diff --git a/.gitignore b/.gitignore index 6aada1e..5f598da 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ private.nix private/ -/result +/result* + diff --git a/flake.lock b/flake.lock index 5233903..28b8026 100644 --- a/flake.lock +++ b/flake.lock @@ -19,11 +19,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1673956053, - "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=", + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", "owner": "edolstra", "repo": "flake-compat", - "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", "type": "github" }, "original": { @@ -69,11 +69,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1688254665, - "narHash": "sha256-8FHEgBrr7gYNiS/NzCxIO3m4hvtLRW9YY1nYo1ivm3o=", + "lastModified": 1693611461, + "narHash": "sha256-aPODl8vAgGQ0ZYFIRisxYG5MOGSkIczvu2Cd8Gb9+1Y=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "267149c58a14d15f7f81b4d737308421de9d7152", + "rev": "7f53fdb7bdc5bb237da7fefef12d099e4fd611ca", "type": "github" }, "original": { @@ -107,11 +107,11 @@ ] }, "locked": { - "lastModified": 1691998815, - "narHash": "sha256-HuFgb+W1Dvd0mjjudpTf0hVg/YKKiMRpX14t7dJeTm8=", + "lastModified": 1696446489, + "narHash": "sha256-xSjMKdNR+q/3hdSPyg/LUMsZT/WIoUi8dcm5zT4SMUQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "da6874e8bb82204323b94154585a1471c739f73e", + "rev": "68f7d8c0fb0bfc67d1916dd7f06288424360d43a", "type": "github" }, "original": { @@ -122,11 +122,11 @@ }, "impermanence": { "locked": { - "lastModified": 1690797372, - "narHash": "sha256-GImz19e33SeVcIvBB7NnhbJSbTpFFmNtWLh7Z85Y188=", + "lastModified": 1694622745, + "narHash": "sha256-z397+eDhKx9c2qNafL1xv75lC0Q4nOaFlhaU1TINqb8=", "owner": "nix-community", "repo": "impermanence", - "rev": "e3a7acd113903269a1b5c8b527e84ce7ee859851", + "rev": "e9643d08d0d193a2e074a19d4d90c67a874d932e", "type": "github" }, "original": { @@ -143,11 +143,11 @@ ] }, "locked": { - "lastModified": 1691956035, - "narHash": "sha256-/BZBkQ9U1fz97hNblgEDZLnxnuBSoyu1MDouF7dkR9g=", + "lastModified": 1695274149, + "narHash": "sha256-TXMD7TkBA6BYR77465ej5jZcHYTdDC67H1C/Zpp0aiQ=", "owner": "chayleaf", "repo": "maubot.nix", - "rev": "52022afdbb95b3acbfb8a7c60cb83f16391965ce", + "rev": "1b5d44af45a3fb7b2fa29a4b7590b5cb37d1fdf1", "type": "github" }, "original": { @@ -164,11 +164,11 @@ ] }, "locked": { - "lastModified": 1692048568, - "narHash": "sha256-b//Inw4b68N38rcerDU9P6wldF804rQQmR8s3EHOR/E=", + "lastModified": 1696468271, + "narHash": "sha256-ZpzAIqs8VmgRDz+rBe28+TErlXkhzrgPKg3YKYraReE=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "58422c29f4208e2c2e9b4b7d2704f9c31c5b9507", + "rev": "cc55064e30efdf1b1ad3df4d39983314ef440aae", "type": "github" }, "original": { @@ -179,11 +179,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1691871742, - "narHash": "sha256-6yDNjfbAMpwzWL4y75fxs6beXHRANfYX8BNSPjYehck=", + "lastModified": 1696614066, + "narHash": "sha256-nAyYhO7TCr1tikacP37O9FnGr2USOsVBD3IgvndUYjM=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "430a56dd16fe583a812b2df44dca002acab2f4f6", + "rev": "bb2db418b616fea536b1be7f6ee72fb45c11afe0", "type": "github" }, "original": { @@ -228,11 +228,11 @@ ] }, "locked": { - "lastModified": 1691963046, - "narHash": "sha256-6K2UtOT3RnsTzqkZVRJRR4A9BLAwg6kLEsRRR6FjBeY=", + "lastModified": 1696627040, + "narHash": "sha256-HOG11+J/akMF/egPoVcVSk4nhFFQOuCl1K8pWjdZIL0=", "owner": "chayleaf", "repo": "nixos-router", - "rev": "2041ec14178acdb1ae6412c4da1ef766f20c545d", + "rev": "fd1c895481286b80759b128b082c7a4cc132614a", "type": "github" }, "original": { @@ -243,16 +243,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1692034721, - "narHash": "sha256-2LRUPajtgMEUZCWvF5RkwKMpKy1grxS6lNdWkXZ7IEo=", - "owner": "chayleaf", + "lastModified": 1696375444, + "narHash": "sha256-Sv0ICt/pXfpnFhTGYTsX6lUr1SljnuXWejYTI2ZqHa4=", + "owner": "nixos", "repo": "nixpkgs", - "rev": "c412885a154f0fbd0e11195c78d473f40f0e03c4", + "rev": "81e8f48ebdecf07aab321182011b067aafc78896", "type": "github" }, "original": { - "owner": "chayleaf", - "ref": "ccache", + "owner": "nixos", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -260,11 +260,11 @@ "nixpkgs-lib": { "locked": { "dir": "lib", - "lastModified": 1688049487, - "narHash": "sha256-100g4iaKC9MalDjUW9iN6Jl/OocTDtXdeAj7pEGIRh4=", + "lastModified": 1693471703, + "narHash": "sha256-0l03ZBL8P1P6z8MaSDS/MvuU8E75rVxe5eE1N6gxeTo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4bc72cae107788bf3f24f30db2e2f685c9298dc9", + "rev": "3e52e76b70d5508f3cec70b882a29199f4d1ee85", "type": "github" }, "original": { @@ -275,6 +275,22 @@ "type": "github" } }, + "nixpkgs2": { + "locked": { + "lastModified": 1696696817, + "narHash": "sha256-K8/YirUEkUD1Xd9Qg5R9czYU03M8wDN5W3DYns9F0rc=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "0df1d6c8cac8e8dc08f42bfe062a1025555c9b6a", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "master", + "repo": "nixpkgs", + "type": "github" + } + }, "notlua": { "inputs": { "nixpkgs": [ @@ -317,11 +333,11 @@ }, "nur": { "locked": { - "lastModified": 1692017787, - "narHash": "sha256-RVohbSWkS3iMexiF6w9QkMtmwsCRe7OLxJ0hgCe22/g=", + "lastModified": 1696624462, + "narHash": "sha256-lGmf7IPqWLfxvEQcPujB8dzu+++NHqGYQkmC05y3ByA=", "owner": "nix-community", "repo": "NUR", - "rev": "2ba2c24ca845753a7c8a62f5e372b68a7e39b78e", + "rev": "560b6a71f7fe0353dc19bc366a5ace71fbda51d1", "type": "github" }, "original": { @@ -341,6 +357,7 @@ "nixos-mailserver": "nixos-mailserver", "nixos-router": "nixos-router", "nixpkgs": "nixpkgs", + "nixpkgs2": "nixpkgs2", "notlua": "notlua", "notnft": "notnft", "nur": "nur", @@ -355,11 +372,11 @@ ] }, "locked": { - "lastModified": 1691979003, - "narHash": "sha256-kT7FB6+wiTPzXtzNdQJmBGyFGM3/9QvjDTF5YK3eYTs=", + "lastModified": 1696558324, + "narHash": "sha256-TnnP4LGwDB8ZGE7h2n4nA9Faee8xPkMdNcyrzJ57cbw=", "owner": "oxalica", "repo": "rust-overlay", - "rev": "ce646c4052c4979078a1ed263bc6e8c1a14c0d07", + "rev": "fdb37574a04df04aaa8cf7708f94a9309caebe2b", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 99fc061..d7c1216 100644 --- a/flake.nix +++ b/flake.nix @@ -2,8 +2,10 @@ description = "NixOS + Home Manager configuration of chayleaf"; inputs = { - # nixpkgs.url = "github:nixos/nixpkgs/master"; - nixpkgs.url = "github:chayleaf/nixpkgs/ccache"; + #nixpkgs.url = "github:nixos/nixpkgs/3dc2b4f8166f744c3b3e9ff8224e7c5d74a5424f"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; + nixpkgs2.url = "github:nixos/nixpkgs/master"; + # nixpkgs.url = "github:chayleaf/nixpkgs/ccache2"; nixos-hardware.url = "github:NixOS/nixos-hardware"; impermanence.url = "github:nix-community/impermanence"; nur.url = "github:nix-community/NUR"; @@ -49,7 +51,7 @@ }; }; - outputs = inputs@{ self, nixpkgs, nixos-hardware, impermanence, home-manager, nur, nix-gaming, notlua, notnft, nixos-mailserver, nixos-router, maubot, ... }: + outputs = inputs@{ self, nixpkgs, nixpkgs2, nixos-hardware, impermanence, home-manager, nur, nix-gaming, notlua, notnft, nixos-mailserver, nixos-router, maubot, ... }: let # --impure required for developing # it takes the paths for modules from filesystem as opposed to flake inputs @@ -100,9 +102,9 @@ }; routerConfig = rec { system = "aarch64-linux"; - specialArgs.server-config = nixosConfigurations.nixserver.config; modules = [ { + _module.args.server-config = nixosConfigurations.nixserver.config; _module.args.notnft = if devNft then (import /${devPath}/notnft { inherit (nixpkgs) lib; }).config.notnft else notnft.lib.${system}; } (if devNixRt then import /${devPath}/nixos-router else nixos-router.nixosModules.default) @@ -127,9 +129,11 @@ router-emmc-cross = crossConfig router-emmc; router-sd-cross = crossConfig router-emmc; nixserver = { + system = "aarch64-linux"; modules = [ + { _module.args.router-config = nixosConfigurations.router-emmc.config; } nixos-mailserver.nixosModules.default - ./system/devices/hp-probook-g0-server.nix + ./system/devices/radxa-rock5a-server.nix (if devMaubot then import /${devPath}/maubot.nix/module else maubot.nixosModules.default) ./system/modules/scanservjs.nix ]; @@ -146,6 +150,7 @@ notlua = notlua.lib.${system}; }; home.user = [ + { _module.args.pkgs2 = import nixpkgs2 { inherit system; overlays = [ overlay ]; }; } nur.nixosModules.nur ./home/hosts/nixmsi.nix ]; @@ -282,11 +287,18 @@ }; }; - hydraJobs = { - server.${config.nixserver.system or "x86_64-linux"} = nixosConfigurations.nixserver.config.system.build.toplevel; - workstation.${config.nixmsi.system or "x86_64-linux"} = nixosConfigurations.nixmsi.config.system.build.toplevel; - router.${config.router-emmc.system or "x86_64-linux"} = nixosConfigurations.router-emmc-cross.config.system.build.toplevel; - workstation-home.${config.nixmsi.system or "x86_64-linux"} = homeConfigurations."user@nixmsi".activation-script; + hydraJobs = let + addMeta = x: x // { + meta = (x.meta or {}) // { + timeout = 60 * 60 * 10; + maxSilent = 60 * 60 * 10; + }; + }; + in { + server.${config.nixserver.system or "x86_64-linux"} = addMeta nixosConfigurations.nixserver.config.system.build.toplevel; + workstation.${config.nixmsi.system or "x86_64-linux"} = addMeta nixosConfigurations.nixmsi.config.system.build.toplevel; + router.${config.router-emmc.system or "x86_64-linux"} = addMeta nixosConfigurations.router-emmc-cross.config.system.build.toplevel; + workstation-home.${config.nixmsi.system or "x86_64-linux"} = addMeta homeConfigurations."user@nixmsi".activation-script; }; }; } diff --git a/home/common/general.nix b/home/common/general.nix index 7896b0f..6c4e2dc 100644 --- a/home/common/general.nix +++ b/home/common/general.nix @@ -16,6 +16,8 @@ s = "sudo -A"; se = "sudo -AE"; l = "lsd"; + la = "lsd -A"; + ll = "lsd -l"; g = "git"; gp = "git push"; gpuo = "git push -u origin"; @@ -59,7 +61,8 @@ gnused mktemp fzf coreutils-full findutils xdg-utils gnupg whois curl file mediainfo unzip gnutar man rclone sshfs trash-cli # for preview - exa bat + # exa - TODO: replace with eza wrapper? + bat libarchive atool glow w3m # for opening diff --git a/home/common/gui.nix b/home/common/gui.nix index 6340bfd..aa1a16a 100644 --- a/home/common/gui.nix +++ b/home/common/gui.nix @@ -1,4 +1,4 @@ -{ config, pkgs, lib, ... }: +{ config, pkgs, pkgs2, lib, ... }: { imports = [ ./terminal.nix ]; i18n.inputMethod = let fcitx5-qt = pkgs.libsForQt5.fcitx5-qt; in { @@ -254,7 +254,7 @@ # for working with nix nix-init - nvfetcher + pkgs2.nvfetcher config.nur.repos.rycee.mozilla-addons-to-nix anki-bin diff --git a/home/hosts/nixmsi.nix b/home/hosts/nixmsi.nix index ba8ca93..ec76c2d 100644 --- a/home/hosts/nixmsi.nix +++ b/home/hosts/nixmsi.nix @@ -82,7 +82,7 @@ winetricks # protontricks # proton-caller # bottles - virtmanager looking-glass-client + virt-manager looking-glass-client clang_latest mold rustc rustfmt cargo clippy lalrpop diff --git a/pkgs/_sources/generated.json b/pkgs/_sources/generated.json index 6260271..ee3a032 100644 --- a/pkgs/_sources/generated.json +++ b/pkgs/_sources/generated.json @@ -37,24 +37,24 @@ "pinned": false, "src": { "name": null, - "sha256": "sha256-ldJBwp/9Cjb5k9FBrc6iz4/rnMhU5Ayf35+kNTAvXCg=", + "sha256": "sha256-DcS5ov656f/l1zWPt+UYKxarDGcAWd6zTvi50Lsa1s8=", "type": "url", - "url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-11/GE-Proton8-11.tar.gz" + "url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-16/GE-Proton8-16.tar.gz" }, - "version": "GE-Proton8-11" + "version": "GE-Proton8-16" }, "searxng": { "cargoLocks": null, - "date": "2023-08-14", + "date": "2023-10-06", "extract": null, "name": "searxng", "passthru": null, "pinned": false, "src": { - "sha256": "sha256-jkojLKFfM2Oq10YU54Kf/I+P7C1Qnrhl+7bd2RQhgMM=", + "sha256": "sha256-/blIZOaeOwQMp6T6GkNh8Fvtzh3Ik5UiPwuGjViENuE=", "type": "tarball", - "url": "https://github.com/searxng/searxng/archive/7052a1a7cfa9aa691d854a9513d023e3fdc28fcf.tar.gz" + "url": "https://github.com/searxng/searxng/archive/ce270961e82585971579844c64d7cde5f5d855ec.tar.gz" }, - "version": "7052a1a7cfa9aa691d854a9513d023e3fdc28fcf" + "version": "ce270961e82585971579844c64d7cde5f5d855ec" } } \ No newline at end of file diff --git a/pkgs/_sources/generated.nix b/pkgs/_sources/generated.nix index 8708fa5..6d309dd 100644 --- a/pkgs/_sources/generated.nix +++ b/pkgs/_sources/generated.nix @@ -20,19 +20,19 @@ }; proton-ge = { pname = "proton-ge"; - version = "GE-Proton8-11"; + version = "GE-Proton8-16"; src = fetchurl { - url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-11/GE-Proton8-11.tar.gz"; - sha256 = "sha256-ldJBwp/9Cjb5k9FBrc6iz4/rnMhU5Ayf35+kNTAvXCg="; + url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-16/GE-Proton8-16.tar.gz"; + sha256 = "sha256-DcS5ov656f/l1zWPt+UYKxarDGcAWd6zTvi50Lsa1s8="; }; }; searxng = { pname = "searxng"; - version = "7052a1a7cfa9aa691d854a9513d023e3fdc28fcf"; + version = "ce270961e82585971579844c64d7cde5f5d855ec"; src = fetchTarball { - url = "https://github.com/searxng/searxng/archive/7052a1a7cfa9aa691d854a9513d023e3fdc28fcf.tar.gz"; - sha256 = "sha256-jkojLKFfM2Oq10YU54Kf/I+P7C1Qnrhl+7bd2RQhgMM="; + url = "https://github.com/searxng/searxng/archive/ce270961e82585971579844c64d7cde5f5d855ec.tar.gz"; + sha256 = "sha256-/blIZOaeOwQMp6T6GkNh8Fvtzh3Ik5UiPwuGjViENuE="; }; - date = "2023-08-14"; + date = "2023-10-06"; }; } diff --git a/pkgs/default.nix b/pkgs/default.nix index 79c3583..5973ec3 100644 --- a/pkgs/default.nix +++ b/pkgs/default.nix @@ -21,40 +21,44 @@ in unstable = nixForNixPlugins; }); # Various patches to change Nix version of existing packages so they don't error out because of nix-plugins in nix.conf - nix-plugins = pkgs.nix-plugins.overrideAttrs (old: { + nix-plugins = pkgs.nix-plugins.override { nix = nixForNixPlugins; }; /*.overrideAttrs (old: { version = "12.0.0"; patches = [ (pkgs.fetchpatch { - url = "https://github.com/shlevy/nix-plugins/pull/15/commits/f7534b96e70ca056ef793918733d1820af89a433.patch"; + # pull 17 + url = "https://github.com/shlevy/nix-plugins/commit/f7534b96e70ca056ef793918733d1820af89a433.patch"; hash = "sha256-ePRAnZAobasF6jA3QC73p8zyzayXORuodhus96V+crs="; }) ]; - }); - harmonia = (pkgs.harmonia.override { nix = nixForNixPlugins; }).overrideAttrs { + });*/ + harmonia = (pkgs.harmonia.override { nix = nixForNixPlugins; }); /*.overrideAttrs { patches = [ (pkgs.fetchpatch { url = "https://github.com/nix-community/harmonia/pull/145/commits/394c939a45fa9c590347e149400876c318610b1e.patch"; hash = "sha256-DvyE7/0PW3XRtFgIrl4IQa7RIQLQZoKLddxCZvhpu3I="; }) ]; - }; + };*/ nix-init = pkgs.nix-init.override { nix = nixForNixPlugins; }; nix-serve = pkgs.nix-serve.override { nix = nixForNixPlugins; }; nix-serve-ng = pkgs.nix-serve-ng.override { nix = nixForNixPlugins; }; hydra_unstable = (pkgs.hydra_unstable.override { - nix = nixForNixPlugins.overrideAttrs (old: { + nix = nixForNixPlugins; /*.overrideAttrs (old: { # TODO: remove when https://github.com/NixOS/nix/issues/8796 is fixed or hydra code stops needing a fix configureFlags = builtins.filter (x: x != "--enable-lto") (old.configureFlags or []); - }); - }).overrideAttrs (old: { + });*/ + });/*.overrideAttrs (old: { patches = (old.patches or [ ]) ++ [ (pkgs.fetchpatch { url = "https://github.com/NixOS/hydra/pull/1296/commits/b23431a657d8a9b2f478c95dd81034780751a262.patch"; hash = "sha256-ruTAIPUrPtfy8JkXYK2qigBrSa6KPXpJlORTNkUYrG0="; }) ]; - }); + });*/ nurl = pkgs.nurl.override { nix = nixForNixPlugins; }; + nvfetcher = pkgs.nvfetcher.overrideAttrs (old: { + meta = builtins.removeAttrs old.meta [ "broken" ]; + }); clang-tools_latest = pkgs.clang-tools_16; clang_latest = pkgs.clang_16; @@ -117,4 +121,6 @@ in qemu = pkgs'.qemu_7; stdenv = pkgs'.ccacheStdenv; }; -} // (import ../system/hardware/bpi-r3/pkgs.nix { inherit pkgs pkgs' lib sources; }) + gimp = callPackage ./gimp.nix { inherit (pkgs) gimp; }; +} +// (import ../system/hardware/bpi-r3/pkgs.nix { inherit pkgs pkgs' lib sources; }) diff --git a/pkgs/gimp.nix b/pkgs/gimp.nix new file mode 100644 index 0000000..a62fdf5 --- /dev/null +++ b/pkgs/gimp.nix @@ -0,0 +1,139 @@ +{ lib +, gimp +, fetchFromGitHub +, substituteAll +, fetchpatch +, meson +, ninja +, pkg-config +, gettext +, gtk3 +, graphviz +, libarchive +, luajit +, python3 +, wrapGAppsHook +, libxslt +, gobject-introspection +, vala +, gi-docgen +, perl +, appstream-glib +, desktop-file-utils +, json-glib +, gjs +, xorg +, xvfb-run +, dbus +, gnome +, alsa-lib +, glib +, glib-networking +}: + +let + python = python3.withPackages (pp: with pp; [ + pygobject3 + ]); +in gimp.overrideAttrs (old: rec { + version = "2_99_16+date=2023-07-05"; + outputs = [ "out" "dev" "devdoc" ]; + src = fetchFromGitHub { + owner = "GNOME"; + repo = "gimp"; + rev = "d3c5536ac85bb84e1beaba68aea12cf28062e08c"; + hash = "sha256-ZKCZXt+8Jj9sETezlOXY17Kr2DeFc6O6zh97XCjfhiE="; + }; + patches = [ + (substituteAll { + src = fetchpatch { + url = "https://raw.githubusercontent.com/NixOS/nixpkgs/86947c8f83a3bd593eefb8e5f433f0d045c3d9a7/pkgs/applications/graphics/gimp/hardcode-plugin-interpreters.patch"; + hash = "sha256-uk4u+WK+p3U0NyCVa2Ua+o2nLaHZzo0jP3muGPu55ak="; + }; + python_interpreter = python.interpreter; + }) + (substituteAll { + src = fetchpatch { + url = "https://raw.githubusercontent.com/NixOS/nixpkgs/86947c8f83a3bd593eefb8e5f433f0d045c3d9a7/pkgs/applications/graphics/gimp/tests-dbus-conf.patch"; + hash = "sha256-XEsYmrNcuF6i4/EwTbXZ+vI6zY9iLbasn0I5EHhwLWU="; + }; + session_conf = "${dbus.out}/share/dbus-1/session.conf"; + }) + (fetchpatch { + url = "https://raw.githubusercontent.com/NixOS/nixpkgs/86947c8f83a3bd593eefb8e5f433f0d045c3d9a7/pkgs/applications/graphics/gimp/fix-isocodes-paths.patch"; + hash = "sha256-8jqQmfbOARMPNIsBfNKpMIeK4dXoAme7rUJeQZwh4PM="; + }) + ]; + nativeBuildInputs = [ + meson + ninja + pkg-config + gettext + wrapGAppsHook + libxslt + gobject-introspection + perl + vala + gi-docgen + desktop-file-utils + xvfb-run + dbus + ]; + buildInputs = builtins.filter (x: !builtins.elem (lib.getName x) ["gtk2"]) old.buildInputs + ++ [ + appstream-glib + gtk3 + libarchive + json-glib + python + xorg.libXmu + gnome.adwaita-icon-theme + (luajit.withPackages (ps: [ ps.lgi ])) + alsa-lib + gjs + ]; + configureFlags = []; + mesonFlags = [ + "-Dbug-report-url=https://github.com/NixOS/nixpkgs/issues/new" + "-Dicc-directory=/run/current-system/sw/share/color/icc" + "-Dcheck-update=no" + "-Dappdata-test=disabled" + ]; + enableParallelBuilding = false; + env = old.env // { + GIO_EXTRA_MODULES = "${glib-networking}/lib/gio/modules"; + }; + preConfigure = ""; + postPatch = '' + patchShebangs \ + app/tests/create_test_env.sh \ + tools/gimp-mkenums + substitute app/git-version.h.in git-version.h \ + --subst-var-by GIMP_GIT_VERSION "GIMP_2.99.?-g${builtins.substring 0 10 src.rev}" \ + --subst-var-by GIMP_GIT_VERSION_ABBREV "${builtins.substring 0 10 src.rev}" \ + --subst-var-by GIMP_GIT_LAST_COMMIT_YEAR "${builtins.head (builtins.match ".+\+date=([0-9]{4})-[0-9]{2}-[0-9]{2}" version)}" + ''; + + preCheck = '' + export NO_AT_BRIDGE=1 + export HOME="$TMPDIR" + export XDG_DATA_DIRS="${glib.getSchemaDataDirPath gtk3}:$XDG_DATA_DIRS" + ''; + checkPhase = '' + runHook preCheck + meson test --timeout-multiplier 4 --print-errorlogs + runHook postCheck + ''; + + preFixup = '' + gappsWrapperArgs+=(--prefix PATH : "${lib.makeBinPath [ graphviz ]}:$out/bin") + ''; + postFixup = '' + moveToOutput "share/doc" "$devdoc" + ''; + + passthru = old.passthru // { + majorVersion = "2.99"; + gtk = gtk3; + }; +}) diff --git a/system/devices/bpi-r3-router.nix b/system/devices/bpi-r3-router.nix index 3c2eee3..9a94b98 100644 --- a/system/devices/bpi-r3-router.nix +++ b/system/devices/bpi-r3-router.nix @@ -1,6 +1,6 @@ storage: -{ config, lib, ... }: +{ config, ... }: let rootUuid = "44444444-4444-4444-8888-888888888888"; diff --git a/system/devices/radxa-rock5a-server.nix b/system/devices/radxa-rock5a-server.nix new file mode 100644 index 0000000..696457a --- /dev/null +++ b/system/devices/radxa-rock5a-server.nix @@ -0,0 +1,74 @@ +{ config +, lib +, router-config +, ... }: + +let + encUuid = "15945050-df48-418b-b736-827749b9262a"; + encPart = "/dev/disk/by-uuid/${encUuid}"; + rootUuid = "de454394-8cc1-4267-b62b-1e25062f7cf4"; + rootPart = "/dev/disk/by-uuid/${rootUuid}"; + bootUuid = "0603-5955"; + bootPart = "/dev/disk/by-uuid/${bootUuid}"; +in + +{ + imports = [ + ../hardware/radxa-rock5a + ../hosts/nixserver + ]; + + networking.useDHCP = true; + + boot.initrd = { + preLVMCommands = lib.mkOrder 499 '' + ip link set eth0 address ${router-config.router-settings.serverInitrdMac} || true + ''; + postMountCommands = '' + ip link set eth0 address ${router-config.router-settings.serverMac} || true + ''; + network.enable = true; + network.udhcpc.extraArgs = [ "-t6" ]; + network.ssh = { + enable = true; + port = 22; + authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys; + hostKeys = [ + "/secrets/initrd/ssh_host_rsa_key" + "/secrets/initrd/ssh_host_ed25519_key" + ]; + # shell = "/bin/cryptsetup-askpass"; + }; + luks.devices."cryptroot" = { + device = encPart; + # idk whether this is needed but it works + preLVM = true; + # see https://asalor.blogspot.de/2011/08/trim-dm-crypt-problems.html before enabling + allowDiscards = true; + # improve SSD performance + bypassWorkqueues = true; + }; + }; + + fileSystems = { + "/" = { device = "none"; fsType = "tmpfs"; neededForBoot = true; + options = [ "defaults" "size=2G" "mode=755" ]; }; + # TODO: switch to bcachefs? + # I wanna do it some day, but maybe starting with the next disk I get for this server + "/persist" = + { device = rootPart; fsType = "btrfs"; neededForBoot = true; + options = [ "subvol=@" "compress=zstd" ]; }; + "/boot" = + { device = bootPart; fsType = "vfat"; neededForBoot = true; }; + }; + + impermanence = { + enable = true; + path = /persist; + directories = [ + { directory = /home/${config.common.mainUsername}; user = config.common.mainUsername; group = "users"; mode = "0700"; } + { directory = /root; mode = "0700"; } + { directory = /nix; } + ]; + }; +} diff --git a/system/hardware/bpi-r3/README.md b/system/hardware/bpi-r3/README.md new file mode 100644 index 0000000..e3d5b2d --- /dev/null +++ b/system/hardware/bpi-r3/README.md @@ -0,0 +1,5 @@ +# Required reading + +https://wiki.banana-pi.org/Banana_Pi_BPI-R3 + +https://www.fw-web.de/dokuwiki/doku.php?id=en:bpi-r3:start diff --git a/system/hardware/bpi-r3/default.nix b/system/hardware/bpi-r3/default.nix index e56dbef..2d8772c 100644 --- a/system/hardware/bpi-r3/default.nix +++ b/system/hardware/bpi-r3/default.nix @@ -8,7 +8,8 @@ generic-extlinux-compatible.enable = true; }; - boot.kernelPackages = config._module.args.fromSourcePkgs.linuxPackages_bpiR3_ccache or pkgs.linuxPackages_bpiR3_ccache; + #boot.kernelPackages = config._module.args.fromSourcePkgs.linuxPackages_bpiR3_ccache or pkgs.linuxPackages_bpiR3_ccache; + boot.kernelPackages = config._module.args.fromSourcePkgs.linuxPackages_bpiR3 or pkgs.linuxPackages_bpiR3; hardware.deviceTree.enable = true; hardware.deviceTree.filter = "mt7986a-bananapi-bpi-r3.dtb"; diff --git a/system/hardware/msi-delta-15/revert-amd-ucode-update-fam17h.patch b/system/hardware/msi-delta-15/revert-amd-ucode-update-fam17h.patch index be8dfcb..f92f8ed 100644 --- a/system/hardware/msi-delta-15/revert-amd-ucode-update-fam17h.patch +++ b/system/hardware/msi-delta-15/revert-amd-ucode-update-fam17h.patch @@ -1,18 +1,18 @@ diff --git a/WHENCE b/WHENCE -index dcb86fa..b92e529 100644 +index dbcdced..9ae8ff7 100644 --- a/WHENCE +++ b/WHENCE -@@ -3909,7 +3909,7 @@ Raw: amd-ucode/microcode_amd_fam16h.bin +@@ -3919,7 +3919,7 @@ Version: 2018-05-24 + RawFile: amd-ucode/microcode_amd_fam16h.bin Version: 2014-10-28 - File: amd-ucode/microcode_amd_fam17h.bin - Raw: amd-ucode/microcode_amd_fam17h.bin + RawFile: amd-ucode/microcode_amd_fam17h.bin -Version: 2023-07-19 +Version: 2023-04-13 - File: amd-ucode/microcode_amd_fam19h.bin - Raw: amd-ucode/microcode_amd_fam19h.bin - Version: 2023-07-18 + RawFile: amd-ucode/microcode_amd_fam19h.bin + Version: 2023-08-08 + File: amd-ucode/README diff --git a/amd-ucode/README b/amd-ucode/README -index 1d39da3..4308fe2 100644 +index f47743c..5dc5108 100644 --- a/amd-ucode/README +++ b/amd-ucode/README @@ -32,9 +32,8 @@ Microcode patches in microcode_amd_fam16h.bin: @@ -25,7 +25,7 @@ index 1d39da3..4308fe2 100644 + Family=0x17 Model=0x31 Stepping=0x00: Patch=0x08301072 Length=3200 bytes Microcode patches in microcode_amd_fam19h.bin: - Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011d1 Length=5568 bytes + Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a10113e Length=5568 bytes diff --git a/amd-ucode/microcode_amd_fam17h.bin.asc b/amd-ucode/microcode_amd_fam17h.bin.asc index 34a4024..27da52c 100644 --- a/amd-ucode/microcode_amd_fam17h.bin.asc diff --git a/system/hardware/msi-delta-15/revert-amd-ucode-update-fam19h.patch b/system/hardware/msi-delta-15/revert-amd-ucode-update-fam19h.patch index a873b79..698c50a 100644 --- a/system/hardware/msi-delta-15/revert-amd-ucode-update-fam19h.patch +++ b/system/hardware/msi-delta-15/revert-amd-ucode-update-fam19h.patch @@ -1,21 +1,21 @@ diff --git a/WHENCE b/WHENCE -index 54aadb0..99cee97 100644 +index dbcdced..dd7b8d5 100644 --- a/WHENCE +++ b/WHENCE -@@ -3924,7 +3924,7 @@ Raw: amd-ucode/microcode_amd_fam17h.bin +@@ -3921,7 +3921,7 @@ Version: 2014-10-28 + RawFile: amd-ucode/microcode_amd_fam17h.bin Version: 2023-07-19 - File: amd-ucode/microcode_amd_fam19h.bin - Raw: amd-ucode/microcode_amd_fam19h.bin + RawFile: amd-ucode/microcode_amd_fam19h.bin -Version: 2023-08-08 +Version: 2023-07-18 File: amd-ucode/README License: Redistributable. See LICENSE.amd-ucode for details diff --git a/amd-ucode/README b/amd-ucode/README -index fac1152..1d39da3 100644 +index f47743c..6a9ff1e 100644 --- a/amd-ucode/README +++ b/amd-ucode/README -@@ -37,19 +37,6 @@ Microcode patches in microcode_amd_fam17h.bin: +@@ -37,22 +37,9 @@ Microcode patches in microcode_amd_fam17h.bin: Family=0x17 Model=0x01 Stepping=0x02: Patch=0x0800126e Length=3200 bytes Microcode patches in microcode_amd_fam19h.bin: @@ -35,6 +35,9 @@ index fac1152..1d39da3 100644 -When late loading the patches for Genoa or Bergamo, there may be one spurious -NMI observed per physical core. These NMIs are benign and don't cause any -functional issue but will result in kernel messages being logged. + + NOTE: When running 5.19+ kernels on Genoa or Bergamo systems, some microcode + patches are known to trigger warnings in the PMI handler. The following are diff --git a/amd-ucode/microcode_amd_fam19h.bin.asc b/amd-ucode/microcode_amd_fam19h.bin.asc index 8cff901..a32b4d6 100644 --- a/amd-ucode/microcode_amd_fam19h.bin.asc diff --git a/system/hardware/radxa-rock5a/README.md b/system/hardware/radxa-rock5a/README.md new file mode 100644 index 0000000..812ab93 --- /dev/null +++ b/system/hardware/radxa-rock5a/README.md @@ -0,0 +1,11 @@ +# Radxa Rock 5A + +Use https://github.com/edk2-porting/edk2-rk3588 (A UEFI implementation) +instead of U-Boot + +Mainline kernel works, as long as it's sufficiently new. + +I use the SATA hat, which needed an overlay to enable PCIe. Also, the +ethernet adapter isn't connected via PCIe, it needs the `dwmac-rk` +kernel module (normally it should be loaded automatically, but I need it +in initrd). diff --git a/system/hardware/radxa-rock5a/default.nix b/system/hardware/radxa-rock5a/default.nix new file mode 100644 index 0000000..766472d --- /dev/null +++ b/system/hardware/radxa-rock5a/default.nix @@ -0,0 +1,42 @@ +{ pkgs +, config +, ... }: + +{ + boot.initrd.availableKernelModules = [ + "ahci" "usbhid" "usb_storage" + # network in initrd + "dwmac-rk" + # fde unlock in initrd + "dm_mod" "dm_crypt" "encrypted_keys" + ]; + + # TODO: switch to upstream when PCIe support works + # boot.kernelPackages = pkgs.linuxPackages_testing; + boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.buildLinux { + version = "6.6.0-rc1"; + kernelPatches = [ ]; + src = pkgs.fetchFromGitLab { + domain = "gitlab.collabora.com"; + group = "hardware-enablement"; + owner = "rockchip-3588"; + repo = "linux"; + rev = "f04271158aee35d270748301c5077231a75bc589"; + hash = "sha256-B85162plbt92p51f/M82y2zOg3/TqrBWqgw80ksJVGc="; + }; + }); + + boot.kernelParams = [ "boot.shell_on_fail" "dtb=/${config.hardware.deviceTree.name}" ]; + hardware.deviceTree.enable = true; + hardware.deviceTree.name = "rockchip/rk3588s-rock-5a.dtb"; + hardware.deviceTree.filter = "*-rock-5a*.dtb"; + hardware.deviceTree.overlays = [ { name = "rock-5a-pcie"; filter = "*-rock-5a*.dtb"; dtsFile = ./rock-5a-pcie.dtso; } ]; + nixpkgs.hostPlatform = "aarch64-linux"; + + # for a change, I have a big EFI partition on this device + boot.loader.systemd-boot.enable = true; + boot.loader.systemd-boot.extraFiles.${config.hardware.deviceTree.name} = "${config.hardware.deviceTree.package}/${config.hardware.deviceTree.name}"; + boot.loader.efi.canTouchEfiVariables = true; + + boot.initrd.compressor = "zstd"; +} diff --git a/system/hardware/radxa-rock5a/rock-5a-pcie.dtso b/system/hardware/radxa-rock5a/rock-5a-pcie.dtso new file mode 100644 index 0000000..6872d74 --- /dev/null +++ b/system/hardware/radxa-rock5a/rock-5a-pcie.dtso @@ -0,0 +1,20 @@ +/dts-v1/; +/plugin/; + +/ { + compatible = "radxa,rock-5a", "rockchip,rk3588s"; + + fragment@0 { + target = <&pcie2x1l2>; + __overlay__ { + status = "okay"; + }; + }; + + fragment@1 { + target = <&combphy0_ps>; + __overlay__ { + status = "okay"; + }; + }; +}; diff --git a/system/hosts/nixmsi.nix b/system/hosts/nixmsi.nix index 3331998..20dc4e4 100644 --- a/system/hosts/nixmsi.nix +++ b/system/hosts/nixmsi.nix @@ -36,7 +36,8 @@ "vm.dirty_background_ratio" = 2; "vm.swappiness" = 40; }; - kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; + # TODO: uncomment when iwlwifi gets fixed, whenever that will be (broken in 6.5.5) + # kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; /*kernelPackages = zenKernelPackages "6.1.9" "0fsmcjsawxr32fxhpp6sgwfwwj8kqymy0rc6vh4qli42fqmwdjgv";*/ }; diff --git a/system/hosts/nixserver/home.nix b/system/hosts/nixserver/home.nix index bfd8813..ce9310c 100644 --- a/system/hosts/nixserver/home.nix +++ b/system/hosts/nixserver/home.nix @@ -136,7 +136,7 @@ in { }; services.hydra = { - enable = true; + enable = false; hydraURL = "home.${cfg.domainName}/hydra"; listenHost = "127.0.0.1"; minimumDiskFree = 30; @@ -144,7 +144,10 @@ in { # smtpHost = "mail.${cfg.domainName}"; useSubstitutes = true; }; - boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + boot.binfmt.emulatedSystems = { + "x86_64-linux" = [ "aarch64-linux" ]; + "aarch64-linux" = [ "x86_64-linux" ]; + }.${pkgs.system}; nix.buildMachines = [ { # there were some bugs related to not specifying the machine @@ -153,7 +156,7 @@ in { protocol = null; maxJobs = 8; supportedFeatures = [ "kvm" "local" "nixos-test" "benchmark" "big-parallel" ]; - systems = [ "builtin" "x86_64-linux" "i686-linux" "aarch64-linux" ]; + systems = [ "builtin" "x86_64-linux" "aarch64-linux" ]; } ]; # limit CI CPU usage since I'm running everything else off this server too diff --git a/system/hosts/nixserver/keycloak.nix b/system/hosts/nixserver/keycloak.nix index 1470b55..695457b 100644 --- a/system/hosts/nixserver/keycloak.nix +++ b/system/hosts/nixserver/keycloak.nix @@ -40,6 +40,7 @@ in { # https:///oauth/keycloak?scope=openid+profile # ...but this doesnt even work, the callback fails with %OAuth2.Error{reason: :invalid_request} # oh well + /* services.akkoma.config = { ":ueberauth" = let url = "https://keycloak.${cfg.domainName}"; @@ -76,8 +77,8 @@ in { version = "2.1.0"; src = fetchHex { - pkg = "${name}"; - version = "${version}"; + pkg = name; + inherit version; sha256 = "0h9bps7gq7bac5gc3q0cgpsj46qnchpqbv5hzsnd2z9hnf2pzh4a"; }; @@ -88,8 +89,8 @@ in { version = "0.4.0"; src = fetchHex { - pkg = "${name}"; - version = "${version}"; + pkg = name; + inherit version; sha256 = "06r10w0azlpypjgggar1lf7h2yazn2dpyicy97zxkjyxgf9jfc60"; }; @@ -101,5 +102,5 @@ in { systemd.services.akkoma = { environment.OAUTH_CONSUMER_STRATEGIES = "keycloak:ueberauth_keycloak_strategy"; serviceConfig.EnvironmentFile = "/secrets/akkoma/envrc"; - }; + };*/ } diff --git a/system/hosts/router/default.nix b/system/hosts/router/default.nix index 300bc70..b1a1f23 100644 --- a/system/hosts/router/default.nix +++ b/system/hosts/router/default.nix @@ -235,9 +235,15 @@ let # server serverAddress4 = addToIp parsedGatewayAddr4 1; serverAddress6 = addToIp parsedGatewayAddr6 1; - # robot vacuum + # robot vacuum (valetudo) vacuumAddress4 = addToIp parsedGatewayAddr4 2; vacuumAddress6 = addToIp parsedGatewayAddr6 2; + # light bulb (tasmota) + lightBulbAddress4 = addToIp parsedGatewayAddr4 3; + lightBulbAddress6 = addToIp parsedGatewayAddr6 3; + # server in initrd + serverInitrdAddress4 = addToIp parsedGatewayAddr4 4; + serverInitrdAddress6 = addToIp parsedGatewayAddr6 4; hosted-domains = builtins.filter (domain: domain != "localhost") @@ -269,12 +275,20 @@ in { macAddress = cfg.serverMac; } { ipAddress = vacuumAddress4; macAddress = cfg.vacuumMac; } + { ipAddress = lightBulbAddress4; + macAddress = cfg.lightBulbMac; } + { ipAddress = serverInitrdAddress4; + macAddress = cfg.serverInitrdMac; } ]; router-settings.dhcp6Reservations = [ { ipAddress = serverAddress6; macAddress = cfg.serverMac; } { ipAddress = vacuumAddress6; macAddress = cfg.vacuumMac; } + { ipAddress = lightBulbAddress6; + macAddress = cfg.lightBulbMac; } + { ipAddress = serverInitrdAddress6; + macAddress = cfg.serverInitrdMac; } ]; # dnat to server, take ports from its firewall config @@ -310,7 +324,10 @@ in { }) ++ lib.flip map rangesUdpOnly (range: { port = notnft.dsl.range range.from range.to; tcp = false; udp = true; target4.address = serverAddress4; target6.address = serverAddress6; - }); + }) ++ lib.toList { + port = 24; tcp = true; udp = true; target4.port = 22; target6.port = 22; + target4.address = serverInitrdAddress4; target6.address = serverInitrdAddress6; + }; router.enable = true; # 2.4g ap diff --git a/system/hosts/router/options.nix b/system/hosts/router/options.nix index 6862c4f..023614b 100644 --- a/system/hosts/router/options.nix +++ b/system/hosts/router/options.nix @@ -13,10 +13,18 @@ description = "server's mac address"; type = lib.types.str; }; + serverInitrdMac = lib.mkOption { + description = "server's mac address in initrd"; + type = lib.types.str; + }; vacuumMac = lib.mkOption { description = "robot vacuum's mac address"; type = lib.types.str; }; + lightBulbMac = lib.mkOption { + description = "light bulb's mac address"; + type = lib.types.str; + }; naughtyMacs = lib.mkOption { description = "misbehaving (using wrong DNS server) clients' macs"; type = with lib.types; listOf str;