steveej/infra
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions

clean up and refactor more into OS snippets; bluetooth works on x13s

Browse source
This commit is contained in:
steveej 2024-01-24 00:24:04 +00:00
parent 13dcb13bac
commit faf0818e00
27 changed files with 367 additions and 461 deletions
Download patch file Download diff file Expand all files Collapse all files

17
flake.lock generated
View file

@ -132,6 +132,22 @@
"type": "github" "type": "github"
} }
}, },
"dotfiles": {
"flake": false,
"locked": {
"lastModified": 1541334338,
"narHash": "sha256-9QAq7bjITpaO8A8qD8IVoa+89Bg13CEwxf771d9S/Ag=",
"owner": "steveeJ",
"repo": "dotfiles",
"rev": "9a8484f7094edc1b533bad3be71c511ba8ff45eb",
"type": "gitlab"
},
"original": {
"owner": "steveeJ",
"repo": "dotfiles",
"type": "gitlab"
}
},
"fenix": { "fenix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -713,6 +729,7 @@
"nixos-anywhere", "nixos-anywhere",
"disko" "disko"
], ],
"dotfiles": "dotfiles",
"fenix": "fenix", "fenix": "fenix",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"get-flake": "get-flake", "get-flake": "get-flake",

6
flake.nix
View file

@ -1,6 +1,11 @@
# flake.nix # flake.nix
{ {
inputs = { inputs = {
dotfiles = {
url = "gitlab:steveeJ/dotfiles";
flake = false;
};
# flake and infra basics # flake and infra basics
nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11";
radicalePkgs.follows = "nixpkgs-2211"; radicalePkgs.follows = "nixpkgs-2211";
@ -164,6 +169,7 @@
retro_cross = retro.cross; retro_cross = retro.cross;
steveej-x13s_cross = (inputs.get-flake ./nix/os/devices/steveej-x13s).nixosConfigurations.cross; steveej-x13s_cross = (inputs.get-flake ./nix/os/devices/steveej-x13s).nixosConfigurations.cross;
steveej-x13s-rmvbl_cross = (inputs.get-flake ./nix/os/devices/steveej-x13s-rmvbl).nixosConfigurations.cross;
} }
); );

12
nix/home-manager/configuration/text-minimal.nix
View file

@ -1,12 +0,0 @@
{pkgs, ...}: {
imports = [
../profiles/common.nix
../programs/neovim.nix
];
home.packages = with pkgs; [
iperf3
inetutils
speedtest-cli
];
}

23
nix/home-manager/profiles/common.nix
View file

@ -3,10 +3,7 @@
# programs.home-manager.enable = true; # programs.home-manager.enable = true;
# programs.home-manager.path = https://github.com/rycee/home-manager/archive/445c0b1482c38172a9f8294ee16a7ca7462388e5.tar.gz; # programs.home-manager.path = https://github.com/rycee/home-manager/archive/445c0b1482c38172a9f8294ee16a7ca7462388e5.tar.gz;
imports = [ # TODO: move this to an OS snippet?
../programs/zsh.nix
];
nixpkgs.config = { nixpkgs.config = {
allowBroken = false; allowBroken = false;
allowUnfree = true; allowUnfree = true;
@ -14,15 +11,6 @@
permittedInsecurePackages = [ ]; permittedInsecurePackages = [ ];
}; };
nix.settings.experimental-features = [
"nix-command"
"flakes"
"impure-derivations"
"ca-derivations"
"recursive-nix"
];
nix.settings.sandbox = "relaxed";
home.keyboard = { home.keyboard = {
layout = "us"; layout = "us";
variant = "altgr-intl"; variant = "altgr-intl";
@ -36,9 +24,7 @@
xdg.enable = true; xdg.enable = true;
programs.direnv.enable = true; programs.direnv.enable = true;
services.lorri.enable = true;
home.sessionVariables.NIXPKGS_ALLOW_UNFREE = "1";
# Don't create .pyc files. # Don't create .pyc files.
home.sessionVariables.PYTHONDONTWRITEBYTECODE = "1"; home.sessionVariables.PYTHONDONTWRITEBYTECODE = "1";
@ -48,9 +34,14 @@
home.packages = home.packages =
[ ] [ ]
++ (with pkgs; [ ++ (with pkgs; [
htop coreutils
vcsh vcsh
htop
iperf3
nethogs
# Authentication # Authentication
cacert cacert
openssl openssl

49
nix/home-manager/profiles/dotfiles.nix
View file

@ -1,10 +1,47 @@
{ repoFlake
, pkgs
, config
, repoHttps ? "https://gitlab.com/steveeJ/dotfiles.git"
, repoSsh ? "git@gitlab.com:/steveeJ/dotfiles.git"
, ...
}:
let
repoBareLocal =
pkgs.runCommand "fetchbare"
{
outputHashMode = "recursive";
outputHashAlgo = "sha256";
outputHash = "0000000000000000000000000000000000000000000000000000";
} ''
(
set -xe
export GIT_SSL_CAINFO=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt
${pkgs.git}/bin/git clone --mirror ${repoHttps} $out
)
'';
vcshActivationScript = pkgs.writeScript "activation-script" ''
export HOST=$(hostname -s)
function set_remotes {
${pkgs.vcsh}/bin/vcsh dotfiles remote set-url origin $1
${pkgs.vcsh}/bin/vcsh dotfiles remote set-url --push origin $2
}
if ! test -d $HOME/.config/vcsh/repo.d/dotfiles.git; then
echo Cloning dotfiles for $HOST...
${pkgs.vcsh}/bin/vcsh clone -b $HOST ${repoBareLocal} dotfiles
set_remotes ${repoHttps} ${repoSsh}
else
set_remotes ${repoBareLocal} ${repoSsh}
echo Updating dotfiles for $HOST...
${pkgs.vcsh}/bin/vcsh pull $HOST || true
set_remotes ${repoHttps} ${repoSsh}
fi
'';
in
{ {
pkgs,
config,
...
}: let
vcshActivationScript = pkgs.callPackage ./dotfiles/vcsh.nix {};
in {
# TODO: fix the dotfiles # TODO: fix the dotfiles
# home.activation.vcsh = config.lib.dag.entryAfter["linkGeneration"] '' # home.activation.vcsh = config.lib.dag.entryAfter["linkGeneration"] ''
# $DRY_RUN_CMD ${vcshActivationScript} # $DRY_RUN_CMD ${vcshActivationScript}

18
nix/home-manager/profiles/sway-desktop.nix
View file

@ -39,24 +39,6 @@ in
services.gpg-agent.pinentryFlavor = "gnome3"; services.gpg-agent.pinentryFlavor = "gnome3";
nixpkgs.overlays = [
(final: prev: {
# xdg-desktop-portal-wlr' = repoFlakeInputs'.nixpkgs-wayland.packages.xdg-desktop-portal-wlr;
# xdg-desktop-portal-wlr-gtk' = repoFlakeInputs'.nixpkgs-wayland.packages.xdg-desktop-portal-wlr-gtk;
# sway-unwrapped = let
# fixed_wlroots = prev.wlroots_0_16.overrideAttrs (old: {
# patches = [
# (builtins.fetchurl {
# sha256 = "05h9xzicz3fccskg2hbqnw2qh4bm7mwi70c4m00y87w5yhj9gxps";
# url = "https://gist.githubusercontent.com/steveej/1d8c96ed2fdb3d9ddd0344ca5136073f/raw/d6a097a452b950865b554587db606e718d99c572/fix-wlroots.patch";
# })
# ];
# });
# in
# prev.sway-unwrapped.override {wlroots_0_16 = fixed_wlroots;};
})
];
home.packages = [ home.packages = [
pkgs.swayidle pkgs.swayidle
pkgs.swaylock pkgs.swaylock

6
nix/os/devices/steveej-t14/configuration.nix
View file

@ -1,5 +1,11 @@
{ ... }: { { ... }: {
imports = [ imports = [
../../snippets/home-manager-with-zsh.nix
../../snippets/nix-settings-holo-chain.nix
../../snippets/radicale.nix
../../snippets/sway-desktop.nix
../../snippets/timezone.nix
../../profiles/common/configuration.nix ../../profiles/common/configuration.nix
../../profiles/graphical/configuration.nix ../../profiles/graphical/configuration.nix
../../modules/opinionatedDisk.nix ../../modules/opinionatedDisk.nix

25
nix/os/devices/steveej-t14/default.nix
View file

@ -1,24 +1,21 @@
{ { nodeName
nodeName, , repoFlake
repoFlake, , repoFlakeWithSystem
repoFlakeWithSystem, , nodeFlake
nodeFlake, , ...
}: let }:
let
system = "x86_64-linux"; system = "x86_64-linux";
in { in
{
meta.nodeSpecialArgs.${nodeName} = { meta.nodeSpecialArgs.${nodeName} = {
inherit repoFlake nodeName nodeFlake; inherit repoFlake nodeName nodeFlake;
packages' = repoFlake.packages.${system}; packages' = repoFlake.packages.${system};
repoFlakeInputs' = repoFlakeWithSystem system ({inputs', ...}: inputs'); repoFlakeInputs' = repoFlakeWithSystem system ({ inputs', ... }: inputs');
}; };
meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath {
inherit system; inherit system;
overlays = [
(final: prev: {
# FIXME: why are these not effective in for the configuration.nix below?
})
];
}; };
${nodeName} = { ${nodeName} = {
@ -28,8 +25,6 @@ in {
imports = [ imports = [
(repoFlake + "/nix/os/devices/${nodeName}/configuration.nix") (repoFlake + "/nix/os/devices/${nodeName}/configuration.nix")
nodeFlake.inputs.home-manager.nixosModules.home-manager
]; ];
}; };
} }

7
nix/os/devices/steveej-t14/system.nix
View file

@ -24,13 +24,6 @@ let
in in
{ {
imports = [
../../snippets/nix-settings-holo-chain.nix
../../snippets/radicale.nix
../../snippets/sway-desktop.nix
../../snippets/timezone.nix
];
nix.settings = { nix.settings = {
substituters = [ substituters = [
]; ];

86
nix/os/devices/steveej-x13s-rmvbl/configuration.nix
View file

@ -11,96 +11,12 @@
{ {
imports = [ imports = [
repoFlake.inputs.sops-nix.nixosModules.sops
nodeFlake.inputs.disko.nixosModules.disko
./disko.nix
../../profiles/common/user.nix
../../profiles/common/pkg.nix
{ {
# nixpkgs.config.allowUnsupportedSystem = true;
# flake registry
nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs;
nix.nixPath = [
"nixpkgs=${pkgs.path}"
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings.max-jobs = lib.mkDefault "auto";
}
{
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "yes";
services.openssh.openFirewall = true;
users.commonUsers = { users.commonUsers = {
enable = true; enable = true;
enableNonRoot = true; enableNonRoot = true;
installPassword = "install";
}; };
sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
sops.defaultSopsFormat = "yaml";
} }
nodeFlake.inputs.home-manager.nixosModules.home-manager
../../snippets/sway-desktop.nix
../../snippets/radicale.nix
]; ];
hardware.thinkpad-x13s = {
enable = true;
# TODO: use hardware address
bluetoothMac = "65:9e:7a:8b:86:28";
};
networking = {
hostName = nodeName;
firewall.enable = true;
# useNetworkd = true;
networkmanager.enable = true;
};
system.stateVersion = "23.11";
nixpkgs.config.allowUnfree = true;
environment.systemPackages = [
pkgs.sshfs
pkgs.util-linux
pkgs.coreutils
pkgs.vim
pkgs.git
pkgs.git-crypt
];
home-manager.users.steveej = _: {
imports = [
../../../home-manager/configuration/graphical-fullblown.nix
(_: {
programs.chromium.extensions = [
# can define host-specific extensions here
];
})
];
home.sessionVariables = { };
home.packages = with pkgs; [
];
};
} }

83
nix/os/devices/steveej-x13s-rmvbl/flake.lock generated
View file

@ -1,55 +1,5 @@
{ {
"nodes": { "nodes": {
"adamcstephens_stop-export": {
"flake": false,
"locked": {
"lastModified": 1705876512,
"narHash": "sha256-nvBqLyi8dMQf3xnROwEcUv4iqV55Mr8S8OGYepu14i4=",
"ref": "refs/heads/main",
"rev": "388684db5b529bbd6f3e948cf175df089eb09766",
"revCount": 14,
"type": "git",
"url": "https://codeberg.org/adamcstephens/stop-export.git"
},
"original": {
"type": "git",
"url": "https://codeberg.org/adamcstephens/stop-export.git"
}
},
"alsa-ucm-conf": {
"flake": false,
"locked": {
"lastModified": 1705501566,
"narHash": "sha256-Nyr7tjH5VBjocvaKaHCiK+zsjThYBtcr936aRWCBBpM=",
"owner": "alsa-project",
"repo": "alsa-ucm-conf",
"rev": "e87dde51d68950537f92af955ad0633437cc419a",
"type": "github"
},
"original": {
"owner": "alsa-project",
"ref": "master",
"repo": "alsa-ucm-conf",
"type": "github"
}
},
"brainwart_x13s-nixos": {
"flake": false,
"locked": {
"lastModified": 1705565623,
"narHash": "sha256-sisr/dFIz8p3/Y7mz+arWxjeiBmUTQkMqkF9j3c2dWE=",
"owner": "BrainWart",
"repo": "x13s-nixos",
"rev": "29002122d86a1009ba70e7a4ca3063e5404c77a2",
"type": "github"
},
"original": {
"owner": "BrainWart",
"ref": "flake",
"repo": "x13s-nixos",
"type": "github"
}
},
"disko": { "disko": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -105,23 +55,6 @@
"type": "github" "type": "github"
} }
}, },
"linux_x13s": {
"flake": false,
"locked": {
"lastModified": 1705680516,
"narHash": "sha256-NjCuPYjYHBJcoJR1ZaWQ9sRh0VpY2Y0hawkbUBRfCvk=",
"owner": "jhovold",
"repo": "linux",
"rev": "bac95eabe6577faa2773cbe7e91c34fd17ab79a0",
"type": "github"
},
"original": {
"owner": "jhovold",
"ref": "wip/sc8280xp-v6.7",
"repo": "linux",
"type": "github"
}
},
"mobile-nixos": { "mobile-nixos": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -140,11 +73,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1705774713, "lastModified": 1705916986,
"narHash": "sha256-j6ADaDH9XiumUzkTPlFyCBcoWYhO83lfgiSqEJF2zcs=", "narHash": "sha256-iBpfltu6QvN4xMpen6jGGEb6jOqmmVQKUrXdOJ32u8w=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "1b64fc1287991a9cce717a01c1973ef86cb1af0b", "rev": "d7f206b723e42edb09d9d753020a84b3061a79d8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -172,11 +105,11 @@
}, },
"nixpkgs-unstable-small": { "nixpkgs-unstable-small": {
"locked": { "locked": {
"lastModified": 1705891108, "lastModified": 1706022028,
"narHash": "sha256-PQ0Df5BzByg+0gPE1goa9WYVXSoEP6gtjblrbYC8WOI=", "narHash": "sha256-F8Gv4R4K/AvS3+6pWd8wlnw4Vhgf7bcszy7i8XPbzA0=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8cccce637e19577815de54c5ecc3132dff965aee", "rev": "15ff1758e7816331033baa14eebbea68626128f3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -188,13 +121,9 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"adamcstephens_stop-export": "adamcstephens_stop-export",
"alsa-ucm-conf": "alsa-ucm-conf",
"brainwart_x13s-nixos": "brainwart_x13s-nixos",
"disko": "disko", "disko": "disko",
"get-flake": "get-flake", "get-flake": "get-flake",
"home-manager": "home-manager", "home-manager": "home-manager",
"linux_x13s": "linux_x13s",
"mobile-nixos": "mobile-nixos", "mobile-nixos": "mobile-nixos",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-2211": "nixpkgs-2211", "nixpkgs-2211": "nixpkgs-2211",

10
nix/os/devices/steveej-x13s-rmvbl/flake.nix
View file

@ -31,6 +31,8 @@
buildPlatform = "x86_64-linux"; buildPlatform = "x86_64-linux";
nodeName = "steveej-x13s-rmvbl"; nodeName = "steveej-x13s-rmvbl";
x13s-flake = get-flake ../steveej-x13s;
mkNixosConfiguration = { extraModules ? [ ], ... } @ attrs: mkNixosConfiguration = { extraModules ? [ ], ... } @ attrs:
nixpkgs.lib.nixosSystem ( nixpkgs.lib.nixosSystem (
nixpkgs.lib.attrsets.recursiveUpdate nixpkgs.lib.attrsets.recursiveUpdate
@ -41,13 +43,15 @@
inherit nodeName; inherit nodeName;
repoFlake = get-flake ../../../..; repoFlake = get-flake ../../../..;
nodeFlake = self;
# TODO: double-check if this hack doesn't have negative side-effects
# the reason for it is so that `nodeFlake.inputs.nixos-x13s.nixosModules.default` in the module is found
nodeFlake = x13s-flake;
}).meta.nodeSpecialArgs.${nodeName}; }).meta.nodeSpecialArgs.${nodeName};
modules = modules =
[ [
self.nixosModules.hardware-x13s ../steveej-x13s/configuration.nix
./configuration.nix ./configuration.nix
] ]
++ extraModules; ++ extraModules;

101
nix/os/devices/steveej-x13s/configuration.nix
View file

@ -10,31 +10,60 @@
}: }:
{ {
nixos-x13s = {
enable = true;
# TODO: use hardware address
bluetoothMac = "65:9e:7a:8b:86:28";
};
systemd.services.bluetooth-mac = {
enable = true;
path = [
pkgs.systemd
pkgs.util-linux
pkgs.bluez5-experimental
pkgs.expect
];
script = ''
# TODO: this may not be required
while ! (journalctl -b0 | grep 'Bluetooth: hci0: QCA setup on UART is completed'); do
echo Waiting for bluetooth firmware to complete
echo sleep 1
done
(
# best effort
set +e
rfkill block bluetooth
echo $?
btmgmt public-addr ${config.nixos-x13s.bluetoothMac}
echo $?
rfkill unblock bluetooth
echo $?
)
'';
requiredBy = [ "bluetooth.service" ];
before = [ "bluetooth.service" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
# we need a tty, otherwise btmgmt will hang
StandardInput = "tty";
TTYPath = "/dev/tty2";
TTYReset = "yes";
TTYVHangup = "yes";
};
};
imports = [ imports = [
nodeFlake.inputs.nixos-x13s.nixosModules.default
repoFlake.inputs.sops-nix.nixosModules.sops repoFlake.inputs.sops-nix.nixosModules.sops
nodeFlake.inputs.disko.nixosModules.disko nodeFlake.inputs.disko.nixosModules.disko
./disko.nix ./disko.nix
repoFlake.nixosModules.thinkpad-x13s ../../snippets/nix-settings.nix
../../profiles/common/pkg.nix
{
# flake registry
nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs;
nix.nixPath = [
"nixpkgs=${pkgs.path}"
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings.max-jobs = lib.mkDefault "auto";
}
../../profiles/common/user.nix ../../profiles/common/user.nix
{ {
@ -42,30 +71,23 @@
services.openssh.settings.PermitRootLogin = "yes"; services.openssh.settings.PermitRootLogin = "yes";
services.openssh.openFirewall = true; services.openssh.openFirewall = true;
# sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml;
# sops.defaultSopsFormat = "yaml"; sops.defaultSopsFormat = "yaml";
users.commonUsers = { users.commonUsers = {
enable = true; enable = true;
enableNonRoot = true; enableNonRoot = true;
installPassword = "install";
}; };
} }
nodeFlake.inputs.home-manager.nixosModules.home-manager
../../snippets/home-manager-with-zsh.nix
../../snippets/sway-desktop.nix ../../snippets/sway-desktop.nix
../../snippets/bluetooth.nix
../../snippets/timezone.nix ../../snippets/timezone.nix
# ../../snippets/radicale.nix # ../../snippets/radicale.nix
]; ];
hardware.thinkpad-x13s = {
enable = true;
# TODO: use hardware address
bluetoothMac = "65:9e:7a:8b:86:28";
};
networking.hostName = nodeName; networking.hostName = nodeName;
networking.firewall.enable = true; networking.firewall.enable = true;
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
@ -93,12 +115,23 @@
../../../home-manager/configuration/graphical-fullblown.nix ../../../home-manager/configuration/graphical-fullblown.nix
]; ];
# seems to be broke on install
programs.chromium.enable = lib.mkForce false;
home.sessionVariables = { }; home.sessionVariables = { };
home.packages = with pkgs; [ home.packages = with pkgs; [
]; ];
# TODO: currently unsupported
services.gammastep.enable = lib.mkForce false;
# programs.chromium.enable = lib.mkForce false;
};
boot = {
kernelParams = [
"dtb=sc8280xp-lenovo-thinkpad-x13s.dtb"
];
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = lib.mkForce false;
loader.efi.efiSysMountPoint = "/boot";
blacklistedKernelModules = [ "wwan" ];
}; };
} }

2
nix/os/devices/steveej-x13s/default.nix
View file

@ -31,8 +31,6 @@
imports = [ imports = [
(repoFlake + "/nix/os/devices/${nodeName}/configuration.nix") (repoFlake + "/nix/os/devices/${nodeName}/configuration.nix")
nodeFlake.inputs.home-manager.nixosModules.home-manager
]; ];
networking.hostName = nodeName; networking.hostName = nodeName;

141
nix/os/devices/steveej-x13s/flake.lock generated
View file

@ -1,55 +1,5 @@
{ {
"nodes": { "nodes": {
"adamcstephens_stop-export": {
"flake": false,
"locked": {
"lastModified": 1705876512,
"narHash": "sha256-nvBqLyi8dMQf3xnROwEcUv4iqV55Mr8S8OGYepu14i4=",
"ref": "refs/heads/main",
"rev": "388684db5b529bbd6f3e948cf175df089eb09766",
"revCount": 14,
"type": "git",
"url": "https://codeberg.org/adamcstephens/stop-export.git"
},
"original": {
"type": "git",
"url": "https://codeberg.org/adamcstephens/stop-export.git"
}
},
"alsa-ucm-conf": {
"flake": false,
"locked": {
"lastModified": 1705501566,
"narHash": "sha256-Nyr7tjH5VBjocvaKaHCiK+zsjThYBtcr936aRWCBBpM=",
"owner": "alsa-project",
"repo": "alsa-ucm-conf",
"rev": "e87dde51d68950537f92af955ad0633437cc419a",
"type": "github"
},
"original": {
"owner": "alsa-project",
"ref": "master",
"repo": "alsa-ucm-conf",
"type": "github"
}
},
"brainwart_x13s-nixos": {
"flake": false,
"locked": {
"lastModified": 1705565623,
"narHash": "sha256-sisr/dFIz8p3/Y7mz+arWxjeiBmUTQkMqkF9j3c2dWE=",
"owner": "BrainWart",
"repo": "x13s-nixos",
"rev": "29002122d86a1009ba70e7a4ca3063e5404c77a2",
"type": "github"
},
"original": {
"owner": "BrainWart",
"ref": "flake",
"repo": "x13s-nixos",
"type": "github"
}
},
"disko": { "disko": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -69,6 +19,24 @@
"type": "indirect" "type": "indirect"
} }
}, },
"flake-parts": {
"inputs": {
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1704982712,
"narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "07f6395285469419cf9d078f59b5b49993198c00",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"get-flake": { "get-flake": {
"locked": { "locked": {
"lastModified": 1694475786, "lastModified": 1694475786,
@ -105,23 +73,6 @@
"type": "github" "type": "github"
} }
}, },
"linux_x13s": {
"flake": false,
"locked": {
"lastModified": 1705680516,
"narHash": "sha256-NjCuPYjYHBJcoJR1ZaWQ9sRh0VpY2Y0hawkbUBRfCvk=",
"owner": "jhovold",
"repo": "linux",
"rev": "bac95eabe6577faa2773cbe7e91c34fd17ab79a0",
"type": "github"
},
"original": {
"owner": "jhovold",
"ref": "wip/sc8280xp-v6.7",
"repo": "linux",
"type": "github"
}
},
"mobile-nixos": { "mobile-nixos": {
"flake": false, "flake": false,
"locked": { "locked": {
@ -138,13 +89,34 @@
"type": "github" "type": "github"
} }
}, },
"nixos-x13s": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1705945811,
"narHash": "sha256-eDqgRYGMzRfpfWvSVj6IhHAWOMJC3xiwKaClbe79Gro=",
"ref": "refs/heads/main",
"rev": "9320defc4b8f381e5b7887d212d8d2babc41f2f2",
"revCount": 2,
"type": "git",
"url": "https://codeberg.org/adamcstephens/nixos-x13s"
},
"original": {
"type": "git",
"url": "https://codeberg.org/adamcstephens/nixos-x13s"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1705774713, "lastModified": 1705916986,
"narHash": "sha256-j6ADaDH9XiumUzkTPlFyCBcoWYhO83lfgiSqEJF2zcs=", "narHash": "sha256-iBpfltu6QvN4xMpen6jGGEb6jOqmmVQKUrXdOJ32u8w=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "1b64fc1287991a9cce717a01c1973ef86cb1af0b", "rev": "d7f206b723e42edb09d9d753020a84b3061a79d8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -170,13 +142,31 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-lib": {
"locked": {
"dir": "lib",
"lastModified": 1703961334,
"narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9",
"type": "github"
},
"original": {
"dir": "lib",
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable-small": { "nixpkgs-unstable-small": {
"locked": { "locked": {
"lastModified": 1705891108, "lastModified": 1706022028,
"narHash": "sha256-PQ0Df5BzByg+0gPE1goa9WYVXSoEP6gtjblrbYC8WOI=", "narHash": "sha256-F8Gv4R4K/AvS3+6pWd8wlnw4Vhgf7bcszy7i8XPbzA0=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8cccce637e19577815de54c5ecc3132dff965aee", "rev": "15ff1758e7816331033baa14eebbea68626128f3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -188,14 +178,11 @@
}, },
"root": { "root": {
"inputs": { "inputs": {
"adamcstephens_stop-export": "adamcstephens_stop-export",
"alsa-ucm-conf": "alsa-ucm-conf",
"brainwart_x13s-nixos": "brainwart_x13s-nixos",
"disko": "disko", "disko": "disko",
"get-flake": "get-flake", "get-flake": "get-flake",
"home-manager": "home-manager", "home-manager": "home-manager",
"linux_x13s": "linux_x13s",
"mobile-nixos": "mobile-nixos", "mobile-nixos": "mobile-nixos",
"nixos-x13s": "nixos-x13s",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-2211": "nixpkgs-2211", "nixpkgs-2211": "nixpkgs-2211",
"nixpkgs-unstable-small": "nixpkgs-unstable-small" "nixpkgs-unstable-small": "nixpkgs-unstable-small"

6
nix/os/devices/steveej-x13s/flake.nix
View file

@ -18,6 +18,9 @@
url = "github:nix-community/home-manager/release-23.11"; url = "github:nix-community/home-manager/release-23.11";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s";
nixos-x13s.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = outputs =
@ -46,7 +49,8 @@
modules = modules =
[ [
repoFlake.nixosModules.hardware-x13s # repoFlake.nixosModules.hardware-x13s
./configuration.nix ./configuration.nix
] ]

6
nix/os/modules/hardware.thinkpad-x13s.nix
View file

@ -13,12 +13,6 @@ in
type = lib.types.str; type = lib.types.str;
description = "mac address to set on boot"; description = "mac address to set on boot";
}; };
bluetoothMacAddr = lib.mkOption {
default = "00:00:00:00:00";
type = lib.types.str;
};
}; };
config = config =
let let

15
nix/os/profiles/common/boot.nix
View file

@ -1,15 +0,0 @@
{pkgs, ...}: {
boot.kernelPackages = pkgs.linuxPackages;
boot.loader.grub = {
enable = true;
efiSupport = true;
efiInstallAsRemovable = false;
};
boot.loader.systemd-boot.enable = false;
boot.loader.efi.canTouchEfiVariables = true;
boot.tmp.useTmpfs = true;
# Workaround for nm-pptp to enforce module load
boot.kernelModules = ["nf_conntrack_proto_gre" "nf_conntrack_pptp"];
}

46
nix/os/profiles/common/configuration.nix
View file

@ -1,18 +1,38 @@
{ { config
config, , pkgs
pkgs, , repoFlake
repoFlake, , nodeFlake
... , repoFlakeInputs'
, packages'
, ...
}: { }: {
imports = [ imports = [
./boot.nix
./pkg.nix
./system.nix
../../snippets/nix-settings.nix
./hw.nix
./user.nix
repoFlake.inputs.sops-nix.nixosModules.sops repoFlake.inputs.sops-nix.nixosModules.sops
../../snippets/nix-settings.nix
../../snippets/home-manager-with-zsh.nix
./system.nix
./hw.nix
./user.nix
]; ];
boot.kernelPackages = pkgs.linuxPackages;
boot.loader.grub = {
enable = true;
efiSupport = true;
efiInstallAsRemovable = false;
};
boot.loader.systemd-boot.enable = false;
boot.loader.efi.canTouchEfiVariables = true;
boot.tmp.useTmpfs = true;
# Workaround for nm-pptp to enforce module load
boot.kernelModules = [ "nf_conntrack_proto_gre" "nf_conntrack_pptp" ];
nixpkgs.config = {
allowBroken = false;
allowUnfree = true;
};
} }

34
nix/os/profiles/common/pkg.nix
View file

@ -1,34 +0,0 @@
{ config
, pkgs
, # these come in via nodeSpecialArgs and are expected to be defined for every node
repoFlake
, repoFlakeInputs'
, nodeFlake
, packages'
, ...
}: {
imports = [
];
nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs;
home-manager.useGlobalPkgs = false;
home-manager.useUserPackages = true;
home-manager.users.root = import ../../../home-manager/configuration/text-minimal.nix;
# TODO: investigate an issue with the "name" arg contained here, which causes problems with home-manager
# home-manager.extraSpecialArgs = specialArgs;
# hence, opt for passing the arguments selectively instead
home-manager.extraSpecialArgs = {
inherit
repoFlake
repoFlakeInputs'
packages'
nodeFlake
;
};
nixpkgs.config = {
allowBroken = false;
allowUnfree = true;
};
}

5
nix/os/profiles/common/system.nix
View file

@ -42,15 +42,12 @@
# mv -Tf /etc/X11/.sessions /etc/X11/sessions # mv -Tf /etc/X11/.sessions /etc/X11/sessions
# ''; # '';
# TODO: adapt this to be arch agnostic
system.activationScripts.lib64 = '' system.activationScripts.lib64 = ''
echo "setting up /lib64..." echo "setting up /lib64..."
mkdir -p /lib64 mkdir -p /lib64
ln -sfT ${pkgs.glibc}/lib/ld-linux-x86-64.so.2 /lib64/.ld-linux-x86-64.so.2 ln -sfT ${pkgs.glibc}/lib/ld-linux-x86-64.so.2 /lib64/.ld-linux-x86-64.so.2
mv -Tf /lib64/.ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2 mv -Tf /lib64/.ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2
''; '';
programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh;
environment.pathsToLink = [ "/share/zsh" ];
programs.fuse.userAllowOther = true; programs.fuse.userAllowOther = true;
} }

19
nix/os/profiles/graphical/system.nix
View file

@ -1,8 +1,11 @@
{ { pkgs
pkgs, , lib
lib, , ...
...
}: { }: {
imports = [
../../snippets/bluetooth.nix
];
networking.networkmanager = { networking.networkmanager = {
enable = true; enable = true;
dns = "systemd-resolved"; dns = "systemd-resolved";
@ -22,12 +25,8 @@
services.illum.enable = true; services.illum.enable = true;
services.pcscd.enable = true; services.pcscd.enable = true;
hardware.opengl.enable = true; hardware.opengl.enable = true;
hardware.bluetooth.enable = true;
# required for running blueman-applet in user sessions
services.dbus.packages = with pkgs; [blueman];
services.blueman.enable = true;
services.udev.packages = [pkgs.libu2f-host pkgs.yubikey-personalization pkgs.android-udev-rules]; services.udev.packages = [ pkgs.libu2f-host pkgs.yubikey-personalization pkgs.android-udev-rules ];
services.udev.extraRules = '' services.udev.extraRules = ''
# OnePlusOne # OnePlusOne
ATTR{idVendor}=="05c6", ATTR{idProduct}=="6764", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess" ATTR{idVendor}=="05c6", ATTR{idProduct}=="6764", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess"
@ -54,6 +53,6 @@
services.printing = { services.printing = {
enable = true; enable = true;
drivers = with pkgs; [mfcl3770cdwlpr mfcl3770cdwcupswrapper]; drivers = with pkgs; [ mfcl3770cdwlpr mfcl3770cdwcupswrapper ];
}; };
} }

9
nix/os/snippets/bluetooth.nix Normal file
View file

@ -0,0 +1,9 @@
{ pkgs
, lib
, ...
}: {
# required for running blueman-applet in user sessions
services.dbus.packages = with pkgs; [ blueman ];
hardware.bluetooth.enable = true;
services.blueman.enable = true;
}

49
nix/os/snippets/home-manager-with-zsh.nix Normal file
View file

@ -0,0 +1,49 @@
{ nodeFlake
, repoFlake
, repoFlakeInputs'
, packages'
, pkgs
, ...
}:
let
# TODO: make this configurable
homeUser = "steveej";
commonHomeImports = [
../../home-manager/profiles/common.nix
../../home-manager/programs/neovim.nix
../../home-manager/programs/zsh.nix
];
in
{
imports = [
nodeFlake.inputs.home-manager.nixosModules.home-manager
];
# TODO: investigate an issue with the "name" arg contained here, which causes problems with home-manager
# home-manager.extraSpecialArgs = specialArgs;
# hence, opt for passing the arguments selectively instead
home-manager.extraSpecialArgs = {
inherit
repoFlake
repoFlakeInputs'
packages'
nodeFlake
;
};
home-manager.useGlobalPkgs = false;
home-manager.useUserPackages = true;
home-manager.users.root = _: {
imports = commonHomeImports;
};
home-manager.users."${homeUser}" = _: {
imports = commonHomeImports;
};
programs.zsh.enable = true;
users.defaultUserShell = pkgs.zsh;
environment.pathsToLink = [ "/share/zsh" ];
}

13
nix/os/snippets/nix-settings.nix
View file

@ -1,9 +1,7 @@
{ { nodeFlake
nodeFlake, , pkgs
, lib
pkgs, , ...
lib,
...
}: { }: {
nix.daemonCPUSchedPolicy = "idle"; nix.daemonCPUSchedPolicy = "idle";
nix.daemonIOSchedClass = "idle"; nix.daemonIOSchedClass = "idle";
@ -17,8 +15,6 @@
nix.settings.experimental-features = [ nix.settings.experimental-features = [
"nix-command" "nix-command"
"flakes" "flakes"
"ca-derivations"
"impure-derivations"
]; ];
nix.settings.system-features = [ nix.settings.system-features = [
@ -29,4 +25,5 @@
]; ];
nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs; nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs;
} }

26
nix/os/snippets/sway-desktop.nix
View file

@ -1,4 +1,8 @@
{ pkgs, lib, ... }: { pkgs
, lib
, config
, ...
}:
let let
# TODO: make this configurable # TODO: make this configurable
@ -64,6 +68,7 @@ in
}; };
security.pam.services.getty.enableGnomeKeyring = true; security.pam.services.getty.enableGnomeKeyring = true;
security.pam.services."autovt@tty1".enableGnomeKeyring = true;
services.gnome.gnome-keyring.enable = true; services.gnome.gnome-keyring.enable = true;
# autologin steveej on tty1 # autologin steveej on tty1
@ -79,11 +84,20 @@ in
Restart = "always"; Restart = "always";
Type = "idle"; Type = "idle";
}; };
programs.zsh.loginShellInit = ''
if test $(id --user steveej) = $(id -u) && test $(tty) = "/dev/tty1"; then programs =
exec sway let
fi steveejSwayOnTty1 = ''
''; if test $(id --user steveej) = $(id -u) && test $(tty) = "/dev/tty1"; then
exec sway
fi
'';
in
{
bash.loginShellInit = steveejSwayOnTty1;
# TODO: only do this when zsh is enabled. first naiv attempt lead infinite recursion
zsh.loginShellInit = steveejSwayOnTty1;
};
home-manager.users."${homeUser}" = _: { home-manager.users."${homeUser}" = _: {
imports = [ imports = [

14
secrets/steveej-x13s/secrets.yaml
View file

@ -1,14 +1,4 @@
hello: ENC[AES256_GCM,data:9dO0Gd4YDDxWHHBYtdomfK8BJnBZC+SQYfUvTAkCq9sOO/ZH/bFhN0Fl/NvLzQ==,iv:m1TZ9PGjsoMo7NA9EHrLb0tCtIl98E3OEN1bkpZZxXY=,tag:Gup/pACLIXGXu8KEyzmfWg==,type:str] hello: ENC[AES256_GCM,data:9dO0Gd4YDDxWHHBYtdomfK8BJnBZC+SQYfUvTAkCq9sOO/ZH/bFhN0Fl/NvLzQ==,iv:m1TZ9PGjsoMo7NA9EHrLb0tCtIl98E3OEN1bkpZZxXY=,tag:Gup/pACLIXGXu8KEyzmfWg==,type:str]
example_key: ENC[AES256_GCM,data:EQ+uewu8+17QhrbIHg==,iv:N9i1tCT5IHz5WYbqyF0AIqCq/c67uPMiavUxt0Eb2Oc=,tag:UwOrM3cOLYMxIe80GenljA==,type:str]
#ENC[AES256_GCM,data:qZzxU9ai1z/5f3gxHrR5Dq56,iv:ccvxVS693K9Jjp/YIesWo8kemtkCSFWHJlJposcmXt0=,tag:FQUUPO+ydScUVZWH89vEew==,type:comment]
#ENC[AES256_GCM,data:Il5rKFCgUQERmLqSEOnzoQ==,iv:ALxNqdu/MgDdPyiEsq0Qgb/5bOBS3OgIWf0ZOUbGLJg=,tag:u4vJ7Y6iwa1Na5FIebrVow==,type:comment]
example_array:
- ENC[AES256_GCM,data:yMM0kfvv4WI/reWLuM8=,iv:51XoWYOFLAbhIzejbWBwIpi2JVhQZIivLt4HVJtXPpA=,tag:J9C7NwdVOoocGKWUvUAOSQ==,type:str]
- ENC[AES256_GCM,data:Tg1bRwtydMuaLvnvTDc=,iv:8c44EM1U5tqD8Mn8Fg37MyASi+xv78BB+8AjG59tzXE=,tag:OvxU9x0pZbjW9j/DQMahFg==,type:str]
example_number: ENC[AES256_GCM,data:DhzIPdpqm/p1pQ==,iv:ZWkBTeuyaXVzffEVGuw1xxi+ekiSGyspE9PeBNRRm1k=,tag:Qq1/Wo3XY+Y2u5luxxxTeA==,type:float]
example_booleans:
- ENC[AES256_GCM,data:ZA6WIQ==,iv:gkQnXrVZiP6Yj4SVdtM09Jmpebb11998tv3y/P5pvqE=,tag:ujwkH9l6/+1W4IeDu3HBFw==,type:bool]
- ENC[AES256_GCM,data:YcDPFAc=,iv:r9gBG5YIq5Sgs6/HWRWjBJZ8TrlXDxnAZN1PRBVIq8k=,tag:TTP0tsiPsPsd6BjkScCRbQ==,type:bool]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -24,8 +14,8 @@ sops:
Q1FmbW9BL3E1emwwWFhJTTZoRlhVdFEKCkpvkW65v0+fuh2bXZVNVbnwsl1Aca/O Q1FmbW9BL3E1emwwWFhJTTZoRlhVdFEKCkpvkW65v0+fuh2bXZVNVbnwsl1Aca/O
9tkIMNLFhD/Rn8MFmkhIZmWYWB4IUwW/UNSxrmkt7cyFJNlpAH0+YA== 9tkIMNLFhD/Rn8MFmkhIZmWYWB4IUwW/UNSxrmkt7cyFJNlpAH0+YA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-01-22T09:20:19Z" lastmodified: "2024-01-23T09:41:31Z"
mac: ENC[AES256_GCM,data:Mmo5XJaMIDZ0sqKyn7oK+l6XdrTyA0NuF8tueLEKSdSCFxr2TJjroyojsybrYKehp5rrW1rT8cWWld2wXEEr+txsMCzIrlDqyerkcsu7ioMJb7ihRyXATBzdBOfUTq/8iLLc9gE9uRaMbeNOrglF0nxS+VtwOmst/z6fl7wC0+Q=,iv:t+dSzeBBhVfPo2efHM4iWIE/DHTDAm917kZrV1UxV0I=,tag:+CPkO6bbWqMzWBs16HT8GA==,type:str] mac: ENC[AES256_GCM,data:xGspZnqqcwoxM0otV3m6RJdwp4laYC+b6DSOEhzbQDeS6hslD6BddQ2g+tS7l3QTtItOjmB6pLb1JJkyhaG3PDWaDu89GNlvUyTyTUxfZWzTfiB6LWJS7eDTwb6OvzDklzCRltoH+8bWTjedWkeWIOtYbjJPo6zwUAiXgiKOj2s=,iv:MSgm5HXlb/NtvqHvVmDdwzX5ebipf7UJnmPNFUV9Nzs=,tag:XT4Evu+Sn+t/+EPb+dZ61Q==,type:str]
pgp: pgp:
- created_at: "2024-01-23T09:01:14Z" - created_at: "2024-01-23T09:01:14Z"
enc: |- enc: |-