idk

2025-06-03 10:16:34 -05:00
parent 90bf76ed37
commit eefd4b77af
6 changed files with 288 additions and 16 deletions
--- a/hosts/desktop/boot.nix
+++ b/hosts/desktop/boot.nix
@@ -1,4 +1,4 @@
-{ pkgs, ... }:
+{ config, pkgs, ... }:
 let
  configLimit = 5;
  # default = "@saved";
--- a/hosts/desktop/netboot.nix
+++ b/hosts/desktop/netboot.nix
@@ -0,0 +1,206 @@
+{ config, lib, pkgs, ... }:
+let
+  pkgsVersion = pkgs; #.unstable;
+  kernel = pkgs.linuxPackages_cachyos;
+  environmentVariables = {
+    STEAM_FORCE_DESKTOPUI_SCALING = "1.0";
+    GDK_SCALE = "1";
+    EDITOR = "${pkgs.vscodium}/bin/codium --wait";
+    VISUAL = "${pkgs.vscodium}/bin/codium --wait";
+  };
+  systemPackages = with pkgsVersion; [
+    aha
+    aspell
+    aspellDicts.en
+    aspellDicts.en-computers
+    aspellDicts.en-science
+    borgbackup
+    # brscan5
+    efibootmgr
+    kdePackages.ksvg
+    memtest86-efi
+    memtest86plus
+    # occt
+    os-prober
+    nil
+    qemu_full
+    rclone
+    rclone-browser
+    restic
+    restic-browser
+    restic-integrity
+    sane-frontends
+    sbctl
+    tpm2-tools
+    tpm2-tss
+    udisks2
+    unzip
+    winetricks
+
+    edk2-uefi-shell
+  ];
+  lactConfig = ''
+    daemon:
+      log_level: info
+      admin_groups:
+      - wheel
+      - sudo
+      disable_clocks_cleanup: false
+    apply_settings_timer: 5
+    gpus:
+      1002:73BF-1002:0E3A-0000:03:00.0:
+        fan_control_enabled: true
+        fan_control_settings:
+          mode: curve
+          static_speed: 1.0
+          temperature_key: edge
+          interval_ms: 500
+          curve:
+            30: 0.0
+            40: 0.2
+            50: 0.35
+            60: 0.5
+            70: 0.75
+            80: 1.0
+          spindown_delay_ms: 0
+          change_threshold: 0
+        pmfw_options: {}
+        power_cap: 293.0
+        performance_level: auto
+        voltage_offset: 0
+        power_states: {}
+  '';
+in
+{
+  imports = [
+    ./filesystems.nix
+    ./networking.nix
+    ./nix.nix
+    ./services.nix
+    ./sops.nix
+    ./users.nix
+    ../default.nix
+    ../../share/amd
+  ];
+
+  nix = {
+    settings = {
+      substituters = [
+        "https://cache.mjallen.dev"
+      ];
+      trusted-public-keys = [
+        "cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc="
+      ];
+    };
+  };
+
+  chaotic.mesa-git.enable = true;
+
+  # Environment configuration
+  environment = {
+    systemPackages = systemPackages;
+
+    etc."lact/config.yaml".text = lactConfig;
+
+    variables = environmentVariables;
+  };
+
+  # Hardware configuration
+  hardware = {
+    # Enable the QMK firmware flashing tool.
+    keyboard = {
+      qmk.enable = true;
+    };
+
+    # Enable Sane and Brother printer support.
+    sane = {
+      enable = true;
+      brscan5.enable = false;
+      # extraBackends = [ pkgsVersion.brscan5 ];
+    };
+  };
+
+  # Common Configuration
+  share = {
+    gaming.enable = true;
+    hardware.amd = {
+      enable = lib.mkDefault true;
+      lact.enable = lib.mkDefault true;
+    };
+  };
+
+  programs.coolercontrol.enable = true;
+
+  # Time configuration
+  time = {
+    hardwareClockInLocalTime = lib.mkDefault false;
+  };
+
+  # Virtualisation configuration
+  virtualisation = {
+    libvirtd.enable = lib.mkDefault true;
+    waydroid.enable = lib.mkDefault true;
+  };
+
+  # Network boot specifics
+  boot = {
+    initrd = {
+      network.enable = true;
+      supportedFilesystems = [ "tmpfs" "squashfs" ];
+      # extraFiles."/.ro-store".source = "${config.system.build.toplevel}";
+      systemd.enable = true;
+      availableKernelModules = [
+        "xhci_pci"
+        "nvme"
+        "ahci"
+        "usbhid"
+        "uas"
+        "usb_storage"
+        "sd_mod"
+      ];
+    };
+
+    loader = {
+      grub.enable = lib.mkForce false;
+      systemd-boot.enable = lib.mkForce false; # already replaced by lanzaboote; included explicitly for clarity
+      generic-extlinux-compatible.enable = lib.mkForce true; # required for PXE NetBoot
+      timeout = 0;
+      efi.canTouchEfiVariables = lib.mkForce false;
+    };
+    kernelModules = [
+      "nct6775"
+      "kvm-amd"
+    ];
+    kernelParams = [
+      "ip=dhcp"
+      "boot.shell_on_fail"
+      "quiet"
+      "splash"
+      # needed cause ssd powersaving is broken af I guess
+      "nvme_core.default_ps_max_latency_us=0"
+      "pcie_aspm=off"
+    ];
+
+    plymouth = {
+      enable = true;
+    };
+  };
+
+  zramSwap.enable = true;
+
+  networking.hostName = lib.mkForce "matt-netboot";
+
+  # Stateless filesystem (tmpfs)
+  fileSystems = lib.mkForce {
+    "/" = {
+      device = "tmpfs";
+      fsType = "tmpfs";
+      options = [ "defaults" "size=25%" ];
+    };
+    # "/nix" = {
+    #   device = "/.ro-store";
+    #   fsType = "none";
+    #   options = [ "bind" "ro" ];
+    # };
+  };
+}
--- a/hosts/desktop/networking.nix
+++ b/hosts/desktop/networking.nix
@@ -5,7 +5,7 @@ in
 {
  # Networking configs
  networking = {
-    hostName = hostname;
+    hostName = lib.mkDefault hostname;

    # Enable Network Manager
    networkmanager = {
--- a/hosts/desktop/nix.nix
+++ b/hosts/desktop/nix.nix
@@ -6,12 +6,12 @@ in
  nix = {
    settings = {
      substituters = [
-        # "https://cache.mjallen.dev"
+        "https://cache.mjallen.dev"
        "https://nix-community.cachix.org"
        "https://cache.nixos.org/"
      ];
      trusted-public-keys = [
-        # "cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc="
+        "cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc="
        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
      ];
      warn-dirty = lib.mkForce false;
@@ -21,5 +21,16 @@ in
      ];
      trusted-users = [ user ];
    };
+    settings.builders-use-substitutes = true;
+    distributedBuilds = true;
+    buildMachines = [
+      {
+        hostName = "jallen-nas.local";
+        system = "x86_64-linux";
+        maxJobs = 10;
+        sshUser = "admin";
+        supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
+      }
+    ];
  };
 }
--- a/hosts/nas/nix-serve.nix
+++ b/hosts/nas/nix-serve.nix
@@ -1,4 +1,7 @@
 { pkgs, ... }:
+let
+  nix-build-mail = pkgs.writeShellScript "echo -e \"Content-Type: text/plain\\r\\nSubject: NixOS cache rebuild failed\\r\\n\\r\\nThe nix-rebuild-cache service failed at $(date).\" | sendmail jalle008@proton.me";
+in 
 {
  # "https://cache.mjallen.dev"
  # "cache.mjallen.dev-1:IzFmKCd8/gggI6lcCXsW65qQwiCLGFFN9t9s2iw7Lvc="
@@ -32,6 +35,7 @@
      gnugrep
      gnused
      openssh
+      nix-build-mail
    ];
    script = ''
      #!/usr/bin/env bash
@@ -66,7 +70,7 @@
      if nix build .\#nixosConfigurations.steamdeck.config.system.build.toplevel --no-link; then
        echo "steamdeck built successfully at $(date)"
        git add .
-        git commit -m "Dteamdeck Updates $(date)"
+        git commit -m "Steamdeck Updates $(date)"
      else
        echo "steamdeck failed to build at $(date)"
        git reset --hard
@@ -117,18 +121,10 @@
        echo "jallen-nas failed to build at $(date)"
        git reset --hard
      fi
-
-      # git push
-    '';
-    # Send an email on failure (optional)
-    startPost = ''
-      if [ $SERVICE_RESULT != "success" ]; then
-        ${pkgs.mailutils}/bin/mail -s "NixOS cache rebuild failed" jalle008@proton.me <<EOF
-      The nix-rebuild-cache service failed at $(date).
-      Please check the logs with: journalctl -u nix-rebuild-cache
-      EOF
-      fi
    '';
+    onSuccess = [ "git push" ];
+    # Send an email on failure
+    # onFailure = [ "nix-build-mail" ];
  };

  systemd.timers.nix-rebuild-cache = {