cilly/flakes
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Compare commits

base: cilly:master
Branches Tags
cilly:master
cilly:feat/immich
cilly:feat/restic
cilly:feat/cont
cilly:feat/smb
cilly:feat/soulbeet
cilly:opencloud
cilly:staging/dandelion_260528
cilly:bootstrap/alyssum
cilly:dev/slskd_envtest
cilly:feat/emerald
cilly:feat/diamond
cilly:dev/citrine
cilly:dev/tewst
cilly:staging_auto/20260316
cilly:up/dandelion_20260315
cilly:staging_auto/20260315
cilly:staging_auto/20260314
cilly:staging_auto/20260313
cilly:staging_auto/20260312
cilly:staging_auto/20260311
cilly:staging_auto/20260310
cilly:staging_auto/20260309
cilly:staging_auto/20260308
cilly:staging_auto/20260307
cilly:staging_auto/20260306
cilly:staging_auto/20260305
cilly:staging_auto/20260304
cilly:staging_auto/20260303
cilly:staging_auto/20260302
cilly:staging_auto/20260301
cilly:staging_auto/20260228
cilly:staging_auto/20260227
cilly:staging_auto/20260226
cilly:staging_auto/20260225
cilly:staging_auto/20260224
cilly:staging_auto/20260223
cilly:staging_auto/20260222
cilly:staging_auto/20260221
cilly:staging_auto/20260220
cilly:staging_auto/20260219
cilly:staging/20251122
cilly:staging/20250812
cilly:dev/unbound
cilly:dev/wg2
cilly:dev/dandelion2
cilly:test/git-crypt
cilly:dev/server
cilly:dev/options
cilly:dev/workflow
cilly:bootstrap/dandelion
cilly:bootstrap/anemone
cilly:tmp/sugarcane_raccoon
cilly:tmp/caramel_raccoon
cilly:tmp/caramel
cilly:tmp/jellyfin
cilly:temp/caramelgone
cilly:testing/linux-tkg
cilly:testing/wine2
..
compare: cilly:tmp/caramel_raccoon
Branches Tags
cilly:feat/immich
cilly:feat/restic
cilly:master
cilly:feat/cont
cilly:feat/smb
cilly:feat/soulbeet
cilly:opencloud
cilly:staging/dandelion_260528
cilly:bootstrap/alyssum
cilly:dev/slskd_envtest
cilly:feat/emerald
cilly:feat/diamond
cilly:dev/citrine
cilly:dev/tewst
cilly:staging_auto/20260316
cilly:up/dandelion_20260315
cilly:staging_auto/20260315
cilly:staging_auto/20260314
cilly:staging_auto/20260313
cilly:staging_auto/20260312
cilly:staging_auto/20260311
cilly:staging_auto/20260310
cilly:staging_auto/20260309
cilly:staging_auto/20260308
cilly:staging_auto/20260307
cilly:staging_auto/20260306
cilly:staging_auto/20260305
cilly:staging_auto/20260304
cilly:staging_auto/20260303
cilly:staging_auto/20260302
cilly:staging_auto/20260301
cilly:staging_auto/20260228
cilly:staging_auto/20260227
cilly:staging_auto/20260226
cilly:staging_auto/20260225
cilly:staging_auto/20260224
cilly:staging_auto/20260223
cilly:staging_auto/20260222
cilly:staging_auto/20260221
cilly:staging_auto/20260220
cilly:staging_auto/20260219
cilly:staging/20251122
cilly:staging/20250812
cilly:dev/unbound
cilly:dev/wg2
cilly:dev/dandelion2
cilly:test/git-crypt
cilly:dev/server
cilly:dev/options
cilly:dev/workflow
cilly:bootstrap/dandelion
cilly:bootstrap/anemone
cilly:tmp/sugarcane_raccoon
cilly:tmp/caramel_raccoon
cilly:tmp/caramel
cilly:tmp/jellyfin
cilly:temp/caramelgone
cilly:testing/linux-tkg
cilly:testing/wine2

No commits in common. "master" and "tmp/caramel_raccoon" have entirely different histories.
master ... tmp/carame

206 changed files with 3622 additions and 4560 deletions
Download patch file Download diff file Expand all files Collapse all files

4
.git-crypt/.gitattributes vendored
View file

@ -1,4 +0,0 @@
# Do not edit this file. To specify the files to encrypt, create your own
# .gitattributes file in the directory where your files are.
* !filter !diff
*.gpg binary

BIN
.git-crypt/keys/default/0/059F098EBF0E9A13E10A46BF6500251E087653C9.gpg
View file

Binary file not shown.

1
.gitattributes vendored
View file

@ -1 +0,0 @@
secrets.gcrypt/** filter=git-crypt diff=git-crypt

50
.github/workflows/autoupdate.yml vendored
View file

@ -1,50 +0,0 @@
name: Auto update
on:
workflow_dispatch:
schedule:
- cron: "0 0 * * *"
jobs:
update:
runs-on: ubuntu-latest
permissions:
contents: write
steps:
- name: Checkout
uses: actions/checkout@v4
with:
token: ${{ secrets.PAT_TOKEN }}
- name: Check for updates
id: check
run: |
local=$(cat flake.lock | jq ".nodes.nixpkgs.locked.rev")
remote=$(curl "https://api.github.com/repos/NixOS/nixpkgs/branches/nixos-unstable/commits?per_page=1" | jq ".commit.sha")
if [[ $local == $remote ]]; then
echo "skip=1" >> "$GITHUB_OUTPUT"
else
echo "skip=0" >> "$GITHUB_OUTPUT"
branch=$(TZ='Australia/Melbourne' date '+staging_auto/%Y%m%d')
echo "branch_name=${branch}" >> "$GITHUB_OUTPUT"
fi
- name: Install nix
if: steps.check.outputs.skip == 0
uses: cachix/install-nix-action@v31
- name: Configure git
if: steps.check.outputs.skip == 0
run: |
git config --local user.email "41898282+github-actions[bot]@users.noreply.github.com"
git config --local user.name "github-actions[bot]"
- name: Update
if: steps.check.outputs.skip == 0
run: ./update.sh
- name: Push
if: steps.check.outputs.skip == 0
uses: ad-m/github-push-action@master
with:
github_token: ${{ secrets.PAT_TOKEN }}
branch: ${{ steps.check.outputs.branch_name }}

34
.github/workflows/cachix.yml vendored
View file

@ -5,23 +5,35 @@ on:
workflow_dispatch: workflow_dispatch:
jobs: jobs:
check:
name: Check flake
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- uses: cachix/install-nix-action@v17
with:
install_url: https://github.com/numtide/nix-unstable-installer/releases/download/nix-2.12.0pre20220930_89ca75c/install
extra_nix_config: experimental-features = nix-command flakes
- uses: cachix/cachix-action@v10
with:
name: lava
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- run: nix flake check --keep-going --verbose
build: build:
name: Build linux-lava for x86_64-linux name: Build linux-lava for x86_64-linux
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
# credits to https://github.com/easimon/maximize-build-space/issues/45 - uses: actions/checkout@v3
- name: Remove unneeded packages to maximise build space
shell: bash
run: |
df -h
sudo rm -rf /usr/share/dotnet
sudo rm -rf /usr/local/lib/android
df -h
- uses: actions/checkout@v4
with: with:
fetch-depth: 0 fetch-depth: 0
- uses: cachix/install-nix-action@v31 - uses: cachix/install-nix-action@v17
- uses: cachix/cachix-action@v16 with:
install_url: https://github.com/numtide/nix-unstable-installer/releases/download/nix-2.12.0pre20220930_89ca75c/install
extra_nix_config: experimental-features = nix-command flakes
- uses: cachix/cachix-action@v10
with: with:
name: lava name: lava
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'

1
.gitignore vendored
View file

@ -1 +0,0 @@
result

9
README.md
View file

@ -14,18 +14,17 @@ to your liking. Open up `flake.nix`, add your new host config at the bottom, and
## Hosts ## Hosts
| Name | Description | | Name | Description |
| ------- | ----------- | | ------- | ----------- |
| hyacinth | Main Desktop PC | | blossom | Laptop and main PC |
| anemone | Main Laptop |
| caramel | Raspberry Pi 400, stateless | | caramel | Raspberry Pi 400, stateless |
| dandelion | ARM OCI VPS, stateless | | sugarcane | OVHCloud VPS, stateless |
## Users ## Users
| Name | Description | | Name | Description |
| ---- | ----------- | | ---- | ----------- |
| rin | Main user for general usage | | rin | Main user for usage |
| hana | Lightweight user intended for inspecting stateless hosts | | hana | Lightweight user intended for inspecting stateless hosts |
## License ## License
Licensed under CC0 Licensed under CC0; basically you can fork, modify, redistribute, or do whatever you want I don't really care.
Credit is appreciated but not necessary Credit is appreciated but not necessary

47
containers/amethyst/configuration.nix
View file

@ -1,47 +0,0 @@
{ lib, pkgs, ... }: {
system.stateVersion = "23.11";
systemd.tmpfiles.rules = [
"d /persist/transmission 755 transmission transmission"
"d /persist/transmission/.config/transmission-daemon 750 transmission transmission"
"d /persist/transmission/.incomplete 750 transmission transmission"
"d /persist/transmission/Downloads 755 transmission transmission"
"d /persist/transmission/watchdir 755 transmission transmission"
];
networking.wg-quick.interfaces.wg0 = {
configFile = "/persist/vpn.conf";
preUp = ''
# Try to access the DNS for up to 300s
for i in {1..60}; do
${pkgs.iputils}/bin/ping -c1 'google.com' && break
echo "Attempt $i: DNS still not available"
sleep 5s
done
'';
};
# https://github.com/NixOS/nixpkgs/issues/258793
systemd.services.transmission.serviceConfig = {
BindReadOnlyPaths = lib.mkForce [ builtins.storeDir "/etc" ];
RootDirectoryStartOnly = lib.mkForce false;
RootDirectory = lib.mkForce "";
PrivateMounts = lib.mkForce false;
PrivateUsers = lib.mkForce false;
};
networking.firewall.allowedTCPPorts = [ 9091 ];
services.transmission = {
enable = true;
package = pkgs.transmission_4;
downloadDirPermissions = "775";
openFirewall = true;
home = "/persist/transmission";
settings = {
ratio-limit-enabled = true;
rpc-bind-address = "0.0.0.0";
rpc-enabled = true;
rpc-port = 9091;
rpc-host-whitelist-enabled = false;
rpc-whitelist-enabled = false;
};
};
}

27
containers/amethyst/flake.lock generated
View file

@ -1,27 +0,0 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1773282481,
"narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

51
containers/amethyst/flake.nix
View file

@ -1,51 +0,0 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs = { nixpkgs, ... }: {
nixosConfigurations.container = nixpkgs.lib.nixosSystem {
modules = [ ./configuration.nix ];
};
nixosModule = { ... }:
let
name = "amethyst";
fqdn = "amethyst.lava.moe";
subnet = "1";
in {
networking.nat = {
enable = true;
enableIPv6 = true;
internalInterfaces = [ "ve-${name}" ];
};
services.nginx.virtualHosts."${fqdn}" = {
useACMEHost = "lava.moe";
forceSSL = true;
#locations."/".proxyPass = "http://[fd0d:1::${subnet}:2]:9091";
locations."/".proxyPass = "http://10.30.${subnet}.2:9091";
listenAddresses = [ "10.0.0.1" "[fd0d::1]" ];
};
systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
containers.${name} = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.30.${subnet}.1";
localAddress = "10.30.${subnet}.2";
hostAddress6 = "fd0d:1::${subnet}:1";
localAddress6 = "fd0d:1::${subnet}:2";
# privateUsers = "pick";
nixpkgs = nixpkgs;
ephemeral = true;
config = { imports = [ ./configuration.nix ]; };
bindMounts."persist" = {
hostPath = "/persist/containers/${name}";
mountPoint = "/persist";
isReadOnly = false;
};
# flake = "path:" + ./.;
};
};
};
}

23
containers/beryllium/configuration.nix
View file

@ -1,23 +0,0 @@
{ ... }: {
system.stateVersion = "25.11";
fileSystems."/var/lib/private" = {
device = "/persist";
fsType = "none";
options = [ "bind" ];
};
networking.firewall.allowedTCPPorts = [ 6167 ];
networking.firewall.allowedUDPPorts = [ 6167 ];
# TODO: this should be generically set
networking.useHostResolvConf = false;
networking.nameservers = [ "8.8.8.8" ];
services.matrix-continuwuity = {
enable = true;
settings.global = {
# TODO: link this with outer container's address
address = [ "10.30.2.2" ];
server_name = "lava.moe";
rocksdb_recovery_mode = 2;
};
};
}

27
containers/beryllium/flake.lock generated
View file

@ -1,27 +0,0 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1773282481,
"narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

69
containers/beryllium/flake.nix
View file

@ -1,69 +0,0 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs = { nixpkgs, ... }: {
nixosConfigurations.container = nixpkgs.lib.nixosSystem {
modules = [ ./configuration.nix ];
};
nixosModule = { ... }:
let
name = "beryllium";
fqdn = "beryllium.lava.moe";
subnet = "2";
in {
networking.nat = {
enable = true;
enableIPv6 = true;
internalInterfaces = [ "ve-${name}" ];
};
services.nginx.virtualHosts."${fqdn}" = {
useACMEHost = "lava.moe";
forceSSL = true;
locations."/".extraConfig = "return 302 'https://lava.moe';";
locations."/_matrix".proxyPass = "http://10.30.${subnet}.2:6167";
locations."/_conduwuit".proxyPass = "http://10.30.${subnet}.2:6167";
locations."/_continuwuity".proxyPass = "http://10.30.${subnet}.2:6167";
};
services.nginx.virtualHosts."lava.moe" = {
locations."= /.well-known/matrix/server".extraConfig =
let
server = { "m.server" = "${fqdn}:443"; };
in ''
add_header Content-Type application/json;
return 200 '${builtins.toJSON server}';
'';
locations."= /.well-known/matrix/client".extraConfig =
let
client = {
"m.homeserver" = { "base_url" = "https://${fqdn}"; };
# "m.identity_server" = { "base_url" = "https://vector.im"; };
};
in ''
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '${builtins.toJSON client}';
'';
};
systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
containers.${name} = {
autoStart = true;
privateNetwork = true;
hostAddress = "10.30.${subnet}.1";
localAddress = "10.30.${subnet}.2";
nixpkgs = nixpkgs;
ephemeral = true;
config = { imports = [ ./configuration.nix ]; };
bindMounts."persist" = {
hostPath = "/persist/containers/${name}";
mountPoint = "/persist";
isReadOnly = false;
};
};
};
};
}

53
containers/citrine/configuration.nix
View file

@ -1,53 +0,0 @@
{ config, fqdn, lib, ... }: {
system.stateVersion = "25.11";
networking.firewall.allowedTCPPorts = [ 22 3000 ];
networking.firewall.allowedUDPPorts = [ 22 3000 ];
systemd.tmpfiles.rules = [
"L+ /persist/forgejo/custom/templates - - - - ${./templates}"
];
services.forgejo = {
enable = true;
lfs.enable = true;
settings = {
DEFAULT.APP_NAME = "cilly's botanical laboratory";
server = {
DOMAIN = fqdn;
ROOT_URL = "https://${fqdn}/";
HTTP_PORT = 3000;
START_SSH_SERVER = true;
BUILTIN_SSH_SERVER_USER = "git";
SSH_DOMAIN = "git.lava.moe";
SSH_SERVER_KEY_EXCHANGES = "mlkem768x25519-sha256,sntrup761x25519-sha512,sntrup761x25519-sha512@openssh.com,curve25519-sha256,curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256";
};
ui = lib.mkForce {
DEFAULT_THEME = "catppuccin-maroon-auto";
THEMES = lib.strings.concatMapStringsSep "," (x: "${x}-auto") [
"catppuccin-pink"
"catppuccin-maroon"
"catppuccin-flamingo"
"catppuccin-rosewater"
"forgejo"
"gitea"
];
};
api.ENABLE_SWAGGER = false;
other.SHOW_FOOTER_TEMPLATE_LOAD_TIME = false;
repository.ENABLE_PUSH_CREATE_USER = true;
repository.ENABLE_PUSH_CREATE_ORG = true;
service.DISABLE_REGISTRATION = true;
};
stateDir = "/persist/forgejo";
};
systemd.services.forgejo.serviceConfig = {
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
CapabilityBoundingSet = [ "CAP_NET_BIND_SERVICE" ];
PrivateUsers = lib.mkForce false;
};
catppuccin.forgejo.enable = true;
environment.systemPackages = [ config.services.forgejo.package ];
}

62
containers/citrine/flake.lock generated
View file

@ -1,62 +0,0 @@
{
"nodes": {
"catppuccin": {
"inputs": {
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1773403535,
"narHash": "sha256-47MZaFrHxNO8tVUAmtVnerXUw2WWVluBOiU9MulN/yM=",
"owner": "catppuccin",
"repo": "nix",
"rev": "d45b5665cc638bad1b794350de02f4dd41b0bb47",
"type": "github"
},
"original": {
"owner": "catppuccin",
"repo": "nix",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1773122722,
"narHash": "sha256-FIqHByVqxCprNjor1NqF80F2QQoiiyqanNNefdlvOg4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "62dc67aa6a52b4364dd75994ec00b51fbf474e50",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1773282481,
"narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"catppuccin": "catppuccin",
"nixpkgs": "nixpkgs_2"
}
}
},
"root": "root",
"version": 7
}

68
containers/citrine/flake.nix
View file

@ -1,68 +0,0 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
catppuccin.url = "github:catppuccin/nix";
};
outputs = { nixpkgs, catppuccin, ... }:
let
name = "citrine";
fqdn = "lab.lava.moe";
subnetId = "3";
subnet = x: "fd0d:1::${subnetId}:${toString x}";
host = subnet 1;
client = subnet 2;
subnet4 = x: "10.30.${subnetId}.${toString x}";
host4 = subnet4 1;
client4 = subnet4 2;
modules = [
./configuration.nix
catppuccin.nixosModules.catppuccin
{
networking.useHostResolvConf = false;
networking.nameservers = [ host ];
}
];
in {
nixosConfigurations.container = nixpkgs.lib.nixosSystem {
inherit modules;
};
nixosModule = { ... }: {
networking.nat = {
enable = true;
enableIPv6 = true;
internalInterfaces = [ "ve-${name}" ];
};
services.nginx.virtualHosts."${fqdn}" = {
useACMEHost = "lava.moe";
forceSSL = true;
locations."/".proxyPass = "http://[${client}]:3000";
};
systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
containers.${name} = {
autoStart = true;
privateNetwork = true;
hostAddress = host4;
localAddress = client4;
hostAddress6 = host;
localAddress6 = client;
# privateUsers = "pick";
nixpkgs = nixpkgs;
ephemeral = true;
config = { imports = modules; };
specialArgs = { inherit fqdn; };
bindMounts."persist" = {
hostPath = "/persist/containers/${name}";
mountPoint = "/persist";
isReadOnly = false;
};
# flake = "path:" + ./.;
};
};
};
}

31
containers/citrine/templates/base/footer_content.tmpl
View file

@ -1,31 +0,0 @@
<footer class="page-footer" role="group" aria-label="{{ctx.Locale.Tr "aria.footer"}}">
<div class="left-links" role="contentinfo" aria-label="{{ctx.Locale.Tr "aria.footer.software"}}">
{{if ShowFooterPoweredBy}}
<a target="_blank" rel="noopener noreferrer" href="https://forgejo.org">Forgejo</a>
{{end}}
{{if (or .ShowFooterVersion .PageIsAdmin)}}
{{if .IsAdmin}}
<a href="{{AppSubUrl}}/admin/config">{{AppVerNoMetadata}}</a>
{{else}}
{{AppVerNoMetadata}}
{{end}}
{{end}}
{{if and .TemplateLoadTimes ShowFooterTemplateLoadTime}}
{{ctx.Locale.Tr "page"}}: <strong>{{LoadTimes .PageStartTime}}</strong>
{{ctx.Locale.Tr "template"}}{{if .TemplateName}} {{.TemplateName}}{{end}}: <strong>{{call .TemplateLoadTimes}}</strong>
{{end}}
</div>
<div class="right-links" role="group" aria-label="{{ctx.Locale.Tr "aria.footer.links"}}">
<div class="ui dropdown upward language">
<span class="flex-text-inline">{{svg "octicon-globe" 14}} {{ctx.Locale.LangName}}</span>
<div class="menu language-menu">
{{range .AllLangs}}
<a lang="{{.Lang}}" data-url="{{AppSubUrl}}/?lang={{.Lang}}" class="item {{if eq ctx.Locale.Lang .Lang}}active selected{{end}}">{{.Name}}</a>
{{end}}
</div>
</div>
<a href="{{AssetUrlPrefix}}/licenses.txt">{{ctx.Locale.Tr "licenses"}}</a>
{{if .EnableSwagger}}<a href="{{AppSubUrl}}/api/swagger">API</a>{{end}}
{{template "custom/extra_links_footer" .}}
</div>
</footer>

19
containers/citrine/templates/home.tmpl
View file

@ -1,19 +0,0 @@
{{template "base/head" .}}
{{if not .IsSigned}}
<script>window.location.href = "/explore/repos";</script>
{{end}}
<div role="main" aria-label="{{if .IsSigned}}{{ctx.Locale.Tr "dashboard"}}{{else}}{{ctx.Locale.Tr "home"}}{{end}}" class="page-content home">
<div class="tw-mb-8 tw-px-8">
<div class="center">
<img class="logo" width="220" height="220" src="{{AssetUrlPrefix}}/img/logo.svg" alt="{{ctx.Locale.Tr "logo"}}">
<div class="hero">
<h1 class="ui icon header title">
{{AppDisplayName}}
</h1>
<h2>{{ctx.Locale.Tr "startpage.app_desc"}}</h2>
</div>
</div>
</div>
{{template "home_forgejo" .}}
</div>
{{template "base/footer" .}}

22
containers/diamond/configuration.nix
View file

@ -1,22 +0,0 @@
{ fqdn, ... }: {
system.stateVersion = "25.11";
systemd.tmpfiles.rules = [
"d /persist/vaultwarden 755 vaultwarden vaultwarden"
];
fileSystems."/var/lib/vaultwarden" = {
device = "/persist/vaultwarden";
fsType = "none";
options = [ "bind" ];
};
networking.firewall.allowedTCPPorts = [ 8000 ];
networking.firewall.allowedUDPPorts = [ 8000 ];
services.vaultwarden = {
enable = true;
domain = fqdn;
config = {
DOMAIN = "https://${fqdn}";
ROCKET_ADDRESS = "::";
};
};
}

27
containers/diamond/flake.lock generated
View file

@ -1,27 +0,0 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1773282481,
"narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

51
containers/diamond/flake.nix
View file

@ -1,51 +0,0 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs = { nixpkgs, ... }:
let
name = "diamond";
fqdn = "astransia.lava.moe";
subnetId = "4";
subnet = x: "fd0d:1::${subnetId}:${toString x}";
host = subnet 1;
client = subnet 2;
modules = [
./configuration.nix
];
in {
nixosConfigurations.container = nixpkgs.lib.nixosSystem {
inherit modules;
};
nixosModule = { ... }: {
services.nginx.virtualHosts."${fqdn}" = {
useACMEHost = "lava.moe";
forceSSL = true;
locations."/".proxyPass = "http://[${client}]:8000";
listenAddresses = [ "10.0.0.1" "[fd0d::1]" "100.67.1.1" ];
};
systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
containers.${name} = {
autoStart = true;
privateNetwork = true;
hostAddress6 = host;
localAddress6 = client;
# privateUsers = "pick";
nixpkgs = nixpkgs;
ephemeral = true;
config = { imports = modules; };
specialArgs = { inherit fqdn; };
bindMounts."persist" = {
hostPath = "/persist/containers/${name}";
mountPoint = "/persist";
isReadOnly = false;
};
# flake = "path:" + ./.;
};
};
};
}

23
containers/emerald/configuration.nix
View file

@ -1,23 +0,0 @@
{ fqdn, shareFqdn, ... }: {
system.stateVersion = "25.11";
systemd.tmpfiles.rules = [
"d /persist/navidrome 755 navidrome navidrome"
];
networking.firewall.allowedTCPPorts = [ 4533 ];
networking.firewall.allowedUDPPorts = [ 4533 ];
services.navidrome = {
enable = true;
environmentFile = "/binds/navidrome_env";
settings = {
Port = 4533;
Address = "[::]";
BaseUrl = "https://${fqdn}/";
ShareURL = "https://${shareFqdn}";
EnableSharing = true;
DataFolder = "/persist/navidrome";
MusicFolder = "/binds/music/main";
};
};
systemd.services.navidrome.serviceConfig.BindReadOnlyPaths = ["/binds/music"];
}

27
containers/emerald/flake.lock generated
View file

@ -1,27 +0,0 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1773282481,
"narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

78
containers/emerald/flake.nix
View file

@ -1,78 +0,0 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs = { nixpkgs, ... }:
let
name = "emerald";
fqdn = "navia.lava.moe";
shareFqdn = "muse.lava.moe";
subnetId = "5";
subnet = x: "fd0d:2::${subnetId}:${toString x}";
host = subnet 1;
client = subnet 2;
subnet4 = x: "10.32.${subnetId}.${toString x}";
host4 = subnet4 1;
client4 = subnet4 2;
modules = [
./configuration.nix
{
networking.useHostResolvConf = false;
networking.nameservers = [ host ];
}
];
in {
nixosConfigurations.container = nixpkgs.lib.nixosSystem {
inherit modules;
};
nixosModule = { config, ... }: {
networking.nat = {
enable = true;
enableIPv6 = true;
internalInterfaces = [ "ve-${name}" ];
};
services.nginx.virtualHosts."${fqdn}" = {
useACMEHost = "lava.moe";
forceSSL = true;
locations."/".proxyPass = "http://[${client}]:4533";
listenAddresses = [ "100.67.2.1" ];
};
systemd.tmpfiles.rules = [ "d /persist/containers/${name} 755 root users" ];
containers.${name} = {
autoStart = true;
privateNetwork = true;
hostAddress = host4;
localAddress = client4;
hostAddress6 = host;
localAddress6 = client;
# privateUsers = "pick";
nixpkgs = nixpkgs;
ephemeral = true;
config = { imports = modules; };
specialArgs = { inherit fqdn shareFqdn; };
bindMounts."persist" = {
hostPath = "/persist/containers/${name}";
mountPoint = "/persist";
isReadOnly = false;
};
bindMounts."music" = {
hostPath = "/flower/media/music";
mountPoint = "/binds/music";
isReadOnly = true;
};
bindMounts."navidrome_env" = {
hostPath = config.age.secrets.navidrome_env.path;
mountPoint = "/binds/navidrome_env";
isReadOnly = true;
};
# flake = "path:" + ./.;
};
};
};
}

22
containers/fluorite/configuration.nix
View file

@ -1,22 +0,0 @@
{ ... }: {
system.stateVersion = "25.11";
systemd.tmpfiles.rules = [
"d /persist/slskd/Downloads 755 slskd slskd"
];
fileSystems."/var/lib/slskd" = {
device = "/persist/slskd";
fsType = "none";
options = [ "bind" ];
};
networking.firewall.allowedTCPPorts = [ 5030 50300 ];
networking.firewall.allowedUDPPorts = [ 5030 50300 ];
services.slskd = {
enable = true;
domain = null;
environmentFile = "/binds/slskd_env";
settings = {
shares.directories = [ "/binds/music/" ];
};
};
}

27
containers/fluorite/flake.lock generated
View file

@ -1,27 +0,0 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1773282481,
"narHash": "sha256-b/GV2ysM8mKHhinse2wz+uP37epUrSE+sAKXy/xvBY4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "fe416aaedd397cacb33a610b33d60ff2b431b127",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

89
containers/fluorite/flake.nix
View file

@ -1,89 +0,0 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs = { nixpkgs, ... }:
let
name = "fluorite";
fqdn = "fluorite.lava.moe";
subnetId = "6";
subnet = x: "fd0d:1::${subnetId}:${toString x}";
host = subnet 1;
client = subnet 2;
subnet4 = x: "10.30.${subnetId}.${toString x}";
host4 = subnet4 1;
client4 = subnet4 2;
modules = [
./configuration.nix
{
networking.useHostResolvConf = false;
networking.nameservers = [ host ];
}
];
in {
nixosConfigurations.container = nixpkgs.lib.nixosSystem {
inherit modules;
};
nixosModule = { config, ... }: {
networking.nat = {
enable = true;
enableIPv6 = true;
internalInterfaces = [ "ve-${name}" ];
};
networking.firewall.allowedTCPPorts = [ 50300 ];
services.nginx.virtualHosts."${fqdn}" = {
useACMEHost = "lava.moe";
forceSSL = true;
locations."/".proxyPass = "http://[${client}]:5030";
listenAddresses = [ "10.0.0.1" "[fd0d::1]" "100.67.1.1" ];
};
systemd.tmpfiles.rules = [
"d /persist/containers/${name} 755 root users"
"d /persist/media/music 075 nobody users"
];
containers.${name} = {
autoStart = true;
privateNetwork = true;
hostAddress = host4;
localAddress = client4;
hostAddress6 = host;
localAddress6 = client;
# privateUsers = "pick";
nixpkgs = nixpkgs;
ephemeral = true;
config = { imports = modules; };
specialArgs = { inherit fqdn; };
forwardPorts = [
{
containerPort = 50300;
hostPort = 50300;
protocol = "tcp";
}
];
bindMounts."persist" = {
hostPath = "/persist/containers/${name}";
mountPoint = "/persist";
isReadOnly = false;
};
bindMounts."music" = {
hostPath = "/persist/media/music";
mountPoint = "/binds/music";
isReadOnly = true;
};
bindMounts."slskd_env" = {
hostPath = config.age.secrets.slskd_env.path;
mountPoint = "/binds/slskd_env";
isReadOnly = true;
};
# flake = "path:" + ./.;
};
};
};
}

36
containers/garnet/configuration.nix
View file

@ -1,36 +0,0 @@
{ ... }: {
system.stateVersion = "25.11";
fileSystems."/var/lib/opencloud" = {
device = "/flower/data";
fsType = "none";
options = [ "bind" ];
};
fileSystems."/etc/opencloud" = {
device = "/persist/cfg";
fsType = "none";
options = [ "bind" ];
};
# TODO: hardcoded address
networking.extraHosts = ''
100.67.2.1 cloud.lava.moe
'';
networking.firewall.allowedTCPPorts = [ 9200 ];
networking.firewall.allowedUDPPorts = [ 9200 ];
environment.etc."opencloud-admin-pass".text = ''
IDM_ADMIN_PASSWORD=supersillysecure
'';
services.opencloud = {
enable = true;
url = "https://cloud.lava.moe";
address = "10.30.7.2";
port = 9200;
environment = {
PROXY_TLS = "false";
IDP_ACCESS_TOKEN_EXPIRATION = "2592000";
IDP_ID_TOKEN_EXPIRATION = "2592000";
};
environmentFile = "/etc/opencloud-admin-pass";
};
}

27
containers/garnet/flake.lock generated
View file

@ -1,27 +0,0 @@
{
"nodes": {
"nixpkgs": {
"locked": {
"lastModified": 1779560665,
"narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"root": {
"inputs": {
"nixpkgs": "nixpkgs"
}
}
},
"root": "root",
"version": 7
}

84
containers/garnet/flake.nix
View file

@ -1,84 +0,0 @@
{
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
};
outputs = { nixpkgs, ... }:
let
name = "garnet";
fqdn = "cloud.lava.moe";
subnetId = "7";
subnet = x: "fd0d:1::${subnetId}:${toString x}";
host = subnet 1;
client = subnet 2;
subnet4 = x: "10.30.${subnetId}.${toString x}";
host4 = subnet4 1;
client4 = subnet4 2;
modules = [
./configuration.nix
{
networking.useHostResolvConf = false;
networking.nameservers = [ host ];
}
];
in {
nixosConfigurations.container = nixpkgs.lib.nixosSystem {
inherit modules;
};
nixosModule = { config, ... }: {
networking.nat = {
enable = true;
enableIPv6 = true;
internalInterfaces = [ "ve-${name}" ];
};
services.nginx.virtualHosts."${fqdn}" = {
useACMEHost = "lava.moe";
forceSSL = true;
locations."/" = {
proxyPass = "http://${client4}:9200";
proxyWebsockets = true;
};
extraConfig = ''
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
keepalive_requests 100000;
keepalive_timeout 5m;
http2_max_concurrent_streams 512;
'';
# TODO: hardcoded address
listenAddresses = [ "100.67.2.1" ];
};
systemd.tmpfiles.rules = [
"d /persist/containers/${name} 755 root users"
];
containers.${name} = {
autoStart = true;
privateNetwork = true;
hostAddress = host4;
localAddress = client4;
hostAddress6 = host;
localAddress6 = client;
# privateUsers = "pick";
nixpkgs = nixpkgs;
ephemeral = true;
config = { imports = modules; };
specialArgs = { inherit fqdn; };
bindMounts."persist" = {
hostPath = "/persist/containers/${name}";
mountPoint = "/persist";
isReadOnly = false;
};
bindMounts."content" = {
hostPath = "/flower/opencloud";
mountPoint = "/flower";
isReadOnly = false;
};
};
};
};
}

1219
flake.lock generated
View file

File diff suppressed because it is too large Load diff

103
flake.nix
View file

@ -1,101 +1,108 @@
{ {
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "github:LavaDesu/nixpkgs/laba/remove-mono";
nixpkgs-porcupine.url = "github:NixOS/nixpkgs/nixos-21.11";
nixpkgs-raccoon.url = "github:NixOS/nixpkgs/nixos-22.11";
home-manager.url = "github:nix-community/home-manager"; home-manager.url = "github:nix-community/home-manager";
home-manager.inputs.nixpkgs.follows = "nixpkgs"; home-manager-porcupine.url = "github:LavaDesu/home-manager/backport/gpg-agent";
home-manager-raccoon.url = "github:nix-community/home-manager/release-22.11";
agenix.url = "github:ryantm/agenix";
agenix.inputs.nixpkgs.follows = "nixpkgs";
aagl.url = "github:ezKEa/aagl-gtk-on-nix";
catppuccin.url = "github:catppuccin/nix/8eada392fd6571a747e1c5fc358dd61c14c8704e";
catppuccin.inputs.nixpkgs.follows = "nixpkgs";
catppuccin-palette = { url = "github:catppuccin/palette"; flake = false; };
neovim-nightly.url = "github:nix-community/neovim-nightly-overlay"; neovim-nightly.url = "github:nix-community/neovim-nightly-overlay";
nixos-hardware.url = "github:NixOS/nixos-hardware";
agenix.url = "github:ryantm/agenix";
nixos-generators.url = "github:nix-community/nixos-generators";
agenix.inputs.nixpkgs.follows = "nixpkgs";
home-manager.inputs.nixpkgs.follows = "nixpkgs";
home-manager-porcupine.inputs.nixpkgs.follows = "nixpkgs-porcupine";
home-manager-raccoon.inputs.nixpkgs.follows = "nixpkgs-raccoon";
neovim-nightly.inputs.nixpkgs.follows = "nixpkgs"; neovim-nightly.inputs.nixpkgs.follows = "nixpkgs";
nixos-generators.inputs.nixpkgs.follows = "nixpkgs";
nix-gaming.url = "github:fufexan/nix-gaming"; nix-gaming.url = "github:fufexan/nix-gaming";
nix-index-database.url = "github:nix-community/nix-index-database";
nix-index-database.inputs.nixpkgs.follows = "nixpkgs";
spicetify-nix.url = "github:Gerg-L/spicetify-nix";
spicetify-nix.inputs.nixpkgs.follows = "nixpkgs";
# services # services
pastel.url = "github:cillynder/pastel"; hosts-blocklists = { url = "github:notracking/hosts-blocklists"; flake = false; };
stevenblack-hosts = { url = "github:StevenBlack/hosts"; flake = false; }; website = { url = "github:LavaDesu/lavadesu.github.io/master"; flake = false; };
website = { url = "github:cillynder/lavadesu.github.io/master"; flake = false; };
# zsh plugins # zsh plugins
zsh-abbr = { url = "git+https://github.com/olets/zsh-abbr?submodules=1"; flake = false; }; zsh-abbr = { url = "github:olets/zsh-abbr"; flake = false; };
zsh-history-substring-search = { url = "github:zsh-users/zsh-history-substring-search"; flake = false; }; zsh-history-substring-search = { url = "github:zsh-users/zsh-history-substring-search"; flake = false; };
fast-syntax-highlighting = { url = "github:zdharma-continuum/fast-syntax-highlighting"; flake = false; }; fast-syntax-highlighting = { url = "github:zdharma-continuum/fast-syntax-highlighting"; flake = false; };
pure = { url = "github:sindresorhus/pure"; flake = false; }; pure = { url = "github:sindresorhus/pure"; flake = false; };
# overlays # overlays
discord-tokyonight = { url = "github:DanisDGK/zelk-customizations"; flake = false; };
discover = { url = "github:trigg/Discover"; flake = false; };
linux-tkg = { url = "github:Frogging-Family/linux-tkg"; flake = false; }; linux-tkg = { url = "github:Frogging-Family/linux-tkg"; flake = false; };
nvim-treesitter = { url = "github:nvim-treesitter/nvim-treesitter"; flake = false; }; nvim-treesitter = { url = "github:nvim-treesitter/nvim-treesitter"; flake = false; };
packwiz = { url = "github:comp500/packwiz"; flake = false; };
spotify-adblock = { url = "github:abba23/spotify-adblock"; flake = false; }; spotify-adblock = { url = "github:abba23/spotify-adblock"; flake = false; };
tree-sitter-glimmer = { url = "github:alexlafroscia/tree-sitter-glimmer"; flake = false; };
tree-sitter-jsonc = { url = "gitlab:WhyNotHugo/tree-sitter-jsonc"; flake = false; }; tree-sitter-jsonc = { url = "gitlab:WhyNotHugo/tree-sitter-jsonc"; flake = false; };
wine-discord-ipc-bridge = { url = "github:0e4ef622/wine-discord-ipc-bridge"; flake = false; }; wine-discord-ipc-bridge = { url = "github:0e4ef622/wine-discord-ipc-bridge"; flake = false; };
# containers # shells
c-amethyst.url = "path:./containers/amethyst"; rust-overlay.url = "github:oxalica/rust-overlay";
c-beryllium.url = "path:./containers/beryllium"; rust-overlay.inputs.nixpkgs.follows = "nixpkgs";
c-citrine.url = "path:./containers/citrine";
c-diamond.url = "path:./containers/diamond";
c-emerald.url = "path:./containers/emerald";
c-fluorite.url = "path:./containers/fluorite";
c-garnet.url = "path:./containers/garnet";
}; };
outputs = { self, agenix, catppuccin, nixpkgs, ... } @ inputs: outputs = { self, agenix, nixos-generators, nixpkgs, nixpkgs-porcupine, nixpkgs-raccoon, ... } @ inputs:
let let
overlays = (import ./overlays) overlays = (import ./overlays)
++ [(final: prev: { ++ [(final: prev: {
me = prev.callPackage ./packages { inherit inputs; } // { inherit inputs; }; me = prev.callPackage ./packages { inherit inputs; } // { inherit inputs; };
})]; })];
patchOverlaysWithLinuxLava = nixpkgs: arch: ([(self: super: {
linuxLavaNixpkgs = import nixpkgs {
overlays = [ (import ./overlays/linux-lava.nix) ] ++ overlays;
system = arch;
};
})] ++ overlays);
mkSystem = mkSystem =
if !(self ? rev) then throw "Dirty git tree detected." else if !(self ? rev) then throw "Dirty git tree detected." else
nixpkgs: name: arch: extraModules: nixpkgs.lib.nixosSystem { nixpkgs: name: arch: enableGUI: extraModules: nixpkgs.lib.nixosSystem {
system = arch; system = arch;
modules = [ modules = [
({ { nixpkgs.overlays = overlays; }
nixpkgs.overlays = patchOverlaysWithLinuxLava nixpkgs arch;
})
agenix.nixosModules.age agenix.nixosModules.age
catppuccin.nixosModules.catppuccin
(./hosts + "/${name}") (./hosts + "/${name}")
] ++ extraModules; ] ++ extraModules;
specialArgs = { specialArgs = {
inherit inputs; inherit inputs enableGUI;
modules = import ./modules { lib = nixpkgs.lib; }; modules = import ./modules { lib = nixpkgs.lib; };
gcSecrets = builtins.fromJSON (builtins.readFile "${self}/secrets.gcrypt/shared.json");
}; };
}; };
in in
{ {
nixosConfigurations."alyssum" = mkSystem nixpkgs "alyssum" "x86_64-linux" []; nixosConfigurations."blossom" = mkSystem nixpkgs "blossom" "x86_64-linux" true [];
nixosConfigurations."anemone" = mkSystem nixpkgs "anemone" "x86_64-linux" [];
nixosConfigurations."dandelion" = mkSystem nixpkgs "dandelion" "aarch64-linux" []; nixosConfigurations."caramel" = mkSystem nixpkgs-raccoon "caramel" "aarch64-linux" false [{
nixosConfigurations."hyacinth" = mkSystem nixpkgs "hyacinth" "x86_64-linux" []; nixpkgs.overlays = [
(self: super: {
makeModulesClosure = x: super.makeModulesClosure (x // { allowMissing = true; });
})
];
}];
nixosConfigurations."sugarcane" = mkSystem nixpkgs-porcupine "sugarcane" "x86_64-linux" false [];
packages."x86_64-linux" = packages."x86_64-linux" =
let let
pkgs = import nixpkgs rec { pkgs = import nixpkgs {
overlays = patchOverlaysWithLinuxLava nixpkgs system; inherit overlays;
system = "x86_64-linux"; system = "x86_64-linux";
}; };
in in
{ {
inherit (pkgs.me) linux-lava spotify-adblock; inherit (pkgs.me) linux-lava;
linux-lava-ccache = pkgs.me.linux-lava.override { useCcache = true; };
}; };
packages."aarch64-linux" =
let
pkgs = import nixpkgs-raccoon {
inherit overlays;
system = "aarch64-linux";
};
in
{
caramel-img = self.nixosConfigurations."caramel".config.system.build.sdImage;
};
# TODO: currently broken
# devShells.x86_64-linux = pkgs.callPackage ./shells { inherit inputs; };
}; };
} }

45
hosts/alyssum/default.nix
View file

@ -1,45 +0,0 @@
{ inputs, lib, modules, modulesPath, ... }: {
networking.hostName = "alyssum";
system.stateVersion = "25.11";
time.timeZone = "Australia/Melbourne";
age.secrets = {
acme_dns.file = ../../secrets/acme_dns.age;
passwd.file = ../../secrets/passwd.age;
navidrome_env.file = ../../secrets/navidrome_env.age;
wpa_conf = {
file = ../../secrets/wpa_conf.age;
path = "/etc/wpa_supplicant/imperative.conf";
symlink = false;
};
};
imports = with modules.system; [
(modulesPath + "/profiles/qemu-guest.nix")
home-manager
base
kernel
nix-stable
packages
security
tailscale
modules.services.nginx
modules.services.syncthing
inputs.c-emerald.nixosModule
inputs.c-garnet.nixosModule
./filesystem.nix
./kernel.nix
./networking.nix
./home.syncthing.nix
./samba.nix
../../users/hana
];
me.environment = "headless";
services.syncthing.user = lib.mkForce "hana";
}

35
hosts/alyssum/filesystem.nix
View file

@ -1,35 +0,0 @@
{ ... }:
let
bind = src: {
depends = [ "/nix" ];
device = src;
fsType = "none";
neededForBoot = true;
options = [ "bind" ];
};
mkLabelMount = label: type: {
device = "/dev/disk/by-label/${label}";
fsType = type;
options = [ "defaults" "relatime" ];
};
mkBtrfsMount = name: subvol: atime: mkLabelMount name "btrfs" // {
options = [ "autodefrag" "compress=zstd:3" "defaults" "discard=async" "space_cache=v2" "ssd" "subvol=${subvol}" (if atime then "relatime" else "noatime") ];
};
submount = mkBtrfsMount "alyssum";
in {
fileSystems = {
"/" = {
device = "rootfs";
fsType = "tmpfs";
options = [ "defaults" "size=8G" "mode=755" ];
};
"/boot" = mkLabelMount "stem" "vfat";
"/flower" = mkBtrfsMount "myosotis" "/@" true;
"/nix" = submount "/@/nix" false;
"/persist" = (submount "/@/persist" true) // { neededForBoot = true; };
"/persist/.snapshots" = submount "/snap/persist" false;
"/var/log/journal" = bind "/persist/journal";
};
}

39
hosts/alyssum/home.syncthing.nix
View file

@ -1,39 +0,0 @@
{ config, lib, ... }:
let
configOn = user: port: {
me.binds."/home/${user}/.config/syncthing" = "${user}/syncthing/config";
me.binds."/home/${user}/.local/state/syncthing" = "${user}/syncthing/state";
systemd.tmpfiles.rules = [ "d /flower/syncthing/${user} 700 ${user} users" ];
users.users.${user} = {
hashedPasswordFile = config.age.secrets.passwd.path;
isNormalUser = true;
linger = true;
};
home-manager.users.${user} = { ... }: {
home = {
username = "${user}";
homeDirectory = "/home/${user}";
stateVersion = "26.05";
};
services.syncthing = {
enable = true;
guiAddress = "[::]:${toString port}";
overrideDevices = false;
overrideFolders = false;
settings = {
options.listenAddresses = [
"tcp://0.0.0.0:2${toString port}"
"quic://0.0.0.0:2${toString port}"
"dynamic+https://relays.syncthing.net/endpoint"
];
defaults.folder.path = "/flower/syncthing/${user}";
};
};
};
};
in lib.mkMerge [
(configOn "kujira" 8385)
(configOn "cilly" 8386)
]

12
hosts/alyssum/kernel.nix
View file

@ -1,12 +0,0 @@
{ config, lib, ... }: {
boot = {
loader = {
efi.canTouchEfiVariables = true;
systemd-boot.enable = true;
};
initrd.availableKernelModules = [ "nvme" "xhci_pci" "usb_storage" "sd_mod" "rtsx_usb_sdmmc" ];
initrd.kernelModules = [ ];
kernelModules = [ "kvm-amd" ];
};
hardware.cpu.amd.updateMicrocode = true;
}

15
hosts/alyssum/networking.nix
View file

@ -1,15 +0,0 @@
{ config, ... }: {
networking = {
useDHCP = true;
wireless.enable = true;
interfaces.wlp1s0.useDHCP = false;
interfaces.wlp1s0.ipv4.addresses = [{
address = "192.168.1.167";
prefixLength = 24;
}];
defaultGateway = "192.168.1.1";
nameservers = [ "8.8.8.8" "8.8.4.4" ];
};
}

84
hosts/alyssum/samba.nix
View file

@ -1,84 +0,0 @@
{ config, lib, pkgs, ... }:
let
configOn = user: let
passwd_fname = "passwd_smb${user}";
in {
age.secrets.${passwd_fname}.file = ../../secrets/${passwd_fname}.age;
me.binds."/flower/smb/${user}/music" = "/flower/media/music/${user}";
me.binds."/flower/smb/${user}/syncthing" = "/flower/syncthing/${user}";
users.users.${user} = {
hashedPasswordFile = config.age.secrets.passwd.path;
isNormalUser = true;
};
system.activationScripts = {
init_smbpasswd.text = let
smbpasswd = "${config.services.samba.package}/bin/smbpasswd";
in ''
printf "$(cat ${config.age.secrets.${passwd_fname}.path})\n$(cat ${config.age.secrets.${passwd_fname}.path})\n" | ${smbpasswd} -sa ${user}
'';
};
services.samba.settings."${user}" = {
"path" = "/flower/smb/${user}";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = user;
"force group" = "users";
"valid users" = user;
};
};
in lib.mkMerge [
(configOn "cilly")
(configOn "kujira")
{
me.binds."/flower/smb/kujira/opencloud" = "/flower/opencloud/data/storage/users/users/a8e29fc0-673c-4c67-be00-2442904acb43";
networking.firewall.allowPing = true;
services.samba = {
enable = true;
package = pkgs.samba4Full;
openFirewall = true;
settings = {
global = {
"server smb encrypt" = "required";
"workgroup" = "WORKGROUP";
"server string" = "smbnix";
"netbios name" = "smbnix";
"security" = "user";
"hosts allow" = "100.64.0.0/10 127.0.0.1 alyssum localhost";
"hosts deny" = "0.0.0.0/0";
"guest account" = "nobody";
"map to guest" = "bad user";
};
"public" = {
"path" = "/flower/smb/public";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "hana";
"force group" = "users";
};
};
};
services.samba-wsdd = {
enable = true;
openFirewall = true;
};
services.avahi = {
enable = true;
openFirewall = true;
nssmdns4 = true;
publish.enable = true;
publish.userServices = true;
};
}
]

60
hosts/anemone/default.nix
View file

@ -1,60 +0,0 @@
{ config, inputs, modules, overlays, pkgs, ... }: {
networking.hostName = "anemone";
system.stateVersion = "23.11";
time.timeZone = "Australia/Melbourne";
nixpkgs.overlays = [ inputs.neovim-nightly.overlays.default ];
age.secrets = {
wg_anemone.file = ../../secrets/wg_anemone.age;
passwd.file = ../../secrets/passwd.age;
};
imports = with modules.system; [
home-manager
audio
base
bluetooth
ccache
corectrl
docker
flatpak
greetd
gui
input
kernel
nix
packages
printing
security
snapper
tailscale
wireguard
./filesystem.nix
./kernel.nix
./networking.nix
../../users/rin
modules.services.syncthing
];
me = {
environment = "laptop";
batteryDevice = "BATT";
kbBacklightDevice = "asus::kbd_backlight";
hasFingerprint = true;
hidpi = true;
};
programs.wireshark = {
enable = true;
package = pkgs.wireshark;
};
services.fprintd.enable = true;
services.tlp.enable = true;
programs.kdeconnect.enable = true;
}

36
hosts/anemone/filesystem.nix
View file

@ -1,36 +0,0 @@
{ config, lib, ... }:
let
mkLabelMount = label: type: lazy: {
device = "/dev/disk/by-label/${label}";
fsType = type;
options = [ "defaults" "relatime" ] ++ lib.optionals lazy [ "nofail" ];
};
mkBtrfsMount = name: subvol: atime: mkLabelMount name "btrfs" false // {
options = [ "autodefrag" "compress=zstd:3" "defaults" "discard=async" "space_cache=v2" "ssd" "subvol=${subvol}" (if atime then "relatime" else "noatime") ];
};
submount = mkBtrfsMount "Anemone";
in
{
fileSystems = {
"/" = {
device = "rootfs";
fsType = "tmpfs";
options = [ "defaults" "size=8G" "mode=755" ];
};
"/boot" = mkLabelMount "SYSTEM" "vfat" true;
"/mnt/butter" = submount "/" true;
"/nix" = submount "/current/snow" false;
"/home" = submount "/current/home" true;
"/home/.snapshots" = submount "/snapshot/home" false;
"/root" = submount "/current/root" false;
"/var" = submount "/current/var" false;
"/persist" = {
depends = [ "/var" ];
device = "/var/persist";
fsType = "none";
options = [ "bind" ];
neededForBoot = true;
};
};
}

62
hosts/anemone/kernel.nix
View file

@ -1,62 +0,0 @@
{ config, lib, pkgs, ... }: {
boot = {
consoleLogLevel = 0;
loader = {
efi.canTouchEfiVariables = true;
systemd-boot.enable = true;
};
initrd = {
availableKernelModules = [ "xhci_pci" "nvme" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
systemd.enable = true;
verbose = false;
};
kernelModules = [ "kvm-amd" ];
kernelPackages = lib.mkForce (pkgs.linuxPackagesFor pkgs.me.linux-lava);
kernelParams = [
"quiet"
"console=tty2"
"systemd.show_status=0"
"rd.systemd.show_status=0"
"rd.udev.log_level=3"
"udev.log_level=3"
"udev.log_priority=3"
];
};
# swapDevices = [{
# device = "/persist/swapfile";
# size = 16 * 1024;
# }];
#
# systemd.sleep.extraConfig = ''
# HibernateMode=shutdown
# '';
/*
services.logind.lidSwitch = "suspend-then-hibernate";
systemd.sleep.extraConfig = ''
HibernateDelaySec=14400
SuspendEstimationSec=3600
HibernateOnACPower=true
'';
*/
powerManagement.cpufreq.min = 400000;
hardware.cpu.amd.updateMicrocode = true;
hardware.firmware = let
fw = "${pkgs.linux-firmware}/lib/firmware/cirrus/";
in [(
pkgs.runCommandNoCC "cs35l41-10431683" { } ''
mkdir -p $out/lib/firmware/cirrus
cd $out/lib/firmware/cirrus
cp ${fw}/cs35l41-dsp1-spk-prot-10431e12-spkid0-l0.bin cs35l41-dsp1-spk-prot-10431683-spkid0-l0.bin
cp ${fw}/cs35l41-dsp1-spk-prot-10431e12-spkid0-l0.bin cs35l41-dsp1-spk-prot-10431683-spkid0-r0.bin
cp ${fw}/cs35l41-dsp1-spk-prot-10431e12-spkid0-l0.bin cs35l41-dsp1-spk-prot-10431683-spkid1-l0.bin
cp ${fw}/cs35l41-dsp1-spk-prot-10431e12-spkid0-l0.bin cs35l41-dsp1-spk-prot-10431683-spkid1-r0.bin
cp ${fw}/cs35l41-dsp1-spk-prot-10431e12.wmfw cs35l41-dsp1-spk-prot-10431683.wmfw
''
)];
}

4
hosts/anemone/networking.nix
View file

@ -1,4 +0,0 @@
{ config, ... }: {
networking.wireless.iwd.enable = true;
environment.etc."NetworkManager/system-connections".source = "/persist/nm_system-connections";
}

27
hosts/hyacinth/default.nix → hosts/blossom/default.nix
View file

@ -1,47 +1,40 @@
{ config, inputs, modules, overlays, pkgs, ... }: { { config, inputs, modules, overlays, pkgs, ... }: {
networking.hostName = "hyacinth"; networking.hostName = "blossom";
system.stateVersion = "21.11"; system.stateVersion = "21.11";
time.timeZone = "Australia/Melbourne"; time.timeZone = "Asia/Phnom_Penh";
nixpkgs.overlays = [ inputs.neovim-nightly.overlays.default ]; boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
nixpkgs.overlays = [ inputs.neovim-nightly.overlay ];
age.secrets = { age.secrets = {
passwd.file = ../../secrets/passwd.age; passwd.file = ../../secrets/passwd.age;
wg_hyacinth.file = ../../secrets/wg_hyacinth.age; wg_blossom.file = ../../secrets/wg_blossom.age;
wpa_conf.file = ../../secrets/wpa_conf.age; wpa_conf.file = ../../secrets/wpa_conf.age;
}; };
imports = with modules.system; [ imports = with modules.system; [
inputs.home-manager.nixosModule
home-manager home-manager
aagl
audio audio
base base
bluetooth
ccache
corectrl
docker
flatpak
greetd greetd
gui gui
input input
kernel kernel
nix nix
packages packages
printing
security security
snapper snapper
tailscale
wireguard wireguard
modules.services.syncthing
./filesystem.nix ./filesystem.nix
./kernel.nix ./kernel.nix
./networking.nix ./networking.nix
./packages.nix
../../users/rin ../../users/rin
]; ];
systemd.services.nix-daemon.environment.TMPDIR = "/nix/tmp";
me.hasBluetooth = true; hardware.opengl.package = (pkgs.mesa.overrideAttrs(o: {
patches = o.patches ++ [ ./mesa_mr_17182.patch ];
})).drivers;
} }

41
hosts/blossom/filesystem.nix Normal file
View file

@ -0,0 +1,41 @@
{ config, ... }:
let
mkMount = uuid: type: {
device = "/dev/disk/by-uuid/${uuid}";
fsType = type;
options = [ "defaults" "relatime" ];
};
mkBtrfsMount = subvolid: atime: mkMount "cf0f4302-f006-46a5-afc7-ada04d17f6f2" "btrfs" // {
options = [ "autodefrag" "compress=zstd:3" "defaults" "discard=async" "space_cache=v2" "ssd" "subvolid=${builtins.toString subvolid}" (if atime then "relatime" else "noatime") ];
};
in
{
fileSystems = {
"/" = {
device = "rootfs";
fsType = "tmpfs";
options = [ "defaults" "size=4G" "mode=755" ];
};
"/boot" = mkMount "186A-A42E" "vfat";
"/mnt/butter" = mkBtrfsMount 5 true;
"/nix" = mkBtrfsMount 257 false;
"/home" = mkBtrfsMount 259 true;
"/home/.snapshots" = mkBtrfsMount 262 false;
"/root" = mkBtrfsMount 260 false;
"/var" = mkBtrfsMount 258 false;
"/persist" = {
depends = [ "/var" ];
device = "/var/persist";
fsType = "none";
options = [ "bind" ];
neededForBoot = true;
};
# "/mnt/nfs" = {
# device = "192.168.100.11:/srv/nfs";
# fsType = "nfs";
# options = [ "defaults" ];
# };
};
}

25
hosts/blossom/kernel.nix Normal file
View file

@ -0,0 +1,25 @@
{ config, lib, pkgs, ... }: {
boot = {
loader = {
efi.canTouchEfiVariables = true;
grub = {
enable = true;
efiSupport = true;
device = "nodev";
useOSProber = lib.mkForce false;
};
};
initrd.kernelModules = [ "i915" ];
kernelParams = [
"amdgpu.gpu_recovery=1"
"amdgpu.si_support=1"
"radeon.si_support=0"
"intel_pstate=passive"
"msr.allow_writes=on"
];
kernelPackages = lib.mkForce (pkgs.linuxPackagesFor pkgs.me.linux-lava);
extraModulePackages = [ config.boot.kernelPackages.v4l2loopback.out ];
kernelModules = [ "v4l2loopback" ];
};
}

601
hosts/blossom/mesa_mr_17182.patch Normal file
View file

@ -0,0 +1,601 @@
diff --git a/src/gallium/drivers/zink/ci/zink-anv-tgl-fails.txt b/src/gallium/drivers/zink/ci/zink-anv-tgl-fails.txt
new file mode 100644
index 00000000000..c4dd948333e
--- /dev/null
+++ b/src/gallium/drivers/zink/ci/zink-anv-tgl-fails.txt
@@ -0,0 +1,215 @@
+# https://gitlab.freedesktop.org/mesa/mesa/-/merge_requests/17182
+KHR-GL46.buffer_storage.map_persistent_texture,Fail
+KHR-GL46.copy_image.incompatible_formats_compression,Fail
+KHR-GL46.copy_image.invalid_alignment,Fail
+KHR-GL46.copy_image.smoke_test,Fail
+KHR-GL46.direct_state_access.textures_compressed_subimage,Fail
+KHR-GL46.direct_state_access.textures_get_image,Fail
+KHR-GL46.direct_state_access.textures_image_query_errors,Fail
+KHR-GL46.direct_state_access.textures_subimage_errors,Fail
+KHR-GL46.get_texture_sub_image.errors_test,Fail
+KHR-GL46.get_texture_sub_image.functional_test,Fail
+KHR-GL46.internalformat.copy_tex_image.rgb9_e5,Fail
+KHR-GL46.internalformat.texture2d.rgba_unsigned_byte_rgb9_e5,Fail
+KHR-GL46.packed_pixels.pbo_rectangle.compressed_red,Fail
+KHR-GL46.packed_pixels.pbo_rectangle.compressed_red_rgtc1,Fail
+KHR-GL46.packed_pixels.pbo_rectangle.compressed_rg,Fail
+KHR-GL46.packed_pixels.pbo_rectangle.compressed_rg_rgtc2,Fail
+KHR-GL46.packed_pixels.pbo_rectangle.compressed_rgb,Fail
+KHR-GL46.packed_pixels.pbo_rectangle.compressed_rgba,Fail
+KHR-GL46.packed_pixels.pbo_rectangle.compressed_signed_red_rgtc1,Fail
+KHR-GL46.packed_pixels.pbo_rectangle.compressed_signed_rg_rgtc2,Fail
+KHR-GL46.packed_pixels.pbo_rectangle.compressed_srgb,Fail
+KHR-GL46.packed_pixels.pbo_rectangle.compressed_srgb_alpha,Fail
+KHR-GL46.packed_pixels.pbo_rectangle.rgb9_e5,Fail
+KHR-GL46.packed_pixels.rectangle.compressed_red,Fail
+KHR-GL46.packed_pixels.rectangle.compressed_red_rgtc1,Fail
+KHR-GL46.packed_pixels.rectangle.compressed_rg,Fail
+KHR-GL46.packed_pixels.rectangle.compressed_rg_rgtc2,Fail
+KHR-GL46.packed_pixels.rectangle.compressed_rgb,Fail
+KHR-GL46.packed_pixels.rectangle.compressed_rgba,Fail
+KHR-GL46.packed_pixels.rectangle.compressed_signed_red_rgtc1,Fail
+KHR-GL46.packed_pixels.rectangle.compressed_signed_rg_rgtc2,Fail
+KHR-GL46.packed_pixels.rectangle.compressed_srgb,Fail
+KHR-GL46.packed_pixels.rectangle.compressed_srgb_alpha,Fail
+KHR-GL46.packed_pixels.rectangle.rgb9_e5,Fail
+KHR-GL46.packed_pixels.varied_rectangle.compressed_red,Fail
+KHR-GL46.packed_pixels.varied_rectangle.compressed_red_rgtc1,Fail
+KHR-GL46.packed_pixels.varied_rectangle.compressed_rg,Fail
+KHR-GL46.packed_pixels.varied_rectangle.compressed_rg_rgtc2,Fail
+KHR-GL46.packed_pixels.varied_rectangle.compressed_rgb,Fail
+KHR-GL46.packed_pixels.varied_rectangle.compressed_rgba,Fail
+KHR-GL46.packed_pixels.varied_rectangle.compressed_signed_red_rgtc1,Fail
+KHR-GL46.packed_pixels.varied_rectangle.compressed_signed_rg_rgtc2,Fail
+KHR-GL46.packed_pixels.varied_rectangle.compressed_srgb,Fail
+KHR-GL46.packed_pixels.varied_rectangle.compressed_srgb_alpha,Fail
+KHR-GL46.packed_pixels.varied_rectangle.rgb9_e5,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage2d.rgb_s3tc_dxt1.0_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage2d.rgb_s3tc_dxt1.0_16,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage2d.rgb_s3tc_dxt1.0_32,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage2d.rgb_s3tc_dxt1.0_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage2d.rgb_s3tc_dxt1.16_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage2d.rgb_s3tc_dxt1.16_16,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage2d.rgb_s3tc_dxt1.16_32,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage2d.rgb_s3tc_dxt1.16_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage2d.rgb_s3tc_dxt1.32_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage2d.rgb_s3tc_dxt1.32_16,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage2d.rgb_s3tc_dxt1.32_32,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage2d.rgb_s3tc_dxt1.32_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage2d.rgb_s3tc_dxt1.4_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage2d.rgb_s3tc_dxt1.4_16,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage2d.rgb_s3tc_dxt1.4_32,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage2d.rgb_s3tc_dxt1.4_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage2d.rgba_astc_8x5.0_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage2d.rgba_astc_8x5.0_15,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage2d.rgba_astc_8x5.0_30,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage2d.rgba_astc_8x5.0_5,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage2d.rgba_astc_8x5.16_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage2d.rgba_astc_8x5.16_15,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage2d.rgba_astc_8x5.16_30,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage2d.rgba_astc_8x5.16_5,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage2d.rgba_astc_8x5.32_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage2d.rgba_astc_8x5.32_15,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage2d.rgba_astc_8x5.32_30,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage2d.rgba_astc_8x5.32_5,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage2d.rgba_astc_8x5.8_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage2d.rgba_astc_8x5.8_15,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage2d.rgba_astc_8x5.8_30,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage2d.rgba_astc_8x5.8_5,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.0_0_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.0_0_1,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.0_0_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.0_0_8,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.0_16_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.0_16_1,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.0_16_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.0_16_8,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.0_32_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.0_32_1,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.0_32_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.0_32_8,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.0_4_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.0_4_1,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.0_4_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.0_4_8,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.16_0_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.16_0_1,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.16_0_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.16_0_8,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.16_16_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.16_16_1,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.16_16_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.16_16_8,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.16_32_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.16_32_1,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.16_32_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.16_32_8,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.16_4_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.16_4_1,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.16_4_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.16_4_8,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.32_0_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.32_0_1,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.32_0_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.32_0_8,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.32_16_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.32_16_1,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.32_16_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.32_16_8,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.32_32_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.32_32_1,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.32_32_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.32_32_8,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.32_4_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.32_4_1,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.32_4_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.32_4_8,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.4_0_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.4_0_1,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.4_0_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.4_0_8,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.4_16_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.4_16_1,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.4_16_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.4_16_8,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.4_32_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.4_32_1,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.4_32_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.4_32_8,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.4_4_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.4_4_1,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.4_4_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgb_s3tc_dxt1.4_4_8,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.0_0_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.0_0_1,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.0_0_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.0_0_8,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.0_15_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.0_15_1,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.0_15_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.0_15_8,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.0_30_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.0_30_1,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.0_30_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.0_30_8,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.0_5_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.0_5_1,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.0_5_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.0_5_8,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.16_0_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.16_0_1,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.16_0_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.16_0_8,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.16_15_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.16_15_1,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.16_15_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.16_15_8,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.16_30_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.16_30_1,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.16_30_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.16_30_8,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.16_5_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.16_5_1,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.16_5_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.16_5_8,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.32_0_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.32_0_1,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.32_0_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.32_0_8,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.32_15_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.32_15_1,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.32_15_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.32_15_8,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.32_30_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.32_30_1,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.32_30_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.32_30_8,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.32_5_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.32_5_1,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.32_5_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.32_5_8,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.8_0_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.8_0_1,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.8_0_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.8_0_8,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.8_15_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.8_15_1,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.8_15_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.8_15_8,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.8_30_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.8_30_1,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.8_30_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.8_30_8,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.8_5_0,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.8_5_1,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.8_5_4,Fail
+KHR-GL46.pixelstoragemodes.compressedteximage3d.rgba_astc_8x5.8_5_8,Fail
+KHR-GL46.texture_border_clamp.Texture2DArrayCompressed,Fail
+KHR-GL46.texture_border_clamp.Texture2DArrayCompressedLinear,Fail
+KHR-GL46.texture_border_clamp.Texture2DCompressed,Fail
+KHR-GL46.texture_border_clamp.Texture2DCompressedLinear,Fail
+KHR-GL46.texture_cube_map_array.etc2_texture,Fail
+KHR-GL46.texture_filter_anisotropic.drawing,Fail
+KHR-GL46.texture_size_promotion.functional,Fail
+KHR-GL46.texture_view.errors,Fail
+KHR-GL46.texture_view.view_classes,Fail
diff --git a/src/intel/isl/isl_format.c b/src/intel/isl/isl_format.c
index e0c539bf935..0e4e5533c3c 100644
--- a/src/intel/isl/isl_format.c
+++ b/src/intel/isl/isl_format.c
@@ -952,7 +952,10 @@ isl_formats_have_same_bits_per_channel(enum isl_format format1,
return fmtl1->channels.r.bits == fmtl2->channels.r.bits &&
fmtl1->channels.g.bits == fmtl2->channels.g.bits &&
fmtl1->channels.b.bits == fmtl2->channels.b.bits &&
- fmtl1->channels.a.bits == fmtl2->channels.a.bits;
+ fmtl1->channels.a.bits == fmtl2->channels.a.bits &&
+ fmtl1->channels.l.bits == fmtl2->channels.l.bits &&
+ fmtl1->channels.i.bits == fmtl2->channels.i.bits &&
+ fmtl1->channels.p.bits == fmtl2->channels.p.bits;
}
/**
diff --git a/src/intel/vulkan/anv_formats.c b/src/intel/vulkan/anv_formats.c
index ec9ba0745e6..90812d305dd 100644
--- a/src/intel/vulkan/anv_formats.c
+++ b/src/intel/vulkan/anv_formats.c
@@ -988,6 +988,175 @@ void anv_GetPhysicalDeviceFormatProperties2(
}
}
+static bool
+anv_format_supports_usage(
+ VkFormatFeatureFlags2KHR format_feature_flags,
+ VkImageUsageFlags usage_flags)
+{
+ if (usage_flags & VK_IMAGE_USAGE_TRANSFER_SRC_BIT) {
+ if (!(format_feature_flags & (VK_FORMAT_FEATURE_2_TRANSFER_SRC_BIT |
+ VK_FORMAT_FEATURE_2_BLIT_SRC_BIT))) {
+ return false;
+ }
+ }
+
+ if (usage_flags & VK_IMAGE_USAGE_TRANSFER_DST_BIT) {
+ if (!(format_feature_flags & (VK_FORMAT_FEATURE_2_TRANSFER_DST_BIT |
+ VK_FORMAT_FEATURE_2_BLIT_DST_BIT))) {
+ return false;
+ }
+ }
+
+ if (usage_flags & VK_IMAGE_USAGE_SAMPLED_BIT) {
+ if (!(format_feature_flags & VK_FORMAT_FEATURE_2_SAMPLED_IMAGE_BIT)) {
+ return false;
+ }
+ }
+
+ if (usage_flags & VK_IMAGE_USAGE_STORAGE_BIT) {
+ if (!(format_feature_flags & VK_FORMAT_FEATURE_2_STORAGE_IMAGE_BIT)) {
+ return false;
+ }
+ }
+
+ if (usage_flags & VK_IMAGE_USAGE_COLOR_ATTACHMENT_BIT) {
+ if (!(format_feature_flags & VK_FORMAT_FEATURE_2_COLOR_ATTACHMENT_BIT)) {
+ return false;
+ }
+ }
+
+ if (usage_flags & VK_IMAGE_USAGE_DEPTH_STENCIL_ATTACHMENT_BIT) {
+ if (!(format_feature_flags & VK_FORMAT_FEATURE_2_DEPTH_STENCIL_ATTACHMENT_BIT)) {
+ return false;
+ }
+ }
+
+ if (usage_flags & VK_IMAGE_USAGE_TRANSIENT_ATTACHMENT_BIT) {
+ /* Nothing to check. */
+ }
+
+ if (usage_flags & VK_IMAGE_USAGE_INPUT_ATTACHMENT_BIT) {
+ /* Ignore this flag because it was removed from the
+ * provisional_I_20150910 header.
+ */
+ }
+
+ return true;
+}
+
+static bool
+anv_formats_are_compatible(
+ const struct anv_format *img_fmt, const struct anv_format *img_view_fmt,
+ const struct intel_device_info *devinfo, VkImageTiling tiling)
+{
+ if (img_view_fmt->vk_format == VK_FORMAT_UNDEFINED)
+ return false;
+
+ if (img_fmt == img_view_fmt)
+ return true;
+
+ /* TODO: Handle multi-planar images that can have view of a plane with
+ * possibly different type.
+ */
+ if (img_fmt->n_planes != 1 || img_view_fmt->n_planes != 1)
+ return false;
+
+ const enum isl_format img_isl_fmt =
+ anv_get_format_plane(devinfo, img_fmt->vk_format, 0, tiling).isl_format;
+ const enum isl_format img_view_isl_fmt =
+ anv_get_format_plane(devinfo, img_view_fmt->vk_format, 0, tiling).isl_format;
+ if (img_isl_fmt == ISL_FORMAT_UNSUPPORTED ||
+ img_view_isl_fmt == ISL_FORMAT_UNSUPPORTED)
+ return false;
+
+ /* TODO: Handle VK_IMAGE_CREATE_BLOCK_TEXEL_VIEW_COMPATIBLE_BIT. */
+ if (isl_format_is_compressed(img_isl_fmt) !=
+ isl_format_is_compressed(img_view_isl_fmt))
+ return false;
+
+ const struct isl_format_layout *img_fmt_layout =
+ isl_format_get_layout(img_isl_fmt);
+ const struct isl_format_layout *img_view_fmt_layout =
+ isl_format_get_layout(img_view_isl_fmt);
+
+ if (!isl_format_is_compressed(img_isl_fmt)) {
+ /* From the Vulkan 1.3.224 spec "43.1.6. Format Compatibility Classes":
+ *
+ * "Uncompressed color formats are compatible with each other if they
+ * occupy the same number of bits per texel block."
+ */
+ return img_fmt_layout->bpb == img_view_fmt_layout->bpb;
+ }
+
+ /* From the Vulkan 1.3.224 spec "43.1.6. Format Compatibility Classes":
+ *
+ * "Compressed color formats are compatible with each other if the only
+ * difference between them is the numerical type of the uncompressed
+ * pixels (e.g. signed vs. unsigned, or SRGB vs. UNORM encoding)."
+ */
+ return img_fmt_layout->txc == img_view_fmt_layout->txc &&
+ isl_formats_have_same_bits_per_channel(img_isl_fmt, img_view_isl_fmt);
+}
+
+/* Returns a set of feature flags supported by any of the VkFormat listed in
+ * format_list_info or any VkFormat compatible with format.
+ */
+static VkFormatFeatureFlags2
+anv_formats_gather_format_features(
+ const struct intel_device_info *devinfo,
+ const struct anv_format *format,
+ VkImageTiling tiling,
+ const struct isl_drm_modifier_info *isl_mod_info,
+ const VkImageFormatListCreateInfo *format_list_info)
+{
+ VkFormatFeatureFlags2KHR all_formats_feature_flags = 0;
+
+ /* We need to check that each of the usage bits are allowed for at least
+ * one of the potential formats.
+ */
+ if (!format_list_info || format_list_info->viewFormatCount == 0) {
+ /* If we specify no list of possible formats, we need to assume that
+ * every compatible format is possible and consider the features
+ * supported by each of them.
+ */
+ for (uint32_t fmt_arr_ind = 0;
+ fmt_arr_ind < ARRAY_SIZE(anv_formats);
+ ++fmt_arr_ind) {
+ for (uint32_t fmt_ind = 0;
+ fmt_ind < anv_formats[fmt_arr_ind].n_formats;
+ ++fmt_ind) {
+ const struct anv_format *possible_anv_format =
+ &(anv_formats[fmt_arr_ind].formats[fmt_ind]);
+
+ if (anv_formats_are_compatible(format, possible_anv_format,
+ devinfo, tiling)) {
+ VkFormatFeatureFlags2KHR view_format_features =
+ anv_get_image_format_features2(devinfo,
+ possible_anv_format->vk_format,
+ possible_anv_format, tiling,
+ isl_mod_info);
+ all_formats_feature_flags |= view_format_features;
+ }
+ }
+ }
+ } else {
+ /* If we provide the list of possible formats, then check just them. */
+ for (uint32_t i = 0; i < format_list_info->viewFormatCount; ++i) {
+ VkFormat vk_view_format = format_list_info->pViewFormats[i];
+ const struct anv_format *anv_view_format =
+ anv_get_format(vk_view_format);
+ VkFormatFeatureFlags2KHR view_format_features =
+ anv_get_image_format_features2(devinfo, vk_view_format,
+ anv_view_format, tiling,
+ isl_mod_info);
+ all_formats_feature_flags |= view_format_features;
+ }
+ }
+
+ return all_formats_feature_flags;
+}
+
+
static VkResult
anv_get_image_format_properties(
struct anv_physical_device *physical_device,
@@ -1019,29 +1188,6 @@ anv_get_image_format_properties(
}
assert(format->vk_format == info->format);
- format_feature_flags = anv_get_image_format_features2(devinfo, info->format,
- format, info->tiling,
- isl_mod_info);
-
- /* Remove the VkFormatFeatureFlags that are incompatible with any declared
- * image view format. (Removals are more likely to occur when a DRM format
- * modifier is present).
- */
- if ((info->flags & VK_IMAGE_CREATE_MUTABLE_FORMAT_BIT) && format_list_info) {
- for (uint32_t i = 0; i < format_list_info->viewFormatCount; ++i) {
- VkFormat vk_view_format = format_list_info->pViewFormats[i];
- const struct anv_format *anv_view_format = anv_get_format(vk_view_format);
- VkFormatFeatureFlags2KHR view_format_features =
- anv_get_image_format_features2(devinfo, vk_view_format,
- anv_view_format,
- info->tiling,
- isl_mod_info);
- format_feature_flags &= view_format_features;
- }
- }
-
- if (!format_feature_flags)
- goto unsupported;
switch (info->type) {
default:
@@ -1083,21 +1229,56 @@ anv_get_image_format_properties(
break;
}
- /* From the Vulkan 1.2.199 spec:
+ /* From the Vulkan 1.3.218 spec:
+ *
+ * "For images created without VK_IMAGE_CREATE_EXTENDED_USAGE_BIT a usage
+ * bit is valid if it is supported for the format the image is created with.
+ * For images created with VK_IMAGE_CREATE_EXTENDED_USAGE_BIT a usage bit
+ * is valid if it is supported for at least one of the formats
+ * a VkImageView created from the image can have."
*
- * "VK_IMAGE_CREATE_EXTENDED_USAGE_BIT specifies that the image can be
- * created with usage flags that are not supported for the format the
- * image is created with but are supported for at least one format a
- * VkImageView created from the image can have."
+ * "VK_IMAGE_CREATE_MUTABLE_FORMAT_BIT specifies that the image can be
+ * used to create a VkImageView with a different format from the image."
*
- * If VK_IMAGE_CREATE_EXTENDED_USAGE_BIT is set, views can be created with
- * different usage than the image so we can't always filter on usage.
+ * So, if both VK_IMAGE_CREATE_EXTENDED_USAGE_BIT and
+ * VK_IMAGE_CREATE_MUTABLE_FORMAT_BIT are set, views can be created with
+ * different usage than the image, so we can't always filter on usage.
* There is one exception to this below for storage.
+ *
+ * TODO: Handle VK_IMAGE_CREATE_BLOCK_TEXEL_VIEW_COMPATIBLE_BIT combined
+ * with those flags.
*/
- const VkImageUsageFlags image_usage = info->usage;
- VkImageUsageFlags view_usage = image_usage;
- if (info->flags & VK_IMAGE_CREATE_EXTENDED_USAGE_BIT)
- view_usage = 0;
+ format_feature_flags = anv_get_image_format_features2(devinfo, info->format,
+ format, info->tiling,
+ isl_mod_info);
+
+ if (!anv_format_supports_usage(format_feature_flags, info->usage)) {
+ /* If image format itself does not support the usage, and we don't allow
+ * views formats to support it, then we can't support this usage at all.
+ */
+ if (!(info->flags & VK_IMAGE_CREATE_MUTABLE_FORMAT_BIT) ||
+ !(info->flags & VK_IMAGE_CREATE_EXTENDED_USAGE_BIT))
+ goto unsupported;
+
+ /* From the Vulkan 1.3.224 spec "43.1.6. Format Compatibility Classes":
+ *
+ * "Each depth/stencil format is only compatible with itself."
+ *
+ * So, other formats also can't help.
+ */
+ if (vk_format_is_depth_or_stencil(info->format))
+ goto unsupported;
+
+ /* Gather all possible format feature flags for the formats listed in
+ * the format list or all the compatible formats.
+ */
+ VkFormatFeatureFlags2 all_formats_feature_flags = format_feature_flags |
+ anv_formats_gather_format_features(devinfo, format, info->tiling,
+ isl_mod_info, format_list_info);
+
+ if (!anv_format_supports_usage(all_formats_feature_flags, info->usage))
+ goto unsupported;
+ }
if (info->tiling == VK_IMAGE_TILING_DRM_FORMAT_MODIFIER_EXT) {
/* We support modifiers only for "simple" (that is, non-array
@@ -1116,7 +1297,7 @@ anv_get_image_format_properties(
if (isl_mod_info->aux_usage == ISL_AUX_USAGE_CCS_E &&
!anv_formats_ccs_e_compatible(devinfo, info->flags, info->format,
- info->tiling, image_usage,
+ info->tiling, info->usage,
format_list_info)) {
goto unsupported;
}
@@ -1138,32 +1319,12 @@ anv_get_image_format_properties(
(format_feature_flags & (VK_FORMAT_FEATURE_2_COLOR_ATTACHMENT_BIT_KHR |
VK_FORMAT_FEATURE_2_DEPTH_STENCIL_ATTACHMENT_BIT_KHR)) &&
!(info->flags & VK_IMAGE_CREATE_CUBE_COMPATIBLE_BIT) &&
- !(image_usage & VK_IMAGE_USAGE_STORAGE_BIT) &&
+ !(info->usage & VK_IMAGE_USAGE_STORAGE_BIT) &&
isl_format_supports_multisampling(devinfo, format->planes[0].isl_format)) {
sampleCounts = isl_device_get_sample_counts(&physical_device->isl_dev);
}
- if (view_usage & VK_IMAGE_USAGE_TRANSFER_SRC_BIT) {
- if (!(format_feature_flags & (VK_FORMAT_FEATURE_2_TRANSFER_SRC_BIT_KHR |
- VK_FORMAT_FEATURE_2_BLIT_SRC_BIT_KHR))) {
- goto unsupported;
- }
- }
-
- if (view_usage & VK_IMAGE_USAGE_TRANSFER_DST_BIT) {
- if (!(format_feature_flags & (VK_FORMAT_FEATURE_2_TRANSFER_DST_BIT_KHR |
- VK_FORMAT_FEATURE_2_BLIT_DST_BIT_KHR))) {
- goto unsupported;
- }
- }
-
- if (view_usage & VK_IMAGE_USAGE_SAMPLED_BIT) {
- if (!(format_feature_flags & VK_FORMAT_FEATURE_2_SAMPLED_IMAGE_BIT_KHR)) {
- goto unsupported;
- }
- }
-
- if (image_usage & VK_IMAGE_USAGE_STORAGE_BIT) {
+ if (info->usage & VK_IMAGE_USAGE_STORAGE_BIT) {
/* Non-power-of-two formats can never be used as storage images. We
* only check plane 0 because there are no YCbCr formats with
* non-power-of-two planes.
@@ -1174,24 +1335,6 @@ anv_get_image_format_properties(
goto unsupported;
}
- if (view_usage & VK_IMAGE_USAGE_STORAGE_BIT) {
- if (!(format_feature_flags & VK_FORMAT_FEATURE_2_STORAGE_IMAGE_BIT_KHR)) {
- goto unsupported;
- }
- }
-
- if (view_usage & VK_IMAGE_USAGE_COLOR_ATTACHMENT_BIT) {
- if (!(format_feature_flags & VK_FORMAT_FEATURE_2_COLOR_ATTACHMENT_BIT_KHR)) {
- goto unsupported;
- }
- }
-
- if (view_usage & VK_IMAGE_USAGE_DEPTH_STENCIL_ATTACHMENT_BIT) {
- if (!(format_feature_flags & VK_FORMAT_FEATURE_2_DEPTH_STENCIL_ATTACHMENT_BIT_KHR)) {
- goto unsupported;
- }
- }
-
if (info->flags & VK_IMAGE_CREATE_DISJOINT_BIT) {
/* From the Vulkan 1.2.149 spec, VkImageCreateInfo:
*
@@ -1243,16 +1386,6 @@ anv_get_image_format_properties(
}
}
- if (image_usage & VK_IMAGE_USAGE_TRANSIENT_ATTACHMENT_BIT) {
- /* Nothing to check. */
- }
-
- if (image_usage & VK_IMAGE_USAGE_INPUT_ATTACHMENT_BIT) {
- /* Ignore this flag because it was removed from the
- * provisional_I_20150910 header.
- */
- }
-
/* From the bspec section entitled "Surface Layout and Tiling",
* pre-gfx9 has a 2 GB limitation of the size in bytes,
* gfx9 and gfx10 have a 256 GB limitation and gfx11+

31
hosts/blossom/networking.nix Normal file
View file

@ -0,0 +1,31 @@
{ config, ... }: {
environment.etc."wpa_supplicant.conf".source = config.age.secrets.wpa_conf.path;
networking = {
wireless = {
enable = true;
interfaces = [ "wlp3s0" ];
};
useDHCP = false;
interfaces.eno1.useDHCP = false;
interfaces.wlp3s0.useDHCP = false;
interfaces.eno1.ipv4.addresses = [{
address = "10.0.0.2";
prefixLength = 24;
}];
interfaces.wlp3s0.ipv4.addresses = [{
address = "192.168.100.13";
prefixLength = 24;
}];
defaultGateway = "192.168.100.1";
nameservers = [ "192.168.100.15" ];
extraHosts = ''
192.168.100.12 strawberry
192.168.100.15 caramel
10.100.0.1 sugarcane
'';
};
}

43
hosts/caramel/default.nix Normal file
View file

@ -0,0 +1,43 @@
{ config, inputs, modules, modulesPath, overlays, pkgs, ... }: {
networking.hostName = "caramel";
system.stateVersion = "22.11";
time.timeZone = "Asia/Phnom_Penh";
age.secrets = {
acme_dns.file = ../../secrets/acme_dns.age;
passwd.file = ../../secrets/passwd.age;
warden_admin.file = ../../secrets/warden_admin.age;
wpa_conf.file = ../../secrets/wpa_conf.age;
wg_caramel.file = ../../secrets/wg_caramel.age;
};
imports =
(with modules.system; [
"${builtins.toString modulesPath}/installer/sd-card/sd-image-aarch64.nix"
inputs.home-manager-raccoon.nixosModule
base
home-manager
input
nix-stable
security
transmission
wireguard
./filesystem.nix
./kernel.nix
./image.nix
./networking.nix
./packages.nix
../../users/hana
]) ++
(with modules.services; [
# nginx
# postgres
# synapse
jellyfin
sonarr
tmptsync
unbound
]);
}

50
hosts/caramel/filesystem.nix Normal file
View file

@ -0,0 +1,50 @@
{ config, lib, ... }:
let
bind = src: {
depends = [ "/persist" ];
device = src;
fsType = "none";
neededForBoot = true;
options = [ "bind" ];
};
in {
fileSystems = {
"/" = lib.mkForce {
device = "rootfs";
fsType = "tmpfs";
options = [ "defaults" "size=1G" "mode=755" ];
};
# "/nix" = {
# device = "overlayfs";
# fsType = "overlay";
# options = [
# "lowerdir=/mnt/image/nix"
# "upperdir=/persist/nix-overlay"
# "workdir=/persist/.overlaytmp"
# ];
# noCheck = true;
# depends = [ "/mnt/image" "/persist" ];
# };
"/nix" = (bind "/mnt/image/nix") // { depends = [ "/mnt/image" ]; };
"/mnt/image" = {
device = "/dev/disk/by-label/NIXOS_SD";
fsType = "ext4";
options = [ "defaults" "noatime" ];
neededForBoot = true;
};
"/persist" = {
device = "/dev/disk/by-label/PI_HDD";
fsType = "ext4";
options = [ "defaults" "relatime" ];
neededForBoot = true;
};
"/var/lib/acme" = bind "/persist/acme";
"/var/log/journal" = bind "/persist/journal";
"/boot" = (bind "/mnt/image/boot") // { depends = [ "/mnt/image" ]; };
};
}

29
hosts/caramel/image.nix Normal file
View file

@ -0,0 +1,29 @@
{ config, lib, pkgs, ... }: {
sdImage.expandOnBoot = false;
boot.postBootCommands = ''
# On the first boot do some maintenance tasks
if [ -f /mnt/image/nix-path-registration ]; then
set -euo pipefail
set -x
# Figure out device names for the boot device and root filesystem.
rootPart=$(${pkgs.util-linux}/bin/findmnt -n -o SOURCE /mnt/image)
bootDevice=$(lsblk -npo PKNAME $rootPart)
partNum=$(lsblk -npo MAJ:MIN $rootPart | ${pkgs.gawk}/bin/awk -F: '{print $2}')
# Resize the root partition and the filesystem to fit the disk
echo ",+," | sfdisk -N$partNum --no-reread $bootDevice
${pkgs.parted}/bin/partprobe
${pkgs.e2fsprogs}/bin/resize2fs $rootPart
# Register the contents of the initial Nix store
${config.nix.package.out}/bin/nix-store --load-db < /mnt/image/nix-path-registration
# nixos-rebuild also requires a "system" profile and an /etc/NIXOS tag.
touch /etc/NIXOS
${config.nix.package.out}/bin/nix-env -p /nix/var/nix/profiles/system --set /run/current-system
# Prevents this from running on later boots.
rm -f /mnt/image/nix-path-registration
fi
'';
}

15
hosts/caramel/kernel.nix Normal file
View file

@ -0,0 +1,15 @@
{ config, inputs, lib, pkgs, ... }: {
imports = [
inputs.nixos-hardware.nixosModules.raspberry-pi-4
];
hardware.raspberry-pi."4".fkms-3d.enable = true;
boot = {
initrd.kernelModules = [ "overlay" ];
supportedFilesystems = lib.mkForce [ "btrfs" "vfat" ];
kernel.sysctl = {
"kernel.core_pattern" = "|/bin/false";
"kernel.sysrq" = 1;
};
};
}

35
hosts/caramel/networking.nix Normal file
View file

@ -0,0 +1,35 @@
{ config, ... }: {
environment.etc."wpa_supplicant.conf".source = config.age.secrets.wpa_conf.path;
networking = {
firewall.allowedTCPPorts = [ 80 443 ];
wireless = {
enable = true;
interfaces = [ "wlan0" ];
};
useDHCP = false;
interfaces.wlan0.useDHCP = false;
interfaces.wlan0.ipv4.addresses = [{
address = "192.168.100.15";
prefixLength = 24;
}];
defaultGateway = "192.168.100.1";
nameservers = [ "8.8.8.8" ];
extraHosts = ''
192.168.100.12 strawberry
192.168.100.13 blossom
'';
};
# wait for ntp before connecting to wireguard
systemd = {
additionalUpstreamSystemUnits = [ "systemd-time-wait-sync.service" ];
services = {
"systemd-time-wait-sync".wantedBy = [ "multi-user.target" ];
"wireguard-wg0".after = [ "time-sync.target" ];
};
};
}

2
hosts/dandelion/packages.nix → hosts/caramel/packages.nix
View file

@ -1,4 +1,4 @@
{ pkgs, ... }: { { lib, pkgs, ... }: {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
git git
htop htop

44
hosts/dandelion/default.nix
View file

@ -1,44 +0,0 @@
{ inputs, modules, modulesPath, ... }: {
networking.hostName = "dandelion";
system.stateVersion = "23.11";
time.timeZone = "Australia/Melbourne";
age.secrets = {
acme_dns.file = ../../secrets/acme_dns.age;
slskd_env.file = ../../secrets/slskd_env.age;
wg_dandelion.file = ../../secrets/wg_dandelion.age;
};
imports = with modules.system; [
(modulesPath + "/profiles/qemu-guest.nix")
home-manager
base
kernel
nix-stable
packages
security
tailscale
wireguard
modules.services.banksia
modules.services.nginx
modules.services.unbound
modules.services.website
inputs.c-amethyst.nixosModule
inputs.c-beryllium.nixosModule
inputs.c-citrine.nixosModule
inputs.c-diamond.nixosModule
inputs.c-fluorite.nixosModule
./filesystem.nix
./kernel.nix
./networking.nix
./nginx.nix
../../users/hana
];
me.environment = "headless";
}

34
hosts/dandelion/filesystem.nix
View file

@ -1,34 +0,0 @@
{ ... }:
let
bind = src: {
depends = [ "/nix" ];
device = src;
fsType = "none";
neededForBoot = true;
options = [ "bind" ];
};
mkLabelMount = label: type: {
device = "/dev/disk/by-label/${label}";
fsType = type;
options = [ "defaults" "relatime" ];
};
mkBtrfsMount = name: subvol: atime: mkLabelMount name "btrfs" // {
options = [ "autodefrag" "compress=zstd:3" "defaults" "discard=async" "space_cache=v2" "ssd" "subvol=${subvol}" (if atime then "relatime" else "noatime") ];
};
submount = mkBtrfsMount "DANDELION";
in {
fileSystems = {
"/" = {
device = "rootfs";
fsType = "tmpfs";
options = [ "defaults" "size=6G" "mode=755" ];
};
"/boot" = mkLabelMount "UEFI" "vfat";
"/nix" = submount "/@/nix" false;
"/persist" = (submount "/@/persist" true) // { neededForBoot = true; };
"/persist/.snapshots" = submount "/snap/persist" false;
"/var/log/journal" = bind "/persist/journal";
};
}

10
hosts/dandelion/kernel.nix
View file

@ -1,10 +0,0 @@
{ ... }: {
boot = {
loader = {
efi.canTouchEfiVariables = true;
systemd-boot.enable = true;
};
initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ];
initrd.kernelModules = [ "nvme" ];
};
}

4
hosts/dandelion/networking.nix
View file

@ -1,4 +0,0 @@
{ ... }: {
networking.useDHCP = true;
networking.interfaces.enp2s0.useDHCP = false;
}

8
hosts/dandelion/nginx.nix
View file

@ -1,8 +0,0 @@
{ ... }: {
services.nginx.virtualHosts."muse.lava.moe" = {
useACMEHost = "lava.moe";
forceSSL = true;
locations."/".return = "404";
locations."/share/".proxyPass = "http://[fd0d:2::5:2]:4533";
};
}

50
hosts/hyacinth/filesystem.nix
View file

@ -1,50 +0,0 @@
{ config, lib, ... }:
let
mkLabelMount = label: type: {
device = "/dev/disk/by-label/${label}";
fsType = type;
options = [ "defaults" "relatime" ];
};
mkBtrfsMount = name: subvol: atime: mkLabelMount name "btrfs" // {
options = [ "autodefrag" "compress=zstd:3" "defaults" "discard=async" "space_cache=v2" "ssd" "subvol=${subvol}" (if atime then "relatime" else "noatime") ];
};
mkCakeMount = mkBtrfsMount "CAKE";
in
{
fileSystems = {
"/" = {
device = "rootfs";
fsType = "tmpfs";
options = [ "defaults" "size=24G" "mode=755" ];
};
"/boot" = mkLabelMount "CUP" "vfat";
"/mnt/butter" = mkCakeMount "/" true;
"/mnt/cream" = mkBtrfsMount "CREAM" "/" true;
"/mnt/cream/permanence/.snapshots" = mkBtrfsMount "CREAM" "/snapshot/permanence" false;
"/nix" = mkCakeMount "/current/snow" false;
"/home" = mkCakeMount "/current/home" true;
"/home/.snapshots" = mkCakeMount "/snapshot/home" false;
"/root" = mkCakeMount "/current/root" false;
"/var" = mkCakeMount "/current/var" false;
"/persist" = {
depends = [ "/var" ];
device = "/var/persist";
fsType = "none";
options = [ "bind" ];
neededForBoot = true;
};
};
services.snapper.configs.cream = {
FSTYPE = "btrfs";
SUBVOLUME = "/mnt/cream/permanence";
TIMELINE_CLEANUP = true;
TIMELINE_CREATE = true;
TIMELINE_MIN_AGE = "1800";
TIMELINE_LIMIT_HOURLY = "5";
TIMELINE_LIMIT_DAILY = "7";
TIMELINE_LIMIT_WEEKLY = "0";
TIMELINE_LIMIT_MONTHLY = "0";
TIMELINE_LIMIT_YEARLY = "0";
};
}

20
hosts/hyacinth/kernel.nix
View file

@ -1,20 +0,0 @@
{ config, lib, pkgs, ... }: {
boot = {
loader = {
efi.canTouchEfiVariables = true;
systemd-boot.enable = true;
};
initrd.availableKernelModules = [ "xhci_pci" "nvme" ];
initrd.kernelModules = [ "amdgpu" ];
kernelParams = [
"amdgpu.gpu_recovery=1"
"intel_pstate=passive"
"split_lock_detect=off"
];
kernelPackages = lib.mkForce (pkgs.linuxPackagesFor pkgs.me.linux-lava);
};
hardware.amdgpu.overdrive = {
enable = true;
ppfeaturemask = "0xffffffff";
};
}

19
hosts/hyacinth/networking.nix
View file

@ -1,19 +0,0 @@
{ config, ... }: {
environment.etc."wpa_supplicant.conf".source = config.age.secrets.wpa_conf.path;
networking = {
useDHCP = true;
interfaces.enp5s0.useDHCP = false;
interfaces.enp5s0.wakeOnLan.enable = true;
interfaces.enp5s0.ipv4.addresses = [{
address = "192.168.1.201";
prefixLength = 24;
}];
defaultGateway = "192.168.1.1";
nameservers = [ "8.8.8.8" "8.8.4.4" ];
extraHosts = ''
10.100.0.1 sugarcane
'';
};
}

7
hosts/hyacinth/packages.nix
View file

@ -1,7 +0,0 @@
{ pkgs, ... }: {
environment.systemPackages = with pkgs; [
discord
jetbrains.idea
texliveFull
];
}

28
hosts/sugarcane/default.nix Normal file
View file

@ -0,0 +1,28 @@
{ config, inputs, modules, modulesPath, overlays, pkgs, ... }: {
networking.hostName = "sugarcane";
system.stateVersion = "21.11";
time.timeZone = "Asia/Singapore";
age.secrets = {
passwd.file = ../../secrets/passwd.age;
wg_sugarcane.file = ../../secrets/wg_sugarcane.age;
};
imports = with modules.system; [
(modulesPath + "/profiles/qemu-guest.nix")
inputs.home-manager-porcupine.nixosModule
base
home-manager
input
nix-stable
security
wireguard
./filesystem.nix
./kernel.nix
./networking.nix
./packages.nix
../../users/hana
];
}

29
hosts/sugarcane/filesystem.nix Normal file
View file

@ -0,0 +1,29 @@
{ config, ... }:
let
bind = src: {
depends = [ "/nix" ];
device = src;
fsType = "none";
neededForBoot = true;
options = [ "bind" ];
};
in {
fileSystems = {
"/" = {
device = "rootfs";
fsType = "tmpfs";
options = [ "defaults" "size=1G" "mode=755" ];
};
"/nix" = {
device = "/dev/disk/by-uuid/19d572a8-1cf6-4b9c-94c6-3ce6be54f719";
fsType = "ext4";
options = [ "defaults" "noatime" ];
neededForBoot = true;
};
"/persist" = bind "/nix/persist";
"/var/log/journal" = bind "/nix/persist/journal";
"/boot" = bind "/nix/persist/boot";
};
}

17
hosts/sugarcane/kernel.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, inputs, pkgs, ... }: {
boot = {
loader = {
systemd-boot.enable = false;
efi.canTouchEfiVariables = true;
grub = {
enable = true;
device = "/dev/sda";
};
};
initrd.kernelModules = [ "nvme" ];
kernel.sysctl = {
"kernel.core_pattern" = "|/bin/false";
"kernel.sysrq" = 1;
};
};
}

11
hosts/sugarcane/networking.nix Normal file
View file

@ -0,0 +1,11 @@
{ config, ... }: {
networking = {
useDHCP = false;
interfaces.ens3.useDHCP = true;
extraHosts = ''
10.100.0.3 blossom
10.100.0.4 strawberry
'';
};
}

2
hosts/alyssum/packages.nix → hosts/sugarcane/packages.nix
View file

@ -1,4 +1,4 @@
{ pkgs, ... }: { { lib, pkgs, ... }: {
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
git git
htop htop

13
modules/binds.nix
View file

@ -1,13 +0,0 @@
{ config, lib, ...}: {
imports = [ ./options.nix ];
fileSystems = lib.mapAttrs (dest: key: let
target = if (lib.strings.hasPrefix "/" key)
then key
else "/persist/binds/${key}";
in {
depends = [ "/persist" ];
device = target;
fsType = "none";
options = [ "bind" ];
}) config.me.binds;
}

29
modules/default.nix
View file

@ -14,31 +14,19 @@ let
}) paths }) paths
); );
in { in {
binds = ./binds.nix;
options = ./options.nix;
services = mkAttrsFromPaths [ services = mkAttrsFromPaths [
./services/banksia.nix
./services/jellyfin.nix ./services/jellyfin.nix
./services/nginx.nix ./services/nginx.nix
./services/postgres.nix ./services/postgres.nix
./services/sonarr.nix ./services/sonarr.nix
./services/synapse.nix ./services/synapse.nix
./services/syncthing.nix
./services/tmptsync.nix ./services/tmptsync.nix
./services/transmission.nix
./services/unbound.nix ./services/unbound.nix
./services/vaultwarden.nix ./services/vaultwarden.nix
./services/website.nix
]; ];
system = mkAttrsFromPaths [ system = mkAttrsFromPaths [
./system/aagl.nix
./system/audio.nix ./system/audio.nix
./system/base.nix ./system/base.nix
./system/bluetooth.nix
./system/ccache.nix
./system/corectrl.nix
./system/docker.nix
./system/flatpak.nix
./system/greetd.nix ./system/greetd.nix
./system/gui.nix ./system/gui.nix
./system/home-manager.nix ./system/home-manager.nix
@ -47,34 +35,33 @@ in {
./system/nix.nix ./system/nix.nix
./system/nix-stable.nix ./system/nix-stable.nix
./system/packages.nix ./system/packages.nix
./system/printing.nix
./system/security.nix ./system/security.nix
./system/snapper.nix ./system/snapper.nix
./system/tailscale.nix ./system/transmission.nix
./system/virtualisation.nix
./system/wireguard.nix ./system/wireguard.nix
]; ];
user = mkAttrsFromPaths [ user = mkAttrsFromPaths [
./user/catppuccin.nix ./user/bspwm.nix
./user/comma.nix
./user/direnv.nix ./user/direnv.nix
./user/dunst.nix ./user/dunst.nix
./user/eww.nix ./user/eww.nix
./user/git.nix ./user/git.nix
./user/gpg.nix ./user/gpg.nix
./user/hypridle.nix
./user/hyprlock.nix
./user/kitty.nix ./user/kitty.nix
./user/mpv.nix ./user/mpv.nix
./user/neovim.nix ./user/neovim.nix
./user/neovim-minimal.nix ./user/neovim-minimal.nix
./user/npm.nix ./user/npm.nix
./user/obs.nix ./user/packages-rin.nix
./user/pass.nix
./user/picom.nix
./user/polybar.nix
./user/rofi.nix ./user/rofi.nix
./user/sessionVariables.nix ./user/sessionVariables.nix
./user/spicetify.nix ./user/sxhkd.nix
./user/theming.nix ./user/theming.nix
./user/xdg.nix ./user/xdg.nix
./user/xorg.nix
./user/zsh.nix ./user/zsh.nix
]; ];
} }

53
modules/options.nix
View file

@ -1,53 +0,0 @@
{ config, lib, ... }:
let
inherit (lib)
mkOption
types;
in {
options.me = {
environment = mkOption {
type = types.enum [ "desktop" "laptop" "headless" ];
default = "desktop";
};
hasFingerprint = mkOption {
type = types.bool;
default = false;
};
gui = mkOption {
type = types.bool;
default = config.me.environment != "headless";
};
batteryDevice = mkOption {
type = with types; nullOr (uniq str);
default = null;
};
kbBacklightDevice = mkOption {
type = with types; nullOr (uniq str);
default = null;
};
hasBluetooth = mkOption {
type = types.bool;
default = config.me.environment == "laptop";
};
hasWifi = mkOption {
type = types.bool;
default = config.me.environment == "laptop";
};
hidpi = mkOption {
type = types.bool;
default = false;
};
binds = lib.mkOption {
type = with lib.types; attrsOf str;
default = {};
};
};
}

11
modules/services/banksia.nix
View file

@ -1,11 +0,0 @@
# TODO ^^
{ ... }: {
services.nginx.virtualHosts = {
"banksia.lava.moe" = {
useACMEHost = "lava.moe";
forceSSL = true;
locations."/".return = "302 https://lab.lava.moe/cilly/Banksia";
locations."/api".proxyPass = "http://localhost:8080/";
};
};
}

34
modules/services/nginx.nix
View file

@ -1,21 +1,17 @@
{ config, ... }: { { config, inputs, ... }: {
networking.firewall.allowedTCPPorts = [ 80 443 ];
security.acme = { security.acme = {
acceptTerms = true; acceptTerms = true;
defaults = { email = "me@lava.moe";
email = "me@lava.moe";
group = "nginx";
dnsProvider = "cloudflare";
environmentFile = config.age.secrets."acme_dns".path;
};
certs."lava.moe" = { certs."lava.moe" = {
group = "nginx";
domain = "lava.moe";
extraDomainNames = [ extraDomainNames = [
"*.lava.moe" "*.lava.moe"
"*.local.lava.moe" "*.local.lava.moe"
]; ];
dnsProvider = "cloudflare";
credentialsFile = config.age.secrets."acme_dns".path;
}; };
certs."cilly.moe" = {};
certs."cilly.dev" = {};
}; };
services.nginx = { services.nginx = {
@ -24,5 +20,23 @@
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedProxySettings = true; recommendedProxySettings = true;
virtualHosts = {
"lava.moe" = {
useACMEHost = "lava.moe";
forceSSL = true;
root = inputs.website.outPath;
};
"_" = {
default = true;
addSSL = true;
# TODO generate this somewhere
sslCertificate = "/persist/fakeCerts/fake.crt";
sslCertificateKey = "/persist/fakeCerts/fake.key";
extraConfig = ''
return 444;
'';
};
};
}; };
} }

10
modules/services/postgres.nix
View file

@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }: { config, ... }:
let let
dir = "/persist/postgresql/${config.services.postgresql.package.psqlSchema}"; dir = "/persist/postgresql/${config.services.postgresql.package.psqlSchema}";
uid = toString config.ids.uids.postgres; uid = toString config.ids.uids.postgres;
@ -8,13 +8,5 @@ in {
services.postgresql = { services.postgresql = {
enable = true; enable = true;
dataDir = dir; dataDir = dir;
# TODO: broken :3
package = pkgs.postgresql_13;
authentication = lib.mkOverride 10 ''
#type database DBuser origin-address auth-method
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
'';
}; };
} }

23
modules/services/syncthing.nix
View file

@ -1,23 +0,0 @@
{ config, ... }:
let
dir = "/persist/shared/.syncthing";
user = if config.me.gui then "rin" else "hana";
uid = toString config.users.users."${user}".uid;
gid = toString config.users.groups.users.gid;
in
{
systemd.tmpfiles.rules = [
"d ${dir}/config 700 ${uid} ${gid}"
"d ${dir}/data 700 ${uid} ${gid}"
];
systemd.services.syncthing.environment.STNODEFAULTFOLDER = "true";
services.syncthing = {
enable = true;
openDefaultPorts = true;
user = user;
group = "users";
dataDir = "/persist/shared/.syncthing/data";
configDir = "/persist/shared/.syncthing/config";
guiAddress = if config.me.gui then "127.0.0.1:8384" else ":8384";
};
}

27
modules/services/unbound.nix
View file

@ -1,17 +1,8 @@
{ inputs, pkgs, gcSecrets, ... }: { inputs, ... }:
let let
dir = "/persist/unbound"; dir = "/persist/unbound";
converted = pkgs.runCommand "stevenblack-hosts-unbound" {} ''
echo "server:" > "$out"
grep '^0\.0\.0\.0' "${inputs.stevenblack-hosts}/hosts" | awk '{print "local-zone: \""$2"\" always_refuse"}' | tail -n +2 >> "$out"
'';
in { in {
networking.firewall.interfaces."ve-+" = { networking.firewall.interfaces.wlan0 = {
allowedUDPPorts = [ 53 853 ];
allowedTCPPorts = [ 53 853 ];
};
networking.firewall.interfaces.wg0 = {
allowedUDPPorts = [ 53 853 ]; allowedUDPPorts = [ 53 853 ];
allowedTCPPorts = [ 53 853 ]; allowedTCPPorts = [ 53 853 ];
}; };
@ -25,27 +16,17 @@ in {
name = "."; name = ".";
forward-tls-upstream = true; forward-tls-upstream = true;
forward-addr = [ forward-addr = [
"2606:4700:4700::1111@853#cloudflare-dns.com"
"2606:4700:4700::1001@853#cloudflare-dns.com"
"2001:4860:4860::8888@853#dns.google"
"2001:4860:4860::8844@853#dns.google"
"1.1.1.1@853#cloudflare-dns.com" "1.1.1.1@853#cloudflare-dns.com"
"1.0.0.1@853#cloudflare-dns.com" "1.0.0.1@853#cloudflare-dns.com"
"8.8.8.8@853#dns.google"
"8.8.4.4@853#dns.google"
]; ];
}]; }];
server = { server = {
interface = [ "0.0.0.0" "::0" ]; interface = [ "0.0.0.0" ];
access-control = [ access-control = [
"127.0.0.1/8 allow" "127.0.0.1/8 allow"
"10.0.0.0/8 allow" "10.0.0.0/8 allow"
"100.64.0.0/10 allow"
"192.168.100.0/24 allow" "192.168.100.0/24 allow"
"fd0d::/16 allow"
"fd7a:115c:a1e0::/48 allow"
"${gcSecrets.wireguard.ipv6Subnet}:/80 allow"
]; ];
domain-insecure = [ "\"local.lava.moe\"" ]; domain-insecure = [ "\"local.lava.moe\"" ];
local-zone = [ "\"warden.local.lava.moe.\" redirect" ]; local-zone = [ "\"warden.local.lava.moe.\" redirect" ];
@ -54,7 +35,7 @@ in {
]; ];
}; };
include = "${converted}"; include = "${inputs.hosts-blocklists}/unbound/unbound.blacklist.conf";
}; };
}; };

43
modules/services/website.nix
View file

@ -1,43 +0,0 @@
{ inputs, pkgs, ... }: let
pastel = inputs.pastel.packages.${pkgs.system}.default;
in {
services.nginx.virtualHosts = {
"cilly.moe" = {
useACMEHost = "cilly.moe";
forceSSL = true;
root = pastel.outPath;
};
"cilly.dev" = {
useACMEHost = "cilly.dev";
forceSSL = true;
root = pastel.outPath;
};
"lava.moe" = {
useACMEHost = "lava.moe";
forceSSL = true;
root = inputs.website.outPath;
};
"cdn.lava.moe" = {
useACMEHost = "lava.moe";
forceSSL = true;
extraConfig = ''
return 301 https://sh.lava.moe$request_uri;
'';
};
"sh.lava.moe" = {
useACMEHost = "lava.moe";
forceSSL = true;
root = "/persist/cdn";
};
"_" = {
default = true;
addSSL = true;
# TODO generate this somewhere
sslCertificate = "/persist/fakeCerts/fake.crt";
sslCertificateKey = "/persist/fakeCerts/fake.key";
extraConfig = ''
return 444;
'';
};
};
}

6
modules/system/aagl.nix
View file

@ -1,6 +0,0 @@
{ inputs, ... }: {
imports = [ inputs.aagl.nixosModules.default ];
nix.settings = inputs.aagl.nixConfig;
programs.anime-game-launcher.enable = true;
programs.sleepy-launcher.enable = true;
}

94
modules/system/audio.nix
View file

@ -17,6 +17,7 @@ let
rate = toString int.rate; rate = toString int.rate;
}; };
in { in {
sound.enable = false;
security.rtkit.enable = true; security.rtkit.enable = true;
services.pipewire = { services.pipewire = {
enable = true; enable = true;
@ -24,32 +25,18 @@ in {
alsa.support32Bit = true; alsa.support32Bit = true;
pulse.enable = true; pulse.enable = true;
jack.enable = true; jack.enable = true;
};
services.pipewire.extraConfig.pipewire = {
"context.properties" = {
"default.clock.rate" = int.rate;
"default.clock.quantum" = int.quantum.def;
"default.clock.min-quantum" = int.quantum.min;
"default.clock.max-quantum" = int.quantum.max;
};
"context.modules" = [ config.pipewire = {
{ "context.properties" = {
name = "libpipewire-module-rtkit"; "link.max-buffers" = 16;
args = { "default.clock.rate" = int.rate;
"nice.level" = -15; "default.clock.quantum" = int.quantum.def;
"rt.prio" = 88; "default.clock.min-quantum" = int.quantum.min;
"rt.time.soft" = 200000; "default.clock.max-quantum" = int.quantum.max;
"rt.time.hard" = 200000; "core.daemon" = true;
}; "core.name" = "pipewire-0";
} };
];
"stream.properties" = {
"node.latency" = "${str.quantum.min}/${str.rate}";
"resample.quality" = 1;
};
};
services.pipewire.extraConfig.pipewire-pulse = {
"context.modules" = [ "context.modules" = [
{ {
name = "libpipewire-module-rtkit"; name = "libpipewire-module-rtkit";
@ -59,15 +46,57 @@ in {
"rt.time.soft" = 200000; "rt.time.soft" = 200000;
"rt.time.hard" = 200000; "rt.time.hard" = 200000;
}; };
flags = [ "ifexists" "nofail" ];
}
{ name = "libpipewire-module-protocol-native"; }
{ name = "libpipewire-module-profiler"; }
{ name = "libpipewire-module-metadata"; }
{ name = "libpipewire-module-spa-device-factory"; }
{ name = "libpipewire-module-spa-node-factory"; }
{ name = "libpipewire-module-client-node"; }
{ name = "libpipewire-module-client-device"; }
{
name = "libpipewire-module-portal";
flags = [ "ifexists" "nofail" ];
}
{ name = "libpipewire-module-access"; args = {}; }
{ name = "libpipewire-module-adapter"; }
{ name = "libpipewire-module-link-factory"; }
{ name = "libpipewire-module-session-manager"; }
];
"stream.properties" = {
"node.latency" = "${str.quantum.min}/${str.rate}";
"resample.quality" = 1;
};
};
config.pipewire-pulse = {
"context.modules" = [
{
name = "libpipewire-module-rtkit";
args = {
"nice.level" = -15;
"rt.prio" = 88;
"rt.time.soft" = 200000;
"rt.time.hard" = 200000;
};
flags = [ "ifexists" "nofail" ];
}
{ name = "libpipewire-module-protocol-native"; }
{ name = "libpipewire-module-client-node"; }
{ name = "libpipewire-module-adapter"; }
{ name = "libpipewire-module-metadata"; }
{
name = "libpipewire-module-protocol-pulse";
args = {
"pulse.min.req" = "${str.quantum.min}/${str.rate}";
"pulse.default.req" = "${str.quantum.def}/${str.rate}";
"pulse.max.req" = "${str.quantum.max}/${str.rate}";
"pulse.min.quantum" = "${str.quantum.min}/${str.rate}";
"pulse.max.quantum" = "${str.quantum.max}/${str.rate}";
"server.address" = [ "unix:native" ];
};
} }
]; ];
"pulse.properties" = {
"pulse.min.req" = "${str.quantum.min}/${str.rate}";
"pulse.default.req" = "${str.quantum.def}/${str.rate}";
"pulse.max.req" = "${str.quantum.max}/${str.rate}";
"pulse.min.quantum" = "${str.quantum.min}/${str.rate}";
"pulse.max.quantum" = "${str.quantum.max}/${str.rate}";
};
"pulse.rules" = [ "pulse.rules" = [
{ {
# Discord notification sounds fix # Discord notification sounds fix
@ -83,6 +112,7 @@ in {
"node.latency" = "${str.quantum.min}/${str.rate}"; "node.latency" = "${str.quantum.min}/${str.rate}";
"resample.quality" = 1; "resample.quality" = 1;
}; };
};
}; };
} }

9
modules/system/base.nix
View file

@ -1,6 +1,4 @@
{ config, inputs, modules, ... }: { { config, enableGUI, inputs, modules, overlays, ... }: {
imports = [ modules.binds modules.options ];
environment.etc = { environment.etc = {
"machine-id".source = "/persist/machine-id"; "machine-id".source = "/persist/machine-id";
"ssh/ssh_host_rsa_key".source = "/persist/ssh_host_rsa_key"; "ssh/ssh_host_rsa_key".source = "/persist/ssh_host_rsa_key";
@ -10,9 +8,7 @@
}; };
environment.pathsToLink = [ "/share/zsh" ]; environment.pathsToLink = [ "/share/zsh" ];
i18n.defaultLocale = "en_AU.UTF-8"; i18n.defaultLocale = "en_GB.UTF-8";
i18n.extraLocales = [ "en_GB.UTF-8/UTF-8" ];
users.mutableUsers = false; users.mutableUsers = false;
system = { system = {
@ -23,5 +19,6 @@
}; };
}; };
nix.registry.config.flake = inputs.self; nix.registry.config.flake = inputs.self;
nix.registry.nixpkgs.flake = inputs.nixpkgs;
nix.registry.shells.flake = inputs.self; nix.registry.shells.flake = inputs.self;
} }

6
modules/system/bluetooth.nix
View file

@ -1,6 +0,0 @@
{ ... }: {
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
};
}

3
modules/system/ccache.nix
View file

@ -1,3 +0,0 @@
{ config, ... }: {
programs.ccache.enable = true;
}

5
modules/system/corectrl.nix
View file

@ -1,5 +0,0 @@
{ ... }: {
programs.corectrl = {
enable = true;
};
}

13
modules/system/docker.nix
View file

@ -1,13 +0,0 @@
{ pkgs, ... }: {
virtualisation.docker = {
enable = true;
storageDriver = "btrfs";
# rootless = {
# enable = true;
# setSocketVariable = true;
# };
};
environment.systemPackages = [
pkgs.docker-compose
];
}

8
modules/system/flatpak.nix
View file

@ -1,8 +0,0 @@
{ pkgs, ... }: {
services.flatpak.enable = true;
xdg.portal = {
enable = true;
extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
config.common.default = "*";
};
}

11
modules/system/greetd.nix
View file

@ -1,18 +1,11 @@
{ pkgs, ... }: { { pkgs, lib, ... }: {
services.greetd = { services.greetd = {
enable = true; enable = true;
settings = { settings = {
default_session = { default_session = {
command = "${pkgs.tuigreet}/bin/tuigreet --remember --asterisks --time --cmd 'zsh -c \"source $HOME/.config/zsh/.zshrc && Hyprland > $XDG_RUNTIME_DIR/Hyprland.out\"'"; command = "${pkgs.greetd.tuigreet}/bin/tuigreet --remember --asterisks --time --cmd 'zsh -c \"source $HOME/.config/zsh/.zshrc && startx\"'";
user = "greeter"; user = "greeter";
}; };
initial_session = {
command = "${pkgs.writeShellScript "launch.sh" ''
zsh -c "source $HOME/.config/zsh/.zshrc && Hyprland > \"$XDG_RUNTIME_DIR/Hyprland.out\""
''}";
user = "rin";
};
}; };
}; };
} }

21
modules/system/gui.nix
View file

@ -1,6 +1,6 @@
{ config, lib, pkgs, ... }: { { config, lib, pkgs, ... }: {
fonts = { fonts = {
enableDefaultPackages = true; enableDefaultFonts = true;
fontconfig = { fontconfig = {
defaultFonts = { defaultFonts = {
serif = [ "NotoSerif" ]; serif = [ "NotoSerif" ];
@ -8,13 +8,15 @@
monospace = [ "CascadiaCode" ]; monospace = [ "CascadiaCode" ];
}; };
}; };
packages = with pkgs; [ fonts = with pkgs; [
material-symbols
material-icons
cascadia-code cascadia-code
font-awesome
font-awesome_4
hanazono hanazono
material-icons
noto-fonts noto-fonts
noto-fonts-cjk-sans noto-fonts-cjk
noto-fonts-extra
open-sans open-sans
twemoji-color-font twemoji-color-font
unifont unifont
@ -22,10 +24,11 @@
}; };
services.xserver = { services.xserver = {
enable = true; enable = true;
displayManager.lightdm.enable = lib.mkForce false; autorun = false;
displayManager = {
lightdm.enable = lib.mkForce false;
startx.enable = true;
};
desktopManager.xterm.enable = false; desktopManager.xterm.enable = false;
}; };
programs.hyprland.enable = true;
security.pam.services.hyprlock = {};
} }

13
modules/system/home-manager.nix
View file

@ -1,19 +1,10 @@
{ config, inputs, modules, ... }: { { config, enableGUI, inputs, modules, ... }: {
imports = [
inputs.home-manager.nixosModules.home-manager
];
home-manager = { home-manager = {
useGlobalPkgs = true; useGlobalPkgs = true;
useUserPackages = true; useUserPackages = true;
extraSpecialArgs = { extraSpecialArgs = {
inherit inputs modules; inherit enableGUI inputs modules;
sysConfig = config; sysConfig = config;
}; };
sharedModules = [
{
imports = [ modules.options ];
config.me = config.me;
}
];
}; };
} }

21
modules/system/input.nix
View file

@ -1,4 +1,4 @@
{ ... }: { { config, lib, pkgs, ... }: {
services.xserver = { services.xserver = {
displayManager = { displayManager = {
xserverArgs = [ xserverArgs = [
@ -6,19 +6,14 @@
"-arinterval 15" "-arinterval 15"
]; ];
}; };
}; libinput = {
services.keyd = { enable = true;
enable = true; mouse = {
keyboards = { accelSpeed = "0";
default = { accelProfile = "flat";
ids = [ "*" ];
settings = {
main = {
capslock = "esc";
esc = "capslock";
};
};
}; };
}; };
xkbOptions = "caps:escape";
}; };
console.useXkbConfig = true;
} }

7
modules/system/kernel.nix
View file

@ -9,10 +9,9 @@
"kernel.core_pattern" = "|/bin/false"; "kernel.core_pattern" = "|/bin/false";
"kernel.sysrq" = 1; "kernel.sysrq" = 1;
}; };
loader.grub.useOSProber = true;
}; };
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
zramSwap = { powerManagement.cpuFreqGovernor = "ondemand";
enable = true; zramSwap.enable = true;
priority = 100;
};
} }

25
modules/system/nix-stable.nix
View file

@ -1,23 +1,18 @@
{ config, lib, pkgs, ... }: { { config, lib, pkgs, ... }: {
nix = { nix = rec {
package = pkgs.nixVersions.latest; binaryCaches = [
"https://cache.nixos.org?priority=10"
settings = rec { "https://lava.cachix.org"
substituters = [ ];
"https://cache.nixos.org?priority=10" binaryCachePublicKeys = [
"https://lava.cachix.org" "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
]; "lava.cachix.org-1:8lTWI/3IKWHByzzYHZySunMPYs2eAJw2duL+uLZkSy0="
trusted-public-keys = [ ];
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" trustedBinaryCaches = binaryCaches;
"lava.cachix.org-1:8lTWI/3IKWHByzzYHZySunMPYs2eAJw2duL+uLZkSy0="
];
trusted-substituters = substituters;
};
extraOptions = '' extraOptions = ''
experimental-features = nix-command flakes experimental-features = nix-command flakes
''; '';
}; };
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
programs.nh.enable = true;
} }

8
modules/system/nix.nix
View file

@ -1,10 +1,8 @@
{ config, inputs, pkgs, ... }: { { config, lib, pkgs, ... }: {
nix = { nix = {
nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; package = pkgs.nixUnstable;
package = pkgs.nixVersions.latest;
settings = rec { settings = rec {
extra-sandbox-paths = [ config.programs.ccache.cacheDir ];
substituters = [ substituters = [
"https://cache.nixos.org?priority=10" "https://cache.nixos.org?priority=10"
"https://lava.cachix.org" "https://lava.cachix.org"
@ -16,7 +14,6 @@
"nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4=" "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
]; ];
trusted-substituters = substituters; trusted-substituters = substituters;
trusted-users = [ "root" "rin" ];
}; };
extraOptions = '' extraOptions = ''
@ -24,5 +21,4 @@
''; '';
}; };
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
programs.nh.enable = true;
} }

26
modules/system/packages-gui.nix
View file

@ -1,26 +0,0 @@
{ config, lib, pkgs, ... }: {
config = lib.mkIf config.me.gui {
environment.systemPackages = with pkgs; [
android-tools
gparted
nautilus
];
hardware.graphics.extraPackages = with pkgs; [
intel-vaapi-driver
libva-vdpau-driver
libvdpau-va-gl
];
hardware.opentabletdriver.enable = true;
hardware.keyboard.qmk.enable = true;
programs.steam = {
enable = true;
package = pkgs.steam.override {
extraPkgs = pkgs: with pkgs; [
gsettings-desktop-schemas
];
};
};
services.dbus.packages = [ pkgs.dconf pkgs.gcr ];
services.gnome.sushi.enable = true;
};
}

28
modules/system/packages.nix
View file

@ -1,14 +1,9 @@
{ pkgs, ... }: { { config, enableGUI, lib, pkgs, ... }: {
imports = [ ./packages-gui.nix ];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
# ecryptfs
efibootmgr efibootmgr
fd
git git
git-crypt
htop htop
jq jq
kitty.terminfo
libarchive libarchive
lf lf
msr-tools msr-tools
@ -16,10 +11,27 @@
neovim neovim
nfs-utils nfs-utils
ntfs3g ntfs3g
ripgrep
rsync
sshfs sshfs
rsync
wget wget
] ++ lib.optionals enableGUI [
gparted
gnome.nautilus
]; ];
environment.variables.EDITOR = "nvim"; environment.variables.EDITOR = "nvim";
programs.adb.enable = true;
} }
// (if !enableGUI then {} else {
hardware.opengl.extraPackages = with pkgs; [
vaapiIntel
vaapiVdpau
libvdpau-va-gl
rocm-opencl-icd
rocm-opencl-runtime
];
programs.light.enable = true;
hardware.opentabletdriver.enable = true;
programs.steam.enable = true;
services.dbus.packages = [ pkgs.dconf pkgs.gcr ];
services.gnome.sushi.enable = true;
})

9
modules/system/printing.nix
View file

@ -1,9 +0,0 @@
{ pkgs, ... }: {
services.printing = {
enable = true;
drivers = with pkgs; [
epson-escpr
#me.epson-201112j
];
};
}

51
modules/system/security.nix
View file

@ -1,29 +1,16 @@
{ config, lib, pkgs, ... }: { { config, pkgs, ... }: {
networking.firewall = networking.firewall = {
let
iptables = "${pkgs.iptables}/bin/iptables";
genCmds = type: ''
${iptables} -${type} nixos-fw -p tcp --source 192.168.0.0/16 -j nixos-fw-accept ${if type == "D" then " || true" else ""}
${iptables} -${type} nixos-fw -p udp --source 192.168.0.0/16 -j nixos-fw-accept ${if type == "D" then " || true" else ""}
'';
in {
enable = true; enable = true;
allowedUDPPortRanges = [ { from = 20000; to = 20100; } ]; allowedUDPPortRanges = [ { from = 20000; to = 20100; } ];
allowedTCPPortRanges = [ { from = 20000; to = 20100; } ]; allowedTCPPortRanges = [ { from = 20000; to = 20100; } ];
trustedInterfaces = [ "wg0" ]; trustedInterfaces = [ "wg0" ];
logRefusedConnections = false;
extraCommands = genCmds "I";
extraStopCommands = genCmds "D";
}; };
services.openssh = { services.openssh = {
enable = true; enable = true;
settings = { permitRootLogin = "no";
PermitRootLogin = "no"; passwordAuthentication = false;
PasswordAuthentication = false; forwardX11 = true;
X11Forwarding = true;
};
hostKeys = [ hostKeys = [
{ {
@ -53,33 +40,5 @@
} }
]; ];
}; };
pam = lib.mkIf (config.me.environment != "headless") {
u2f = {
enable = true;
settings = {
cue = true;
pinverification = 1;
};
};
services.doas.rules.auth = {
u2f.settings.pinverification = lib.mkForce 0;
u2f_int = lib.mkMerge [
{
enable = true;
order = config.security.pam.services.doas.rules.auth.u2f.order + 1;
control = "sufficient";
modulePath = "${pkgs.pam_u2f}/lib/security/pam_u2f.so";
inherit (config.security.pam.u2f) settings;
}
{
settings = lib.mkForce {
interactive = true;
pinverification = 0;
userpresence = 0;
};
}
];
};
};
}; };
} }

22
modules/system/snapper.nix
View file

@ -2,16 +2,18 @@
services.snapper = { services.snapper = {
cleanupInterval = "1h"; cleanupInterval = "1h";
configs.home = { configs.home = {
FSTYPE = "btrfs"; fstype = "btrfs";
SUBVOLUME = "/home"; subvolume = "/home";
TIMELINE_CLEANUP = true; extraConfig = lib.concatStringsSep "\n" (lib.mapAttrsToList (k: v: "${k}=${v}") {
TIMELINE_CREATE = true; TIMELINE_CLEANUP = "yes";
TIMELINE_MIN_AGE = "1800"; TIMELINE_CREATE = "yes";
TIMELINE_LIMIT_HOURLY = "5"; TIMELINE_MIN_AGE = "1800";
TIMELINE_LIMIT_DAILY = "7"; TIMELINE_LIMIT_HOURLY = "5";
TIMELINE_LIMIT_WEEKLY = "0"; TIMELINE_LIMIT_DAILY = "7";
TIMELINE_LIMIT_MONTHLY = "0"; TIMELINE_LIMIT_WEEKLY = "0";
TIMELINE_LIMIT_YEARLY = "0"; TIMELINE_LIMIT_MONTHLY = "0";
TIMELINE_LIMIT_YEARLY = "0";
});
}; };
}; };
} }

13
modules/system/tailscale.nix
View file

@ -1,13 +0,0 @@
{ config, lib, ... }: {
age.secrets.tailscale_auth.file = ../../secrets/tailscale_auth.age;
me.binds."/var/lib/tailscale" = "tailscale";
networking.firewall.trustedInterfaces = [ "tailscale0" ];
networking.firewall.allowedUDPPorts = lib.mkIf (config.me.environment == "headless") [ 123 ];
services.tailscale = {
enable = true;
authKeyFile = config.age.secrets.tailscale_auth.path;
openFirewall = true;
useRoutingFeatures = if config.me.environment == "headless" then "both" else "client";
};
}

7
modules/services/transmission.nix → modules/system/transmission.nix
View file

@ -5,6 +5,13 @@
downloadDirPermissions = "775"; downloadDirPermissions = "775";
openFirewall = true; openFirewall = true;
settings = { settings = {
alt-speed-down = 512;
alt-speed-enabled = true;
alt-speed-time-begin = 360;
alt-speed-time-day = 127;
alt-speed-time-enabled = true;
alt-speed-time-end = 1380;
alt-speed-up = 256;
download-dir = "/persist/transmission/Downloads"; download-dir = "/persist/transmission/Downloads";
incomplete-dir = "/persist/transmission/.incomplete"; incomplete-dir = "/persist/transmission/.incomplete";
ratio-limit-enabled = true; ratio-limit-enabled = true;

9
modules/system/virtualisation.nix
View file

@ -1,9 +0,0 @@
{ pkgs, ... }: {
virtualisation = {
spiceUSBRedirection.enable = true;
libvirtd = {
enable = true;
qemu.package = pkgs.qemu_kvm.override { smbdSupport = true; };
};
};
}

122
modules/system/wireguard.nix
View file

@ -1,11 +1,13 @@
{ config, lib, pkgs, gcSecrets, ... }: { config, lib, pkgs, ... }:
let let
port = 51801; port = 51820;
serverName = "dandelion"; serverName = "sugarcane";
serverInterface = "enp0s6"; serverInterface = "ens3";
serverIp = gcSecrets.wireguard.gateway; serverIp = "51.79.240.130";
forwarding = { forwarding = {
"80" = [ "10.100.0.2" "80" ];
"443" = [ "10.100.0.2" "443" ];
"22727" = [ "10.100.0.3" "7777" ]; "22727" = [ "10.100.0.3" "7777" ];
}; };
@ -18,61 +20,48 @@ let
in '' in ''
${pkgs.iptables}/bin/iptables -${type} PREROUTING -t nat -i ${serverInterface} -p tcp --dport ${sport} -j DNAT --to ${dest}:${dport} ${pkgs.iptables}/bin/iptables -${type} PREROUTING -t nat -i ${serverInterface} -p tcp --dport ${sport} -j DNAT --to ${dest}:${dport}
${pkgs.iptables}/bin/iptables -${type} FORWARD -p tcp -d ${dest} --dport ${dport} -j ACCEPT ${pkgs.iptables}/bin/iptables -${type} FORWARD -p tcp -d ${dest} --dport ${dport} -j ACCEPT
${pkgs.iptables}/bin/iptables -${type} PREROUTING -t nat -i ${serverInterface} -p udp --dport ${sport} -j DNAT --to ${dest}:${dport}
${pkgs.iptables}/bin/iptables -${type} FORWARD -p udp -d ${dest} --dport ${dport} -j ACCEPT
'') forwarding '') forwarding
); );
clients = { routeBypass = {
hyacinth = { caramel = {
publicKey = "6nVhazYdmC15A/nke9VrqIg3sOBVOmqj4GEsyBq7MVo="; gateway = "192.168.100.1";
allowedIPs = [ "10.100.0.3/32" "${gcSecrets.wireguard.ipv6Subnet}:3" "fd0d::3" ]; interface = "wlan0";
interfaces = { routes = [
wg0 = { peers = [ server6OnlyPeer ]; }; serverIp
wg1 = { peers = [ serverPeer ]; autostart = false; }; ];
wg2 = { peers = [ serverLocalOnlyPeer ]; autostart = false; };
};
}; };
anemone = { blossom = {
publicKey = "px5+JNdAmqBvUC++DhiJrUBRAr+BYP6iYVt4sbhPTWY="; gateway = "192.168.100.1";
allowedIPs = [ "10.100.0.4/32" "${gcSecrets.wireguard.ipv6Subnet}:4" "fd0d::4" ]; interface = "wlp3s0";
interfaces = { routes = [
wg0 = { peers = [ server6OnlyPeer ]; }; serverIp
wg1 = { peers = [ serverPeer ]; autostart = false; }; ];
wg2 = { peers = [ serverLocalOnlyPeer ]; autostart = false; };
};
};
hibiscus = {
publicKey = "vQ5a2KMrwi7RCRsD0yvog+n35vQYFuvwiPn+W4lbRBw=";
allowedIPs = [ "10.100.0.5/32" "${gcSecrets.wireguard.ipv6Subnet}:5" "fd0d::5" ];
interfaces = {
wg0 = { peers = [ server6OnlyPeer ]; };
wg1 = { peers = [ serverPeer ]; autostart = false; };
wg2 = { peers = [ serverLocalOnlyPeer ]; autostart = false; };
};
};
hazel = {
publicKey = "0zruTndObzHo+b1rbOuTsxCU97epygZycxXS/lgUHUc=";
allowedIPs = [ "10.100.0.21/32" "${gcSecrets.wireguard.ipv6Subnet}:21" "fd0d::21" ];
interfaces = {
wg0 = {
dns = [ "::1" "127.0.0.1" ];
peers = [ serverLocalOnlyPeer ];
};
};
}; };
}; };
clientPeers = builtins.map (client: builtins.removeAttrs client [ "interfaces" ]) (builtins.attrValues clients); clients = {
serverPeerWith = ips: { caramel = {
publicKey = "VDqcpS0lJzFgwikj61MJ1xc9P8Cuq0NXa+Hc+etn2iA=";
allowedIPs = [ "10.100.0.2/32" ];
};
blossom = {
publicKey = "6nVhazYdmC15A/nke9VrqIg3sOBVOmqj4GEsyBq7MVo=";
allowedIPs = [ "10.100.0.3/32" ];
};
strawberry = {
publicKey = "Fkcp/VSN4Dkhly8V4hskF4lnDviA7VZHCnWf7OliFCg=";
allowedIPs = [ "10.100.0.4/32" ];
};
};
clientPeers = builtins.attrValues clients;
serverPeer = {
publicKey = "3ugIk2tQZXjAH9/95s63ld2WNUHQrd4Mz5jzbln6oj0="; publicKey = "3ugIk2tQZXjAH9/95s63ld2WNUHQrd4Mz5jzbln6oj0=";
allowedIPs = ips; allowedIPs = [ "0.0.0.0/0" ];
endpoint = "${serverIp}:${toString port}"; endpoint = "${serverIp}:${toString port}";
persistentKeepalive = 25; persistentKeepalive = 25;
}; };
serverPeer = serverPeerWith [ "0.0.0.0/0" "::/0" ];
server6OnlyPeer = serverPeerWith [ "10.100.0.0/24" "::/0" ];
serverLocalOnlyPeer = serverPeerWith [ "10.100.0.0/24" "fd0d::/16" ];
serverConfig = { serverConfig = {
nat = { nat = {
@ -86,7 +75,7 @@ let
}; };
wireguard.interfaces.wg0 = { wireguard.interfaces.wg0 = {
ips = [ "10.100.0.1/24" "${gcSecrets.wireguard.ipv6Subnet}:1" "fd0d::1" ]; ips = [ "10.100.0.1/24" ];
listenPort = port; listenPort = port;
postSetup = '' postSetup = ''
@ -104,24 +93,33 @@ let
}; };
clientConfig = { clientConfig = {
wg-quick.interfaces = wireguard.interfaces.wg0 =
let let
client = clients."${config.networking.hostName}"; client = clients."${config.networking.hostName}";
in routes = routeBypass."${config.networking.hostName}";
builtins.mapAttrs (interface: conf: { mapRoutes = type: lib.concatMapStringsSep "\n" (r: "${pkgs.iproute2}/bin/ip route ${type} ${r} via ${routes.gateway} dev ${routes.interface}") routes.routes;
address = client.allowedIPs; in {
dns = [ "fd0d::1" "10.100.0.1" ]; ips = client.allowedIPs;
privateKeyFile = config.age.secrets."wg_${config.networking.hostName}".path; listenPort = port;
} // conf) client.interfaces;
postSetup = ''
${mapRoutes "add"}
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ${serverInterface} -j MASQUERADE
'';
postShutdown = ''
${mapRoutes "del"}
${pkgs.iptables}/bin/iptables -t nat -A POSTROUTING -s 10.100.0.0/24 -o ${serverInterface} -j MASQUERADE
'';
privateKeyFile = config.age.secrets."wg_${config.networking.hostName}".path;
peers = [ serverPeer ];
};
}; };
in { in {
boot.kernel.sysctl = lib.mkIf (config.networking.hostName == serverName) ({
"net.ipv6.conf.all.forwarding" = true;
"net.ipv6.conf.default.forwarding" = true;
});
networking = networking =
lib.mkMerge [ lib.mkMerge [
(lib.mkIf (config.networking.hostName == serverName) serverConfig) (lib.mkIf (config.networking.hostName == serverName) serverConfig)
(lib.mkIf (config.networking.hostName != serverName) clientConfig) (lib.mkIf (builtins.hasAttr config.networking.hostName clients) clientConfig)
]; ];
} }

Some files were not shown because too many files have changed in this diff Show more