Compare commits

...

3 commits

Author SHA1 Message Date
chayleaf ef7340e32a
devices/oneplus-6-phone: init!!!!! 2023-12-19 11:24:27 +07:00
chayleaf 2de8bfdfe2
massive cleanup 2023-12-18 08:48:49 +07:00
chayleaf a624526c5b
add prometheus-ping-exporter; misc changes 2023-12-15 06:04:29 +07:00
31 changed files with 68739 additions and 542 deletions

View file

@ -218,16 +218,16 @@
"mobile-nixos": { "mobile-nixos": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1697544701, "lastModified": 1702959560,
"narHash": "sha256-u/59b13bwEqxR1x2l9SeSya2ZXABmjpUCdTrXVMLrsA=", "narHash": "sha256-3EmjKFKBypRGluGEY1oUMkQRBRDO5rZdzUXwTlRbUiY=",
"owner": "chayleaf", "owner": "chayleaf",
"repo": "mobile-nixos", "repo": "mobile-nixos",
"rev": "b3ec466c5abbda7de279dccb010ab10e74dd07ee", "rev": "55ec06035e85fcbda5caa6a73d045a9910fb16a2",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "chayleaf", "owner": "chayleaf",
"ref": "cleanup", "ref": "fix-op6-modem",
"repo": "mobile-nixos", "repo": "mobile-nixos",
"type": "github" "type": "github"
} }

299
flake.nix
View file

@ -8,7 +8,7 @@
nixos-hardware.url = "github:NixOS/nixos-hardware"; nixos-hardware.url = "github:NixOS/nixos-hardware";
mobile-nixos = { mobile-nixos = {
# url = "github:NixOS/mobile-nixos"; # url = "github:NixOS/mobile-nixos";
url = "github:chayleaf/mobile-nixos/cleanup"; url = "github:chayleaf/mobile-nixos/fix-op6-modem";
flake = false; flake = false;
}; };
impermanence.url = "github:nix-community/impermanence"; impermanence.url = "github:nix-community/impermanence";
@ -59,38 +59,34 @@
}; };
}; };
outputs = inputs@ outputs = base-inputs@{ self, nixpkgs, ... }:
{ self
, coop-ofd
, nixpkgs
, nixos-hardware
, mobile-nixos
, impermanence
, home-manager
, nur
, nix-gaming
, notlua
, notnft
, nixos-mailserver
, nixos-router
, maubot
, ... }:
let let
# --impure required for developing # --impure required for developing
# it takes the paths for modules from filesystem as opposed to flake inputs # it takes the paths for modules from filesystem as opposed to flake inputs
devNft = false; dev = {
devNixRt = false; # coop-ofd = true;
devMaubot = false; # maubot = true;
devCoopOfd = false; # mobile-nixos = true;
# nixos-router = true;
# notnft = true;
};
# IRL-related stuff I'd rather not put into git # IRL-related stuff I'd rather not put into git
priv = priv =
if builtins.pathExists ./private.nix then (import ./private.nix { }) if builtins.pathExists ./private.nix then import ./private.nix { }
else if builtins.pathExists ./private/default.nix then (import ./private { }) else if builtins.pathExists ./private/default.nix then import ./private { }
# workaround for git flakes not having access to non-checked out files # workaround for git flakes not having access to non-checked out files
else if builtins?extraBuiltins.secrets then builtins.extraBuiltins.secrets else if builtins?extraBuiltins.secrets then builtins.extraBuiltins.secrets
# yes, this is impure, this is a last ditch effort at getting access to secrets # yes, this is impure, this is a last ditch effort at getting access to secrets
else import /etc/nixos/private { }; else import /etc/nixos/private { };
devPath = priv.devPath or ../.; devPath = priv.devPath or ../.;
inputs = builtins.mapAttrs
(name: input:
if dev.${name} or false then
(if input._type or null == "flake"
then (import base-inputs.flake-compat { src = /${devPath}/${name}; }).defaultNix
else /${devPath}/${name})
else input)
base-inputs;
# if x has key s, get it. Otherwise return def # if x has key s, get it. Otherwise return def
# All private config for hostname # All private config for hostname
getPriv = hostname: priv.${hostname} or { }; getPriv = hostname: priv.${hostname} or { };
@ -99,20 +95,13 @@
# Private home-manager config for hostname and username # Private home-manager config for hostname and username
getPrivUser = hostname: user: (getPriv hostname).${user} or { }; getPrivUser = hostname: user: (getPriv hostname).${user} or { };
# extended lib # extended lib
lib = nixpkgs.lib // { lib = nixpkgs.lib // import ./lib.nix { inherit (nixpkgs) lib; };
quoteListenAddr = addr:
if nixpkgs.lib.hasInfix ":" addr then "[${addr}]" else addr;
};
# can't use callPackage ./pkgs here, idk why; use import instead # can't use callPackage ./pkgs here, idk why; use import instead
overlay' = args: self: super: import ./pkgs ({ overlay' = args: self: super: import ./pkgs ({
pkgs = super; pkgs = super;
pkgs' = self; pkgs' = self;
lib = super.lib; lib = super.lib;
nur = import nur { inherit inputs;
pkgs = super;
nurpkgs = super;
};
nix-gaming = nix-gaming.packages.${super.system};
} // args); } // args);
overlay = overlay' { }; overlay = overlay' { };
# I override some settings down the line, but overlays always stay the same # I override some settings down the line, but overlays always stay the same
@ -129,182 +118,37 @@
system = "aarch64-linux"; system = "aarch64-linux";
modules = [ modules = [
{ {
_module.args.server-config = nixosConfigurations.server.config; _module.args.server-config = self.nixosConfigurations.server.config;
_module.args.notnft = if devNft then (import /${devPath}/notnft { inherit (nixpkgs) lib; }).config.notnft else notnft.lib.${system}; _module.args.notnft = inputs.notnft.lib.${system};
} }
(if devNixRt then import /${devPath}/nixos-router else nixos-router.nixosModules.default) inputs.nixos-router.nixosModules.default
]; ];
}; };
crossConfig' = from: config: config // { in {
modules = config.modules ++ [
{
_module.args.fromSourcePkgs = (mkPkgs { system = from; }).pkgsCross.${{
aarch64-linux = "aarch64-multiplatform";
}.${config.system}};
}
];
};
crossConfig = config: crossConfig' ({
x86_64-linux = "aarch64-linux";
aarch64-linux = "x86_64-linux";
}.${config.system}) config;
in rec {
router-emmc = mkBpiR3 "emmc" routerConfig; router-emmc = mkBpiR3 "emmc" routerConfig;
router-sd = mkBpiR3 "sd" routerConfig; router-sd = mkBpiR3 "sd" routerConfig;
router-emmc-cross = crossConfig router-emmc;
router-sd-cross = crossConfig router-emmc;
server = { server = {
system = "aarch64-linux"; system = "aarch64-linux";
modules = [ modules = [
{ _module.args.router-config = nixosConfigurations.router-emmc.config; } { _module.args.router-config = self.nixosConfigurations.router-emmc.config; }
nixos-mailserver.nixosModules.default
./system/devices/radxa-rock5a-server.nix ./system/devices/radxa-rock5a-server.nix
(if devMaubot then import /${devPath}/maubot.nix/module else maubot.nixosModules.default)
(if devCoopOfd then import /${devPath}/coop-ofd else coop-ofd).nixosModules.default
./system/modules/scanservjs.nix
./system/modules/qbittorrent.nix
]; ];
}; };
server-cross = crossConfig server;
nixmsi = rec { nixmsi = rec {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [ ./system/devices/msi-delta-15-workstation.nix ];
nix-gaming.nixosModules.pipewireLowLatency
./system/devices/msi-delta-15-workstation.nix
];
home.common.enableNixosModule = false;
home.common.extraSpecialArgs = { home.common.extraSpecialArgs = {
notlua = notlua.lib.${system}; notlua = inputs.notlua.lib.${system};
}; };
home.user = [ home.user = [ ./home/hosts/nixmsi.nix ];
nur.nixosModules.nur
./home/hosts/nixmsi.nix
];
}; };
nixmsi-cross = crossConfig nixmsi;
phone = { phone = {
system = "aarch64-linux"; system = "aarch64-linux";
modules = [ modules = [ ./system/devices/oneplus-6-phone.nix ];
(import "${mobile-nixos}/lib/configuration.nix" {
device = "oneplus-enchilada";
})
./system/hosts/phone/default.nix
];
}; };
phone-cross = crossConfig phone;
}; };
# this is the system config processing part
nixosConfigurations = builtins.mapAttrs (hostname: args @ { system, modules, specialArgs ? {}, nixpkgs ? {}, home ? {}, ... }:
lib.nixosSystem ({
inherit system;
# allow modules to access nixpkgs directly, use customized lib,
# and pass nixos-harware to let hardware modules import parts of nixos-hardware
specialArgs = {
inherit lib nixpkgs;
hardware = nixos-hardware.nixosModules;
} // specialArgs;
modules = modules ++ [
# Third-party NixOS modules
impermanence.nixosModule
# My custom NixOS modules
./system/modules/vfio.nix
./system/modules/ccache.nix
./system/modules/impermanence.nix
./system/modules/common.nix
(getPrivSys hostname)
# The common configuration that isn't part of common.nix
({ config, pkgs, lib, ... }: {
networking.hostName = lib.mkDefault hostname;
nixpkgs.overlays = [ overlay ];
nix.extraOptions = ''
plugin-files = ${pkgs.nix-plugins.override { nix = config.nix.package; }}/lib/nix/plugins/libnix-extra-builtins.so
'';
# registry is used for the new flaky nix command
nix.registry =
builtins.mapAttrs
(_: v: { flake = v; })
(lib.filterAttrs (_: v: v?outputs) inputs);
# add import'able flake inputs (like nixpkgs) to nix path
# nix path is used for old nix commands (like nix-build, nix-shell)
environment.etc = lib.mapAttrs'
(name: value: {
name = "nix/inputs/${name}";
value = { source = value.outPath; };
})
(lib.filterAttrs (_: v: builtins.pathExists "${v}/default.nix") inputs);
nix.nixPath = [ "/etc/nix/inputs" ];
})
]
# the following is NixOS home-manager module configuration. Currently unused, but I might start using it for some hosts later.
++ (lib.optionals (home != {} && ((home.common or {}).enableNixosModule or true)) [
home-manager.nixosModules.home-manager
{
home-manager = builtins.removeAttrs (home.common or { }) [ "nixpkgs" "nix" "enableNixosModule" ];
}
{
# set both to false to match behavior with standalone home-manager
home-manager.useGlobalPkgs = false;
home-manager.useUserPackages = false;
home-manager.users = builtins.mapAttrs (username: modules: {
imports = modules ++ [
{
nixpkgs = (home.common or { }).nixpkgs or { };
nix = (home.common or { }).nix or { };
}
({ config, pkgs, lib, ...}: {
nixpkgs.overlays = [ overlay ];
nix.package = lib.mkDefault pkgs.nixForNixPlugins;
# this is only needed if nixos doesnt set plugin-files already
/*nix.extraOptions = ''
plugin-files = ${pkgs.nix-plugins.override { nix = config.nix.package; }}/lib/nix/plugins/libnix-extra-builtins.so
'';*/
})
(getPrivUser hostname username)
];
}) (builtins.removeAttrs home [ "common" ]);
}
]);
} // (builtins.removeAttrs args [ "home" "modules" "nixpkgs" ])))
config;
# for each hostname, for each user, generate an attribute "${user}@${hostname}"
homeConfigurations =
builtins.foldl'
(a: b: a // b)
{ }
(builtins.concatLists
(lib.mapAttrsToList
(hostname: sysConfig:
let
inherit (sysConfig) system;
common' = builtins.removeAttrs (sysConfig.home.common or { }) [ "nix" "nixpkgs" "enableNixosModule" ];
pkgs = mkPkgs ({ inherit system; } // ((sysConfig.home.common or { }).nixpkgs or {}));
common = common' // { inherit pkgs; };
in
lib.mapAttrsToList
# this is where actual config takes place
(user: homeConfig: {
"${user}@${hostname}" = home-manager.lib.homeManagerConfiguration (common // {
modules = homeConfig ++ [
(getPrivUser hostname user)
({ config, pkgs, lib, ... }: {
nixpkgs.overlays = [ overlay ];
nix.package = lib.mkDefault pkgs.nixForNixPlugins;
# this is only needed if nixos doesnt set plugin-files already
/*nix.extraOptions = ''
plugin-files = ${pkgs.nix-plugins.override { nix = config.nix.package; }}/lib/nix/plugins/libnix-extra-builtins.so
'';*/
})
];
});
})
(builtins.removeAttrs (sysConfig.home or { }) [ "common" ]))
config));
in { in {
inherit nixosConfigurations homeConfigurations;
overlays.default = overlay; overlays.default = overlay;
packages = lib.genAttrs [ packages = lib.genAttrs [
"x86_64-linux" "x86_64-linux"
@ -312,24 +156,87 @@
] (system: let self = overlay' { isOverlay = false; } (mkPkgs { inherit system; } // self) (import nixpkgs { inherit system; }); in self); ] (system: let self = overlay' { isOverlay = false; } (mkPkgs { inherit system; } // self) (import nixpkgs { inherit system; }); in self);
nixosImages.router = let pkgs = mkPkgs { inherit (config.router-emmc) system; }; in { nixosImages.router = let pkgs = mkPkgs { inherit (config.router-emmc) system; }; in {
emmcImage = pkgs.callPackage ./system/hardware/bpi-r3/image.nix { emmcImage = pkgs.callPackage ./system/hardware/bpi-r3/image.nix {
inherit (nixosConfigurations.router-emmc) config; inherit (self.nixosConfigurations.router-emmc) config;
rootfsImage = nixosConfigurations.router-emmc.config.system.build.rootfsImage; rootfsImage = self.nixosConfigurations.router-emmc.config.system.build.rootfsImage;
bpiR3Stuff = pkgs.bpiR3StuffEmmc; bpiR3Stuff = pkgs.bpiR3StuffEmmc;
}; };
sdImage = pkgs.callPackage ./system/hardware/bpi-r3/image.nix { sdImage = pkgs.callPackage ./system/hardware/bpi-r3/image.nix {
inherit (nixosConfigurations.router-sd) config; inherit (self.nixosConfigurations.router-sd) config;
rootfsImage = nixosConfigurations.router-sd.config.system.build.rootfsImage; rootfsImage = self.nixosConfigurations.router-sd.config.system.build.rootfsImage;
bpiR3Stuff = pkgs.bpiR3StuffSd; bpiR3Stuff = pkgs.bpiR3StuffSd;
}; };
}; };
nixosImages.phone = nixosConfigurations.phone.config.mobile.outputs.disk-image;
nixosImages.phone-fastboot = nixosConfigurations.phone.config.mobile.outputs.android.android-fastboot-image;
hydraJobs = { hydraJobs = {
server.${config.server.system} = nixosConfigurations.server.config.system.build.toplevel; server.${config.server.system} = self.nixosConfigurations.server.config.system.build.toplevel;
workstation.${config.nixmsi.system} = nixosConfigurations.nixmsi.config.system.build.toplevel; workstation.${config.nixmsi.system} = self.nixosConfigurations.nixmsi.config.system.build.toplevel;
router.${config.router-emmc.system} = nixosConfigurations.router-emmc.config.system.build.toplevel; router.${config.router-emmc.system} = self.nixosConfigurations.router-emmc.config.system.build.toplevel;
workstation-home.${config.nixmsi.system} = homeConfigurations."user@nixmsi".activation-script; workstation-home.${config.nixmsi.system} = self.homeConfigurations."user@nixmsi".activation-script;
}; };
# this is the system config processing part
nixosConfigurations = lib.flip builtins.mapAttrs config (hostname: args @ { modules, nixpkgs ? {}, home ? {}, ... }:
lib.nixosSystem {
inherit (args) system;
# allow modules to access nixpkgs directly, use customized lib,
# and pass nixos-harware to let hardware modules import parts of nixos-hardware
specialArgs = {
inherit inputs lib;
hardware = inputs.nixos-hardware.nixosModules;
} // args.specialArgs or { };
modules = args.modules or [ ]
++ [
(getPrivSys hostname)
{ networking.hostName = lib.mkDefault hostname;
nixpkgs.overlays = [ overlay ]; }
inputs.impermanence.nixosModule
]
++ map (x: ./system/modules/${x}) (builtins.attrNames (builtins.readDir ./system/modules))
# the following is NixOS home-manager module configuration. Currently unused, but I might start using it for some hosts later.
++ lib.optionals (home != { } && home.common.enableNixosModule or false) [
inputs.home-manager.nixosModules.home-manager
{ home-manager = builtins.removeAttrs (home.common or { }) [ "nixpkgs" "nix" "enableNixosModule" ]; }
{ # set both to false to match behavior with standalone home-manager
home-manager.useGlobalPkgs = false;
home-manager.useUserPackages = false;
home-manager.users = builtins.mapAttrs (username: modules: {
imports = modules ++ [
{ nixpkgs = home.common.nixpkgs or { };
nix = home.common.nix or { }; }
({ config, pkgs, lib, ...}: {
nixpkgs.overlays = [ overlay ];
nix.package = lib.mkDefault pkgs.nixForNixPlugins; })
(getPrivUser hostname username)
];
}) (builtins.removeAttrs home [ "common" ]); }
];
});
# for each hostname, for each user, generate an attribute "${user}@${hostname}"
homeConfigurations =
builtins.listToAttrs (builtins.concatLists
(lib.flip lib.mapAttrsToList config
(hostname: { system, home ? {}, ... }:
let
common' = builtins.removeAttrs (home.common or { }) [ "nix" "nixpkgs" "enableNixosModule" ];
pkgs = mkPkgs ({ inherit system; } // home.common.nixpkgs or { });
common = common' // { inherit pkgs; };
in
lib.flip lib.mapAttrsToList (builtins.removeAttrs home [ "common" ])
# this is where actual config takes place
(user: homeConfig: lib.nameValuePair "${user}@${hostname}"
(inputs.home-manager.lib.homeManagerConfiguration (common // {
extraSpecialArgs = (common.extraSpecialArgs or { }) // { inherit inputs; };
modules =
homeConfig
++ common.modules or [ ]
++ [
(getPrivUser hostname user)
({ pkgs, lib, ... }: {
nixpkgs.overlays = [ overlay ];
nix.package = lib.mkDefault pkgs.nixForNixPlugins;
})
];
}))))));
}; };
} }

View file

@ -147,6 +147,7 @@
readline = { readline = {
enable = true; enable = true;
variables.editing-mode = "vi"; variables.editing-mode = "vi";
variables.show-mode-in-prompt = true;
}; };
nix-index = { nix-index = {
enable = true; enable = true;

View file

@ -1,4 +1,9 @@
{ pkgs, lib, ... }: { pkgs
, lib
, inputs,
...
}:
{ {
imports = [ imports = [
../common/general.nix ../common/general.nix
@ -7,6 +12,7 @@
../common/nvim.nix ../common/nvim.nix
../common/helix.nix ../common/helix.nix
../common/kakoune.nix ../common/kakoune.nix
inputs.nur.nixosModules.nur
]; ];
nix.settings = { nix.settings = {

6
lib.nix Normal file
View file

@ -0,0 +1,6 @@
{ lib, ... }:
{
quoteListenAddr = addr:
if lib.hasInfix ":" addr then "[${addr}]" else addr;
}

View file

@ -0,0 +1,51 @@
{ lib
, stdenv
, fetchFromGitLab
, meson
, ninja
, pkg-config
, libinput
, libxkbcommon
, libevdev
}:
stdenv.mkDerivation {
pname = "buffyboard";
version = "unstable-2023-11-20";
src = fetchFromGitLab {
owner = "postmarketOS";
repo = "buffybox";
rev = "14b30c60183d98e8d0b4dadf66198e08badf631e";
hash = "sha256-9wLuTAqYoFl+IAR1ixp0nHwh6jBWl+1jDPhhxqE+LHQ=";
fetchSubmodules = true;
};
# https://gitlab.com/postmarketOS/buffybox/-/issues/1
hardeningDisable = [ "fortify3" ];
postPatch = ''
cd buffyboard
'';
nativeBuildInputs = [
meson
ninja
pkg-config
];
buildInputs = [
libevdev
libinput
libxkbcommon
];
meta = with lib; {
description = "";
homepage = "https://gitlab.com/postmarketOS/buffybox/-/tree/master/buffyboard";
license = licenses.gpl3Only;
maintainers = with maintainers; [ chayleaf ];
mainProgram = "buffyboard";
platforms = platforms.all;
};
}

View file

@ -1,20 +1,25 @@
{ pkgs { pkgs
, lib , lib
, nur , inputs
, nix-gaming
, pkgs' ? pkgs , pkgs' ? pkgs
, isOverlay ? true , isOverlay ? true
, ... }: , ...
}:
let let
inherit (pkgs') callPackage; inherit (pkgs') callPackage;
sources = import ./_sources/generated.nix { sources = import ./_sources/generated.nix {
inherit (pkgs) fetchgit fetchurl fetchFromGitHub dockerTools; inherit (pkgs) fetchgit fetchurl fetchFromGitHub dockerTools;
}; };
nixForNixPlugins = pkgs.nixVersions.nix_2_18; nixForNixPlugins = pkgs.nixVersions.nix_2_18;
nur = import inputs.nur {
inherit pkgs;
nurpkgs = pkgs;
};
in in
{ {
inherit (nix-gaming) faf-client osu-lazer-bin; inherit (inputs.nix-gaming.packages.${pkgs.system}) faf-client osu-lazer-bin;
inherit nixForNixPlugins; inherit nixForNixPlugins;
nix = nixForNixPlugins; nix = nixForNixPlugins;
nixVersions = pkgs.nixVersions.extend (self: super: { nixVersions = pkgs.nixVersions.extend (self: super: {
@ -63,6 +68,7 @@ in
meta = builtins.removeAttrs old.meta [ "broken" ]; meta = builtins.removeAttrs old.meta [ "broken" ];
});*/ });*/
buffyboard = pkgs.callPackage ./buffyboard { };
clang-tools_latest = pkgs.clang-tools_16; clang-tools_latest = pkgs.clang-tools_16;
clang_latest = pkgs.clang_16; clang_latest = pkgs.clang_16;
/*ghidra = pkgs.ghidra.overrideAttrs (old: { /*ghidra = pkgs.ghidra.overrideAttrs (old: {
@ -108,6 +114,7 @@ in
kvmfrOverlay = kvmfr: kvmfr.overrideAttrs (old: { kvmfrOverlay = kvmfr: kvmfr.overrideAttrs (old: {
inherit (pkgs'.looking-glass-client) version src; inherit (pkgs'.looking-glass-client) version src;
}); });
ping-exporter = callPackage ./ping-exporter { };
proton-ge = pkgs.stdenvNoCC.mkDerivation { proton-ge = pkgs.stdenvNoCC.mkDerivation {
inherit (sources.proton-ge) pname version src; inherit (sources.proton-ge) pname version src;
installPhase = '' installPhase = ''
@ -155,3 +162,4 @@ in
} }
// import ./ccache.nix { inherit pkgs pkgs' lib sources; } // import ./ccache.nix { inherit pkgs pkgs' lib sources; }
// import ../system/hardware/bpi-r3/pkgs.nix { inherit pkgs pkgs' lib sources; } // import ../system/hardware/bpi-r3/pkgs.nix { inherit pkgs pkgs' lib sources; }
// import ../system/hardware/oneplus-enchilada/pkgs.nix { inherit inputs pkgs pkgs' lib sources; }

View file

@ -0,0 +1,24 @@
{ lib
, fetchFromGitHub
, rustPlatform
}:
rustPlatform.buildRustPackage rec {
pname = "ping-exporter";
version = "0.1";
src = fetchFromGitHub {
owner = "chayleaf";
repo = "ping-exporter";
rev = "cf5e5f7e96fb477e015d44cd462fb996b944c896";
hash = "sha256-eZncfKTegLp+KBnAds8YR7ZMN8i7jDIIN8qt7832+0Y=";
};
cargoLock.lockFile = "${src}/Cargo.lock";
meta = with lib; {
description = "A ping exporter for Prometheus";
license = with lib.licenses; [ mit asl20 ];
maintainers = with lib.maintainers; [ chayleaf ];
};
}

View file

@ -14,6 +14,12 @@ in
]; ];
networking.hostName = "nixos-router"; networking.hostName = "nixos-router";
systemd.enableEmergencyMode = false;
boot.kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
};
fileSystems = { fileSystems = {
# mount root on tmpfs # mount root on tmpfs
"/" = { device = "none"; fsType = "tmpfs"; neededForBoot = true; "/" = { device = "none"; fsType = "tmpfs"; neededForBoot = true;

View file

@ -0,0 +1,62 @@
{ config
, lib
, ...
}:
let
uuids.enc = "e2abdea5-71dc-4a9e-aff3-242117342d60";
uuids.boot = "9DA3-28AC";
uuids.bch = "ac343ffb-407c-4966-87bf-a0ef1075e93d";
parts = builtins.mapAttrs (k: v: "/dev/disk/by-uuid/${v}") uuids;
in
{
imports = [
../hardware/oneplus-enchilada
../hosts/phone
];
# https://gitlab.com/postmarketOS/pmaports/-/issues/2440
# networking.wireless.iwd.enable = true;
networking.modemmanager.enable = lib.mkForce false;
networking.networkmanager.enable = true;
boot.loader = {
grub.enable = false;
systemd-boot.enable = true;
efi.canTouchEfiVariables = false;
};
boot.initrd = {
luks.devices.cryptroot = {
device = parts.enc;
allowDiscards = true;
};
};
boot.supportedFilesystems = [ "bcachefs" ];
fileSystems = let
neededForBoot = true;
in {
"/" = { device = "none"; fsType = "tmpfs"; inherit neededForBoot;
options = [ "defaults" "size=2G" "mode=755" ]; };
"/persist" =
{ device = "UUID=${uuids.bch}"; fsType = "bcachefs"; inherit neededForBoot;
options = [ "errors=ro" ]; };
"/boot" = { device = parts.boot; fsType = "vfat"; inherit neededForBoot; };
};
zramSwap.enable = true;
impermanence = {
enable = true;
path = /persist;
directories = [
{ directory = /home/${config.common.mainUsername}; user = config.common.mainUsername; group = "users"; mode = "0700"; }
{ directory = /root; mode = "0700"; }
{ directory = /nix; }
{ directory = /secrets; mode = "0000"; }
];
};
}

View file

@ -29,6 +29,12 @@ in
"dm_mod" "dm_crypt" "encrypted_keys" "dm_mod" "dm_crypt" "encrypted_keys"
]; ];
systemd.enableEmergencyMode = false;
boot.kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
};
networking.useDHCP = true; networking.useDHCP = true;
/* /*
# as expected, systemd initrd and networking didn't work well, and i really cba to debug it # as expected, systemd initrd and networking didn't work well, and i really cba to debug it

View file

@ -8,8 +8,7 @@
generic-extlinux-compatible.enable = true; generic-extlinux-compatible.enable = true;
}; };
#boot.kernelPackages = config._module.args.fromSourcePkgs.linuxPackages_bpiR3_ccache or pkgs.linuxPackages_bpiR3_ccache; boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.buildLinuxWithCcache pkgs.linux_bpiR3);
boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.buildLinuxWithCcache (config._module.args.fromSourcePkgs.linux_bpiR3 or pkgs.linux_bpiR3));
hardware.deviceTree.enable = true; hardware.deviceTree.enable = true;
hardware.deviceTree.filter = "mt7986a-bananapi-bpi-r3.dtb"; hardware.deviceTree.filter = "mt7986a-bananapi-bpi-r3.dtb";

View file

@ -24,45 +24,4 @@
"amdgpu.noretry=0" "amdgpu.noretry=0"
]; ];
}; };
# TODO: really, really, please, I want latest firmware to work...
nixpkgs.overlays = [
(final: prev: {
amd-ucode = prev.amd-ucode.override { inherit (final) linux-firmware; };
linux-firmware = prev.stdenvNoCC.mkDerivation {
inherit (prev.linux-firmware) pname version meta src dontFixup installFlags nativeBuildInputs;
passthru = { inherit (prev.linux-firmware) version; };
# revert microcode updates which break boot for me
patches = [
./revert-amd-ucode-update-fam17h.patch
./revert-amd-ucode-update-fam19h.patch
];
postPatch = ''
cp ${final.fetchurl {
name = "microcode_amd_fam17h.bin";
url = "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/amd-ucode/microcode_amd_fam17h.bin?id=b250b32ab1d044953af2dc5e790819a7703b7ee6";
hash = "sha256-HnKjEb2di7BiKB09JYUjIUuZNCVgXlwRSbjijnuYBcM=";
}} amd-ucode/microcode_amd_fam17h.bin
cp ${final.fetchurl {
name = "microcode_amd_fam19h.bin";
url = "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/amd-ucode/microcode_amd_fam19h.bin?id=0ab353f8d8aa96d68690911cea22ec538f3095c4";
hash = "sha256-LlA+E4EVQpfjD3/cg6Y52BsCGW/5ZfY0J2UnCUI/3MQ";
}} amd-ucode/microcode_amd_fam19h.bin
'';
};
})
];
specialisation.no_patches.configuration = {
nixpkgs.overlays = [
(final: prev: {
amd-ucode = prev.amd-ucode.override { inherit (final) linux-firmware; };
linux-firmware = prev.stdenvNoCC.mkDerivation {
inherit (prev.linux-firmware) pname version meta src dontFixup installFlags nativeBuildInputs;
passthru = { inherit (prev.linux-firmware) version; };
patches = [ ];
postPatch = "";
};
})
];
};
} }

View file

@ -1,52 +0,0 @@
diff --git a/WHENCE b/WHENCE
index dbcdced..9ae8ff7 100644
--- a/WHENCE
+++ b/WHENCE
@@ -3919,7 +3919,7 @@ Version: 2018-05-24
RawFile: amd-ucode/microcode_amd_fam16h.bin
Version: 2014-10-28
RawFile: amd-ucode/microcode_amd_fam17h.bin
-Version: 2023-07-19
+Version: 2023-04-13
RawFile: amd-ucode/microcode_amd_fam19h.bin
Version: 2023-08-08
File: amd-ucode/README
diff --git a/amd-ucode/README b/amd-ucode/README
index f47743c..5dc5108 100644
--- a/amd-ucode/README
+++ b/amd-ucode/README
@@ -32,9 +32,8 @@ Microcode patches in microcode_amd_fam16h.bin:
Microcode patches in microcode_amd_fam17h.bin:
Family=0x17 Model=0x08 Stepping=0x02: Patch=0x0800820d Length=3200 bytes
- Family=0x17 Model=0x31 Stepping=0x00: Patch=0x0830107a Length=3200 bytes
- Family=0x17 Model=0xa0 Stepping=0x00: Patch=0x08a00008 Length=3200 bytes
Family=0x17 Model=0x01 Stepping=0x02: Patch=0x0800126e Length=3200 bytes
+ Family=0x17 Model=0x31 Stepping=0x00: Patch=0x08301072 Length=3200 bytes
Microcode patches in microcode_amd_fam19h.bin:
Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a10113e Length=5568 bytes
diff --git a/amd-ucode/microcode_amd_fam17h.bin.asc b/amd-ucode/microcode_amd_fam17h.bin.asc
index 34a4024..27da52c 100644
--- a/amd-ucode/microcode_amd_fam17h.bin.asc
+++ b/amd-ucode/microcode_amd_fam17h.bin.asc
@@ -1,11 +1,11 @@
-----BEGIN PGP SIGNATURE-----
-iQEzBAABCgAdFiEE/HxsUF2vzBRxg1fK5L5TOfMornMFAmS4Mm4ACgkQ5L5TOfMo
-rnN35wgAkllCunxE6J5hQyLMx5o4WTHZkbNvXmu6nV1Y3vjiL1oeaK+pmx8BlkPt
-fGZJCe/068kqmp3N4EtOZLxXn55t3jNBYectPr0RmFqpjMsEJEcfXfuXROA4N9Ti
-Zd/o6X21eHEsm0kK0q4YfppfgTd5Ze7k1jTkUuuU6/yh6uRk1MiFreEzkPO3Aayh
-iEWlYx33vq3HccTPgdY3D64Zr8gmgKG+8mdEvqb1jK4SVZ1/9vy4OKIIpUZB/eqx
-46h9Ejwn9pktnYkHi/A/zCREEcIQ10HXFF5bjxJTFQkM5S46/QEO7uuvnpMb+6Yy
-4V1/QIWMG6ixqCRx9GqbBK7GHdYODw==
-=+IsI
+iQEzBAABCgAdFiEE/HxsUF2vzBRxg1fK5L5TOfMornMFAmQeEvgACgkQ5L5TOfMo
+rnPOpAf/dYhPqq/ktg1muI/khV4EhDiguX6OXib3fmfSZdvPIAI0cRI77M3Lvf0b
+nlV8D67e5HOQ5foJbix5tunz0sZjqr2QU8U9dNk/ut0KC7UiCRc8VH40aSi/OQBG
+Y8c7tb6IJ+N+jyJ6Ii6koUuRO2Lk2MckcrWLRuLRV4bB+osyJrGjc/X54Z6UJ/Ma
+VDg13Yxy5WvC7sMmlmnY42JLeLBKDVUvg0zDvJ4aOLLxRE2l3eiAKE+TV122LmxN
+ca5WA/ESYQ9BjxHYIrpTd9nQaWa/TIZ+rOmJGLMtnQ1gGlW97zQuJR7zh+8vdLzC
+iwVlS1cu7kcV7KYDytTkWJ+2gwb3uQ==
+=lP2S
-----END PGP SIGNATURE-----

View file

@ -1,64 +0,0 @@
diff --git a/WHENCE b/WHENCE
index dbcdced..dd7b8d5 100644
--- a/WHENCE
+++ b/WHENCE
@@ -3921,7 +3921,7 @@ Version: 2014-10-28
RawFile: amd-ucode/microcode_amd_fam17h.bin
Version: 2023-07-19
RawFile: amd-ucode/microcode_amd_fam19h.bin
-Version: 2023-10-19
+Version: 2023-07-18
File: amd-ucode/README
License: Redistributable. See LICENSE.amd-ucode for details
diff --git a/amd-ucode/README b/amd-ucode/README
index f47743c..6a9ff1e 100644
--- a/amd-ucode/README
+++ b/amd-ucode/README
@@ -37,22 +37,9 @@ Microcode patches in microcode_amd_fam17h.bin:
Family=0x17 Model=0x01 Stepping=0x02: Patch=0x0800126e Length=3200 bytes
Microcode patches in microcode_amd_fam19h.bin:
- Family=0x19 Model=0x11 Stepping=0x02: Patch=0x0a101244 Length=5568 bytes
Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011d1 Length=5568 bytes
Family=0x19 Model=0x01 Stepping=0x00: Patch=0x0a001079 Length=5568 bytes
- Family=0x19 Model=0xa0 Stepping=0x02: Patch=0x0aa00213 Length=5568 bytes
Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001234 Length=5568 bytes
- Family=0x19 Model=0xa0 Stepping=0x01: Patch=0x0aa00116 Length=5568 bytes
- Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a101144 Length=5568 bytes
-
-NOTE: For Genoa (Family=0x19 Model=0x11) and Bergamo (Family=0x19 Model=0xa0),
-either AGESA version >= 1.0.0.8 OR a kernel with the following commit is
-required:
-a32b0f0db3f3 ("x86/microcode/AMD: Load late on both threads too")
-
-When late loading the patches for Genoa or Bergamo, there may be one spurious
-NMI observed per physical core. These NMIs are benign and don't cause any
-functional issue but will result in kernel messages being logged.
NOTE: When running 5.19+ kernels on Genoa or Bergamo systems, some microcode
patches are known to trigger warnings in the PMI handler. The following are
diff --git a/amd-ucode/microcode_amd_fam19h.bin.asc b/amd-ucode/microcode_amd_fam19h.bin.asc
index 8cff901..a32b4d6 100644
--- a/amd-ucode/microcode_amd_fam19h.bin.asc
+++ b/amd-ucode/microcode_amd_fam19h.bin.asc
@@ -1,11 +1,11 @@
-----BEGIN PGP SIGNATURE-----
-iQEzBAABCgAdFiEE/HxsUF2vzBRxg1fK5L5TOfMornMFAmUoW6AACgkQ5L5TOfMo
-rnMHAAf/SxaKEu5l7FGXR+QJYc2oSJDpf9ZsHTkVnxqF1I3ReItEGAR3iqSWrsRw
-KA4niP9Ihr8EqwhOaOtqkRKKF9D5yg+DksnRWbh2VTUECO4KQxjHNrPp3JWEzBwb
-Xn+vRVP02ZRi3u4MCYbnDC4AfUSnKnldY3TTlNi/6HUaGS2pcw8Vjli/C06zwfgh
-WwUAoFMQl4SDJhbGfC9cb93MKjBl/0Hv4uhK5W8fJ1iUkMvY8Ijna/oDTZCNPqP0
-0AgOwdAdzoyOYWjbUXcwofz2Umpz12xmJW8yXNwdv1pmaCvv9aCJz1L49lGwFH9E
-lhhoFQ1SQL3hhPjTXO6DbeeT9+fjOg==
-=9Xav
+iQEzBAABCgAdFiEE/HxsUF2vzBRxg1fK5L5TOfMornMFAmS3F00ACgkQ5L5TOfMo
+rnNEhQgAizSV8IFpvaYNytaJKLA4uevrZneGPV4czjCXnnj1yHpfQmCTyZQnoLnx
+7gyzf7K5271zO51FBQ5z2Nm48a3XPUhMbQLNP4BZdekLiA3bRpMtSyHct6zD0ULm
+xaFaOQ7MR1tGADhlon1bDvtnOuixUhwrZhEIlR9MzQAzERKDMOAVTbxn9ZhMfYiT
+LhA791Blyyi+6Z9uh7BpaA8l8uvoxt+uuvlBTjQMR3ER/TEjgcsoy+XhhK4QKS0V
+wJCtcDle/3pF+N6SAFWiXbNZ+P8p19afhcYddDl97xtpzA6/8b20a2eHkrqnu/Ds
+jTozF9kmhiifYMYpXtXgSOwI3GRZbQ==
+=t+j1
-----END PGP SIGNATURE-----

View file

@ -0,0 +1,28 @@
diff --git a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig
index b60aa1f8934..0e3191950d5 100644
--- a/arch/arm64/configs/defconfig
+++ b/arch/arm64/configs/defconfig
@@ -1317,8 +1317,9 @@ CONFIG_QCOM_AOSS_QMP=y
CONFIG_QCOM_COMMAND_DB=y
CONFIG_QCOM_CPR=y
CONFIG_QCOM_GENI_SE=y
-CONFIG_QCOM_LLCC=m
-CONFIG_QCOM_OCMEM=m
+CONFIG_QCOM_LLCC=y
+CONFIG_QCOM_OCMEM=y
+CONFIG_BACKLIGHT_CLASS_DEVICE=y
CONFIG_QCOM_PMIC_GLINK=m
CONFIG_QCOM_RMTFS_MEM=m
CONFIG_QCOM_RPMH=y
diff --git a/drivers/remoteproc/Kconfig b/drivers/remoteproc/Kconfig
index 48845dc8fa8..5f503f9c99c 100644
--- a/drivers/remoteproc/Kconfig
+++ b/drivers/remoteproc/Kconfig
@@ -166,6 +166,7 @@ config QCOM_PIL_INFO
config QCOM_RPROC_COMMON
tristate
+ default y
config QCOM_Q6V5_COMMON
tristate

View file

@ -0,0 +1,213 @@
{ pkgs
, lib
, config
, inputs
, ...
}:
let
cfg = config.phone;
in
{
imports = [
"${inputs.mobile-nixos}/modules/quirks/qualcomm/sdm845-modem.nix"
"${inputs.mobile-nixos}/modules/quirks/audio.nix"
];
options.phone = {
adb.enable = lib.mkEnableOption "adb";
rndis.enable = lib.mkEnableOption "rndis" // {
default = true;
};
buffyboard.enable = lib.mkOption {
type = lib.types.bool;
default = true;
};
};
config = lib.mkMerge [
{
hardware.enableRedistributableFirmware = true;
mobile.quirks.qualcomm.sdm845-modem.enable = true;
mobile.quirks.audio.alsa-ucm-meld = true;
environment.systemPackages = [ pkgs.alsa-ucm-conf-enchilada ];
systemd.services.q6voiced = {
description = "QDSP6 driver daemon";
after = [ "ModemManager.service" "dbus.socket" ];
wantedBy = [ "ModemManager.service" ];
requires = [ "dbus.socket" ];
serviceConfig.ExecStart = "${pkgs.q6voiced}/bin/q6voiced hw:0,6";
};
environment.etc."wireplumber/main.lua.d/51-qcom-sdm845.lua".source = pkgs.fetchurl {
url = "https://gitlab.com/postmarketOS/pmaports/-/raw/0aa9524204e9c9c002c860b87c972bc2ebf025f3/device/community/soc-qcom-sdm845/51-qcom-sdm845.lua";
hash = "sha256-56oNJJyuZZe1Iig1xskDuyazw3PbRZtmU/YRFUTqjwk=";
};
networking.modemmanager.enable = !config.networking.networkmanager.enable;
services.udev.extraRules = ''
SUBSYSTEM=="input", KERNEL=="event*", ENV{ID_INPUT}=="1", SUBSYSTEMS=="input", ATTRS{name}=="spmi_haptics", TAG+="uaccess", ENV{FEEDBACKD_TYPE}="vibra"
SUBSYSTEM=="misc", KERNEL=="fastrpc-*", ENV{ACCEL_MOUNT_MATRIX}+="-1, 0, 0; 0, -1, 0; 0, 0, -1"
'';
services.upower = {
enable = true;
percentageLow = 10;
percentageCritical = 5;
percentageAction = 3;
criticalPowerAction = "PowerOff";
};
hardware.firmware = lib.mkAfter [ pkgs.firmware-oneplus-sdm845 ];
boot.kernelPackages = lib.mkForce (pkgs.linuxPackagesFor pkgs.linux_enchilada_ccache);
hardware.deviceTree.enable = true;
hardware.deviceTree.name = "qcom/sdm845-oneplus-enchilada.dtb";
boot.kernelParams = [
"console=ttyMSM0,115200"
"console=tty0"
"dtb=/${config.hardware.deviceTree.name}"
];
boot.loader.systemd-boot.extraFiles.${config.hardware.deviceTree.name} = "${config.hardware.deviceTree.package}/${config.hardware.deviceTree.name}";
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
"firmware-oneplus-sdm845"
"firmware-oneplus-sdm845-xz"
];
system.build.uboot = pkgs.ubootImageEnchilada;
boot.initrd.includeDefaultModules = false;
boot.initrd.availableKernelModules = [
"sd_mod"
"usbhid"
"ehci_hcd" "ohci_hcd" "xhci_hcd" "uhci_hcd"
"ehci_pci" "ohci_pci" "xhci_pci"
"hid_generic" "hid_lenovo" "hid_apple" "hid_roccat"
"hid_logitech_hidpp" "hid_logitech_dj" "hid_microsoft" "hid_cherry"
];
boot.initrd.kernelModules = [
"i2c_qcom_geni"
"rmi_core"
"rmi_i2c"
"qcom_spmi_haptics"
"dm_mod"
];
}
(lib.mkIf cfg.buffyboard.enable {
boot.initrd.kernelModules = [ "uinput" "evdev" ];
boot.initrd.extraUtilsCommands = ''
copy_bin_and_libs ${pkgs.buffyboard}/bin/buffyboard
cp -a ${pkgs.libinput.out}/share $out/
'';
boot.initrd.extraUdevRulesCommands = ''
cp -v ${config.systemd.package}/lib/udev/rules.d/60-input-id.rules $out/
cp -v ${config.systemd.package}/lib/udev/rules.d/60-persistent-input.rules $out/
cp -v ${config.systemd.package}/lib/udev/rules.d/70-touchpad.rules $out/
'';
boot.initrd.preLVMCommands = ''
mkdir -p /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.libinput.name}/
ln -s "$(dirname "$(dirname "$(which buffyboard)")")"/share /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.libinput.name}/
buffyboard 2>/dev/null &
'';
boot.initrd.postMountCommands = ''
pkill -x buffyboard
'';
services.getty.extraArgs = [ "--skip-login" ];
services.getty.loginProgram = let
lockfile = "/tmp/buffyboard-lock.lock";
in pkgs.writeShellScript "login-with-buffyboard-once" ''
if [ ! -f '${lockfile}' ]; then
${pkgs.coreutils}/bin/touch '${lockfile}'
${pkgs.buffyboard}/bin/buffyboard 2>/dev/null &
fi
exec ${pkgs.shadow}/bin/login -f user
'';
})
(lib.mkIf cfg.rndis.enable {
boot.initrd.kernelModules = [ "configfs" "libcomposite" ];
boot.specialFileSystems = {
"/sys/kernel/config" = {
device = "configfs";
fsType = "configfs";
options = [ "nosuid" "noexec" "nodev" ];
};
};
boot.initrd.preLVMCommands = ''
mkdir -p /sys/kernel/config/usb_gadget/g1/strings/0x409
cd /sys/kernel/config/usb_gadget/g1
echo 0x18D1 > idVendor
echo 0xD001 > idProduct
echo oneplus-enchilada > strings/0x409/product
echo NixOS > strings/0x409/manufacturer
echo 0123456789 > strings/0x409/serialnumber
mkdir -p configs/c.1/strings/0x409
echo "USB network" > configs/c.1/strings/0x409/configuration
mkdir -p functions/ncm.usb0 || mkdir -p functions/rndis.usb0
ln -s functions/ncm.usb0 configs/c.1/ || ln -s functions/rndis.usb0 configs/c.1/
ls /sys/class/udc/ | head -n1 > UDC
cd /
ifconfig rndis0 172.16.42.1 || ifconfig usb0 172.16.42.1 || ifconfig eth0 172.16.42.1
'';
boot.initrd.network.enable = true;
boot.initrd.network.udhcpc.enable = false;
boot.initrd.network.ssh = {
enable = true;
port = 22;
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
hostKeys = [ "/secrets/initrd/ssh_host_ed25519_key" "/secrets/initrd/ssh_host_rsa_key" ];
};
})
(lib.mkIf cfg.adb.enable {
boot.initrd.kernelModules = [ "configfs" "libcomposite" "g_ffs" ];
boot.specialFileSystems = {
"/sys/kernel/config" = {
device = "configfs";
fsType = "configfs";
options = [ "nosuid" "noexec" "nodev" ];
};
};
boot.initrd.extraUtilsCommands = ''
copy_bin_and_libs ${pkgs.adbd}/bin/adbd
cp -pv ${pkgs.glibc.out}/lib/libnss_files.so.* $out/lib
'';
boot.initrd.preLVMCommands = ''
mkdir -p /sys/kernel/config/usb_gadget/g1/strings/0x409
cd /sys/kernel/config/usb_gadget/g1
echo 0x18D1 > idVendor
echo 0xD001 > idProduct
echo oneplus-enchilada > strings/0x409/product
echo NixOS > strings/0x409/manufacturer
echo 0123456789 > strings/0x409/serialnumber
mkdir -p configs/c.1/strings/0x409
echo adb > configs/c.1/strings/0x409/configuration
mkdir -p functions/ffs.adb
ln -s functions/ffs.adb configs/c.1/adb
mkdir -p /dev/usb-ffs/adb
mount -t functionfs adb /dev/usb-ffs/adb
adbd &
ls /sys/class/udc/ | head -n1 > UDC
cd /
'';
boot.initrd.postMountCommands = ''
pkill -x adbd
'';
systemd.services.adbd = {
description = "adb daemon";
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.adbd}/bin/adbd";
Restart = "always";
};
};
})
];
}

File diff suppressed because it is too large Load diff

View file

@ -0,0 +1,640 @@
{ pkgs
, pkgs'
, lib
, inputs
, ... }:
let
inherit (inputs) mobile-nixos;
mobile-pkgs = import "${mobile-nixos}/overlay/overlay.nix" pkgs' pkgs;
in {
inherit (mobile-pkgs) mkbootimg qrtr;
pd-mapper = pkgs'.callPackage "${mobile-nixos}/overlay/qrtr/pd-mapper.nix" { };
tqftpserv = pkgs'.callPackage "${mobile-nixos}/overlay/qrtr/tqftpserv.nix" { };
rmtfs = pkgs'.callPackage "${mobile-nixos}/overlay/qrtr/rmtfs.nix" {
inherit (mobile-pkgs) qmic;
};
adbd = pkgs'.callPackage "${mobile-nixos}/overlay/adbd" {
libhybris = pkgs'.callPackage "${mobile-nixos}/overlay/libhybris" {
inherit (mobile-pkgs) android-headers;
};
};
q6voiced = pkgs.stdenv.mkDerivation {
pname = "q6voiced";
version = "unstable-2022-07-08";
src = pkgs.fetchFromGitLab {
owner = "postmarketOS";
repo = "q6voiced";
rev = "736138bfc9f7b455a96679e2d67fd922a8f16464";
hash = "sha256-7k5saedIALHlsFHalStqzKrqAyFKx0ZN9FhLTdxAmf4=";
};
buildInputs = with pkgs; [ dbus tinyalsa ];
nativeBuildInputs = with pkgs; [ pkg-config ];
buildPhase = ''cc $(pkg-config --cflags --libs dbus-1) -ltinyalsa -o q6voiced q6voiced.c'';
installPhase = ''install -m555 -Dt "$out/bin" q6voiced'';
meta.license = lib.licenses.mit;
};
alsa-ucm-conf-enchilada = pkgs.stdenvNoCC.mkDerivation {
pname = "alsa-ucm-conf-enchilada";
version = "unstable-2022-12-08";
src = pkgs.fetchFromGitLab {
owner = "sdm845-mainline";
repo = "alsa-ucm-conf";
rev = "9ed12836b269764c4a853411d38ccb6abb70b383";
hash = "sha256-QvGZGLEmqE+sZpd15fHb+9+MmoD5zoGT+pYqyWZLdkM=";
};
installPhase = ''
substituteInPlace ucm2/lib/card-init.conf --replace '"/bin' '"/run/current-system/sw/bin'
mkdir -p "$out"/share/alsa/ucm2/{OnePlus,conf.d/sdm845,lib}
mv ucm2/lib/card-init.conf "$out/share/alsa/ucm2/lib/"
mv ucm2/OnePlus/enchilada "$out/share/alsa/ucm2/OnePlus/"
ln -s ../../OnePlus/enchilada/enchilada.conf "$out/share/alsa/ucm2/conf.d/sdm845/OnePlus 6.conf"
'';
# to overwrite card-init.conf
meta.priority = -10;
};
ubootEnchilada = pkgs.buildUBoot {
defconfig = "qcom_defconfig";
version = "unstable-2023-12-11";
src = pkgs.fetchFromGitLab {
owner = "sdm845-mainline";
repo = "u-boot";
rev = "977b9279c610b862f9ef84fb3addbebb7c42166a";
hash = "sha256-ksI7qxozIjJ5E8uAJkX8ZuaaOHdv76XOzITaA8Vp/QA=";
};
makeFlags = [ "DEVICE_TREE=sdm845-oneplus-enchilada" ];
extraConfig = ''
CONFIG_BOOTDELAY=5
'';
extraMeta.platforms = [ "aarch64-linux" ];
patches = [ ];
filesToInstall = [ "u-boot-nodtb.bin" "u-boot-dtb.bin" "u-boot.dtb" ];
};
ubootImageEnchilada = pkgs.stdenvNoCC.mkDerivation {
name = "u-boot-enchilada.img";
nativeBuildInputs = [
# available from mobile-nixos's overlay
pkgs'.mkbootimg
pkgs'.gzip
];
src = pkgs'.ubootEnchilada;
dontBuild = true;
dontFixup = true;
installPhase = ''
gzip u-boot-nodtb.bin
cat u-boot.dtb >> u-boot-nodtb.bin.gz
mkbootimg \
--base 0x0 \
--kernel_offset 0x8000 \
--ramdisk_offset 0x01000000 \
--tags_offset 0x100 \
--pagesize 4096 \
--kernel u-boot-nodtb.bin.gz \
-o "$out"
'';
};
firmware-oneplus-sdm845 = pkgs.stdenvNoCC.mkDerivation {
name = "firmware-oneplus-sdm845";
src = pkgs.fetchFromGitLab {
owner = "sdm845-mainline";
repo = "firmware-oneplus-sdm845";
rev = "dc9c77f220d104d7224c03fcbfc419a03a58765e";
hash = "sha256-jrbWIS4T9HgBPYOV2MqPiRQCxGMDEfQidKw9Jn5pgBI=";
};
installPhase = ''
cp -a . "$out"
cd "$out/lib/firmware/postmarketos"
find . -type f,l | xargs -i bash -c 'mkdir -p "$(dirname "../$1")" && mv "$1" "../$1"' -- {}
cd "$out/usr"
find . -type f,l | xargs -i bash -c 'mkdir -p "$(dirname "../$1")" && mv "$1" "../$1"' -- {}
cd ..
find "$out/lib/firmware/postmarketos" "$out/usr" | tac | xargs rmdir
'';
dontStrip = true;
# not actually redistributable, but who cares
meta.license = lib.licenses.unfreeRedistributableFirmware;
};
linux_enchilada = pkgs.linux_testing.override {
argsOverride.version = "6.7-rc3";
argsOverride.modDirVersion = lib.versions.pad 3 "6.7-rc3";
# TODO: uncomment
# ignoreConfigErrors = false;
kernelPatches = [
{
name = "linux_6_7";
patch = ./linux_6_7.patch;
}
{
name = "config_fixes";
patch = ./config_fixes.patch;
}
];
postPatch = ''
substituteInPlace arch/arm64/configs/defconfig \
--replace CONFIG_QCOM_LLCC=m CONFIG_QCOM_LLCC=y \
--replace CONFIG_QCOM_OCMEM=m CONFIG_QCOM_OCMEM=y
'';
stdenv = lib.recursiveUpdate pkgs.stdenv {
hostPlatform.linux-kernel.extraConfig = "";
};
structuredExtraConfig = with lib.kernel; {
# fix build
LENOVO_YOGA_C630_EC = no;
RPMSG_QCOM_GLINK_SMEM = yes;
# useless lines, remove on update
DM_MIRROR = no;
DM_ZERO = no;
# for adb and stuff (doesn't have to be built-in, but it's easier that way)
USB_FUNCTIONFS = yes;
USB_LIBCOMPOSITE = yes;
USB_F_ACM = yes;
USB_U_SERIAL = yes;
USB_U_ETHER = yes;
USB_F_SERIAL = yes;
USB_F_OBEX = yes;
USB_F_NCM = yes;
USB_F_ECM = yes;
USB_F_EEM = yes;
USB_F_SUBSET = yes;
USB_F_RNDIS = yes;
USB_F_MASS_STORAGE = yes;
USB_F_FS = yes;
USB_F_HID = yes;
USB_CONFIGFS = yes;
USB_CONFIGFS_F_HID = yes;
# adapted from https://gitlab.com/sdm845-mainline/linux/-/blob/caf9d678d34f70173bf236584dfb819164283833/arch/arm64/configs/sdm845.config
# enchilada-specific
DRM_PANEL_SAMSUNG_SOFEF00 = yes;
BATTERY_BQ27XXX = module;
HID_RMI = module;
RMI4_CORE = module;
RMI4_I2C = module;
RMI4_F55 = yes;
# common sdm845
HIBERNATION = lib.mkForce no;
QCOM_RPROC_COMMON = yes;
FORCE_NR_CPUS = yes;
NR_CPUS = lib.mkForce (freeform "8");
SCSI_UFS_QCOM = yes;
QCOM_GSBI = yes;
QCOM_LLCC = yes;
QCOM_OCMEM = yes;
QCOM_RMTFS_MEM = yes;
QCOM_SOCINFO = yes;
QCOM_WCNSS_CTRL = yes;
QCOM_APR = yes;
POWER_RESET_QCOM_PON = yes;
QCOM_SPMI_TEMP_ALARM = yes;
QCOM_LMH = yes;
SCHED_CLUSTER = yes;
SND_SOC_QDSP6_Q6VOICE = module;
SCSI_UFS_BSG = yes;
PHY_QCOM_QMP_PCIE = yes;
BACKLIGHT_CLASS_DEVICE = yes;
INTERCONNECT_QCOM_OSM_L3 = yes;
LEDS_TRIGGER_PATTERN = yes;
LEDS_CLASS_MULTICOLOR = module;
LEDS_QCOM_LPG = module;
LEDS_QCOM_FLASH = module;
SLIMBUS = yes;
SLIM_QCOM_CTRL = yes;
SLIM_QCOM_NGD_CTRL = yes;
REMOTEPROC_CDEV = yes;
BATTERY_QCOM_FG = module;
CHARGER_QCOM_SMB2 = module;
QCOM_SPMI_RRADC = module;
DRM = yes;
DRM_MSM = yes;
REGULATOR_QCOM_LABIBB = yes;
BACKLIGHT_QCOM_WLED = yes;
INPUT_QCOM_SPMI_HAPTICS = module;
PM_AUTOSLEEP = yes;
SCSI_SCAN_ASYNC = yes;
DMABUF_HEAPS = yes;
UDMABUF = yes;
DMABUF_HEAPS_CMA = yes;
DMABUF_HEAPS_SYSTEM = yes;
HZ_1000 = yes;
RPMSG_CHAR = yes;
QCOM_Q6V5_ADSP = module;
BT_RFCOMM = yes;
BT_RFCOMM_TTY = yes;
BT_BNEP = yes;
BT_BNEP_MC_FILTER = yes;
BT_BNEP_PROTO_FILTER = yes;
BT_HS = yes;
BT_LE = yes;
QCOM_COINCELL = module;
QCOM_FASTRPC = module;
QCOM_SPMI_VADC = yes;
QCOM_SPMI_ADC5 = yes;
PHY_QCOM_QMP = yes;
PHY_QCOM_QUSB2 = yes;
PHY_QCOM_QMP_UFS = yes;
TYPEC = yes;
PHY_QCOM_QMP_COMBO = yes;
LEDS_CLASS_FLASH = yes;
TCP_CONG_WESTWOOD = yes;
DEFAULT_WESTWOOD = yes;
BLK_DEV_RAM = yes;
BLK_DEV_RAM_SIZE = freeform "8192";
CPU_FREQ_GOV_POWERSAVE = yes;
SYN_COOKIES = yes;
INPUT_UINPUT = module;
U_SERIAL_CONSOLE = yes;
USB_ANNOUNCE_NEW_DEVICES = yes;
BLK_INLINE_ENCRYPTION = yes;
PHY_QCOM_SNPS_EUSB2 = module;
MFD_QCOM_RPM = yes;
USB_DWC3_ULPI = yes;
SCSI_UFS_CRYPTO = yes;
PHY_QCOM_USB_HS = yes;
PHY_QCOM_USB_SNPS_FEMTO_V2 = yes;
INTERCONNECT_QCOM_SM6115 = yes;
SM_DISPCC_6115 = yes;
FS_ENCRYPTION_INLINE_CRYPT = yes;
CRYPTO_USER_API_AEAD = yes;
CRYPTO_DEV_QCE = yes;
DMA_CMA = yes;
SM_GPUCC_6115 = yes;
USB_ONBOARD_HUB = no; # breaks USB on qualcomm rb2... which i don't need, but i guess this won't hurt either way
INTERCONNECT_QCOM_QCM2290 = yes;
BRIDGE_NETFILTER = module;
# CONFIG END (essentially)
# the rest of the config is just disabling unneeded stuff, feel free to ignore this
ARCH_SPARX5 = no;
ARCH_MA35 = no;
ARCH_REALTEK = no;
ARCH_STM32 = no;
BLK_DEV_NVME = no;
ATA = no;
MTD = no;
SRAM = no;
MEGARAID_SAS = no;
EEPROM_AT25 = no;
USB_DWC2 = no;
USB_CHIPIDEA = no;
USB_MUSB_HDRC = no;
USB_ISP1760 = no;
USB_HSIC_USB3503 = no;
USB_NET_PLUSB = no;
TYPEC_FUSB302 = no;
EXTCON_PTN5150 = no;
NET_VENDOR_NI = no;
NET_9P = no;
CAN = no;
BNX2X = no;
MACB = no;
IGB = no;
IGBVF = no;
SMC91X = no;
MLX4_EN = no;
MLX5_CORE = no;
STMMAC_ETH = no;
ATL1C = no;
BRCMFMAC = no;
WL18XX = no;
ATH10K_PCI = no;
NET_SCH_CBS = no;
NET_SCH_ETF = no;
NET_SCH_TAPRIO = no;
NET_SCH_MQPRIO = no;
NET_CLS_BASIC = no;
NET_CLS_FLOWER = no;
NET_CLS_ACT = no;
MDIO_BUS_MUX_MMIOREG = no;
MDIO_BUS_MUX_MULTIPLEXER = no;
SND_SOC_ES7134 = no;
SND_SOC_ES7241 = no;
SND_SOC_TAS571X = no;
SND_SOC_SIMPLE_AMPLIFIER = no;
GPIO_DWAPB = no;
COMMON_CLK_XGENE = no;
SENSORS_ARM_SCPI = no;
TCG_TPM = no;
BATTERY_SBS = no;
REGULATOR_VCTRL = no;
CAVIUM_ERRATUM_22375 = no;
CAVIUM_ERRATUM_23154 = no;
CAVIUM_ERRATUM_27456 = no;
CAVIUM_ERRATUM_30115 = no;
CAVIUM_TX2_ERRATUM_219 = no;
EEPROM_AT24 = no;
NET_DSA = no;
AQUANTIA_PHY = no;
MICROSEMI_PHY = no;
VITESSE_PHY = no;
I2C_MUX_PCA954x = no;
SND_SOC_PCM3168A_I2C = no;
SENSORS_LM90 = no;
SENSORS_INA2XX = no;
RTC_DRV_DS3232 = no;
GPIO_MAX732X = no;
SENSORS_ISL29018 = no;
MPL3115 = no;
MFD_ROHM_BD718XX = no;
ARM_SBSA_WATCHDOG = no;
ARM_SMC_WATCHDOG = no;
REGULATOR_PCA9450 = no;
REGULATOR_PFUZE100 = no;
DRM_PANEL_ABT_Y030XX067A = no;
DRM_PANEL_ARM_VERSATILE = no;
DRM_PANEL_ASUS_Z00T_TM5P5_NT35596 = no;
DRM_PANEL_AUO_A030JTN01 = no;
DRM_PANEL_BOE_BF060Y8M_AJ0 = no;
DRM_PANEL_BOE_HIMAX8279D = no;
DRM_PANEL_ELIDA_KD35T133 = no;
DRM_PANEL_FEIXIN_K101_IM2BA02 = no;
DRM_PANEL_FEIYANG_FY07024DI26A30D = no;
DRM_PANEL_HIMAX_HX8394 = no;
DRM_PANEL_ILITEK_IL9322 = no;
DRM_PANEL_ILITEK_ILI9341 = no;
DRM_PANEL_ILITEK_ILI9881C = no;
DRM_PANEL_ILITEK_ILI9882T = no;
DRM_PANEL_INNOLUX_EJ030NA = no;
DRM_PANEL_INNOLUX_P079ZCA = no;
DRM_PANEL_JADARD_JD9365DA_H3 = no;
DRM_PANEL_JDI_LPM102A188A = no;
DRM_PANEL_JDI_LT070ME05000 = no;
DRM_PANEL_JDI_R63452 = no;
DRM_PANEL_KHADAS_TS050 = no;
DRM_PANEL_KINGDISPLAY_KD097D04 = no;
DRM_PANEL_LEADTEK_LTK050H3146W = no;
DRM_PANEL_LEADTEK_LTK500HD1829 = no;
DRM_PANEL_LG_LB035Q02 = no;
DRM_PANEL_LG_LG4573 = no;
DRM_PANEL_MAGNACHIP_D53E6EA8966 = no;
DRM_PANEL_NEC_NL8048HL11 = no;
DRM_PANEL_NEWVISION_NV3051D = no;
DRM_PANEL_NEWVISION_NV3052C = no;
DRM_PANEL_NOVATEK_NT35510 = no;
DRM_PANEL_NOVATEK_NT35560 = no;
DRM_PANEL_NOVATEK_NT35950 = no;
DRM_PANEL_NOVATEK_NT36523 = no;
DRM_PANEL_NOVATEK_NT39016 = no;
DRM_PANEL_OLIMEX_LCD_OLINUXINO = no;
DRM_PANEL_ORISETECH_OTA5601A = no;
DRM_PANEL_ORISETECH_OTM8009A = no;
DRM_PANEL_OSD_OSD101T2587_53TS = no;
DRM_PANEL_PANASONIC_VVX10F034N00 = no;
DRM_PANEL_RASPBERRYPI_TOUCHSCREEN = no;
DRM_PANEL_RAYDIUM_RM67191 = no;
DRM_PANEL_RAYDIUM_RM68200 = no;
DRM_PANEL_RAYDIUM_RM692E5 = no;
DRM_PANEL_RONBO_RB070D30 = no;
DRM_PANEL_SAMSUNG_ATNA33XC20 = no;
DRM_PANEL_SAMSUNG_DB7430 = no;
DRM_PANEL_SAMSUNG_LD9040 = no;
DRM_PANEL_SAMSUNG_S6D16D0 = no;
DRM_PANEL_SAMSUNG_S6D27A1 = no;
DRM_PANEL_SAMSUNG_S6D7AA0 = no;
DRM_PANEL_SAMSUNG_S6E3HA2 = no;
DRM_PANEL_SAMSUNG_S6E63J0X03 = no;
DRM_PANEL_SAMSUNG_S6E63M0 = no;
DRM_PANEL_SAMSUNG_S6E88A0_AMS452EF01 = no;
DRM_PANEL_SAMSUNG_S6E8AA0 = no;
DRM_PANEL_SEIKO_43WVF1G = no;
DRM_PANEL_SHARP_LQ101R1SX01 = no;
DRM_PANEL_SHARP_LS037V7DW01 = no;
DRM_PANEL_SHARP_LS043T1LE01 = no;
DRM_PANEL_SHARP_LS060T1SX01 = no;
DRM_PANEL_SITRONIX_ST7701 = no;
DRM_PANEL_SITRONIX_ST7703 = no;
DRM_PANEL_SITRONIX_ST7789V = no;
DRM_PANEL_SONY_ACX565AKM = no;
DRM_PANEL_SONY_TD4353_JDI = no;
DRM_PANEL_SONY_TULIP_TRULY_NT35521 = no;
DRM_PANEL_STARTEK_KD070FHFID015 = no;
DRM_PANEL_TDO_TL070WSH30 = no;
DRM_PANEL_TPO_TD028TTEC1 = no;
DRM_PANEL_TPO_TD043MTEA1 = no;
DRM_PANEL_TPO_TPG110 = no;
DRM_PANEL_VISIONOX_R66451 = no;
DRM_PANEL_VISIONOX_RM69299 = no;
DRM_PANEL_WIDECHIPS_WS2401 = no;
DRM_PANEL_XINPENG_XPP055C272 = no;
DRM_NWL_MIPI_DSI = no;
SND_SOC_FSL_SAI = no;
SND_SOC_FSL_ASRC = no;
SND_SOC_FSL_MICFIL = no;
SND_SOC_FSL_AUDMIX = no;
SND_SOC_FSL_SPDIF = no;
SND_SOC_WM8904 = no;
RTC_DRV_RV8803 = no;
RTC_DRV_DS1307 = no;
RTC_DRV_PCF85363 = no;
RTC_DRV_PCF2127 = no;
FUJITSU_ERRATUM_010001 = no;
PCI_PASID = no;
UACCE = no;
SPI_CADENCE_QUADSPI = no;
DW_WATCHDOG = no;
NOP_USB_XCEIV = no;
SURFACE_PLATFORMS = no;
GPIO_PCA953X = no;
BACKLIGHT_LP855X = no;
MFD_MAX77620 = no;
SENSORS_PWM_FAN = no;
SENSORS_INA3221 = no;
REGULATOR_MAX8973 = no;
USB_CONN_GPIO = no;
MFD_BD9571MWV = no;
DRM_PANEL_LVDS = no;
COMMON_CLK_VC5 = no;
CRYPTO_DEV_CCREE = no;
VIDEO_IMX219 = no;
VIDEO_OV5645 = no;
SND_SOC_AK4613 = no;
SND_SIMPLE_CARD = no;
SND_AUDIO_GRAPH_CARD = no;
TYPEC_HD3SS3220 = no;
RTC_DRV_RX8581 = no;
COMMON_CLK_CS2000_CP = no;
KEYBOARD_ADC = no;
REGULATOR_FAN53555 = no;
TOUCHSCREEN_ATMEL_MXT = no;
RTC_DRV_HYM8563 = no;
MFD_SEC_CORE = no;
PL330_DMA = no;
GPIO_MB86S7X = no;
MMC_SDHCI_F_SDH30 = no;
MMC_SDHCI_CADENCE = no;
SOCIONEXT_SYNQUACER_PREITS = no;
NET_VENDOR_SOCIONEXT = no;
ARCH_ACTIONS = no;
ARCH_SUNXI = no;
ARCH_ALPINE = no;
ARCH_APPLE = no;
ARCH_BERLIN = no;
ARCH_EXYNOS = no;
ARCH_K3 = no;
ARCH_LG1K = no;
ARCH_HISI = no;
ARCH_KEEMBAY = no;
ARCH_MEDIATEK = no;
ARCH_MESON = no;
ARCH_MVEBU = no;
ARCH_RENESAS = no;
ARCH_ROCKCHIP = no;
ARCH_SEATTLE = no;
ARCH_INTEL_SOCFPGA = no;
ARCH_SYNQUACER = no;
ARCH_TEGRA = no;
ARCH_SPRD = no;
ARCH_THUNDER = no;
ARCH_THUNDER2 = no;
ARCH_UNIPHIER = no;
ARCH_VEXPRESS = no;
ARCH_VISCONTI = no;
ARCH_XGENE = no;
ARCH_ZYNQMP = no;
PCI_XGENE = no;
PCIE_ALTERA = no;
PCI_HOST_THUNDER_PEM = no;
PCI_HOST_THUNDER_ECAM = no;
PCI_HISI = no;
PCIE_KIRIN = no;
SERIAL_XILINX_PS_UART = no;
SERIAL_FSL_LPUART = no;
SERIAL_FSL_LINFLEXUART = no;
I2C_RK3X = no;
SPI_PL022 = no;
GPIO_ALTERA = no;
GPIO_PL061 = no;
GPIO_XGENE = no;
POWER_RESET_XGENE = no;
POWER_RESET_SYSCON = no;
GNSS_MTK_SERIAL = no;
ARM_SP805_WATCHDOG = no;
MFD_AXP20X_I2C = no;
MFD_HI6421_PMIC = no;
MFD_MT6397 = no;
REGULATOR_RK808 = no;
REGULATOR_TPS65132 = no;
MEDIA_ANALOG_TV_SUPPORT = lib.mkForce no;
MEDIA_DIGITAL_TV_SUPPORT = lib.mkForce no;
MEDIA_SDR_SUPPORT = no;
DRM_AMDGPU = no;
DRM_ETNAVIV = no;
DRM_HISI_KIRIN = no;
DRM_NOUVEAU = no;
SND_SOC_GTM601 = no;
SND_SOC_RT5659 = no;
SND_SOC_WM8960 = no;
SND_SOC_WM8962 = no;
USB_XHCI_PCI_RENESAS = no;
MMC_SDHCI_OF_ARASAN = no;
MMC_DW_EXYNOS = no;
MMC_DW_HI3798CV200 = no;
MMC_DW_K3 = no;
MMC_MTK = no;
MMC_SDHCI_XENON = no;
MMC_SDHCI_AM654 = no;
RTC_DRV_MAX77686 = no;
RTC_DRV_RK808 = no;
RTC_DRV_M41T80 = no;
RTC_DRV_RV3028 = no;
RTC_DRV_PL031 = no;
COMMON_CLK_RK808 = no;
FSL_RCPM = no;
HISI_PMU = no;
INTERCONNECT_QCOM_MSM8996 = no;
INTERCONNECT_QCOM_QCS404 = no;
INTERCONNECT_QCOM_SC7180 = no;
INTERCONNECT_QCOM_SM8150 = no;
INTERCONNECT_QCOM_SM8350 = no;
INTERCONNECT_QCOM_SM8450 = no;
INTERCONNECT_QCOM_SM8550 = no;
INTERCONNECT_QCOM_SC8280XP = no;
ARCH_NPCM = no;
PINCTRL_SC8280XP = no;
BCM_SBA_RAID = no;
SENSORS_GPIO_FAN = no;
ARCH_BCM = no;
ARCH_NXP = no;
NET_VENDOR_ADI = no;
PINCTRL_SC8180X = no;
SND_SOC_SC7180 = no;
SND_SOC_SC7280 = no;
SND_SOC_WCD938X_SDW = no;
MMC_SDHCI_OF_DWCMSHC = no;
SC_GCC_8180X = no;
IOMMU_IO_PGTABLE_DART = no;
INTERCONNECT_QCOM_SC8180X = no;
MEMORY_HOTPLUG = lib.mkForce no;
MELLANOX_PLATFORM = no;
CHROME_PLATFORMS = lib.mkForce no;
PINCTRL_SM8150 = no;
SM_GCC_8150 = no;
SM_VIDEOCC_8150 = no;
SM_GPUCC_8150 = no;
SM_GPUCC_8350 = no;
SM_VIDEOCC_8350 = no;
PINCTRL_SM8350 = no;
SM_GCC_8350 = no;
SM_DISPCC_8450 = no;
PINCTRL_SM8550 = no;
PINCTRL_SM8550_LPASS_LPI = no;
SM_DISPCC_8550 = no;
SM_TCSRCC_8550 = no;
# keys that are unused in this case
# (builtin aarch64-linux config is unused too, but i cant disable it)
ACPI_HOTPLUG_MEMORY.tristate = lib.mkForce null; BCM2835_MBOX.tristate = lib.mkForce null; BCM2835_WDT.tristate = lib.mkForce null;
CHROMEOS_TBMC.tristate = lib.mkForce null; CROS_EC.tristate = lib.mkForce null; CROS_EC_I2C.tristate = lib.mkForce null;
CROS_EC_SPI.tristate = lib.mkForce null; CROS_KBD_LED_BACKLIGHT.tristate = lib.mkForce null;
FSL_MC_UAPI_SUPPORT.tristate = lib.mkForce null; MEDIA_ATTACH.tristate = lib.mkForce null;
MEMORY_HOTREMOVE.tristate = lib.mkForce null; MTD_COMPLEX_MAPPINGS.tristate = lib.mkForce null; NET_ACT_BPF.tristate = lib.mkForce null;
PCI_TEGRA.tristate = lib.mkForce null; RASPBERRYPI_FIRMWARE.tristate = lib.mkForce null; RASPBERRYPI_POWER.tristate = lib.mkForce null;
SCSI_SAS_ATA.tristate = lib.mkForce null; SUN8I_DE2_CCU.tristate = lib.mkForce null;
TCG_TIS_SPI_CR50.tristate = lib.mkForce null; USB_XHCI_TEGRA = lib.mkForce no; ZONE_DEVICE.tristate = lib.mkForce null;
"9P_FSCACHE".tristate = lib.mkForce null; CROS_EC_ISHTP.tristate = lib.mkForce null; CROS_EC_LPC.tristate = lib.mkForce null;
DRM_AMDGPU_CIK.tristate = lib.mkForce null; DRM_AMDGPU_SI.tristate = lib.mkForce null; DRM_AMDGPU_USERPTR.tristate = lib.mkForce null;
DRM_AMD_DC_FP.tristate = lib.mkForce null; DRM_AMD_DC_SI.tristate = lib.mkForce null; DRM_DP_AUX_CHARDEV.tristate = lib.mkForce null;
DRM_FBDEV_EMULATION.tristate = lib.mkForce null; DRM_GMA500.tristate = lib.mkForce null; DRM_LEGACY.tristate = lib.mkForce null;
DRM_LOAD_EDID_FIRMWARE.tristate = lib.mkForce null; DRM_VBOXVIDEO.tristate = lib.mkForce null;
DRM_VC4_HDMI_CEC.tristate = lib.mkForce null; FB_3DFX_ACCEL.tristate = lib.mkForce null; FB_ATY_CT.tristate = lib.mkForce null;
FB_ATY_GX.tristate = lib.mkForce null; FB_EFI.tristate = lib.mkForce null; FB_NVIDIA_I2C.tristate = lib.mkForce null;
FB_RIVA_I2C.tristate = lib.mkForce null; FB_SAVAGE_ACCEL.tristate = lib.mkForce null; FB_SAVAGE_I2C.tristate = lib.mkForce null;
FB_SIS_300.tristate = lib.mkForce null; FB_SIS_315.tristate = lib.mkForce null;
FB_VESA.tristate = lib.mkForce null; FONTS.tristate = lib.mkForce null; FONT_8x8.tristate = lib.mkForce null;
FONT_TER16x32.tristate = lib.mkForce null; FRAMEBUFFER_CONSOLE.tristate = lib.mkForce null;
FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER.tristate = lib.mkForce null;
FRAMEBUFFER_CONSOLE_DETECT_PRIMARY.tristate = lib.mkForce null; FRAMEBUFFER_CONSOLE_ROTATION.tristate = lib.mkForce null;
HMM_MIRROR.tristate = lib.mkForce null; HSA_AMD.tristate = lib.mkForce null; HYPERVISOR_GUEST.tristate = lib.mkForce null;
INFINIBAND_IPOIB.tristate = lib.mkForce null; INFINIBAND_IPOIB_CM.tristate = lib.mkForce null;
IP_MROUTE_MULTIPLE_TABLES.tristate = lib.mkForce null; JOYSTICK_PSXPAD_SPI_FF.tristate = lib.mkForce null;
KERNEL_ZSTD.tristate = lib.mkForce null; KEYBOARD_APPLESPI.tristate = lib.mkForce null; KVM_ASYNC_PF.tristate = lib.mkForce null;
KVM_GENERIC_DIRTYLOG_READ_PROTECT.tristate = lib.mkForce null; KVM_GUEST.tristate = lib.mkForce null; KVM_MMIO.tristate = lib.mkForce null;
KVM_VFIO.tristate = lib.mkForce null; LOGO.tristate = lib.mkForce null; MICROCODE.tristate = lib.mkForce null;
MOUSE_PS2_VMMOUSE.tristate = lib.mkForce null; MTRR_SANITIZER.tristate = lib.mkForce null; NFS_FSCACHE.tristate = lib.mkForce null;
PINCTRL_BAYTRAIL.tristate = lib.mkForce null;
PINCTRL_CHERRYVIEW.tristate = lib.mkForce null; PM_ADVANCED_DEBUG.tristate = lib.mkForce null; PM_TRACE_RTC.tristate = lib.mkForce null;
SND_AC97_POWER_SAVE.tristate = lib.mkForce null; SND_DYNAMIC_MINORS.tristate = lib.mkForce null;
SND_HDA_INPUT_BEEP.tristate = lib.mkForce null; SND_HDA_PATCH_LOADER.tristate = lib.mkForce null;
SND_HDA_RECONFIG.tristate = lib.mkForce null; SND_OSSEMUL.tristate = lib.mkForce null; SND_USB_CAIAQ_INPUT.tristate = lib.mkForce null;
VFIO_PCI_VGA.tristate = lib.mkForce null; VGA_SWITCHEROO.tristate = lib.mkForce null; X86_AMD_PLATFORM_DEVICE.tristate = lib.mkForce null;
X86_CHECK_BIOS_CORRUPTION.tristate = lib.mkForce null; X86_MCE.tristate = lib.mkForce null;
X86_PLATFORM_DRIVERS_DELL.tristate = lib.mkForce null; X86_PLATFORM_DRIVERS_HP.tristate = lib.mkForce null;
JOYSTICK_XPAD_FF.tristate = lib.mkForce null; JOYSTICK_XPAD_LEDS.tristate = lib.mkForce null; KEXEC_JUMP.tristate = lib.mkForce null;
PERF_EVENTS_AMD_BRS.tristate = lib.mkForce null; HVC_XEN.tristate = lib.mkForce null; HVC_XEN_FRONTEND.tristate = lib.mkForce null;
PARAVIRT_SPINLOCKS.tristate = lib.mkForce null; PCI_XEN.tristate = lib.mkForce null; SWIOTLB_XEN.tristate = lib.mkForce null;
VBOXGUEST.tristate = lib.mkForce null; XEN_BACKEND.tristate = lib.mkForce null; XEN_BALLOON.tristate = lib.mkForce null;
XEN_BALLOON_MEMORY_HOTPLUG.tristate = lib.mkForce null; XEN_DOM0.tristate = lib.mkForce null; XEN_EFI.tristate = lib.mkForce null;
XEN_HAVE_PVMMU.tristate = lib.mkForce null; XEN_MCE_LOG.tristate = lib.mkForce null; XEN_PVH.tristate = lib.mkForce null;
XEN_PVHVM.tristate = lib.mkForce null; XEN_SAVE_RESTORE.tristate = lib.mkForce null; XEN_SYS_HYPERVISOR.tristate = lib.mkForce null;
};
};
linux_enchilada_ccache = pkgs'.buildLinuxWithCcache pkgs'.linux_enchilada;
}

View file

@ -1,11 +1,12 @@
{ lib { lib
, pkgs , pkgs
, config , config
, inputs
, ... }: , ... }:
/* /*
# for old kernel versions # for old kernel versions
zenKernels = pkgs.callPackage "${nixpkgs}/pkgs/os-specific/linux/kernel/zen-kernels.nix"; zenKernels = pkgs.callPackage "${pkgs.path}/pkgs/os-specific/linux/kernel/zen-kernels.nix";
zenKernel = (version: sha256: (zenKernels { zenKernel = (version: sha256: (zenKernels {
kernelPatches = [ kernelPatches = [
pkgs.linuxKernel.kernelPatches.bridge_stp_helper pkgs.linuxKernel.kernelPatches.bridge_stp_helper
@ -26,6 +27,8 @@
*/ */
{ {
imports = [ inputs.nix-gaming.nixosModules.pipewireLowLatency ];
system.stateVersion = "22.11"; system.stateVersion = "22.11";
### SECTION 1: HARDWARE/BOOT PARAMETERS ### ### SECTION 1: HARDWARE/BOOT PARAMETERS ###
@ -122,26 +125,15 @@
# users.groups.wireshark.members = [ config.common.mainUsername ]; # users.groups.wireshark.members = [ config.common.mainUsername ];
services.printing.enable = true; services.printing.enable = true;
services.printing.drivers = [ pkgs.hplip ]; services.printing.drivers = [ pkgs.hplip ];
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
# from nix-gaming # from nix-gaming
lowLatency = { services.pipewire.lowLatency = {
enable = true; enable = false;
# 96 is mostly fine but has some xruns # 96 is mostly fine but has some xruns
# 128 has xruns every now and then too, but is overall fine # 128 has xruns every now and then too
quantum = 128; quantum = 128;
rate = 48000; rate = 48000;
}; };
};
security.polkit.enable = true;
security.rtkit.enable = true;
services.dbus.enable = true;
programs.sway.enable = true; programs.sway.enable = true;
xdg.portal = { xdg.portal = {
enable = true; enable = true;

View file

@ -1,8 +1,8 @@
# WIP (I don't even have the phone yet)
{ pkgs { pkgs
, config , lib
, ... }: # , config
, ...
}:
{ {
system.stateVersion = "23.11"; system.stateVersion = "23.11";
@ -15,26 +15,12 @@
{ from = 1714; to = 1764; } { from = 1714; to = 1764; }
]; ];
networking.wireless.iwd.enable = true;
common.minimal = false; common.minimal = false;
services.pipewire = { programs.sway.enable = true;
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
security.polkit.enable = true;
security.rtkit.enable = true;
xdg.portal = { xdg.portal = {
enable = true; enable = true;
extraPortals = with pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-wlr ]; extraPortals = with pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-wlr ];
}; };
services.sshd.enable = true; services.sshd.enable = true;
users.users.${config.common.mainUsername}.extraGroups = [ "video" "feedbackd" "dialout" ]; # users.users.${config.common.mainUsername}.extraGroups = [ "video" "feedbackd" "dialout" ];
mobile.generatedFilesystems.rootfs = {
filesystem = "btrfs";
btrfs.partitionID = "44444444-4444-4444-8888-888888888888";
};
} }

View file

@ -31,6 +31,18 @@ in {
]; ];
listenAddress = netAddresses.lan4; listenAddress = netAddresses.lan4;
}; };
ping = {
enable = true;
listenAddress = netAddresses.lan4;
port = 9380;
config = {
type = "raw";
targets = [
"8.8.8.8"
{ target = "8.8.8.8"; netns = "wan"; }
];
};
};
}; };
router.interfaces.br0 = let router.interfaces.br0 = let
# all of this just to avoid logging commands... # all of this just to avoid logging commands...

View file

@ -134,13 +134,12 @@ in {
})}'')} })}'')}
real_ip_header CF-Connecting-IP; real_ip_header CF-Connecting-IP;
''; '';
# brotli and zstd requires recompilation so I don't enable it services.nginx.recommendedBrotliSettings = true;
# services.nginx.recommendedBrotliSettings = true;
# services.nginx.recommendedZstdSettings = true;
services.nginx.recommendedGzipSettings = true; services.nginx.recommendedGzipSettings = true;
services.nginx.recommendedOptimisation = true; services.nginx.recommendedOptimisation = true;
services.nginx.recommendedProxySettings = true; services.nginx.recommendedProxySettings = true;
services.nginx.recommendedTlsSettings = true; services.nginx.recommendedTlsSettings = true;
services.nginx.recommendedZstdSettings = true;
# BLOG # BLOG
services.nginx.virtualHosts.${cfg.domainName} = { services.nginx.virtualHosts.${cfg.domainName} = {

View file

@ -1,6 +1,7 @@
{ config { config
, lib , lib
, pkgs , pkgs
, inputs
, ... }: , ... }:
let let
@ -16,6 +17,8 @@ let
withQt5 = false; withQt5 = false;
}; };
in { in {
imports = [ inputs.coop-ofd.nixosModules.default ];
# a bunch of services for personal use not intended for the public # a bunch of services for personal use not intended for the public
# TODO: keycloakify this # TODO: keycloakify this
services.grafana = { services.grafana = {
@ -315,6 +318,7 @@ in {
"retracker.local:9101" "retracker.local:9101"
"retracker.local:9256" "retracker.local:9256"
"retracker.local:9167" "retracker.local:9167"
"retracker.local:9380"
]; ];
labels.machine = "router"; labels.machine = "router";
} ]; } ];

View file

@ -1,10 +1,13 @@
{ config { config
, pkgs , pkgs
, inputs
, ... }: , ... }:
let let
cfg = config.server; cfg = config.server;
in { in {
imports = [ inputs.nixos-mailserver.nixosModules.default ];
impermanence.directories = [ impermanence.directories = [
{ directory = config.mailserver.dkimKeyDirectory; user = "opendkim"; group = "opendkim"; mode = "0755"; } { directory = config.mailserver.dkimKeyDirectory; user = "opendkim"; group = "opendkim"; mode = "0755"; }
{ directory = config.mailserver.mailDirectory; user = "virtualMail"; group = "virtualMail"; mode = "0700"; } { directory = config.mailserver.mailDirectory; user = "virtualMail"; group = "virtualMail"; mode = "0700"; }

View file

@ -1,11 +1,14 @@
{ config { config
, lib , lib
, pkgs , pkgs
, inputs
, ... }: , ... }:
let let
cfg = config.server; cfg = config.server;
in { in {
imports = [ inputs.maubot.nixosModules.default ];
services.nginx.virtualHosts."matrix.${cfg.domainName}".locations = let services.nginx.virtualHosts."matrix.${cfg.domainName}".locations = let
inherit (config.services.maubot) settings; inherit (config.services.maubot) settings;
in { in {

View file

@ -1,11 +1,13 @@
{ lib { lib
, pkgs , pkgs
, config , config
, inputs
, ... }: , ... }:
let let
# force some defaults even if they were set with mkDefault already... # force some defaults even if they were set with mkDefault already...
mkForceDefault = lib.mkOverride 999; mkForceDefault = lib.mkOverride 999;
cfg = config.common;
in { in {
options.common = with lib; mkOption { options.common = with lib; mkOption {
type = types.submodule { type = types.submodule {
@ -34,9 +36,8 @@ in {
}; };
default = { }; default = { };
}; };
config = let config = lib.mkMerge [
cfg = config.common; {
in {
nix = { nix = {
# nix.channel.enable is needed for NIX_PATH to work for some reason # nix.channel.enable is needed for NIX_PATH to work for some reason
# channel.enable = false; # channel.enable = false;
@ -58,15 +59,35 @@ in {
options = "--delete-older-than 30d"; options = "--delete-older-than 30d";
}; };
package = pkgs.nixForNixPlugins; package = pkgs.nixForNixPlugins;
extraOptions = ''
plugin-files = ${pkgs.nix-plugins.override { nix = config.nix.package; }}/lib/nix/plugins/libnix-extra-builtins.so
'';
}; };
systemd.services.nix-daemon.serviceConfig.LimitSTACKSoft = "infinity"; systemd.services.nix-daemon.serviceConfig.LimitSTACKSoft = "infinity";
nix.daemonCPUSchedPolicy = lib.mkDefault "idle"; nix.daemonCPUSchedPolicy = lib.mkDefault "idle";
nix.daemonIOSchedClass = lib.mkDefault "idle"; nix.daemonIOSchedClass = lib.mkDefault "idle";
# registry is used for the new flaky nix command
nix.registry =
builtins.mapAttrs
(_: v: { flake = v; })
(lib.filterAttrs (_: v: v?outputs) inputs);
# add import'able flake inputs (like nixpkgs) to nix path
# nix path is used for old nix commands (like nix-build, nix-shell)
environment.etc = lib.mapAttrs'
(name: value: {
name = "nix/inputs/${name}";
value.source = value.outPath or "${value}";
})
(lib.filterAttrs (_: v: builtins.pathExists "${v}/default.nix") inputs);
nix.nixPath = [ "/etc/nix/inputs" ];
boot.kernelParams = lib.optionals (cfg.resolution != null) [ boot.kernelParams = lib.optionals (cfg.resolution != null) [
"consoleblank=60" "consoleblank=60"
] ++ (lib.optionals (cfg.resolution == "1920x1080") [ ] ++ lib.optionals (cfg.resolution == "1920x1080") [
"fbcon=font:TER16x32" "fbcon=font:TER16x32"
]); ];
console.font = console.font =
lib.mkIf (cfg.resolution == "1920x1080" || cfg.resolution == "1366x768") { lib.mkIf (cfg.resolution == "1920x1080" || cfg.resolution == "1366x768") {
"1920x1080" = "${pkgs.terminus_font}/share/consolefonts/ter-v32n.psf.gz"; "1920x1080" = "${pkgs.terminus_font}/share/consolefonts/ter-v32n.psf.gz";
@ -81,9 +102,11 @@ in {
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
services.openssh.settings.PasswordAuthentication = false; services.openssh.settings.PasswordAuthentication = false;
services.tlp.settings.USB_EXCLUDE_PHONE = 1; services.tlp.settings.USB_EXCLUDE_PHONE = 1;
services.tlp.settings.START_CHARGE_THRESH_BAT0 = 75; services.tlp.settings.START_CHARGE_THRESH_BAT0 = 75;
services.tlp.settings.STOP_CHARGE_THRESH_BAT0 = 80; services.tlp.settings.STOP_CHARGE_THRESH_BAT0 = 80;
i18n.defaultLocale = lib.mkDefault "en_US.UTF-8"; i18n.defaultLocale = lib.mkDefault "en_US.UTF-8";
i18n.supportedLocales = lib.mkDefault [ i18n.supportedLocales = lib.mkDefault [
"C.UTF-8/UTF-8" "C.UTF-8/UTF-8"
@ -92,50 +115,17 @@ in {
]; ];
# ISO-8601 # ISO-8601
i18n.extraLocaleSettings.LC_TIME = "en_DK.UTF-8"; i18n.extraLocaleSettings.LC_TIME = "en_DK.UTF-8";
environment.systemPackages = with pkgs; ([ environment.systemPackages = with pkgs; [
bottom bottom
wget
git git
rsync
tmux tmux
] ++ lib.optionals cfg.minimal [ wget
kitty.terminfo kitty.terminfo
# rxvt-unicode-unwrapped.terminfo # rxvt-unicode-unwrapped.terminfo
]); ];
programs.fish.interactiveShellInit = lib.mkIf cfg.minimal ''
set -gx SHELL ${pkgs.zsh}/bin/zsh
set -g fish_color_autosuggestion 777 brblack
set -g fish_color_command green
set -g fish_color_operator white
set -g fish_color_param white
set -g fish_key_bindings fish_vi_key_bindings
set -g fish_cursor_insert line
set -g fish_cursor_replace underscore
'';
programs.vim = lib.mkIf cfg.minimal {
defaultEditor = lib.mkDefault true;
package = pkgs.vim-full.customize {
vimrcConfig.customRC = ''
syntax on
au FileType markdown set colorcolumn=73 textwidth=72
au FileType gitcommit set colorcolumn=73
au BufReadPre * set foldmethod=syntax
au BufReadPost * folddoc foldopen!
autocmd BufReadPost * if @% !~# '\.git[\/\\]COMMIT_EDITMSG$' && line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g`\"" | endif
'';
vimrcConfig.packages.myVimPackage = with pkgs.vimPlugins; {
start = [ vim-sleuth ];
};
};
};
# this is supposed to default to false, but it doesn't because of nixos fish module
documentation.man.generateCaches = lib.mkIf cfg.minimal (mkForceDefault false);
# we don't need stuff like html files (NixOS manual and so on) on minimal machines
documentation.doc.enable = lib.mkIf cfg.minimal (lib.mkDefault false);
programs.fish.enable = true; programs.fish.enable = true;
# conflicts with bash module's mkDefault
# only override on minimal systems because on non-minimal systems
# because my fish config doesn't work well in fb/drm console
users.defaultUserShell = lib.mkIf cfg.minimal (mkForceDefault pkgs.fish);
users.users.${cfg.mainUsername} = { users.users.${cfg.mainUsername} = {
uid = 1000; uid = 1000;
isNormalUser = true; isNormalUser = true;
@ -143,17 +133,6 @@ in {
}; };
# nixos-hardware uses mkDefault here, so we use slightly higher priority # nixos-hardware uses mkDefault here, so we use slightly higher priority
services.xserver.libinput.enable = mkForceDefault (!cfg.minimal); services.xserver.libinput.enable = mkForceDefault (!cfg.minimal);
/*
services.xserver = {
enable = true;
libinput.enable = true;
desktopManager.xterm.enable = false;
# I couldn't get lightdm to start sway, so let's just do this
displayManager.startx.enable = true;
windowManager.i3.enable = true;
};
*/
# pipewire:
programs.fuse.userAllowOther = true; programs.fuse.userAllowOther = true;
# autologin once after boot # autologin once after boot
# --skip-login means directly call login instead of first asking for username # --skip-login means directly call login instead of first asking for username
@ -169,5 +148,58 @@ in {
exec ${shadow}/bin/login -f user exec ${shadow}/bin/login -f user
fi fi
''); '');
}; }
(lib.mkIf cfg.minimal {
programs.fish.interactiveShellInit = ''
set -gx SHELL ${pkgs.zsh}/bin/zsh
set -g fish_color_autosuggestion 777 brblack
set -g fish_color_command green
set -g fish_color_operator white
set -g fish_color_param white
set -g fish_key_bindings fish_vi_key_bindings
set -g fish_cursor_insert line
set -g fish_cursor_replace underscore
'';
# this is supposed to default to false, but it doesn't because of nixos fish module
documentation.man.generateCaches = mkForceDefault false;
# we don't need stuff like html files (NixOS manual and so on) on minimal machines
documentation.doc.enable = lib.mkDefault false;
# conflicts with bash module's mkDefault
# only override on minimal systems because on non-minimal systems
# my fish config doesn't work well in fb/drm console
users.defaultUserShell = lib.mkIf cfg.minimal (mkForceDefault pkgs.fish);
programs.vim = {
defaultEditor = lib.mkDefault true;
package = pkgs.vim-full.customize {
vimrcConfig.customRC = ''
syntax on
au FileType markdown set colorcolumn=73 textwidth=72
au FileType gitcommit set colorcolumn=73
au BufReadPre * set foldmethod=syntax
au BufReadPost * folddoc foldopen!
autocmd BufReadPost * if @% !~# '\.git[\/\\]COMMIT_EDITMSG$' && line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g`\"" | endif
'';
vimrcConfig.packages.myVimPackage = with pkgs.vimPlugins; {
start = [ vim-sleuth ];
};
};
};
})
(lib.mkIf (!cfg.minimal) {
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
security.polkit.enable = true;
security.rtkit.enable = true;
services.dbus.enable = true;
})
];
} }

View file

@ -75,7 +75,7 @@ in {
{ directory = config.programs.ccache.cacheDir; user = "root"; group = "nixbld"; mode = "0770"; } { directory = config.programs.ccache.cacheDir; user = "root"; group = "nixbld"; mode = "0770"; }
{ directory = /var/cache/sccache; user = "root"; group = "nixbld"; mode = "0770"; } { directory = /var/cache/sccache; user = "root"; group = "nixbld"; mode = "0770"; }
] ++ lib.optionals (config.services.coop-ofd.enable or false) [ ] ++ lib.optionals (config.services.coop-ofd.enable or false) [
{ directory = /var/lib/coop-ofd; mode = "0750"; } { directory = /var/lib/private/coop-ofd; mode = "0750"; }
] ++ lib.optionals config.services.dovecot2.enable [ ] ++ lib.optionals config.services.dovecot2.enable [
{ directory = /var/lib/dhparams; user = "root"; group = "root"; mode = "0755"; } { directory = /var/lib/dhparams; user = "root"; group = "root"; mode = "0755"; }
{ directory = /var/lib/dovecot; user = "root"; group = "root"; mode = "0755"; } { directory = /var/lib/dovecot; user = "root"; group = "root"; mode = "0755"; }
@ -106,6 +106,10 @@ in {
{ directory = /var/lib/murmur; user = "murmur"; group = "murmur"; mode = "0700"; } { directory = /var/lib/murmur; user = "murmur"; group = "murmur"; mode = "0700"; }
] ++ lib.optionals config.services.nextcloud.enable [ ] ++ lib.optionals config.services.nextcloud.enable [
{ directory = /var/lib/nextcloud; user = "nextcloud"; group = "nextcloud"; mode = "0750"; } { directory = /var/lib/nextcloud; user = "nextcloud"; group = "nextcloud"; mode = "0750"; }
] ++ lib.optionals config.networking.networkmanager.enable [
{ directory = /etc/NetworkManager/system-connections; mode = "0700"; }
{ directory = /var/lib/NetworkManager; mode = "0755"; }
{ directory = /var/lib/NetworkManager-fortisslvpn; mode = "0700"; }
] ++ lib.optionals config.services.opendkim.enable [ ] ++ lib.optionals config.services.opendkim.enable [
{ directory = /var/lib/opendkim; user = "opendkim"; group = "opendkim"; mode = "0700"; } { directory = /var/lib/opendkim; user = "opendkim"; group = "opendkim"; mode = "0700"; }
] ++ lib.optionals config.services.openldap.enable [ ] ++ lib.optionals config.services.openldap.enable [

View file

@ -0,0 +1,41 @@
{ config, lib, pkgs, ... }:
let
cfg = config.networking.modemmanager;
packages = [ pkgs.modemmanager ];
in
{
options.networking.modemmanager = {
enable = lib.mkEnableOption "ModemManager";
};
config = lib.mkIf cfg.enable {
assertions = [
{
assertion = !config.networking.networkmanager.enable;
message = "If you use NetworkManager, this module is redundant";
}
];
environment.etc = builtins.listToAttrs
(map ({ id, path }: { name = "ModemManager/fcc-unlock.d/${id}"; value.source = path; })
config.networking.networkmanager.fccUnlockScripts);
users.groups.networkmanager.gid = config.ids.gids.networkmanager;
systemd.services.ModemManager.aliases = [ "dbus-org.freedesktop.ModemManager1.service" ];
security.polkit.enable = true;
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if (subject.isInGroup("networkmanager") && (action.id.indexOf("org.freedesktop.ModemManager") == 0)) {
return polkit.Result.YES;
}
});
'';
environment.systemPackages = packages;
systemd.packages = packages;
services.udev.packages = packages;
};
}

View file

@ -0,0 +1,151 @@
{ config
, lib
, pkgs
, ...
}:
let
cfg = config.services.prometheus.exporters.ping;
inherit (lib) concatStrings literalExpression mkMerge mkDefault mkEnableOption mkIf mkOption types;
# copied from nixpkgs/nixos/modules/services/monitoring/prometheus/exporters
mkExporterOpts = { name, port }: {
enable = mkEnableOption (lib.mdDoc "the prometheus ${name} exporter");
port = mkOption {
type = types.port;
default = port;
description = lib.mdDoc ''
Port to listen on.
'';
};
listenAddress = mkOption {
type = types.str;
default = "0.0.0.0";
description = lib.mdDoc ''
Address to listen on.
'';
};
extraFlags = mkOption {
type = types.listOf types.str;
default = [];
description = lib.mdDoc ''
Extra commandline options to pass to the ${name} exporter.
'';
};
openFirewall = mkOption {
type = types.bool;
default = false;
description = lib.mdDoc ''
Open port in firewall for incoming connections.
'';
};
firewallFilter = mkOption {
type = types.nullOr types.str;
default = null;
example = literalExpression ''
"-i eth0 -p tcp -m tcp --dport ${toString port}"
'';
description = lib.mdDoc ''
Specify a filter for iptables to use when
{option}`services.prometheus.exporters.${name}.openFirewall`
is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
'';
};
user = mkOption {
type = types.str;
default = "${name}-exporter";
description = lib.mdDoc ''
User name under which the ${name} exporter shall be run.
'';
};
group = mkOption {
type = types.str;
default = "${name}-exporter";
description = lib.mdDoc ''
Group under which the ${name} exporter shall be run.
'';
};
};
mkExporterConf = { name, conf, serviceOpts }:
let
enableDynamicUser = serviceOpts.serviceConfig.DynamicUser or true;
in
mkIf conf.enable {
warnings = conf.warnings or [];
users.users."${name}-exporter" = (mkIf (conf.user == "${name}-exporter" && !enableDynamicUser) {
description = "Prometheus ${name} exporter service user";
isSystemUser = true;
inherit (conf) group;
});
users.groups = (mkIf (conf.group == "${name}-exporter" && !enableDynamicUser) {
"${name}-exporter" = {};
});
networking.firewall.extraCommands = mkIf conf.openFirewall (concatStrings [
"ip46tables -A nixos-fw ${conf.firewallFilter} "
"-m comment --comment ${name}-exporter -j nixos-fw-accept"
]);
systemd.services."prometheus-${name}-exporter" = mkMerge ([{
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig.Restart = mkDefault "always";
serviceConfig.PrivateTmp = mkDefault true;
serviceConfig.WorkingDirectory = mkDefault /tmp;
serviceConfig.DynamicUser = mkDefault enableDynamicUser;
serviceConfig.User = mkDefault conf.user;
serviceConfig.Group = conf.group;
# Hardening
serviceConfig.CapabilityBoundingSet = mkDefault [ "" ];
serviceConfig.DeviceAllow = [ "" ];
serviceConfig.LockPersonality = true;
serviceConfig.MemoryDenyWriteExecute = true;
serviceConfig.NoNewPrivileges = true;
serviceConfig.PrivateDevices = mkDefault true;
serviceConfig.ProtectClock = mkDefault true;
serviceConfig.ProtectControlGroups = true;
serviceConfig.ProtectHome = true;
serviceConfig.ProtectHostname = true;
serviceConfig.ProtectKernelLogs = true;
serviceConfig.ProtectKernelModules = true;
serviceConfig.ProtectKernelTunables = true;
serviceConfig.ProtectSystem = mkDefault "strict";
serviceConfig.RemoveIPC = true;
serviceConfig.RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
serviceConfig.RestrictNamespaces = true;
serviceConfig.RestrictRealtime = true;
serviceConfig.RestrictSUIDSGID = true;
serviceConfig.SystemCallArchitectures = "native";
serviceConfig.UMask = "0077";
} serviceOpts ]);
};
format = pkgs.formats.toml { };
in {
options.services.prometheus.exporters.ping = mkExporterOpts { name = "ping"; port = 9390; } // {
config = mkOption {
type = format.type;
default = { };
description = "Exporter config";
};
};
config = mkExporterConf {
name = "ping";
conf = cfg;
serviceOpts = {
serviceConfig = rec {
# netns switching
AmbientCapabilities = [
# set network namespace
"CAP_SYS_ADMIN"
# open icmp socket
"CAP_NET_RAW"
];
CapabilityBoundingSet = AmbientCapabilities;
RestrictNamespaces = lib.mkForce false;
ExecStart = ''
${pkgs.ping-exporter}/bin/ping-exporter \
--listen ${cfg.listenAddress}:${toString cfg.port} \
--config ${format.generate "ping-exporter-config.toml" cfg.config} \
${lib.escapeShellArgs cfg.extraFlags}
'';
};
};
};
}

View file

@ -1,14 +1,14 @@
{ config { config
, options
, lib , lib
, pkgs , pkgs
, ... }: , ... }:
let let
cfg = config.vfio; cfg = config.vfio;
enableIvshmem = cfg.lookingGlass.enable && (builtins.length cfg.lookingGlass.ivshmem) > 0;
in { in {
options.vfio = with lib; mkOption { options.vfio = with lib; {
type = types.submodule {
options = {
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
@ -73,14 +73,7 @@ in {
description = "Looking glass config"; description = "Looking glass config";
}; };
}; };
}; config = lib.mkIf cfg.enable {
description = "VFIO settings";
default = { };
};
# compatibility so this module loads on non-amd hardware
config = let
enableIvshmem = cfg.lookingGlass.enable && (builtins.length cfg.lookingGlass.ivshmem) > 0;
in lib.mkIf cfg.enable {
# add a custom kernel param for early loading vfio drivers # add a custom kernel param for early loading vfio drivers
# because if we change boot.initrd options in a specialization, two initrds will be built # because if we change boot.initrd options in a specialization, two initrds will be built
# and we don't want to build two initrds # and we don't want to build two initrds
@ -120,11 +113,11 @@ in {
''; '';
initrd.kernelModules = [ initrd.kernelModules = [
(if cfg.intelCpu then "kvm-intel" else "kvm-amd") (if cfg.intelCpu then "kvm-intel" else "kvm-amd")
] ++ (if cfg.passGpuAtBoot then [ ] ++ lib.optionals cfg.passGpuAtBoot [
"vfio" "vfio"
"vfio_iommu_type1" "vfio_iommu_type1"
"vfio_pci" "vfio_pci"
] else []); ];
initrd.availableKernelModules = lib.mkIf (!cfg.passGpuAtBoot) [ initrd.availableKernelModules = lib.mkIf (!cfg.passGpuAtBoot) [
"vfio" "vfio"
"vfio_iommu_type1" "vfio_iommu_type1"
@ -137,9 +130,9 @@ in {
extraModprobeConfig = '' extraModprobeConfig = ''
options vfio-pci ids=${builtins.concatStringsSep "," cfg.pciIDs} disable_idle_d3=1 options vfio-pci ids=${builtins.concatStringsSep "," cfg.pciIDs} disable_idle_d3=1
options kvm ignore_msrs=1 options kvm ignore_msrs=1
${if enableIvshmem then '' ${lib.optionalString enableIvshmem ''
options kvmfr static_size_mb=${builtins.concatStringsSep "," (map (x: toString x.size) cfg.lookingGlass.ivshmem)}'' options kvmfr static_size_mb=${builtins.concatStringsSep "," (map (x: toString x.size) cfg.lookingGlass.ivshmem)}
else ""} ''}
''; '';
kernelParams = [ kernelParams = [
(if cfg.intelCpu then "intel_iommu=on" else "amd_iommu=on") (if cfg.intelCpu then "intel_iommu=on" else "amd_iommu=on")
@ -147,7 +140,7 @@ in {
]; ];
kernelModules = [ kernelModules = [
"vhost-net" "vhost-net"
] ++ (if enableIvshmem then [ "kvmfr" ] else []); ] ++ lib.optional enableIvshmem "kvmfr";
}; };
services.udev.extraRules = lib.mkIf enableIvshmem services.udev.extraRules = lib.mkIf enableIvshmem
(builtins.concatStringsSep (builtins.concatStringsSep
@ -159,11 +152,11 @@ in {
cfg.lookingGlass.ivshmem)); cfg.lookingGlass.ivshmem));
hardware = { hardware = {
opengl.enable = true; opengl.enable = true;
} // (lib.optionalAttrs (cfg.enable && !(cfg.nvidiaGpu)) { } // lib.optionalAttrs (cfg.enable && !cfg.nvidiaGpu && options?hardware.amdgpu.loadInInitrd) {
# disable early KMS so GPU can be properly unbound # disable early KMS so GPU can be properly unbound
# can't use mkif because the option may not even exist # can't use mkif because the option may not even exist
amdgpu.loadInInitrd = false; amdgpu.loadInInitrd = false;
}); };
# needed for virt-manager # needed for virt-manager
programs.dconf.enable = true; programs.dconf.enable = true;
virtualisation.libvirtd = { virtualisation.libvirtd = {