diff --git a/.sops.yaml b/.sops.yaml index f99e991..36f2c7f 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,7 +1,6 @@ keys: - &gerg-desktop age180y8kdtdlqelayyz9mq2c7xv248rh4gdfr3amjzvdcjrz6wdaqmsj762pp - &media-laptop age1vxx3qdsucv2v2slag67c4f0kwd8jtta4tue6m8d9xfl4ryrqvyusxgwl68 - - &game-desktop age1egxes320renph0uevtmnsz4d5aw0z794c5nwrk2z6249wv2yevgqx9cf90 creation_rules: - path_regex: hosts/gerg-desktop/secrets.yaml$ key_groups: @@ -12,9 +11,3 @@ creation_rules: - age: - *media-laptop - *gerg-desktop - - path_regex: hosts/game-desktop/secrets.yaml$ - key_groups: - - age: - - *game-desktop - - *gerg-desktop - diff --git a/disko/gerg-desktop.nix b/disko/gerg-desktop.nix index 4dc25d0..c0dc59c 100644 --- a/disko/gerg-desktop.nix +++ b/disko/gerg-desktop.nix @@ -1,5 +1,4 @@ lib: { - disk = lib.genAttrs [ diff --git a/flake.lock b/flake.lock index b7d7a1d..7eef8e2 100644 --- a/flake.lock +++ b/flake.lock @@ -305,20 +305,21 @@ "nixpkgs": [ "stable" ], + "nixpkgs-23-11": "nixpkgs-23-11", "nixpkgs-regression": "nixpkgs-regression", "pre-commit-hooks": "pre-commit-hooks" }, "locked": { - "lastModified": 1717449770, - "narHash": "sha256-M9VcO1LS43nZBp84Fo+MfTa+E2X2THHe7irmkBurTZs=", + "lastModified": 1718829834, + "narHash": "sha256-SBioRAhjYMcoBpIGV+kdquRjlm8DRD2dv8N4RXM694U=", "owner": "NixOS", "repo": "nix", - "rev": "bf72b78ef2110f4bda6105b8adff131dc9435bff", + "rev": "1c131ec2b71fa7ad6fd285ed2a9fcc4cf616b3a6", "type": "github" }, "original": { "owner": "NixOS", - "ref": "bf72b78ef2110f4bda6105b8adff131dc9435bff", + "ref": "1c131ec2b71fa7ad6fd285ed2a9fcc4cf616b3a6", "repo": "nix", "type": "github" } @@ -379,6 +380,22 @@ "type": "github" } }, + "nixpkgs-23-11": { + "locked": { + "lastModified": 1717159533, + "narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", + "type": "github" + }, + "original": { + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", + "type": "github" + } + }, "nixpkgs-regression": { "locked": { "lastModified": 1643052045, @@ -594,16 +611,16 @@ }, "stable": { "locked": { - "lastModified": 1718811006, - "narHash": "sha256-0Y8IrGhRmBmT7HHXlxxepg2t8j1X90++qRN3lukGaIk=", + "lastModified": 1718835956, + "narHash": "sha256-wM9v2yIxClRYsGHut5vHICZTK7xdrUGfrLkXvSuv6s4=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "03d771e513ce90147b65fe922d87d3a0356fc125", + "rev": "dd457de7e08c6d06789b1f5b88fc9327f4d96309", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-23.11", + "ref": "nixos-24.05", "repo": "nixpkgs", "type": "github" } diff --git a/flake.nix b/flake.nix index d80516c..616146d 100644 --- a/flake.nix +++ b/flake.nix @@ -17,14 +17,14 @@ type = "github"; owner = "NixOS"; repo = "nixpkgs"; - ref = "nixos-23.11"; + ref = "nixos-24.05"; }; #nix itself nix = { type = "github"; owner = "NixOS"; repo = "nix"; - ref = "bf72b78ef2110f4bda6105b8adff131dc9435bff"; + ref = "1c131ec2b71fa7ad6fd285ed2a9fcc4cf616b3a6"; inputs.nixpkgs.follows = "stable"; }; nixos-generators = { diff --git a/hosts/gerg-desktop/boot.nix b/hosts/gerg-desktop/boot.nix new file mode 100644 index 0000000..a200ee4 --- /dev/null +++ b/hosts/gerg-desktop/boot.nix @@ -0,0 +1,91 @@ +{ + lanzaboote, + config, + lib, + pkgs, +}: +let + windowsConf = '' + title Windows + efi /shellx64.efi + options -nointerrupt -noconsolein -noconsoleout HD2d65535a1:EFI\Microsoft\Boot\Bootmgfw.efi + + ''; +in +{ + imports = [ lanzaboote.nixosModules.lanzaboote ]; + + environment.systemPackages = [ pkgs.sbctl ]; + + boot = { + lanzaboote = { + enable = true; + pkiBundle = "/etc/secureboot"; + configurationLimit = 10; + package = lib.mkForce ( + pkgs.writeShellApplication { + name = "lzbt"; + runtimeInputs = [ + lanzaboote.packages.tool + pkgs.coreutils + pkgs.sbctl + ]; + text = '' + set -o pipefail + lzbt "$@" + MP='${config.boot.loader.efi.efiSysMountPoint}' + cp -f '${pkgs.edk2-uefi-shell.efi}' "$MP/shellx64.efi" + mkdir -p "$MP/loader/entries" + sbctl sign -s "$MP/shellx64.efi" + cat << EOF > "$MP/loader/entries/windows.conf" + ${windowsConf} + EOF + ''; + } + ); + }; + + loader = { + systemd-boot = { + enable = lib.mkForce false; + extraFiles."shellx64.efi" = pkgs.edk2-uefi-shell.efi; + extraEntries."windows.conf" = windowsConf; + }; + grub.enable = lib.mkForce false; + timeout = lib.mkForce 5; + efi.efiSysMountPoint = "/efi22"; + }; + + kernelPackages = pkgs.linuxPackagesFor ( + let + version = "6.8.12"; + in + (pkgs.linuxManualConfig { + version = "${version}-gerg"; + modDirVersion = "${version}-gerg"; + src = pkgs.fetchurl { + url = "mirror://kernel/linux/kernel/v${lib.versions.major version}.x/linux-${version}.tar.xz"; + hash = "sha256-GbMZVtIptbnKVnH6HHQyAXloKj2NAPyGeUEUsh2oYDk="; + }; + + inherit (config.boot) kernelPatches; + + config = { + CONFIG_RUST = "y"; + CONFIG_MODULES = "y"; + }; + configfile = ./kernelConfig; + }).overrideAttrs + (old: { + passthru = (old.passthru or { }) // { + features = lib.foldr (x: y: (x.features or { }) // y) { + efiBootStub = true; + netfilterRPFilter = true; + ia32Emulation = true; + } config.boot.kernelPatches; + }; + }) + ); + + }; +} diff --git a/hosts/gerg-desktop/main.nix b/hosts/gerg-desktop/main.nix index 087d618..ee217ba 100644 --- a/hosts/gerg-desktop/main.nix +++ b/hosts/gerg-desktop/main.nix @@ -1,5 +1,5 @@ { - + lib, nix-index-database, nvim-flake, self', @@ -33,6 +33,10 @@ nvidiaSettings = false; modesetting.enable = true; open = false; + powerManagement = { + enable = lib.mkForce false; + finegrained = lib.mkForce false; + }; prime = { nvidiaBusId = "PCI:1:0:0"; amdgpuBusId = "PCI:15:0:0"; @@ -94,8 +98,11 @@ gh nixfmt-rfc-style # QMK configuration + #via + #qmk + ; inherit (nvim-flake.packages) neovim; inherit (self'.packages) lint; @@ -109,12 +116,12 @@ }; }; - #services.udev.packages = [ - # pkgs.android-udev-rules - # pkgs.via - # pkgs.qmk-udev-rules - #]; - #programs.adb.enable = true; + services.udev.packages = [ + pkgs.android-udev-rules + # pkgs.via + # pkgs.qmk-udev-rules + ]; + programs.adb.enable = true; networking = { useNetworkd = false; @@ -164,8 +171,8 @@ isNormalUser = true; extraGroups = [ "wheel" - #"adbusers" - #"plugdev" + "adbusers" + "plugdev" ]; openssh.authorizedKeys.keys = [ config.local.keys.gerg_gerg-phone diff --git a/hosts/gerg-desktop/services/gitea.nix b/hosts/gerg-desktop/services/gitea.nix index 55d773a..3a19513 100644 --- a/hosts/gerg-desktop/services/gitea.nix +++ b/hosts/gerg-desktop/services/gitea.nix @@ -1,32 +1,34 @@ -#{ config }: +{ lib, config }: { - # users.users = { - # ${config.services.gitea.user} = { - # openssh.authorizedKeys.keys = [ config.local.keys.gerg_gerg-desktop ]; - # extraGroups = [ "postgres" ]; - # }; - # ${config.services.nginx.user}.extraGroups = [ config.services.gitea.group ]; - # }; - services.gitea = { - enable = false; - stateDir = "/persist/services/gitea"; - appName = "Powered by NixOS"; - settings = { - server = { - DOMAIN = "git.gerg-l.com"; - ROOT_URL = "https://git.gerg-l.com/"; - LANDING_PAGE = "/explore/repos"; - HTTP_ADDR = "/run/gitea/gitea.sock"; - PROTOCOL = "http+unix"; - UNIX_SOCKET_PERMISSION = "660"; + config = lib.mkIf false { + users.users = { + ${config.services.gitea.user} = { + openssh.authorizedKeys.keys = [ config.local.keys.gerg_gerg-desktop ]; + extraGroups = [ "postgres" ]; }; - ui.DEFAULT_THEME = "arc-green"; - service.DISABLE_REGISTRATION = true; + ${config.services.nginx.user}.extraGroups = [ config.services.gitea.group ]; }; - database = { - type = "postgres"; - socket = "/run/postgresql"; - createDatabase = true; + services.gitea = { + enable = false; + stateDir = "/persist/services/gitea"; + appName = "Powered by NixOS"; + settings = { + server = { + DOMAIN = "git.gerg-l.com"; + ROOT_URL = "https://git.gerg-l.com/"; + LANDING_PAGE = "/explore/repos"; + HTTP_ADDR = "/run/gitea/gitea.sock"; + PROTOCOL = "http+unix"; + UNIX_SOCKET_PERMISSION = "660"; + }; + ui.DEFAULT_THEME = "arc-green"; + service.DISABLE_REGISTRATION = true; + }; + database = { + type = "postgres"; + socket = "/run/postgresql"; + createDatabase = true; + }; }; }; } diff --git a/hosts/gerg-desktop/services/parrot.nix b/hosts/gerg-desktop/services/parrot.nix index 3287d3a..76e828c 100644 --- a/hosts/gerg-desktop/services/parrot.nix +++ b/hosts/gerg-desktop/services/parrot.nix @@ -2,7 +2,6 @@ pkgs, config, lib, - }: { sops.secrets.discordenv = { }; diff --git a/hosts/gerg-desktop/spicetify.nix b/hosts/gerg-desktop/spicetify.nix index 02cfc9e..af3261d 100644 --- a/hosts/gerg-desktop/spicetify.nix +++ b/hosts/gerg-desktop/spicetify.nix @@ -14,6 +14,7 @@ in hidePodcasts shuffle #betterGenres broken + ; }; theme = spicePkgs.themes.dribbblish; diff --git a/hosts/gerg-desktop/vfio.nix b/hosts/gerg-desktop/vfio.nix index 3d776d4..b147081 100644 --- a/hosts/gerg-desktop/vfio.nix +++ b/hosts/gerg-desktop/vfio.nix @@ -2,7 +2,6 @@ _dir, pkgs, lib, - }: /* This section is just me bullying diff --git a/hosts/gerg-desktop/zfs.nix b/hosts/gerg-desktop/zfs.nix index ad39159..e19b996 100644 --- a/hosts/gerg-desktop/zfs.nix +++ b/hosts/gerg-desktop/zfs.nix @@ -2,48 +2,8 @@ config, lib, pkgs, - lanzaboote, }: -let - windowsConf = '' - title Windows - efi /shellx64.efi - options -nointerrupt -noconsolein -noconsoleout HD2d65535a1:EFI\Microsoft\Boot\Bootmgfw.efi - - ''; -in { - imports = [ lanzaboote.nixosModules.lanzaboote ]; - - environment.systemPackages = [ pkgs.sbctl ]; - - boot.lanzaboote = { - enable = true; - pkiBundle = "/etc/secureboot"; - configurationLimit = 10; - package = lib.mkForce ( - pkgs.writeShellApplication { - name = "lzbt"; - runtimeInputs = [ - lanzaboote.packages.tool - pkgs.coreutils - pkgs.sbctl - ]; - text = '' - set -o pipefail - lzbt "$@" - MP='${config.boot.loader.efi.efiSysMountPoint}' - cp -f '${pkgs.edk2-uefi-shell.efi}' "$MP/shellx64.efi" - mkdir -p "$MP/loader/entries" - sbctl sign -s "$MP/shellx64.efi" - cat << EOF > "$MP/loader/entries/windows.conf" - ${windowsConf} - EOF - ''; - } - ); - }; - #link some stuff systemd.tmpfiles.rules = [ "L+ /etc/secureboot - - - - /persist/secureboot" @@ -60,47 +20,17 @@ in sops.age.sshKeyPaths = lib.mkForce [ "/persist/ssh/ssh_host_ed25519_key" ]; fileSystems."/persist".neededForBoot = true; boot = { - supportedFilesystems = { - ntfs = true; - }; + supportedFilesystems.ntfs = true; + zfs = { package = pkgs.zfs_unstable; devNodes = "/dev/disk/by-id/"; forceImportAll = true; }; - kernelPackages = pkgs.linuxPackagesFor ( - let - version = "6.8.12"; - in - (pkgs.linuxManualConfig { - version = "${version}-gerg"; - modDirVersion = "${version}-gerg"; - src = pkgs.fetchurl { - url = "mirror://kernel/linux/kernel/v${lib.versions.major version}.x/linux-${version}.tar.xz"; - hash = "sha256-GbMZVtIptbnKVnH6HHQyAXloKj2NAPyGeUEUsh2oYDk="; - }; - - inherit (config.boot) kernelPatches; - - config = { - CONFIG_RUST = "y"; - CONFIG_MODULES = "y"; - }; - configfile = ./kernelConfig; - }).overrideAttrs - (old: { - passthru = (old.passthru or { }) // { - features = lib.foldr (x: y: (x.features or { }) // y) { - efiBootStub = true; - netfilterRPFilter = true; - ia32Emulation = true; - } config.boot.kernelPatches; - }; - }) - ); #set ARC max kernelParams = [ "zfs.zfs_arc_max=17179869184" ]; + initrd = { kernelModules = [ #module for multiple swap devices @@ -108,6 +38,7 @@ in #keyboard module for zfs password "hid_generic" ]; + systemd.services.rollback = { serviceConfig = { Type = "oneshot"; @@ -124,15 +55,5 @@ in ''; }; }; - loader = { - systemd-boot = { - enable = lib.mkForce false; - extraFiles."shellx64.efi" = pkgs.edk2-uefi-shell.efi; - extraEntries."windows.conf" = windowsConf; - }; - grub.enable = lib.mkForce false; - timeout = lib.mkForce 5; - efi.efiSysMountPoint = "/efi22"; - }; }; } diff --git a/hosts/iso/main.nix b/hosts/iso/main.nix index 654b958..46b3825 100644 --- a/hosts/iso/main.nix +++ b/hosts/iso/main.nix @@ -4,7 +4,6 @@ lib, modulesPath, pkgs, - }: { ##Build wtih nix build .#nixosConfigurations.iso.config.formats.iso diff --git a/lib/default.nix b/lib/default.nix index 2597e3a..c9dac1c 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -9,7 +9,6 @@ let in # Only good use case for rec rec { - wrench = lib.flip lib.pipe; needsSystem = lib.flip builtins.elem [ @@ -63,6 +62,8 @@ rec { x else let + # all arguments defined in the module + funcArgs = lib.functionArgs imported; /* The names of all arguments which will be available to be inserted into the module arguments @@ -85,17 +86,9 @@ rec { _dir is the "self" derived path to the directory containing the module */ - _dir = - let - dir = builtins.dirOf x; - in - # Probably don't need this error check - if (dir == builtins.storeDir) then null else dir; + _dir = builtins.dirOf x; }; - # all arguments defined in the module - funcArgs = lib.functionArgs imported; - /* arguments which will be inserted set to the before per-system values @@ -155,7 +148,6 @@ rec { // { _file = x; }; - }; gerg-utils = @@ -238,7 +230,6 @@ rec { } ); in - if builtins.pathExists "${path}/${n}/call.nix" then let x = import "${path}/${n}/call.nix" pkgs; @@ -246,7 +237,6 @@ rec { x.callPackage "${path}/${n}/package.nix" x.args else callPackage "${path}/${n}/package.nix" { } - )) ]; } diff --git a/modules/DE/dwm.nix b/modules/DE/dwm.nix index 0c1f88b..180d207 100644 --- a/modules/DE/dwm.nix +++ b/modules/DE/dwm.nix @@ -4,7 +4,6 @@ lib, suckless, self', - }: { options.local.DE.dwm.enable = lib.mkEnableOption ""; diff --git a/modules/DE/gnome.nix b/modules/DE/gnome.nix index 59a6388..e3f89c2 100644 --- a/modules/DE/gnome.nix +++ b/modules/DE/gnome.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - }: { options.local.DE.gnome.enable = lib.mkEnableOption ""; diff --git a/modules/DE/xfce.nix b/modules/DE/xfce.nix index 156093e..57fafbf 100644 --- a/modules/DE/xfce.nix +++ b/modules/DE/xfce.nix @@ -2,7 +2,6 @@ config, lib, pkgs, - }: { options.local.DE.xfce.enable = lib.mkEnableOption ""; diff --git a/modules/DM/lightDM.nix b/modules/DM/lightDM.nix index a14c280..bf73fa7 100644 --- a/modules/DM/lightDM.nix +++ b/modules/DM/lightDM.nix @@ -2,7 +2,6 @@ self', config, lib, - }: { options.local.DM.lightdm.enable = lib.mkEnableOption ""; diff --git a/modules/boot.nix b/modules/boot.nix index c874b09..4233863 100644 --- a/modules/boot.nix +++ b/modules/boot.nix @@ -3,7 +3,6 @@ lib, pkgs, config, - }: { options.local.bootConfig.disable = lib.mkEnableOption ""; diff --git a/modules/hardware.nix b/modules/hardware.nix index 4617787..6b4f34f 100644 --- a/modules/hardware.nix +++ b/modules/hardware.nix @@ -9,10 +9,9 @@ in }; config = lib.mkMerge [ (lib.mkIf (!cfg.gpuAcceleration.disable) { - hardware.opengl = { + hardware.graphics = { enable = true; - driSupport = true; - driSupport32Bit = true; + enable32Bit = true; }; }) (lib.mkIf (!cfg.sound.disable) { diff --git a/modules/keys.nix b/modules/keys.nix index d050f71..fc9fbdd 100644 --- a/modules/keys.nix +++ b/modules/keys.nix @@ -3,7 +3,7 @@ options.local.keys = lib.mkOption { }; config.local.keys = { - gerg_gerg-phone = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDU6BnoHIgMLgZVGuvi03J9l5Z1yP1P5Q8QPyjRHyi77"; + gerg_gerg-phone = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZKIp3iObuxEUPx1dsMiN3vyMaMQb0N1gKJY78TtRxd"; gerg_gerg-windows = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpYY2uw0OH1Re+3BkYFlxn0O/D8ryqByJB/ljefooNc"; root_media-laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIq9YTf4jlVCKBKn44m4yJvj94C7pTOyaa4VjZFohNqD"; root_game-desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUKHZasYQUAmRBiqtx1drDxfq18/N4rKydCtPHx461I"; diff --git a/modules/misc.nix b/modules/misc.nix index 67b40aa..c8e3e35 100644 --- a/modules/misc.nix +++ b/modules/misc.nix @@ -3,7 +3,6 @@ lib, config, pkgs, - }: { options.local.allowedUnfree = lib.mkOption { diff --git a/modules/nix.nix b/modules/nix.nix index c1ca482..c19f609 100644 --- a/modules/nix.nix +++ b/modules/nix.nix @@ -1,11 +1,9 @@ { - nix, inputs, lib, config, pkgs, - }: { # diff --git a/modules/shell.nix b/modules/shell.nix index b26d408..80ff471 100644 --- a/modules/shell.nix +++ b/modules/shell.nix @@ -3,7 +3,6 @@ pkgs, config, lib, - }: { systemd.tmpfiles.rules = [ "d /tmp/neovim-page 0777 root root - -" ]; diff --git a/modules/sops.nix b/modules/sops.nix index 0ca1e5e..fe94cb5 100644 --- a/modules/sops.nix +++ b/modules/sops.nix @@ -4,7 +4,6 @@ lib, sops-nix, self', - }: { imports = [ sops-nix.nixosModules.sops ]; diff --git a/modules/theming.nix b/modules/theming.nix index 2598bb5..095fac3 100644 --- a/modules/theming.nix +++ b/modules/theming.nix @@ -2,7 +2,6 @@ pkgs, config, lib, - }: let cfg = config.local.theming; diff --git a/packages/lint/package.nix b/packages/lint/package.nix index 039e0cf..0fde6dc 100644 --- a/packages/lint/package.nix +++ b/packages/lint/package.nix @@ -5,7 +5,6 @@ statix, fd, }: - writeShellApplication { name = "lint"; runtimeInputs = [