From 03b359ee5ab1e0a0b91dd8e24212c9266e8eec8b Mon Sep 17 00:00:00 2001 From: Gerg-L Date: Wed, 29 Jan 2025 19:34:52 -0500 Subject: [PATCH 1/5] re-add element --- nixosConfigurations/gerg-desktop/main.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixosConfigurations/gerg-desktop/main.nix b/nixosConfigurations/gerg-desktop/main.nix index 6946a54..68861f9 100644 --- a/nixosConfigurations/gerg-desktop/main.nix +++ b/nixosConfigurations/gerg-desktop/main.nix @@ -41,7 +41,7 @@ prismlauncher deadnix statix - #element-desktop + element-desktop vesktop gh nixfmt-rfc-style From 3aef3e349fcae5fe3bed2787e4914fef7a3459fb Mon Sep 17 00:00:00 2001 From: Gerg-L Date: Wed, 29 Jan 2025 19:37:48 -0500 Subject: [PATCH 2/5] extract unfree option to it's own module --- nixosModules/misc.nix | 135 ++++++++++++++++++---------------------- nixosModules/unfree.nix | 12 ++++ 2 files changed, 74 insertions(+), 73 deletions(-) create mode 100644 nixosModules/unfree.nix diff --git a/nixosModules/misc.nix b/nixosModules/misc.nix index f114143..0f6a9ef 100644 --- a/nixosModules/misc.nix +++ b/nixosModules/misc.nix @@ -5,82 +5,71 @@ nix-janitor, }: { - options.local.allowedUnfree = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ ]; - }; - config = { - - nixpkgs.config = { - allowAliases = false; - allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) config.local.allowedUnfree; - }; - - local.packages = { - inherit (pkgs) - bottom # view tasks - efibootmgr # efi editor - nix-output-monitor # nom nom nom nom; - nix-tree # view packages - pciutils # lspci - ; - nix-janitor = pkgs.symlinkJoin { - name = "nix-janitor"; - paths = [ nix-janitor.packages.default ]; - nativeBuildInputs = [ pkgs.makeBinaryWrapper ]; - postBuild = '' - wrapProgram "$out/bin/janitor" \ - --suffix PATH : ${lib.makeBinPath [ config.nix.package ]} - ''; - }; - - }; - - programs.git.enable = true; - # Mr sandro why - services.libinput.enable = true; - programs.nano.enable = false; - - environment.defaultPackages = lib.mkForce [ ]; - - #enable ssh - programs.mtr.enable = true; # ping and traceroute - services.openssh = { - enable = true; - hostKeys = lib.mkForce [ - { - path = "/etc/ssh/ssh_host_ed25519_key"; - type = "ed25519"; - } - ]; - settings = { - PermitRootLogin = lib.mkDefault "no"; - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; - }; - - programs.ssh = { - startAgent = true; - agentTimeout = "1m"; - extraConfig = '' - AddKeysToAgent yes + nixpkgs.config.allowAliases = false; + local.packages = { + inherit (pkgs) + bottom # view tasks + efibootmgr # efi editor + nix-output-monitor # nom nom nom nom; + nix-tree # view packages + pciutils # lspci + ; + nix-janitor = pkgs.symlinkJoin { + name = "nix-janitor"; + paths = [ nix-janitor.packages.default ]; + nativeBuildInputs = [ pkgs.makeBinaryWrapper ]; + postBuild = '' + wrapProgram "$out/bin/janitor" \ + --suffix PATH : ${lib.makeBinPath [ config.nix.package ]} ''; }; - i18n.defaultLocale = "en_US.UTF-8"; - #time settings - - time.timeZone = "America/New_York"; - - # For `info` command. - documentation.info.enable = false; - # NixOS manual and such. - documentation.nixos.enable = false; - # Useless with flakes (without configuring) - programs.command-not-found.enable = false; - - system.rebuild.enableNg = true; }; + + programs.git.enable = true; + # Mr sandro why + services.libinput.enable = true; + programs.nano.enable = false; + + environment.defaultPackages = lib.mkForce [ ]; + + #enable ssh + programs.mtr.enable = true; # ping and traceroute + services.openssh = { + enable = true; + hostKeys = lib.mkForce [ + { + path = "/etc/ssh/ssh_host_ed25519_key"; + type = "ed25519"; + } + ]; + settings = { + PermitRootLogin = lib.mkDefault "no"; + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; + }; + + programs.ssh = { + startAgent = true; + agentTimeout = "1m"; + extraConfig = '' + AddKeysToAgent yes + ''; + }; + + i18n.defaultLocale = "en_US.UTF-8"; + #time settings + + time.timeZone = "America/New_York"; + + # For `info` command. + documentation.info.enable = false; + # NixOS manual and such. + documentation.nixos.enable = false; + # Useless with flakes (without configuring) + programs.command-not-found.enable = false; + + system.rebuild.enableNg = true; } diff --git a/nixosModules/unfree.nix b/nixosModules/unfree.nix new file mode 100644 index 0000000..b16744d --- /dev/null +++ b/nixosModules/unfree.nix @@ -0,0 +1,12 @@ +{ lib, config }: +{ + options.local.allowedUnfree = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + }; + + config = { + nixpkgs.config.allowUnfreePredicate = + pkg: builtins.elem (lib.getName pkg) config.local.allowedUnfree; + }; +} From 70c6a69ff3d0cd1f5c0e81c8b39f62168119762d Mon Sep 17 00:00:00 2001 From: Gerg-L Date: Wed, 29 Jan 2025 19:42:16 -0500 Subject: [PATCH 3/5] local.keys add type --- nixosModules/keys.nix | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/nixosModules/keys.nix b/nixosModules/keys.nix index 882961d..b53b7d6 100644 --- a/nixosModules/keys.nix +++ b/nixosModules/keys.nix @@ -1,6 +1,8 @@ { lib }: { - options.local.keys = lib.mkOption { }; + options.local.keys = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + }; config.local.keys = { gerg_gerg-phone = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZKIp3iObuxEUPx1dsMiN3vyMaMQb0N1gKJY78TtRxd"; From e932262310ca8776bc34cc43418f33b20b228c7c Mon Sep 17 00:00:00 2001 From: Gerg-L Date: Wed, 29 Jan 2025 19:54:08 -0500 Subject: [PATCH 4/5] enable userborn --- nixosModules/misc.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixosModules/misc.nix b/nixosModules/misc.nix index 0f6a9ef..cb03c37 100644 --- a/nixosModules/misc.nix +++ b/nixosModules/misc.nix @@ -72,4 +72,5 @@ programs.command-not-found.enable = false; system.rebuild.enableNg = true; + services.userborn.enable = true; } From bfdc54cd542349b91fe4675eac9cb270abbfc79e Mon Sep 17 00:00:00 2001 From: Gerg-L Date: Wed, 29 Jan 2025 21:34:53 -0500 Subject: [PATCH 5/5] move kernel config to it's own file rollback zpools on shutdown instead of startup --- nixosConfigurations/gerg-desktop/boot.nix | 65 --------------------- nixosConfigurations/gerg-desktop/kernel.nix | 44 ++++++++++++++ nixosConfigurations/gerg-desktop/main.nix | 26 +++++---- nixosConfigurations/gerg-desktop/zfs.nix | 56 +++++++++++++----- 4 files changed, 100 insertions(+), 91 deletions(-) create mode 100644 nixosConfigurations/gerg-desktop/kernel.nix diff --git a/nixosConfigurations/gerg-desktop/boot.nix b/nixosConfigurations/gerg-desktop/boot.nix index 40f592f..4529d28 100644 --- a/nixosConfigurations/gerg-desktop/boot.nix +++ b/nixosConfigurations/gerg-desktop/boot.nix @@ -9,7 +9,6 @@ let title Windows efi /shellx64.efi options -nointerrupt -noconsolein -noconsoleout HD2d65535a1:EFI\Microsoft\Boot\Bootmgfw.efi - ''; in { @@ -28,39 +27,6 @@ in ]; boot = { - initrd = { - kernelModules = [ "igc" ]; - network = { - enable = true; - ssh = { - enable = true; - port = 22; - hostKeys = [ "/persist/initrd-keys/ssh_host_ed5519_key" ]; - authorizedKeys = [ config.local.keys.gerg_gerg-phone ]; - }; - }; - systemd = { - # For linuxManualConfig to work: - strip = lib.mkForce false; - network = { - enable = true; - networks.enp11s0 = { - name = "enp11s0"; - address = [ "192.168.1.4/24" ]; - gateway = [ "192.168.1.1" ]; - dns = [ "192.168.1.1" ]; - DHCP = "no"; - linkConfig = { - MACAddress = "D8:5E:D3:E5:47:90"; - RequiredForOnline = "routable"; - }; - }; - wait-online.enable = false; - }; - users.root.shell = "/bin/systemd-tty-ask-password-agent"; - }; - }; - lanzaboote = { enable = true; pkiBundle = "/var/lib/sbctl"; @@ -97,36 +63,5 @@ in timeout = lib.mkForce 5; efi.efiSysMountPoint = "/efi22"; }; - kernelPackages = pkgs.linuxPackagesFor ( - let - version = "6.12.11"; - src = pkgs.fetchurl { - url = "mirror://kernel/linux/kernel/v${builtins.head (lib.splitVersion version)}.x/linux-${version}.tar.xz"; - hash = "sha256-R1Fy/b2HoVPxI6V5Umcudzvbba9bWKQX0aXkGfz+7Ek="; - }; - in - (pkgs.linuxManualConfig { - inherit src; - inherit (config.boot) kernelPatches; - version = "${version}-gerg"; - config = { - CONFIG_RUST = "y"; - CONFIG_MODULES = "y"; - }; - configfile = ./kernelConfig; - }).overrideAttrs - (old: { - passthru = old.passthru or { } // { - features = lib.foldr (x: y: x.features or { } // y) { - efiBootStub = true; - netfilterRPFilter = true; - ia32Emulation = true; - } config.boot.kernelPatches; - }; - meta = old.meta or { } // { - broken = false; - }; - }) - ); }; } diff --git a/nixosConfigurations/gerg-desktop/kernel.nix b/nixosConfigurations/gerg-desktop/kernel.nix new file mode 100644 index 0000000..4e4f20c --- /dev/null +++ b/nixosConfigurations/gerg-desktop/kernel.nix @@ -0,0 +1,44 @@ +{ + lib, + pkgs, + config, +}: +{ + + boot = { + # For linuxManualConfig to work: https://github.com/NixOS/nixpkgs/issues/368249 + initrd.systemd.strip = false; + + kernelPackages = pkgs.linuxPackagesFor ( + let + version = "6.12.11"; + src = pkgs.fetchurl { + url = "mirror://kernel/linux/kernel/v${builtins.head (lib.splitVersion version)}.x/linux-${version}.tar.xz"; + hash = "sha256-R1Fy/b2HoVPxI6V5Umcudzvbba9bWKQX0aXkGfz+7Ek="; + }; + in + (pkgs.linuxManualConfig { + inherit src; + inherit (config.boot) kernelPatches; + version = "${version}-gerg"; + config = { + CONFIG_RUST = "y"; + CONFIG_MODULES = "y"; + }; + configfile = ./kernelConfig; + }).overrideAttrs + (old: { + passthru = old.passthru or { } // { + features = lib.foldr (x: y: x.features or { } // y) { + efiBootStub = true; + netfilterRPFilter = true; + ia32Emulation = true; + } config.boot.kernelPatches; + }; + meta = old.meta or { } // { + broken = false; + }; + }) + ); + }; +} diff --git a/nixosConfigurations/gerg-desktop/main.nix b/nixosConfigurations/gerg-desktop/main.nix index 68861f9..e498566 100644 --- a/nixosConfigurations/gerg-desktop/main.nix +++ b/nixosConfigurations/gerg-desktop/main.nix @@ -58,7 +58,21 @@ nixpkgs-review = pkgs.nixpkgs-review.override { nix = config.nix.package; }; }; }; - boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + boot = { + binfmt.emulatedSystems = [ "aarch64-linux" ]; + + supportedFilesystems.ntfs = true; + initrd = { + availableKernelModules = [ + "nvme" + "xhci_pci" + "ahci" + "usbhid" + "sd_mod" + ]; + includeDefaultModules = false; + }; + }; hardware.nvidia = { package = config.boot.kernelPackages.nvidiaPackages.beta; @@ -213,16 +227,6 @@ root.hashedPassword = "!"; }; }; - boot.initrd = { - availableKernelModules = [ - "nvme" - "xhci_pci" - "ahci" - "usbhid" - "sd_mod" - ]; - includeDefaultModules = false; - }; system.stateVersion = "24.11"; networking.hostName = "gerg-desktop"; diff --git a/nixosConfigurations/gerg-desktop/zfs.nix b/nixosConfigurations/gerg-desktop/zfs.nix index e379cd4..8d020b0 100644 --- a/nixosConfigurations/gerg-desktop/zfs.nix +++ b/nixosConfigurations/gerg-desktop/zfs.nix @@ -1,6 +1,7 @@ { config, lib, + pkgs, }: { #link some stuff @@ -18,9 +19,8 @@ #make sure the sopskey is found sops.age.sshKeyPaths = lib.mkForce [ "/persist/ssh/ssh_host_ed25519_key" ]; fileSystems."/persist".neededForBoot = true; - boot = { - supportedFilesystems.ntfs = true; + boot = { zfs = { devNodes = "/dev/disk/by-id/"; forceImportAll = true; @@ -35,23 +35,49 @@ "dm_mod" #keyboard module for zfs password "hid_generic" + #stage one internet + "igc" ]; - systemd.services.rollback = { - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; + network = { + enable = true; + ssh = { + enable = true; + port = 22; + hostKeys = [ "/persist/initrd-keys/ssh_host_ed5519_key" ]; + authorizedKeys = [ config.local.keys.gerg_gerg-phone ]; }; - unitConfig.DefaultDependencies = "no"; - wantedBy = [ "initrd.target" ]; - after = [ "zfs-import.target" ]; - before = [ "sysroot.mount" ]; - path = [ config.boot.zfs.package ]; - script = '' - zfs rollback -r rpool/root@empty - zfs rollback -r rpool/var@empty - ''; + }; + systemd = { + network = { + enable = true; + networks.enp11s0 = { + name = "enp11s0"; + address = [ "192.168.1.4/24" ]; + gateway = [ "192.168.1.1" ]; + dns = [ "192.168.1.1" ]; + DHCP = "no"; + linkConfig = { + MACAddress = "D8:5E:D3:E5:47:90"; + RequiredForOnline = "routable"; + }; + }; + wait-online.enable = false; + }; + users.root.shell = "/bin/systemd-tty-ask-password-agent"; }; }; }; + + systemd.shutdownRamfs = { + enable = true; + contents."/etc/systemd/system-shutdown/zfs-rollback".source = + pkgs.writeShellScript "zfs-rollback" '' + zfs='${lib.getExe config.boot.zfs.package}' + zfs rollback -r rpool/root@empty + zfs rollback -r rpool/var@empty + ''; + storePaths = [ (lib.getExe config.boot.zfs.package) ]; + }; + }