gerg-l/nixos
1
0
Fork 0
mirror of https://github.com/Gerg-L/nixos.git synced 2025-12-10 00:43:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: gerg-l:bfdc54cd542349b91fe4675eac9cb270abbfc79e
Branches Tags
gerg-l:master
..
compare: gerg-l:86c5ddb05f2693467fda83e018c11b182b100afc
Branches Tags
gerg-l:master

No commits in common. "bfdc54cd542349b91fe4675eac9cb270abbfc79e" and "86c5ddb05f2693467fda83e018c11b182b100afc" have entirely different histories.
bfdc54cd54 ... 86c5ddb05f

7 changed files with 166 additions and 179 deletions
Download patch file Download diff file Expand all files Collapse all files

65
nixosConfigurations/gerg-desktop/boot.nix
View file

@ -9,6 +9,7 @@ let
title Windows
efi /shellx64.efi
options -nointerrupt -noconsolein -noconsoleout HD2d65535a1:EFI\Microsoft\Boot\Bootmgfw.efi
'';
in
{
@ -27,6 +28,39 @@ in
];
boot = {
initrd = {
kernelModules = [ "igc" ];
network = {
enable = true;
ssh = {
enable = true;
port = 22;
hostKeys = [ "/persist/initrd-keys/ssh_host_ed5519_key" ];
authorizedKeys = [ config.local.keys.gerg_gerg-phone ];
};
};
systemd = {
# For linuxManualConfig to work:
strip = lib.mkForce false;
network = {
enable = true;
networks.enp11s0 = {
name = "enp11s0";
address = [ "192.168.1.4/24" ];
gateway = [ "192.168.1.1" ];
dns = [ "192.168.1.1" ];
DHCP = "no";
linkConfig = {
MACAddress = "D8:5E:D3:E5:47:90";
RequiredForOnline = "routable";
};
};
wait-online.enable = false;
};
users.root.shell = "/bin/systemd-tty-ask-password-agent";
};
};
lanzaboote = {
enable = true;
pkiBundle = "/var/lib/sbctl";
@ -63,5 +97,36 @@ in
timeout = lib.mkForce 5;
efi.efiSysMountPoint = "/efi22";
};
kernelPackages = pkgs.linuxPackagesFor (
let
version = "6.12.11";
src = pkgs.fetchurl {
url = "mirror://kernel/linux/kernel/v${builtins.head (lib.splitVersion version)}.x/linux-${version}.tar.xz";
hash = "sha256-R1Fy/b2HoVPxI6V5Umcudzvbba9bWKQX0aXkGfz+7Ek=";
};
in
(pkgs.linuxManualConfig {
inherit src;
inherit (config.boot) kernelPatches;
version = "${version}-gerg";
config = {
CONFIG_RUST = "y";
CONFIG_MODULES = "y";
};
configfile = ./kernelConfig;
}).overrideAttrs
(old: {
passthru = old.passthru or { } // {
features = lib.foldr (x: y: x.features or { } // y) {
efiBootStub = true;
netfilterRPFilter = true;
ia32Emulation = true;
} config.boot.kernelPatches;
};
meta = old.meta or { } // {
broken = false;
};
})
);
};
}

44
nixosConfigurations/gerg-desktop/kernel.nix
View file

@ -1,44 +0,0 @@
{
lib,
pkgs,
config,
}:
{
boot = {
# For linuxManualConfig to work: https://github.com/NixOS/nixpkgs/issues/368249
initrd.systemd.strip = false;
kernelPackages = pkgs.linuxPackagesFor (
let
version = "6.12.11";
src = pkgs.fetchurl {
url = "mirror://kernel/linux/kernel/v${builtins.head (lib.splitVersion version)}.x/linux-${version}.tar.xz";
hash = "sha256-R1Fy/b2HoVPxI6V5Umcudzvbba9bWKQX0aXkGfz+7Ek=";
};
in
(pkgs.linuxManualConfig {
inherit src;
inherit (config.boot) kernelPatches;
version = "${version}-gerg";
config = {
CONFIG_RUST = "y";
CONFIG_MODULES = "y";
};
configfile = ./kernelConfig;
}).overrideAttrs
(old: {
passthru = old.passthru or { } // {
features = lib.foldr (x: y: x.features or { } // y) {
efiBootStub = true;
netfilterRPFilter = true;
ia32Emulation = true;
} config.boot.kernelPatches;
};
meta = old.meta or { } // {
broken = false;
};
})
);
};
}

28
nixosConfigurations/gerg-desktop/main.nix
View file

@ -41,7 +41,7 @@
prismlauncher
deadnix
statix
element-desktop
#element-desktop
vesktop
gh
nixfmt-rfc-style
@ -58,21 +58,7 @@
nixpkgs-review = pkgs.nixpkgs-review.override { nix = config.nix.package; };
};
};
boot = {
binfmt.emulatedSystems = [ "aarch64-linux" ];
supportedFilesystems.ntfs = true;
initrd = {
availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"sd_mod"
];
includeDefaultModules = false;
};
};
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
hardware.nvidia = {
package = config.boot.kernelPackages.nvidiaPackages.beta;
@ -227,6 +213,16 @@
root.hashedPassword = "!";
};
};
boot.initrd = {
availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"sd_mod"
];
includeDefaultModules = false;
};
system.stateVersion = "24.11";
networking.hostName = "gerg-desktop";

56
nixosConfigurations/gerg-desktop/zfs.nix
View file

@ -1,7 +1,6 @@
{
config,
lib,
pkgs,
}:
{
#link some stuff
@ -19,8 +18,9 @@
#make sure the sopskey is found
sops.age.sshKeyPaths = lib.mkForce [ "/persist/ssh/ssh_host_ed25519_key" ];
fileSystems."/persist".neededForBoot = true;
boot = {
supportedFilesystems.ntfs = true;
zfs = {
devNodes = "/dev/disk/by-id/";
forceImportAll = true;
@ -35,49 +35,23 @@
"dm_mod"
#keyboard module for zfs password
"hid_generic"
#stage one internet
"igc"
];
network = {
enable = true;
ssh = {
enable = true;
port = 22;
hostKeys = [ "/persist/initrd-keys/ssh_host_ed5519_key" ];
authorizedKeys = [ config.local.keys.gerg_gerg-phone ];
systemd.services.rollback = {
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
};
systemd = {
network = {
enable = true;
networks.enp11s0 = {
name = "enp11s0";
address = [ "192.168.1.4/24" ];
gateway = [ "192.168.1.1" ];
dns = [ "192.168.1.1" ];
DHCP = "no";
linkConfig = {
MACAddress = "D8:5E:D3:E5:47:90";
RequiredForOnline = "routable";
};
};
wait-online.enable = false;
};
users.root.shell = "/bin/systemd-tty-ask-password-agent";
unitConfig.DefaultDependencies = "no";
wantedBy = [ "initrd.target" ];
after = [ "zfs-import.target" ];
before = [ "sysroot.mount" ];
path = [ config.boot.zfs.package ];
script = ''
zfs rollback -r rpool/root@empty
zfs rollback -r rpool/var@empty
'';
};
};
};
systemd.shutdownRamfs = {
enable = true;
contents."/etc/systemd/system-shutdown/zfs-rollback".source =
pkgs.writeShellScript "zfs-rollback" ''
zfs='${lib.getExe config.boot.zfs.package}'
zfs rollback -r rpool/root@empty
zfs rollback -r rpool/var@empty
'';
storePaths = [ (lib.getExe config.boot.zfs.package) ];
};
}

4
nixosModules/keys.nix
View file

@ -1,8 +1,6 @@
{ lib }:
{
options.local.keys = lib.mkOption {
type = lib.types.attrsOf lib.types.str;
};
options.local.keys = lib.mkOption { };
config.local.keys = {
gerg_gerg-phone = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZKIp3iObuxEUPx1dsMiN3vyMaMQb0N1gKJY78TtRxd";

136
nixosModules/misc.nix
View file

@ -5,72 +5,82 @@
nix-janitor,
}:
{
options.local.allowedUnfree = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
nixpkgs.config.allowAliases = false;
local.packages = {
inherit (pkgs)
bottom # view tasks
efibootmgr # efi editor
nix-output-monitor # nom nom nom nom;
nix-tree # view packages
pciutils # lspci
;
nix-janitor = pkgs.symlinkJoin {
name = "nix-janitor";
paths = [ nix-janitor.packages.default ];
nativeBuildInputs = [ pkgs.makeBinaryWrapper ];
postBuild = ''
wrapProgram "$out/bin/janitor" \
--suffix PATH : ${lib.makeBinPath [ config.nix.package ]}
config = {
nixpkgs.config = {
allowAliases = false;
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) config.local.allowedUnfree;
};
local.packages = {
inherit (pkgs)
bottom # view tasks
efibootmgr # efi editor
nix-output-monitor # nom nom nom nom;
nix-tree # view packages
pciutils # lspci
;
nix-janitor = pkgs.symlinkJoin {
name = "nix-janitor";
paths = [ nix-janitor.packages.default ];
nativeBuildInputs = [ pkgs.makeBinaryWrapper ];
postBuild = ''
wrapProgram "$out/bin/janitor" \
--suffix PATH : ${lib.makeBinPath [ config.nix.package ]}
'';
};
};
programs.git.enable = true;
# Mr sandro why
services.libinput.enable = true;
programs.nano.enable = false;
environment.defaultPackages = lib.mkForce [ ];
#enable ssh
programs.mtr.enable = true; # ping and traceroute
services.openssh = {
enable = true;
hostKeys = lib.mkForce [
{
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
];
settings = {
PermitRootLogin = lib.mkDefault "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
programs.ssh = {
startAgent = true;
agentTimeout = "1m";
extraConfig = ''
AddKeysToAgent yes
'';
};
i18n.defaultLocale = "en_US.UTF-8";
#time settings
time.timeZone = "America/New_York";
# For `info` command.
documentation.info.enable = false;
# NixOS manual and such.
documentation.nixos.enable = false;
# Useless with flakes (without configuring)
programs.command-not-found.enable = false;
system.rebuild.enableNg = true;
};
programs.git.enable = true;
# Mr sandro why
services.libinput.enable = true;
programs.nano.enable = false;
environment.defaultPackages = lib.mkForce [ ];
#enable ssh
programs.mtr.enable = true; # ping and traceroute
services.openssh = {
enable = true;
hostKeys = lib.mkForce [
{
path = "/etc/ssh/ssh_host_ed25519_key";
type = "ed25519";
}
];
settings = {
PermitRootLogin = lib.mkDefault "no";
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
programs.ssh = {
startAgent = true;
agentTimeout = "1m";
extraConfig = ''
AddKeysToAgent yes
'';
};
i18n.defaultLocale = "en_US.UTF-8";
#time settings
time.timeZone = "America/New_York";
# For `info` command.
documentation.info.enable = false;
# NixOS manual and such.
documentation.nixos.enable = false;
# Useless with flakes (without configuring)
programs.command-not-found.enable = false;
system.rebuild.enableNg = true;
services.userborn.enable = true;
}

12
nixosModules/unfree.nix
View file

@ -1,12 +0,0 @@
{ lib, config }:
{
options.local.allowedUnfree = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
config = {
nixpkgs.config.allowUnfreePredicate =
pkg: builtins.elem (lib.getName pkg) config.local.allowedUnfree;
};
}