From 35a2e3796e0b338066f3ef14cf6348625077d22a Mon Sep 17 00:00:00 2001 From: batvin321 Date: Mon, 18 Nov 2024 17:02:00 -0500 Subject: [PATCH] added 2012 macmini support --- flake.nix | 12 +- system/2012macmini/configuration.nix | 322 +++++++++++++++++++++++ system/2012macmini/disk.nix | 73 +++++ system/vincents-old-hp/configuration.nix | 3 +- 4 files changed, 408 insertions(+), 2 deletions(-) create mode 100755 system/2012macmini/configuration.nix create mode 100755 system/2012macmini/disk.nix diff --git a/flake.nix b/flake.nix index af4dc16..8e8c351 100755 --- a/flake.nix +++ b/flake.nix @@ -4,11 +4,12 @@ inputs = { nixpkgs.url = "github:nixos/nixpkgs/release-24.05"; pkgsUnstable.url = "github:nixos/nixpkgs/nixpkgs-unstable"; + nixos-hardware.url = "github:NixOS/nixos-hardware/master"; disko.url = "github:nix-community/disko/latest"; disko.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = { self, nixpkgs, disko, pkgsUnstable, ... }: + outputs = { self, nixpkgs, disko, pkgsUnstable, nixos-hardware, ... }: let system = "x86_64-linux"; lib = nixpkgs.lib; @@ -30,6 +31,15 @@ ./system/vincents-old-hp/configuration.nix ]; }; + 2012macmini = lib.nixosSystem { + inherit system; + specialArgs = { inherit unstable; }; + modules = [ + # add your model from this list: https://github.com/NixOS/nixos-hardware/blob/master/flake.nix + nixos-hardware.nixosModules.apple-macmini-4-1 + ./system/2012macmini/configuration.nix + ]; + }; susans-hp = lib.nixosSystem { inherit system; specialArgs = { inherit unstable; }; diff --git a/system/2012macmini/configuration.nix b/system/2012macmini/configuration.nix new file mode 100755 index 0000000..5dfbcb1 --- /dev/null +++ b/system/2012macmini/configuration.nix @@ -0,0 +1,322 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, pkgs, lib, unstable, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ]; + + # legacy boot + #boot.loader.grub.enable = true; + #boot.loader.grub.device = "/dev/vda"; + #boot.loader.grub.useOSProber = true; + + # UEFI boot + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + #boot.loader.efi.efiSysMountPoint = "/boot/efi"; + + boot.binfmt.registrations.appimage = { + interpreter = "${pkgs.appimage-run}/bin/appimage-run"; + recognitionType = "magic"; + offset = 0; + mask = ''\xff\xff\xff\xff\x00\x00\x00\x00\xff\xff\xff''; + magicOrExtension = ''\x7fELF....AI\x02''; + }; + + # boot logo + boot.plymouth.enable = true; + + # ZRAM + zramSwap.enable = true; + zramSwap.memoryPercent = 50; + boot.kernel.sysctl = { + "vm.swappiness" = 10; + "vm.vsf_cache_pressure" = 50; + }; + + boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; + + boot.kernelPackages = pkgs.linuxPackages_xanmod_stable; + boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ]; + + networking.hostName = "2012macmini"; # Define your hostname. + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "America/New_York"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + useXkbConfig = true; + }; + fonts.packages = [ pkgs.corefonts ]; + + # Enable the X11 windowing system. + services.xserver.enable = true; + + # displaylink + #services.xserver.videoDrivers = [ "displaylink" "modesetting" ]; + + # waydroid + virtualisation.waydroid.enable = true; + + # Enable the Cinnamon Desktop Environment. + services.displayManager.sddm.enable = true; + services.desktopManager.plasma6.enable = true; + programs.kdeconnect.enable = true; + + # Configure keymap in X11 + services.xserver = { + xkb.layout = "us"; + #xkb.variant = "colemak"; + #xkb.model = "chromebook"; + }; + services.xserver.xkb.options = "grp:win_space_toggle"; + + # Enable CUPS to print documents. + services.printing.enable = true; + services.printing.openFirewall = true; + services.avahi.enable = true; + services.avahi.nssmdns4 = true; + services.avahi.openFirewall = true; + services.printing.drivers = [ pkgs.hplip ]; + + # Enable sound with pipewire. + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + # If you want to use JACK applications, uncomment this + jack.enable = true; + + # use the example session manager (no others are packaged yet so this is en> + # no need to redefine it in your config for now) + wireplumber.enable = true; + }; + programs.noisetorch.enable = true; + + # Enable touchpad support (enabled default in most desktopManager). + services.libinput.enable = true; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.vincent = { + isNormalUser = true; + shell = pkgs.fish; + initialHashedPassword = "$y$j9T$0PPbSXGEwyGq6ZFvJMhmE/$D5ZlKOwR/4NCDD8eaxWiQiG1TTRSK4PfbQe/Tm60Id/"; + extraGroups = [ "wheel" "networkmanager" "uniput" "lp" "audio" "video" "cdrom" "input" "libvirtd" "dialout" ]; + }; + programs.fish.enable = true; + + nix.extraOptions = ''experimental-features = nix-command flakes''; + + nixpkgs.config.permittedInsecurePackages = [ + "electron-12.2.3" + "electron-27.3.11" + ]; + + nixpkgs.config.allowUnfree = true; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment = { + systemPackages = with pkgs; [ + tailscale + bleachbit + btop + neofetch + clamtk + trayscale + topgrade + appimage-run + git + unstable.gearlever + # kde apps + kdePackages.discover + kdePackages.sddm-kcm + kdePackages.ark + kdePackages.qtmultimedia + # editors + kdePackages.kate + nano + # vm + unstable.quickemu + # containers + podman + podman-compose + distrobox + boxbuddy + # office apps + bottles + onlyoffice-bin_latest + logseq + zoom-us + orca-slicer + gpodder + # package manager + wget + # web browser + librewolf + ungoogled-chromium + ]; + }; + + services = { + syncthing = { + enable = true; + user = "vincent"; + openDefaultPorts = true; + dataDir = "/home/vincent/logseq"; # Default folder for new synced folders + configDir = "/home/vincent/Documents/.config/syncthing"; # Folder for Syncthing's settings and keys + }; + }; + + # flatpak + xdg.portal.enable = true; + services.flatpak.enable = true; + systemd.services.configure-flathub-repo = { + wantedBy = ["multi-user.target"]; + path = [ pkgs.flatpak ]; + script = '' + flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo + ''; + }; + + # podman + virtualisation.containers.enable = true; + virtualisation = { + podman = { + enable = true; + + # Create a `docker` alias for podman, to use it as a drop-in replacement + dockerCompat = true; + + # Required for containers under podman-compose to be able to talk to each other. + defaultNetwork.settings.dns_enabled = true; + }; + }; + + # bluetooth + hardware.bluetooth.enable = true; + + # dconf + programs.dconf.enable = true; + + # enable the tailscale service + services.tailscale.enable = true; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + programs.mtr.enable = true; + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + + # List services that you want to enable: + + # preload + services.preload.enable = true; + + # schedualer + services.system76-scheduler.enable = true; + + # Enable the OpenSSH daemon. + services.openssh.enable = false; + + # auto clean + nix.optimise.automatic = true; + + # enable fwupd + services.fwupd.enable = true; + + # captive browser + programs.captive-browser.enable = true; + programs.captive-browser.bindInterface = false; + + + # auto update + system.autoUpgrade.enable = true; + system.autoUpgrade.allowReboot = true; + system.autoUpgrade.rebootWindow = { + lower = "01:00"; + upper = "05:00"; + }; + + #clamav + services.clamav.updater.enable = true; + services.clamav.daemon.enable = true; + + + # audit + security.auditd.enable = true; + security.audit.enable = true; + security.audit.rules = [ + "-a exit,always -F arch=b64 -S execve" + ]; + + + # Open ports in the firewall. + networking.firewall.allowedTCPPorts = [ + 22 + 8384 + 22000 + 24800 + 21116 + 7236 + 7250 + 47984 + 47989 + 47990 + 48010 + ]; + networking.firewall.allowedUDPPorts = [ + 22000 + 21027 + 24800 + 5353 + 5900 + 3689 + 5353 + 7236 + 47998 + 47999 + 48000 + 48002 + ]; + networking.firewall.allowedTCPPortRanges = [ + { + from = 1714; + to = 1764; + } + ]; + networking.firewall.allowedUDPPortRanges = [ + { + from = 1714; + to = 1764; + } + ]; + networking.firewall.rejectPackets = true; + # networking.firewall.allowedUDPPorts = [ 21116 ]; + # Or disable the firewall altogether. + networking.firewall.trustedInterfaces = [ "tailscale0" ]; + + services.fail2ban.enable = true; + networking.firewall.enable = true; + + # This value determines the NixOS release from which the default settings for stateful data, like file locations and database versions on your system were + # taken. It‘s perfectly fine and recommended to leave this value at the release version of the first install of this system. Before changing this value read + # the documentation for this option (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "24.05"; # Did you read the comment? + +} + diff --git a/system/2012macmini/disk.nix b/system/2012macmini/disk.nix new file mode 100755 index 0000000..6cef66c --- /dev/null +++ b/system/2012macmini/disk.nix @@ -0,0 +1,73 @@ +{ + disko.devices = { + disk = { + sda = { + type = "disk"; + device = "/dev/sda"; + content = { + type = "gpt"; + partitions = { + ESP = { + label = "boot"; + name = "ESP"; + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ + "defaults" + ]; + }; + }; + luks = { + size = "100%"; + label = "luks"; + content = { + type = "luks"; + name = "cryptroot"; + extraOpenArgs = [ + "--allow-discards" + "--perf-no_read_workqueue" + "--perf-no_write_workqueue" + ]; + # https://0pointer.net/blog/unlocking-luks2-volumes-with-tpm2-fido2-pkcs11-security-hardware-on-systemd-248.html + settings = {crypttabExtraOpts = ["fido2-device=auto" "token-timeout=10"];}; + content = { + type = "btrfs"; + extraArgs = ["-L" "nixos" "-f"]; + subvolumes = { + "/root" = { + mountpoint = "/"; + mountOptions = ["subvol=root" "compress=zstd" "noatime"]; + }; + "/home" = { + mountpoint = "/home"; + mountOptions = ["subvol=home" "compress=zstd" "noatime"]; + }; + "/nix" = { + mountpoint = "/nix"; + mountOptions = ["subvol=nix" "compress=zstd" "noatime"]; + }; + "/persist" = { + mountpoint = "/persist"; + mountOptions = ["subvol=persist" "compress=zstd" "noatime"]; + }; + "/log" = { + mountpoint = "/var/log"; + mountOptions = ["subvol=log" "compress=zstd" "noatime"]; + }; + }; + }; + }; + }; + }; + }; + }; + }; + }; + + fileSystems."/persist".neededForBoot = true; + fileSystems."/var/log".neededForBoot = true; +} diff --git a/system/vincents-old-hp/configuration.nix b/system/vincents-old-hp/configuration.nix index f585fc6..504bd8e 100755 --- a/system/vincents-old-hp/configuration.nix +++ b/system/vincents-old-hp/configuration.nix @@ -41,7 +41,7 @@ boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; - #boot.kernelPackages = pkgs.linuxPackages_xanmod_stable; + boot.kernelPackages = pkgs.linuxPackages_xanmod_stable; boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ]; networking.hostName = "vincents-chonky-hp"; # Define your hostname. @@ -138,6 +138,7 @@ trayscale topgrade appimage-run + git unstable.gearlever # kde apps kdePackages.discover