diff --git a/flake.lock b/flake.lock index 4d24c96..4ccd88b 100644 --- a/flake.lock +++ b/flake.lock @@ -253,6 +253,25 @@ "type": "github" } }, + "jovian": { + "inputs": { + "nix-github-actions": "nix-github-actions", + "nixpkgs": "nixpkgs_2" + }, + "locked": { + "lastModified": 1732032028, + "narHash": "sha256-NjyfJQQxs/a2a/KwTmXM44K7XjeJwGsf4YFtebueQzo=", + "owner": "Jovian-Experiments", + "repo": "Jovian-NixOS", + "rev": "65dc04371cf914c9af4f073638821e4787303005", + "type": "github" + }, + "original": { + "owner": "Jovian-Experiments", + "repo": "Jovian-NixOS", + "type": "github" + } + }, "lanzaboote": { "inputs": { "crane": "crane", @@ -284,7 +303,7 @@ "inputs": { "blobs": "blobs", "flake-compat": "flake-compat_2", - "nixpkgs": "nixpkgs_2", + "nixpkgs": "nixpkgs_3", "nixpkgs-24_05": "nixpkgs-24_05", "utils": "utils" }, @@ -307,7 +326,7 @@ "inputs": { "flake-compat": "flake-compat_3", "flake-utils": "flake-utils_2", - "nixpkgs": "nixpkgs_3" + "nixpkgs": "nixpkgs_4" }, "locked": { "lastModified": 1732153840, @@ -323,6 +342,28 @@ "type": "github" } }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "jovian", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729697500, + "narHash": "sha256-VFTWrbzDlZyFHHb1AlKRiD/qqCJIripXKiCSFS8fAOY=", + "owner": "zhaofengli", + "repo": "nix-github-actions", + "rev": "e418aeb728b6aa5ca8c5c71974e7159c2df1d8cf", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "ref": "matrix-name", + "repo": "nix-github-actions", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1722221733, @@ -369,6 +410,22 @@ } }, "nixpkgs_2": { + "locked": { + "lastModified": 1729665710, + "narHash": "sha256-AlcmCXJZPIlO5dmFzV3V2XF6x/OpNWUV8Y/FMPGd8Z4=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2768c7d042a37de65bb1b5b3268fc987e534c49d", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { "locked": { "lastModified": 1717602782, "narHash": "sha256-pL9jeus5QpX5R+9rsp3hhZ+uplVHscNJh8n8VpqscM0=", @@ -383,7 +440,7 @@ "type": "indirect" } }, - "nixpkgs_3": { + "nixpkgs_4": { "locked": { "lastModified": 1715266358, "narHash": "sha256-doPgfj+7FFe9rfzWo1siAV2mVCasW+Bh8I1cToAXEE4=", @@ -399,7 +456,7 @@ "type": "github" } }, - "nixpkgs_4": { + "nixpkgs_5": { "locked": { "lastModified": 1731755305, "narHash": "sha256-v5P3dk5JdiT+4x69ZaB18B8+Rcu3TIOrcdG4uEX7WZ8=", @@ -463,10 +520,11 @@ "hardware": "hardware", "home-manager": "home-manager", "impermanence": "impermanence", + "jovian": "jovian", "lanzaboote": "lanzaboote", "mailserver": "mailserver", "minecraft": "minecraft", - "nixpkgs": "nixpkgs_4", + "nixpkgs": "nixpkgs_5", "nur": "nur", "unstable": "unstable" } diff --git a/flake.nix b/flake.nix index 98ffca7..94185ca 100644 --- a/flake.nix +++ b/flake.nix @@ -18,6 +18,7 @@ impermanence.url = "github:nix-community/impermanence"; mailserver.url = "gitlab:simple-nixos-mailserver/nixos-mailserver/nixos-24.05"; minecraft.url = "github:Infinidoge/nix-minecraft"; + jovian.url = "github:Jovian-Experiments/Jovian-NixOS"; # Home inputs home-manager = { @@ -38,6 +39,7 @@ impermanence, mailserver, minecraft, + jovian, home-manager, nur, blender-bin, @@ -76,10 +78,10 @@ nixosConfigurations = { tower = mkNix [ ./hosts/tower ]; # Main Desktop + jupiter = mkNix [ ./hosts/jupiter ]; # Steam Deck axolotl = mkNix [ ./hosts/axolotl ]; # PineBook Pro lacros = mkNix [ ./hosts/lacros ]; # Dell Chromebook redmond = mkNix [ ./hosts/redmond ]; # Lenovo Dual-Boot Laptop - pomme = mkNix [ ./hosts/treefruit ]; # Macbook Pro 14,1 extern = mkNix [ ./hosts/extern ]; # Portable Hard-Drive kitty = mkNix [ ./hosts/kitty ]; # Dell Optiplex 7010 diff --git a/hosts/axolotl/boot/default.nix b/hosts/axolotl/boot/default.nix index 3e8b22b..3d238d6 100644 --- a/hosts/axolotl/boot/default.nix +++ b/hosts/axolotl/boot/default.nix @@ -33,7 +33,7 @@ umount /mnt ''; - }; + }; }; }; }; diff --git a/hosts/extern/boot/default.nix b/hosts/extern/boot/default.nix index d984437..f7b6c70 100644 --- a/hosts/extern/boot/default.nix +++ b/hosts/extern/boot/default.nix @@ -3,10 +3,6 @@ boot = { kernelPackages = pkgs.linuxPackages_5_10; kernel.sysctl."vm.max_map_count" = 2147483642; - kernelParams = [ - "nvidia_drm.fbdev=1" - "nouveau.config=NvGspRm=1" - ]; initrd.systemd = { enable = true; diff --git a/hosts/extern/id_ed25519.pub b/hosts/extern/id_ed25519.pub deleted file mode 100644 index e36a85d..0000000 --- a/hosts/extern/id_ed25519.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC2lMkUd+BbXITE5LTg94hEzmA6UKsIIbaf5YOjGoLzl diff --git a/hosts/jupiter/boot/default.nix b/hosts/jupiter/boot/default.nix new file mode 100644 index 0000000..7a227d6 --- /dev/null +++ b/hosts/jupiter/boot/default.nix @@ -0,0 +1,44 @@ +{ config, pkgs, ... }: +{ + boot = { + kernelPackages = pkgs.unstable.linuxPackages_latest; + kernel.sysctl."vm.max_map_count" = 2147483642; + kernelParams = [ + "amd_iommu=on" + "iommu=pt" + "nested=1" + "transparent_hugepage=never" + ]; + + initrd.systemd = { + enable = true; + services.root-reset = { + description = "Reset root and snapshot last boot"; + wantedBy = [ "initrd.target" ]; + before = [ "sysroot.mount" ]; + after = [ "dev-${config.networking.hostName}-root.device" ]; + unitConfig.DefaultDependencies = "no"; + serviceConfig.Type = "oneshot"; + script = '' + mkdir -p /mnt + mount /dev/${config.networking.hostName}/root /mnt + + if [[ -e /mnt/prev ]]; then + btrfs subvolume delete /mnt/prev + fi + + btrfs subvolume snapshot /mnt/root /mnt/prev + + btrfs subvolume list -o /mnt/root | cut -f9 -d' ' | while read subvolume; do + btrfs subvolume delete "/mnt/$subvolume" + done + + btrfs subvolume delete /mnt/root + btrfs subvolume create /mnt/root + + umount /mnt + ''; + }; + }; + }; +} diff --git a/hosts/jupiter/default.nix b/hosts/jupiter/default.nix new file mode 100644 index 0000000..066f3ae --- /dev/null +++ b/hosts/jupiter/default.nix @@ -0,0 +1,17 @@ +{ jovian, ... }: +{ + imports = [ + ./boot + ./disko + ./hardware + ./wireguard + ../../modules/system + ]; + + system.lanzaboote.enable = true; + system.libvirtd.enable = true; + + jovian.steamos.useSteamOSConfig = true; + + networking.hostName = "jupiter"; +} diff --git a/hosts/jupiter/disko/default.nix b/hosts/jupiter/disko/default.nix new file mode 100644 index 0000000..6c6c98d --- /dev/null +++ b/hosts/jupiter/disko/default.nix @@ -0,0 +1,97 @@ +{ disko, config, ... }: +{ + imports = [ disko.nixosModules.disko ]; + + disko.devices = { + disk = { + "${config.networking.hostName}" = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + ESP = { + priority = 1; + size = "2G"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + luks = { + size = "100%"; + content = { + type = "luks"; + name = "${config.networking.hostName}-disk"; + settings.allowDiscards = true; + passwordFile = "/tmp/secret.key"; + content = { + type = "lvm_pv"; + vg = "${config.networking.hostName}"; + }; + }; + }; + }; + }; + }; + }; + + lvm_vg = { + "${config.networking.hostName}" = { + type = "lvm_vg"; + lvs = { + root = { + size = "100%"; + content = { + type = "btrfs"; + extraArgs = [ "-f" ]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = [ "compress=zstd" "noatime" "ssd" ]; + }; + "/prev" = { + mountpoint = "/prev"; + mountOptions = [ "compress=zstd" "noatime" "ssd" ]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = [ "compress=zstd" "noatime" "ssd" ]; + }; + + # Impermanence + "/persist" = { + mountpoint = "/persist"; + mountOptions = [ "compress=zstd" "noatime" "ssd" ]; + }; + "/persist/.snapshots" = { }; + + "/jimbo" = { + mountpoint = "/persist/home/jimbo"; + mountOptions = [ "compress=zstd" "noatime" "ssd" ]; + }; + "/jimbo/.snapshots" = { }; + }; + }; + }; + swap = { + size = "8G"; + content = { + type = "swap"; + discardPolicy = "both"; + }; + }; + }; + }; + }; + }; + + # Needed for impermanence + fileSystems = { + "/persist".neededForBoot = true; + "/persist/home/jimbo".neededForBoot = true; + }; +} diff --git a/hosts/jupiter/hardware/default.nix b/hosts/jupiter/hardware/default.nix new file mode 100644 index 0000000..5aaaa62 --- /dev/null +++ b/hosts/jupiter/hardware/default.nix @@ -0,0 +1,35 @@ +{ config, lib, modulesPath, ... }: +{ + boot = { + initrd = { + availableKernelModules = [ + "nvme" + "xhci_pci" + "ahci" + "usbhid" + "usb_storage" + "sd_mod" + ]; + kernelModules = [ + "dm-snapshot" + "vfio" + "vfio_pci" + "vfio_iommu_type1" + "kvm-amd" + ]; + }; + }; + + fileSystems = { + # Remote + "/home/jimbo/JimboNFS" = { + device = "${config.ips.wgSpan}.1:/export/JimboNFS"; + fsType = "nfs4"; + options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ]; + }; + }; + + networking.useDHCP = lib.mkDefault true; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/jupiter/wireguard/default.nix b/hosts/jupiter/wireguard/default.nix new file mode 100644 index 0000000..7ca7ad5 --- /dev/null +++ b/hosts/jupiter/wireguard/default.nix @@ -0,0 +1,23 @@ +{ lib, config, ... }: +{ + networking = { + firewall = { + allowedUDPPorts = [ 51820 ]; + trustedInterfaces = [ "wgc" ]; + }; + + wireguard.interfaces.wgc = { + ips = [ "10.100.0.21/24" ]; + listenPort = 51820; + privateKey = config.secrets.wgClientPriv; + peers = [ + { # Cyberspark Server + publicKey = "qnOT/lXOJMaQgDUdXpyfGZB2IEyUouRje2m/bCe9ux8="; + allowedIPs = [ "10.100.0.0/24" ]; + endpoint = "sv.${config.domains.jim1}:51820"; + persistentKeepalive = 25; + } + ]; + }; + }; +} diff --git a/hosts/pomme/home/default.nix b/hosts/pomme/home/default.nix deleted file mode 100644 index a2266b9..0000000 --- a/hosts/pomme/home/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ config, ... }: -{ - imports = [ - ../../../modules/home - ../../../modules/home/programs/misc/production - ../../../modules/home/programs/misc/gaming/launchers - ../../../modules/home/programs/misc/remote-desktop - ]; -} diff --git a/hosts/pomme/id_ed25519.pub b/hosts/pomme/id_ed25519.pub deleted file mode 100644 index 85e61cb..0000000 --- a/hosts/pomme/id_ed25519.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAzAyY6bLK/pOlijVOZjw3ikdIaOuCC1yQjxL922bON7 diff --git a/hosts/pomme/system/boot/default.nix b/hosts/pomme/system/boot/default.nix deleted file mode 100644 index b88ae29..0000000 --- a/hosts/pomme/system/boot/default.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ pkgs, ... }: -{ - boot = { - kernelPackages = pkgs.linuxPackages_latest; - kernel.sysctl."vm.max_map_count" = 2147483642; - initrd = { - systemd.enable = true; - luks.devices = { - crypt-mmc = { - device = "/dev/disk/by-uuid/5bc11b61-e4dc-465c-b87a-533955cf6177"; - preLVM = true; - allowDiscards = true; - }; - }; - }; - }; -} diff --git a/hosts/pomme/system/default.nix b/hosts/pomme/system/default.nix deleted file mode 100644 index db774c6..0000000 --- a/hosts/pomme/system/default.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ config, lib, hardware, ... }: -{ - imports = [ - ./hardware - ./boot - - # Apps and programs - ../../../modules/system - ../../../modules/system/accounts - ../../../modules/system/desktop - ../../../modules/system/programs - ../../../modules/system/services - - # Devices and hardware - ../../../modules/system/devices - ../../../modules/system/devices/boot/systemd - ../../../modules/system/devices/networking/wireless - ../../../modules/system/devices/networking/firewall/pc - ../../../modules/system/devices/networking/wireguard/pc - - # Extras - ../../../overlays - ../../../variables - - # Imports - hardware.nixosModules.apple-macbook-pro-14-1 - ]; - - networking.hostName = "treefruit"; - networking.wireguard.interfaces."${config.ips.wgInt}".ips = [ "${config.ips.wgSpan}.21/24" ]; -} diff --git a/hosts/pomme/system/hardware/default.nix b/hosts/pomme/system/hardware/default.nix deleted file mode 100644 index b456c08..0000000 --- a/hosts/pomme/system/hardware/default.nix +++ /dev/null @@ -1,65 +0,0 @@ -{ config, lib, pkgs, modulesPath, ... }: - -{ - boot = { - kernelModules = [ "kvm-intel" ]; - initrd = { - availableKernelModules = [ - "xhci_pci" - "nvme" - "usbhid" - "usb_storage" - "sd_mod" - ]; - kernelModules = [ "dm-snapshot" ]; - }; - }; - - fileSystems = { - "/" = { - device = "/dev/disk/by-uuid/db67d9e8-2ead-4fe6-8a63-5c9e5071e06e"; - fsType = "btrfs"; - options = [ "subvol=@" ]; - }; - "/home" = { - device = "/dev/disk/by-uuid/db67d9e8-2ead-4fe6-8a63-5c9e5071e06e"; - fsType = "btrfs"; - options = [ "subvol=@home" ]; - }; - "/nix" = { - device = "/dev/disk/by-uuid/db67d9e8-2ead-4fe6-8a63-5c9e5071e06e"; - fsType = "btrfs"; - options = [ "subvol=@nix" ]; - }; - "/var" = { - device = "/dev/disk/by-uuid/db67d9e8-2ead-4fe6-8a63-5c9e5071e06e"; - fsType = "btrfs"; - options = [ "subvol=@var" ]; - }; - "/snapshots" = { - device = "/dev/disk/by-uuid/db67d9e8-2ead-4fe6-8a63-5c9e5071e06e"; - fsType = "btrfs"; - options = [ "subvol=@snapshots" ]; - }; - "/boot" = { - device = "/dev/disk/by-uuid/7B59-F17A"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - - # Remote - "/home/jimbo/JimboNFS" = { - device = "${config.ips.wgSpan}.1:/export/JimboNFS"; - fsType = "nfs4"; - options = [ "x-systemd.automount" "_netdev" "nofail" "noauto" ]; - }; - }; - - swapDevices = [ - { device = "/dev/disk/by-uuid/25b5e281-f1be-49ca-991e-b340fed3e5da"; } - ]; - - networking.useDHCP = lib.mkDefault true; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/hosts/tower/disko/default.nix b/hosts/tower/disko/default.nix index da0b042..6c6c98d 100644 --- a/hosts/tower/disko/default.nix +++ b/hosts/tower/disko/default.nix @@ -51,27 +51,27 @@ subvolumes = { "/root" = { mountpoint = "/"; - mountOptions = [ "compress=zstd" "noatime" ]; + mountOptions = [ "compress=zstd" "noatime" "ssd" ]; }; "/prev" = { mountpoint = "/prev"; - mountOptions = [ "compress=zstd" "noatime" ]; + mountOptions = [ "compress=zstd" "noatime" "ssd" ]; }; "/nix" = { mountpoint = "/nix"; - mountOptions = [ "compress=zstd" "noatime" ]; + mountOptions = [ "compress=zstd" "noatime" "ssd" ]; }; # Impermanence "/persist" = { mountpoint = "/persist"; - mountOptions = [ "compress=zstd" "noatime" ]; + mountOptions = [ "compress=zstd" "noatime" "ssd" ]; }; "/persist/.snapshots" = { }; "/jimbo" = { mountpoint = "/persist/home/jimbo"; - mountOptions = [ "compress=zstd" "noatime" ]; + mountOptions = [ "compress=zstd" "noatime" "ssd" ]; }; "/jimbo/.snapshots" = { }; }; diff --git a/modules/home/programs/gui/librewolf/default.nix b/modules/home/programs/gui/librewolf/default.nix index 7d6be7c..119094e 100644 --- a/modules/home/programs/gui/librewolf/default.nix +++ b/modules/home/programs/gui/librewolf/default.nix @@ -130,6 +130,7 @@ in { "browser.download.useDownloadDir" = true; "browser.startup.page" = 3; "browser.newtabpage.enabled" = false; + "browser.tabs.inTitlebar" = 0; "extensions.pocket.enabled" = false; "extensions.autoDisableScopes" = 0; diff --git a/modules/home/programs/gui/mangohud/default.nix b/modules/home/programs/gui/mangohud/default.nix index 95f87f0..7687704 100644 --- a/modules/home/programs/gui/mangohud/default.nix +++ b/modules/home/programs/gui/mangohud/default.nix @@ -4,6 +4,7 @@ packages = with pkgs; [ mangohud ]; file = { # These options exist in Nixlang, but the order is not respected. + # As of 24.11, exec is no longer respected either. No clue why. ".config/MangoHud/MangoHud.conf".text = '' table_columns=2 frametime=0 diff --git a/modules/home/programs/gui/pcmanfm-qt/default.nix b/modules/home/programs/gui/pcmanfm-qt/default.nix index 602aa72..abbb327 100644 --- a/modules/home/programs/gui/pcmanfm-qt/default.nix +++ b/modules/home/programs/gui/pcmanfm-qt/default.nix @@ -43,7 +43,7 @@ MaxExternalThumbnailFileSize=-1 MaxThumbnailFileSize=4096 ShowThumbnails=true - ThumbnailLocalFilesOnly=true + ThumbnailLocalFilesOnly=false [Window] AlwaysShowTabs=false diff --git a/modules/home/programs/gui/rofi/default.nix b/modules/home/programs/gui/rofi/default.nix index c72fde0..acd636a 100644 --- a/modules/home/programs/gui/rofi/default.nix +++ b/modules/home/programs/gui/rofi/default.nix @@ -123,6 +123,7 @@ }; }; }; + home.packages = with pkgs; [ (pkgs.writeScriptBin "rofiscripts" '' # Scratchpad function diff --git a/modules/home/users/jimbo/default.nix b/modules/home/users/jimbo/default.nix index 6af3691..d19c7ef 100644 --- a/modules/home/users/jimbo/default.nix +++ b/modules/home/users/jimbo/default.nix @@ -5,6 +5,7 @@ homeDirectory = "/home/jimbo"; sessionVariables = { EDITOR = "nvim"; + MANPAGER = "nvim +Man!"; LIBVIRT_DEFAULT_URI = "qemu:///system"; HISTCONTROL = "ignoreboth"; NIXPKGS_ALLOW_UNFREE = 1; diff --git a/modules/system/accounts/users/jimbo/default.nix b/modules/system/accounts/users/jimbo/default.nix index 35dc138..60b2a16 100644 --- a/modules/system/accounts/users/jimbo/default.nix +++ b/modules/system/accounts/users/jimbo/default.nix @@ -8,9 +8,9 @@ openssh.authorizedKeys.keys = [ (builtins.readFile ../../../../../hosts/tower/id_ed25519.pub) + (builtins.readFile ../../../../../hosts/axolotl/id_ed25519.pub) (builtins.readFile ../../../../../hosts/lacros/id_ed25519.pub) (builtins.readFile ../../../../../hosts/redmond/id_ed25519.pub) - (builtins.readFile ../../../../../hosts/pomme/id_ed25519.pub) (builtins.readFile ../../../../../hosts/kitty/id_ed25519.pub) (builtins.readFile ../../../../../hosts/xenia/id_ed25519.pub) diff --git a/modules/system/devices/disks/impermanence/jimbo/default.nix b/modules/system/devices/disks/impermanence/jimbo/default.nix index 7125bed..560b2cd 100644 --- a/modules/system/devices/disks/impermanence/jimbo/default.nix +++ b/modules/system/devices/disks/impermanence/jimbo/default.nix @@ -33,6 +33,7 @@ files = [ ".zsh_history" ".local/share/clipman.json" + ".local/state/lazygit/state.yml" ".local/share/applications" # Create this so nothing gets generated inside of it ]; diff --git a/modules/system/services/server/fileserver/local/samba/default.nix b/modules/system/services/server/fileserver/local/samba/default.nix index e307354..d844597 100644 --- a/modules/system/services/server/fileserver/local/samba/default.nix +++ b/modules/system/services/server/fileserver/local/samba/default.nix @@ -20,7 +20,7 @@ # Advertise to Windows samba-wsdd = { - enable = true; + enable = config.system.server.enable; openFirewall = true; }; };