gerg-l/nixos
1
0
Fork 0
mirror of https://github.com/Gerg-L/nixos.git synced 2025-12-10 00:43:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

bunch of misc stuff i don't feel like commit messaging

Browse source
This commit is contained in:
Gerg-L 2024-06-22 12:50:51 -04:00
parent 46752bcb1d
commit 5823cab2c4
Signed by: gerg-l
SSH key fingerprint: SHA256:FPYDHIkvMocr4wdmZXpgpJjsb2Tw6rASs2ISPbOb0KI
26 changed files with 173 additions and 168 deletions
Download patch file Download diff file Expand all files Collapse all files

7
.sops.yaml
View file

@ -1,7 +1,6 @@
keys: keys:
- &gerg-desktop age180y8kdtdlqelayyz9mq2c7xv248rh4gdfr3amjzvdcjrz6wdaqmsj762pp - &gerg-desktop age180y8kdtdlqelayyz9mq2c7xv248rh4gdfr3amjzvdcjrz6wdaqmsj762pp
- &media-laptop age1vxx3qdsucv2v2slag67c4f0kwd8jtta4tue6m8d9xfl4ryrqvyusxgwl68 - &media-laptop age1vxx3qdsucv2v2slag67c4f0kwd8jtta4tue6m8d9xfl4ryrqvyusxgwl68
- &game-desktop age1egxes320renph0uevtmnsz4d5aw0z794c5nwrk2z6249wv2yevgqx9cf90
creation_rules: creation_rules:
- path_regex: hosts/gerg-desktop/secrets.yaml$ - path_regex: hosts/gerg-desktop/secrets.yaml$
key_groups: key_groups:
@ -12,9 +11,3 @@ creation_rules:
- age: - age:
- *media-laptop - *media-laptop
- *gerg-desktop - *gerg-desktop
- path_regex: hosts/game-desktop/secrets.yaml$
key_groups:
- age:
- *game-desktop
- *gerg-desktop

1
disko/gerg-desktop.nix
View file

@ -1,5 +1,4 @@
lib: { lib: {
disk = disk =
lib.genAttrs lib.genAttrs
[ [

33
flake.lock generated
View file

@ -305,20 +305,21 @@
"nixpkgs": [ "nixpkgs": [
"stable" "stable"
], ],
"nixpkgs-23-11": "nixpkgs-23-11",
"nixpkgs-regression": "nixpkgs-regression", "nixpkgs-regression": "nixpkgs-regression",
"pre-commit-hooks": "pre-commit-hooks" "pre-commit-hooks": "pre-commit-hooks"
}, },
"locked": { "locked": {
"lastModified": 1717449770, "lastModified": 1718829834,
"narHash": "sha256-M9VcO1LS43nZBp84Fo+MfTa+E2X2THHe7irmkBurTZs=", "narHash": "sha256-SBioRAhjYMcoBpIGV+kdquRjlm8DRD2dv8N4RXM694U=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nix", "repo": "nix",
"rev": "bf72b78ef2110f4bda6105b8adff131dc9435bff", "rev": "1c131ec2b71fa7ad6fd285ed2a9fcc4cf616b3a6",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "bf72b78ef2110f4bda6105b8adff131dc9435bff", "ref": "1c131ec2b71fa7ad6fd285ed2a9fcc4cf616b3a6",
"repo": "nix", "repo": "nix",
"type": "github" "type": "github"
} }
@ -379,6 +380,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-23-11": {
"locked": {
"lastModified": 1717159533,
"narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446",
"type": "github"
}
},
"nixpkgs-regression": { "nixpkgs-regression": {
"locked": { "locked": {
"lastModified": 1643052045, "lastModified": 1643052045,
@ -594,16 +611,16 @@
}, },
"stable": { "stable": {
"locked": { "locked": {
"lastModified": 1718811006, "lastModified": 1718835956,
"narHash": "sha256-0Y8IrGhRmBmT7HHXlxxepg2t8j1X90++qRN3lukGaIk=", "narHash": "sha256-wM9v2yIxClRYsGHut5vHICZTK7xdrUGfrLkXvSuv6s4=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "03d771e513ce90147b65fe922d87d3a0356fc125", "rev": "dd457de7e08c6d06789b1f5b88fc9327f4d96309",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-23.11", "ref": "nixos-24.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }

4
flake.nix
View file

@ -17,14 +17,14 @@
type = "github"; type = "github";
owner = "NixOS"; owner = "NixOS";
repo = "nixpkgs"; repo = "nixpkgs";
ref = "nixos-23.11"; ref = "nixos-24.05";
}; };
#nix itself #nix itself
nix = { nix = {
type = "github"; type = "github";
owner = "NixOS"; owner = "NixOS";
repo = "nix"; repo = "nix";
ref = "bf72b78ef2110f4bda6105b8adff131dc9435bff"; ref = "1c131ec2b71fa7ad6fd285ed2a9fcc4cf616b3a6";
inputs.nixpkgs.follows = "stable"; inputs.nixpkgs.follows = "stable";
}; };
nixos-generators = { nixos-generators = {

91
hosts/gerg-desktop/boot.nix Normal file
View file

@ -0,0 +1,91 @@
{
lanzaboote,
config,
lib,
pkgs,
}:
let
windowsConf = ''
title Windows
efi /shellx64.efi
options -nointerrupt -noconsolein -noconsoleout HD2d65535a1:EFI\Microsoft\Boot\Bootmgfw.efi
'';
in
{
imports = [ lanzaboote.nixosModules.lanzaboote ];
environment.systemPackages = [ pkgs.sbctl ];
boot = {
lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
configurationLimit = 10;
package = lib.mkForce (
pkgs.writeShellApplication {
name = "lzbt";
runtimeInputs = [
lanzaboote.packages.tool
pkgs.coreutils
pkgs.sbctl
];
text = ''
set -o pipefail
lzbt "$@"
MP='${config.boot.loader.efi.efiSysMountPoint}'
cp -f '${pkgs.edk2-uefi-shell.efi}' "$MP/shellx64.efi"
mkdir -p "$MP/loader/entries"
sbctl sign -s "$MP/shellx64.efi"
cat << EOF > "$MP/loader/entries/windows.conf"
${windowsConf}
EOF
'';
}
);
};
loader = {
systemd-boot = {
enable = lib.mkForce false;
extraFiles."shellx64.efi" = pkgs.edk2-uefi-shell.efi;
extraEntries."windows.conf" = windowsConf;
};
grub.enable = lib.mkForce false;
timeout = lib.mkForce 5;
efi.efiSysMountPoint = "/efi22";
};
kernelPackages = pkgs.linuxPackagesFor (
let
version = "6.8.12";
in
(pkgs.linuxManualConfig {
version = "${version}-gerg";
modDirVersion = "${version}-gerg";
src = pkgs.fetchurl {
url = "mirror://kernel/linux/kernel/v${lib.versions.major version}.x/linux-${version}.tar.xz";
hash = "sha256-GbMZVtIptbnKVnH6HHQyAXloKj2NAPyGeUEUsh2oYDk=";
};
inherit (config.boot) kernelPatches;
config = {
CONFIG_RUST = "y";
CONFIG_MODULES = "y";
};
configfile = ./kernelConfig;
}).overrideAttrs
(old: {
passthru = (old.passthru or { }) // {
features = lib.foldr (x: y: (x.features or { }) // y) {
efiBootStub = true;
netfilterRPFilter = true;
ia32Emulation = true;
} config.boot.kernelPatches;
};
})
);
};
}

25
hosts/gerg-desktop/main.nix
View file

@ -1,5 +1,5 @@
{ {
lib,
nix-index-database, nix-index-database,
nvim-flake, nvim-flake,
self', self',
@ -33,6 +33,10 @@
nvidiaSettings = false; nvidiaSettings = false;
modesetting.enable = true; modesetting.enable = true;
open = false; open = false;
powerManagement = {
enable = lib.mkForce false;
finegrained = lib.mkForce false;
};
prime = { prime = {
nvidiaBusId = "PCI:1:0:0"; nvidiaBusId = "PCI:1:0:0";
amdgpuBusId = "PCI:15:0:0"; amdgpuBusId = "PCI:15:0:0";
@ -94,8 +98,11 @@
gh gh
nixfmt-rfc-style nixfmt-rfc-style
# QMK configuration # QMK configuration
#via #via
#qmk #qmk
; ;
inherit (nvim-flake.packages) neovim; inherit (nvim-flake.packages) neovim;
inherit (self'.packages) lint; inherit (self'.packages) lint;
@ -109,12 +116,12 @@
}; };
}; };
#services.udev.packages = [ services.udev.packages = [
# pkgs.android-udev-rules pkgs.android-udev-rules
# pkgs.via # pkgs.via
# pkgs.qmk-udev-rules # pkgs.qmk-udev-rules
#]; ];
#programs.adb.enable = true; programs.adb.enable = true;
networking = { networking = {
useNetworkd = false; useNetworkd = false;
@ -164,8 +171,8 @@
isNormalUser = true; isNormalUser = true;
extraGroups = [ extraGroups = [
"wheel" "wheel"
#"adbusers" "adbusers"
#"plugdev" "plugdev"
]; ];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
config.local.keys.gerg_gerg-phone config.local.keys.gerg_gerg-phone

54
hosts/gerg-desktop/services/gitea.nix
View file

@ -1,32 +1,34 @@
#{ config }: { lib, config }:
{ {
# users.users = { config = lib.mkIf false {
# ${config.services.gitea.user} = { users.users = {
# openssh.authorizedKeys.keys = [ config.local.keys.gerg_gerg-desktop ]; ${config.services.gitea.user} = {
# extraGroups = [ "postgres" ]; openssh.authorizedKeys.keys = [ config.local.keys.gerg_gerg-desktop ];
# }; extraGroups = [ "postgres" ];
# ${config.services.nginx.user}.extraGroups = [ config.services.gitea.group ];
# };
services.gitea = {
enable = false;
stateDir = "/persist/services/gitea";
appName = "Powered by NixOS";
settings = {
server = {
DOMAIN = "git.gerg-l.com";
ROOT_URL = "https://git.gerg-l.com/";
LANDING_PAGE = "/explore/repos";
HTTP_ADDR = "/run/gitea/gitea.sock";
PROTOCOL = "http+unix";
UNIX_SOCKET_PERMISSION = "660";
}; };
ui.DEFAULT_THEME = "arc-green"; ${config.services.nginx.user}.extraGroups = [ config.services.gitea.group ];
service.DISABLE_REGISTRATION = true;
}; };
database = { services.gitea = {
type = "postgres"; enable = false;
socket = "/run/postgresql"; stateDir = "/persist/services/gitea";
createDatabase = true; appName = "Powered by NixOS";
settings = {
server = {
DOMAIN = "git.gerg-l.com";
ROOT_URL = "https://git.gerg-l.com/";
LANDING_PAGE = "/explore/repos";
HTTP_ADDR = "/run/gitea/gitea.sock";
PROTOCOL = "http+unix";
UNIX_SOCKET_PERMISSION = "660";
};
ui.DEFAULT_THEME = "arc-green";
service.DISABLE_REGISTRATION = true;
};
database = {
type = "postgres";
socket = "/run/postgresql";
createDatabase = true;
};
}; };
}; };
} }

1
hosts/gerg-desktop/services/parrot.nix
View file

@ -2,7 +2,6 @@
pkgs, pkgs,
config, config,
lib, lib,
}: }:
{ {
sops.secrets.discordenv = { }; sops.secrets.discordenv = { };

1
hosts/gerg-desktop/spicetify.nix
View file

@ -14,6 +14,7 @@ in
hidePodcasts hidePodcasts
shuffle shuffle
#betterGenres broken #betterGenres broken
; ;
}; };
theme = spicePkgs.themes.dribbblish; theme = spicePkgs.themes.dribbblish;

1
hosts/gerg-desktop/vfio.nix
View file

@ -2,7 +2,6 @@
_dir, _dir,
pkgs, pkgs,
lib, lib,
}: }:
/* /*
This section is just me bullying This section is just me bullying

87
hosts/gerg-desktop/zfs.nix
View file

@ -2,48 +2,8 @@
config, config,
lib, lib,
pkgs, pkgs,
lanzaboote,
}: }:
let
windowsConf = ''
title Windows
efi /shellx64.efi
options -nointerrupt -noconsolein -noconsoleout HD2d65535a1:EFI\Microsoft\Boot\Bootmgfw.efi
'';
in
{ {
imports = [ lanzaboote.nixosModules.lanzaboote ];
environment.systemPackages = [ pkgs.sbctl ];
boot.lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
configurationLimit = 10;
package = lib.mkForce (
pkgs.writeShellApplication {
name = "lzbt";
runtimeInputs = [
lanzaboote.packages.tool
pkgs.coreutils
pkgs.sbctl
];
text = ''
set -o pipefail
lzbt "$@"
MP='${config.boot.loader.efi.efiSysMountPoint}'
cp -f '${pkgs.edk2-uefi-shell.efi}' "$MP/shellx64.efi"
mkdir -p "$MP/loader/entries"
sbctl sign -s "$MP/shellx64.efi"
cat << EOF > "$MP/loader/entries/windows.conf"
${windowsConf}
EOF
'';
}
);
};
#link some stuff #link some stuff
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"L+ /etc/secureboot - - - - /persist/secureboot" "L+ /etc/secureboot - - - - /persist/secureboot"
@ -60,47 +20,17 @@ in
sops.age.sshKeyPaths = lib.mkForce [ "/persist/ssh/ssh_host_ed25519_key" ]; sops.age.sshKeyPaths = lib.mkForce [ "/persist/ssh/ssh_host_ed25519_key" ];
fileSystems."/persist".neededForBoot = true; fileSystems."/persist".neededForBoot = true;
boot = { boot = {
supportedFilesystems = { supportedFilesystems.ntfs = true;
ntfs = true;
};
zfs = { zfs = {
package = pkgs.zfs_unstable; package = pkgs.zfs_unstable;
devNodes = "/dev/disk/by-id/"; devNodes = "/dev/disk/by-id/";
forceImportAll = true; forceImportAll = true;
}; };
kernelPackages = pkgs.linuxPackagesFor (
let
version = "6.8.12";
in
(pkgs.linuxManualConfig {
version = "${version}-gerg";
modDirVersion = "${version}-gerg";
src = pkgs.fetchurl {
url = "mirror://kernel/linux/kernel/v${lib.versions.major version}.x/linux-${version}.tar.xz";
hash = "sha256-GbMZVtIptbnKVnH6HHQyAXloKj2NAPyGeUEUsh2oYDk=";
};
inherit (config.boot) kernelPatches;
config = {
CONFIG_RUST = "y";
CONFIG_MODULES = "y";
};
configfile = ./kernelConfig;
}).overrideAttrs
(old: {
passthru = (old.passthru or { }) // {
features = lib.foldr (x: y: (x.features or { }) // y) {
efiBootStub = true;
netfilterRPFilter = true;
ia32Emulation = true;
} config.boot.kernelPatches;
};
})
);
#set ARC max #set ARC max
kernelParams = [ "zfs.zfs_arc_max=17179869184" ]; kernelParams = [ "zfs.zfs_arc_max=17179869184" ];
initrd = { initrd = {
kernelModules = [ kernelModules = [
#module for multiple swap devices #module for multiple swap devices
@ -108,6 +38,7 @@ in
#keyboard module for zfs password #keyboard module for zfs password
"hid_generic" "hid_generic"
]; ];
systemd.services.rollback = { systemd.services.rollback = {
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
@ -124,15 +55,5 @@ in
''; '';
}; };
}; };
loader = {
systemd-boot = {
enable = lib.mkForce false;
extraFiles."shellx64.efi" = pkgs.edk2-uefi-shell.efi;
extraEntries."windows.conf" = windowsConf;
};
grub.enable = lib.mkForce false;
timeout = lib.mkForce 5;
efi.efiSysMountPoint = "/efi22";
};
}; };
} }

1
hosts/iso/main.nix
View file

@ -4,7 +4,6 @@
lib, lib,
modulesPath, modulesPath,
pkgs, pkgs,
}: }:
{ {
##Build wtih nix build .#nixosConfigurations.iso.config.formats.iso ##Build wtih nix build .#nixosConfigurations.iso.config.formats.iso

16
lib/default.nix
View file

@ -9,7 +9,6 @@ let
in in
# Only good use case for rec # Only good use case for rec
rec { rec {
wrench = lib.flip lib.pipe; wrench = lib.flip lib.pipe;
needsSystem = lib.flip builtins.elem [ needsSystem = lib.flip builtins.elem [
@ -63,6 +62,8 @@ rec {
x x
else else
let let
# all arguments defined in the module
funcArgs = lib.functionArgs imported;
/* /*
The names of all arguments which will be The names of all arguments which will be
available to be inserted into the module arguments available to be inserted into the module arguments
@ -85,17 +86,9 @@ rec {
_dir is the "self" derived _dir is the "self" derived
path to the directory containing the module path to the directory containing the module
*/ */
_dir = _dir = builtins.dirOf x;
let
dir = builtins.dirOf x;
in
# Probably don't need this error check
if (dir == builtins.storeDir) then null else dir;
}; };
# all arguments defined in the module
funcArgs = lib.functionArgs imported;
/* /*
arguments which will be inserted arguments which will be inserted
set to the before per-system values set to the before per-system values
@ -155,7 +148,6 @@ rec {
// { // {
_file = x; _file = x;
}; };
}; };
gerg-utils = gerg-utils =
@ -238,7 +230,6 @@ rec {
} }
); );
in in
if builtins.pathExists "${path}/${n}/call.nix" then if builtins.pathExists "${path}/${n}/call.nix" then
let let
x = import "${path}/${n}/call.nix" pkgs; x = import "${path}/${n}/call.nix" pkgs;
@ -246,7 +237,6 @@ rec {
x.callPackage "${path}/${n}/package.nix" x.args x.callPackage "${path}/${n}/package.nix" x.args
else else
callPackage "${path}/${n}/package.nix" { } callPackage "${path}/${n}/package.nix" { }
)) ))
]; ];
} }

1
modules/DE/dwm.nix
View file

@ -4,7 +4,6 @@
lib, lib,
suckless, suckless,
self', self',
}: }:
{ {
options.local.DE.dwm.enable = lib.mkEnableOption ""; options.local.DE.dwm.enable = lib.mkEnableOption "";

1
modules/DE/gnome.nix
View file

@ -2,7 +2,6 @@
config, config,
lib, lib,
pkgs, pkgs,
}: }:
{ {
options.local.DE.gnome.enable = lib.mkEnableOption ""; options.local.DE.gnome.enable = lib.mkEnableOption "";

1
modules/DE/xfce.nix
View file

@ -2,7 +2,6 @@
config, config,
lib, lib,
pkgs, pkgs,
}: }:
{ {
options.local.DE.xfce.enable = lib.mkEnableOption ""; options.local.DE.xfce.enable = lib.mkEnableOption "";

1
modules/DM/lightDM.nix
View file

@ -2,7 +2,6 @@
self', self',
config, config,
lib, lib,
}: }:
{ {
options.local.DM.lightdm.enable = lib.mkEnableOption ""; options.local.DM.lightdm.enable = lib.mkEnableOption "";

1
modules/boot.nix
View file

@ -3,7 +3,6 @@
lib, lib,
pkgs, pkgs,
config, config,
}: }:
{ {
options.local.bootConfig.disable = lib.mkEnableOption ""; options.local.bootConfig.disable = lib.mkEnableOption "";

5
modules/hardware.nix
View file

@ -9,10 +9,9 @@ in
}; };
config = lib.mkMerge [ config = lib.mkMerge [
(lib.mkIf (!cfg.gpuAcceleration.disable) { (lib.mkIf (!cfg.gpuAcceleration.disable) {
hardware.opengl = { hardware.graphics = {
enable = true; enable = true;
driSupport = true; enable32Bit = true;
driSupport32Bit = true;
}; };
}) })
(lib.mkIf (!cfg.sound.disable) { (lib.mkIf (!cfg.sound.disable) {

2
modules/keys.nix
View file

@ -3,7 +3,7 @@
options.local.keys = lib.mkOption { }; options.local.keys = lib.mkOption { };
config.local.keys = { config.local.keys = {
gerg_gerg-phone = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDU6BnoHIgMLgZVGuvi03J9l5Z1yP1P5Q8QPyjRHyi77"; gerg_gerg-phone = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZKIp3iObuxEUPx1dsMiN3vyMaMQb0N1gKJY78TtRxd";
gerg_gerg-windows = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpYY2uw0OH1Re+3BkYFlxn0O/D8ryqByJB/ljefooNc"; gerg_gerg-windows = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpYY2uw0OH1Re+3BkYFlxn0O/D8ryqByJB/ljefooNc";
root_media-laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIq9YTf4jlVCKBKn44m4yJvj94C7pTOyaa4VjZFohNqD"; root_media-laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIq9YTf4jlVCKBKn44m4yJvj94C7pTOyaa4VjZFohNqD";
root_game-desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUKHZasYQUAmRBiqtx1drDxfq18/N4rKydCtPHx461I"; root_game-desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUKHZasYQUAmRBiqtx1drDxfq18/N4rKydCtPHx461I";

1
modules/misc.nix
View file

@ -3,7 +3,6 @@
lib, lib,
config, config,
pkgs, pkgs,
}: }:
{ {
options.local.allowedUnfree = lib.mkOption { options.local.allowedUnfree = lib.mkOption {

2
modules/nix.nix
View file

@ -1,11 +1,9 @@
{ {
nix, nix,
inputs, inputs,
lib, lib,
config, config,
pkgs, pkgs,
}: }:
{ {
# #

1
modules/shell.nix
View file

@ -3,7 +3,6 @@
pkgs, pkgs,
config, config,
lib, lib,
}: }:
{ {
systemd.tmpfiles.rules = [ "d /tmp/neovim-page 0777 root root - -" ]; systemd.tmpfiles.rules = [ "d /tmp/neovim-page 0777 root root - -" ];

1
modules/sops.nix
View file

@ -4,7 +4,6 @@
lib, lib,
sops-nix, sops-nix,
self', self',
}: }:
{ {
imports = [ sops-nix.nixosModules.sops ]; imports = [ sops-nix.nixosModules.sops ];

1
modules/theming.nix
View file

@ -2,7 +2,6 @@
pkgs, pkgs,
config, config,
lib, lib,
}: }:
let let
cfg = config.local.theming; cfg = config.local.theming;

1
packages/lint/package.nix
View file

@ -5,7 +5,6 @@
statix, statix,
fd, fd,
}: }:
writeShellApplication { writeShellApplication {
name = "lint"; name = "lint";
runtimeInputs = [ runtimeInputs = [