Skip to content

Commit

Permalink
Update
Browse files Browse the repository at this point in the history
  • Loading branch information
@yousiki
yousiki committed Dec 1, 2024
1 parent 2621056 commit 39d6438
Show file tree
Hide file tree
Showing 12 changed files with 1,021 additions and 20 deletions.
14 changes: 14 additions & 0 deletions .sops.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
keys:
- &yousiki_hakase age1v2f38zx3fyn789lemwf8jm2wcx2d7krjc82z74t2qwcrk6hsjsqs8xsjhh
- &yousiki_sakamoto age1c8nt6m2vv9mcy50vgkvvgag2kl0x4fysdtjuevptxwh9gv54mgqqtzl8zn
- &yousiki_nano age1yznykzrsa65lg50rtku2yaqq4mln4lk2u8hkyz4r4hy28tlvug8s3p88uh
- &hakase age13m8rakh7w2zkawjuqgd29sp7wtceqt4mkw38mcg9fsrurs5x2urq9dgqg0

creation_rules:
- path_regex: secrets/[^/]+\.(yaml|json|env|ini)$
key_groups:
- age:
- *yousiki_hakase
- *yousiki_sakamoto
- *yousiki_nano
- *hakase
61 changes: 41 additions & 20 deletions flake.lock
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

15 changes: 15 additions & 0 deletions flake.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,12 @@
inputs.nixpkgs.follows = "nixpkgs";
};

# Secrets management
sops-nix = {
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};

# Git hooks
pre-commit-hooks = {
url = "github:cachix/git-hooks.nix";
Expand Down Expand Up @@ -76,17 +82,26 @@
homes.modules = with inputs; [
catppuccin.homeManagerModules.catppuccin
nix-index-database.hmModules.nix-index
sops-nix.homeManagerModules.sops
];

systems.modules = {
darwin = with inputs; [
nix-index-database.darwinModules.nix-index
sops-nix.darwinModules.sops
];
nixos = with inputs; [
nix-index-database.nixosModules.nix-index
sops-nix.nixosModules.sops
];
};

systems.hosts.hakase.modules = with inputs; [
nixos-hardware.nixosModules.common-cpu-intel-cpu-only
nixos-hardware.nixosModules.common-gpu-nvidia-nonprime
nixos-hardware.nixosModules.common-pc-ssd
];

outputs-builder = channels: let
treefmtEval = inputs.treefmt-nix.lib.evalModule channels.nixpkgs ./treefmt.nix;
in {
Expand Down
10 changes: 10 additions & 0 deletions homes/x86_64-linux/yousiki@hakase/default.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
_: {
nichijou = {
suites = {
graphical.enable = true;
terminal.enable = true;
};

themes.catppuccin.enable = true;
};
}
76 changes: 76 additions & 0 deletions modules/nixos/basic/default.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
{
lib,
pkgs,
inputs,
system,
...
}: {
# Nix configurations.
nix = {
settings = let
flake = import "${inputs.self}/flake.nix";
in {
# Nix will instruct remote build machines to use their own binary substitutes if available.
builders-use-substitutes = true;
# Experimental nix features.
experimental-features = ["flakes" "nix-command"];
# Nix will fall back to building from source if a binary substitute fails.
fallback = true;
# The garbage collector will keep the derivations from which non-garbage store paths were built.
keep-derivations = true;
# The garbage collector will keep the outputs of non-garbage derivations.
keep-outputs = true;
# Builds will be performed in a sandboxed environment on Linux.
sandbox = pkgs.stdenv.isLinux;
# These users will have additional rights when connecting to the Nix daemon.
trusted-users = ["root" "@wheel" "@admin"];
# Never warn about dirty Git/Mercurial trees.
warn-dirty = false;
# Substituters and public keys.
inherit (flake.nixConfig) substituters trusted-substituters trusted-public-keys;
};
# Nix automatically detects files in the store that have identical contents, and replaces them with hard links to a single copy.
optimise.automatic = true;
# Garbage collector
gc.automatic = true;
# List of directories to be searched for <...> file references.
nixPath =
[
"nixpkgs=flake:nixpkgs"
"home-manager=flake:home-manager"
]
++ (
lib.optional
pkgs.stdenv.isDarwin
"darwin=/etc/nix/inputs/darwin"
);
registry =
lib.mapAttrs
(_n: v: {flake = v;})
(lib.filterAttrs (n: _v: !(lib.hasPrefix "nixpkgs" n) && n != "self") inputs);
};

# Create /etc/zshrc that loads the nix-darwin environment.
programs.zsh.enable = true; # default shell

# Home-manager automatically backup extension.
home-manager.backupFileExtension = "bak";

# Used for backwards compatibility, please read the changelog before changing.
system.stateVersion = "24.11";

# The platform the configuration will be used on.
nixpkgs.hostPlatform = system;

# Use sudo without password.
security.sudo.wheelNeedsPassword = false;

# Enable ssh server.
services.openssh = {
enable = true;
openFirewall = true;
};

# Set timezone.
time.timeZone = "Asia/Shanghai";
}
87 changes: 87 additions & 0 deletions modules/nixos/system/bcachefs/default.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
# NixOS module to mount bcachefs volumes with multiple devices
{
lib,
config,
pkgs,
namespace,
...
}: let
bcachefsVolume = _: {
options = {
devices = lib.mkOption {
type = lib.types.listOf lib.types.path;
description = lib.mdDoc "The devices to use for the filesystem.";
};

options = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [];
description = lib.mdDoc "Additional options to pass to `mount`.";
};
};
};

pathToString = path: lib.removePrefix "-" (lib.replaceStrings ["/"] ["-"] (builtins.toString path));

mkUnit = mountPoint: mountOptions: let
inherit (mountOptions) devices options;
deviceTargets = lib.pipe devices [
(builtins.map pathToString)
(builtins.map (lib.removePrefix "-"))
(builtins.map (device: "${device}.device"))
];
concatDevices = lib.concatStringsSep ":" (builtins.map builtins.toString devices);
concatOptions = lib.concatStringsSep "," options;
in {
description = "Mount bcachefs ${mountPoint}";
bindsTo = deviceTargets;
after = deviceTargets ++ ["local-fs-pre.target"];
before = ["umount.target" "local-fs.target"];
conflicts = ["umount.target"];
wantedBy = ["local-fs.target"];
unitConfig = {
RequiresMountsFor = mountPoint;
DefaultDependencies = false;
};
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = "${pkgs.util-linux}/bin/mount -t bcachefs -o ${concatOptions} ${concatDevices} ${mountPoint}";
ExecStop = "${pkgs.util-linux}/umount ${mountPoint}";
};
};

cfg = config.${namespace}.system.bcachefs;
in {
options.${namespace}.system.bcachefs = {
enable = lib.mkEnableOption "Whether to enable bcachefs.";

fileSystems = lib.mkOption {
default = {};
example = lib.literalExpression ''
{
"/data" = {
device = [ "/dev/sda1" "/dev/sdb1" ];
options = [ "noatime" ];
};
}
'';
type = lib.types.attrsOf (lib.types.submodule [bcachefsVolume]);
};
};

config = lib.mkIf cfg.enable {
boot.supportedFilesystems = ["bcachefs"];

environment.systemPackages = with pkgs; [bcachefs-tools];

systemd = {
packages = with pkgs; [bcachefs-tools];
services = lib.mapAttrs' (name: value:
lib.nameValuePair
"mount-bcachefs-${pathToString name}"
(mkUnit name value))
cfg.fileSystems;
};
};
}
38 changes: 38 additions & 0 deletions modules/nixos/system/gpu/nvidia/default.nix
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
{
lib,
config,
pkgs,
namespace,
...
}: let
cfg = config.${namespace}.system.gpu.nvidia;
in {
options.${namespace}.system.gpu.nvidia = {
enable = lib.mkEnableOption "Whether to enable NVIDIA GPU support";
};

config = lib.mkIf cfg.enable {
services.xserver.videoDrivers = ["nvidia"];

hardware = {
nvidia = {
modesetting.enable = true; # Enable modesetting.
nvidiaSettings = true; # Enable nvidia settings.
open = false; # Use proprietary driver.
# TODO: remove this when https://github.com/NixOS/nixpkgs/issues/357643 is fixed.
package = config.boot.kernelPackages.nvidiaPackages.beta;
};

graphics = {
enable = true;
enable32Bit = true;
extraPackages = with pkgs; [
libGL
];
};

# Enable nvidia container toolkit.
nvidia-container-toolkit.enable = true;
};
};
}
Loading

0 comments on commit 39d6438

Please sign in to comment.