From 40d45a8abdf6b6a1b3d43b05c7ad188daf26e6a6 Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Fri, 4 Apr 2025 17:18:52 -0400 Subject: [PATCH 1/6] formatting --- home-manager/modules/programs/ssh-agent.nix | 5 ++--- nixos/machines/driftwood/headscale.nix | 8 +++++--- nixos/modules/desktop.nix | 3 +-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/home-manager/modules/programs/ssh-agent.nix b/home-manager/modules/programs/ssh-agent.nix index 73d9324..2911ad7 100644 --- a/home-manager/modules/programs/ssh-agent.nix +++ b/home-manager/modules/programs/ssh-agent.nix @@ -9,9 +9,8 @@ enable = true; }; # Setup fish init - programs.fish.shellInit = - '' + programs.fish.shellInit = '' set -x SSH_AUTH_SOCK $XDG_RUNTIME_DIR/ssh-agent ssh-add -''; + ''; } diff --git a/nixos/machines/driftwood/headscale.nix b/nixos/machines/driftwood/headscale.nix index 72dfd9f..14c5436 100644 --- a/nixos/machines/driftwood/headscale.nix +++ b/nixos/machines/driftwood/headscale.nix @@ -18,9 +18,11 @@ base_domain = "tailnet.stranger.systems"; magic_dns = true; extra_records = [ - {name = "hub.tailnet.stranger.systems"; - type = "A"; - value = "100.64.0.3";} + { + name = "hub.tailnet.stranger.systems"; + type = "A"; + value = "100.64.0.3"; + } ]; }; }; diff --git a/nixos/modules/desktop.nix b/nixos/modules/desktop.nix index db7184a..3fa5f19 100644 --- a/nixos/modules/desktop.nix +++ b/nixos/modules/desktop.nix @@ -7,8 +7,7 @@ security.sudo.wheelNeedsPassword = false; environment.systemPackages = with pkgs; [ # Filesystem types - f2fs-tools + f2fs-tools exfatprogs ]; - } From 3e17d984b637ba7daa52d2a92df61c48204cf0f5 Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Fri, 4 Apr 2025 17:28:07 -0400 Subject: [PATCH 2/6] Init swarm configuration --- flake.nix | 1 + nixos/machines/swarm/configuration.nix | 275 +++++++++++++++++++++++++ nixos/machines/swarm/hardware.nix | 64 ++++++ nixos/machines/swarm/machine.nix | 59 ++++++ 4 files changed, 399 insertions(+) create mode 100644 nixos/machines/swarm/configuration.nix create mode 100644 nixos/machines/swarm/hardware.nix create mode 100644 nixos/machines/swarm/machine.nix diff --git a/flake.nix b/flake.nix index 4c1d644..68e1ce3 100644 --- a/flake.nix +++ b/flake.nix @@ -35,6 +35,7 @@ ./nixos/machines/driftwood/machine.nix ./home-manager/machines/wsl/home.nix ./home-manager/machines/crash/home.nix + ./home-manager/machines/swarm/home.nix ./home-manager/machines/tides/home.nix ./home-manager/machines/driftwood/home.nix ./devshells/rust.nix diff --git a/nixos/machines/swarm/configuration.nix b/nixos/machines/swarm/configuration.nix new file mode 100644 index 0000000..28e1dd1 --- /dev/null +++ b/nixos/machines/swarm/configuration.nix @@ -0,0 +1,275 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). +{ + config, + pkgs, + ... +}: { + imports = [ + ]; + + # Setup nixbuild.net, since this laptop is somewhat under powered + # programs.ssh.extraConfig = '' + # Host eu.nixbuild.net + # PubkeyAcceptedKeyTypes ssh-ed25519 + # ServerAliveInterval 60 + # IPQoS throughput + # IdentityFile /home/nathan/.ssh/id_ed25519 + # ControlMaster auto + # ''; + # programs.ssh.knownHosts = { + # nixbuild = { + # hostNames = ["eu.nixbuild.net"]; + # publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPIQCZc54poJ8vqawd8TraNryQeJnvH1eLpIDgbiqymM"; + # }; + # }; + + # Configure nix + nix = { + settings = { + # Auto optimize the store after every action + auto-optimise-store = true; + trusted-users = [ + "root" + "nathan" + ]; + }; + # GC agressively + gc = { + automatic = true; + dates = "daily"; + options = "--delete-older-than 7d"; + }; + distributedBuilds = true; + buildMachines = [ + { + hostName = "eu.nixbuild.net"; + system = "x86_64-linux"; + maxJobs = 100; + supportedFeatures = [ + "benchmark" + "big-parallel" + ]; + } + ]; + }; + + # Bootloader and plymouth + boot = { + loader = { + systemd-boot = { + enable = true; + consoleMode = "auto"; + }; + efi.canTouchEfiVariables = true; + }; + plymouth = { + enable = true; + }; + }; + + # Steam setup + programs.steam = { + enable = true; + gamescopeSession = { + enable = true; + args = [ + "--expose-wayland" + ]; + }; + }; + + networking.hostName = "swarm"; # Define your hostname. + + services.tailscale.enable = true; + + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "America/New_York"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + # Enable the X11 windowing system. + # You can disable this if you're only using the Wayland session. + services.xserver.enable = true; + + # Enable the KDE Plasma Desktop Environment. + services.displayManager.sddm.enable = true; + services.desktopManager.plasma6.enable = true; + environment.sessionVariables.NIXOS_OZONE_WL = "1"; + # Setup bluetooth + hardware.bluetooth.enable = true; + + # Configure keymap in X11 + services.xserver.xkb = { + layout = "us"; + variant = ""; + }; + + # Enable CUPS to print documents. + services.printing.enable = true; + + # Enable sound with pipewire. + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + #jack.enable = true; + + # use the example session manager (no others are packaged yet so this is enabled by default, + # no need to redefine it in your config for now) + #media-session.enable = true; + }; + + # Enable touchpad support (enabled default in most desktopManager). + # services.xserver.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.nathan = { + extraGroups = ["networkmanager"]; + }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + # Touch stuff + libinput + maliit-keyboard + dconf-editor + iptsd + surface-control + wl-clipboard + # Podman + podman-desktop + podman-compose + # System tools + gparted + f2fs-tools + ]; + + virtualisation.podman = {enable = true;}; + + # Enable sway + programs.sway = { + enable = true; + package = pkgs.swayfx; + }; + + # We need to use a fork of iptsd for the LiftTimeout option + # https://github.com/linux-surface/iptsd/issues/166#issuecomment-2391567615 + nixpkgs.overlays = let + iptsd_overlay = self: super: { + iptsd = super.iptsd.overrideAttrs (prev: { + src = pkgs.fetchFromGitHub { + owner = "wvffle"; + repo = "iptsd"; + rev = "9c3e4c7b85767a3239bb2ba1ee12430ba5c92a86"; + hash = "sha256-wyCstqTpyFDLRe/AGFrjJi9A+txwkFNbsW4KLNcMf1Q="; + }; + }); + }; + in [iptsd_overlay]; + # Setup iptsd for touch and stylus support + services.iptsd = { + enable = true; + config = { + Touchscreen = { + DisableOnPalm = true; + DisableOnStylus = true; + }; + Contacts = { + SizeMin = "0.775"; + SizeMax = "1.710"; + AspectMin = "1.005"; + AspectMax = "1.470"; + }; + Stylus = { + LiftTimeout = "0.07"; + }; + DFT = { + PositionMinAmp = "10"; + }; + }; + }; + + # Since this _is_ a tablet, waydroid time + virtualisation.waydroid.enable = true; + + # And thermald + services.thermald = { + enable = true; + }; + + # Other power saving goodies + hardware.enableAllFirmware = true; + services.tlp = { + enable = false; + settings = { + CPU_SCALING_GOVERNOR_ON_AC = "performance"; + CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; + + CPU_ENERGY_PERF_POLICY_ON_BAT = "power"; + CPU_ENERGY_PERF_POLICY_ON_AC = "performance"; + }; + }; + powerManagement.enable = true; + services.power-profiles-daemon.enable = true; + services.cpupower-gui.enable = true; + + # Nvidia gpu setup + hardware.nvidia = { + open = true; + prime = { + intelBusId = "PCI:0:2:0"; + nvidiaBusId = "PCI:2:0:0"; + }; + }; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { + # enable = true; + # enableSSHSupport = true; + # }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + # services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + networking.firewall.enable = false; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + + system.stateVersion = "24.11"; # Did you read the comment? +} diff --git a/nixos/machines/swarm/hardware.nix b/nixos/machines/swarm/hardware.nix new file mode 100644 index 0000000..94fbd5d --- /dev/null +++ b/nixos/machines/swarm/hardware.nix @@ -0,0 +1,64 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"]; + boot.initrd.kernelModules = ["dm-snapshot" "cryptd"]; + boot.initrd.luks.devices."crypt".device = "/dev/disk/by-uuid/f16ca8aa-f596-4876-ba82-7427da9afaba"; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/1e6c0a42-1a50-42a6-a1ce-972cfc63a1c3"; + fsType = "btrfs"; + options = ["subvol=root"]; + }; + + fileSystems."/home" = { + device = "/dev/disk/by-uuid/1e6c0a42-1a50-42a6-a1ce-972cfc63a1c3"; + fsType = "btrfs"; + options = ["subvol=home"]; + }; + + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/1e6c0a42-1a50-42a6-a1ce-972cfc63a1c3"; + fsType = "btrfs"; + options = ["subvol=nix"]; + }; + + fileSystems."/var" = { + device = "/dev/disk/by-uuid/1e6c0a42-1a50-42a6-a1ce-972cfc63a1c3"; + fsType = "btrfs"; + options = ["subvol=var"]; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/5742-D107"; + fsType = "vfat"; + options = ["fmask=0022" "dmask=0022"]; + }; + + swapDevices = [ + {device = "/dev/disk/by-uuid/36cee131-a975-4a20-a0b8-c063af268bcb";} + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/nixos/machines/swarm/machine.nix b/nixos/machines/swarm/machine.nix new file mode 100644 index 0000000..c997e88 --- /dev/null +++ b/nixos/machines/swarm/machine.nix @@ -0,0 +1,59 @@ +{ + withSystem, + inputs, + ... +}: { + # perSystem = { ... }: { config.packages.hello = ...; }; + + flake.nixosConfigurations.swarm = withSystem "x86_64-linux" ( + ctx @ { + config, + inputs', + ... + }: + inputs.nixpkgs.lib.nixosSystem { + # Expose `packages`, `inputs` and `inputs'` as module arguments. + # Use specialArgs permits use in `imports`. + # Note: if you publish modules for reuse, do not rely on specialArgs, but + # on the flake scope instead. See also https://flake.parts/define-module-in-separate-file.html + specialArgs = { + packages = config.packages; + inherit inputs inputs'; + }; + modules = [ + ( + { + config, + lib, + pkgs, + ... + }: { + imports = [ + # Hardware support + inputs.nixos-hardware.nixosModules.microsoft-surface-common + inputs.nixos-hardware.nixosModules.common-pc + inputs.nixos-hardware.nixosModules.common-pc-laptop + inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd + inputs.nixos-hardware.nixosModules.common-cpu-intel + inputs.nixos-hardware.nixosModules.common-gpu-nvidia + # Our modules + (import ../../modules/base.nix {inherit inputs;}) + (import ../../modules/desktop.nix) + (import ./configuration.nix) + (import ./hardware.nix) + (import ../../modules/user.nix { + inherit inputs; + mutableUsers = false; + }) + ]; + + nix.settings.experimental-features = [ + "nix-command" + "flakes" + ]; + } + ) + ]; + } + ); +} From e88598cd90d6e4014e322af345aa3fc77a9f606b Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Fri, 4 Apr 2025 17:30:24 -0400 Subject: [PATCH 3/6] oops --- flake.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake.nix b/flake.nix index 68e1ce3..273d5b1 100644 --- a/flake.nix +++ b/flake.nix @@ -31,11 +31,11 @@ ./nixos/machines/wsl/configuration.nix ./nixos/machines/installer/configuration.nix ./nixos/machines/crash/machine.nix + ./nixos/machines/swarm/machine.nix ./nixos/machines/tides/machine.nix ./nixos/machines/driftwood/machine.nix ./home-manager/machines/wsl/home.nix ./home-manager/machines/crash/home.nix - ./home-manager/machines/swarm/home.nix ./home-manager/machines/tides/home.nix ./home-manager/machines/driftwood/home.nix ./devshells/rust.nix From cdbf80742ef30ec3f8f80a20495d7e021e2d6afa Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Fri, 4 Apr 2025 17:41:49 -0400 Subject: [PATCH 4/6] Grub for dualboot and disable dGPU --- nixos/machines/swarm/configuration.nix | 36 +++----------------------- nixos/machines/swarm/machine.nix | 3 ++- 2 files changed, 6 insertions(+), 33 deletions(-) diff --git a/nixos/machines/swarm/configuration.nix b/nixos/machines/swarm/configuration.nix index 28e1dd1..12c7785 100644 --- a/nixos/machines/swarm/configuration.nix +++ b/nixos/machines/swarm/configuration.nix @@ -12,7 +12,7 @@ # Setup nixbuild.net, since this laptop is somewhat under powered # programs.ssh.extraConfig = '' # Host eu.nixbuild.net - # PubkeyAcceptedKeyTypes ssh-ed25519 + # PubkeyAcceptedKeyTypes ssh-ed255191 # ServerAliveInterval 60 # IPQoS throughput # IdentityFile /home/nathan/.ssh/id_ed25519 @@ -43,24 +43,16 @@ }; distributedBuilds = true; buildMachines = [ - { - hostName = "eu.nixbuild.net"; - system = "x86_64-linux"; - maxJobs = 100; - supportedFeatures = [ - "benchmark" - "big-parallel" - ]; - } ]; }; # Bootloader and plymouth boot = { loader = { - systemd-boot = { + grub = { enable = true; - consoleMode = "auto"; + device = "nodev"; + useOSProber = true; }; efi.canTouchEfiVariables = true; }; @@ -69,17 +61,6 @@ }; }; - # Steam setup - programs.steam = { - enable = true; - gamescopeSession = { - enable = true; - args = [ - "--expose-wayland" - ]; - }; - }; - networking.hostName = "swarm"; # Define your hostname. services.tailscale.enable = true; @@ -236,15 +217,6 @@ services.power-profiles-daemon.enable = true; services.cpupower-gui.enable = true; - # Nvidia gpu setup - hardware.nvidia = { - open = true; - prime = { - intelBusId = "PCI:0:2:0"; - nvidiaBusId = "PCI:2:0:0"; - }; - }; - # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; diff --git a/nixos/machines/swarm/machine.nix b/nixos/machines/swarm/machine.nix index c997e88..426314a 100644 --- a/nixos/machines/swarm/machine.nix +++ b/nixos/machines/swarm/machine.nix @@ -35,7 +35,8 @@ inputs.nixos-hardware.nixosModules.common-pc-laptop inputs.nixos-hardware.nixosModules.common-pc-laptop-ssd inputs.nixos-hardware.nixosModules.common-cpu-intel - inputs.nixos-hardware.nixosModules.common-gpu-nvidia + # Disable the dGPU + inputs.nixos-hardware.nixosModules.common-gpu-nvidia-disable # Our modules (import ../../modules/base.nix {inherit inputs;}) (import ../../modules/desktop.nix) From f40aa91ca14221af0d19b8cf392f8b3b112ef96a Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Fri, 4 Apr 2025 19:08:14 -0400 Subject: [PATCH 5/6] Fix boot --- nixos/machines/swarm/configuration.nix | 1 + nixos/machines/swarm/hardware.nix | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/nixos/machines/swarm/configuration.nix b/nixos/machines/swarm/configuration.nix index 12c7785..07493f2 100644 --- a/nixos/machines/swarm/configuration.nix +++ b/nixos/machines/swarm/configuration.nix @@ -52,6 +52,7 @@ grub = { enable = true; device = "nodev"; + efiSupport = true; useOSProber = true; }; efi.canTouchEfiVariables = true; diff --git a/nixos/machines/swarm/hardware.nix b/nixos/machines/swarm/hardware.nix index 94fbd5d..4a4bb21 100644 --- a/nixos/machines/swarm/hardware.nix +++ b/nixos/machines/swarm/hardware.nix @@ -13,7 +13,7 @@ ]; boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"]; - boot.initrd.kernelModules = ["dm-snapshot" "cryptd"]; + boot.initrd.kernelModules = ["dm-snapshot" "cryptd" "pinctrl_icelake" "surface_aggregator" "surface_aggregator_registry" "surface_aggregator_hub" "surface_hid_core" "8250_dw" "surface_hid"]; boot.initrd.luks.devices."crypt".device = "/dev/disk/by-uuid/f16ca8aa-f596-4876-ba82-7427da9afaba"; boot.kernelModules = ["kvm-intel"]; boot.extraModulePackages = []; From 81890388e67c56981f30cd0f528db35d18fdfb9f Mon Sep 17 00:00:00 2001 From: Nathan McCarty Date: Fri, 4 Apr 2025 19:10:13 -0400 Subject: [PATCH 6/6] New ssh key --- nixos/modules/user.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nixos/modules/user.nix b/nixos/modules/user.nix index bf5dd41..35885e7 100644 --- a/nixos/modules/user.nix +++ b/nixos/modules/user.nix @@ -27,6 +27,7 @@ openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEtE+KjKuHUj5bKKQBDKqhO5dpEQf8E8u1G6kRj7y6dI nathan@nixos" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOYLrArZUT8AQwr9jHLj8DnnJM46C6myF8C7AOza+BDr nathan@Nathan-Surface" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDrgiGxTw0AcInjsELMpq6MZfsl4oTHjo1MVwOc4QgdD nathan@swarm" ]; }; };