From ec1c69ffe9c54c972b943b7d3a418df6b597e27a Mon Sep 17 00:00:00 2001 From: Tristan Druyen Date: Tue, 16 Jul 2024 09:29:19 +0200 Subject: [PATCH] WIP Laptop --- flake.lock | 339 ++++++++++++++++++++++++++------- flake.nix | 7 + monitor_battery.fish | 10 + os-mods/cachix/caches/lix.nix | 2 +- os-mods/cachix/caches/nyx.nix | 11 ++ push_cache.sh | 5 + systems/nixos-fw16/default.nix | 9 +- 7 files changed, 316 insertions(+), 67 deletions(-) create mode 100644 monitor_battery.fish create mode 100644 os-mods/cachix/caches/nyx.nix create mode 100755 push_cache.sh diff --git a/flake.lock b/flake.lock index 05e7b97..fd223ac 100644 --- a/flake.lock +++ b/flake.lock @@ -11,11 +11,11 @@ "yafas": "yafas" }, "locked": { - "lastModified": 1720277930, - "narHash": "sha256-A1D2H6FQotrpbfq+ge1jpCScFiLYrwKCK8If2qsvmTM=", + "lastModified": 1720897497, + "narHash": "sha256-8iIDP5dIVa+gGYoXyid5jd9T7qK7W3bd7GnydU5BsD8=", "owner": "chaotic-cx", "repo": "nyx", - "rev": "d30a5f8d5414996f587679dc4fb4e29b4b02830b", + "rev": "73b33413b5cf7f089512107c3babd89a1c825308", "type": "github" }, "original": { @@ -39,6 +39,27 @@ "url": "https://flakehub.com/f/chaotic-cx/nix-empty-flake/%3D0.1.2.tar.gz" } }, + "crane": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717535930, + "narHash": "sha256-1hZ/txnbd/RmiBPNUs7i8UQw2N89uAK3UzrGAWdnFfU=", + "owner": "ipetkov", + "repo": "crane", + "rev": "55e7754ec31dac78980c8be45f8a28e80e370946", + "type": "github" + }, + "original": { + "owner": "ipetkov", + "repo": "crane", + "type": "github" + } + }, "disko": { "inputs": { "nixpkgs": [ @@ -46,11 +67,11 @@ ] }, "locked": { - "lastModified": 1720402389, - "narHash": "sha256-zJv6euDOrJWMHBhxfp/ay+Dvjwpe8YtMuEI5b09bxmo=", + "lastModified": 1721007199, + "narHash": "sha256-Gof4Lj1rgTrX59bNu5b/uS/3X/marUGM7LYw31NoXEA=", "owner": "nix-community", "repo": "disko", - "rev": "f1a00e7f55dc266ef286cc6fc8458fa2b5ca2414", + "rev": "bad376945de7033c7adc424c02054ea3736cf7c4", "type": "github" }, "original": { @@ -107,21 +128,6 @@ } }, "flake-compat": { - "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", - "owner": "edolstra", - "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", - "type": "github" - }, - "original": { - "owner": "edolstra", - "repo": "flake-compat", - "type": "github" - } - }, - "flake-compat_2": { "flake": false, "locked": { "lastModified": 1696426674, @@ -137,6 +143,21 @@ "type": "github" } }, + "flake-compat_2": { + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-compat_3": { "flake": false, "locked": { @@ -153,6 +174,22 @@ "type": "github" } }, + "flake-compat_4": { + "flake": false, + "locked": { + "lastModified": 1696426674, + "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "owner": "edolstra", + "repo": "flake-compat", + "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "type": "github" + }, + "original": { + "owner": "edolstra", + "repo": "flake-compat", + "type": "github" + } + }, "flake-parts": { "inputs": { "nixpkgs-lib": [ @@ -175,6 +212,27 @@ } }, "flake-parts_2": { + "inputs": { + "nixpkgs-lib": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717285511, + "narHash": "sha256-iKzJcpdXih14qYVcZ9QC9XuZYnPc6T8YImb6dX166kw=", + "owner": "hercules-ci", + "repo": "flake-parts", + "rev": "2a55567fcf15b1b1c7ed712a2c6fadaec7412ea8", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "flake-parts", + "type": "github" + } + }, + "flake-parts_3": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" }, @@ -192,7 +250,7 @@ "type": "github" } }, - "flake-parts_3": { + "flake-parts_4": { "inputs": { "nixpkgs-lib": "nixpkgs-lib_2" }, @@ -210,7 +268,7 @@ "type": "github" } }, - "flake-parts_4": { + "flake-parts_5": { "inputs": { "nixpkgs-lib": [ "nixtheplanet", @@ -321,6 +379,24 @@ "inputs": { "systems": "systems_6" }, + "locked": { + "lastModified": 1710146030, + "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_6": { + "inputs": { + "systems": "systems_7" + }, "locked": { "lastModified": 1705309234, "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", @@ -351,6 +427,28 @@ } }, "gitignore": { + "inputs": { + "nixpkgs": [ + "lanzaboote", + "pre-commit-hooks-nix", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1709087332, + "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, + "gitignore_2": { "inputs": { "nixpkgs": [ "nix-wallpaper", @@ -374,7 +472,7 @@ }, "hercules-ci-effects": { "inputs": { - "flake-parts": "flake-parts_4", + "flake-parts": "flake-parts_5", "nixpkgs": "nixpkgs_7" }, "locked": { @@ -399,11 +497,11 @@ ] }, "locked": { - "lastModified": 1719677234, - "narHash": "sha256-qO9WZsj/0E6zcK4Ht1y/iJ8XfwbBzq7xdqhBh44OP/M=", + "lastModified": 1720470846, + "narHash": "sha256-7ftA4Bv5KfH4QdTRxqe8/Hz2YTKo+7IQ9n7vbNWgv28=", "owner": "nix-community", "repo": "home-manager", - "rev": "36317d4d38887f7629876b0e43c8d9593c5cc48d", + "rev": "2fb5c1e0a17bc6059fa09dc411a43d75f35bb192", "type": "github" }, "original": { @@ -419,11 +517,11 @@ ] }, "locked": { - "lastModified": 1720327769, - "narHash": "sha256-kAsg3Lg4YKKpGw+f1W2s5hzjP8B0y/juowvjK8utIag=", + "lastModified": 1720734513, + "narHash": "sha256-neWQ8eNtLTd+YMesb7WjKl1SVCbDyCm46LUgP/g/hdo=", "owner": "nix-community", "repo": "home-manager", - "rev": "6b7ce96f34b324e4e104abc30d06955d216bac71", + "rev": "90ae324e2c56af10f20549ab72014804a3064c7f", "type": "github" }, "original": { @@ -441,11 +539,11 @@ ] }, "locked": { - "lastModified": 1719631702, - "narHash": "sha256-HMWxIehVO8pHp7OlqBYliiLOds34UJHSRn5FPdEb1j8=", + "lastModified": 1720432056, + "narHash": "sha256-rw8s4EsRSVtlAGNd5ttO4Ynb/eq0rMJsqG9zyREK3sk=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "2f9668e19aff06550cd154c87c0af120735a56a4", + "rev": "5d1928b925da7390eae3e369e6808d64cf916ed7", "type": "github" }, "original": { @@ -454,6 +552,33 @@ "type": "github" } }, + "lanzaboote": { + "inputs": { + "crane": "crane", + "flake-compat": "flake-compat", + "flake-parts": "flake-parts_2", + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "nixpkgs" + ], + "pre-commit-hooks-nix": "pre-commit-hooks-nix", + "rust-overlay": "rust-overlay" + }, + "locked": { + "lastModified": 1718178907, + "narHash": "sha256-eSZyrQ9uoPB9iPQ8Y5H7gAmAgAvCw3InStmU3oEjqsE=", + "owner": "nix-community", + "repo": "lanzaboote", + "rev": "b627ccd97d0159214cee5c7db1412b75e4be6086", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "v0.4.1", + "repo": "lanzaboote", + "type": "github" + } + }, "lix": { "flake": false, "locked": { @@ -470,7 +595,7 @@ }, "lix-module": { "inputs": { - "flake-utils": "flake-utils_2", + "flake-utils": "flake-utils_3", "flakey-profile": "flakey-profile", "lix": "lix", "nixpkgs": [ @@ -491,7 +616,7 @@ }, "llama-cpp": { "inputs": { - "flake-parts": "flake-parts_2", + "flake-parts": "flake-parts_3", "nixpkgs": "nixpkgs_2" }, "locked": { @@ -510,8 +635,8 @@ }, "nix-alien": { "inputs": { - "flake-compat": "flake-compat", - "flake-utils": "flake-utils_3", + "flake-compat": "flake-compat_2", + "flake-utils": "flake-utils_4", "nix-filter": "nix-filter", "nix-index-database": "nix-index-database", "nixpkgs": [ @@ -597,11 +722,11 @@ ] }, "locked": { - "lastModified": 1720334033, - "narHash": "sha256-X9pEvvHTVWJphhbUYqXvlLedOndNqGB7rvhSvL2CIgU=", + "lastModified": 1720926593, + "narHash": "sha256-fW6e27L6qY6s+TxInwrS2EXZZfhMAlaNqT0sWS49qMA=", "owner": "Mic92", "repo": "nix-index-database", - "rev": "685e40e1348007d2cf76747a201bab43d86b38cb", + "rev": "5fe5b0cdf1268112dc96319388819b46dc051ef4", "type": "github" }, "original": { @@ -612,16 +737,16 @@ }, "nix-ld-rs": { "inputs": { - "flake-compat": "flake-compat_2", - "flake-utils": "flake-utils_4", + "flake-compat": "flake-compat_3", + "flake-utils": "flake-utils_5", "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1720354748, - "narHash": "sha256-QyuNREH5M0FZG0iVeOB3pUABIz9kqN+a1MYLzl3978Q=", + "lastModified": 1721014541, + "narHash": "sha256-CaL618a842JxU69/c9U7TysASx51LeFR4TwAai3YBfI=", "owner": "nix-community", "repo": "nix-ld-rs", - "rev": "45eec25fe63b5c421c9439a743a2416a6cdea00b", + "rev": "befdf953399eeff2c4e7c5a2b63af964ad209269", "type": "github" }, "original": { @@ -632,7 +757,7 @@ }, "nix-wallpaper": { "inputs": { - "flake-utils": "flake-utils_5", + "flake-utils": "flake-utils_6", "nixpkgs": [ "nixpkgs" ], @@ -672,11 +797,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1720372297, - "narHash": "sha256-bwy1rPQSQSCj/TNf1yswHW88nBQYvJQkeScGvOA8pd4=", + "lastModified": 1720737798, + "narHash": "sha256-G/OtEAts7ZUvW5lrGMXSb8HqRp2Jr9I7reBuvCOL54w=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "da0aa7b533d49e6319c603e07b46a5690082f65f", + "rev": "c5013aa7ce2c7ec90acee5d965d950c8348db751", "type": "github" }, "original": { @@ -688,11 +813,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1720031269, - "narHash": "sha256-rwz8NJZV+387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ=", + "lastModified": 1720768451, + "narHash": "sha256-EYekUHJE2gxeo2pM/zM9Wlqw1Uw2XTJXOSAO79ksc4Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9f4128e00b0ae8ec65918efeba59db998750ead6", + "rev": "7e7c39ea35c5cdd002cd4588b03a3fb9ece6fad9", "type": "github" }, "original": { @@ -733,6 +858,22 @@ } }, "nixpkgs-stable": { + "locked": { + "lastModified": 1710695816, + "narHash": "sha256-3Eh7fhEID17pv9ZxrPwCLfqXnYP006RKzSs0JptsN84=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "614b4613980a522ba49f0d194531beddbb7220d3", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-23.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-stable_2": { "locked": { "lastModified": 1704874635, "narHash": "sha256-YWuCrtsty5vVZvu+7BchAxmcYzTMfolSPP5io8+WYCg=", @@ -814,11 +955,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1720031269, - "narHash": "sha256-rwz8NJZV+387rnWpTYcXaRNvzUSnnF9aHONoJIYmiUQ=", + "lastModified": 1720768451, + "narHash": "sha256-EYekUHJE2gxeo2pM/zM9Wlqw1Uw2XTJXOSAO79ksc4Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "9f4128e00b0ae8ec65918efeba59db998750ead6", + "rev": "7e7c39ea35c5cdd002cd4588b03a3fb9ece6fad9", "type": "github" }, "original": { @@ -862,7 +1003,7 @@ }, "nixtheplanet": { "inputs": { - "flake-parts": "flake-parts_3", + "flake-parts": "flake-parts_4", "hercules-ci-effects": "hercules-ci-effects", "nixpkgs": "nixpkgs_8", "osx-kvm": "osx-kvm" @@ -883,11 +1024,11 @@ }, "nur": { "locked": { - "lastModified": 1720422264, - "narHash": "sha256-oPd3E1XD2sjOsi32hTpklOZevwg2DjhYWYY14IbSC/s=", + "lastModified": 1721024546, + "narHash": "sha256-qYi8deAZzPsi1lV+iQrfMx/fZsL4mZLxuOZgw1GSPSc=", "owner": "nix-community", "repo": "NUR", - "rev": "db025ae0e02678497a77cff0a174062d913fbc39", + "rev": "303e12efb7114c5c55899e96f914fb6228c12b0e", "type": "github" }, "original": { @@ -922,11 +1063,11 @@ ] }, "locked": { - "lastModified": 1720369165, - "narHash": "sha256-MLRzgdEEmckPVwwllD8+4zkqnnxfMgFw5zk6O3JUiks=", + "lastModified": 1720992717, + "narHash": "sha256-8j1bZVfKT1vJ0e+U7NYRNBG+DdBj5C/tpwe5krxT4/4=", "owner": "pjones", "repo": "plasma-manager", - "rev": "995d818078778b366e6302ea32d83c2ba586e015", + "rev": "460b48dc3dcd05df568e27cbb90581d23baec8dc", "type": "github" }, "original": { @@ -937,17 +1078,17 @@ }, "pre-commit-hooks": { "inputs": { - "flake-compat": "flake-compat_3", + "flake-compat": "flake-compat_4", "flake-utils": [ "nix-wallpaper", "flake-utils" ], - "gitignore": "gitignore", + "gitignore": "gitignore_2", "nixpkgs": [ "nix-wallpaper", "nixpkgs" ], - "nixpkgs-stable": "nixpkgs-stable" + "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { "lastModified": 1708018599, @@ -963,6 +1104,33 @@ "type": "github" } }, + "pre-commit-hooks-nix": { + "inputs": { + "flake-compat": [ + "lanzaboote", + "flake-compat" + ], + "gitignore": "gitignore", + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ], + "nixpkgs-stable": "nixpkgs-stable" + }, + "locked": { + "lastModified": 1717664902, + "narHash": "sha256-7XfBuLULizXjXfBYy/VV+SpYMHreNRHk9nKMsm1bgb4=", + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "rev": "cc4d466cb1254af050ff7bdf47f6d404a7c646d1", + "type": "github" + }, + "original": { + "owner": "cachix", + "repo": "pre-commit-hooks.nix", + "type": "github" + } + }, "root": { "inputs": { "chaotic": "chaotic", @@ -970,6 +1138,7 @@ "emacs-overlay": "emacs-overlay", "envfs": "envfs", "home-manager": "home-manager_2", + "lanzaboote": "lanzaboote", "lix-module": "lix-module", "llama-cpp": "llama-cpp", "nix-alien": "nix-alien", @@ -984,6 +1153,31 @@ "plasma-manager": "plasma-manager" } }, + "rust-overlay": { + "inputs": { + "flake-utils": [ + "lanzaboote", + "flake-utils" + ], + "nixpkgs": [ + "lanzaboote", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1717813066, + "narHash": "sha256-wqbRwq3i7g5EHIui0bIi84mdqZ/It1AXBSLJ5tafD28=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "6dc3e45fe4aee36efeed24d64fc68b1f989d5465", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, "systems": { "locked": { "lastModified": 1689347949, @@ -1074,6 +1268,21 @@ "type": "github" } }, + "systems_7": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "treefmt-nix": { "inputs": { "nixpkgs": [ diff --git a/flake.nix b/flake.nix index 61d98b2..a0cfb0e 100644 --- a/flake.nix +++ b/flake.nix @@ -10,6 +10,11 @@ nixpkgs = { url = "github:NixOS/nixpkgs/nixos-unstable"; }; + lanzaboote = { + url = "github:nix-community/lanzaboote/v0.4.1"; + + inputs.nixpkgs.follows = "nixpkgs"; + }; nixinate.url = "git+https://git.vlt81.de/tristan/nixinate.git"; lix-module = { url = "https://git.lix.systems/lix-project/nixos-module/archive/2.90.0.tar.gz"; @@ -63,6 +68,7 @@ outputs = { self , nixpkgs + , lanzaboote , nixos-hardware , lix-module , nixtheplanet @@ -106,6 +112,7 @@ plasma-manager.homeManagerModules.plasma-manager ]; osModules = [ + lanzaboote.nixosModules.lanzaboote lix-module.nixosModules.default disko.nixosModules.disko home-manager.nixosModules.home-manager diff --git a/monitor_battery.fish b/monitor_battery.fish new file mode 100644 index 0000000..3cb7d50 --- /dev/null +++ b/monitor_battery.fish @@ -0,0 +1,10 @@ +#!/usr/bin/env fish + +set sensor_dir /sys/devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:50/PNP0C0A:00/power_supply/BAT1 + +while true + date -u +"%H:%MZ"; + echo "Charge: $(calc "($(cat $sensor_dir/charge_now)/1000000)*$(cat $sensor_dir/voltage_min_design)/1000000") Wh"; + echo "Current: $(calc "($(cat $sensor_dir/voltage_now)/1000000)*($(cat $sensor_dir/current_now)/1000000)") W"; + sleep 1m; +end diff --git a/os-mods/cachix/caches/lix.nix b/os-mods/cachix/caches/lix.nix index d4c3af9..d4a95ff 100644 --- a/os-mods/cachix/caches/lix.nix +++ b/os-mods/cachix/caches/lix.nix @@ -2,7 +2,7 @@ nix = { settings = { substituters = [ - "https://cache.lix.systems" + "https://cache.lix.systems" ]; trusted-public-keys = [ ]; diff --git a/os-mods/cachix/caches/nyx.nix b/os-mods/cachix/caches/nyx.nix new file mode 100644 index 0000000..f2aff08 --- /dev/null +++ b/os-mods/cachix/caches/nyx.nix @@ -0,0 +1,11 @@ +{ + nix = { + settings = { + substituters = [ "https://nyx.chaotic.cx/" ]; + trusted-public-keys = [ + "nyx.chaotic.cx-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8=" + "chaotic-nyx.cachix.org-1:HfnXSw4pj95iI/n17rIDy40agHj12WfF+Gqk6SonIT8=" + ]; + }; + }; +} diff --git a/push_cache.sh b/push_cache.sh new file mode 100755 index 0000000..a685ccf --- /dev/null +++ b/push_cache.sh @@ -0,0 +1,5 @@ +#!/usr/bin/env fish + +nix copy --substitute-on-destination --to ssh://he4 /run/booted-system +nix copy --substitute-on-destination --to ssh://he4 /run/current-system +nix copy --substitute-on-destination --to ssh://he4 /nix/var/nix/profiles/system diff --git a/systems/nixos-fw16/default.nix b/systems/nixos-fw16/default.nix index c928e6f..0a5cda2 100644 --- a/systems/nixos-fw16/default.nix +++ b/systems/nixos-fw16/default.nix @@ -69,12 +69,18 @@ ]; loader = { systemd-boot = { - enable = true; + enable = false; # due to lanzaboote configurationLimit = 16; }; efi.canTouchEfiVariables = true; }; + lanzaboote = { + enable = true; + configurationLimit = 16; + pkiBundle = "/etc/secureboot"; + }; + initrd = { availableKernelModules = [ "nvme" @@ -184,6 +190,7 @@ coreutils-full cpu-x fw-ectool + sbctl # secureboot debugging/config/mgmt ]; # android-tools # android-udev-rules