From 863ba3719431cb11a921969056b9bc98b3759288 Mon Sep 17 00:00:00 2001 From: Christoph Hollizeck Date: Sun, 26 Jan 2025 16:07:12 +0100 Subject: [PATCH 1/8] 1password: setup agent declaratively and allow forwarding --- modules/nixos/apps/_1password/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/nixos/apps/_1password/default.nix b/modules/nixos/apps/_1password/default.nix index ab0e244..5478cbd 100644 --- a/modules/nixos/apps/_1password/default.nix +++ b/modules/nixos/apps/_1password/default.nix @@ -25,5 +25,11 @@ in polkitPolicyOwners = [ config.${namespace}.user.name ]; }; }; + + ${namespace}.home.file.".ssh/config".text = '' + Host * + ForwardAgent yes + IdentityAgent ~/.1password/agent.sock + ''; }; } From d3bf14d5bd5a17a5e711dd350f3f2ca7d01c78f2 Mon Sep 17 00:00:00 2001 From: Christoph Hollizeck Date: Sun, 26 Jan 2025 16:07:53 +0100 Subject: [PATCH 2/8] helix: update default ignore list --- modules/nixos/apps/cli-apps/helix/default.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/modules/nixos/apps/cli-apps/helix/default.nix b/modules/nixos/apps/cli-apps/helix/default.nix index 32cd35c..095f6a6 100644 --- a/modules/nixos/apps/cli-apps/helix/default.nix +++ b/modules/nixos/apps/cli-apps/helix/default.nix @@ -36,9 +36,10 @@ in ${namespace} = { home.extraOptions = { home.file.".config/helix/ignore".text = '' - # unignore in file picker and global search .idea/ !**/appsettings.json + .direnv/ + .devenv/ ''; catppuccin.helix.enable = true; From 27d69ef5e95a0cd472e22479a925c7be383496ec Mon Sep 17 00:00:00 2001 From: Christoph Hollizeck Date: Sun, 26 Jan 2025 16:08:09 +0100 Subject: [PATCH 3/8] chore: update flake --- flake.lock | 262 +++++++++++++++++++++++++++-------------------------- 1 file changed, 134 insertions(+), 128 deletions(-) diff --git a/flake.lock b/flake.lock index 3e3d02c..68ea2ad 100644 --- a/flake.lock +++ b/flake.lock @@ -134,11 +134,11 @@ "rust-analyzer-src": "rust-analyzer-src" }, "locked": { - "lastModified": 1737700483, - "narHash": "sha256-1778bR4GDDc51/iZQvcshGLZ4JU87zCzqei8Hn7vU1A=", + "lastModified": 1737873155, + "narHash": "sha256-6g9lSb6Vq/NnXdqKSSzQ09Wd2kK/mWIvv3ZrVhLYUOg=", "owner": "nix-community", "repo": "fenix", - "rev": "bab2a2840bc2d5ae7c6a133602185edbe4ca7daa", + "rev": "11391594600c119f02b3ee864decca1d6767f1b6", "type": "github" }, "original": { @@ -335,7 +335,7 @@ }, "flake-utils_3": { "inputs": { - "systems": "systems_6" + "systems": "systems_5" }, "locked": { "lastModified": 1694529238, @@ -399,11 +399,11 @@ "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1737677675, - "narHash": "sha256-a6VO9JFCif+4ipdszBcQO772QLmBtj9Ai5iAgi/4+/U=", + "lastModified": 1737868873, + "narHash": "sha256-kZe1ME1ZI4tDw4+mFxlet8dxGdp5GN67Y167fqSqcbs=", "owner": "helix-editor", "repo": "helix", - "rev": "a63a2ad281b5f651effd29efa4e34f504507d0da", + "rev": "aac0ce5fd13df7f275b6523da58dec1ec054a8c8", "type": "github" }, "original": { @@ -419,11 +419,11 @@ ] }, "locked": { - "lastModified": 1737704314, - "narHash": "sha256-zta8jvOQ2wRCZmiwFEnS5iCulWAh8e+fLUlQxrgOBjM=", + "lastModified": 1737762889, + "narHash": "sha256-5HGG09bh/Yx0JA8wtBMAzt0HMCL1bYZ93x4IqzVExio=", "owner": "nix-community", "repo": "home-manager", - "rev": "a0428685572b134f6594e7d7f5db5e1febbab2d7", + "rev": "daf04c5950b676f47a794300657f1d3d14c1a120", "type": "github" }, "original": { @@ -548,19 +548,19 @@ "hyprland-protocols": "hyprland-protocols", "hyprland-qtutils": "hyprland-qtutils", "hyprlang": "hyprlang_2", - "hyprutils": "hyprutils", + "hyprutils": "hyprutils_2", "hyprwayland-scanner": "hyprwayland-scanner", - "nixpkgs": "nixpkgs_3", + "nixpkgs": "nixpkgs_2", "pre-commit-hooks": "pre-commit-hooks", - "systems": "systems_3", + "systems": "systems_2", "xdph": "xdph" }, "locked": { - "lastModified": 1737679787, - "narHash": "sha256-fW7Mvd5/SYZbPry3fh/llFH8QfIb7ZbXTJGQpLvS04c=", + "lastModified": 1737896452, + "narHash": "sha256-ODynzEy3QDWH+ubUsNC1eAhHj8U84c7Hew7k12cAJEI=", "owner": "hyprwm", "repo": "Hyprland", - "rev": "4a1b960cbedb3e2893eeadecdf2b4a7314634306", + "rev": "4abf9155ee67ee09116948b1d9efef58c08697d9", "type": "github" }, "original": { @@ -669,11 +669,11 @@ ] }, "locked": { - "lastModified": 1737634810, - "narHash": "sha256-ZIJ03DeisbQuDaADSgmbgyocjecaozK4yGTa0/9bOr0=", + "lastModified": 1737811848, + "narHash": "sha256-WZ7LeiKHk5Y94MU5gHIWn0r8asWxYOvie4LqfCjVIZU=", "owner": "hyprwm", "repo": "hyprland-qtutils", - "rev": "a9852dbf5a1ec77cf617543728144c1362709e46", + "rev": "9c0831ff98856c0f312fcb8b57553fbe3dd34d5b", "type": "github" }, "original": { @@ -684,13 +684,19 @@ }, "hyprlang": { "inputs": { - "hyprutils": [ + "hyprutils": "hyprutils", + "nixpkgs": [ "hyprland", "hyprland-qtutils", - "hyprutils" + "hyprland-qt-support", + "nixpkgs" ], - "nixpkgs": "nixpkgs_2", - "systems": "systems_2" + "systems": [ + "hyprland", + "hyprland-qtutils", + "hyprland-qt-support", + "systems" + ] }, "locked": { "lastModified": 1737634606, @@ -768,17 +774,17 @@ "inputs": { "hyprgraphics": "hyprgraphics_2", "hyprlang": "hyprlang_3", - "hyprutils": "hyprutils_2", + "hyprutils": "hyprutils_3", "hyprwayland-scanner": "hyprwayland-scanner_2", - "nixpkgs": "nixpkgs_4", - "systems": "systems_4" + "nixpkgs": "nixpkgs_3", + "systems": "systems_3" }, "locked": { - "lastModified": 1737635493, - "narHash": "sha256-4hUhIyLyxNjRc7cuGDojEGHvAgtoP4/82qOpENTEAfs=", + "lastModified": 1737837801, + "narHash": "sha256-i7nKSo/FGU5Sjq2xM+UFahZHqqrjZn5WUekOZFsjO2w=", "owner": "hyprwm", "repo": "hyprlock", - "rev": "742eb98c6a7082eb7bbaa609502f19f8b2035592", + "rev": "e77bc92b99e06ee66ccd684afbfe3a743af1f01d", "type": "github" }, "original": { @@ -790,14 +796,14 @@ "hyprpanel": { "inputs": { "ags": "ags", - "nixpkgs": "nixpkgs_5" + "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1737350675, - "narHash": "sha256-Zy2PidkAOYDvnFgZO+QFDYywQAPtA/xi7SuZLVd+ZyM=", + "lastModified": 1737793455, + "narHash": "sha256-sVy0QU4fpZsUWj5B8t6jUNZHzVLC22+HYqcFG9pKPik=", "owner": "Jas-SinghFSU", "repo": "HyprPanel", - "rev": "562eb64e12047cb3a4ef5db2e9df19f9a726ae7c", + "rev": "74065af3d2aa576e8b183d720033c3eece3deb70", "type": "github" }, "original": { @@ -810,10 +816,16 @@ "inputs": { "nixpkgs": [ "hyprland", + "hyprland-qtutils", + "hyprland-qt-support", + "hyprlang", "nixpkgs" ], "systems": [ "hyprland", + "hyprland-qtutils", + "hyprland-qt-support", + "hyprlang", "systems" ] }, @@ -832,6 +844,31 @@ } }, "hyprutils_2": { + "inputs": { + "nixpkgs": [ + "hyprland", + "nixpkgs" + ], + "systems": [ + "hyprland", + "systems" + ] + }, + "locked": { + "lastModified": 1737725508, + "narHash": "sha256-jGmcPc6y/prg/4A8KGYqJ27nSPaProCMiFadaxNAKvA=", + "owner": "hyprwm", + "repo": "hyprutils", + "rev": "fb0c2d1de3d1ef7396d19c18ac09e12bd956929e", + "type": "github" + }, + "original": { + "owner": "hyprwm", + "repo": "hyprutils", + "type": "github" + } + }, + "hyprutils_3": { "inputs": { "nixpkgs": [ "hyprlock", @@ -943,15 +980,15 @@ "nix-gaming": { "inputs": { "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs_6", + "nixpkgs": "nixpkgs_5", "umu": "umu" }, "locked": { - "lastModified": 1737596278, - "narHash": "sha256-OEdGZ6TTHXGB791VvhErq4Nro54NQzzDAO0G0WfK2kw=", + "lastModified": 1737855374, + "narHash": "sha256-RRGX2C+c+GaR3YMiYm6l/Tp5N/KZtYpiTplUrBwH/og=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "10f37dc9be5d79fec72b46b670ece4783a83a13a", + "rev": "4845fe94cda365c7550d9fd1ef899d45df0bc18a", "type": "github" }, "original": { @@ -982,11 +1019,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1737590910, - "narHash": "sha256-qM/y6Dtpu9Wmf5HqeZajQdn+cS0aljdYQQQnrvx+LJE=", + "lastModified": 1737751639, + "narHash": "sha256-ZEbOJ9iT72iwqXsiEMbEa8wWjyFvRA9Ugx8utmYbpz4=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "9368027715d8dde4b84c79c374948b5306fdd2db", + "rev": "dfad538f751a5aa5d4436d9781ab27a6128ec9d4", "type": "github" }, "original": { @@ -1077,11 +1114,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1737718686, - "narHash": "sha256-UP9jw+MUINLBMcC09hr9xf+05jsRnTOvLRyOKis8giI=", + "lastModified": 1737897534, + "narHash": "sha256-0CbrdmdFH1hMHyKUIfMXAMmqF78wfnbvL0VMTXyz8VY=", "owner": "nixos", "repo": "nixpkgs", - "rev": "defe5870670e9fe4d0a8a04e0e58ec60c7745bb1", + "rev": "cf577e430899f96e0214a9d83f8f6905922611dd", "type": "github" }, "original": { @@ -1093,27 +1130,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1737632463, - "narHash": "sha256-38J9QfeGSej341ouwzqf77WIHAScihAKCt8PQJ+NH28=", + "lastModified": 1737746512, + "narHash": "sha256-nU6AezEX4EuahTO1YopzueAXfjFfmCHylYEFCagduHU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "0aa475546ed21629c4f5bbf90e38c846a99ec9e9", - "type": "github" - }, - "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_10": { - "locked": { - "lastModified": 1735471104, - "narHash": "sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "88195a94f390381c6afcdaa933c2f6ff93959cb4", + "rev": "825479c345a7f806485b7f00dbe3abb50641b083", "type": "github" }, "original": { @@ -1125,11 +1146,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1737469691, - "narHash": "sha256-nmKOgAU48S41dTPIXAq0AHZSehWUn6ZPrUKijHAMmIk=", + "lastModified": 1737632463, + "narHash": "sha256-38J9QfeGSej341ouwzqf77WIHAScihAKCt8PQJ+NH28=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9e4d5190a9482a1fb9d18adf0bdb83c6e506eaab", + "rev": "0aa475546ed21629c4f5bbf90e38c846a99ec9e9", "type": "github" }, "original": { @@ -1156,22 +1177,6 @@ } }, "nixpkgs_4": { - "locked": { - "lastModified": 1737469691, - "narHash": "sha256-nmKOgAU48S41dTPIXAq0AHZSehWUn6ZPrUKijHAMmIk=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "9e4d5190a9482a1fb9d18adf0bdb83c6e506eaab", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_5": { "locked": { "lastModified": 1736344531, "narHash": "sha256-8YVQ9ZbSfuUk2bUf2KRj60NRraLPKPS0Q4QFTbc+c2c=", @@ -1187,13 +1192,13 @@ "type": "github" } }, - "nixpkgs_6": { + "nixpkgs_5": { "locked": { - "lastModified": 1737003892, - "narHash": "sha256-RCzJE9wKByLCXmRBp+z8LK9EgdW+K+W/DXnJS4S/NVo=", + "lastModified": 1737717945, + "narHash": "sha256-ET91TMkab3PmOZnqiJQYOtSGvSTvGeHoegAv4zcTefM=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "ae06b9c2d83cb5c8b12d7d0e32692e93d1379713", + "rev": "ecd26a469ac56357fd333946a99086e992452b6a", "type": "github" }, "original": { @@ -1203,13 +1208,13 @@ "type": "github" } }, - "nixpkgs_7": { + "nixpkgs_6": { "locked": { - "lastModified": 1737632463, - "narHash": "sha256-38J9QfeGSej341ouwzqf77WIHAScihAKCt8PQJ+NH28=", + "lastModified": 1737746512, + "narHash": "sha256-nU6AezEX4EuahTO1YopzueAXfjFfmCHylYEFCagduHU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "0aa475546ed21629c4f5bbf90e38c846a99ec9e9", + "rev": "825479c345a7f806485b7f00dbe3abb50641b083", "type": "github" }, "original": { @@ -1219,7 +1224,7 @@ "type": "github" } }, - "nixpkgs_8": { + "nixpkgs_7": { "locked": { "lastModified": 1717602782, "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", @@ -1234,7 +1239,7 @@ "type": "indirect" } }, - "nixpkgs_9": { + "nixpkgs_8": { "locked": { "lastModified": 1731763621, "narHash": "sha256-ddcX4lQL0X05AYkrkV2LMFgGdRvgap7Ho8kgon3iWZk=", @@ -1250,6 +1255,22 @@ "type": "github" } }, + "nixpkgs_9": { + "locked": { + "lastModified": 1735471104, + "narHash": "sha256-0q9NGQySwDQc7RhAV2ukfnu7Gxa5/ybJ2ANT8DQrQrs=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "88195a94f390381c6afcdaa933c2f6ff93959cb4", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "pre-commit-hooks": { "inputs": { "flake-compat": "flake-compat", @@ -1319,7 +1340,7 @@ "nix-ld": "nix-ld", "nixos-hardware": "nixos-hardware", "nixos-wsl": "nixos-wsl", - "nixpkgs": "nixpkgs_7", + "nixpkgs": "nixpkgs_6", "nixpkgs-latest-factorio": "nixpkgs-latest-factorio", "nixpkgs-master": "nixpkgs-master", "nixpkgs-unstable": "nixpkgs-unstable", @@ -1385,11 +1406,11 @@ "rpi-linux-6_10_12-src": { "flake": false, "locked": { - "lastModified": 1728305462, - "narHash": "sha256-LtvNmGD1D5YYv+C9xxxddAeHw69o3OX/H9M7F663L74=", + "lastModified": 1728980267, + "narHash": "sha256-jCmFC40n6fP0YaTTn3pWz9sz1GxXuXw6cUTlXssCb9I=", "owner": "raspberrypi", "repo": "linux", - "rev": "26ee50d56618c2d98100b1bc672fd201aed4d00f", + "rev": "6e23f4f785081a7c68e94a8e38a49074097299f9", "type": "github" }, "original": { @@ -1402,11 +1423,11 @@ "rpi-linux-6_6_67-src": { "flake": false, "locked": { - "lastModified": 1734790986, - "narHash": "sha256-q9swM2TmmuzbUuQnbLZk5PseKWD7/SNPwtth6bpGIqE=", + "lastModified": 1737738344, + "narHash": "sha256-kj16wXihASnuFg6z45U3tT1AjDDklYpCJVb/s5YkcSo=", "owner": "raspberrypi", "repo": "linux", - "rev": "811ff707533bcd67cdcd368bbd46223082009b12", + "rev": "6d16e47ca139ba64c5daedf06e72f2774adbdc48", "type": "github" }, "original": { @@ -1453,11 +1474,11 @@ "rust-analyzer-src": { "flake": false, "locked": { - "lastModified": 1737634189, - "narHash": "sha256-AG5G9KDsl0Ngby9EfWvlemma7WWG0KCADTIccPJuzUE=", + "lastModified": 1737831834, + "narHash": "sha256-Nd8Qd8kWrJSAaPD/VGVm98ntCIJ4d9ZkfDSySWM0bbU=", "owner": "rust-lang", "repo": "rust-analyzer", - "rev": "84d44d0a574630aa8500ed62b6c01ccd3fae2473", + "rev": "90bf50c0112db1494233401b6c0f895fb3210ddd", "type": "github" }, "original": { @@ -1492,7 +1513,7 @@ "inputs": { "blobs": "blobs", "flake-compat": "flake-compat_3", - "nixpkgs": "nixpkgs_8", + "nixpkgs": "nixpkgs_7", "nixpkgs-24_05": "nixpkgs-24_05", "utils": "utils" }, @@ -1581,7 +1602,7 @@ }, "sops-nix": { "inputs": { - "nixpkgs": "nixpkgs_9" + "nixpkgs": "nixpkgs_8" }, "locked": { "lastModified": 1737411508, @@ -1643,21 +1664,6 @@ } }, "systems_4": { - "locked": { - "lastModified": 1689347949, - "narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=", - "owner": "nix-systems", - "repo": "default-linux", - "rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default-linux", - "type": "github" - } - }, - "systems_5": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -1672,7 +1678,7 @@ "type": "github" } }, - "systems_6": { + "systems_5": { "locked": { "lastModified": 1681028828, "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", @@ -1709,11 +1715,11 @@ }, "locked": { "dir": "packaging/nix", - "lastModified": 1737484151, - "narHash": "sha256-pONHsVIyIHbjyv51JQW3Nv9JeuqiVEuINyH+HnN4f8Q=", + "lastModified": 1737834175, + "narHash": "sha256-uHTE0PWZ9A/uLCAlx36z3pdDfIEdu5Jsnt4bJW4KYLY=", "ref": "refs/heads/main", - "rev": "0cac244cc89ee69bf33ad60a3953cfde188ee8a6", - "revCount": 907, + "rev": "4d1860eefd79d6c04e964774155dbe13be65121a", + "revCount": 911, "submodules": true, "type": "git", "url": "https://github.com/Open-Wine-Components/umu-launcher/" @@ -1727,7 +1733,7 @@ }, "utils": { "inputs": { - "systems": "systems_5" + "systems": "systems_4" }, "locked": { "lastModified": 1709126324, @@ -1786,14 +1792,14 @@ }, "zen-browser": { "inputs": { - "nixpkgs": "nixpkgs_10" + "nixpkgs": "nixpkgs_9" }, "locked": { - "lastModified": 1737688749, - "narHash": "sha256-c67wGumgDSYe6T6OJOKP15H2ODxItUXXekQqDSPjEa0=", + "lastModified": 1737869730, + "narHash": "sha256-4u/VS7fiqAtnEnm2z7DSNzNyM7sUB+nq3aGKcKBwodg=", "owner": "0xc000022070", "repo": "zen-browser-flake", - "rev": "44a3c15f50dba8073feca64ec500daa44d9f366d", + "rev": "39c4c603ee641aed350dce31562ad6dd6f0044d8", "type": "github" }, "original": { From 06c1065ee9fd138b6253cca5be73fa537f8a85f4 Mon Sep 17 00:00:00 2001 From: Christoph Hollizeck Date: Sun, 26 Jan 2025 16:09:00 +0100 Subject: [PATCH 4/8] chore: cleanup config, change kernel and nvidia drivers to it build properly again --- modules/nixos/apps/discord/default.nix | 2 +- modules/nixos/desktop/hyprland/default.nix | 2 +- modules/nixos/system/boot/default.nix | 2 +- modules/nixos/system/hardware/gpu/nvidia/default.nix | 2 +- overlays/pyfa/default.nix | 3 --- 5 files changed, 4 insertions(+), 7 deletions(-) delete mode 100644 overlays/pyfa/default.nix diff --git a/modules/nixos/apps/discord/default.nix b/modules/nixos/apps/discord/default.nix index 0142949..b85bcdc 100644 --- a/modules/nixos/apps/discord/default.nix +++ b/modules/nixos/apps/discord/default.nix @@ -18,7 +18,7 @@ in config = mkIf cfg.enable { environment.systemPackages = with pkgs; [ - vesktop + discord ]; }; } diff --git a/modules/nixos/desktop/hyprland/default.nix b/modules/nixos/desktop/hyprland/default.nix index 17adffb..66a4680 100644 --- a/modules/nixos/desktop/hyprland/default.nix +++ b/modules/nixos/desktop/hyprland/default.nix @@ -172,7 +172,7 @@ in "systemctl --user start hyprpolkitagent" "[workspace 2 silent] steam --disable-gpu-compositing" # nvidia pls let me have nice things - "[workspace 8 silent] vesktop" + "[workspace 8 silent] discord" "[workspace 9 silent] 1password" "[workspace 1 silent] zen" diff --git a/modules/nixos/system/boot/default.nix b/modules/nixos/system/boot/default.nix index 53759a1..e56df05 100644 --- a/modules/nixos/system/boot/default.nix +++ b/modules/nixos/system/boot/default.nix @@ -17,7 +17,7 @@ in config = mkIf cfg.enable { boot = { - kernelPackages = pkgs.linuxPackages_latest; + kernelPackages = pkgs.linuxPackages_6_12; loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; diff --git a/modules/nixos/system/hardware/gpu/nvidia/default.nix b/modules/nixos/system/hardware/gpu/nvidia/default.nix index ab91698..c21bb08 100644 --- a/modules/nixos/system/hardware/gpu/nvidia/default.nix +++ b/modules/nixos/system/hardware/gpu/nvidia/default.nix @@ -28,7 +28,7 @@ in powerManagement.enable = true; open = false; nvidiaSettings = true; - package = config.boot.kernelPackages.nvidiaPackages.beta; # stable, beta + package = config.boot.kernelPackages.nvidiaPackages.latest; # stable, beta }; services.xserver.videoDrivers = [ "nvidia" ]; diff --git a/overlays/pyfa/default.nix b/overlays/pyfa/default.nix deleted file mode 100644 index 74228d6..0000000 --- a/overlays/pyfa/default.nix +++ /dev/null @@ -1,3 +0,0 @@ -{ channels, ... }: - -final: prev: { inherit (channels.nixpkgs-pyfa) pyfa; } From 56d5196f56c4e196c5a3d619206c4ae14927bb10 Mon Sep 17 00:00:00 2001 From: Christoph Hollizeck Date: Mon, 25 Nov 2024 23:02:09 +0100 Subject: [PATCH 5/8] rp5: move things in separate configs, to be reused --- modules/nixos/services/openssh/default.nix | 29 ++++++++ .../nixos/services/remotebuild/default.nix | 48 +++++++++++++ systems/aarch64-linux/nixberry/default.nix | 69 ++++--------------- systems/x86_64-linux/loptland/default.nix | 13 +--- 4 files changed, 92 insertions(+), 67 deletions(-) create mode 100644 modules/nixos/services/openssh/default.nix create mode 100644 modules/nixos/services/remotebuild/default.nix diff --git a/modules/nixos/services/openssh/default.nix b/modules/nixos/services/openssh/default.nix new file mode 100644 index 0000000..4ec9816 --- /dev/null +++ b/modules/nixos/services/openssh/default.nix @@ -0,0 +1,29 @@ +{ + lib, + config, + namespace, + ... +}: +let + cfg = config.${namespace}.services.openssh; + inherit (lib) mkIf mkEnableOption; +in +{ + options.${namespace}.services.openssh = { + enable = mkEnableOption "Enable SSH"; + }; + + config = mkIf cfg.enable { + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + }; + }; + + services.fail2ban = { + enable = true; + }; + }; +} diff --git a/modules/nixos/services/remotebuild/default.nix b/modules/nixos/services/remotebuild/default.nix new file mode 100644 index 0000000..cd6b8ab --- /dev/null +++ b/modules/nixos/services/remotebuild/default.nix @@ -0,0 +1,48 @@ +{ + lib, + config, + namespace, + ... +}: +let + cfg = config.${namespace}.services.remotebuild; + inherit (lib) mkIf mkEnableOption; +in +{ + options.${namespace}.services.remotebuild = { + enable = mkEnableOption "Enable remotebuild"; + }; + + config = mkIf cfg.enable { + users.users.remotebuild = { + isNormalUser = true; + createHome = false; + group = "remotebuild"; + + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJYZjG+XPNoVHVdCel5MK4mwvtoFCqDY1WMI1yoU71Rd root@yggdrasil" + ]; + }; + + users.groups.remotebuild = { }; + + nix = { + nrBuildUsers = 64; + settings = { + trusted-users = [ "remotebuild" ]; + + min-free = 10 * 1024 * 1024; + max-free = 200 * 1024 * 1024; + + max-jobs = "auto"; + cores = 0; + }; + }; + + systemd.services.nix-daemon.serviceConfig = { + MemoryAccounting = true; + MemoryMax = "90%"; + OOMScoreAdjust = 500; + }; + }; +} diff --git a/systems/aarch64-linux/nixberry/default.nix b/systems/aarch64-linux/nixberry/default.nix index 7298601..464ec31 100644 --- a/systems/aarch64-linux/nixberry/default.nix +++ b/systems/aarch64-linux/nixberry/default.nix @@ -19,42 +19,6 @@ in raspberry-pi-5 ]; - security.sudo.wheelNeedsPassword = false; - users.users.remotebuild = { - isNormalUser = true; - createHome = false; - group = "remotebuild"; - - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJYZjG+XPNoVHVdCel5MK4mwvtoFCqDY1WMI1yoU71Rd root@yggdrasil" - ]; - }; - - users.groups.remotebuild = { }; - - nixpkgs.hostPlatform = { - system = "aarch64-linux"; - }; - - nix = { - nrBuildUsers = 64; - settings = { - trusted-users = [ "remotebuild" ]; - - min-free = 10 * 1024 * 1024; - max-free = 200 * 1024 * 1024; - - max-jobs = "auto"; - cores = 0; - }; - }; - - systemd.services.nix-daemon.serviceConfig = { - MemoryAccounting = true; - MemoryMax = "90%"; - OOMScoreAdjust = 500; - }; - services.tailscale = { enable = true; useRoutingFeatures = "server"; @@ -83,16 +47,15 @@ in }; }; }; - }; - - networking.firewall = { - allowedTCPPorts = [ - 53 - 80 - ]; - allowedUDPPorts = [ - 53 - ]; + firewall = { + allowedTCPPorts = [ + 53 + 80 + ]; + allowedUDPPorts = [ + 53 + ]; + }; }; services.adguardhome = { @@ -134,7 +97,6 @@ in "https://adguardteam.github.io/HostlistsRegistry/assets/filter_24.txt" "https://adguardteam.github.io/HostlistsRegistry/assets/filter_47.txt" ]; - }; }; @@ -165,17 +127,14 @@ in }; }; - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; - }; - ${namespace} = { submodules.basics = enabled; + services = { + openssh = enabled; + remotebuild = enabled; + }; + system = { # cachemiss for webkit gtk hardware.networking.enable = mkForce false; diff --git a/systems/x86_64-linux/loptland/default.nix b/systems/x86_64-linux/loptland/default.nix index 89aefe3..4dd43d3 100644 --- a/systems/x86_64-linux/loptland/default.nix +++ b/systems/x86_64-linux/loptland/default.nix @@ -39,18 +39,6 @@ in }; }; - services.openssh = { - enable = true; - settings = { - PasswordAuthentication = false; - KbdInteractiveAuthentication = false; - }; - }; - - services.fail2ban = { - enable = true; - }; - services.nginx = { enable = true; recommendedProxySettings = true; @@ -199,6 +187,7 @@ in enable = true; inherit sopsFile; }; + openssh = enabled; }; security = { From e8f5f51407549ccf7f3315fde4111419fea38923 Mon Sep 17 00:00:00 2001 From: Christoph Hollizeck Date: Mon, 25 Nov 2024 23:19:36 +0100 Subject: [PATCH 6/8] adguardhome: increase statistic retention time --- systems/aarch64-linux/nixberry/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/systems/aarch64-linux/nixberry/default.nix b/systems/aarch64-linux/nixberry/default.nix index 464ec31..5a9e6d6 100644 --- a/systems/aarch64-linux/nixberry/default.nix +++ b/systems/aarch64-linux/nixberry/default.nix @@ -97,6 +97,11 @@ in "https://adguardteam.github.io/HostlistsRegistry/assets/filter_24.txt" "https://adguardteam.github.io/HostlistsRegistry/assets/filter_47.txt" ]; + + statistics = { + enabled = true; + interval = "8760h"; + }; }; }; From cac6c46d783650fc1cbfa05576046c3547f7d8df Mon Sep 17 00:00:00 2001 From: Christoph Hollizeck Date: Tue, 26 Nov 2024 17:05:20 +0100 Subject: [PATCH 7/8] rp5: add ethernet --- systems/aarch64-linux/nixberry/default.nix | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/systems/aarch64-linux/nixberry/default.nix b/systems/aarch64-linux/nixberry/default.nix index 5a9e6d6..a159e22 100644 --- a/systems/aarch64-linux/nixberry/default.nix +++ b/systems/aarch64-linux/nixberry/default.nix @@ -25,7 +25,7 @@ in }; networking = { - interfaces.wlan0 = { + interfaces.end0 = { ipv4.addresses = [ { address = ipAddress; @@ -34,6 +34,15 @@ in ]; useDHCP = true; }; + interfaces.wlan0 = { + ipv4.addresses = [ + { + address = "192.168.178.3"; + prefixLength = 24; + } + ]; + useDHCP = true; + }; defaultGateway = { address = "192.168.178.1"; interface = "wlan0"; From e9a1b42e61a985417aa26957ce2efd7cc9803cde Mon Sep 17 00:00:00 2001 From: Christoph Hollizeck Date: Sun, 26 Jan 2025 16:03:57 +0100 Subject: [PATCH 8/8] nixberry: add hostplatform --- systems/aarch64-linux/nixberry/default.nix | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/systems/aarch64-linux/nixberry/default.nix b/systems/aarch64-linux/nixberry/default.nix index a159e22..69d20ef 100644 --- a/systems/aarch64-linux/nixberry/default.nix +++ b/systems/aarch64-linux/nixberry/default.nix @@ -4,6 +4,7 @@ lib, modulesPath, namespace, + pkgs, ... }: @@ -16,9 +17,12 @@ in { imports = with inputs.nixos-hardware.nixosModules; [ (modulesPath + "/installer/scan/not-detected.nix") - raspberry-pi-5 ]; + nixpkgs.hostPlatform = { + system = "aarch64-linux"; + }; + services.tailscale = { enable = true; useRoutingFeatures = "server"; @@ -149,6 +153,8 @@ in remotebuild = enabled; }; + apps.cli-apps.helix.pkg = pkgs.helix; + system = { # cachemiss for webkit gtk hardware.networking.enable = mkForce false;