Compare commits
3 commits
a212573774
...
ef7340e32a
Author | SHA1 | Date | |
---|---|---|---|
chayleaf | ef7340e32a | ||
chayleaf | 2de8bfdfe2 | ||
chayleaf | a624526c5b |
|
@ -218,16 +218,16 @@
|
||||||
"mobile-nixos": {
|
"mobile-nixos": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1697544701,
|
"lastModified": 1702959560,
|
||||||
"narHash": "sha256-u/59b13bwEqxR1x2l9SeSya2ZXABmjpUCdTrXVMLrsA=",
|
"narHash": "sha256-3EmjKFKBypRGluGEY1oUMkQRBRDO5rZdzUXwTlRbUiY=",
|
||||||
"owner": "chayleaf",
|
"owner": "chayleaf",
|
||||||
"repo": "mobile-nixos",
|
"repo": "mobile-nixos",
|
||||||
"rev": "b3ec466c5abbda7de279dccb010ab10e74dd07ee",
|
"rev": "55ec06035e85fcbda5caa6a73d045a9910fb16a2",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "chayleaf",
|
"owner": "chayleaf",
|
||||||
"ref": "cleanup",
|
"ref": "fix-op6-modem",
|
||||||
"repo": "mobile-nixos",
|
"repo": "mobile-nixos",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
|
299
flake.nix
299
flake.nix
|
@ -8,7 +8,7 @@
|
||||||
nixos-hardware.url = "github:NixOS/nixos-hardware";
|
nixos-hardware.url = "github:NixOS/nixos-hardware";
|
||||||
mobile-nixos = {
|
mobile-nixos = {
|
||||||
# url = "github:NixOS/mobile-nixos";
|
# url = "github:NixOS/mobile-nixos";
|
||||||
url = "github:chayleaf/mobile-nixos/cleanup";
|
url = "github:chayleaf/mobile-nixos/fix-op6-modem";
|
||||||
flake = false;
|
flake = false;
|
||||||
};
|
};
|
||||||
impermanence.url = "github:nix-community/impermanence";
|
impermanence.url = "github:nix-community/impermanence";
|
||||||
|
@ -59,38 +59,34 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = inputs@
|
outputs = base-inputs@{ self, nixpkgs, ... }:
|
||||||
{ self
|
|
||||||
, coop-ofd
|
|
||||||
, nixpkgs
|
|
||||||
, nixos-hardware
|
|
||||||
, mobile-nixos
|
|
||||||
, impermanence
|
|
||||||
, home-manager
|
|
||||||
, nur
|
|
||||||
, nix-gaming
|
|
||||||
, notlua
|
|
||||||
, notnft
|
|
||||||
, nixos-mailserver
|
|
||||||
, nixos-router
|
|
||||||
, maubot
|
|
||||||
, ... }:
|
|
||||||
let
|
let
|
||||||
# --impure required for developing
|
# --impure required for developing
|
||||||
# it takes the paths for modules from filesystem as opposed to flake inputs
|
# it takes the paths for modules from filesystem as opposed to flake inputs
|
||||||
devNft = false;
|
dev = {
|
||||||
devNixRt = false;
|
# coop-ofd = true;
|
||||||
devMaubot = false;
|
# maubot = true;
|
||||||
devCoopOfd = false;
|
# mobile-nixos = true;
|
||||||
|
# nixos-router = true;
|
||||||
|
# notnft = true;
|
||||||
|
};
|
||||||
# IRL-related stuff I'd rather not put into git
|
# IRL-related stuff I'd rather not put into git
|
||||||
priv =
|
priv =
|
||||||
if builtins.pathExists ./private.nix then (import ./private.nix { })
|
if builtins.pathExists ./private.nix then import ./private.nix { }
|
||||||
else if builtins.pathExists ./private/default.nix then (import ./private { })
|
else if builtins.pathExists ./private/default.nix then import ./private { }
|
||||||
# workaround for git flakes not having access to non-checked out files
|
# workaround for git flakes not having access to non-checked out files
|
||||||
else if builtins?extraBuiltins.secrets then builtins.extraBuiltins.secrets
|
else if builtins?extraBuiltins.secrets then builtins.extraBuiltins.secrets
|
||||||
# yes, this is impure, this is a last ditch effort at getting access to secrets
|
# yes, this is impure, this is a last ditch effort at getting access to secrets
|
||||||
else import /etc/nixos/private { };
|
else import /etc/nixos/private { };
|
||||||
devPath = priv.devPath or ../.;
|
devPath = priv.devPath or ../.;
|
||||||
|
inputs = builtins.mapAttrs
|
||||||
|
(name: input:
|
||||||
|
if dev.${name} or false then
|
||||||
|
(if input._type or null == "flake"
|
||||||
|
then (import base-inputs.flake-compat { src = /${devPath}/${name}; }).defaultNix
|
||||||
|
else /${devPath}/${name})
|
||||||
|
else input)
|
||||||
|
base-inputs;
|
||||||
# if x has key s, get it. Otherwise return def
|
# if x has key s, get it. Otherwise return def
|
||||||
# All private config for hostname
|
# All private config for hostname
|
||||||
getPriv = hostname: priv.${hostname} or { };
|
getPriv = hostname: priv.${hostname} or { };
|
||||||
|
@ -99,20 +95,13 @@
|
||||||
# Private home-manager config for hostname and username
|
# Private home-manager config for hostname and username
|
||||||
getPrivUser = hostname: user: (getPriv hostname).${user} or { };
|
getPrivUser = hostname: user: (getPriv hostname).${user} or { };
|
||||||
# extended lib
|
# extended lib
|
||||||
lib = nixpkgs.lib // {
|
lib = nixpkgs.lib // import ./lib.nix { inherit (nixpkgs) lib; };
|
||||||
quoteListenAddr = addr:
|
|
||||||
if nixpkgs.lib.hasInfix ":" addr then "[${addr}]" else addr;
|
|
||||||
};
|
|
||||||
# can't use callPackage ./pkgs here, idk why; use import instead
|
# can't use callPackage ./pkgs here, idk why; use import instead
|
||||||
overlay' = args: self: super: import ./pkgs ({
|
overlay' = args: self: super: import ./pkgs ({
|
||||||
pkgs = super;
|
pkgs = super;
|
||||||
pkgs' = self;
|
pkgs' = self;
|
||||||
lib = super.lib;
|
lib = super.lib;
|
||||||
nur = import nur {
|
inherit inputs;
|
||||||
pkgs = super;
|
|
||||||
nurpkgs = super;
|
|
||||||
};
|
|
||||||
nix-gaming = nix-gaming.packages.${super.system};
|
|
||||||
} // args);
|
} // args);
|
||||||
overlay = overlay' { };
|
overlay = overlay' { };
|
||||||
# I override some settings down the line, but overlays always stay the same
|
# I override some settings down the line, but overlays always stay the same
|
||||||
|
@ -129,182 +118,37 @@
|
||||||
system = "aarch64-linux";
|
system = "aarch64-linux";
|
||||||
modules = [
|
modules = [
|
||||||
{
|
{
|
||||||
_module.args.server-config = nixosConfigurations.server.config;
|
_module.args.server-config = self.nixosConfigurations.server.config;
|
||||||
_module.args.notnft = if devNft then (import /${devPath}/notnft { inherit (nixpkgs) lib; }).config.notnft else notnft.lib.${system};
|
_module.args.notnft = inputs.notnft.lib.${system};
|
||||||
}
|
}
|
||||||
(if devNixRt then import /${devPath}/nixos-router else nixos-router.nixosModules.default)
|
inputs.nixos-router.nixosModules.default
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
crossConfig' = from: config: config // {
|
in {
|
||||||
modules = config.modules ++ [
|
|
||||||
{
|
|
||||||
_module.args.fromSourcePkgs = (mkPkgs { system = from; }).pkgsCross.${{
|
|
||||||
aarch64-linux = "aarch64-multiplatform";
|
|
||||||
}.${config.system}};
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
crossConfig = config: crossConfig' ({
|
|
||||||
x86_64-linux = "aarch64-linux";
|
|
||||||
aarch64-linux = "x86_64-linux";
|
|
||||||
}.${config.system}) config;
|
|
||||||
in rec {
|
|
||||||
router-emmc = mkBpiR3 "emmc" routerConfig;
|
router-emmc = mkBpiR3 "emmc" routerConfig;
|
||||||
router-sd = mkBpiR3 "sd" routerConfig;
|
router-sd = mkBpiR3 "sd" routerConfig;
|
||||||
router-emmc-cross = crossConfig router-emmc;
|
|
||||||
router-sd-cross = crossConfig router-emmc;
|
|
||||||
server = {
|
server = {
|
||||||
system = "aarch64-linux";
|
system = "aarch64-linux";
|
||||||
modules = [
|
modules = [
|
||||||
{ _module.args.router-config = nixosConfigurations.router-emmc.config; }
|
{ _module.args.router-config = self.nixosConfigurations.router-emmc.config; }
|
||||||
nixos-mailserver.nixosModules.default
|
|
||||||
./system/devices/radxa-rock5a-server.nix
|
./system/devices/radxa-rock5a-server.nix
|
||||||
(if devMaubot then import /${devPath}/maubot.nix/module else maubot.nixosModules.default)
|
|
||||||
(if devCoopOfd then import /${devPath}/coop-ofd else coop-ofd).nixosModules.default
|
|
||||||
./system/modules/scanservjs.nix
|
|
||||||
./system/modules/qbittorrent.nix
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
server-cross = crossConfig server;
|
|
||||||
nixmsi = rec {
|
nixmsi = rec {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
modules = [
|
modules = [ ./system/devices/msi-delta-15-workstation.nix ];
|
||||||
nix-gaming.nixosModules.pipewireLowLatency
|
|
||||||
./system/devices/msi-delta-15-workstation.nix
|
|
||||||
];
|
|
||||||
home.common.enableNixosModule = false;
|
|
||||||
home.common.extraSpecialArgs = {
|
home.common.extraSpecialArgs = {
|
||||||
notlua = notlua.lib.${system};
|
notlua = inputs.notlua.lib.${system};
|
||||||
};
|
};
|
||||||
home.user = [
|
home.user = [ ./home/hosts/nixmsi.nix ];
|
||||||
nur.nixosModules.nur
|
|
||||||
./home/hosts/nixmsi.nix
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
nixmsi-cross = crossConfig nixmsi;
|
|
||||||
phone = {
|
phone = {
|
||||||
system = "aarch64-linux";
|
system = "aarch64-linux";
|
||||||
modules = [
|
modules = [ ./system/devices/oneplus-6-phone.nix ];
|
||||||
(import "${mobile-nixos}/lib/configuration.nix" {
|
|
||||||
device = "oneplus-enchilada";
|
|
||||||
})
|
|
||||||
./system/hosts/phone/default.nix
|
|
||||||
];
|
|
||||||
};
|
};
|
||||||
phone-cross = crossConfig phone;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
# this is the system config processing part
|
|
||||||
nixosConfigurations = builtins.mapAttrs (hostname: args @ { system, modules, specialArgs ? {}, nixpkgs ? {}, home ? {}, ... }:
|
|
||||||
lib.nixosSystem ({
|
|
||||||
inherit system;
|
|
||||||
# allow modules to access nixpkgs directly, use customized lib,
|
|
||||||
# and pass nixos-harware to let hardware modules import parts of nixos-hardware
|
|
||||||
specialArgs = {
|
|
||||||
inherit lib nixpkgs;
|
|
||||||
hardware = nixos-hardware.nixosModules;
|
|
||||||
} // specialArgs;
|
|
||||||
modules = modules ++ [
|
|
||||||
# Third-party NixOS modules
|
|
||||||
impermanence.nixosModule
|
|
||||||
# My custom NixOS modules
|
|
||||||
./system/modules/vfio.nix
|
|
||||||
./system/modules/ccache.nix
|
|
||||||
./system/modules/impermanence.nix
|
|
||||||
./system/modules/common.nix
|
|
||||||
(getPrivSys hostname)
|
|
||||||
# The common configuration that isn't part of common.nix
|
|
||||||
({ config, pkgs, lib, ... }: {
|
|
||||||
networking.hostName = lib.mkDefault hostname;
|
|
||||||
nixpkgs.overlays = [ overlay ];
|
|
||||||
nix.extraOptions = ''
|
|
||||||
plugin-files = ${pkgs.nix-plugins.override { nix = config.nix.package; }}/lib/nix/plugins/libnix-extra-builtins.so
|
|
||||||
'';
|
|
||||||
|
|
||||||
# registry is used for the new flaky nix command
|
|
||||||
nix.registry =
|
|
||||||
builtins.mapAttrs
|
|
||||||
(_: v: { flake = v; })
|
|
||||||
(lib.filterAttrs (_: v: v?outputs) inputs);
|
|
||||||
|
|
||||||
# add import'able flake inputs (like nixpkgs) to nix path
|
|
||||||
# nix path is used for old nix commands (like nix-build, nix-shell)
|
|
||||||
environment.etc = lib.mapAttrs'
|
|
||||||
(name: value: {
|
|
||||||
name = "nix/inputs/${name}";
|
|
||||||
value = { source = value.outPath; };
|
|
||||||
})
|
|
||||||
(lib.filterAttrs (_: v: builtins.pathExists "${v}/default.nix") inputs);
|
|
||||||
nix.nixPath = [ "/etc/nix/inputs" ];
|
|
||||||
})
|
|
||||||
]
|
|
||||||
# the following is NixOS home-manager module configuration. Currently unused, but I might start using it for some hosts later.
|
|
||||||
++ (lib.optionals (home != {} && ((home.common or {}).enableNixosModule or true)) [
|
|
||||||
home-manager.nixosModules.home-manager
|
|
||||||
{
|
|
||||||
home-manager = builtins.removeAttrs (home.common or { }) [ "nixpkgs" "nix" "enableNixosModule" ];
|
|
||||||
}
|
|
||||||
{
|
|
||||||
# set both to false to match behavior with standalone home-manager
|
|
||||||
home-manager.useGlobalPkgs = false;
|
|
||||||
home-manager.useUserPackages = false;
|
|
||||||
home-manager.users = builtins.mapAttrs (username: modules: {
|
|
||||||
imports = modules ++ [
|
|
||||||
{
|
|
||||||
nixpkgs = (home.common or { }).nixpkgs or { };
|
|
||||||
nix = (home.common or { }).nix or { };
|
|
||||||
}
|
|
||||||
({ config, pkgs, lib, ...}: {
|
|
||||||
nixpkgs.overlays = [ overlay ];
|
|
||||||
nix.package = lib.mkDefault pkgs.nixForNixPlugins;
|
|
||||||
# this is only needed if nixos doesnt set plugin-files already
|
|
||||||
/*nix.extraOptions = ''
|
|
||||||
plugin-files = ${pkgs.nix-plugins.override { nix = config.nix.package; }}/lib/nix/plugins/libnix-extra-builtins.so
|
|
||||||
'';*/
|
|
||||||
})
|
|
||||||
(getPrivUser hostname username)
|
|
||||||
];
|
|
||||||
}) (builtins.removeAttrs home [ "common" ]);
|
|
||||||
}
|
|
||||||
]);
|
|
||||||
} // (builtins.removeAttrs args [ "home" "modules" "nixpkgs" ])))
|
|
||||||
config;
|
|
||||||
|
|
||||||
# for each hostname, for each user, generate an attribute "${user}@${hostname}"
|
|
||||||
homeConfigurations =
|
|
||||||
builtins.foldl'
|
|
||||||
(a: b: a // b)
|
|
||||||
{ }
|
|
||||||
(builtins.concatLists
|
|
||||||
(lib.mapAttrsToList
|
|
||||||
(hostname: sysConfig:
|
|
||||||
let
|
|
||||||
inherit (sysConfig) system;
|
|
||||||
common' = builtins.removeAttrs (sysConfig.home.common or { }) [ "nix" "nixpkgs" "enableNixosModule" ];
|
|
||||||
pkgs = mkPkgs ({ inherit system; } // ((sysConfig.home.common or { }).nixpkgs or {}));
|
|
||||||
common = common' // { inherit pkgs; };
|
|
||||||
in
|
|
||||||
lib.mapAttrsToList
|
|
||||||
# this is where actual config takes place
|
|
||||||
(user: homeConfig: {
|
|
||||||
"${user}@${hostname}" = home-manager.lib.homeManagerConfiguration (common // {
|
|
||||||
modules = homeConfig ++ [
|
|
||||||
(getPrivUser hostname user)
|
|
||||||
({ config, pkgs, lib, ... }: {
|
|
||||||
nixpkgs.overlays = [ overlay ];
|
|
||||||
nix.package = lib.mkDefault pkgs.nixForNixPlugins;
|
|
||||||
# this is only needed if nixos doesnt set plugin-files already
|
|
||||||
/*nix.extraOptions = ''
|
|
||||||
plugin-files = ${pkgs.nix-plugins.override { nix = config.nix.package; }}/lib/nix/plugins/libnix-extra-builtins.so
|
|
||||||
'';*/
|
|
||||||
})
|
|
||||||
];
|
|
||||||
});
|
|
||||||
})
|
|
||||||
(builtins.removeAttrs (sysConfig.home or { }) [ "common" ]))
|
|
||||||
config));
|
|
||||||
in {
|
in {
|
||||||
inherit nixosConfigurations homeConfigurations;
|
|
||||||
overlays.default = overlay;
|
overlays.default = overlay;
|
||||||
packages = lib.genAttrs [
|
packages = lib.genAttrs [
|
||||||
"x86_64-linux"
|
"x86_64-linux"
|
||||||
|
@ -312,24 +156,87 @@
|
||||||
] (system: let self = overlay' { isOverlay = false; } (mkPkgs { inherit system; } // self) (import nixpkgs { inherit system; }); in self);
|
] (system: let self = overlay' { isOverlay = false; } (mkPkgs { inherit system; } // self) (import nixpkgs { inherit system; }); in self);
|
||||||
nixosImages.router = let pkgs = mkPkgs { inherit (config.router-emmc) system; }; in {
|
nixosImages.router = let pkgs = mkPkgs { inherit (config.router-emmc) system; }; in {
|
||||||
emmcImage = pkgs.callPackage ./system/hardware/bpi-r3/image.nix {
|
emmcImage = pkgs.callPackage ./system/hardware/bpi-r3/image.nix {
|
||||||
inherit (nixosConfigurations.router-emmc) config;
|
inherit (self.nixosConfigurations.router-emmc) config;
|
||||||
rootfsImage = nixosConfigurations.router-emmc.config.system.build.rootfsImage;
|
rootfsImage = self.nixosConfigurations.router-emmc.config.system.build.rootfsImage;
|
||||||
bpiR3Stuff = pkgs.bpiR3StuffEmmc;
|
bpiR3Stuff = pkgs.bpiR3StuffEmmc;
|
||||||
};
|
};
|
||||||
sdImage = pkgs.callPackage ./system/hardware/bpi-r3/image.nix {
|
sdImage = pkgs.callPackage ./system/hardware/bpi-r3/image.nix {
|
||||||
inherit (nixosConfigurations.router-sd) config;
|
inherit (self.nixosConfigurations.router-sd) config;
|
||||||
rootfsImage = nixosConfigurations.router-sd.config.system.build.rootfsImage;
|
rootfsImage = self.nixosConfigurations.router-sd.config.system.build.rootfsImage;
|
||||||
bpiR3Stuff = pkgs.bpiR3StuffSd;
|
bpiR3Stuff = pkgs.bpiR3StuffSd;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
nixosImages.phone = nixosConfigurations.phone.config.mobile.outputs.disk-image;
|
|
||||||
nixosImages.phone-fastboot = nixosConfigurations.phone.config.mobile.outputs.android.android-fastboot-image;
|
|
||||||
|
|
||||||
hydraJobs = {
|
hydraJobs = {
|
||||||
server.${config.server.system} = nixosConfigurations.server.config.system.build.toplevel;
|
server.${config.server.system} = self.nixosConfigurations.server.config.system.build.toplevel;
|
||||||
workstation.${config.nixmsi.system} = nixosConfigurations.nixmsi.config.system.build.toplevel;
|
workstation.${config.nixmsi.system} = self.nixosConfigurations.nixmsi.config.system.build.toplevel;
|
||||||
router.${config.router-emmc.system} = nixosConfigurations.router-emmc.config.system.build.toplevel;
|
router.${config.router-emmc.system} = self.nixosConfigurations.router-emmc.config.system.build.toplevel;
|
||||||
workstation-home.${config.nixmsi.system} = homeConfigurations."user@nixmsi".activation-script;
|
workstation-home.${config.nixmsi.system} = self.homeConfigurations."user@nixmsi".activation-script;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# this is the system config processing part
|
||||||
|
nixosConfigurations = lib.flip builtins.mapAttrs config (hostname: args @ { modules, nixpkgs ? {}, home ? {}, ... }:
|
||||||
|
lib.nixosSystem {
|
||||||
|
inherit (args) system;
|
||||||
|
# allow modules to access nixpkgs directly, use customized lib,
|
||||||
|
# and pass nixos-harware to let hardware modules import parts of nixos-hardware
|
||||||
|
specialArgs = {
|
||||||
|
inherit inputs lib;
|
||||||
|
hardware = inputs.nixos-hardware.nixosModules;
|
||||||
|
} // args.specialArgs or { };
|
||||||
|
modules = args.modules or [ ]
|
||||||
|
++ [
|
||||||
|
(getPrivSys hostname)
|
||||||
|
{ networking.hostName = lib.mkDefault hostname;
|
||||||
|
nixpkgs.overlays = [ overlay ]; }
|
||||||
|
inputs.impermanence.nixosModule
|
||||||
|
]
|
||||||
|
++ map (x: ./system/modules/${x}) (builtins.attrNames (builtins.readDir ./system/modules))
|
||||||
|
# the following is NixOS home-manager module configuration. Currently unused, but I might start using it for some hosts later.
|
||||||
|
++ lib.optionals (home != { } && home.common.enableNixosModule or false) [
|
||||||
|
inputs.home-manager.nixosModules.home-manager
|
||||||
|
{ home-manager = builtins.removeAttrs (home.common or { }) [ "nixpkgs" "nix" "enableNixosModule" ]; }
|
||||||
|
{ # set both to false to match behavior with standalone home-manager
|
||||||
|
home-manager.useGlobalPkgs = false;
|
||||||
|
home-manager.useUserPackages = false;
|
||||||
|
home-manager.users = builtins.mapAttrs (username: modules: {
|
||||||
|
imports = modules ++ [
|
||||||
|
{ nixpkgs = home.common.nixpkgs or { };
|
||||||
|
nix = home.common.nix or { }; }
|
||||||
|
({ config, pkgs, lib, ...}: {
|
||||||
|
nixpkgs.overlays = [ overlay ];
|
||||||
|
nix.package = lib.mkDefault pkgs.nixForNixPlugins; })
|
||||||
|
(getPrivUser hostname username)
|
||||||
|
];
|
||||||
|
}) (builtins.removeAttrs home [ "common" ]); }
|
||||||
|
];
|
||||||
|
});
|
||||||
|
|
||||||
|
# for each hostname, for each user, generate an attribute "${user}@${hostname}"
|
||||||
|
homeConfigurations =
|
||||||
|
builtins.listToAttrs (builtins.concatLists
|
||||||
|
(lib.flip lib.mapAttrsToList config
|
||||||
|
(hostname: { system, home ? {}, ... }:
|
||||||
|
let
|
||||||
|
common' = builtins.removeAttrs (home.common or { }) [ "nix" "nixpkgs" "enableNixosModule" ];
|
||||||
|
pkgs = mkPkgs ({ inherit system; } // home.common.nixpkgs or { });
|
||||||
|
common = common' // { inherit pkgs; };
|
||||||
|
in
|
||||||
|
lib.flip lib.mapAttrsToList (builtins.removeAttrs home [ "common" ])
|
||||||
|
# this is where actual config takes place
|
||||||
|
(user: homeConfig: lib.nameValuePair "${user}@${hostname}"
|
||||||
|
(inputs.home-manager.lib.homeManagerConfiguration (common // {
|
||||||
|
extraSpecialArgs = (common.extraSpecialArgs or { }) // { inherit inputs; };
|
||||||
|
modules =
|
||||||
|
homeConfig
|
||||||
|
++ common.modules or [ ]
|
||||||
|
++ [
|
||||||
|
(getPrivUser hostname user)
|
||||||
|
({ pkgs, lib, ... }: {
|
||||||
|
nixpkgs.overlays = [ overlay ];
|
||||||
|
nix.package = lib.mkDefault pkgs.nixForNixPlugins;
|
||||||
|
})
|
||||||
|
];
|
||||||
|
}))))));
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -147,6 +147,7 @@
|
||||||
readline = {
|
readline = {
|
||||||
enable = true;
|
enable = true;
|
||||||
variables.editing-mode = "vi";
|
variables.editing-mode = "vi";
|
||||||
|
variables.show-mode-in-prompt = true;
|
||||||
};
|
};
|
||||||
nix-index = {
|
nix-index = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -1,4 +1,9 @@
|
||||||
{ pkgs, lib, ... }:
|
{ pkgs
|
||||||
|
, lib
|
||||||
|
, inputs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
../common/general.nix
|
../common/general.nix
|
||||||
|
@ -7,6 +12,7 @@
|
||||||
../common/nvim.nix
|
../common/nvim.nix
|
||||||
../common/helix.nix
|
../common/helix.nix
|
||||||
../common/kakoune.nix
|
../common/kakoune.nix
|
||||||
|
inputs.nur.nixosModules.nur
|
||||||
];
|
];
|
||||||
|
|
||||||
nix.settings = {
|
nix.settings = {
|
||||||
|
|
6
lib.nix
Normal file
6
lib.nix
Normal file
|
@ -0,0 +1,6 @@
|
||||||
|
{ lib, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
quoteListenAddr = addr:
|
||||||
|
if lib.hasInfix ":" addr then "[${addr}]" else addr;
|
||||||
|
}
|
51
pkgs/buffyboard/default.nix
Normal file
51
pkgs/buffyboard/default.nix
Normal file
|
@ -0,0 +1,51 @@
|
||||||
|
{ lib
|
||||||
|
, stdenv
|
||||||
|
, fetchFromGitLab
|
||||||
|
, meson
|
||||||
|
, ninja
|
||||||
|
, pkg-config
|
||||||
|
, libinput
|
||||||
|
, libxkbcommon
|
||||||
|
, libevdev
|
||||||
|
}:
|
||||||
|
|
||||||
|
stdenv.mkDerivation {
|
||||||
|
pname = "buffyboard";
|
||||||
|
version = "unstable-2023-11-20";
|
||||||
|
|
||||||
|
src = fetchFromGitLab {
|
||||||
|
owner = "postmarketOS";
|
||||||
|
repo = "buffybox";
|
||||||
|
rev = "14b30c60183d98e8d0b4dadf66198e08badf631e";
|
||||||
|
hash = "sha256-9wLuTAqYoFl+IAR1ixp0nHwh6jBWl+1jDPhhxqE+LHQ=";
|
||||||
|
fetchSubmodules = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
# https://gitlab.com/postmarketOS/buffybox/-/issues/1
|
||||||
|
hardeningDisable = [ "fortify3" ];
|
||||||
|
|
||||||
|
postPatch = ''
|
||||||
|
cd buffyboard
|
||||||
|
'';
|
||||||
|
|
||||||
|
nativeBuildInputs = [
|
||||||
|
meson
|
||||||
|
ninja
|
||||||
|
pkg-config
|
||||||
|
];
|
||||||
|
|
||||||
|
buildInputs = [
|
||||||
|
libevdev
|
||||||
|
libinput
|
||||||
|
libxkbcommon
|
||||||
|
];
|
||||||
|
|
||||||
|
meta = with lib; {
|
||||||
|
description = "";
|
||||||
|
homepage = "https://gitlab.com/postmarketOS/buffybox/-/tree/master/buffyboard";
|
||||||
|
license = licenses.gpl3Only;
|
||||||
|
maintainers = with maintainers; [ chayleaf ];
|
||||||
|
mainProgram = "buffyboard";
|
||||||
|
platforms = platforms.all;
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,20 +1,25 @@
|
||||||
{ pkgs
|
{ pkgs
|
||||||
, lib
|
, lib
|
||||||
, nur
|
, inputs
|
||||||
, nix-gaming
|
|
||||||
, pkgs' ? pkgs
|
, pkgs' ? pkgs
|
||||||
, isOverlay ? true
|
, isOverlay ? true
|
||||||
, ... }:
|
, ...
|
||||||
|
}:
|
||||||
|
|
||||||
let
|
let
|
||||||
inherit (pkgs') callPackage;
|
inherit (pkgs') callPackage;
|
||||||
sources = import ./_sources/generated.nix {
|
sources = import ./_sources/generated.nix {
|
||||||
inherit (pkgs) fetchgit fetchurl fetchFromGitHub dockerTools;
|
inherit (pkgs) fetchgit fetchurl fetchFromGitHub dockerTools;
|
||||||
};
|
};
|
||||||
nixForNixPlugins = pkgs.nixVersions.nix_2_18;
|
nixForNixPlugins = pkgs.nixVersions.nix_2_18;
|
||||||
|
nur = import inputs.nur {
|
||||||
|
inherit pkgs;
|
||||||
|
nurpkgs = pkgs;
|
||||||
|
};
|
||||||
in
|
in
|
||||||
|
|
||||||
{
|
{
|
||||||
inherit (nix-gaming) faf-client osu-lazer-bin;
|
inherit (inputs.nix-gaming.packages.${pkgs.system}) faf-client osu-lazer-bin;
|
||||||
inherit nixForNixPlugins;
|
inherit nixForNixPlugins;
|
||||||
nix = nixForNixPlugins;
|
nix = nixForNixPlugins;
|
||||||
nixVersions = pkgs.nixVersions.extend (self: super: {
|
nixVersions = pkgs.nixVersions.extend (self: super: {
|
||||||
|
@ -63,6 +68,7 @@ in
|
||||||
meta = builtins.removeAttrs old.meta [ "broken" ];
|
meta = builtins.removeAttrs old.meta [ "broken" ];
|
||||||
});*/
|
});*/
|
||||||
|
|
||||||
|
buffyboard = pkgs.callPackage ./buffyboard { };
|
||||||
clang-tools_latest = pkgs.clang-tools_16;
|
clang-tools_latest = pkgs.clang-tools_16;
|
||||||
clang_latest = pkgs.clang_16;
|
clang_latest = pkgs.clang_16;
|
||||||
/*ghidra = pkgs.ghidra.overrideAttrs (old: {
|
/*ghidra = pkgs.ghidra.overrideAttrs (old: {
|
||||||
|
@ -108,6 +114,7 @@ in
|
||||||
kvmfrOverlay = kvmfr: kvmfr.overrideAttrs (old: {
|
kvmfrOverlay = kvmfr: kvmfr.overrideAttrs (old: {
|
||||||
inherit (pkgs'.looking-glass-client) version src;
|
inherit (pkgs'.looking-glass-client) version src;
|
||||||
});
|
});
|
||||||
|
ping-exporter = callPackage ./ping-exporter { };
|
||||||
proton-ge = pkgs.stdenvNoCC.mkDerivation {
|
proton-ge = pkgs.stdenvNoCC.mkDerivation {
|
||||||
inherit (sources.proton-ge) pname version src;
|
inherit (sources.proton-ge) pname version src;
|
||||||
installPhase = ''
|
installPhase = ''
|
||||||
|
@ -155,3 +162,4 @@ in
|
||||||
}
|
}
|
||||||
// import ./ccache.nix { inherit pkgs pkgs' lib sources; }
|
// import ./ccache.nix { inherit pkgs pkgs' lib sources; }
|
||||||
// import ../system/hardware/bpi-r3/pkgs.nix { inherit pkgs pkgs' lib sources; }
|
// import ../system/hardware/bpi-r3/pkgs.nix { inherit pkgs pkgs' lib sources; }
|
||||||
|
// import ../system/hardware/oneplus-enchilada/pkgs.nix { inherit inputs pkgs pkgs' lib sources; }
|
||||||
|
|
24
pkgs/ping-exporter/default.nix
Normal file
24
pkgs/ping-exporter/default.nix
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
{ lib
|
||||||
|
, fetchFromGitHub
|
||||||
|
, rustPlatform
|
||||||
|
}:
|
||||||
|
|
||||||
|
rustPlatform.buildRustPackage rec {
|
||||||
|
pname = "ping-exporter";
|
||||||
|
version = "0.1";
|
||||||
|
|
||||||
|
src = fetchFromGitHub {
|
||||||
|
owner = "chayleaf";
|
||||||
|
repo = "ping-exporter";
|
||||||
|
rev = "cf5e5f7e96fb477e015d44cd462fb996b944c896";
|
||||||
|
hash = "sha256-eZncfKTegLp+KBnAds8YR7ZMN8i7jDIIN8qt7832+0Y=";
|
||||||
|
};
|
||||||
|
|
||||||
|
cargoLock.lockFile = "${src}/Cargo.lock";
|
||||||
|
|
||||||
|
meta = with lib; {
|
||||||
|
description = "A ping exporter for Prometheus";
|
||||||
|
license = with lib.licenses; [ mit asl20 ];
|
||||||
|
maintainers = with lib.maintainers; [ chayleaf ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -14,6 +14,12 @@ in
|
||||||
];
|
];
|
||||||
networking.hostName = "nixos-router";
|
networking.hostName = "nixos-router";
|
||||||
|
|
||||||
|
systemd.enableEmergencyMode = false;
|
||||||
|
boot.kernel.sysctl = {
|
||||||
|
"net.core.default_qdisc" = "fq";
|
||||||
|
"net.ipv4.tcp_congestion_control" = "bbr";
|
||||||
|
};
|
||||||
|
|
||||||
fileSystems = {
|
fileSystems = {
|
||||||
# mount root on tmpfs
|
# mount root on tmpfs
|
||||||
"/" = { device = "none"; fsType = "tmpfs"; neededForBoot = true;
|
"/" = { device = "none"; fsType = "tmpfs"; neededForBoot = true;
|
||||||
|
|
62
system/devices/oneplus-6-phone.nix
Normal file
62
system/devices/oneplus-6-phone.nix
Normal file
|
@ -0,0 +1,62 @@
|
||||||
|
{ config
|
||||||
|
, lib
|
||||||
|
, ...
|
||||||
|
}:
|
||||||
|
|
||||||
|
let
|
||||||
|
uuids.enc = "e2abdea5-71dc-4a9e-aff3-242117342d60";
|
||||||
|
uuids.boot = "9DA3-28AC";
|
||||||
|
uuids.bch = "ac343ffb-407c-4966-87bf-a0ef1075e93d";
|
||||||
|
parts = builtins.mapAttrs (k: v: "/dev/disk/by-uuid/${v}") uuids;
|
||||||
|
in
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
../hardware/oneplus-enchilada
|
||||||
|
../hosts/phone
|
||||||
|
];
|
||||||
|
|
||||||
|
# https://gitlab.com/postmarketOS/pmaports/-/issues/2440
|
||||||
|
# networking.wireless.iwd.enable = true;
|
||||||
|
networking.modemmanager.enable = lib.mkForce false;
|
||||||
|
networking.networkmanager.enable = true;
|
||||||
|
|
||||||
|
boot.loader = {
|
||||||
|
grub.enable = false;
|
||||||
|
systemd-boot.enable = true;
|
||||||
|
efi.canTouchEfiVariables = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.initrd = {
|
||||||
|
luks.devices.cryptroot = {
|
||||||
|
device = parts.enc;
|
||||||
|
allowDiscards = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.supportedFilesystems = [ "bcachefs" ];
|
||||||
|
|
||||||
|
fileSystems = let
|
||||||
|
neededForBoot = true;
|
||||||
|
in {
|
||||||
|
"/" = { device = "none"; fsType = "tmpfs"; inherit neededForBoot;
|
||||||
|
options = [ "defaults" "size=2G" "mode=755" ]; };
|
||||||
|
"/persist" =
|
||||||
|
{ device = "UUID=${uuids.bch}"; fsType = "bcachefs"; inherit neededForBoot;
|
||||||
|
options = [ "errors=ro" ]; };
|
||||||
|
"/boot" = { device = parts.boot; fsType = "vfat"; inherit neededForBoot; };
|
||||||
|
};
|
||||||
|
|
||||||
|
zramSwap.enable = true;
|
||||||
|
|
||||||
|
impermanence = {
|
||||||
|
enable = true;
|
||||||
|
path = /persist;
|
||||||
|
directories = [
|
||||||
|
{ directory = /home/${config.common.mainUsername}; user = config.common.mainUsername; group = "users"; mode = "0700"; }
|
||||||
|
{ directory = /root; mode = "0700"; }
|
||||||
|
{ directory = /nix; }
|
||||||
|
{ directory = /secrets; mode = "0000"; }
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
|
@ -29,6 +29,12 @@ in
|
||||||
"dm_mod" "dm_crypt" "encrypted_keys"
|
"dm_mod" "dm_crypt" "encrypted_keys"
|
||||||
];
|
];
|
||||||
|
|
||||||
|
systemd.enableEmergencyMode = false;
|
||||||
|
boot.kernel.sysctl = {
|
||||||
|
"net.core.default_qdisc" = "fq";
|
||||||
|
"net.ipv4.tcp_congestion_control" = "bbr";
|
||||||
|
};
|
||||||
|
|
||||||
networking.useDHCP = true;
|
networking.useDHCP = true;
|
||||||
/*
|
/*
|
||||||
# as expected, systemd initrd and networking didn't work well, and i really cba to debug it
|
# as expected, systemd initrd and networking didn't work well, and i really cba to debug it
|
||||||
|
|
|
@ -8,8 +8,7 @@
|
||||||
generic-extlinux-compatible.enable = true;
|
generic-extlinux-compatible.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
#boot.kernelPackages = config._module.args.fromSourcePkgs.linuxPackages_bpiR3_ccache or pkgs.linuxPackages_bpiR3_ccache;
|
boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.buildLinuxWithCcache pkgs.linux_bpiR3);
|
||||||
boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.buildLinuxWithCcache (config._module.args.fromSourcePkgs.linux_bpiR3 or pkgs.linux_bpiR3));
|
|
||||||
|
|
||||||
hardware.deviceTree.enable = true;
|
hardware.deviceTree.enable = true;
|
||||||
hardware.deviceTree.filter = "mt7986a-bananapi-bpi-r3.dtb";
|
hardware.deviceTree.filter = "mt7986a-bananapi-bpi-r3.dtb";
|
||||||
|
|
|
@ -24,45 +24,4 @@
|
||||||
"amdgpu.noretry=0"
|
"amdgpu.noretry=0"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
# TODO: really, really, please, I want latest firmware to work...
|
|
||||||
nixpkgs.overlays = [
|
|
||||||
(final: prev: {
|
|
||||||
amd-ucode = prev.amd-ucode.override { inherit (final) linux-firmware; };
|
|
||||||
linux-firmware = prev.stdenvNoCC.mkDerivation {
|
|
||||||
inherit (prev.linux-firmware) pname version meta src dontFixup installFlags nativeBuildInputs;
|
|
||||||
passthru = { inherit (prev.linux-firmware) version; };
|
|
||||||
|
|
||||||
# revert microcode updates which break boot for me
|
|
||||||
patches = [
|
|
||||||
./revert-amd-ucode-update-fam17h.patch
|
|
||||||
./revert-amd-ucode-update-fam19h.patch
|
|
||||||
];
|
|
||||||
postPatch = ''
|
|
||||||
cp ${final.fetchurl {
|
|
||||||
name = "microcode_amd_fam17h.bin";
|
|
||||||
url = "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/amd-ucode/microcode_amd_fam17h.bin?id=b250b32ab1d044953af2dc5e790819a7703b7ee6";
|
|
||||||
hash = "sha256-HnKjEb2di7BiKB09JYUjIUuZNCVgXlwRSbjijnuYBcM=";
|
|
||||||
}} amd-ucode/microcode_amd_fam17h.bin
|
|
||||||
cp ${final.fetchurl {
|
|
||||||
name = "microcode_amd_fam19h.bin";
|
|
||||||
url = "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/amd-ucode/microcode_amd_fam19h.bin?id=0ab353f8d8aa96d68690911cea22ec538f3095c4";
|
|
||||||
hash = "sha256-LlA+E4EVQpfjD3/cg6Y52BsCGW/5ZfY0J2UnCUI/3MQ";
|
|
||||||
}} amd-ucode/microcode_amd_fam19h.bin
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
})
|
|
||||||
];
|
|
||||||
specialisation.no_patches.configuration = {
|
|
||||||
nixpkgs.overlays = [
|
|
||||||
(final: prev: {
|
|
||||||
amd-ucode = prev.amd-ucode.override { inherit (final) linux-firmware; };
|
|
||||||
linux-firmware = prev.stdenvNoCC.mkDerivation {
|
|
||||||
inherit (prev.linux-firmware) pname version meta src dontFixup installFlags nativeBuildInputs;
|
|
||||||
passthru = { inherit (prev.linux-firmware) version; };
|
|
||||||
patches = [ ];
|
|
||||||
postPatch = "";
|
|
||||||
};
|
|
||||||
})
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,52 +0,0 @@
|
||||||
diff --git a/WHENCE b/WHENCE
|
|
||||||
index dbcdced..9ae8ff7 100644
|
|
||||||
--- a/WHENCE
|
|
||||||
+++ b/WHENCE
|
|
||||||
@@ -3919,7 +3919,7 @@ Version: 2018-05-24
|
|
||||||
RawFile: amd-ucode/microcode_amd_fam16h.bin
|
|
||||||
Version: 2014-10-28
|
|
||||||
RawFile: amd-ucode/microcode_amd_fam17h.bin
|
|
||||||
-Version: 2023-07-19
|
|
||||||
+Version: 2023-04-13
|
|
||||||
RawFile: amd-ucode/microcode_amd_fam19h.bin
|
|
||||||
Version: 2023-08-08
|
|
||||||
File: amd-ucode/README
|
|
||||||
diff --git a/amd-ucode/README b/amd-ucode/README
|
|
||||||
index f47743c..5dc5108 100644
|
|
||||||
--- a/amd-ucode/README
|
|
||||||
+++ b/amd-ucode/README
|
|
||||||
@@ -32,9 +32,8 @@ Microcode patches in microcode_amd_fam16h.bin:
|
|
||||||
|
|
||||||
Microcode patches in microcode_amd_fam17h.bin:
|
|
||||||
Family=0x17 Model=0x08 Stepping=0x02: Patch=0x0800820d Length=3200 bytes
|
|
||||||
- Family=0x17 Model=0x31 Stepping=0x00: Patch=0x0830107a Length=3200 bytes
|
|
||||||
- Family=0x17 Model=0xa0 Stepping=0x00: Patch=0x08a00008 Length=3200 bytes
|
|
||||||
Family=0x17 Model=0x01 Stepping=0x02: Patch=0x0800126e Length=3200 bytes
|
|
||||||
+ Family=0x17 Model=0x31 Stepping=0x00: Patch=0x08301072 Length=3200 bytes
|
|
||||||
|
|
||||||
Microcode patches in microcode_amd_fam19h.bin:
|
|
||||||
Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a10113e Length=5568 bytes
|
|
||||||
diff --git a/amd-ucode/microcode_amd_fam17h.bin.asc b/amd-ucode/microcode_amd_fam17h.bin.asc
|
|
||||||
index 34a4024..27da52c 100644
|
|
||||||
--- a/amd-ucode/microcode_amd_fam17h.bin.asc
|
|
||||||
+++ b/amd-ucode/microcode_amd_fam17h.bin.asc
|
|
||||||
@@ -1,11 +1,11 @@
|
|
||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
-iQEzBAABCgAdFiEE/HxsUF2vzBRxg1fK5L5TOfMornMFAmS4Mm4ACgkQ5L5TOfMo
|
|
||||||
-rnN35wgAkllCunxE6J5hQyLMx5o4WTHZkbNvXmu6nV1Y3vjiL1oeaK+pmx8BlkPt
|
|
||||||
-fGZJCe/068kqmp3N4EtOZLxXn55t3jNBYectPr0RmFqpjMsEJEcfXfuXROA4N9Ti
|
|
||||||
-Zd/o6X21eHEsm0kK0q4YfppfgTd5Ze7k1jTkUuuU6/yh6uRk1MiFreEzkPO3Aayh
|
|
||||||
-iEWlYx33vq3HccTPgdY3D64Zr8gmgKG+8mdEvqb1jK4SVZ1/9vy4OKIIpUZB/eqx
|
|
||||||
-46h9Ejwn9pktnYkHi/A/zCREEcIQ10HXFF5bjxJTFQkM5S46/QEO7uuvnpMb+6Yy
|
|
||||||
-4V1/QIWMG6ixqCRx9GqbBK7GHdYODw==
|
|
||||||
-=+IsI
|
|
||||||
+iQEzBAABCgAdFiEE/HxsUF2vzBRxg1fK5L5TOfMornMFAmQeEvgACgkQ5L5TOfMo
|
|
||||||
+rnPOpAf/dYhPqq/ktg1muI/khV4EhDiguX6OXib3fmfSZdvPIAI0cRI77M3Lvf0b
|
|
||||||
+nlV8D67e5HOQ5foJbix5tunz0sZjqr2QU8U9dNk/ut0KC7UiCRc8VH40aSi/OQBG
|
|
||||||
+Y8c7tb6IJ+N+jyJ6Ii6koUuRO2Lk2MckcrWLRuLRV4bB+osyJrGjc/X54Z6UJ/Ma
|
|
||||||
+VDg13Yxy5WvC7sMmlmnY42JLeLBKDVUvg0zDvJ4aOLLxRE2l3eiAKE+TV122LmxN
|
|
||||||
+ca5WA/ESYQ9BjxHYIrpTd9nQaWa/TIZ+rOmJGLMtnQ1gGlW97zQuJR7zh+8vdLzC
|
|
||||||
+iwVlS1cu7kcV7KYDytTkWJ+2gwb3uQ==
|
|
||||||
+=lP2S
|
|
||||||
-----END PGP SIGNATURE-----
|
|
|
@ -1,64 +0,0 @@
|
||||||
diff --git a/WHENCE b/WHENCE
|
|
||||||
index dbcdced..dd7b8d5 100644
|
|
||||||
--- a/WHENCE
|
|
||||||
+++ b/WHENCE
|
|
||||||
@@ -3921,7 +3921,7 @@ Version: 2014-10-28
|
|
||||||
RawFile: amd-ucode/microcode_amd_fam17h.bin
|
|
||||||
Version: 2023-07-19
|
|
||||||
RawFile: amd-ucode/microcode_amd_fam19h.bin
|
|
||||||
-Version: 2023-10-19
|
|
||||||
+Version: 2023-07-18
|
|
||||||
File: amd-ucode/README
|
|
||||||
|
|
||||||
License: Redistributable. See LICENSE.amd-ucode for details
|
|
||||||
diff --git a/amd-ucode/README b/amd-ucode/README
|
|
||||||
index f47743c..6a9ff1e 100644
|
|
||||||
--- a/amd-ucode/README
|
|
||||||
+++ b/amd-ucode/README
|
|
||||||
@@ -37,22 +37,9 @@ Microcode patches in microcode_amd_fam17h.bin:
|
|
||||||
Family=0x17 Model=0x01 Stepping=0x02: Patch=0x0800126e Length=3200 bytes
|
|
||||||
|
|
||||||
Microcode patches in microcode_amd_fam19h.bin:
|
|
||||||
- Family=0x19 Model=0x11 Stepping=0x02: Patch=0x0a101244 Length=5568 bytes
|
|
||||||
Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011d1 Length=5568 bytes
|
|
||||||
Family=0x19 Model=0x01 Stepping=0x00: Patch=0x0a001079 Length=5568 bytes
|
|
||||||
- Family=0x19 Model=0xa0 Stepping=0x02: Patch=0x0aa00213 Length=5568 bytes
|
|
||||||
Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001234 Length=5568 bytes
|
|
||||||
- Family=0x19 Model=0xa0 Stepping=0x01: Patch=0x0aa00116 Length=5568 bytes
|
|
||||||
- Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a101144 Length=5568 bytes
|
|
||||||
-
|
|
||||||
-NOTE: For Genoa (Family=0x19 Model=0x11) and Bergamo (Family=0x19 Model=0xa0),
|
|
||||||
-either AGESA version >= 1.0.0.8 OR a kernel with the following commit is
|
|
||||||
-required:
|
|
||||||
-a32b0f0db3f3 ("x86/microcode/AMD: Load late on both threads too")
|
|
||||||
-
|
|
||||||
-When late loading the patches for Genoa or Bergamo, there may be one spurious
|
|
||||||
-NMI observed per physical core. These NMIs are benign and don't cause any
|
|
||||||
-functional issue but will result in kernel messages being logged.
|
|
||||||
|
|
||||||
NOTE: When running 5.19+ kernels on Genoa or Bergamo systems, some microcode
|
|
||||||
patches are known to trigger warnings in the PMI handler. The following are
|
|
||||||
diff --git a/amd-ucode/microcode_amd_fam19h.bin.asc b/amd-ucode/microcode_amd_fam19h.bin.asc
|
|
||||||
index 8cff901..a32b4d6 100644
|
|
||||||
--- a/amd-ucode/microcode_amd_fam19h.bin.asc
|
|
||||||
+++ b/amd-ucode/microcode_amd_fam19h.bin.asc
|
|
||||||
@@ -1,11 +1,11 @@
|
|
||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
-iQEzBAABCgAdFiEE/HxsUF2vzBRxg1fK5L5TOfMornMFAmUoW6AACgkQ5L5TOfMo
|
|
||||||
-rnMHAAf/SxaKEu5l7FGXR+QJYc2oSJDpf9ZsHTkVnxqF1I3ReItEGAR3iqSWrsRw
|
|
||||||
-KA4niP9Ihr8EqwhOaOtqkRKKF9D5yg+DksnRWbh2VTUECO4KQxjHNrPp3JWEzBwb
|
|
||||||
-Xn+vRVP02ZRi3u4MCYbnDC4AfUSnKnldY3TTlNi/6HUaGS2pcw8Vjli/C06zwfgh
|
|
||||||
-WwUAoFMQl4SDJhbGfC9cb93MKjBl/0Hv4uhK5W8fJ1iUkMvY8Ijna/oDTZCNPqP0
|
|
||||||
-0AgOwdAdzoyOYWjbUXcwofz2Umpz12xmJW8yXNwdv1pmaCvv9aCJz1L49lGwFH9E
|
|
||||||
-lhhoFQ1SQL3hhPjTXO6DbeeT9+fjOg==
|
|
||||||
-=9Xav
|
|
||||||
+iQEzBAABCgAdFiEE/HxsUF2vzBRxg1fK5L5TOfMornMFAmS3F00ACgkQ5L5TOfMo
|
|
||||||
+rnNEhQgAizSV8IFpvaYNytaJKLA4uevrZneGPV4czjCXnnj1yHpfQmCTyZQnoLnx
|
|
||||||
+7gyzf7K5271zO51FBQ5z2Nm48a3XPUhMbQLNP4BZdekLiA3bRpMtSyHct6zD0ULm
|
|
||||||
+xaFaOQ7MR1tGADhlon1bDvtnOuixUhwrZhEIlR9MzQAzERKDMOAVTbxn9ZhMfYiT
|
|
||||||
+LhA791Blyyi+6Z9uh7BpaA8l8uvoxt+uuvlBTjQMR3ER/TEjgcsoy+XhhK4QKS0V
|
|
||||||
+wJCtcDle/3pF+N6SAFWiXbNZ+P8p19afhcYddDl97xtpzA6/8b20a2eHkrqnu/Ds
|
|
||||||
+jTozF9kmhiifYMYpXtXgSOwI3GRZbQ==
|
|
||||||
+=t+j1
|
|
||||||
-----END PGP SIGNATURE-----
|
|
28
system/hardware/oneplus-enchilada/config_fixes.patch
Normal file
28
system/hardware/oneplus-enchilada/config_fixes.patch
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
diff --git a/arch/arm64/configs/defconfig b/arch/arm64/configs/defconfig
|
||||||
|
index b60aa1f8934..0e3191950d5 100644
|
||||||
|
--- a/arch/arm64/configs/defconfig
|
||||||
|
+++ b/arch/arm64/configs/defconfig
|
||||||
|
@@ -1317,8 +1317,9 @@ CONFIG_QCOM_AOSS_QMP=y
|
||||||
|
CONFIG_QCOM_COMMAND_DB=y
|
||||||
|
CONFIG_QCOM_CPR=y
|
||||||
|
CONFIG_QCOM_GENI_SE=y
|
||||||
|
-CONFIG_QCOM_LLCC=m
|
||||||
|
-CONFIG_QCOM_OCMEM=m
|
||||||
|
+CONFIG_QCOM_LLCC=y
|
||||||
|
+CONFIG_QCOM_OCMEM=y
|
||||||
|
+CONFIG_BACKLIGHT_CLASS_DEVICE=y
|
||||||
|
CONFIG_QCOM_PMIC_GLINK=m
|
||||||
|
CONFIG_QCOM_RMTFS_MEM=m
|
||||||
|
CONFIG_QCOM_RPMH=y
|
||||||
|
diff --git a/drivers/remoteproc/Kconfig b/drivers/remoteproc/Kconfig
|
||||||
|
index 48845dc8fa8..5f503f9c99c 100644
|
||||||
|
--- a/drivers/remoteproc/Kconfig
|
||||||
|
+++ b/drivers/remoteproc/Kconfig
|
||||||
|
@@ -166,6 +166,7 @@ config QCOM_PIL_INFO
|
||||||
|
|
||||||
|
config QCOM_RPROC_COMMON
|
||||||
|
tristate
|
||||||
|
+ default y
|
||||||
|
|
||||||
|
config QCOM_Q6V5_COMMON
|
||||||
|
tristate
|
213
system/hardware/oneplus-enchilada/default.nix
Normal file
213
system/hardware/oneplus-enchilada/default.nix
Normal file
|
@ -0,0 +1,213 @@
|
||||||
|
{ pkgs
|
||||||
|
, lib
|
||||||
|
, config
|
||||||
|
, inputs
|
||||||
|
, ...
|
||||||
|
}:
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.phone;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
"${inputs.mobile-nixos}/modules/quirks/qualcomm/sdm845-modem.nix"
|
||||||
|
"${inputs.mobile-nixos}/modules/quirks/audio.nix"
|
||||||
|
];
|
||||||
|
|
||||||
|
options.phone = {
|
||||||
|
adb.enable = lib.mkEnableOption "adb";
|
||||||
|
rndis.enable = lib.mkEnableOption "rndis" // {
|
||||||
|
default = true;
|
||||||
|
};
|
||||||
|
buffyboard.enable = lib.mkOption {
|
||||||
|
type = lib.types.bool;
|
||||||
|
default = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkMerge [
|
||||||
|
{
|
||||||
|
hardware.enableRedistributableFirmware = true;
|
||||||
|
mobile.quirks.qualcomm.sdm845-modem.enable = true;
|
||||||
|
mobile.quirks.audio.alsa-ucm-meld = true;
|
||||||
|
environment.systemPackages = [ pkgs.alsa-ucm-conf-enchilada ];
|
||||||
|
systemd.services.q6voiced = {
|
||||||
|
description = "QDSP6 driver daemon";
|
||||||
|
after = [ "ModemManager.service" "dbus.socket" ];
|
||||||
|
wantedBy = [ "ModemManager.service" ];
|
||||||
|
requires = [ "dbus.socket" ];
|
||||||
|
serviceConfig.ExecStart = "${pkgs.q6voiced}/bin/q6voiced hw:0,6";
|
||||||
|
};
|
||||||
|
environment.etc."wireplumber/main.lua.d/51-qcom-sdm845.lua".source = pkgs.fetchurl {
|
||||||
|
url = "https://gitlab.com/postmarketOS/pmaports/-/raw/0aa9524204e9c9c002c860b87c972bc2ebf025f3/device/community/soc-qcom-sdm845/51-qcom-sdm845.lua";
|
||||||
|
hash = "sha256-56oNJJyuZZe1Iig1xskDuyazw3PbRZtmU/YRFUTqjwk=";
|
||||||
|
};
|
||||||
|
networking.modemmanager.enable = !config.networking.networkmanager.enable;
|
||||||
|
services.udev.extraRules = ''
|
||||||
|
SUBSYSTEM=="input", KERNEL=="event*", ENV{ID_INPUT}=="1", SUBSYSTEMS=="input", ATTRS{name}=="spmi_haptics", TAG+="uaccess", ENV{FEEDBACKD_TYPE}="vibra"
|
||||||
|
SUBSYSTEM=="misc", KERNEL=="fastrpc-*", ENV{ACCEL_MOUNT_MATRIX}+="-1, 0, 0; 0, -1, 0; 0, 0, -1"
|
||||||
|
'';
|
||||||
|
services.upower = {
|
||||||
|
enable = true;
|
||||||
|
percentageLow = 10;
|
||||||
|
percentageCritical = 5;
|
||||||
|
percentageAction = 3;
|
||||||
|
criticalPowerAction = "PowerOff";
|
||||||
|
};
|
||||||
|
hardware.firmware = lib.mkAfter [ pkgs.firmware-oneplus-sdm845 ];
|
||||||
|
boot.kernelPackages = lib.mkForce (pkgs.linuxPackagesFor pkgs.linux_enchilada_ccache);
|
||||||
|
hardware.deviceTree.enable = true;
|
||||||
|
hardware.deviceTree.name = "qcom/sdm845-oneplus-enchilada.dtb";
|
||||||
|
boot.kernelParams = [
|
||||||
|
"console=ttyMSM0,115200"
|
||||||
|
"console=tty0"
|
||||||
|
"dtb=/${config.hardware.deviceTree.name}"
|
||||||
|
];
|
||||||
|
boot.loader.systemd-boot.extraFiles.${config.hardware.deviceTree.name} = "${config.hardware.deviceTree.package}/${config.hardware.deviceTree.name}";
|
||||||
|
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
|
||||||
|
"firmware-oneplus-sdm845"
|
||||||
|
"firmware-oneplus-sdm845-xz"
|
||||||
|
];
|
||||||
|
system.build.uboot = pkgs.ubootImageEnchilada;
|
||||||
|
boot.initrd.includeDefaultModules = false;
|
||||||
|
boot.initrd.availableKernelModules = [
|
||||||
|
"sd_mod"
|
||||||
|
"usbhid"
|
||||||
|
"ehci_hcd" "ohci_hcd" "xhci_hcd" "uhci_hcd"
|
||||||
|
"ehci_pci" "ohci_pci" "xhci_pci"
|
||||||
|
"hid_generic" "hid_lenovo" "hid_apple" "hid_roccat"
|
||||||
|
"hid_logitech_hidpp" "hid_logitech_dj" "hid_microsoft" "hid_cherry"
|
||||||
|
];
|
||||||
|
boot.initrd.kernelModules = [
|
||||||
|
"i2c_qcom_geni"
|
||||||
|
"rmi_core"
|
||||||
|
"rmi_i2c"
|
||||||
|
"qcom_spmi_haptics"
|
||||||
|
"dm_mod"
|
||||||
|
];
|
||||||
|
}
|
||||||
|
(lib.mkIf cfg.buffyboard.enable {
|
||||||
|
boot.initrd.kernelModules = [ "uinput" "evdev" ];
|
||||||
|
boot.initrd.extraUtilsCommands = ''
|
||||||
|
copy_bin_and_libs ${pkgs.buffyboard}/bin/buffyboard
|
||||||
|
cp -a ${pkgs.libinput.out}/share $out/
|
||||||
|
'';
|
||||||
|
boot.initrd.extraUdevRulesCommands = ''
|
||||||
|
cp -v ${config.systemd.package}/lib/udev/rules.d/60-input-id.rules $out/
|
||||||
|
cp -v ${config.systemd.package}/lib/udev/rules.d/60-persistent-input.rules $out/
|
||||||
|
cp -v ${config.systemd.package}/lib/udev/rules.d/70-touchpad.rules $out/
|
||||||
|
'';
|
||||||
|
boot.initrd.preLVMCommands = ''
|
||||||
|
mkdir -p /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.libinput.name}/
|
||||||
|
ln -s "$(dirname "$(dirname "$(which buffyboard)")")"/share /nix/store/eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee-${pkgs.libinput.name}/
|
||||||
|
buffyboard 2>/dev/null &
|
||||||
|
'';
|
||||||
|
boot.initrd.postMountCommands = ''
|
||||||
|
pkill -x buffyboard
|
||||||
|
'';
|
||||||
|
services.getty.extraArgs = [ "--skip-login" ];
|
||||||
|
services.getty.loginProgram = let
|
||||||
|
lockfile = "/tmp/buffyboard-lock.lock";
|
||||||
|
in pkgs.writeShellScript "login-with-buffyboard-once" ''
|
||||||
|
if [ ! -f '${lockfile}' ]; then
|
||||||
|
${pkgs.coreutils}/bin/touch '${lockfile}'
|
||||||
|
${pkgs.buffyboard}/bin/buffyboard 2>/dev/null &
|
||||||
|
fi
|
||||||
|
exec ${pkgs.shadow}/bin/login -f user
|
||||||
|
'';
|
||||||
|
})
|
||||||
|
(lib.mkIf cfg.rndis.enable {
|
||||||
|
boot.initrd.kernelModules = [ "configfs" "libcomposite" ];
|
||||||
|
|
||||||
|
boot.specialFileSystems = {
|
||||||
|
"/sys/kernel/config" = {
|
||||||
|
device = "configfs";
|
||||||
|
fsType = "configfs";
|
||||||
|
options = [ "nosuid" "noexec" "nodev" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.initrd.preLVMCommands = ''
|
||||||
|
mkdir -p /sys/kernel/config/usb_gadget/g1/strings/0x409
|
||||||
|
cd /sys/kernel/config/usb_gadget/g1
|
||||||
|
echo 0x18D1 > idVendor
|
||||||
|
echo 0xD001 > idProduct
|
||||||
|
echo oneplus-enchilada > strings/0x409/product
|
||||||
|
echo NixOS > strings/0x409/manufacturer
|
||||||
|
echo 0123456789 > strings/0x409/serialnumber
|
||||||
|
|
||||||
|
mkdir -p configs/c.1/strings/0x409
|
||||||
|
echo "USB network" > configs/c.1/strings/0x409/configuration
|
||||||
|
|
||||||
|
mkdir -p functions/ncm.usb0 || mkdir -p functions/rndis.usb0
|
||||||
|
ln -s functions/ncm.usb0 configs/c.1/ || ln -s functions/rndis.usb0 configs/c.1/
|
||||||
|
|
||||||
|
ls /sys/class/udc/ | head -n1 > UDC
|
||||||
|
cd /
|
||||||
|
|
||||||
|
ifconfig rndis0 172.16.42.1 || ifconfig usb0 172.16.42.1 || ifconfig eth0 172.16.42.1
|
||||||
|
'';
|
||||||
|
|
||||||
|
boot.initrd.network.enable = true;
|
||||||
|
boot.initrd.network.udhcpc.enable = false;
|
||||||
|
boot.initrd.network.ssh = {
|
||||||
|
enable = true;
|
||||||
|
port = 22;
|
||||||
|
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
|
||||||
|
hostKeys = [ "/secrets/initrd/ssh_host_ed25519_key" "/secrets/initrd/ssh_host_rsa_key" ];
|
||||||
|
};
|
||||||
|
})
|
||||||
|
(lib.mkIf cfg.adb.enable {
|
||||||
|
boot.initrd.kernelModules = [ "configfs" "libcomposite" "g_ffs" ];
|
||||||
|
|
||||||
|
boot.specialFileSystems = {
|
||||||
|
"/sys/kernel/config" = {
|
||||||
|
device = "configfs";
|
||||||
|
fsType = "configfs";
|
||||||
|
options = [ "nosuid" "noexec" "nodev" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.initrd.extraUtilsCommands = ''
|
||||||
|
copy_bin_and_libs ${pkgs.adbd}/bin/adbd
|
||||||
|
cp -pv ${pkgs.glibc.out}/lib/libnss_files.so.* $out/lib
|
||||||
|
'';
|
||||||
|
|
||||||
|
boot.initrd.preLVMCommands = ''
|
||||||
|
mkdir -p /sys/kernel/config/usb_gadget/g1/strings/0x409
|
||||||
|
cd /sys/kernel/config/usb_gadget/g1
|
||||||
|
echo 0x18D1 > idVendor
|
||||||
|
echo 0xD001 > idProduct
|
||||||
|
echo oneplus-enchilada > strings/0x409/product
|
||||||
|
echo NixOS > strings/0x409/manufacturer
|
||||||
|
echo 0123456789 > strings/0x409/serialnumber
|
||||||
|
|
||||||
|
mkdir -p configs/c.1/strings/0x409
|
||||||
|
echo adb > configs/c.1/strings/0x409/configuration
|
||||||
|
|
||||||
|
mkdir -p functions/ffs.adb
|
||||||
|
ln -s functions/ffs.adb configs/c.1/adb
|
||||||
|
|
||||||
|
mkdir -p /dev/usb-ffs/adb
|
||||||
|
mount -t functionfs adb /dev/usb-ffs/adb
|
||||||
|
adbd &
|
||||||
|
|
||||||
|
ls /sys/class/udc/ | head -n1 > UDC
|
||||||
|
cd /
|
||||||
|
'';
|
||||||
|
|
||||||
|
boot.initrd.postMountCommands = ''
|
||||||
|
pkill -x adbd
|
||||||
|
'';
|
||||||
|
|
||||||
|
systemd.services.adbd = {
|
||||||
|
description = "adb daemon";
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = "${pkgs.adbd}/bin/adbd";
|
||||||
|
Restart = "always";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
})
|
||||||
|
];
|
||||||
|
}
|
67177
system/hardware/oneplus-enchilada/linux_6_7.patch
Normal file
67177
system/hardware/oneplus-enchilada/linux_6_7.patch
Normal file
File diff suppressed because it is too large
Load diff
640
system/hardware/oneplus-enchilada/pkgs.nix
Normal file
640
system/hardware/oneplus-enchilada/pkgs.nix
Normal file
|
@ -0,0 +1,640 @@
|
||||||
|
{ pkgs
|
||||||
|
, pkgs'
|
||||||
|
, lib
|
||||||
|
, inputs
|
||||||
|
, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
inherit (inputs) mobile-nixos;
|
||||||
|
mobile-pkgs = import "${mobile-nixos}/overlay/overlay.nix" pkgs' pkgs;
|
||||||
|
in {
|
||||||
|
inherit (mobile-pkgs) mkbootimg qrtr;
|
||||||
|
pd-mapper = pkgs'.callPackage "${mobile-nixos}/overlay/qrtr/pd-mapper.nix" { };
|
||||||
|
tqftpserv = pkgs'.callPackage "${mobile-nixos}/overlay/qrtr/tqftpserv.nix" { };
|
||||||
|
rmtfs = pkgs'.callPackage "${mobile-nixos}/overlay/qrtr/rmtfs.nix" {
|
||||||
|
inherit (mobile-pkgs) qmic;
|
||||||
|
};
|
||||||
|
adbd = pkgs'.callPackage "${mobile-nixos}/overlay/adbd" {
|
||||||
|
libhybris = pkgs'.callPackage "${mobile-nixos}/overlay/libhybris" {
|
||||||
|
inherit (mobile-pkgs) android-headers;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
q6voiced = pkgs.stdenv.mkDerivation {
|
||||||
|
pname = "q6voiced";
|
||||||
|
version = "unstable-2022-07-08";
|
||||||
|
src = pkgs.fetchFromGitLab {
|
||||||
|
owner = "postmarketOS";
|
||||||
|
repo = "q6voiced";
|
||||||
|
rev = "736138bfc9f7b455a96679e2d67fd922a8f16464";
|
||||||
|
hash = "sha256-7k5saedIALHlsFHalStqzKrqAyFKx0ZN9FhLTdxAmf4=";
|
||||||
|
};
|
||||||
|
buildInputs = with pkgs; [ dbus tinyalsa ];
|
||||||
|
nativeBuildInputs = with pkgs; [ pkg-config ];
|
||||||
|
buildPhase = ''cc $(pkg-config --cflags --libs dbus-1) -ltinyalsa -o q6voiced q6voiced.c'';
|
||||||
|
installPhase = ''install -m555 -Dt "$out/bin" q6voiced'';
|
||||||
|
meta.license = lib.licenses.mit;
|
||||||
|
};
|
||||||
|
|
||||||
|
alsa-ucm-conf-enchilada = pkgs.stdenvNoCC.mkDerivation {
|
||||||
|
pname = "alsa-ucm-conf-enchilada";
|
||||||
|
version = "unstable-2022-12-08";
|
||||||
|
src = pkgs.fetchFromGitLab {
|
||||||
|
owner = "sdm845-mainline";
|
||||||
|
repo = "alsa-ucm-conf";
|
||||||
|
rev = "9ed12836b269764c4a853411d38ccb6abb70b383";
|
||||||
|
hash = "sha256-QvGZGLEmqE+sZpd15fHb+9+MmoD5zoGT+pYqyWZLdkM=";
|
||||||
|
};
|
||||||
|
installPhase = ''
|
||||||
|
substituteInPlace ucm2/lib/card-init.conf --replace '"/bin' '"/run/current-system/sw/bin'
|
||||||
|
mkdir -p "$out"/share/alsa/ucm2/{OnePlus,conf.d/sdm845,lib}
|
||||||
|
mv ucm2/lib/card-init.conf "$out/share/alsa/ucm2/lib/"
|
||||||
|
mv ucm2/OnePlus/enchilada "$out/share/alsa/ucm2/OnePlus/"
|
||||||
|
ln -s ../../OnePlus/enchilada/enchilada.conf "$out/share/alsa/ucm2/conf.d/sdm845/OnePlus 6.conf"
|
||||||
|
'';
|
||||||
|
# to overwrite card-init.conf
|
||||||
|
meta.priority = -10;
|
||||||
|
};
|
||||||
|
|
||||||
|
ubootEnchilada = pkgs.buildUBoot {
|
||||||
|
defconfig = "qcom_defconfig";
|
||||||
|
version = "unstable-2023-12-11";
|
||||||
|
src = pkgs.fetchFromGitLab {
|
||||||
|
owner = "sdm845-mainline";
|
||||||
|
repo = "u-boot";
|
||||||
|
rev = "977b9279c610b862f9ef84fb3addbebb7c42166a";
|
||||||
|
hash = "sha256-ksI7qxozIjJ5E8uAJkX8ZuaaOHdv76XOzITaA8Vp/QA=";
|
||||||
|
};
|
||||||
|
makeFlags = [ "DEVICE_TREE=sdm845-oneplus-enchilada" ];
|
||||||
|
extraConfig = ''
|
||||||
|
CONFIG_BOOTDELAY=5
|
||||||
|
'';
|
||||||
|
extraMeta.platforms = [ "aarch64-linux" ];
|
||||||
|
patches = [ ];
|
||||||
|
filesToInstall = [ "u-boot-nodtb.bin" "u-boot-dtb.bin" "u-boot.dtb" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
ubootImageEnchilada = pkgs.stdenvNoCC.mkDerivation {
|
||||||
|
name = "u-boot-enchilada.img";
|
||||||
|
nativeBuildInputs = [
|
||||||
|
# available from mobile-nixos's overlay
|
||||||
|
pkgs'.mkbootimg
|
||||||
|
pkgs'.gzip
|
||||||
|
];
|
||||||
|
src = pkgs'.ubootEnchilada;
|
||||||
|
dontBuild = true;
|
||||||
|
dontFixup = true;
|
||||||
|
installPhase = ''
|
||||||
|
gzip u-boot-nodtb.bin
|
||||||
|
cat u-boot.dtb >> u-boot-nodtb.bin.gz
|
||||||
|
mkbootimg \
|
||||||
|
--base 0x0 \
|
||||||
|
--kernel_offset 0x8000 \
|
||||||
|
--ramdisk_offset 0x01000000 \
|
||||||
|
--tags_offset 0x100 \
|
||||||
|
--pagesize 4096 \
|
||||||
|
--kernel u-boot-nodtb.bin.gz \
|
||||||
|
-o "$out"
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
firmware-oneplus-sdm845 = pkgs.stdenvNoCC.mkDerivation {
|
||||||
|
name = "firmware-oneplus-sdm845";
|
||||||
|
src = pkgs.fetchFromGitLab {
|
||||||
|
owner = "sdm845-mainline";
|
||||||
|
repo = "firmware-oneplus-sdm845";
|
||||||
|
rev = "dc9c77f220d104d7224c03fcbfc419a03a58765e";
|
||||||
|
hash = "sha256-jrbWIS4T9HgBPYOV2MqPiRQCxGMDEfQidKw9Jn5pgBI=";
|
||||||
|
};
|
||||||
|
installPhase = ''
|
||||||
|
cp -a . "$out"
|
||||||
|
cd "$out/lib/firmware/postmarketos"
|
||||||
|
find . -type f,l | xargs -i bash -c 'mkdir -p "$(dirname "../$1")" && mv "$1" "../$1"' -- {}
|
||||||
|
cd "$out/usr"
|
||||||
|
find . -type f,l | xargs -i bash -c 'mkdir -p "$(dirname "../$1")" && mv "$1" "../$1"' -- {}
|
||||||
|
cd ..
|
||||||
|
find "$out/lib/firmware/postmarketos" "$out/usr" | tac | xargs rmdir
|
||||||
|
'';
|
||||||
|
dontStrip = true;
|
||||||
|
# not actually redistributable, but who cares
|
||||||
|
meta.license = lib.licenses.unfreeRedistributableFirmware;
|
||||||
|
};
|
||||||
|
|
||||||
|
linux_enchilada = pkgs.linux_testing.override {
|
||||||
|
argsOverride.version = "6.7-rc3";
|
||||||
|
argsOverride.modDirVersion = lib.versions.pad 3 "6.7-rc3";
|
||||||
|
|
||||||
|
# TODO: uncomment
|
||||||
|
# ignoreConfigErrors = false;
|
||||||
|
kernelPatches = [
|
||||||
|
{
|
||||||
|
name = "linux_6_7";
|
||||||
|
patch = ./linux_6_7.patch;
|
||||||
|
}
|
||||||
|
{
|
||||||
|
name = "config_fixes";
|
||||||
|
patch = ./config_fixes.patch;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
postPatch = ''
|
||||||
|
substituteInPlace arch/arm64/configs/defconfig \
|
||||||
|
--replace CONFIG_QCOM_LLCC=m CONFIG_QCOM_LLCC=y \
|
||||||
|
--replace CONFIG_QCOM_OCMEM=m CONFIG_QCOM_OCMEM=y
|
||||||
|
'';
|
||||||
|
|
||||||
|
stdenv = lib.recursiveUpdate pkgs.stdenv {
|
||||||
|
hostPlatform.linux-kernel.extraConfig = "";
|
||||||
|
};
|
||||||
|
|
||||||
|
structuredExtraConfig = with lib.kernel; {
|
||||||
|
# fix build
|
||||||
|
LENOVO_YOGA_C630_EC = no;
|
||||||
|
RPMSG_QCOM_GLINK_SMEM = yes;
|
||||||
|
# useless lines, remove on update
|
||||||
|
DM_MIRROR = no;
|
||||||
|
DM_ZERO = no;
|
||||||
|
# for adb and stuff (doesn't have to be built-in, but it's easier that way)
|
||||||
|
USB_FUNCTIONFS = yes;
|
||||||
|
USB_LIBCOMPOSITE = yes;
|
||||||
|
USB_F_ACM = yes;
|
||||||
|
USB_U_SERIAL = yes;
|
||||||
|
USB_U_ETHER = yes;
|
||||||
|
USB_F_SERIAL = yes;
|
||||||
|
USB_F_OBEX = yes;
|
||||||
|
USB_F_NCM = yes;
|
||||||
|
USB_F_ECM = yes;
|
||||||
|
USB_F_EEM = yes;
|
||||||
|
USB_F_SUBSET = yes;
|
||||||
|
USB_F_RNDIS = yes;
|
||||||
|
USB_F_MASS_STORAGE = yes;
|
||||||
|
USB_F_FS = yes;
|
||||||
|
USB_F_HID = yes;
|
||||||
|
USB_CONFIGFS = yes;
|
||||||
|
USB_CONFIGFS_F_HID = yes;
|
||||||
|
|
||||||
|
# adapted from https://gitlab.com/sdm845-mainline/linux/-/blob/caf9d678d34f70173bf236584dfb819164283833/arch/arm64/configs/sdm845.config
|
||||||
|
# enchilada-specific
|
||||||
|
DRM_PANEL_SAMSUNG_SOFEF00 = yes;
|
||||||
|
BATTERY_BQ27XXX = module;
|
||||||
|
HID_RMI = module;
|
||||||
|
RMI4_CORE = module;
|
||||||
|
RMI4_I2C = module;
|
||||||
|
RMI4_F55 = yes;
|
||||||
|
# common sdm845
|
||||||
|
HIBERNATION = lib.mkForce no;
|
||||||
|
QCOM_RPROC_COMMON = yes;
|
||||||
|
FORCE_NR_CPUS = yes;
|
||||||
|
NR_CPUS = lib.mkForce (freeform "8");
|
||||||
|
SCSI_UFS_QCOM = yes;
|
||||||
|
QCOM_GSBI = yes;
|
||||||
|
QCOM_LLCC = yes;
|
||||||
|
QCOM_OCMEM = yes;
|
||||||
|
QCOM_RMTFS_MEM = yes;
|
||||||
|
QCOM_SOCINFO = yes;
|
||||||
|
QCOM_WCNSS_CTRL = yes;
|
||||||
|
QCOM_APR = yes;
|
||||||
|
POWER_RESET_QCOM_PON = yes;
|
||||||
|
QCOM_SPMI_TEMP_ALARM = yes;
|
||||||
|
QCOM_LMH = yes;
|
||||||
|
SCHED_CLUSTER = yes;
|
||||||
|
SND_SOC_QDSP6_Q6VOICE = module;
|
||||||
|
SCSI_UFS_BSG = yes;
|
||||||
|
PHY_QCOM_QMP_PCIE = yes;
|
||||||
|
BACKLIGHT_CLASS_DEVICE = yes;
|
||||||
|
INTERCONNECT_QCOM_OSM_L3 = yes;
|
||||||
|
LEDS_TRIGGER_PATTERN = yes;
|
||||||
|
LEDS_CLASS_MULTICOLOR = module;
|
||||||
|
LEDS_QCOM_LPG = module;
|
||||||
|
LEDS_QCOM_FLASH = module;
|
||||||
|
SLIMBUS = yes;
|
||||||
|
SLIM_QCOM_CTRL = yes;
|
||||||
|
SLIM_QCOM_NGD_CTRL = yes;
|
||||||
|
REMOTEPROC_CDEV = yes;
|
||||||
|
BATTERY_QCOM_FG = module;
|
||||||
|
CHARGER_QCOM_SMB2 = module;
|
||||||
|
QCOM_SPMI_RRADC = module;
|
||||||
|
DRM = yes;
|
||||||
|
DRM_MSM = yes;
|
||||||
|
REGULATOR_QCOM_LABIBB = yes;
|
||||||
|
BACKLIGHT_QCOM_WLED = yes;
|
||||||
|
INPUT_QCOM_SPMI_HAPTICS = module;
|
||||||
|
PM_AUTOSLEEP = yes;
|
||||||
|
SCSI_SCAN_ASYNC = yes;
|
||||||
|
DMABUF_HEAPS = yes;
|
||||||
|
UDMABUF = yes;
|
||||||
|
DMABUF_HEAPS_CMA = yes;
|
||||||
|
DMABUF_HEAPS_SYSTEM = yes;
|
||||||
|
HZ_1000 = yes;
|
||||||
|
RPMSG_CHAR = yes;
|
||||||
|
QCOM_Q6V5_ADSP = module;
|
||||||
|
BT_RFCOMM = yes;
|
||||||
|
BT_RFCOMM_TTY = yes;
|
||||||
|
BT_BNEP = yes;
|
||||||
|
BT_BNEP_MC_FILTER = yes;
|
||||||
|
BT_BNEP_PROTO_FILTER = yes;
|
||||||
|
BT_HS = yes;
|
||||||
|
BT_LE = yes;
|
||||||
|
QCOM_COINCELL = module;
|
||||||
|
QCOM_FASTRPC = module;
|
||||||
|
QCOM_SPMI_VADC = yes;
|
||||||
|
QCOM_SPMI_ADC5 = yes;
|
||||||
|
PHY_QCOM_QMP = yes;
|
||||||
|
PHY_QCOM_QUSB2 = yes;
|
||||||
|
PHY_QCOM_QMP_UFS = yes;
|
||||||
|
TYPEC = yes;
|
||||||
|
PHY_QCOM_QMP_COMBO = yes;
|
||||||
|
LEDS_CLASS_FLASH = yes;
|
||||||
|
TCP_CONG_WESTWOOD = yes;
|
||||||
|
DEFAULT_WESTWOOD = yes;
|
||||||
|
BLK_DEV_RAM = yes;
|
||||||
|
BLK_DEV_RAM_SIZE = freeform "8192";
|
||||||
|
CPU_FREQ_GOV_POWERSAVE = yes;
|
||||||
|
SYN_COOKIES = yes;
|
||||||
|
INPUT_UINPUT = module;
|
||||||
|
U_SERIAL_CONSOLE = yes;
|
||||||
|
USB_ANNOUNCE_NEW_DEVICES = yes;
|
||||||
|
BLK_INLINE_ENCRYPTION = yes;
|
||||||
|
PHY_QCOM_SNPS_EUSB2 = module;
|
||||||
|
MFD_QCOM_RPM = yes;
|
||||||
|
USB_DWC3_ULPI = yes;
|
||||||
|
SCSI_UFS_CRYPTO = yes;
|
||||||
|
PHY_QCOM_USB_HS = yes;
|
||||||
|
PHY_QCOM_USB_SNPS_FEMTO_V2 = yes;
|
||||||
|
INTERCONNECT_QCOM_SM6115 = yes;
|
||||||
|
SM_DISPCC_6115 = yes;
|
||||||
|
FS_ENCRYPTION_INLINE_CRYPT = yes;
|
||||||
|
CRYPTO_USER_API_AEAD = yes;
|
||||||
|
CRYPTO_DEV_QCE = yes;
|
||||||
|
DMA_CMA = yes;
|
||||||
|
SM_GPUCC_6115 = yes;
|
||||||
|
USB_ONBOARD_HUB = no; # breaks USB on qualcomm rb2... which i don't need, but i guess this won't hurt either way
|
||||||
|
INTERCONNECT_QCOM_QCM2290 = yes;
|
||||||
|
BRIDGE_NETFILTER = module;
|
||||||
|
# CONFIG END (essentially)
|
||||||
|
|
||||||
|
# the rest of the config is just disabling unneeded stuff, feel free to ignore this
|
||||||
|
ARCH_SPARX5 = no;
|
||||||
|
ARCH_MA35 = no;
|
||||||
|
ARCH_REALTEK = no;
|
||||||
|
ARCH_STM32 = no;
|
||||||
|
BLK_DEV_NVME = no;
|
||||||
|
ATA = no;
|
||||||
|
MTD = no;
|
||||||
|
SRAM = no;
|
||||||
|
MEGARAID_SAS = no;
|
||||||
|
EEPROM_AT25 = no;
|
||||||
|
USB_DWC2 = no;
|
||||||
|
USB_CHIPIDEA = no;
|
||||||
|
USB_MUSB_HDRC = no;
|
||||||
|
USB_ISP1760 = no;
|
||||||
|
USB_HSIC_USB3503 = no;
|
||||||
|
USB_NET_PLUSB = no;
|
||||||
|
TYPEC_FUSB302 = no;
|
||||||
|
EXTCON_PTN5150 = no;
|
||||||
|
NET_VENDOR_NI = no;
|
||||||
|
NET_9P = no;
|
||||||
|
CAN = no;
|
||||||
|
BNX2X = no;
|
||||||
|
MACB = no;
|
||||||
|
IGB = no;
|
||||||
|
IGBVF = no;
|
||||||
|
SMC91X = no;
|
||||||
|
MLX4_EN = no;
|
||||||
|
MLX5_CORE = no;
|
||||||
|
STMMAC_ETH = no;
|
||||||
|
ATL1C = no;
|
||||||
|
BRCMFMAC = no;
|
||||||
|
WL18XX = no;
|
||||||
|
ATH10K_PCI = no;
|
||||||
|
NET_SCH_CBS = no;
|
||||||
|
NET_SCH_ETF = no;
|
||||||
|
NET_SCH_TAPRIO = no;
|
||||||
|
NET_SCH_MQPRIO = no;
|
||||||
|
NET_CLS_BASIC = no;
|
||||||
|
NET_CLS_FLOWER = no;
|
||||||
|
NET_CLS_ACT = no;
|
||||||
|
MDIO_BUS_MUX_MMIOREG = no;
|
||||||
|
MDIO_BUS_MUX_MULTIPLEXER = no;
|
||||||
|
SND_SOC_ES7134 = no;
|
||||||
|
SND_SOC_ES7241 = no;
|
||||||
|
SND_SOC_TAS571X = no;
|
||||||
|
SND_SOC_SIMPLE_AMPLIFIER = no;
|
||||||
|
GPIO_DWAPB = no;
|
||||||
|
COMMON_CLK_XGENE = no;
|
||||||
|
SENSORS_ARM_SCPI = no;
|
||||||
|
TCG_TPM = no;
|
||||||
|
BATTERY_SBS = no;
|
||||||
|
REGULATOR_VCTRL = no;
|
||||||
|
CAVIUM_ERRATUM_22375 = no;
|
||||||
|
CAVIUM_ERRATUM_23154 = no;
|
||||||
|
CAVIUM_ERRATUM_27456 = no;
|
||||||
|
CAVIUM_ERRATUM_30115 = no;
|
||||||
|
CAVIUM_TX2_ERRATUM_219 = no;
|
||||||
|
EEPROM_AT24 = no;
|
||||||
|
NET_DSA = no;
|
||||||
|
AQUANTIA_PHY = no;
|
||||||
|
MICROSEMI_PHY = no;
|
||||||
|
VITESSE_PHY = no;
|
||||||
|
I2C_MUX_PCA954x = no;
|
||||||
|
SND_SOC_PCM3168A_I2C = no;
|
||||||
|
SENSORS_LM90 = no;
|
||||||
|
SENSORS_INA2XX = no;
|
||||||
|
RTC_DRV_DS3232 = no;
|
||||||
|
GPIO_MAX732X = no;
|
||||||
|
SENSORS_ISL29018 = no;
|
||||||
|
MPL3115 = no;
|
||||||
|
MFD_ROHM_BD718XX = no;
|
||||||
|
ARM_SBSA_WATCHDOG = no;
|
||||||
|
ARM_SMC_WATCHDOG = no;
|
||||||
|
REGULATOR_PCA9450 = no;
|
||||||
|
REGULATOR_PFUZE100 = no;
|
||||||
|
DRM_PANEL_ABT_Y030XX067A = no;
|
||||||
|
DRM_PANEL_ARM_VERSATILE = no;
|
||||||
|
DRM_PANEL_ASUS_Z00T_TM5P5_NT35596 = no;
|
||||||
|
DRM_PANEL_AUO_A030JTN01 = no;
|
||||||
|
DRM_PANEL_BOE_BF060Y8M_AJ0 = no;
|
||||||
|
DRM_PANEL_BOE_HIMAX8279D = no;
|
||||||
|
DRM_PANEL_ELIDA_KD35T133 = no;
|
||||||
|
DRM_PANEL_FEIXIN_K101_IM2BA02 = no;
|
||||||
|
DRM_PANEL_FEIYANG_FY07024DI26A30D = no;
|
||||||
|
DRM_PANEL_HIMAX_HX8394 = no;
|
||||||
|
DRM_PANEL_ILITEK_IL9322 = no;
|
||||||
|
DRM_PANEL_ILITEK_ILI9341 = no;
|
||||||
|
DRM_PANEL_ILITEK_ILI9881C = no;
|
||||||
|
DRM_PANEL_ILITEK_ILI9882T = no;
|
||||||
|
DRM_PANEL_INNOLUX_EJ030NA = no;
|
||||||
|
DRM_PANEL_INNOLUX_P079ZCA = no;
|
||||||
|
DRM_PANEL_JADARD_JD9365DA_H3 = no;
|
||||||
|
DRM_PANEL_JDI_LPM102A188A = no;
|
||||||
|
DRM_PANEL_JDI_LT070ME05000 = no;
|
||||||
|
DRM_PANEL_JDI_R63452 = no;
|
||||||
|
DRM_PANEL_KHADAS_TS050 = no;
|
||||||
|
DRM_PANEL_KINGDISPLAY_KD097D04 = no;
|
||||||
|
DRM_PANEL_LEADTEK_LTK050H3146W = no;
|
||||||
|
DRM_PANEL_LEADTEK_LTK500HD1829 = no;
|
||||||
|
DRM_PANEL_LG_LB035Q02 = no;
|
||||||
|
DRM_PANEL_LG_LG4573 = no;
|
||||||
|
DRM_PANEL_MAGNACHIP_D53E6EA8966 = no;
|
||||||
|
DRM_PANEL_NEC_NL8048HL11 = no;
|
||||||
|
DRM_PANEL_NEWVISION_NV3051D = no;
|
||||||
|
DRM_PANEL_NEWVISION_NV3052C = no;
|
||||||
|
DRM_PANEL_NOVATEK_NT35510 = no;
|
||||||
|
DRM_PANEL_NOVATEK_NT35560 = no;
|
||||||
|
DRM_PANEL_NOVATEK_NT35950 = no;
|
||||||
|
DRM_PANEL_NOVATEK_NT36523 = no;
|
||||||
|
DRM_PANEL_NOVATEK_NT39016 = no;
|
||||||
|
DRM_PANEL_OLIMEX_LCD_OLINUXINO = no;
|
||||||
|
DRM_PANEL_ORISETECH_OTA5601A = no;
|
||||||
|
DRM_PANEL_ORISETECH_OTM8009A = no;
|
||||||
|
DRM_PANEL_OSD_OSD101T2587_53TS = no;
|
||||||
|
DRM_PANEL_PANASONIC_VVX10F034N00 = no;
|
||||||
|
DRM_PANEL_RASPBERRYPI_TOUCHSCREEN = no;
|
||||||
|
DRM_PANEL_RAYDIUM_RM67191 = no;
|
||||||
|
DRM_PANEL_RAYDIUM_RM68200 = no;
|
||||||
|
DRM_PANEL_RAYDIUM_RM692E5 = no;
|
||||||
|
DRM_PANEL_RONBO_RB070D30 = no;
|
||||||
|
DRM_PANEL_SAMSUNG_ATNA33XC20 = no;
|
||||||
|
DRM_PANEL_SAMSUNG_DB7430 = no;
|
||||||
|
DRM_PANEL_SAMSUNG_LD9040 = no;
|
||||||
|
DRM_PANEL_SAMSUNG_S6D16D0 = no;
|
||||||
|
DRM_PANEL_SAMSUNG_S6D27A1 = no;
|
||||||
|
DRM_PANEL_SAMSUNG_S6D7AA0 = no;
|
||||||
|
DRM_PANEL_SAMSUNG_S6E3HA2 = no;
|
||||||
|
DRM_PANEL_SAMSUNG_S6E63J0X03 = no;
|
||||||
|
DRM_PANEL_SAMSUNG_S6E63M0 = no;
|
||||||
|
DRM_PANEL_SAMSUNG_S6E88A0_AMS452EF01 = no;
|
||||||
|
DRM_PANEL_SAMSUNG_S6E8AA0 = no;
|
||||||
|
DRM_PANEL_SEIKO_43WVF1G = no;
|
||||||
|
DRM_PANEL_SHARP_LQ101R1SX01 = no;
|
||||||
|
DRM_PANEL_SHARP_LS037V7DW01 = no;
|
||||||
|
DRM_PANEL_SHARP_LS043T1LE01 = no;
|
||||||
|
DRM_PANEL_SHARP_LS060T1SX01 = no;
|
||||||
|
DRM_PANEL_SITRONIX_ST7701 = no;
|
||||||
|
DRM_PANEL_SITRONIX_ST7703 = no;
|
||||||
|
DRM_PANEL_SITRONIX_ST7789V = no;
|
||||||
|
DRM_PANEL_SONY_ACX565AKM = no;
|
||||||
|
DRM_PANEL_SONY_TD4353_JDI = no;
|
||||||
|
DRM_PANEL_SONY_TULIP_TRULY_NT35521 = no;
|
||||||
|
DRM_PANEL_STARTEK_KD070FHFID015 = no;
|
||||||
|
DRM_PANEL_TDO_TL070WSH30 = no;
|
||||||
|
DRM_PANEL_TPO_TD028TTEC1 = no;
|
||||||
|
DRM_PANEL_TPO_TD043MTEA1 = no;
|
||||||
|
DRM_PANEL_TPO_TPG110 = no;
|
||||||
|
DRM_PANEL_VISIONOX_R66451 = no;
|
||||||
|
DRM_PANEL_VISIONOX_RM69299 = no;
|
||||||
|
DRM_PANEL_WIDECHIPS_WS2401 = no;
|
||||||
|
DRM_PANEL_XINPENG_XPP055C272 = no;
|
||||||
|
DRM_NWL_MIPI_DSI = no;
|
||||||
|
SND_SOC_FSL_SAI = no;
|
||||||
|
SND_SOC_FSL_ASRC = no;
|
||||||
|
SND_SOC_FSL_MICFIL = no;
|
||||||
|
SND_SOC_FSL_AUDMIX = no;
|
||||||
|
SND_SOC_FSL_SPDIF = no;
|
||||||
|
SND_SOC_WM8904 = no;
|
||||||
|
RTC_DRV_RV8803 = no;
|
||||||
|
RTC_DRV_DS1307 = no;
|
||||||
|
RTC_DRV_PCF85363 = no;
|
||||||
|
RTC_DRV_PCF2127 = no;
|
||||||
|
FUJITSU_ERRATUM_010001 = no;
|
||||||
|
PCI_PASID = no;
|
||||||
|
UACCE = no;
|
||||||
|
SPI_CADENCE_QUADSPI = no;
|
||||||
|
DW_WATCHDOG = no;
|
||||||
|
NOP_USB_XCEIV = no;
|
||||||
|
SURFACE_PLATFORMS = no;
|
||||||
|
GPIO_PCA953X = no;
|
||||||
|
BACKLIGHT_LP855X = no;
|
||||||
|
MFD_MAX77620 = no;
|
||||||
|
SENSORS_PWM_FAN = no;
|
||||||
|
SENSORS_INA3221 = no;
|
||||||
|
REGULATOR_MAX8973 = no;
|
||||||
|
USB_CONN_GPIO = no;
|
||||||
|
MFD_BD9571MWV = no;
|
||||||
|
DRM_PANEL_LVDS = no;
|
||||||
|
COMMON_CLK_VC5 = no;
|
||||||
|
CRYPTO_DEV_CCREE = no;
|
||||||
|
VIDEO_IMX219 = no;
|
||||||
|
VIDEO_OV5645 = no;
|
||||||
|
SND_SOC_AK4613 = no;
|
||||||
|
SND_SIMPLE_CARD = no;
|
||||||
|
SND_AUDIO_GRAPH_CARD = no;
|
||||||
|
TYPEC_HD3SS3220 = no;
|
||||||
|
RTC_DRV_RX8581 = no;
|
||||||
|
COMMON_CLK_CS2000_CP = no;
|
||||||
|
KEYBOARD_ADC = no;
|
||||||
|
REGULATOR_FAN53555 = no;
|
||||||
|
TOUCHSCREEN_ATMEL_MXT = no;
|
||||||
|
RTC_DRV_HYM8563 = no;
|
||||||
|
MFD_SEC_CORE = no;
|
||||||
|
PL330_DMA = no;
|
||||||
|
GPIO_MB86S7X = no;
|
||||||
|
MMC_SDHCI_F_SDH30 = no;
|
||||||
|
MMC_SDHCI_CADENCE = no;
|
||||||
|
SOCIONEXT_SYNQUACER_PREITS = no;
|
||||||
|
NET_VENDOR_SOCIONEXT = no;
|
||||||
|
ARCH_ACTIONS = no;
|
||||||
|
ARCH_SUNXI = no;
|
||||||
|
ARCH_ALPINE = no;
|
||||||
|
ARCH_APPLE = no;
|
||||||
|
ARCH_BERLIN = no;
|
||||||
|
ARCH_EXYNOS = no;
|
||||||
|
ARCH_K3 = no;
|
||||||
|
ARCH_LG1K = no;
|
||||||
|
ARCH_HISI = no;
|
||||||
|
ARCH_KEEMBAY = no;
|
||||||
|
ARCH_MEDIATEK = no;
|
||||||
|
ARCH_MESON = no;
|
||||||
|
ARCH_MVEBU = no;
|
||||||
|
ARCH_RENESAS = no;
|
||||||
|
ARCH_ROCKCHIP = no;
|
||||||
|
ARCH_SEATTLE = no;
|
||||||
|
ARCH_INTEL_SOCFPGA = no;
|
||||||
|
ARCH_SYNQUACER = no;
|
||||||
|
ARCH_TEGRA = no;
|
||||||
|
ARCH_SPRD = no;
|
||||||
|
ARCH_THUNDER = no;
|
||||||
|
ARCH_THUNDER2 = no;
|
||||||
|
ARCH_UNIPHIER = no;
|
||||||
|
ARCH_VEXPRESS = no;
|
||||||
|
ARCH_VISCONTI = no;
|
||||||
|
ARCH_XGENE = no;
|
||||||
|
ARCH_ZYNQMP = no;
|
||||||
|
PCI_XGENE = no;
|
||||||
|
PCIE_ALTERA = no;
|
||||||
|
PCI_HOST_THUNDER_PEM = no;
|
||||||
|
PCI_HOST_THUNDER_ECAM = no;
|
||||||
|
PCI_HISI = no;
|
||||||
|
PCIE_KIRIN = no;
|
||||||
|
SERIAL_XILINX_PS_UART = no;
|
||||||
|
SERIAL_FSL_LPUART = no;
|
||||||
|
SERIAL_FSL_LINFLEXUART = no;
|
||||||
|
I2C_RK3X = no;
|
||||||
|
SPI_PL022 = no;
|
||||||
|
GPIO_ALTERA = no;
|
||||||
|
GPIO_PL061 = no;
|
||||||
|
GPIO_XGENE = no;
|
||||||
|
POWER_RESET_XGENE = no;
|
||||||
|
POWER_RESET_SYSCON = no;
|
||||||
|
GNSS_MTK_SERIAL = no;
|
||||||
|
ARM_SP805_WATCHDOG = no;
|
||||||
|
MFD_AXP20X_I2C = no;
|
||||||
|
MFD_HI6421_PMIC = no;
|
||||||
|
MFD_MT6397 = no;
|
||||||
|
REGULATOR_RK808 = no;
|
||||||
|
REGULATOR_TPS65132 = no;
|
||||||
|
MEDIA_ANALOG_TV_SUPPORT = lib.mkForce no;
|
||||||
|
MEDIA_DIGITAL_TV_SUPPORT = lib.mkForce no;
|
||||||
|
MEDIA_SDR_SUPPORT = no;
|
||||||
|
DRM_AMDGPU = no;
|
||||||
|
DRM_ETNAVIV = no;
|
||||||
|
DRM_HISI_KIRIN = no;
|
||||||
|
DRM_NOUVEAU = no;
|
||||||
|
SND_SOC_GTM601 = no;
|
||||||
|
SND_SOC_RT5659 = no;
|
||||||
|
SND_SOC_WM8960 = no;
|
||||||
|
SND_SOC_WM8962 = no;
|
||||||
|
USB_XHCI_PCI_RENESAS = no;
|
||||||
|
MMC_SDHCI_OF_ARASAN = no;
|
||||||
|
MMC_DW_EXYNOS = no;
|
||||||
|
MMC_DW_HI3798CV200 = no;
|
||||||
|
MMC_DW_K3 = no;
|
||||||
|
MMC_MTK = no;
|
||||||
|
MMC_SDHCI_XENON = no;
|
||||||
|
MMC_SDHCI_AM654 = no;
|
||||||
|
RTC_DRV_MAX77686 = no;
|
||||||
|
RTC_DRV_RK808 = no;
|
||||||
|
RTC_DRV_M41T80 = no;
|
||||||
|
RTC_DRV_RV3028 = no;
|
||||||
|
RTC_DRV_PL031 = no;
|
||||||
|
COMMON_CLK_RK808 = no;
|
||||||
|
FSL_RCPM = no;
|
||||||
|
HISI_PMU = no;
|
||||||
|
INTERCONNECT_QCOM_MSM8996 = no;
|
||||||
|
INTERCONNECT_QCOM_QCS404 = no;
|
||||||
|
INTERCONNECT_QCOM_SC7180 = no;
|
||||||
|
INTERCONNECT_QCOM_SM8150 = no;
|
||||||
|
INTERCONNECT_QCOM_SM8350 = no;
|
||||||
|
INTERCONNECT_QCOM_SM8450 = no;
|
||||||
|
INTERCONNECT_QCOM_SM8550 = no;
|
||||||
|
INTERCONNECT_QCOM_SC8280XP = no;
|
||||||
|
ARCH_NPCM = no;
|
||||||
|
PINCTRL_SC8280XP = no;
|
||||||
|
BCM_SBA_RAID = no;
|
||||||
|
SENSORS_GPIO_FAN = no;
|
||||||
|
ARCH_BCM = no;
|
||||||
|
ARCH_NXP = no;
|
||||||
|
NET_VENDOR_ADI = no;
|
||||||
|
PINCTRL_SC8180X = no;
|
||||||
|
SND_SOC_SC7180 = no;
|
||||||
|
SND_SOC_SC7280 = no;
|
||||||
|
SND_SOC_WCD938X_SDW = no;
|
||||||
|
MMC_SDHCI_OF_DWCMSHC = no;
|
||||||
|
SC_GCC_8180X = no;
|
||||||
|
IOMMU_IO_PGTABLE_DART = no;
|
||||||
|
INTERCONNECT_QCOM_SC8180X = no;
|
||||||
|
MEMORY_HOTPLUG = lib.mkForce no;
|
||||||
|
MELLANOX_PLATFORM = no;
|
||||||
|
CHROME_PLATFORMS = lib.mkForce no;
|
||||||
|
PINCTRL_SM8150 = no;
|
||||||
|
SM_GCC_8150 = no;
|
||||||
|
SM_VIDEOCC_8150 = no;
|
||||||
|
SM_GPUCC_8150 = no;
|
||||||
|
SM_GPUCC_8350 = no;
|
||||||
|
SM_VIDEOCC_8350 = no;
|
||||||
|
PINCTRL_SM8350 = no;
|
||||||
|
SM_GCC_8350 = no;
|
||||||
|
SM_DISPCC_8450 = no;
|
||||||
|
PINCTRL_SM8550 = no;
|
||||||
|
PINCTRL_SM8550_LPASS_LPI = no;
|
||||||
|
SM_DISPCC_8550 = no;
|
||||||
|
SM_TCSRCC_8550 = no;
|
||||||
|
|
||||||
|
# keys that are unused in this case
|
||||||
|
# (builtin aarch64-linux config is unused too, but i cant disable it)
|
||||||
|
ACPI_HOTPLUG_MEMORY.tristate = lib.mkForce null; BCM2835_MBOX.tristate = lib.mkForce null; BCM2835_WDT.tristate = lib.mkForce null;
|
||||||
|
CHROMEOS_TBMC.tristate = lib.mkForce null; CROS_EC.tristate = lib.mkForce null; CROS_EC_I2C.tristate = lib.mkForce null;
|
||||||
|
CROS_EC_SPI.tristate = lib.mkForce null; CROS_KBD_LED_BACKLIGHT.tristate = lib.mkForce null;
|
||||||
|
FSL_MC_UAPI_SUPPORT.tristate = lib.mkForce null; MEDIA_ATTACH.tristate = lib.mkForce null;
|
||||||
|
MEMORY_HOTREMOVE.tristate = lib.mkForce null; MTD_COMPLEX_MAPPINGS.tristate = lib.mkForce null; NET_ACT_BPF.tristate = lib.mkForce null;
|
||||||
|
PCI_TEGRA.tristate = lib.mkForce null; RASPBERRYPI_FIRMWARE.tristate = lib.mkForce null; RASPBERRYPI_POWER.tristate = lib.mkForce null;
|
||||||
|
SCSI_SAS_ATA.tristate = lib.mkForce null; SUN8I_DE2_CCU.tristate = lib.mkForce null;
|
||||||
|
TCG_TIS_SPI_CR50.tristate = lib.mkForce null; USB_XHCI_TEGRA = lib.mkForce no; ZONE_DEVICE.tristate = lib.mkForce null;
|
||||||
|
"9P_FSCACHE".tristate = lib.mkForce null; CROS_EC_ISHTP.tristate = lib.mkForce null; CROS_EC_LPC.tristate = lib.mkForce null;
|
||||||
|
DRM_AMDGPU_CIK.tristate = lib.mkForce null; DRM_AMDGPU_SI.tristate = lib.mkForce null; DRM_AMDGPU_USERPTR.tristate = lib.mkForce null;
|
||||||
|
DRM_AMD_DC_FP.tristate = lib.mkForce null; DRM_AMD_DC_SI.tristate = lib.mkForce null; DRM_DP_AUX_CHARDEV.tristate = lib.mkForce null;
|
||||||
|
DRM_FBDEV_EMULATION.tristate = lib.mkForce null; DRM_GMA500.tristate = lib.mkForce null; DRM_LEGACY.tristate = lib.mkForce null;
|
||||||
|
DRM_LOAD_EDID_FIRMWARE.tristate = lib.mkForce null; DRM_VBOXVIDEO.tristate = lib.mkForce null;
|
||||||
|
DRM_VC4_HDMI_CEC.tristate = lib.mkForce null; FB_3DFX_ACCEL.tristate = lib.mkForce null; FB_ATY_CT.tristate = lib.mkForce null;
|
||||||
|
FB_ATY_GX.tristate = lib.mkForce null; FB_EFI.tristate = lib.mkForce null; FB_NVIDIA_I2C.tristate = lib.mkForce null;
|
||||||
|
FB_RIVA_I2C.tristate = lib.mkForce null; FB_SAVAGE_ACCEL.tristate = lib.mkForce null; FB_SAVAGE_I2C.tristate = lib.mkForce null;
|
||||||
|
FB_SIS_300.tristate = lib.mkForce null; FB_SIS_315.tristate = lib.mkForce null;
|
||||||
|
FB_VESA.tristate = lib.mkForce null; FONTS.tristate = lib.mkForce null; FONT_8x8.tristate = lib.mkForce null;
|
||||||
|
FONT_TER16x32.tristate = lib.mkForce null; FRAMEBUFFER_CONSOLE.tristate = lib.mkForce null;
|
||||||
|
FRAMEBUFFER_CONSOLE_DEFERRED_TAKEOVER.tristate = lib.mkForce null;
|
||||||
|
FRAMEBUFFER_CONSOLE_DETECT_PRIMARY.tristate = lib.mkForce null; FRAMEBUFFER_CONSOLE_ROTATION.tristate = lib.mkForce null;
|
||||||
|
HMM_MIRROR.tristate = lib.mkForce null; HSA_AMD.tristate = lib.mkForce null; HYPERVISOR_GUEST.tristate = lib.mkForce null;
|
||||||
|
INFINIBAND_IPOIB.tristate = lib.mkForce null; INFINIBAND_IPOIB_CM.tristate = lib.mkForce null;
|
||||||
|
IP_MROUTE_MULTIPLE_TABLES.tristate = lib.mkForce null; JOYSTICK_PSXPAD_SPI_FF.tristate = lib.mkForce null;
|
||||||
|
KERNEL_ZSTD.tristate = lib.mkForce null; KEYBOARD_APPLESPI.tristate = lib.mkForce null; KVM_ASYNC_PF.tristate = lib.mkForce null;
|
||||||
|
KVM_GENERIC_DIRTYLOG_READ_PROTECT.tristate = lib.mkForce null; KVM_GUEST.tristate = lib.mkForce null; KVM_MMIO.tristate = lib.mkForce null;
|
||||||
|
KVM_VFIO.tristate = lib.mkForce null; LOGO.tristate = lib.mkForce null; MICROCODE.tristate = lib.mkForce null;
|
||||||
|
MOUSE_PS2_VMMOUSE.tristate = lib.mkForce null; MTRR_SANITIZER.tristate = lib.mkForce null; NFS_FSCACHE.tristate = lib.mkForce null;
|
||||||
|
PINCTRL_BAYTRAIL.tristate = lib.mkForce null;
|
||||||
|
PINCTRL_CHERRYVIEW.tristate = lib.mkForce null; PM_ADVANCED_DEBUG.tristate = lib.mkForce null; PM_TRACE_RTC.tristate = lib.mkForce null;
|
||||||
|
SND_AC97_POWER_SAVE.tristate = lib.mkForce null; SND_DYNAMIC_MINORS.tristate = lib.mkForce null;
|
||||||
|
SND_HDA_INPUT_BEEP.tristate = lib.mkForce null; SND_HDA_PATCH_LOADER.tristate = lib.mkForce null;
|
||||||
|
SND_HDA_RECONFIG.tristate = lib.mkForce null; SND_OSSEMUL.tristate = lib.mkForce null; SND_USB_CAIAQ_INPUT.tristate = lib.mkForce null;
|
||||||
|
VFIO_PCI_VGA.tristate = lib.mkForce null; VGA_SWITCHEROO.tristate = lib.mkForce null; X86_AMD_PLATFORM_DEVICE.tristate = lib.mkForce null;
|
||||||
|
X86_CHECK_BIOS_CORRUPTION.tristate = lib.mkForce null; X86_MCE.tristate = lib.mkForce null;
|
||||||
|
X86_PLATFORM_DRIVERS_DELL.tristate = lib.mkForce null; X86_PLATFORM_DRIVERS_HP.tristate = lib.mkForce null;
|
||||||
|
JOYSTICK_XPAD_FF.tristate = lib.mkForce null; JOYSTICK_XPAD_LEDS.tristate = lib.mkForce null; KEXEC_JUMP.tristate = lib.mkForce null;
|
||||||
|
PERF_EVENTS_AMD_BRS.tristate = lib.mkForce null; HVC_XEN.tristate = lib.mkForce null; HVC_XEN_FRONTEND.tristate = lib.mkForce null;
|
||||||
|
PARAVIRT_SPINLOCKS.tristate = lib.mkForce null; PCI_XEN.tristate = lib.mkForce null; SWIOTLB_XEN.tristate = lib.mkForce null;
|
||||||
|
VBOXGUEST.tristate = lib.mkForce null; XEN_BACKEND.tristate = lib.mkForce null; XEN_BALLOON.tristate = lib.mkForce null;
|
||||||
|
XEN_BALLOON_MEMORY_HOTPLUG.tristate = lib.mkForce null; XEN_DOM0.tristate = lib.mkForce null; XEN_EFI.tristate = lib.mkForce null;
|
||||||
|
XEN_HAVE_PVMMU.tristate = lib.mkForce null; XEN_MCE_LOG.tristate = lib.mkForce null; XEN_PVH.tristate = lib.mkForce null;
|
||||||
|
XEN_PVHVM.tristate = lib.mkForce null; XEN_SAVE_RESTORE.tristate = lib.mkForce null; XEN_SYS_HYPERVISOR.tristate = lib.mkForce null;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
linux_enchilada_ccache = pkgs'.buildLinuxWithCcache pkgs'.linux_enchilada;
|
||||||
|
}
|
|
@ -1,11 +1,12 @@
|
||||||
{ lib
|
{ lib
|
||||||
, pkgs
|
, pkgs
|
||||||
, config
|
, config
|
||||||
|
, inputs
|
||||||
, ... }:
|
, ... }:
|
||||||
|
|
||||||
/*
|
/*
|
||||||
# for old kernel versions
|
# for old kernel versions
|
||||||
zenKernels = pkgs.callPackage "${nixpkgs}/pkgs/os-specific/linux/kernel/zen-kernels.nix";
|
zenKernels = pkgs.callPackage "${pkgs.path}/pkgs/os-specific/linux/kernel/zen-kernels.nix";
|
||||||
zenKernel = (version: sha256: (zenKernels {
|
zenKernel = (version: sha256: (zenKernels {
|
||||||
kernelPatches = [
|
kernelPatches = [
|
||||||
pkgs.linuxKernel.kernelPatches.bridge_stp_helper
|
pkgs.linuxKernel.kernelPatches.bridge_stp_helper
|
||||||
|
@ -26,6 +27,8 @@
|
||||||
*/
|
*/
|
||||||
|
|
||||||
{
|
{
|
||||||
|
imports = [ inputs.nix-gaming.nixosModules.pipewireLowLatency ];
|
||||||
|
|
||||||
system.stateVersion = "22.11";
|
system.stateVersion = "22.11";
|
||||||
|
|
||||||
### SECTION 1: HARDWARE/BOOT PARAMETERS ###
|
### SECTION 1: HARDWARE/BOOT PARAMETERS ###
|
||||||
|
@ -122,26 +125,15 @@
|
||||||
# users.groups.wireshark.members = [ config.common.mainUsername ];
|
# users.groups.wireshark.members = [ config.common.mainUsername ];
|
||||||
services.printing.enable = true;
|
services.printing.enable = true;
|
||||||
services.printing.drivers = [ pkgs.hplip ];
|
services.printing.drivers = [ pkgs.hplip ];
|
||||||
services.pipewire = {
|
|
||||||
enable = true;
|
|
||||||
alsa.enable = true;
|
|
||||||
alsa.support32Bit = true;
|
|
||||||
pulse.enable = true;
|
|
||||||
jack.enable = true;
|
|
||||||
|
|
||||||
# from nix-gaming
|
# from nix-gaming
|
||||||
lowLatency = {
|
services.pipewire.lowLatency = {
|
||||||
enable = true;
|
enable = false;
|
||||||
# 96 is mostly fine but has some xruns
|
# 96 is mostly fine but has some xruns
|
||||||
# 128 has xruns every now and then too, but is overall fine
|
# 128 has xruns every now and then too
|
||||||
quantum = 128;
|
quantum = 128;
|
||||||
rate = 48000;
|
rate = 48000;
|
||||||
};
|
};
|
||||||
};
|
|
||||||
security.polkit.enable = true;
|
|
||||||
security.rtkit.enable = true;
|
|
||||||
|
|
||||||
services.dbus.enable = true;
|
|
||||||
programs.sway.enable = true;
|
programs.sway.enable = true;
|
||||||
xdg.portal = {
|
xdg.portal = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
# WIP (I don't even have the phone yet)
|
|
||||||
|
|
||||||
{ pkgs
|
{ pkgs
|
||||||
, config
|
, lib
|
||||||
, ... }:
|
# , config
|
||||||
|
, ...
|
||||||
|
}:
|
||||||
|
|
||||||
{
|
{
|
||||||
system.stateVersion = "23.11";
|
system.stateVersion = "23.11";
|
||||||
|
@ -15,26 +15,12 @@
|
||||||
{ from = 1714; to = 1764; }
|
{ from = 1714; to = 1764; }
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.wireless.iwd.enable = true;
|
|
||||||
common.minimal = false;
|
common.minimal = false;
|
||||||
services.pipewire = {
|
programs.sway.enable = true;
|
||||||
enable = true;
|
|
||||||
alsa.enable = true;
|
|
||||||
alsa.support32Bit = true;
|
|
||||||
pulse.enable = true;
|
|
||||||
jack.enable = true;
|
|
||||||
};
|
|
||||||
security.polkit.enable = true;
|
|
||||||
security.rtkit.enable = true;
|
|
||||||
xdg.portal = {
|
xdg.portal = {
|
||||||
enable = true;
|
enable = true;
|
||||||
extraPortals = with pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-wlr ];
|
extraPortals = with pkgs; [ xdg-desktop-portal-gtk xdg-desktop-portal-wlr ];
|
||||||
};
|
};
|
||||||
services.sshd.enable = true;
|
services.sshd.enable = true;
|
||||||
users.users.${config.common.mainUsername}.extraGroups = [ "video" "feedbackd" "dialout" ];
|
# users.users.${config.common.mainUsername}.extraGroups = [ "video" "feedbackd" "dialout" ];
|
||||||
|
|
||||||
mobile.generatedFilesystems.rootfs = {
|
|
||||||
filesystem = "btrfs";
|
|
||||||
btrfs.partitionID = "44444444-4444-4444-8888-888888888888";
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -31,6 +31,18 @@ in {
|
||||||
];
|
];
|
||||||
listenAddress = netAddresses.lan4;
|
listenAddress = netAddresses.lan4;
|
||||||
};
|
};
|
||||||
|
ping = {
|
||||||
|
enable = true;
|
||||||
|
listenAddress = netAddresses.lan4;
|
||||||
|
port = 9380;
|
||||||
|
config = {
|
||||||
|
type = "raw";
|
||||||
|
targets = [
|
||||||
|
"8.8.8.8"
|
||||||
|
{ target = "8.8.8.8"; netns = "wan"; }
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
router.interfaces.br0 = let
|
router.interfaces.br0 = let
|
||||||
# all of this just to avoid logging commands...
|
# all of this just to avoid logging commands...
|
||||||
|
|
|
@ -134,13 +134,12 @@ in {
|
||||||
})}'')}
|
})}'')}
|
||||||
real_ip_header CF-Connecting-IP;
|
real_ip_header CF-Connecting-IP;
|
||||||
'';
|
'';
|
||||||
# brotli and zstd requires recompilation so I don't enable it
|
services.nginx.recommendedBrotliSettings = true;
|
||||||
# services.nginx.recommendedBrotliSettings = true;
|
|
||||||
# services.nginx.recommendedZstdSettings = true;
|
|
||||||
services.nginx.recommendedGzipSettings = true;
|
services.nginx.recommendedGzipSettings = true;
|
||||||
services.nginx.recommendedOptimisation = true;
|
services.nginx.recommendedOptimisation = true;
|
||||||
services.nginx.recommendedProxySettings = true;
|
services.nginx.recommendedProxySettings = true;
|
||||||
services.nginx.recommendedTlsSettings = true;
|
services.nginx.recommendedTlsSettings = true;
|
||||||
|
services.nginx.recommendedZstdSettings = true;
|
||||||
|
|
||||||
# BLOG
|
# BLOG
|
||||||
services.nginx.virtualHosts.${cfg.domainName} = {
|
services.nginx.virtualHosts.${cfg.domainName} = {
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
{ config
|
{ config
|
||||||
, lib
|
, lib
|
||||||
, pkgs
|
, pkgs
|
||||||
|
, inputs
|
||||||
, ... }:
|
, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
|
@ -16,6 +17,8 @@ let
|
||||||
withQt5 = false;
|
withQt5 = false;
|
||||||
};
|
};
|
||||||
in {
|
in {
|
||||||
|
imports = [ inputs.coop-ofd.nixosModules.default ];
|
||||||
|
|
||||||
# a bunch of services for personal use not intended for the public
|
# a bunch of services for personal use not intended for the public
|
||||||
# TODO: keycloakify this
|
# TODO: keycloakify this
|
||||||
services.grafana = {
|
services.grafana = {
|
||||||
|
@ -315,6 +318,7 @@ in {
|
||||||
"retracker.local:9101"
|
"retracker.local:9101"
|
||||||
"retracker.local:9256"
|
"retracker.local:9256"
|
||||||
"retracker.local:9167"
|
"retracker.local:9167"
|
||||||
|
"retracker.local:9380"
|
||||||
];
|
];
|
||||||
labels.machine = "router";
|
labels.machine = "router";
|
||||||
} ];
|
} ];
|
||||||
|
|
|
@ -1,10 +1,13 @@
|
||||||
{ config
|
{ config
|
||||||
, pkgs
|
, pkgs
|
||||||
|
, inputs
|
||||||
, ... }:
|
, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.server;
|
cfg = config.server;
|
||||||
in {
|
in {
|
||||||
|
imports = [ inputs.nixos-mailserver.nixosModules.default ];
|
||||||
|
|
||||||
impermanence.directories = [
|
impermanence.directories = [
|
||||||
{ directory = config.mailserver.dkimKeyDirectory; user = "opendkim"; group = "opendkim"; mode = "0755"; }
|
{ directory = config.mailserver.dkimKeyDirectory; user = "opendkim"; group = "opendkim"; mode = "0755"; }
|
||||||
{ directory = config.mailserver.mailDirectory; user = "virtualMail"; group = "virtualMail"; mode = "0700"; }
|
{ directory = config.mailserver.mailDirectory; user = "virtualMail"; group = "virtualMail"; mode = "0700"; }
|
||||||
|
|
|
@ -1,11 +1,14 @@
|
||||||
{ config
|
{ config
|
||||||
, lib
|
, lib
|
||||||
, pkgs
|
, pkgs
|
||||||
|
, inputs
|
||||||
, ... }:
|
, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.server;
|
cfg = config.server;
|
||||||
in {
|
in {
|
||||||
|
imports = [ inputs.maubot.nixosModules.default ];
|
||||||
|
|
||||||
services.nginx.virtualHosts."matrix.${cfg.domainName}".locations = let
|
services.nginx.virtualHosts."matrix.${cfg.domainName}".locations = let
|
||||||
inherit (config.services.maubot) settings;
|
inherit (config.services.maubot) settings;
|
||||||
in {
|
in {
|
||||||
|
|
|
@ -1,11 +1,13 @@
|
||||||
{ lib
|
{ lib
|
||||||
, pkgs
|
, pkgs
|
||||||
, config
|
, config
|
||||||
|
, inputs
|
||||||
, ... }:
|
, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
# force some defaults even if they were set with mkDefault already...
|
# force some defaults even if they were set with mkDefault already...
|
||||||
mkForceDefault = lib.mkOverride 999;
|
mkForceDefault = lib.mkOverride 999;
|
||||||
|
cfg = config.common;
|
||||||
in {
|
in {
|
||||||
options.common = with lib; mkOption {
|
options.common = with lib; mkOption {
|
||||||
type = types.submodule {
|
type = types.submodule {
|
||||||
|
@ -34,9 +36,8 @@ in {
|
||||||
};
|
};
|
||||||
default = { };
|
default = { };
|
||||||
};
|
};
|
||||||
config = let
|
config = lib.mkMerge [
|
||||||
cfg = config.common;
|
{
|
||||||
in {
|
|
||||||
nix = {
|
nix = {
|
||||||
# nix.channel.enable is needed for NIX_PATH to work for some reason
|
# nix.channel.enable is needed for NIX_PATH to work for some reason
|
||||||
# channel.enable = false;
|
# channel.enable = false;
|
||||||
|
@ -58,15 +59,35 @@ in {
|
||||||
options = "--delete-older-than 30d";
|
options = "--delete-older-than 30d";
|
||||||
};
|
};
|
||||||
package = pkgs.nixForNixPlugins;
|
package = pkgs.nixForNixPlugins;
|
||||||
|
extraOptions = ''
|
||||||
|
plugin-files = ${pkgs.nix-plugins.override { nix = config.nix.package; }}/lib/nix/plugins/libnix-extra-builtins.so
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
systemd.services.nix-daemon.serviceConfig.LimitSTACKSoft = "infinity";
|
systemd.services.nix-daemon.serviceConfig.LimitSTACKSoft = "infinity";
|
||||||
nix.daemonCPUSchedPolicy = lib.mkDefault "idle";
|
nix.daemonCPUSchedPolicy = lib.mkDefault "idle";
|
||||||
nix.daemonIOSchedClass = lib.mkDefault "idle";
|
nix.daemonIOSchedClass = lib.mkDefault "idle";
|
||||||
|
|
||||||
|
# registry is used for the new flaky nix command
|
||||||
|
nix.registry =
|
||||||
|
builtins.mapAttrs
|
||||||
|
(_: v: { flake = v; })
|
||||||
|
(lib.filterAttrs (_: v: v?outputs) inputs);
|
||||||
|
|
||||||
|
# add import'able flake inputs (like nixpkgs) to nix path
|
||||||
|
# nix path is used for old nix commands (like nix-build, nix-shell)
|
||||||
|
environment.etc = lib.mapAttrs'
|
||||||
|
(name: value: {
|
||||||
|
name = "nix/inputs/${name}";
|
||||||
|
value.source = value.outPath or "${value}";
|
||||||
|
})
|
||||||
|
(lib.filterAttrs (_: v: builtins.pathExists "${v}/default.nix") inputs);
|
||||||
|
nix.nixPath = [ "/etc/nix/inputs" ];
|
||||||
|
|
||||||
boot.kernelParams = lib.optionals (cfg.resolution != null) [
|
boot.kernelParams = lib.optionals (cfg.resolution != null) [
|
||||||
"consoleblank=60"
|
"consoleblank=60"
|
||||||
] ++ (lib.optionals (cfg.resolution == "1920x1080") [
|
] ++ lib.optionals (cfg.resolution == "1920x1080") [
|
||||||
"fbcon=font:TER16x32"
|
"fbcon=font:TER16x32"
|
||||||
]);
|
];
|
||||||
console.font =
|
console.font =
|
||||||
lib.mkIf (cfg.resolution == "1920x1080" || cfg.resolution == "1366x768") {
|
lib.mkIf (cfg.resolution == "1920x1080" || cfg.resolution == "1366x768") {
|
||||||
"1920x1080" = "${pkgs.terminus_font}/share/consolefonts/ter-v32n.psf.gz";
|
"1920x1080" = "${pkgs.terminus_font}/share/consolefonts/ter-v32n.psf.gz";
|
||||||
|
@ -81,9 +102,11 @@ in {
|
||||||
|
|
||||||
hardware.enableRedistributableFirmware = true;
|
hardware.enableRedistributableFirmware = true;
|
||||||
services.openssh.settings.PasswordAuthentication = false;
|
services.openssh.settings.PasswordAuthentication = false;
|
||||||
|
|
||||||
services.tlp.settings.USB_EXCLUDE_PHONE = 1;
|
services.tlp.settings.USB_EXCLUDE_PHONE = 1;
|
||||||
services.tlp.settings.START_CHARGE_THRESH_BAT0 = 75;
|
services.tlp.settings.START_CHARGE_THRESH_BAT0 = 75;
|
||||||
services.tlp.settings.STOP_CHARGE_THRESH_BAT0 = 80;
|
services.tlp.settings.STOP_CHARGE_THRESH_BAT0 = 80;
|
||||||
|
|
||||||
i18n.defaultLocale = lib.mkDefault "en_US.UTF-8";
|
i18n.defaultLocale = lib.mkDefault "en_US.UTF-8";
|
||||||
i18n.supportedLocales = lib.mkDefault [
|
i18n.supportedLocales = lib.mkDefault [
|
||||||
"C.UTF-8/UTF-8"
|
"C.UTF-8/UTF-8"
|
||||||
|
@ -92,50 +115,17 @@ in {
|
||||||
];
|
];
|
||||||
# ISO-8601
|
# ISO-8601
|
||||||
i18n.extraLocaleSettings.LC_TIME = "en_DK.UTF-8";
|
i18n.extraLocaleSettings.LC_TIME = "en_DK.UTF-8";
|
||||||
environment.systemPackages = with pkgs; ([
|
environment.systemPackages = with pkgs; [
|
||||||
bottom
|
bottom
|
||||||
wget
|
|
||||||
git
|
git
|
||||||
|
rsync
|
||||||
tmux
|
tmux
|
||||||
] ++ lib.optionals cfg.minimal [
|
wget
|
||||||
|
|
||||||
kitty.terminfo
|
kitty.terminfo
|
||||||
# rxvt-unicode-unwrapped.terminfo
|
# rxvt-unicode-unwrapped.terminfo
|
||||||
]);
|
];
|
||||||
programs.fish.interactiveShellInit = lib.mkIf cfg.minimal ''
|
|
||||||
set -gx SHELL ${pkgs.zsh}/bin/zsh
|
|
||||||
set -g fish_color_autosuggestion 777 brblack
|
|
||||||
set -g fish_color_command green
|
|
||||||
set -g fish_color_operator white
|
|
||||||
set -g fish_color_param white
|
|
||||||
set -g fish_key_bindings fish_vi_key_bindings
|
|
||||||
set -g fish_cursor_insert line
|
|
||||||
set -g fish_cursor_replace underscore
|
|
||||||
'';
|
|
||||||
programs.vim = lib.mkIf cfg.minimal {
|
|
||||||
defaultEditor = lib.mkDefault true;
|
|
||||||
package = pkgs.vim-full.customize {
|
|
||||||
vimrcConfig.customRC = ''
|
|
||||||
syntax on
|
|
||||||
au FileType markdown set colorcolumn=73 textwidth=72
|
|
||||||
au FileType gitcommit set colorcolumn=73
|
|
||||||
au BufReadPre * set foldmethod=syntax
|
|
||||||
au BufReadPost * folddoc foldopen!
|
|
||||||
autocmd BufReadPost * if @% !~# '\.git[\/\\]COMMIT_EDITMSG$' && line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g`\"" | endif
|
|
||||||
'';
|
|
||||||
vimrcConfig.packages.myVimPackage = with pkgs.vimPlugins; {
|
|
||||||
start = [ vim-sleuth ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
# this is supposed to default to false, but it doesn't because of nixos fish module
|
|
||||||
documentation.man.generateCaches = lib.mkIf cfg.minimal (mkForceDefault false);
|
|
||||||
# we don't need stuff like html files (NixOS manual and so on) on minimal machines
|
|
||||||
documentation.doc.enable = lib.mkIf cfg.minimal (lib.mkDefault false);
|
|
||||||
programs.fish.enable = true;
|
programs.fish.enable = true;
|
||||||
# conflicts with bash module's mkDefault
|
|
||||||
# only override on minimal systems because on non-minimal systems
|
|
||||||
# because my fish config doesn't work well in fb/drm console
|
|
||||||
users.defaultUserShell = lib.mkIf cfg.minimal (mkForceDefault pkgs.fish);
|
|
||||||
users.users.${cfg.mainUsername} = {
|
users.users.${cfg.mainUsername} = {
|
||||||
uid = 1000;
|
uid = 1000;
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
|
@ -143,17 +133,6 @@ in {
|
||||||
};
|
};
|
||||||
# nixos-hardware uses mkDefault here, so we use slightly higher priority
|
# nixos-hardware uses mkDefault here, so we use slightly higher priority
|
||||||
services.xserver.libinput.enable = mkForceDefault (!cfg.minimal);
|
services.xserver.libinput.enable = mkForceDefault (!cfg.minimal);
|
||||||
/*
|
|
||||||
services.xserver = {
|
|
||||||
enable = true;
|
|
||||||
libinput.enable = true;
|
|
||||||
desktopManager.xterm.enable = false;
|
|
||||||
# I couldn't get lightdm to start sway, so let's just do this
|
|
||||||
displayManager.startx.enable = true;
|
|
||||||
windowManager.i3.enable = true;
|
|
||||||
};
|
|
||||||
*/
|
|
||||||
# pipewire:
|
|
||||||
programs.fuse.userAllowOther = true;
|
programs.fuse.userAllowOther = true;
|
||||||
# autologin once after boot
|
# autologin once after boot
|
||||||
# --skip-login means directly call login instead of first asking for username
|
# --skip-login means directly call login instead of first asking for username
|
||||||
|
@ -169,5 +148,58 @@ in {
|
||||||
exec ${shadow}/bin/login -f user
|
exec ${shadow}/bin/login -f user
|
||||||
fi
|
fi
|
||||||
'');
|
'');
|
||||||
};
|
}
|
||||||
|
|
||||||
|
(lib.mkIf cfg.minimal {
|
||||||
|
programs.fish.interactiveShellInit = ''
|
||||||
|
set -gx SHELL ${pkgs.zsh}/bin/zsh
|
||||||
|
set -g fish_color_autosuggestion 777 brblack
|
||||||
|
set -g fish_color_command green
|
||||||
|
set -g fish_color_operator white
|
||||||
|
set -g fish_color_param white
|
||||||
|
set -g fish_key_bindings fish_vi_key_bindings
|
||||||
|
set -g fish_cursor_insert line
|
||||||
|
set -g fish_cursor_replace underscore
|
||||||
|
'';
|
||||||
|
# this is supposed to default to false, but it doesn't because of nixos fish module
|
||||||
|
documentation.man.generateCaches = mkForceDefault false;
|
||||||
|
# we don't need stuff like html files (NixOS manual and so on) on minimal machines
|
||||||
|
documentation.doc.enable = lib.mkDefault false;
|
||||||
|
# conflicts with bash module's mkDefault
|
||||||
|
# only override on minimal systems because on non-minimal systems
|
||||||
|
# my fish config doesn't work well in fb/drm console
|
||||||
|
users.defaultUserShell = lib.mkIf cfg.minimal (mkForceDefault pkgs.fish);
|
||||||
|
|
||||||
|
programs.vim = {
|
||||||
|
defaultEditor = lib.mkDefault true;
|
||||||
|
package = pkgs.vim-full.customize {
|
||||||
|
vimrcConfig.customRC = ''
|
||||||
|
syntax on
|
||||||
|
au FileType markdown set colorcolumn=73 textwidth=72
|
||||||
|
au FileType gitcommit set colorcolumn=73
|
||||||
|
au BufReadPre * set foldmethod=syntax
|
||||||
|
au BufReadPost * folddoc foldopen!
|
||||||
|
autocmd BufReadPost * if @% !~# '\.git[\/\\]COMMIT_EDITMSG$' && line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g`\"" | endif
|
||||||
|
'';
|
||||||
|
vimrcConfig.packages.myVimPackage = with pkgs.vimPlugins; {
|
||||||
|
start = [ vim-sleuth ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
})
|
||||||
|
|
||||||
|
(lib.mkIf (!cfg.minimal) {
|
||||||
|
services.pipewire = {
|
||||||
|
enable = true;
|
||||||
|
alsa.enable = true;
|
||||||
|
alsa.support32Bit = true;
|
||||||
|
pulse.enable = true;
|
||||||
|
jack.enable = true;
|
||||||
|
};
|
||||||
|
security.polkit.enable = true;
|
||||||
|
security.rtkit.enable = true;
|
||||||
|
services.dbus.enable = true;
|
||||||
|
})
|
||||||
|
|
||||||
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -75,7 +75,7 @@ in {
|
||||||
{ directory = config.programs.ccache.cacheDir; user = "root"; group = "nixbld"; mode = "0770"; }
|
{ directory = config.programs.ccache.cacheDir; user = "root"; group = "nixbld"; mode = "0770"; }
|
||||||
{ directory = /var/cache/sccache; user = "root"; group = "nixbld"; mode = "0770"; }
|
{ directory = /var/cache/sccache; user = "root"; group = "nixbld"; mode = "0770"; }
|
||||||
] ++ lib.optionals (config.services.coop-ofd.enable or false) [
|
] ++ lib.optionals (config.services.coop-ofd.enable or false) [
|
||||||
{ directory = /var/lib/coop-ofd; mode = "0750"; }
|
{ directory = /var/lib/private/coop-ofd; mode = "0750"; }
|
||||||
] ++ lib.optionals config.services.dovecot2.enable [
|
] ++ lib.optionals config.services.dovecot2.enable [
|
||||||
{ directory = /var/lib/dhparams; user = "root"; group = "root"; mode = "0755"; }
|
{ directory = /var/lib/dhparams; user = "root"; group = "root"; mode = "0755"; }
|
||||||
{ directory = /var/lib/dovecot; user = "root"; group = "root"; mode = "0755"; }
|
{ directory = /var/lib/dovecot; user = "root"; group = "root"; mode = "0755"; }
|
||||||
|
@ -106,6 +106,10 @@ in {
|
||||||
{ directory = /var/lib/murmur; user = "murmur"; group = "murmur"; mode = "0700"; }
|
{ directory = /var/lib/murmur; user = "murmur"; group = "murmur"; mode = "0700"; }
|
||||||
] ++ lib.optionals config.services.nextcloud.enable [
|
] ++ lib.optionals config.services.nextcloud.enable [
|
||||||
{ directory = /var/lib/nextcloud; user = "nextcloud"; group = "nextcloud"; mode = "0750"; }
|
{ directory = /var/lib/nextcloud; user = "nextcloud"; group = "nextcloud"; mode = "0750"; }
|
||||||
|
] ++ lib.optionals config.networking.networkmanager.enable [
|
||||||
|
{ directory = /etc/NetworkManager/system-connections; mode = "0700"; }
|
||||||
|
{ directory = /var/lib/NetworkManager; mode = "0755"; }
|
||||||
|
{ directory = /var/lib/NetworkManager-fortisslvpn; mode = "0700"; }
|
||||||
] ++ lib.optionals config.services.opendkim.enable [
|
] ++ lib.optionals config.services.opendkim.enable [
|
||||||
{ directory = /var/lib/opendkim; user = "opendkim"; group = "opendkim"; mode = "0700"; }
|
{ directory = /var/lib/opendkim; user = "opendkim"; group = "opendkim"; mode = "0700"; }
|
||||||
] ++ lib.optionals config.services.openldap.enable [
|
] ++ lib.optionals config.services.openldap.enable [
|
||||||
|
|
41
system/modules/modemmanager.nix
Normal file
41
system/modules/modemmanager.nix
Normal file
|
@ -0,0 +1,41 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.networking.modemmanager;
|
||||||
|
packages = [ pkgs.modemmanager ];
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options.networking.modemmanager = {
|
||||||
|
enable = lib.mkEnableOption "ModemManager";
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
assertions = [
|
||||||
|
{
|
||||||
|
assertion = !config.networking.networkmanager.enable;
|
||||||
|
message = "If you use NetworkManager, this module is redundant";
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
environment.etc = builtins.listToAttrs
|
||||||
|
(map ({ id, path }: { name = "ModemManager/fcc-unlock.d/${id}"; value.source = path; })
|
||||||
|
config.networking.networkmanager.fccUnlockScripts);
|
||||||
|
|
||||||
|
users.groups.networkmanager.gid = config.ids.gids.networkmanager;
|
||||||
|
|
||||||
|
systemd.services.ModemManager.aliases = [ "dbus-org.freedesktop.ModemManager1.service" ];
|
||||||
|
|
||||||
|
security.polkit.enable = true;
|
||||||
|
security.polkit.extraConfig = ''
|
||||||
|
polkit.addRule(function(action, subject) {
|
||||||
|
if (subject.isInGroup("networkmanager") && (action.id.indexOf("org.freedesktop.ModemManager") == 0)) {
|
||||||
|
return polkit.Result.YES;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
'';
|
||||||
|
|
||||||
|
environment.systemPackages = packages;
|
||||||
|
systemd.packages = packages;
|
||||||
|
services.udev.packages = packages;
|
||||||
|
};
|
||||||
|
}
|
151
system/modules/ping-exporter.nix
Normal file
151
system/modules/ping-exporter.nix
Normal file
|
@ -0,0 +1,151 @@
|
||||||
|
{ config
|
||||||
|
, lib
|
||||||
|
, pkgs
|
||||||
|
, ...
|
||||||
|
}:
|
||||||
|
|
||||||
|
let
|
||||||
|
cfg = config.services.prometheus.exporters.ping;
|
||||||
|
inherit (lib) concatStrings literalExpression mkMerge mkDefault mkEnableOption mkIf mkOption types;
|
||||||
|
# copied from nixpkgs/nixos/modules/services/monitoring/prometheus/exporters
|
||||||
|
mkExporterOpts = { name, port }: {
|
||||||
|
enable = mkEnableOption (lib.mdDoc "the prometheus ${name} exporter");
|
||||||
|
port = mkOption {
|
||||||
|
type = types.port;
|
||||||
|
default = port;
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
Port to listen on.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
listenAddress = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "0.0.0.0";
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
Address to listen on.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
extraFlags = mkOption {
|
||||||
|
type = types.listOf types.str;
|
||||||
|
default = [];
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
Extra commandline options to pass to the ${name} exporter.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
openFirewall = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
Open port in firewall for incoming connections.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
firewallFilter = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
example = literalExpression ''
|
||||||
|
"-i eth0 -p tcp -m tcp --dport ${toString port}"
|
||||||
|
'';
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
Specify a filter for iptables to use when
|
||||||
|
{option}`services.prometheus.exporters.${name}.openFirewall`
|
||||||
|
is true. It is used as `ip46tables -I nixos-fw firewallFilter -j nixos-fw-accept`.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
user = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "${name}-exporter";
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
User name under which the ${name} exporter shall be run.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
group = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "${name}-exporter";
|
||||||
|
description = lib.mdDoc ''
|
||||||
|
Group under which the ${name} exporter shall be run.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
mkExporterConf = { name, conf, serviceOpts }:
|
||||||
|
let
|
||||||
|
enableDynamicUser = serviceOpts.serviceConfig.DynamicUser or true;
|
||||||
|
in
|
||||||
|
mkIf conf.enable {
|
||||||
|
warnings = conf.warnings or [];
|
||||||
|
users.users."${name}-exporter" = (mkIf (conf.user == "${name}-exporter" && !enableDynamicUser) {
|
||||||
|
description = "Prometheus ${name} exporter service user";
|
||||||
|
isSystemUser = true;
|
||||||
|
inherit (conf) group;
|
||||||
|
});
|
||||||
|
users.groups = (mkIf (conf.group == "${name}-exporter" && !enableDynamicUser) {
|
||||||
|
"${name}-exporter" = {};
|
||||||
|
});
|
||||||
|
networking.firewall.extraCommands = mkIf conf.openFirewall (concatStrings [
|
||||||
|
"ip46tables -A nixos-fw ${conf.firewallFilter} "
|
||||||
|
"-m comment --comment ${name}-exporter -j nixos-fw-accept"
|
||||||
|
]);
|
||||||
|
systemd.services."prometheus-${name}-exporter" = mkMerge ([{
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
after = [ "network.target" ];
|
||||||
|
serviceConfig.Restart = mkDefault "always";
|
||||||
|
serviceConfig.PrivateTmp = mkDefault true;
|
||||||
|
serviceConfig.WorkingDirectory = mkDefault /tmp;
|
||||||
|
serviceConfig.DynamicUser = mkDefault enableDynamicUser;
|
||||||
|
serviceConfig.User = mkDefault conf.user;
|
||||||
|
serviceConfig.Group = conf.group;
|
||||||
|
# Hardening
|
||||||
|
serviceConfig.CapabilityBoundingSet = mkDefault [ "" ];
|
||||||
|
serviceConfig.DeviceAllow = [ "" ];
|
||||||
|
serviceConfig.LockPersonality = true;
|
||||||
|
serviceConfig.MemoryDenyWriteExecute = true;
|
||||||
|
serviceConfig.NoNewPrivileges = true;
|
||||||
|
serviceConfig.PrivateDevices = mkDefault true;
|
||||||
|
serviceConfig.ProtectClock = mkDefault true;
|
||||||
|
serviceConfig.ProtectControlGroups = true;
|
||||||
|
serviceConfig.ProtectHome = true;
|
||||||
|
serviceConfig.ProtectHostname = true;
|
||||||
|
serviceConfig.ProtectKernelLogs = true;
|
||||||
|
serviceConfig.ProtectKernelModules = true;
|
||||||
|
serviceConfig.ProtectKernelTunables = true;
|
||||||
|
serviceConfig.ProtectSystem = mkDefault "strict";
|
||||||
|
serviceConfig.RemoveIPC = true;
|
||||||
|
serviceConfig.RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
|
||||||
|
serviceConfig.RestrictNamespaces = true;
|
||||||
|
serviceConfig.RestrictRealtime = true;
|
||||||
|
serviceConfig.RestrictSUIDSGID = true;
|
||||||
|
serviceConfig.SystemCallArchitectures = "native";
|
||||||
|
serviceConfig.UMask = "0077";
|
||||||
|
} serviceOpts ]);
|
||||||
|
};
|
||||||
|
format = pkgs.formats.toml { };
|
||||||
|
in {
|
||||||
|
options.services.prometheus.exporters.ping = mkExporterOpts { name = "ping"; port = 9390; } // {
|
||||||
|
config = mkOption {
|
||||||
|
type = format.type;
|
||||||
|
default = { };
|
||||||
|
description = "Exporter config";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
config = mkExporterConf {
|
||||||
|
name = "ping";
|
||||||
|
conf = cfg;
|
||||||
|
serviceOpts = {
|
||||||
|
serviceConfig = rec {
|
||||||
|
# netns switching
|
||||||
|
AmbientCapabilities = [
|
||||||
|
# set network namespace
|
||||||
|
"CAP_SYS_ADMIN"
|
||||||
|
# open icmp socket
|
||||||
|
"CAP_NET_RAW"
|
||||||
|
];
|
||||||
|
CapabilityBoundingSet = AmbientCapabilities;
|
||||||
|
RestrictNamespaces = lib.mkForce false;
|
||||||
|
ExecStart = ''
|
||||||
|
${pkgs.ping-exporter}/bin/ping-exporter \
|
||||||
|
--listen ${cfg.listenAddress}:${toString cfg.port} \
|
||||||
|
--config ${format.generate "ping-exporter-config.toml" cfg.config} \
|
||||||
|
${lib.escapeShellArgs cfg.extraFlags}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -1,14 +1,14 @@
|
||||||
{ config
|
{ config
|
||||||
|
, options
|
||||||
, lib
|
, lib
|
||||||
, pkgs
|
, pkgs
|
||||||
, ... }:
|
, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.vfio;
|
cfg = config.vfio;
|
||||||
|
enableIvshmem = cfg.lookingGlass.enable && (builtins.length cfg.lookingGlass.ivshmem) > 0;
|
||||||
in {
|
in {
|
||||||
options.vfio = with lib; mkOption {
|
options.vfio = with lib; {
|
||||||
type = types.submodule {
|
|
||||||
options = {
|
|
||||||
enable = mkOption {
|
enable = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
|
@ -73,14 +73,7 @@ in {
|
||||||
description = "Looking glass config";
|
description = "Looking glass config";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
config = lib.mkIf cfg.enable {
|
||||||
description = "VFIO settings";
|
|
||||||
default = { };
|
|
||||||
};
|
|
||||||
# compatibility so this module loads on non-amd hardware
|
|
||||||
config = let
|
|
||||||
enableIvshmem = cfg.lookingGlass.enable && (builtins.length cfg.lookingGlass.ivshmem) > 0;
|
|
||||||
in lib.mkIf cfg.enable {
|
|
||||||
# add a custom kernel param for early loading vfio drivers
|
# add a custom kernel param for early loading vfio drivers
|
||||||
# because if we change boot.initrd options in a specialization, two initrds will be built
|
# because if we change boot.initrd options in a specialization, two initrds will be built
|
||||||
# and we don't want to build two initrds
|
# and we don't want to build two initrds
|
||||||
|
@ -120,11 +113,11 @@ in {
|
||||||
'';
|
'';
|
||||||
initrd.kernelModules = [
|
initrd.kernelModules = [
|
||||||
(if cfg.intelCpu then "kvm-intel" else "kvm-amd")
|
(if cfg.intelCpu then "kvm-intel" else "kvm-amd")
|
||||||
] ++ (if cfg.passGpuAtBoot then [
|
] ++ lib.optionals cfg.passGpuAtBoot [
|
||||||
"vfio"
|
"vfio"
|
||||||
"vfio_iommu_type1"
|
"vfio_iommu_type1"
|
||||||
"vfio_pci"
|
"vfio_pci"
|
||||||
] else []);
|
];
|
||||||
initrd.availableKernelModules = lib.mkIf (!cfg.passGpuAtBoot) [
|
initrd.availableKernelModules = lib.mkIf (!cfg.passGpuAtBoot) [
|
||||||
"vfio"
|
"vfio"
|
||||||
"vfio_iommu_type1"
|
"vfio_iommu_type1"
|
||||||
|
@ -137,9 +130,9 @@ in {
|
||||||
extraModprobeConfig = ''
|
extraModprobeConfig = ''
|
||||||
options vfio-pci ids=${builtins.concatStringsSep "," cfg.pciIDs} disable_idle_d3=1
|
options vfio-pci ids=${builtins.concatStringsSep "," cfg.pciIDs} disable_idle_d3=1
|
||||||
options kvm ignore_msrs=1
|
options kvm ignore_msrs=1
|
||||||
${if enableIvshmem then ''
|
${lib.optionalString enableIvshmem ''
|
||||||
options kvmfr static_size_mb=${builtins.concatStringsSep "," (map (x: toString x.size) cfg.lookingGlass.ivshmem)}''
|
options kvmfr static_size_mb=${builtins.concatStringsSep "," (map (x: toString x.size) cfg.lookingGlass.ivshmem)}
|
||||||
else ""}
|
''}
|
||||||
'';
|
'';
|
||||||
kernelParams = [
|
kernelParams = [
|
||||||
(if cfg.intelCpu then "intel_iommu=on" else "amd_iommu=on")
|
(if cfg.intelCpu then "intel_iommu=on" else "amd_iommu=on")
|
||||||
|
@ -147,7 +140,7 @@ in {
|
||||||
];
|
];
|
||||||
kernelModules = [
|
kernelModules = [
|
||||||
"vhost-net"
|
"vhost-net"
|
||||||
] ++ (if enableIvshmem then [ "kvmfr" ] else []);
|
] ++ lib.optional enableIvshmem "kvmfr";
|
||||||
};
|
};
|
||||||
services.udev.extraRules = lib.mkIf enableIvshmem
|
services.udev.extraRules = lib.mkIf enableIvshmem
|
||||||
(builtins.concatStringsSep
|
(builtins.concatStringsSep
|
||||||
|
@ -159,11 +152,11 @@ in {
|
||||||
cfg.lookingGlass.ivshmem));
|
cfg.lookingGlass.ivshmem));
|
||||||
hardware = {
|
hardware = {
|
||||||
opengl.enable = true;
|
opengl.enable = true;
|
||||||
} // (lib.optionalAttrs (cfg.enable && !(cfg.nvidiaGpu)) {
|
} // lib.optionalAttrs (cfg.enable && !cfg.nvidiaGpu && options?hardware.amdgpu.loadInInitrd) {
|
||||||
# disable early KMS so GPU can be properly unbound
|
# disable early KMS so GPU can be properly unbound
|
||||||
# can't use mkif because the option may not even exist
|
# can't use mkif because the option may not even exist
|
||||||
amdgpu.loadInInitrd = false;
|
amdgpu.loadInInitrd = false;
|
||||||
});
|
};
|
||||||
# needed for virt-manager
|
# needed for virt-manager
|
||||||
programs.dconf.enable = true;
|
programs.dconf.enable = true;
|
||||||
virtualisation.libvirtd = {
|
virtualisation.libvirtd = {
|
||||||
|
|
Loading…
Reference in a new issue