From 45992b10ae72db3c172dafd4c5b3435f63024b28 Mon Sep 17 00:00:00 2001 From: Paul-Mathias Logue Date: Sat, 13 Dec 2025 20:14:02 +0100 Subject: [PATCH] First implementation for hermes --- configuration.nix | 273 ------------------ flake.nix | 93 +++--- hardware-configuration.nix | 95 ------ machines/hermes/audio.nix | 11 + machines/hermes/bluetooth.nix | 8 + machines/hermes/boot.nix | 6 + machines/hermes/bootloader.nix | 50 ++++ machines/hermes/cpu.nix | 5 + machines/hermes/default.nix | 162 +++++++++++ machines/hermes/filesystems.nix | 90 ++++++ machines/hermes/gpu.nix | 45 +++ machines/hermes/networking.nix | 51 ++++ .../hermes/remove_systemd_service.patch | 0 overlays/openrgb/default.nix | 20 ++ overlays/openrgb/remove_systemd_service.patch | 17 ++ users/pml.nix | 18 ++ 16 files changed, 535 insertions(+), 409 deletions(-) delete mode 100644 configuration.nix delete mode 100644 hardware-configuration.nix create mode 100644 machines/hermes/audio.nix create mode 100644 machines/hermes/bluetooth.nix create mode 100644 machines/hermes/boot.nix create mode 100644 machines/hermes/bootloader.nix create mode 100644 machines/hermes/cpu.nix create mode 100644 machines/hermes/default.nix create mode 100644 machines/hermes/filesystems.nix create mode 100644 machines/hermes/gpu.nix create mode 100644 machines/hermes/networking.nix rename remove_systemd_service.patch => machines/hermes/remove_systemd_service.patch (100%) create mode 100644 overlays/openrgb/default.nix create mode 100644 overlays/openrgb/remove_systemd_service.patch create mode 100644 users/pml.nix diff --git a/configuration.nix b/configuration.nix deleted file mode 100644 index f20c590..0000000 --- a/configuration.nix +++ /dev/null @@ -1,273 +0,0 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page, on -# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). - -{ inputs, config, lib, pkgs, ... }: - -{ - imports = - [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ]; - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - boot.loader.systemd-boot.xbootldrMountPoint = "/boot"; - boot.loader.efi.efiSysMountPoint = "/efi"; - boot.initrd.luks.devices.cryptroot = { - device = "/dev/disk/by-uuid/9aaac705-2737-4222-9887-51131acec90c"; - }; - - networking.hostName = "hermes"; # Define your hostname. - # Pick only one of the below networking options. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. - # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. - networking.wireless.iwd.enable = true; - - # Set your time zone. - time.timeZone = "Europe/Paris"; - - # Configure network proxy if necessary - # networking.proxy.default = "http://user:password@proxy:port/"; - # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - # console = { - # font = "Lat2-Terminus16"; - # keyMap = "us"; - # useXkbConfig = true; # use xkb.options in tty. - # }; - - # Enable the X11 windowing system. - # services.xserver.enable = true; - - services.avahi.enable = true; - hardware.graphics.enable = true; - services.xserver.videoDrivers = [ "modesetting" "nvidia" ]; - hardware.nvidia.open = true; - hardware.nvidia.nvidiaSettings = true; - hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.stable; - - hardware.graphics.extraPackages = with pkgs; [ - intel-media-driver # VA-API (iHD) userspace - vpl-gpu-rt # oneVPL (QSV) runtime - ]; - programs.nix-ld.enable = true; - - environment.sessionVariables = { - LIBVA_DRIVER_NAME = "iHD"; # Prefer the modern iHD backend - # VDPAU_DRIVER = "va_gl"; # Only if using libvdpau-va-gl - }; - - hardware.nvidia.prime = { - # offload.enable = true; - intelBusId = "PCI:0:2:0"; - nvidiaBusId = "PCI:2:0:0"; - }; - - # May help if FFmpeg/VAAPI/QSV init fails (esp. on Arc with i915): - hardware.enableRedistributableFirmware = true; - boot.kernelParams = [ "i915.enable_guc=3" ]; - - programs.niri.enable = true; - - - # Configure keymap in X11 - # services.xserver.xkb.layout = "us"; - # services.xserver.xkb.options = "eurosign:e,caps:escape"; - - # Enable CUPS to print documents. - # services.printing.enable = true; - - # Enable sound. - # services.pulseaudio.enable = true; - # OR - # services.pipewire = { - # enable = true; - # pulse.enable = true; - # }; - - # Enable touchpad support (enabled default in most desktopManager). - # services.libinput.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users.pml = { - isNormalUser = true; - extraGroups = [ "i2c" "wheel" ]; # Enable ‘sudo’ for the user. - }; - - # programs.firefox.enable = true; - - # List packages installed in system profile. - # You can use https://search.nixos.org/ to find more packages (and options). - environment.systemPackages = with pkgs; [ - vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - wget - sbctl - alacritty - fuzzel - libva-utils - firefox - (openrgb.overrideAttrs (old: { - src = pkgs.fetchFromGitLab { - owner = "CalcProgrammer1"; - repo="OpenRGB"; - rev = "release_candidate_1.0rc2"; - sha256 = "vdIA9i1ewcrfX5U7FkcRR+ISdH5uRi9fz9YU5IkPKJQ="; - }; - patches = [ - ./remove_systemd_service.patch - ]; - postPatch = '' - patchShebangs scripts/build-udev-rules.sh - substituteInPlace scripts/build-udev-rules.sh \ - --replace-fail /usr/bin/env "${pkgs.coreutils}/bin/env" - ''; - version = "1.0rc2"; - })) - - i2c-tools - ]; - fonts.fontconfig = { - enable = true; - antialias = true; - hinting = { - enable = true; - style = "slight"; - }; - subpixel = { - rgba = "rgb"; - lcdfilter = "default"; - }; - - defaultFonts = { - serif = [ "SF Pro" "DejaVu Serif" ]; - sansSerif = [ "SF Pro" "DejaVu Sans" ]; - monospace = [ "Iosevka" "DejaVu Sans Mono" ]; - emoji = [ "Noto Color Emoji" ]; - }; - }; - - fonts.packages = with pkgs; [ - noto-fonts-color-emoji - (iosevka.override { - set = "cavalier"; - - privateBuildPlan = { - family = "Iosevka Cavalier"; - spacing = "normal"; - serifs = "sans"; - noCvSs = false; - exportGlyphNames = true; - - variants.inherits = "ss08"; - - variants.weights.Regular = { - shape = 400; - menu = 400; - css = 400; - }; - - variants.weights.Bold = { - shape = 700; - menu = 700; - css = 700; - }; - - variants.weights.Italic = { - angle = 9.4; - shape = "italic"; - menu = "italic"; - css = "italic"; - }; - - variants.weights.Upright = { - angle = 0; - shape = "upright"; - menu = "upright"; - css = "upright"; - }; - }; - }) - ]; - - programs._1password.enable = true; - programs._1password-gui = { - enable = true; - # Certain features, including CLI integration and system authentication support, - # require enabling PolKit integration on some desktop environments (e.g. Plasma). - polkitPolicyOwners = [ "pml" ]; - }; - - #services.hardware.openrgb.enable = true; - services.udev.packages = [ pkgs.openrgb ]; - boot.kernelModules = [ "i2c-dev" ]; - hardware.i2c.enable = true; - - environment.etc = { - "1password/custom_allowed_browsers" = { - text = '' - firefox - ''; - mode = "0755"; - }; - }; - hardware.bluetooth.enable = true; - security.rtkit.enable = true; - services.pipewire = { - enable = true; # if not already enabled - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - # If you want to use JACK applications, uncomment the following - jack.enable = true; - }; - - - # Some programs need SUID wrappers, can be configured further or are - # started in user sessions. - # programs.mtr.enable = true; - # programs.gnupg.agent = { - # enable = true; - # enableSSHSupport = true; - # }; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - - # Open ports in the firewall. - # networking.firewall.allowedTCPPorts = [ ... ]; - # networking.firewall.allowedUDPPorts = [ ... ]; - # Or disable the firewall altogether. - # networking.firewall.enable = false; - - # Copy the NixOS configuration file and link it from the resulting system - # (/run/current-system/configuration.nix). This is useful in case you - # accidentally delete configuration.nix. - # system.copySystemConfiguration = true; - - # This option defines the first version of NixOS you have installed on this particular machine, - # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. - # - # Most users should NEVER change this value after the initial install, for any reason, - # even if you've upgraded your system to a new NixOS release. - # - # This value does NOT affect the Nixpkgs version your packages and OS are pulled from, - # so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how - # to actually do that. - # - # This value being lower than the current NixOS release does NOT mean your system is - # out of date, out of support, or vulnerable. - # - # Do NOT change this value unless you have manually inspected all the changes it would make to your configuration, - # and migrated your data accordingly. - # - # For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion . - system.stateVersion = "25.05"; # Did you read the comment? - -} - diff --git a/flake.nix b/flake.nix index 0c54f1c..b86d612 100644 --- a/flake.nix +++ b/flake.nix @@ -9,52 +9,63 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - apple-fonts.url= "github:Lyndeno/apple-fonts.nix"; + apple-fonts.url = "github:Lyndeno/apple-fonts.nix"; apple-fonts.inputs.nixpkgs.follows = "nixpkgs"; }; + outputs = + { self, ... }@inputs: + let + supportedSystems = [ + "x86_64-linux" + "aarch64-linux" + "aarch64-darwin" + ]; - outputs = { self, nixpkgs, lanzaboote, apple-fonts, ...}: { - nixosConfigurations = { - hermes = nixpkgs.lib.nixosSystem rec { - system = "x86_64-linux"; - - modules = [ - # This is not a complete NixOS configuration and you need to reference - # your normal configuration here. - - lanzaboote.nixosModules.lanzaboote - - ./configuration.nix - ./hardware-configuration.nix - - ({ pkgs, lib, ... }: { - nixpkgs.config.allowUnfree = true; - environment.systemPackages = [ - # For debugging and troubleshooting Secure Boot. - pkgs.sbctl - ]; - - fonts.packages = [ - apple-fonts.packages."x86_64-linux".sf-pro - ]; - - nix.settings.experimental-features = [ "nix-command" "flakes" ]; - # Lanzaboote currently replaces the systemd-boot module. - # This setting is usually set to true in configuration.nix - # generated at installation time. So we force it to false - # for now. - boot.loader.systemd-boot.enable = lib.mkForce false; - boot.bootspec.enable = true; - boot.initrd.systemd.enable = true; - boot.lanzaboote = { - enable = true; - pkiBundle = "/var/lib/sbctl"; + forEachSupportedSystem = + f: + inputs.nixpkgs.lib.genAttrs supportedSystems ( + system: + f { + inherit system; + pkgs = import inputs.nixpkgs { + inherit system; + config.allowUnfree = true; }; - }) + } + ); + in + { + nixosConfigurations.hermes = inputs.nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { inherit inputs; }; + modules = [ + ./machines/hermes + ./users/pml.nix ]; }; - }; - }; -} + devShells = forEachSupportedSystem ( + { pkgs, system }: + { + default = pkgs.mkShellNoCC { + packages = with pkgs; [ + self.formatter.${system} + nixd + ]; + }; + } + ); + + # Nix formatter + + # This applies the formatter that follows RFC 166, which defines a standard format: + # https://github.com/NixOS/rfcs/pull/166 + + # To format all Nix files: + # git ls-files -z '*.nix' | xargs -0 -r nix fmt + # To check formatting: + # git ls-files -z '*.nix' | xargs -0 -r nix develop --command nixfmt --check + formatter = forEachSupportedSystem ({ pkgs, ... }: pkgs.nixfmt-rfc-style); + }; +} diff --git a/hardware-configuration.nix b/hardware-configuration.nix deleted file mode 100644 index 5652968..0000000 --- a/hardware-configuration.nix +++ /dev/null @@ -1,95 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "ahci" "usbhid" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-intel" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = - { device = "/dev/disk/by-uuid/9d76cce0-7e9a-4828-8de2-aab9e07badae"; - fsType = "btrfs"; - options = [ "subvol=@root" ]; - }; - - boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/9aaac705-2737-4222-9887-51131acec90c"; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/afbb025b-f483-4b79-9702-645cfca09e8b"; - fsType = "ext4"; - }; - - fileSystems."/efi" = - { device = "/dev/disk/by-uuid/5E49-BE19"; - fsType = "vfat"; - options = [ "fmask=0137" "dmask=0027" ]; - }; - - fileSystems."/home" = - { device = "/dev/disk/by-uuid/9d76cce0-7e9a-4828-8de2-aab9e07badae"; - fsType = "btrfs"; - options = [ "subvol=@home" ]; - }; - - fileSystems."/nix" = - { device = "/dev/disk/by-uuid/9d76cce0-7e9a-4828-8de2-aab9e07badae"; - fsType = "btrfs"; - options = [ "subvol=@nix" ]; - }; - - fileSystems."/var/cache" = - { device = "/dev/disk/by-uuid/9d76cce0-7e9a-4828-8de2-aab9e07badae"; - fsType = "btrfs"; - options = [ "subvol=@var_cache" ]; - }; - - fileSystems."/var/log" = - { device = "/dev/disk/by-uuid/9d76cce0-7e9a-4828-8de2-aab9e07badae"; - fsType = "btrfs"; - options = [ "subvol=@var_log" ]; - }; - - fileSystems."/var/spool" = - { device = "/dev/disk/by-uuid/9d76cce0-7e9a-4828-8de2-aab9e07badae"; - fsType = "btrfs"; - options = [ "subvol=@var_spool" ]; - }; - - fileSystems."/var/tmp" = - { device = "/dev/disk/by-uuid/9d76cce0-7e9a-4828-8de2-aab9e07badae"; - fsType = "btrfs"; - options = [ "subvol=@var_tmp" ]; - }; - - fileSystems."/var/lib/machines" = - { device = "/dev/disk/by-uuid/9d76cce0-7e9a-4828-8de2-aab9e07badae"; - fsType = "btrfs"; - options = [ "subvol=@var_lib_machines" ]; - }; - - fileSystems."/var/lib/portables" = - { device = "/dev/disk/by-uuid/9d76cce0-7e9a-4828-8de2-aab9e07badae"; - fsType = "btrfs"; - options = [ "subvol=@var_lib_portables" ]; - }; - - swapDevices = [ ]; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - # networking.interfaces.enp131s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp132s0.useDHCP = lib.mkDefault true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; -} diff --git a/machines/hermes/audio.nix b/machines/hermes/audio.nix new file mode 100644 index 0000000..777d027 --- /dev/null +++ b/machines/hermes/audio.nix @@ -0,0 +1,11 @@ +{ + security.rtkit.enable = true; + + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + }; +} diff --git a/machines/hermes/bluetooth.nix b/machines/hermes/bluetooth.nix new file mode 100644 index 0000000..9871363 --- /dev/null +++ b/machines/hermes/bluetooth.nix @@ -0,0 +1,8 @@ +{ + hardware.bluetooth = { + enable = true; + settings = { + General.Experimental = true; + }; + }; +} diff --git a/machines/hermes/boot.nix b/machines/hermes/boot.nix new file mode 100644 index 0000000..49fea31 --- /dev/null +++ b/machines/hermes/boot.nix @@ -0,0 +1,6 @@ +{ inputs, ... }: +{ + imports = [ + inputs.lanzaboote.nixosModules.lanzaboote + ]; +} diff --git a/machines/hermes/bootloader.nix b/machines/hermes/bootloader.nix new file mode 100644 index 0000000..ea691f1 --- /dev/null +++ b/machines/hermes/bootloader.nix @@ -0,0 +1,50 @@ +{ + inputs, + lib, + pkgs, + ... +}: + +{ + imports = [ + inputs.lanzaboote.nixosModules.lanzaboote + ]; + + environment.systemPackages = with pkgs; [ + sbctl + ]; + + boot.bootspec.enable = true; + + boot.initrd = { + availableKernelModules = [ + "xhci_pci" + "thunderbolt" + "nvme" + "ahci" + "usbhid" + "sd_mod" + ]; + kernelModules = [ ]; + systemd.enable = true; + }; + + boot.extraModulePackages = [ ]; + + boot.kernelModules = [ "kvm-intel" ]; + + boot.lanzaboote = { + enable = true; + pkiBundle = "/var/lib/sbctl"; + }; + + boot.loader.efi = { + canTouchEfiVariables = true; + efiSysMountPoint = "efi"; + }; + + boot.loader.systemd-boot = { + enable = lib.mkForce false; + xbootldrMountPoint = "/boot"; + }; +} diff --git a/machines/hermes/cpu.nix b/machines/hermes/cpu.nix new file mode 100644 index 0000000..1079ab8 --- /dev/null +++ b/machines/hermes/cpu.nix @@ -0,0 +1,5 @@ +{ config, lib, ... }: + +{ + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/machines/hermes/default.nix b/machines/hermes/default.nix new file mode 100644 index 0000000..07752bd --- /dev/null +++ b/machines/hermes/default.nix @@ -0,0 +1,162 @@ +{ lib, pkgs, ... }: + +{ + imports = [ + ./bootloader.nix + ./filesystems.nix + ./gpu.nix + ./cpu.nix + ./audio.nix + ./bluetooth.nix + ./networking.nix + ]; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + + time.timeZone = "Europe/Paris"; + console = { + keyMap = "us"; + font = "ter-v28b"; + # earlySetup = true; + packages = [ pkgs.terminus_font ]; + }; + i18n.defaultLocale = "en_US.UTF-8"; + + nixpkgs.config.allowUnfree = true; + + nix.settings = { + experimental-features = [ + "nix-command" + "flakes" + ]; + substituters = [ "https://cache.nixos-cuda.org" ]; + trusted-public-keys = [ "cache.nixos-cuda.org:74DUi4Ye579gUqzH4ziL9IyiJBlDpMRn9MBN8oNan9M=" ]; + }; + + programs.niri.enable = true; + + # List packages installed in system profile. + # You can use https://search.nixos.org/ to find more packages (and options). + environment.systemPackages = with pkgs; [ + wget + sbctl + alacritty + fuzzel + libva-utils + firefox + (openrgb.overrideAttrs (old: { + src = pkgs.fetchFromGitLab { + owner = "CalcProgrammer1"; + repo = "OpenRGB"; + rev = "release_candidate_1.0rc2"; + sha256 = "vdIA9i1ewcrfX5U7FkcRR+ISdH5uRi9fz9YU5IkPKJQ="; + }; + patches = [ + ./remove_systemd_service.patch + ]; + postPatch = '' + patchShebangs scripts/build-udev-rules.sh + substituteInPlace scripts/build-udev-rules.sh \ + --replace-fail /usr/bin/env "${pkgs.coreutils}/bin/env" + ''; + version = "1.0rc2"; + })) + adwaita-icon-theme + i2c-tools + ]; + + fonts.fontconfig = { + enable = true; + antialias = true; + hinting = { + enable = true; + style = "slight"; + }; + subpixel = { + rgba = "rgb"; + lcdfilter = "default"; + }; + + defaultFonts = { + serif = [ + "SF Pro" + "DejaVu Serif" + ]; + sansSerif = [ + "SF Pro" + "DejaVu Sans" + ]; + monospace = [ + "Iosevka" + "DejaVu Sans Mono" + ]; + emoji = [ "Noto Color Emoji" ]; + }; + }; + + fonts.packages = with pkgs; [ + inputs.apple-fonts.packages."${system}".sf-pro + noto-fonts-color-emoji + (iosevka.override { + set = "cavalier"; + + privateBuildPlan = { + family = "Iosevka Cavalier"; + spacing = "normal"; + serifs = "sans"; + noCvSs = false; + exportGlyphNames = true; + + variants.inherits = "ss08"; + + variants.weights.Regular = { + shape = 400; + menu = 400; + css = 400; + }; + + variants.weights.Bold = { + shape = 700; + menu = 700; + css = 700; + }; + + variants.weights.Italic = { + angle = 9.4; + shape = "italic"; + menu = "italic"; + css = "italic"; + }; + + variants.weights.Upright = { + angle = 0; + shape = "upright"; + menu = "upright"; + css = "upright"; + }; + }; + }) + ]; + + programs._1password.enable = true; + programs._1password-gui = { + enable = true; + # Certain features, including CLI integration and system authentication support, + # require enabling PolKit integration on some desktop environments (e.g. Plasma). + polkitPolicyOwners = [ "pml" ]; + }; + + #services.hardware.openrgb.enable = true; + services.udev.packages = [ pkgs.openrgb ]; + boot.kernelModules = [ "i2c-dev" ]; + hardware.i2c.enable = true; + + environment.etc = { + "1password/custom_allowed_browsers" = { + text = '' + firefox + ''; + mode = "0755"; + }; + }; + system.stateVersion = "25.05"; # Did you read the comment? +} diff --git a/machines/hermes/filesystems.nix b/machines/hermes/filesystems.nix new file mode 100644 index 0000000..f6346e5 --- /dev/null +++ b/machines/hermes/filesystems.nix @@ -0,0 +1,90 @@ +{ + config, + lib, + pkgs, + modulesPath, + ... +}: +let + bootUUID = "afbb025b-f483-4b79-9702-645cfca09e8b"; + efiUUID = "5E49-BE19"; + luuksUUID = "9aaac705-2737-4222-9887-51131acec90c"; + cryptrootUUID = "9d76cce0-7e9a-4828-8de2-aab9e07badae"; +in +{ + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/9d76cce0-7e9a-4828-8de2-aab9e07badae"; + fsType = "btrfs"; + options = [ "subvol=@root" ]; + }; + + boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/${luuksUUID}"; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/${bootUUID}"; + fsType = "ext4"; + }; + + fileSystems."/efi" = { + device = "/dev/disk/by-uuid/${efiUUID}"; + fsType = "vfat"; + options = [ + "fmask=0137" + "dmask=0027" + ]; + }; + + fileSystems."/home" = { + device = "/dev/disk/by-uuid/${cryptrootUUID}"; + fsType = "btrfs"; + options = [ "subvol=@home" ]; + }; + + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/${cryptrootUUID}"; + fsType = "btrfs"; + options = [ "subvol=@nix" ]; + }; + + fileSystems."/var/cache" = { + device = "/dev/disk/by-uuid/${cryptrootUUID}"; + fsType = "btrfs"; + options = [ "subvol=@var_cache" ]; + }; + + fileSystems."/var/log" = { + device = "/dev/disk/by-uuid/${cryptrootUUID}"; + fsType = "btrfs"; + options = [ "subvol=@var_log" ]; + }; + + fileSystems."/var/spool" = { + device = "/dev/disk/by-uuid/${cryptrootUUID}"; + fsType = "btrfs"; + options = [ "subvol=@var_spool" ]; + }; + + fileSystems."/var/tmp" = { + device = "/dev/disk/by-uuid/${cryptrootUUID}"; + fsType = "btrfs"; + options = [ "subvol=@var_tmp" ]; + }; + + fileSystems."/var/lib/machines" = { + device = "/dev/disk/by-uuid/${cryptrootUUID}"; + fsType = "btrfs"; + options = [ "subvol=@var_lib_machines" ]; + }; + + fileSystems."/var/lib/portables" = { + device = "/dev/disk/by-uuid/${cryptrootUUID}"; + fsType = "btrfs"; + options = [ "subvol=@var_lib_portables" ]; + }; + + swapDevices = [ ]; +} diff --git a/machines/hermes/gpu.nix b/machines/hermes/gpu.nix new file mode 100644 index 0000000..a9a0639 --- /dev/null +++ b/machines/hermes/gpu.nix @@ -0,0 +1,45 @@ +{ + config, + inputs, + lib, + pkgs, + ... +}: + +{ + environment.systemPackages = with pkgs; [ + libva-utils + vdpauinfo + ]; + + boot.kernelParams = [ "i915.enable_guc=3" ]; + + hardware.graphics = { + enable = true; + extraPackages = with pkgs; [ + intel-media-driver + vpl-gpu-rt + ]; + }; + + hardware.nvidia = { + package = config.boot.kernelPackages.nvidiaPackages.stable; + open = true; + nvidiaSettings = true; + }; + + hardware.nvidia.prime = { + intelBusId = "PCI:0:2:0"; + nvidiaBusId = "PCI:2:0:0"; + }; + + services.xserver.videoDrivers = [ + "modesetting" + "nvidia" + ]; + + environment.sessionVariables = { + LIBVA_DRIVER_NAME = "iHD"; + VDPAU_DRIVER = "va_gl"; + }; +} diff --git a/machines/hermes/networking.nix b/machines/hermes/networking.nix new file mode 100644 index 0000000..22bb9b9 --- /dev/null +++ b/machines/hermes/networking.nix @@ -0,0 +1,51 @@ +{ lib, ... }: + +{ + + networking.hostName = "hermes"; + + networking.useDHCP = lib.mkDefault true; + + networking.wireless.iwd = { + enable = true; + settings = { + General = { + EnableNetworkConfiguration = false; # Let dhcpcd handle this + }; + Network = { + EnableIPv6 = true; + NameResolvingService = "systemd"; + }; + }; + }; + + networking.dhcpcd = { + enable = true; + extraConfig = '' + nohook resolv.conf # Don't let dhcpcd manage resolv.conf + ''; + }; + + networking.resolvconf.enable = false; + + services.avahi.enable = true; + + services.resolved = { + enable = true; + + dnssec = "true"; + domains = [ "~." ]; + fallbackDns = [ + "9.9.9.9#dns.quad9.net" + "149.112.112.112#dns.quad9.net" + "2620:fe::fe#dns.quad9.net" + "2620:fe::9#dns.quad9.net" + ]; + + extraConfig = '' + DNSOverTLS=yes + ''; + }; + + services.openssh.enable = true; +} diff --git a/remove_systemd_service.patch b/machines/hermes/remove_systemd_service.patch similarity index 100% rename from remove_systemd_service.patch rename to machines/hermes/remove_systemd_service.patch diff --git a/overlays/openrgb/default.nix b/overlays/openrgb/default.nix new file mode 100644 index 0000000..e7481b0 --- /dev/null +++ b/overlays/openrgb/default.nix @@ -0,0 +1,20 @@ +final: prev: { + openrgb = prev.openrgb.overrideAttrs (old: { + src = final.fetchFromGitLab { + owner = "CalcProgrammer1"; + repo = "OpenRGB"; + rev = "release_candidate_1.0rc2"; + sha256 = "vdIA9i1ewcrfX5U7FkcRR+ISdH5uRi9fz9YU5IkPKJQ="; + }; + patches = [ + ./remove_systemd_service.patch + ]; + postPatch = '' + patchShebangs scripts/build-udev-rules.sh + substituteInPlace scripts/build-udev-rules.sh \ + --replace-fail /usr/bin/env "${final.coreutils}/bin/env" + ''; + + version = "1.0rc2"; + }); +} diff --git a/overlays/openrgb/remove_systemd_service.patch b/overlays/openrgb/remove_systemd_service.patch new file mode 100644 index 0000000..bc9fbdf --- /dev/null +++ b/overlays/openrgb/remove_systemd_service.patch @@ -0,0 +1,17 @@ +diff --git a/OpenRGB.pro b/OpenRGB.pro +index df7082b6..0022e5fa 100644 +--- a/OpenRGB.pro ++++ b/OpenRGB.pro +@@ -588,9 +588,9 @@ contains(QMAKE_PLATFORM, linux) { + icon.files+=qt/org.openrgb.OpenRGB.png + metainfo.path=$$PREFIX/share/metainfo/ + metainfo.files+=qt/org.openrgb.OpenRGB.metainfo.xml +- systemd_service.path=/etc/systemd/system +- systemd_service.files+=qt/openrgb.service +- INSTALLS += target desktop icon metainfo udev_rules systemd_service ++ # systemd_service.path=/etc/systemd/system ++ # systemd_service.files+=qt/openrgb.service ++ INSTALLS += target desktop icon metainfo udev_rules # systemd_service + } + + #-----------------------------------------------------------------------------------------------# diff --git a/users/pml.nix b/users/pml.nix new file mode 100644 index 0000000..4f2e16a --- /dev/null +++ b/users/pml.nix @@ -0,0 +1,18 @@ +{ pkgs, ... }: + +{ + programs.zsh.enable = true; + + users.users.pml = { + isNormalUser = true; + shell = pkgs.zsh; + extraGroups = [ + "i2c" + "wheel" + ]; + packages = with pkgs; [ + git + vim + ]; + }; +}