| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
This actually consists of several modules which are of poor code
quality, none of them however are essential for the TUXEDO Pulse 15
because its keyboard backlight is single color so let's drop them since
they just taint the kernel for no reason.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After resume from suspend the NVMe does not wake up again when the
device was put into D3cold. This is something that is worked around by
TUXEDO Tomte[1] via udev rules. However, I personally don't like this
approach and it can lead to race conditions when we're going into
suspend before udev is initialised.
Interestingly, the device does even go into NPSS via APST, but if
changing to D3cold while APST is enabled, the device does not wake up
again.
Right now I just added a new quirk to disable D3cold during device
probe for now, but we could maybe find a better workaround eg. by
disabling APST before D3cold and re-enabling it again. Not sure whether
this is feasible, but since I have limited time right now I can't dig
more into this.
[1]: https://github.com/tuxedocomputers/tuxedo-tomte/commit/2c8d71170868a2663705fbea6ac150eecb96e6ce
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Most of the options in nix.conf are now exposed as a submodule with a
freeform type and since that change[1] got introduced, we get a bunch of
warnings during machine evaluation:
trace: warning: The option `nix.useSandbox' defined in `...' has been renamed to `nix.settings.sandbox'.
trace: warning: The option `nix.maxJobs' defined in `...' has been renamed to `nix.settings.max-jobs'.
trace: warning: The option `nix.buildCores' defined in `...' has been renamed to `nix.settings.cores'.
To shut them up, I went through all machines and modules and renamed the
remaining options that were not renamed back then when @devhell did some
renames in a0297bf921399c3243dcca99626d8697f0735abe.
This was done by looking through the output of:
$ git grep -A 10 '\<nix\(\.\| *=\)' machines modules
After that I tested the contents of the nix.conf of all the machines
against the changes this commit introduced via the following command:
$ nix-build --no-out-link -E '
with import <nixpkgs/lib>;
map (m: m.eval.config.environment.etc."nix/nix.conf".source)
(collect (m: m ? eval) (import ./machines))
'
I've sorted the resulting nix.conf files and diffed on that result and
the only difference that showed up was the following:
allowed-users = *
-auto-optimise-store = false
auto-optimise-store = true
builders-use-substitutes = true
cores = 0
This is because the previous way to generate the config was by
concatenating strings whereas the new way works on an attribute set, so
we get deduplication by design.
[1]: https://github.com/NixOS/nixpkgs/pull/139075
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @devhell
Cc: @Profpatsch
Cc: @sternenseemann
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I already killed that machine on 2022-08-04:
tishtushi[~]0> cryptsetup erase /dev/sda2
WARNING!
========
This operation will erase all keyslots on device /dev/sda2.
Device will become unusable after this operation.
Are you sure? (Type 'yes' in capital letters): YES
tishtushi[~]0> cryptsetup erase /dev/sda3
WARNING!
========
This operation will erase all keyslots on device /dev/sda3.
Device will become unusable after this operation.
Are you sure? (Type 'yes' in capital letters): YES
Since some of the hardware was already broken (touchpad, keyboard, HDD,
SSD and webcam), I hardly doubt that I'll use it again so it makes sense
to remove the config here.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
| |
The machine no longer exists, so it doesn't make sense to continuously
build it on Hydra.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
| |
The amdgpu module is initialised at roughly the same time as the X
server, which sometimes leads into race conditions where X won't start
because the kernel driver is not yet loaded.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
| |
This is a custom kernel module for TUXEDO laptops, which allows to
control the backlight. I haven't played around with its settings yet,
but having the module available helps with that.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
| |
This is needed for the GPU and the WiFi adapter.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
| |
I'm used to a TypeMatrix keyboard, where caps lock is only a small key
on the side instead of being prominently placed atop switch.
Slylandro's internal keyboard however has that pesky caps lock key
directly atop the left shift key and I'm constantly triggering it by
accident.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
| |
This makes the screen readable again, but might get us into trouble when
switching to an external display. Again, similar to enabling bonding in
the previous commit, let's find out :-)
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
| |
This is mainly because I want to have a seamless transition between
both, at least in theory. Whether this will work out to be so smooth
when trying it on various networks out there remains to be seen, but
let's try it :-)
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I've already got a temporary laptop back then where I used the same name
and I introduced it in e73fcff03faed773df2500965cb9c4a4fcfbc04d and
subsequently removed it in 240378dcec205b78b32c329ff02eb9bea8af2c11.
With the new permanent hardware having arrived today, I decided to reuse
the name, because it sounds nicer than "tishtushi" (which is my crappy
laptop) and I also like the Slylandro Probes[1] a lot in Star Control.
The configuration here is pretty much bare-bones as we had before with
the temporary hardware and it's essentially a remix between dnyarri and
the old config, more to refine later...
[1]: https://wiki.uqm.stack.nl/Probe
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I created the BTRFS module with a few different options than I did
initially, one of them is that I changed the checksum algorithm to
XXHASH.
Unfortunately, the xxhash_generic module providing the algorithm is not
available during stage 1, so mounting the volume would fail.
In the local configuration.nix I already added it to
availableKernelModules, but when I moved the config over to Vuizvui in
e04c7e04f2fe63cece7a2f2064212bc055cdd035, I forgot to add it.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, the machine had an internal SSD with a size of around 20 GB,
which until it died in 2018[1] was used as the /nix/store.
With dnyarri getting a hardware upgrade[2], the SSD that was used back
then as a bcache became obsolete.
Given that the spinning rust inside Tishtushi is slow as hell and also
way smaller (320 GB) than the former bcache SSD (512 GB), I decided to
just replace the spinning rust with the SSD, which should at least make
I/O operations bearable while falling asleep on CPU-bound operations.
Since the NixOS LUKS setup now also propagates passphrases to other
devices, we also no longer need the vault device because the reason it
existed was to avoid being prompted multiple times for the passphrase.
[1]: 54c99271f7570c32a4215a097e577272cd4210b2
[2]: be0fb40a12b5a9301509ad45fda1eda11971fa8e
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Another thing that was lurking around in configuration.nix, so it has
been battle-tested for weeks. Given that all the layers from the
hardware up to the LUKS container with the filesystem support discard,
it does make sense to enable it.
The disadvantage of using discard with LUKS is that attackers can now
gain information about the file system in use. However, this is already
public knowledge so given that discard increases performance, I decided
to enable it despite some warnings[1] out there.
[1]: https://asalor.blogspot.com/2011/08/trim-dm-crypt-problems.html
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
| |
Another thing that was hanging around in configuration.nix and with my
new hardware it actually became useful since it does have capsule
updates.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is one of the few things that I originally added manually, simply
because usually printing is not something I do regurarily.
Since I had to re-do the CUPS config a few weeks ago, I decided to
instead switch to ensurePrinters, simply because it makes it easier to
just remove all the CUPS state and get to a known working configuration
in the event that something breaks.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
| |
The user shouldn't have direct access to the /dev/snd/* but go through
things such as pulseaudio or pipewire. I added the user to that group
back then as a workaround to quickly get something[TM] working, but
nowadays it's not needed anymore.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
| |
I no longer have a scanner that requires to have hplip and/or any of the
proprietary parts of it, so let's keep it out of the machine
configuration.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
| |
Workspace one is usually my "communications workspace" and since I've
been using Psi as my go-to XMPP client, it's a good idea to add it to
that workspace, even though I usually start it on that workspace anyway.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I already had this in my configuration.nix for quite some time and it's
part of my overly complicated[TM] audio setup where I combine multiple
speaker systems into one using two sound cards.
Since the mapping depends on the individual channels, it's very much
important to address the right sound card. So while I'm re-doing my
whole audio setup, I decided to get at least the udev part out of my
very messy configuration as a first start.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As mentioned in the initial commit (e73fcff03faed773df2500965cb9c4a4fc),
the machine was only temporary as a substitute for tishtushi.
Since slylandro had a pretty slow dual core CPU and its own quirks, this
was never a long-term solution and for the time being my intentions are
to work with dnyarri's new hardware until I have a less annoying setup
when I'm on the road again.
While writing this message, slylandro just died a gruesome death with
"cryptsetup erase", followed by "blkdiscard" on the whole drive.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The first (small) part of this already started in commit
dc2ef245d76f900f174e87961a3d17e6aecbd6e2, where I switched from Intel
CPU microcode to AMD.
However, at that time the hardware was still on its way, so the actual
move didn't happen yet.
On June 4th 2021 at 17:22:41 CEST, I started to migrate to the new
machine by using my old spinning rust configuration and btrfs balanced
to NVMe-only.
This means that we now no longer need to use bcache, which was a 512 GB
SATA SSD, nor do we use a RAID10 configuration in btrfs. Instead, I've
switched to NVMe with RAID1 exclusively, so this removes BFQ, power
management workarounds and two devices.
Since my old graphics card didn't work with UEFI GOP, I also had to
switch to a newer one (which I wanted to avoid, but whatever...), so
instead of DVI and HDMI we're now exclusively on DisplayPort.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
| |
After all the goal was to move all hardware specific stuff to the actual
machine definition, which includes the boot loader.
Since GRUB is enabled by default but with a higher priority value, we
now no longer need to mkForce-disable the option for machines using
systemd-boot.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
| |
The new hardware for dnyarri no longer contains an Intel CPU, so apart
from switching the microcode updates to AMD I also removed the setting
from the base profile because it clearly doesn't belong there.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since Tishtushi had a SSD failure and thus became a majoor nuisance to
work with, I got a temporary laptop from someone (since I don't know
whether they want to be mentioned, I leave out their name for now) in
order to be able to be more productive than waiting for several seconds
for a 1 KiB text file to be saved.
Right now, I'm not sure whether any firmware is needed for the temporary
laptop, so this is a hardware configuration just to get started with a
proper Hydra channel.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Injecting pre/post start scripts into services called
"btrfs-scrub-.service.service" isn't going to do a whole lot if the
actual service name is called "btrfs-scrub-.service".
During the last scrub I was wondering why caching got slow afterwards
and found out that the caching devices were filled with lots of
irrelevant data from the scrub. This led me to inspect what went wrong
and when checking the properties of the scrub service unit, I found out
that it never worked in the first place for the reason meantioned in the
first paragraph.
Actually using the right unit name helps a lot here, so onwards to the
next scrub in February :-)
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I already have this running in writethrough for long enough so that I'm
pretty confident that a disaster like last time[1] should not happen
anytime soon so that hereby I'm making this permanent in the machine
configuration.
The reason why I set this to writearound initially instead of
writethrough, was that I just wanted to go with the most conservative
option first.
Of course, during scrub, we still disable all caching, so we should not
generate too much wear on the SSD.
[1]: 15008e69542774c441e388ad4c2e28a2d27f9ba0
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This was one of the places where types.loaOf was still in place and it
got removed a while[1] ago and this in turn causes evaluation to fail
for quite a few machines:
The option value `boot.initrd.luks.devices' in `...' is not of type
`attribute set of submodules'.
I've not only changed all the machines to use attribute sets but also
fixed the check in core/tests.nix, because comparing against a list when
the actual type is an attribute set will result in all the LUKS tests to
be part of *all* channels, no matter whether you're actually using LUKS.
[1]: https://github.com/NixOS/nixpkgs/commit/20d491a317d9956ddca80913f07
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @Profpatsch
Cc: @sternenseemann
|
|
|
|
|
|
|
|
| |
I've had this laying around in my configuration.nix since quite a while,
but today is one of those days where I can't stand all the cruft piling
up there anymore and decided to add it here.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I'm using gPodder to follow a bunch of YouTube channels and the internal
extractor/downloader tends to be pretty unreliable.
On the other hand, youtube-dl is regularily updated and supports a ton
of different formats.
To make sure we can actually use the extension, gPodder needs to have
access to the youtube_dl Python module, so we need to add it to the
propagatedBuildInputs.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
| |
One (or maybe more?) dependency of weboob requires Python 3 and hence
using weboob from python2Packages isn't going to evaluate and instead
result in this error:
error: google-api-core-1.16.0 not supported for interpreter python2.7
Using weboob from python3Packages fixes the eval error.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The use of types.loaOf has been deprecated since quite a while and
lately[1] there is also an appropriate warning in place if an option
definition relies on types.loaOf to coerce the list to an attrset.
In vuizvui we didn't rely on types.loaOf, but it turned out that dnyarri
still relied on it in boot.initrd.luks.devices.
Since we already use attrsets for defining the LUKS devices, it's rather
easy to fix and we just need to return a nameValuePair in mkDevice.
[1]: https://github.com/NixOS/nixpkgs/commit/03309899eb41e50ef65001f63d6a4f078e3d4556
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
| |
`runCommandLocal` was added to nixpkgs in
https://github.com/NixOS/nixpkgs/pull/74642
to speed up trivial `runCommand` derivations by always building them
locally. We have a few places where that’s good to use.
|
|
|
|
|
|
|
|
|
| |
Unfortunately, this is a work requirement for the user in question, so
while I'd (personally) prefer to pretty much stay on free software, the
circumstances prevent this :-/
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @dwenola
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The usage of DHCP is no longer global since a while[1] and we now have
to explicitly enable it for the interfaces in question.
This actually is a good thing and makes it far less problematic if we
use tunnel interfaces and other more complicated networking
configuration.
I added the definitions for all machines where I actually know which
interfaces are in use and disabled useNetworkd for shakti, because I
don't know the interface names for that machine and the machine
currently isn't in use anyway, so we can add it later if needed.
[1]: https://github.com/NixOS/nixpkgs/pull/69302
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
| |
https://github.com/NixOS/nixpkgs/pull/58399 has been merged a few hours
ago, so we no longer need to use our manual override.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since NixOS/nixpkgs@466f5e534688049be2ed6e75ae5659633016b45e, libinput
is enabled by default for Plasma 5, so we no longer need to explicitly
enable it anymore.
Furthermore, there was brawndo as the only machine still using
Synaptics and it's about time it's using libinput as well, so I
subsequently removed synaptics there.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since NixOS/nixpkgs@c814d72b517bb201c8bbbfc64e386c7023352886, a lot of
packages now no longer have a name attribute but instead use pname, so
when checking the package name within allowUnfreePredicate we need to
make sure that we fall back to a default if the name attribute is not
present.
This fixes evaluation of the machine, however I didn't check if it
actually builds.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I don't recall the exact model which was used for that machine, but it
was definitely one that required version 5.70.
Now I made a pull request for nixpkgs a while ago[1], which hasn't been
merged and as I didn't have the chance to test it by myself I didn't
merge that pull request yet.
Since the user asked about that printer driver again, I decided to give
version 5.70 a shot in vuizvui only and merge it upstream, once the user
reports that the driver is working.
[1]: https://github.com/NixOS/nixpkgs/pull/58399
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
| |
This machine was used for controlling the LED lighting bars at
Rockfabrik. I no longer work there and the machine has subsequently been
replaced by something else, so I don't need kzerza anymore.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I did have a major outage this week, because I was using bcache with
writeback mode on a RAID10 backing storage. Fortunately, I was able to
recover 99.9% of the data (only the most recent stuff wasn't
recoverable), but I certainly don't want this to happen again in the
future.
While I did use bcache with hibernate and writeback, the interesting
part is that the caching device went bonkers after a "normal" shutdown
rather than a suspend/hibernate, with "normal" being "with a bunch of
kernel warnings about zswap". Also, this happened around a btrfs scrub,
so the inconsistency was all over the place.
So first of all, I'm now going with writaround mode rather than
writeback mode for the time being. Although it's slower than writeback,
the chances that I need to do such a recovery again is close to 0% with
writethrough and writearound because all writes are synchronous.
Second, this very change makes sure that whenever the machine goes to
sleep or a scrub is started, the caching is disabled and afterwards it's
re-enabled. That way we shouldn't have lots of trash on the caching
device.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
| |
I had this in my local configuration.nix since a while and while it
might be annoying when this runs every month, I think it's better to do
it regularily rather than having a dying disk go unnoticed.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
| |
Since quite a while, NixOS re-uses the passphrases from earlier devices,
so there is no need anymore for such a device in order to unlock
multiple containers with the same passphrase.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
| |
The "luksClose" subcommand for cryptsetup has been deprecated for a
while, so let's move over to "close".
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since I got a new SSD for the machine (thanks @cvdnext), I also had the
opportunity to re-create my LUKS containers to LUKS2 with Argon2 key
derivation alongside creating bcache backing devices.
The change in order to support bcache is just a matter of adding
"bcache" to availableKernelModules and we're done.
However, as the storage configuration is not a very common one, I
decided to add a test specific to that to make sure future NixOS updates
won't prevent the machine from booting.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The internal SSD of the machine just died, so I reconstructed the Nix
store on the spinning rust from the machine configuration and we're now
left without the SSD.
Maybe it makes sense to still use the SSD with bcache, depending on how
failure-resilient it is, but for now, let's just remove it so we at
least have a working system.
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
|
|
|
| |
The upstream version 0.6.4 was released 2 months ago and it recently hit
nixpkgs[1], so we can finally drop the override as the new version now
contains the fix[2] for the problem that affected me.
[1]: https://github.com/NixOS/nixpkgs/commit/5e2590ba6fd352bc65b4cd7fd82
[2]: https://github.com/gpodder/podcastparser/pull/17
Signed-off-by: aszlig <aszlig@nix.build>
|
|
|
|
|
|
|
|
| |
User is likely to switch, so let's add Firefox alongside to Chromium and
eventually remove Chromium at some day.
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @dwenola
|
|
|
|
|
| |
Signed-off-by: aszlig <aszlig@nix.build>
Cc: @dwenola
|