Lumpiasty/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

merge into: Lumpiasty/nixos-config:main
Branches Tags
Lumpiasty/nixos-config:main Lumpiasty/nixos-config:nixbsd
..
pull from: Lumpiasty/nixos-config:nixbsd
Branches Tags
Lumpiasty/nixos-config:main Lumpiasty/nixos-config:nixbsd

1 Commits
main .. nixbsd

Author SHA1 Message Date
Lumpiasty 92330a6fe2 failed nixbsd experiment 2026-05-04 19:52:16 +02:00
24 changed files with 480 additions and 914 deletions
Expand all files Collapse all files
TODO.md
+90
View File
@@ -0,0 +1,90 @@
1. [*] Pozbyć się conditional importów
1. https://github.com/nix-community/plasma-manager
- [*] pasek zadań
- [*] zmienić na ikonowo-tekstowy
- [*] Ikonki na pasku zadań, które mają być ukryte, pokazane
- [*] ukryć spotify
- [*] pokazać baterię, wifi, jasność, dźwięk, muzyka
- reguły okien:
- minimalny rozmiar discord - lepiej zmienić ustawienie vesktopa
- [*] nie wyłączaj głądzika przy pisaniu
- [*] prędkość przewijania na gładziku
- domyślne programy - rozpisać jakie
- libreoffice writer dla .doc
- [*] wskaźnik myszy
- menedżer plików
- rozwinięty terminal
- ukryte pliki
- [*] tryb nocny włączyć
- zarządzanie zasilaniem
- wyłączyć usypianie na pc
- [*] rozpoczynanie posiedzenia pustym pulpitem, nie przywracanie poprzednich aplikacji
- nie włączaj automatycznie trybu nie przeszkadzać w pełnym ekranie
- default browser librewolf
2. https://github.com/gmodena/nix-flatpak
3. https://github.com/NixOS/nixos-hardware
- dla acera
5. [*] Przenieść programy desktop do home-manager
6. librewolf
- native messaging
- kde integration
- dodatki
- qr code
- libredirect
- privacy badger
- wayback machine
- zakładki? synchronizacja?
7. firewall?
8. zramswap writeback
9. Drukarka
10. [*] Usunąć system-wide users?
11. Deklaratywne dodawanie klucza yubikey do gpg?
12. Flatpaki deklaratwynie
13. Yubikey rozblokowywanie PAM, blokowanie ekranu?
14. home-manager moduły:
- vesktop - jakiś wrapper / paczka aby kopiował ustawienia przy starcie vesktopa bo głupie linki wywalają program bo readonly
- spotify
- język
- uruchamianie zminimalizowany
- zamknij aby zminimalizować do paska
- wyłączyć powiadomienia na pulpicie przy zmianie utworu
- easyeffects
- autostart
- presety
- ts3?
- qtpass
- używaj pass zamiast gpg native
- używaj git
- autokopiowanie
- minimalizowanie do paska stanu przy zamknięciu
- autostart zminimalizowany
- ukryte hasła
15. system76-scheduler + kde integracja
16. Rozpisać przywracanie danych, gdzie są najważniejsze dane
- przeglądarka
- gpg, jak doprowadzić do działania
- hasła
- discord
- spotify
- ts3
- prismlauncher
- kube
- docker
- networkmanager połączenia
17. Vscodium
- Auto Detect Color Scheme
- dodatki
18. nixpack sandboxing
19. Procedura instalacji systemu, od sklonowania repo
20. qtpass czasami crashuje https://github.com/IJHack/QtPass/issues/663
21. Moduł do signal
- minimalizowanie do zasobnika
22. Command not found
23. Undervolting acer, limit mocy (jeśli się da)
24. Spicetify
25. Theme, catpuccin?
26. https://redlib.nadeko.net/r/unixporn/comments/1l5ll27/hyprland_i_3_quickshell/
27. Donut browser, Camoufox
28. cups, sane w home-manager
29. earlyoom
30. Llama.cpp, expose via tailscale, allow from homelab's openwebui
flake.lock
Generated
+162 -136
View File
@@ -7,11 +7,11 @@
]
},
"locked": {
"lastModified": 1779728104,
"narHash": "sha256-Apxb4B9JWPyV1RUqXkaPRACwulRwHZmaZQ674Rr+Sn0=",
"lastModified": 1776998627,
"narHash": "sha256-n0ENc4Xi1d3ApoHTRsfssC6AAroFgIKXJzJFykxNanY=",
"owner": "Lumpiasty",
"repo": "acer-wmi-ext",
"rev": "5fc3299fef7ece6e0f646ba1ad1d3a22a788df2f",
"rev": "d0be381bbd661ed4bb327a9c92b980a0b9edacac",
"type": "github"
},
"original": {
@@ -21,29 +21,6 @@
"type": "github"
}
},
"bun2nix": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": [
"nixpkgs"
],
"systems": "systems",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1778446047,
"narHash": "sha256-oQvcadh2BCkrog+SGrG6YffKJrveYpjj3TdQJWaKhaM=",
"owner": "nix-community",
"repo": "bun2nix",
"rev": "f2bc12af1a6369648aac41041ceeaa0b866599c6",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "bun2nix",
"type": "github"
}
},
"cf": {
"locked": {
"lastModified": 1756852014,
@@ -67,11 +44,11 @@
]
},
"locked": {
"lastModified": 1780258891,
"narHash": "sha256-KURy7kHE9TZG2wrQX0xaKScWp3JqEx7cYxboCJO/KPU=",
"lastModified": 1776913134,
"narHash": "sha256-/9vfRJTDh9Y4Duo862rzDqBIN7cEFTsAffVZ/UvxVas=",
"owner": "sadjow",
"repo": "claude-code-nix",
"rev": "e65e7eca7efe776d0bf5f53e317d33b3ff973623",
"rev": "20e4b82d08d97bf45d78f32c31eb3509db1c2f2a",
"type": "github"
},
"original": {
@@ -81,6 +58,33 @@
"type": "github"
}
},
"cppnix": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-parts": "flake-parts",
"git-hooks-nix": "git-hooks-nix",
"nixpkgs": [
"nixbsd",
"nixpkgs"
],
"nixpkgs-23-11": "nixpkgs-23-11",
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
"lastModified": 1771531533,
"narHash": "sha256-E6uWPzQoMpzUb+2kcrxaYsfhUXjyIAoTpI6DPtbe1Y0=",
"owner": "rhelmot",
"repo": "nix",
"rev": "d623444c12428e69a3269d3b4b40200f2b4618fc",
"type": "github"
},
"original": {
"owner": "rhelmot",
"ref": "freebsd-safe",
"repo": "nix",
"type": "github"
}
},
"crane": {
"locked": {
"lastModified": 1765145449,
@@ -128,6 +132,36 @@
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"locked": {
"lastModified": 1733328505,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec",
"revCount": 69,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/edolstra/flake-compat/1.1.0/01948eb7-9cba-704f-bbf3-3fa956735b52/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/edolstra/flake-compat/1.tar.gz"
}
},
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1627913399,
@@ -146,16 +180,17 @@
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"bun2nix",
"nixbsd",
"cppnix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1777988971,
"narHash": "sha256-qIoWPDs+0/8JecyYgE3gpKQxW/4bLW/gp45vow9ioCQ=",
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "0678d8986be1661af6bb555f3489f2fdfc31f6ff",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github"
},
"original": {
@@ -166,7 +201,7 @@
},
"flake-utils": {
"inputs": {
"systems": "systems_2"
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
@@ -197,6 +232,41 @@
"type": "github"
}
},
"git-hooks-nix": {
"inputs": {
"flake-compat": [
"nixbsd",
"cppnix"
],
"gitignore": [
"nixbsd",
"cppnix"
],
"nixpkgs": [
"nixbsd",
"cppnix",
"nixpkgs"
],
"nixpkgs-stable": [
"nixbsd",
"cppnix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1734279981,
"narHash": "sha256-NdaCraHPp8iYMWzdXAt5Nv6sA3MUzlCiGiR586TCwo0=",
"owner": "cachix",
"repo": "git-hooks.nix",
"rev": "aa9f40c906904ebd83da78e7f328cd8aeaeae785",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "git-hooks.nix",
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
@@ -226,11 +296,11 @@
]
},
"locked": {
"lastModified": 1780099287,
"narHash": "sha256-efIPwVGtIWIjWcznhaop6XN6HxnOL8800hF6CBNvlqQ=",
"lastModified": 1776964438,
"narHash": "sha256-AF0cby9Xuijr5qaFpYKbm1mExV956Hk233bel6QxpFw=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "7d8127d308c3fb9664f7e643eec944be74ebb37d",
"rev": "e09259dd2e147d35ef889784b51e89b0a10ffe15",
"type": "github"
},
"original": {
@@ -264,19 +334,24 @@
"type": "github"
}
},
"linux-ntfs": {
"flake": false,
"mini-tmpfiles": {
"inputs": {
"nixpkgs": [
"nixbsd",
"nixpkgs"
]
},
"locked": {
"lastModified": 1779240458,
"narHash": "sha256-wAK9GX2au7bCw2pQB2cYJp1U9bOuS44bKKlLgBURD5c=",
"owner": "namjaejeon",
"repo": "linux-ntfs",
"rev": "5893a4b30e4a821348ab158f594f2c3c9409694e",
"lastModified": 1742754557,
"narHash": "sha256-nGxgiNhA94eSl8jcQwCboJ5Ed132z8yrFdOoT+rf8bE=",
"owner": "nixos-bsd",
"repo": "mini-tmpfiles",
"rev": "534ee577692c7092fdcd035f89bc29b663c6f9ca",
"type": "github"
},
"original": {
"owner": "namjaejeon",
"repo": "linux-ntfs",
"owner": "nixos-bsd",
"repo": "mini-tmpfiles",
"type": "github"
}
},
@@ -296,26 +371,6 @@
"type": "github"
}
},
"nix-skills": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1780319273,
"narHash": "sha256-U+H0zgXVtFMz1mwVTvn5ATOweYU9LpFsbwpUT3TT4SM=",
"owner": "sudosubin",
"repo": "nix-skills",
"rev": "97a2deb0d9194b9dbe9725b1b076f2ee854e3973",
"type": "github"
},
"original": {
"owner": "sudosubin",
"repo": "nix-skills",
"type": "github"
}
},
"nix-sweep": {
"inputs": {
"cf": "cf",
@@ -325,11 +380,11 @@
]
},
"locked": {
"lastModified": 1777567981,
"narHash": "sha256-8ZVUoerhitQdBRtQalX0US1Nmc4c9cRGDhBpfAPH51w=",
"lastModified": 1776294562,
"narHash": "sha256-3i0WOmrYlRoAyjPpdyV2jiuUQhL8+NkSBvcdDwHt+ds=",
"owner": "jzbor",
"repo": "nix-sweep",
"rev": "b3f71b38917ec9701a505ae3caa6907ccc6b5380",
"rev": "908c739dad8ab5c6ab737cf417efcbbec126987a",
"type": "github"
},
"original": {
@@ -339,18 +394,33 @@
"type": "github"
}
},
"nixos-hardware": {
"nixbsd": {
"inputs": {
"cppnix": "cppnix",
"flake-compat": "flake-compat_3",
"mini-tmpfiles": "mini-tmpfiles",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1780310866,
"narHash": "sha256-fPBRVf6A5xlACYcOI59shGrjURuvwu0lRsDoSCEXt/I=",
"lastModified": 1777600581,
"narHash": "sha256-DbKmDIFNLqR8xXnSepJPr29FngkiPDa8+vAErZRrQUA=",
"path": "/home/user/Projects/nixbsd",
"type": "path"
},
"original": {
"path": "/home/user/Projects/nixbsd",
"type": "path"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1776830795,
"narHash": "sha256-PAfvLwuHc1VOvsLcpk6+HDKgMEibvZjCNvbM1BJOA7o=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "4ed851c979641e28597a05086332d75cdc9e395f",
"rev": "72674a6b5599e844c045ae7449ba91f803d44ebc",
"type": "github"
},
"original": {
@@ -362,11 +432,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1779560665,
"narHash": "sha256-tpyBcxPpcQb8ukyNF7DoCwfSY3VPsxHoYwj00Cayv5o=",
"lastModified": 1776548001,
"narHash": "sha256-ZSK0NL4a1BwVbbTBoSnWgbJy9HeZFXLYQizjb2DPF24=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "64c08a7ca051951c8eae34e3e3cb1e202fe36786",
"rev": "b12141ef619e0a9c1c84dc8c684040326f27cdcc",
"type": "github"
},
"original": {
@@ -376,46 +446,41 @@
"type": "github"
}
},
"nixpkgs-linuxeol": {
"nixpkgs-23-11": {
"locked": {
"lastModified": 1776914381,
"narHash": "sha256-F4YjgKNs1kEIfTsinPDusep2Y+GDFK+3R2AujSZQ18M=",
"lastModified": 1717159533,
"narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "162f04bf3dd222187388bc990a8678170d594419",
"rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "162f04bf3dd222187388bc990a8678170d594419",
"rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446",
"type": "github"
}
},
"ntfsplus": {
"inputs": {
"linux-ntfs": "linux-ntfs",
"nixpkgs": [
"nixpkgs"
]
},
"nixpkgs-regression": {
"locked": {
"lastModified": 1774317576,
"narHash": "sha256-HSDFaDLvfS/NqJlXbHh9135DEpqH6JrNuWqbu3YPcTg=",
"owner": "cmspam",
"repo": "ntfsplus-flake",
"rev": "e22d1bcbac31b4e6484d32c503396e8184650215",
"lastModified": 1643052045,
"narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
},
"original": {
"owner": "cmspam",
"repo": "ntfsplus-flake",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
}
},
"peerix": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-compat": "flake-compat_4",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"nixpkgs"
@@ -484,17 +549,14 @@
"root": {
"inputs": {
"acer-wmi-ext": "acer-wmi-ext",
"bun2nix": "bun2nix",
"claude-code": "claude-code",
"home-manager": "home-manager",
"lanzaboote": "lanzaboote",
"nix-flatpak": "nix-flatpak",
"nix-skills": "nix-skills",
"nix-sweep": "nix-sweep",
"nixbsd": "nixbsd",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
"nixpkgs-linuxeol": "nixpkgs-linuxeol",
"ntfsplus": "ntfsplus",
"peerix": "peerix",
"plasma-manager": "plasma-manager"
}
@@ -534,42 +596,6 @@
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"bun2nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1775636079,
"narHash": "sha256-pc20NRoMdiar8oPQceQT47UUZMBTiMdUuWrYu2obUP0=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "790751ff7fd3801feeaf96d7dc416a8d581265ba",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
}
},
"root": "root",
flake.nix
+6 -16
View File
@@ -3,11 +3,7 @@
inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
nixpkgs-linuxeol.url = "github:NixOS/nixpkgs/162f04bf3dd222187388bc990a8678170d594419";
nixos-hardware = {
url = "github:NixOS/nixos-hardware/master";
inputs.nixpkgs.follows = "nixpkgs";
};
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
home-manager = {
url = "github:nix-community/home-manager/master";
inputs.nixpkgs.follows = "nixpkgs";
@@ -38,16 +34,8 @@
url = "github:Lumpiasty/acer-wmi-ext/main";
inputs.nixpkgs.follows = "nixpkgs";
};
ntfsplus = {
url = "github:cmspam/ntfsplus-flake";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-skills = {
url = "github:sudosubin/nix-skills";
inputs.nixpkgs.follows = "nixpkgs";
};
bun2nix = {
url = "github:nix-community/bun2nix";
nixbsd = {
url = "path:/home/user/Projects/nixbsd";
inputs.nixpkgs.follows = "nixpkgs";
};
};
@@ -57,11 +45,13 @@
nixosConfigurations =
let
mkNixosSystem = import lib/mkNixosSystem.nix inputs;
mkNixbsdSystem = import lib/mkNixbsdSystem.nix inputs;
in
with nixos-hardware.nixosModules; {
x260 = mkNixosSystem lenovo-thinkpad-x260 hosts/x260.nix;
acer = mkNixosSystem {} hosts/acer.nix;
gaming-pc = mkNixosSystem {} hosts/gaming-pc.nix;
bestieTest = mkNixbsdSystem hosts/bestieTest.nix;
};
};
}
}
home-modules/dev.nix
+23 -73
View File
@@ -13,56 +13,14 @@
};
};
# programs.vscode = {
# enable = true;
# profiles.default.extensions = [
# pkgs.vscode-extensions.github.copilot
# pkgs.vscode-extensions.github.copilot-chat
# pkgs.vscode-extensions.arrterian.nix-env-selector
# pkgs.vscode-extensions.jnoortheen.nix-ide
# ];
# # profiles.default.userSettings = {
# # "claudeCode.claudeProcessWrapper" = "${pkgs.claude-code}/bin/claude-code";
# # };
# argvSettings = {
# # https://github.com/microsoft/vscode/issues/262065#issue-3328712020
# disable-hardware-acceleration = osConfig.networking.hostName == "acer";
# # If not set, vscode errors out when starting with "argv.json incorrect"
# enable-crash-reporter = false;
# };
# };
programs.vscodium = {
programs.vscode = {
enable = true;
package = assert pkgs.vscodium.version == "1.116.02821"; (pkgs.vscodium.overrideAttrs rec {
version = "1.121.03429";
src = pkgs.fetchurl {
url = "https://github.com/VSCodium/vscodium/releases/download/${version}/VSCodium-linux-x64-${version}.tar.gz";
hash = "sha256-LJsGc11MH6zlcJNfSWjTWPn2Jp9dkjeBPQuCXH1woUM=";
};
});
profiles.default.extensions = with pkgs; [
vscode-extensions.mkhl.direnv
vscode-extensions.jnoortheen.nix-ide
vscode-extensions.hashicorp.hcl
profiles.default.extensions = [
pkgs.vscode-extensions.github.copilot
pkgs.vscode-extensions.github.copilot-chat
pkgs.vscode-extensions.arrterian.nix-env-selector
pkgs.vscode-extensions.jnoortheen.nix-ide
];
argvSettings = {
# https://github.com/microsoft/vscode/issues/262065#issue-3328712020
disable-hardware-acceleration = osConfig.networking.hostName == "acer";
# If not set, vscode errors out when starting with "argv.json incorrect"
enable-crash-reporter = false;
};
};
# Just a fixed-location executable that launches claude code
# so we can point vscode's extenstion at it, not the nix store path
# remove it once we configure vscode using nix
home.file.".config/claude-code-wrapper" = {
text = ''
#!${pkgs.stdenv.shell}
exec ${pkgs.claude-code}/bin/claude "$@"
'';
executable = true;
};
home.packages = with pkgs; [
@@ -88,7 +46,16 @@
nodejs_24
codex
claude-code
oh-my-pi
(
# Wrapping opencode to set the OPENCODE_ENABLE_EXA environment variable
runCommand "opencode" {
buildInputs = [ makeWrapper ];
} ''
mkdir -p $out/bin
makeWrapper ${pkgs.opencode}/bin/opencode $out/bin/opencode \
--set OPENCODE_ENABLE_EXA "1"
''
)
winbox4
amdgpu_top
dua
@@ -115,15 +82,15 @@
# `programs.ssh.matchBlocks."*"`.
enableDefaultConfig = false;
settings."*" = {
User = "root";
ControlMaster = "auto";
ControlPersist = "3600";
ControlPath = "/run/user/%i/ssh-socket-%r@%h:%p";
ServerAliveInterval = 20;
matchBlocks."*" = {
user = "root";
controlMaster = "auto";
controlPersist = "3600";
controlPath = "/run/user/%i/ssh-socket-%r@%h:%p";
serverAliveInterval = 20;
};
settings."github.com".User = "git";
matchBlocks."github.com".user = "git";
extraConfig = ''
Include config_local
@@ -147,22 +114,5 @@
fi
''
);
programs.opencode = {
enable = true;
package = (
# Wrapping opencode to set the OPENCODE_ENABLE_EXA environment variable
pkgs.runCommand "opencode" {
buildInputs = [ pkgs.makeWrapper ];
} ''
mkdir -p $out/bin
makeWrapper ${pkgs.opencode}/bin/opencode $out/bin/opencode \
--set OPENCODE_ENABLE_EXA "1"
''
);
skills = with pkgs.skills; {
caveman = majiayu000."claude-skill-registry".caveman + "/";
};
};
};
}
home-modules/pc.nix
+9 -7
View File
@@ -6,7 +6,6 @@
config = lib.mkIf (config.lumpiastyHome.enablePcApps && osConfig.lumpiasty.pc) {
home.packages = with pkgs; [
vesktop
# Manual update, not yet in nixpkgs as for now
spotify
pass-wayland
teamspeak6-client
@@ -14,7 +13,15 @@
libreoffice-qt6-fresh
vlc
inkscape
qtpass
(qtpass.overrideAttrs (old: rec {
version = "1.7.0";
src = pkgs.fetchFromGitHub {
owner = "IJHack";
repo = "QtPass";
tag = "v${version}";
hash = "sha256-0qbKM24v7xRiuBEs+rHP2l1W8bCl7uJRc3jzpDdjp/c=";
};
}))
signal-desktop
transmission_4-qt6
thunderbird
@@ -25,11 +32,6 @@
];
programs.librewolf.enable = true;
services.easyeffects.enable = true;
systemd.user.services.easyeffects.Service = lib.mkIf osConfig.lumpiasty.audioRt.cpuPartitioning {
# Move easyeffects into audio.slice (defined in modules/desktop/audio-rt.nix)
# which has AllowedCPUs=<audioCpus> — pins all DSP work to the reserved cores.
Slice = "audio.slice";
};
programs.chromium.enable = true;
programs.chromium.package = pkgs.ungoogled-chromium;
hosts/acer.nix
+3 -4
View File
@@ -1,4 +1,4 @@
{ lib, pkgs, nixpkgs-linuxeol, ... }:
{ lib, pkgs, ... }:
rec {
# Identity
@@ -23,8 +23,8 @@ rec {
# Kernel
# boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelPackages = pkgs.linuxKernel.packages.linux_7_0;
boot.zfs.package = pkgs.zfs_2_4;
boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_19;
boot.zfs.package = pkgs.zfs_unstable;
# Swap
swapDevices = [
@@ -71,7 +71,6 @@ rec {
amdCpu = true;
noMitigations = false;
enablePulseaudio = true;
audioRt.enable = true;
sshd = true;
users.user = true;
# users.drugi = true;
hosts/bestieTest.nix
+30
View File
@@ -0,0 +1,30 @@
{ config, pkgs, lib, ... }: {
nixpkgs.hostPlatform = "x86_64-freebsd";
nixpkgs.config.allowUnsupportedSystem = true;
users.users.root.initialPassword = "toor";
networking.dhcpcd.wait = "background";
users.users.bestie = {
isNormalUser = true;
description = "your bestie";
extraGroups = [ "wheel" ];
inherit (config.users.users.root) initialPassword;
};
services.sshd.enable = true;
boot.loader.stand-freebsd.enable = true;
fileSystems."/" = {
device = "/dev/gpt/nixos";
fsType = "ufs";
};
fileSystems."/boot" = {
device = "/dev/msdosfs/ESP";
fsType = "msdosfs";
};
virtualisation.vmVariant.virtualisation.diskImage = "./${config.system.name}.qcow2";
}
hosts/gaming-pc.nix
+3 -14
View File
@@ -1,4 +1,4 @@
{ lib, pkgs, nixpkgs-linuxeol, ... }:
{ lib, pkgs, ... }:
{
# Identity
@@ -53,7 +53,7 @@
# Kernel
# boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.kernelPackages = pkgs.linuxKernel.packages.linux_7_0;
boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_19;
# Swap
zramSwap = {
@@ -94,7 +94,7 @@
"/var/games" =
{
device = "/dev/disk/by-uuid/8A3094A230949733"; # "Shared" NTFS partition
fsType = "ntfs";
fsType = "ntfs-3g";
options = [
"uid=1000" "gid=100" # My user account
"nofail" # Don't fail boot if failed to mount because windows left it dirty
@@ -102,11 +102,6 @@
};
};
# Use ntfs-plus instead driver
services.ntfsplus.enable = true;
# Force disable ntfs-3g driver
boot.supportedFilesystems.ntfs = lib.mkForce false;
# Config modules
lumpiasty = {
pc = true;
@@ -129,13 +124,7 @@
};
services.transmission.enable = lib.mkForce false;
# programs.steam.enable = true;
# programs.steam.gamescopeSession.enable = true;
nix.settings.system-features = [ "gccarch-haswell" ];
# Local LLaMA.cpp server
networking.firewall.allowedTCPPorts = [ 8080 ];
# nixpkgs.hostPlatform = {
# system = "x86_64-linux";
lib/mkNixbsdSystem.nix
+60
View File
@@ -0,0 +1,60 @@
{
self,
nixpkgs,
nixbsd,
home-manager,
nix-flatpak,
plasma-manager,
lanzaboote,
claude-code,
nix-sweep,
peerix,
acer-wmi-ext,
...
}:
hostConfig:
nixbsd.lib.nixbsdSystem {
modules = [
# Cross-compile FreeBSD from Linux, builds dispatched to remote builder
{
nixpkgs.buildPlatform = "x86_64-linux";
nixpkgs.config.allowUnsupportedSystem = true;
nixpkgs.overlays = [
(final: prev: {
# No-op emulator for FreeBSD - builds happen on remote builder where binaries run natively
freebsdEmulator = prev.runCommand "freebsd-emulator" { } ''
mkdir -p $out/bin
cat > $out/bin/freebsd-exec << 'SCRIPT'
#!/bin/sh
exec "$@"
SCRIPT
chmod +x $out/bin/freebsd-exec
'';
# Override mesonEmulatorHook to not require a real emulator for FreeBSD
mesonEmulatorHook =
let
canExec = prev.stdenv.hostPlatform.canExecute prev.stdenv.targetPlatform;
emulatorPath = "${final.freebsdEmulator}/bin/freebsd-exec";
in
if canExec then
prev.mesonEmulatorHook
else
prev.makeSetupHook
{
name = "mesonEmulatorHook";
substitutions = {
crossFile = prev.writeText "cross-file.conf" ''
[binaries]
exe_wrapper = '${prev.lib.escape [ "'" "\\" ] emulatorPath}'
'';
};
}
"${nixpkgs.outPath}/pkgs/build-support/setup-hooks/meson/emulator-hook.sh";
})
];
}
hostConfig
];
}
lib/mkNixosSystem.nix
+1 -8
View File
@@ -9,10 +9,6 @@
nix-sweep,
peerix,
acer-wmi-ext,
ntfsplus,
nix-skills,
nixpkgs-linuxeol,
bun2nix,
...
}:
hardwareConfig: hostConfig:
@@ -23,16 +19,13 @@ nixpkgs.lib.nixosSystem {
inherit nix-flatpak;
inherit plasma-manager;
inherit acer-wmi-ext;
inherit nixpkgs-linuxeol;
inherit ntfsplus;
};
modules = [
{
nixpkgs.overlays = [
claude-code.overlays.default
acer-wmi-ext.overlays.default
nix-skills.overlays.default
] ++ (import ../overlays/pkgs.nix { inherit bun2nix; });
];
nix.settings = {
substituters = [ "https://claude-code.cachix.org" ];
trusted-public-keys = [ "claude-code.cachix.org-1:YeXf2aNu7UTX8Vwrze0za1WEDS+4DuI2kVeWEE4fsRk=" ];
modules/default.nix
-2
View File
@@ -7,7 +7,6 @@
hardware/no-mitigations.nix
hardware/acer-undervolt.nix
system/ntfsplus.nix
system/roles.nix
system/nixpkgs.nix
system/location.nix
@@ -21,7 +20,6 @@
desktop/plasma.nix
desktop/touchpad.nix
desktop/pulseaudio.nix
desktop/audio-rt.nix
desktop/tailscale.nix
];
}
modules/desktop/audio-rt.nix
-233
View File
@@ -1,233 +0,0 @@
{ config, lib, pkgs, ... }:
# Workarounds for audio xruns under CPU load.
#
# Each optimization is independently toggleable so behavior can be bisected.
# `lumpiasty.audioRt.enable` is the master switch; individual sub-flags default
# to `true` when the master is on and can be flipped per-host to test impact.
let
cfg = config.lumpiasty.audioRt;
marchFlags = " -march=znver4 -O3";
# ---------------------------------------------------------------------------
# Per-build-system helpers (see commit history for rationale on LTO choices).
# ---------------------------------------------------------------------------
withMarch = pkg: pkg.overrideAttrs (old: {
env = (old.env or {}) // {
NIX_CFLAGS_COMPILE =
((old.env or {}).NIX_CFLAGS_COMPILE or old.NIX_CFLAGS_COMPILE or "")
+ marchFlags;
};
});
cmakePkg = pkg: pkg.overrideAttrs (old: {
env = (old.env or {}) // {
NIX_CFLAGS_COMPILE =
((old.env or {}).NIX_CFLAGS_COMPILE or old.NIX_CFLAGS_COMPILE or "")
+ marchFlags;
};
cmakeFlags = (old.cmakeFlags or []) ++ [ "-DCMAKE_INTERPROCEDURAL_OPTIMIZATION=ON" ];
preConfigure = (old.preConfigure or "") + "\nexport AR=gcc-ar\n";
});
rustPkg = pkg: pkg.overrideAttrs (old: {
RUSTFLAGS = (old.RUSTFLAGS or "") + " -C target-cpu=znver4";
});
in
{
options.lumpiasty.audioRt = {
enable = lib.mkEnableOption "Audio RT scheduling and CPU isolation";
audioCpus = lib.mkOption {
type = lib.types.str;
default = "12-15";
description = "CPU list reserved for audio services (systemd cpuset syntax).";
};
nonAudioCpus = lib.mkOption {
type = lib.types.str;
default = "0-11";
description = "CPU list for everything else.";
};
# ------ Individual optimization toggles ------
cpuPartitioning = lib.mkOption {
type = lib.types.bool;
default = cfg.enable;
description = ''
Cgroup-based CPU partitioning via dedicated audio.slice and
restricted app/session/background slices.
'';
};
rtLimits = lib.mkOption {
type = lib.types.bool;
default = cfg.enable;
description = ''
Raise rlimits (RTPRIO=95, MEMLOCK=infinity) for the audio group
so PipeWire's module-rt can set SCHED_FIFO 88 directly instead
of going through RTKit's priority-10 ceiling.
'';
};
performanceGovernor = lib.mkOption {
type = lib.types.bool;
default = cfg.enable;
description = ''
Keep cpufreq governor `performance` on the audio cores so they
stay boosted regardless of measured utilization.
'';
};
ananicy = lib.mkOption {
type = lib.types.bool;
default = cfg.enable;
description = ''
Run ananicy-cpp with a rule that pins easyeffects to nice -12 so
its non-RT DSP threads get scheduler preference under load.
'';
};
optimisedBinaries = lib.mkOption {
type = lib.types.bool;
default = cfg.enable;
description = ''
Rebuild easyeffects and its DSP dependencies with -march=znver4 -O3
(and LTO for cmake builds, target-cpu for rust builds).
'';
};
};
config = lib.mkMerge [
# --- Optimised binary builds ---------------------------------------------
(lib.mkIf (cfg.enable && cfg.optimisedBinaries) {
nixpkgs.overlays = [
(final: prev: {
easyeffects = cmakePkg (prev.easyeffects.override {
fftw = withMarch prev.fftw;
fftwFloat = withMarch prev.fftwFloat;
speexdsp = withMarch prev.speexdsp;
rubberband = withMarch prev.rubberband;
soundtouch = withMarch prev.soundtouch;
zita-convolver = withMarch prev.zita-convolver;
webrtc-audio-processing = withMarch prev.webrtc-audio-processing;
rnnoise = withMarch prev.rnnoise;
libebur128 = cmakePkg prev.libebur128;
libbs2b = withMarch prev.libbs2b;
lilv = withMarch prev.lilv;
onetbb = cmakePkg prev.onetbb;
calf = cmakePkg prev.calf;
lsp-plugins = withMarch prev.lsp-plugins;
zam-plugins = withMarch prev.zam-plugins;
mda_lv2 = withMarch prev.mda_lv2;
deepfilternet = rustPkg prev.deepfilternet;
});
})
];
})
# --- RT scheduling rlimits ----------------------------------------------
(lib.mkIf (cfg.enable && cfg.rtLimits) {
security.pam.loginLimits = [
{ domain = "@audio"; type = "-"; item = "rtprio"; value = "95"; }
{ domain = "@audio"; type = "-"; item = "memlock"; value = "unlimited"; }
{ domain = "@audio"; type = "-"; item = "nice"; value = "-20"; }
];
systemd.user.extraConfig = ''
DefaultLimitRTPRIO=95
DefaultLimitMEMLOCK=infinity
'';
})
# --- CPU partitioning (cgroup-based) ------------------------------------
#
# Cgroup hierarchy under user@.service:
# ├── app.slice AllowedCPUs=<nonAudioCpus> (Steam-launched apps)
# ├── session.slice AllowedCPUs=<nonAudioCpus> (kwin, plasmashell, kded)
# ├── background.slice AllowedCPUs=<nonAudioCpus> (akonadi, polkit)
# └── audio.slice AllowedCPUs=<audioCpus> (pipewire, easyeffects)
#
# Reasoning:
# - No isolcpus= : breaks scheduler load balancing on the rest of the system.
# - No nohz_full= : amd-pstate can't sample utilization in tickless mode
# so cores get clamped at minimum frequency.
# - No rcu_nocbs= : microsecond-scale jitter is irrelevant at 21ms quantum.
(lib.mkIf (cfg.enable && cfg.cpuPartitioning) {
systemd.user.extraConfig = ''
CPUAffinity=${cfg.nonAudioCpus}
'';
systemd.settings.Manager.CPUAffinity = cfg.nonAudioCpus;
# Delegate the cpuset controller to user managers so user-level slices
# can use AllowedCPUs=.
systemd.services."user@".serviceConfig.Delegate = "cpu cpuset io memory pids";
systemd.user.slices = {
app.sliceConfig.AllowedCPUs = cfg.nonAudioCpus;
session.sliceConfig.AllowedCPUs = cfg.nonAudioCpus;
background.sliceConfig.AllowedCPUs = cfg.nonAudioCpus;
audio = {
description = "Audio services pinned to reserved CPU cores";
sliceConfig.AllowedCPUs = cfg.audioCpus;
};
};
# easyeffects.service Slice= is set in home-modules/pc.nix.
systemd.user.services.pipewire.serviceConfig.Slice = "audio.slice";
systemd.user.services.pipewire-pulse.serviceConfig.Slice = "audio.slice";
systemd.user.services.wireplumber.serviceConfig.Slice = "audio.slice";
})
# --- Performance governor on audio cores --------------------------------
(lib.mkIf (cfg.enable && cfg.performanceGovernor) {
systemd.services.audio-cores-performance = {
description = "Keep performance governor on audio cores";
wantedBy = [ "multi-user.target" ];
after = [ "multi-user.target" ];
serviceConfig = {
Type = "simple";
Restart = "always";
RestartSec = "5s";
# Expand systemd CPU list ("12-15" / "12,13,14,15") into a flat list.
ExecStart = pkgs.writeShellScript "audio-cores-performance" ''
cpus=$(echo "${cfg.audioCpus}" | ${pkgs.coreutils}/bin/tr ',' ' ' | \
${pkgs.gawk}/bin/awk '{
for (i=1; i<=NF; i++) {
if (match($i, /^([0-9]+)-([0-9]+)$/, m))
for (j=m[1]; j<=m[2]; j++) print j
else print $i
}
}')
while true; do
for cpu in $cpus; do
cur=$(cat /sys/devices/system/cpu/cpu$cpu/cpufreq/scaling_governor)
if [ "$cur" != "performance" ]; then
echo performance > /sys/devices/system/cpu/cpu$cpu/cpufreq/scaling_governor
fi
done
sleep 2
done
'';
};
};
})
# --- Ananicy rule for easyeffects ---------------------------------------
(lib.mkIf (cfg.enable && cfg.ananicy) {
services.ananicy = {
enable = true;
package = pkgs.ananicy-cpp;
extraRules = [
{ name = "easyeffects"; type = "Audio"; nice = -12; }
];
};
})
];
}
modules/desktop/plasma.nix
+5 -5
View File
@@ -8,7 +8,7 @@
services.xserver.enable = true;
# Enable the KDE Plasma Desktop Environment.
services.displayManager.plasma-login-manager.enable = true;
services.displayManager.sddm.enable = true;
services.desktopManager.plasma6.enable = true;
# Configure keymap in X11
@@ -34,11 +34,14 @@
# Use wayland in electron apps
environment.sessionVariables.NIXOS_OZONE_WL = "1";
environment.systemPackages =
(lib.pipe (builtins.attrValues pkgs.kdePackages.gear) [
(lib.pipe pkgs.kdePackages.sources [
builtins.attrNames
(builtins.map (n: pkgs.kdePackages.${n}))
(builtins.filter (pkg: !pkg.meta.broken))
# Exclude neochat and itinerary due to known vulnerabilities
(builtins.filter (pkg: pkg.pname != "neochat"))
(builtins.filter (pkg: pkg.pname != "itinerary"))
(builtins.filter (pkg: pkg.pname != "libquotient"))
# Exclude angelfish due to build failure
(builtins.filter (pkg: pkg.pname != "angelfish"))
@@ -55,9 +58,6 @@
# Exclude audiocd-kio due to build failure
(builtins.filter (pkg: pkg.pname != "audiocd-kio"))
# Exclude audiotube due to build failure
(builtins.filter (pkg: pkg.pname != "audiotube"))
# Exclude plasma-mobile
(builtins.filter (pkg: pkg.pname != "plasma-mobile"))
]) ++ [
modules/desktop/pulseaudio.nix
+2 -10
View File
@@ -20,21 +20,13 @@
# no need to redefine it in your config for now)
#media-session.enable = true;
extraConfig.pipewire."99-quantum" = {
"context.properties" = {
"default.clock.quantum" = 1024;
"default.clock.min-quantum" = 1024;
"default.clock.max-quantum" = 8192;
};
};
wireplumber.configPackages = [
(pkgs.writeTextDir "share/wireplumber/wireplumber.conf.d/99-alsa-nova-3.conf" ''
monitor.alsa.rules = [
{
matches = [
{
node.name = "alsa_output.usb-SteelSeries_Arctis_Nova_7-00.analog-stereo"
node.name = "alsa_output.usb-SteelSeries_Arctis_Nova_3-00.analog-stereo"
}
]
actions = {
@@ -42,7 +34,7 @@
audio.format = "S24LE"
audio.rate = 96000
api.alsa.period-size = 1024
api.alsa.period-num = 8
api.alsa.period-num = 4
api.alsa.disable-batch = false
}
}
modules/hardware/acer-undervolt.nix
+35 -28
View File
@@ -1,35 +1,42 @@
{ config, lib, pkgs, ... }:
# Manual undervolting / power tuning for Ryzen 7 8845HS (Hawk Point, znver4).
#
# Provides:
# - ryzen_smu kernel module (loaded at boot)
# - ryzenadj userspace tool for poking the SMU
#
# nixpkgs already ships:
# - linuxPackages.ryzen-smu from the amkillam fork (Phoenix/Hawk Point aware)
# - ryzenadj v0.17.0 which has Hawk Point support and talks to ryzen_smu
# via the kernel module backend (preferred over /dev/mem).
# So no custom forks/overrides are needed any more.
#
# This module deliberately does NOT apply any tuning automatically.
# Run `ryzenadj` manually as root to experiment, then come back with
# results and we'll decide whether to wire in a systemd service to
# persist values across boot / resume.
{ config, lib, pkgs, modulesPath, ... }:
{
options.lumpiasty.acerUndervolt = lib.mkEnableOption "ryzenadj + ryzen_smu tooling for Acer 8845HS";
options.lumpiasty.acerUndervolt = lib.mkEnableOption "Enable Acer undervolt module";
config = lib.mkIf config.lumpiasty.acerUndervolt {
boot.kernelModules = [ "ryzen_smu" ];
boot.extraModulePackages = [ config.boot.kernelPackages.ryzen-smu ];
config = lib.mkIf config.lumpiasty.acerUndervolt (
let
# Use forked version of ryzen_smu
# https://github.com/FlyGoat/RyzenAdj/issues/350#issuecomment-2971428510
ryzen-smu = config.boot.kernelPackages.ryzen-smu.overrideAttrs (oldAttrs: {
src = pkgs.fetchFromGitHub {
owner = "amkillam";
repo = "ryzen_smu";
rev = "172c316f53ac8f066afd7cb9e1da517084273368";
sha256 = "sha256-U2UMWY7XgLXOpNgl2OsFBRvZSC4/qLa9rzJxFOpZ830=";
};
});
ryzenadj = pkgs.ryzenadj.overrideAttrs (oldAttrs: {
src = pkgs.fetchFromGitHub {
owner = "FlyGoat";
repo = "RyzenAdj";
rev = "7aeb2f4869ee52ac161ee4cb4871e29113487885";
sha256 = "sha256-KE2dbGv4V3+ibyxJ/DHNnBOGzjAcZbGrC3cVGNDsTTQ=";
};
});
in {
# Undervolting
boot.kernelModules = [ "ryzen-smu" ];
environment.systemPackages = [ pkgs.ryzenadj ];
boot.extraModulePackages = [
ryzen-smu
];
environment.systemPackages = [
ryzenadj
ryzen-smu
];
# CoreCtrl for GPU/iGPU tuning + amdgpu overdrive for clock/voltage
# control on the 780M iGPU. Orthogonal to CPU undervolt but lives
# naturally in the same module.
programs.corectrl.enable = true;
hardware.amdgpu.overdrive.enable = true;
};
}
});
}
modules/system/nix.nix
+34
View File
@@ -6,14 +6,48 @@ let
else if config.boot.loader.systemd-boot.enable then
config.boot.loader.systemd-boot.configurationLimit
else null;
# NixBSD builder VM SSH key (needs to be readable by root/nix-daemon)
builderKeyDir = "/etc/nix/builder-keys";
in
{
nix = {
daemonIOSchedClass = "idle";
daemonCPUSchedPolicy = "idle";
settings.trusted-users = [ "root" "user" ];
# FreeBSD remote builder VM (NixBSD)
distributedBuilds = true;
buildMachines = [
{
hostName = "192.168.122.100";
system = "x86_64-freebsd";
sshUser = "root";
sshKey = "${builderKeyDir}/nixbsd-builder";
maxJobs = 8;
speedFactor = 1;
supportedFeatures = [ "big-parallel" ];
}
];
settings.builders-use-substitutes = true;
};
# Install the builder SSH key where root/nix-daemon can read it
system.activationScripts.nixbsd-builder-key = ''
mkdir -p ${builderKeyDir}
cp /home/user/Projects/nixbsd-flake/keys/builder ${builderKeyDir}/nixbsd-builder
chmod 600 ${builderKeyDir}/nixbsd-builder
chown root:root ${builderKeyDir}/nixbsd-builder
'';
# Skip host key checking for the local builder VM (keys change on rebuild)
programs.ssh.extraConfig = ''
Host 192.168.122.100
StrictHostKeyChecking no
UserKnownHostsFile /dev/null
LogLevel ERROR
'';
# Clean up nix store from old configurations usinx nix-sweep
services.nix-sweep = {
enable = true;
modules/system/nixpkgs.nix
+6 -1
View File
@@ -4,8 +4,13 @@
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# Overlay different packages on top of nixpkgs
nixpkgs.overlays = [
(import ../../overlays/pkgs.nix)
];
# Ventoy has some blobs making it insecure
nixpkgs.config.permittedInsecurePackages = [
"ventoy-qt5-1.1.12"
"ventoy-qt5-1.1.10"
];
}
modules/system/ntfsplus-patches/0001-fix-windows_names-option.patch
-25
View File
@@ -1,25 +0,0 @@
From 8b5c5d23c1218a996a1d6780ca56853454813418 Mon Sep 17 00:00:00 2001
From: Lumpiasty <arek.dzski@gmail.com>
Date: Thu, 7 May 2026 01:50:05 +0200
Subject: [PATCH 1/2] fix windows_names option
---
super.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/super.c b/super.c
index 875fb5a..49ad898 100644
--- a/super.c
+++ b/super.c
@@ -91,7 +91,7 @@ static const struct fs_parameter_spec ntfs_parameters[] = {
fsparam_flag("sys_immutable", Opt_sys_immutable),
fsparam_flag("nohidden", Opt_nohidden),
fsparam_flag("hide_dot_files", Opt_hide_dot_files),
- fsparam_flag("windows_names", Opt_check_windows_names),
+ fsparam_bool("windows_names", Opt_check_windows_names),
fsparam_flag("acl", Opt_acl),
fsparam_flag("discard", Opt_discard),
fsparam_flag("sparse", Opt_sparse),
--
2.53.0
modules/system/ntfsplus-patches/0002-gate-bad-character-check-by-windows_names.patch
-32
View File
@@ -1,32 +0,0 @@
From 7fbf82056e26d99bfa4d5aab87ce287cd8c8cbef Mon Sep 17 00:00:00 2001
From: Lumpiasty <arek.dzski@gmail.com>
Date: Thu, 7 May 2026 01:56:33 +0200
Subject: [PATCH 2/2] gate bad character check by windows_names
---
namei.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/namei.c b/namei.c
index 9e937d1..7369943 100644
--- a/namei.c
+++ b/namei.c
@@ -61,12 +61,12 @@ static int ntfs_check_bad_windows_name(struct ntfs_volume *vol,
const __le16 *wc,
unsigned int wc_len)
{
- if (ntfs_check_bad_char(wc, wc_len))
- return -EINVAL;
-
if (!NVolCheckWindowsNames(vol))
return 0;
+ if (ntfs_check_bad_char(wc, wc_len))
+ return -EINVAL;
+
/* Check for trailing space or dot. */
if (wc_len > 0 &&
(wc[wc_len - 1] == cpu_to_le16(' ') ||
--
2.53.0
modules/system/ntfsplus.nix
-78
View File
@@ -1,78 +0,0 @@
{ config, pkgs, lib, ntfsplus, ... }:
# Builds and loads the ntfsplus kernel driver (github:namjaejeon/linux-ntfs),
# a maintained out-of-tree NTFS driver for Linux 6.1+.
#
# The upstream driver is used as-is, with two local patches applied on top
# (see ntfsplus-patches/). This avoids maintaining a fork that would need
# rebasing on every upstream update — patches are plain files that apply
# cleanly regardless of upstream churn.
#
# The ntfsplus flake's nixosModule is NOT used directly. It builds the kernel
# module as a `let` binding inside the module closure — not exposed as a
# package in its flake outputs — so there is nothing in pkgs to override.
# Replicating the module here is the only way to substitute a patched source.
#
# The ntfsplus flake (github:cmspam/ntfsplus-flake) is reused only for:
# - its linux-ntfs source input (ntfsplus.inputs.linux-ntfs)
# - its bundled Makefile (${ntfsplus}/Makefile)
# The flake ships its own Makefile because the upstream repo's Makefile
# has an ifneq KERNELRELEASE guard that breaks the out-of-tree nix build.
#
# The derivation is built inside this module (not via an overlay) so that
# config.boot.kernelPackages.kernel resolves to whatever kernel the host
# declares, with no extra indirection or per-host maintenance.
#
# ntfsplus is passed in via specialArgs in lib/mkNixosSystem.nix.
let
cfg = config.services.ntfsplus;
patchedSrc = pkgs.applyPatches {
name = "linux-ntfs-patched";
src = ntfsplus.inputs.linux-ntfs;
patches = [
# fsparam_flag → fsparam_bool so windows_names=0/1 is accepted as a
# mount option rather than being treated as a bare flag.
./ntfsplus-patches/0001-fix-windows_names-option.patch
# Gate the bad-character check behind NVolCheckWindowsNames so that
# the check only runs when windows_names is actually enabled.
./ntfsplus-patches/0002-gate-bad-character-check-by-windows_names.patch
];
};
ntfsplus-mod = pkgs.stdenv.mkDerivation {
pname = "ntfsplus-module";
version = ntfsplus.inputs.linux-ntfs.shortRev or ntfsplus.inputs.linux-ntfs.rev;
src = patchedSrc;
nativeBuildInputs = config.boot.kernelPackages.kernel.moduleBuildDependencies;
preBuild = "cp ${ntfsplus}/Makefile Makefile";
makeFlags = [
"KDIR=${config.boot.kernelPackages.kernel.dev}/lib/modules/${config.boot.kernelPackages.kernel.modDirVersion}/build"
"KVERSION=${config.boot.kernelPackages.kernel.modDirVersion}"
"CONFIG_NTFS_FS_POSIX_ACL=y"
];
installPhase = ''
mkdir -p $out/lib/modules/${config.boot.kernelPackages.kernel.modDirVersion}/extra
cp ntfs.ko $out/lib/modules/${config.boot.kernelPackages.kernel.modDirVersion}/extra/
'';
};
in
{
options.services.ntfsplus = {
enable = lib.mkEnableOption "ntfsplus kernel driver and utilities";
};
config = lib.mkIf cfg.enable {
boot.extraModulePackages = [ ntfsplus-mod ];
boot.kernelModules = [ "ntfs" ];
boot.extraModprobeConfig = ''
alias fs-ntfs ntfs
alias ntfsplus ntfs
'';
services.udev.extraRules = ''
SUBSYSTEM=="block", ENV{ID_FS_TYPE}=="ntfs", ENV{ID_FS_TYPE}="ntfs"
'';
environment.systemPackages = [ pkgs.ntfsprogs-plus ];
};
}
modules/system/zfs.nix
+4 -4
View File
@@ -2,8 +2,9 @@
{
config = lib.mkIf config.boot.zfs.enabled {
# Set ARC max to 5% of physical RAM at boot
systemd.services."zfs-arc-limit" = {
description = "Set ZFS ARC max to 20% of physical RAM";
description = "Set ZFS ARC max to 5% of physical RAM";
# Ensure the module is loaded before we write to /sys
after = [ "systemd-modules-load.service" ];
# Run early, but its fine if ZFS has already imported; the limit still applies
@@ -14,8 +15,8 @@
# Total RAM in kB
mem_kb=$(awk '/MemTotal:/ {print $2}' /proc/meminfo)
echo "DEBUG: Total RAM: $mem_kb kB"
# 20%, in bytes
arc_max_bytes=$(( mem_kb * 1024 / 100 * 20 ))
# 5%, in bytes
arc_max_bytes=$(( mem_kb * 1024 / 100 * 5 ))
echo "DEBUG: Setting ZFS ARC max to: $arc_max_bytes bytes"
param="/sys/module/zfs/parameters/zfs_arc_max"
if [ -w "$param" ]; then
@@ -32,6 +33,5 @@
RemainAfterExit = true;
};
};
boot.zfs.forceImportRoot = false; # New default in 26.11
};
}
overlays/pkgs.nix
+4 -14
View File
@@ -1,14 +1,4 @@
{ bun2nix }:
[
bun2nix.overlays.default
(final: prev: {
oh-my-pi = final.callPackage ../pkgs/oh-my-pi { inherit (final) bun2nix; };
opencode-claude-auth = prev.callPackage ../pkgs/opencode-claude-auth { };
# Build failure 08.05.2026
# https://github.com/NixOS/nixpkgs/issues/513245#issuecomment-4320293674
openldap = prev.openldap.overrideAttrs {
doCheck = !prev.stdenv.hostPlatform.isi686;
};
})
]
self: super:
{
opencode-claude-auth = super.callPackage ../pkgs/opencode-claude-auth {};
}
pkgs/oh-my-pi/default.nix
-221
View File
@@ -1,221 +0,0 @@
{ bun2nix, fetchFromGitHub, fetchurl, fetchzip, runCommand, python3, pkgs, stdenv, ... }:
# NOTE: This derivation works around two open bun2nix bugs. Remove the
# workarounds and simplify once they are fixed upstream.
#
# Bug 1 — missing .npm manifest cache files
# https://github.com/nix-community/bun2nix/issues/77
#
# bun's install cache requires two kinds of entries per package:
# - the extracted package directory (e.g. handlebars@4.7.9@@@1/)
# - a hashed .npm manifest file (e.g. 02dd05ab1686ff3a.npm)
# bun2nix only provides the former. bun therefore fetches the manifest from
# the registry during the "Resolving" phase, which fails in the Nix sandbox.
#
# Workaround: pass --offline to bun install. This tells bun to skip manifest
# fetches and trust the lockfile for resolution instead.
#
# Bug 2 — catalog: specifiers still trigger network resolution with --offline
# https://github.com/nix-community/bun2nix/issues/77 (same thread)
#
# bun2nix's bunResolveCatalogRefs rewrites "catalog:" specifiers in
# package.json to the version *range* from the catalog table (e.g. "^1.3.14")
# rather than the exact pinned version from bun.lock's packages section.
# Even with --offline, bun reads the catalog table from bun.lock and tries to
# resolve those ranges, hitting the network.
#
# Workaround: the Python script below pre-processes the source before the
# build. It pins every dep in every workspace package.json to the exact
# version from bun.lock's packages section (so no ranges remain for bun to
# resolve), and strips the catalog/catalogs keys from bun.lock entirely.
#
# bun.lock is JSONC (trailing-comma JSON) so we parse it with Python's stdlib
# json after stripping trailing commas with a regex.
#
# Additionally, oh-my-pi's bun.lock was generated with bun >=1.3.14 which uses
# a different Wyhash seed for cache keys than nixpkgs's bun 1.3.13. Bumping bun
# globally breaks other packages (e.g. opencode), so instead we patch the
# generated wrapper script in postInstall to reference bun 1.3.14 directly.
# Hashes from https://github.com/NixOS/nixpkgs/pull/519796
let
version = "15.2.1";
# bun 1.3.14 — needed for correct cache key hashes; scoped to this package.
bun_1_3_14 = pkgs.bun.overrideAttrs (_: {
version = "1.3.14";
src =
let
sources = {
"aarch64-darwin" = fetchurl {
url = "https://github.com/oven-sh/bun/releases/download/bun-v1.3.14/bun-darwin-aarch64.zip";
hash = "sha256-2LliIYKK1vl6x6wKt+lYcjQa92MAHogD6CZ2UsJlJiA=";
};
"aarch64-linux" = fetchurl {
url = "https://github.com/oven-sh/bun/releases/download/bun-v1.3.14/bun-linux-aarch64.zip";
hash = "sha256-on/7Y6gxA3WDbg1vZorhf6jY0YuIw3yCHGUzGXOhmjs=";
};
"x86_64-darwin" = fetchurl {
url = "https://github.com/oven-sh/bun/releases/download/bun-v1.3.14/bun-darwin-x64-baseline.zip";
hash = "sha256-PjWtb1OXGpg0v55nhuKt9ytfGSHMmpxf3gc9KXKUQHY=";
};
"x86_64-linux" = fetchurl {
url = "https://github.com/oven-sh/bun/releases/download/bun-v1.3.14/bun-linux-x64.zip";
hash = "sha256-lR7iruhV8IWVruxiJSJqKY0/6oOj3NZGXAnLzN9+hI8=";
};
};
in
sources.${stdenv.hostPlatform.system} or (throw "bun 1.3.14 not available for ${stdenv.hostPlatform.system}");
});
src = fetchFromGitHub {
owner = "can1357";
repo = "oh-my-pi";
rev = "v${version}";
hash = "sha256-fztQJrhDG5ZbTlgqoHA96eCgwYm5WIna3mAPlCDWYLM=";
};
# The workspace source for @oh-my-pi/pi-natives has no pre-built .node
# binaries — those only exist in the npm tarball. Fetch it so we can copy
# the platform binaries into packages/natives/native/ before the build.
piNativesTarball = fetchzip {
url = "https://registry.npmjs.org/@oh-my-pi/pi-natives/-/pi-natives-${version}.tgz";
hash = "sha256-mEEnvTNxWFVSs1An61K83sSjUJ5bz4yrluwZvz1+6fg=";
stripRoot = false;
};
srcWithBunNix = runCommand "oh-my-pi-src" {
nativeBuildInputs = [ bun2nix bun_1_3_14 python3 ];
} ''
cp -r ${src} $out
chmod -R u+w $out
# Copy pre-built .node binaries from the npm tarball into the workspace
# source so the runtime can load the native addon without building Rust.
cp ${piNativesTarball}/package/native/*.node $out/packages/natives/native/
bun2nix --lock-file $out/bun.lock --output-file $out/bun.nix
python3 - "$out" << 'EOF'
import sys, re, json, os
root = sys.argv[1]
lock_path = os.path.join(root, "bun.lock")
raw = open(lock_path).read()
lock = json.loads(re.sub(r',(\s*[}\]])', r'\1', raw))
packages = lock.get("packages", {})
catalog = lock.get("catalog", {})
catalogs = lock.get("catalogs", {})
# Build name -> exact resolved version from the packages section.
resolved = {}
for name, entry in packages.items():
if isinstance(entry, list) and entry and isinstance(entry[0], str):
spec = entry[0]
if spec.startswith(name + "@"):
resolved[name] = spec[len(name) + 1:]
def pin(name, spec):
"""Pin a dep specifier to its exact resolved version from bun.lock."""
if not isinstance(spec, str):
return spec
# catalog: specifiers resolve via catalog table then pinned version.
if spec.startswith("catalog:"):
cname = spec[len("catalog:"):]
table = catalog if cname == "" else catalogs.get(cname, {})
rv = resolved.get(name)
cv = table.get(name)
if isinstance(rv, str) and rv.startswith("workspace:"):
return "workspace:*"
if isinstance(rv, str):
return rv
if isinstance(cv, str):
return cv
return spec
# Any npm version range pin to exact resolved version.
if not spec.startswith(("workspace:", "file:", "link:", "git", "http", "/")):
rv = resolved.get(name)
if isinstance(rv, str) and rv.startswith("workspace:"):
return "workspace:*"
if isinstance(rv, str):
return rv
return spec
sections = ["dependencies", "devDependencies", "peerDependencies", "optionalDependencies"]
def rewrite(holder):
for sec in sections:
deps = holder.get(sec)
if isinstance(deps, dict):
for name in list(deps):
deps[name] = pin(name, deps[name])
# Rewrite bun.lock workspaces and drop the catalog tables.
for ws in lock.get("workspaces", {}).values():
rewrite(ws)
lock.pop("catalog", None)
lock.pop("catalogs", None)
open(lock_path, "w").write(json.dumps(lock, indent=2) + "\n")
# Rewrite each workspace package.json (root "" included).
for ws_dir in lock.get("workspaces", {}):
pkg_path = os.path.join(root, ws_dir, "package.json")
if not os.path.exists(pkg_path):
continue
pkg = json.loads(open(pkg_path).read())
rewrite(pkg)
open(pkg_path, "w").write(json.dumps(pkg, indent=2) + "\n")
EOF
'';
in
(bun2nix.writeBunApplication {
pname = "omp";
inherit version;
src = srcWithBunNix;
# oh-my-pi requires bun >=1.3.14 at runtime. writeBunApplication prepends
# pkgs.bun (1.3.13) to PATH in the startup script, so we use an absolute
# path to bun 1.3.14 instead of relying on PATH resolution.
#
# writeBunApplication's installPhase does `cd $out/share/$pname` before
# exec, so $PWD is always the store path. OLDPWD is set by bash's cd to the
# user's original directory. We cd back so omp's process.cwd() is correct,
# and use an absolute path to the entry point so bun resolves modules from
# the store regardless of cwd.
# At this point the wrapper has already done `cd $out/share/omp`, so $PWD
# is the store package dir and OLDPWD is the user's original directory.
# Capture the store dir, cd back to the user's dir so omp's process.cwd()
# is correct, then exec bun with an absolute path so module resolution
# still works from the store.
startScript = ''
_omp_pkg="$PWD"
cd "''${OLDPWD:-$PWD}"
exec ${bun_1_3_14}/bin/bun run "$_omp_pkg/packages/coding-agent/src/cli.ts" "$@"
'';
dontUseBunBuild = true;
dontUseBunCheck = true;
# --offline: workaround for Bug 1 above (missing .npm manifest cache files).
bunInstallFlags = [ "--offline" "--linker=isolated" "--ignore-scripts" ];
# Generate the docs index embedded into the binary at build time.
# The prepack script reads docs/**/*.md and emits docs-index.generated.ts.
postBunNodeModulesInstallPhase = ''
${bun_1_3_14}/bin/bun run packages/coding-agent/scripts/generate-docs-index.ts
'';
bunDeps = bun2nix.fetchBunDeps {
bunNix = "${srcWithBunNix}/bun.nix";
};
meta = {
description = "AI coding agent for the terminal batteries included";
homepage = "https://omp.sh";
mainProgram = "omp";
};
})
pkgs/opencode-claude-auth/default.nix
+3 -3
View File
@@ -2,11 +2,11 @@
stdenv.mkDerivation {
pname = "opencode-claude-auth";
version = "1.5.4";
version = "1.5.0";
src = fetchurl {
url = "https://registry.npmjs.org/opencode-claude-auth/-/opencode-claude-auth-1.5.4.tgz";
hash = "sha256-9iByuNTg/MTD3VGeqpBaBCBaooXm97BuvP0fPXDoPGc=";
url = "https://registry.npmjs.org/opencode-claude-auth/-/opencode-claude-auth-1.5.0.tgz";
hash = "sha512-5NSL+x++VTe2ZrFSznXKv7imiKObIBz0QXPuL+g1NAXAcdTGcbEbQBvvHZeIaSBNjmwpY2MR67Yez1f3LlPl7w==";
};
dontBuild = true;