From b7f82f2d44add55fbf68c08dcb06f6ec2d1b3896 Mon Sep 17 00:00:00 2001 From: Zuckerberg Date: Mon, 3 Jun 2024 21:07:53 -0600 Subject: [PATCH] Consolidate common PC config --- common/pc/default.nix | 21 ++++-- common/pc/spotify.nix | 85 ----------------------- common/pc/udev.nix | 25 +++++++ common/pc/use-meson-v57.patch | 22 ------ common/pc/virtualisation.nix | 23 ++++++ machines/howl/default.nix | 57 +-------------- machines/howl/hardware-configuration.nix | 24 ++++--- machines/ray/default.nix | 47 ------------- secrets/secrets.nix | 1 - secrets/spotifyd.age | Bin 726 -> 0 bytes 10 files changed, 82 insertions(+), 223 deletions(-) delete mode 100644 common/pc/spotify.nix create mode 100644 common/pc/udev.nix delete mode 100644 common/pc/use-meson-v57.patch create mode 100644 common/pc/virtualisation.nix delete mode 100644 secrets/spotifyd.age diff --git a/common/pc/default.nix b/common/pc/default.nix index 5c53b81..d827f8a 100644 --- a/common/pc/default.nix +++ b/common/pc/default.nix @@ -6,19 +6,20 @@ in { imports = [ ./kde.nix - # ./xfce.nix + # ./xfce.nix ./yubikey.nix ./chromium.nix # ./firefox.nix ./audio.nix # ./torbrowser.nix ./pithos.nix - ./spotify.nix ./vscodium.nix ./discord.nix ./steam.nix ./touchpad.nix ./mount-samba.nix + ./udev.nix + ./virtualisation.nix ]; options.de = { @@ -44,8 +45,7 @@ in gparted libreoffice-fresh thunderbird - spotifyd - spotify-qt + spotify arduino yt-dlp jellyfin-media-player @@ -76,5 +76,18 @@ in # Security services.gnome.gnome-keyring.enable = true; security.pam.services.googlebot.enableGnomeKeyring = true; + + # Android dev + programs.adb.enable = true; + + # Mount personal SMB stores + services.mount-samba.enable = true; + + # allow building ARM derivations + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + + # for luks onlock over tor + services.tor.enable = true; + services.tor.client.enable = true; }; } diff --git a/common/pc/spotify.nix b/common/pc/spotify.nix deleted file mode 100644 index 2e6b310..0000000 --- a/common/pc/spotify.nix +++ /dev/null @@ -1,85 +0,0 @@ -{ lib, config, pkgs, ... }: - -with lib; - -let - cfg = config.services.spotifyd; - toml = pkgs.formats.toml { }; - spotifydConf = toml.generate "spotify.conf" cfg.settings; -in -{ - disabledModules = [ - "services/audio/spotifyd.nix" - ]; - - options = { - services.spotifyd = { - enable = mkEnableOption "spotifyd, a Spotify playing daemon"; - - settings = mkOption { - default = { }; - type = toml.type; - example = { global.bitrate = 320; }; - description = '' - Configuration for Spotifyd. For syntax and directives, see - . - ''; - }; - - users = mkOption { - type = with types; listOf str; - default = [ ]; - description = '' - Usernames to be added to the "spotifyd" group, so that they - can start and interact with the userspace daemon. - ''; - }; - }; - }; - - config = mkIf cfg.enable { - - # username specific stuff because i'm lazy... - services.spotifyd.users = [ "googlebot" ]; - users.users.googlebot.packages = with pkgs; [ - spotify - ]; - - users.groups.spotifyd = { - members = cfg.users; - }; - - age.secrets.spotifyd = { - file = ../../secrets/spotifyd.age; - group = "spotifyd"; - mode = "0440"; # group can read - }; - - # spotifyd to read secrets and run as user service - services.spotifyd = { - settings.global = { - username_cmd = "sed '1q;d' /run/agenix/spotifyd"; - password_cmd = "sed '2q;d' /run/agenix/spotifyd"; - bitrate = 320; - backend = "pulseaudio"; - device_name = config.networking.hostName; - device_type = "computer"; - # on_song_change_hook = "command_to_run_on_playback_events" - autoplay = true; - }; - }; - - systemd.user.services.spotifyd-daemon = { - enable = true; - wantedBy = [ "graphical-session.target" ]; - partOf = [ "graphical-session.target" ]; - description = "spotifyd, a Spotify playing daemon"; - environment.SHELL = "/bin/sh"; - serviceConfig = { - ExecStart = "${pkgs.spotifyd}/bin/spotifyd --no-daemon --config-path ${spotifydConf}"; - Restart = "always"; - CacheDirectory = "spotifyd"; - }; - }; - }; -} diff --git a/common/pc/udev.nix b/common/pc/udev.nix new file mode 100644 index 0000000..64df5f5 --- /dev/null +++ b/common/pc/udev.nix @@ -0,0 +1,25 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.de; +in +{ + config = lib.mkIf cfg.enable { + services.udev.extraRules = '' + # depthai + SUBSYSTEM=="usb", ATTRS{idVendor}=="03e7", MODE="0666" + + # Moonlander + # Rules for Oryx web flashing and live training + KERNEL=="hidraw*", ATTRS{idVendor}=="16c0", MODE="0664", GROUP="plugdev" + KERNEL=="hidraw*", ATTRS{idVendor}=="3297", MODE="0664", GROUP="plugdev" + # Wally Flashing rules for the Moonlander and Planck EZ + SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE:="0666", SYMLINK+="stm32_dfu" + ''; + services.udev.packages = [ pkgs.platformio ]; + + users.groups.plugdev = { + members = [ "googlebot" ]; + }; + }; +} diff --git a/common/pc/use-meson-v57.patch b/common/pc/use-meson-v57.patch deleted file mode 100644 index 3a7808f..0000000 --- a/common/pc/use-meson-v57.patch +++ /dev/null @@ -1,22 +0,0 @@ -diff --git a/meson.build b/meson.build -index dace367..8c0e290 100644 ---- a/meson.build -+++ b/meson.build -@@ -8,7 +8,7 @@ project( - 'warning_level=0', - ], - license: 'MIT', -- meson_version: '>= 0.58.0', -+ meson_version: '>= 0.57.0', - ) - - cc = meson.get_compiler('c') -@@ -47,8 +47,3 @@ shared_library( - gnu_symbol_visibility: 'hidden', - ) - --meson.add_devenv(environment({ -- 'NVD_LOG': '1', -- 'LIBVA_DRIVER_NAME': 'nvidia', -- 'LIBVA_DRIVERS_PATH': meson.project_build_root(), --})) diff --git a/common/pc/virtualisation.nix b/common/pc/virtualisation.nix new file mode 100644 index 0000000..77f5b52 --- /dev/null +++ b/common/pc/virtualisation.nix @@ -0,0 +1,23 @@ +{ config, lib, pkgs, ... }: + +let + cfg = config.de; +in +{ + config = lib.mkIf cfg.enable { + # AppVMs + virtualisation.appvm.enable = true; + virtualisation.appvm.user = "googlebot"; + + # Use podman instead of docker + virtualisation.podman.enable = true; + virtualisation.podman.dockerCompat = true; + + # virt-manager + virtualisation.libvirtd.enable = true; + programs.dconf.enable = true; + virtualisation.spiceUSBRedirection.enable = true; + environment.systemPackages = with pkgs; [ virt-manager ]; + users.users.googlebot.extraGroups = [ "libvirtd" "adbusers" ]; + }; +} diff --git a/machines/howl/default.nix b/machines/howl/default.nix index de6be86..91a4c1c 100644 --- a/machines/howl/default.nix +++ b/machines/howl/default.nix @@ -1,68 +1,13 @@ -{ config, pkgs, lib, nixos-hardware, ... }: +{ config, pkgs, lib, ... }: { imports = [ ./hardware-configuration.nix - nixos-hardware.nixosModules.framework-13-7040-amd ]; - - # for luks onlock over tor - services.tor.enable = true; - services.tor.client.enable = true; - # don't use remote builders nix.distributedBuilds = lib.mkForce false; - services.udev.extraRules = '' - # depthai - SUBSYSTEM=="usb", ATTRS{idVendor}=="03e7", MODE="0666" - - # Moonlander - # Rules for Oryx web flashing and live training - KERNEL=="hidraw*", ATTRS{idVendor}=="16c0", MODE="0664", GROUP="plugdev" - KERNEL=="hidraw*", ATTRS{idVendor}=="3297", MODE="0664", GROUP="plugdev" - # Wally Flashing rules for the Moonlander and Planck EZ - SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE:="0666", SYMLINK+="stm32_dfu" - ''; - services.udev.packages = [ pkgs.platformio ]; - users.groups.plugdev = { - members = [ "googlebot" ]; - }; - - # virt-manager - virtualisation.libvirtd.enable = true; - programs.dconf.enable = true; - virtualisation.spiceUSBRedirection.enable = true; - environment.systemPackages = with pkgs; [ virt-manager ]; - users.users.googlebot.extraGroups = [ "libvirtd" "adbusers" ]; - - # allow building ARM derivations - boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; - - services.spotifyd.enable = true; - - virtualisation.podman.enable = true; - virtualisation.podman.dockerCompat = true; - - virtualisation.appvm.enable = true; - virtualisation.appvm.user = "googlebot"; - - services.mount-samba.enable = true; - de.enable = true; de.touchpad.enable = true; - - networking.firewall.allowedTCPPorts = [ - # barrier - 24800 - ]; - - programs.adb.enable = true; - - services.fwupd.enable = true; - - # fingerprint reader has initially shown to be more of a nuisance than a help - # it makes sddm log in fail most of the time and take several minutes to finish - services.fprintd.enable = false; } diff --git a/machines/howl/hardware-configuration.nix b/machines/howl/hardware-configuration.nix index 414888c..897237e 100644 --- a/machines/howl/hardware-configuration.nix +++ b/machines/howl/hardware-configuration.nix @@ -1,12 +1,19 @@ -{ config, lib, pkgs, modulesPath, ... }: +{ config, lib, pkgs, modulesPath, nixos-hardware, ... }: { - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + nixos-hardware.nixosModules.framework-13-7040-amd + ]; boot.kernelPackages = pkgs.linuxPackages_latest; + hardware.framework.amd-7040.preventWakeOnAC = true; + services.fwupd.enable = true; + # fingerprint reader has initially shown to be more of a nuisance than a help + # it makes sddm log in fail most of the time and take several minutes to finish + services.fprintd.enable = false; + # boot boot.loader.systemd-boot.enable = true; boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ]; @@ -27,17 +34,18 @@ allowDiscards = true; }; fileSystems."/" = - { device = "/dev/disk/by-uuid/95db6950-a7bc-46cf-9765-3ea675ccf014"; + { + device = "/dev/disk/by-uuid/95db6950-a7bc-46cf-9765-3ea675ccf014"; fsType = "btrfs"; }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/B087-2C20"; + { + device = "/dev/disk/by-uuid/B087-2C20"; fsType = "vfat"; options = [ "fmask=0022" "dmask=0022" ]; }; swapDevices = - [ { device = "/dev/disk/by-uuid/49fbdf62-eef4-421b-aac3-c93494afd23c"; } - ]; + [{ device = "/dev/disk/by-uuid/49fbdf62-eef4-421b-aac3-c93494afd23c"; }]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/machines/ray/default.nix b/machines/ray/default.nix index b94d955..c745e5b 100644 --- a/machines/ray/default.nix +++ b/machines/ray/default.nix @@ -7,10 +7,6 @@ nixpkgs.config.cudaSupport = true; - # for luks onlock over tor - services.tor.enable = true; - services.tor.client.enable = true; - # don't use remote builders nix.distributedBuilds = lib.mkForce false; @@ -21,49 +17,6 @@ hardware.openrazer.devicesOffOnScreensaver = false; users.users.googlebot.packages = [ pkgs.polychromatic ]; - services.udev.extraRules = '' - # depthai - SUBSYSTEM=="usb", ATTRS{idVendor}=="03e7", MODE="0666" - - # Moonlander - # Rules for Oryx web flashing and live training - KERNEL=="hidraw*", ATTRS{idVendor}=="16c0", MODE="0664", GROUP="plugdev" - KERNEL=="hidraw*", ATTRS{idVendor}=="3297", MODE="0664", GROUP="plugdev" - # Wally Flashing rules for the Moonlander and Planck EZ - SUBSYSTEMS=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", MODE:="0666", SYMLINK+="stm32_dfu" - ''; - services.udev.packages = [ pkgs.platformio ]; - users.groups.plugdev = { - members = [ "googlebot" ]; - }; - - # virt-manager - virtualisation.libvirtd.enable = true; - programs.dconf.enable = true; - virtualisation.spiceUSBRedirection.enable = true; - environment.systemPackages = with pkgs; [ virt-manager ]; - users.users.googlebot.extraGroups = [ "libvirtd" "adbusers" ]; - - # allow building ARM derivations - boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; - - services.spotifyd.enable = true; - - virtualisation.podman.enable = true; - virtualisation.podman.dockerCompat = true; - - virtualisation.appvm.enable = true; - virtualisation.appvm.user = "googlebot"; - - services.mount-samba.enable = true; - de.enable = true; de.touchpad.enable = true; - - networking.firewall.allowedTCPPorts = [ - # barrier - 24800 - ]; - - programs.adb.enable = true; } diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 2b67466..4c119e1 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -36,7 +36,6 @@ with roles; # services "searx.age".publicKeys = nobody; - "spotifyd.age".publicKeys = personal; "wolframalpha.age".publicKeys = dailybot; # hostapd diff --git a/secrets/spotifyd.age b/secrets/spotifyd.age deleted file mode 100644 index 19bf5ddc086291a21e83a59e87478349343ccbd5..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 726 zcmZY5yNlCs003YY<;>t9C>#!E5FJ8olRlE(pd@`>(j=GW(Wc;#Ch0GaHt(cKZ&Gd( zoJ4RE98TmW54RgUZa77pgqsu;6c-042SHHh^Dp?|(|}nrJv}Od#P+?Legw)H3YBib zacq@L1FP53Cd}bR7Blfw0L?2}dNLeY6`|-LN&}J9C9k3u@WwHGzW?Lgp{V z4c^pGYmT7xNfPc-D=}*}^+rujW=bv+tiXGTHRb?QH*tml!*XK_p^=H8LkNSXi^Mjm zU@}A*gd%ba!F%15jaG^*#4$P|L)LOGPcGHNuh0LXEi4jg+(kqskCU%XKR`({X#5B=LNhql1}Hl|{{*B+7r9 z!3wGm;D1p)E7r&Hz$@!4E!IZkDy{KSWY!sPS}{n?S#YQ>&R0I<=>jSiRt**8WiRlG zpawc^HzLyUD8#sh?+0xUbQWkjQ=w9+1na)$5lA}%{{Xg+l_|NK_uH<+7?LG0DBqB& zFwF#dP#2(YkDjVv|7a)TuD;&hy8>M>KYreKH=lhtys-PbbFg#q$=ccJ`Ex(t{(+OD z$2Y*V_UZe^`vdmw{mz|N>KEnYc>6X3X2CD}+Jp5sFF&juUcUEY_uYCtLeJR8*MFRp NH^k?czV6Wv{{jyd`|$t(