diff options
| author | Preston Pan <ret2pop@nullring.xyz> | 2026-03-19 03:13:53 -0700 |
|---|---|---|
| committer | Preston Pan <ret2pop@nullring.xyz> | 2026-03-19 03:13:53 -0700 |
| commit | 40fa22edec7f68432187a3b7e009558078248e26 (patch) | |
| tree | 4d8e17e929002fd86cc3cd2fd6e85adf85bc49ea /config/nix.org | |
| parent | 20600be64e53dab4daaaeb5b57b24bd3c875283a (diff) | |
working on limits file
Diffstat (limited to 'config/nix.org')
| -rw-r--r-- | config/nix.org | 252 |
1 files changed, 172 insertions, 80 deletions
diff --git a/config/nix.org b/config/nix.org index 6df498b..fd83045 100644 --- a/config/nix.org +++ b/config/nix.org @@ -37,6 +37,7 @@ in "continuity" "spontaneity" "installer" + "rpi-zero" ]; } #+end_src @@ -60,7 +61,6 @@ and now for the main flake: scripts.url = "github:ret2pop/scripts"; wallpapers.url = "github:ret2pop/wallpapers"; sounds.url = "github:ret2pop/sounds"; - deep-research.url = "github:ret2pop/ollama-deep-researcher"; impermanence.url = "github:nix-community/impermanence"; nix-topology = { @@ -104,7 +104,6 @@ and now for the main flake: sops-nix, nix-topology, nixos-dns, - deep-research, impermanence, git-hooks, ... @@ -112,38 +111,25 @@ and now for the main flake: @attrs: let vars = import ./flakevars.nix; + generate = nixos-dns.utils.generate nixpkgs.legacyPackages."${system}"; + + rpiCheck = hostname: (builtins.match "rpi-.*" hostname) != null; + noRpi = builtins.filter (hostname: (! rpiCheck hostname)); + noInstaller = builtins.filter (hostname: (hostname != "installer")); + filterHosts = noInstaller (noRpi vars.hostnames); system = "x86_64-linux"; + getSystem = hostname: if rpiCheck hostname + then "aarch64-linux" + else "x86_64-linux"; pkgs = import nixpkgs { inherit system; }; - generate = nixos-dns.utils.generate nixpkgs.legacyPackages."${system}"; dnsConfig = { inherit (self) nixosConfigurations; extraConfig = import ./dns/default.nix; }; - rpiCheck = hostname: (builtins.match "rpi-.*" hostname) != null; - noRpi = builtins.filter (hostname: (! rpiCheck hostname)); - noInstaller = builtins.filter (hostname: (hostname != "installer")); - filterHosts = noInstaller (noRpi vars.hostnames); - - mkHostModules = hostname: - if (hostname == "installer") then ([ - (./. + "/systems/${hostname}/default.nix") - { networking.hostName = "${hostname}"; } - nix-topology.nixosModules.default - ]) else (if (rpiCheck hostname) then [ - (./. + "/systems/${hostname}/default.nix") - disko.nixosModules.disko - home-manager.nixosModules.home-manager - sops-nix.nixosModules.sops - lanzaboote.nixosModules.lanzaboote - ] else [ - { - environment.systemPackages = with nixpkgs.lib; [ - deep-research.packages."${system}".deep-research - ]; - } + commonModules = hostname: [ impermanence.nixosModules.impermanence nix-topology.nixosModules.default lanzaboote.nixosModules.lanzaboote @@ -159,24 +145,32 @@ and now for the main flake: networking.hostName = "${hostname}"; } (./. + "/systems/${hostname}/default.nix") - ]); + ]; + + mkHostModules = hostname: + if (hostname == "installer") then [ + (./. + "/systems/${hostname}/default.nix") + { networking.hostName = "${hostname}"; } + nix-topology.nixosModules.default + ] else (if (rpiCheck hostname) + then (commonModules hostname) ++ [ + "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" + ] + else (commonModules hostname)); # function that generates all systems from hostnames - mkConfigs = map (hostname: - let - hostSystem = if (rpiCheck hostname) then "aarch64-linux" else system; - in - { - name = "${hostname}"; - value = nixpkgs.lib.nixosSystem { - system = hostSystem; - specialArgs = attrs // { - isIntegrationTest = false; - monorepoSelf = null; - }; - modules = mkHostModules hostname; - }; - }); + mkConfigs = map (hostname: { + name = "${hostname}"; + value = nixpkgs.lib.nixosSystem { + system = getSystem hostname; + specialArgs = attrs // { + system = (getSystem hostname); + isIntegrationTest = false; + monorepoSelf = null; + }; + modules = mkHostModules hostname; + }; + }); mkDiskoFiles = map (hostname: { name = "${hostname}"; @@ -284,7 +278,7 @@ and now for the main flake: } ); - integrationTests = builtins.listToAttrs (mkIntegrationTests filterHosts); + integrationTests = builtins.listToAttrs (mkIntegrationTests (noInstaller vars.hostnames)); pre-commit-check = git-hooks.lib.${system}.run { src = ./.; hooks = builtins.listToAttrs (mkBuildChecks filterHosts) // { @@ -391,6 +385,7 @@ and now for the main flake: }; } #+end_src + Note that the configurations are automatically generated with he mkConfigs function, and the final disko output is automatically generated with mkDiskoFiles. * Sops Configuration @@ -798,7 +793,7 @@ to relevant places. dn42 = { format = "yaml"; }; - } else { + } else (if config.monorepo.profiles.server.enable then { znc = { format = "yaml"; }; @@ -841,7 +836,7 @@ to relevant places. format = "yaml"; owner = "nginx"; }; - }; + } else {}); }; } #+end_src @@ -1808,7 +1803,7 @@ let in { services.cgit."my-projects" = { - enable = lib.mkDefault config.services.gitDaemon.enable; + enable = lib.mkDefault config.monorepo.profiles.server.enable; scanPath = "${config.users.users.git.home}"; settings = { root-title = "Nullring Git Server"; @@ -2347,11 +2342,15 @@ This is my impermanence profile, which removes all files on reboot except for th } #+end_src ** Nixpkgs +We must put Nixpkgs in another configuration because we don't want to include it if isIntegrationTest is set. #+begin_src nix :tangle ../nix/modules/nixpkgs-options.nix -{ lib, config, isIntegrationTest, ... }: +{ lib, config, isIntegrationTest, system, ... }: { nixpkgs = lib.mkIf (! isIntegrationTest) { - hostPlatform = lib.mkDefault "x86_64-linux"; + hostPlatform = lib.mkDefault system; + buildPlatform = lib.mkIf (system == "aarch64-linux") (lib.mkDefault "x86_64-linux"); + overlays = [ + ]; config = { allowUnfree = true; cudaSupport = lib.mkDefault config.monorepo.profiles.cuda.enable; @@ -2367,7 +2366,7 @@ This is my impermanence profile, which removes all files on reboot except for th This is the backbone of the all the NixOS configurations, with all these options being shared because they enhance security. #+begin_src nix :tangle ../nix/modules/configuration.nix -{ config, pkgs, lib, ... }: +{ config, pkgs, lib, system, ... }: let userGroups = [ "nginx" @@ -2397,10 +2396,10 @@ in "d /srv/git 0755 git git -" ]; - zramSwap = lib.mkIf config.monorepo.profiles.desktop.enable { + zramSwap = { enable = true; algorithm = "zstd"; - memoryPercent = 50; + memoryPercent = lib.mkDefault 50; }; # Shim for testing @@ -2493,6 +2492,7 @@ in options rtw89_core disable_ps_mode=y options rtw89_pci disable_aspm_l1=y disable_aspm_l1ss=y disable_clkreq=y options iwlwifi 11n_disable=8 uapsd_disable=1 bt_coex_active=0 disable_11ax=1 power_save=0 + options brcmfmac roamoff=1 feature_disable=0x82000 ''; extraModulePackages = [ ]; @@ -2518,7 +2518,9 @@ in }; loader = { - systemd-boot.enable = lib.mkForce ((! config.monorepo.profiles.grub.enable) && (! config.monorepo.profiles.secureBoot.enable)); + systemd-boot.enable = lib.mkForce + (((! config.monorepo.profiles.grub.enable) && + (! config.monorepo.profiles.secureBoot.enable)) && (system != "aarch64-linux")); efi.canTouchEfiVariables = lib.mkForce (! config.monorepo.profiles.grub.enable); }; @@ -2709,7 +2711,7 @@ in hardware = { wirelessRegulatoryDatabase = true; enableAllFirmware = true; - cpu.intel.updateMicrocode = true; + cpu.intel.updateMicrocode = lib.mkDefault (system == "x86_64-linux"); graphics.enable = ! config.monorepo.profiles.ttyonly.enable; bluetooth = { @@ -2777,7 +2779,7 @@ in forcePageTableIsolation = true; tpm2 = { - enable = true; + enable = system != "aarch64-linux"; pkcs11.enable = true; tctiEnvironment.enable = true; }; @@ -2806,11 +2808,10 @@ in environment.extraInit = '' umask 0022 ''; - environment.systemPackages = with pkgs; [ + environment.systemPackages = with pkgs; [ restic sbctl gitFull - git-lfs git-lfs-transfer vim curl @@ -2825,7 +2826,7 @@ in chown -R git:git "$1" '' ) - ]; + ] ++ (if system != "aarch64-linux" then [ git-lfs ] else []); users.groups = lib.genAttrs userGroups (_: lib.mkDefault {}); @@ -2923,13 +2924,13 @@ with configurable disk. *** GPT Common This is all configuration common to any GPT partitioned drive. I dynamically choose the partitioning scheme based on the options set. #+begin_src nix :tangle ../nix/disko/gpt-common.nix -{ config, ... }: +{ config, lib, ... }: let matchSd = builtins.match "/dev/mmcblk[0-9]+" config.monorepo.vars.device != null; + partitions = if ((builtins.match "/dev/vd[a-z]+" config.monorepo.vars.device) != null) then (import ./virtual-machine.nix) - else (if matchSd then - (import ./sd-card.nix) + else (if matchSd then {} else (import (./. + "/${config.monorepo.vars.fileSystem}.nix"))); spec = { @@ -2939,7 +2940,7 @@ let type = "disk"; device = config.monorepo.vars.device; content = { - type = if matchSd then "mbr" else "gpt"; + type = "gpt"; inherit partitions; }; }; @@ -2949,10 +2950,11 @@ let in { monorepo.vars.diskoSpec = spec; - disko.devices = spec.disko.devices; + disko.devices = lib.mkIf (! matchSd) spec.disko.devices; } #+end_src *** ESP Boot Partition +This is a small fragment that can be abstracted away from the EFI boot partition. #+begin_src nix :tangle ../nix/disko/esp-boot.nix { type = "EF00"; @@ -3061,8 +3063,29 @@ This configuration is meant for virtual machines where BIOS is the only option. *** TODO SD Card #+begin_src nix :tangle ../nix/disko/sd-card.nix { - boot = {}; - root = {}; + boot = { + name = "ESP"; + start = "16M"; + end = "516M"; + bootable = true; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + + root = { + name = "root"; + start = "516M"; + end = "100%"; + content = { + type = "filesystem"; + format = "btrfs"; + mountpoint = "/"; + mountOptions = [ "compress=zstd" ]; + }; + }; } #+end_src ** Home @@ -3098,6 +3121,7 @@ in lang-coq.enable = lib.mkEnableOption "Enables coq language support"; lang-lean.enable = lib.mkEnableOption "Enables lean language support"; lang-haskell.enable = lib.mkEnableOption "Enables haskell language support"; + lang-scheme.enable = lib.mkEnableOption "Enables scheme language support"; crypto.enable = lib.mkEnableOption "Enables various cryptocurrency wallets"; art.enable = lib.mkEnableOption "Enables various art programs"; music.enable = lib.mkEnableOption "Enables mpd"; @@ -3121,6 +3145,10 @@ in autotools-language-server ]) else []) ++ + (if config.monorepo.profiles.lang-scheme.enable then (with pkgs; [ + chez + ]) else []) + ++ (if config.monorepo.profiles.workstation.enable then (with pkgs; [ mumble ]) else []) @@ -3230,7 +3258,7 @@ in cuda.enable = lib.mkDefault super.monorepo.profiles.cuda.enable; # Programming - graphics.enable = lib.mkDefault (! super.monorepo.profiles.ttyonly.enable); + graphics.enable = lib.mkDefault ((! super.monorepo.profiles.ttyonly.enable) && config.monorepo.profiles.enable); hyprland.enable = lib.mkDefault config.monorepo.profiles.graphics.enable; lang-c.enable = lib.mkDefault config.monorepo.profiles.enable; lang-rust.enable = lib.mkDefault config.monorepo.profiles.enable; @@ -3327,6 +3355,25 @@ be straightforward. }; } #+end_src +*** QuteBrowser +#+begin_src nix :tangle ../nix/modules/home/qutebrowser.nix +{ lib, config, ... }: +{ + programs.qutebrowser = { + enable = lib.mkDefault config.monorepo.profiles.graphics.enable; + enableDefaultBindings = true; + searchEngines = { + g = "https://www.google.com/search?hl=en&q={}"; + w = "https://en.wikipedia.org/wiki/Special:Search?search={}&go=Go&ns0=1"; + aw = "https://wiki.archlinux.org/?search={}"; + nw = "https://wiki.nixos.org/index.php?search={}"; + }; + settings = { + content.blocking.method = "both"; + }; + }; +} +#+end_src *** Fcitx This is a virtual keyboard program for writing in multiple languages. I use this sometimes. #+begin_src nix :tangle ../nix/modules/home/fcitx.nix @@ -3413,6 +3460,8 @@ epkgs: [ epkgs.evil-org epkgs.f epkgs.flycheck + epkgs.geiser + epkgs.geiser-chez epkgs.general epkgs.git-gutter epkgs.gptel @@ -3438,6 +3487,8 @@ epkgs: [ epkgs.ox-rss epkgs.ob-nix epkgs.org-contrib + epkgs.org-ql + epkgs.org-super-agenda epkgs.org-fragtog epkgs.org-journal epkgs.org-modern @@ -3451,6 +3502,7 @@ epkgs: [ epkgs.projectile epkgs.rustic epkgs.s + epkgs.scheme-mode epkgs.solaire-mode epkgs.scad-mode epkgs.simple-httpd @@ -3504,6 +3556,30 @@ the timezone. }; } #+end_src +*** iamb +My iamb profile. Note that iamb does not support calling (obviously, as it is a terminal app), but the nice thing about it is that I can set it up +declaratively, so in case element-desktop stops working because of lack of declarative setup, I can still use this. +#+begin_src nix :tangle ../nix/modules/home/iamb.nix +{ super, config, ... }: +{ + programs.iamb = { + enable = lib.mkDefault config.monorepo.profiles.graphics.enable; + settings = { + default_profile = "personal"; + profiles.personal = { + user_id = "${super.monorepo.vars.internetName}@matrix.${super.monorepo.vars.orgHost}"; + }; + image_preview.protocol = { + type = "kitty"; + size = { + height = 10; + width = 66; + }; + }; + }; + }; +} +#+end_src *** Git My git configuration uses information set in the ~vars.nix~ in order to set configuration options. Make sure those are set correctly. I've set it to sign by default. @@ -3600,7 +3676,7 @@ to use this component will come soon. "fcitx5 -d --replace" "fcitx5-remote -r" "emacs" - "librewolf" + "qutebrowser" ]; env = [ "LIBVA_DRIVER_NAME,nvidia" @@ -3635,6 +3711,11 @@ to use this component will come soon. workspace = 2; } { + name = "qutebrowser"; + "match:class" = "qutebrowser"; + workspace = 2; + } + { name = "chromium-browser"; "match:class" = "chromium-browser"; workspace = 2; @@ -3667,7 +3748,7 @@ to use this component will come soon. ]; bind = [ - "$mod, F, exec, librewolf" + "$mod, F, exec, qutebrowser" "$mod, Return, exec, kitty" "$mod, E, exec, emacs" "$mod, B, exec, bitcoin-qt" @@ -4633,7 +4714,7 @@ for these configurations. pavucontrol alsa-utils imagemagick ffmpeg helvum # Net - curl rsync gitFull iamb ungoogled-chromium + curl rsync gitFull ungoogled-chromium # Tor torsocks tor-browser @@ -4659,6 +4740,7 @@ for these configurations. libnotify htop minify + python3Packages.adblock (pkgs.writeShellScriptBin "help" '' @@ -4743,13 +4825,13 @@ for these configurations. enable = lib.mkDefault config.monorepo.profiles.graphics.enable; defaultApplications = { "x-scheme-handler/mailto" = "emacsclient-mail.desktop"; - "text/html" = "librewolf.desktop"; - "text/xml" = "librewolf.desktop"; - "application/xhtml+xml" = "librewolf.desktop"; - "x-scheme-handler/http" = "librewolf.desktop"; - "x-scheme-handler/https" = "librewolf.desktop"; - "x-scheme-handler/about" = "librewolf.desktop"; - "x-scheme-handler/unknown" = "librewolf.desktop"; + "text/html" = "qutebrowser.desktop"; + "text/xml" = "qutebrowser.desktop"; + "application/xhtml+xml" = "qutebrowser.desktop"; + "x-scheme-handler/http" = "qutebrowser.desktop"; + "x-scheme-handler/https" = "qutebrowser.desktop"; + "x-scheme-handler/about" = "qutebrowser.desktop"; + "x-scheme-handler/unknown" = "qutebrowser.desktop"; }; }; @@ -4846,6 +4928,7 @@ as several other useful services. ../common.nix ]; config = { + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; monorepo = { vars.device = "/dev/nvme0n1"; vars.fileSystem = "ext4"; @@ -4874,14 +4957,22 @@ I want cuda in home manager too. imports = [ ../common.nix ]; + config = { - zramSwap = { - enable = true; - algorithm = "zstd"; - memoryPercent = 100; + boot = { + loader = { + grub.enable = false; + generic-extlinux-compatible.enable = true; + }; + initrd.kernelModules = [ "vc4" "bcm2835_dma" "i2c_bcm2835" ]; + kernelParams = [ + "console=ttyS1,115200n8" + ]; }; - boot.loader.grub.enable = false; - boot.loader.generic-extlinux-compatible.enable = true; + + zramSwap.memoryPercent = 100; + services.gitDaemon.enable = true; + monorepo = { vars.device = "/dev/mmcblk0"; profiles = { @@ -4891,6 +4982,7 @@ I want cuda in home manager too. }; } #+end_src +In order to separate the nixpkgs options for my integration tests to set their own, we need to include this in a separate file: *** Home #+begin_src nix :tangle ../nix/systems/rpi-zero/home.nix { ... }: |