add Radxa Rock 5A; update inputs

.gitignore

@@ -1,3 +1,4 @@
 private.nix
 private/
-/result
+/result*
+

flake.lock

@@ -19,11 +19,11 @@
     "flake-compat": {
       "flake": false,
       "locked": {
-        "lastModified": 1673956053,
-        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "lastModified": 1696426674,
+        "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
         "owner": "edolstra",
         "repo": "flake-compat",
-        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
         "type": "github"
       },
       "original": {
@@ -69,11 +69,11 @@
         "nixpkgs-lib": "nixpkgs-lib"
       },
       "locked": {
-        "lastModified": 1688254665,
-        "narHash": "sha256-8FHEgBrr7gYNiS/NzCxIO3m4hvtLRW9YY1nYo1ivm3o=",
+        "lastModified": 1693611461,
+        "narHash": "sha256-aPODl8vAgGQ0ZYFIRisxYG5MOGSkIczvu2Cd8Gb9+1Y=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "267149c58a14d15f7f81b4d737308421de9d7152",
+        "rev": "7f53fdb7bdc5bb237da7fefef12d099e4fd611ca",
         "type": "github"
       },
       "original": {
@@ -107,11 +107,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1691998815,
-        "narHash": "sha256-HuFgb+W1Dvd0mjjudpTf0hVg/YKKiMRpX14t7dJeTm8=",
+        "lastModified": 1696446489,
+        "narHash": "sha256-xSjMKdNR+q/3hdSPyg/LUMsZT/WIoUi8dcm5zT4SMUQ=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "da6874e8bb82204323b94154585a1471c739f73e",
+        "rev": "68f7d8c0fb0bfc67d1916dd7f06288424360d43a",
         "type": "github"
       },
       "original": {
@@ -122,11 +122,11 @@
     },
     "impermanence": {
       "locked": {
-        "lastModified": 1690797372,
-        "narHash": "sha256-GImz19e33SeVcIvBB7NnhbJSbTpFFmNtWLh7Z85Y188=",
+        "lastModified": 1694622745,
+        "narHash": "sha256-z397+eDhKx9c2qNafL1xv75lC0Q4nOaFlhaU1TINqb8=",
         "owner": "nix-community",
         "repo": "impermanence",
-        "rev": "e3a7acd113903269a1b5c8b527e84ce7ee859851",
+        "rev": "e9643d08d0d193a2e074a19d4d90c67a874d932e",
         "type": "github"
       },
       "original": {
@@ -143,11 +143,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1691956035,
-        "narHash": "sha256-/BZBkQ9U1fz97hNblgEDZLnxnuBSoyu1MDouF7dkR9g=",
+        "lastModified": 1695274149,
+        "narHash": "sha256-TXMD7TkBA6BYR77465ej5jZcHYTdDC67H1C/Zpp0aiQ=",
         "owner": "chayleaf",
         "repo": "maubot.nix",
-        "rev": "52022afdbb95b3acbfb8a7c60cb83f16391965ce",
+        "rev": "1b5d44af45a3fb7b2fa29a4b7590b5cb37d1fdf1",
         "type": "github"
       },
       "original": {
@@ -164,11 +164,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1692048568,
-        "narHash": "sha256-b//Inw4b68N38rcerDU9P6wldF804rQQmR8s3EHOR/E=",
+        "lastModified": 1696468271,
+        "narHash": "sha256-ZpzAIqs8VmgRDz+rBe28+TErlXkhzrgPKg3YKYraReE=",
         "owner": "fufexan",
         "repo": "nix-gaming",
-        "rev": "58422c29f4208e2c2e9b4b7d2704f9c31c5b9507",
+        "rev": "cc55064e30efdf1b1ad3df4d39983314ef440aae",
         "type": "github"
       },
       "original": {
@@ -179,11 +179,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1691871742,
-        "narHash": "sha256-6yDNjfbAMpwzWL4y75fxs6beXHRANfYX8BNSPjYehck=",
+        "lastModified": 1696614066,
+        "narHash": "sha256-nAyYhO7TCr1tikacP37O9FnGr2USOsVBD3IgvndUYjM=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "430a56dd16fe583a812b2df44dca002acab2f4f6",
+        "rev": "bb2db418b616fea536b1be7f6ee72fb45c11afe0",
         "type": "github"
       },
       "original": {
@@ -228,11 +228,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1691963046,
-        "narHash": "sha256-6K2UtOT3RnsTzqkZVRJRR4A9BLAwg6kLEsRRR6FjBeY=",
+        "lastModified": 1696627040,
+        "narHash": "sha256-HOG11+J/akMF/egPoVcVSk4nhFFQOuCl1K8pWjdZIL0=",
         "owner": "chayleaf",
         "repo": "nixos-router",
-        "rev": "2041ec14178acdb1ae6412c4da1ef766f20c545d",
+        "rev": "fd1c895481286b80759b128b082c7a4cc132614a",
         "type": "github"
       },
       "original": {
@@ -243,16 +243,16 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1692034721,
-        "narHash": "sha256-2LRUPajtgMEUZCWvF5RkwKMpKy1grxS6lNdWkXZ7IEo=",
-        "owner": "chayleaf",
+        "lastModified": 1696375444,
+        "narHash": "sha256-Sv0ICt/pXfpnFhTGYTsX6lUr1SljnuXWejYTI2ZqHa4=",
+        "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "c412885a154f0fbd0e11195c78d473f40f0e03c4",
+        "rev": "81e8f48ebdecf07aab321182011b067aafc78896",
         "type": "github"
       },
       "original": {
-        "owner": "chayleaf",
-        "ref": "ccache",
+        "owner": "nixos",
+        "ref": "nixos-unstable",
         "repo": "nixpkgs",
         "type": "github"
       }
@@ -260,11 +260,11 @@
     "nixpkgs-lib": {
       "locked": {
         "dir": "lib",
-        "lastModified": 1688049487,
-        "narHash": "sha256-100g4iaKC9MalDjUW9iN6Jl/OocTDtXdeAj7pEGIRh4=",
+        "lastModified": 1693471703,
+        "narHash": "sha256-0l03ZBL8P1P6z8MaSDS/MvuU8E75rVxe5eE1N6gxeTo=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "4bc72cae107788bf3f24f30db2e2f685c9298dc9",
+        "rev": "3e52e76b70d5508f3cec70b882a29199f4d1ee85",
         "type": "github"
       },
       "original": {
@@ -275,6 +275,22 @@
         "type": "github"
       }
     },
+    "nixpkgs2": {
+      "locked": {
+        "lastModified": 1696696817,
+        "narHash": "sha256-K8/YirUEkUD1Xd9Qg5R9czYU03M8wDN5W3DYns9F0rc=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "0df1d6c8cac8e8dc08f42bfe062a1025555c9b6a",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "master",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
     "notlua": {
       "inputs": {
         "nixpkgs": [
@@ -317,11 +333,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1692017787,
-        "narHash": "sha256-RVohbSWkS3iMexiF6w9QkMtmwsCRe7OLxJ0hgCe22/g=",
+        "lastModified": 1696624462,
+        "narHash": "sha256-lGmf7IPqWLfxvEQcPujB8dzu+++NHqGYQkmC05y3ByA=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "2ba2c24ca845753a7c8a62f5e372b68a7e39b78e",
+        "rev": "560b6a71f7fe0353dc19bc366a5ace71fbda51d1",
         "type": "github"
       },
       "original": {
@@ -341,6 +357,7 @@
         "nixos-mailserver": "nixos-mailserver",
         "nixos-router": "nixos-router",
         "nixpkgs": "nixpkgs",
+        "nixpkgs2": "nixpkgs2",
         "notlua": "notlua",
         "notnft": "notnft",
         "nur": "nur",
@@ -355,11 +372,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1691979003,
-        "narHash": "sha256-kT7FB6+wiTPzXtzNdQJmBGyFGM3/9QvjDTF5YK3eYTs=",
+        "lastModified": 1696558324,
+        "narHash": "sha256-TnnP4LGwDB8ZGE7h2n4nA9Faee8xPkMdNcyrzJ57cbw=",
         "owner": "oxalica",
         "repo": "rust-overlay",
-        "rev": "ce646c4052c4979078a1ed263bc6e8c1a14c0d07",
+        "rev": "fdb37574a04df04aaa8cf7708f94a9309caebe2b",
         "type": "github"
       },
       "original": {

flake.nix

@@ -2,8 +2,10 @@
   description = "NixOS + Home Manager configuration of chayleaf";
 
   inputs = {
-    # nixpkgs.url = "github:nixos/nixpkgs/master";
-    nixpkgs.url = "github:chayleaf/nixpkgs/ccache";
+    #nixpkgs.url = "github:nixos/nixpkgs/3dc2b4f8166f744c3b3e9ff8224e7c5d74a5424f";
+    nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
+    nixpkgs2.url = "github:nixos/nixpkgs/master";
+    # nixpkgs.url = "github:chayleaf/nixpkgs/ccache2";
     nixos-hardware.url = "github:NixOS/nixos-hardware";
     impermanence.url = "github:nix-community/impermanence";
     nur.url = "github:nix-community/NUR";
@@ -49,7 +51,7 @@
     };
   };
 
-  outputs = inputs@{ self, nixpkgs, nixos-hardware, impermanence, home-manager, nur, nix-gaming, notlua, notnft, nixos-mailserver, nixos-router, maubot, ... }:
+  outputs = inputs@{ self, nixpkgs, nixpkgs2, nixos-hardware, impermanence, home-manager, nur, nix-gaming, notlua, notnft, nixos-mailserver, nixos-router, maubot, ... }:
   let
     # --impure required for developing
     # it takes the paths for modules from filesystem as opposed to flake inputs
@@ -100,9 +102,9 @@
       };
       routerConfig = rec {
         system = "aarch64-linux";
-        specialArgs.server-config = nixosConfigurations.nixserver.config;
         modules = [
           {
+            _module.args.server-config = nixosConfigurations.nixserver.config;
             _module.args.notnft = if devNft then (import /${devPath}/notnft { inherit (nixpkgs) lib; }).config.notnft else notnft.lib.${system};
           }
           (if devNixRt then import /${devPath}/nixos-router else nixos-router.nixosModules.default)
@@ -127,9 +129,11 @@
       router-emmc-cross = crossConfig router-emmc;
       router-sd-cross = crossConfig router-emmc;
       nixserver = {
+        system = "aarch64-linux";
         modules = [
+          { _module.args.router-config = nixosConfigurations.router-emmc.config; }
           nixos-mailserver.nixosModules.default
-          ./system/devices/hp-probook-g0-server.nix
+          ./system/devices/radxa-rock5a-server.nix
           (if devMaubot then import /${devPath}/maubot.nix/module else maubot.nixosModules.default)
           ./system/modules/scanservjs.nix
         ];
@@ -146,6 +150,7 @@
           notlua = notlua.lib.${system};
         };
         home.user = [
+          { _module.args.pkgs2 = import nixpkgs2 { inherit system; overlays = [ overlay ]; }; }
           nur.nixosModules.nur
           ./home/hosts/nixmsi.nix
         ];
@@ -282,11 +287,18 @@
       };
     };
 
-    hydraJobs = {
-      server.${config.nixserver.system or "x86_64-linux"} = nixosConfigurations.nixserver.config.system.build.toplevel;
-      workstation.${config.nixmsi.system or "x86_64-linux"} = nixosConfigurations.nixmsi.config.system.build.toplevel;
-      router.${config.router-emmc.system or "x86_64-linux"} = nixosConfigurations.router-emmc-cross.config.system.build.toplevel;
-      workstation-home.${config.nixmsi.system or "x86_64-linux"} = homeConfigurations."user@nixmsi".activation-script;
+    hydraJobs = let
+      addMeta = x: x // {
+        meta = (x.meta or {}) // {
+          timeout = 60 * 60 * 10;
+          maxSilent = 60 * 60 * 10;
+        };
+      };
+    in {
+      server.${config.nixserver.system or "x86_64-linux"} = addMeta nixosConfigurations.nixserver.config.system.build.toplevel;
+      workstation.${config.nixmsi.system or "x86_64-linux"} = addMeta nixosConfigurations.nixmsi.config.system.build.toplevel;
+      router.${config.router-emmc.system or "x86_64-linux"} = addMeta nixosConfigurations.router-emmc-cross.config.system.build.toplevel;
+      workstation-home.${config.nixmsi.system or "x86_64-linux"} = addMeta homeConfigurations."user@nixmsi".activation-script;
     };
   };
 }

home/common/general.nix

@@ -16,6 +16,8 @@
     s = "sudo -A";
     se = "sudo -AE";
     l = "lsd";
+    la = "lsd -A";
+    ll = "lsd -l";
     g = "git";
     gp = "git push";
     gpuo = "git push -u origin";
@@ -59,7 +61,8 @@
         gnused mktemp fzf coreutils-full findutils xdg-utils gnupg whois curl
         file mediainfo unzip gnutar man rclone sshfs trash-cli
         # for preview
-        exa bat
+        # exa - TODO: replace with eza wrapper?
+        bat
         libarchive atool
         glow w3m
         # for opening

home/common/gui.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, lib, ... }:
+{ config, pkgs, pkgs2, lib, ... }:
 {
   imports = [ ./terminal.nix ];
   i18n.inputMethod = let fcitx5-qt = pkgs.libsForQt5.fcitx5-qt; in {
@@ -254,7 +254,7 @@
 
     # for working with nix
     nix-init
-    nvfetcher
+    pkgs2.nvfetcher
     config.nur.repos.rycee.mozilla-addons-to-nix
 
     anki-bin

home/hosts/nixmsi.nix

@@ -82,7 +82,7 @@
     winetricks
     # protontricks # proton-caller
     # bottles
-    virtmanager looking-glass-client
+    virt-manager looking-glass-client
     clang_latest mold
     rustc rustfmt cargo clippy
     lalrpop

pkgs/_sources/generated.json

@@ -37,24 +37,24 @@
         "pinned": false,
         "src": {
             "name": null,
-            "sha256": "sha256-ldJBwp/9Cjb5k9FBrc6iz4/rnMhU5Ayf35+kNTAvXCg=",
+            "sha256": "sha256-DcS5ov656f/l1zWPt+UYKxarDGcAWd6zTvi50Lsa1s8=",
             "type": "url",
-            "url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-11/GE-Proton8-11.tar.gz"
+            "url": "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-16/GE-Proton8-16.tar.gz"
         },
-        "version": "GE-Proton8-11"
+        "version": "GE-Proton8-16"
     },
     "searxng": {
         "cargoLocks": null,
-        "date": "2023-08-14",
+        "date": "2023-10-06",
         "extract": null,
         "name": "searxng",
         "passthru": null,
         "pinned": false,
         "src": {
-            "sha256": "sha256-jkojLKFfM2Oq10YU54Kf/I+P7C1Qnrhl+7bd2RQhgMM=",
+            "sha256": "sha256-/blIZOaeOwQMp6T6GkNh8Fvtzh3Ik5UiPwuGjViENuE=",
             "type": "tarball",
-            "url": "https://github.com/searxng/searxng/archive/7052a1a7cfa9aa691d854a9513d023e3fdc28fcf.tar.gz"
+            "url": "https://github.com/searxng/searxng/archive/ce270961e82585971579844c64d7cde5f5d855ec.tar.gz"
         },
-        "version": "7052a1a7cfa9aa691d854a9513d023e3fdc28fcf"
+        "version": "ce270961e82585971579844c64d7cde5f5d855ec"
     }
 }

pkgs/_sources/generated.nix

@@ -20,19 +20,19 @@
   };
   proton-ge = {
     pname = "proton-ge";
-    version = "GE-Proton8-11";
+    version = "GE-Proton8-16";
     src = fetchurl {
-      url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-11/GE-Proton8-11.tar.gz";
-      sha256 = "sha256-ldJBwp/9Cjb5k9FBrc6iz4/rnMhU5Ayf35+kNTAvXCg=";
+      url = "https://github.com/GloriousEggroll/proton-ge-custom/releases/download/GE-Proton8-16/GE-Proton8-16.tar.gz";
+      sha256 = "sha256-DcS5ov656f/l1zWPt+UYKxarDGcAWd6zTvi50Lsa1s8=";
     };
   };
   searxng = {
     pname = "searxng";
-    version = "7052a1a7cfa9aa691d854a9513d023e3fdc28fcf";
+    version = "ce270961e82585971579844c64d7cde5f5d855ec";
     src = fetchTarball {
-      url = "https://github.com/searxng/searxng/archive/7052a1a7cfa9aa691d854a9513d023e3fdc28fcf.tar.gz";
-      sha256 = "sha256-jkojLKFfM2Oq10YU54Kf/I+P7C1Qnrhl+7bd2RQhgMM=";
+      url = "https://github.com/searxng/searxng/archive/ce270961e82585971579844c64d7cde5f5d855ec.tar.gz";
+      sha256 = "sha256-/blIZOaeOwQMp6T6GkNh8Fvtzh3Ik5UiPwuGjViENuE=";
     };
-    date = "2023-08-14";
+    date = "2023-10-06";
   };
 }

pkgs/default.nix

@@ -21,40 +21,44 @@ in
     unstable = nixForNixPlugins;
   });
   # Various patches to change Nix version of existing packages so they don't error out because of nix-plugins in nix.conf
-  nix-plugins = pkgs.nix-plugins.overrideAttrs (old: {
+  nix-plugins = pkgs.nix-plugins.override { nix = nixForNixPlugins; }; /*.overrideAttrs (old: {
     version = "12.0.0";
     patches = [
       (pkgs.fetchpatch {
-        url = "https://github.com/shlevy/nix-plugins/pull/15/commits/f7534b96e70ca056ef793918733d1820af89a433.patch";
+        # pull 17
+        url = "https://github.com/shlevy/nix-plugins/commit/f7534b96e70ca056ef793918733d1820af89a433.patch";
         hash = "sha256-ePRAnZAobasF6jA3QC73p8zyzayXORuodhus96V+crs=";
       })
     ];
-  });
-  harmonia = (pkgs.harmonia.override { nix = nixForNixPlugins; }).overrideAttrs {
+  });*/
+  harmonia = (pkgs.harmonia.override { nix = nixForNixPlugins; }); /*.overrideAttrs {
     patches = [
       (pkgs.fetchpatch {
         url = "https://github.com/nix-community/harmonia/pull/145/commits/394c939a45fa9c590347e149400876c318610b1e.patch";
         hash = "sha256-DvyE7/0PW3XRtFgIrl4IQa7RIQLQZoKLddxCZvhpu3I=";
       })
     ];
-  };
+  };*/
   nix-init = pkgs.nix-init.override { nix = nixForNixPlugins; };
   nix-serve = pkgs.nix-serve.override { nix = nixForNixPlugins; };
   nix-serve-ng = pkgs.nix-serve-ng.override { nix = nixForNixPlugins; };
   hydra_unstable = (pkgs.hydra_unstable.override {
-    nix = nixForNixPlugins.overrideAttrs (old: {
+    nix = nixForNixPlugins; /*.overrideAttrs (old: {
       # TODO: remove when https://github.com/NixOS/nix/issues/8796 is fixed or hydra code stops needing a fix
       configureFlags = builtins.filter (x: x != "--enable-lto") (old.configureFlags or []);
-    });
-  }).overrideAttrs (old: {
+    });*/
+  });/*.overrideAttrs (old: {
     patches = (old.patches or [ ]) ++ [
       (pkgs.fetchpatch {
         url = "https://github.com/NixOS/hydra/pull/1296/commits/b23431a657d8a9b2f478c95dd81034780751a262.patch";
         hash = "sha256-ruTAIPUrPtfy8JkXYK2qigBrSa6KPXpJlORTNkUYrG0=";
       })
     ];
-  });
+  });*/
   nurl = pkgs.nurl.override { nix = nixForNixPlugins; };
+  nvfetcher = pkgs.nvfetcher.overrideAttrs (old: {
+    meta = builtins.removeAttrs old.meta [ "broken" ];
+  });
 
   clang-tools_latest = pkgs.clang-tools_16;
   clang_latest = pkgs.clang_16;
@@ -117,4 +121,6 @@ in
     qemu = pkgs'.qemu_7;
     stdenv = pkgs'.ccacheStdenv;
   };
-} // (import ../system/hardware/bpi-r3/pkgs.nix { inherit pkgs pkgs' lib sources; })
+  gimp = callPackage ./gimp.nix { inherit (pkgs) gimp; };
+}
+// (import ../system/hardware/bpi-r3/pkgs.nix { inherit pkgs pkgs' lib sources; })

pkgs/gimp.nix

@@ -0,0 +1,139 @@
+{ lib
+, gimp
+, fetchFromGitHub
+, substituteAll
+, fetchpatch
+, meson
+, ninja
+, pkg-config
+, gettext
+, gtk3
+, graphviz
+, libarchive
+, luajit
+, python3
+, wrapGAppsHook
+, libxslt
+, gobject-introspection
+, vala
+, gi-docgen
+, perl
+, appstream-glib
+, desktop-file-utils
+, json-glib
+, gjs
+, xorg
+, xvfb-run
+, dbus
+, gnome
+, alsa-lib
+, glib
+, glib-networking
+}:
+
+let
+  python = python3.withPackages (pp: with pp; [
+    pygobject3
+  ]);
+in gimp.overrideAttrs (old: rec {
+  version = "2_99_16+date=2023-07-05";
+  outputs = [ "out" "dev" "devdoc" ];
+  src = fetchFromGitHub {
+    owner = "GNOME";
+    repo = "gimp";
+    rev = "d3c5536ac85bb84e1beaba68aea12cf28062e08c";
+    hash = "sha256-ZKCZXt+8Jj9sETezlOXY17Kr2DeFc6O6zh97XCjfhiE=";
+  };
+  patches = [
+    (substituteAll {
+      src = fetchpatch {
+        url = "https://raw.githubusercontent.com/NixOS/nixpkgs/86947c8f83a3bd593eefb8e5f433f0d045c3d9a7/pkgs/applications/graphics/gimp/hardcode-plugin-interpreters.patch";
+        hash = "sha256-uk4u+WK+p3U0NyCVa2Ua+o2nLaHZzo0jP3muGPu55ak=";
+      };
+      python_interpreter = python.interpreter;
+    })
+    (substituteAll {
+      src = fetchpatch {
+        url = "https://raw.githubusercontent.com/NixOS/nixpkgs/86947c8f83a3bd593eefb8e5f433f0d045c3d9a7/pkgs/applications/graphics/gimp/tests-dbus-conf.patch";
+        hash = "sha256-XEsYmrNcuF6i4/EwTbXZ+vI6zY9iLbasn0I5EHhwLWU=";
+      };
+      session_conf = "${dbus.out}/share/dbus-1/session.conf";
+    })
+    (fetchpatch {
+      url = "https://raw.githubusercontent.com/NixOS/nixpkgs/86947c8f83a3bd593eefb8e5f433f0d045c3d9a7/pkgs/applications/graphics/gimp/fix-isocodes-paths.patch";
+      hash = "sha256-8jqQmfbOARMPNIsBfNKpMIeK4dXoAme7rUJeQZwh4PM=";
+    })
+  ];
+  nativeBuildInputs = [
+    meson
+    ninja
+    pkg-config
+    gettext
+    wrapGAppsHook
+    libxslt
+    gobject-introspection
+    perl
+    vala
+    gi-docgen
+    desktop-file-utils
+    xvfb-run
+    dbus
+  ];
+  buildInputs = builtins.filter (x: !builtins.elem (lib.getName x) ["gtk2"]) old.buildInputs
+  ++ [
+    appstream-glib
+    gtk3
+    libarchive
+    json-glib
+    python
+    xorg.libXmu
+    gnome.adwaita-icon-theme
+    (luajit.withPackages (ps: [ ps.lgi ]))
+    alsa-lib
+    gjs
+  ];
+  configureFlags = [];
+  mesonFlags = [
+    "-Dbug-report-url=https://github.com/NixOS/nixpkgs/issues/new"
+    "-Dicc-directory=/run/current-system/sw/share/color/icc"
+    "-Dcheck-update=no"
+    "-Dappdata-test=disabled"
+  ];
+  enableParallelBuilding = false;
+  env = old.env // {
+    GIO_EXTRA_MODULES = "${glib-networking}/lib/gio/modules";
+  };
+  preConfigure = "";
+    postPatch = ''
+    patchShebangs \
+      app/tests/create_test_env.sh \
+      tools/gimp-mkenums
+    substitute app/git-version.h.in git-version.h \
+      --subst-var-by GIMP_GIT_VERSION "GIMP_2.99.?-g${builtins.substring 0 10 src.rev}" \
+      --subst-var-by GIMP_GIT_VERSION_ABBREV "${builtins.substring 0 10 src.rev}" \
+      --subst-var-by GIMP_GIT_LAST_COMMIT_YEAR "${builtins.head (builtins.match ".+\+date=([0-9]{4})-[0-9]{2}-[0-9]{2}" version)}"
+  '';
+
+  preCheck = ''
+    export NO_AT_BRIDGE=1
+    export HOME="$TMPDIR"
+    export XDG_DATA_DIRS="${glib.getSchemaDataDirPath gtk3}:$XDG_DATA_DIRS"
+  '';
+  checkPhase = ''
+    runHook preCheck
+    meson test --timeout-multiplier 4 --print-errorlogs
+    runHook postCheck
+  '';
+
+  preFixup = ''
+    gappsWrapperArgs+=(--prefix PATH : "${lib.makeBinPath [ graphviz ]}:$out/bin")
+  '';
+  postFixup = ''
+    moveToOutput "share/doc" "$devdoc"
+  '';
+
+  passthru = old.passthru // {
+    majorVersion = "2.99";
+    gtk = gtk3;
+  };
+})

system/devices/bpi-r3-router.nix

@@ -1,6 +1,6 @@
 storage:
 
-{ config, lib, ... }:
+{ config, ... }:
 
 let
   rootUuid = "44444444-4444-4444-8888-888888888888";

system/devices/radxa-rock5a-server.nix

@@ -0,0 +1,74 @@
+{ config
+, lib
+, router-config
+, ... }:
+
+let
+  encUuid = "15945050-df48-418b-b736-827749b9262a";
+  encPart = "/dev/disk/by-uuid/${encUuid}";
+  rootUuid = "de454394-8cc1-4267-b62b-1e25062f7cf4";
+  rootPart = "/dev/disk/by-uuid/${rootUuid}";
+  bootUuid = "0603-5955";
+  bootPart = "/dev/disk/by-uuid/${bootUuid}";
+in
+
+{
+  imports = [
+    ../hardware/radxa-rock5a
+    ../hosts/nixserver
+  ];
+
+  networking.useDHCP = true;
+
+  boot.initrd = {
+    preLVMCommands = lib.mkOrder 499 ''
+      ip link set eth0 address ${router-config.router-settings.serverInitrdMac} || true
+    '';
+    postMountCommands = ''
+      ip link set eth0 address ${router-config.router-settings.serverMac} || true
+    '';
+    network.enable = true;
+    network.udhcpc.extraArgs = [ "-t6" ];
+    network.ssh = {
+      enable = true;
+      port = 22;
+      authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
+      hostKeys = [
+        "/secrets/initrd/ssh_host_rsa_key"
+        "/secrets/initrd/ssh_host_ed25519_key"
+      ];
+      # shell = "/bin/cryptsetup-askpass";
+    };
+    luks.devices."cryptroot" = {
+      device = encPart;
+      # idk whether this is needed but it works
+      preLVM = true;
+      # see https://asalor.blogspot.de/2011/08/trim-dm-crypt-problems.html before enabling
+      allowDiscards = true;
+      # improve SSD performance
+      bypassWorkqueues = true;
+    };
+  };
+
+  fileSystems = {
+    "/" =    { device = "none"; fsType = "tmpfs"; neededForBoot = true;
+               options = [ "defaults" "size=2G" "mode=755" ]; };
+    # TODO: switch to bcachefs?
+    # I wanna do it some day, but maybe starting with the next disk I get for this server
+    "/persist" =
+             { device = rootPart; fsType = "btrfs"; neededForBoot = true;
+               options = [ "subvol=@" "compress=zstd" ]; };
+    "/boot" =
+             { device = bootPart; fsType = "vfat"; neededForBoot = true; };
+  };
+
+  impermanence = {
+    enable = true;
+    path = /persist;
+    directories = [
+      { directory = /home/${config.common.mainUsername}; user = config.common.mainUsername; group = "users"; mode = "0700"; }
+      { directory = /root; mode = "0700"; }
+      { directory = /nix; }
+    ];
+  };
+}

system/hardware/bpi-r3/README.md

@@ -0,0 +1,5 @@
+# Required reading
+
+https://wiki.banana-pi.org/Banana_Pi_BPI-R3
+
+https://www.fw-web.de/dokuwiki/doku.php?id=en:bpi-r3:start

system/hardware/bpi-r3/default.nix

@@ -8,7 +8,8 @@
     generic-extlinux-compatible.enable = true;
   };
 
-  boot.kernelPackages = config._module.args.fromSourcePkgs.linuxPackages_bpiR3_ccache or pkgs.linuxPackages_bpiR3_ccache;
+  #boot.kernelPackages = config._module.args.fromSourcePkgs.linuxPackages_bpiR3_ccache or pkgs.linuxPackages_bpiR3_ccache;
+  boot.kernelPackages = config._module.args.fromSourcePkgs.linuxPackages_bpiR3 or pkgs.linuxPackages_bpiR3;
 
   hardware.deviceTree.enable = true;
   hardware.deviceTree.filter = "mt7986a-bananapi-bpi-r3.dtb";

system/hardware/msi-delta-15/revert-amd-ucode-update-fam17h.patch

@@ -1,18 +1,18 @@
 diff --git a/WHENCE b/WHENCE
-index dcb86fa..b92e529 100644
+index dbcdced..9ae8ff7 100644
 --- a/WHENCE
 +++ b/WHENCE
-@@ -3909,7 +3909,7 @@ Raw: amd-ucode/microcode_amd_fam16h.bin
+@@ -3919,7 +3919,7 @@ Version: 2018-05-24
+ RawFile: amd-ucode/microcode_amd_fam16h.bin
  Version: 2014-10-28
- File: amd-ucode/microcode_amd_fam17h.bin
- Raw: amd-ucode/microcode_amd_fam17h.bin
+ RawFile: amd-ucode/microcode_amd_fam17h.bin
 -Version: 2023-07-19
 +Version: 2023-04-13
- File: amd-ucode/microcode_amd_fam19h.bin
- Raw: amd-ucode/microcode_amd_fam19h.bin
- Version: 2023-07-18
+ RawFile: amd-ucode/microcode_amd_fam19h.bin
+ Version: 2023-08-08
+ File: amd-ucode/README
 diff --git a/amd-ucode/README b/amd-ucode/README
-index 1d39da3..4308fe2 100644
+index f47743c..5dc5108 100644
 --- a/amd-ucode/README
 +++ b/amd-ucode/README
 @@ -32,9 +32,8 @@ Microcode patches in microcode_amd_fam16h.bin:
@@ -25,7 +25,7 @@ index 1d39da3..4308fe2 100644
 +  Family=0x17 Model=0x31 Stepping=0x00: Patch=0x08301072 Length=3200 bytes
  
  Microcode patches in microcode_amd_fam19h.bin:
-   Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011d1 Length=5568 bytes
+   Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a10113e Length=5568 bytes
 diff --git a/amd-ucode/microcode_amd_fam17h.bin.asc b/amd-ucode/microcode_amd_fam17h.bin.asc
 index 34a4024..27da52c 100644
 --- a/amd-ucode/microcode_amd_fam17h.bin.asc

system/hardware/msi-delta-15/revert-amd-ucode-update-fam19h.patch

@@ -1,21 +1,21 @@
 diff --git a/WHENCE b/WHENCE
-index 54aadb0..99cee97 100644
+index dbcdced..dd7b8d5 100644
 --- a/WHENCE
 +++ b/WHENCE
-@@ -3924,7 +3924,7 @@ Raw: amd-ucode/microcode_amd_fam17h.bin
+@@ -3921,7 +3921,7 @@ Version: 2014-10-28
+ RawFile: amd-ucode/microcode_amd_fam17h.bin
  Version: 2023-07-19
- File: amd-ucode/microcode_amd_fam19h.bin
- Raw: amd-ucode/microcode_amd_fam19h.bin
+ RawFile: amd-ucode/microcode_amd_fam19h.bin
 -Version: 2023-08-08
 +Version: 2023-07-18
  File: amd-ucode/README
  
  License: Redistributable. See LICENSE.amd-ucode for details
 diff --git a/amd-ucode/README b/amd-ucode/README
-index fac1152..1d39da3 100644
+index f47743c..6a9ff1e 100644
 --- a/amd-ucode/README
 +++ b/amd-ucode/README
-@@ -37,19 +37,6 @@ Microcode patches in microcode_amd_fam17h.bin:
+@@ -37,22 +37,9 @@ Microcode patches in microcode_amd_fam17h.bin:
    Family=0x17 Model=0x01 Stepping=0x02: Patch=0x0800126e Length=3200 bytes
  
  Microcode patches in microcode_amd_fam19h.bin:
@@ -35,6 +35,9 @@ index fac1152..1d39da3 100644
 -When late loading the patches for Genoa or Bergamo, there may be one spurious
 -NMI observed per physical core. These NMIs are benign and don't cause any
 -functional issue but will result in kernel messages being logged.
+ 
+ NOTE: When running 5.19+ kernels on Genoa or Bergamo systems, some microcode
+ patches are known to trigger warnings in the PMI handler. The following are
 diff --git a/amd-ucode/microcode_amd_fam19h.bin.asc b/amd-ucode/microcode_amd_fam19h.bin.asc
 index 8cff901..a32b4d6 100644
 --- a/amd-ucode/microcode_amd_fam19h.bin.asc

system/hardware/radxa-rock5a/README.md

@@ -0,0 +1,11 @@
+# Radxa Rock 5A
+
+Use https://github.com/edk2-porting/edk2-rk3588 (A UEFI implementation)
+instead of U-Boot
+
+Mainline kernel works, as long as it's sufficiently new.
+
+I use the SATA hat, which needed an overlay to enable PCIe. Also, the
+ethernet adapter isn't connected via PCIe, it needs the `dwmac-rk`
+kernel module (normally it should be loaded automatically, but I need it
+in initrd).

system/hardware/radxa-rock5a/default.nix

@@ -0,0 +1,42 @@
+{ pkgs
+, config
+, ... }:
+
+{
+  boot.initrd.availableKernelModules = [
+    "ahci" "usbhid" "usb_storage"
+    # network in initrd
+    "dwmac-rk" 
+    # fde unlock in initrd
+    "dm_mod" "dm_crypt" "encrypted_keys"
+  ];
+
+  # TODO: switch to upstream when PCIe support works
+  # boot.kernelPackages = pkgs.linuxPackages_testing;
+  boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.buildLinux {
+    version = "6.6.0-rc1";
+    kernelPatches = [ ];
+    src = pkgs.fetchFromGitLab {
+      domain = "gitlab.collabora.com";
+      group = "hardware-enablement";
+      owner = "rockchip-3588";
+      repo = "linux";
+      rev = "f04271158aee35d270748301c5077231a75bc589";
+      hash = "sha256-B85162plbt92p51f/M82y2zOg3/TqrBWqgw80ksJVGc=";
+    };
+  });
+
+  boot.kernelParams = [ "boot.shell_on_fail" "dtb=/${config.hardware.deviceTree.name}" ];
+  hardware.deviceTree.enable = true;
+  hardware.deviceTree.name = "rockchip/rk3588s-rock-5a.dtb";
+  hardware.deviceTree.filter = "*-rock-5a*.dtb";
+  hardware.deviceTree.overlays = [ { name = "rock-5a-pcie"; filter = "*-rock-5a*.dtb"; dtsFile = ./rock-5a-pcie.dtso; } ];
+  nixpkgs.hostPlatform = "aarch64-linux";
+
+  # for a change, I have a big EFI partition on this device
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.systemd-boot.extraFiles.${config.hardware.deviceTree.name} = "${config.hardware.deviceTree.package}/${config.hardware.deviceTree.name}";
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  boot.initrd.compressor = "zstd";
+}

system/hardware/radxa-rock5a/rock-5a-pcie.dtso

@@ -0,0 +1,20 @@
+/dts-v1/;
+/plugin/;
+
+/ {
+	compatible = "radxa,rock-5a", "rockchip,rk3588s";
+
+	fragment@0 {
+		target = <&pcie2x1l2>;
+		__overlay__ {
+			status = "okay";
+		};
+	};
+
+	fragment@1 {
+		target = <&combphy0_ps>;
+		__overlay__ {
+			status = "okay";
+		};
+	};
+};

system/hosts/nixmsi.nix

@@ -36,7 +36,8 @@
       "vm.dirty_background_ratio" = 2;
       "vm.swappiness" = 40;
     };
-    kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
+    # TODO: uncomment when iwlwifi gets fixed, whenever that will be (broken in 6.5.5)
+    # kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
     /*kernelPackages = zenKernelPackages "6.1.9" "0fsmcjsawxr32fxhpp6sgwfwwj8kqymy0rc6vh4qli42fqmwdjgv";*/
   };
 

system/hosts/nixserver/home.nix

@@ -136,7 +136,7 @@ in {
   };
 
   services.hydra = {
-    enable = true;
+    enable = false;
     hydraURL = "home.${cfg.domainName}/hydra";
     listenHost = "127.0.0.1";
     minimumDiskFree = 30;
@@ -144,7 +144,10 @@ in {
     # smtpHost = "mail.${cfg.domainName}";
     useSubstitutes = true;
   };
-  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
+  boot.binfmt.emulatedSystems = {
+    "x86_64-linux" = [ "aarch64-linux" ];
+    "aarch64-linux" = [ "x86_64-linux" ];
+  }.${pkgs.system};
   nix.buildMachines = [
     {
       # there were some bugs related to not specifying the machine
@@ -153,7 +156,7 @@ in {
       protocol = null;
       maxJobs = 8;
       supportedFeatures = [ "kvm" "local" "nixos-test" "benchmark" "big-parallel" ];
-      systems = [ "builtin" "x86_64-linux" "i686-linux" "aarch64-linux" ];
+      systems = [ "builtin" "x86_64-linux" "aarch64-linux" ];
     }
   ];
   # limit CI CPU usage since I'm running everything else off this server too

system/hosts/nixserver/keycloak.nix

@@ -40,6 +40,7 @@ in {
   # https://<pleroma>/oauth/keycloak?scope=openid+profile
   # ...but this doesnt even work, the callback fails with %OAuth2.Error{reason: :invalid_request}
   # oh well
+  /*
   services.akkoma.config = {
     ":ueberauth" = let
       url = "https://keycloak.${cfg.domainName}";
@@ -76,8 +77,8 @@ in {
         version = "2.1.0";
        
         src = fetchHex {
-          pkg = "${name}";
-          version = "${version}";
+          pkg = name;
+          inherit version;
           sha256 = "0h9bps7gq7bac5gc3q0cgpsj46qnchpqbv5hzsnd2z9hnf2pzh4a";
         };
        
@@ -88,8 +89,8 @@ in {
         version = "0.4.0";
        
         src = fetchHex {
-          pkg = "${name}";
-          version = "${version}";
+          pkg = name;
+          inherit version;
           sha256 = "06r10w0azlpypjgggar1lf7h2yazn2dpyicy97zxkjyxgf9jfc60";
         };
        
@@ -101,5 +102,5 @@ in {
   systemd.services.akkoma = {
     environment.OAUTH_CONSUMER_STRATEGIES = "keycloak:ueberauth_keycloak_strategy";
     serviceConfig.EnvironmentFile = "/secrets/akkoma/envrc";
-  };
+  };*/
 }

system/hosts/router/default.nix

@@ -235,9 +235,15 @@ let
   # server
   serverAddress4 = addToIp parsedGatewayAddr4 1;
   serverAddress6 = addToIp parsedGatewayAddr6 1;
-  # robot vacuum
+  # robot vacuum (valetudo)
   vacuumAddress4 = addToIp parsedGatewayAddr4 2;
   vacuumAddress6 = addToIp parsedGatewayAddr6 2;
+  # light bulb (tasmota)
+  lightBulbAddress4 = addToIp parsedGatewayAddr4 3;
+  lightBulbAddress6 = addToIp parsedGatewayAddr6 3;
+  # server in initrd
+  serverInitrdAddress4 = addToIp parsedGatewayAddr4 4;
+  serverInitrdAddress6 = addToIp parsedGatewayAddr6 4;
 
   hosted-domains =
     builtins.filter (domain: domain != "localhost")
@@ -269,12 +275,20 @@ in {
       macAddress = cfg.serverMac; }
     { ipAddress = vacuumAddress4;
       macAddress = cfg.vacuumMac; }
+    { ipAddress = lightBulbAddress4;
+      macAddress = cfg.lightBulbMac; }
+    { ipAddress = serverInitrdAddress4;
+      macAddress = cfg.serverInitrdMac; }
   ];
   router-settings.dhcp6Reservations = [
     { ipAddress = serverAddress6;
       macAddress = cfg.serverMac; }
     { ipAddress = vacuumAddress6;
       macAddress = cfg.vacuumMac; }
+    { ipAddress = lightBulbAddress6;
+      macAddress = cfg.lightBulbMac; }
+    { ipAddress = serverInitrdAddress6;
+      macAddress = cfg.serverInitrdMac; }
   ];
 
   # dnat to server, take ports from its firewall config
@@ -310,7 +324,10 @@ in {
   }) ++ lib.flip map rangesUdpOnly (range: {
     port = notnft.dsl.range range.from range.to; tcp = false; udp = true;
     target4.address = serverAddress4; target6.address = serverAddress6;
-  });
+  }) ++ lib.toList {
+    port = 24; tcp = true; udp = true; target4.port = 22; target6.port = 22;
+    target4.address = serverInitrdAddress4; target6.address = serverInitrdAddress6;
+  };
 
   router.enable = true;
   # 2.4g ap

system/hosts/router/options.nix

@@ -13,10 +13,18 @@
       description = "server's mac address";
       type = lib.types.str;
     };
+    serverInitrdMac = lib.mkOption {
+      description = "server's mac address in initrd";
+      type = lib.types.str;
+    };
     vacuumMac = lib.mkOption {
       description = "robot vacuum's mac address";
       type = lib.types.str;
     };
+    lightBulbMac = lib.mkOption {
+      description = "light bulb's mac address";
+      type = lib.types.str;
+    };
     naughtyMacs = lib.mkOption {
       description = "misbehaving (using wrong DNS server) clients' macs";
       type = with lib.types; listOf str;