gerg-l/nixos
1
0
Fork 0
mirror of https://github.com/Gerg-L/nixos.git synced 2025-12-10 00:43:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: gerg-l:bfdc54cd542349b91fe4675eac9cb270abbfc79e
Branches Tags
gerg-l:master
..
compare: gerg-l:86c5ddb05f2693467fda83e018c11b182b100afc
Branches Tags
gerg-l:master

No commits in common. "bfdc54cd542349b91fe4675eac9cb270abbfc79e" and "86c5ddb05f2693467fda83e018c11b182b100afc" have entirely different histories.
bfdc54cd54 ... 86c5ddb05f

7 changed files with 166 additions and 179 deletions
Download patch file Download diff file Expand all files Collapse all files

65
nixosConfigurations/gerg-desktop/boot.nix
View file

@ -9,6 +9,7 @@ let
title Windows title Windows
efi /shellx64.efi efi /shellx64.efi
options -nointerrupt -noconsolein -noconsoleout HD2d65535a1:EFI\Microsoft\Boot\Bootmgfw.efi options -nointerrupt -noconsolein -noconsoleout HD2d65535a1:EFI\Microsoft\Boot\Bootmgfw.efi
''; '';
in in
{ {
@ -27,6 +28,39 @@ in
]; ];
boot = { boot = {
initrd = {
kernelModules = [ "igc" ];
network = {
enable = true;
ssh = {
enable = true;
port = 22;
hostKeys = [ "/persist/initrd-keys/ssh_host_ed5519_key" ];
authorizedKeys = [ config.local.keys.gerg_gerg-phone ];
};
};
systemd = {
# For linuxManualConfig to work:
strip = lib.mkForce false;
network = {
enable = true;
networks.enp11s0 = {
name = "enp11s0";
address = [ "192.168.1.4/24" ];
gateway = [ "192.168.1.1" ];
dns = [ "192.168.1.1" ];
DHCP = "no";
linkConfig = {
MACAddress = "D8:5E:D3:E5:47:90";
RequiredForOnline = "routable";
};
};
wait-online.enable = false;
};
users.root.shell = "/bin/systemd-tty-ask-password-agent";
};
};
lanzaboote = { lanzaboote = {
enable = true; enable = true;
pkiBundle = "/var/lib/sbctl"; pkiBundle = "/var/lib/sbctl";
@ -63,5 +97,36 @@ in
timeout = lib.mkForce 5; timeout = lib.mkForce 5;
efi.efiSysMountPoint = "/efi22"; efi.efiSysMountPoint = "/efi22";
}; };
kernelPackages = pkgs.linuxPackagesFor (
let
version = "6.12.11";
src = pkgs.fetchurl {
url = "mirror://kernel/linux/kernel/v${builtins.head (lib.splitVersion version)}.x/linux-${version}.tar.xz";
hash = "sha256-R1Fy/b2HoVPxI6V5Umcudzvbba9bWKQX0aXkGfz+7Ek=";
};
in
(pkgs.linuxManualConfig {
inherit src;
inherit (config.boot) kernelPatches;
version = "${version}-gerg";
config = {
CONFIG_RUST = "y";
CONFIG_MODULES = "y";
};
configfile = ./kernelConfig;
}).overrideAttrs
(old: {
passthru = old.passthru or { } // {
features = lib.foldr (x: y: x.features or { } // y) {
efiBootStub = true;
netfilterRPFilter = true;
ia32Emulation = true;
} config.boot.kernelPatches;
};
meta = old.meta or { } // {
broken = false;
};
})
);
}; };
} }

44
nixosConfigurations/gerg-desktop/kernel.nix
View file

@ -1,44 +0,0 @@
{
lib,
pkgs,
config,
}:
{
boot = {
# For linuxManualConfig to work: https://github.com/NixOS/nixpkgs/issues/368249
initrd.systemd.strip = false;
kernelPackages = pkgs.linuxPackagesFor (
let
version = "6.12.11";
src = pkgs.fetchurl {
url = "mirror://kernel/linux/kernel/v${builtins.head (lib.splitVersion version)}.x/linux-${version}.tar.xz";
hash = "sha256-R1Fy/b2HoVPxI6V5Umcudzvbba9bWKQX0aXkGfz+7Ek=";
};
in
(pkgs.linuxManualConfig {
inherit src;
inherit (config.boot) kernelPatches;
version = "${version}-gerg";
config = {
CONFIG_RUST = "y";
CONFIG_MODULES = "y";
};
configfile = ./kernelConfig;
}).overrideAttrs
(old: {
passthru = old.passthru or { } // {
features = lib.foldr (x: y: x.features or { } // y) {
efiBootStub = true;
netfilterRPFilter = true;
ia32Emulation = true;
} config.boot.kernelPatches;
};
meta = old.meta or { } // {
broken = false;
};
})
);
};
}

28
nixosConfigurations/gerg-desktop/main.nix
View file

@ -41,7 +41,7 @@
prismlauncher prismlauncher
deadnix deadnix
statix statix
element-desktop #element-desktop
vesktop vesktop
gh gh
nixfmt-rfc-style nixfmt-rfc-style
@ -58,21 +58,7 @@
nixpkgs-review = pkgs.nixpkgs-review.override { nix = config.nix.package; }; nixpkgs-review = pkgs.nixpkgs-review.override { nix = config.nix.package; };
}; };
}; };
boot = { boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
binfmt.emulatedSystems = [ "aarch64-linux" ];
supportedFilesystems.ntfs = true;
initrd = {
availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"sd_mod"
];
includeDefaultModules = false;
};
};
hardware.nvidia = { hardware.nvidia = {
package = config.boot.kernelPackages.nvidiaPackages.beta; package = config.boot.kernelPackages.nvidiaPackages.beta;
@ -227,6 +213,16 @@
root.hashedPassword = "!"; root.hashedPassword = "!";
}; };
}; };
boot.initrd = {
availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"sd_mod"
];
includeDefaultModules = false;
};
system.stateVersion = "24.11"; system.stateVersion = "24.11";
networking.hostName = "gerg-desktop"; networking.hostName = "gerg-desktop";

54
nixosConfigurations/gerg-desktop/zfs.nix
View file

@ -1,7 +1,6 @@
{ {
config, config,
lib, lib,
pkgs,
}: }:
{ {
#link some stuff #link some stuff
@ -19,8 +18,9 @@
#make sure the sopskey is found #make sure the sopskey is found
sops.age.sshKeyPaths = lib.mkForce [ "/persist/ssh/ssh_host_ed25519_key" ]; sops.age.sshKeyPaths = lib.mkForce [ "/persist/ssh/ssh_host_ed25519_key" ];
fileSystems."/persist".neededForBoot = true; fileSystems."/persist".neededForBoot = true;
boot = { boot = {
supportedFilesystems.ntfs = true;
zfs = { zfs = {
devNodes = "/dev/disk/by-id/"; devNodes = "/dev/disk/by-id/";
forceImportAll = true; forceImportAll = true;
@ -35,49 +35,23 @@
"dm_mod" "dm_mod"
#keyboard module for zfs password #keyboard module for zfs password
"hid_generic" "hid_generic"
#stage one internet
"igc"
]; ];
network = { systemd.services.rollback = {
enable = true; serviceConfig = {
ssh = { Type = "oneshot";
enable = true; RemainAfterExit = true;
port = 22;
hostKeys = [ "/persist/initrd-keys/ssh_host_ed5519_key" ];
authorizedKeys = [ config.local.keys.gerg_gerg-phone ];
}; };
}; unitConfig.DefaultDependencies = "no";
systemd = { wantedBy = [ "initrd.target" ];
network = { after = [ "zfs-import.target" ];
enable = true; before = [ "sysroot.mount" ];
networks.enp11s0 = { path = [ config.boot.zfs.package ];
name = "enp11s0"; script = ''
address = [ "192.168.1.4/24" ];
gateway = [ "192.168.1.1" ];
dns = [ "192.168.1.1" ];
DHCP = "no";
linkConfig = {
MACAddress = "D8:5E:D3:E5:47:90";
RequiredForOnline = "routable";
};
};
wait-online.enable = false;
};
users.root.shell = "/bin/systemd-tty-ask-password-agent";
};
};
};
systemd.shutdownRamfs = {
enable = true;
contents."/etc/systemd/system-shutdown/zfs-rollback".source =
pkgs.writeShellScript "zfs-rollback" ''
zfs='${lib.getExe config.boot.zfs.package}'
zfs rollback -r rpool/root@empty zfs rollback -r rpool/root@empty
zfs rollback -r rpool/var@empty zfs rollback -r rpool/var@empty
''; '';
storePaths = [ (lib.getExe config.boot.zfs.package) ];
}; };
};
};
} }

4
nixosModules/keys.nix
View file

@ -1,8 +1,6 @@
{ lib }: { lib }:
{ {
options.local.keys = lib.mkOption { options.local.keys = lib.mkOption { };
type = lib.types.attrsOf lib.types.str;
};
config.local.keys = { config.local.keys = {
gerg_gerg-phone = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZKIp3iObuxEUPx1dsMiN3vyMaMQb0N1gKJY78TtRxd"; gerg_gerg-phone = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZKIp3iObuxEUPx1dsMiN3vyMaMQb0N1gKJY78TtRxd";

14
nixosModules/misc.nix
View file

@ -5,8 +5,18 @@
nix-janitor, nix-janitor,
}: }:
{ {
options.local.allowedUnfree = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
config = {
nixpkgs.config = {
allowAliases = false;
allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) config.local.allowedUnfree;
};
nixpkgs.config.allowAliases = false;
local.packages = { local.packages = {
inherit (pkgs) inherit (pkgs)
bottom # view tasks bottom # view tasks
@ -72,5 +82,5 @@
programs.command-not-found.enable = false; programs.command-not-found.enable = false;
system.rebuild.enableNg = true; system.rebuild.enableNg = true;
services.userborn.enable = true; };
} }

12
nixosModules/unfree.nix
View file

@ -1,12 +0,0 @@
{ lib, config }:
{
options.local.allowedUnfree = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
config = {
nixpkgs.config.allowUnfreePredicate =
pkg: builtins.elem (lib.getName pkg) config.local.allowedUnfree;
};
}