patrick/nix-config
1
1
Fork 0
Code Issues Pull requests Projects Wiki Activity

feat: systemd update und agenix rekey update

Browse source
This commit is contained in:
Patrick 2023-09-25 13:53:07 +02:00
parent 5d5397a0c0
commit 2d39fbbb7e
Signed by: patrick
GPG key ID: 451F95EFB8BECD0F
7 changed files with 216 additions and 100 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

246
flake.lock
View file

@ -11,11 +11,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1694793763, "lastModified": 1695384796,
"narHash": "sha256-y6gTE1C9mIoSkymRYyzCmv62PFgy+hbZ5j8fuiQK5KI=", "narHash": "sha256-TYlE4B0ktPtlJJF9IFxTWrEeq+XKG8Ny0gc2FGEAdj0=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "572baca9b0c592f71982fca0790db4ce311e3c75", "rev": "1f677b3e161d3bdbfd08a939e8f25de2568e0ef4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -26,16 +26,21 @@
}, },
"agenix-rekey": { "agenix-rekey": {
"inputs": { "inputs": {
"devshell": "devshell",
"flake-utils": [
"flake-utils"
],
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
] ],
"pre-commit-hooks": "pre-commit-hooks"
}, },
"locked": { "locked": {
"lastModified": 1692783612, "lastModified": 1695588239,
"narHash": "sha256-Mz1xv45Rjzet1D2bMGKapgw1JCHaD60dBs4sE6Dz2+A=", "narHash": "sha256-FMeJBXADlrWqJlBCEkfsOz4b2yzjMUwAD0zYGkLhAXQ=",
"owner": "oddlama", "owner": "oddlama",
"repo": "agenix-rekey", "repo": "agenix-rekey",
"rev": "52695865488742e0b34a56111cd40e229b3ab90a", "rev": "e33d9479671a9e253790c8b2b09bbe3072ecf289",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -64,7 +69,7 @@
}, },
"colmena": { "colmena": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat_2",
"flake-utils": [ "flake-utils": [
"flake-utils" "flake-utils"
], ],
@ -143,6 +148,28 @@
} }
}, },
"devshell": { "devshell": {
"inputs": {
"nixpkgs": [
"agenix-rekey",
"nixpkgs"
],
"systems": "systems"
},
"locked": {
"lastModified": 1695195896,
"narHash": "sha256-pq9q7YsGXnQzJFkR5284TmxrLNFc0wo4NQ/a5E93CQU=",
"owner": "numtide",
"repo": "devshell",
"rev": "05d40d17bf3459606316e3e9ec683b784ff28f16",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"devshell_2": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
@ -152,11 +179,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1694858246, "lastModified": 1695195896,
"narHash": "sha256-zcKnlTrMspD6YUgN1VyKMKSZ5Few3LCyDyBz3wtGPJQ=", "narHash": "sha256-pq9q7YsGXnQzJFkR5284TmxrLNFc0wo4NQ/a5E93CQU=",
"owner": "numtide", "owner": "numtide",
"repo": "devshell", "repo": "devshell",
"rev": "f26c2e05cd766be3750dd3d6e276650a1eab4c61", "rev": "05d40d17bf3459606316e3e9ec683b784ff28f16",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -172,11 +199,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1695039393, "lastModified": 1695632260,
"narHash": "sha256-HXvRPTSfQ/fCqxYGvWOc1duSBdXcQlrYvyno8YZbyHI=", "narHash": "sha256-B8nW57UouYtiWMJKX5leByifMj+lYk7IyV5uz0c/ZwA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "9f29cedac79d0acf07b6341f9112f46dec3abb8f", "rev": "a14a3fb0a8e465fcd728e398d00204a195be06a3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -186,6 +213,22 @@
} }
}, },
"flake-compat": { "flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1650374568, "lastModified": 1650374568,
@ -201,7 +244,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_2": { "flake-compat_3": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1673956053, "lastModified": 1673956053,
@ -217,7 +260,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_3": { "flake-compat_4": {
"locked": { "locked": {
"lastModified": 1688025799, "lastModified": 1688025799,
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=", "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
@ -232,7 +275,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_4": { "flake-compat_5": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1673956053, "lastModified": 1673956053,
@ -248,7 +291,7 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat_5": { "flake-compat_6": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1673956053, "lastModified": 1673956053,
@ -329,7 +372,7 @@
}, },
"flake-utils_2": { "flake-utils_2": {
"inputs": { "inputs": {
"systems": "systems" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1681202837, "lastModified": 1681202837,
@ -347,7 +390,7 @@
}, },
"flake-utils_3": { "flake-utils_3": {
"inputs": { "inputs": {
"systems": "systems_2" "systems": "systems_3"
}, },
"locked": { "locked": {
"lastModified": 1694529238, "lastModified": 1694529238,
@ -365,7 +408,7 @@
}, },
"flake-utils_4": { "flake-utils_4": {
"inputs": { "inputs": {
"systems": "systems_3" "systems": "systems_4"
}, },
"locked": { "locked": {
"lastModified": 1685518550, "lastModified": 1685518550,
@ -398,6 +441,28 @@
} }
}, },
"gitignore": { "gitignore": {
"inputs": {
"nixpkgs": [
"agenix-rekey",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1660459072,
"narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"gitignore_2": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"lanzaboote", "lanzaboote",
@ -419,7 +484,7 @@
"type": "github" "type": "github"
} }
}, },
"gitignore_2": { "gitignore_3": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"pre-commit-hooks", "pre-commit-hooks",
@ -447,11 +512,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1694643239, "lastModified": 1695550077,
"narHash": "sha256-pv2k/5FvyirDE8g4TNehzwZ0T4UOMMmqWSQnM/luRtE=", "narHash": "sha256-xoxR/iY69/3lTnnZDP6gf3J46DUKPcf+Y1jH03tfZXE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "d9b88b43524db1591fb3d9410a21428198d75d49", "rev": "a88df2fb101778bfd98a17556b3a2618c6c66091",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -499,7 +564,7 @@
"lanzaboote": { "lanzaboote": {
"inputs": { "inputs": {
"crane": "crane", "crane": "crane",
"flake-compat": "flake-compat_2", "flake-compat": "flake-compat_3",
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_2",
"nixpkgs": [ "nixpkgs": [
@ -529,11 +594,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1694952508, "lastModified": 1695557304,
"narHash": "sha256-0KzgnYW9RvlwUnl5qYinNOg/WsV9jEJfMPVQoJL8bmI=", "narHash": "sha256-HYoJE+KE6/zGHgRI496n9E1abDFaqsl9EnEfGIEEqLo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "lib-aggregate", "repo": "lib-aggregate",
"rev": "d44755862cce5ba5e040ec8f7df6c6b33e47c8a0", "rev": "cb8bfd550aaaf32a330c1c8870a3d9a5bfa00954",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -549,11 +614,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1695000172, "lastModified": 1695258303,
"narHash": "sha256-TWPMFY29XcWAwUJFE3n+4pGqBdBbr4XsWDZwr77fTwo=", "narHash": "sha256-5Ibd9qjkAk04y8GyweQF+ciIaPzRaet3xZAmTDOWCng=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-eval-jobs", "repo": "nix-eval-jobs",
"rev": "a91f3595b22037f561912cd3a9ca549933e4544d", "rev": "39657d146828157ef51c4f2d8bebb96a77075fc6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -569,11 +634,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1694921880, "lastModified": 1695526222,
"narHash": "sha256-yU36cs5UdzhTwsM9bUWUz43N//ELzQ1ro69C07pU/8E=", "narHash": "sha256-/NwZz3QcVplrfiDKk1thYg1EIHLSNucVHNUi2uwO3RI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "9d2bcc47110b3b6217dfebd6761ba20bc78aedf2", "rev": "25d6369c232bbea1ec1f90226fd17982e7a0a647",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -620,11 +685,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1695033975, "lastModified": 1695541019,
"narHash": "sha256-GIUxbgLBhVyaKRxQw/NWYFLx7/jbKW3+U0HoSsMLPAs=", "narHash": "sha256-rs++zfk41K9ArWkDAlmBDlGlKO8qeRIRzdjo+9SmNFI=",
"owner": "nixos", "owner": "nixos",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "161b027169b19d3a0ad6bd0a8948edf0c0fb0f64", "rev": "61283b30d11f27d5b76439d43f20d0c0c8ff5296",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -635,11 +700,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1694767346, "lastModified": 1695360818,
"narHash": "sha256-5uH27SiVFUwsTsqC5rs3kS7pBoNhtoy9QfTP9BmknGk=", "narHash": "sha256-JlkN3R/SSoMTa+CasbxS1gq+GpGxXQlNZRUh9+LIy/0=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ace5093e36ab1e95cb9463863491bee90d5a4183", "rev": "e35dcc04a3853da485a396bdd332217d0ac9054f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -651,11 +716,11 @@
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1694911725, "lastModified": 1695516402,
"narHash": "sha256-8YqI+YU1DGclEjHsnrrGfqsQg3Wyga1DfTbJrN3Ud0c=", "narHash": "sha256-pL7m8iu1OLs/7ywhh+Q8ltPgmtwbMpi7484yr32zgYI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "819180647f428a3826bfc917a54449da1e532ce0", "rev": "01fc4cd75e577ac00e7c50b7e5f16cd9b6d633e8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -665,6 +730,22 @@
} }
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": {
"lastModified": 1685801374,
"narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c37ca420157f4abc31e26f436c1145f8951ff373",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": { "locked": {
"lastModified": 1678872516, "lastModified": 1678872516,
"narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=", "narHash": "sha256-/E1YwtMtFAu2KUQKV/1+KFuReYPANM2Rzehk84VxVoc=",
@ -680,7 +761,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-stable_2": { "nixpkgs-stable_3": {
"locked": { "locked": {
"lastModified": 1685801374, "lastModified": 1685801374,
"narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=", "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=",
@ -698,7 +779,7 @@
}, },
"nixpkgs-wayland": { "nixpkgs-wayland": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_3", "flake-compat": "flake-compat_4",
"lib-aggregate": "lib-aggregate", "lib-aggregate": "lib-aggregate",
"nix-eval-jobs": "nix-eval-jobs", "nix-eval-jobs": "nix-eval-jobs",
"nixpkgs": [ "nixpkgs": [
@ -706,11 +787,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1695035588, "lastModified": 1695640374,
"narHash": "sha256-jhB35iAcGXVXFPPA+JAQQX2J6Uj3BqlyEGjMDZSEAD0=", "narHash": "sha256-uhux9CgJkqtoS+Mh2KAPTIz2YTGTASqv2IbN/0iSE90=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs-wayland", "repo": "nixpkgs-wayland",
"rev": "9613c0cb66dcbb7fa5bcdf6667e384caf53eab26", "rev": "48c55ade480192dbb65eb7e8850a68b6b64a7927",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -721,11 +802,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1694998849, "lastModified": 1695256509,
"narHash": "sha256-A23ROwLGc+lbgUZOkHMhsJ+3IMC+5MmRXXl61iEuhhQ=", "narHash": "sha256-Je+ZId+dYrx0NOZ8J6le7CwZZdVZAAP5dddxK9kZNfA=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "5b859eef2e5dd7aacfd229e819f426942eed25fc", "rev": "ff7daa56614b083d3a87e2872917b676e9ba62a6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -788,15 +869,17 @@
}, },
"pre-commit-hooks": { "pre-commit-hooks": {
"inputs": { "inputs": {
"flake-compat": "flake-compat_4", "flake-compat": "flake-compat",
"flake-utils": [ "flake-utils": [
"agenix-rekey",
"flake-utils" "flake-utils"
], ],
"gitignore": "gitignore_2", "gitignore": "gitignore",
"nixpkgs": [ "nixpkgs": [
"agenix-rekey",
"nixpkgs" "nixpkgs"
], ],
"nixpkgs-stable": "nixpkgs-stable_2" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1694364351, "lastModified": 1694364351,
@ -822,12 +905,12 @@
"lanzaboote", "lanzaboote",
"flake-utils" "flake-utils"
], ],
"gitignore": "gitignore", "gitignore": "gitignore_2",
"nixpkgs": [ "nixpkgs": [
"lanzaboote", "lanzaboote",
"nixpkgs" "nixpkgs"
], ],
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable_2"
}, },
"locked": { "locked": {
"lastModified": 1681413034, "lastModified": 1681413034,
@ -843,12 +926,38 @@
"type": "github" "type": "github"
} }
}, },
"pre-commit-hooks_2": {
"inputs": {
"flake-compat": "flake-compat_5",
"flake-utils": [
"flake-utils"
],
"gitignore": "gitignore_3",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable_3"
},
"locked": {
"lastModified": 1695576016,
"narHash": "sha256-71KxwRhTfVuh7kNrg3/edNjYVg9DCyKZl2QIKbhRggg=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "cb770e93516a1609652fa8e945a0f310e98f10c0",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"agenix-rekey": "agenix-rekey", "agenix-rekey": "agenix-rekey",
"colmena": "colmena", "colmena": "colmena",
"devshell": "devshell", "devshell": "devshell_2",
"disko": "disko", "disko": "disko",
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"home-manager": "home-manager", "home-manager": "home-manager",
@ -860,9 +969,9 @@
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-wayland": "nixpkgs-wayland", "nixpkgs-wayland": "nixpkgs-wayland",
"nixseparatedebuginfod": "nixseparatedebuginfod", "nixseparatedebuginfod": "nixseparatedebuginfod",
"pre-commit-hooks": "pre-commit-hooks", "pre-commit-hooks": "pre-commit-hooks_2",
"stylix": "stylix", "stylix": "stylix",
"systems": "systems_4", "systems": "systems_5",
"templates": "templates" "templates": "templates"
} }
}, },
@ -910,7 +1019,7 @@
"stylix": { "stylix": {
"inputs": { "inputs": {
"base16": "base16", "base16": "base16",
"flake-compat": "flake-compat_5", "flake-compat": "flake-compat_6",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"nixpkgs": "nixpkgs_4" "nixpkgs": "nixpkgs_4"
}, },
@ -988,6 +1097,21 @@
"type": "github" "type": "github"
} }
}, },
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"templates": { "templates": {
"locked": { "locked": {
"lastModified": 1685790891, "lastModified": 1685790891,

6
flake.nix
View file

@ -37,6 +37,7 @@
agenix-rekey = { agenix-rekey = {
url = "github:oddlama/agenix-rekey"; url = "github:oddlama/agenix-rekey";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
inputs.flake-utils.follows = "flake-utils";
}; };
flake-utils = { flake-utils = {
@ -102,6 +103,10 @@
#masterIdentities = [./secrets/NIXOSa.key.pub]; #masterIdentities = [./secrets/NIXOSa.key.pub];
extraEncryptionPubkeys = [./secrets/recipients.txt]; extraEncryptionPubkeys = [./secrets/recipients.txt];
}; };
agenix-rekey = agenix-rekey.configure {
userFlake = self;
inherit (self) nodes pkgs;
};
inherit stateVersion; inherit stateVersion;
inherit inherit
@ -149,7 +154,6 @@
.${system}; .${system};
}; };
apps = agenix-rekey.defineApps self pkgs self.nodes;
checks.pre-commit-check = checks.pre-commit-check =
pre-commit-hooks.lib.${system}.run pre-commit-hooks.lib.${system}.run
{ {

2
modules/config/nix.nix
View file

@ -6,7 +6,7 @@
nix = { nix = {
settings = { settings = {
auto-optimise-store = true; auto-optimise-store = true;
allowed-users = ["@wheel"]; allowed-users = ["@wheel" "nixseparatedebuginfod"];
trusted-users = ["root" "@wheel"]; trusted-users = ["root" "@wheel"];
system-features = ["recursive-nix" "repl-flake" "big-parallel"]; system-features = ["recursive-nix" "repl-flake" "big-parallel"];
substituters = [ substituters = [

2
modules/config/system.nix
View file

@ -19,6 +19,7 @@
lib.mkIf (lib.pathExists pubkeyPath || lib.trace "Missing pubkey for ${config.node.name}: ${toString pubkeyPath} not found, using dummy replacement key for now." false) lib.mkIf (lib.pathExists pubkeyPath || lib.trace "Missing pubkey for ${config.node.name}: ${toString pubkeyPath} not found, using dummy replacement key for now." false)
pubkeyPath; pubkeyPath;
generatedSecretsDir = config.node.secretsDir + "/generated/"; generatedSecretsDir = config.node.secretsDir + "/generated/";
cacheDir = "/var/tmp/agenix-rekey/\"$UID\"";
}; };
security.sudo.enable = false; security.sudo.enable = false;
security.tpm2 = { security.tpm2 = {
@ -58,6 +59,7 @@
ripgrep ripgrep
killall killall
fd fd
kitty.terminfo
]; ];
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";

24
modules/hardware/pipewire.nix
View file

@ -30,9 +30,9 @@
"pipewire/pipewire.conf.d/92-low-latency.conf".text = '' "pipewire/pipewire.conf.d/92-low-latency.conf".text = ''
context.properties = { context.properties = {
default.clock.rate = 48000 default.clock.rate = 48000
default.clock.quantum = 32 default.clock.quantum = 64
default.clock.min-quantum = 32 default.clock.min-quantum = 32
default.clock.max-quantum = 32 default.clock.max-quantum = 128
} }
''; '';
"pipewire/pipewire-pulse.d/91-low-latency.conf".text = builtins.toJSON { "pipewire/pipewire-pulse.d/91-low-latency.conf".text = builtins.toJSON {
@ -41,29 +41,17 @@
name = "libpipewire-module-protocol-pulse"; name = "libpipewire-module-protocol-pulse";
args = { args = {
pulse.min.req = "32/48000"; pulse.min.req = "32/48000";
pulse.default.req = "32/48000"; pulse.default.req = "64/48000";
pulse.max.req = "32/48000"; pulse.max.req = "128/48000";
pulse.min.quantum = "32/48000"; pulse.min.quantum = "32/48000";
pulse.max.quantum = "32/48000"; pulse.max.quantum = "128/48000";
}; };
} }
]; ];
stream.properties = { stream.properties = {
node.latency = "32/48000"; node.latency = "128/48000";
resample.quality = 1;
}; };
}; };
# If resampling is required, use a higher quality. 15 is overkill and too cpu expensive without any obvious audible advantage
"pipewire/pipewire-pulse.conf.d/99-resample.conf".text = builtins.toJSON {
"stream.properties"."resample.quality" = 10;
};
"pipewire/client.conf.d/99-resample.conf".text = builtins.toJSON {
"stream.properties"."resample.quality" = 10;
};
"pipewire/client-rt.conf.d/99-resample.conf".text = builtins.toJSON {
"stream.properties"."resample.quality" = 10;
};
}; };
sound.enable = false; sound.enable = false;

22
modules/impermanence/default.nix
View file

@ -18,24 +18,10 @@
]; ];
directories = directories =
[ [
{ "/var/tmp/agenix-rekey"
directory = "/var/log"; "/var/log"
user = "root"; "/var/lib/systemd"
group = "root"; "/var/lib/nixos"
mode = "0755";
}
{
directory = "/var/lib/systemd";
user = "root";
group = "root";
mode = "0755";
}
{
directory = "/var/lib/nixos";
user = "root";
group = "root";
mode = "0775";
}
] ]
++ lib.lists.optionals config.hardware.bluetooth.enable [ ++ lib.lists.optionals config.hardware.bluetooth.enable [
"/var/lib/bluetooth" "/var/lib/bluetooth"

14
nix/devshell.nix
View file

@ -3,11 +3,15 @@
nixpkgs, nixpkgs,
colmena, colmena,
devshell, devshell,
agenix-rekey,
... ...
}: system: let }: system: let
pkgs = import nixpkgs { pkgs = import nixpkgs {
inherit system; inherit system;
overlays = [devshell.overlays.default]; overlays = [
devshell.overlays.default
agenix-rekey.overlays.default
];
}; };
in in
pkgs.devshell.mkShell { pkgs.devshell.mkShell {
@ -33,6 +37,10 @@ in
colmena.packages.${system}.colmena; colmena.packages.${system}.colmena;
help = "Apply nix configurations"; help = "Apply nix configurations";
} }
{
package = pkgs.agenix-rekey;
help = "Edit and rekey repository secrets";
}
{ {
package = package =
alejandra; alejandra;
@ -42,6 +50,10 @@ in
package = statix; package = statix;
help = "Linter for nix"; help = "Linter for nix";
} }
{
package = deadnix;
help = "Remove dead nix code";
}
{ {
package = update-nix-fetchgit; package = update-nix-fetchgit;
help = "Update fetcher inside nix files"; help = "Update fetcher inside nix files";