From 504b765606f02b610d74d259ddf2c85292e1f6c0 Mon Sep 17 00:00:00 2001 From: Preston Pan Date: Sat, 8 Feb 2025 03:19:30 -0800 Subject: add nix-topology; make configuration options less bad; restructure project a bit; add flake system looping --- agenda.org | 7 +- config/nix.org | 812 +++++++++++++++++++----------------- nix/disko/nvme-simple.nix | 35 ++ nix/disko/sda-simple.nix | 35 ++ nix/disko/vda-simple.nix | 27 ++ nix/flake.lock | 143 +++++++ nix/flake.nix | 117 +++--- nix/modules/configuration.nix | 297 ++++++------- nix/modules/default.nix | 1 + nix/modules/home/default.nix | 17 +- nix/modules/home/hyprland.nix | 6 + nix/modules/home/user.nix | 11 +- nix/modules/nginx.nix | 4 +- nix/modules/nvme-simple.nix | 35 -- nix/modules/ollama.nix | 2 +- nix/modules/sda-simple.nix | 35 -- nix/modules/vars.nix | 7 - nix/modules/vda-simple.nix | 27 -- nix/systems/affinity/default.nix | 6 +- nix/systems/continuity/default.nix | 2 +- nix/systems/home.nix | 2 +- nix/systems/installer/default.nix | 16 +- nix/systems/spontaneity/default.nix | 7 +- nix/topology/default.nix | 59 +++ 24 files changed, 970 insertions(+), 740 deletions(-) create mode 100644 nix/disko/nvme-simple.nix create mode 100644 nix/disko/sda-simple.nix create mode 100644 nix/disko/vda-simple.nix delete mode 100644 nix/modules/nvme-simple.nix delete mode 100644 nix/modules/sda-simple.nix delete mode 100644 nix/modules/vda-simple.nix create mode 100644 nix/topology/default.nix diff --git a/agenda.org b/agenda.org index 66484a3..dc5f876 100644 --- a/agenda.org +++ b/agenda.org @@ -39,7 +39,7 @@ My NixOS Monorepo needs to incorporate my workstation, and I need to install thi *** DONE [#C] Gammastep Fix gammastep in my config so that it actually works on my dell machine. *** DONE [#C] monorepo -Merge website and toughnix into monorepo +Merge website and toughnix into monorepo. ** TODO [#B] Resume I need to update my resume with my work experience. Additionally, I want to re-write my resume in org mode. @@ -61,11 +61,6 @@ I want to make an analogue computer. ** TODO Statistics ** TODO QFT ** TODO GM -* Chores -** DONE [#A] Dishes -There will be a TODO when I need to do the dishes. -** DONE Groceries -There will be a TODO when I need to get groceries. * Scheduled tasks These are one-time tasks that are scheduled at a particular date, and that don't require regular diff --git a/config/nix.org b/config/nix.org index bfd413d..6ac9619 100644 --- a/config/nix.org +++ b/config/nix.org @@ -15,7 +15,7 @@ often data files used in my configuration (i.e. emacs, elfeed, org-roam, agenda, and they are webpages as well. This page is one such example of this concept. * Flake.nix The flake is the entry point of the NixOS configuration. Here, I have a list of all the systems -that I use with all the modules that they use. My NixOS configuration is heavily modularized, +that I use with all the modules that they use. My NixOS configuration is heavily modularized, so that adding new configurations that add modifications is made simple. #+begin_src nix :tangle ../nix/flake.nix { @@ -23,91 +23,81 @@ so that adding new configurations that add modifications is made simple. inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; - + nur.url = "github:nix-community/NUR"; + sops-nix.url = "github:Mic92/sops-nix"; + scripts.url = "github:ret2pop/scripts"; + wallpapers.url = "github:ret2pop/wallpapers"; + sounds.url = "github:ret2pop/sounds"; + nix-topology = { + url = "github:oddlama/nix-topology"; + inputs.nixpkgs.follows = "nixpkgs"; + }; home-manager = { url = "github:nix-community/home-manager/release-24.11"; inputs.nixpkgs.follows = "nixpkgs"; }; - disko = { url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; }; - lanzaboote = { url = "github:nix-community/lanzaboote/v0.4.1"; inputs.nixpkgs.follows = "nixpkgs"; }; - - nur.url = "github:nix-community/NUR"; - sops-nix.url = "github:Mic92/sops-nix"; - scripts.url = "github:ret2pop/scripts"; - wallpapers.url = "github:ret2pop/wallpapers"; - sounds.url = "github:ret2pop/sounds"; }; - outputs = { nixpkgs, home-manager, nur, disko, lanzaboote, sops-nix, ... }@attrs: { - nixosConfigurations = { - installer = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ( - { pkgs, modulesPath, ... }: - { - imports = [ (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") ]; - } - ) - ./systems/installer/default.nix - ]; - }; - - continuity = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = attrs; - modules = [ - lanzaboote.nixosModules.lanzaboote - disko.nixosModules.disko - home-manager.nixosModules.home-manager - sops-nix.nixosModules.sops - { nixpkgs.overlays = [ nur.overlays.default ]; } - { home-manager.extraSpecialArgs = attrs; } - ./systems/continuity/default.nix - ]; - }; - - affinity = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = attrs; - modules = [ - lanzaboote.nixosModules.lanzaboote - disko.nixosModules.disko - home-manager.nixosModules.home-manager - sops-nix.nixosModules.sops - { nixpkgs.overlays = [ nur.overlays.default ]; } - { home-manager.extraSpecialArgs = attrs; } - ./systems/affinity/default.nix - ]; - }; + outputs = { self, nixpkgs, home-manager, nur, disko, lanzaboote, sops-nix, nix-topology, ... }@attrs: + let + system = "x86_64-linux"; + mkConfigs = map (hostname: { + name = "${hostname}"; + value = nixpkgs.lib.nixosSystem { + system = system; + specialArgs = attrs; + modules = if (hostname == "installer") then [ + (./. + "/systems/${hostname}/default.nix") + { networking.hostName = "${hostname}"; } + nix-topology.nixosModules.default + ] else [ + nix-topology.nixosModules.default + lanzaboote.nixosModules.lanzaboote + disko.nixosModules.disko + home-manager.nixosModules.home-manager + sops-nix.nixosModules.sops + { + nixpkgs.overlays = [ nur.overlays.default ]; + home-manager.extraSpecialArgs = attrs; + networking.hostName = "${hostname}"; + } + (./. + "/systems/${hostname}/default.nix") + ]; + }; + }); - spontaneity = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = attrs; - modules = [ - lanzaboote.nixosModules.lanzaboote - disko.nixosModules.disko - home-manager.nixosModules.home-manager - sops-nix.nixosModules.sops - { nixpkgs.overlays = [ nur.overlays.default ]; } - { home-manager.extraSpecialArgs = attrs; } - ./systems/spontaneity/hardware-configuration.nix - ./systems/spontaneity/default.nix + pkgs = import nixpkgs { + inherit system; + overlays = [ nix-topology.overlays.default ]; + }; + in { + nixosConfigurations = builtins.listToAttrs (mkConfigs [ + "affinity" + "continuity" + "installer" + "spontaneity" + ]); + + topology."${system}" = import nix-topology { + inherit pkgs; + modules = [ + ./topology/default.nix + { nixosConfigurations = self.nixosConfigurations; } ]; - }; + }; }; - }; } #+end_src -Listed here is my installer as well, which is used to install the systems in my configuration. +Note that the configurations are automatically generated with he +mkConfigs function. * Sops Configuration In order to use the sops configuration, you must change the age public key to the one that you own: @@ -122,6 +112,65 @@ creation_rules: #+end_src also note that you will have to write your own secrets.yaml file, with an entry called ~mail~, which is used for the imaps and smtps password. +* Nix Topology +Nix Topology generates a nice graph of all my hosts. +#+begin_src nix :tangle ../nix/topology/default.nix + { config, ... }: + let + inherit + (config.lib.topology); + in + { + nodes = { + spontaneity = { + interfaces.wan.network = "remote"; + }; + installer = { + interfaces.lan.network = "home"; + }; + affinity = { + interfaces.lan = { + network = "home"; + physicalConnections = [ + { + node = "spontaneity"; + interface = "wan"; + } + { + node = "installer"; + interface = "lan"; + } + ]; + }; + }; + continuity = { + interfaces.lan = { + network = "home"; + physicalConnections = [ + { + node = "spontaneity"; + interface = "wan"; + } + { + node = "affinity"; + interface = "lan"; + } + ]; + }; + }; + }; + networks = { + home = { + name = "Home Network"; + cidrv4 = "192.168.1.1/24"; + }; + remote = { + name = "Remote Network"; + cidrv4 = "144.202.27.169/32"; + }; + }; + } +#+end_src * Modules ** Vars Variables used for regular configuration in your system ~defafult.nix~ file. The options are @@ -130,13 +179,6 @@ largely self-documenting. { lib, ... }: { options.monorepo.vars = { - hostName = lib.mkOption { - type = lib.types.str; - default = "continuity"; - example = "hostname"; - description = "system hostname"; - }; - userName = lib.mkOption { type = lib.types.str; default = "preston"; @@ -211,6 +253,7 @@ under ~default.nix~ in the ~systems~ folder. server.enable = lib.mkEnableOption "Enables server services"; ttyonly.enable = lib.mkEnableOption "TTY only, no xserver"; grub.enable = lib.mkEnableOption "Enables grub instead of systemd-boot"; + workstation.enable = lib.mkEnableOption "Enables workstation services"; }; }; }; @@ -383,7 +426,7 @@ Use ollama for serving large language models to my other computers. { config, lib, ... }: { services.ollama = { - enable = lib.mkDefault config.monorepo.profiles.server.enable; + enable = lib.mkDefault config.monorepo.profiles.workstation.enable; acceleration = "cuda"; host = "0.0.0.0"; }; @@ -427,10 +470,10 @@ Use postfix as an smtps server. #+end_src ** Nginx #+begin_src nix :tangle ../nix/modules/nginx.nix - { config, services, ... }: + { config, lib, services, ... }: { services.nginx = { - enable = true; + enable = lib.mkDefault config.monorepo.profiles.server.enable; # Use recommended settings recommendedGzipSettings = true; @@ -542,10 +585,10 @@ because they enhance security. environment = { etc = { - securetty.text = '' - # /etc/securetty: list of terminals on which root is allowed to login. - # See securetty(5) and login(1). - ''; + securetty.text = '' + # /etc/securetty: list of terminals on which root is allowed to login. + # See securetty(5) and login(1). + ''; }; }; @@ -553,13 +596,13 @@ because they enhance security. coredump.enable = false; network.config.networkConfig.IPv6PrivacyExtensions = "kernel"; tmpfiles.settings = { - "restricthome"."/home/*".Z.mode = "~0700"; + "restricthome"."/home/*".Z.mode = "~0700"; - "restrictetcnixos"."/etc/nixos/*".Z = { - mode = "0000"; - user = "root"; - group = "root"; - }; + "restrictetcnixos"."/etc/nixos/*".Z = { + mode = "0000"; + user = "root"; + group = "root"; + }; }; }; @@ -568,138 +611,137 @@ because they enhance security. extraModulePackages = [ ]; initrd = { - availableKernelModules = [ - "xhci_pci" - "ahci" - "usb_storage" - "sd_mod" - "nvme" - "sd_mod" - "ehci_pci" - "rtsx_pci_sdmmc" - "usbhid" - ]; + availableKernelModules = [ + "xhci_pci" + "ahci" + "usb_storage" + "sd_mod" + "nvme" + "sd_mod" + "ehci_pci" + "rtsx_pci_sdmmc" + "usbhid" + ]; - kernelModules = [ ]; + kernelModules = [ ]; }; lanzaboote = { - enable = config.monorepo.profiles.secureBoot.enable; - pkiBundle = "/etc/secureboot"; + enable = config.monorepo.profiles.secureBoot.enable; + pkiBundle = "/etc/secureboot"; }; loader = { - systemd-boot.enable = lib.mkForce (! config.monorepo.profiles.grub.enable); - efi.canTouchEfiVariables = lib.mkDefault (! config.monorepo.profiles.grub.enable); + systemd-boot.enable = lib.mkForce (! config.monorepo.profiles.grub.enable); + efi.canTouchEfiVariables = lib.mkDefault (! config.monorepo.profiles.grub.enable); }; kernelModules = [ - "snd-seq" - "snd-rawmidi" - "xhci_hcd" - "kvm_intel" + "snd-seq" + "snd-rawmidi" + "xhci_hcd" + "kvm_intel" ]; kernelParams = [ - "debugfs=off" - "page_alloc.shuffle=1" - "slab_nomerge" - "page_poison=1" - - # madaidan - "pti=on" - "randomize_kstack_offset=on" - "vsyscall=none" - "module.sig_enforce=1" - "lockdown=confidentiality" - - # cpu - "spectre_v2=on" - "spec_store_bypass_disable=on" - "tsx=off" - "tsx_async_abort=full,nosmt" - "mds=full,nosmt" - "l1tf=full,force" - "nosmt=force" - "kvm.nx_huge_pages=force" - - # hardened - "extra_latent_entropy" - - # mineral - "init_on_alloc=1" - "random.trust_cpu=off" - "random.trust_bootloader=off" - "intel_iommu=on" - "amd_iommu=force_isolation" - "iommu=force" - "iommu.strict=1" - "init_on_free=1" - "quiet" - "loglevel=0" + "debugfs=off" + "page_alloc.shuffle=1" + "slab_nomerge" + "page_poison=1" + + # madaidan + "pti=on" + "randomize_kstack_offset=on" + "vsyscall=none" + "module.sig_enforce=1" + "lockdown=confidentiality" + + # cpu + "spectre_v2=on" + "spec_store_bypass_disable=on" + "tsx=off" + "tsx_async_abort=full,nosmt" + "mds=full,nosmt" + "l1tf=full,force" + "nosmt=force" + "kvm.nx_huge_pages=force" + + # hardened + "extra_latent_entropy" + + # mineral + "init_on_alloc=1" + "random.trust_cpu=off" + "random.trust_bootloader=off" + "intel_iommu=on" + "amd_iommu=force_isolation" + "iommu=force" + "iommu.strict=1" + "init_on_free=1" + "quiet" + "loglevel=0" ]; blacklistedKernelModules = [ - "netrom" - "rose" - - "adfs" - "affs" - "bfs" - "befs" - "cramfs" - "efs" - "erofs" - "exofs" - "freevxfs" - "f2fs" - "hfs" - "hpfs" - "jfs" - "minix" - "nilfs2" - "ntfs" - "omfs" - "qnx4" - "qnx6" - "sysv" - "ufs" + "netrom" + "rose" + + "adfs" + "affs" + "bfs" + "befs" + "cramfs" + "efs" + "erofs" + "exofs" + "freevxfs" + "f2fs" + "hfs" + "hpfs" + "jfs" + "minix" + "nilfs2" + "ntfs" + "omfs" + "qnx4" + "qnx6" + "sysv" + "ufs" ]; kernel.sysctl = { - "kernel.ftrace_enabled" = false; - "net.core.bpf_jit_enable" = false; - "kernel.kptr_restrict" = 2; - - # madaidan - "vm.swappiness" = 1; - "vm.unprivileged_userfaultfd" = 0; - "dev.tty.ldisc_autoload" = 0; - "kernel.kexec_load_disabled" = 1; - "kernel.sysrq" = 4; - "kernel.perf_event_paranoid" = 3; - - # net - "net.ipv4.icmp_echo_ignore_broadcasts" = true; - - "net.ipv4.conf.all.accept_redirects" = false; - "net.ipv4.conf.all.secure_redirects" = false; - "net.ipv4.conf.default.accept_redirects" = false; - "net.ipv4.conf.default.secure_redirects" = false; - "net.ipv6.conf.all.accept_redirects" = false; - "net.ipv6.conf.default.accept_redirects" = false; + "kernel.ftrace_enabled" = false; + "net.core.bpf_jit_enable" = false; + "kernel.kptr_restrict" = 2; + + # madaidan + "vm.swappiness" = 1; + "vm.unprivileged_userfaultfd" = 0; + "dev.tty.ldisc_autoload" = 0; + "kernel.kexec_load_disabled" = 1; + "kernel.sysrq" = 4; + "kernel.perf_event_paranoid" = 3; + + # net + "net.ipv4.icmp_echo_ignore_broadcasts" = true; + + "net.ipv4.conf.all.accept_redirects" = false; + "net.ipv4.conf.all.secure_redirects" = false; + "net.ipv4.conf.default.accept_redirects" = false; + "net.ipv4.conf.default.secure_redirects" = false; + "net.ipv6.conf.all.accept_redirects" = false; + "net.ipv6.conf.default.accept_redirects" = false; }; }; networking = { useDHCP = lib.mkDefault true; - hostName = config.monorepo.vars.hostName; networkmanager = { - enable = true; + enable = true; }; firewall = { - allowedTCPPorts = [ 22 11434 ]; - allowedUDPPorts = [ ]; + allowedTCPPorts = [ 22 11434 ]; + allowedUDPPorts = [ ]; }; }; @@ -710,16 +752,16 @@ because they enhance security. pulseaudio.enable = ! config.monorepo.profiles.pipewire.enable; bluetooth = { - enable = true; - powerOnBoot = true; + enable = true; + powerOnBoot = true; }; }; services = { chrony = { - enable = true; - enableNTS = true; - servers = [ "time.cloudflare.com" "ptbtime1.ptb.de" "ptbtime2.ptb.de" ]; + enable = true; + enableNTS = true; + servers = [ "time.cloudflare.com" "ptbtime1.ptb.de" "ptbtime2.ptb.de" ]; }; jitterentropy-rngd.enable = true; @@ -732,12 +774,12 @@ because they enhance security. # Misc. udev = { - extraRules = ''''; - packages = with pkgs; [ - platformio-core - platformio-core.udev - openocd - ]; + extraRules = ''''; + packages = with pkgs; [ + platformio-core + platformio-core.udev + openocd + ]; }; printing.enable = true; @@ -754,20 +796,20 @@ because they enhance security. nixpkgs = { hostPlatform = lib.mkDefault "x86_64-linux"; config = { - allowUnfree = true; - cudaSupport = lib.mkDefault config.monorepo.profiles.cuda.enable; + allowUnfree = true; + cudaSupport = lib.mkDefault config.monorepo.profiles.cuda.enable; }; }; security = { apparmor = { - enable = true; - killUnconfinedConfinables = true; + enable = true; + killUnconfinedConfinables = true; }; pam.loginLimits = [ - { domain = "*"; item = "nofile"; type = "-"; value = "32768"; } - { domain = "*"; item = "memlock"; type = "-"; value = "32768"; } + { domain = "*"; item = "nofile"; type = "-"; value = "32768"; } + { domain = "*"; item = "memlock"; type = "-"; value = "32768"; } ]; rtkit.enable = true; @@ -777,9 +819,9 @@ because they enhance security. forcePageTableIsolation = true; tpm2 = { - enable = true; - pkcs11.enable = true; - tctiEnvironment.enable = true; + enable = true; + pkcs11.enable = true; + tctiEnvironment.enable = true; }; auditd.enable = true; @@ -792,9 +834,9 @@ because they enhance security. enable = true; wlr.enable = true; extraPortals = with pkgs; [ - xdg-desktop-portal-gtk - xdg-desktop-portal - xdg-desktop-portal-hyprland + xdg-desktop-portal-gtk + xdg-desktop-portal + xdg-desktop-portal-hyprland ]; config.common.default = "*"; }; @@ -807,23 +849,25 @@ because they enhance security. curl ]; + users.groups.git = {}; users.users = { root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell" ]; git = { - isSystemUser = true; - home = "/srv/git"; - shell = "${pkgs.git}/bin/git-shell"; + isSystemUser = true; + home = "/srv/git"; + shell = "${pkgs.git}/bin/git-shell"; + group = "git"; }; "${config.monorepo.vars.userName}" = { - initialPassword = "${config.monorepo.vars.userName}"; - isNormalUser = true; - description = config.monorepo.vars.fullName; - extraGroups = [ "networkmanager" "wheel" "video" "docker" "jackaudio" "tss" "dialout" ]; - shell = pkgs.zsh; - packages = []; + initialPassword = "${config.monorepo.vars.userName}"; + isNormalUser = true; + description = config.monorepo.vars.fullName; + extraGroups = [ "networkmanager" "wheel" "video" "docker" "jackaudio" "tss" "dialout" ]; + shell = pkgs.zsh; + packages = []; }; }; @@ -837,7 +881,7 @@ because they enhance security. This is the disko configuration for my continuity system. It features a boot and ext4 partition, on disk /dev/sda. All my SATA disks have this location by default, but if you want to use nvme, you will have to import that configuration in your ~systems/xxx/default.nix~. -#+begin_src nix :tangle ../nix/modules/sda-simple.nix +#+begin_src nix :tangle ../nix/disko/sda-simple.nix { disko.devices = { disk = { @@ -876,7 +920,7 @@ you will have to import that configuration in your ~systems/xxx/default.nix~. #+end_src *** NVME For my nvme drives. -#+begin_src nix :tangle ../nix/modules/nvme-simple.nix +#+begin_src nix :tangle ../nix/disko/nvme-simple.nix { disko.devices = { disk = { @@ -915,7 +959,7 @@ For my nvme drives. #+end_src *** VDA For my virtual machines. -#+begin_src nix :tangle ../nix/modules/vda-simple.nix +#+begin_src nix :tangle ../nix/disko/vda-simple.nix { disko.devices = { disk = { @@ -993,23 +1037,8 @@ I have many imports that we'll go through next. music.enable = lib.mkEnableOption "Enables mpd"; workstation.enable = lib.mkEnableOption "Enables workstation packages (music production and others)"; cuda.enable = lib.mkEnableOption "Enables CUDA user package builds"; + hyprland.enable = lib.mkEnableOption "Enables hyprland"; - hyprland = { - enable = lib.mkEnableOption "Enables hyprland"; - monitors = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ - "HDMI-A-1" - "eDP-1" - "DP-2" - "DP-3" - "LVDS-1" - "DP-4" - ]; - example = []; - description = "Hyprland monitors"; - }; - }; email = { email = lib.mkOption { type = lib.types.str; @@ -1592,140 +1621,146 @@ Make sure those are set correctly. I've set it to sign by default. My compositor/window manager. This automatically starts on startup. Instructions on how to use this component will come soon. #+begin_src nix :tangle ../nix/modules/home/hyprland.nix -{ lib, config, wallpapers, pkgs, scripts, ... }: -{ - wayland.windowManager.hyprland = { - enable = lib.mkDefault config.monorepo.profiles.hyprland.enable; - package = pkgs.hyprland; - xwayland.enable = true; - systemd.enable = true; - settings = { - "$mod" = "SUPER"; - exec-once = [ - "waybar" - "swww-daemon --format xrgb" - "swww img ${wallpapers}/imagination.png" - "fcitx5-remote -r" - "fcitx5 -d --replace" - "fcitx5-remote -r" - "emacs" - "firefox" - ]; - env = [ - "LIBVA_DRIVER_NAME,nvidia" - "XDG_SESSION_TYPE,wayland" - "GBM_BACKEND,nvidia-drm" - "__GLX_VENDOR_LIBRARY_NAME,nvidia" - "ELECTRON_OZONE_PLATFORM_HINT,auto" - ]; - blurls = [ - "waybar" - ]; - monitor = [ - "Unknown-1,disable" - ]; - windowrule = [ - "workspace 1, ^(.*emacs.*)$" - "workspace 2, ^(.*firefox.*)$" - "workspace 2, ^(.*Tor Browser.*)$" - "workspace 2, ^(.*Chromium-browser.*)$" - "workspace 2, ^(.*chromium.*)$" - "workspace 3, ^(.*discord.*)$" - "workspace 3, ^(.*vesktop.*)$" - "workspace 3, ^(.*fluffychat.*)$" - "workspace 3, ^(.*element-desktop.*)$" - "workspace 4, ^(.*qpwgraph.*)$" - "workspace 4, ^(.*mpv.*)$" - "workspace 5, ^(.*Monero.*)$" - "workspace 5, ^(.*org\.bitcoin\..*)$" - "workspace 5, ^(.*Bitcoin Core - preston.*)$" - "workspace 5, ^(.*org\.getmonero\..*)$" - "workspace 5, ^(.*Monero - preston.*)$" - "workspace 5, ^(.*electrum.*)$" - "pseudo,fcitx" - ]; - bind = [ - "$mod, F, exec, firefox" - "$mod, T, exec, tor-browser" - "$mod, Return, exec, kitty" - "$mod, E, exec, emacs" - "$mod, B, exec, bitcoin-qt" - "$mod, M, exec, monero-wallet-gui" - "$mod, V, exec, vesktop" - "$mod, D, exec, wofi --show run" - "$mod, P, exec, bash ${scripts}/powermenu.sh" - "$mod, Q, killactive" - "$mod SHIFT, H, movewindow, l" - "$mod SHIFT, L, movewindow, r" - "$mod SHIFT, K, movewindow, u" - "$mod SHIFT, J, movewindow, d" - "$mod, H, movefocus, l" - "$mod, L, movefocus, r" - "$mod, K, movefocus, u" - "$mod, J, movefocus, d" - ", XF86AudioPlay, exec, mpc toggle" - ", Print, exec, grim" - ] - ++ ( - builtins.concatLists (builtins.genList - ( - x: - let - ws = - let - c = (x + 1) / 10; - in - builtins.toString (x + 1 - (c * 10)); - in - [ - "$mod, ${ws}, workspace, ${toString (x + 1)}" - "$mod SHIFT, ${ws}, movetoworkspace, ${toString (x + 1)}" - ] - ) - 10) - ); - bindm = [ - "$mod, mouse:272, movewindow" - "$mod, mouse:273, resizewindow" - "$mod ALT, mouse:272, resizewindow" - ]; - binde = [ - ", XF86AudioRaiseVolume, exec, wpctl set-volume -l 1.5 @DEFAULT_AUDIO_SINK@ 5%+" - ", XF86AudioLowerVolume, exec, wpctl set-volume -l 1.5 @DEFAULT_AUDIO_SINK@ 5%-" - ", XF86AudioNext, exec, mpc next" - ", XF86AudioPrev, exec, mpc prev" - ", XF86MonBrightnessUp , exec, xbacklight -inc 10" - ", XF86MonBrightnessDown, exec, xbacklight -dec 10" - ]; - decoration = { - blur = { - enabled = true; - size = 5; - passes = 2; + { lib, config, wallpapers, pkgs, scripts, ... }: + { + wayland.windowManager.hyprland = { + enable = lib.mkDefault config.monorepo.profiles.hyprland.enable; + package = pkgs.hyprland; + xwayland.enable = true; + systemd.enable = true; + settings = { + "$mod" = "SUPER"; + bezier = [ + "overshot,0,1,0,0.95" + ]; + animation = [ + "workspaces, 1, 10, overshot" + ]; + exec-once = [ + "waybar" + "swww-daemon --format xrgb" + "swww img ${wallpapers}/imagination.png" + "fcitx5-remote -r" + "fcitx5 -d --replace" + "fcitx5-remote -r" + "emacs" + "firefox" + ]; + env = [ + "LIBVA_DRIVER_NAME,nvidia" + "XDG_SESSION_TYPE,wayland" + "GBM_BACKEND,nvidia-drm" + "__GLX_VENDOR_LIBRARY_NAME,nvidia" + "ELECTRON_OZONE_PLATFORM_HINT,auto" + ]; + blurls = [ + "waybar" + ]; + monitor = [ + "Unknown-1,disable" + ]; + windowrule = [ + "workspace 1, ^(.*emacs.*)$" + "workspace 2, ^(.*firefox.*)$" + "workspace 2, ^(.*Tor Browser.*)$" + "workspace 2, ^(.*Chromium-browser.*)$" + "workspace 2, ^(.*chromium.*)$" + "workspace 3, ^(.*discord.*)$" + "workspace 3, ^(.*vesktop.*)$" + "workspace 3, ^(.*fluffychat.*)$" + "workspace 3, ^(.*element-desktop.*)$" + "workspace 4, ^(.*qpwgraph.*)$" + "workspace 4, ^(.*mpv.*)$" + "workspace 5, ^(.*Monero.*)$" + "workspace 5, ^(.*org\.bitcoin\..*)$" + "workspace 5, ^(.*Bitcoin Core - preston.*)$" + "workspace 5, ^(.*org\.getmonero\..*)$" + "workspace 5, ^(.*Monero - preston.*)$" + "workspace 5, ^(.*electrum.*)$" + "pseudo,fcitx" + ]; + bind = [ + "$mod, F, exec, firefox" + "$mod, T, exec, tor-browser" + "$mod, Return, exec, kitty" + "$mod, E, exec, emacs" + "$mod, B, exec, bitcoin-qt" + "$mod, M, exec, monero-wallet-gui" + "$mod, V, exec, vesktop" + "$mod, D, exec, wofi --show run" + "$mod, P, exec, bash ${scripts}/powermenu.sh" + "$mod, Q, killactive" + "$mod SHIFT, H, movewindow, l" + "$mod SHIFT, L, movewindow, r" + "$mod SHIFT, K, movewindow, u" + "$mod SHIFT, J, movewindow, d" + "$mod, H, movefocus, l" + "$mod, L, movefocus, r" + "$mod, K, movefocus, u" + "$mod, J, movefocus, d" + ", XF86AudioPlay, exec, mpc toggle" + ", Print, exec, grim" + ] + ++ ( + builtins.concatLists (builtins.genList + ( + x: + let + ws = + let + c = (x + 1) / 10; + in + builtins.toString (x + 1 - (c * 10)); + in + [ + "$mod, ${ws}, workspace, ${toString (x + 1)}" + "$mod SHIFT, ${ws}, movetoworkspace, ${toString (x + 1)}" + ] + ) + 10) + ); + bindm = [ + "$mod, mouse:272, movewindow" + "$mod, mouse:273, resizewindow" + "$mod ALT, mouse:272, resizewindow" + ]; + binde = [ + ", XF86AudioRaiseVolume, exec, wpctl set-volume -l 1.5 @DEFAULT_AUDIO_SINK@ 5%+" + ", XF86AudioLowerVolume, exec, wpctl set-volume -l 1.5 @DEFAULT_AUDIO_SINK@ 5%-" + ", XF86AudioNext, exec, mpc next" + ", XF86AudioPrev, exec, mpc prev" + ", XF86MonBrightnessUp , exec, xbacklight -inc 10" + ", XF86MonBrightnessDown, exec, xbacklight -dec 10" + ]; + decoration = { + blur = { + enabled = true; + size = 5; + passes = 2; + }; + rounding = 5; }; - rounding = 5; - }; - input = { - kb_options = "caps:swapescape"; - repeat_delay = 300; - repeat_rate = 50; - natural_scroll = true; - touchpad = { + input = { + kb_options = "caps:swapescape"; + repeat_delay = 300; + repeat_rate = 50; natural_scroll = true; - disable_while_typing = true; - tap-to-click = true; + touchpad = { + natural_scroll = true; + disable_while_typing = true; + tap-to-click = true; + }; + }; + cursor = { + no_hardware_cursors = true; + }; + misc = { + force_default_wallpaper = 0; + disable_hyprland_logo = true; }; - }; - cursor = { - no_hardware_cursors = true; - }; - misc = { - force_default_wallpaper = 0; - disable_hyprland_logo = true; }; }; - }; -} + } #+end_src *** Kitty I've set my terminal, kitty, to use catppuccin colors. @@ -2611,7 +2646,7 @@ the path. ]; useGlobalPkgs = true; useUserPackages = true; - users."${config.monorepo.vars.userName}" = import (./. + "/${config.monorepo.vars.hostName}/home.nix"); + users."${config.monorepo.vars.userName}" = import (./. + "/${config.networking.hostName}/home.nix"); }; } #+end_src @@ -2622,7 +2657,7 @@ This is pretty understandable, if you understand all the above. { imports = [ ../../modules/default.nix - ../../modules/sda-simple.nix + ../../disko/sda-simple.nix ../home.nix ]; } @@ -2646,16 +2681,16 @@ as several other useful services. { imports = [ ../../modules/default.nix - ../../modules/nvme-simple.nix + ../../disko/nvme-simple.nix ../home.nix ]; config = { monorepo = { profiles = { - server.enable = true; + server.enable = false; cuda.enable = true; + workstation.enable = true; }; - vars.hostName = "affinity"; }; }; } @@ -2678,8 +2713,12 @@ Spontaneity is my VPS instance. { config, lib, ... }: { imports = [ + # nixos-anywhere generates this file + ./hardware-configuration.nix + + ../../disko/vda-simple.nix + ../../modules/default.nix - ../../modules/vda-simple.nix ../home.nix ]; @@ -2689,7 +2728,6 @@ Spontaneity is my VPS instance. ttyonly.enable = true; grub.enable = true; }; - vars.hostName = "spontaneity"; }; } #+end_src @@ -2719,13 +2757,16 @@ work deterministically. *** ISO Default Profile This contains the installation script I use to install my systems. #+begin_src nix :tangle ../nix/systems/installer/default.nix - { pkgs, config, lib, ... }: + { pkgs, config, lib, modulesPath, ... }: let commits = import ./commits.nix; in { + imports = [ + (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") + ]; + networking = { - hostName = "nixos"; networkmanager = { enable = true; }; @@ -2761,6 +2802,9 @@ This contains the installation script I use to install my systems. '' #!/usr/bin/env bash + SYSTEM=continuity + DRIVE=sda + set -euo pipefail if [ "$(id -u)" -eq 0 ]; then echo "ERROR! $(basename "$0") should be run as a regular user" @@ -2773,10 +2817,10 @@ This contains the installation script I use to install my systems. cd monorepo git checkout "${commits.monorepoCommitHash}" fi - vim "$HOME/monorepo/nix/systems/continuity/default.nix" - sudo nix --experimental-features "nix-command flakes" run "github:nix-community/disko/${commits.diskoCommitHash}" -- --mode destroy,format,mount "$HOME/monorepo/nix/modules/sda-simple.nix" + vim "$HOME/monorepo/nix/systems/$SYSTEM/default.nix" + sudo nix --experimental-features "nix-command flakes" run "github:nix-community/disko/${commits.diskoCommitHash}" -- --mode destroy,format,mount "$HOME/monorepo/nix/disko/$DRIVE-simple.nix" cd /mnt - sudo nixos-install --flake $HOME/monorepo/nix#continuity + sudo nixos-install --flake "$HOME/monorepo/nix#$SYSTEM" sudo cp -r $HOME/monorepo "/mnt/home/$(ls /mnt/home/)/" echo "rebooting..."; sleep 3; reboot '') diff --git a/nix/disko/nvme-simple.nix b/nix/disko/nvme-simple.nix new file mode 100644 index 0000000..665c17e --- /dev/null +++ b/nix/disko/nvme-simple.nix @@ -0,0 +1,35 @@ +{ + disko.devices = { + disk = { + my-disk = { + device = "/dev/nvme0n1"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + type = "EF00"; + size = "500M"; + priority = 1; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + root = { + size = "100%"; + priority = 2; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/nix/disko/sda-simple.nix b/nix/disko/sda-simple.nix new file mode 100644 index 0000000..fdf6556 --- /dev/null +++ b/nix/disko/sda-simple.nix @@ -0,0 +1,35 @@ +{ + disko.devices = { + disk = { + my-disk = { + device = "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + ESP = { + type = "EF00"; + size = "500M"; + priority = 1; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + root = { + size = "100%"; + priority = 2; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/nix/disko/vda-simple.nix b/nix/disko/vda-simple.nix new file mode 100644 index 0000000..32fa28d --- /dev/null +++ b/nix/disko/vda-simple.nix @@ -0,0 +1,27 @@ +{ + disko.devices = { + disk = { + main = { + device = "/dev/vda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "1M"; + type = "EF02"; + }; + root = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/nix/flake.lock b/nix/flake.lock index cf1fb58..6afd52c 100644 --- a/nix/flake.lock +++ b/nix/flake.lock @@ -21,6 +21,27 @@ "type": "github" } }, + "devshell": { + "inputs": { + "nixpkgs": [ + "nix-topology", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1728330715, + "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", + "owner": "numtide", + "repo": "devshell", + "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "devshell", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -57,6 +78,22 @@ "type": "github" } }, + "flake-compat_2": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -117,6 +154,24 @@ "type": "github" } }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "gitignore": { "inputs": { "nixpkgs": [ @@ -139,6 +194,28 @@ "type": "github" } }, + "gitignore_2": { + "inputs": { + "nixpkgs": [ + "nix-topology", + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -187,6 +264,29 @@ "type": "github" } }, + "nix-topology": { + "inputs": { + "devshell": "devshell", + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "nixpkgs" + ], + "pre-commit-hooks": "pre-commit-hooks" + }, + "locked": { + "lastModified": 1738246091, + "narHash": "sha256-2+KkZsRO+XlOFbXbRgMZbRtlqn5MBNYj4HNmZ/2Tojg=", + "owner": "oddlama", + "repo": "nix-topology", + "rev": "5526269fa3eedf4f4bc00c0bf7a03db31d24b029", + "type": "github" + }, + "original": { + "owner": "oddlama", + "repo": "nix-topology", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1738277201, @@ -271,6 +371,33 @@ "type": "github" } }, + "pre-commit-hooks": { + "inputs": { + "flake-compat": "flake-compat_2", + "gitignore": "gitignore_2", + "nixpkgs": [ + "nix-topology", + "nixpkgs" + ], + "nixpkgs-stable": [ + "nix-topology", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730797577, + "narHash": "sha256-SrID5yVpyUfknUTGWgYkTyvdr9J1LxUym4om3SVGPkg=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "1864030ed24a2b8b4e4d386a5eeaf0c5369e50a9", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "pre-commit-hooks-nix": { "inputs": { "flake-compat": [ @@ -303,6 +430,7 @@ "disko": "disko", "home-manager": "home-manager", "lanzaboote": "lanzaboote", + "nix-topology": "nix-topology", "nixpkgs": "nixpkgs", "nur": "nur", "scripts": "scripts", @@ -399,6 +527,21 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ diff --git a/nix/flake.nix b/nix/flake.nix index 4c703cd..bab8574 100644 --- a/nix/flake.nix +++ b/nix/flake.nix @@ -3,86 +3,75 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; - + nur.url = "github:nix-community/NUR"; + sops-nix.url = "github:Mic92/sops-nix"; + scripts.url = "github:ret2pop/scripts"; + wallpapers.url = "github:ret2pop/wallpapers"; + sounds.url = "github:ret2pop/sounds"; + nix-topology = { + url = "github:oddlama/nix-topology"; + inputs.nixpkgs.follows = "nixpkgs"; + }; home-manager = { url = "github:nix-community/home-manager/release-24.11"; inputs.nixpkgs.follows = "nixpkgs"; }; - disko = { url = "github:nix-community/disko"; inputs.nixpkgs.follows = "nixpkgs"; }; - lanzaboote = { url = "github:nix-community/lanzaboote/v0.4.1"; inputs.nixpkgs.follows = "nixpkgs"; }; - - nur.url = "github:nix-community/NUR"; - sops-nix.url = "github:Mic92/sops-nix"; - scripts.url = "github:ret2pop/scripts"; - wallpapers.url = "github:ret2pop/wallpapers"; - sounds.url = "github:ret2pop/sounds"; }; - outputs = { nixpkgs, home-manager, nur, disko, lanzaboote, sops-nix, ... }@attrs: { - nixosConfigurations = { - installer = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ( - { pkgs, modulesPath, ... }: - { - imports = [ (modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix") ]; - } - ) - ./systems/installer/default.nix - ]; - }; + outputs = { self, nixpkgs, home-manager, nur, disko, lanzaboote, sops-nix, nix-topology, ... }@attrs: + let + system = "x86_64-linux"; + mkConfigs = map (hostname: { + name = "${hostname}"; + value = nixpkgs.lib.nixosSystem { + system = system; + specialArgs = attrs; + modules = if (hostname == "installer") then [ + (./. + "/systems/${hostname}/default.nix") + { networking.hostName = "${hostname}"; } + nix-topology.nixosModules.default + ] else [ + nix-topology.nixosModules.default + lanzaboote.nixosModules.lanzaboote + disko.nixosModules.disko + home-manager.nixosModules.home-manager + sops-nix.nixosModules.sops + { + nixpkgs.overlays = [ nur.overlays.default ]; + home-manager.extraSpecialArgs = attrs; + networking.hostName = "${hostname}"; + } + (./. + "/systems/${hostname}/default.nix") + ]; + }; + }); - continuity = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = attrs; - modules = [ - lanzaboote.nixosModules.lanzaboote - disko.nixosModules.disko - home-manager.nixosModules.home-manager - sops-nix.nixosModules.sops - { nixpkgs.overlays = [ nur.overlays.default ]; } - { home-manager.extraSpecialArgs = attrs; } - ./systems/continuity/default.nix - ]; - }; + pkgs = import nixpkgs { + inherit system; + overlays = [ nix-topology.overlays.default ]; + }; + in { + nixosConfigurations = builtins.listToAttrs (mkConfigs [ + "affinity" + "continuity" + "installer" + "spontaneity" + ]); - affinity = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = attrs; - modules = [ - lanzaboote.nixosModules.lanzaboote - disko.nixosModules.disko - home-manager.nixosModules.home-manager - sops-nix.nixosModules.sops - { nixpkgs.overlays = [ nur.overlays.default ]; } - { home-manager.extraSpecialArgs = attrs; } - ./systems/affinity/default.nix - ]; - }; - - spontaneity = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - specialArgs = attrs; - modules = [ - lanzaboote.nixosModules.lanzaboote - disko.nixosModules.disko - home-manager.nixosModules.home-manager - sops-nix.nixosModules.sops - { nixpkgs.overlays = [ nur.overlays.default ]; } - { home-manager.extraSpecialArgs = attrs; } - ./systems/spontaneity/hardware-configuration.nix - ./systems/spontaneity/default.nix + topology."${system}" = import nix-topology { + inherit pkgs; + modules = [ + ./topology/default.nix + { nixosConfigurations = self.nixosConfigurations; } ]; - }; + }; }; - }; } diff --git a/nix/modules/configuration.nix b/nix/modules/configuration.nix index 36a1702..1d175dc 100644 --- a/nix/modules/configuration.nix +++ b/nix/modules/configuration.nix @@ -24,10 +24,10 @@ environment = { etc = { - securetty.text = '' - # /etc/securetty: list of terminals on which root is allowed to login. - # See securetty(5) and login(1). - ''; + securetty.text = '' + # /etc/securetty: list of terminals on which root is allowed to login. + # See securetty(5) and login(1). + ''; }; }; @@ -35,13 +35,13 @@ coredump.enable = false; network.config.networkConfig.IPv6PrivacyExtensions = "kernel"; tmpfiles.settings = { - "restricthome"."/home/*".Z.mode = "~0700"; + "restricthome"."/home/*".Z.mode = "~0700"; - "restrictetcnixos"."/etc/nixos/*".Z = { - mode = "0000"; - user = "root"; - group = "root"; - }; + "restrictetcnixos"."/etc/nixos/*".Z = { + mode = "0000"; + user = "root"; + group = "root"; + }; }; }; @@ -50,138 +50,137 @@ extraModulePackages = [ ]; initrd = { - availableKernelModules = [ - "xhci_pci" - "ahci" - "usb_storage" - "sd_mod" - "nvme" - "sd_mod" - "ehci_pci" - "rtsx_pci_sdmmc" - "usbhid" - ]; - - kernelModules = [ ]; + availableKernelModules = [ + "xhci_pci" + "ahci" + "usb_storage" + "sd_mod" + "nvme" + "sd_mod" + "ehci_pci" + "rtsx_pci_sdmmc" + "usbhid" + ]; + + kernelModules = [ ]; }; lanzaboote = { - enable = config.monorepo.profiles.secureBoot.enable; - pkiBundle = "/etc/secureboot"; + enable = config.monorepo.profiles.secureBoot.enable; + pkiBundle = "/etc/secureboot"; }; loader = { - systemd-boot.enable = lib.mkForce (! config.monorepo.profiles.grub.enable); - efi.canTouchEfiVariables = lib.mkDefault (! config.monorepo.profiles.grub.enable); + systemd-boot.enable = lib.mkForce (! config.monorepo.profiles.grub.enable); + efi.canTouchEfiVariables = lib.mkDefault (! config.monorepo.profiles.grub.enable); }; kernelModules = [ - "snd-seq" - "snd-rawmidi" - "xhci_hcd" - "kvm_intel" + "snd-seq" + "snd-rawmidi" + "xhci_hcd" + "kvm_intel" ]; kernelParams = [ - "debugfs=off" - "page_alloc.shuffle=1" - "slab_nomerge" - "page_poison=1" - - # madaidan - "pti=on" - "randomize_kstack_offset=on" - "vsyscall=none" - "module.sig_enforce=1" - "lockdown=confidentiality" - - # cpu - "spectre_v2=on" - "spec_store_bypass_disable=on" - "tsx=off" - "tsx_async_abort=full,nosmt" - "mds=full,nosmt" - "l1tf=full,force" - "nosmt=force" - "kvm.nx_huge_pages=force" - - # hardened - "extra_latent_entropy" - - # mineral - "init_on_alloc=1" - "random.trust_cpu=off" - "random.trust_bootloader=off" - "intel_iommu=on" - "amd_iommu=force_isolation" - "iommu=force" - "iommu.strict=1" - "init_on_free=1" - "quiet" - "loglevel=0" + "debugfs=off" + "page_alloc.shuffle=1" + "slab_nomerge" + "page_poison=1" + + # madaidan + "pti=on" + "randomize_kstack_offset=on" + "vsyscall=none" + "module.sig_enforce=1" + "lockdown=confidentiality" + + # cpu + "spectre_v2=on" + "spec_store_bypass_disable=on" + "tsx=off" + "tsx_async_abort=full,nosmt" + "mds=full,nosmt" + "l1tf=full,force" + "nosmt=force" + "kvm.nx_huge_pages=force" + + # hardened + "extra_latent_entropy" + + # mineral + "init_on_alloc=1" + "random.trust_cpu=off" + "random.trust_bootloader=off" + "intel_iommu=on" + "amd_iommu=force_isolation" + "iommu=force" + "iommu.strict=1" + "init_on_free=1" + "quiet" + "loglevel=0" ]; blacklistedKernelModules = [ - "netrom" - "rose" - - "adfs" - "affs" - "bfs" - "befs" - "cramfs" - "efs" - "erofs" - "exofs" - "freevxfs" - "f2fs" - "hfs" - "hpfs" - "jfs" - "minix" - "nilfs2" - "ntfs" - "omfs" - "qnx4" - "qnx6" - "sysv" - "ufs" + "netrom" + "rose" + + "adfs" + "affs" + "bfs" + "befs" + "cramfs" + "efs" + "erofs" + "exofs" + "freevxfs" + "f2fs" + "hfs" + "hpfs" + "jfs" + "minix" + "nilfs2" + "ntfs" + "omfs" + "qnx4" + "qnx6" + "sysv" + "ufs" ]; kernel.sysctl = { - "kernel.ftrace_enabled" = false; - "net.core.bpf_jit_enable" = false; - "kernel.kptr_restrict" = 2; - - # madaidan - "vm.swappiness" = 1; - "vm.unprivileged_userfaultfd" = 0; - "dev.tty.ldisc_autoload" = 0; - "kernel.kexec_load_disabled" = 1; - "kernel.sysrq" = 4; - "kernel.perf_event_paranoid" = 3; - - # net - "net.ipv4.icmp_echo_ignore_broadcasts" = true; - - "net.ipv4.conf.all.accept_redirects" = false; - "net.ipv4.conf.all.secure_redirects" = false; - "net.ipv4.conf.default.accept_redirects" = false; - "net.ipv4.conf.default.secure_redirects" = false; - "net.ipv6.conf.all.accept_redirects" = false; - "net.ipv6.conf.default.accept_redirects" = false; + "kernel.ftrace_enabled" = false; + "net.core.bpf_jit_enable" = false; + "kernel.kptr_restrict" = 2; + + # madaidan + "vm.swappiness" = 1; + "vm.unprivileged_userfaultfd" = 0; + "dev.tty.ldisc_autoload" = 0; + "kernel.kexec_load_disabled" = 1; + "kernel.sysrq" = 4; + "kernel.perf_event_paranoid" = 3; + + # net + "net.ipv4.icmp_echo_ignore_broadcasts" = true; + + "net.ipv4.conf.all.accept_redirects" = false; + "net.ipv4.conf.all.secure_redirects" = false; + "net.ipv4.conf.default.accept_redirects" = false; + "net.ipv4.conf.default.secure_redirects" = false; + "net.ipv6.conf.all.accept_redirects" = false; + "net.ipv6.conf.default.accept_redirects" = false; }; }; networking = { useDHCP = lib.mkDefault true; - hostName = config.monorepo.vars.hostName; networkmanager = { - enable = true; + enable = true; }; firewall = { - allowedTCPPorts = [ 22 11434 ]; - allowedUDPPorts = [ ]; + allowedTCPPorts = [ 22 11434 ]; + allowedUDPPorts = [ ]; }; }; @@ -192,16 +191,16 @@ pulseaudio.enable = ! config.monorepo.profiles.pipewire.enable; bluetooth = { - enable = true; - powerOnBoot = true; + enable = true; + powerOnBoot = true; }; }; services = { chrony = { - enable = true; - enableNTS = true; - servers = [ "time.cloudflare.com" "ptbtime1.ptb.de" "ptbtime2.ptb.de" ]; + enable = true; + enableNTS = true; + servers = [ "time.cloudflare.com" "ptbtime1.ptb.de" "ptbtime2.ptb.de" ]; }; jitterentropy-rngd.enable = true; @@ -214,12 +213,12 @@ # Misc. udev = { - extraRules = ''''; - packages = with pkgs; [ - platformio-core - platformio-core.udev - openocd - ]; + extraRules = ''''; + packages = with pkgs; [ + platformio-core + platformio-core.udev + openocd + ]; }; printing.enable = true; @@ -236,20 +235,20 @@ nixpkgs = { hostPlatform = lib.mkDefault "x86_64-linux"; config = { - allowUnfree = true; - cudaSupport = lib.mkDefault config.monorepo.profiles.cuda.enable; + allowUnfree = true; + cudaSupport = lib.mkDefault config.monorepo.profiles.cuda.enable; }; }; security = { apparmor = { - enable = true; - killUnconfinedConfinables = true; + enable = true; + killUnconfinedConfinables = true; }; pam.loginLimits = [ - { domain = "*"; item = "nofile"; type = "-"; value = "32768"; } - { domain = "*"; item = "memlock"; type = "-"; value = "32768"; } + { domain = "*"; item = "nofile"; type = "-"; value = "32768"; } + { domain = "*"; item = "memlock"; type = "-"; value = "32768"; } ]; rtkit.enable = true; @@ -259,9 +258,9 @@ forcePageTableIsolation = true; tpm2 = { - enable = true; - pkcs11.enable = true; - tctiEnvironment.enable = true; + enable = true; + pkcs11.enable = true; + tctiEnvironment.enable = true; }; auditd.enable = true; @@ -274,9 +273,9 @@ enable = true; wlr.enable = true; extraPortals = with pkgs; [ - xdg-desktop-portal-gtk - xdg-desktop-portal - xdg-desktop-portal-hyprland + xdg-desktop-portal-gtk + xdg-desktop-portal + xdg-desktop-portal-hyprland ]; config.common.default = "*"; }; @@ -289,23 +288,25 @@ curl ]; + users.groups.git = {}; users.users = { root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICts6+MQiMwpA+DfFQxjIN214Jn0pCw/2BDvOzPhR/H2 preston@continuity-dell" ]; git = { - isSystemUser = true; - home = "/srv/git"; - shell = "${pkgs.git}/bin/git-shell"; + isSystemUser = true; + home = "/srv/git"; + shell = "${pkgs.git}/bin/git-shell"; + group = "git"; }; "${config.monorepo.vars.userName}" = { - initialPassword = "${config.monorepo.vars.userName}"; - isNormalUser = true; - description = config.monorepo.vars.fullName; - extraGroups = [ "networkmanager" "wheel" "video" "docker" "jackaudio" "tss" "dialout" ]; - shell = pkgs.zsh; - packages = []; + initialPassword = "${config.monorepo.vars.userName}"; + isNormalUser = true; + description = config.monorepo.vars.fullName; + extraGroups = [ "networkmanager" "wheel" "video" "docker" "jackaudio" "tss" "dialout" ]; + shell = pkgs.zsh; + packages = []; }; }; diff --git a/nix/modules/default.nix b/nix/modules/default.nix index 50e5a1b..00a188b 100644 --- a/nix/modules/default.nix +++ b/nix/modules/default.nix @@ -17,6 +17,7 @@ server.enable = lib.mkEnableOption "Enables server services"; ttyonly.enable = lib.mkEnableOption "TTY only, no xserver"; grub.enable = lib.mkEnableOption "Enables grub instead of systemd-boot"; + workstation.enable = lib.mkEnableOption "Enables workstation services"; }; }; }; diff --git a/nix/modules/home/default.nix b/nix/modules/home/default.nix index 45b0890..13966da 100644 --- a/nix/modules/home/default.nix +++ b/nix/modules/home/default.nix @@ -42,23 +42,8 @@ music.enable = lib.mkEnableOption "Enables mpd"; workstation.enable = lib.mkEnableOption "Enables workstation packages (music production and others)"; cuda.enable = lib.mkEnableOption "Enables CUDA user package builds"; + hyprland.enable = lib.mkEnableOption "Enables hyprland"; - hyprland = { - enable = lib.mkEnableOption "Enables hyprland"; - monitors = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ - "HDMI-A-1" - "eDP-1" - "DP-2" - "DP-3" - "LVDS-1" - "DP-4" - ]; - example = []; - description = "Hyprland monitors"; - }; - }; email = { email = lib.mkOption { type = lib.types.str; diff --git a/nix/modules/home/hyprland.nix b/nix/modules/home/hyprland.nix index 36e1621..1463f90 100644 --- a/nix/modules/home/hyprland.nix +++ b/nix/modules/home/hyprland.nix @@ -7,6 +7,12 @@ systemd.enable = true; settings = { "$mod" = "SUPER"; + bezier = [ + "overshot,0,1,0,0.95" + ]; + animation = [ + "workspaces, 1, 10, overshot" + ]; exec-once = [ "waybar" "swww-daemon --format xrgb" diff --git a/nix/modules/home/user.nix b/nix/modules/home/user.nix index 882041b..85b6a70 100644 --- a/nix/modules/home/user.nix +++ b/nix/modules/home/user.nix @@ -62,12 +62,17 @@ pfetch libnotify htop - (writeShellScriptBin "install_vps" + (writeShellScriptBin "remote-build" '' #!/bin/bash -nix run github:nix-community/nixos-anywhere -- --generate-hardware-config nixos-generate-config ./systems/spontaneity/hardware-configuration.nix --flake .#spontaneity --target-host "$1" - '' +nixos-rebuild --target-host "$1" switch --flake .#spontaneity +'' ) + (writeShellScriptBin "install-vps" + '' +#!/bin/bash +nix run github:nix-community/nixos-anywhere -- --generate-hardware-config nixos-generate-config ./systems/spontaneity/hardware-configuration.nix --flake .#spontaneity --target-host "$1" + '') ] else [ pfetch diff --git a/nix/modules/nginx.nix b/nix/modules/nginx.nix index e8c4682..bcc213a 100644 --- a/nix/modules/nginx.nix +++ b/nix/modules/nginx.nix @@ -1,7 +1,7 @@ -{ config, services, ... }: +{ config, lib, services, ... }: { services.nginx = { - enable = true; + enable = lib.mkDefault config.monorepo.profiles.server.enable; # Use recommended settings recommendedGzipSettings = true; diff --git a/nix/modules/nvme-simple.nix b/nix/modules/nvme-simple.nix deleted file mode 100644 index 665c17e..0000000 --- a/nix/modules/nvme-simple.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - disko.devices = { - disk = { - my-disk = { - device = "/dev/nvme0n1"; - type = "disk"; - content = { - type = "gpt"; - partitions = { - ESP = { - type = "EF00"; - size = "500M"; - priority = 1; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; - }; - root = { - size = "100%"; - priority = 2; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/nix/modules/ollama.nix b/nix/modules/ollama.nix index f9f4dc9..96ee918 100644 --- a/nix/modules/ollama.nix +++ b/nix/modules/ollama.nix @@ -1,7 +1,7 @@ { config, lib, ... }: { services.ollama = { - enable = lib.mkDefault config.monorepo.profiles.server.enable; + enable = lib.mkDefault config.monorepo.profiles.workstation.enable; acceleration = "cuda"; host = "0.0.0.0"; }; diff --git a/nix/modules/sda-simple.nix b/nix/modules/sda-simple.nix deleted file mode 100644 index fdf6556..0000000 --- a/nix/modules/sda-simple.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - disko.devices = { - disk = { - my-disk = { - device = "/dev/sda"; - type = "disk"; - content = { - type = "gpt"; - partitions = { - ESP = { - type = "EF00"; - size = "500M"; - priority = 1; - content = { - type = "filesystem"; - format = "vfat"; - mountpoint = "/boot"; - mountOptions = [ "umask=0077" ]; - }; - }; - root = { - size = "100%"; - priority = 2; - content = { - type = "filesystem"; - format = "ext4"; - mountpoint = "/"; - }; - }; - }; - }; - }; - }; - }; -} diff --git a/nix/modules/vars.nix b/nix/modules/vars.nix index 5652a93..5d22584 100644 --- a/nix/modules/vars.nix +++ b/nix/modules/vars.nix @@ -1,13 +1,6 @@ { lib, ... }: { options.monorepo.vars = { - hostName = lib.mkOption { - type = lib.types.str; - default = "continuity"; - example = "hostname"; - description = "system hostname"; - }; - userName = lib.mkOption { type = lib.types.str; default = "preston