diff --git a/hosts/naromk3/default.nix b/hosts/naromk3/default.nix index 101f0a6..609fade 100644 --- a/hosts/naromk3/default.nix +++ b/hosts/naromk3/default.nix @@ -23,9 +23,9 @@ id = "0003beef"; firewall = { openPorts = [ - 22 # Gitea SSH - 25 # SMTP - 80 # HTTP + 22 # Gitea SSH + 25 # SMTP + 80 # HTTP 443 # HTTPS 465 # SMTPS 993 # IMAPS diff --git a/modules/default.nix b/modules/default.nix new file mode 100644 index 0000000..374dfd5 --- /dev/null +++ b/modules/default.nix @@ -0,0 +1,50 @@ +{ + inputs, + lib, + config, + ... +}: { + imports = [./helpers.nix]; + + config = { + flake = { + nixosConfigurations = lib.mkMerge [ + (config.flake.lib.mkNixos "x86_64-linux" "alys") + (config.flake.lib.mkNixos "x86_64-linux" "elcafe") + (config.flake.lib.mkNixos "x86_64-linux" "gampo") + (config.flake.lib.mkNixos "x86_64-linux" "marpa") + (config.flake.lib.mkNixos "x86_64-linux" "NaroMk3") + (config.flake.lib.mkNixos "x86_64-linux" "tilo") + (config.flake.lib.mkPinetab "x86_64-linux" [ + inputs.self.modules.nixos.pinetab2-gnome + ]) + ]; + + homeConfigurations = lib.mkMerge [ + (config.flake.lib.mkHome "aarch64-linux" "phundrak" "pinetab2") + (config.flake.lib.mkHome "x86_64-linux" "creug" "elcafe") + (config.flake.lib.mkHome "x86_64-linux" "phundrak" "NaroMk3") + (config.flake.lib.mkHome "x86_64-linux" "phundrak" "alys") + (config.flake.lib.mkHome "x86_64-linux" "phundrak" "elcafe") + (config.flake.lib.mkHome "x86_64-linux" "phundrak" "gampo") + (config.flake.lib.mkHome "x86_64-linux" "phundrak" "marpa") + (config.flake.lib.mkHome "x86_64-linux" "phundrak" "tilo") + ]; + }; + perSystem = { + config', + pkgs, + ... + }: { + formatter = pkgs.alejandra; + devShells.default = pkgs.mkShell { + buildInputs = with pkgs; [ + nh + jujutsu + git + inputs.jj-cz.packages.${config'.system}.default + ]; + }; + }; + }; +} diff --git a/modules/desktop/firefox/flake-parts.nix b/modules/desktop/firefox/flake-parts.nix new file mode 100644 index 0000000..375199c --- /dev/null +++ b/modules/desktop/firefox/flake-parts.nix @@ -0,0 +1,3 @@ +{ + imports = [./home-manager.nix]; +} diff --git a/modules/desktop/firefox/home-manager.nix b/modules/desktop/firefox/home-manager.nix new file mode 100644 index 0000000..2191e1f --- /dev/null +++ b/modules/desktop/firefox/home-manager.nix @@ -0,0 +1,81 @@ +{ + inputs, + lib, + ... +}: let + settingsToLines = with lib; + settings: + concatStringsSep "\n" ( + mapAttrsToList (name: value: "set ${name} ${toString value}") settings + ); +in { + flake-file.inputs.zen-browser = { + url = "github:youwen5/zen-browser-flake"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + flake.modules.homeManager.firefox = { + config, + pkgs, + ... + }: + with lib; let + cfg = config.flake.options.firefox; + inherit (pkgs.stdenv.hostPlatform) system; + zen = inputs.zen-browser.packages.${system}.default; + in { + options.flake.options.firefox = { + enable = mkEnableOption "enable Firefox"; + useZen = mkEnableOption "use Zen instead of Firefox"; + tridactyl = { + enable = mkEnableOption "enable Tridactyl"; + preConfig = mkOption { + description = "Lines to add to the beginning of tridactylrc"; + type = types.lines; + default = ""; + }; + config = mkOption { + type = with types; + attrsOf (oneOf [int str bool]); + description = "Tridactyl settings (converted to 'set key value' lines)"; + default = {}; + example = { + smoothscroll = true; + history = 1000; + }; + }; + extraConfig = mkOption { + description = "Extra lines to add to tridactylrc (for bindings, autocmds, etc)"; + type = types.lines; + default = ""; + }; + }; + }; + + config = mkIf cfg.enable { + home.sessionVariables.MOZ_ENABLE_WAYLAND = "1"; + programs.firefox = { + inherit (cfg) enable; + package = + if cfg.useZen + then zen + else pkgs.firefox; + nativeMessagingHosts = lists.optional cfg.tridactyl.enable pkgs.tridactyl-native; + configPath = ".mozilla/firefox"; + }; + xdg.configFile."tridactyl/tridactylrc" = mkIf cfg.tridactyl.enable { + text = concatStringsSep "\n" (filter (s: s != "") [ + cfg.tridactyl.preConfig + (settingsToLines (cfg.tridactyl.config + // { + browser = + if cfg.useZen + then "zen" + else "firefox"; + })) + cfg.tridactyl.extraConfig + ]); + }; + }; + }; +} diff --git a/modules/hardware/amdgpu/flake-parts.nix b/modules/hardware/amdgpu/flake-parts.nix new file mode 100644 index 0000000..e00e0f6 --- /dev/null +++ b/modules/hardware/amdgpu/flake-parts.nix @@ -0,0 +1,3 @@ +{ + flake.modules.nixos.amdgpu = ./nixos.nix; +} diff --git a/modules/hardware/amdgpu/nixos.nix b/modules/hardware/amdgpu/nixos.nix new file mode 100644 index 0000000..ea2a2d4 --- /dev/null +++ b/modules/hardware/amdgpu/nixos.nix @@ -0,0 +1,30 @@ +{pkgs, ...}: { + hardware = { + graphics = { + enable = true; + enable32Bit = true; + extraPackages = with pkgs; [ + mesa rocmPackages.clr rocmPackages.clr.icd rocmPackages.rocblas + rocmPackages.hipblas rocmPackages.rpp nvtopPackages.amd + ]; + }; + amdgpu = { initrd.enable = true; opencl.enable = true; }; + }; + environment.systemPackages = with pkgs; [ clinfo amdgpu_top nvtopPackages.amd ]; + systemd = { + packages = with pkgs; [ lact ]; + services.lactd.wantedBy = [ "multi-user.target" ]; + tmpfiles.rules = let + rocmEnv = pkgs.symlinkJoin { + name = "rocm-combined"; + paths = with pkgs.rocmPackages; [ clr clr.icd rocblas hipblas rpp ]; + }; + in [ "L+ /opt/rocm - - - - ${rocmEnv}" ]; + }; + environment.variables = { + ROCM_PATH = "/opt/rocm"; + HIP_VISIBLE_DEVICES = "1"; + ROCM_VISIBLE_DEVICES = "1"; + HSA_OVERRIDE_GFX_VERSION = "10.3.0"; + }; +} diff --git a/modules/hardware/pinetab2/flake-parts.nix b/modules/hardware/pinetab2/flake-parts.nix new file mode 100644 index 0000000..8de8e3d --- /dev/null +++ b/modules/hardware/pinetab2/flake-parts.nix @@ -0,0 +1,27 @@ +{inputs, ...}: +{ + flake-file.inputs = { + rockchip = { + url = "github:raboof/nixos-rockchip/pinetab-linux-7.0"; + inputs.utils.follows = "flake-utils"; + inputs.nixpkgsStable.follows = "nixpkgsStable"; + inputs.nixpkgsUnstable.follows = "nixpkgs"; + }; + flake-utils.url = "github:numtide/flake-utils"; + }; + + config.flake.factory.pinetab2 = buildPlatform: variantModules: { + nixos.pinetab2 = { + imports = [ + inputs.rockchip.nixosModules.sdImageRockchip + inputs.rockchip.nixosModules.dtOverlayPCIeFix + inputs.rockchip.nixosModules.noZFS + inputs.self.modules.nixos.pinetab2-base + ] ++ variantModules; + rockchip.uBoot = inputs.rockchip.packages.${buildPlatform}.uBootPineTab2; + boot.kernelPackages = + inputs.rockchip.legacyPackages.${buildPlatform}.kernel_linux_7_0_pinetab_unstable; + hardware.firmware = [ inputs.rockchip.packages.aarch64-linux.bes2600 ]; + }; + }; +} diff --git a/modules/helpers.nix b/modules/helpers.nix new file mode 100644 index 0000000..a2ab5b9 --- /dev/null +++ b/modules/helpers.nix @@ -0,0 +1,48 @@ +{ + inputs, + lib, + ... +}: { + config.flake.lib = { + mkNixos = system: name: { + ${name} = inputs.nixpkgs.lib.nixosSystem { + modules = [ + inputs.self.modules.nixos.${name} + {nixpkgs.hostPlatform = lib.mkDefault system;} + ]; + }; + }; + + mkHome = system: username: hostname: { + "${username}@${hostname}" = inputs.home-manager.lib.homeManagerConfiguration { + pkgs = inputs.nixpkgs.legacyPackages.${system}; + extraSpecialArgs = {inherit inputs;}; + modules = [inputs.self.modules.homeManager.${username}.${hostname}]; + }; + }; + + mkPinetab = buildPlatform: variantModules: { + pinetab2 = inputs.nixpkgs.lib.nixosSystem { + system = "aarch64-linux"; + modules = + [ + inputs.rockchip.nixosModules.sdImageRockchip + inputs.rockchip.nixosModules.dtOverlayPCIeFix + inputs.rockchip.nixosModules.noZFS + inputs.self.modules.nixos.pinetab2-base + ] + ++ variantModules + ++ [ + { + rockchip.uBoot = inputs.rockchip.packages.${buildPlatform}.uBootPineTab2; + boot.kernelPackages = + inputs.rockchip.legacyPackages.${buildPlatform}.kernel_linux_7_0_pinetab_unstable; + hardware.firmware = [inputs.rockchip.packages.aarch64-linux.bes2600]; + nixpkgs.config.allowUnfreePredicate = pkg: + builtins.elem (inputs.nixpkgs.lib.getName pkg) ["bes2600-firmware"]; + } + ]; + }; + }; + }; +} diff --git a/modules/inputs.nix b/modules/inputs.nix new file mode 100644 index 0000000..ccb9552 --- /dev/null +++ b/modules/inputs.nix @@ -0,0 +1,20 @@ +{ + flake-file = { + inputs = { + nixpkgs.url = "github:nixos/nixpkgs?ref=nixos-unstable"; + nixpkgsStable.url = "nixpkgs/nixos-25.11"; + flake-parts.url = "github:hercules-ci/flake-parts"; + flake-file.url = "github:vic/flake-file"; + import-tree.url = "github:vic/import-tree"; + home-manager = { + url = "github:nix-community/home-manager"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + jj-cz = { + url = "git+https://labs.phundrak.com/phundrak/jj-cz?ref=main"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + }; + outputs = "flake-parts"; + }; +} diff --git a/modules/nix/nix-config.nix b/modules/nix/nix-config.nix new file mode 100644 index 0000000..371680a --- /dev/null +++ b/modules/nix/nix-config.nix @@ -0,0 +1,18 @@ +{ + flake.nixConfig = { + extra-trusted-public-keys = [ + "marpa-local:XoO+dFN4PeauF52pYuy3Vh4Sdtl2qIdxu5aUasWKv6Q=" + "phundrak.cachix.org-1:osJAkYO0ioTOPqaQCIXMfIRz1/+YYlVFkup3R2KSexk=" + "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + ]; + extra-substituters = [ + "http://marpa:5000?priority=5" + "https://phundrak.cachix.org?priority=10" + "https://nix-community.cachix.org?priority=20" + "https://cache.nixos.org?priority=40" + ]; + extra-experimental-features = [ "nix-command" "flakes" ]; + http-connections = 128; + }; +} diff --git a/modules/nix/tools/hetzner.nix b/modules/nix/tools/hetzner.nix new file mode 100644 index 0000000..228212b --- /dev/null +++ b/modules/nix/tools/hetzner.nix @@ -0,0 +1,14 @@ +{inputs, ...}: +{ + flake-file.inputs.srvos = { + url = "github:nix-community/srvos"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + flake.modules.nixos.hetzner-server = { + imports = [ + inputs.srvos.nixosModules.server + inputs.srvos.nixosModules.hardware-hetzner-cloud + inputs.srvos.nixosModules.mixins-terminfo + ]; + }; +} diff --git a/modules/nix/tools/sops.nix b/modules/nix/tools/sops.nix new file mode 100644 index 0000000..a641a09 --- /dev/null +++ b/modules/nix/tools/sops.nix @@ -0,0 +1,16 @@ +{inputs, ...}: +{ + flake-file.inputs.sops-nix = { + url = "github:Mic92/sops-nix"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + flake.modules = { + nixos.sops = { + imports = [inputs.sops-nix.nixosModules.sops]; + }; + homeManager.sops = { + imports = [inputs.sops-nix.homeManagerModules.sops]; + }; + }; +} diff --git a/modules/users/phundrak/flake-parts.nix b/modules/users/phundrak/flake-parts.nix new file mode 100644 index 0000000..93d2959 --- /dev/null +++ b/modules/users/phundrak/flake-parts.nix @@ -0,0 +1,13 @@ +{inputs, ...}: { + flake.modules = { + nixos.phundrak = { + imports = [./nixos.nix]; + home-manager.users.phundrak = { + imports = [inputs.self.modules.homeManager.phundrak]; + }; + }; + homeManager.phundrak = { + imports = [./homeManager.nix]; + }; + }; +} diff --git a/modules/users/phundrak/nixos.nix b/modules/users/phundrak/nixos.nix new file mode 100644 index 0000000..f4c8cf2 --- /dev/null +++ b/modules/users/phundrak/nixos.nix @@ -0,0 +1,32 @@ +{ + config, + pkgs, + lib, + ... +}: +with lib; let + cfg = config.flake.options.phundrak; +in { + options.flake.options.phundrak = { + sudo = mkEnableOption "Make phundrak a superuser"; + trusted = mkOption { + description = "Mark phundrak as trusted by Nix"; + type = types.bool; + default = cfg.sudo; + }; + }; + config = { + users.users.phundrak = { + isNormalUser = true; + description = "Greg"; + extraGroups = + ["networkmanager" "dialout" "games" "audio" "input"] + ++ optional cfg.sudo "wheel"; + shell = pkgs.zsh; + openssh.authorizedKeys.keyFiles = filesystem.listFilesRecursive ./keys; + }; + nix.settings = mkIf cfg.trusted { + trusted-users = ["phundrak"]; + }; + }; +} diff --git a/users/phundrak/ai.nix b/users/phundrak/ai.nix index 4d07462..f8e05de 100644 --- a/users/phundrak/ai.nix +++ b/users/phundrak/ai.nix @@ -1,6 +1,6 @@ {config, ...}: { home.dev.ai = { - enable = true; + enable = true; opencode = { tui = { mouse = true;