All my system configs and packages in one repo
systems/bavette: init
+273
-125
+18
flake.lock
+18
flake.lock
···
280
280
"type": "github"
281
281
}
282
282
},
283
+
"mobile-nixos": {
284
+
"flake": false,
285
+
"locked": {
286
+
"lastModified": 1772955276,
287
+
"narHash": "sha256-5NuNueKCltlW5xKY25R+g5yRcNfop3JBOqeI2OQtdOI=",
288
+
"owner": "Aleksanaa",
289
+
"repo": "mobile-nixos",
290
+
"rev": "4d9e1ecf8bbce17004ea4260c6837d27b9db1970",
291
+
"type": "github"
292
+
},
293
+
"original": {
294
+
"owner": "Aleksanaa",
295
+
"ref": "mrbland-friend",
296
+
"repo": "mobile-nixos",
297
+
"type": "github"
298
+
}
299
+
},
283
300
"ndg": {
284
301
"inputs": {
285
302
"flake-compat": "flake-compat_3",
···
445
462
"ghostty": "ghostty",
446
463
"hjem": "hjem",
447
464
"hjem-rum": "hjem-rum",
465
+
"mobile-nixos": "mobile-nixos",
448
466
"nix-index-database": "nix-index-database",
449
467
"nixos-generators": "nixos-generators",
450
468
"nixos-hardware": "nixos-hardware",
+8
-1
flake.nix
+8
-1
flake.nix
···
40
40
inputs.nixpkgs.follows = "nixpkgs";
41
41
};
42
42
43
+
mobile-nixos = {
44
+
url = "github:Aleksanaa/mobile-nixos/mrbland-friend";
45
+
flake = false;
46
+
};
47
+
43
48
nix-index-database = {
44
49
url = "github:nix-community/nix-index-database";
45
50
inputs.nixpkgs.follows = "nixpkgs";
···
85
90
inputs.flake-parts.lib.mkFlake { inherit inputs; } {
86
91
systems = [
87
92
"x86_64-linux"
88
-
"x86_64-darwin"
93
+
"aarch64-linux"
94
+
"aarch64-darwin"
89
95
];
90
96
91
97
imports = [
···
94
100
./systems/pappardelle
95
101
./systems/focaccia
96
102
./systems/brioche
103
+
./systems/bavette
97
104
./systems/deploy.nix
98
105
];
99
106
+2
systems/NAMING.md
+2
systems/NAMING.md
···
10
10
laptop from 2021 to early 2025. Dormant.
11
11
- **`pappardelle`**: A Lenovo XiaoXin Pro / IdeaPad Pro 5 14-inch 2025 (14IAH10).
12
12
Current main laptop (and PC in general really).
13
+
- `bavette`: A pre-production Lenovo IdeaPad Duet 3 (`wormdingler`).
14
+
Cute little 11-inch phablet that took me ages to get NixOS working on.
13
15
14
16
- Mobile phones, named after cheeses
15
17
- `ricotta`: A Chinese iPhone 12. Mostly used as a hotspot machine and for
+75
systems/bavette/configuration.nix
+75
systems/bavette/configuration.nix
···
1
+
{
2
+
inputs,
3
+
pkgs,
4
+
lib,
5
+
config,
6
+
...
7
+
}:
8
+
{
9
+
imports = [
10
+
(import "${inputs.mobile-nixos}/lib/configuration.nix" {
11
+
device = "lenovo-wormdingler";
12
+
})
13
+
../desktop.nix
14
+
];
15
+
16
+
nixpkgs.overlays = [
17
+
(final: prev: {
18
+
# FIXME: wtf
19
+
# > ======================================================================
20
+
# > FAIL: test_how_to_type (__main__.TestXkbcli.test_how_to_type) (args=['--verbose', '1'])
21
+
# > ----------------------------------------------------------------------
22
+
# > Traceback (most recent call last):
23
+
# > File "/build/source/test/tool-option-parsing.py", line 583, in test_how_to_type
24
+
# > assert len(lines) >= 1
25
+
# > ^^^^^^^^^^^^^^^
26
+
# > AssertionError
27
+
# >
28
+
# > ----------------------------------------------------------------------
29
+
# > Ran 20 tests in 52.199s
30
+
# >
31
+
# > FAILED (failures=13, skipped=95)
32
+
libxkbcommon = prev.libxkbcommon.overrideAttrs {
33
+
doCheck = false;
34
+
};
35
+
})
36
+
];
37
+
38
+
# TODO: is this truly necessary?
39
+
mobile.system.depthcharge.kpart.dtbs = lib.mkForce (
40
+
pkgs.runCommand "sc7180-dtbs" { } ''
41
+
mkdir -p $out
42
+
cd $out
43
+
ln -sv ${config.mobile.boot.stage-1.kernel.package}/dtbs/qcom/sc7180-trogdor-wormdingler-rev1-inx.dtb
44
+
''
45
+
);
46
+
47
+
hardware.firmware = with pkgs; [
48
+
chromeos-sc7180-unredistributable-firmware
49
+
];
50
+
51
+
services.desktopManager.gnome.enable = true;
52
+
53
+
users.users.leah = {
54
+
enable = true;
55
+
isNormalUser = true;
56
+
description = "Leah C";
57
+
extraGroups = [
58
+
"wheel" # 1984 powers
59
+
];
60
+
home = "/home/leah";
61
+
62
+
openssh.authorizedKeys.keys = [
63
+
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINcpWY17MNJBx56APRSvLOfUjHllXn9gY/cV51JaLoh6"
64
+
];
65
+
};
66
+
67
+
services.openssh = {
68
+
enable = true;
69
+
settings.PermitRootLogin = "prohibit-password";
70
+
};
71
+
72
+
users.users.root.openssh.authorizedKeys.keys = [
73
+
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKbsavGX9rGRx5R+7ovLn+r7D/w3zkbqCik4bS31moSz"
74
+
];
75
+
}
+11
systems/bavette/default.nix
+11
systems/bavette/default.nix
+21
-15
systems/common.nix
+21
-15
systems/common.nix
···
2
2
{
3
3
config,
4
4
inputs,
5
+
pkgs,
5
6
...
6
7
}:
7
8
{
···
26
27
27
28
settings = {
28
29
auto-optimise-store = true;
30
+
builders-use-substitutes = true;
29
31
experimental-features = [
30
32
"nix-command"
31
33
"flakes"
···
34
36
];
35
37
trusted-users = [ "@wheel" ];
36
38
};
39
+
40
+
# distributedBuilds = true;
41
+
42
+
# buildMachines = [
43
+
# {
44
+
# hostName = "aarch64-build-box";
45
+
# sshUser = "pluiedev";
46
+
# sshKey = "/root/.ssh/remotebuild";
47
+
# system = "aarch64-linux";
48
+
# supportedFeatures = [
49
+
# "nixos-test"
50
+
# "big-parallel"
51
+
# "kvm"
52
+
# ];
53
+
# }
54
+
# ];
37
55
};
38
56
39
57
nixpkgs = {
···
56
74
# Use dbus-broker for higher D-Bus performance
57
75
services.dbus.implementation = "broker";
58
76
77
+
services.tailscale.enable = true;
78
+
59
79
# This is very bizarre.
60
-
#
80
+
#
61
81
# Within the Tangled CI environment there's no user information at all,
62
82
# and the builder is ran with ID 0. This is a problem because logrotate's
63
83
# check script apparently assumes the `id` binary will always succeed.
···
69
89
zramSwap = {
70
90
enable = true;
71
91
algorithm = "zstd";
72
-
};
73
-
74
-
# Disable DualSense/DualShock 4 touchpad acting as mouse
75
-
# See https://wiki.archlinux.org/title/Gamepad#Disable_touchpad_acting_as_mouse
76
-
services.udev.extraRules = ''
77
-
# USB
78
-
ATTRS{name}=="Sony Interactive Entertainment Wireless Controller Touchpad", ENV{LIBINPUT_IGNORE_DEVICE}="1"
79
-
# Bluetooth
80
-
ATTRS{name}=="Wireless Controller Touchpad", ENV{LIBINPUT_IGNORE_DEVICE}="1"
81
-
'';
82
-
83
-
# Fix the pairing process with a DualSense controller
84
-
hardware.bluetooth.settings = {
85
-
General.UserspaceHID = false;
86
92
};
87
93
88
94
system.configurationRevision = inputs.self.rev or inputs.self.dirtyRev or "unknown-dirty";
+11
-4
systems/deploy.nix
+11
-4
systems/deploy.nix
···
21
21
};
22
22
23
23
brioche = {
24
-
# sshOpts = [
25
-
# "-p"
26
-
# "22"
27
-
# ];
28
24
hostname = "brioche.pluie.me";
29
25
profiles = {
30
26
system = {
31
27
path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.brioche;
28
+
user = "root";
29
+
sshUser = "root";
30
+
};
31
+
};
32
+
};
33
+
34
+
bavette = {
35
+
hostname = "192.168.3.34";
36
+
profiles = {
37
+
system = {
38
+
path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.bavette;
32
39
user = "root";
33
40
sshUser = "root";
34
41
};
+123
systems/desktop.nix
+123
systems/desktop.nix
···
1
+
{
2
+
lib,
3
+
pkgs,
4
+
...
5
+
}:
6
+
{
7
+
imports = [
8
+
./common.nix
9
+
];
10
+
11
+
services = {
12
+
# Some things sadly don't like being in Nixpkgs
13
+
flatpak.enable = true;
14
+
15
+
# Makes sure auto-mounting disks still work when not using a
16
+
# traditional desktop environment like GNOME or KDE
17
+
udisks2.enable = true;
18
+
19
+
upower.enable = true;
20
+
21
+
# Nobody likes PulseAudio in this household
22
+
pulseaudio.enable = false;
23
+
24
+
pipewire = {
25
+
enable = true;
26
+
pulse.enable = true;
27
+
28
+
# Some weird apps still talk to ALSA directly
29
+
alsa.enable = true;
30
+
31
+
# JACK should only be necessary for some professional audio
32
+
# software (e.g. DAWs like Ardour or video editing software
33
+
# like DaVinci Resolve), but we enable it no matter what
34
+
jack.enable = true;
35
+
};
36
+
37
+
# Printing
38
+
printing = {
39
+
enable = true;
40
+
browsing = true;
41
+
};
42
+
avahi.enable = true;
43
+
};
44
+
45
+
# Real-time audio software like DAWs are
46
+
# *crippled* without rtkit
47
+
security.rtkit.enable = true;
48
+
49
+
networking.networkmanager.enable = true;
50
+
51
+
# Update the system timezone according to physical location
52
+
systemd.services.automatic-timezoned.enable = true;
53
+
54
+
55
+
# Expose proxy
56
+
networking.firewall.allowedTCPPorts = [ 2080 ];
57
+
58
+
# Show a pretty diff
59
+
system = {
60
+
# Thank @luishfonseca for this
61
+
# https://github.com/luishfonseca/dotfiles/blob/ab7625ec406b48493eda701911ad1cd017ce5bc1/modules/upgrade-diff.nix
62
+
activationScripts.diff = {
63
+
supportsDryActivation = true;
64
+
text = ''
65
+
${lib.getExe pkgs.nvd} --nix-bin-dir=${pkgs.nix}/bin diff /run/current-system "$systemConfig"
66
+
'';
67
+
};
68
+
};
69
+
70
+
specialisation.china.configuration = {
71
+
# cache.nixos.org is *unbearably* slow when accessed from Mainland China.
72
+
# Fortunately, mirror sites exist... Hooray(?)
73
+
nix.settings.substituters = map (url: "${url}/nix-channels/store") [
74
+
"https://mirrors.ustc.edu.cn"
75
+
"https://mirrors6.tuna.tsinghua.edu.cn"
76
+
"https://mirrors.tuna.tsinghua.edu.cn"
77
+
# "https://mirror.sjtu.edu.cn" # FIXME: buggy?
78
+
];
79
+
80
+
# Redirect all traffic through proxy
81
+
networking.proxy.allProxy = "http://127.0.0.1:2080";
82
+
nix.settings.impure-env = [
83
+
"all_proxy=http://127.0.0.1:2080"
84
+
"GOPROXY=https://goproxy.cn"
85
+
];
86
+
87
+
# Make the auto upgrade mechanism upgrade to the correct specialization
88
+
# so that proxies don't just randomly break the next day
89
+
system.autoUpgrade.flags = [
90
+
"--specialisation"
91
+
"china"
92
+
];
93
+
};
94
+
95
+
# Use native Wayland when possible
96
+
environment.variables = {
97
+
# This *should* be enough for most Electron apps
98
+
ELECTRON_OZONE_PLATFORM_HINT = "auto";
99
+
100
+
# Apply Nixpkgs-specific flags too
101
+
NIXOS_OZONE_WL = "1";
102
+
103
+
# Some SDL 2 apps are very naughty and don't work nicely under Wayland
104
+
SDL_VIDEODRIVER = "x11";
105
+
106
+
# SDL 3 should be able to use native Wayland just fine.
107
+
SDL_VIDEO_DRIVER = "wayland";
108
+
};
109
+
110
+
# Disable DualSense/DualShock 4 touchpad acting as mouse
111
+
# See https://wiki.archlinux.org/title/Gamepad#Disable_touchpad_acting_as_mouse
112
+
services.udev.extraRules = ''
113
+
# USB
114
+
ATTRS{name}=="Sony Interactive Entertainment Wireless Controller Touchpad", ENV{LIBINPUT_IGNORE_DEVICE}="1"
115
+
# Bluetooth
116
+
ATTRS{name}=="Wireless Controller Touchpad", ENV{LIBINPUT_IGNORE_DEVICE}="1"
117
+
'';
118
+
119
+
# Fix the pairing process with a DualSense controller
120
+
hardware.bluetooth.settings = {
121
+
General.UserspaceHID = false;
122
+
};
123
+
}
+4
-103
systems/laptop.nix
+4
-103
systems/laptop.nix
···
1
1
# Laptop configuration for when I'm on the move
2
2
{
3
-
lib,
4
3
pkgs,
5
4
...
6
5
}:
7
6
{
8
7
imports = [
9
-
./common.nix
8
+
./desktop.nix
10
9
../users
11
10
];
12
11
···
41
40
];
42
41
};
43
42
44
-
services = {
45
-
# Some things sadly don't like being in Nixpkgs
46
-
flatpak.enable = true;
47
-
48
-
# Makes sure auto-mounting disks still work when not using a
49
-
# traditional desktop environment like GNOME or KDE
50
-
udisks2.enable = true;
51
-
52
-
upower.enable = true;
53
-
54
-
# Dynamically adjust performance settings based on load
55
-
# instead of power-profile-daemon's rigid profiles
56
-
tlp.enable = true;
57
-
58
-
# Nobody likes PulseAudio in this household
59
-
pulseaudio.enable = false;
60
-
61
-
pipewire = {
62
-
enable = true;
63
-
pulse.enable = true;
64
-
65
-
# Some weird apps still talk to ALSA directly
66
-
alsa.enable = true;
67
-
68
-
# JACK should only be necessary for some professional audio
69
-
# software (e.g. DAWs like Ardour or video editing software
70
-
# like DaVinci Resolve), but we enable it no matter what
71
-
jack.enable = true;
72
-
};
73
-
74
-
# Printing
75
-
printing = {
76
-
enable = true;
77
-
browsing = true;
78
-
};
79
-
avahi.enable = true;
80
-
};
81
-
82
-
# Real-time audio software like DAWs are
83
-
# *crippled* without rtkit
84
-
security.rtkit.enable = true;
85
-
86
-
# Use native Wayland when possible
87
-
environment.variables = {
88
-
# This *should* be enough for most Electron apps
89
-
ELECTRON_OZONE_PLATFORM_HINT = "auto";
90
-
91
-
# Apply Nixpkgs-specific flags too
92
-
NIXOS_OZONE_WL = "1";
93
-
94
-
# Some SDL 2 apps are very naughty and don't work nicely under Wayland
95
-
SDL_VIDEODRIVER = "x11";
96
-
97
-
# SDL 3 should be able to use native Wayland just fine.
98
-
SDL_VIDEO_DRIVER = "wayland";
99
-
};
100
-
101
-
networking.networkmanager.enable = true;
43
+
# Dynamically adjust performance settings based on load
44
+
# instead of power-profile-daemon's rigid profiles
45
+
services.tlp.enable = true;
102
46
103
47
# Allow GPU usage monitoring utilities like `intel_gpu_top`
104
48
# to function without superuser access
105
49
boot.kernel.sysctl."kernel.perf_event_paranoid" = 0;
106
-
107
-
# Update the system timezone according to physical location
108
-
systemd.services.automatic-timezoned.enable = true;
109
-
110
-
# Expose proxy
111
-
networking.firewall.allowedTCPPorts = [ 2080 ];
112
-
113
-
# Show a pretty diff
114
-
system = {
115
-
# Thank @luishfonseca for this
116
-
# https://github.com/luishfonseca/dotfiles/blob/ab7625ec406b48493eda701911ad1cd017ce5bc1/modules/upgrade-diff.nix
117
-
activationScripts.diff = {
118
-
supportsDryActivation = true;
119
-
text = ''
120
-
${lib.getExe pkgs.nvd} --nix-bin-dir=${pkgs.nix}/bin diff /run/current-system "$systemConfig"
121
-
'';
122
-
};
123
-
};
124
-
125
-
specialisation.china.configuration = {
126
-
# cache.nixos.org is *unbearably* slow when accessed from Mainland China.
127
-
# Fortunately, mirror sites exist... Hooray(?)
128
-
nix.settings.substituters = map (url: "${url}/nix-channels/store") [
129
-
"https://mirrors.ustc.edu.cn"
130
-
"https://mirrors6.tuna.tsinghua.edu.cn"
131
-
"https://mirrors.tuna.tsinghua.edu.cn"
132
-
# "https://mirror.sjtu.edu.cn" # FIXME: buggy?
133
-
];
134
-
135
-
# Redirect all traffic through proxy
136
-
networking.proxy.allProxy = "http://127.0.0.1:2080";
137
-
nix.settings.impure-env = [
138
-
"all_proxy=http://127.0.0.1:2080"
139
-
"GOPROXY=https://goproxy.cn"
140
-
];
141
-
142
-
# Make the auto upgrade mechanism upgrade to the correct specialization
143
-
# so that proxies don't just randomly break the next day
144
-
system.autoUpgrade.flags = [
145
-
"--specialisation"
146
-
"china"
147
-
];
148
-
};
149
50
}