First implementation for hermes

2025-12-13 20:14:02 +01:00 · 2025-12-13 20:14:02 +01:00 · 45992b10ae
commit 45992b10ae
parent 03f9a9de88
16 changed files with 535 additions and 409 deletions
--- a/machines/hermes/audio.nix
+++ b/machines/hermes/audio.nix
@ -0,0 +1,11 @@
+{
+  security.rtkit.enable = true;
+
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    jack.enable = true;
+  };
+}
--- a/machines/hermes/bluetooth.nix
+++ b/machines/hermes/bluetooth.nix
@ -0,0 +1,8 @@
+{
+  hardware.bluetooth = {
+    enable = true;
+    settings = {
+      General.Experimental = true;
+    };
+  };
+}
--- a/machines/hermes/boot.nix
+++ b/machines/hermes/boot.nix
@ -0,0 +1,6 @@
+{ inputs, ... }:
+{
+  imports = [
+    inputs.lanzaboote.nixosModules.lanzaboote
+  ];
+}
--- a/machines/hermes/bootloader.nix
+++ b/machines/hermes/bootloader.nix
@ -0,0 +1,50 @@
+{
+  inputs,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  imports = [
+    inputs.lanzaboote.nixosModules.lanzaboote
+  ];
+
+  environment.systemPackages = with pkgs; [
+    sbctl
+  ];
+
+  boot.bootspec.enable = true;
+
+  boot.initrd = {
+    availableKernelModules = [
+      "xhci_pci"
+      "thunderbolt"
+      "nvme"
+      "ahci"
+      "usbhid"
+      "sd_mod"
+    ];
+    kernelModules = [ ];
+    systemd.enable = true;
+  };
+
+  boot.extraModulePackages = [ ];
+
+  boot.kernelModules = [ "kvm-intel" ];
+
+  boot.lanzaboote = {
+    enable = true;
+    pkiBundle = "/var/lib/sbctl";
+  };
+
+  boot.loader.efi = {
+    canTouchEfiVariables = true;
+    efiSysMountPoint = "efi";
+  };
+
+  boot.loader.systemd-boot = {
+    enable = lib.mkForce false;
+    xbootldrMountPoint = "/boot";
+  };
+}
--- a/machines/hermes/cpu.nix
+++ b/machines/hermes/cpu.nix
@ -0,0 +1,5 @@
+{ config, lib, ... }:
+
+{
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/machines/hermes/default.nix
+++ b/machines/hermes/default.nix
@ -0,0 +1,162 @@
+{ lib, pkgs, ... }:
+
+{
+  imports = [
+    ./bootloader.nix
+    ./filesystems.nix
+    ./gpu.nix
+    ./cpu.nix
+    ./audio.nix
+    ./bluetooth.nix
+    ./networking.nix
+  ];
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+
+  time.timeZone = "Europe/Paris";
+  console = {
+    keyMap = "us";
+    font = "ter-v28b";
+    # earlySetup = true;
+    packages = [ pkgs.terminus_font ];
+  };
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  nixpkgs.config.allowUnfree = true;
+
+  nix.settings = {
+    experimental-features = [
+      "nix-command"
+      "flakes"
+    ];
+    substituters = [ "https://cache.nixos-cuda.org" ];
+    trusted-public-keys = [ "cache.nixos-cuda.org:74DUi4Ye579gUqzH4ziL9IyiJBlDpMRn9MBN8oNan9M=" ];
+  };
+
+  programs.niri.enable = true;
+
+  # List packages installed in system profile.
+  # You can use https://search.nixos.org/ to find more packages (and options).
+  environment.systemPackages = with pkgs; [
+    wget
+    sbctl
+    alacritty
+    fuzzel
+    libva-utils
+    firefox
+    (openrgb.overrideAttrs (old: {
+      src = pkgs.fetchFromGitLab {
+        owner = "CalcProgrammer1";
+        repo = "OpenRGB";
+        rev = "release_candidate_1.0rc2";
+        sha256 = "vdIA9i1ewcrfX5U7FkcRR+ISdH5uRi9fz9YU5IkPKJQ=";
+      };
+      patches = [
+        ./remove_systemd_service.patch
+      ];
+      postPatch = ''
+        patchShebangs scripts/build-udev-rules.sh
+        substituteInPlace scripts/build-udev-rules.sh \
+         --replace-fail /usr/bin/env "${pkgs.coreutils}/bin/env"
+      '';
+      version = "1.0rc2";
+    }))
+    adwaita-icon-theme
+    i2c-tools
+  ];
+
+  fonts.fontconfig = {
+    enable = true;
+    antialias = true;
+    hinting = {
+      enable = true;
+      style = "slight";
+    };
+    subpixel = {
+      rgba = "rgb";
+      lcdfilter = "default";
+    };
+
+    defaultFonts = {
+      serif = [
+        "SF Pro"
+        "DejaVu Serif"
+      ];
+      sansSerif = [
+        "SF Pro"
+        "DejaVu Sans"
+      ];
+      monospace = [
+        "Iosevka"
+        "DejaVu Sans Mono"
+      ];
+      emoji = [ "Noto Color Emoji" ];
+    };
+  };
+
+  fonts.packages = with pkgs; [
+    inputs.apple-fonts.packages."${system}".sf-pro
+    noto-fonts-color-emoji
+    (iosevka.override {
+      set = "cavalier";
+
+      privateBuildPlan = {
+        family = "Iosevka Cavalier";
+        spacing = "normal";
+        serifs = "sans";
+        noCvSs = false;
+        exportGlyphNames = true;
+
+        variants.inherits = "ss08";
+
+        variants.weights.Regular = {
+          shape = 400;
+          menu = 400;
+          css = 400;
+        };
+
+        variants.weights.Bold = {
+          shape = 700;
+          menu = 700;
+          css = 700;
+        };
+
+        variants.weights.Italic = {
+          angle = 9.4;
+          shape = "italic";
+          menu = "italic";
+          css = "italic";
+        };
+
+        variants.weights.Upright = {
+          angle = 0;
+          shape = "upright";
+          menu = "upright";
+          css = "upright";
+        };
+      };
+    })
+  ];
+
+  programs._1password.enable = true;
+  programs._1password-gui = {
+    enable = true;
+    # Certain features, including CLI integration and system authentication support,
+    # require enabling PolKit integration on some desktop environments (e.g. Plasma).
+    polkitPolicyOwners = [ "pml" ];
+  };
+
+  #services.hardware.openrgb.enable = true;
+  services.udev.packages = [ pkgs.openrgb ];
+  boot.kernelModules = [ "i2c-dev" ];
+  hardware.i2c.enable = true;
+
+  environment.etc = {
+    "1password/custom_allowed_browsers" = {
+      text = ''
+        	  firefox
+      '';
+      mode = "0755";
+    };
+  };
+  system.stateVersion = "25.05"; # Did you read the comment?
+}
--- a/machines/hermes/filesystems.nix
+++ b/machines/hermes/filesystems.nix
@ -0,0 +1,90 @@
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}:
+let
+  bootUUID = "afbb025b-f483-4b79-9702-645cfca09e8b";
+  efiUUID = "5E49-BE19";
+  luuksUUID = "9aaac705-2737-4222-9887-51131acec90c";
+  cryptrootUUID = "9d76cce0-7e9a-4828-8de2-aab9e07badae";
+in
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/9d76cce0-7e9a-4828-8de2-aab9e07badae";
+    fsType = "btrfs";
+    options = [ "subvol=@root" ];
+  };
+
+  boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/${luuksUUID}";
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/${bootUUID}";
+    fsType = "ext4";
+  };
+
+  fileSystems."/efi" = {
+    device = "/dev/disk/by-uuid/${efiUUID}";
+    fsType = "vfat";
+    options = [
+      "fmask=0137"
+      "dmask=0027"
+    ];
+  };
+
+  fileSystems."/home" = {
+    device = "/dev/disk/by-uuid/${cryptrootUUID}";
+    fsType = "btrfs";
+    options = [ "subvol=@home" ];
+  };
+
+  fileSystems."/nix" = {
+    device = "/dev/disk/by-uuid/${cryptrootUUID}";
+    fsType = "btrfs";
+    options = [ "subvol=@nix" ];
+  };
+
+  fileSystems."/var/cache" = {
+    device = "/dev/disk/by-uuid/${cryptrootUUID}";
+    fsType = "btrfs";
+    options = [ "subvol=@var_cache" ];
+  };
+
+  fileSystems."/var/log" = {
+    device = "/dev/disk/by-uuid/${cryptrootUUID}";
+    fsType = "btrfs";
+    options = [ "subvol=@var_log" ];
+  };
+
+  fileSystems."/var/spool" = {
+    device = "/dev/disk/by-uuid/${cryptrootUUID}";
+    fsType = "btrfs";
+    options = [ "subvol=@var_spool" ];
+  };
+
+  fileSystems."/var/tmp" = {
+    device = "/dev/disk/by-uuid/${cryptrootUUID}";
+    fsType = "btrfs";
+    options = [ "subvol=@var_tmp" ];
+  };
+
+  fileSystems."/var/lib/machines" = {
+    device = "/dev/disk/by-uuid/${cryptrootUUID}";
+    fsType = "btrfs";
+    options = [ "subvol=@var_lib_machines" ];
+  };
+
+  fileSystems."/var/lib/portables" = {
+    device = "/dev/disk/by-uuid/${cryptrootUUID}";
+    fsType = "btrfs";
+    options = [ "subvol=@var_lib_portables" ];
+  };
+
+  swapDevices = [ ];
+}
--- a/machines/hermes/gpu.nix
+++ b/machines/hermes/gpu.nix
@ -0,0 +1,45 @@
+{
+  config,
+  inputs,
+  lib,
+  pkgs,
+  ...
+}:
+
+{
+  environment.systemPackages = with pkgs; [
+    libva-utils
+    vdpauinfo
+  ];
+
+  boot.kernelParams = [ "i915.enable_guc=3" ];
+
+  hardware.graphics = {
+    enable = true;
+    extraPackages = with pkgs; [
+      intel-media-driver
+      vpl-gpu-rt
+    ];
+  };
+
+  hardware.nvidia = {
+    package = config.boot.kernelPackages.nvidiaPackages.stable;
+    open = true;
+    nvidiaSettings = true;
+  };
+
+  hardware.nvidia.prime = {
+    intelBusId = "PCI:0:2:0";
+    nvidiaBusId = "PCI:2:0:0";
+  };
+
+  services.xserver.videoDrivers = [
+    "modesetting"
+    "nvidia"
+  ];
+
+  environment.sessionVariables = {
+    LIBVA_DRIVER_NAME = "iHD";
+    VDPAU_DRIVER = "va_gl";
+  };
+}
--- a/machines/hermes/networking.nix
+++ b/machines/hermes/networking.nix
@ -0,0 +1,51 @@
+{ lib, ... }:
+
+{
+
+  networking.hostName = "hermes";
+
+  networking.useDHCP = lib.mkDefault true;
+
+  networking.wireless.iwd = {
+    enable = true;
+    settings = {
+      General = {
+        EnableNetworkConfiguration = false; # Let dhcpcd handle this
+      };
+      Network = {
+        EnableIPv6 = true;
+        NameResolvingService = "systemd";
+      };
+    };
+  };
+
+  networking.dhcpcd = {
+    enable = true;
+    extraConfig = ''
+      nohook resolv.conf  # Don't let dhcpcd manage resolv.conf
+    '';
+  };
+
+  networking.resolvconf.enable = false;
+
+  services.avahi.enable = true;
+
+  services.resolved = {
+    enable = true;
+
+    dnssec = "true";
+    domains = [ "~." ];
+    fallbackDns = [
+      "9.9.9.9#dns.quad9.net"
+      "149.112.112.112#dns.quad9.net"
+      "2620:fe::fe#dns.quad9.net"
+      "2620:fe::9#dns.quad9.net"
+    ];
+
+    extraConfig = ''
+      DNSOverTLS=yes
+    '';
+  };
+
+  services.openssh.enable = true;
+}
--- a/machines/hermes/remove_systemd_service.patch
+++ b/machines/hermes/remove_systemd_service.patch
@ -0,0 +1,17 @@
+diff --git a/OpenRGB.pro b/OpenRGB.pro
+index df7082b6..0022e5fa 100644
+--- a/OpenRGB.pro
+++ b/OpenRGB.pro
+@@ -588,9 +588,9 @@ contains(QMAKE_PLATFORM, linux) {
+     icon.files+=qt/org.openrgb.OpenRGB.png
+     metainfo.path=$$PREFIX/share/metainfo/
+     metainfo.files+=qt/org.openrgb.OpenRGB.metainfo.xml
+-    systemd_service.path=/etc/systemd/system
+-    systemd_service.files+=qt/openrgb.service
+-    INSTALLS += target desktop icon metainfo udev_rules systemd_service
+    # systemd_service.path=/etc/systemd/system
+    # systemd_service.files+=qt/openrgb.service
+    INSTALLS += target desktop icon metainfo udev_rules # systemd_service
+ }
+ 
+ #-----------------------------------------------------------------------------------------------#