetch-github nix-tree # Version Control Systems gitFull - pijul # gitless gitRepo git-lfs @@ -118,7 +109,9 @@ in # FIXME: depends on insecure openssl 1.1.1t # kotatogram-desktop tdesktop + pkgsUnstableSmall.signal-desktop + #(let # version = "6.20.0-beta.1"; #in @@ -138,7 +131,6 @@ in # ''; # })) - pkgsUnstableSmall.session-desktop # --add-flags "--enable-features=UseOzonePlatform" # --add-flags "--ozone-platform=wayland" # (pkgsUnstableSmall.session-desktop.overrideAttrs (old: { @@ -175,61 +167,51 @@ in # })) thunderbird + # gnome.cheese - discord + + # Virtualization # virtmanager # Remote Control Tools remmina - freerdp - teamviewer - pkgsUnstableSmall.rustdesk + # freerdp + + # Audio/Video Players ffmpeg vlc - v4l-utils - audacity - spotify + # v4l-utils + # audacity + # spotify yt-dlp (writeShellScriptBin "youtube-dl-audio" "${yt-dlp}/bin/yt-dlp --extract-audio --audio-format best --audio-quality 9 \${@:?}") libwebcam # Network Tools - openvpn tcpdump iftop iperf bind socat - # 2019-03-05: broken on 19.03 linssid - iptraf-ng - ipmitool - - iptables - nftables - wireshark - wireguard-tools + nethogs # Code Editing and Programming - xclip - xsel - pkgsUnstableSmall.lapce - pkgsUnstableSmall.helix - pkgsUnstableSmall.nil + # pkgsUnstableSmall.lapce + # pkgsUnstableSmall.helix + # pkgsUnstableSmall.nil # Image/Graphic/Design Tools gnome.eog - gimp - imagemagick - exiv2 - graphviz - inkscape - qrencode - zbar - feh + # gimp + # imagemagick + # exiv2 + # graphviz + # inkscape + # qrencode # TODO: remove or move these: Modelling Tools # plantuml @@ -240,62 +222,47 @@ in # astah-community # Misc Development Tools - qrcode - jq - cdrtools + # qrcode + # jq + # cdrtools # Document Processing and Management gnome.nautilus - xfce.thunar pcmanfm # mendeley evince - (runCommand "logseq-wrapper" - { - nativeBuildInputs = [ makeWrapper ]; - } '' - makeWrapper ${logseq}/bin/logseq $out/bin/logseq \ - --set NIXOS_OZONE_WL "" - '') - # (logseq.override({ electron_25 = electron_26; })) + # File Synchronzation maestral - maestral-gui rsync # Filesystem Tools - ntfs3g - ddrescue - ncdu - unetbootin - hdparm - testdisk + # ntfs3g + # ddrescue + # ncdu + # hdparm # binwalk - gptfdisk - gparted - smartmontools + # gptfdisk + # gparted + # smartmontools - ## Android - androidenv.androidPkgs_9_0.platform-tools ## Python - packages'.myPython + # packages'.myPython # Misc Desktop Tools - ltunify + # ltunify # dex - xorg.xbacklight coreutils lsof - xdotool xdg_utils xdg-user-dirs dconf picocom glib.dev # contains gdbus tool alacritty - wally-cli + # wally-cli man-pages # Screen recording @@ -311,64 +278,77 @@ in # introduces python: screenkey # avidemux # broken - handbrake + # handbrake - pkgsUnstableSmall.ledger-live-desktop - - (banana-accounting.overrideDerivation (attrs: - with inputs'.nixpkgs-2211.legacyPackages; { - # dontWrapGApps = true; - - srcs = builtins.fetchurl { - # hosted via https://web3.storage - url = "https://bafybeiabi4m2i4izummipbl5wzhwxjyjt2rylgsrahhkh7i63piwd37n4u.ipfs.w3s.link/mfpcksczayaqqx8fdacp0627zm36c001-bananaplus.tgz"; - - sha256 = "09666iqzqdw2526pf6bg5kd0hfw0wblw8ag636ki72dsiw6bmbf1"; - }; - - # nativeBuildInputs = - # attrs.nativeBuildInputs - # ++ [ - # qt5.qtbase - # qt5.wrapQtAppsHook - # ]; - - # buildInputs = - # attrs.buildInputs - # ++ [ - # qt5.qtwayland - # ]; - - # preFixup = - # (attrs.preFixup or "") - # + '' - # qtWrapperArgs+=("''${gappsWrapperArgs[@]}") - # ''; - })) - - - snes9x - snes9x-gtk + # snes9x + # snes9x-gtk # this is a displaymanager! # libretro.snes9x2010 # retroarchFull - ]); + ]) + ++ (lib.lists.optionals (!pkgs.stdenv.targetPlatform.isAarch64) [ + (pkgs.banana-accounting.overrideDerivation + (attrs: + with nodeFlake.inputs'.nixpkgs-2211.legacyPackages; { + # dontWrapGApps = true; + + srcs = builtins.fetchurl { + # hosted via https://web3.storage + url = "https://bafybeiabi4m2i4izummipbl5wzhwxjyjt2rylgsrahhkh7i63piwd37n4u.ipfs.w3s.link/mfpcksczayaqqx8fdacp0627zm36c001-bananaplus.tgz"; + + sha256 = "09666iqzqdw2526pf6bg5kd0hfw0wblw8ag636ki72dsiw6bmbf1"; + }; + + # nativeBuildInputs = + # attrs.nativeBuildInputs + # ++ [ + # qt5.qtbase + # qt5.wrapQtAppsHook + # ]; + + # buildInputs = + # attrs.buildInputs + # ++ [ + # qt5.qtwayland + # ]; + + # preFixup = + # (attrs.preFixup or "") + # + '' + # qtWrapperArgs+=("''${gappsWrapperArgs[@]}") + # ''; + }) + ) + + pkgsUnstableSmall.ledger-live-desktop + + (pkgs.runCommand "logseq-wrapper" + { + nativeBuildInputs = [ pkgs.makeWrapper ]; + } '' + makeWrapper ${pkgs.logseq}/bin/logseq $out/bin/logseq \ + --set NIXOS_OZONE_WL "" + '') + # (logseq.override({ electron_25 = electron_26; })) + + # unsupported on aarch64-linux + pkgs.androidenv.androidPkgs_9_0.platform-tools + pkgs.teamviewer + pkgs.discord + pkgsUnstableSmall.session-desktop + pkgsUnstableSmall.rustdesk + ]) + ; systemd.user.startServices = true; services.syncthing.enable = true; services.udiskie = { enable = true; - automount = true; + automount = false; notify = true; }; - # FIXME: doesn't work as the service can't seem to control its started PID - services.dropbox = { - enable = false; - path = "${config.home.homeDirectory}/Dropbox-Hm"; - }; - # TODO: uncomment this when it's in stable home-manger # programs.joshuto = { # enable = true; diff --git a/nix/home-manager/profiles/common.nix b/nix/home-manager/profiles/common.nix index 20a17e3..9c76c30 100644 --- a/nix/home-manager/profiles/common.nix +++ b/nix/home-manager/profiles/common.nix @@ -1,4 +1,4 @@ -{pkgs, ...}: { +{ pkgs, ... }: { # TODO: re-enable this with the appropriate version? # programs.home-manager.enable = true; # programs.home-manager.path = https://github.com/rycee/home-manager/archive/445c0b1482c38172a9f8294ee16a7ca7462388e5.tar.gz; @@ -11,10 +11,16 @@ allowBroken = false; allowUnfree = true; - permittedInsecurePackages = []; + permittedInsecurePackages = [ ]; }; - nix.settings.experimental-features = ["nix-command" "flakes" "impure-derivations" "ca-derivations" "recursive-nix"]; + nix.settings.experimental-features = [ + "nix-command" + "flakes" + "impure-derivations" + "ca-derivations" + "recursive-nix" + ]; nix.settings.sandbox = "relaxed"; home.keyboard = { @@ -40,7 +46,7 @@ programs.fzf.enable = true; home.packages = - [] + [ ] ++ (with pkgs; [ htop vcsh diff --git a/nix/home-manager/profiles/wayland-desktop.nix b/nix/home-manager/profiles/wayland-desktop.nix index ffab825..298aaf5 100644 --- a/nix/home-manager/profiles/wayland-desktop.nix +++ b/nix/home-manager/profiles/wayland-desktop.nix @@ -8,10 +8,7 @@ let inherit (import ../lib.nix { }) mkSimpleTrayService; - nixpkgs-2211 = nodeFlake.inputs.nixpkgs-2211.legacyPackages.${pkgs.system}; - nixpkgs-unstable-small = nodeFlake.inputs.nixpkgs-unstable-small.legacyPackages.${pkgs.system}; nixpkgs-wayland' = repoFlake.inputs.nixpkgs-wayland.packages.${pkgs.system}; - wayprompt = nixpkgs-wayland'.wayprompt; in { @@ -43,7 +40,6 @@ in wl-clipboard wmctrl - wayprompt nixpkgs-wayland'.shotman # identifies key input syms @@ -63,7 +59,11 @@ in # probably required by flameshot # xdg-desktop-portal xdg-desktop-portal-wlr # grim - ]; + ] ++ (lib.lists.optionals (!pkgs.stdenv.isAarch64) + # TODO: broken on aarch64 + [ + ] + ); home.sessionVariables = { XDG_SESSION_TYPE = "wayland"; diff --git a/nix/home-manager/programs/chromium.nix b/nix/home-manager/programs/chromium.nix index c2240b9..81383c9 100644 --- a/nix/home-manager/programs/chromium.nix +++ b/nix/home-manager/programs/chromium.nix @@ -1,15 +1,16 @@ -{ - name, - lib, - ... -}: let +{ name +, lib +, pkgs +, ... +}: +let extensions = [ #undetectable adblocker - {id = "gcfcpohokifjldeandkfjoboemihipmb";} + { id = "gcfcpohokifjldeandkfjoboemihipmb"; } # ublock origin - {id = "cjpalhdlnbpafiamejdnhcphjbkeiagm";} + { id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; } # # YT ad block # {id = "cmedhionkhpnakcndndgjdbohmhepckk";} @@ -18,15 +19,15 @@ # {id = "cfhdojbkjhnklbpkdaibdccddilifddb";} # Cookie Notice Blocker - {id = "odhmfmnoejhihkmfebnolljiibpnednn";} + { id = "odhmfmnoejhihkmfebnolljiibpnednn"; } # i don't care about cookies - {id = "fihnjjcciajhdojfnbdddfaoknhalnja";} + { id = "fihnjjcciajhdojfnbdddfaoknhalnja"; } # NopeCHA - {id = "dknlfmjaanfblgfdfebhijalfmhmjjjo";} + { id = "dknlfmjaanfblgfdfebhijalfmhmjjjo"; } # h264ify - {id = "aleakchihdccplidncghkekgioiakgal";} + { id = "aleakchihdccplidncghkekgioiakgal"; } # clippy # {id = "honbeilkanbghjimjoniipnnehlmhggk"} @@ -37,25 +38,27 @@ } # cookie autodelete - {id = "fhcgjolkccmbidfldomjliifgaodjagh";} + { id = "fhcgjolkccmbidfldomjliifgaodjagh"; } # unhook - { id = "khncfooichmfjbepaaaebmommgaepoid";} + { id = "khncfooichmfjbepaaaebmommgaepoid"; } ] ++ (lib.lists.optionals ((builtins.match "^steveej.*" name) != null) [ # Vimium C - {id = "hfjbmagddngcpeloejdejnfgbamkjaeg";} + { id = "hfjbmagddngcpeloejdejnfgbamkjaeg"; } ]); -in { +in +{ programs.chromium = { enable = true; inherit extensions; }; programs.brave = { - enable = true; + # TODO: enable this on aarch64-linux + enable = true && !pkgs.stdenv.targetPlatform.isAarch64; inherit extensions; }; - programs.browserpass = {browsers = ["chromium" "brave"];}; + programs.browserpass = { browsers = [ "chromium" "brave" ]; }; } diff --git a/nix/home-manager/programs/radicale.nix b/nix/home-manager/programs/radicale.nix index a8e4eef..bcedd41 100644 --- a/nix/home-manager/programs/radicale.nix +++ b/nix/home-manager/programs/radicale.nix @@ -1,10 +1,10 @@ -{ - config, - lib, - pkgs, - osConfig, - ... -}: let +{ config +, lib +, pkgs +, osConfig +, ... +}: +let libdecsync = pkgs.python3Packages.buildPythonPackage rec { pname = "libdecsync"; version = "2.2.1"; @@ -38,50 +38,53 @@ # pkgs.libxcrypt ]; - propagatedBuildInputs = [libdecsync pkgs.python3Packages.setuptools]; + propagatedBuildInputs = [ libdecsync pkgs.python3Packages.setuptools ]; }; radicale-decsync = pkgs.radicale.overrideAttrs (old: { propagatedBuildInputs = old.propagatedBuildInputs - ++ [radicale-storage-decsync]; + ++ [ radicale-storage-decsync ]; }); - mkRadicaleService = { - suffix, - port, - }: let - radicale-config = pkgs.writeText "radicale-config-${suffix}" '' - [server] - hosts = localhost:${builtins.toString port} + mkRadicaleService = + { suffix + , port + , + }: + let + radicale-config = pkgs.writeText "radicale-config-${suffix}" '' + [server] + hosts = localhost:${builtins.toString port} - [auth] - type = htpasswd - htpasswd_filename = ${osConfig.sops.secrets.radicale_htpasswd.path} - htpasswd_encryption = bcrypt + [auth] + type = htpasswd + htpasswd_filename = ${osConfig.sops.secrets.radicale_htpasswd.path} + htpasswd_encryption = bcrypt - [storage] - type = radicale_storage_decsync - filesystem_folder = ${config.xdg.dataHome}/radicale-${suffix} - decsync_dir = ${config.xdg.dataHome}/decsync-${suffix} - ''; - in { - systemd.user.services."radicale-${suffix}" = { - Unit.Description = "Radicale with DecSync (${suffix})"; - Service = { - ExecStart = "${radicale-decsync}/bin/radicale -C ${radicale-config}"; - Restart = "on-failure"; + [storage] + type = radicale_storage_decsync + filesystem_folder = ${config.xdg.dataHome}/radicale-${suffix} + decsync_dir = ${config.xdg.dataHome}/decsync-${suffix} + ''; + in + { + systemd.user.services."radicale-${suffix}" = { + Unit.Description = "Radicale with DecSync (${suffix})"; + Service = { + ExecStart = "${radicale-decsync}/bin/radicale -C ${radicale-config}"; + Restart = "on-failure"; + }; + Install.WantedBy = [ "default.target" ]; }; - Install.WantedBy = ["default.target"]; }; - }; in - builtins.foldl' (sum: cur: lib.recursiveUpdate sum (mkRadicaleService cur)) {} [ - { - suffix = "personal"; - port = 5232; - } - { - suffix = "family"; - port = 5233; - } - ] +builtins.foldl' (sum: cur: lib.recursiveUpdate sum (mkRadicaleService cur)) { } [ + { + suffix = "personal"; + port = 5232; + } + { + suffix = "family"; + port = 5233; + } +] diff --git a/nix/home-manager/programs/zsh.nix b/nix/home-manager/programs/zsh.nix index 0d3085d..8d2596a 100644 --- a/nix/home-manager/programs/zsh.nix +++ b/nix/home-manager/programs/zsh.nix @@ -1,29 +1,30 @@ -{ - config, - lib, - pkgs, - ... -}: let - just-plugin = let - plugin_file = pkgs.writeText "_just" '' - #compdef just - #autload +{ config +, lib +, pkgs +, ... +}: +let + just-plugin = + let + plugin_file = pkgs.writeText "_just" '' + #compdef just + #autload - alias justl="\just --list" - alias juste="\just --evaluate" + alias justl="\just --list" + alias juste="\just --evaluate" - local subcmds=() + local subcmds=() - while read -r line ; do - if [[ ! $line == Available* ]] ; - then - subcmds+=(''${line/[[:space:]]*\#/:}) - fi - done < <(just --list) + while read -r line ; do + if [[ ! $line == Available* ]] ; + then + subcmds+=(''${line/[[:space:]]*\#/:}) + fi + done < <(just --list) - _describe 'command' subcmds - ''; - in + _describe 'command' subcmds + ''; + in pkgs.stdenv.mkDerivation { name = "just-completions"; version = "0.1.0"; @@ -35,7 +36,8 @@ chmod --recursive a-w $out ''; }; -in { +in +{ programs.zsh = { enable = true; @@ -46,47 +48,49 @@ in { # will be called again by oh-my-zsh enableCompletion = false; enableAutosuggestions = true; - initExtra = let - inNixShell = ''$([[ -n "$IN_NIX_SHELL" ]] && printf " 🐚")''; - in '' - PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}✓%f.%F{red}✗ ($?%))%f %F{blue}%~%f${inNixShell}%F{magenta}$(git_prompt_info)%f$prompt_newline%_%F{%(!.red.green)}$(prompt_char)%f ' - RPROMPT="" + initExtra = + let + inNixShell = ''$([[ -n "$IN_NIX_SHELL" ]] && printf " 🐚")''; + in + '' + PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}✓%f.%F{red}✗ ($?%))%f %F{blue}%~%f${inNixShell}%F{magenta}$(git_prompt_info)%f$prompt_newline%_%F{%(!.red.green)}$(prompt_char)%f ' + RPROMPT="" - # Automatic rehash - zstyle ':completion:*' rehash true + # Automatic rehash + zstyle ':completion:*' rehash true - if [ -f $HOME/.shrc.d/sh_aliases ]; then - . $HOME/.shrc.d/sh_aliases - fi + if [ -f $HOME/.shrc.d/sh_aliases ]; then + . $HOME/.shrc.d/sh_aliases + fi - ${ - if builtins.hasAttr "homeshick" pkgs - then '' - source ${pkgs.homeshick}/homeshick.sh - fpath=(${pkgs.homeshick}/completions $fpath) - '' - else "" - } + ${ + if builtins.hasAttr "homeshick" pkgs + then '' + source ${pkgs.homeshick}/homeshick.sh + fpath=(${pkgs.homeshick}/completions $fpath) + '' + else "" + } - # Disable intercepting of ctrl-s and ctrl-q as flow control. - stty stop ''' -ixoff -ixon + # Disable intercepting of ctrl-s and ctrl-q as flow control. + stty stop ''' -ixoff -ixon - # don't cd into directories when executed - unsetopt AUTO_CD + # don't cd into directories when executed + unsetopt AUTO_CD - # print lines without termination - setopt PROMPT_CR - setopt PROMPT_SP - export PROMPT_EOL_MARK="" + # print lines without termination + setopt PROMPT_CR + setopt PROMPT_SP + export PROMPT_EOL_MARK="" - ${lib.optionalString config.services.gpg-agent.enable '' - export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/gnupg/S.gpg-agent.ssh" - ''} + ${lib.optionalString config.services.gpg-agent.enable '' + export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/gnupg/S.gpg-agent.ssh" + ''} - ${lib.optionalString config.programs.neovim.enable '' - export EDITOR="nvim" - ''} - ''; + ${lib.optionalString config.programs.neovim.enable '' + export EDITOR="nvim" + ''} + ''; plugins = [ { @@ -119,7 +123,7 @@ in { oh-my-zsh = { enable = true; theme = "tjkirch"; - plugins = ["git" "sudo"]; + plugins = [ "git" "sudo" ]; }; }; } diff --git a/nix/os/devices/steveej-t14/configuration.nix b/nix/os/devices/steveej-t14/configuration.nix index 2a655c5..fc3d209 100644 --- a/nix/os/devices/steveej-t14/configuration.nix +++ b/nix/os/devices/steveej-t14/configuration.nix @@ -1,4 +1,4 @@ -{...}: { +{ ... }: { imports = [ ../../profiles/common/configuration.nix ../../profiles/graphical/configuration.nix @@ -10,7 +10,6 @@ ./pkg.nix ./user.nix ./boot.nix - ./secrets.nix # samba seerver ({ lib, ... }: { diff --git a/nix/os/devices/steveej-t14/pkg.nix b/nix/os/devices/steveej-t14/pkg.nix index 1ff1a59..25c15c5 100644 --- a/nix/os/devices/steveej-t14/pkg.nix +++ b/nix/os/devices/steveej-t14/pkg.nix @@ -1,9 +1,8 @@ -{ - pkgs, - lib, - repoFlake, - nodeFlake, - ... +{ pkgs +, lib +, repoFlake +, nodeFlake +, ... }: { home-manager.users.steveej = _: { imports = [ @@ -16,8 +15,7 @@ }) ]; - home.sessionVariables = { - }; + home.sessionVariables = { }; home.packages = with pkgs; [ ]; @@ -34,50 +32,33 @@ # # (regreet:505614): Gtk-WARNING **: 10:31:42.532: Theme parser warning: :6:17-18: Empty declaration # Failed to create /var/empty/.cache for shader cache (Operation not permitted)---disabling. - services.greetd = let - # exec "${pkgs.greetd.gtkgreet}/bin/gtkgreet -l; swaymsg exit" - swayConfig = pkgs.writeText "greetd-sway-config" '' - # `-l` activates layer-shell mode. Notice that `swaymsg exit` will run after gtkgreet. - exec "dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK; ${pkgs.greetd.regreet}/bin/regreet; swaymsg exit" - bindsym Mod4+shift+e exec swaynag \ - -t warning \ - -m 'What do you want to do?' \ - -b 'Poweroff' 'systemctl poweroff' \ - -b 'Reboot' 'systemctl reboot' - ''; - in { - enable = false; - settings = { - vt = 1; - default_session = { - command = "${pkgs.sway}/bin/sway --config ${swayConfig}"; + services.greetd = + let + # exec "${pkgs.greetd.gtkgreet}/bin/gtkgreet -l; swaymsg exit" + swayConfig = pkgs.writeText "greetd-sway-config" '' + # `-l` activates layer-shell mode. Notice that `swaymsg exit` will run after gtkgreet. + exec "dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK; ${pkgs.greetd.regreet}/bin/regreet; swaymsg exit" + bindsym Mod4+shift+e exec swaynag \ + -t warning \ + -m 'What do you want to do?' \ + -b 'Poweroff' 'systemctl poweroff' \ + -b 'Reboot' 'systemctl reboot' + ''; + in + { + enable = false; + settings = { + vt = 1; + default_session = { + command = "${pkgs.sway}/bin/sway --config ${swayConfig}"; + }; }; }; - }; environment.etc."greetd/environments".text = '' sway ''; - - # autologin steveej on tty1 - systemd.services."autovt@tty1".description = "Autologin at the TTY1"; - systemd.services."autovt@tty1".after = [ "systemd-logind.service" ]; # without it user session not started and xorg can't be run from this tty - systemd.services."autovt@tty1".wantedBy = [ "multi-user.target" ]; - systemd.services."autovt@tty1".serviceConfig = - { ExecStart = [ - "" # override upstream default with an empty ExecStart - "@${pkgs.utillinux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login --autologin steveej --noclear %I $TERM" - ]; - Restart = "always"; - Type = "idle"; - }; - programs.zsh.loginShellInit = '' - if test $(id --user steveej) = $(id -u) && test $(tty) = "/dev/tty1"; then - exec sway - fi - ''; - # fonts = let # prefs.font = rec { # size = 13; @@ -122,42 +103,5 @@ # # }; # }; - security.pam.services.getty.enableGnomeKeyring = true; - services.gnome.gnome-keyring.enable = true; - - # rtkit is optional but recommended - security.rtkit.enable = true; - services.pipewire = { - audio.enable = true; - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment this - #jack.enable = true; - }; - - # required by swaywm - security.polkit.enable = true; - security.pam.services.swaylock = {}; - - # test these on https://mozilla.github.io/webrtc-landing/gum_test.html - xdg.portal = { - enable = true; - # FIXME: `true` breaks xdg-open from alacritty: - # $ xdg-open "https://github.com/" - # Error: GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: No such interface “org.freedesktop.portal.OpenURI” on object at path /org/freedesktop/portal/desktop - xdgOpenUsePortal = false; - extraPortals = [ - pkgs.xdg-desktop-portal-wlr - pkgs.xdg-desktop-portal-gtk - - # repoFlake.inputs.nixpkgs-wayland.packages.${pkgs.system}.xdg-desktop-portal-wlr - # (pkgs.xdg-desktop-portal-gtk.override (_: { - # buildPortalsInGnome = false; - # })) - ]; - }; - system.stateVersion = "23.05"; } diff --git a/nix/os/devices/steveej-t14/system.nix b/nix/os/devices/steveej-t14/system.nix index 11a2690..c5604f8 100644 --- a/nix/os/devices/steveej-t14/system.nix +++ b/nix/os/devices/steveej-t14/system.nix @@ -28,6 +28,8 @@ in { imports = [ ../../snippets/nix-settings-holo-chain.nix + ../../snippets/radicale.nix + ../../snippets/sway-desktop.nix ]; nix.settings = { @@ -115,21 +117,10 @@ in services.samba.extraConfig = '' # client min protocol = NT1 ''; - services.gvfs = { - enable = true; - package = lib.mkForce pkgs.gnome3.gvfs; - }; - environment.systemPackages = with pkgs; [ lxqt.lxqt-policykit ]; # provides a default authentification client for policykit security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]; services.xserver.videoDrivers = lib.mkForce [ "amdgpu" ]; - services.xserver.serverFlagsSection = '' - Option "BlankTime" "0" - Option "StandbyTime" "0" - Option "SuspendTime" "0" - Option "OffTime" "0" - ''; time.timeZone = lib.mkForce passwords.timeZone.stefan; diff --git a/nix/os/devices/steveej-x13s-rmvbl/configuration.nix b/nix/os/devices/steveej-x13s-rmvbl/configuration.nix index 14d206e..7e39af7 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/configuration.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/configuration.nix @@ -1,8 +1,8 @@ { repoFlake +, nodeFlake , pkgs , lib , config -, nodeFlake , nodeName , localDomainName , system @@ -16,8 +16,15 @@ ./disko.nix ../../profiles/common/user.nix + ../../profiles/common/pkg.nix + { + # nixpkgs.config.allowUnsupportedSystem = true; + + # flake registry + nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs; + nix.nixPath = [ "nixpkgs=${pkgs.path}" ]; @@ -43,6 +50,11 @@ sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; sops.defaultSopsFormat = "yaml"; } + + nodeFlake.inputs.home-manager.nixosModules.home-manager + + ../../snippets/sway-desktop.nix + ../../snippets/radicale.nix ]; hardware.thinkpad-x13s = { @@ -57,8 +69,8 @@ firewall.enable = true; - useNetworkd = true; - networkmanager.enable = false; + # useNetworkd = true; + networkmanager.enable = true; }; system.stateVersion = "23.11"; @@ -74,4 +86,21 @@ pkgs.git pkgs.git-crypt ]; + + home-manager.users.steveej = _: { + imports = [ + ../../../home-manager/configuration/graphical-fullblown.nix + + (_: { + programs.chromium.extensions = [ + # can define host-specific extensions here + ]; + }) + ]; + + home.sessionVariables = { }; + + home.packages = with pkgs; [ + ]; + }; } diff --git a/nix/os/devices/steveej-x13s-rmvbl/default.nix b/nix/os/devices/steveej-x13s-rmvbl/default.nix index 3961f0b..0ccb5dc 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/default.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/default.nix @@ -1,10 +1,9 @@ -{ - system ? "aarch64-linux", - nodeName, - repoFlake, - nodeFlake, - localDomainName ? "internal", - ... +{ system ? "aarch64-linux" +, nodeName +, repoFlake +, nodeFlake +, localDomainName ? "internal" +, ... }: { meta.nodeSpecialArgs.${nodeName} = { inherit repoFlake nodeName nodeFlake system; @@ -16,18 +15,22 @@ meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath - { - inherit system; - }; + { + inherit system; + }; ${nodeName} = { + deployment.targetHost = "${nodeName}.${localDomainName}"; deployment.replaceUnknownProfiles = true; + deployment.allowLocalDeployment = true; # nixpkgs.pkgs = nodeFlake.inputs.nixpkgs.legacyPackages.${system}; imports = [ - ./configuration.nix + (repoFlake + "/nix/os/devices/${nodeName}/configuration.nix") + + nodeFlake.inputs.home-manager.nixosModules.home-manager ]; networking.hostName = nodeName; diff --git a/nix/os/devices/steveej-x13s-rmvbl/flake.lock b/nix/os/devices/steveej-x13s-rmvbl/flake.lock index 385f8dd..f7008e1 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/flake.lock +++ b/nix/os/devices/steveej-x13s-rmvbl/flake.lock @@ -57,11 +57,11 @@ ] }, "locked": { - "lastModified": 1705540973, - "narHash": "sha256-kNt/qAEy7ueV7NKbVc8YMHWiQAAgrir02MROYNI8fV0=", + "lastModified": 1705890365, + "narHash": "sha256-MObB+fipA/2Ai3uMuNouxcwz0cqvELPpJ+hfnhSaUeA=", "owner": "nix-community", "repo": "disko", - "rev": "0033adc6e3f1ed076f3ed1c637ef1dfe6bef6733", + "rev": "9fcdf3375e01e2938a49df103af9fd21bd0f89d9", "type": "github" }, "original": { @@ -84,6 +84,27 @@ "type": "github" } }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1705659542, + "narHash": "sha256-WA3xVfAk1AYmFdwghT7mt/erYpsU6JPu9mdTEP/e9HQ=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "10cd9c53115061aa6a0a90aad0b0dde6a999cdb9", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-23.11", + "repo": "home-manager", + "type": "github" + } + }, "linux_x13s": { "flake": false, "locked": { @@ -119,11 +140,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1705641746, - "narHash": "sha256-D6c2aH8HQbWc7ZWSV0BUpFpd94ImFyCP8jFIsKQ4Slg=", + "lastModified": 1705774713, + "narHash": "sha256-j6ADaDH9XiumUzkTPlFyCBcoWYhO83lfgiSqEJF2zcs=", "owner": "nixos", "repo": "nixpkgs", - "rev": "d2003f2223cbb8cd95134e4a0541beea215c1073", + "rev": "1b64fc1287991a9cce717a01c1973ef86cb1af0b", "type": "github" }, "original": { @@ -133,6 +154,38 @@ "type": "github" } }, + "nixpkgs-2211": { + "locked": { + "lastModified": 1688392541, + "narHash": "sha256-lHrKvEkCPTUO+7tPfjIcb7Trk6k31rz18vkyqmkeJfY=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "ea4c80b39be4c09702b0cb3b42eab59e2ba4f24b", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-22.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable-small": { + "locked": { + "lastModified": 1705891108, + "narHash": "sha256-PQ0Df5BzByg+0gPE1goa9WYVXSoEP6gtjblrbYC8WOI=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "8cccce637e19577815de54c5ecc3132dff965aee", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, "root": { "inputs": { "adamcstephens_stop-export": "adamcstephens_stop-export", @@ -140,9 +193,12 @@ "brainwart_x13s-nixos": "brainwart_x13s-nixos", "disko": "disko", "get-flake": "get-flake", + "home-manager": "home-manager", "linux_x13s": "linux_x13s", "mobile-nixos": "mobile-nixos", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs", + "nixpkgs-2211": "nixpkgs-2211", + "nixpkgs-unstable-small": "nixpkgs-unstable-small" } } }, diff --git a/nix/os/devices/steveej-x13s-rmvbl/flake.nix b/nix/os/devices/steveej-x13s-rmvbl/flake.nix index a60ced8..d9cc53c 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/flake.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/flake.nix @@ -3,6 +3,10 @@ { nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + # requires for home-manager modules + nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small"; + nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; + get-flake.url = "github:ursi/get-flake"; disko.inputs.nixpkgs.follows = "nixpkgs"; @@ -10,24 +14,9 @@ mobile-nixos.url = "github:NixOS/mobile-nixos"; mobile-nixos.flake = false; - # see https://github.com/jhovold/linux/wiki/X13s for status updates - linux_x13s.url = "github:jhovold/linux/wip/sc8280xp-v6.7"; - linux_x13s.flake = false; - - brainwart_x13s-nixos = { - url = "github:BrainWart/x13s-nixos/flake"; - flake = false; - }; - - adamcstephens_stop-export = { - flake = false; - url = "git+https://codeberg.org/adamcstephens/stop-export.git"; - }; - - - alsa-ucm-conf = { - flake = false; - url = "github:alsa-project/alsa-ucm-conf/master"; + home-manager = { + url = "github:nix-community/home-manager/release-23.11"; + inputs.nixpkgs.follows = "nixpkgs"; }; }; @@ -60,11 +49,6 @@ self.nixosModules.hardware-x13s ./configuration.nix - - # flake registry - { - nix.registry.nixpkgs.flake = nixpkgs; - } ] ++ extraModules; } @@ -85,247 +69,5 @@ ]; }; }; - - nixosModules.hardware-x13s = { pkgs, config, lib, options, ... }: - let - # TODO: introduce options for these - kernelPdMapper = true; - cfg = config.hardware.thinkpad-x13s; - in - { - options.hardware.thinkpad-x13s = { - # TODO: respect this - enable = lib.mkEnableOption "x13s hardware support"; - - bluetoothMac = lib.mkOption { - type = lib.types.str; - description = "mac address to set on boot"; - }; - - bluetoothMacAddr = lib.mkOption { - default = "00:00:00:00:00"; - type = lib.types.str; - }; - - }; - config = - let - inherit (config.boot.loader) efi; - kp = [ - { - name = "x13s-cfg"; - patch = null; - extraStructuredConfig = with lib.kernel; { - EFI_ARMSTUB_DTB_LOADER = lib.mkForce yes; - OF_OVERLAY = lib.mkForce yes; - BTRFS_FS = lib.mkForce yes; - BTRFS_FS_POSIX_ACL = lib.mkForce yes; - MEDIA_CONTROLLER = lib.mkForce yes; - SND_USB_AUDIO_USE_MEDIA_CONTROLLER = lib.mkForce yes; - SND_USB = lib.mkForce yes; - SND_USB_AUDIO = lib.mkForce module; - USB_XHCI_PCI = lib.mkForce module; - NO_HZ_FULL = lib.mkForce yes; - HZ_100 = lib.mkForce yes; - HZ_250 = lib.mkForce no; - DRM_AMDGPU = lib.mkForce no; - DRM_NOUVEAU = lib.mkForce no; - QCOM_TSENS = lib.mkForce yes; - NVMEM_QCOM_QFPROM = lib.mkForce yes; - ARM_QCOM_CPUFREQ_NVMEM = lib.mkForce yes; - VIRTIO_PCI = lib.mkForce module; - # forthcoming kernel work: QCOM_PD_MAPPER = lib.mkForce module; - }; - } - ]; - - qrtr = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/qrtr.nix" { }; - pd-mapper = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/pd-mapper.nix" { - inherit qrtr; - }; - - - # We can't quite move to mainline linux - linux_x13s_pkg = { buildLinux, ... } @ args: - buildLinux (args // rec { - version = "6.7.0"; - modDirVersion = lib.versions.pad 3 version; - extraMeta.branch = lib.versions.majorMinor version; - - src = self.inputs.linux_x13s; - kernelPatches = (args.kernelPatches or [ ]) ++ kp; - } // (args.argsOverride or { })); - - # we add additional configuration on top of te normal configuration above - # using the extraStructuredConfig option on the kernel patch - linux_x13s = pkgs.callPackage linux_x13s_pkg { - defconfig = "johan_defconfig"; - }; - - linuxPackages_x13s = pkgs.linuxPackagesFor linux_x13s; - dtbName = "sc8280xp-lenovo-thinkpad-x13s.dtb"; - dtb = "${linuxPackages_x13s.kernel}/dtbs/qcom/${dtbName}"; - - x13s_alsa-ucm-conf = pkgs.alsa-ucm-conf.overrideAttrs (prev: { - src = self.inputs.alsa-ucm-conf; - }); - alsa-ucm-conf-env.ALSA_CONFIG_UCM2 = "${x13s_alsa-ucm-conf}/share/alsa/ucm2"; - - in - { - nixpkgs.overlays = [ - (final: prev: - { - x13s_extra-firmware = pkgs.callPackage - "${self.inputs.adamcstephens_stop-export}/hardware/x13s/extra-firmware.nix" - { }; - - inherit qrtr pd-mapper; - } - ) - ]; - - # ensure the x13s' dtb file is in the boot partition - # TODO:: is this needed for the VT display somehow? - system.activationScripts.x13s-dtb = '' - in_package="${dtb}" - esp_tool_folder="${efi.efiSysMountPoint}/" - in_esp="''${esp_tool_folder}${dtbName}" - >&2 echo "Ensuring $in_esp in EFI System Partition" - if ! ${pkgs.diffutils}/bin/cmp --silent "$in_package" "$in_esp"; then - >&2 echo "Copying $in_package -> $in_esp" - mkdir -p "$esp_tool_folder" - cp "$in_package" "$in_esp" - sync - fi - ''; - - boot = { - loader.systemd-boot.enable = true; - loader.systemd-boot.extraFiles = { - "${dtbName}" = dtb; - }; - loader.efi.canTouchEfiVariables = false; - loader.efi.efiSysMountPoint = "/boot"; - - blacklistedKernelModules = [ "wwan" ]; - - kernelPackages = linuxPackages_x13s; - - kernelParams = [ - "dtb=${dtbName}" - - "boot.shell_on_fail" - - # jhovold recommended - "efi=noruntime" - "clk_ignore_unused" - "pd_ignore_unused" - "arm64.nopauth" - - # blacklist graphics in initrd so the firmware can load from disk - "rd.driver.blacklist=msm" - ]; - - initrd = { - includeDefaultModules = false; - - # kernelModules = [ - # "nvme" - # "phy_qcom_qmp_pcie" - # "pcie_qcom" - - # "i2c_core" - # "i2c_hid" - # "i2c_hid_of" - # "i2c_qcom_geni" - - # "leds_qcom_lpg" - # "pwm_bl" - # "qrtr" - # "pmic_glink_altmode" - # "gpio_sbu_mux" - # "phy_qcom_qmp_combo" - # "gpucc_sc8280xp" - # "dispcc_sc8280xp" - # "phy_qcom_edp" - # "panel_edp" - # # "msm" - - # ]; - - availableKernelModules = [ - "i2c_hid" - "i2c_hid_of" - "i2c_qcom_geni" - "leds_qcom_lpg" - "pwm_bl" - "qrtr" - "pmic_glink_altmode" - "gpio_sbu_mux" - "phy_qcom_qmp_combo" - "panel_edp" - # "msm" - "phy_qcom_edp" - "i2c_core" - "i2c_hid" - "i2c_hid_of" - "i2c_qcom_geni" - "pcie_qcom" - "phy_qcom_qmp_combo" - "phy_qcom_qmp_pcie" - "phy_qcom_qmp_usb" - "phy_qcom_snps_femto_v2" - "phy_qcom_usb_hs" - "nvme" - - "usbcore" - "xhci_hcd" - "usbhid" - "usb_storage" - "uas" - ]; - }; - }; - - - # default is performance - powerManagement.cpuFreqGovernor = "ondemand"; - - hardware.enableAllFirmware = true; - hardware.firmware = [ - # pkgs.linux-firmware - - pkgs.x13s_extra-firmware - ]; - - systemd.services.pd-mapper = { - wantedBy = [ "multi-user.target" ]; - - serviceConfig = { - ExecStart = "${lib.getExe pd-mapper}"; - Restart = "always"; - }; - }; - - environment.sessionVariables = alsa-ucm-conf-env; - systemd.user.services.pipewire.environment = alsa-ucm-conf-env; - systemd.user.services.wireplumber.environment = alsa-ucm-conf-env; - - systemd.services.bluetooth = { - serviceConfig = { - # disabled because btmgmt call hangs - ExecStartPre = [ - "" - "${pkgs.util-linux}/bin/rfkill block bluetooth" - "${pkgs.bluez5-experimental}/bin/btmgmt public-addr ${cfg.bluetoothMac}" - "${pkgs.util-linux}/bin/rfkill unblock bluetooth" - ]; - RestartSec = 5; - Restart = "on-failure"; - }; - }; - }; - }; }; } diff --git a/nix/os/devices/steveej-x13s/.gitignore b/nix/os/devices/steveej-x13s/.gitignore new file mode 100644 index 0000000..b2be92b --- /dev/null +++ b/nix/os/devices/steveej-x13s/.gitignore @@ -0,0 +1 @@ +result diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix new file mode 100644 index 0000000..72edd99 --- /dev/null +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -0,0 +1,107 @@ +{ repoFlake +, nodeFlake +, pkgs +, lib +, config +, nodeName +, localDomainName +, system +, ... +}: + +{ + imports = [ + # repoFlake.inputs.sops-nix.nixosModules.sops + nodeFlake.inputs.disko.nixosModules.disko + ./disko.nix + + repoFlake.nixosModules.thinkpad-x13s + + ../../profiles/common/pkg.nix + + + { + # nixpkgs.config.allowUnsupportedSystem = true; + + # flake registry + nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs; + + nix.nixPath = [ + "nixpkgs=${pkgs.path}" + ]; + + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + + nix.settings.max-jobs = lib.mkDefault "auto"; + } + + # ../../profiles/common/user.nix + + { + services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "yes"; + services.openssh.openFirewall = true; + + + # sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + # sops.defaultSopsFormat = "yaml"; + + # users.commonUsers = { + # enable = true; + # enableNonRoot = true; + # }; + + users.users.root.initialPassword = "install"; + } + + nodeFlake.inputs.home-manager.nixosModules.home-manager + + # ../../snippets/sway-desktop.nix + # ../../snippets/radicale.nix + ]; + + hardware.thinkpad-x13s = { + enable = true; + + # TODO: use hardware address + bluetoothMac = "65:9e:7a:8b:86:28"; + }; + + networking = { + hostName = nodeName; + + firewall.enable = true; + + # useNetworkd = true; + }; + + system.stateVersion = "23.11"; + + nixpkgs.config.allowUnfree = true; + + environment.systemPackages = [ + pkgs.sshfs + pkgs.util-linux + pkgs.coreutils + pkgs.vim + + pkgs.git + pkgs.git-crypt + ]; + + # home-manager.users.steveej = _: { + # home.stateVersion = "23.11"; + + # imports = [ + # ../../../home-manager/configuration/graphical-fullblown.nix + # ]; + + # home.sessionVariables = { }; + + # home.packages = with pkgs; [ + # ]; + # }; +} diff --git a/nix/os/devices/steveej-x13s/default.nix b/nix/os/devices/steveej-x13s/default.nix new file mode 100644 index 0000000..51d487b --- /dev/null +++ b/nix/os/devices/steveej-x13s/default.nix @@ -0,0 +1,40 @@ +{ system ? "aarch64-linux" +, nodeName +, repoFlake +, repoFlakeWithSystem +, nodeFlake +, localDomainName ? "internal" +, ... +}: { + meta.nodeSpecialArgs.${nodeName} = { + inherit repoFlake nodeName nodeFlake system; + packages' = repoFlake.packages.${system}; + nodePackages' = nodeFlake.packages.${system}; + repoFlakeInputs' = repoFlakeWithSystem system ({ inputs', ... }: inputs'); + + inherit localDomainName; + }; + + meta.nodeNixpkgs.${nodeName} = + import nodeFlake.inputs.nixpkgs.outPath + { + inherit system; + }; + + ${nodeName} = { + + deployment.targetHost = "${nodeName}.${localDomainName}"; + deployment.replaceUnknownProfiles = true; + deployment.allowLocalDeployment = true; + + # nixpkgs.pkgs = nodeFlake.inputs.nixpkgs.legacyPackages.${system}; + + imports = [ + (repoFlake + "/nix/os/devices/${nodeName}/configuration.nix") + + nodeFlake.inputs.home-manager.nixosModules.home-manager + ]; + + networking.hostName = nodeName; + }; +} diff --git a/nix/os/devices/steveej-x13s/disko.nix b/nix/os/devices/steveej-x13s/disko.nix new file mode 100644 index 0000000..5abf297 --- /dev/null +++ b/nix/os/devices/steveej-x13s/disko.nix @@ -0,0 +1,66 @@ +{ + disko.devices = { + disk = { + x13s-nvme = { + type = "disk"; + device = "/dev/disk/by-id/nvme-KBG5AZNT1T02_LA_KIOXIA_52QC84BEEJS6"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ + "defaults" + ]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "x13s-usb-crypt"; + extraOpenArgs = [ ]; + # disable settings.keyFile if you want to use interactive password entry + #passwordFile = "/tmp/secret.key"; # Interactive + settings = { + # if you want to use the key for interactive login be sure there is no trailing newline + # for example use `echo -n "password" > /tmp/secret.key` + # keyFile = "/tmp/secret.key"; + allowDiscards = true; + }; + # additionalKeyFiles = [ "/tmp/additionalSecret.key" ]; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/home" = { + mountpoint = "/home"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; + "/swap" = { + mountpoint = "/.swapvol"; + swap.swapfile.size = "32G"; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock new file mode 100644 index 0000000..f7008e1 --- /dev/null +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -0,0 +1,207 @@ +{ + "nodes": { + "adamcstephens_stop-export": { + "flake": false, + "locked": { + "lastModified": 1705876512, + "narHash": "sha256-nvBqLyi8dMQf3xnROwEcUv4iqV55Mr8S8OGYepu14i4=", + "ref": "refs/heads/main", + "rev": "388684db5b529bbd6f3e948cf175df089eb09766", + "revCount": 14, + "type": "git", + "url": "https://codeberg.org/adamcstephens/stop-export.git" + }, + "original": { + "type": "git", + "url": "https://codeberg.org/adamcstephens/stop-export.git" + } + }, + "alsa-ucm-conf": { + "flake": false, + "locked": { + "lastModified": 1705501566, + "narHash": "sha256-Nyr7tjH5VBjocvaKaHCiK+zsjThYBtcr936aRWCBBpM=", + "owner": "alsa-project", + "repo": "alsa-ucm-conf", + "rev": "e87dde51d68950537f92af955ad0633437cc419a", + "type": "github" + }, + "original": { + "owner": "alsa-project", + "ref": "master", + "repo": "alsa-ucm-conf", + "type": "github" + } + }, + "brainwart_x13s-nixos": { + "flake": false, + "locked": { + "lastModified": 1705565623, + "narHash": "sha256-sisr/dFIz8p3/Y7mz+arWxjeiBmUTQkMqkF9j3c2dWE=", + "owner": "BrainWart", + "repo": "x13s-nixos", + "rev": "29002122d86a1009ba70e7a4ca3063e5404c77a2", + "type": "github" + }, + "original": { + "owner": "BrainWart", + "ref": "flake", + "repo": "x13s-nixos", + "type": "github" + } + }, + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1705890365, + "narHash": "sha256-MObB+fipA/2Ai3uMuNouxcwz0cqvELPpJ+hfnhSaUeA=", + "owner": "nix-community", + "repo": "disko", + "rev": "9fcdf3375e01e2938a49df103af9fd21bd0f89d9", + "type": "github" + }, + "original": { + "id": "disko", + "type": "indirect" + } + }, + "get-flake": { + "locked": { + "lastModified": 1694475786, + "narHash": "sha256-s5wDmPooMUNIAAsxxCMMh9g68AueGg63DYk2hVZJbc8=", + "owner": "ursi", + "repo": "get-flake", + "rev": "ac54750e3b95dab6ec0726d77f440efe6045bec1", + "type": "github" + }, + "original": { + "owner": "ursi", + "repo": "get-flake", + "type": "github" + } + }, + "home-manager": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1705659542, + "narHash": "sha256-WA3xVfAk1AYmFdwghT7mt/erYpsU6JPu9mdTEP/e9HQ=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "10cd9c53115061aa6a0a90aad0b0dde6a999cdb9", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "release-23.11", + "repo": "home-manager", + "type": "github" + } + }, + "linux_x13s": { + "flake": false, + "locked": { + "lastModified": 1705680516, + "narHash": "sha256-NjCuPYjYHBJcoJR1ZaWQ9sRh0VpY2Y0hawkbUBRfCvk=", + "owner": "jhovold", + "repo": "linux", + "rev": "bac95eabe6577faa2773cbe7e91c34fd17ab79a0", + "type": "github" + }, + "original": { + "owner": "jhovold", + "ref": "wip/sc8280xp-v6.7", + "repo": "linux", + "type": "github" + } + }, + "mobile-nixos": { + "flake": false, + "locked": { + "lastModified": 1705008488, + "narHash": "sha256-Gj97fDFZaK6gLb3ayZgTTtD+MFE1YjoyYHWkB1TIAe0=", + "owner": "NixOS", + "repo": "mobile-nixos", + "rev": "56e55df7b07b5e5c6d050732d851cec62b41df95", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "mobile-nixos", + "type": "github" + } + }, + "nixpkgs": { + "locked": { + "lastModified": 1705774713, + "narHash": "sha256-j6ADaDH9XiumUzkTPlFyCBcoWYhO83lfgiSqEJF2zcs=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "1b64fc1287991a9cce717a01c1973ef86cb1af0b", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-2211": { + "locked": { + "lastModified": 1688392541, + "narHash": "sha256-lHrKvEkCPTUO+7tPfjIcb7Trk6k31rz18vkyqmkeJfY=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "ea4c80b39be4c09702b0cb3b42eab59e2ba4f24b", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-22.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-unstable-small": { + "locked": { + "lastModified": 1705891108, + "narHash": "sha256-PQ0Df5BzByg+0gPE1goa9WYVXSoEP6gtjblrbYC8WOI=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "8cccce637e19577815de54c5ecc3132dff965aee", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable-small", + "repo": "nixpkgs", + "type": "github" + } + }, + "root": { + "inputs": { + "adamcstephens_stop-export": "adamcstephens_stop-export", + "alsa-ucm-conf": "alsa-ucm-conf", + "brainwart_x13s-nixos": "brainwart_x13s-nixos", + "disko": "disko", + "get-flake": "get-flake", + "home-manager": "home-manager", + "linux_x13s": "linux_x13s", + "mobile-nixos": "mobile-nixos", + "nixpkgs": "nixpkgs", + "nixpkgs-2211": "nixpkgs-2211", + "nixpkgs-unstable-small": "nixpkgs-unstable-small" + } + } + }, + "root": "root", + "version": 7 +} diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix new file mode 100644 index 0000000..8ee5695 --- /dev/null +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -0,0 +1,73 @@ +{ + inputs = + { + nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; + + # requires for home-manager modules + nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small"; + nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; + + get-flake.url = "github:ursi/get-flake"; + + disko.inputs.nixpkgs.follows = "nixpkgs"; + + mobile-nixos.url = "github:NixOS/mobile-nixos"; + mobile-nixos.flake = false; + + home-manager = { + url = "github:nix-community/home-manager/release-23.11"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + + outputs = + { self + , get-flake + , nixpkgs + , ... + }: + let + targetPlatform = "aarch64-linux"; + buildPlatform = "x86_64-linux"; + nodeName = "steveej-x13s"; + + mkNixosConfiguration = { extraModules ? [ ], ... } @ attrs: + nixpkgs.lib.nixosSystem ( + nixpkgs.lib.attrsets.recursiveUpdate + attrs + { + specialArgs = (import ./default.nix { + system = targetPlatform; + inherit nodeName; + + repoFlake = get-flake ../../../..; + nodeFlake = self; + }).meta.nodeSpecialArgs.${nodeName}; + + modules = + [ + ({ repoFlake, ... }: repoFlake.nixosModules.hardware-x13s) + + ./configuration.nix + ] + ++ extraModules; + } + ); + in + { + nixosConfigurations = { + native = mkNixosConfiguration { + system = targetPlatform; + }; + + cross = mkNixosConfiguration { + extraModules = [ + { + nixpkgs.buildPlatform.system = buildPlatform; + nixpkgs.hostPlatform.system = targetPlatform; + } + ]; + }; + }; + }; +} diff --git a/nix/os/modules/hardware.thinkpad-x13s.nix b/nix/os/modules/hardware.thinkpad-x13s.nix new file mode 100644 index 0000000..a1c6682 --- /dev/null +++ b/nix/os/modules/hardware.thinkpad-x13s.nix @@ -0,0 +1,242 @@ +{ self, pkgs, config, lib, options, ... }: +let + # TODO: introduce options for these + kernelPdMapper = true; + cfg = config.hardware.thinkpad-x13s; +in +{ + options.hardware.thinkpad-x13s = { + # TODO: respect this + enable = lib.mkEnableOption "x13s hardware support"; + + bluetoothMac = lib.mkOption { + type = lib.types.str; + description = "mac address to set on boot"; + }; + + bluetoothMacAddr = lib.mkOption { + default = "00:00:00:00:00"; + type = lib.types.str; + }; + + }; + config = + let + inherit (config.boot.loader) efi; + kp = [ + { + name = "x13s-cfg"; + patch = null; + extraStructuredConfig = with lib.kernel; { + EFI_ARMSTUB_DTB_LOADER = lib.mkForce yes; + OF_OVERLAY = lib.mkForce yes; + BTRFS_FS = lib.mkForce yes; + BTRFS_FS_POSIX_ACL = lib.mkForce yes; + MEDIA_CONTROLLER = lib.mkForce yes; + SND_USB_AUDIO_USE_MEDIA_CONTROLLER = lib.mkForce yes; + SND_USB = lib.mkForce yes; + SND_USB_AUDIO = lib.mkForce module; + USB_XHCI_PCI = lib.mkForce module; + NO_HZ_FULL = lib.mkForce yes; + HZ_100 = lib.mkForce yes; + HZ_250 = lib.mkForce no; + DRM_AMDGPU = lib.mkForce no; + DRM_NOUVEAU = lib.mkForce no; + QCOM_TSENS = lib.mkForce yes; + NVMEM_QCOM_QFPROM = lib.mkForce yes; + ARM_QCOM_CPUFREQ_NVMEM = lib.mkForce yes; + VIRTIO_PCI = lib.mkForce module; + # forthcoming kernel work: QCOM_PD_MAPPER = lib.mkForce module; + }; + } + ]; + + qrtr = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/qrtr.nix" { }; + pd-mapper = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/pd-mapper.nix" { + inherit qrtr; + }; + + + # We can't quite move to mainline linux + linux_x13s_pkg = { buildLinux, ... } @ args: + buildLinux (args // rec { + version = "6.7.0"; + modDirVersion = lib.versions.pad 3 version; + extraMeta.branch = lib.versions.majorMinor version; + + src = self.inputs.linux_x13s; + kernelPatches = (args.kernelPatches or [ ]) ++ kp; + } // (args.argsOverride or { })); + + # we add additional configuration on top of te normal configuration above + # using the extraStructuredConfig option on the kernel patch + linux_x13s = pkgs.callPackage linux_x13s_pkg { + defconfig = "johan_defconfig"; + }; + + linuxPackages_x13s = pkgs.linuxPackagesFor linux_x13s; + dtbName = "sc8280xp-lenovo-thinkpad-x13s.dtb"; + dtb = "${linuxPackages_x13s.kernel}/dtbs/qcom/${dtbName}"; + + x13s_alsa-ucm-conf = pkgs.alsa-ucm-conf.overrideAttrs (prev: { + src = self.inputs.alsa-ucm-conf; + }); + alsa-ucm-conf-env.ALSA_CONFIG_UCM2 = "${x13s_alsa-ucm-conf}/share/alsa/ucm2"; + + in + lib.mkIf cfg.enable + { + nixpkgs.overlays = [ + (final: prev: + { + x13s_extra-firmware = pkgs.callPackage + "${self.inputs.adamcstephens_stop-export}/hardware/x13s/extra-firmware.nix" + { }; + + inherit qrtr pd-mapper; + } + ) + ]; + + # ensure the x13s' dtb file is in the boot partition + # TODO:: is this needed for the VT display somehow? + system.activationScripts.x13s-dtb = '' + in_package="${dtb}" + esp_tool_folder="${efi.efiSysMountPoint}/" + in_esp="''${esp_tool_folder}${dtbName}" + >&2 echo "Ensuring $in_esp in EFI System Partition" + if ! ${pkgs.diffutils}/bin/cmp --silent "$in_package" "$in_esp"; then + >&2 echo "Copying $in_package -> $in_esp" + mkdir -p "$esp_tool_folder" + cp "$in_package" "$in_esp" + sync + fi + ''; + + boot = { + loader.systemd-boot.enable = true; + loader.systemd-boot.extraFiles = { + "${dtbName}" = dtb; + }; + loader.efi.canTouchEfiVariables = false; + loader.efi.efiSysMountPoint = "/boot"; + + blacklistedKernelModules = [ "wwan" ]; + + kernelPackages = linuxPackages_x13s; + + kernelParams = [ + "dtb=${dtbName}" + + "boot.shell_on_fail" + + # jhovold recommended + "efi=noruntime" + "clk_ignore_unused" + "pd_ignore_unused" + "arm64.nopauth" + + # blacklist graphics in initrd so the firmware can load from disk + "rd.driver.blacklist=msm" + ]; + + initrd = { + includeDefaultModules = false; + + # kernelModules = [ + # "nvme" + # "phy_qcom_qmp_pcie" + # "pcie_qcom" + + # "i2c_core" + # "i2c_hid" + # "i2c_hid_of" + # "i2c_qcom_geni" + + # "leds_qcom_lpg" + # "pwm_bl" + # "qrtr" + # "pmic_glink_altmode" + # "gpio_sbu_mux" + # "phy_qcom_qmp_combo" + # "gpucc_sc8280xp" + # "dispcc_sc8280xp" + # "phy_qcom_edp" + # "panel_edp" + # # "msm" + + # ]; + + availableKernelModules = [ + "i2c_hid" + "i2c_hid_of" + "i2c_qcom_geni" + "leds_qcom_lpg" + "pwm_bl" + "qrtr" + "pmic_glink_altmode" + "gpio_sbu_mux" + "phy_qcom_qmp_combo" + "panel_edp" + # "msm" + "phy_qcom_edp" + "i2c_core" + "i2c_hid" + "i2c_hid_of" + "i2c_qcom_geni" + "pcie_qcom" + "phy_qcom_qmp_combo" + "phy_qcom_qmp_pcie" + "phy_qcom_qmp_usb" + "phy_qcom_snps_femto_v2" + "phy_qcom_usb_hs" + "nvme" + + "usbcore" + "xhci_hcd" + "usbhid" + "usb_storage" + "uas" + ]; + }; + }; + + + # default is performance + powerManagement.cpuFreqGovernor = "ondemand"; + + hardware.enableAllFirmware = true; + hardware.firmware = [ + # pkgs.linux-firmware + + pkgs.x13s_extra-firmware + ]; + + systemd.services.pd-mapper = { + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + ExecStart = "${lib.getExe pd-mapper}"; + Restart = "always"; + }; + }; + + environment.sessionVariables = alsa-ucm-conf-env; + systemd.user.services.pipewire.environment = alsa-ucm-conf-env; + systemd.user.services.wireplumber.environment = alsa-ucm-conf-env; + + systemd.services.bluetooth = { + serviceConfig = { + # disabled because btmgmt call hangs + ExecStartPre = [ + "" + "${pkgs.util-linux}/bin/rfkill block bluetooth" + "${pkgs.bluez5-experimental}/bin/btmgmt public-addr ${cfg.bluetoothMac}" + "${pkgs.util-linux}/bin/rfkill unblock bluetooth" + ]; + RestartSec = 5; + Restart = "on-failure"; + }; + }; + }; +} diff --git a/nix/os/modules/opinionatedDisk.nix b/nix/os/modules/opinionatedDisk.nix index 399eb43..5dea719 100644 --- a/nix/os/modules/opinionatedDisk.nix +++ b/nix/os/modules/opinionatedDisk.nix @@ -24,7 +24,7 @@ in { earlyDiskIdOverride = mkOption { default = ""; - type = types.string; + type = types.str; }; }; diff --git a/nix/os/profiles/common/pkg.nix b/nix/os/profiles/common/pkg.nix index 7cd1dfb..74e987b 100644 --- a/nix/os/profiles/common/pkg.nix +++ b/nix/os/profiles/common/pkg.nix @@ -1,12 +1,11 @@ -{ - config, - pkgs, - # these come in via nodeSpecialArgs and are expected to be defined for every node - repoFlake, - repoFlakeInputs', - nodeFlake, - packages', - ... +{ config +, pkgs +, # these come in via nodeSpecialArgs and are expected to be defined for every node + repoFlake +, repoFlakeInputs' +, nodeFlake +, packages' +, ... }: { imports = [ ]; @@ -26,8 +25,6 @@ packages' nodeFlake ; - - osConfig = config; }; nixpkgs.config = { diff --git a/nix/os/snippets/radicale.nix b/nix/os/snippets/radicale.nix index 97f4fdc..74edd68 100644 --- a/nix/os/snippets/radicale.nix +++ b/nix/os/snippets/radicale.nix @@ -1,101 +1,30 @@ { config , lib , pkgs -, repoFlake - # TODO: make configurable -, homeUser ? "steveej" +, repoFlakeInputs' , ... }: let - radicalePkgs = repoFlake.inputs.radicale-nixpkgs.legacyPackages.${pkgs.system}; - - libdecsync = pkgs.python3Packages.buildPythonPackage rec { - pname = "libdecsync"; - version = "2.2.1"; - - src = pkgs.python3Packages.fetchPypi { - inherit pname version; - hash = "sha256-Mukjzjumv9VL+A0maU0K/SliWrgeRjAeiEdN5a83G0I="; - }; - - propagatedBuildInputs = [ - # pkgs.libxcrypt-legacy - ]; - }; - radicale-storage-decsync = pkgs.python3Packages.buildPythonPackage rec { - pname = "radicale_storage_decsync"; - version = "2.1.0"; - - src = pkgs.python3Packages.fetchPypi { - inherit pname version; - hash = "sha256-X+0MT5o2PjsKxca5EDI+rYyQDmUtbRoELDr6e4YXKCg="; - }; - - buildInputs = [ - pkgs.radicale - # pkgs.libxcrypt-legacy - # pkgs.libxcrypt - ]; - - nativeCheckInputs = [ - # pkgs.libxcrypt-legacy - # pkgs.libxcrypt - ]; - - propagatedBuildInputs = [ libdecsync pkgs.python3Packages.setuptools ]; - }; - radicale-decsync = pkgs.radicale.overrideAttrs (old: { - propagatedBuildInputs = - old.propagatedBuildInputs - ++ [ radicale-storage-decsync ]; - }); - - mkRadicaleService = - { suffix - , port - , - }: - let - radicale-config = pkgs.writeText "radicale-config-${suffix}" '' - [server] - hosts = localhost:${builtins.toString port} - - [auth] - type = htpasswd - htpasswd_filename = ${config.sops.secrets.radicale_htpasswd.path} - htpasswd_encryption = bcrypt - - [storage] - type = radicale_storage_decsync - filesystem_folder = ${config.xdg.dataHome}/radicale-${suffix} - decsync_dir = ${config.xdg.dataHome}/decsync-${suffix} - ''; - in - { - home-manager.users.${homeUser}.systemd.user.services."radicale-${suffix}" = { - Unit.Description = "Radicale with DecSync (${suffix})"; - Service = { - ExecStart = "${radicale-decsync}/bin/radicale -C ${radicale-config}"; - Restart = "on-failure"; - }; - Install.WantedBy = [ "default.target" ]; - }; - }; + # TODO: make configurable + homeUser = "steveej"; in { sops.secrets.radicale_htpasswd = { - sopsFile = ../../../../secrets/desktop/radicale_htpasswd; + sopsFile = ../../../secrets/desktop/radicale_htpasswd; format = "binary"; - owner = config.users.users.${homeUser}.name; + owner = config.users.users."${homeUser}".name; }; -} // (builtins.foldl' (sum: cur: lib.recursiveUpdate sum (mkRadicaleService cur)) { } [ - { - suffix = "personal"; - port = 5232; - } - { - suffix = "family"; - port = 5233; - } -]) + + home-manager.users.${homeUser} = _: { + imports = [ + # TODO: bump these to latest and make it work + (args: + import ../../home-manager/programs/radicale.nix (args // { + osConfig = config; + pkgs = repoFlakeInputs'.radicalePkgs.legacyPackages; + }) + ) + ]; + }; +} diff --git a/nix/os/snippets/sway-desktop.nix b/nix/os/snippets/sway-desktop.nix new file mode 100644 index 0000000..8f8bf23 --- /dev/null +++ b/nix/os/snippets/sway-desktop.nix @@ -0,0 +1,90 @@ +{ pkgs, lib, ... }: + +let + # TODO: make this configurable + homeUser = "steveej"; +in +{ + services.xserver.serverFlagsSection = '' + Option "BlankTime" "0" + Option "StandbyTime" "0" + Option "SuspendTime" "0" + Option "OffTime" "0" + ''; + + hardware.opengl.enable = true; + + services.gvfs = { + enable = true; + package = lib.mkForce pkgs.gnome3.gvfs; + }; + + environment.systemPackages = with pkgs; [ + # provides a default authentification client for policykit + lxqt.lxqt-policykit + ]; + + # required by swaywm + security.polkit.enable = true; + security.pam.services.swaylock = { }; + + # test these on https://mozilla.github.io/webrtc-landing/gum_test.html + xdg.portal = { + enable = true; + # FIXME: `true` breaks xdg-open from alacritty: + # $ xdg-open "https://github.com/" + # Error: GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: No such interface “org.freedesktop.portal.OpenURI” on object at path /org/freedesktop/portal/desktop + xdgOpenUsePortal = false; + extraPortals = [ + pkgs.xdg-desktop-portal-wlr + pkgs.xdg-desktop-portal-gtk + + # repoFlake.inputs.nixpkgs-wayland.packages.${pkgs.system}.xdg-desktop-portal-wlr + # (pkgs.xdg-desktop-portal-gtk.override (_: { + # buildPortalsInGnome = false; + # })) + ]; + }; + + + # rtkit is optional but recommended + security.rtkit.enable = true; + services.pipewire = { + audio.enable = true; + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + }; + + networkmanager.enable = false; + + security.pam.services.getty.enableGnomeKeyring = true; + services.gnome.gnome-keyring.enable = true; + # autologin steveej on tty1 + systemd.services."autovt@tty1".description = "Autologin at the TTY1"; + systemd.services."autovt@tty1".after = [ "systemd-logind.service" ]; # without it user session not started and xorg can't be run from this tty + systemd.services."autovt@tty1".wantedBy = [ "multi-user.target" ]; + systemd.services."autovt@tty1".serviceConfig = + { + ExecStart = [ + "" # override upstream default with an empty ExecStart + "@${pkgs.utillinux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login --autologin steveej --noclear %I $TERM" + ]; + Restart = "always"; + Type = "idle"; + }; + programs.zsh.loginShellInit = '' + if test $(id --user steveej) = $(id -u) && test $(tty) = "/dev/tty1"; then + exec sway + fi + ''; + + home-manager.users.${homeUser} = _: { + imports = [ + ../../home-manager/profiles/sway-desktop.nix + ]; + }; +} diff --git a/secrets/desktop/radicale_htpasswd b/secrets/desktop/radicale_htpasswd index 0ab6e33..10cda96 100644 --- a/secrets/desktop/radicale_htpasswd +++ b/secrets/desktop/radicale_htpasswd @@ -1,5 +1,5 @@ { - "data": "ENC[AES256_GCM,data:4Oo7a4iL9ry9qFnzd/uwllP8UZ1re+RglnvkEO11XvSqqGhGOCUX0k0kOVD/CYbdLNq7jqVI8h5Fw5grSb6SCDzlknV0bJ70mmBQ9wEhRA82P1M/T50KH6V6XIVR7IlVhjMKkdW6YH0XAyrqaVh3fJUbOk9hJVvrylLvPF4vpc9+aYdzUCvn5jbecpywYY7NRKLI7H7xUmnW,iv:vvyS08x5yXTmlZo1A+Z2zsW9Mj6JrIkNt+CvB7VZJ38=,tag:MrjYVpS+SyYLUAbin85fkw==,type:str]", + "data": "ENC[AES256_GCM,data:4Sfp4HqBQ/gsdK1iIwVisHxXHB9ryuTcsxqa4pJMYPBkn0C/Z43TuvZnUpZyACAIL00h7sPMEqQbdvmiHoo2CVizl5hB0wT6QdBwjuSjjuNDwqqJTvistCNBGsTQrb8fdsmTMGEyQmC0yQ6eF3STIT2PP/M1NPZ30zqxQInscv0Mem3n1yT0S3xamwvXkJq+WQvEhJpggsp8,iv:B+KVrsWRHYhvNCkwWhHOF6CFTpF4/tI5wOD05aMf2JI=,tag:srnaV+etedgReXLZ9QBPCw==,type:str]", "sops": { "kms": null, "gcp_kms": null, @@ -11,8 +11,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmTVMxdkpjQllIZlRpQjEr\nc0RqNzNnOGplcDR6by9aL0JQY0ZmZjV3OUhrCm1sbHEvQ3hFZVg1YU5wOU5kaGpI\nK25zckJNaXhWd21kUHIyTm8yVW0reWsKLS0tIHVvbDhYZjRSbVRjOWZNaWkwcm1z\neVJyTTRNNTJBeVYxdDFCL1ozQjhQUkUK09k0LVNUugbxtZJB1JEXWmB2Q35mK1MW\nY12rpx4QwFUf1uhZDGmHMU0mrmaZRhkiTXTW+MtbHHtiGCxI8JrgLQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2023-07-01T17:49:07Z", - "mac": "ENC[AES256_GCM,data:DLKp0oBRgqoC1vm7Gt8IgTXQZBVhFMzRlP2CeWUHCi0PhOFFDCQCbJMJ4GnLeVAMgn1PTQXxDBJsqx1dd99oR3xXOqV6s9RUrg7BNql6G1PRnROnvGavVq+K8Oqyc6K3RDMK95Fwd20Svvyplc7fvvJVYA7XE8oVyPCj7adgIzA=,iv:0T60zdgBXTNEUyzWNH2gRJsH7D/mofiBQKD4XpaTdf4=,tag:9s0g5W0fu7PrKybYNQMfxA==,type:str]", + "lastmodified": "2024-01-22T17:03:08Z", + "mac": "ENC[AES256_GCM,data:BS4BPjzA663knjD53QWjjDKmYmT6GcOVJru0XBWDQakVvgZwrPnRSZWSuC+ubtTBiG+EMK8Zx7nY3i8S/T0AkO9FmxBR476m8oopkNvCQIIEOkOK0F5I2gd6W/SDqKBC8Wzb6qWxGYDeZBmnvjpapcyW+VvJvaXhjSJpOgff+LQ=,iv:mwa9p6YJPLDWUcPxgGErZUSd5afCdg3YmY3fL1/f6do=,tag:MQN6KPB0NwVakSps9/sLzw==,type:str]", "pgp": [ { "created_at": "2023-07-01T17:45:58Z",