steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

WIP: x13s: install to nvme, refactor into module

Browse source
This commit is contained in:
steveej 2024-01-22 22:50:51 +01:00
parent 40416bd4de
commit a083c05b27
28 changed files with 1361 additions and 737 deletions
Download patch file Download diff file Expand all files Collapse all files

7
.sops.yaml
View file

@ -41,6 +41,13 @@ creation_rules:
- *steveej
age:
- *steveej-t14
- path_regex: ^secrets/desktop/.+$
key_groups:
- pgp:
- *steveej
age:
- *steveej-t14
- *steveej-x13s-rmvbl
- path_regex: ^secrets/servers/.+$
key_groups:
- pgp:

74
flake.lock generated
View file

@ -1,5 +1,38 @@
{
"nodes": {
"adamcstephens_stop-export": {
"flake": false,
"locked": {
"lastModified": 1705876512,
"narHash": "sha256-nvBqLyi8dMQf3xnROwEcUv4iqV55Mr8S8OGYepu14i4=",
"ref": "refs/heads/main",
"rev": "388684db5b529bbd6f3e948cf175df089eb09766",
"revCount": 14,
"type": "git",
"url": "https://codeberg.org/adamcstephens/stop-export.git"
},
"original": {
"type": "git",
"url": "https://codeberg.org/adamcstephens/stop-export.git"
}
},
"alsa-ucm-conf": {
"flake": false,
"locked": {
"lastModified": 1705501566,
"narHash": "sha256-Nyr7tjH5VBjocvaKaHCiK+zsjThYBtcr936aRWCBBpM=",
"owner": "alsa-project",
"repo": "alsa-ucm-conf",
"rev": "e87dde51d68950537f92af955ad0633437cc419a",
"type": "github"
},
"original": {
"owner": "alsa-project",
"ref": "master",
"repo": "alsa-ucm-conf",
"type": "github"
}
},
"aphorme_launcher": {
"flake": false,
"locked": {
@ -17,6 +50,23 @@
"type": "github"
}
},
"brainwart_x13s-nixos": {
"flake": false,
"locked": {
"lastModified": 1705565623,
"narHash": "sha256-sisr/dFIz8p3/Y7mz+arWxjeiBmUTQkMqkF9j3c2dWE=",
"owner": "BrainWart",
"repo": "x13s-nixos",
"rev": "29002122d86a1009ba70e7a4ca3063e5404c77a2",
"type": "github"
},
"original": {
"owner": "BrainWart",
"ref": "flake",
"repo": "x13s-nixos",
"type": "github"
}
},
"colmena": {
"inputs": {
"flake-compat": "flake-compat",
@ -293,6 +343,23 @@
"type": "github"
}
},
"linux_x13s": {
"flake": false,
"locked": {
"lastModified": 1705680516,
"narHash": "sha256-NjCuPYjYHBJcoJR1ZaWQ9sRh0VpY2Y0hawkbUBRfCvk=",
"owner": "jhovold",
"repo": "linux",
"rev": "bac95eabe6577faa2773cbe7e91c34fd17ab79a0",
"type": "github"
},
"original": {
"owner": "jhovold",
"ref": "wip/sc8280xp-v6.7",
"repo": "linux",
"type": "github"
}
},
"nix-eval-jobs": {
"inputs": {
"flake-parts": "flake-parts_3",
@ -636,7 +703,10 @@
},
"root": {
"inputs": {
"adamcstephens_stop-export": "adamcstephens_stop-export",
"alsa-ucm-conf": "alsa-ucm-conf",
"aphorme_launcher": "aphorme_launcher",
"brainwart_x13s-nixos": "brainwart_x13s-nixos",
"colmena": "colmena",
"crane": "crane",
"disko": [
@ -647,6 +717,7 @@
"flake-parts": "flake-parts",
"get-flake": "get-flake",
"jay": "jay",
"linux_x13s": "linux_x13s",
"nixos-anywhere": "nixos-anywhere",
"nixpkgs": [
"nixpkgs-2311"
@ -659,6 +730,9 @@
"nixpkgs-wayland": "nixpkgs-wayland",
"ofi-pass": "ofi-pass",
"prs": "prs",
"radicalePkgs": [
"nixpkgs-2211"
],
"salut": "salut",
"sops-nix": "sops-nix",
"srvos": "srvos",

39
flake.nix
View file

@ -3,6 +3,7 @@
inputs = {
# flake and infra basics
nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11";
radicalePkgs.follows = "nixpkgs-2211";
nixpkgs-2305.url = "github:nixos/nixpkgs/nixos-23.05";
nixpkgs-2311.url = "github:nixos/nixpkgs/nixos-23.05";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
@ -13,7 +14,7 @@
srvos.url = "github:numtide/srvos";
srvos.inputs.nixpkgs.follows = "nixpkgs";
nixos-anywhere.url = github:numtide/nixos-anywhere/main;
nixos-anywhere.url = "github:numtide/nixos-anywhere/main";
nixos-anywhere.inputs.nixpkgs.follows = "nixpkgs";
disko.follows = "nixos-anywhere/disko";
@ -68,6 +69,31 @@
url = "gitlab:timvisee/prs/master";
flake = false;
};
### inputs for thinkpad x13s
# see https://github.com/jhovold/linux/wiki/X13s for status updates
linux_x13s.url = "github:jhovold/linux/wip/sc8280xp-v6.7";
linux_x13s.flake = false;
brainwart_x13s-nixos = {
url = "github:BrainWart/x13s-nixos/flake";
flake = false;
};
adamcstephens_stop-export = {
flake = false;
url = "git+https://codeberg.org/adamcstephens/stop-export.git";
};
alsa-ucm-conf = {
flake = false;
url = "github:alsa-project/alsa-ucm-conf/master";
};
###
};
outputs =
@ -104,6 +130,7 @@
nodeFlake = self.inputs.get-flake ./nix/os/devices/${nodeName};
}) [
"steveej-t14"
"steveej-x13s"
# "elias-e525"
# "justyna-p300"
@ -122,7 +149,7 @@
// (
let
router0-dmz0 = (inputs.get-flake ./nix/os/devices/router0-dmz0).nixosConfigurations;
steveej-x13s-rmvbl = (inputs.get-flake ./nix/os/devices/steveej-x13s-rmvbl).nixosConfigurations;
steveej-x13s = (inputs.get-flake ./nix/os/devices/steveej-x13s).nixosConfigurations;
retro = (inputs.get-flake ./nix/os/devices/retro).nixosConfigurations;
in
{
@ -135,8 +162,7 @@
# nixos-install --flake .\#retro_cross
retro_cross = retro.cross;
steveej-x13s-rmvbl = steveej-x13s-rmvbl.native;
steveej-x13s-rmvbl_cross = steveej-x13s-rmvbl.cross;
steveej-x13s_cross = steveej-x13s.cross;
}
);
@ -272,6 +298,11 @@
inherit inputs' pkgs;
packages' = packages;
};
};
flake.nixosModules = {
thinkpad-x13s = { pkgs, config, lib, options, ... } @ args: (import ./nix/os/modules/hardware.thinkpad-x13s.nix (args // { inherit self; }));
};
});
}

224
nix/home-manager/configuration/graphical-fullblown.nix
View file

@ -1,26 +1,23 @@
{ pkgs
, lib
, config
, # these come in via home-manager.extraSpecialArgs and are specific to each node
nodeFlake
, packages'
, # repoFlake,
# repoFlakeInputs',
...
, ...
}:
let
# pkgsMaster = nodeFlake.inputs.nixpkgs-master.legacyPackages.${pkgs.system};
pkgsUnstableSmall = import nodeFlake.inputs.nixpkgs-unstable-small { inherit (pkgs) system config; };
pkgs2211 = nodeFlake.inputs.nixpkgs-2211.legacyPackages.${pkgs.system};
in
{
imports = [
../profiles/common.nix
../profiles/dotfiles.nix
# ../profiles/dotfiles.nix
# FIXME: fix homeshick when no WAN connection is available
# ../programs/homeshick.nix
# ../profiles/gnome-desktop.nix
../profiles/sway-desktop.nix
# ../profiles/experimental-desktop.nix
../programs/redshift.nix
@ -28,7 +25,7 @@ in
../programs/gpg-agent.nix
../programs/pass.nix
../programs/espanso.nix
# ../programs/espanso.nix
../programs/firefox.nix
../programs/chromium.nix
@ -36,10 +33,6 @@ in
../programs/libreoffice.nix
../programs/neovim.nix
../programs/vscode
# TODO: bump these to 23.05 and make it work
(args: import ../programs/radicale.nix (args // { pkgs = pkgs2211; }))
# (args: import ../programs/espanso.nix (args // {pkgs = pkgs2211;}))
];
home.sessionVariables.HM_CONFIG = "graphical-fullblown";
@ -55,21 +48,19 @@ in
[ ]
++ (with pkgs; [
# Authentication
cacert
fprintd
openssl
mkpasswd
# cacert
# fprintd
# openssl
# mkpasswd
# Nix package related tools
patchelf
nix-index
# nix-index
nix-prefetch-scripts
# nix-prefetch-github
nix-tree
# Version Control Systems
gitFull
pijul
# gitless
gitRepo
git-lfs
@ -118,7 +109,9 @@ in
# FIXME: depends on insecure openssl 1.1.1t
# kotatogram-desktop
tdesktop
pkgsUnstableSmall.signal-desktop
#(let
# version = "6.20.0-beta.1";
#in
@ -138,7 +131,6 @@ in
# '';
# }))
pkgsUnstableSmall.session-desktop
# --add-flags "--enable-features=UseOzonePlatform"
# --add-flags "--ozone-platform=wayland"
# (pkgsUnstableSmall.session-desktop.overrideAttrs (old: {
@ -175,61 +167,51 @@ in
# }))
thunderbird
# gnome.cheese
discord
# Virtualization
# virtmanager
# Remote Control Tools
remmina
freerdp
teamviewer
pkgsUnstableSmall.rustdesk
# freerdp
# Audio/Video Players
ffmpeg
vlc
v4l-utils
audacity
spotify
# v4l-utils
# audacity
# spotify
yt-dlp
(writeShellScriptBin "youtube-dl-audio" "${yt-dlp}/bin/yt-dlp --extract-audio --audio-format best --audio-quality 9 \${@:?}")
libwebcam
# Network Tools
openvpn
tcpdump
iftop
iperf
bind
socat
# 2019-03-05: broken on 19.03 linssid
iptraf-ng
ipmitool
iptables
nftables
wireshark
wireguard-tools
nethogs
# Code Editing and Programming
xclip
xsel
pkgsUnstableSmall.lapce
pkgsUnstableSmall.helix
pkgsUnstableSmall.nil
# pkgsUnstableSmall.lapce
# pkgsUnstableSmall.helix
# pkgsUnstableSmall.nil
# Image/Graphic/Design Tools
gnome.eog
gimp
imagemagick
exiv2
graphviz
inkscape
qrencode
zbar
feh
# gimp
# imagemagick
# exiv2
# graphviz
# inkscape
# qrencode
# TODO: remove or move these: Modelling Tools
# plantuml
@ -240,62 +222,47 @@ in
# astah-community
# Misc Development Tools
qrcode
jq
cdrtools
# qrcode
# jq
# cdrtools
# Document Processing and Management
gnome.nautilus
xfce.thunar
pcmanfm
# mendeley
evince
(runCommand "logseq-wrapper"
{
nativeBuildInputs = [ makeWrapper ];
} ''
makeWrapper ${logseq}/bin/logseq $out/bin/logseq \
--set NIXOS_OZONE_WL ""
'')
# (logseq.override({ electron_25 = electron_26; }))
# File Synchronzation
maestral
maestral-gui
rsync
# Filesystem Tools
ntfs3g
ddrescue
ncdu
unetbootin
hdparm
testdisk
# ntfs3g
# ddrescue
# ncdu
# hdparm
# binwalk
gptfdisk
gparted
smartmontools
# gptfdisk
# gparted
# smartmontools
## Android
androidenv.androidPkgs_9_0.platform-tools
## Python
packages'.myPython
# packages'.myPython
# Misc Desktop Tools
ltunify
# ltunify
# dex
xorg.xbacklight
coreutils
lsof
xdotool
xdg_utils
xdg-user-dirs
dconf
picocom
glib.dev # contains gdbus tool
alacritty
wally-cli
# wally-cli
man-pages
# Screen recording
@ -311,64 +278,77 @@ in
# introduces python: screenkey
# avidemux # broken
handbrake
# handbrake
pkgsUnstableSmall.ledger-live-desktop
(banana-accounting.overrideDerivation (attrs:
with inputs'.nixpkgs-2211.legacyPackages; {
# dontWrapGApps = true;
srcs = builtins.fetchurl {
# hosted via https://web3.storage
url = "https://bafybeiabi4m2i4izummipbl5wzhwxjyjt2rylgsrahhkh7i63piwd37n4u.ipfs.w3s.link/mfpcksczayaqqx8fdacp0627zm36c001-bananaplus.tgz";
sha256 = "09666iqzqdw2526pf6bg5kd0hfw0wblw8ag636ki72dsiw6bmbf1";
};
# nativeBuildInputs =
# attrs.nativeBuildInputs
# ++ [
# qt5.qtbase
# qt5.wrapQtAppsHook
# ];
# buildInputs =
# attrs.buildInputs
# ++ [
# qt5.qtwayland
# ];
# preFixup =
# (attrs.preFixup or "")
# + ''
# qtWrapperArgs+=("''${gappsWrapperArgs[@]}")
# '';
}))
snes9x
snes9x-gtk
# snes9x
# snes9x-gtk
# this is a displaymanager!
# libretro.snes9x2010
# retroarchFull
]);
])
++ (lib.lists.optionals (!pkgs.stdenv.targetPlatform.isAarch64) [
(pkgs.banana-accounting.overrideDerivation
(attrs:
with nodeFlake.inputs'.nixpkgs-2211.legacyPackages; {
# dontWrapGApps = true;
srcs = builtins.fetchurl {
# hosted via https://web3.storage
url = "https://bafybeiabi4m2i4izummipbl5wzhwxjyjt2rylgsrahhkh7i63piwd37n4u.ipfs.w3s.link/mfpcksczayaqqx8fdacp0627zm36c001-bananaplus.tgz";
sha256 = "09666iqzqdw2526pf6bg5kd0hfw0wblw8ag636ki72dsiw6bmbf1";
};
# nativeBuildInputs =
# attrs.nativeBuildInputs
# ++ [
# qt5.qtbase
# qt5.wrapQtAppsHook
# ];
# buildInputs =
# attrs.buildInputs
# ++ [
# qt5.qtwayland
# ];
# preFixup =
# (attrs.preFixup or "")
# + ''
# qtWrapperArgs+=("''${gappsWrapperArgs[@]}")
# '';
})
)
pkgsUnstableSmall.ledger-live-desktop
(pkgs.runCommand "logseq-wrapper"
{
nativeBuildInputs = [ pkgs.makeWrapper ];
} ''
makeWrapper ${pkgs.logseq}/bin/logseq $out/bin/logseq \
--set NIXOS_OZONE_WL ""
'')
# (logseq.override({ electron_25 = electron_26; }))
# unsupported on aarch64-linux
pkgs.androidenv.androidPkgs_9_0.platform-tools
pkgs.teamviewer
pkgs.discord
pkgsUnstableSmall.session-desktop
pkgsUnstableSmall.rustdesk
])
;
systemd.user.startServices = true;
services.syncthing.enable = true;
services.udiskie = {
enable = true;
automount = true;
automount = false;
notify = true;
};
# FIXME: doesn't work as the service can't seem to control its started PID
services.dropbox = {
enable = false;
path = "${config.home.homeDirectory}/Dropbox-Hm";
};
# TODO: uncomment this when it's in stable home-manger
# programs.joshuto = {
# enable = true;

14
nix/home-manager/profiles/common.nix
View file

@ -1,4 +1,4 @@
{pkgs, ...}: {
{ pkgs, ... }: {
# TODO: re-enable this with the appropriate version?
# programs.home-manager.enable = true;
# programs.home-manager.path = https://github.com/rycee/home-manager/archive/445c0b1482c38172a9f8294ee16a7ca7462388e5.tar.gz;
@ -11,10 +11,16 @@
allowBroken = false;
allowUnfree = true;
permittedInsecurePackages = [];
permittedInsecurePackages = [ ];
};
nix.settings.experimental-features = ["nix-command" "flakes" "impure-derivations" "ca-derivations" "recursive-nix"];
nix.settings.experimental-features = [
"nix-command"
"flakes"
"impure-derivations"
"ca-derivations"
"recursive-nix"
];
nix.settings.sandbox = "relaxed";
home.keyboard = {
@ -40,7 +46,7 @@
programs.fzf.enable = true;
home.packages =
[]
[ ]
++ (with pkgs; [
htop
vcsh

10
nix/home-manager/profiles/wayland-desktop.nix
View file

@ -8,10 +8,7 @@
let
inherit (import ../lib.nix { }) mkSimpleTrayService;
nixpkgs-2211 = nodeFlake.inputs.nixpkgs-2211.legacyPackages.${pkgs.system};
nixpkgs-unstable-small = nodeFlake.inputs.nixpkgs-unstable-small.legacyPackages.${pkgs.system};
nixpkgs-wayland' = repoFlake.inputs.nixpkgs-wayland.packages.${pkgs.system};
wayprompt = nixpkgs-wayland'.wayprompt;
in
{
@ -43,7 +40,6 @@ in
wl-clipboard
wmctrl
wayprompt
nixpkgs-wayland'.shotman
# identifies key input syms
@ -63,7 +59,11 @@ in
# probably required by flameshot
# xdg-desktop-portal xdg-desktop-portal-wlr
# grim
];
] ++ (lib.lists.optionals (!pkgs.stdenv.isAarch64)
# TODO: broken on aarch64
[
]
);
home.sessionVariables = {
XDG_SESSION_TYPE = "wayland";

37
nix/home-manager/programs/chromium.nix
View file

@ -1,15 +1,16 @@
{
name,
lib,
...
}: let
{ name
, lib
, pkgs
, ...
}:
let
extensions =
[
#undetectable adblocker
{id = "gcfcpohokifjldeandkfjoboemihipmb";}
{ id = "gcfcpohokifjldeandkfjoboemihipmb"; }
# ublock origin
{id = "cjpalhdlnbpafiamejdnhcphjbkeiagm";}
{ id = "cjpalhdlnbpafiamejdnhcphjbkeiagm"; }
# # YT ad block
# {id = "cmedhionkhpnakcndndgjdbohmhepckk";}
@ -18,15 +19,15 @@
# {id = "cfhdojbkjhnklbpkdaibdccddilifddb";}
# Cookie Notice Blocker
{id = "odhmfmnoejhihkmfebnolljiibpnednn";}
{ id = "odhmfmnoejhihkmfebnolljiibpnednn"; }
# i don't care about cookies
{id = "fihnjjcciajhdojfnbdddfaoknhalnja";}
{ id = "fihnjjcciajhdojfnbdddfaoknhalnja"; }
# NopeCHA
{id = "dknlfmjaanfblgfdfebhijalfmhmjjjo";}
{ id = "dknlfmjaanfblgfdfebhijalfmhmjjjo"; }
# h264ify
{id = "aleakchihdccplidncghkekgioiakgal";}
{ id = "aleakchihdccplidncghkekgioiakgal"; }
# clippy
# {id = "honbeilkanbghjimjoniipnnehlmhggk"}
@ -37,25 +38,27 @@
}
# cookie autodelete
{id = "fhcgjolkccmbidfldomjliifgaodjagh";}
{ id = "fhcgjolkccmbidfldomjliifgaodjagh"; }
# unhook
{ id = "khncfooichmfjbepaaaebmommgaepoid";}
{ id = "khncfooichmfjbepaaaebmommgaepoid"; }
]
++ (lib.lists.optionals ((builtins.match "^steveej.*" name) != null) [
# Vimium C
{id = "hfjbmagddngcpeloejdejnfgbamkjaeg";}
{ id = "hfjbmagddngcpeloejdejnfgbamkjaeg"; }
]);
in {
in
{
programs.chromium = {
enable = true;
inherit extensions;
};
programs.brave = {
enable = true;
# TODO: enable this on aarch64-linux
enable = true && !pkgs.stdenv.targetPlatform.isAarch64;
inherit extensions;
};
programs.browserpass = {browsers = ["chromium" "brave"];};
programs.browserpass = { browsers = [ "chromium" "brave" ]; };
}

89
nix/home-manager/programs/radicale.nix
View file

@ -1,10 +1,10 @@
{
config,
lib,
pkgs,
osConfig,
...
}: let
{ config
, lib
, pkgs
, osConfig
, ...
}:
let
libdecsync = pkgs.python3Packages.buildPythonPackage rec {
pname = "libdecsync";
version = "2.2.1";
@ -38,50 +38,53 @@
# pkgs.libxcrypt
];
propagatedBuildInputs = [libdecsync pkgs.python3Packages.setuptools];
propagatedBuildInputs = [ libdecsync pkgs.python3Packages.setuptools ];
};
radicale-decsync = pkgs.radicale.overrideAttrs (old: {
propagatedBuildInputs =
old.propagatedBuildInputs
++ [radicale-storage-decsync];
++ [ radicale-storage-decsync ];
});
mkRadicaleService = {
suffix,
port,
}: let
radicale-config = pkgs.writeText "radicale-config-${suffix}" ''
[server]
hosts = localhost:${builtins.toString port}
mkRadicaleService =
{ suffix
, port
,
}:
let
radicale-config = pkgs.writeText "radicale-config-${suffix}" ''
[server]
hosts = localhost:${builtins.toString port}
[auth]
type = htpasswd
htpasswd_filename = ${osConfig.sops.secrets.radicale_htpasswd.path}
htpasswd_encryption = bcrypt
[auth]
type = htpasswd
htpasswd_filename = ${osConfig.sops.secrets.radicale_htpasswd.path}
htpasswd_encryption = bcrypt
[storage]
type = radicale_storage_decsync
filesystem_folder = ${config.xdg.dataHome}/radicale-${suffix}
decsync_dir = ${config.xdg.dataHome}/decsync-${suffix}
'';
in {
systemd.user.services."radicale-${suffix}" = {
Unit.Description = "Radicale with DecSync (${suffix})";
Service = {
ExecStart = "${radicale-decsync}/bin/radicale -C ${radicale-config}";
Restart = "on-failure";
[storage]
type = radicale_storage_decsync
filesystem_folder = ${config.xdg.dataHome}/radicale-${suffix}
decsync_dir = ${config.xdg.dataHome}/decsync-${suffix}
'';
in
{
systemd.user.services."radicale-${suffix}" = {
Unit.Description = "Radicale with DecSync (${suffix})";
Service = {
ExecStart = "${radicale-decsync}/bin/radicale -C ${radicale-config}";
Restart = "on-failure";
};
Install.WantedBy = [ "default.target" ];
};
Install.WantedBy = ["default.target"];
};
};
in
builtins.foldl' (sum: cur: lib.recursiveUpdate sum (mkRadicaleService cur)) {} [
{
suffix = "personal";
port = 5232;
}
{
suffix = "family";
port = 5233;
}
]
builtins.foldl' (sum: cur: lib.recursiveUpdate sum (mkRadicaleService cur)) { } [
{
suffix = "personal";
port = 5232;
}
{
suffix = "family";
port = 5233;
}
]

118
nix/home-manager/programs/zsh.nix
View file

@ -1,29 +1,30 @@
{
config,
lib,
pkgs,
...
}: let
just-plugin = let
plugin_file = pkgs.writeText "_just" ''
#compdef just
#autload
{ config
, lib
, pkgs
, ...
}:
let
just-plugin =
let
plugin_file = pkgs.writeText "_just" ''
#compdef just
#autload
alias justl="\just --list"
alias juste="\just --evaluate"
alias justl="\just --list"
alias juste="\just --evaluate"
local subcmds=()
local subcmds=()
while read -r line ; do
if [[ ! $line == Available* ]] ;
then
subcmds+=(''${line/[[:space:]]*\#/:})
fi
done < <(just --list)
while read -r line ; do
if [[ ! $line == Available* ]] ;
then
subcmds+=(''${line/[[:space:]]*\#/:})
fi
done < <(just --list)
_describe 'command' subcmds
'';
in
_describe 'command' subcmds
'';
in
pkgs.stdenv.mkDerivation {
name = "just-completions";
version = "0.1.0";
@ -35,7 +36,8 @@
chmod --recursive a-w $out
'';
};
in {
in
{
programs.zsh = {
enable = true;
@ -46,47 +48,49 @@ in {
# will be called again by oh-my-zsh
enableCompletion = false;
enableAutosuggestions = true;
initExtra = let
inNixShell = ''$([[ -n "$IN_NIX_SHELL" ]] && printf " 🐚")'';
in ''
PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}%f.%F{red} ($?%))%f %F{blue}%~%f${inNixShell}%F{magenta}$(git_prompt_info)%f$prompt_newline%_%F{%(!.red.green)}$(prompt_char)%f '
RPROMPT=""
initExtra =
let
inNixShell = ''$([[ -n "$IN_NIX_SHELL" ]] && printf " 🐚")'';
in
''
PROMPT='%F{%(!.red.green)}%n%f@%m %(?.%F{green}%f.%F{red} ($?%))%f %F{blue}%~%f${inNixShell}%F{magenta}$(git_prompt_info)%f$prompt_newline%_%F{%(!.red.green)}$(prompt_char)%f '
RPROMPT=""
# Automatic rehash
zstyle ':completion:*' rehash true
# Automatic rehash
zstyle ':completion:*' rehash true
if [ -f $HOME/.shrc.d/sh_aliases ]; then
. $HOME/.shrc.d/sh_aliases
fi
if [ -f $HOME/.shrc.d/sh_aliases ]; then
. $HOME/.shrc.d/sh_aliases
fi
${
if builtins.hasAttr "homeshick" pkgs
then ''
source ${pkgs.homeshick}/homeshick.sh
fpath=(${pkgs.homeshick}/completions $fpath)
''
else ""
}
${
if builtins.hasAttr "homeshick" pkgs
then ''
source ${pkgs.homeshick}/homeshick.sh
fpath=(${pkgs.homeshick}/completions $fpath)
''
else ""
}
# Disable intercepting of ctrl-s and ctrl-q as flow control.
stty stop ''' -ixoff -ixon
# Disable intercepting of ctrl-s and ctrl-q as flow control.
stty stop ''' -ixoff -ixon
# don't cd into directories when executed
unsetopt AUTO_CD
# don't cd into directories when executed
unsetopt AUTO_CD
# print lines without termination
setopt PROMPT_CR
setopt PROMPT_SP
export PROMPT_EOL_MARK=""
# print lines without termination
setopt PROMPT_CR
setopt PROMPT_SP
export PROMPT_EOL_MARK=""
${lib.optionalString config.services.gpg-agent.enable ''
export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/gnupg/S.gpg-agent.ssh"
''}
${lib.optionalString config.services.gpg-agent.enable ''
export SSH_AUTH_SOCK="$XDG_RUNTIME_DIR/gnupg/S.gpg-agent.ssh"
''}
${lib.optionalString config.programs.neovim.enable ''
export EDITOR="nvim"
''}
'';
${lib.optionalString config.programs.neovim.enable ''
export EDITOR="nvim"
''}
'';
plugins = [
{
@ -119,7 +123,7 @@ in {
oh-my-zsh = {
enable = true;
theme = "tjkirch";
plugins = ["git" "sudo"];
plugins = [ "git" "sudo" ];
};
};
}

3
nix/os/devices/steveej-t14/configuration.nix
View file

@ -1,4 +1,4 @@
{...}: {
{ ... }: {
imports = [
../../profiles/common/configuration.nix
../../profiles/graphical/configuration.nix
@ -10,7 +10,6 @@
./pkg.nix
./user.nix
./boot.nix
./secrets.nix
# samba seerver
({ lib, ... }: {

108
nix/os/devices/steveej-t14/pkg.nix
View file

@ -1,9 +1,8 @@
{
pkgs,
lib,
repoFlake,
nodeFlake,
...
{ pkgs
, lib
, repoFlake
, nodeFlake
, ...
}: {
home-manager.users.steveej = _: {
imports = [
@ -16,8 +15,7 @@
})
];
home.sessionVariables = {
};
home.sessionVariables = { };
home.packages = with pkgs; [
];
@ -34,50 +32,33 @@
#
# (regreet:505614): Gtk-WARNING **: 10:31:42.532: Theme parser warning: <data>:6:17-18: Empty declaration
# Failed to create /var/empty/.cache for shader cache (Operation not permitted)---disabling.
services.greetd = let
# exec "${pkgs.greetd.gtkgreet}/bin/gtkgreet -l; swaymsg exit"
swayConfig = pkgs.writeText "greetd-sway-config" ''
# `-l` activates layer-shell mode. Notice that `swaymsg exit` will run after gtkgreet.
exec "dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK; ${pkgs.greetd.regreet}/bin/regreet; swaymsg exit"
bindsym Mod4+shift+e exec swaynag \
-t warning \
-m 'What do you want to do?' \
-b 'Poweroff' 'systemctl poweroff' \
-b 'Reboot' 'systemctl reboot'
'';
in {
enable = false;
settings = {
vt = 1;
default_session = {
command = "${pkgs.sway}/bin/sway --config ${swayConfig}";
services.greetd =
let
# exec "${pkgs.greetd.gtkgreet}/bin/gtkgreet -l; swaymsg exit"
swayConfig = pkgs.writeText "greetd-sway-config" ''
# `-l` activates layer-shell mode. Notice that `swaymsg exit` will run after gtkgreet.
exec "dbus-update-activation-environment --systemd DISPLAY WAYLAND_DISPLAY SWAYSOCK; ${pkgs.greetd.regreet}/bin/regreet; swaymsg exit"
bindsym Mod4+shift+e exec swaynag \
-t warning \
-m 'What do you want to do?' \
-b 'Poweroff' 'systemctl poweroff' \
-b 'Reboot' 'systemctl reboot'
'';
in
{
enable = false;
settings = {
vt = 1;
default_session = {
command = "${pkgs.sway}/bin/sway --config ${swayConfig}";
};
};
};
};
environment.etc."greetd/environments".text = ''
sway
'';
# autologin steveej on tty1
systemd.services."autovt@tty1".description = "Autologin at the TTY1";
systemd.services."autovt@tty1".after = [ "systemd-logind.service" ]; # without it user session not started and xorg can't be run from this tty
systemd.services."autovt@tty1".wantedBy = [ "multi-user.target" ];
systemd.services."autovt@tty1".serviceConfig =
{ ExecStart = [
"" # override upstream default with an empty ExecStart
"@${pkgs.utillinux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login --autologin steveej --noclear %I $TERM"
];
Restart = "always";
Type = "idle";
};
programs.zsh.loginShellInit = ''
if test $(id --user steveej) = $(id -u) && test $(tty) = "/dev/tty1"; then
exec sway
fi
'';
# fonts = let
# prefs.font = rec {
# size = 13;
@ -122,42 +103,5 @@
# # };
# };
security.pam.services.getty.enableGnomeKeyring = true;
services.gnome.gnome-keyring.enable = true;
# rtkit is optional but recommended
security.rtkit.enable = true;
services.pipewire = {
audio.enable = true;
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
};
# required by swaywm
security.polkit.enable = true;
security.pam.services.swaylock = {};
# test these on https://mozilla.github.io/webrtc-landing/gum_test.html
xdg.portal = {
enable = true;
# FIXME: `true` breaks xdg-open from alacritty:
# $ xdg-open "https://github.com/"
# Error: GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: No such interface “org.freedesktop.portal.OpenURI” on object at path /org/freedesktop/portal/desktop
xdgOpenUsePortal = false;
extraPortals = [
pkgs.xdg-desktop-portal-wlr
pkgs.xdg-desktop-portal-gtk
# repoFlake.inputs.nixpkgs-wayland.packages.${pkgs.system}.xdg-desktop-portal-wlr
# (pkgs.xdg-desktop-portal-gtk.override (_: {
# buildPortalsInGnome = false;
# }))
];
};
system.stateVersion = "23.05";
}

13
nix/os/devices/steveej-t14/system.nix
View file

@ -28,6 +28,8 @@ in
{
imports = [
../../snippets/nix-settings-holo-chain.nix
../../snippets/radicale.nix
../../snippets/sway-desktop.nix
];
nix.settings = {
@ -115,21 +117,10 @@ in
services.samba.extraConfig = ''
# client min protocol = NT1
'';
services.gvfs = {
enable = true;
package = lib.mkForce pkgs.gnome3.gvfs;
};
environment.systemPackages = with pkgs; [ lxqt.lxqt-policykit ]; # provides a default authentification client for policykit
security.pki.certificateFiles = [ "${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt" ];
services.xserver.videoDrivers = lib.mkForce [ "amdgpu" ];
services.xserver.serverFlagsSection = ''
Option "BlankTime" "0"
Option "StandbyTime" "0"
Option "SuspendTime" "0"
Option "OffTime" "0"
'';
time.timeZone = lib.mkForce passwords.timeZone.stefan;

35
nix/os/devices/steveej-x13s-rmvbl/configuration.nix
View file

@ -1,8 +1,8 @@
{ repoFlake
, nodeFlake
, pkgs
, lib
, config
, nodeFlake
, nodeName
, localDomainName
, system
@ -16,8 +16,15 @@
./disko.nix
../../profiles/common/user.nix
../../profiles/common/pkg.nix
{
# nixpkgs.config.allowUnsupportedSystem = true;
# flake registry
nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs;
nix.nixPath = [
"nixpkgs=${pkgs.path}"
];
@ -43,6 +50,11 @@
sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
sops.defaultSopsFormat = "yaml";
}
nodeFlake.inputs.home-manager.nixosModules.home-manager
../../snippets/sway-desktop.nix
../../snippets/radicale.nix
];
hardware.thinkpad-x13s = {
@ -57,8 +69,8 @@
firewall.enable = true;
useNetworkd = true;
networkmanager.enable = false;
# useNetworkd = true;
networkmanager.enable = true;
};
system.stateVersion = "23.11";
@ -74,4 +86,21 @@
pkgs.git
pkgs.git-crypt
];
home-manager.users.steveej = _: {
imports = [
../../../home-manager/configuration/graphical-fullblown.nix
(_: {
programs.chromium.extensions = [
# can define host-specific extensions here
];
})
];
home.sessionVariables = { };
home.packages = with pkgs; [
];
};
}

25
nix/os/devices/steveej-x13s-rmvbl/default.nix
View file

@ -1,10 +1,9 @@
{
system ? "aarch64-linux",
nodeName,
repoFlake,
nodeFlake,
localDomainName ? "internal",
...
{ system ? "aarch64-linux"
, nodeName
, repoFlake
, nodeFlake
, localDomainName ? "internal"
, ...
}: {
meta.nodeSpecialArgs.${nodeName} = {
inherit repoFlake nodeName nodeFlake system;
@ -16,18 +15,22 @@
meta.nodeNixpkgs.${nodeName} =
import nodeFlake.inputs.nixpkgs.outPath
{
inherit system;
};
{
inherit system;
};
${nodeName} = {
deployment.targetHost = "${nodeName}.${localDomainName}";
deployment.replaceUnknownProfiles = true;
deployment.allowLocalDeployment = true;
# nixpkgs.pkgs = nodeFlake.inputs.nixpkgs.legacyPackages.${system};
imports = [
./configuration.nix
(repoFlake + "/nix/os/devices/${nodeName}/configuration.nix")
nodeFlake.inputs.home-manager.nixosModules.home-manager
];
networking.hostName = nodeName;

70
nix/os/devices/steveej-x13s-rmvbl/flake.lock generated
View file

@ -57,11 +57,11 @@
]
},
"locked": {
"lastModified": 1705540973,
"narHash": "sha256-kNt/qAEy7ueV7NKbVc8YMHWiQAAgrir02MROYNI8fV0=",
"lastModified": 1705890365,
"narHash": "sha256-MObB+fipA/2Ai3uMuNouxcwz0cqvELPpJ+hfnhSaUeA=",
"owner": "nix-community",
"repo": "disko",
"rev": "0033adc6e3f1ed076f3ed1c637ef1dfe6bef6733",
"rev": "9fcdf3375e01e2938a49df103af9fd21bd0f89d9",
"type": "github"
},
"original": {
@ -84,6 +84,27 @@
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1705659542,
"narHash": "sha256-WA3xVfAk1AYmFdwghT7mt/erYpsU6JPu9mdTEP/e9HQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "10cd9c53115061aa6a0a90aad0b0dde6a999cdb9",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.11",
"repo": "home-manager",
"type": "github"
}
},
"linux_x13s": {
"flake": false,
"locked": {
@ -119,11 +140,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1705641746,
"narHash": "sha256-D6c2aH8HQbWc7ZWSV0BUpFpd94ImFyCP8jFIsKQ4Slg=",
"lastModified": 1705774713,
"narHash": "sha256-j6ADaDH9XiumUzkTPlFyCBcoWYhO83lfgiSqEJF2zcs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d2003f2223cbb8cd95134e4a0541beea215c1073",
"rev": "1b64fc1287991a9cce717a01c1973ef86cb1af0b",
"type": "github"
},
"original": {
@ -133,6 +154,38 @@
"type": "github"
}
},
"nixpkgs-2211": {
"locked": {
"lastModified": 1688392541,
"narHash": "sha256-lHrKvEkCPTUO+7tPfjIcb7Trk6k31rz18vkyqmkeJfY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "ea4c80b39be4c09702b0cb3b42eab59e2ba4f24b",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable-small": {
"locked": {
"lastModified": 1705891108,
"narHash": "sha256-PQ0Df5BzByg+0gPE1goa9WYVXSoEP6gtjblrbYC8WOI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "8cccce637e19577815de54c5ecc3132dff965aee",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"adamcstephens_stop-export": "adamcstephens_stop-export",
@ -140,9 +193,12 @@
"brainwart_x13s-nixos": "brainwart_x13s-nixos",
"disko": "disko",
"get-flake": "get-flake",
"home-manager": "home-manager",
"linux_x13s": "linux_x13s",
"mobile-nixos": "mobile-nixos",
"nixpkgs": "nixpkgs"
"nixpkgs": "nixpkgs",
"nixpkgs-2211": "nixpkgs-2211",
"nixpkgs-unstable-small": "nixpkgs-unstable-small"
}
}
},

272
nix/os/devices/steveej-x13s-rmvbl/flake.nix
View file

@ -3,6 +3,10 @@
{
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
# requires for home-manager modules
nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11";
get-flake.url = "github:ursi/get-flake";
disko.inputs.nixpkgs.follows = "nixpkgs";
@ -10,24 +14,9 @@
mobile-nixos.url = "github:NixOS/mobile-nixos";
mobile-nixos.flake = false;
# see https://github.com/jhovold/linux/wiki/X13s for status updates
linux_x13s.url = "github:jhovold/linux/wip/sc8280xp-v6.7";
linux_x13s.flake = false;
brainwart_x13s-nixos = {
url = "github:BrainWart/x13s-nixos/flake";
flake = false;
};
adamcstephens_stop-export = {
flake = false;
url = "git+https://codeberg.org/adamcstephens/stop-export.git";
};
alsa-ucm-conf = {
flake = false;
url = "github:alsa-project/alsa-ucm-conf/master";
home-manager = {
url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs";
};
};
@ -60,11 +49,6 @@
self.nixosModules.hardware-x13s
./configuration.nix
# flake registry
{
nix.registry.nixpkgs.flake = nixpkgs;
}
]
++ extraModules;
}
@ -85,247 +69,5 @@
];
};
};
nixosModules.hardware-x13s = { pkgs, config, lib, options, ... }:
let
# TODO: introduce options for these
kernelPdMapper = true;
cfg = config.hardware.thinkpad-x13s;
in
{
options.hardware.thinkpad-x13s = {
# TODO: respect this
enable = lib.mkEnableOption "x13s hardware support";
bluetoothMac = lib.mkOption {
type = lib.types.str;
description = "mac address to set on boot";
};
bluetoothMacAddr = lib.mkOption {
default = "00:00:00:00:00";
type = lib.types.str;
};
};
config =
let
inherit (config.boot.loader) efi;
kp = [
{
name = "x13s-cfg";
patch = null;
extraStructuredConfig = with lib.kernel; {
EFI_ARMSTUB_DTB_LOADER = lib.mkForce yes;
OF_OVERLAY = lib.mkForce yes;
BTRFS_FS = lib.mkForce yes;
BTRFS_FS_POSIX_ACL = lib.mkForce yes;
MEDIA_CONTROLLER = lib.mkForce yes;
SND_USB_AUDIO_USE_MEDIA_CONTROLLER = lib.mkForce yes;
SND_USB = lib.mkForce yes;
SND_USB_AUDIO = lib.mkForce module;
USB_XHCI_PCI = lib.mkForce module;
NO_HZ_FULL = lib.mkForce yes;
HZ_100 = lib.mkForce yes;
HZ_250 = lib.mkForce no;
DRM_AMDGPU = lib.mkForce no;
DRM_NOUVEAU = lib.mkForce no;
QCOM_TSENS = lib.mkForce yes;
NVMEM_QCOM_QFPROM = lib.mkForce yes;
ARM_QCOM_CPUFREQ_NVMEM = lib.mkForce yes;
VIRTIO_PCI = lib.mkForce module;
# forthcoming kernel work: QCOM_PD_MAPPER = lib.mkForce module;
};
}
];
qrtr = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/qrtr.nix" { };
pd-mapper = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/pd-mapper.nix" {
inherit qrtr;
};
# We can't quite move to mainline linux
linux_x13s_pkg = { buildLinux, ... } @ args:
buildLinux (args // rec {
version = "6.7.0";
modDirVersion = lib.versions.pad 3 version;
extraMeta.branch = lib.versions.majorMinor version;
src = self.inputs.linux_x13s;
kernelPatches = (args.kernelPatches or [ ]) ++ kp;
} // (args.argsOverride or { }));
# we add additional configuration on top of te normal configuration above
# using the extraStructuredConfig option on the kernel patch
linux_x13s = pkgs.callPackage linux_x13s_pkg {
defconfig = "johan_defconfig";
};
linuxPackages_x13s = pkgs.linuxPackagesFor linux_x13s;
dtbName = "sc8280xp-lenovo-thinkpad-x13s.dtb";
dtb = "${linuxPackages_x13s.kernel}/dtbs/qcom/${dtbName}";
x13s_alsa-ucm-conf = pkgs.alsa-ucm-conf.overrideAttrs (prev: {
src = self.inputs.alsa-ucm-conf;
});
alsa-ucm-conf-env.ALSA_CONFIG_UCM2 = "${x13s_alsa-ucm-conf}/share/alsa/ucm2";
in
{
nixpkgs.overlays = [
(final: prev:
{
x13s_extra-firmware = pkgs.callPackage
"${self.inputs.adamcstephens_stop-export}/hardware/x13s/extra-firmware.nix"
{ };
inherit qrtr pd-mapper;
}
)
];
# ensure the x13s' dtb file is in the boot partition
# TODO:: is this needed for the VT display somehow?
system.activationScripts.x13s-dtb = ''
in_package="${dtb}"
esp_tool_folder="${efi.efiSysMountPoint}/"
in_esp="''${esp_tool_folder}${dtbName}"
>&2 echo "Ensuring $in_esp in EFI System Partition"
if ! ${pkgs.diffutils}/bin/cmp --silent "$in_package" "$in_esp"; then
>&2 echo "Copying $in_package -> $in_esp"
mkdir -p "$esp_tool_folder"
cp "$in_package" "$in_esp"
sync
fi
'';
boot = {
loader.systemd-boot.enable = true;
loader.systemd-boot.extraFiles = {
"${dtbName}" = dtb;
};
loader.efi.canTouchEfiVariables = false;
loader.efi.efiSysMountPoint = "/boot";
blacklistedKernelModules = [ "wwan" ];
kernelPackages = linuxPackages_x13s;
kernelParams = [
"dtb=${dtbName}"
"boot.shell_on_fail"
# jhovold recommended
"efi=noruntime"
"clk_ignore_unused"
"pd_ignore_unused"
"arm64.nopauth"
# blacklist graphics in initrd so the firmware can load from disk
"rd.driver.blacklist=msm"
];
initrd = {
includeDefaultModules = false;
# kernelModules = [
# "nvme"
# "phy_qcom_qmp_pcie"
# "pcie_qcom"
# "i2c_core"
# "i2c_hid"
# "i2c_hid_of"
# "i2c_qcom_geni"
# "leds_qcom_lpg"
# "pwm_bl"
# "qrtr"
# "pmic_glink_altmode"
# "gpio_sbu_mux"
# "phy_qcom_qmp_combo"
# "gpucc_sc8280xp"
# "dispcc_sc8280xp"
# "phy_qcom_edp"
# "panel_edp"
# # "msm"
# ];
availableKernelModules = [
"i2c_hid"
"i2c_hid_of"
"i2c_qcom_geni"
"leds_qcom_lpg"
"pwm_bl"
"qrtr"
"pmic_glink_altmode"
"gpio_sbu_mux"
"phy_qcom_qmp_combo"
"panel_edp"
# "msm"
"phy_qcom_edp"
"i2c_core"
"i2c_hid"
"i2c_hid_of"
"i2c_qcom_geni"
"pcie_qcom"
"phy_qcom_qmp_combo"
"phy_qcom_qmp_pcie"
"phy_qcom_qmp_usb"
"phy_qcom_snps_femto_v2"
"phy_qcom_usb_hs"
"nvme"
"usbcore"
"xhci_hcd"
"usbhid"
"usb_storage"
"uas"
];
};
};
# default is performance
powerManagement.cpuFreqGovernor = "ondemand";
hardware.enableAllFirmware = true;
hardware.firmware = [
# pkgs.linux-firmware
pkgs.x13s_extra-firmware
];
systemd.services.pd-mapper = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${lib.getExe pd-mapper}";
Restart = "always";
};
};
environment.sessionVariables = alsa-ucm-conf-env;
systemd.user.services.pipewire.environment = alsa-ucm-conf-env;
systemd.user.services.wireplumber.environment = alsa-ucm-conf-env;
systemd.services.bluetooth = {
serviceConfig = {
# disabled because btmgmt call hangs
ExecStartPre = [
""
"${pkgs.util-linux}/bin/rfkill block bluetooth"
"${pkgs.bluez5-experimental}/bin/btmgmt public-addr ${cfg.bluetoothMac}"
"${pkgs.util-linux}/bin/rfkill unblock bluetooth"
];
RestartSec = 5;
Restart = "on-failure";
};
};
};
};
};
}

1
nix/os/devices/steveej-x13s/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
result

107
nix/os/devices/steveej-x13s/configuration.nix Normal file
View file

@ -0,0 +1,107 @@
{ repoFlake
, nodeFlake
, pkgs
, lib
, config
, nodeName
, localDomainName
, system
, ...
}:
{
imports = [
# repoFlake.inputs.sops-nix.nixosModules.sops
nodeFlake.inputs.disko.nixosModules.disko
./disko.nix
repoFlake.nixosModules.thinkpad-x13s
../../profiles/common/pkg.nix
{
# nixpkgs.config.allowUnsupportedSystem = true;
# flake registry
nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs;
nix.nixPath = [
"nixpkgs=${pkgs.path}"
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings.max-jobs = lib.mkDefault "auto";
}
# ../../profiles/common/user.nix
{
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "yes";
services.openssh.openFirewall = true;
# sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
# sops.defaultSopsFormat = "yaml";
# users.commonUsers = {
# enable = true;
# enableNonRoot = true;
# };
users.users.root.initialPassword = "install";
}
nodeFlake.inputs.home-manager.nixosModules.home-manager
# ../../snippets/sway-desktop.nix
# ../../snippets/radicale.nix
];
hardware.thinkpad-x13s = {
enable = true;
# TODO: use hardware address
bluetoothMac = "65:9e:7a:8b:86:28";
};
networking = {
hostName = nodeName;
firewall.enable = true;
# useNetworkd = true;
};
system.stateVersion = "23.11";
nixpkgs.config.allowUnfree = true;
environment.systemPackages = [
pkgs.sshfs
pkgs.util-linux
pkgs.coreutils
pkgs.vim
pkgs.git
pkgs.git-crypt
];
# home-manager.users.steveej = _: {
# home.stateVersion = "23.11";
# imports = [
# ../../../home-manager/configuration/graphical-fullblown.nix
# ];
# home.sessionVariables = { };
# home.packages = with pkgs; [
# ];
# };
}

40
nix/os/devices/steveej-x13s/default.nix Normal file
View file

@ -0,0 +1,40 @@
{ system ? "aarch64-linux"
, nodeName
, repoFlake
, repoFlakeWithSystem
, nodeFlake
, localDomainName ? "internal"
, ...
}: {
meta.nodeSpecialArgs.${nodeName} = {
inherit repoFlake nodeName nodeFlake system;
packages' = repoFlake.packages.${system};
nodePackages' = nodeFlake.packages.${system};
repoFlakeInputs' = repoFlakeWithSystem system ({ inputs', ... }: inputs');
inherit localDomainName;
};
meta.nodeNixpkgs.${nodeName} =
import nodeFlake.inputs.nixpkgs.outPath
{
inherit system;
};
${nodeName} = {
deployment.targetHost = "${nodeName}.${localDomainName}";
deployment.replaceUnknownProfiles = true;
deployment.allowLocalDeployment = true;
# nixpkgs.pkgs = nodeFlake.inputs.nixpkgs.legacyPackages.${system};
imports = [
(repoFlake + "/nix/os/devices/${nodeName}/configuration.nix")
nodeFlake.inputs.home-manager.nixosModules.home-manager
];
networking.hostName = nodeName;
};
}

66
nix/os/devices/steveej-x13s/disko.nix Normal file
View file

@ -0,0 +1,66 @@
{
disko.devices = {
disk = {
x13s-nvme = {
type = "disk";
device = "/dev/disk/by-id/nvme-KBG5AZNT1T02_LA_KIOXIA_52QC84BEEJS6";
content = {
type = "gpt";
partitions = {
ESP = {
size = "500M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [
"defaults"
];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "x13s-usb-crypt";
extraOpenArgs = [ ];
# disable settings.keyFile if you want to use interactive password entry
#passwordFile = "/tmp/secret.key"; # Interactive
settings = {
# if you want to use the key for interactive login be sure there is no trailing newline
# for example use `echo -n "password" > /tmp/secret.key`
# keyFile = "/tmp/secret.key";
allowDiscards = true;
};
# additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/home" = {
mountpoint = "/home";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/swap" = {
mountpoint = "/.swapvol";
swap.swapfile.size = "32G";
};
};
};
};
};
};
};
};
};
};
}

207
nix/os/devices/steveej-x13s/flake.lock generated Normal file
View file

@ -0,0 +1,207 @@
{
"nodes": {
"adamcstephens_stop-export": {
"flake": false,
"locked": {
"lastModified": 1705876512,
"narHash": "sha256-nvBqLyi8dMQf3xnROwEcUv4iqV55Mr8S8OGYepu14i4=",
"ref": "refs/heads/main",
"rev": "388684db5b529bbd6f3e948cf175df089eb09766",
"revCount": 14,
"type": "git",
"url": "https://codeberg.org/adamcstephens/stop-export.git"
},
"original": {
"type": "git",
"url": "https://codeberg.org/adamcstephens/stop-export.git"
}
},
"alsa-ucm-conf": {
"flake": false,
"locked": {
"lastModified": 1705501566,
"narHash": "sha256-Nyr7tjH5VBjocvaKaHCiK+zsjThYBtcr936aRWCBBpM=",
"owner": "alsa-project",
"repo": "alsa-ucm-conf",
"rev": "e87dde51d68950537f92af955ad0633437cc419a",
"type": "github"
},
"original": {
"owner": "alsa-project",
"ref": "master",
"repo": "alsa-ucm-conf",
"type": "github"
}
},
"brainwart_x13s-nixos": {
"flake": false,
"locked": {
"lastModified": 1705565623,
"narHash": "sha256-sisr/dFIz8p3/Y7mz+arWxjeiBmUTQkMqkF9j3c2dWE=",
"owner": "BrainWart",
"repo": "x13s-nixos",
"rev": "29002122d86a1009ba70e7a4ca3063e5404c77a2",
"type": "github"
},
"original": {
"owner": "BrainWart",
"ref": "flake",
"repo": "x13s-nixos",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1705890365,
"narHash": "sha256-MObB+fipA/2Ai3uMuNouxcwz0cqvELPpJ+hfnhSaUeA=",
"owner": "nix-community",
"repo": "disko",
"rev": "9fcdf3375e01e2938a49df103af9fd21bd0f89d9",
"type": "github"
},
"original": {
"id": "disko",
"type": "indirect"
}
},
"get-flake": {
"locked": {
"lastModified": 1694475786,
"narHash": "sha256-s5wDmPooMUNIAAsxxCMMh9g68AueGg63DYk2hVZJbc8=",
"owner": "ursi",
"repo": "get-flake",
"rev": "ac54750e3b95dab6ec0726d77f440efe6045bec1",
"type": "github"
},
"original": {
"owner": "ursi",
"repo": "get-flake",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1705659542,
"narHash": "sha256-WA3xVfAk1AYmFdwghT7mt/erYpsU6JPu9mdTEP/e9HQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "10cd9c53115061aa6a0a90aad0b0dde6a999cdb9",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-23.11",
"repo": "home-manager",
"type": "github"
}
},
"linux_x13s": {
"flake": false,
"locked": {
"lastModified": 1705680516,
"narHash": "sha256-NjCuPYjYHBJcoJR1ZaWQ9sRh0VpY2Y0hawkbUBRfCvk=",
"owner": "jhovold",
"repo": "linux",
"rev": "bac95eabe6577faa2773cbe7e91c34fd17ab79a0",
"type": "github"
},
"original": {
"owner": "jhovold",
"ref": "wip/sc8280xp-v6.7",
"repo": "linux",
"type": "github"
}
},
"mobile-nixos": {
"flake": false,
"locked": {
"lastModified": 1705008488,
"narHash": "sha256-Gj97fDFZaK6gLb3ayZgTTtD+MFE1YjoyYHWkB1TIAe0=",
"owner": "NixOS",
"repo": "mobile-nixos",
"rev": "56e55df7b07b5e5c6d050732d851cec62b41df95",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "mobile-nixos",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1705774713,
"narHash": "sha256-j6ADaDH9XiumUzkTPlFyCBcoWYhO83lfgiSqEJF2zcs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "1b64fc1287991a9cce717a01c1973ef86cb1af0b",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-2211": {
"locked": {
"lastModified": 1688392541,
"narHash": "sha256-lHrKvEkCPTUO+7tPfjIcb7Trk6k31rz18vkyqmkeJfY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "ea4c80b39be4c09702b0cb3b42eab59e2ba4f24b",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-22.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable-small": {
"locked": {
"lastModified": 1705891108,
"narHash": "sha256-PQ0Df5BzByg+0gPE1goa9WYVXSoEP6gtjblrbYC8WOI=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "8cccce637e19577815de54c5ecc3132dff965aee",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"adamcstephens_stop-export": "adamcstephens_stop-export",
"alsa-ucm-conf": "alsa-ucm-conf",
"brainwart_x13s-nixos": "brainwart_x13s-nixos",
"disko": "disko",
"get-flake": "get-flake",
"home-manager": "home-manager",
"linux_x13s": "linux_x13s",
"mobile-nixos": "mobile-nixos",
"nixpkgs": "nixpkgs",
"nixpkgs-2211": "nixpkgs-2211",
"nixpkgs-unstable-small": "nixpkgs-unstable-small"
}
}
},
"root": "root",
"version": 7
}

73
nix/os/devices/steveej-x13s/flake.nix Normal file
View file

@ -0,0 +1,73 @@
{
inputs =
{
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
# requires for home-manager modules
nixpkgs-unstable-small.url = "github:nixos/nixpkgs/nixos-unstable-small";
nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11";
get-flake.url = "github:ursi/get-flake";
disko.inputs.nixpkgs.follows = "nixpkgs";
mobile-nixos.url = "github:NixOS/mobile-nixos";
mobile-nixos.flake = false;
home-manager = {
url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs =
{ self
, get-flake
, nixpkgs
, ...
}:
let
targetPlatform = "aarch64-linux";
buildPlatform = "x86_64-linux";
nodeName = "steveej-x13s";
mkNixosConfiguration = { extraModules ? [ ], ... } @ attrs:
nixpkgs.lib.nixosSystem (
nixpkgs.lib.attrsets.recursiveUpdate
attrs
{
specialArgs = (import ./default.nix {
system = targetPlatform;
inherit nodeName;
repoFlake = get-flake ../../../..;
nodeFlake = self;
}).meta.nodeSpecialArgs.${nodeName};
modules =
[
({ repoFlake, ... }: repoFlake.nixosModules.hardware-x13s)
./configuration.nix
]
++ extraModules;
}
);
in
{
nixosConfigurations = {
native = mkNixosConfiguration {
system = targetPlatform;
};
cross = mkNixosConfiguration {
extraModules = [
{
nixpkgs.buildPlatform.system = buildPlatform;
nixpkgs.hostPlatform.system = targetPlatform;
}
];
};
};
};
}

242
nix/os/modules/hardware.thinkpad-x13s.nix Normal file
View file

@ -0,0 +1,242 @@
{ self, pkgs, config, lib, options, ... }:
let
# TODO: introduce options for these
kernelPdMapper = true;
cfg = config.hardware.thinkpad-x13s;
in
{
options.hardware.thinkpad-x13s = {
# TODO: respect this
enable = lib.mkEnableOption "x13s hardware support";
bluetoothMac = lib.mkOption {
type = lib.types.str;
description = "mac address to set on boot";
};
bluetoothMacAddr = lib.mkOption {
default = "00:00:00:00:00";
type = lib.types.str;
};
};
config =
let
inherit (config.boot.loader) efi;
kp = [
{
name = "x13s-cfg";
patch = null;
extraStructuredConfig = with lib.kernel; {
EFI_ARMSTUB_DTB_LOADER = lib.mkForce yes;
OF_OVERLAY = lib.mkForce yes;
BTRFS_FS = lib.mkForce yes;
BTRFS_FS_POSIX_ACL = lib.mkForce yes;
MEDIA_CONTROLLER = lib.mkForce yes;
SND_USB_AUDIO_USE_MEDIA_CONTROLLER = lib.mkForce yes;
SND_USB = lib.mkForce yes;
SND_USB_AUDIO = lib.mkForce module;
USB_XHCI_PCI = lib.mkForce module;
NO_HZ_FULL = lib.mkForce yes;
HZ_100 = lib.mkForce yes;
HZ_250 = lib.mkForce no;
DRM_AMDGPU = lib.mkForce no;
DRM_NOUVEAU = lib.mkForce no;
QCOM_TSENS = lib.mkForce yes;
NVMEM_QCOM_QFPROM = lib.mkForce yes;
ARM_QCOM_CPUFREQ_NVMEM = lib.mkForce yes;
VIRTIO_PCI = lib.mkForce module;
# forthcoming kernel work: QCOM_PD_MAPPER = lib.mkForce module;
};
}
];
qrtr = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/qrtr.nix" { };
pd-mapper = pkgs.callPackage "${self.inputs.adamcstephens_stop-export}/hardware/x13s/qrtr/pd-mapper.nix" {
inherit qrtr;
};
# We can't quite move to mainline linux
linux_x13s_pkg = { buildLinux, ... } @ args:
buildLinux (args // rec {
version = "6.7.0";
modDirVersion = lib.versions.pad 3 version;
extraMeta.branch = lib.versions.majorMinor version;
src = self.inputs.linux_x13s;
kernelPatches = (args.kernelPatches or [ ]) ++ kp;
} // (args.argsOverride or { }));
# we add additional configuration on top of te normal configuration above
# using the extraStructuredConfig option on the kernel patch
linux_x13s = pkgs.callPackage linux_x13s_pkg {
defconfig = "johan_defconfig";
};
linuxPackages_x13s = pkgs.linuxPackagesFor linux_x13s;
dtbName = "sc8280xp-lenovo-thinkpad-x13s.dtb";
dtb = "${linuxPackages_x13s.kernel}/dtbs/qcom/${dtbName}";
x13s_alsa-ucm-conf = pkgs.alsa-ucm-conf.overrideAttrs (prev: {
src = self.inputs.alsa-ucm-conf;
});
alsa-ucm-conf-env.ALSA_CONFIG_UCM2 = "${x13s_alsa-ucm-conf}/share/alsa/ucm2";
in
lib.mkIf cfg.enable
{
nixpkgs.overlays = [
(final: prev:
{
x13s_extra-firmware = pkgs.callPackage
"${self.inputs.adamcstephens_stop-export}/hardware/x13s/extra-firmware.nix"
{ };
inherit qrtr pd-mapper;
}
)
];
# ensure the x13s' dtb file is in the boot partition
# TODO:: is this needed for the VT display somehow?
system.activationScripts.x13s-dtb = ''
in_package="${dtb}"
esp_tool_folder="${efi.efiSysMountPoint}/"
in_esp="''${esp_tool_folder}${dtbName}"
>&2 echo "Ensuring $in_esp in EFI System Partition"
if ! ${pkgs.diffutils}/bin/cmp --silent "$in_package" "$in_esp"; then
>&2 echo "Copying $in_package -> $in_esp"
mkdir -p "$esp_tool_folder"
cp "$in_package" "$in_esp"
sync
fi
'';
boot = {
loader.systemd-boot.enable = true;
loader.systemd-boot.extraFiles = {
"${dtbName}" = dtb;
};
loader.efi.canTouchEfiVariables = false;
loader.efi.efiSysMountPoint = "/boot";
blacklistedKernelModules = [ "wwan" ];
kernelPackages = linuxPackages_x13s;
kernelParams = [
"dtb=${dtbName}"
"boot.shell_on_fail"
# jhovold recommended
"efi=noruntime"
"clk_ignore_unused"
"pd_ignore_unused"
"arm64.nopauth"
# blacklist graphics in initrd so the firmware can load from disk
"rd.driver.blacklist=msm"
];
initrd = {
includeDefaultModules = false;
# kernelModules = [
# "nvme"
# "phy_qcom_qmp_pcie"
# "pcie_qcom"
# "i2c_core"
# "i2c_hid"
# "i2c_hid_of"
# "i2c_qcom_geni"
# "leds_qcom_lpg"
# "pwm_bl"
# "qrtr"
# "pmic_glink_altmode"
# "gpio_sbu_mux"
# "phy_qcom_qmp_combo"
# "gpucc_sc8280xp"
# "dispcc_sc8280xp"
# "phy_qcom_edp"
# "panel_edp"
# # "msm"
# ];
availableKernelModules = [
"i2c_hid"
"i2c_hid_of"
"i2c_qcom_geni"
"leds_qcom_lpg"
"pwm_bl"
"qrtr"
"pmic_glink_altmode"
"gpio_sbu_mux"
"phy_qcom_qmp_combo"
"panel_edp"
# "msm"
"phy_qcom_edp"
"i2c_core"
"i2c_hid"
"i2c_hid_of"
"i2c_qcom_geni"
"pcie_qcom"
"phy_qcom_qmp_combo"
"phy_qcom_qmp_pcie"
"phy_qcom_qmp_usb"
"phy_qcom_snps_femto_v2"
"phy_qcom_usb_hs"
"nvme"
"usbcore"
"xhci_hcd"
"usbhid"
"usb_storage"
"uas"
];
};
};
# default is performance
powerManagement.cpuFreqGovernor = "ondemand";
hardware.enableAllFirmware = true;
hardware.firmware = [
# pkgs.linux-firmware
pkgs.x13s_extra-firmware
];
systemd.services.pd-mapper = {
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${lib.getExe pd-mapper}";
Restart = "always";
};
};
environment.sessionVariables = alsa-ucm-conf-env;
systemd.user.services.pipewire.environment = alsa-ucm-conf-env;
systemd.user.services.wireplumber.environment = alsa-ucm-conf-env;
systemd.services.bluetooth = {
serviceConfig = {
# disabled because btmgmt call hangs
ExecStartPre = [
""
"${pkgs.util-linux}/bin/rfkill block bluetooth"
"${pkgs.bluez5-experimental}/bin/btmgmt public-addr ${cfg.bluetoothMac}"
"${pkgs.util-linux}/bin/rfkill unblock bluetooth"
];
RestartSec = 5;
Restart = "on-failure";
};
};
};
}

2
nix/os/modules/opinionatedDisk.nix
View file

@ -24,7 +24,7 @@ in {
earlyDiskIdOverride = mkOption {
default = "";
type = types.string;
type = types.str;
};
};

19
nix/os/profiles/common/pkg.nix
View file

@ -1,12 +1,11 @@
{
config,
pkgs,
# these come in via nodeSpecialArgs and are expected to be defined for every node
repoFlake,
repoFlakeInputs',
nodeFlake,
packages',
...
{ config
, pkgs
, # these come in via nodeSpecialArgs and are expected to be defined for every node
repoFlake
, repoFlakeInputs'
, nodeFlake
, packages'
, ...
}: {
imports = [
];
@ -26,8 +25,6 @@
packages'
nodeFlake
;
osConfig = config;
};
nixpkgs.config = {

107
nix/os/snippets/radicale.nix
View file

@ -1,101 +1,30 @@
{ config
, lib
, pkgs
, repoFlake
# TODO: make configurable
, homeUser ? "steveej"
, repoFlakeInputs'
, ...
}:
let
radicalePkgs = repoFlake.inputs.radicale-nixpkgs.legacyPackages.${pkgs.system};
libdecsync = pkgs.python3Packages.buildPythonPackage rec {
pname = "libdecsync";
version = "2.2.1";
src = pkgs.python3Packages.fetchPypi {
inherit pname version;
hash = "sha256-Mukjzjumv9VL+A0maU0K/SliWrgeRjAeiEdN5a83G0I=";
};
propagatedBuildInputs = [
# pkgs.libxcrypt-legacy
];
};
radicale-storage-decsync = pkgs.python3Packages.buildPythonPackage rec {
pname = "radicale_storage_decsync";
version = "2.1.0";
src = pkgs.python3Packages.fetchPypi {
inherit pname version;
hash = "sha256-X+0MT5o2PjsKxca5EDI+rYyQDmUtbRoELDr6e4YXKCg=";
};
buildInputs = [
pkgs.radicale
# pkgs.libxcrypt-legacy
# pkgs.libxcrypt
];
nativeCheckInputs = [
# pkgs.libxcrypt-legacy
# pkgs.libxcrypt
];
propagatedBuildInputs = [ libdecsync pkgs.python3Packages.setuptools ];
};
radicale-decsync = pkgs.radicale.overrideAttrs (old: {
propagatedBuildInputs =
old.propagatedBuildInputs
++ [ radicale-storage-decsync ];
});
mkRadicaleService =
{ suffix
, port
,
}:
let
radicale-config = pkgs.writeText "radicale-config-${suffix}" ''
[server]
hosts = localhost:${builtins.toString port}
[auth]
type = htpasswd
htpasswd_filename = ${config.sops.secrets.radicale_htpasswd.path}
htpasswd_encryption = bcrypt
[storage]
type = radicale_storage_decsync
filesystem_folder = ${config.xdg.dataHome}/radicale-${suffix}
decsync_dir = ${config.xdg.dataHome}/decsync-${suffix}
'';
in
{
home-manager.users.${homeUser}.systemd.user.services."radicale-${suffix}" = {
Unit.Description = "Radicale with DecSync (${suffix})";
Service = {
ExecStart = "${radicale-decsync}/bin/radicale -C ${radicale-config}";
Restart = "on-failure";
};
Install.WantedBy = [ "default.target" ];
};
};
# TODO: make configurable
homeUser = "steveej";
in
{
sops.secrets.radicale_htpasswd = {
sopsFile = ../../../../secrets/desktop/radicale_htpasswd;
sopsFile = ../../../secrets/desktop/radicale_htpasswd;
format = "binary";
owner = config.users.users.${homeUser}.name;
owner = config.users.users."${homeUser}".name;
};
} // (builtins.foldl' (sum: cur: lib.recursiveUpdate sum (mkRadicaleService cur)) { } [
{
suffix = "personal";
port = 5232;
}
{
suffix = "family";
port = 5233;
}
])
home-manager.users.${homeUser} = _: {
imports = [
# TODO: bump these to latest and make it work
(args:
import ../../home-manager/programs/radicale.nix (args // {
osConfig = config;
pkgs = repoFlakeInputs'.radicalePkgs.legacyPackages;
})
)
];
};
}

90
nix/os/snippets/sway-desktop.nix Normal file
View file

@ -0,0 +1,90 @@
{ pkgs, lib, ... }:
let
# TODO: make this configurable
homeUser = "steveej";
in
{
services.xserver.serverFlagsSection = ''
Option "BlankTime" "0"
Option "StandbyTime" "0"
Option "SuspendTime" "0"
Option "OffTime" "0"
'';
hardware.opengl.enable = true;
services.gvfs = {
enable = true;
package = lib.mkForce pkgs.gnome3.gvfs;
};
environment.systemPackages = with pkgs; [
# provides a default authentification client for policykit
lxqt.lxqt-policykit
];
# required by swaywm
security.polkit.enable = true;
security.pam.services.swaylock = { };
# test these on https://mozilla.github.io/webrtc-landing/gum_test.html
xdg.portal = {
enable = true;
# FIXME: `true` breaks xdg-open from alacritty:
# $ xdg-open "https://github.com/"
# Error: GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: No such interface “org.freedesktop.portal.OpenURI” on object at path /org/freedesktop/portal/desktop
xdgOpenUsePortal = false;
extraPortals = [
pkgs.xdg-desktop-portal-wlr
pkgs.xdg-desktop-portal-gtk
# repoFlake.inputs.nixpkgs-wayland.packages.${pkgs.system}.xdg-desktop-portal-wlr
# (pkgs.xdg-desktop-portal-gtk.override (_: {
# buildPortalsInGnome = false;
# }))
];
};
# rtkit is optional but recommended
security.rtkit.enable = true;
services.pipewire = {
audio.enable = true;
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
#jack.enable = true;
};
networkmanager.enable = false;
security.pam.services.getty.enableGnomeKeyring = true;
services.gnome.gnome-keyring.enable = true;
# autologin steveej on tty1
systemd.services."autovt@tty1".description = "Autologin at the TTY1";
systemd.services."autovt@tty1".after = [ "systemd-logind.service" ]; # without it user session not started and xorg can't be run from this tty
systemd.services."autovt@tty1".wantedBy = [ "multi-user.target" ];
systemd.services."autovt@tty1".serviceConfig =
{
ExecStart = [
"" # override upstream default with an empty ExecStart
"@${pkgs.utillinux}/sbin/agetty agetty --login-program ${pkgs.shadow}/bin/login --autologin steveej --noclear %I $TERM"
];
Restart = "always";
Type = "idle";
};
programs.zsh.loginShellInit = ''
if test $(id --user steveej) = $(id -u) && test $(tty) = "/dev/tty1"; then
exec sway
fi
'';
home-manager.users.${homeUser} = _: {
imports = [
../../home-manager/profiles/sway-desktop.nix
];
};
}

6
secrets/desktop/radicale_htpasswd
View file

@ -1,5 +1,5 @@
{
"data": "ENC[AES256_GCM,data:4Oo7a4iL9ry9qFnzd/uwllP8UZ1re+RglnvkEO11XvSqqGhGOCUX0k0kOVD/CYbdLNq7jqVI8h5Fw5grSb6SCDzlknV0bJ70mmBQ9wEhRA82P1M/T50KH6V6XIVR7IlVhjMKkdW6YH0XAyrqaVh3fJUbOk9hJVvrylLvPF4vpc9+aYdzUCvn5jbecpywYY7NRKLI7H7xUmnW,iv:vvyS08x5yXTmlZo1A+Z2zsW9Mj6JrIkNt+CvB7VZJ38=,tag:MrjYVpS+SyYLUAbin85fkw==,type:str]",
"data": "ENC[AES256_GCM,data:4Sfp4HqBQ/gsdK1iIwVisHxXHB9ryuTcsxqa4pJMYPBkn0C/Z43TuvZnUpZyACAIL00h7sPMEqQbdvmiHoo2CVizl5hB0wT6QdBwjuSjjuNDwqqJTvistCNBGsTQrb8fdsmTMGEyQmC0yQ6eF3STIT2PP/M1NPZ30zqxQInscv0Mem3n1yT0S3xamwvXkJq+WQvEhJpggsp8,iv:B+KVrsWRHYhvNCkwWhHOF6CFTpF4/tI5wOD05aMf2JI=,tag:srnaV+etedgReXLZ9QBPCw==,type:str]",
"sops": {
"kms": null,
"gcp_kms": null,
@ -11,8 +11,8 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmTVMxdkpjQllIZlRpQjEr\nc0RqNzNnOGplcDR6by9aL0JQY0ZmZjV3OUhrCm1sbHEvQ3hFZVg1YU5wOU5kaGpI\nK25zckJNaXhWd21kUHIyTm8yVW0reWsKLS0tIHVvbDhYZjRSbVRjOWZNaWkwcm1z\neVJyTTRNNTJBeVYxdDFCL1ozQjhQUkUK09k0LVNUugbxtZJB1JEXWmB2Q35mK1MW\nY12rpx4QwFUf1uhZDGmHMU0mrmaZRhkiTXTW+MtbHHtiGCxI8JrgLQ==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2023-07-01T17:49:07Z",
"mac": "ENC[AES256_GCM,data:DLKp0oBRgqoC1vm7Gt8IgTXQZBVhFMzRlP2CeWUHCi0PhOFFDCQCbJMJ4GnLeVAMgn1PTQXxDBJsqx1dd99oR3xXOqV6s9RUrg7BNql6G1PRnROnvGavVq+K8Oqyc6K3RDMK95Fwd20Svvyplc7fvvJVYA7XE8oVyPCj7adgIzA=,iv:0T60zdgBXTNEUyzWNH2gRJsH7D/mofiBQKD4XpaTdf4=,tag:9s0g5W0fu7PrKybYNQMfxA==,type:str]",
"lastmodified": "2024-01-22T17:03:08Z",
"mac": "ENC[AES256_GCM,data:BS4BPjzA663knjD53QWjjDKmYmT6GcOVJru0XBWDQakVvgZwrPnRSZWSuC+ubtTBiG+EMK8Zx7nY3i8S/T0AkO9FmxBR476m8oopkNvCQIIEOkOK0F5I2gd6W/SDqKBC8Wzb6qWxGYDeZBmnvjpapcyW+VvJvaXhjSJpOgff+LQ=,iv:mwa9p6YJPLDWUcPxgGErZUSd5afCdg3YmY3fL1/f6do=,tag:MQN6KPB0NwVakSps9/sLzw==,type:str]",
"pgp": [
{
"created_at": "2023-07-01T17:45:58Z",