diff --git a/flake.lock b/flake.lock index ce65a2c..538d2aa 100644 --- a/flake.lock +++ b/flake.lock @@ -73,11 +73,11 @@ ] }, "locked": { - "lastModified": 1733570843, - "narHash": "sha256-sQJAxY1TYWD1UyibN/FnN97paTFuwBw3Vp3DNCyKsMk=", + "lastModified": 1736370755, + "narHash": "sha256-iWcjToBpx4PUd74uqvIGAfqqVfyrvRLRauC/SxEKIF0=", "owner": "lnl7", "repo": "nix-darwin", - "rev": "a35b08d09efda83625bef267eb24347b446c80b8", + "rev": "57733bd1dc81900e13438e5b4439239f1b29db0e", "type": "github" }, "original": { @@ -93,11 +93,11 @@ ] }, "locked": { - "lastModified": 1734088167, - "narHash": "sha256-OIitVU+IstPbX/NWn2jLF+/sT9dVKcO2FKeRAzlyX6c=", + "lastModified": 1736437680, + "narHash": "sha256-9Sy17XguKdEU9M5peTrkWSlI/O5IAqjHzdzxbXnc30g=", "owner": "nix-community", "repo": "disko", - "rev": "d32f2d1750d61a476a236526b725ec5a32e16342", + "rev": "4d5d07d37ff773338e40a92088f45f4f88e509c8", "type": "github" }, "original": { @@ -229,7 +229,7 @@ }, "flake-utils-plus": { "inputs": { - "flake-utils": "flake-utils_4" + "flake-utils": "flake-utils_3" }, "locked": { "lastModified": 1715533576, @@ -248,7 +248,7 @@ }, "flake-utils-plus_2": { "inputs": { - "flake-utils": "flake-utils_5" + "flake-utils": "flake-utils_4" }, "locked": { "lastModified": 1696331477, @@ -286,24 +286,6 @@ "inputs": { "systems": "systems_4" }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_4": { - "inputs": { - "systems": "systems_5" - }, "locked": { "lastModified": 1694529238, "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", @@ -318,9 +300,9 @@ "type": "github" } }, - "flake-utils_5": { + "flake-utils_4": { "inputs": { - "systems": "systems_7" + "systems": "systems_6" }, "locked": { "lastModified": 1694529238, @@ -365,11 +347,11 @@ ] }, "locked": { - "lastModified": 1733951536, - "narHash": "sha256-Zb5ZCa7Xj+0gy5XVXINTSr71fCfAv+IKtmIXNrykT54=", + "lastModified": 1736373539, + "narHash": "sha256-dinzAqCjenWDxuy+MqUQq0I4zUSfaCvN9rzuCmgMZJY=", "owner": "nix-community", "repo": "home-manager", - "rev": "1318c3f3b068cdcea922fa7c1a0a1f0c96c22f5f", + "rev": "bd65bc3cde04c16755955630b344bc9e35272c56", "type": "github" }, "original": { @@ -382,11 +364,11 @@ "homebrew-bundle": { "flake": false, "locked": { - "lastModified": 1734147292, - "narHash": "sha256-qfkDeQk+5fE4gqTpHxaEV3dHiEG9BmUBV00IX7i2NPc=", + "lastModified": 1736497181, + "narHash": "sha256-Wx11idUCwJTrF284A+vCraJG1pChOABmaLiGs7WfIQw=", "owner": "homebrew", "repo": "homebrew-bundle", - "rev": "c323b2dab369a9579fe274f17819bd4f6e39dd90", + "rev": "f03501578492b5c3881f3280c18e8fa6d2e5b481", "type": "github" }, "original": { @@ -398,11 +380,11 @@ "homebrew-cask": { "flake": false, "locked": { - "lastModified": 1734148703, - "narHash": "sha256-ectXAus0xGC2wePsmjFhHMxiFuLmh7NdMAJFw1fC8/k=", + "lastModified": 1736524045, + "narHash": "sha256-dCRmdmNwNodnjmFfzXjuzkHDxFKTryoWiSfIc+R5imY=", "owner": "homebrew", "repo": "homebrew-cask", - "rev": "0ec130921577b12e30b420b96650cd72c576e506", + "rev": "7970826f90c0c839d5ed41b0421fca94e7390ee7", "type": "github" }, "original": { @@ -414,11 +396,11 @@ "homebrew-core": { "flake": false, "locked": { - "lastModified": 1734162558, - "narHash": "sha256-SJsQXxBkh7b/tfFe4IJfNUabqRLiYyAyStgY3FCG6tw=", + "lastModified": 1736521955, + "narHash": "sha256-jCAd/DGaJc5r9N4LoI+JSfbElBcUXfE+ZxPDrrZGWm4=", "owner": "homebrew", "repo": "homebrew-core", - "rev": "34b2b819b4f857ea2c5d81e0b6472ad90c22bd7c", + "rev": "9cee92c70c8821a64838a43bc3729de25361c9bc", "type": "github" }, "original": { @@ -669,16 +651,15 @@ "nix-homebrew": { "inputs": { "brew-src": "brew-src", - "flake-utils": "flake-utils_3", "nix-darwin": "nix-darwin", "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1732145543, - "narHash": "sha256-VRQh/lvCSko9YV7haXyPt7DSp+EkgjjBv/9U4cY9c50=", + "lastModified": 1736041957, + "narHash": "sha256-Kk/cVtkxwfHNoB6nINUarMLTtyAEvH+ohzxKBptMzzg=", "owner": "zhaofengli-wip", "repo": "nix-homebrew", - "rev": "ac3945ee614f69ab89c6935b3f0567028de5f012", + "rev": "a6d99cc7436fc18c097b3536d9c45c0548c694c8", "type": "github" }, "original": { @@ -777,11 +758,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1733808091, - "narHash": "sha256-KWwINTQelKOoQgrXftxoqxmKFZb9pLVfnRvK270nkVk=", + "lastModified": 1736200483, + "narHash": "sha256-JO+lFN2HsCwSLMUWXHeOad6QUxOuwe9UOAF/iSl1J4I=", "owner": "nixos", "repo": "nixpkgs", - "rev": "a0f3e10d94359665dba45b71b4227b0aeb851f8e", + "rev": "3f0a8ac25fb674611b98089ca3a5dd6480175751", "type": "github" }, "original": { @@ -2608,11 +2589,11 @@ "utils": "utils_2" }, "locked": { - "lastModified": 1718084203, - "narHash": "sha256-Cx1xoVfSMv1XDLgKg08CUd1EoTYWB45VmB9XIQzhmzI=", + "lastModified": 1734885828, + "narHash": "sha256-G0fB1YBlkalu8lLGRB07K8CpUWNVd+unfrjNomSL7SM=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "29916981e7b3b5782dc5085ad18490113f8ff63b", + "rev": "636b82f4175e3f6b1e80d2189bb0469e2ae01a55", "type": "gitlab" }, "original": { @@ -2676,11 +2657,11 @@ ] }, "locked": { - "lastModified": 1733965552, - "narHash": "sha256-GZ4YtqkfyTjJFVCub5yAFWsHknG1nS/zfk7MuHht4Fs=", + "lastModified": 1736515725, + "narHash": "sha256-4P99yL8vGehwzytkpP87eklBePt6aqeEC5JFsIzhfUs=", "owner": "Mic92", "repo": "sops-nix", - "rev": "2d73fc6ac4eba4b9a83d3cb8275096fbb7ab4004", + "rev": "f214c1b76c347a4e9c8fb68c73d4293a6820d125", "type": "github" }, "original": { @@ -2779,28 +2760,13 @@ "type": "github" } }, - "systems_7": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "unstable": { "locked": { - "lastModified": 1733940404, - "narHash": "sha256-Pj39hSoUA86ZePPF/UXiYHHM7hMIkios8TYG29kQT4g=", + "lastModified": 1736344531, + "narHash": "sha256-8YVQ9ZbSfuUk2bUf2KRj60NRraLPKPS0Q4QFTbc+c2c=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5d67ea6b4b63378b9c13be21e2ec9d1afc921713", + "rev": "bffc22eb12172e6db3c5dde9e3e5628f8e3e7912", "type": "github" }, "original": { @@ -2827,7 +2793,7 @@ }, "utils_2": { "inputs": { - "systems": "systems_6" + "systems": "systems_5" }, "locked": { "lastModified": 1709126324, diff --git a/homes/aarch64-linux/harald@m4nix/default.nix b/homes/aarch64-linux/harald@m4nix/default.nix new file mode 100644 index 0000000..4fd150c --- /dev/null +++ b/homes/aarch64-linux/harald@m4nix/default.nix @@ -0,0 +1,61 @@ +{ lib, config, ... }: +{ + home.sessionPath = [ "$HOME/bin" ]; + + metacfg = { + user = { + enable = true; + name = config.snowfallorg.user.name; + }; + cli-apps = { + bash.enable = true; + fish.enable = true; + neovim.enable = true; + bat.enable = true; + starship.enable = true; + home-manager.enable = true; + }; + tools = { + git.enable = true; + }; + }; + + fonts.fontconfig.enable = true; + + dconf.settings = { + # ... + "org/gnome/shell" = { + disable-user-extensions = false; + + # `gnome-extensions list` for a list + enabled-extensions = [ + "Vitals@CoreCoding.com" + "appindicatorsupport@rgcjonas.gmail.com" + "dash-to-panel@jderose9.github.com" + "hibernate-status@dromi" + "autohide-battery@sitnik.ru" + ]; + + favorite-apps = [ + "org.gnome.Console.desktop" + "jetbrains-toolbox.desktop" + "org.mozilla.firefox.desktop" + "firefox.desktop" + "thunderbird.desktop" + "org.mozilla.Thunderbird.desktop" + "slack.desktop" + "keybase.desktop" + "spotify.desktop" + "org.gnome.Nautilus.desktop" + "virt-manager.desktop" + ]; + }; + "org/virt-manager/virt-manager/connections" = { + autoconnect = [ "qemu:///system" ]; + uris = [ "qemu:///system" ]; + }; + }; + + xdg.enable = true; + xdg.mime.enable = true; +} diff --git a/modules/nixos/services/base/default.nix b/modules/nixos/services/base/default.nix index 4dbbfa9..4630eb3 100644 --- a/modules/nixos/services/base/default.nix +++ b/modules/nixos/services/base/default.nix @@ -38,39 +38,46 @@ in sessionVariables = { PATH = "$HOME/bin"; }; - systemPackages = with pkgs; [ - age - bash - cifs-utils - clevis - delta - efibootmgr - git - git-crypt - git-delete-merged-branches - home-manager - htop - mosh - nixpkgs-fmt - openssl - restic - rrsync - sbctl - sops - strace - tmux - tpm2-pkcs11 - tpm2-pkcs11.out - tpm2-tools - vim - virt-manager - wget - (pkgs.writeShellScriptBin "qemu-system-x86_64-uefi" '' - qemu-system-x86_64 \ - -bios ${pkgs.OVMF.fd}/FV/OVMF.fd \ - "$@" - '') - ]; + systemPackages = + with pkgs; + [ + age + bash + cifs-utils + clevis + delta + efibootmgr + git + git-crypt + git-delete-merged-branches + home-manager + htop + mosh + nixpkgs-fmt + openssl + restic + rrsync + sbctl + sops + strace + tmux + vim + virt-manager + wget + (pkgs.writeShellScriptBin "qemu-system-x86_64-uefi" '' + qemu-system-x86_64 \ + -bios ${pkgs.OVMF.fd}/FV/OVMF.fd \ + "$@" + '') + ] + ++ lib.optionals pkgs.stdenv.targetPlatform.isx86_64 ( + with pkgs; + [ + tpm2-pkcs11 + tpm2-pkcs11.out + tpm2-tools + ] + ); shells = [ pkgs.fish pkgs.bash @@ -78,10 +85,12 @@ in }; hardware = { + cpu = { - amd.updateMicrocode = lib.mkDefault true; - intel.updateMicrocode = lib.mkDefault true; + amd.updateMicrocode = pkgs.stdenv.targetPlatform.isx86_64; + intel.updateMicrocode = pkgs.stdenv.targetPlatform.isx86_64; }; + enableRedistributableFirmware = lib.mkDefault true; enableAllFirmware = true; }; diff --git a/modules/nixos/services/gui/default.nix b/modules/nixos/services/gui/default.nix index b939f04..1e551c0 100644 --- a/modules/nixos/services/gui/default.nix +++ b/modules/nixos/services/gui/default.nix @@ -65,26 +65,36 @@ in hardware.graphics = { enable = true; - extraPackages = with pkgs; [ - vpl-gpu-rt - intel-compute-runtime - intel-media-driver # LIBVA_DRIVER_NAME=iHD - #intel-vaapi-driver # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) - libvdpau-va-gl - rocmPackages.clr.icd - amdvlk - ]; + extraPackages = + [ ] + ++ lib.optionals pkgs.stdenv.targetPlatform.isx86_64 ( + with pkgs; + [ + vpl-gpu-rt + intel-compute-runtime + intel-media-driver # LIBVA_DRIVER_NAME=iHD + #intel-vaapi-driver # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium) + libvdpau-va-gl + rocmPackages.clr.icd + amdvlk + ] + ); }; systemd.tmpfiles.rules = let rocmEnv = pkgs.symlinkJoin { name = "rocm-combined"; - paths = with pkgs.rocmPackages; [ - rocblas - hipblas - clr - ]; + paths = + [ ] + ++ lib.optionals pkgs.stdenv.targetPlatform.isx86_64 ( + with pkgs.rocmPackages; + [ + rocblas + hipblas + clr + ] + ); }; in [ "L+ /opt/rocm - - - - ${rocmEnv}" ]; @@ -104,54 +114,61 @@ in enableBrowserSocket = true; }; - environment.systemPackages = with pkgs; [ - #pcsctools - bat - cardpeek - ccache - chromium - clang - dive - file - firefox - gh - gimp - git - gnome-browser-connector - cheese - gnome-software - gnomeExtensions.appindicator - gnomeExtensions.autohide-battery - gnomeExtensions.dash-to-panel - gnomeExtensions.hibernate-status-button - gnomeExtensions.vitals - gnupg - go - jetbrains-toolbox - jq - kbfs - libu2f-host - mosh - mosh - nixpkgs-fmt - opensc - pasystray - pinentry-gnome3 - pkg-config - pstree - ripgrep - rustup - slack - spotify - statix - thunderbird - tmux - vim - wl-clipboard - yubikey-manager-qt - yubikey-personalization - zellij - ]; + environment.systemPackages = + with pkgs; + [ + #pcsctools + bat + cardpeek + ccache + chromium + clang + dive + file + firefox + gh + gimp + git + gnome-browser-connector + cheese + gnome-software + gnomeExtensions.appindicator + gnomeExtensions.autohide-battery + gnomeExtensions.dash-to-panel + gnomeExtensions.hibernate-status-button + gnomeExtensions.vitals + gnupg + go + jq + kbfs + libu2f-host + mosh + mosh + nixpkgs-fmt + opensc + pasystray + pinentry-gnome3 + pkg-config + pstree + ripgrep + rustup + statix + thunderbird + tmux + vim + wl-clipboard + yubikey-manager-qt + yubikey-personalization + zellij + ] + ++ lib.optionals pkgs.stdenv.targetPlatform.isx86_64 ( + with pkgs; + [ + slack + spotify + jetbrains-toolbox + ] + ); #----=[ Fonts ]=----# fonts = { diff --git a/systems/aarch64-linux/m4nix/default.nix b/systems/aarch64-linux/m4nix/default.nix new file mode 100644 index 0000000..c557f5d --- /dev/null +++ b/systems/aarch64-linux/m4nix/default.nix @@ -0,0 +1,76 @@ +{ pkgs, lib, ... }: +with lib; +with lib.metacfg; +{ + imports = [ + ./hardware-configuration.nix + ]; + + metacfg = { + base.enable = true; + gui.enable = true; + nix-ld.enable = true; + nix.enable = true; + podman.enable = true; + secureboot.enable = false; + tools = { + direnv.enable = true; + #git.enable = true; + }; + user.extraGroups = [ + "docker" + "dialout" + ]; + }; + + environment.systemPackages = with pkgs; [ + azure-cli + cloudflare-warp + desktop-file-utils + kubectl + kubectx + k9s + attic-client + piper + ]; + + services.ratbagd.enable = true; + + services.resolved.enable = true; + services.resolved.dnssec = "allow-downgrade"; + services.resolved.extraConfig = '' + ResolveUnicastSingleLabel=yes + ''; + + systemd.packages = [ pkgs.cloudflare-warp ]; # for warp-cli + + virtualisation = { + docker.enable = true; + podman.dockerCompat = false; + }; + + system.autoUpgrade = { + enable = true; + operation = "boot"; + allowReboot = false; + }; + + systemd.user.extraConfig = "DefaultLimitNOFILE=32768"; + + security.pam.loginLimits = [ + { + domain = "*"; + item = "nofile"; + type = "-"; + value = "32768"; + } + { + domain = "*"; + item = "memlock"; + type = "-"; + value = "32768"; + } + ]; + + system.stateVersion = "23.11"; +} diff --git a/systems/aarch64-linux/m4nix/hardware-configuration.nix b/systems/aarch64-linux/m4nix/hardware-configuration.nix new file mode 100644 index 0000000..7243378 --- /dev/null +++ b/systems/aarch64-linux/m4nix/hardware-configuration.nix @@ -0,0 +1,46 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: + +{ + imports = [ ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/b340000f-2927-414d-9382-edd3120b8e80"; + fsType = "ext4"; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/16C0-5FB0"; + fsType = "vfat"; + options = [ + "fmask=0077" + "dmask=0077" + ]; + }; + + swapDevices = [ + { device = "/dev/disk/by-uuid/76cc3afa-b57e-4f25-95f4-7b15bf1fb796"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s1.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; +}