mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

temp testing

Browse Source
This commit is contained in:
mjallen18
2025-08-23 14:34:45 -05:00
parent a233606e8d
commit c680392513
7 changed files with 238 additions and 139 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
modules/home/gpg/default.nix
View File

@@ -7,6 +7,7 @@
{
text = ''
-----BEGIN PGP PUBLIC KEY BLOCK-----
mQINBGipyhUBEADCal3wKbTCJHZ7qBTxe2zrJPGV9vu6V4+x/MBQq07jd33RrdgI
5R/YSviZLyTjY84xk+XTpxWe6PNxcrNlPrJgqR48UNYiG7rH2VWg073KQZaAEeX4
DRmfANtds9m9N9CadMv1XcHvVkEz+UlD3yYGNwrd1ZnWVBpUobIyZvFrVjpGBtOg

42
modules/nixos/disko/x86_64-linux/default.nix
View File

@@ -75,6 +75,14 @@ in
config = lib.mkIf (!isArm && cfg.enable) {
disko.devices = lib.mkMerge [
{
nodev."/" = {
fsType = "tmpfs";
mountOptions = [
"mode=755"
"defaults"
"size=25%"
];
};
disk = {
main = {
device = rootDisk;
@@ -108,35 +116,37 @@ in
"--compression=zstd"
];
subvolumes = {
"subvolumes/root" = {
mountpoint = "/";
"root" = {
mountpoint = "/root";
mountOptions = [
"verbose"
"noatime"
];
};
"subvolumes/persistent" = {
mountpoint = "/persistent";
"etc" = {
mountOptions = [
"noatime"
];
mountpoint = "/etc";
};
"subvolumes/nix" = {
"nix" = {
mountOptions = [
"noatime"
];
mountpoint = "/nix";
};
"log" = {
mountOptions = [
"noatime"
];
mountpoint = "/var/log";
};
"home" = {
mountpoint = "/home";
};
};
};
};
}
(lib.mkIf (cfg.filesystem == "btrfs") {
nodev."/" = {
fsType = "tmpfs";
mountOptions = [
"mode=755"
"defaults"
"size=25%"
];
};
})
];
};
}

302
modules/nixos/impermanence/default.nix
View File

@@ -12,126 +12,7 @@ in
imports = [ ./options.nix ];
config = mkIf cfg.enable {
security.sudo.extraConfig = ''
# rollback results in sudo lectures after each reboot
Defaults lecture = never
'';
system.activationScripts = {
"var-lib-private-permissions" = {
deps = [ "createPersistentStorageDirs" ];
text = ''
mkdir -p /var/lib/private
chmod 0700 /var/lib/private
'';
};
};
boot.initrd.systemd.services.rootfs-cleanup = {
description = "Clean file system root";
wantedBy = [
"initrd.target"
];
after = [
"initrd-root-device.target"
];
before = [
"sysroot.mount"
];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script =
if (hasAttr "/" config.fileSystems) && (config.fileSystems."/".fsType == "btrfs") then
''
# workaround for machines without working rtc battery
# The time may not yet be correctly set, so wait until it is
if [[ $(date '+%s') -lt 1730469314 ]]; then
sleep 30 # this should hopefully be enough
fi
mkdir /btrfs_tmp
mount ${config.fileSystems."/".device} -t btrfs /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %X /btrfs_tmp/root)" "+%Y-%m-%d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1" || rm -rf "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -atime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
''
else if (hasAttr "/" config.fileSystems) && (config.fileSystems."/".fsType == "bcachefs") then
''
# workaround for machines without working rtc battery
# The time may not yet be correctly set, so wait until it is
if [[ $(date '+%s') -lt 1730469314 ]]; then
sleep 30 # this should hopefully be enough
fi
if [[ -e /root_tmp/root ]]; then
mkdir -p /root_tmp/old_roots
timestamp=$(date --date="@$(stat -c %X /root_tmp/root)" "+%Y-%m-%d_%H:%M:%S")
mv /root_tmp/root "/root_tmp/old_roots/$timestamp"
fi
for i in $(find /root_tmp/old_roots/ -maxdepth 1 -atime +30); do
bcachefs subvolume delete $i
done
bcachefs subvolume create /root_tmp/root
''
else
# For tmpfs or other filesystems, do nothing
"";
};
assertions = [
{
assertion = hasAttr "/" config.fileSystems;
message = "To use impermanence, you need to define a root volume";
}
{
assertion =
if hasAttr "/" config.fileSystems then
config.fileSystems."/".fsType == "btrfs"
|| config.fileSystems."/".fsType == "bcachefs"
|| config.fileSystems."/".fsType == "tmpfs"
else
false;
message = "rootfs must be btrfs, bcachefs, or tmpfs; not " + config.fileSystems."/".fsType;
}
{
assertion =
if
hasAttr "/" config.fileSystems
&& (config.fileSystems."/".fsType == "btrfs" || config.fileSystems."/".fsType == "bcachefs")
then
any (
t: t == "subvol=root" || t == "subvol=/root" || t == "X-mount.subdir=subvolumes/root"
) config.fileSystems."/".options
else
true;
message = "btrfs or bcachefs rootfs must mount subvolume root";
}
{
assertion = !config.boot.isContainer;
message = "impermanence is not supported in containers";
}
];
environment.persistence.${cfg.persistencePath} = {
environment.persistence."/nix/persist/system" = {
hideMounts = true;
directories = [
"/var/lib/bluetooth"
@@ -192,5 +73,186 @@ in
"/etc/machine-id"
];
};
security.sudo.extraConfig = ''
# rollback results in sudo lectures after each reboot
Defaults lecture = never
'';
# system.activationScripts = {
# "var-lib-private-permissions" = {
# deps = [ "createPersistentStorageDirs" ];
# text = ''
# mkdir -p /var/lib/private
# chmod 0700 /var/lib/private
# '';
# };
# };
# boot.initrd.systemd.services.rootfs-cleanup = {
# description = "Clean file system root";
# wantedBy = [
# "initrd.target"
# ];
# after = [
# "initrd-root-device.target"
# ];
# before = [
# "sysroot.mount"
# ];
# unitConfig.DefaultDependencies = "no";
# serviceConfig.Type = "oneshot";
# script =
# if (hasAttr "/" config.fileSystems) && (config.fileSystems."/".fsType == "btrfs") then
# ''
# # workaround for machines without working rtc battery
# # The time may not yet be correctly set, so wait until it is
# if [[ $(date '+%s') -lt 1730469314 ]]; then
# sleep 30 # this should hopefully be enough
# fi
# mkdir /btrfs_tmp
# mount ${config.fileSystems."/".device} -t btrfs /btrfs_tmp
# if [[ -e /btrfs_tmp/root ]]; then
# mkdir -p /btrfs_tmp/old_roots
# timestamp=$(date --date="@$(stat -c %X /btrfs_tmp/root)" "+%Y-%m-%d_%H:%M:%S")
# mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
# fi
# delete_subvolume_recursively() {
# IFS=$'\n'
# for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
# delete_subvolume_recursively "/btrfs_tmp/$i"
# done
# btrfs subvolume delete "$1" || rm -rf "$1"
# }
# for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -atime +30); do
# delete_subvolume_recursively "$i"
# done
# btrfs subvolume create /btrfs_tmp/root
# umount /btrfs_tmp
# ''
# else if (hasAttr "/" config.fileSystems) && (config.fileSystems."/".fsType == "bcachefs") then
# ''
# # workaround for machines without working rtc battery
# # The time may not yet be correctly set, so wait until it is
# if [[ $(date '+%s') -lt 1730469314 ]]; then
# sleep 30 # this should hopefully be enough
# fi
# if [[ -e /root_tmp/root ]]; then
# mkdir -p /root_tmp/old_roots
# timestamp=$(date --date="@$(stat -c %X /root_tmp/root)" "+%Y-%m-%d_%H:%M:%S")
# mv /root_tmp/root "/root_tmp/old_roots/$timestamp"
# fi
# for i in $(find /root_tmp/old_roots/ -maxdepth 1 -atime +30); do
# bcachefs subvolume delete $i
# done
# bcachefs subvolume create /root_tmp/root
# ''
# else
# # For tmpfs or other filesystems, do nothing
# "";
# };
# assertions = [
# {
# assertion = hasAttr "/" config.fileSystems;
# message = "To use impermanence, you need to define a root volume";
# }
# {
# assertion =
# if hasAttr "/" config.fileSystems then
# config.fileSystems."/".fsType == "btrfs"
# || config.fileSystems."/".fsType == "bcachefs"
# || config.fileSystems."/".fsType == "tmpfs"
# else
# false;
# message = "rootfs must be btrfs, bcachefs, or tmpfs; not " + config.fileSystems."/".fsType;
# }
# {
# assertion =
# if
# hasAttr "/" config.fileSystems
# && (config.fileSystems."/".fsType == "btrfs" || config.fileSystems."/".fsType == "bcachefs")
# then
# any (
# t: t == "subvol=root" || t == "subvol=/root" || t == "X-mount.subdir=root"
# ) config.fileSystems."/".options
# else
# true;
# message = "btrfs or bcachefs rootfs must mount subvolume root";
# }
# {
# assertion = !config.boot.isContainer;
# message = "impermanence is not supported in containers";
# }
# ];
# environment.persistence.${cfg.persistencePath} = {
# hideMounts = true;
# directories = [
# "/var/lib/bluetooth"
# "/var/lib/iwd"
# "/var/lib/nixos"
# "/var/lib/libvirt"
# "/var/lib/waydroid"
# "/var/lib/systemd/coredump"
# "/etc/NetworkManager/system-connections"
# "/var/lib/tailscale"
# "/var/lib/homeassistant"
# "/var/lib/mosquitto"
# "/var/lib/music-assistant"
# "/var/lib/postgresql"
# "/var/lib/zigbee2mqtt"
# {
# directory = "/var/lib/colord";
# user = "colord";
# group = "colord";
# mode = "u=rwx,g=rx,o=";
# }
# {
# directory = "/etc/nix";
# user = "root";
# group = "root";
# mode = "u=rwx,g=rx,o=rx";
# }
# {
# directory = "/var/lib/private/authentik/media";
# user = "authentik";
# group = "authentik";
# mode = "u=rwx,g=,o=";
# }
# {
# directory = "/var/lib/private";
# mode = "u=rwx,g=rx,o=";
# }
# {
# directory = "/media/nas";
# user = "nas-apps";
# group = "jallen-nas";
# mode = "u=rwx,g=rx,o=rx";
# }
# {
# directory = "/var/lib/crowdsec";
# user = "crowdsec";
# group = "crowdsec";
# mode = "u=rwx,g=rwx,o=rx";
# }
# {
# directory = "/plugins-storage";
# user = "traefik";
# group = "traefik";
# mode = "u=rwx,g=rwx,o=rx";
# }
# ];
# files = [
# "/etc/machine-id"
# ];
# };
};
}

3
modules/nixos/nix/default.nix
View File

@@ -1,4 +1,4 @@
{ lib, ... }:
{ config, lib, namespace, ... }:
{
nix = {
settings = {
@@ -29,6 +29,7 @@
nixpkgs = {
config = {
allowUnfree = lib.mkForce true;
cudaSupport =lib.mkDefault config.${namespace}.hardware.nvidia.enable;
allowUnsupportedSystem = true;
permittedInsecurePackages = [
# ...

2
modules/nixos/wyoming/default.nix
View File

@@ -16,7 +16,7 @@ in
faster-whisper.servers.hass-whisper = {
enable = true;
useTransformers = false;
device = "cuda";
device = lib.mkForce "cuda";
language = "en";
model = "distil-large-v3";
uri = "tcp://0.0.0.0:10300";

25
qemu.nix Normal file
View File

@@ -0,0 +1,25 @@
with import <nixpkgs> {};
writeShellApplication {
name = "test-image";
runtimeInputs = [ qemu ];
text = ''
if [ -z "$1" ]; then
echo "Usage: $0 <path-to-boot-image>"
exit 1
fi
tmpFile=$(mktemp /tmp/test-image.XXXXXX)
trap 'rm -f $tmpFile' EXIT
cp "$1" "$tmpFile"
qemu-system-x86_64 \
-enable-kvm \
-m 2G \
-cpu max \
-smp 2 \
-netdev user,id=net0,hostfwd=tcp::2222-:22 \
-device virtio-net-pci,netdev=net0 \
-drive if=pflash,format=raw,readonly=on,file=${OVMF.firmware} \
-drive if=pflash,format=raw,readonly=on,file=${OVMF.variables} \
-drive "if=virtio,format=raw,file=$tmpFile"
'';
}

2
systems/x86_64-linux/nuc/default.nix
View File

@@ -18,7 +18,7 @@
services.home-assistant.enable = true;
hardware.disko = {
enable = true;
# filesystem = "bcachefs";
filesystem = "bcachefs";
};
impermanence.enable = true;
network = {