From e271872cae1881ea67d6b06c80b20f5f14cbe42c Mon Sep 17 00:00:00 2001 From: Aner Zakobar Date: Sat, 30 May 2026 13:22:18 +0300 Subject: [PATCH] Qutebrowser fix, attic setup, beacon usb live setup --- _machines/beacon.nix | 14 ++++ azos-core | 2 +- features/attic/default.nix | 33 ++++++++ features/qutebrowser/config.py | 2 +- flake.lock | 24 +++--- flake.nix | 3 + nixos/configuration-beacon.nix | 145 +++++++++++++++++++++++++++++++++ nixos/configuration.nix | 2 + shells/defaultShell.nix | 3 + 9 files changed, 214 insertions(+), 14 deletions(-) create mode 100644 _machines/beacon.nix create mode 100644 features/attic/default.nix create mode 100644 nixos/configuration-beacon.nix diff --git a/_machines/beacon.nix b/_machines/beacon.nix new file mode 100644 index 0000000..bc7bfe9 --- /dev/null +++ b/_machines/beacon.nix @@ -0,0 +1,14 @@ +{ + config, + inputs, + ... +}: { + config.flake.nixosConfigurations.beacon = inputs.nixpkgs.lib.nixosSystem { + specialArgs = { + inherit inputs; + outputs = config.flake; + suiteModules = config.flake.modules; + }; + modules = [../nixos/configuration-beacon.nix]; + }; +} diff --git a/azos-core b/azos-core index 897007c..e62f366 160000 --- a/azos-core +++ b/azos-core @@ -1 +1 @@ -Subproject commit 897007c89f2538ae816628055b1f5d1c72cc91c4 +Subproject commit e62f366f560fd8e051ac5827a236052af5ea9bfc diff --git a/features/attic/default.nix b/features/attic/default.nix new file mode 100644 index 0000000..808794a --- /dev/null +++ b/features/attic/default.nix @@ -0,0 +1,33 @@ +{...}: { + config.flake.modules.nixos.attic = { + lib, + config, + pkgs, + ... + }: { + options.azos.attic.enable = lib.mkOption { + default = false; + example = true; + type = lib.types.bool; + }; + + config = lib.mkIf config.azos.attic.enable { + environment.systemPackages = [pkgs.attic-client]; + + nix.settings = { + extra-substituters = ["https://attic.zakobar.com/main"]; + extra-trusted-public-keys = ["main:9SZt/6plBU7jjQzz90J7O011I13hmJvOMYouxNqExNQ="]; + netrc-file = "/etc/nix/attic-netrc"; + }; + + environment.etc."nix/attic-netrc" = { + mode = "0600"; + text = '' + machine attic.zakobar.com + login token + password eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjIwOTU3MDk0NDEsIm5iZiI6MTc4MDEzMzQ0MSwic3ViIjoibml4b3MtY2xpZW50IiwiaHR0cHM6Ly9qd3QuYXR0aWMucnMvdjEiOnsiY2FjaGVzIjp7IioiOnsiciI6MX19fX0.lqT_m2otoJQtA_AeJu62NT87u8cMWxgN-JhqtEtZ88s + ''; + }; + }; + }; +} diff --git a/features/qutebrowser/config.py b/features/qutebrowser/config.py index d543cc2..0f10d3b 100644 --- a/features/qutebrowser/config.py +++ b/features/qutebrowser/config.py @@ -43,7 +43,7 @@ c.downloads.location.prompt = False c.editor.command = ['emacsclient', '-e', '(find-file "{}")'] monospace = "10pt 'DejaVu Sans Mono'" -c.fonts.completion.category = f"bold{monospace}" +c.fonts.completion.category = f"bold {monospace}" c.fonts.completion.entry = monospace c.fonts.debug_console = monospace c.fonts.downloads = monospace diff --git a/flake.lock b/flake.lock index ebf178f..c875fee 100644 --- a/flake.lock +++ b/flake.lock @@ -139,11 +139,11 @@ ] }, "locked": { - "lastModified": 1779627636, - "narHash": "sha256-J6JGf42zNzLo/CrRdKb5dNznpLI+eGxN/5KTLG1Mo5s=", + "lastModified": 1779969295, + "narHash": "sha256-HwIJ3tOcwSMiV75L7KqJXciXR9UfT+d7rwOZMX7cTnA=", "owner": "nix-community", "repo": "home-manager", - "rev": "044c30c19550c0557997dece4ce9e54d2fa77ba1", + "rev": "61e2c9659324181e0f0ed911958c536333b1d4f6", "type": "github" }, "original": { @@ -203,11 +203,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1779258371, - "narHash": "sha256-j1iZsLy6oFApqR1oiDmHhvkwxXqcNi0aoSJj643LuwU=", + "lastModified": 1779826373, + "narHash": "sha256-3sRzgLX86qV5NlhWUAufLmHwkyP03tmL3VdZIM13dEo=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "c97bc4d15bd3473dd095e8e8ba57330ab1943a77", + "rev": "ef4efb84766a166c906bd55759574676bf91267c", "type": "github" }, "original": { @@ -263,11 +263,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1779508470, - "narHash": "sha256-Ap9KJX+5xHIn3bPIpfNgT6MEXdAECECwo4/rmlQD74M=", + "lastModified": 1779560665, + "narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=", "owner": "nixos", "repo": "nixpkgs", - "rev": "29916453413845e54a65b8a1cf996842300cd299", + "rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786", "type": "github" }, "original": { @@ -311,11 +311,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1779536132, - "narHash": "sha256-q+fF42iv/geEbHfgSzy3tS0FF/EyD6XTZ98E6yxiBO8=", + "lastModified": 1779877693, + "narHash": "sha256-NOF9NAREhxr50bbBfVcVOq+ArCMSoe8dP79Pk2uyARk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3d8f0f3f72a6cd4d93d0ad13203f2ea1cb7e1456", + "rev": "4100e830e085863741bc69b156ec4ccd53ab5be0", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 630c999..cf41c66 100755 --- a/flake.nix +++ b/flake.nix @@ -2,6 +2,8 @@ description = "Aner's NIX config for his systems!"; inputs = { + self.submodules = true; + nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; @@ -31,6 +33,7 @@ (inputs.import-tree ./features) ./_machines/lauretta.nix ./_machines/vm.nix + ./_machines/beacon.nix ]; systems = [ diff --git a/nixos/configuration-beacon.nix b/nixos/configuration-beacon.nix new file mode 100644 index 0000000..95ed3ba --- /dev/null +++ b/nixos/configuration-beacon.nix @@ -0,0 +1,145 @@ +{ + lib, + config, + pkgs, + modulesPath, + suiteModules, + ... +}: { + imports = [ + "${modulesPath}/installer/cd-dvd/installation-cd-minimal.nix" + suiteModules.nixos.attic + ]; + + nixpkgs.hostPlatform = "x86_64-linux"; + nixpkgs.config.allowUnfree = true; + nixpkgs.config.cudaSupport = true; + + nix.settings = { + experimental-features = "nix-command flakes"; + auto-optimise-store = true; + substituters = [ + "https://cache.nixos.org" + "https://cuda-maintainers.cachix.org" + ]; + trusted-public-keys = [ + "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" + "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E=" + ]; + }; + + networking.hostName = "beacon"; + time.timeZone = "Asia/Jerusalem"; + + # NetworkManager is enabled by installation-cd-minimal; configure WiFi + static IP + # via a keyfile so it activates automatically on boot. + networking.useDHCP = false; + environment.etc."NetworkManager/system-connections/Zakobar.nmconnection" = { + mode = "0600"; + text = '' + [connection] + id=Zakobar + type=wifi + autoconnect=true + + [wifi] + mode=infrastructure + ssid=Zakobar + + [wifi-security] + auth-alg=open + key-mgmt=wpa-psk + psk=0502711157 + + [ipv4] + method=manual + address1=192.168.1.200/24,192.168.1.1 + dns=8.8.8.8;1.1.1.1; + ignore-auto-dns=true + + [ipv6] + method=disabled + ''; + }; + + # Storage drive (ext4, label "storage") provides persistent nix store and data dir. + # Prerequisites — run once on the storage drive before first boot: + # mkfs.ext4 -L storage /dev/sdX + # mount /dev/sdX /mnt/storage + # mkdir -p /mnt/storage/nix-rw/store /mnt/storage/nix-rw/work /mnt/storage/data + # umount /mnt/storage + # The drive is required to boot; boot halts if it is not plugged in. + fileSystems."/mnt/storage" = { + device = "/dev/disk/by-label/storage"; + fsType = "ext4"; + neededForBoot = true; + options = ["noatime"]; + }; + + # Redirect the live CD's tmpfs rw-store to the storage drive so nix store + # writes survive across boots and don't consume RAM. + fileSystems."/nix/.rw-store" = lib.mkForce { + device = "/mnt/storage/nix-rw"; + fsType = "none"; + options = ["bind"]; + depends = ["/mnt/storage"]; + neededForBoot = true; + }; + + fileSystems."/data" = { + device = "/mnt/storage/data"; + fsType = "none"; + options = ["bind"]; + depends = ["/mnt/storage"]; + }; + + swapDevices = [ + { + device = "/mnt/storage/swapfile"; + size = 16384; + } + ]; + + # Ensure ext4 is available in initrd for the storage drive + boot.initrd.kernelModules = ["ext4"]; + + # NVIDIA RTX 4050 — Ada Lovelace supports open kernel modules + services.xserver.videoDrivers = ["nvidia"]; + hardware.nvidia = { + open = true; + modesetting.enable = true; + package = config.boot.kernelPackages.nvidiaPackages.stable; + }; + hardware.graphics.enable = true; + + services.getty.autologinUser = lib.mkForce "aner"; + + services.openssh = { + enable = true; + settings = { + PermitRootLogin = "no"; + PasswordAuthentication = false; + }; + }; + + users.users.aner = { + isNormalUser = true; + extraGroups = ["wheel" "video"]; + openssh.authorizedKeys.keys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDfzDDO5juINctECmWlsYtGghEiX/RnTJ1cazLvOWSrPfsTyEd+B1+Ig8kFefNryjkpApfRXqj5KtLPNlpLfdVBrOIfhIveEp2MGqhgOGZFNVxQyXnZgii8Zdh4cqZ2O3pZpMsaAQBaJ9nH6dK0dJjicWT5f6TqwrVcInywRc5SuyizoSxoFmg7ch2rnlVi0j5XMVqdh8XLzHXZ7yWCzXy7+hWl/d7pwpyuzoK8dBw2EU9TauhgRDruom5Q9vWJTLStALC9pAIb0v9UFj9y+1zwx7pXsXp5F1g73EYrE4QR+QQ6z2LebuK280W0t+VA/fSCEB13DnkmofgqZQxX5MSCmrxZ5lTFp1FjW6yJo7As9FheF/GECowYkMRIx4IiQsjjHjZqlLRpLas11yAp6tGoZnw59hFo6Lu0Kva39jGVVmioYHtAeE5rD5w+v5kseJR4jlQ8aKB5yOjYUQOIz2AHQyoidgaeR2jPWqZUeRQbACI+/p3CHO45r3hrjATtGloBg0xF95Qws7Be3mjHVhbBLOoob8MdZ8nYAGnhlWrZphlkvXsHC6OUkuDJW00tmMjWXRlFwhFJ+nqUQCgLVjxVHQJ5rq9GeXBUuNXAeCm5BKBsdq+9qqVlt7D9iGyfr0lcZ7peKz/96KwPCWpG2En1Ur0/cVcbWnXEfG/xWO10tQ== openpgp:0xFA67FAB0" + ]; + }; + + environment.systemPackages = with pkgs; [ + git + rsync + tmux + vim + cudaPackages.cudatoolkit + python3 + ]; + + azos.attic.enable = true; + + system.stateVersion = "25.11"; +} diff --git a/nixos/configuration.nix b/nixos/configuration.nix index 5ec7bad..345a5ff 100644 --- a/nixos/configuration.nix +++ b/nixos/configuration.nix @@ -19,6 +19,7 @@ suiteModules.nixos.steam suiteModules.nixos.virtualization suiteModules.nixos.binfmt + suiteModules.nixos.attic ]; boot.loader.systemd-boot.enable = true; @@ -80,6 +81,7 @@ }; azos.suites.exwm.enable = true; + azos.attic.enable = true; home-manager = { extraSpecialArgs = {inherit inputs outputs suiteModules pkgs;}; diff --git a/shells/defaultShell.nix b/shells/defaultShell.nix index d4ed711..d4cfc5a 100644 --- a/shells/defaultShell.nix +++ b/shells/defaultShell.nix @@ -11,5 +11,8 @@ pkgs.mkShell { (pkgs.writeShellScriptBin "azos-update" "nix flake update --flake '.?submodules=1'") + (pkgs.writeShellScriptBin + "azos-beacon-build-image" + "nix build '.?submodules=1#nixosConfigurations.beacon.config.system.build.isoImage'") ]; }