gerg-l/nixos
1
0
Fork 0
mirror of https://github.com/Gerg-L/nixos.git synced 2025-12-10 00:43:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: gerg-l:86c5ddb05f2693467fda83e018c11b182b100afc
Branches Tags
gerg-l:master
...
compare: gerg-l:bfdc54cd542349b91fe4675eac9cb270abbfc79e
Branches Tags
gerg-l:master

5 commits
86c5ddb05f ... bfdc54cd54

Author SHA1 Message Date
Gerg-L
bfdc54cd54
move kernel config to it's own file 
rollback zpools on shutdown instead of startup
 2025-01-29 21:34:53 -05:00
Gerg-L
e932262310
enable userborn 2025-01-29 19:54:08 -05:00
Gerg-L
70c6a69ff3
local.keys add type 2025-01-29 19:42:16 -05:00
Gerg-L
3aef3e349f
extract unfree option to it's own module 2025-01-29 19:37:48 -05:00
Gerg-L
03b359ee5a
re-add element 2025-01-29 19:34:52 -05:00
7 changed files with 179 additions and 166 deletions
Download patch file Download diff file Expand all files Collapse all files

65
nixosConfigurations/gerg-desktop/boot.nix
View file

@ -9,7 +9,6 @@ let
title Windows title Windows
efi /shellx64.efi efi /shellx64.efi
options -nointerrupt -noconsolein -noconsoleout HD2d65535a1:EFI\Microsoft\Boot\Bootmgfw.efi options -nointerrupt -noconsolein -noconsoleout HD2d65535a1:EFI\Microsoft\Boot\Bootmgfw.efi
''; '';
in in
{ {
@ -28,39 +27,6 @@ in
]; ];
boot = { boot = {
initrd = {
kernelModules = [ "igc" ];
network = {
enable = true;
ssh = {
enable = true;
port = 22;
hostKeys = [ "/persist/initrd-keys/ssh_host_ed5519_key" ];
authorizedKeys = [ config.local.keys.gerg_gerg-phone ];
};
};
systemd = {
# For linuxManualConfig to work:
strip = lib.mkForce false;
network = {
enable = true;
networks.enp11s0 = {
name = "enp11s0";
address = [ "192.168.1.4/24" ];
gateway = [ "192.168.1.1" ];
dns = [ "192.168.1.1" ];
DHCP = "no";
linkConfig = {
MACAddress = "D8:5E:D3:E5:47:90";
RequiredForOnline = "routable";
};
};
wait-online.enable = false;
};
users.root.shell = "/bin/systemd-tty-ask-password-agent";
};
};
lanzaboote = { lanzaboote = {
enable = true; enable = true;
pkiBundle = "/var/lib/sbctl"; pkiBundle = "/var/lib/sbctl";
@ -97,36 +63,5 @@ in
timeout = lib.mkForce 5; timeout = lib.mkForce 5;
efi.efiSysMountPoint = "/efi22"; efi.efiSysMountPoint = "/efi22";
}; };
kernelPackages = pkgs.linuxPackagesFor (
let
version = "6.12.11";
src = pkgs.fetchurl {
url = "mirror://kernel/linux/kernel/v${builtins.head (lib.splitVersion version)}.x/linux-${version}.tar.xz";
hash = "sha256-R1Fy/b2HoVPxI6V5Umcudzvbba9bWKQX0aXkGfz+7Ek=";
};
in
(pkgs.linuxManualConfig {
inherit src;
inherit (config.boot) kernelPatches;
version = "${version}-gerg";
config = {
CONFIG_RUST = "y";
CONFIG_MODULES = "y";
};
configfile = ./kernelConfig;
}).overrideAttrs
(old: {
passthru = old.passthru or { } // {
features = lib.foldr (x: y: x.features or { } // y) {
efiBootStub = true;
netfilterRPFilter = true;
ia32Emulation = true;
} config.boot.kernelPatches;
};
meta = old.meta or { } // {
broken = false;
};
})
);
}; };
} }

44
nixosConfigurations/gerg-desktop/kernel.nix Normal file
View file

@ -0,0 +1,44 @@
{
lib,
pkgs,
config,
}:
{
boot = {
# For linuxManualConfig to work: https://github.com/NixOS/nixpkgs/issues/368249
initrd.systemd.strip = false;
kernelPackages = pkgs.linuxPackagesFor (
let
version = "6.12.11";
src = pkgs.fetchurl {
url = "mirror://kernel/linux/kernel/v${builtins.head (lib.splitVersion version)}.x/linux-${version}.tar.xz";
hash = "sha256-R1Fy/b2HoVPxI6V5Umcudzvbba9bWKQX0aXkGfz+7Ek=";
};
in
(pkgs.linuxManualConfig {
inherit src;
inherit (config.boot) kernelPatches;
version = "${version}-gerg";
config = {
CONFIG_RUST = "y";
CONFIG_MODULES = "y";
};
configfile = ./kernelConfig;
}).overrideAttrs
(old: {
passthru = old.passthru or { } // {
features = lib.foldr (x: y: x.features or { } // y) {
efiBootStub = true;
netfilterRPFilter = true;
ia32Emulation = true;
} config.boot.kernelPatches;
};
meta = old.meta or { } // {
broken = false;
};
})
);
};
}

28
nixosConfigurations/gerg-desktop/main.nix
View file

@ -41,7 +41,7 @@
prismlauncher prismlauncher
deadnix deadnix
statix statix
#element-desktop element-desktop
vesktop vesktop
gh gh
nixfmt-rfc-style nixfmt-rfc-style
@ -58,7 +58,21 @@
nixpkgs-review = pkgs.nixpkgs-review.override { nix = config.nix.package; }; nixpkgs-review = pkgs.nixpkgs-review.override { nix = config.nix.package; };
}; };
}; };
boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; boot = {
binfmt.emulatedSystems = [ "aarch64-linux" ];
supportedFilesystems.ntfs = true;
initrd = {
availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"sd_mod"
];
includeDefaultModules = false;
};
};
hardware.nvidia = { hardware.nvidia = {
package = config.boot.kernelPackages.nvidiaPackages.beta; package = config.boot.kernelPackages.nvidiaPackages.beta;
@ -213,16 +227,6 @@
root.hashedPassword = "!"; root.hashedPassword = "!";
}; };
}; };
boot.initrd = {
availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"sd_mod"
];
includeDefaultModules = false;
};
system.stateVersion = "24.11"; system.stateVersion = "24.11";
networking.hostName = "gerg-desktop"; networking.hostName = "gerg-desktop";

56
nixosConfigurations/gerg-desktop/zfs.nix
View file

@ -1,6 +1,7 @@
{ {
config, config,
lib, lib,
pkgs,
}: }:
{ {
#link some stuff #link some stuff
@ -18,9 +19,8 @@
#make sure the sopskey is found #make sure the sopskey is found
sops.age.sshKeyPaths = lib.mkForce [ "/persist/ssh/ssh_host_ed25519_key" ]; sops.age.sshKeyPaths = lib.mkForce [ "/persist/ssh/ssh_host_ed25519_key" ];
fileSystems."/persist".neededForBoot = true; fileSystems."/persist".neededForBoot = true;
boot = {
supportedFilesystems.ntfs = true;
boot = {
zfs = { zfs = {
devNodes = "/dev/disk/by-id/"; devNodes = "/dev/disk/by-id/";
forceImportAll = true; forceImportAll = true;
@ -35,23 +35,49 @@
"dm_mod" "dm_mod"
#keyboard module for zfs password #keyboard module for zfs password
"hid_generic" "hid_generic"
#stage one internet
"igc"
]; ];
systemd.services.rollback = { network = {
serviceConfig = { enable = true;
Type = "oneshot"; ssh = {
RemainAfterExit = true; enable = true;
port = 22;
hostKeys = [ "/persist/initrd-keys/ssh_host_ed5519_key" ];
authorizedKeys = [ config.local.keys.gerg_gerg-phone ];
}; };
unitConfig.DefaultDependencies = "no"; };
wantedBy = [ "initrd.target" ]; systemd = {
after = [ "zfs-import.target" ]; network = {
before = [ "sysroot.mount" ]; enable = true;
path = [ config.boot.zfs.package ]; networks.enp11s0 = {
script = '' name = "enp11s0";
zfs rollback -r rpool/root@empty address = [ "192.168.1.4/24" ];
zfs rollback -r rpool/var@empty gateway = [ "192.168.1.1" ];
''; dns = [ "192.168.1.1" ];
DHCP = "no";
linkConfig = {
MACAddress = "D8:5E:D3:E5:47:90";
RequiredForOnline = "routable";
};
};
wait-online.enable = false;
};
users.root.shell = "/bin/systemd-tty-ask-password-agent";
}; };
}; };
}; };
systemd.shutdownRamfs = {
enable = true;
contents."/etc/systemd/system-shutdown/zfs-rollback".source =
pkgs.writeShellScript "zfs-rollback" ''
zfs='${lib.getExe config.boot.zfs.package}'
zfs rollback -r rpool/root@empty
zfs rollback -r rpool/var@empty
'';
storePaths = [ (lib.getExe config.boot.zfs.package) ];
};
} }

4
nixosModules/keys.nix
View file

@ -1,6 +1,8 @@
{ lib }: { lib }:
{ {
options.local.keys = lib.mkOption { }; options.local.keys = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
};
config.local.keys = { config.local.keys = {
gerg_gerg-phone = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZKIp3iObuxEUPx1dsMiN3vyMaMQb0N1gKJY78TtRxd"; gerg_gerg-phone = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZKIp3iObuxEUPx1dsMiN3vyMaMQb0N1gKJY78TtRxd";

136
nixosModules/misc.nix
View file

@ -5,82 +5,72 @@
nix-janitor, nix-janitor,
}: }:
{ {
options.local.allowedUnfree = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
config = { nixpkgs.config.allowAliases = false;
local.packages = {
nixpkgs.config = { inherit (pkgs)
allowAliases = false; bottom # view tasks
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) config.local.allowedUnfree; efibootmgr # efi editor
}; nix-output-monitor # nom nom nom nom;
nix-tree # view packages
local.packages = { pciutils # lspci
inherit (pkgs) ;
bottom # view tasks nix-janitor = pkgs.symlinkJoin {
efibootmgr # efi editor name = "nix-janitor";
nix-output-monitor # nom nom nom nom; paths = [ nix-janitor.packages.default ];
nix-tree # view packages nativeBuildInputs = [ pkgs.makeBinaryWrapper ];
pciutils # lspci postBuild = ''
; wrapProgram "$out/bin/janitor" \
nix-janitor = pkgs.symlinkJoin { --suffix PATH : ${lib.makeBinPath [ config.nix.package ]}
name = "nix-janitor";
paths = [ nix-janitor.packages.default ];
nativeBuildInputs = [ pkgs.makeBinaryWrapper ];
postBuild = ''
wrapProgram "$out/bin/janitor" \
--suffix PATH : ${lib.makeBinPath [ config.nix.package ]}
'';
};
};
programs.git.enable = true;
# Mr sandro why
services.libinput.enable = true;
programs.nano.enable = false;
environment.defaultPackages = lib.mkForce [ ];
#enable ssh
programs.mtr.enable = true; # ping and traceroute
services.openssh = {
enable = true;
hostKeys = lib.mkForce [
{
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
];
settings = {
PermitRootLogin = lib.mkDefault "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
programs.ssh = {
startAgent = true;
agentTimeout = "1m";
extraConfig = ''
AddKeysToAgent yes
''; '';
}; };
i18n.defaultLocale = "en_US.UTF-8";
#time settings
time.timeZone = "America/New_York";
# For `info` command.
documentation.info.enable = false;
# NixOS manual and such.
documentation.nixos.enable = false;
# Useless with flakes (without configuring)
programs.command-not-found.enable = false;
system.rebuild.enableNg = true;
}; };
programs.git.enable = true;
# Mr sandro why
services.libinput.enable = true;
programs.nano.enable = false;
environment.defaultPackages = lib.mkForce [ ];
#enable ssh
programs.mtr.enable = true; # ping and traceroute
services.openssh = {
enable = true;
hostKeys = lib.mkForce [
{
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
];
settings = {
PermitRootLogin = lib.mkDefault "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
programs.ssh = {
startAgent = true;
agentTimeout = "1m";
extraConfig = ''
AddKeysToAgent yes
'';
};
i18n.defaultLocale = "en_US.UTF-8";
#time settings
time.timeZone = "America/New_York";
# For `info` command.
documentation.info.enable = false;
# NixOS manual and such.
documentation.nixos.enable = false;
# Useless with flakes (without configuring)
programs.command-not-found.enable = false;
system.rebuild.enableNg = true;
services.userborn.enable = true;
} }

12
nixosModules/unfree.nix Normal file
View file

@ -0,0 +1,12 @@
{ lib, config }:
{
options.local.allowedUnfree = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
config = {
nixpkgs.config.allowUnfreePredicate =
pkg: builtins.elem (lib.getName pkg) config.local.allowedUnfree;
};
}