diff --git a/nixosConfigurations/gerg-desktop/boot.nix b/nixosConfigurations/gerg-desktop/boot.nix index 4529d28..40f592f 100644 --- a/nixosConfigurations/gerg-desktop/boot.nix +++ b/nixosConfigurations/gerg-desktop/boot.nix @@ -9,6 +9,7 @@ let title Windows efi /shellx64.efi options -nointerrupt -noconsolein -noconsoleout HD2d65535a1:EFI\Microsoft\Boot\Bootmgfw.efi + ''; in { @@ -27,6 +28,39 @@ in ]; boot = { + initrd = { + kernelModules = [ "igc" ]; + network = { + enable = true; + ssh = { + enable = true; + port = 22; + hostKeys = [ "/persist/initrd-keys/ssh_host_ed5519_key" ]; + authorizedKeys = [ config.local.keys.gerg_gerg-phone ]; + }; + }; + systemd = { + # For linuxManualConfig to work: + strip = lib.mkForce false; + network = { + enable = true; + networks.enp11s0 = { + name = "enp11s0"; + address = [ "192.168.1.4/24" ]; + gateway = [ "192.168.1.1" ]; + dns = [ "192.168.1.1" ]; + DHCP = "no"; + linkConfig = { + MACAddress = "D8:5E:D3:E5:47:90"; + RequiredForOnline = "routable"; + }; + }; + wait-online.enable = false; + }; + users.root.shell = "/bin/systemd-tty-ask-password-agent"; + }; + }; + lanzaboote = { enable = true; pkiBundle = "/var/lib/sbctl"; @@ -63,5 +97,36 @@ in timeout = lib.mkForce 5; efi.efiSysMountPoint = "/efi22"; }; + kernelPackages = pkgs.linuxPackagesFor ( + let + version = "6.12.11"; + src = pkgs.fetchurl { + url = "mirror://kernel/linux/kernel/v${builtins.head (lib.splitVersion version)}.x/linux-${version}.tar.xz"; + hash = "sha256-R1Fy/b2HoVPxI6V5Umcudzvbba9bWKQX0aXkGfz+7Ek="; + }; + in + (pkgs.linuxManualConfig { + inherit src; + inherit (config.boot) kernelPatches; + version = "${version}-gerg"; + config = { + CONFIG_RUST = "y"; + CONFIG_MODULES = "y"; + }; + configfile = ./kernelConfig; + }).overrideAttrs + (old: { + passthru = old.passthru or { } // { + features = lib.foldr (x: y: x.features or { } // y) { + efiBootStub = true; + netfilterRPFilter = true; + ia32Emulation = true; + } config.boot.kernelPatches; + }; + meta = old.meta or { } // { + broken = false; + }; + }) + ); }; } diff --git a/nixosConfigurations/gerg-desktop/kernel.nix b/nixosConfigurations/gerg-desktop/kernel.nix deleted file mode 100644 index 4e4f20c..0000000 --- a/nixosConfigurations/gerg-desktop/kernel.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ - lib, - pkgs, - config, -}: -{ - - boot = { - # For linuxManualConfig to work: https://github.com/NixOS/nixpkgs/issues/368249 - initrd.systemd.strip = false; - - kernelPackages = pkgs.linuxPackagesFor ( - let - version = "6.12.11"; - src = pkgs.fetchurl { - url = "mirror://kernel/linux/kernel/v${builtins.head (lib.splitVersion version)}.x/linux-${version}.tar.xz"; - hash = "sha256-R1Fy/b2HoVPxI6V5Umcudzvbba9bWKQX0aXkGfz+7Ek="; - }; - in - (pkgs.linuxManualConfig { - inherit src; - inherit (config.boot) kernelPatches; - version = "${version}-gerg"; - config = { - CONFIG_RUST = "y"; - CONFIG_MODULES = "y"; - }; - configfile = ./kernelConfig; - }).overrideAttrs - (old: { - passthru = old.passthru or { } // { - features = lib.foldr (x: y: x.features or { } // y) { - efiBootStub = true; - netfilterRPFilter = true; - ia32Emulation = true; - } config.boot.kernelPatches; - }; - meta = old.meta or { } // { - broken = false; - }; - }) - ); - }; -} diff --git a/nixosConfigurations/gerg-desktop/main.nix b/nixosConfigurations/gerg-desktop/main.nix index e498566..6946a54 100644 --- a/nixosConfigurations/gerg-desktop/main.nix +++ b/nixosConfigurations/gerg-desktop/main.nix @@ -41,7 +41,7 @@ prismlauncher deadnix statix - element-desktop + #element-desktop vesktop gh nixfmt-rfc-style @@ -58,21 +58,7 @@ nixpkgs-review = pkgs.nixpkgs-review.override { nix = config.nix.package; }; }; }; - boot = { - binfmt.emulatedSystems = [ "aarch64-linux" ]; - - supportedFilesystems.ntfs = true; - initrd = { - availableKernelModules = [ - "nvme" - "xhci_pci" - "ahci" - "usbhid" - "sd_mod" - ]; - includeDefaultModules = false; - }; - }; + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; hardware.nvidia = { package = config.boot.kernelPackages.nvidiaPackages.beta; @@ -227,6 +213,16 @@ root.hashedPassword = "!"; }; }; + boot.initrd = { + availableKernelModules = [ + "nvme" + "xhci_pci" + "ahci" + "usbhid" + "sd_mod" + ]; + includeDefaultModules = false; + }; system.stateVersion = "24.11"; networking.hostName = "gerg-desktop"; diff --git a/nixosConfigurations/gerg-desktop/zfs.nix b/nixosConfigurations/gerg-desktop/zfs.nix index 8d020b0..e379cd4 100644 --- a/nixosConfigurations/gerg-desktop/zfs.nix +++ b/nixosConfigurations/gerg-desktop/zfs.nix @@ -1,7 +1,6 @@ { config, lib, - pkgs, }: { #link some stuff @@ -19,8 +18,9 @@ #make sure the sopskey is found sops.age.sshKeyPaths = lib.mkForce [ "/persist/ssh/ssh_host_ed25519_key" ]; fileSystems."/persist".neededForBoot = true; - boot = { + supportedFilesystems.ntfs = true; + zfs = { devNodes = "/dev/disk/by-id/"; forceImportAll = true; @@ -35,49 +35,23 @@ "dm_mod" #keyboard module for zfs password "hid_generic" - #stage one internet - "igc" ]; - network = { - enable = true; - ssh = { - enable = true; - port = 22; - hostKeys = [ "/persist/initrd-keys/ssh_host_ed5519_key" ]; - authorizedKeys = [ config.local.keys.gerg_gerg-phone ]; + systemd.services.rollback = { + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; }; - }; - systemd = { - network = { - enable = true; - networks.enp11s0 = { - name = "enp11s0"; - address = [ "192.168.1.4/24" ]; - gateway = [ "192.168.1.1" ]; - dns = [ "192.168.1.1" ]; - DHCP = "no"; - linkConfig = { - MACAddress = "D8:5E:D3:E5:47:90"; - RequiredForOnline = "routable"; - }; - }; - wait-online.enable = false; - }; - users.root.shell = "/bin/systemd-tty-ask-password-agent"; + unitConfig.DefaultDependencies = "no"; + wantedBy = [ "initrd.target" ]; + after = [ "zfs-import.target" ]; + before = [ "sysroot.mount" ]; + path = [ config.boot.zfs.package ]; + script = '' + zfs rollback -r rpool/root@empty + zfs rollback -r rpool/var@empty + ''; }; }; }; - - systemd.shutdownRamfs = { - enable = true; - contents."/etc/systemd/system-shutdown/zfs-rollback".source = - pkgs.writeShellScript "zfs-rollback" '' - zfs='${lib.getExe config.boot.zfs.package}' - zfs rollback -r rpool/root@empty - zfs rollback -r rpool/var@empty - ''; - storePaths = [ (lib.getExe config.boot.zfs.package) ]; - }; - } diff --git a/nixosModules/keys.nix b/nixosModules/keys.nix index b53b7d6..882961d 100644 --- a/nixosModules/keys.nix +++ b/nixosModules/keys.nix @@ -1,8 +1,6 @@ { lib }: { - options.local.keys = lib.mkOption { - type = lib.types.attrsOf lib.types.str; - }; + options.local.keys = lib.mkOption { }; config.local.keys = { gerg_gerg-phone = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZKIp3iObuxEUPx1dsMiN3vyMaMQb0N1gKJY78TtRxd"; diff --git a/nixosModules/misc.nix b/nixosModules/misc.nix index cb03c37..f114143 100644 --- a/nixosModules/misc.nix +++ b/nixosModules/misc.nix @@ -5,72 +5,82 @@ nix-janitor, }: { + options.local.allowedUnfree = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + }; - nixpkgs.config.allowAliases = false; - local.packages = { - inherit (pkgs) - bottom # view tasks - efibootmgr # efi editor - nix-output-monitor # nom nom nom nom; - nix-tree # view packages - pciutils # lspci - ; - nix-janitor = pkgs.symlinkJoin { - name = "nix-janitor"; - paths = [ nix-janitor.packages.default ]; - nativeBuildInputs = [ pkgs.makeBinaryWrapper ]; - postBuild = '' - wrapProgram "$out/bin/janitor" \ - --suffix PATH : ${lib.makeBinPath [ config.nix.package ]} + config = { + + nixpkgs.config = { + allowAliases = false; + allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) config.local.allowedUnfree; + }; + + local.packages = { + inherit (pkgs) + bottom # view tasks + efibootmgr # efi editor + nix-output-monitor # nom nom nom nom; + nix-tree # view packages + pciutils # lspci + ; + nix-janitor = pkgs.symlinkJoin { + name = "nix-janitor"; + paths = [ nix-janitor.packages.default ]; + nativeBuildInputs = [ pkgs.makeBinaryWrapper ]; + postBuild = '' + wrapProgram "$out/bin/janitor" \ + --suffix PATH : ${lib.makeBinPath [ config.nix.package ]} + ''; + }; + + }; + + programs.git.enable = true; + # Mr sandro why + services.libinput.enable = true; + programs.nano.enable = false; + + environment.defaultPackages = lib.mkForce [ ]; + + #enable ssh + programs.mtr.enable = true; # ping and traceroute + services.openssh = { + enable = true; + hostKeys = lib.mkForce [ + { + path = "/etc/ssh/ssh_host_ed25519_key"; + type = "ed25519"; + } + ]; + settings = { + PermitRootLogin = lib.mkDefault "no"; + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; + }; + + programs.ssh = { + startAgent = true; + agentTimeout = "1m"; + extraConfig = '' + AddKeysToAgent yes ''; }; + i18n.defaultLocale = "en_US.UTF-8"; + #time settings + + time.timeZone = "America/New_York"; + + # For `info` command. + documentation.info.enable = false; + # NixOS manual and such. + documentation.nixos.enable = false; + # Useless with flakes (without configuring) + programs.command-not-found.enable = false; + + system.rebuild.enableNg = true; }; - - programs.git.enable = true; - # Mr sandro why - services.libinput.enable = true; - programs.nano.enable = false; - - environment.defaultPackages = lib.mkForce [ ]; - - #enable ssh - programs.mtr.enable = true; # ping and traceroute - services.openssh = { - enable = true; - hostKeys = lib.mkForce [ - { - path = "/etc/ssh/ssh_host_ed25519_key"; - type = "ed25519"; - } - ]; - settings = { - PermitRootLogin = lib.mkDefault "no"; - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; - }; - - programs.ssh = { - startAgent = true; - agentTimeout = "1m"; - extraConfig = '' - AddKeysToAgent yes - ''; - }; - - i18n.defaultLocale = "en_US.UTF-8"; - #time settings - - time.timeZone = "America/New_York"; - - # For `info` command. - documentation.info.enable = false; - # NixOS manual and such. - documentation.nixos.enable = false; - # Useless with flakes (without configuring) - programs.command-not-found.enable = false; - - system.rebuild.enableNg = true; - services.userborn.enable = true; } diff --git a/nixosModules/unfree.nix b/nixosModules/unfree.nix deleted file mode 100644 index b16744d..0000000 --- a/nixosModules/unfree.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ lib, config }: -{ - options.local.allowedUnfree = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ ]; - }; - - config = { - nixpkgs.config.allowUnfreePredicate = - pkg: builtins.elem (lib.getName pkg) config.local.allowedUnfree; - }; -}