colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
1,042 Commits 125 Branches 1 Tag 12 MiB
ryzen-servo
Commit Graph

1042 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
colin
454e65b027 add img targets for desko and uninsane machines 2022-05-22 02:57:05 -07:00
colin
c5e0310229 pda: switch nixpkgs for mobile-nixos 
the old one doesn't work. not sure if this one does or not
 2022-05-22 02:55:36 -07:00
Colin
f2a7592143 secrets: document how to update a secret 2022-05-22 09:41:16 +00:00
Colin
92769da8e5 machine: uninsane: port to home-manager 2022-05-22 09:40:36 +00:00
colin
71957428e2 allow ssh access from desko 2022-05-22 02:06:33 -07:00
colin
49c0854fa6 duplicity: fix broken link during earlier refactor 2022-05-22 02:03:52 -07:00
colin
3b8c76f46c desko/lappy: factor out common hardware 2022-05-22 02:03:25 -07:00
colin
e9dbbb764f desko/lappy: factor out some easy commonalities 
i'm sure this will change as i mess with the rpi image
 2022-05-22 01:59:04 -07:00
colin
33d2666a03 convert lappy-gpt to use a helper which we'll be able to replicate for other machines 2022-05-22 01:38:19 -07:00
colin
e0b0fe065b move all machines into a subdirectory 2022-05-22 01:29:56 -07:00
colin
8f903d5214 create a machine for my desktop 
it's a clone of lappy, except with different fs uuids.

i'll work to fold some of these in a bit.
 2022-05-22 01:27:02 -07:00
colin
0557a2b700 document how to use the lappy-gpt target 2022-05-22 01:23:54 -07:00
colin
1e4c648e90 lappy: add btrfs-progs 
somehow this already exists on my system, but not on a fresh build.
suspicious.
 2022-05-22 00:04:30 -07:00
colin
b36983c348 boot: add explicit support for btrfs on boot 
nix calculates this dynamically, looking at the fileSystem declarations.
this would fail if one converts a file system after generating the
image. so let's be explicit in what we want to support.
 2022-05-22 00:01:56 -07:00
colin
ea75c315bd enable microcode updates for intel (desktop) 2022-05-21 23:31:38 -07:00
colin
06b23e92f9 lappy-gpt: inline nixos-generate logic for better boot consistency 
this image boots!
 2022-05-21 22:00:38 -07:00
colin
bd3bf6d108 add a #lappy-gpt target which builds a flat, flashable image. 
the root part is ext4 instead of btrfs. nixos-generators doesn't support
btrfs. the underlying machinery does though, so we can remove the
middleman in a future patch to achieve that.
 2022-05-21 18:05:32 -07:00
colin
fc3b40d434 factor out a decl-machine helper 2022-05-21 00:40:56 -07:00
colin
f5d313c0ea factor out the uninsane machine a bit better 2022-05-21 00:30:29 -07:00
colin
298e7bc8ec lift pkg patching out of the toplevel machine definitions 2022-05-21 00:23:29 -07:00
colin
e252f8623c lappy: lift the x86_64-linux wrangling out of the modules 2022-05-21 00:18:17 -07:00
colin
b31972444e lappy: move more stuff to the toplevel lappy/default.nix 2022-05-21 00:15:33 -07:00
colin
13b957dbfa document some mobile-pkgs commits 2022-05-20 23:53:44 -07:00
colin
0877570947 add (experimental) pinephone/pda target 
this requires cross compilation (particularly of the kernel), which is a bit too slow on this machine
to test since it uses qemu.

i can maybe switch to an older nixpkgs for the pda build which has the
kernel cached... or migrate my desktop to nixos and build the pinephone
image there :-)
 2022-05-20 21:18:04 -07:00
colin
0457ae40fe migrate my nixos laptop to this flake 2022-05-20 21:14:19 -07:00
Colin
e0f710b8a3 update readme to explain how to handle secrets with git 2022-05-21 02:08:49 +00:00
Colin
55b3b6ad46 port to a flake 
built and switched. will try reboot.
 2022-05-21 01:59:51 +00:00
Colin
8ec94691fa experimental flake support 2022-05-21 00:07:49 +00:00
Colin
9889ee0937 users: add vulnix package for vulnerability scanning 2022-05-18 22:10:01 +00:00
Colin
e1b388f2c5 enable daily postgresql backups 2022-05-18 10:42:47 +00:00
Colin
e68ca3d600 toy around with explicitly spinning down the hard drive during shutdown 
abandon the concept. it requires a systemd rebuild, and therefore
almost all of userspace. not worth it yet. maybe buy a powered hub.
 2022-05-18 10:40:28 +00:00
Colin
32e00dac9d postgres: document some useful admin commands 1980-01-01 00:54:42 +00:00
Colin
72c2aed6d9 enable swap 1980-01-01 00:53:55 +00:00
Colin
f8a8ae8999 switch to pi-specific 5.10 kernel 
this includes the pi-400 dtb, so no more manual patching.

might be worth removing the explicit kernel modules packaged into the initrd (if possible?)
 2022-05-17 21:19:54 +00:00
Colin
b74b590b6e configuration: document the nix eval command. 2022-05-17 09:29:56 +00:00
Colin
6a8e49b00c uboot: decrease loglevel from 8 (debug full details) => 7 (debug) 
it doesn't actually make a notable difference. boot is still spammy.
i think i either get:
- debug messages compiled in and shown by default, or
- debug messages not compiled in

i'll settle for the former.
 2022-05-17 09:28:02 +00:00
Colin
61ff0eae4b uboot: split the patches apart and disable the verbose logging 
logging still has *some* verbosity. i may turn it down further.
 2022-05-17 09:10:26 +00:00
Colin
09cb37dee2 net: update ovpn config 2022-05-17 07:45:31 +00:00
Colin
b5ce0f9fea Pleroma: restart on failure (fixes slow DB startups) 2022-05-17 07:24:26 +00:00
Colin
a4f8a3042d document useful nix CLI tools 2022-05-17 06:44:40 +00:00
Colin
23a4633514 include fatresize in the env. 
it's useful for resizing the /boot partition
 2022-05-17 06:44:21 +00:00
Colin
a39564118f net: disable wlan0 2022-05-17 06:44:02 +00:00
Colin
3bc0a13ad1 cfg/hardware: include the contents of the scan/not-detected.nix file 2022-05-17 06:43:24 +00:00
Colin
e42256fa7f move boot config into cfg/hardware.nix 2022-05-17 05:47:43 +00:00
Colin
5ca049dcbe cfg/users: document how to create ssh keys 2022-05-17 02:11:52 +00:00
Colin
1064867194 migrate the nix install to an external USB drive. 
this requires a patch to uboot:
- uboot thinks the drive has a capacity of 0 (i.e. 'unknown'). unclear precisely why. could be noncompliant drive firmware, or a timeout somewhere.

and a patch to the rpi bootloader:
- in order to trampoline into the rpi-4 uboot.

and custom kernel modules in the initrd:
- in order to detect the USB hub (rpi fw).

additionally, i'm MANUALLY placing `bcm2711-rpi-400.dtb` into `/boot/nixos/..-linux-5.10.111-dtbs/broadcom`.
i'll want to do this automatically over time.

i hope to simplify much of this over time: this is just the first thing which works after a couple days of hacking at it.
 2022-05-17 01:58:12 +00:00
Colin
aeb8319154 services: add duplicity b2 backup cron job 2022-05-11 23:04:26 +00:00
Colin
0a63e53512 matrix: screen registrations by redirecting the activation emails 2022-05-11 06:41:34 +00:00
Colin
a1bbd16b94 gitea: achieve manual account approval via email intercepting 
flow: user signs up, with email. their activation email is redirected to me.
if they look good, i forward that email.
 2022-05-10 23:15:01 +00:00
Colin
44ce66b7ec gitea: enable registration behind captcha + manual approval 
unfortunately gitea doesn't notify me of user applications.
so new users will want to contact me out-of-band.
 2022-05-10 07:34:49 +00:00