| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
| |
I already had this in my configuration.nix for quite some time and it's
part of my overly complicated[TM] audio setup where I combine multiple
speaker systems into one using two sound cards.
Since the mapping depends on the individual channels, it's very much
important to address the right sound card. So while I'm re-doing my
whole audio setup, I decided to get at least the udev part out of my
very messy configuration as a first start.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As mentioned in the initial commit (e73fcff03faed773df2500965cb9c4a4fc),
the machine was only temporary as a substitute for tishtushi.
Since slylandro had a pretty slow dual core CPU and its own quirks, this
was never a long-term solution and for the time being my intentions are
to work with dnyarri's new hardware until I have a less annoying setup
when I'm on the road again.
While writing this message, slylandro just died a gruesome death with
"cryptsetup erase", followed by "blkdiscard" on the whole drive.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The first (small) part of this already started in commit
dc2ef245d76f900f174e87961a3d17e6aecbd6e2, where I switched from Intel
CPU microcode to AMD.
However, at that time the hardware was still on its way, so the actual
move didn't happen yet.
On June 4th 2021 at 17:22:41 CEST, I started to migrate to the new
machine by using my old spinning rust configuration and btrfs balanced
to NVMe-only.
This means that we now no longer need to use bcache, which was a 512 GB
SATA SSD, nor do we use a RAID10 configuration in btrfs. Instead, I've
switched to NVMe with RAID1 exclusively, so this removes BFQ, power
management workarounds and two devices.
Since my old graphics card didn't work with UEFI GOP, I also had to
switch to a newer one (which I wanted to avoid, but whatever...), so
instead of DVI and HDMI we're now exclusively on DisplayPort.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
| |
After all the goal was to move all hardware specific stuff to the actual
machine definition, which includes the boot loader.
Since GRUB is enabled by default but with a higher priority value, we
now no longer need to mkForce-disable the option for machines using
systemd-boot.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
| |
The new hardware for dnyarri no longer contains an Intel CPU, so apart
from switching the microcode updates to AMD I also removed the setting
from the base profile because it clearly doesn't belong there.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since Tishtushi had a SSD failure and thus became a majoor nuisance to
work with, I got a temporary laptop from someone (since I don't know
whether they want to be mentioned, I leave out their name for now) in
order to be able to be more productive than waiting for several seconds
for a 1 KiB text file to be saved.
Right now, I'm not sure whether any firmware is needed for the temporary
laptop, so this is a hardware configuration just to get started with a
proper Hydra channel.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Injecting pre/post start scripts into services called
"btrfs-scrub-.service.service" isn't going to do a whole lot if the
actual service name is called "btrfs-scrub-.service".
During the last scrub I was wondering why caching got slow afterwards
and found out that the caching devices were filled with lots of
irrelevant data from the scrub. This led me to inspect what went wrong
and when checking the properties of the scrub service unit, I found out
that it never worked in the first place for the reason meantioned in the
first paragraph.
Actually using the right unit name helps a lot here, so onwards to the
next scrub in February :-)
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I already have this running in writethrough for long enough so that I'm
pretty confident that a disaster like last time[1] should not happen
anytime soon so that hereby I'm making this permanent in the machine
configuration.
The reason why I set this to writearound initially instead of
writethrough, was that I just wanted to go with the most conservative
option first.
Of course, during scrub, we still disable all caching, so we should not
generate too much wear on the SSD.
[1]: 15008e69542774c441e388ad4c2e28a2d27f9ba0
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This was one of the places where types.loaOf was still in place and it
got removed a while[1] ago and this in turn causes evaluation to fail
for quite a few machines:
The option value `boot.initrd.luks.devices' in `...' is not of type
`attribute set of submodules'.
I've not only changed all the machines to use attribute sets but also
fixed the check in core/tests.nix, because comparing against a list when
the actual type is an attribute set will result in all the LUKS tests to
be part of *all* channels, no matter whether you're actually using LUKS.
[1]: https://github.com/NixOS/nixpkgs/commit/20d491a317d9956ddca80913f07
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @Profpatsch
Cc: @sternenseemann
|
|
|
|
|
|
|
|
| |
I've had this laying around in my configuration.nix since quite a while,
but today is one of those days where I can't stand all the cruft piling
up there anymore and decided to add it here.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I'm using gPodder to follow a bunch of YouTube channels and the internal
extractor/downloader tends to be pretty unreliable.
On the other hand, youtube-dl is regularily updated and supports a ton
of different formats.
To make sure we can actually use the extension, gPodder needs to have
access to the youtube_dl Python module, so we need to add it to the
propagatedBuildInputs.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
| |
One (or maybe more?) dependency of weboob requires Python 3 and hence
using weboob from python2Packages isn't going to evaluate and instead
result in this error:
error: google-api-core-1.16.0 not supported for interpreter python2.7
Using weboob from python3Packages fixes the eval error.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The use of types.loaOf has been deprecated since quite a while and
lately[1] there is also an appropriate warning in place if an option
definition relies on types.loaOf to coerce the list to an attrset.
In vuizvui we didn't rely on types.loaOf, but it turned out that dnyarri
still relied on it in boot.initrd.luks.devices.
Since we already use attrsets for defining the LUKS devices, it's rather
easy to fix and we just need to return a nameValuePair in mkDevice.
[1]: https://github.com/NixOS/nixpkgs/commit/03309899eb41e50ef65001f63d6a4f078e3d4556
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
| |
`runCommandLocal` was added to nixpkgs in
https://github.com/NixOS/nixpkgs/pull/74642
to speed up trivial `runCommand` derivations by always building them
locally. We have a few places where that’s good to use.
|
|
|
|
|
|
|
|
|
| |
Unfortunately, this is a work requirement for the user in question, so
while I'd (personally) prefer to pretty much stay on free software, the
circumstances prevent this :-/
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @dwenola
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The usage of DHCP is no longer global since a while[1] and we now have
to explicitly enable it for the interfaces in question.
This actually is a good thing and makes it far less problematic if we
use tunnel interfaces and other more complicated networking
configuration.
I added the definitions for all machines where I actually know which
interfaces are in use and disabled useNetworkd for shakti, because I
don't know the interface names for that machine and the machine
currently isn't in use anyway, so we can add it later if needed.
[1]: https://github.com/NixOS/nixpkgs/pull/69302
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
| |
https://github.com/NixOS/nixpkgs/pull/58399 has been merged a few hours
ago, so we no longer need to use our manual override.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since NixOS/nixpkgs@466f5e534688049be2ed6e75ae5659633016b45e, libinput
is enabled by default for Plasma 5, so we no longer need to explicitly
enable it anymore.
Furthermore, there was brawndo as the only machine still using
Synaptics and it's about time it's using libinput as well, so I
subsequently removed synaptics there.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since NixOS/nixpkgs@c814d72b517bb201c8bbbfc64e386c7023352886, a lot of
packages now no longer have a name attribute but instead use pname, so
when checking the package name within allowUnfreePredicate we need to
make sure that we fall back to a default if the name attribute is not
present.
This fixes evaluation of the machine, however I didn't check if it
actually builds.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I don't recall the exact model which was used for that machine, but it
was definitely one that required version 5.70.
Now I made a pull request for nixpkgs a while ago[1], which hasn't been
merged and as I didn't have the chance to test it by myself I didn't
merge that pull request yet.
Since the user asked about that printer driver again, I decided to give
version 5.70 a shot in vuizvui only and merge it upstream, once the user
reports that the driver is working.
[1]: https://github.com/NixOS/nixpkgs/pull/58399
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
| |
This machine was used for controlling the LED lighting bars at
Rockfabrik. I no longer work there and the machine has subsequently been
replaced by something else, so I don't need kzerza anymore.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I did have a major outage this week, because I was using bcache with
writeback mode on a RAID10 backing storage. Fortunately, I was able to
recover 99.9% of the data (only the most recent stuff wasn't
recoverable), but I certainly don't want this to happen again in the
future.
While I did use bcache with hibernate and writeback, the interesting
part is that the caching device went bonkers after a "normal" shutdown
rather than a suspend/hibernate, with "normal" being "with a bunch of
kernel warnings about zswap". Also, this happened around a btrfs scrub,
so the inconsistency was all over the place.
So first of all, I'm now going with writaround mode rather than
writeback mode for the time being. Although it's slower than writeback,
the chances that I need to do such a recovery again is close to 0% with
writethrough and writearound because all writes are synchronous.
Second, this very change makes sure that whenever the machine goes to
sleep or a scrub is started, the caching is disabled and afterwards it's
re-enabled. That way we shouldn't have lots of trash on the caching
device.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
| |
I had this in my local configuration.nix since a while and while it
might be annoying when this runs every month, I think it's better to do
it regularily rather than having a dying disk go unnoticed.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
| |
Since quite a while, NixOS re-uses the passphrases from earlier devices,
so there is no need anymore for such a device in order to unlock
multiple containers with the same passphrase.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
| |
The "luksClose" subcommand for cryptsetup has been deprecated for a
while, so let's move over to "close".
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since I got a new SSD for the machine (thanks @cvdnext), I also had the
opportunity to re-create my LUKS containers to LUKS2 with Argon2 key
derivation alongside creating bcache backing devices.
The change in order to support bcache is just a matter of adding
"bcache" to availableKernelModules and we're done.
However, as the storage configuration is not a very common one, I
decided to add a test specific to that to make sure future NixOS updates
won't prevent the machine from booting.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The internal SSD of the machine just died, so I reconstructed the Nix
store on the spinning rust from the machine configuration and we're now
left without the SSD.
Maybe it makes sense to still use the SSD with bcache, depending on how
failure-resilient it is, but for now, let's just remove it so we at
least have a working system.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
| |
The upstream version 0.6.4 was released 2 months ago and it recently hit
nixpkgs[1], so we can finally drop the override as the new version now
contains the fix[2] for the problem that affected me.
[1]: https://github.com/NixOS/nixpkgs/commit/5e2590ba6fd352bc65b4cd7fd82
[2]: https://github.com/gpodder/podcastparser/pull/17
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
| |
User is likely to switch, so let's add Firefox alongside to Chromium and
eventually remove Chromium at some day.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @dwenola
|
|
|
|
|
| |
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @dwenola
|
|
|
|
|
|
|
|
| |
Those are useful for HBCI/FinTS support and scraping other banking
websites. KGPG is for encrypting the ledger.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @brokkoliberta
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit d813e5de7f84ad57d25b5c0ec95c2098204e976b.
Turns out that the machine's owner has found an alternative font already
installed on the system, so we don't need proprietary fonts, yay!
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @brokkoliberta
|
|
|
|
|
|
|
|
|
|
| |
I thought about whether this would be a good idea to generally add this
to the managed profile, but didn't do so because we don't want to
encourage users to use proprietary fonts if possible. If requested we
can still add it on a by-machine basis.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @brokkoliberta
|
|
|
|
|
|
|
| |
This has been on the machine for a while and it's now in nixpkgs master.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @brokkoliberta
|
|
|
|
|
|
|
|
|
|
| |
This has been in the configuration.nix for a while and it seems to be
working. It might be a good idea to add it to the managed profile, but
we first have to test whether this really works for other machines than
tyree.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @brokkoliberta
|
|
|
|
|
|
|
|
|
| |
The machine doesn't have a lot of MMC space, so putting a whole lot of
logs which we probably won't need for such a long time isn't a good
idea.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @brokkoliberta
|
|
|
|
|
|
|
|
|
| |
The new installation of this Laptop uses encryption and so far these
options have been residing in the local configuration.nix, so let's get
it over to Vuizvui.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @brokkoliberta
|
|
|
|
|
|
|
|
| |
The machine's user already has switched to Firefox since quite a while,
so let's actually add it to systemPackages.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @brokkoliberta
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The monitor reports back EDID via DVI but the HDMI->DVI adapter seems to
not handle that correctly. Also the monitor has weird resolutions, so
using the fallback modes provided by the kernel also doesn't seem to
work and the monitor stays blank.
While hardcoding the EDID information isn't a very good idea for this
machine in general (because it might be connected to a different
monitor), for now this is the easiest workaround because I don't have
access to that machine.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
| |
Similar to 8562389f5e13e42329fc26ca53e9cf54ac0e541e but now for dnyarri.
I grew a bit tired recently to fix up kernels, so let's actually run the
latest release version instead.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
| |
Not sure why I added them in the first place, but it was probably
because they were listed in the hardware config generated by
nixos-generate-config.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
| |
These were needed a few months ago but they're now automatically added
if boot.initrd.luks.devices is non-empty.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
| |
I'm a bit tired of constantly running into regression from release
canidate kernels, so let's switch to released kernels for now.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
| |
We no longer write directly to the physical block device, so let's not
try to TRIM a mapper device.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
| |
I had to recover tishtushi while on the road because I have used zstd
compression, which GRUB doesn't support.
So instead of just adding a boot partition I decided to actually do
what I long wanted to do, which is to actually encrypt the disks, so the
new partitioning reflects that.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
| |
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
| |
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
| |
The new machine (shakti) is going to use Firefox, so let's make sure
this is machine-specific.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
| |
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
| |
At least for now until the owner gets rid of it.
Signed-off-by: aszlig <aszlig@nix.build>
|