From f779649c0caa81e7c4c1bedd7adefc68805470fd Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Thu, 7 Mar 2024 22:01:03 +0100 Subject: [PATCH] feat,fix: cach up hostkey0 with structure changes, update x13s and config firewall --- .../configuration/graphical-fullblown.nix | 5 +-- nix/home-manager/profiles/common.nix | 2 + nix/os/devices/router0-dmz0/configuration.nix | 2 +- .../devices/sj-bm-hostkey0/configuration.nix | 9 +--- nix/os/devices/sj-bm-hostkey0/flake.lock | 41 +++++------------ nix/os/devices/steveej-x13s/configuration.nix | 44 ++++++++++++++++++- nix/os/devices/steveej-x13s/flake.lock | 30 ++++++------- nix/os/devices/steveej-x13s/flake.nix | 4 +- 8 files changed, 79 insertions(+), 58 deletions(-) diff --git a/nix/home-manager/configuration/graphical-fullblown.nix b/nix/home-manager/configuration/graphical-fullblown.nix index 4359cc6..a8c96b3 100644 --- a/nix/home-manager/configuration/graphical-fullblown.nix +++ b/nix/home-manager/configuration/graphical-fullblown.nix @@ -40,7 +40,6 @@ in { home.sessionVariables.PATH = pkgs.lib.concatStringsSep ":" ["$HOME/.local/bin" "$PATH"]; nixpkgs.config.permittedInsecurePackages = [ - "electron-25.9.0" ]; home.packages = @@ -157,8 +156,8 @@ in { nethogs # Code Editing and Programming - # pkgsUnstableSmall.lapce - # pkgsUnstableSmall.helix + pkgsUnstableSmall.lapce + pkgsUnstableSmall.helix # Image/Graphic/Design Tools gnome.eog diff --git a/nix/home-manager/profiles/common.nix b/nix/home-manager/profiles/common.nix index 9df371b..62bba7e 100644 --- a/nix/home-manager/profiles/common.nix +++ b/nix/home-manager/profiles/common.nix @@ -3,6 +3,8 @@ lib, ... }: { + home.stateVersion = lib.mkDefault "23.11"; + # TODO: re-enable this with the appropriate version? # programs.home-manager.enable = true; # programs.home-manager.path = https://github.com/rycee/home-manager/archive/445c0b1482c38172a9f8294ee16a7ca7462388e5.tar.gz; diff --git a/nix/os/devices/router0-dmz0/configuration.nix b/nix/os/devices/router0-dmz0/configuration.nix index 366c640..cd0629e 100644 --- a/nix/os/devices/router0-dmz0/configuration.nix +++ b/nix/os/devices/router0-dmz0/configuration.nix @@ -194,7 +194,7 @@ in { rules = let wanInterfaces = builtins.concatStringsSep ", " config.networking.nftables.firewall.zones.wan.interfaces; in - # TODO: if this hostname doesn't resolve it'll break the whole ruleset + # ***TODO***: if this hostname doesn't resolve it'll break the whole ruleset [ "iifname { ${wanInterfaces} } tcp dport 220 redirect to 22" "iifname { ${wanInterfaces} } dnat ip to ${exposedHost}" diff --git a/nix/os/devices/sj-bm-hostkey0/configuration.nix b/nix/os/devices/sj-bm-hostkey0/configuration.nix index 9210b46..72a634c 100644 --- a/nix/os/devices/sj-bm-hostkey0/configuration.nix +++ b/nix/os/devices/sj-bm-hostkey0/configuration.nix @@ -22,6 +22,7 @@ in { repoFlake.inputs.sops-nix.nixosModules.sops ../../profiles/common/user.nix + ../../snippets/nix-settings.nix ../../snippets/nix-settings-holo-chain.nix # TODO @@ -29,20 +30,14 @@ in { # ./monitoring.nix # user config + ../../snippets/home-manager-with-zsh.nix { users.commonUsers = { enable = true; enableNonRoot = true; }; - home-manager.users.root = import ../../../home-manager/configuration/text-minimal.nix { - inherit pkgs; - }; home-manager.users.steveej = {pkgs, ...}: { - imports = [ - ../../../home-manager/configuration/text-minimal.nix - ]; - home.packages = [ pkgs.nil pkgs.rnix-lsp diff --git a/nix/os/devices/sj-bm-hostkey0/flake.lock b/nix/os/devices/sj-bm-hostkey0/flake.lock index 7b84218..23f7435 100644 --- a/nix/os/devices/sj-bm-hostkey0/flake.lock +++ b/nix/os/devices/sj-bm-hostkey0/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1704318910, - "narHash": "sha256-wOIJwAsnZhM0NlFRwYJRgO4Lldh8j9viyzwQXtrbNtM=", + "lastModified": 1709286488, + "narHash": "sha256-RDpTZ72zLu05djvXRzK76Ysqp9zSdh84ax/edEaJucs=", "owner": "nix-community", "repo": "disko", - "rev": "aef9a509db64a081186af2dc185654d78dc8e344", + "rev": "bde7dd352c07d43bd5b8245e6c39074a391fdd46", "type": "github" }, "original": { @@ -42,11 +42,11 @@ ] }, "locked": { - "lastModified": 1704383912, - "narHash": "sha256-Be7O73qoOj/z+4ZCgizdLlu+5BkVvO2KO299goZ9cW8=", + "lastModified": 1709204054, + "narHash": "sha256-U1idK0JHs1XOfSI1APYuXi4AEADf+B+ZU4Wifc0pBHk=", "owner": "nix-community", "repo": "home-manager", - "rev": "26b8adb300e50efceb51fff6859a1a6ba1ade4f7", + "rev": "2f3367769a93b226c467551315e9e270c3f78b15", "type": "github" }, "original": { @@ -56,29 +56,13 @@ "type": "github" } }, - "nixos-stable": { - "locked": { - "lastModified": 1703992652, - "narHash": "sha256-C0o8AUyu8xYgJ36kOxJfXIroy9if/G6aJbNOpA5W0+M=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "32f63574c85fbc80e4ba1fbb932cde9619bad25e", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-23.11", - "repo": "nixpkgs", - "type": "github" - } - }, "nixpkgs": { "locked": { - "lastModified": 1704295289, - "narHash": "sha256-9WZDRfpMqCYL6g/HNWVvXF0hxdaAgwgIGeLYiOhmes8=", + "lastModified": 1709218635, + "narHash": "sha256-nytX/MkfqeTD4z7bMq4QRXcHxO9B3vRo9tM6fMtPFA8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b0b2c5445c64191fd8d0b31f2b1a34e45a64547d", + "rev": "068d4db604958d05d0b46c47f79b507d84dbc069", "type": "github" }, "original": { @@ -99,17 +83,16 @@ }, "srvos": { "inputs": { - "nixos-stable": "nixos-stable", "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1704357296, - "narHash": "sha256-npRcwAqeoLRdilyn4yOG9qShTRJ3sXL/xpyVOi+j7nw=", + "lastModified": 1709290688, + "narHash": "sha256-uGOqZffYg3mNS43MI6yhYB5tE8QYXgvCzO8dg5lC9TA=", "owner": "numtide", "repo": "srvos", - "rev": "341c142aad6609161b6b74cfc2d288f0ead01585", + "rev": "8e1328f734bff51198c44facd064b257756343c5", "type": "github" }, "original": { diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index 37331ff..5a1817a 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -13,6 +13,7 @@ enable = true; # TODO: use hardware address bluetoothMac = "65:9e:7a:8b:86:28"; + kernel = "jhovold"; }; services.illum.enable = true; @@ -65,6 +66,7 @@ ./disko.nix ../../snippets/nix-settings.nix + ../../snippets/nix-settings-holo-chain.nix ../../profiles/common/user.nix { @@ -81,6 +83,21 @@ }; } + # TODO: create syncthing os snippet + (let + tcp = [22000]; + udp = [ + 22000 + 21027 + ]; + in { + # TODO: upstream feature for inverse rule to work: `! --in-interface zt+` + networking.firewall.interfaces."en+".allowedTCPPorts = tcp; + networking.firewall.interfaces."en+".allowedUDPPorts = udp; + networking.firewall.interfaces."wl+".allowedTCPPorts = tcp; + networking.firewall.interfaces."wl+".allowedUDPPorts = udp; + }) + ../../snippets/home-manager-with-zsh.nix ../../snippets/sway-desktop.nix ../../snippets/bluetooth.nix @@ -132,6 +149,23 @@ loader.efi.canTouchEfiVariables = lib.mkForce false; loader.efi.efiSysMountPoint = "/boot"; blacklistedKernelModules = ["wwan"]; + + # kernelParams = let + # dtbName = "sc8280xp-lenovo-thinkpad-x13s.dtb"; + # in lib.mkForce [ + # # needed to boot + # "dtb=${dtbName}" + + # # jhovold recommended + # "efi=noruntime" + # "clk_ignore_unused" + # "pd_ignore_unused" + # # "regulator_ignore_unused" + # "arm64.nopauth" + + # # blacklist graphics in initrd so the firmware can load from disk + # "rd.driver.blacklist=msm" + # ]; }; # see https://linrunner.de/tlp/ @@ -145,12 +179,20 @@ }; # android on linux - virtualisation.waydroid.enable = true; + virtualisation.waydroid.enable = false; virtualisation.podman.enable = true; virtualisation.podman.dockerCompat = true; hardware.ledger.enable = true; + nix.settings.substituters = [ + "https://nixos-x13s.cachix.org" + ]; + + nix.settings.trusted-public-keys = [ + "nixos-x13s.cachix.org-1:SzroHbidolBD3Sf6UusXp12YZ+a5ynWv0RtYF0btFos=" + ]; + steveej.holo-zerotier = { enable = true; autostart = false; diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index 7709f44..42306cb 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1709286488, - "narHash": "sha256-RDpTZ72zLu05djvXRzK76Ysqp9zSdh84ax/edEaJucs=", + "lastModified": 1709682352, + "narHash": "sha256-71S/64RbyADT6FUVJq4WLiNbmcxFvgMsSihf/C2Hgno=", "owner": "nix-community", "repo": "disko", - "rev": "bde7dd352c07d43bd5b8245e6c39074a391fdd46", + "rev": "ad5e8bd14df2e6bdb836582577dc163318617738", "type": "github" }, "original": { @@ -95,16 +95,16 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1709138783, - "narHash": "sha256-RyX9TPeMEcRLVTaHJzXepIn1EhixNMFJzfNIWwjcfhA=", - "ref": "refs/tags/2024-02-28", - "rev": "af581b2b9506a66ddf6d6f99cf151a86bb2919bb", - "revCount": 35, + "lastModified": 1709651788, + "narHash": "sha256-zxyGf3cCfAvYyURL1HKhpKyA14EkolG5jBmWvz0Xxjg=", + "ref": "main", + "rev": "4d55c266488f93ed022e2f6d2848420b59f4a56a", + "revCount": 38, "type": "git", "url": "https://codeberg.org/adamcstephens/nixos-x13s" }, "original": { - "ref": "refs/tags/2024-02-28", + "ref": "main", "type": "git", "url": "https://codeberg.org/adamcstephens/nixos-x13s" } @@ -161,11 +161,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1709271102, - "narHash": "sha256-Z2sBL/HRRTNABsU8E5XsP+FXBEyBoi6oMwm5bV7lSFw=", + "lastModified": 1709558755, + "narHash": "sha256-hx4FIbk4X4ve1oiHLOj+VE6dzO4CtXBR5RSU6kaq34M=", "owner": "nixos", "repo": "nixpkgs", - "rev": "09c1497ce5d4ed4a0edfdd44450d3048074cb300", + "rev": "207107bbc7d6d19a8b2c36a088d3756d03490243", "type": "github" }, "original": { @@ -177,11 +177,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1709218635, - "narHash": "sha256-nytX/MkfqeTD4z7bMq4QRXcHxO9B3vRo9tM6fMtPFA8=", + "lastModified": 1709569716, + "narHash": "sha256-iOR44RU4jQ+YPGrn+uQeYAp7Xo7Z/+gT+wXJoGxxLTY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "068d4db604958d05d0b46c47f79b507d84dbc069", + "rev": "617579a787259b9a6419492eaac670a5f7663917", "type": "github" }, "original": { diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index 6e13b69..6a21f5b 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -18,8 +18,8 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - # nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s?ref=main"; - nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s?ref=refs/tags/2024-02-28"; + nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s?ref=main"; + # nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s?ref=refs/tags/2024-02-28"; # nixos-x13s.url = "path:/home/steveej/src/others/nixos-x13s"; # nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; };