From ffdf25c117b7f033b47b8dee83b170ceeaf8b343 Mon Sep 17 00:00:00 2001 From: Stefan Junker Date: Wed, 24 Jan 2024 00:24:04 +0000 Subject: [PATCH] clean up and refactor more into OS snippets; bluetooth works on x13s --- flake.lock | 17 +++ flake.nix | 6 + .../configuration/text-minimal.nix | 12 -- nix/home-manager/profiles/common.nix | 23 +-- nix/home-manager/profiles/dotfiles.nix | 49 +++++- nix/home-manager/profiles/sway-desktop.nix | 18 --- nix/os/devices/steveej-t14/configuration.nix | 6 + nix/os/devices/steveej-t14/default.nix | 25 ++-- nix/os/devices/steveej-t14/system.nix | 7 - .../steveej-x13s-rmvbl/configuration.nix | 86 +---------- nix/os/devices/steveej-x13s-rmvbl/flake.lock | 83 +---------- nix/os/devices/steveej-x13s-rmvbl/flake.nix | 10 +- nix/os/devices/steveej-x13s/configuration.nix | 101 ++++++++----- nix/os/devices/steveej-x13s/default.nix | 2 - nix/os/devices/steveej-x13s/flake.lock | 141 ++++++++---------- nix/os/devices/steveej-x13s/flake.nix | 6 +- nix/os/modules/hardware.thinkpad-x13s.nix | 6 - nix/os/profiles/common/boot.nix | 15 -- nix/os/profiles/common/configuration.nix | 46 ++++-- nix/os/profiles/common/pkg.nix | 34 ----- nix/os/profiles/common/system.nix | 5 +- nix/os/profiles/graphical/system.nix | 19 ++- nix/os/snippets/bluetooth.nix | 9 ++ nix/os/snippets/home-manager-with-zsh.nix | 49 ++++++ nix/os/snippets/nix-settings.nix | 13 +- nix/os/snippets/sway-desktop.nix | 26 +++- secrets/steveej-x13s/secrets.yaml | 14 +- 27 files changed, 367 insertions(+), 461 deletions(-) delete mode 100644 nix/home-manager/configuration/text-minimal.nix delete mode 100644 nix/os/profiles/common/boot.nix delete mode 100644 nix/os/profiles/common/pkg.nix create mode 100644 nix/os/snippets/bluetooth.nix create mode 100644 nix/os/snippets/home-manager-with-zsh.nix diff --git a/flake.lock b/flake.lock index 825f580..4926126 100644 --- a/flake.lock +++ b/flake.lock @@ -132,6 +132,22 @@ "type": "github" } }, + "dotfiles": { + "flake": false, + "locked": { + "lastModified": 1541334338, + "narHash": "sha256-9QAq7bjITpaO8A8qD8IVoa+89Bg13CEwxf771d9S/Ag=", + "owner": "steveeJ", + "repo": "dotfiles", + "rev": "9a8484f7094edc1b533bad3be71c511ba8ff45eb", + "type": "gitlab" + }, + "original": { + "owner": "steveeJ", + "repo": "dotfiles", + "type": "gitlab" + } + }, "fenix": { "inputs": { "nixpkgs": [ @@ -713,6 +729,7 @@ "nixos-anywhere", "disko" ], + "dotfiles": "dotfiles", "fenix": "fenix", "flake-parts": "flake-parts", "get-flake": "get-flake", diff --git a/flake.nix b/flake.nix index 5c9e433..a0bdcc8 100644 --- a/flake.nix +++ b/flake.nix @@ -1,6 +1,11 @@ # flake.nix { inputs = { + dotfiles = { + url = "gitlab:steveeJ/dotfiles"; + flake = false; + }; + # flake and infra basics nixpkgs-2211.url = "github:nixos/nixpkgs/nixos-22.11"; radicalePkgs.follows = "nixpkgs-2211"; @@ -164,6 +169,7 @@ retro_cross = retro.cross; steveej-x13s_cross = (inputs.get-flake ./nix/os/devices/steveej-x13s).nixosConfigurations.cross; + steveej-x13s-rmvbl_cross = (inputs.get-flake ./nix/os/devices/steveej-x13s-rmvbl).nixosConfigurations.cross; } ); diff --git a/nix/home-manager/configuration/text-minimal.nix b/nix/home-manager/configuration/text-minimal.nix deleted file mode 100644 index 4566af7..0000000 --- a/nix/home-manager/configuration/text-minimal.nix +++ /dev/null @@ -1,12 +0,0 @@ -{pkgs, ...}: { - imports = [ - ../profiles/common.nix - ../programs/neovim.nix - ]; - - home.packages = with pkgs; [ - iperf3 - inetutils - speedtest-cli - ]; -} diff --git a/nix/home-manager/profiles/common.nix b/nix/home-manager/profiles/common.nix index 4356534..4ea2e6c 100644 --- a/nix/home-manager/profiles/common.nix +++ b/nix/home-manager/profiles/common.nix @@ -3,10 +3,7 @@ # programs.home-manager.enable = true; # programs.home-manager.path = https://github.com/rycee/home-manager/archive/445c0b1482c38172a9f8294ee16a7ca7462388e5.tar.gz; - imports = [ - ../programs/zsh.nix - ]; - + # TODO: move this to an OS snippet? nixpkgs.config = { allowBroken = false; allowUnfree = true; @@ -14,15 +11,6 @@ permittedInsecurePackages = [ ]; }; - nix.settings.experimental-features = [ - "nix-command" - "flakes" - "impure-derivations" - "ca-derivations" - "recursive-nix" - ]; - nix.settings.sandbox = "relaxed"; - home.keyboard = { layout = "us"; variant = "altgr-intl"; @@ -36,9 +24,7 @@ xdg.enable = true; programs.direnv.enable = true; - services.lorri.enable = true; - home.sessionVariables.NIXPKGS_ALLOW_UNFREE = "1"; # Don't create .pyc files. home.sessionVariables.PYTHONDONTWRITEBYTECODE = "1"; @@ -48,9 +34,14 @@ home.packages = [ ] ++ (with pkgs; [ - htop + coreutils + vcsh + htop + iperf3 + nethogs + # Authentication cacert openssl diff --git a/nix/home-manager/profiles/dotfiles.nix b/nix/home-manager/profiles/dotfiles.nix index 95b5248..c702f82 100644 --- a/nix/home-manager/profiles/dotfiles.nix +++ b/nix/home-manager/profiles/dotfiles.nix @@ -1,10 +1,47 @@ +{ repoFlake +, pkgs +, config +, repoHttps ? "https://gitlab.com/steveeJ/dotfiles.git" +, repoSsh ? "git@gitlab.com:/steveeJ/dotfiles.git" +, ... +}: +let + repoBareLocal = + pkgs.runCommand "fetchbare" + { + outputHashMode = "recursive"; + outputHashAlgo = "sha256"; + outputHash = "0000000000000000000000000000000000000000000000000000"; + } '' + ( + set -xe + export GIT_SSL_CAINFO=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt + export SSL_CERT_FILE=${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt + ${pkgs.git}/bin/git clone --mirror ${repoHttps} $out + ) + ''; + vcshActivationScript = pkgs.writeScript "activation-script" '' + export HOST=$(hostname -s) + + function set_remotes { + ${pkgs.vcsh}/bin/vcsh dotfiles remote set-url origin $1 + ${pkgs.vcsh}/bin/vcsh dotfiles remote set-url --push origin $2 + } + + if ! test -d $HOME/.config/vcsh/repo.d/dotfiles.git; then + echo Cloning dotfiles for $HOST... + ${pkgs.vcsh}/bin/vcsh clone -b $HOST ${repoBareLocal} dotfiles + set_remotes ${repoHttps} ${repoSsh} + else + set_remotes ${repoBareLocal} ${repoSsh} + echo Updating dotfiles for $HOST... + ${pkgs.vcsh}/bin/vcsh pull $HOST || true + set_remotes ${repoHttps} ${repoSsh} + fi + ''; + +in { - pkgs, - config, - ... -}: let - vcshActivationScript = pkgs.callPackage ./dotfiles/vcsh.nix {}; -in { # TODO: fix the dotfiles # home.activation.vcsh = config.lib.dag.entryAfter["linkGeneration"] '' # $DRY_RUN_CMD ${vcshActivationScript} diff --git a/nix/home-manager/profiles/sway-desktop.nix b/nix/home-manager/profiles/sway-desktop.nix index f2bde47..a30fb64 100644 --- a/nix/home-manager/profiles/sway-desktop.nix +++ b/nix/home-manager/profiles/sway-desktop.nix @@ -39,24 +39,6 @@ in services.gpg-agent.pinentryFlavor = "gnome3"; - nixpkgs.overlays = [ - (final: prev: { - # xdg-desktop-portal-wlr' = repoFlakeInputs'.nixpkgs-wayland.packages.xdg-desktop-portal-wlr; - # xdg-desktop-portal-wlr-gtk' = repoFlakeInputs'.nixpkgs-wayland.packages.xdg-desktop-portal-wlr-gtk; - # sway-unwrapped = let - # fixed_wlroots = prev.wlroots_0_16.overrideAttrs (old: { - # patches = [ - # (builtins.fetchurl { - # sha256 = "05h9xzicz3fccskg2hbqnw2qh4bm7mwi70c4m00y87w5yhj9gxps"; - # url = "https://gist.githubusercontent.com/steveej/1d8c96ed2fdb3d9ddd0344ca5136073f/raw/d6a097a452b950865b554587db606e718d99c572/fix-wlroots.patch"; - # }) - # ]; - # }); - # in - # prev.sway-unwrapped.override {wlroots_0_16 = fixed_wlroots;}; - }) - ]; - home.packages = [ pkgs.swayidle pkgs.swaylock diff --git a/nix/os/devices/steveej-t14/configuration.nix b/nix/os/devices/steveej-t14/configuration.nix index fc3d209..fab73d5 100644 --- a/nix/os/devices/steveej-t14/configuration.nix +++ b/nix/os/devices/steveej-t14/configuration.nix @@ -1,5 +1,11 @@ { ... }: { imports = [ + ../../snippets/home-manager-with-zsh.nix + ../../snippets/nix-settings-holo-chain.nix + ../../snippets/radicale.nix + ../../snippets/sway-desktop.nix + ../../snippets/timezone.nix + ../../profiles/common/configuration.nix ../../profiles/graphical/configuration.nix ../../modules/opinionatedDisk.nix diff --git a/nix/os/devices/steveej-t14/default.nix b/nix/os/devices/steveej-t14/default.nix index 15b7745..430b017 100644 --- a/nix/os/devices/steveej-t14/default.nix +++ b/nix/os/devices/steveej-t14/default.nix @@ -1,24 +1,21 @@ -{ - nodeName, - repoFlake, - repoFlakeWithSystem, - nodeFlake, -}: let +{ nodeName +, repoFlake +, repoFlakeWithSystem +, nodeFlake +, ... +}: +let system = "x86_64-linux"; -in { +in +{ meta.nodeSpecialArgs.${nodeName} = { inherit repoFlake nodeName nodeFlake; packages' = repoFlake.packages.${system}; - repoFlakeInputs' = repoFlakeWithSystem system ({inputs', ...}: inputs'); + repoFlakeInputs' = repoFlakeWithSystem system ({ inputs', ... }: inputs'); }; meta.nodeNixpkgs.${nodeName} = import nodeFlake.inputs.nixpkgs.outPath { inherit system; - overlays = [ - (final: prev: { - # FIXME: why are these not effective in for the configuration.nix below? - }) - ]; }; ${nodeName} = { @@ -28,8 +25,6 @@ in { imports = [ (repoFlake + "/nix/os/devices/${nodeName}/configuration.nix") - - nodeFlake.inputs.home-manager.nixosModules.home-manager ]; }; } diff --git a/nix/os/devices/steveej-t14/system.nix b/nix/os/devices/steveej-t14/system.nix index a0d5395..9dc6590 100644 --- a/nix/os/devices/steveej-t14/system.nix +++ b/nix/os/devices/steveej-t14/system.nix @@ -24,13 +24,6 @@ let in { - imports = [ - ../../snippets/nix-settings-holo-chain.nix - ../../snippets/radicale.nix - ../../snippets/sway-desktop.nix - ../../snippets/timezone.nix - ]; - nix.settings = { substituters = [ ]; diff --git a/nix/os/devices/steveej-x13s-rmvbl/configuration.nix b/nix/os/devices/steveej-x13s-rmvbl/configuration.nix index 7e39af7..cfbf501 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/configuration.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/configuration.nix @@ -11,96 +11,12 @@ { imports = [ - repoFlake.inputs.sops-nix.nixosModules.sops - nodeFlake.inputs.disko.nixosModules.disko - ./disko.nix - - ../../profiles/common/user.nix - ../../profiles/common/pkg.nix - - { - # nixpkgs.config.allowUnsupportedSystem = true; - - # flake registry - nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs; - - nix.nixPath = [ - "nixpkgs=${pkgs.path}" - ]; - - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - - nix.settings.max-jobs = lib.mkDefault "auto"; - } - - { - services.openssh.enable = true; - services.openssh.settings.PermitRootLogin = "yes"; - services.openssh.openFirewall = true; - users.commonUsers = { enable = true; enableNonRoot = true; + installPassword = "install"; }; - - sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; - sops.defaultSopsFormat = "yaml"; } - - nodeFlake.inputs.home-manager.nixosModules.home-manager - - ../../snippets/sway-desktop.nix - ../../snippets/radicale.nix ]; - - hardware.thinkpad-x13s = { - enable = true; - - # TODO: use hardware address - bluetoothMac = "65:9e:7a:8b:86:28"; - }; - - networking = { - hostName = nodeName; - - firewall.enable = true; - - # useNetworkd = true; - networkmanager.enable = true; - }; - - system.stateVersion = "23.11"; - - nixpkgs.config.allowUnfree = true; - - environment.systemPackages = [ - pkgs.sshfs - pkgs.util-linux - pkgs.coreutils - pkgs.vim - - pkgs.git - pkgs.git-crypt - ]; - - home-manager.users.steveej = _: { - imports = [ - ../../../home-manager/configuration/graphical-fullblown.nix - - (_: { - programs.chromium.extensions = [ - # can define host-specific extensions here - ]; - }) - ]; - - home.sessionVariables = { }; - - home.packages = with pkgs; [ - ]; - }; } diff --git a/nix/os/devices/steveej-x13s-rmvbl/flake.lock b/nix/os/devices/steveej-x13s-rmvbl/flake.lock index f7008e1..6fc6701 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/flake.lock +++ b/nix/os/devices/steveej-x13s-rmvbl/flake.lock @@ -1,55 +1,5 @@ { "nodes": { - "adamcstephens_stop-export": { - "flake": false, - "locked": { - "lastModified": 1705876512, - "narHash": "sha256-nvBqLyi8dMQf3xnROwEcUv4iqV55Mr8S8OGYepu14i4=", - "ref": "refs/heads/main", - "rev": "388684db5b529bbd6f3e948cf175df089eb09766", - "revCount": 14, - "type": "git", - "url": "https://codeberg.org/adamcstephens/stop-export.git" - }, - "original": { - "type": "git", - "url": "https://codeberg.org/adamcstephens/stop-export.git" - } - }, - "alsa-ucm-conf": { - "flake": false, - "locked": { - "lastModified": 1705501566, - "narHash": "sha256-Nyr7tjH5VBjocvaKaHCiK+zsjThYBtcr936aRWCBBpM=", - "owner": "alsa-project", - "repo": "alsa-ucm-conf", - "rev": "e87dde51d68950537f92af955ad0633437cc419a", - "type": "github" - }, - "original": { - "owner": "alsa-project", - "ref": "master", - "repo": "alsa-ucm-conf", - "type": "github" - } - }, - "brainwart_x13s-nixos": { - "flake": false, - "locked": { - "lastModified": 1705565623, - "narHash": "sha256-sisr/dFIz8p3/Y7mz+arWxjeiBmUTQkMqkF9j3c2dWE=", - "owner": "BrainWart", - "repo": "x13s-nixos", - "rev": "29002122d86a1009ba70e7a4ca3063e5404c77a2", - "type": "github" - }, - "original": { - "owner": "BrainWart", - "ref": "flake", - "repo": "x13s-nixos", - "type": "github" - } - }, "disko": { "inputs": { "nixpkgs": [ @@ -105,23 +55,6 @@ "type": "github" } }, - "linux_x13s": { - "flake": false, - "locked": { - "lastModified": 1705680516, - "narHash": "sha256-NjCuPYjYHBJcoJR1ZaWQ9sRh0VpY2Y0hawkbUBRfCvk=", - "owner": "jhovold", - "repo": "linux", - "rev": "bac95eabe6577faa2773cbe7e91c34fd17ab79a0", - "type": "github" - }, - "original": { - "owner": "jhovold", - "ref": "wip/sc8280xp-v6.7", - "repo": "linux", - "type": "github" - } - }, "mobile-nixos": { "flake": false, "locked": { @@ -140,11 +73,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1705774713, - "narHash": "sha256-j6ADaDH9XiumUzkTPlFyCBcoWYhO83lfgiSqEJF2zcs=", + "lastModified": 1705916986, + "narHash": "sha256-iBpfltu6QvN4xMpen6jGGEb6jOqmmVQKUrXdOJ32u8w=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1b64fc1287991a9cce717a01c1973ef86cb1af0b", + "rev": "d7f206b723e42edb09d9d753020a84b3061a79d8", "type": "github" }, "original": { @@ -172,11 +105,11 @@ }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1705891108, - "narHash": "sha256-PQ0Df5BzByg+0gPE1goa9WYVXSoEP6gtjblrbYC8WOI=", + "lastModified": 1706022028, + "narHash": "sha256-F8Gv4R4K/AvS3+6pWd8wlnw4Vhgf7bcszy7i8XPbzA0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8cccce637e19577815de54c5ecc3132dff965aee", + "rev": "15ff1758e7816331033baa14eebbea68626128f3", "type": "github" }, "original": { @@ -188,13 +121,9 @@ }, "root": { "inputs": { - "adamcstephens_stop-export": "adamcstephens_stop-export", - "alsa-ucm-conf": "alsa-ucm-conf", - "brainwart_x13s-nixos": "brainwart_x13s-nixos", "disko": "disko", "get-flake": "get-flake", "home-manager": "home-manager", - "linux_x13s": "linux_x13s", "mobile-nixos": "mobile-nixos", "nixpkgs": "nixpkgs", "nixpkgs-2211": "nixpkgs-2211", diff --git a/nix/os/devices/steveej-x13s-rmvbl/flake.nix b/nix/os/devices/steveej-x13s-rmvbl/flake.nix index d9cc53c..9a6bcba 100644 --- a/nix/os/devices/steveej-x13s-rmvbl/flake.nix +++ b/nix/os/devices/steveej-x13s-rmvbl/flake.nix @@ -31,6 +31,8 @@ buildPlatform = "x86_64-linux"; nodeName = "steveej-x13s-rmvbl"; + x13s-flake = get-flake ../steveej-x13s; + mkNixosConfiguration = { extraModules ? [ ], ... } @ attrs: nixpkgs.lib.nixosSystem ( nixpkgs.lib.attrsets.recursiveUpdate @@ -41,13 +43,15 @@ inherit nodeName; repoFlake = get-flake ../../../..; - nodeFlake = self; + + # TODO: double-check if this hack doesn't have negative side-effects + # the reason for it is so that `nodeFlake.inputs.nixos-x13s.nixosModules.default` in the module is found + nodeFlake = x13s-flake; }).meta.nodeSpecialArgs.${nodeName}; modules = [ - self.nixosModules.hardware-x13s - + ../steveej-x13s/configuration.nix ./configuration.nix ] ++ extraModules; diff --git a/nix/os/devices/steveej-x13s/configuration.nix b/nix/os/devices/steveej-x13s/configuration.nix index 0da079a..204aa33 100644 --- a/nix/os/devices/steveej-x13s/configuration.nix +++ b/nix/os/devices/steveej-x13s/configuration.nix @@ -10,31 +10,60 @@ }: { + nixos-x13s = { + enable = true; + # TODO: use hardware address + bluetoothMac = "65:9e:7a:8b:86:28"; + }; + + systemd.services.bluetooth-mac = { + enable = true; + path = [ + pkgs.systemd + pkgs.util-linux + pkgs.bluez5-experimental + pkgs.expect + ]; + script = '' + # TODO: this may not be required + while ! (journalctl -b0 | grep 'Bluetooth: hci0: QCA setup on UART is completed'); do + echo Waiting for bluetooth firmware to complete + echo sleep 1 + done + + ( + # best effort + set +e + rfkill block bluetooth + echo $? + btmgmt public-addr ${config.nixos-x13s.bluetoothMac} + echo $? + rfkill unblock bluetooth + echo $? + ) + ''; + requiredBy = [ "bluetooth.service" ]; + before = [ "bluetooth.service" ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + + # we need a tty, otherwise btmgmt will hang + StandardInput = "tty"; + TTYPath = "/dev/tty2"; + TTYReset = "yes"; + TTYVHangup = "yes"; + }; + }; + imports = [ + nodeFlake.inputs.nixos-x13s.nixosModules.default + repoFlake.inputs.sops-nix.nixosModules.sops nodeFlake.inputs.disko.nixosModules.disko ./disko.nix - repoFlake.nixosModules.thinkpad-x13s - - ../../profiles/common/pkg.nix - - { - # flake registry - nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs; - - nix.nixPath = [ - "nixpkgs=${pkgs.path}" - ]; - - nix.settings.experimental-features = [ - "nix-command" - "flakes" - ]; - - nix.settings.max-jobs = lib.mkDefault "auto"; - } - + ../../snippets/nix-settings.nix ../../profiles/common/user.nix { @@ -42,30 +71,23 @@ services.openssh.settings.PermitRootLogin = "yes"; services.openssh.openFirewall = true; - # sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; - # sops.defaultSopsFormat = "yaml"; + sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; + sops.defaultSopsFormat = "yaml"; users.commonUsers = { enable = true; enableNonRoot = true; - installPassword = "install"; }; } - nodeFlake.inputs.home-manager.nixosModules.home-manager + ../../snippets/home-manager-with-zsh.nix ../../snippets/sway-desktop.nix + ../../snippets/bluetooth.nix ../../snippets/timezone.nix # ../../snippets/radicale.nix ]; - hardware.thinkpad-x13s = { - enable = true; - - # TODO: use hardware address - bluetoothMac = "65:9e:7a:8b:86:28"; - }; - networking.hostName = nodeName; networking.firewall.enable = true; networking.networkmanager.enable = true; @@ -93,12 +115,23 @@ ../../../home-manager/configuration/graphical-fullblown.nix ]; - # seems to be broke on install - programs.chromium.enable = lib.mkForce false; - home.sessionVariables = { }; home.packages = with pkgs; [ ]; + + # TODO: currently unsupported + services.gammastep.enable = lib.mkForce false; + # programs.chromium.enable = lib.mkForce false; + }; + + boot = { + kernelParams = [ + "dtb=sc8280xp-lenovo-thinkpad-x13s.dtb" + ]; + loader.systemd-boot.enable = true; + loader.efi.canTouchEfiVariables = lib.mkForce false; + loader.efi.efiSysMountPoint = "/boot"; + blacklistedKernelModules = [ "wwan" ]; }; } diff --git a/nix/os/devices/steveej-x13s/default.nix b/nix/os/devices/steveej-x13s/default.nix index 51d487b..545dde3 100644 --- a/nix/os/devices/steveej-x13s/default.nix +++ b/nix/os/devices/steveej-x13s/default.nix @@ -31,8 +31,6 @@ imports = [ (repoFlake + "/nix/os/devices/${nodeName}/configuration.nix") - - nodeFlake.inputs.home-manager.nixosModules.home-manager ]; networking.hostName = nodeName; diff --git a/nix/os/devices/steveej-x13s/flake.lock b/nix/os/devices/steveej-x13s/flake.lock index f7008e1..5e95546 100644 --- a/nix/os/devices/steveej-x13s/flake.lock +++ b/nix/os/devices/steveej-x13s/flake.lock @@ -1,55 +1,5 @@ { "nodes": { - "adamcstephens_stop-export": { - "flake": false, - "locked": { - "lastModified": 1705876512, - "narHash": "sha256-nvBqLyi8dMQf3xnROwEcUv4iqV55Mr8S8OGYepu14i4=", - "ref": "refs/heads/main", - "rev": "388684db5b529bbd6f3e948cf175df089eb09766", - "revCount": 14, - "type": "git", - "url": "https://codeberg.org/adamcstephens/stop-export.git" - }, - "original": { - "type": "git", - "url": "https://codeberg.org/adamcstephens/stop-export.git" - } - }, - "alsa-ucm-conf": { - "flake": false, - "locked": { - "lastModified": 1705501566, - "narHash": "sha256-Nyr7tjH5VBjocvaKaHCiK+zsjThYBtcr936aRWCBBpM=", - "owner": "alsa-project", - "repo": "alsa-ucm-conf", - "rev": "e87dde51d68950537f92af955ad0633437cc419a", - "type": "github" - }, - "original": { - "owner": "alsa-project", - "ref": "master", - "repo": "alsa-ucm-conf", - "type": "github" - } - }, - "brainwart_x13s-nixos": { - "flake": false, - "locked": { - "lastModified": 1705565623, - "narHash": "sha256-sisr/dFIz8p3/Y7mz+arWxjeiBmUTQkMqkF9j3c2dWE=", - "owner": "BrainWart", - "repo": "x13s-nixos", - "rev": "29002122d86a1009ba70e7a4ca3063e5404c77a2", - "type": "github" - }, - "original": { - "owner": "BrainWart", - "ref": "flake", - "repo": "x13s-nixos", - "type": "github" - } - }, "disko": { "inputs": { "nixpkgs": [ @@ -69,6 +19,24 @@ "type": "indirect" } }, + "flake-parts": { + "inputs": { + "nixpkgs-lib": "nixpkgs-lib" + }, + "locked": { + "lastModified": 1704982712, + "narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "07f6395285469419cf9d078f59b5b49993198c00", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, "get-flake": { "locked": { "lastModified": 1694475786, @@ -105,23 +73,6 @@ "type": "github" } }, - "linux_x13s": { - "flake": false, - "locked": { - "lastModified": 1705680516, - "narHash": "sha256-NjCuPYjYHBJcoJR1ZaWQ9sRh0VpY2Y0hawkbUBRfCvk=", - "owner": "jhovold", - "repo": "linux", - "rev": "bac95eabe6577faa2773cbe7e91c34fd17ab79a0", - "type": "github" - }, - "original": { - "owner": "jhovold", - "ref": "wip/sc8280xp-v6.7", - "repo": "linux", - "type": "github" - } - }, "mobile-nixos": { "flake": false, "locked": { @@ -138,13 +89,34 @@ "type": "github" } }, + "nixos-x13s": { + "inputs": { + "flake-parts": "flake-parts", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1705945811, + "narHash": "sha256-eDqgRYGMzRfpfWvSVj6IhHAWOMJC3xiwKaClbe79Gro=", + "ref": "refs/heads/main", + "rev": "9320defc4b8f381e5b7887d212d8d2babc41f2f2", + "revCount": 2, + "type": "git", + "url": "https://codeberg.org/adamcstephens/nixos-x13s" + }, + "original": { + "type": "git", + "url": "https://codeberg.org/adamcstephens/nixos-x13s" + } + }, "nixpkgs": { "locked": { - "lastModified": 1705774713, - "narHash": "sha256-j6ADaDH9XiumUzkTPlFyCBcoWYhO83lfgiSqEJF2zcs=", + "lastModified": 1705916986, + "narHash": "sha256-iBpfltu6QvN4xMpen6jGGEb6jOqmmVQKUrXdOJ32u8w=", "owner": "nixos", "repo": "nixpkgs", - "rev": "1b64fc1287991a9cce717a01c1973ef86cb1af0b", + "rev": "d7f206b723e42edb09d9d753020a84b3061a79d8", "type": "github" }, "original": { @@ -170,13 +142,31 @@ "type": "github" } }, + "nixpkgs-lib": { + "locked": { + "dir": "lib", + "lastModified": 1703961334, + "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9", + "type": "github" + }, + "original": { + "dir": "lib", + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-unstable-small": { "locked": { - "lastModified": 1705891108, - "narHash": "sha256-PQ0Df5BzByg+0gPE1goa9WYVXSoEP6gtjblrbYC8WOI=", + "lastModified": 1706022028, + "narHash": "sha256-F8Gv4R4K/AvS3+6pWd8wlnw4Vhgf7bcszy7i8XPbzA0=", "owner": "nixos", "repo": "nixpkgs", - "rev": "8cccce637e19577815de54c5ecc3132dff965aee", + "rev": "15ff1758e7816331033baa14eebbea68626128f3", "type": "github" }, "original": { @@ -188,14 +178,11 @@ }, "root": { "inputs": { - "adamcstephens_stop-export": "adamcstephens_stop-export", - "alsa-ucm-conf": "alsa-ucm-conf", - "brainwart_x13s-nixos": "brainwart_x13s-nixos", "disko": "disko", "get-flake": "get-flake", "home-manager": "home-manager", - "linux_x13s": "linux_x13s", "mobile-nixos": "mobile-nixos", + "nixos-x13s": "nixos-x13s", "nixpkgs": "nixpkgs", "nixpkgs-2211": "nixpkgs-2211", "nixpkgs-unstable-small": "nixpkgs-unstable-small" diff --git a/nix/os/devices/steveej-x13s/flake.nix b/nix/os/devices/steveej-x13s/flake.nix index cb1fed8..7ff3529 100644 --- a/nix/os/devices/steveej-x13s/flake.nix +++ b/nix/os/devices/steveej-x13s/flake.nix @@ -18,6 +18,9 @@ url = "github:nix-community/home-manager/release-23.11"; inputs.nixpkgs.follows = "nixpkgs"; }; + + nixos-x13s.url = "git+https://codeberg.org/adamcstephens/nixos-x13s"; + nixos-x13s.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = @@ -46,7 +49,8 @@ modules = [ - repoFlake.nixosModules.hardware-x13s + # repoFlake.nixosModules.hardware-x13s + ./configuration.nix ] diff --git a/nix/os/modules/hardware.thinkpad-x13s.nix b/nix/os/modules/hardware.thinkpad-x13s.nix index a1c6682..df69d6c 100644 --- a/nix/os/modules/hardware.thinkpad-x13s.nix +++ b/nix/os/modules/hardware.thinkpad-x13s.nix @@ -13,12 +13,6 @@ in type = lib.types.str; description = "mac address to set on boot"; }; - - bluetoothMacAddr = lib.mkOption { - default = "00:00:00:00:00"; - type = lib.types.str; - }; - }; config = let diff --git a/nix/os/profiles/common/boot.nix b/nix/os/profiles/common/boot.nix deleted file mode 100644 index 21fa70c..0000000 --- a/nix/os/profiles/common/boot.nix +++ /dev/null @@ -1,15 +0,0 @@ -{pkgs, ...}: { - boot.kernelPackages = pkgs.linuxPackages; - boot.loader.grub = { - enable = true; - efiSupport = true; - efiInstallAsRemovable = false; - }; - - boot.loader.systemd-boot.enable = false; - boot.loader.efi.canTouchEfiVariables = true; - boot.tmp.useTmpfs = true; - - # Workaround for nm-pptp to enforce module load - boot.kernelModules = ["nf_conntrack_proto_gre" "nf_conntrack_pptp"]; -} diff --git a/nix/os/profiles/common/configuration.nix b/nix/os/profiles/common/configuration.nix index 0590e79..c6ed9fb 100644 --- a/nix/os/profiles/common/configuration.nix +++ b/nix/os/profiles/common/configuration.nix @@ -1,18 +1,38 @@ -{ - config, - pkgs, - repoFlake, - ... +{ config +, pkgs +, repoFlake +, nodeFlake +, repoFlakeInputs' +, packages' +, ... }: { imports = [ - ./boot.nix - ./pkg.nix - ./system.nix - ../../snippets/nix-settings.nix - ./hw.nix - - ./user.nix - repoFlake.inputs.sops-nix.nixosModules.sops + + ../../snippets/nix-settings.nix + ../../snippets/home-manager-with-zsh.nix + + ./system.nix + ./hw.nix + ./user.nix ]; + + boot.kernelPackages = pkgs.linuxPackages; + boot.loader.grub = { + enable = true; + efiSupport = true; + efiInstallAsRemovable = false; + }; + + boot.loader.systemd-boot.enable = false; + boot.loader.efi.canTouchEfiVariables = true; + boot.tmp.useTmpfs = true; + + # Workaround for nm-pptp to enforce module load + boot.kernelModules = [ "nf_conntrack_proto_gre" "nf_conntrack_pptp" ]; + + nixpkgs.config = { + allowBroken = false; + allowUnfree = true; + }; } diff --git a/nix/os/profiles/common/pkg.nix b/nix/os/profiles/common/pkg.nix deleted file mode 100644 index 74e987b..0000000 --- a/nix/os/profiles/common/pkg.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ config -, pkgs -, # these come in via nodeSpecialArgs and are expected to be defined for every node - repoFlake -, repoFlakeInputs' -, nodeFlake -, packages' -, ... -}: { - imports = [ - ]; - - nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs; - home-manager.useGlobalPkgs = false; - home-manager.useUserPackages = true; - home-manager.users.root = import ../../../home-manager/configuration/text-minimal.nix; - - # TODO: investigate an issue with the "name" arg contained here, which causes problems with home-manager - # home-manager.extraSpecialArgs = specialArgs; - # hence, opt for passing the arguments selectively instead - home-manager.extraSpecialArgs = { - inherit - repoFlake - repoFlakeInputs' - packages' - nodeFlake - ; - }; - - nixpkgs.config = { - allowBroken = false; - allowUnfree = true; - }; -} diff --git a/nix/os/profiles/common/system.nix b/nix/os/profiles/common/system.nix index 7fa2c2d..9c25dbc 100644 --- a/nix/os/profiles/common/system.nix +++ b/nix/os/profiles/common/system.nix @@ -42,15 +42,12 @@ # mv -Tf /etc/X11/.sessions /etc/X11/sessions # ''; + # TODO: adapt this to be arch agnostic system.activationScripts.lib64 = '' echo "setting up /lib64..." mkdir -p /lib64 ln -sfT ${pkgs.glibc}/lib/ld-linux-x86-64.so.2 /lib64/.ld-linux-x86-64.so.2 mv -Tf /lib64/.ld-linux-x86-64.so.2 /lib64/ld-linux-x86-64.so.2 ''; - - programs.zsh.enable = true; - users.defaultUserShell = pkgs.zsh; - environment.pathsToLink = [ "/share/zsh" ]; programs.fuse.userAllowOther = true; } diff --git a/nix/os/profiles/graphical/system.nix b/nix/os/profiles/graphical/system.nix index 1eb2d07..4e68144 100644 --- a/nix/os/profiles/graphical/system.nix +++ b/nix/os/profiles/graphical/system.nix @@ -1,8 +1,11 @@ -{ - pkgs, - lib, - ... +{ pkgs +, lib +, ... }: { + imports = [ + ../../snippets/bluetooth.nix + ]; + networking.networkmanager = { enable = true; dns = "systemd-resolved"; @@ -22,12 +25,8 @@ services.illum.enable = true; services.pcscd.enable = true; hardware.opengl.enable = true; - hardware.bluetooth.enable = true; - # required for running blueman-applet in user sessions - services.dbus.packages = with pkgs; [blueman]; - services.blueman.enable = true; - services.udev.packages = [pkgs.libu2f-host pkgs.yubikey-personalization pkgs.android-udev-rules]; + services.udev.packages = [ pkgs.libu2f-host pkgs.yubikey-personalization pkgs.android-udev-rules ]; services.udev.extraRules = '' # OnePlusOne ATTR{idVendor}=="05c6", ATTR{idProduct}=="6764", SYMLINK+="libmtp-%k", MODE="660", GROUP="audio", ENV{ID_MTP_DEVICE}="1", ENV{ID_MEDIA_PLAYER}="1", TAG+="uaccess" @@ -54,6 +53,6 @@ services.printing = { enable = true; - drivers = with pkgs; [mfcl3770cdwlpr mfcl3770cdwcupswrapper]; + drivers = with pkgs; [ mfcl3770cdwlpr mfcl3770cdwcupswrapper ]; }; } diff --git a/nix/os/snippets/bluetooth.nix b/nix/os/snippets/bluetooth.nix new file mode 100644 index 0000000..47c5ab5 --- /dev/null +++ b/nix/os/snippets/bluetooth.nix @@ -0,0 +1,9 @@ +{ pkgs +, lib +, ... +}: { + # required for running blueman-applet in user sessions + services.dbus.packages = with pkgs; [ blueman ]; + hardware.bluetooth.enable = true; + services.blueman.enable = true; +} diff --git a/nix/os/snippets/home-manager-with-zsh.nix b/nix/os/snippets/home-manager-with-zsh.nix new file mode 100644 index 0000000..5bbb1e5 --- /dev/null +++ b/nix/os/snippets/home-manager-with-zsh.nix @@ -0,0 +1,49 @@ +{ nodeFlake +, repoFlake +, repoFlakeInputs' +, packages' +, pkgs +, ... +}: + +let + # TODO: make this configurable + homeUser = "steveej"; + commonHomeImports = [ + ../../home-manager/profiles/common.nix + ../../home-manager/programs/neovim.nix + ../../home-manager/programs/zsh.nix + ]; +in +{ + imports = [ + nodeFlake.inputs.home-manager.nixosModules.home-manager + ]; + + # TODO: investigate an issue with the "name" arg contained here, which causes problems with home-manager + # home-manager.extraSpecialArgs = specialArgs; + # hence, opt for passing the arguments selectively instead + home-manager.extraSpecialArgs = { + inherit + repoFlake + repoFlakeInputs' + packages' + nodeFlake + ; + }; + + home-manager.useGlobalPkgs = false; + home-manager.useUserPackages = true; + + home-manager.users.root = _: { + imports = commonHomeImports; + }; + + home-manager.users."${homeUser}" = _: { + imports = commonHomeImports; + }; + + programs.zsh.enable = true; + users.defaultUserShell = pkgs.zsh; + environment.pathsToLink = [ "/share/zsh" ]; +} diff --git a/nix/os/snippets/nix-settings.nix b/nix/os/snippets/nix-settings.nix index 36db65e..f3f577b 100644 --- a/nix/os/snippets/nix-settings.nix +++ b/nix/os/snippets/nix-settings.nix @@ -1,9 +1,7 @@ -{ - nodeFlake, - - pkgs, - lib, - ... +{ nodeFlake +, pkgs +, lib +, ... }: { nix.daemonCPUSchedPolicy = "idle"; nix.daemonIOSchedClass = "idle"; @@ -17,8 +15,6 @@ nix.settings.experimental-features = [ "nix-command" "flakes" - "ca-derivations" - "impure-derivations" ]; nix.settings.system-features = [ @@ -29,4 +25,5 @@ ]; nix.registry.nixpkgs.flake = nodeFlake.inputs.nixpkgs; + } diff --git a/nix/os/snippets/sway-desktop.nix b/nix/os/snippets/sway-desktop.nix index 2ede0f6..4c51002 100644 --- a/nix/os/snippets/sway-desktop.nix +++ b/nix/os/snippets/sway-desktop.nix @@ -1,4 +1,8 @@ -{ pkgs, lib, ... }: +{ pkgs +, lib +, config +, ... +}: let # TODO: make this configurable @@ -64,6 +68,7 @@ in }; security.pam.services.getty.enableGnomeKeyring = true; + security.pam.services."autovt@tty1".enableGnomeKeyring = true; services.gnome.gnome-keyring.enable = true; # autologin steveej on tty1 @@ -79,11 +84,20 @@ in Restart = "always"; Type = "idle"; }; - programs.zsh.loginShellInit = '' - if test $(id --user steveej) = $(id -u) && test $(tty) = "/dev/tty1"; then - exec sway - fi - ''; + + programs = + let + steveejSwayOnTty1 = '' + if test $(id --user steveej) = $(id -u) && test $(tty) = "/dev/tty1"; then + exec sway + fi + ''; + in + { + bash.loginShellInit = steveejSwayOnTty1; + # TODO: only do this when zsh is enabled. first naiv attempt lead infinite recursion + zsh.loginShellInit = steveejSwayOnTty1; + }; home-manager.users."${homeUser}" = _: { imports = [ diff --git a/secrets/steveej-x13s/secrets.yaml b/secrets/steveej-x13s/secrets.yaml index a7306d2..f8c2741 100644 --- a/secrets/steveej-x13s/secrets.yaml +++ b/secrets/steveej-x13s/secrets.yaml @@ -1,14 +1,4 @@ hello: ENC[AES256_GCM,data:9dO0Gd4YDDxWHHBYtdomfK8BJnBZC+SQYfUvTAkCq9sOO/ZH/bFhN0Fl/NvLzQ==,iv:m1TZ9PGjsoMo7NA9EHrLb0tCtIl98E3OEN1bkpZZxXY=,tag:Gup/pACLIXGXu8KEyzmfWg==,type:str] -example_key: ENC[AES256_GCM,data:EQ+uewu8+17QhrbIHg==,iv:N9i1tCT5IHz5WYbqyF0AIqCq/c67uPMiavUxt0Eb2Oc=,tag:UwOrM3cOLYMxIe80GenljA==,type:str] -#ENC[AES256_GCM,data:qZzxU9ai1z/5f3gxHrR5Dq56,iv:ccvxVS693K9Jjp/YIesWo8kemtkCSFWHJlJposcmXt0=,tag:FQUUPO+ydScUVZWH89vEew==,type:comment] -#ENC[AES256_GCM,data:Il5rKFCgUQERmLqSEOnzoQ==,iv:ALxNqdu/MgDdPyiEsq0Qgb/5bOBS3OgIWf0ZOUbGLJg=,tag:u4vJ7Y6iwa1Na5FIebrVow==,type:comment] -example_array: - - ENC[AES256_GCM,data:yMM0kfvv4WI/reWLuM8=,iv:51XoWYOFLAbhIzejbWBwIpi2JVhQZIivLt4HVJtXPpA=,tag:J9C7NwdVOoocGKWUvUAOSQ==,type:str] - - ENC[AES256_GCM,data:Tg1bRwtydMuaLvnvTDc=,iv:8c44EM1U5tqD8Mn8Fg37MyASi+xv78BB+8AjG59tzXE=,tag:OvxU9x0pZbjW9j/DQMahFg==,type:str] -example_number: ENC[AES256_GCM,data:DhzIPdpqm/p1pQ==,iv:ZWkBTeuyaXVzffEVGuw1xxi+ekiSGyspE9PeBNRRm1k=,tag:Qq1/Wo3XY+Y2u5luxxxTeA==,type:float] -example_booleans: - - ENC[AES256_GCM,data:ZA6WIQ==,iv:gkQnXrVZiP6Yj4SVdtM09Jmpebb11998tv3y/P5pvqE=,tag:ujwkH9l6/+1W4IeDu3HBFw==,type:bool] - - ENC[AES256_GCM,data:YcDPFAc=,iv:r9gBG5YIq5Sgs6/HWRWjBJZ8TrlXDxnAZN1PRBVIq8k=,tag:TTP0tsiPsPsd6BjkScCRbQ==,type:bool] sops: kms: [] gcp_kms: [] @@ -24,8 +14,8 @@ sops: Q1FmbW9BL3E1emwwWFhJTTZoRlhVdFEKCkpvkW65v0+fuh2bXZVNVbnwsl1Aca/O 9tkIMNLFhD/Rn8MFmkhIZmWYWB4IUwW/UNSxrmkt7cyFJNlpAH0+YA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-01-22T09:20:19Z" - mac: ENC[AES256_GCM,data:Mmo5XJaMIDZ0sqKyn7oK+l6XdrTyA0NuF8tueLEKSdSCFxr2TJjroyojsybrYKehp5rrW1rT8cWWld2wXEEr+txsMCzIrlDqyerkcsu7ioMJb7ihRyXATBzdBOfUTq/8iLLc9gE9uRaMbeNOrglF0nxS+VtwOmst/z6fl7wC0+Q=,iv:t+dSzeBBhVfPo2efHM4iWIE/DHTDAm917kZrV1UxV0I=,tag:+CPkO6bbWqMzWBs16HT8GA==,type:str] + lastmodified: "2024-01-23T09:41:31Z" + mac: ENC[AES256_GCM,data:xGspZnqqcwoxM0otV3m6RJdwp4laYC+b6DSOEhzbQDeS6hslD6BddQ2g+tS7l3QTtItOjmB6pLb1JJkyhaG3PDWaDu89GNlvUyTyTUxfZWzTfiB6LWJS7eDTwb6OvzDklzCRltoH+8bWTjedWkeWIOtYbjJPo6zwUAiXgiKOj2s=,iv:MSgm5HXlb/NtvqHvVmDdwzX5ebipf7UJnmPNFUV9Nzs=,tag:XT4Evu+Sn+t/+EPb+dZ61Q==,type:str] pgp: - created_at: "2024-01-23T09:01:14Z" enc: |-