steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

WIP: x13s: install to nvme, refactor into module

Browse source
This commit is contained in:
steveej 2024-01-22 22:50:51 +01:00
parent 40416bd4de
commit a083c05b27
28 changed files with 1361 additions and 737 deletions
Download patch file Download diff file Expand all files Collapse all files

7
.sops.yaml
View file

@ -41,6 +41,13 @@ creation_rules:
- *steveej - *steveej
age: age:
- *steveej-t14 - *steveej-t14
- path_regex: ^secrets/desktop/.+$
key_groups:
- pgp:
- *steveej
age:
- *steveej-t14
- *steveej-x13s-rmvbl
- path_regex: ^secrets/servers/.+$ - path_regex: ^secrets/servers/.+$
key_groups: key_groups:
- pgp: - pgp:

74
flake.lock generated
View file

@ -1,5 +1,38 @@
{ {
"nodes": { "nodes": {
"adamcstephens_stop-export": {
"flake": false,
"locked": {
"lastModified": 1705876512,
"narHash": "sha256-nvBqLyi8dMQf3xnROwEcUv4iqV55Mr8S8OGYepu14i4=",
"ref": "refs/heads/main",
"rev": "388684db5b529bbd6f3e948cf175df089eb09766",
"revCount": 14,
"type": "git",
"url": "https://codeberg.org/adamcstephens/stop-export.git"
},
"original": {
"type": "git",
"url": "https://codeberg.org/adamcstephens/stop-export.git"
}
},
"alsa-ucm-conf": {
"flake": false,
"locked": {
"lastModified": 1705501566,
"narHash": "sha256-Nyr7tjH5VBjocvaKaHCiK+zsjThYBtcr936aRWCBBpM=",
"owner": "alsa-project",
"repo": "alsa-ucm-conf",
"rev": "e87dde51d68950537f92af955ad0633437cc419a",
"type": "github"
},
"original": {
"owner": "alsa-project",
"ref": "master",
"repo": "alsa-ucm-conf",
"type": "github"
}
},
"aphorme_launcher": { "aphorme_launcher": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -17,6 +50,23 @@
"type": "github" "type": "github"
} }
}, },
"brainwart_x13s-nixos": {
"flake": false,
"locked": {
"lastModified": 1705565623,
"narHash": "sha256-sisr/dFIz8p3/Y7mz+arWxjeiBmUTQkMqkF9j3c2dWE=",
"owner": "BrainWart",
"repo": "x13s-nixos",
"rev": "29002122d86a1009ba70e7a4ca3063e5404c77a2",
"type": "github"
},
"original": {
"owner": "BrainWart",
"ref": "flake",
"repo": "x13s-nixos",
"type": "github"
}
},
"colmena": { "colmena": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
@ -293,6 +343,23 @@
"type": "github" "type": "github"
} }
}, },
"linux_x13s": {
"flake": false,
"locked": {
"lastModified": 1705680516,
"narHash": "sha256-NjCuPYjYHBJcoJR1ZaWQ9sRh0VpY2Y0hawkbUBRfCvk=",
"owner": "jhovold",
"repo": "linux",
"rev": "bac95eabe6577faa2773cbe7e91c34fd17ab79a0",
"type": "github"
},
"original": {
"owner": "jhovold",
"ref": "wip/sc8280xp-v6.7",
"repo": "linux",
"type": "github"
}
},
"nix-eval-jobs": { "nix-eval-jobs": {
"inputs": { "inputs": {
"flake-parts": "flake-parts_3", "flake-parts": "flake-parts_3",
@ -636,7 +703,10 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"adamcstephens_stop-export": "adamcstephens_stop-export",
"alsa-ucm-conf": "alsa-ucm-conf",
"aphorme_launcher": "aphorme_launcher", "aphorme_launcher": "aphorme_launcher",
"brainwart_x13s-nixos": "brainwart_x13s-nixos",
"colmena": "colmena", "colmena": "colmena",
"crane": "crane", "crane": "crane",
"disko": [ "disko": [
@ -647,6 +717,7 @@
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"get-flake": "get-flake", "get-flake": "get-flake",
"jay": "jay", "jay": "jay",
"linux_x13s": "linux_x13s",
"nixos-anywhere": "nixos-anywhere", "nixos-anywhere": "nixos-anywhere",
"nixpkgs": [ "nixpkgs": [
"nixpkgs-2311" "nixpkgs-2311"
@ -659,6 +730,9 @@
"nixpkgs-wayland": "nixpkgs-wayland", "nixpkgs-wayland": "nixpkgs-wayland",
"ofi-pass": "ofi-pass", "ofi-pass": "ofi-pass",
"prs": "prs", "prs": "prs",
"radicalePkgs": [
"nixpkgs-2211"
],
"salut": "salut", "salut": "salut",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"srvos": "srvos", "srvos": "srvos",

39
flake.nix
View file

@ -3,6 +3,7 @@
inputs = { inputs = {
# flake and infra basics # flake and infra basics
nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11";
radicalePkgs.follows = "nixpkgs-2211";
nixpkgs-2305.url = "github:nixos/nixpkgs/nixos-23.05"; nixpkgs-2305.url = "github:nixos/nixpkgs/nixos-23.05";
nixpkgs-2311.url = "github:nixos/nixpkgs/nixos-23.05"; nixpkgs-2311.url = "github:nixos/nixpkgs/nixos-23.05";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
@ -13,7 +14,7 @@
srvos.url = "github:numtide/srvos"; srvos.url = "github:numtide/srvos";
srvos.inputs.nixpkgs.follows = "nixpkgs"; srvos.inputs.nixpkgs.follows = "nixpkgs";
nixos-anywhere.url = github:numtide/nixos-anywhere/main; nixos-anywhere.url = "github:numtide/nixos-anywhere/main";
nixos-anywhere.inputs.nixpkgs.follows = "nixpkgs"; nixos-anywhere.inputs.nixpkgs.follows = "nixpkgs";
disko.follows = "nixos-anywhere/disko"; disko.follows = "nixos-anywhere/disko";
@ -68,6 +69,31 @@
url = "gitlab:timvisee/prs/master"; url = "gitlab:timvisee/prs/master";
flake = false; flake = false;
}; };
### inputs for thinkpad x13s
# see https://github.com/jhovold/linux/wiki/X13s for status updates
linux_x13s.url = "github:jhovold/linux/wip/sc8280xp-v6.7";
linux_x13s.flake = false;
brainwart_x13s-nixos = {
url = "github:BrainWart/x13s-nixos/flake";
flake = false;
};
adamcstephens_stop-export = {
flake = false;
url = "git+https://codeberg.org/adamcstephens/stop-export.git";
};
alsa-ucm-conf = {
flake = false;
url = "github:alsa-project/alsa-ucm-conf/master";
};
###
}; };
outputs = outputs =
@ -104,6 +130,7 @@
nodeFlake = self.inputs.get-flake ./nix/os/devices/${nodeName}; nodeFlake = self.inputs.get-flake ./nix/os/devices/${nodeName};
}) [ }) [
"steveej-t14" "steveej-t14"
"steveej-x13s"
# "elias-e525" # "elias-e525"
# "justyna-p300" # "justyna-p300"
@ -122,7 +149,7 @@
// ( // (
let let
router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations; router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations;
steveej-x13s-rmvbl = (inputs.get-flake ./nix/os/devices/steveej-x13s-rmvbl).nixosConfigurations; steveej-x13s = (inputs.get-flake ./nix/os/devices/steveej-x13s).nixosConfigurations;
retro = (inputs.get-flake ./nix/os/devices/retro).nixosConfigurations; retro = (inputs.get-flake ./nix/os/devices/retro).nixosConfigurations;
in in
{ {
@ -135,8 +162,7 @@
# nixos-install --flake .\#retro_cross # nixos-install --flake .\#retro_cross
retro_cross = retro.cross; retro_cross = retro.cross;
steveej-x13s-rmvbl = steveej-x13s-rmvbl.native; steveej-x13s_cross = steveej-x13s.cross;
steveej-x13s-rmvbl_cross = steveej-x13s-rmvbl.cross;
} }
); );
@ -272,6 +298,11 @@
inherit inputs' pkgs; inherit inputs' pkgs;
packages' = packages; packages' = packages;
}; };
}; };
flake.nixosModules = {
thinkpad-x13s = { pkgs, config, lib, options, ... } @ args: (import ./nix/os/modules/hardware.thinkpad-x13s.nix (args // { inherit self; }));
};
}); });
} }

224
nix/home-manager/configuration/graphical-fullblown.nix
View file

@ -1,26 +1,23 @@
{ pkgs { pkgs
, lib
, config , config
, # these come in via home-manager.extraSpecialArgs and are specific to each node , # these come in via home-manager.extraSpecialArgs and are specific to each node
nodeFlake nodeFlake
, packages' , packages'
, # repoFlake, , ...
# repoFlakeInputs',
...
}: }:
let let
# pkgsMaster = nodeFlake.inputs.nixpkgs-master.legacyPackages.${pkgs.system}; # pkgsMaster = nodeFlake.inputs.nixpkgs-master.legacyPackages.${pkgs.system};
pkgsUnstableSmall = import nodeFlake.inputs.nixpkgs-unstable-small { inherit (pkgs) system config; }; pkgsUnstableSmall = import nodeFlake.inputs.nixpkgs-unstable-small { inherit (pkgs) system config; };
pkgs2211 = nodeFlake.inputs.nixpkgs-2211.legacyPackages.${pkgs.system};
in in
{ {
imports = [ imports = [
../profiles/common.nix ../profiles/common.nix
../profiles/dotfiles.nix # ../profiles/dotfiles.nix
# FIXME: fix homeshick when no WAN connection is available # FIXME: fix homeshick when no WAN connection is available
# ../programs/homeshick.nix # ../programs/homeshick.nix
# ../profiles/gnome-desktop.nix # ../profiles/gnome-desktop.nix
../profiles/sway-desktop.nix
# ../profiles/experimental-desktop.nix # ../profiles/experimental-desktop.nix
../programs/redshift.nix ../programs/redshift.nix
@ -28,7 +25,7 @@ in
../programs/gpg-agent.nix ../programs/gpg-agent.nix
../programs/pass.nix ../programs/pass.nix
../programs/espanso.nix # ../programs/espanso.nix
../programs/firefox.nix ../programs/firefox.nix
../programs/chromium.nix ../programs/chromium.nix
@ -36,10 +33,6 @@ in
../programs/libreoffice.nix ../programs/libreoffice.nix
../programs/neovim.nix ../programs/neovim.nix
../programs/vscode ../programs/vscode
# TODO: bump these to 23.05 and make it work
(args: import ../programs/radicale.nix (args // { pkgs = pkgs2211; }))
# (args: import ../programs/espanso.nix (args // {pkgs = pkgs2211;}))
]; ];
home.sessionVariables.HM_CONFIG = "graphical-fullblown"; home.sessionVariables.HM_CONFIG = "graphical-fullblown";
@ -55,21 +48,19 @@ in
[ ] [ ]
++ (with pkgs; [ ++ (with pkgs; [
# Authentication # Authentication
cacert # cacert
fprintd # fprintd
openssl # openssl
mkpasswd # mkpasswd
# Nix package related tools # Nix package related tools
patchelf patchelf
nix-index # nix-index
nix-prefetch-scripts nix-prefetch-scripts
# nix-prefetch-github
nix-tree nix-tree
# Version Control Systems # Version Control Systems
gitFull gitFull
pijul
# gitless # gitless
gitRepo gitRepo
git-lfs git-lfs
@ -118,7 +109,9 @@ in
# FIXME: depends on insecure openssl 1.1.1t # FIXME: depends on insecure openssl 1.1.1t
# kotatogram-desktop # kotatogram-desktop
tdesktop tdesktop
pkgsUnstableSmall.signal-desktop pkgsUnstableSmall.signal-desktop
#(let #(let
# version = "6.20.0-beta.1"; # version = "6.20.0-beta.1";
#in #in
@ -138,7 +131,6 @@ in
# ''; # '';
# })) # }))
pkgsUnstableSmall.session-desktop
# --add-flags "--enable-features=UseOzonePlatform" # --add-flags "--enable-features=UseOzonePlatform"
# --add-flags "--ozone-platform=wayland" # --add-flags "--ozone-platform=wayland"
# (pkgsUnstableSmall.session-desktop.overrideAttrs (old: { # (pkgsUnstableSmall.session-desktop.overrideAttrs (old: {
@ -175,61 +167,51 @@ in
# })) # }))
thunderbird thunderbird
# gnome.cheese # gnome.cheese
discord
# Virtualization # Virtualization
# virtmanager # virtmanager
# Remote Control Tools # Remote Control Tools
remmina remmina
freerdp # freerdp
teamviewer
pkgsUnstableSmall.rustdesk
# Audio/Video Players # Audio/Video Players
ffmpeg ffmpeg
vlc vlc
v4l-utils # v4l-utils
audacity # audacity
spotify # spotify
yt-dlp yt-dlp
(writeShellScriptBin "youtube-dl-audio" "${yt-dlp}/bin/yt-dlp --extract-audio --audio-format best --audio-quality 9 \${@:?}") (writeShellScriptBin "youtube-dl-audio" "${yt-dlp}/bin/yt-dlp --extract-audio --audio-format best --audio-quality 9 \${@:?}")
libwebcam libwebcam
# Network Tools # Network Tools
openvpn
tcpdump tcpdump
iftop iftop
iperf iperf
bind bind
socat socat
# 2019-03-05: broken on 19.03 linssid nethogs
iptraf-ng
ipmitool
iptables
nftables
wireshark
wireguard-tools
# Code Editing and Programming # Code Editing and Programming
xclip # pkgsUnstableSmall.lapce
xsel # pkgsUnstableSmall.helix
pkgsUnstableSmall.lapce # pkgsUnstableSmall.nil
pkgsUnstableSmall.helix
pkgsUnstableSmall.nil
# Image/Graphic/Design Tools # Image/Graphic/Design Tools
gnome.eog gnome.eog
gimp # gimp
imagemagick # imagemagick
exiv2 # exiv2
graphviz # graphviz
inkscape # inkscape
qrencode # qrencode
zbar
feh
# TODO: remove or move these: Modelling Tools # TODO: remove or move these: Modelling Tools
# plantuml # plantuml
@ -240,62 +222,47 @@ in
# astah-community # astah-community
# Misc Development Tools # Misc Development Tools
qrcode # qrcode
jq # jq
cdrtools # cdrtools
# Document Processing and Management # Document Processing and Management
gnome.nautilus gnome.nautilus
xfce.thunar
pcmanfm pcmanfm
# mendeley # mendeley
evince evince
(runCommand "logseq-wrapper"
{
nativeBuildInputs = [ makeWrapper ];
} ''
makeWrapper ${logseq}/bin/logseq $out/bin/logseq \
--set NIXOS_OZONE_WL ""
'')
# (logseq.override({ electron_25 = electron_26; }))
# File Synchronzation # File Synchronzation
maestral maestral
maestral-gui
rsync rsync
# Filesystem Tools # Filesystem Tools
ntfs3g # ntfs3g
ddrescue # ddrescue
ncdu # ncdu
unetbootin # hdparm
hdparm
testdisk
# binwalk # binwalk
gptfdisk # gptfdisk
gparted # gparted
smartmontools # smartmontools
## Android
androidenv.androidPkgs_9_0.platform-tools
## Python ## Python
packages'.myPython # packages'.myPython
# Misc Desktop Tools # Misc Desktop Tools
ltunify # ltunify
# dex # dex
xorg.xbacklight
coreutils coreutils
lsof lsof
xdotool
xdg_utils xdg_utils
xdg-user-dirs xdg-user-dirs
dconf dconf
picocom picocom
glib.dev # contains gdbus tool glib.dev # contains gdbus tool
alacritty alacritty
wally-cli # wally-cli
man-pages man-pages
# Screen recording # Screen recording
@ -311,64 +278,77 @@ in
# introduces python: screenkey # introduces python: screenkey
# avidemux # broken # avidemux # broken
handbrake # handbrake
pkgsUnstableSmall.ledger-live-desktop # snes9x
# snes9x-gtk
(banana-accounting.overrideDerivation (attrs:
with inputs'.nixpkgs-2211.legacyPackages; {
# dontWrapGApps = true;
srcs = builtins.fetchurl {
# hosted via https://web3.storage
url = "https://bafybeiabi4m2i4izummipbl5wzhwxjyjt2rylgsrahhkh7i63piwd37n4u.ipfs.w3s.link/mfpcksczayaqqx8fdacp0627zm36c001-bananaplus.tgz";
sha256 = "09666iqzqdw2526pf6bg5kd0hfw0wblw8ag636ki72dsiw6bmbf1";
};
# nativeBuildInputs =
# attrs.nativeBuildInputs
# ++ [
# qt5.qtbase
# qt5.wrapQtAppsHook
# ];
# buildInputs =
# attrs.buildInputs
# ++ [
# qt5.qtwayland
# ];
# preFixup =
# (attrs.preFixup or "")
# + ''
# qtWrapperArgs+=("''${gappsWrapperArgs[@]}")
# '';
}))
snes9x
snes9x-gtk
# this is a displaymanager! # this is a displaymanager!
# libretro.snes9x2010 # libretro.snes9x2010
# retroarchFull # retroarchFull
]); ])
++ (lib.lists.optionals (!pkgs.stdenv.targetPlatform.isAarch64) [
(pkgs.banana-accounting.overrideDerivation
(attrs:
with nodeFlake.inputs'.nixpkgs-2211.legacyPackages; {
# dontWrapGApps = true;
srcs = builtins.fetchurl {
# hosted via https://web3.storage
url = "https://bafybeiabi4m2i4izummipbl5wzhwxjyjt2rylgsrahhkh7i63piwd37n4u.ipfs.w3s.link/mfpcksczayaqqx8fdacp0627zm36c001-bananaplus.tgz";
sha256 = "09666iqzqdw2526pf6bg5kd0hfw0wblw8ag636ki72dsiw6bmbf1";
};
# nativeBuildInputs =
# attrs.nativeBuildInputs
# ++ [
# qt5.qtbase
# qt5.wrapQtAppsHook
# ];
# buildInputs =
# attrs.buildInputs
# ++ [
# qt5.qtwayland
# ];
# preFixup =
# (attrs.preFixup or "")
# + ''
# qtWrapperArgs+=("''${gappsWrapperArgs[@]}")
# '';
})
)
pkgsUnstableSmall.ledger-live-desktop
(pkgs.runCommand "logseq-wrapper"
{
nativeBuildInputs = [ pkgs.makeWrapper ];
} ''
makeWrapper ${pkgs.logseq}/bin/logseq $out/bin/logseq \
--set NIXOS_OZONE_WL ""
'')
# (logseq.override({ electron_25 = electron_26; }))
# unsupported on aarch64-linux
pkgs.androidenv.androidPkgs_9_0.platform-tools
pkgs.teamviewer
pkgs.discord
pkgsUnstableSmall.session-desktop
pkgsUnstableSmall.rustdesk
])
;
systemd.user.startServices = true; systemd.user.startServices = true;
services.syncthing.enable = true; services.syncthing.enable = true;
services.udiskie = { services.udiskie = {
enable = true; enable = true;
automount = true; automount = false;
notify = true; notify = true;
}; };
# FIXME: doesn't work as the service can't seem to control its started PID
services.dropbox = {
enable = false;
path = "${config.home.homeDirectory}/Dropbox-Hm";
};
# TODO: uncomment this when it's in stable home-manger # TODO: uncomment this when it's in stable home-manger
# programs.joshuto = { # programs.joshuto = {
# enable = true; # enable = true;

14
nix/home-manager/profiles/common.nix
View file

@ -1,4 +1,4 @@
{pkgs, ...}: { { pkgs, ... }: {
# TODO: re-enable this with the appropriate version? # TODO: re-enable this with the appropriate version?
# programs.home-manager.enable = true; # programs.home-manager.enable = true;
# programs.home-manager.path = https://github.com/rycee/home-manager/archive/445c0b1482c38172a9f8294ee16a7ca7462388e5.tar.gz; # programs.home-manager.path = https://github.com/rycee/home-manager/archive/445c0b1482c38172a9f8294ee16a7ca7462388e5.tar.gz;
@ -11,10 +11,16 @@
allowBroken = false; allowBroken = false;
allowUnfree = true; allowUnfree = true;
permittedInsecurePackages = []; permittedInsecurePackages = [ ];
}; };
nix.settings.experimental-features = ["nix-command" "flakes" "impure-derivations" "ca-derivations" "recursive-nix"]; nix.settings.experimental-features = [
"nix-command"
"flakes"
"impure-derivations"
"ca-derivations"
"recursive-nix"
];
nix.settings.sandbox = "relaxed"; nix.settings.sandbox = "relaxed";
home.keyboard = { home.keyboard = {
@ -40,7 +46,7 @@
programs.fzf.enable = true; programs.fzf.enable = true;
home.packages = home.packages =
[] [ ]
++ (with pkgs; [ ++ (with pkgs; [
htop htop
vcsh vcsh

10
nix/home-manager/profiles/wayland-desktop.nix
View file

@ -8,10 +8,7 @@
let let
inherit (import ../lib.nix { }) mkSimpleTrayService; inherit (import ../lib.nix { }) mkSimpleTrayService;
nixpkgs-2211 = nodeFlake.inputs.nixpkgs-2211.legacyPackages.${pkgs.system};
nixpkgs-unstable-small = nodeFlake.inputs.nixpkgs-unstable-small.legacyPackages.${pkgs.system};
nixpkgs-wayland' = repoFlake.inputs.nixpkgs-wayland.packages.${pkgs.system}; nixpkgs-wayland' = repoFlake.inputs.nixpkgs-wayland.packages.${pkgs.system};
wayprompt = nixpkgs-wayland'.wayprompt; wayprompt = nixpkgs-wayland'.wayprompt;
in in
{ {
@ -43,7 +40,6 @@ in
wl-clipboard wl-clipboard
wmctrl wmctrl
wayprompt
nixpkgs-wayland'.shotman nixpkgs-wayland'.shotman
# identifies key input syms # identifies key input syms
@ -63,7 +59,11 @@ in
# probably required by flameshot # probably required by flameshot
# xdg-desktop-portal xdg-desktop-portal-wlr # xdg-desktop-portal xdg-desktop-portal-wlr
# grim # grim
]; ] ++ (lib.lists.optionals (!pkgs.stdenv.isAarch64)
# TODO: broken on aarch64
[
]
);
home.sessionVariables = { home.sessionVariables = {
XDG_SESSION_TYPE = "wayland"; XDG_SESSION_TYPE = "wayland";

37
nix/home-manager/programs/chromium.nix
View file

@ -1,15 +1,16 @@
{ { name
name, , lib
lib, , pkgs
... , ...
}: let }:
let
extensions = extensions =
[ [
#undetectable adblocker #undetectable adblocker
{id = "gcfcpohokifjldeandkfjoboemihipmb";} { id = "gcfcpohokifjldeandkfjoboemihipmb"; }
# ublock origin # ublock origin
{id = "cjpalhdlnbpafiamejdnhcphjbkeiagm";} { id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; }
# # YT ad block # # YT ad block
# {id = "cmedhionkhpnakcndndgjdbohmhepckk";} # {id = "cmedhionkhpnakcndndgjdbohmhepckk";}
@ -18,15 +19,15 @@
# {id = "cfhdojbkjhnklbpkdaibdccddilifddb";} # {id = "cfhdojbkjhnklbpkdaibdccddilifddb";}
# Cookie Notice Blocker # Cookie Notice Blocker
{id = "odhmfmnoejhihkmfebnolljiibpnednn";} { id = "odhmfmnoejhihkmfebnolljiibpnednn"; }
# i don't care about cookies # i don't care about cookies
{id = "fihnjjcciajhdojfnbdddfaoknhalnja";} { id = "fihnjjcciajhdojfnbdddfaoknhalnja"; }
# NopeCHA # NopeCHA
{id = "dknlfmjaanfblgfdfebhijalfmhmjjjo";} { id = "dknlfmjaanfblgfdfebhijalfmhmjjjo"; }
# h264ify # h264ify
{id = "aleakchihdccplidncghkekgioiakgal";} { id = "aleakchihdccplidncghkekgioiakgal"; }
# clippy # clippy
# {id = "honbeilkanbghjimjoniipnnehlmhggk"} # {id = "honbeilkanbghjimjoniipnnehlmhggk"}
@ -37,25 +38,27 @@
} }
# cookie autodelete # cookie autodelete
{id = "fhcgjolkccmbidfldomjliifgaodjagh";} { id = "fhcgjolkccmbidfldomjliifgaodjagh"; }
# unhook # unhook
{ id = "khncfooichmfjbepaaaebmommgaepoid";} { id = "khncfooichmfjbepaaaebmommgaepoid"; }
] ]
++ (lib.lists.optionals ((builtins.match "^steveej.*" name) != null) [ ++ (lib.lists.optionals ((builtins.match "^steveej.*" name) != null) [
# Vimium C # Vimium C
{id = "hfjbmagddngcpeloejdejnfgbamkjaeg";} { id = "hfjbmagddngcpeloejdejnfgbamkjaeg"; }
]); ]);
in { in
{
programs.chromium = { programs.chromium = {
enable = true; enable = true;
inherit extensions; inherit extensions;
}; };
programs.brave = { programs.brave = {
enable = true; # TODO: enable this on aarch64-linux
enable = true && !pkgs.stdenv.targetPlatform.isAarch64;
inherit extensions; inherit extensions;
}; };
programs.browserpass = {browsers = ["chromium" "brave"];}; programs.browserpass = { browsers = [ "chromium" "brave" ]; };
} }

89
nix/home-manager/programs/radicale.nix
View file

@ -1,10 +1,10 @@
{ { config
config, , lib
lib, , pkgs
pkgs, , osConfig
osConfig, , ...
... }:
}: let let
libdecsync = pkgs.python3Packages.buildPythonPackage rec { libdecsync = pkgs.python3Packages.buildPythonPackage rec {
pname = "libdecsync"; pname = "libdecsync";
version = "2.2.1"; version = "2.2.1";
@ -38,50 +38,53 @@
# pkgs.libxcrypt # pkgs.libxcrypt
]; ];
propagatedBuildInputs = [libdecsync pkgs.python3Packages.setuptools]; propagatedBuildInputs = [ libdecsync pkgs.python3Packages.setuptools ];
}; };
radicale-decsync = pkgs.radicale.overrideAttrs (old: { radicale-decsync = pkgs.radicale.overrideAttrs (old: {
propagatedBuildInputs = propagatedBuildInputs =
old.propagatedBuildInputs old.propagatedBuildInputs
++ [radicale-storage-decsync]; ++ [ radicale-storage-decsync ];
}); });
mkRadicaleService = { mkRadicaleService =
suffix, { suffix
port, , port
}: let ,
radicale-config = pkgs.writeText "radicale-config-${suffix}" '' }:
[server] let
hosts = localhost:${builtins.toString port} radicale-config = pkgs.writeText "radicale-config-${suffix}" ''
[server]
hosts = localhost:${builtins.toString port}
[auth] [auth]
type = htpasswd type = htpasswd
htpasswd_filename = ${osConfig.sops.secrets.radicale_htpasswd.path} htpasswd_filename = ${osConfig.sops.secrets.radicale_htpasswd.path}
htpasswd_encryption = bcrypt htpasswd_encryption = bcrypt
[storage] [storage]
type = radicale_storage_decsync type = radicale_storage_decsync
filesystem_folder = ${config.xdg.dataHome}/radicale-${suffix} filesystem_folder = ${config.xdg.dataHome}/radicale-${suffix}
decsync_dir = ${config.xdg.dataHome}/decsync-${suffix} decsync_dir = ${config.xdg.dataHome}/decsync-${suffix}
''; '';
in { in
systemd.user.services."radicale-${suffix}" = { {
Unit.Description = "Radicale with DecSync (${suffix})"; systemd.user.services."radicale-${suffix}" = {
Service = { Unit.Description = "Radicale with DecSync (${suffix})";
ExecStart = "${radicale-decsync}/bin/radicale -C ${radicale-config}"; Service = {
Restart = "on-failure"; ExecStart = "${radicale-decsync}/bin/radicale -C ${radicale-config}";
Restart = "on-failure";
};
Install.WantedBy = [ "default.target" ];
}; };
Install.WantedBy = ["default.target"];
}; };
};
in in
builtins.foldl' (sum: cur: lib.recursiveUpdate sum (mkRadicaleService cur)) {} [ builtins.foldl' (sum: cur: lib.recursiveUpdate sum (mkRadicaleService cur)) { } [
{ {
suffix = "personal"; suffix = "personal";
port = 5232; port = 5232;
} }
{ {
suffix = "family"; suffix = "family";
port = 5233; port = 5233;
} }
] ]

118
nix/home-manager/programs/zsh.nix
View file

@ -1,29 +1,30 @@
{ { config
config, , lib
lib, , pkgs
pkgs, , ...
... }:
}: let let
just-plugin = let just-plugin =
plugin_file = pkgs.writeText "_just" '' let
#compdef just plugin_file = pkgs.writeText "_just" ''
#autload #compdef just
#autload
alias justl="\just --list" alias justl="\just --list"
alias juste="\just --evaluate" alias juste="\just --evaluate"
local subcmds=() local subcmds=()
while read -r line ; do while read -r line ; do
if [[ ! $line == Available* ]] ; if [[ ! $line == Available* ]] ;
then then
subcmds+=(''${line/[[:space:]]*\#/:}) subcmds+=(''${line/[[:space:]]*\#/:})
fi fi
done < <(just --list) done < <(just --list)
_describe 'command' subcmds _describe 'command' subcmds
''; '';
in in
pkgs.stdenv.mkDerivation { pkgs.stdenv.mkDerivation {
name = "just-completions"; name = "just-completions";
version = "0.1.0"; version = "0.1.0";
@ -35,7 +36,8 @@
chmod --recursive a-w $out chmod --recursive a-w $out
''; '';
}; };
in { in
{
programs.zsh = { programs.zsh = {
enable = true; enable = true;
@ -46,47 +48,49 @@ in {
# will be called again by oh-my-zsh # will be called again by oh-my-zsh
enableCompletion = false; enableCompletion = false;
enableAutosuggestions = true; enableAutosuggestions = true;
initExtra = let initExtra =
inNixShell = ''$([[ -n "$IN_NIX_SHELL" ]] && printf " 🐚")''; let
in '' inNixShell = ''$([[ -n "$IN_NIX_SHELL" ]] && printf " 🐚")'';
PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}%f.%F{red} ($?%))%f %F{blue}%~%f${inNixShell}%F{magenta}$(git_prompt_info)%f$prompt_newline%_%F{%(!.red.green)}$(prompt_char)%f ' in
RPROMPT="" ''
PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}%f.%F{red} ($?%))%f %F{blue}%~%f${inNixShell}%F{magenta}$(git_prompt_info)%f$prompt_newline%_%F{%(!.red.green)}$(prompt_char)%f '
RPROMPT=""
# Automatic rehash # Automatic rehash
zstyle ':completion:*' rehash true zstyle ':completion:*' rehash true
if [ -f $HOME/.shrc.d/sh_aliases ]; then if [ -f $HOME/.shrc.d/sh_aliases ]; then
. $HOME/.shrc.d/sh_aliases . $HOME/.shrc.d/sh_aliases
fi fi
${ ${
if builtins.hasAttr "homeshick" pkgs if builtins.hasAttr "homeshick" pkgs
then '' then ''
source ${pkgs.homeshick}/homeshick.sh source ${pkgs.homeshick}/homeshick.sh
fpath=(${pkgs.homeshick}/completions $fpath) fpath=(${pkgs.homeshick}/completions $fpath)
'' ''
else "" else ""
} }
# Disable intercepting of ctrl-s and ctrl-q as flow control. # Disable intercepting of ctrl-s and ctrl-q as flow control.
stty stop ''' -ixoff -ixon stty stop ''' -ixoff -ixon
# don't cd into directories when executed # don't cd into directories when executed
unsetopt AUTO_CD unsetopt AUTO_CD
# print lines without termination # print lines without termination
setopt PROMPT_CR setopt PROMPT_CR
setopt PROMPT_SP setopt PROMPT_SP
export PROMPT_EOL_MARK="" export PROMPT_EOL_MARK=""
${lib.optionalString config.services.gpg-agent.enable '' ${lib.optionalString config.services.gpg-agent.enable ''
export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/gnupg/S.gpg-agent.ssh" export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/gnupg/S.gpg-agent.ssh"
''} ''}
${lib.optionalString config.programs.neovim.enable '' ${lib.optionalString config.programs.neovim.enable ''
export EDITOR="nvim" export EDITOR="nvim"
''} ''}
''; '';
plugins = [ plugins = [
{ {
@ -119,7 +123,7 @@ in {
oh-my-zsh = { oh-my-zsh = {
enable = true; enable = true;
theme = "tjkirch"; theme = "tjkirch";
plugins = ["git" "sudo"]; plugins = [ "git" "sudo" ];
}; };
}; };
} }

3
nix/os/devices/steveej-t14/configuration.nix
View file

@ -1,4 +1,4 @@
{...}: { { ... }: {
imports = [ imports = [
../../profiles/common/configuration.nix ../../profiles/common/configuration.nix
../../profiles/graphical/configuration.nix ../../profiles/graphical/configuration.nix
@ -10,7 +10,6 @@
./pkg.nix ./pkg.nix
./user.nix ./user.nix
./boot.nix ./boot.nix
./secrets.nix
# samba seerver # samba seerver
({ lib, ... }: { ({ lib, ... }: {

108
nix/os/devices/steveej-t14/pkg.nix
View file

@ -1,9 +1,8 @@
{ { pkgs
pkgs, , lib
lib, , repoFlake
repoFlake, , nodeFlake
nodeFlake, , ...
...
}: { }: {
home-manager.users.steveej = _: { home-manager.users.steveej = _: {
imports = [ imports = [
@ -16,8 +15,7 @@
}) })
]; ];
home.sessionVariables = { home.sessionVariables = { };
};
home.packages = with pkgs; [ home.packages = with pkgs; [
]; ];
@ -34,50 +32,33 @@
# #
# (regreet:505614): Gtk-WARNING **: 10:31:42.532: Theme parser warning: <data>:6:17-18: Empty declaration # (regreet:505614): Gtk-WARNING **: 10:31:42.532: Theme parser warning: <data>:6:17-18: Empty declaration
# Failed to create /var/empty/.cache for shader cache (Operation not permitted)---disabling. # Failed to create /var/empty/.cache for shader cache (Operation not permitted)---disabling.
services.greetd = let services.greetd =
# exec "${pkgs.greetd.gtkgreet}/bin/gtkgreet -l; swaymsg exit" let
swayConfig = pkgs.writeText "greetd-sway-config" '' # exec "${pkgs.greetd.gtkgreet}/bin/gtkgreet -l; swaymsg exit"
# `-l` activates layer-shell mode. Notice that `swaymsg exit` will run after gtkgreet. swayConfig = pkgs.writeText "greetd-sway-config" ''
exec "dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK; ${pkgs.greetd.regreet}/bin/regreet; swaymsg exit" # `-l` activates layer-shell mode. Notice that `swaymsg exit` will run after gtkgreet.
bindsym Mod4+shift+e exec swaynag \ exec "dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK; ${pkgs.greetd.regreet}/bin/regreet; swaymsg exit"
-t warning \ bindsym Mod4+shift+e exec swaynag \
-m 'What do you want to do?' \ -t warning \
-b 'Poweroff' 'systemctl poweroff' \ -m 'What do you want to do?' \
-b 'Reboot' 'systemctl reboot' -b 'Poweroff' 'systemctl poweroff' \
''; -b 'Reboot' 'systemctl reboot'
in { '';
enable = false; in
settings = { {
vt = 1; enable = false;
default_session = { settings = {
command = "${pkgs.sway}/bin/sway --config ${swayConfig}"; vt = 1;
default_session = {
command = "${pkgs.sway}/bin/sway --config ${swayConfig}";
};
}; };
}; };
};
environment.etc."greetd/environments".text = '' environment.etc."greetd/environments".text = ''
sway sway
''; '';
# autologin steveej on tty1
systemd.services."autovt@tty1".description = "Autologin at the TTY1";
systemd.services."autovt@tty1".after = [ "systemd-logind.service" ]; # without it user session not started and xorg can't be run from this tty
systemd.services."autovt@tty1".wantedBy = [ "multi-user.target" ];
systemd.services."autovt@tty1".serviceConfig =
{ ExecStart = [
"" # override upstream default with an empty ExecStart
"@${pkgs.utillinux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login --autologin steveej --noclear %I $TERM"
];
Restart = "always";
Type = "idle";
};
programs.zsh.loginShellInit = ''
if test $(id --user steveej) = $(id -u) && test $(tty) = "/dev/tty1"; then
exec sway
fi
'';
# fonts = let # fonts = let
# prefs.font = rec { # prefs.font = rec {
# size = 13; # size = 13;
@ -122,42 +103,5 @@
# # }; # # };
# }; # };
security.pam.services.getty.enableGnomeKeyring = true;
services.gnome.gnome-keyring.enable = true;
# rtkit is optional but recommended
security.rtkit.enable = true;
services.pipewire = {
audio.enable = true;
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
};
# required by swaywm
security.polkit.enable = true;
security.pam.services.swaylock = {};
# test these on https://mozilla.github.io/webrtc-landing/gum_test.html
xdg.portal = {
enable = true;
# FIXME: `true` breaks xdg-open from alacritty:
# $ xdg-open "https://github.com/"
# Error: GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: No such interface “org.freedesktop.portal.OpenURI” on object at path /org/freedesktop/portal/desktop
xdgOpenUsePortal = false;
extraPortals = [
pkgs.xdg-desktop-portal-wlr
pkgs.xdg-desktop-portal-gtk
# repoFlake.inputs.nixpkgs-wayland.packages.${pkgs.system}.xdg-desktop-portal-wlr
# (pkgs.xdg-desktop-portal-gtk.override (_: {
# buildPortalsInGnome = false;
# }))
];
};
system.stateVersion = "23.05"; system.stateVersion = "23.05";
} }

13
nix/os/devices/steveej-t14/system.nix
View file

@ -28,6 +28,8 @@ in
{ {
imports = [ imports = [
../../snippets/nix-settings-holo-chain.nix ../../snippets/nix-settings-holo-chain.nix
../../snippets/radicale.nix
../../snippets/sway-desktop.nix
]; ];
nix.settings = { nix.settings = {
@ -115,21 +117,10 @@ in
services.samba.extraConfig = '' services.samba.extraConfig = ''
# client min protocol = NT1 # client min protocol = NT1
''; '';
services.gvfs = {
enable = true;
package = lib.mkForce pkgs.gnome3.gvfs;
};
environment.systemPackages = with pkgs; [ lxqt.lxqt-policykit ]; # provides a default authentification client for policykit
security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ]; security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
services.xserver.videoDrivers = lib.mkForce [ "amdgpu" ]; services.xserver.videoDrivers = lib.mkForce [ "amdgpu" ];
services.xserver.serverFlagsSection = ''
Option "BlankTime" "0"
Option "StandbyTime" "0"
Option "SuspendTime" "0"
Option "OffTime" "0"
'';
time.timeZone = lib.mkForce passwords.timeZone.stefan; time.timeZone = lib.mkForce passwords.timeZone.stefan;

35
nix/os/devices/steveej-x13s-rmvbl/configuration.nix
View file

@ -1,8 +1,8 @@
{ repoFlake { repoFlake
, nodeFlake
, pkgs , pkgs
, lib , lib
, config , config
, nodeFlake
, nodeName , nodeName
, localDomainName , localDomainName
, system , system
@ -16,8 +16,15 @@
./disko.nix ./disko.nix
../../profiles/common/user.nix ../../profiles/common/user.nix
../../profiles/common/pkg.nix
{ {
# nixpkgs.config.allowUnsupportedSystem = true;
# flake registry
nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs;
nix.nixPath = [ nix.nixPath = [
"nixpkgs=${pkgs.path}" "nixpkgs=${pkgs.path}"
]; ];
@ -43,6 +50,11 @@
sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
sops.defaultSopsFormat = "yaml"; sops.defaultSopsFormat = "yaml";
} }
nodeFlake.inputs.home-manager.nixosModules.home-manager
../../snippets/sway-desktop.nix
../../snippets/radicale.nix
]; ];
hardware.thinkpad-x13s = { hardware.thinkpad-x13s = {
@ -57,8 +69,8 @@
firewall.enable = true; firewall.enable = true;
useNetworkd = true; # useNetworkd = true;
networkmanager.enable = false; networkmanager.enable = true;
}; };
system.stateVersion = "23.11"; system.stateVersion = "23.11";
@ -74,4 +86,21 @@
pkgs.git pkgs.git
pkgs.git-crypt pkgs.git-crypt
]; ];
home-manager.users.steveej = _: {
imports = [
../../../home-manager/configuration/graphical-fullblown.nix
(_: {
programs.chromium.extensions = [
# can define host-specific extensions here
];
})
];
home.sessionVariables = { };
home.packages = with pkgs; [
];
};
} }

25
nix/os/devices/steveej-x13s-rmvbl/default.nix
View file

@ -1,10 +1,9 @@
{ { system ? "aarch64-linux"
system ? "aarch64-linux", , nodeName
nodeName, , repoFlake
repoFlake, , nodeFlake
nodeFlake, , localDomainName ? "internal"
localDomainName ? "internal", , ...
...
}: { }: {
meta.nodeSpecialArgs.${nodeName} = { meta.nodeSpecialArgs.${nodeName} = {
inherit repoFlake nodeName nodeFlake system; inherit repoFlake nodeName nodeFlake system;
@ -16,18 +15,22 @@
meta.nodeNixpkgs.${nodeName} = meta.nodeNixpkgs.${nodeName} =
import nodeFlake.inputs.nixpkgs.outPath import nodeFlake.inputs.nixpkgs.outPath
{ {
inherit system; inherit system;
}; };
${nodeName} = { ${nodeName} = {
deployment.targetHost = "${nodeName}.${localDomainName}"; deployment.targetHost = "${nodeName}.${localDomainName}";
deployment.replaceUnknownProfiles = true; deployment.replaceUnknownProfiles = true;
deployment.allowLocalDeployment = true;
# nixpkgs.pkgs = nodeFlake.inputs.nixpkgs.legacyPackages.${system}; # nixpkgs.pkgs = nodeFlake.inputs.nixpkgs.legacyPackages.${system};
imports = [ imports = [
./configuration.nix (repoFlake + "/nix/os/devices/${nodeName}/configuration.nix")
nodeFlake.inputs.home-manager.nixosModules.home-manager
]; ];
networking.hostName = nodeName; networking.hostName = nodeName;

70
nix/os/devices/steveej-x13s-rmvbl/flake.lock generated
View file

@ -57,11 +57,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1705540973, "lastModified": 1705890365,
"narHash": "sha256-kNt/qAEy7ueV7NKbVc8YMHWiQAAgrir02MROYNI8fV0=", "narHash": "sha256-MObB+fipA/2Ai3uMuNouxcwz0cqvELPpJ+hfnhSaUeA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "0033adc6e3f1ed076f3ed1c637ef1dfe6bef6733", "rev": "9fcdf3375e01e2938a49df103af9fd21bd0f89d9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -84,6 +84,27 @@
"type": "github" "type": "github"
} }
}, },
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1705659542,
"narHash": "sha256-WA3xVfAk1AYmFdwghT7mt/erYpsU6JPu9mdTEP/e9HQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "10cd9c53115061aa6a0a90aad0b0dde6a999cdb9",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.11",
"repo": "home-manager",
"type": "github"
}
},
"linux_x13s": { "linux_x13s": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -119,11 +140,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1705641746, "lastModified": 1705774713,
"narHash": "sha256-D6c2aH8HQbWc7ZWSV0BUpFpd94ImFyCP8jFIsKQ4Slg=", "narHash": "sha256-j6ADaDH9XiumUzkTPlFyCBcoWYhO83lfgiSqEJF2zcs=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d2003f2223cbb8cd95134e4a0541beea215c1073", "rev": "1b64fc1287991a9cce717a01c1973ef86cb1af0b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -133,6 +154,38 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-2211": {
"locked": {
"lastModified": 1688392541,
"narHash": "sha256-lHrKvEkCPTUO+7tPfjIcb7Trk6k31rz18vkyqmkeJfY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "ea4c80b39be4c09702b0cb3b42eab59e2ba4f24b",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable-small": {
"locked": {
"lastModified": 1705891108,
"narHash": "sha256-PQ0Df5BzByg+0gPE1goa9WYVXSoEP6gtjblrbYC8WOI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "8cccce637e19577815de54c5ecc3132dff965aee",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"adamcstephens_stop-export": "adamcstephens_stop-export", "adamcstephens_stop-export": "adamcstephens_stop-export",
@ -140,9 +193,12 @@
"brainwart_x13s-nixos": "brainwart_x13s-nixos", "brainwart_x13s-nixos": "brainwart_x13s-nixos",
"disko": "disko", "disko": "disko",
"get-flake": "get-flake", "get-flake": "get-flake",
"home-manager": "home-manager",
"linux_x13s": "linux_x13s", "linux_x13s": "linux_x13s",
"mobile-nixos": "mobile-nixos", "mobile-nixos": "mobile-nixos",
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs",
"nixpkgs-2211": "nixpkgs-2211",
"nixpkgs-unstable-small": "nixpkgs-unstable-small"
} }
} }
}, },

272
nix/os/devices/steveej-x13s-rmvbl/flake.nix
View file

@ -3,6 +3,10 @@
{ {
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11"; nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
# requires for home-manager modules
nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11";
get-flake.url = "github:ursi/get-flake"; get-flake.url = "github:ursi/get-flake";
disko.inputs.nixpkgs.follows = "nixpkgs"; disko.inputs.nixpkgs.follows = "nixpkgs";
@ -10,24 +14,9 @@
mobile-nixos.url = "github:NixOS/mobile-nixos"; mobile-nixos.url = "github:NixOS/mobile-nixos";
mobile-nixos.flake = false; mobile-nixos.flake = false;
# see https://github.com/jhovold/linux/wiki/X13s for status updates home-manager = {
linux_x13s.url = "github:jhovold/linux/wip/sc8280xp-v6.7"; url = "github:nix-community/home-manager/release-23.11";
linux_x13s.flake = false; inputs.nixpkgs.follows = "nixpkgs";
brainwart_x13s-nixos = {
url = "github:BrainWart/x13s-nixos/flake";
flake = false;
};
adamcstephens_stop-export = {
flake = false;
url = "git+https://codeberg.org/adamcstephens/stop-export.git";
};
alsa-ucm-conf = {
flake = false;
url = "github:alsa-project/alsa-ucm-conf/master";
}; };
}; };
@ -60,11 +49,6 @@
self.nixosModules.hardware-x13s self.nixosModules.hardware-x13s
./configuration.nix ./configuration.nix
# flake registry
{
nix.registry.nixpkgs.flake = nixpkgs;
}
] ]
++ extraModules; ++ extraModules;
} }
@ -85,247 +69,5 @@
]; ];
}; };
}; };
nixosModules.hardware-x13s = { pkgs, config, lib, options, ... }:
let
# TODO: introduce options for these
kernelPdMapper = true;
cfg = config.hardware.thinkpad-x13s;
in
{
options.hardware.thinkpad-x13s = {
# TODO: respect this
enable = lib.mkEnableOption "x13s hardware support";
bluetoothMac = lib.mkOption {
type = lib.types.str;
description = "mac address to set on boot";
};
bluetoothMacAddr = lib.mkOption {
default = "00:00:00:00:00";
type = lib.types.str;
};
};
config =
let
inherit (config.boot.loader) efi;
kp = [
{
name = "x13s-cfg";
patch = null;
extraStructuredConfig = with lib.kernel; {
EFI_ARMSTUB_DTB_LOADER = lib.mkForce yes;
OF_OVERLAY = lib.mkForce yes;
BTRFS_FS = lib.mkForce yes;
BTRFS_FS_POSIX_ACL = lib.mkForce yes;
MEDIA_CONTROLLER = lib.mkForce yes;
SND_USB_AUDIO_USE_MEDIA_CONTROLLER = lib.mkForce yes;
SND_USB = lib.mkForce yes;
SND_USB_AUDIO = lib.mkForce module;
USB_XHCI_PCI = lib.mkForce module;
NO_HZ_FULL = lib.mkForce yes;
HZ_100 = lib.mkForce yes;
HZ_250 = lib.mkForce no;
DRM_AMDGPU = lib.mkForce no;
DRM_NOUVEAU = lib.mkForce no;
QCOM_TSENS = lib.mkForce yes;
NVMEM_QCOM_QFPROM = lib.mkForce yes;
ARM_QCOM_CPUFREQ_NVMEM = lib.mkForce yes;
VIRTIO_PCI = lib.mkForce module;
# forthcoming kernel work: QCOM_PD_MAPPER = lib.mkForce module;
};
}
];
qrtr = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/qrtr.nix" { };
pd-mapper = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/pd-mapper.nix" {
inherit qrtr;
};
# We can't quite move to mainline linux
linux_x13s_pkg = { buildLinux, ... } @ args:
buildLinux (args // rec {
version = "6.7.0";
modDirVersion = lib.versions.pad 3 version;
extraMeta.branch = lib.versions.majorMinor version;
src = self.inputs.linux_x13s;
kernelPatches = (args.kernelPatches or [ ]) ++ kp;
} // (args.argsOverride or { }));
# we add additional configuration on top of te normal configuration above
# using the extraStructuredConfig option on the kernel patch
linux_x13s = pkgs.callPackage linux_x13s_pkg {
defconfig = "johan_defconfig";
};
linuxPackages_x13s = pkgs.linuxPackagesFor linux_x13s;
dtbName = "sc8280xp-lenovo-thinkpad-x13s.dtb";
dtb = "${linuxPackages_x13s.kernel}/dtbs/qcom/${dtbName}";
x13s_alsa-ucm-conf = pkgs.alsa-ucm-conf.overrideAttrs (prev: {
src = self.inputs.alsa-ucm-conf;
});
alsa-ucm-conf-env.ALSA_CONFIG_UCM2 = "${x13s_alsa-ucm-conf}/share/alsa/ucm2";
in
{
nixpkgs.overlays = [
(final: prev:
{
x13s_extra-firmware = pkgs.callPackage
"${self.inputs.adamcstephens_stop-export}/hardware/x13s/extra-firmware.nix"
{ };
inherit qrtr pd-mapper;
}
)
];
# ensure the x13s' dtb file is in the boot partition
# TODO:: is this needed for the VT display somehow?
system.activationScripts.x13s-dtb = ''
in_package="${dtb}"
esp_tool_folder="${efi.efiSysMountPoint}/"
in_esp="''${esp_tool_folder}${dtbName}"
>&2 echo "Ensuring $in_esp in EFI System Partition"
if ! ${pkgs.diffutils}/bin/cmp --silent "$in_package" "$in_esp"; then
>&2 echo "Copying $in_package -> $in_esp"
mkdir -p "$esp_tool_folder"
cp "$in_package" "$in_esp"
sync
fi
'';
boot = {
loader.systemd-boot.enable = true;
loader.systemd-boot.extraFiles = {
"${dtbName}" = dtb;
};
loader.efi.canTouchEfiVariables = false;
loader.efi.efiSysMountPoint = "/boot";
blacklistedKernelModules = [ "wwan" ];
kernelPackages = linuxPackages_x13s;
kernelParams = [
"dtb=${dtbName}"
"boot.shell_on_fail"
# jhovold recommended
"efi=noruntime"
"clk_ignore_unused"
"pd_ignore_unused"
"arm64.nopauth"
# blacklist graphics in initrd so the firmware can load from disk
"rd.driver.blacklist=msm"
];
initrd = {
includeDefaultModules = false;
# kernelModules = [
# "nvme"
# "phy_qcom_qmp_pcie"
# "pcie_qcom"
# "i2c_core"
# "i2c_hid"
# "i2c_hid_of"
# "i2c_qcom_geni"
# "leds_qcom_lpg"
# "pwm_bl"
# "qrtr"
# "pmic_glink_altmode"
# "gpio_sbu_mux"
# "phy_qcom_qmp_combo"
# "gpucc_sc8280xp"
# "dispcc_sc8280xp"
# "phy_qcom_edp"
# "panel_edp"
# # "msm"
# ];
availableKernelModules = [
"i2c_hid"
"i2c_hid_of"
"i2c_qcom_geni"
"leds_qcom_lpg"
"pwm_bl"
"qrtr"
"pmic_glink_altmode"
"gpio_sbu_mux"
"phy_qcom_qmp_combo"
"panel_edp"
# "msm"
"phy_qcom_edp"
"i2c_core"
"i2c_hid"
"i2c_hid_of"
"i2c_qcom_geni"
"pcie_qcom"
"phy_qcom_qmp_combo"
"phy_qcom_qmp_pcie"
"phy_qcom_qmp_usb"
"phy_qcom_snps_femto_v2"
"phy_qcom_usb_hs"
"nvme"
"usbcore"
"xhci_hcd"
"usbhid"
"usb_storage"
"uas"
];
};
};
# default is performance
powerManagement.cpuFreqGovernor = "ondemand";
hardware.enableAllFirmware = true;
hardware.firmware = [
# pkgs.linux-firmware
pkgs.x13s_extra-firmware
];
systemd.services.pd-mapper = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${lib.getExe pd-mapper}";
Restart = "always";
};
};
environment.sessionVariables = alsa-ucm-conf-env;
systemd.user.services.pipewire.environment = alsa-ucm-conf-env;
systemd.user.services.wireplumber.environment = alsa-ucm-conf-env;
systemd.services.bluetooth = {
serviceConfig = {
# disabled because btmgmt call hangs
ExecStartPre = [
""
"${pkgs.util-linux}/bin/rfkill block bluetooth"
"${pkgs.bluez5-experimental}/bin/btmgmt public-addr ${cfg.bluetoothMac}"
"${pkgs.util-linux}/bin/rfkill unblock bluetooth"
];
RestartSec = 5;
Restart = "on-failure";
};
};
};
};
}; };
} }

1
nix/os/devices/steveej-x13s/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
result

107
nix/os/devices/steveej-x13s/configuration.nix Normal file
View file

@ -0,0 +1,107 @@
{ repoFlake
, nodeFlake
, pkgs
, lib
, config
, nodeName
, localDomainName
, system
, ...
}:
{
imports = [
# repoFlake.inputs.sops-nix.nixosModules.sops
nodeFlake.inputs.disko.nixosModules.disko
./disko.nix
repoFlake.nixosModules.thinkpad-x13s
../../profiles/common/pkg.nix
{
# nixpkgs.config.allowUnsupportedSystem = true;
# flake registry
nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs;
nix.nixPath = [
"nixpkgs=${pkgs.path}"
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings.max-jobs = lib.mkDefault "auto";
}
# ../../profiles/common/user.nix
{
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "yes";
services.openssh.openFirewall = true;
# sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
# sops.defaultSopsFormat = "yaml";
# users.commonUsers = {
# enable = true;
# enableNonRoot = true;
# };
users.users.root.initialPassword = "install";
}
nodeFlake.inputs.home-manager.nixosModules.home-manager
# ../../snippets/sway-desktop.nix
# ../../snippets/radicale.nix
];
hardware.thinkpad-x13s = {
enable = true;
# TODO: use hardware address
bluetoothMac = "65:9e:7a:8b:86:28";
};
networking = {
hostName = nodeName;
firewall.enable = true;
# useNetworkd = true;
};
system.stateVersion = "23.11";
nixpkgs.config.allowUnfree = true;
environment.systemPackages = [
pkgs.sshfs
pkgs.util-linux
pkgs.coreutils
pkgs.vim
pkgs.git
pkgs.git-crypt
];
# home-manager.users.steveej = _: {
# home.stateVersion = "23.11";
# imports = [
# ../../../home-manager/configuration/graphical-fullblown.nix
# ];
# home.sessionVariables = { };
# home.packages = with pkgs; [
# ];
# };
}

40
nix/os/devices/steveej-x13s/default.nix Normal file
View file

@ -0,0 +1,40 @@
{ system ? "aarch64-linux"
, nodeName
, repoFlake
, repoFlakeWithSystem
, nodeFlake
, localDomainName ? "internal"
, ...
}: {
meta.nodeSpecialArgs.${nodeName} = {
inherit repoFlake nodeName nodeFlake system;
packages' = repoFlake.packages.${system};
nodePackages' = nodeFlake.packages.${system};
repoFlakeInputs' = repoFlakeWithSystem system ({ inputs', ... }: inputs');
inherit localDomainName;
};
meta.nodeNixpkgs.${nodeName} =
import nodeFlake.inputs.nixpkgs.outPath
{
inherit system;
};
${nodeName} = {
deployment.targetHost = "${nodeName}.${localDomainName}";
deployment.replaceUnknownProfiles = true;
deployment.allowLocalDeployment = true;
# nixpkgs.pkgs = nodeFlake.inputs.nixpkgs.legacyPackages.${system};
imports = [
(repoFlake + "/nix/os/devices/${nodeName}/configuration.nix")
nodeFlake.inputs.home-manager.nixosModules.home-manager
];
networking.hostName = nodeName;
};
}

66
nix/os/devices/steveej-x13s/disko.nix Normal file
View file

@ -0,0 +1,66 @@
{
disko.devices = {
disk = {
x13s-nvme = {
type = "disk";
device = "/dev/disk/by-id/nvme-KBG5AZNT1T02_LA_KIOXIA_52QC84BEEJS6";
content = {
type = "gpt";
partitions = {
ESP = {
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "x13s-usb-crypt";
extraOpenArgs = [ ];
# disable settings.keyFile if you want to use interactive password entry
#passwordFile = "/tmp/secret.key"; # Interactive
settings = {
# if you want to use the key for interactive login be sure there is no trailing newline
# for example use `echo -n "password" > /tmp/secret.key`
# keyFile = "/tmp/secret.key";
allowDiscards = true;
};
# additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/home" = {
mountpoint = "/home";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/swap" = {
mountpoint = "/.swapvol";
swap.swapfile.size = "32G";
};
};
};
};
};
};
};
};
};
};
}

207
nix/os/devices/steveej-x13s/flake.lock generated Normal file
View file

@ -0,0 +1,207 @@
{
"nodes": {
"adamcstephens_stop-export": {
"flake": false,
"locked": {
"lastModified": 1705876512,
"narHash": "sha256-nvBqLyi8dMQf3xnROwEcUv4iqV55Mr8S8OGYepu14i4=",
"ref": "refs/heads/main",
"rev": "388684db5b529bbd6f3e948cf175df089eb09766",
"revCount": 14,
"type": "git",
"url": "https://codeberg.org/adamcstephens/stop-export.git"
},
"original": {
"type": "git",
"url": "https://codeberg.org/adamcstephens/stop-export.git"
}
},
"alsa-ucm-conf": {
"flake": false,
"locked": {
"lastModified": 1705501566,
"narHash": "sha256-Nyr7tjH5VBjocvaKaHCiK+zsjThYBtcr936aRWCBBpM=",
"owner": "alsa-project",
"repo": "alsa-ucm-conf",
"rev": "e87dde51d68950537f92af955ad0633437cc419a",
"type": "github"
},
"original": {
"owner": "alsa-project",
"ref": "master",
"repo": "alsa-ucm-conf",
"type": "github"
}
},
"brainwart_x13s-nixos": {
"flake": false,
"locked": {
"lastModified": 1705565623,
"narHash": "sha256-sisr/dFIz8p3/Y7mz+arWxjeiBmUTQkMqkF9j3c2dWE=",
"owner": "BrainWart",
"repo": "x13s-nixos",
"rev": "29002122d86a1009ba70e7a4ca3063e5404c77a2",
"type": "github"
},
"original": {
"owner": "BrainWart",
"ref": "flake",
"repo": "x13s-nixos",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1705890365,
"narHash": "sha256-MObB+fipA/2Ai3uMuNouxcwz0cqvELPpJ+hfnhSaUeA=",
"owner": "nix-community",
"repo": "disko",
"rev": "9fcdf3375e01e2938a49df103af9fd21bd0f89d9",
"type": "github"
},
"original": {
"id": "disko",
"type": "indirect"
}
},
"get-flake": {
"locked": {
"lastModified": 1694475786,
"narHash": "sha256-s5wDmPooMUNIAAsxxCMMh9g68AueGg63DYk2hVZJbc8=",
"owner": "ursi",
"repo": "get-flake",
"rev": "ac54750e3b95dab6ec0726d77f440efe6045bec1",
"type": "github"
},
"original": {
"owner": "ursi",
"repo": "get-flake",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1705659542,
"narHash": "sha256-WA3xVfAk1AYmFdwghT7mt/erYpsU6JPu9mdTEP/e9HQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "10cd9c53115061aa6a0a90aad0b0dde6a999cdb9",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.11",
"repo": "home-manager",
"type": "github"
}
},
"linux_x13s": {
"flake": false,
"locked": {
"lastModified": 1705680516,
"narHash": "sha256-NjCuPYjYHBJcoJR1ZaWQ9sRh0VpY2Y0hawkbUBRfCvk=",
"owner": "jhovold",
"repo": "linux",
"rev": "bac95eabe6577faa2773cbe7e91c34fd17ab79a0",
"type": "github"
},
"original": {
"owner": "jhovold",
"ref": "wip/sc8280xp-v6.7",
"repo": "linux",
"type": "github"
}
},
"mobile-nixos": {
"flake": false,
"locked": {
"lastModified": 1705008488,
"narHash": "sha256-Gj97fDFZaK6gLb3ayZgTTtD+MFE1YjoyYHWkB1TIAe0=",
"owner": "NixOS",
"repo": "mobile-nixos",
"rev": "56e55df7b07b5e5c6d050732d851cec62b41df95",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "mobile-nixos",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1705774713,
"narHash": "sha256-j6ADaDH9XiumUzkTPlFyCBcoWYhO83lfgiSqEJF2zcs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1b64fc1287991a9cce717a01c1973ef86cb1af0b",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-2211": {
"locked": {
"lastModified": 1688392541,
"narHash": "sha256-lHrKvEkCPTUO+7tPfjIcb7Trk6k31rz18vkyqmkeJfY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "ea4c80b39be4c09702b0cb3b42eab59e2ba4f24b",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable-small": {
"locked": {
"lastModified": 1705891108,
"narHash": "sha256-PQ0Df5BzByg+0gPE1goa9WYVXSoEP6gtjblrbYC8WOI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "8cccce637e19577815de54c5ecc3132dff965aee",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"adamcstephens_stop-export": "adamcstephens_stop-export",
"alsa-ucm-conf": "alsa-ucm-conf",
"brainwart_x13s-nixos": "brainwart_x13s-nixos",
"disko": "disko",
"get-flake": "get-flake",
"home-manager": "home-manager",
"linux_x13s": "linux_x13s",
"mobile-nixos": "mobile-nixos",
"nixpkgs": "nixpkgs",
"nixpkgs-2211": "nixpkgs-2211",
"nixpkgs-unstable-small": "nixpkgs-unstable-small"
}
}
},
"root": "root",
"version": 7
}

73
nix/os/devices/steveej-x13s/flake.nix Normal file
View file

@ -0,0 +1,73 @@
{
inputs =
{
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
# requires for home-manager modules
nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11";
get-flake.url = "github:ursi/get-flake";
disko.inputs.nixpkgs.follows = "nixpkgs";
mobile-nixos.url = "github:NixOS/mobile-nixos";
mobile-nixos.flake = false;
home-manager = {
url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
{ self
, get-flake
, nixpkgs
, ...
}:
let
targetPlatform = "aarch64-linux";
buildPlatform = "x86_64-linux";
nodeName = "steveej-x13s";
mkNixosConfiguration = { extraModules ? [ ], ... } @ attrs:
nixpkgs.lib.nixosSystem (
nixpkgs.lib.attrsets.recursiveUpdate
attrs
{
specialArgs = (import ./default.nix {
system = targetPlatform;
inherit nodeName;
repoFlake = get-flake ../../../..;
nodeFlake = self;
}).meta.nodeSpecialArgs.${nodeName};
modules =
[
({ repoFlake, ... }: repoFlake.nixosModules.hardware-x13s)
./configuration.nix
]
++ extraModules;
}
);
in
{
nixosConfigurations = {
native = mkNixosConfiguration {
system = targetPlatform;
};
cross = mkNixosConfiguration {
extraModules = [
{
nixpkgs.buildPlatform.system = buildPlatform;
nixpkgs.hostPlatform.system = targetPlatform;
}
];
};
};
};
}

242
nix/os/modules/hardware.thinkpad-x13s.nix Normal file
View file

@ -0,0 +1,242 @@
{ self, pkgs, config, lib, options, ... }:
let
# TODO: introduce options for these
kernelPdMapper = true;
cfg = config.hardware.thinkpad-x13s;
in
{
options.hardware.thinkpad-x13s = {
# TODO: respect this
enable = lib.mkEnableOption "x13s hardware support";
bluetoothMac = lib.mkOption {
type = lib.types.str;
description = "mac address to set on boot";
};
bluetoothMacAddr = lib.mkOption {
default = "00:00:00:00:00";
type = lib.types.str;
};
};
config =
let
inherit (config.boot.loader) efi;
kp = [
{
name = "x13s-cfg";
patch = null;
extraStructuredConfig = with lib.kernel; {
EFI_ARMSTUB_DTB_LOADER = lib.mkForce yes;
OF_OVERLAY = lib.mkForce yes;
BTRFS_FS = lib.mkForce yes;
BTRFS_FS_POSIX_ACL = lib.mkForce yes;
MEDIA_CONTROLLER = lib.mkForce yes;
SND_USB_AUDIO_USE_MEDIA_CONTROLLER = lib.mkForce yes;
SND_USB = lib.mkForce yes;
SND_USB_AUDIO = lib.mkForce module;
USB_XHCI_PCI = lib.mkForce module;
NO_HZ_FULL = lib.mkForce yes;
HZ_100 = lib.mkForce yes;
HZ_250 = lib.mkForce no;
DRM_AMDGPU = lib.mkForce no;
DRM_NOUVEAU = lib.mkForce no;
QCOM_TSENS = lib.mkForce yes;
NVMEM_QCOM_QFPROM = lib.mkForce yes;
ARM_QCOM_CPUFREQ_NVMEM = lib.mkForce yes;
VIRTIO_PCI = lib.mkForce module;
# forthcoming kernel work: QCOM_PD_MAPPER = lib.mkForce module;
};
}
];
qrtr = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/qrtr.nix" { };
pd-mapper = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/pd-mapper.nix" {
inherit qrtr;
};
# We can't quite move to mainline linux
linux_x13s_pkg = { buildLinux, ... } @ args:
buildLinux (args // rec {
version = "6.7.0";
modDirVersion = lib.versions.pad 3 version;
extraMeta.branch = lib.versions.majorMinor version;
src = self.inputs.linux_x13s;
kernelPatches = (args.kernelPatches or [ ]) ++ kp;
} // (args.argsOverride or { }));
# we add additional configuration on top of te normal configuration above
# using the extraStructuredConfig option on the kernel patch
linux_x13s = pkgs.callPackage linux_x13s_pkg {
defconfig = "johan_defconfig";
};
linuxPackages_x13s = pkgs.linuxPackagesFor linux_x13s;
dtbName = "sc8280xp-lenovo-thinkpad-x13s.dtb";
dtb = "${linuxPackages_x13s.kernel}/dtbs/qcom/${dtbName}";
x13s_alsa-ucm-conf = pkgs.alsa-ucm-conf.overrideAttrs (prev: {
src = self.inputs.alsa-ucm-conf;
});
alsa-ucm-conf-env.ALSA_CONFIG_UCM2 = "${x13s_alsa-ucm-conf}/share/alsa/ucm2";
in
lib.mkIf cfg.enable
{
nixpkgs.overlays = [
(final: prev:
{
x13s_extra-firmware = pkgs.callPackage
"${self.inputs.adamcstephens_stop-export}/hardware/x13s/extra-firmware.nix"
{ };
inherit qrtr pd-mapper;
}
)
];
# ensure the x13s' dtb file is in the boot partition
# TODO:: is this needed for the VT display somehow?
system.activationScripts.x13s-dtb = ''
in_package="${dtb}"
esp_tool_folder="${efi.efiSysMountPoint}/"
in_esp="''${esp_tool_folder}${dtbName}"
>&2 echo "Ensuring $in_esp in EFI System Partition"
if ! ${pkgs.diffutils}/bin/cmp --silent "$in_package" "$in_esp"; then
>&2 echo "Copying $in_package -> $in_esp"
mkdir -p "$esp_tool_folder"
cp "$in_package" "$in_esp"
sync
fi
'';
boot = {
loader.systemd-boot.enable = true;
loader.systemd-boot.extraFiles = {
"${dtbName}" = dtb;
};
loader.efi.canTouchEfiVariables = false;
loader.efi.efiSysMountPoint = "/boot";
blacklistedKernelModules = [ "wwan" ];
kernelPackages = linuxPackages_x13s;
kernelParams = [
"dtb=${dtbName}"
"boot.shell_on_fail"
# jhovold recommended
"efi=noruntime"
"clk_ignore_unused"
"pd_ignore_unused"
"arm64.nopauth"
# blacklist graphics in initrd so the firmware can load from disk
"rd.driver.blacklist=msm"
];
initrd = {
includeDefaultModules = false;
# kernelModules = [
# "nvme"
# "phy_qcom_qmp_pcie"
# "pcie_qcom"
# "i2c_core"
# "i2c_hid"
# "i2c_hid_of"
# "i2c_qcom_geni"
# "leds_qcom_lpg"
# "pwm_bl"
# "qrtr"
# "pmic_glink_altmode"
# "gpio_sbu_mux"
# "phy_qcom_qmp_combo"
# "gpucc_sc8280xp"
# "dispcc_sc8280xp"
# "phy_qcom_edp"
# "panel_edp"
# # "msm"
# ];
availableKernelModules = [
"i2c_hid"
"i2c_hid_of"
"i2c_qcom_geni"
"leds_qcom_lpg"
"pwm_bl"
"qrtr"
"pmic_glink_altmode"
"gpio_sbu_mux"
"phy_qcom_qmp_combo"
"panel_edp"
# "msm"
"phy_qcom_edp"
"i2c_core"
"i2c_hid"
"i2c_hid_of"
"i2c_qcom_geni"
"pcie_qcom"
"phy_qcom_qmp_combo"
"phy_qcom_qmp_pcie"
"phy_qcom_qmp_usb"
"phy_qcom_snps_femto_v2"
"phy_qcom_usb_hs"
"nvme"
"usbcore"
"xhci_hcd"
"usbhid"
"usb_storage"
"uas"
];
};
};
# default is performance
powerManagement.cpuFreqGovernor = "ondemand";
hardware.enableAllFirmware = true;
hardware.firmware = [
# pkgs.linux-firmware
pkgs.x13s_extra-firmware
];
systemd.services.pd-mapper = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${lib.getExe pd-mapper}";
Restart = "always";
};
};
environment.sessionVariables = alsa-ucm-conf-env;
systemd.user.services.pipewire.environment = alsa-ucm-conf-env;
systemd.user.services.wireplumber.environment = alsa-ucm-conf-env;
systemd.services.bluetooth = {
serviceConfig = {
# disabled because btmgmt call hangs
ExecStartPre = [
""
"${pkgs.util-linux}/bin/rfkill block bluetooth"
"${pkgs.bluez5-experimental}/bin/btmgmt public-addr ${cfg.bluetoothMac}"
"${pkgs.util-linux}/bin/rfkill unblock bluetooth"
];
RestartSec = 5;
Restart = "on-failure";
};
};
};
}

2
nix/os/modules/opinionatedDisk.nix
View file

@ -24,7 +24,7 @@ in {
earlyDiskIdOverride = mkOption { earlyDiskIdOverride = mkOption {
default = ""; default = "";
type = types.string; type = types.str;
}; };
}; };

19
nix/os/profiles/common/pkg.nix
View file

@ -1,12 +1,11 @@
{ { config
config, , pkgs
pkgs, , # these come in via nodeSpecialArgs and are expected to be defined for every node
# these come in via nodeSpecialArgs and are expected to be defined for every node repoFlake
repoFlake, , repoFlakeInputs'
repoFlakeInputs', , nodeFlake
nodeFlake, , packages'
packages', , ...
...
}: { }: {
imports = [ imports = [
]; ];
@ -26,8 +25,6 @@
packages' packages'
nodeFlake nodeFlake
; ;
osConfig = config;
}; };
nixpkgs.config = { nixpkgs.config = {

107
nix/os/snippets/radicale.nix
View file

@ -1,101 +1,30 @@
{ config { config
, lib , lib
, pkgs , pkgs
, repoFlake , repoFlakeInputs'
# TODO: make configurable
, homeUser ? "steveej"
, ... , ...
}: }:
let let
radicalePkgs = repoFlake.inputs.radicale-nixpkgs.legacyPackages.${pkgs.system}; # TODO: make configurable
homeUser = "steveej";
libdecsync = pkgs.python3Packages.buildPythonPackage rec {
pname = "libdecsync";
version = "2.2.1";
src = pkgs.python3Packages.fetchPypi {
inherit pname version;
hash = "sha256-Mukjzjumv9VL+A0maU0K/SliWrgeRjAeiEdN5a83G0I=";
};
propagatedBuildInputs = [
# pkgs.libxcrypt-legacy
];
};
radicale-storage-decsync = pkgs.python3Packages.buildPythonPackage rec {
pname = "radicale_storage_decsync";
version = "2.1.0";
src = pkgs.python3Packages.fetchPypi {
inherit pname version;
hash = "sha256-X+0MT5o2PjsKxca5EDI+rYyQDmUtbRoELDr6e4YXKCg=";
};
buildInputs = [
pkgs.radicale
# pkgs.libxcrypt-legacy
# pkgs.libxcrypt
];
nativeCheckInputs = [
# pkgs.libxcrypt-legacy
# pkgs.libxcrypt
];
propagatedBuildInputs = [ libdecsync pkgs.python3Packages.setuptools ];
};
radicale-decsync = pkgs.radicale.overrideAttrs (old: {
propagatedBuildInputs =
old.propagatedBuildInputs
++ [ radicale-storage-decsync ];
});
mkRadicaleService =
{ suffix
, port
,
}:
let
radicale-config = pkgs.writeText "radicale-config-${suffix}" ''
[server]
hosts = localhost:${builtins.toString port}
[auth]
type = htpasswd
htpasswd_filename = ${config.sops.secrets.radicale_htpasswd.path}
htpasswd_encryption = bcrypt
[storage]
type = radicale_storage_decsync
filesystem_folder = ${config.xdg.dataHome}/radicale-${suffix}
decsync_dir = ${config.xdg.dataHome}/decsync-${suffix}
'';
in
{
home-manager.users.${homeUser}.systemd.user.services."radicale-${suffix}" = {
Unit.Description = "Radicale with DecSync (${suffix})";
Service = {
ExecStart = "${radicale-decsync}/bin/radicale -C ${radicale-config}";
Restart = "on-failure";
};
Install.WantedBy = [ "default.target" ];
};
};
in in
{ {
sops.secrets.radicale_htpasswd = { sops.secrets.radicale_htpasswd = {
sopsFile = ../../../../secrets/desktop/radicale_htpasswd; sopsFile = ../../../secrets/desktop/radicale_htpasswd;
format = "binary"; format = "binary";
owner = config.users.users.${homeUser}.name; owner = config.users.users."${homeUser}".name;
}; };
} // (builtins.foldl' (sum: cur: lib.recursiveUpdate sum (mkRadicaleService cur)) { } [
{ home-manager.users.${homeUser} = _: {
suffix = "personal"; imports = [
port = 5232; # TODO: bump these to latest and make it work
} (args:
{ import ../../home-manager/programs/radicale.nix (args // {
suffix = "family"; osConfig = config;
port = 5233; pkgs = repoFlakeInputs'.radicalePkgs.legacyPackages;
} })
]) )
];
};
}

90
nix/os/snippets/sway-desktop.nix Normal file
View file

@ -0,0 +1,90 @@
{ pkgs, lib, ... }:
let
# TODO: make this configurable
homeUser = "steveej";
in
{
services.xserver.serverFlagsSection = ''
Option "BlankTime" "0"
Option "StandbyTime" "0"
Option "SuspendTime" "0"
Option "OffTime" "0"
'';
hardware.opengl.enable = true;
services.gvfs = {
enable = true;
package = lib.mkForce pkgs.gnome3.gvfs;
};
environment.systemPackages = with pkgs; [
# provides a default authentification client for policykit
lxqt.lxqt-policykit
];
# required by swaywm
security.polkit.enable = true;
security.pam.services.swaylock = { };
# test these on https://mozilla.github.io/webrtc-landing/gum_test.html
xdg.portal = {
enable = true;
# FIXME: `true` breaks xdg-open from alacritty:
# $ xdg-open "https://github.com/"
# Error: GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: No such interface “org.freedesktop.portal.OpenURI” on object at path /org/freedesktop/portal/desktop
xdgOpenUsePortal = false;
extraPortals = [
pkgs.xdg-desktop-portal-wlr
pkgs.xdg-desktop-portal-gtk
# repoFlake.inputs.nixpkgs-wayland.packages.${pkgs.system}.xdg-desktop-portal-wlr
# (pkgs.xdg-desktop-portal-gtk.override (_: {
# buildPortalsInGnome = false;
# }))
];
};
# rtkit is optional but recommended
security.rtkit.enable = true;
services.pipewire = {
audio.enable = true;
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
};
networkmanager.enable = false;
security.pam.services.getty.enableGnomeKeyring = true;
services.gnome.gnome-keyring.enable = true;
# autologin steveej on tty1
systemd.services."autovt@tty1".description = "Autologin at the TTY1";
systemd.services."autovt@tty1".after = [ "systemd-logind.service" ]; # without it user session not started and xorg can't be run from this tty
systemd.services."autovt@tty1".wantedBy = [ "multi-user.target" ];
systemd.services."autovt@tty1".serviceConfig =
{
ExecStart = [
"" # override upstream default with an empty ExecStart
"@${pkgs.utillinux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login --autologin steveej --noclear %I $TERM"
];
Restart = "always";
Type = "idle";
};
programs.zsh.loginShellInit = ''
if test $(id --user steveej) = $(id -u) && test $(tty) = "/dev/tty1"; then
exec sway
fi
'';
home-manager.users.${homeUser} = _: {
imports = [
../../home-manager/profiles/sway-desktop.nix
];
};
}

6
secrets/desktop/radicale_htpasswd
View file

@ -1,5 +1,5 @@
{ {
"data": "ENC[AES256_GCM,data:4Oo7a4iL9ry9qFnzd/uwllP8UZ1re+RglnvkEO11XvSqqGhGOCUX0k0kOVD/CYbdLNq7jqVI8h5Fw5grSb6SCDzlknV0bJ70mmBQ9wEhRA82P1M/T50KH6V6XIVR7IlVhjMKkdW6YH0XAyrqaVh3fJUbOk9hJVvrylLvPF4vpc9+aYdzUCvn5jbecpywYY7NRKLI7H7xUmnW,iv:vvyS08x5yXTmlZo1A+Z2zsW9Mj6JrIkNt+CvB7VZJ38=,tag:MrjYVpS+SyYLUAbin85fkw==,type:str]", "data": "ENC[AES256_GCM,data:4Sfp4HqBQ/gsdK1iIwVisHxXHB9ryuTcsxqa4pJMYPBkn0C/Z43TuvZnUpZyACAIL00h7sPMEqQbdvmiHoo2CVizl5hB0wT6QdBwjuSjjuNDwqqJTvistCNBGsTQrb8fdsmTMGEyQmC0yQ6eF3STIT2PP/M1NPZ30zqxQInscv0Mem3n1yT0S3xamwvXkJq+WQvEhJpggsp8,iv:B+KVrsWRHYhvNCkwWhHOF6CFTpF4/tI5wOD05aMf2JI=,tag:srnaV+etedgReXLZ9QBPCw==,type:str]",
"sops": { "sops": {
"kms": null, "kms": null,
"gcp_kms": null, "gcp_kms": null,
@ -11,8 +11,8 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmTVMxdkpjQllIZlRpQjEr\nc0RqNzNnOGplcDR6by9aL0JQY0ZmZjV3OUhrCm1sbHEvQ3hFZVg1YU5wOU5kaGpI\nK25zckJNaXhWd21kUHIyTm8yVW0reWsKLS0tIHVvbDhYZjRSbVRjOWZNaWkwcm1z\neVJyTTRNNTJBeVYxdDFCL1ozQjhQUkUK09k0LVNUugbxtZJB1JEXWmB2Q35mK1MW\nY12rpx4QwFUf1uhZDGmHMU0mrmaZRhkiTXTW+MtbHHtiGCxI8JrgLQ==\n-----END AGE ENCRYPTED FILE-----\n" "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmTVMxdkpjQllIZlRpQjEr\nc0RqNzNnOGplcDR6by9aL0JQY0ZmZjV3OUhrCm1sbHEvQ3hFZVg1YU5wOU5kaGpI\nK25zckJNaXhWd21kUHIyTm8yVW0reWsKLS0tIHVvbDhYZjRSbVRjOWZNaWkwcm1z\neVJyTTRNNTJBeVYxdDFCL1ozQjhQUkUK09k0LVNUugbxtZJB1JEXWmB2Q35mK1MW\nY12rpx4QwFUf1uhZDGmHMU0mrmaZRhkiTXTW+MtbHHtiGCxI8JrgLQ==\n-----END AGE ENCRYPTED FILE-----\n"
} }
], ],
"lastmodified": "2023-07-01T17:49:07Z", "lastmodified": "2024-01-22T17:03:08Z",
"mac": "ENC[AES256_GCM,data:DLKp0oBRgqoC1vm7Gt8IgTXQZBVhFMzRlP2CeWUHCi0PhOFFDCQCbJMJ4GnLeVAMgn1PTQXxDBJsqx1dd99oR3xXOqV6s9RUrg7BNql6G1PRnROnvGavVq+K8Oqyc6K3RDMK95Fwd20Svvyplc7fvvJVYA7XE8oVyPCj7adgIzA=,iv:0T60zdgBXTNEUyzWNH2gRJsH7D/mofiBQKD4XpaTdf4=,tag:9s0g5W0fu7PrKybYNQMfxA==,type:str]", "mac": "ENC[AES256_GCM,data:BS4BPjzA663knjD53QWjjDKmYmT6GcOVJru0XBWDQakVvgZwrPnRSZWSuC+ubtTBiG+EMK8Zx7nY3i8S/T0AkO9FmxBR476m8oopkNvCQIIEOkOK0F5I2gd6W/SDqKBC8Wzb6qWxGYDeZBmnvjpapcyW+VvJvaXhjSJpOgff+LQ=,iv:mwa9p6YJPLDWUcPxgGErZUSd5afCdg3YmY3fL1/f6do=,tag:MQN6KPB0NwVakSps9/sLzw==,type:str]",
"pgp": [ "pgp": [
{ {
"created_at": "2023-07-01T17:45:58Z", "created_at": "2023-07-01T17:45:58Z",