Olivier/chiasson-nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rebase to flake parts #11

Browse Source
This commit is contained in:
OlivierChiasson
2026-05-25 13:48:47 -03:00
parent fba5a7a2aa
commit 6978396646
25 changed files with 567 additions and 305 deletions
Download Patch File Download Diff File Expand all files Collapse all files
flake.lock
Generated
+79 -79
View File
@@ -23,11 +23,11 @@
]
},
"locked": {
"lastModified": 1778241768,
"narHash": "sha256-vyKpTnkTD0GId4PZUg21oBdWZhuHl/c3YgO5Ruehq2M=",
"lastModified": 1779537840,
"narHash": "sha256-IS3aolEKgyL0VuMfd/QX2AHvur1YukCTa6eZdxQWe1A=",
"ref": "refs/heads/main",
"rev": "735b1cc776a8d7e26763bf1ac121866b326bd98f",
"revCount": 104,
"rev": "8d9c19f98abf47aa4504efa8d2233730b4afed50",
"revCount": 109,
"type": "git",
"url": "https://git.chiasson.cloud/Olivier/cursor-nixos-flake"
},
@@ -63,11 +63,11 @@
]
},
"locked": {
"lastModified": 1776181116,
"narHash": "sha256-aUNKF+jzGY+jRlR7Bp82v/zNHdI9bFELLuYYWbaM6fo=",
"lastModified": 1778679554,
"narHash": "sha256-zoPgnxIlDja91/4TmnCui+Fzc/xU/1jdJFu9bovtOk8=",
"owner": "AvengeMedia",
"repo": "dgop",
"rev": "e2078a7c5620be2e4897e7dabc08ade6dac9a454",
"rev": "06574b54fa4878a93d8605962d50b13e9528a4ca",
"type": "github"
},
"original": {
@@ -84,11 +84,11 @@
"quickshell": "quickshell"
},
"locked": {
"lastModified": 1775588644,
"narHash": "sha256-iYBdSBvcW7bJtc84G6k5TFJEbPHQrif9KzZyE9Lbq8M=",
"lastModified": 1777431599,
"narHash": "sha256-g6r/Gx8PTDzO3jCNzzySA+Ff1lmLF9nDlMCNyyoQjoE=",
"owner": "AvengeMedia",
"repo": "DankMaterialShell",
"rev": "9798d78300d402178896f6ee1c370baed490158a",
"rev": "eb5afcdc40ea5446c27e18552ff4a19f9daf9484",
"type": "github"
},
"original": {
@@ -132,11 +132,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1775087534,
"narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=",
"lastModified": 1778716662,
"narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b",
"rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb",
"type": "github"
},
"original": {
@@ -150,11 +150,11 @@
"nixpkgs-lib": "nixpkgs-lib_2"
},
"locked": {
"lastModified": 1775087534,
"narHash": "sha256-91qqW8lhL7TLwgQWijoGBbiD4t7/q75KTi8NxjVmSmA=",
"lastModified": 1778716662,
"narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "3107b77cd68437b9a76194f0f7f9c55f2329ca5b",
"rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb",
"type": "github"
},
"original": {
@@ -209,11 +209,11 @@
]
},
"locked": {
"lastModified": 1776721614,
"narHash": "sha256-zGuW7C4tsScib2560yE5VV6lY/MdRs30aU9cbg3RP+U=",
"lastModified": 1779507042,
"narHash": "sha256-7wOwi8B6D0BYsieZCnHZZj2sNUzgJhLoIVSfkwB7lxQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "c555a4a34a260493be5adb795c54e013c58f2d34",
"rev": "509ed3c603349a9d43de9e2ae6613baea6bd5b34",
"type": "github"
},
"original": {
@@ -230,11 +230,11 @@
]
},
"locked": {
"lastModified": 1776184304,
"narHash": "sha256-No6QGBmIv5ChiwKCcbkxjdEQ/RO2ZS1gD7SFy6EZ7rc=",
"lastModified": 1778805320,
"narHash": "sha256-nGFJ01m2CTBKD4ABtcY4vLhHrRN91LKr/pn41PcU78A=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3c7524c68348ef79ce48308e0978611a050089b2",
"rev": "9846abe15e7d0d36b8acbd4d05f2b87461744c92",
"type": "github"
},
"original": {
@@ -245,11 +245,11 @@
},
"import-tree": {
"locked": {
"lastModified": 1773693634,
"narHash": "sha256-BtZ2dtkBdSUnFPPFc+n0kcMbgaTxzFNPv2iaO326Ffg=",
"lastModified": 1778781969,
"narHash": "sha256-Jjuz5CmSkur8KvLDoGa+vylEp+RkQtv4mt/qcMznpH0=",
"owner": "vic",
"repo": "import-tree",
"rev": "c41e7d58045f9057880b0d85e1152d6a4430dbf1",
"rev": "d321337efd0f23a9eb14a42adb7b2c29313ab274",
"type": "github"
},
"original": {
@@ -299,11 +299,11 @@
"nixpkgs-nixcord": "nixpkgs-nixcord"
},
"locked": {
"lastModified": 1777125640,
"narHash": "sha256-jKmRu5PknoI0pk3WEqMhVReosUubUCq3M/izEQWzb+4=",
"lastModified": 1779498537,
"narHash": "sha256-6LQjFDS69JufrN4sVsMNsXxeSF6BbDzMSbN7sVApsaA=",
"owner": "KaylorBen",
"repo": "nixcord",
"rev": "0e738683dd7551a9cbfa343397b1592dfd785b7e",
"rev": "45a98c17b0d9e695bdee92ab00c76657eddf47e7",
"type": "github"
},
"original": {
@@ -348,11 +348,11 @@
]
},
"locked": {
"lastModified": 1775857096,
"narHash": "sha256-+eSij7C0oMqz76rGnB99RuWptBuEkJBm9vgb5fIwRrg=",
"lastModified": 1779023229,
"narHash": "sha256-MInilg7B/06c34SwOuGSBho4l0H1EZcmvxTkSWCs5pE=",
"owner": "nvmd",
"repo": "nixos-raspberrypi",
"rev": "1dc4ca5f93587932383c0b61e1753f5eed1c3bba",
"rev": "06c6e3513e1ee64b651913193fc6ac38aa4963f5",
"type": "github"
},
"original": {
@@ -364,11 +364,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1776548001,
"narHash": "sha256-ZSK0NL4a1BwVbbTBoSnWgbJy9HeZFXLYQizjb2DPF24=",
"lastModified": 1779357205,
"narHash": "sha256-cCO8aTqss5x9Ky8GWkpY0Hy5fyTZEbtifSUV8QjSzic=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "b12141ef619e0a9c1c84dc8c684040326f27cdcc",
"rev": "f83fc3c307e74bc5fd5adb7eb6b8b13ffd2a36e1",
"type": "github"
},
"original": {
@@ -380,11 +380,11 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1774748309,
"narHash": "sha256-+U7gF3qxzwD5TZuANzZPeJTZRHS29OFQgkQ2kiTJBIQ=",
"lastModified": 1777168982,
"narHash": "sha256-GOkGPcboWE9BmGCRMLX3worL4EMnsnG8MyKmXNeYuhQ=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "333c4e0545a6da976206c74db8773a1645b5870a",
"rev": "f5901329dade4a6ea039af1433fb087bd9c1fe14",
"type": "github"
},
"original": {
@@ -395,11 +395,11 @@
},
"nixpkgs-lib_2": {
"locked": {
"lastModified": 1774748309,
"narHash": "sha256-+U7gF3qxzwD5TZuANzZPeJTZRHS29OFQgkQ2kiTJBIQ=",
"lastModified": 1777168982,
"narHash": "sha256-GOkGPcboWE9BmGCRMLX3worL4EMnsnG8MyKmXNeYuhQ=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "333c4e0545a6da976206c74db8773a1645b5870a",
"rev": "f5901329dade4a6ea039af1433fb087bd9c1fe14",
"type": "github"
},
"original": {
@@ -410,11 +410,11 @@
},
"nixpkgs-nixcord": {
"locked": {
"lastModified": 1776734388,
"narHash": "sha256-vl3dkhlE5gzsItuHoEMVe+DlonsK+0836LIRDnm6MXQ=",
"lastModified": 1779102034,
"narHash": "sha256-vZJZjLo513IeI8hjzHFc6TDezUd4uCE2Eq4SNO3DNNg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "10e7ad5bbcb421fe07e3a4ad53a634b0cd57ffac",
"rev": "687f05a9184cad4eaf905c48b63649e3a86f5433",
"type": "github"
},
"original": {
@@ -426,11 +426,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1775579569,
"narHash": "sha256-/m3yyS/EnXqoPGBJYVy4jTOsirdgsEZ3JdN2gGkBr14=",
"lastModified": 1778869304,
"narHash": "sha256-30sZNZoA1cqF5JNO9fVX+wgiQYjB7HJqqJ4ztCDeBZE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dfd9566f82a6e1d55c30f861879186440614696e",
"rev": "d233902339c02a9c334e7e593de68855ad26c4cb",
"type": "github"
},
"original": {
@@ -448,11 +448,11 @@
]
},
"locked": {
"lastModified": 1776720544,
"narHash": "sha256-SjaFRV8Oqu3LtEGxr1q5K+bMPbxPPjc7z1adadC8yE8=",
"lastModified": 1779493406,
"narHash": "sha256-70dCjL6KdsNG+hPHqUsrTF/gQtnucRMo2B/oGvf8aOw=",
"owner": "nix-community",
"repo": "NUR",
"rev": "fe8c1a700dbbfb474f7e80f6ca6223d0bd61d79d",
"rev": "e27d8a76f2167da18bd37ab38f463c13daf2bc21",
"type": "github"
},
"original": {
@@ -471,11 +471,11 @@
]
},
"locked": {
"lastModified": 1773135655,
"narHash": "sha256-eb4/TZEU1cMpUPtUuxcr2sfiCciHtesBtPHzS1zh2Uo=",
"lastModified": 1778402771,
"narHash": "sha256-WS8hQ8Yk4M1rfkp2aUCaUkGVBU0ppCYAhklBk5kBdFU=",
"owner": "robertjakub",
"repo": "oom-hardware",
"rev": "ad592fd988ee7a7c1bd68ff8b819973e1ae900ef",
"rev": "9f338e9250b7c01ac97750851867fc8158e8f54c",
"type": "github"
},
"original": {
@@ -493,16 +493,16 @@
]
},
"locked": {
"lastModified": 1766725085,
"narHash": "sha256-O2aMFdDUYJazFrlwL7aSIHbUSEm3ADVZjmf41uBJfHs=",
"lastModified": 1776854048,
"narHash": "sha256-lLbV66V3RMNp1l8/UelmR4YzoJ5ONtgvEtiUMJATH/o=",
"ref": "refs/heads/master",
"rev": "41828c4180fb921df7992a5405f5ff05d2ac2fff",
"revCount": 715,
"rev": "783c953987dc56ff0601abe6845ed96f1d00495a",
"revCount": 806,
"type": "git",
"url": "https://git.outfoxxed.me/quickshell/quickshell"
},
"original": {
"rev": "41828c4180fb921df7992a5405f5ff05d2ac2fff",
"rev": "783c953987dc56ff0601abe6845ed96f1d00495a",
"type": "git",
"url": "https://git.outfoxxed.me/quickshell/quickshell"
}
@@ -540,11 +540,11 @@
]
},
"locked": {
"lastModified": 1776119890,
"narHash": "sha256-Zm6bxLNnEOYuS/SzrAGsYuXSwk3cbkRQZY0fJnk8a5M=",
"lastModified": 1777944972,
"narHash": "sha256-VfGRo1qTBKOe3s2gOv8LSoA6Fk19PvBlwQ1ECN0Evn8=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "d4971dd58c6627bfee52a1ad4237637c0a2fb0cd",
"rev": "c591bf665727040c6cc5cb409079acb22dcce33c",
"type": "github"
},
"original": {
@@ -561,11 +561,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1776578704,
"narHash": "sha256-4+JHYCweZ/SSrMcu2nJ5gc7gop2scBk0JIIfaUKuTaQ=",
"lastModified": 1779000518,
"narHash": "sha256-wdtytSnzMe85J/qeXJALMzSLRFTZ1gBHwn81l1PtT8k=",
"owner": "Gerg-L",
"repo": "spicetify-nix",
"rev": "73f6d24b4f5bdacc3b41ddcf9965bef2781f97dd",
"rev": "5dde76b38418892ccb3d99e99bed7f8a43ac294c",
"type": "github"
},
"original": {
@@ -582,11 +582,11 @@
]
},
"locked": {
"lastModified": 1777652580,
"narHash": "sha256-CO4RXrd0eQ2INc8/S2CTWCIHUdvVkqwKZ/9o7a/pcFg=",
"lastModified": 1779059662,
"narHash": "sha256-PkBItyS1oZ4MJ+eEgF5iLKxx28rmSyk/bHp63tjW/5g=",
"ref": "refs/heads/main",
"rev": "42575990389388d8d07da6fb4110d77ea7493159",
"revCount": 75,
"rev": "030da2f52d3cbe3c577ce12b5abbd35e90e1f093",
"revCount": 79,
"type": "git",
"url": "https://git.chiasson.cloud/Olivier/SwiftShare"
},
@@ -632,11 +632,11 @@
]
},
"locked": {
"lastModified": 1775302822,
"narHash": "sha256-QoK8SYoIc0d/PoRdIUo+fkDNAHZIP2+AJ6PDM9ehGiY=",
"lastModified": 1777412856,
"narHash": "sha256-WrcIo3y9uFCuzgzbxc465FBS3zAZMQlfYszefkOUCWc=",
"owner": "GnomedDev",
"repo": "T2FanRD",
"rev": "5b1c0c10785b8e8dfe124a4d6aaa7c2becdac65c",
"rev": "48baf962697ec3d4d969c74cf601ee8e15b7aeaa",
"type": "github"
},
"original": {
@@ -648,11 +648,11 @@
"t2linux-patches": {
"flake": false,
"locked": {
"lastModified": 1776111571,
"narHash": "sha256-1neTptNNPtwbBYSQOE48GM8CYx780eI5JQTFYmwN0og=",
"lastModified": 1779369552,
"narHash": "sha256-vDcWjgjhYAQcXZH40QN17ZV9BS0zqZeme9APXBqjlHs=",
"owner": "t2linux",
"repo": "linux-t2-patches",
"rev": "76589a89790c33c137d173f2d98b6096cd16b132",
"rev": "716093d3244566cd708362661de269ab7e67ff0f",
"type": "github"
},
"original": {
@@ -682,11 +682,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1776464146,
"narHash": "sha256-XwLFfJDz71vIF7BAhnbLhrzQjmDC2uXdo7N0oHUrYzA=",
"lastModified": 1779297405,
"narHash": "sha256-VFoBwH7ZjVxCnvZTb5ODRXt70sLtWMxstive0N+RS50=",
"owner": "BirdeeHub",
"repo": "nix-wrapper-modules",
"rev": "75febede14a0845f4ef429da692a0698bf433600",
"rev": "e7ed7a1205945befdf2e0d73ba7df91d935e5af1",
"type": "github"
},
"original": {
@@ -703,11 +703,11 @@
]
},
"locked": {
"lastModified": 1776663782,
"narHash": "sha256-qzBBuxZbn7vPD9ZDl3xmCBGa6qEc8Q//76Cbx4W0tE4=",
"lastModified": 1779455631,
"narHash": "sha256-svU6Ro4xiMxMA1KJGwQ/nfKwz3yXE/SONCw2Z1qTXHA=",
"owner": "0xc000022070",
"repo": "zen-browser-flake",
"rev": "b93be06dc91630bf0ced69c54d0e1e05e56ae460",
"rev": "5bcdfcef664bf62831dcb4b947004d9c5fbf7201",
"type": "github"
},
"original": {
modules/desktop/gui.nix
+8 -2
View File
@@ -126,8 +126,14 @@
(lib.mkIf (guiEnabled && cfg.keyring.enable && hmAvailable) {
"home-manager".sharedModules = [
({ lib, pkgs, ... }: {
services.gnome-keyring.enable = lib.mkDefault true;
home.packages = [ pkgs.gcr ];
services.gnome-keyring = {
enable = lib.mkDefault true;
components = [ "secrets" ];
};
home.packages = [
pkgs.gcr
pkgs.libsecret
];
})
];
})
modules/desktop/hyprland/default.nix
+6
View File
@@ -38,6 +38,7 @@
}:
let
hyprlandEnabled = osConfig.chiasson.desktop.hyprland.enable or false;
keyringEnabled = osConfig.chiasson.desktop.keyring.enable or false;
# nixpkgs hyprland-plugins pin is stale for current Hyprland — override to a known-good rev.
hyprbarsPatched =
let
@@ -66,6 +67,11 @@
'';
settings = lib.mkMerge [
(lib.mkIf keyringEnabled {
exec-once = lib.mkBefore [
"dbus-update-activation-environment --systemd --all"
];
})
{
monitor = [ ",preferred,auto,auto" ];
general = {
modules/desktop/niri/default.nix
+16 -5
View File
@@ -124,17 +124,27 @@ let
};
};
keyringNiriStartupKdl = ''
spawn-at-startup "dbus-update-activation-environment" "--systemd" "--all"
'';
mergeNiriSettings =
pkgs: niriCfg:
pkgs: niriCfg: keyringEnable:
let
lib = pkgs.lib;
pi5 = self.lib.pi5NiriKdl;
rpi5Extra = lib.optionalString (niriCfg.raspberryPi5DrmWorkaround or false) pi5.drmExtraConfig;
base = niriBaseSettings pkgs;
userExtra = niriCfg.extraSettings or { };
extraConfigMerged = rpi5Extra + (userExtra.extraConfig or "");
keyringExtra = lib.optionalString keyringEnable keyringNiriStartupKdl;
extraConfigMerged = keyringExtra + rpi5Extra + (userExtra.extraConfig or "");
windowRules = (base.window-rules or [ ]) ++ (userExtra.window-rules or [ ]);
in
lib.recursiveUpdate (niriBaseSettings pkgs) (
userExtra
lib.recursiveUpdate base (
lib.removeAttrs userExtra [ "window-rules" "extraConfig" ]
// lib.optionalAttrs (windowRules != [ ]) {
window-rules = windowRules;
}
// lib.optionalAttrs (rpi5Extra != "" || (userExtra.extraConfig or "") != "") {
extraConfig = extraConfigMerged;
}
@@ -146,7 +156,8 @@ in
let
niriOs = osConfig.chiasson.desktop.niri or { };
niriEnabled = osConfig.chiasson.desktop.niri.enable or false;
mergedSettings = mergeNiriSettings pkgs niriOs;
keyringEnabled = osConfig.chiasson.desktop.keyring.enable or false;
mergedSettings = mergeNiriSettings pkgs niriOs keyringEnabled;
niriConfigPkg = inputs.wrapper-modules.wrappers.niri.wrap {
inherit pkgs;
settings = mergedSettings;
modules/hosts/14900k/_private/jellyfin-nfs-export.nix
+6 -17
View File
@@ -1,8 +1,7 @@
# NFS exports from nixdesk (14900k) to nix-server (192.168.2.238):
# - /mnt/test/jellyfin → nix-server /mnt/nixdesk-jellyfin (Jellyfin bulk libraries)
# - /mnt/media → nix-server /mnt/media (Btrfs MediaLibrary disk; see media-disk.nix)
# - /mnt/deep/jellyfin → nix-server /mnt/nixdesk-jellyfin (Jellyfin bulk libraries)
#
# NTFS on nixdesk uses uid=olivier + gid=nfsmedia (990); dirs here are olivier:nfsmedia 2775 so
# Jellyfin root on nixdesk uses owner olivier + group nfsmedia (990); dirs here are 2775 so
# local writes and NFS all_squash (anonuid=olivier, anongid=990) get rwx via owner or group.
#
# Legacy trees may still need a one-time `chgrp -R nfsmedia` / `chmod -R g+rwX` on deep folders.
@@ -20,16 +19,9 @@ in
group = "nfsmedia";
};
# olivier: owner for local use; nfsmedia: group matches NTFS gid=990 and NFS all_squash (990).
# olivier: owner for local use; nfsmedia: group used by NFS all_squash (990).
systemd.tmpfiles.settings."14900k-nfs-export-paths" = {
"/mnt/test"."d" = { mode = "2775"; user = "olivier"; group = "nfsmedia"; };
"/mnt/test/jellyfin"."d" = { mode = "2775"; user = "olivier"; group = "nfsmedia"; };
"/mnt/test/jellyfin/movies"."d" = { mode = "2775"; user = "olivier"; group = "nfsmedia"; };
"/mnt/test/jellyfin/tv"."d" = { mode = "2775"; user = "olivier"; group = "nfsmedia"; };
"/mnt/media"."d" = { mode = "2775"; user = "olivier"; group = "nfsmedia"; };
"/mnt/media/Movies"."d" = { mode = "2775"; user = "olivier"; group = "nfsmedia"; };
"/mnt/media/TV"."d" = { mode = "2775"; user = "olivier"; group = "nfsmedia"; };
"/mnt/media/Videos"."d" = { mode = "2775"; user = "olivier"; group = "nfsmedia"; };
"/mnt/deep/jellyfin"."d" = { mode = "2775"; user = "olivier"; group = "nfsmedia"; };
};
# After exports are up, ensure group nfsmedia can write throughout library roots (idempotent;
@@ -37,9 +29,7 @@ in
system.activationScripts.nfs-export-group-write = {
deps = [ "specialfs" ];
text = ''
for d in \
/mnt/media/TV /mnt/media/Movies /mnt/media/Videos \
/mnt/test/jellyfin/tv /mnt/test/jellyfin/movies
for d in /mnt/deep/jellyfin
do
[ -d "$d" ] || continue
${pkgs.acl}/bin/setfacl -R -m g:nfsmedia:rwx "$d" 2>/dev/null || true
@@ -58,8 +48,7 @@ in
# Squash nix-server clients to olivier:nfsmedia so Jellyfin can write .nfo/posters into
# existing olivier-owned library folders (990-only squash was "other" r-x on typical 755 trees).
exports = ''
/mnt/test/jellyfin 192.168.2.238(rw,sync,no_subtree_check,crossmnt,root_squash,all_squash,anonuid=${toString olivierUid},anongid=990,fsid=1)
/mnt/media 192.168.2.238(rw,sync,no_subtree_check,crossmnt,root_squash,all_squash,anonuid=${toString olivierUid},anongid=990,fsid=2)
/mnt/deep/jellyfin 192.168.2.238(rw,sync,no_subtree_check,crossmnt,root_squash,all_squash,anonuid=${toString olivierUid},anongid=990,fsid=1)
'';
};
modules/hosts/14900k/_private/media-disk.nix
+27 -14
View File
@@ -6,29 +6,42 @@ let
in
{
users.users.olivier.uid = lib.mkDefault 1000;
fileSystems."/mnt/media" = {
# LABEL="MediaLibrary" (btrfs on sda1 by UUID). No subvol=@ — this disk has no @ subvolume.
fileSystems."/mnt/2nd" = {
device = "/dev/disk/by-uuid/17d8a981-db3b-415e-a0f7-7dbc519e04ab";
fsType = "btrfs";
options = [
"subvol=@"
"compress=zstd"
"noatime"
"nofail"
"x-systemd.device-timeout=30"
];
};
#new deep storage unit
fileSystems."/mnt/deep" = {
device = "/dev/disk/by-uuid/64fb08fe-da5d-4405-afa3-1603a411e9e5";
fsType = "btrfs";
options = [
"compress=zstd"
"noatime"
"nofail"
"x-systemd.device-timeout=30"
];
};
# LABEL="Deep Storage Unit". Owner olivier, group nfsmedia (990) so:
# - local logins write as user 1000 (owner rwx);
# - NFS (all_squash → uid/gid 990) matches group 990 → rwx (see jellyfin-nfs-export).
fileSystems."/mnt/test" = {
device = "/dev/disk/by-uuid/BC12E55E12E51DE0";
fsType = "ntfs-3g";
options = [
"rw"
"force"
"uid=${toString olivierUid}"
"gid=990"
"umask=0002"
];
};
#fileSystems."/mnt/test" = {
# device = "/dev/disk/by-uuid/BC12E55E12E51DE0";
# fsType = "ntfs-3g";
# options = [
# "rw"
# "force"
# "uid=${toString olivierUid}"
# "gid=990"
# "umask=0002"
# ];
#};
}
modules/hosts/14900k/_private/nvidia.nix
+1 -1
View File
@@ -12,7 +12,7 @@
powerManagement.finegrained = false;
open = true;
nvidiaSettings = true;
package = config.boot.kernelPackages.nvidiaPackages.stable;
package = config.boot.kernelPackages.nvidiaPackages.latest;
};
hardware.nvidia-container-toolkit.enable = true;
modules/hosts/14900k/_private/platform.nix
+1
View File
@@ -7,6 +7,7 @@
hardware.enableRedistributableFirmware = true;
hardware.enableAllFirmware = true;
hardware.cpu.intel.updateMicrocode = true;
nix.settings.experimental-features = [ "nix-command" "flakes" ];
modules/hosts/14900k/configuration.nix
+16 -2
View File
@@ -45,6 +45,7 @@ services.cloudflare-warp.enable = true;
# This fixes common NixOS issues like `vaInitialize failed` and missing QSV encoders in apps.
hardware.graphics = {
enable = true;
enable32Bit = true; # Required by Wine/DXVK for 32-bit Vulkan userspace.
extraPackages = with pkgs; [
intel-media-driver # iHD (Gen8+)
vpl-gpu-rt # oneVPL runtime (QSV)
@@ -84,17 +85,22 @@ services.cloudflare-warp.enable = true;
};
};
chiasson.system.chromiumHevc.enable = true;
chiasson.system = {
ytDlpTelequebecPatch.enable = true;
audio.enable = true;
docker.enable = true;
gaming.enable = true;
gaming.launchers.enableBottles = false;
gaming.gamescope.enable = true;
gaming.steam.steamTinkerLaunch.enable = true;
monitorInput.enable = true;
flatpak.enable = true;
flatpak.flathub.appIds = [ "com.usebottles.bottles" ];
palera1n.enable = true;
uconsoleKernelBuilder.enable = true;
@@ -116,6 +122,8 @@ services.cloudflare-warp.enable = true;
vlc
element-desktop
thunderbird
prismlauncher
];
@@ -134,6 +142,8 @@ services.cloudflare-warp.enable = true;
self.homeManagerModules.wisdomBrowsersEdge
self.homeManagerModules.wisdomBrowsersFlow
self.homeManagerModules.wisdomBrowsersOrion
self.homeManagerModules.wisdomBrowsersZen
self.homeManagerModules.wisdomBrowsersChromiumHevc
self.homeManagerModules.wisdomEditorsCursor
self.homeManagerModules.wisdomEditorsObsidian
self.homeManagerModules.wisdomShellYazi
@@ -142,7 +152,6 @@ services.cloudflare-warp.enable = true;
self.homeManagerModules.wisdomAppsDiscord
self.homeManagerModules.wisdomAppsSpotify
self.homeManagerModules.wisdomAppsLocalsend
self.homeManagerModules.wisdomAppsSpacedrive
self.homeManagerModules.wisdomAppsPokeclicker
self.homeManagerModules.wisdomDesktopScreenshot
self.homeManagerModules.wisdomDesktopGtkQtTheming
@@ -169,6 +178,12 @@ services.cloudflare-warp.enable = true;
browsers.edge.enable = true;
browsers.flow.enable = false;
browsers.orion.enable = true;
browsers.zen.enable = true;
browsers.chromiumHevc = {
enable = true;
packages = [ "google-chrome" ];
vaapi.gpu = "intel"; # Chromium + NVIDIA VA-API → frame pool errors in Jellyfin cuz chrome is proprietary rats nests, gecko engine might support NVIDIA VA-API
};
editors.cursor.enable = true;
editors.obsidian.enable = true;
@@ -178,7 +193,6 @@ services.cloudflare-warp.enable = true;
spotify.enable = true;
spotify.openDiscoveryFirewall = true;
localsend.enable = true;
spacedrive.enable = true;
pokeclicker.enable = true;
};
modules/hosts/ideapad/configuration.nix
-2
View File
@@ -141,7 +141,6 @@
self.homeManagerModules.wisdomShellOhMyPosh
self.homeManagerModules.wisdomAppsSpotify
self.homeManagerModules.wisdomAppsLocalsend
self.homeManagerModules.wisdomAppsSpacedrive
self.homeManagerModules.wisdomDesktopScreenshot
{
chiasson.home = {
@@ -156,7 +155,6 @@
editors.cursor.enable = true;
apps.spotify.enable = true;
apps.localsend.enable = true;
apps.spacedrive.enable = true;
desktop = {
screenshot = {
enable = true;
modules/hosts/nix-server/_services/attic-cache-server.nix
+38 -3
View File
@@ -1,4 +1,5 @@
{ config, ... }: {
{ config, lib, ... }:
{
sops = {
templates."atticd.env" = {
owner = "root";
@@ -17,14 +18,48 @@
mode = "0400";
};
# SQLite on disk was the main source of random multi-minute stalls (see attic#113).
# NAR blobs stay in /var/lib/atticd/storage; only metadata moves to Postgres.
services.postgresql = {
enable = true;
ensureDatabases = [ "atticd" ];
ensureUsers = [
{
name = "atticd";
ensureDBOwnership = true;
}
];
};
services.atticd = {
enable = true;
environmentFile = config.sops.templates."atticd.env".path;
settings = {
listen = "[::]:8080";
listen = "0.0.0.0:8080";
jwt = { };
# Use a libpq socket URI format accepted by Attic's parser.
database.url = "postgresql:///atticd?host=/run/postgresql&user=atticd";
chunking = {
nar-size-threshold = 65536;
min-size = 16384;
avg-size = 65536;
max-size = 262144;
};
storage = {
type = "local";
path = "/var/lib/atticd/storage";
};
};
};
systemd.services.atticd = {
serviceConfig = {
Restart = lib.mkForce "always";
RestartSec = lib.mkForce 5;
# Large closures; default limits can wedge uploads under load.
LimitNOFILE = 1048576;
};
};
chiasson.system.networking.firewall.allowedTCPPorts = [ 8080 ];
}
}
modules/hosts/nix-server/_services/jellyfin.nix
+1 -1
View File
@@ -53,7 +53,7 @@
# not writable by uid jellyfin (it only had group `jellyfin`), so deletes fail.
systemd.services.jellyfin.serviceConfig = {
SupplementaryGroups = [ "media" ];
# Jellyfin libraries on NFS (e.g. /mnt/media, /mnt/nixdesk-jellyfin). PrivateUsers breaks
# Jellyfin libraries on NFS (e.g. /mnt/nixdesk-jellyfin). PrivateUsers breaks
# uid mapping for NFS auth in practice; disable so metadata writes use the real jellyfin uid
# (squashed to olivier:nfsmedia on nixdesk exports).
PrivateUsers = lib.mkForce false;
modules/hosts/nix-server/_services/nixdesk-nfs-client.nix
+1 -7
View File
@@ -28,13 +28,7 @@ let
in
{
fileSystems."/mnt/nixdesk-jellyfin" = {
device = "${nfsExportHost}:/mnt/test/jellyfin";
fsType = "nfs";
options = nfsClientOpts;
};
fileSystems."/mnt/media" = {
device = "${nfsExportHost}:/mnt/media";
device = "${nfsExportHost}:/mnt/deep/jellyfin";
fsType = "nfs";
options = nfsClientOpts;
};
modules/hosts/uConsole/_private/cockpit.nix
+1 -1
View File
@@ -10,7 +10,7 @@ in
openFirewall = true;
allowed-origins = [
"https://${config.networking.hostName}:${toString config.services.cockpit.port}"
"https://192.168.2.60:${toString config.services.cockpit.port}"
"https://192.168.2.99:${toString config.services.cockpit.port}"
];
plugins = with pkgs; [
cockpit-files
modules/system/caching/attic.nix
+94 -24
View File
@@ -56,6 +56,42 @@
'';
};
retries = mkOption {
type = types.int;
default = 3;
description = "Attempts per push before giving up (handles transient Attic/network stalls).";
};
background = mkOption {
type = types.bool;
default = true;
description = ''
Run `attic push` in the background so the build finishes immediately.
Failures/timeouts are logged; they do not fail the build.
'';
};
timeoutSec = mkOption {
type = types.int;
default = 600;
description = "Kill `attic push` after this many seconds (background or foreground).";
};
uploadJobs = mkOption {
type = types.int;
default = 3;
description = "Parallel upload workers (`attic push -j`). Lower if the server stalls under load.";
};
logFile = mkOption {
type = types.str;
default = "";
description = ''
Append push logs here. Empty `$XDG_RUNTIME_DIR/nix-attic-push.log`
(or `/tmp/nix-attic-push-$UID.log`).
'';
};
excludedPatterns = mkOption {
type = types.listOf types.str;
default = [ ];
@@ -96,6 +132,7 @@
enabled = cfg.enable && cfg.cacheName != "" && endpointBase != "" && cfg.publicKey != "";
cacheUrl = "${endpointBase}/${cfg.cacheName}";
pushTokenFile = if cfg.push.tokenFile != null then cfg.push.tokenFile else cfg.tokenFile;
atticTomlServersSection = "[servers.ci]";
hmAtticCliModule =
{ lib, osConfig ? { }, ... }:
let
@@ -146,11 +183,16 @@
set -eu
set -f
export PATH="${lib.makeBinPath [
pkgs.attic-client
pkgs.nix
pkgs.gnused
pkgs.coreutils
]}:$PATH"
echo "attic: hook start drv=''${DRV_PATH:-<unknown>}" >&2
echo "attic: endpoint=${lib.escapeShellArg endpointBase} cache=${lib.escapeShellArg cfg.cacheName}" >&2
export PATH="${lib.makeBinPath [ pkgs.attic-client pkgs.nix pkgs.gnused ]}:$PATH"
${lib.optionalString (pushTokenFile != null) ''
token_path=${lib.escapeShellArg pushTokenFile}
if [ ! -r "$token_path" ]; then
echo "attic: skipping push (token not readable at $token_path)" >&2
@@ -158,31 +200,17 @@
fi
ATTIC_TOKEN="$(tr -d '\n' < "$token_path")"
''}
if [ -z "$ATTIC_TOKEN" ]; then
echo "attic: skipping push (token is empty)" >&2
exit 0
fi
ATTIC_CONFIG_HOME="$(mktemp -d /tmp/attic-hook-XXXXXX)"
export XDG_CONFIG_HOME="$ATTIC_CONFIG_HOME"
cleanup() {
rm -rf "$ATTIC_CONFIG_HOME"
}
trap cleanup EXIT
if ! attic login --set-default ci ${lib.escapeShellArg endpointBase} "$ATTIC_TOKEN" >/dev/null 2>&1; then
echo "attic: login failed (build succeeded; check token/server URL)" >&2
exit 0
fi
push_paths=""
skipped_roots=0
pushed_roots=0
seen_roots=0
for path in $OUT_PATHS; do
seen_roots=$((seen_roots + 1))
echo "attic: evaluating OUT_PATH $path" >&2
skip=0
skip_reason=""
@@ -217,17 +245,59 @@
echo "attic: summary seen=$seen_roots selected=$pushed_roots skipped=$skipped_roots" >&2
if [ -n "$push_paths" ]; then
echo "attic: pushing to ci:${cfg.cacheName}" >&2
if ! attic push ${lib.escapeShellArg "ci:${cfg.cacheName}"} $push_paths; then
echo "attic: push failed (build succeeded; check token/network)" >&2
else
echo "attic: push succeeded" >&2
fi
else
if [ -z "$push_paths" ]; then
echo "attic: nothing selected for push" >&2
exit 0
fi
runtime_dir="''${XDG_RUNTIME_DIR:-/run/user/$(id -u)}"
attic_config_home="$runtime_dir/nix-attic-hook"
export XDG_CONFIG_HOME="$attic_config_home"
mkdir -p "$attic_config_home/attic"
{
printf '%s\n' 'default-server = "ci"'
printf '\n'
printf '%s\n' ${builtins.toJSON atticTomlServersSection}
printf 'endpoint = %s\n' ${builtins.toJSON endpointBase}
printf 'token = "%s"\n' "$ATTIC_TOKEN"
} > "$attic_config_home/attic/config.toml"
log_file=${lib.escapeShellArg cfg.push.logFile}
if [ -z "$log_file" ]; then
log_file="$runtime_dir/nix-attic-push.log"
fi
mkdir -p "$(dirname "$log_file")"
push_cmd() {
attempt=1
max_attempts=${toString cfg.push.retries}
while [ "$attempt" -le "$max_attempts" ]; do
echo "attic: push attempt $attempt/$max_attempts $(date -Is) paths:$push_paths" >&2
if timeout ${toString cfg.push.timeoutSec} \
attic push -j ${toString cfg.push.uploadJobs} \
${lib.escapeShellArg "ci:${cfg.cacheName}"} \
$push_paths; then
echo "attic: push succeeded $(date -Is)" >&2
return 0
fi
echo "attic: push failed or timed out (attempt $attempt/$max_attempts)" >&2
attempt=$((attempt + 1))
[ "$attempt" -le "$max_attempts" ] && sleep 5
done
return 1
}
${lib.optionalString cfg.push.background ''
echo "attic: scheduling background push $log_file" >&2
(
push_cmd
) >> "$log_file" 2>&1 &
exit 0
''}
${lib.optionalString (!cfg.push.background) ''
push_cmd 2>&1 | tee -a "$log_file"
exit 0
''}
'');
environment.systemPackages = lib.mkIf cfg.userCli.enable [ pkgs.attic-client ];
modules/system/default.nix
+1
View File
@@ -6,6 +6,7 @@
self.nixosModules.systemFonts
self.nixosModules.systemNetworking
self.nixosModules.systemLocalsend
self.nixosModules.systemChromiumHevcVaapi
self.nixosModules.systemMonitorInput
self.nixosModules.systemSpotify
self.nixosModules.systemPackagesDefaults
modules/system/flatpak.nix
+2 -2
View File
@@ -75,9 +75,9 @@
# Never remote-delete flathub here interactive and breaks unattended rebuilds.
${pkgs.flatpak}/bin/flatpak --system remote-add --if-not-exists flathub \
https://flathub.org/repo/flathub.flatpakrepo || true
https://dl.flathub.org/repo/ || true
${pkgs.flatpak}/bin/flatpak --system remote-modify flathub \
--url=https://flathub.org/repo/flathub.flatpakrepo 2>/dev/null || true
--url=https://dl.flathub.org/repo/ 2>/dev/null || true
allowed=( ${lib.concatStringsSep " " (map lib.escapeShellArg allowedAppIds)} )
modules/system/gaming.nix
+35 -1
View File
@@ -7,13 +7,13 @@
with pkgs;
[
lutris
bottles
wine
winetricks
gamemode
mangohud
goverlay
]
++ lib.optionals cfg.launchers.enableBottles [ bottles ]
++ lib.optionals pkgs.stdenv.isx86_64 [ heroic ];
steamExtraPkgs =
@@ -66,6 +66,19 @@
description = "`programs.gamemode` (Feral GameMode).";
};
gamescope = {
enable = lib.mkEnableOption ''
`programs.gamescope` isolated compositor for Steam/Proton on Wayland
(fixes games embedding inside the Steam window).
'';
capSysNice = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Allow gamescope to renice itself for smoother frame pacing.";
};
};
jack.enable = lib.mkOption {
type = lib.types.bool;
default = true;
@@ -76,6 +89,11 @@
};
launchers = {
enableBottles = lib.mkOption {
type = lib.types.bool;
default = true;
description = "Install native `pkgs.bottles` in the launcher bundle.";
};
forUsers = lib.mkOption {
type = lib.types.nullOr (lib.types.listOf lib.types.str);
default = null;
@@ -93,6 +111,17 @@
config = lib.mkIf cfg.enable (lib.mkMerge [
{
# openldap's upstream test suite is flaky in the Nix sandbox (test017, test001, …).
# Disabling checks avoids cascading failures in lutris, apache, gnupg, nfs-utils, etc.
# Upstream: https://github.com/NixOS/nixpkgs/issues/514113
nixpkgs.overlays = [
(_: prev: {
openldap = prev.openldap.overrideAttrs (_: {
doCheck = false;
});
})
];
programs.steam = {
enable = true;
remotePlay.openFirewall = cfg.steam.remotePlay.openFirewall;
@@ -106,6 +135,11 @@
programs.gamemode.enable = cfg.gamemode.enable;
programs.gamescope = lib.mkIf cfg.gamescope.enable {
enable = true;
inherit (cfg.gamescope) capSysNice;
};
chiasson.system.audio.pipewire.jack.enable = lib.mkIf (cfg.jack.enable) (lib.mkDefault true);
assertions = [
modules/system/users/catalog-default.nix
+3
View File
@@ -19,6 +19,9 @@
# to /sys/class/backlight/*/brightness without sudo. Harmless on hosts without a
# backlight (servers, desktop towers): the group simply has no devices to own.
"video"
# DRI render nodes and input devices for gamescope / Steam on Wayland (no sudo).
"render"
"input"
];
# Host must set `sops.secrets."users/olivier/hashedPassword".neededForUsers = true`.
modules/wisdom/apps/spacedrive/default.nix
-26
View File
@@ -1,26 +0,0 @@
{ ... }: {
flake.homeManagerModules.wisdomAppsSpacedrive =
{ config, lib, pkgs, ... }:
let
root = config.chiasson.home;
cfg = config.chiasson.home.apps.spacedrive;
spacedrivePkg = pkgs.callPackage ./package { };
in
{
options.chiasson.home.apps.spacedrive = {
enable = lib.mkEnableOption ''
[Spacedrive](https://spacedrive.com/) v2 alpha upstream `.deb` repackaged for NixOS.
'';
package = lib.mkOption {
type = lib.types.package;
default = spacedrivePkg;
description = "Spacedrive package (defaults to upstream v2.0.0-alpha.2).";
};
};
config = lib.mkIf (root.enable && cfg.enable) {
home.packages = [ cfg.package ];
};
};
}
modules/wisdom/apps/spacedrive/package/default.nix
-112
View File
@@ -1,112 +0,0 @@
{
lib,
stdenv,
fetchurl,
dpkg,
makeWrapper,
autoPatchelfHook,
wrapGAppsHook3,
adwaita-icon-theme,
ffmpeg,
gdk-pixbuf,
glib,
glib-networking,
gst_all_1,
gtk3,
hicolor-icon-theme,
libsoup_3,
webkitgtk_4_1,
xdotool,
}:
let
version = "2.0.0-alpha.2";
srcInfo =
if stdenv.hostPlatform.system == "x86_64-linux" then
{
url = "https://github.com/spacedriveapp/spacedrive/releases/download/v${version}/Spacedrive-linux-x86_64.deb";
hash = "sha256-KzRPBtyX5x4ZLlZd6SgAS/cy/7irXt7v+b3Yuq9GETo=";
}
else if stdenv.hostPlatform.system == "aarch64-linux" then
{
url = "https://github.com/spacedriveapp/spacedrive/releases/download/v${version}/Spacedrive-linux-aarch64.deb";
hash = "sha256-Arq4seJxd69XdraIaYJSv1p9g+Bz/7rez/l9EP6dc9k=";
}
else
throw "spacedrive ${version}: unsupported platform: ${stdenv.hostPlatform.system}";
in
stdenv.mkDerivation {
pname = "spacedrive";
inherit version;
src = fetchurl srcInfo;
nativeBuildInputs = [
dpkg
makeWrapper
autoPatchelfHook
wrapGAppsHook3
];
buildInputs = [
adwaita-icon-theme
ffmpeg
gdk-pixbuf
glib
glib-networking
gtk3
hicolor-icon-theme
libsoup_3
webkitgtk_4_1
xdotool
gst_all_1.gst-plugins-ugly
gst_all_1.gst-plugins-bad
gst_all_1.gst-plugins-base
gst_all_1.gstreamer
];
# WebKitGTK + TLS + icons; ffmpeg/ffprobe on PATH (alpha Linux builds omit bundled ffmpeg).
preFixup = ''
gappsWrapperArgs+=(
"--prefix" "PATH" ":" "${lib.makeBinPath [ ffmpeg ]}"
"--set-default" "WEBKIT_DISABLE_DMABUF_RENDERER" "1"
)
'';
postFixup = ''
# Core daemon is not GTK-linked; wrapGAppsHook3 skips it still needs ffmpeg for media paths.
wrapProgram $out/bin/sd-daemon --prefix PATH : "${lib.makeBinPath [ ffmpeg ]}"
'';
unpackPhase = "dpkg-deb -x $src source";
installPhase = ''
runHook preInstall
mkdir -p $out/{bin,lib,share}
cp -r source/usr/bin/* $out/bin/
cp -r source/usr/lib/* $out/lib/
cp -r source/usr/share/* $out/share/
ln -sf Spacedrive $out/bin/spacedrive
substituteInPlace $out/share/applications/Spacedrive.desktop \
--replace-fail 'Exec=Spacedrive' 'Exec=spacedrive'
runHook postInstall
'';
meta = with lib; {
description = "Local-first file manager and virtual distributed filesystem (v2 alpha)";
homepage = "https://spacedrive.com";
changelog = "https://github.com/spacedriveapp/spacedrive/releases/tag/v${version}";
license = licenses.agpl3Plus;
platforms = [
"x86_64-linux"
"aarch64-linux"
];
mainProgram = "spacedrive";
sourceProvenance = with sourceTypes; [ binaryNativeCode ];
};
}
modules/wisdom/browsers/chromium-hevc.nix
+192
View File
@@ -0,0 +1,192 @@
{ ... }: {
flake.nixosModules.systemChromiumHevcVaapi =
{ config, lib, pkgs, ... }:
let
cfg = config.chiasson.system.chromiumHevc;
in
{
options.chiasson.system.chromiumHevc.enable = lib.mkEnableOption ''
VA-API packages for Chromium HEVC (Intel iHD + optional NVIDIA nvidia-vaapi-driver).
Pair with `wisdomBrowsersChromiumHevc` on the user side.
'';
config = lib.mkIf cfg.enable {
hardware.graphics.enable = lib.mkDefault true;
hardware.graphics.extraPackages = lib.mkAfter (
with pkgs;
[ nvidia-vaapi-driver ]
);
};
};
flake.homeManagerModules.wisdomBrowsersChromiumHevc =
{ config, lib, pkgs, ... }:
let
root = config.chiasson.home;
cfg = config.chiasson.home.browsers.chromiumHevc;
browserCatalog = {
"google-chrome" = {
package = pkgs.google-chrome;
binary = "google-chrome-stable";
launcher = "google-chrome-hevc";
desktopName = "Google Chrome (HEVC)";
icon = "google-chrome";
};
chromium = {
package = pkgs.chromium;
binary = "chromium";
launcher = "chromium-hevc";
desktopName = "Chromium (HEVC)";
icon = "chromium";
};
"microsoft-edge" = {
package = pkgs.microsoft-edge;
binary = "microsoft-edge-stable";
launcher = "microsoft-edge-hevc";
desktopName = "Microsoft Edge (HEVC)";
icon = "microsoft-edge";
};
};
gpuProfiles = {
intel = {
driver = "iHD";
drmDevice = "/dev/dri/renderD128";
nvdBackend = "direct";
enableFeatures = [
"VaapiVideoDecodeLinuxGL"
"VaapiVideoDecoder"
"VaapiIgnoreDriverChecks"
"PlatformHEVCDecoderSupport"
"UseMultiPlaneFormatForHardwareVideo"
"AcceleratedVideoDecodeLinuxGL"
];
disableFeatures = [
"AcceleratedVideoDecodeLinuxZeroCopyGL"
];
};
nvidia = {
driver = "nvidia";
drmDevice = "/dev/dri/renderD129";
nvdBackend = "direct";
enableFeatures = [
"VaapiVideoDecoder"
"VaapiIgnoreDriverChecks"
"PlatformHEVCDecoderSupport"
"VaapiOnNvidiaGPUs"
"AcceleratedVideoDecodeLinuxGL"
];
disableFeatures = [
"AcceleratedVideoDecodeLinuxZeroCopyGL"
"UseMultiPlaneFormatForHardwareVideo"
"VaapiVideoDecodeLinuxGL"
];
};
};
activeGpu = gpuProfiles.${cfg.vaapi.gpu};
mkChromiumHevc =
packageName:
let
spec = browserCatalog.${packageName};
browser = spec.package;
launcherName = spec.launcher;
enableFeatures = lib.concatStringsSep "," activeGpu.enableFeatures;
disableFeatures = lib.concatStringsSep "," activeGpu.disableFeatures;
desktopItem = pkgs.makeDesktopItem {
name = launcherName;
desktopName = spec.desktopName;
genericName = "Web Browser";
exec = "${launcherName} %U";
icon = spec.icon;
categories = [
"Network"
"WebBrowser"
];
mimeTypes = [
"text/html"
"text/xml"
"application/xhtml+xml"
"x-scheme-handler/http"
"x-scheme-handler/https"
];
};
in
pkgs.runCommand launcherName
{
inherit (browser) version;
nativeBuildInputs = [ pkgs.makeWrapper ];
passthru = { inherit browser; };
}
''
mkdir -p $out/bin $out/share/applications
makeWrapper ${browser}/bin/${spec.binary} $out/bin/${launcherName} \
--set LIBVA_DRIVER_NAME ${lib.escapeShellArg activeGpu.driver} \
--set LIBVA_DRM_DEVICE ${lib.escapeShellArg activeGpu.drmDevice} \
--set NVD_BACKEND ${lib.escapeShellArg activeGpu.nvdBackend} \
--add-flags "--enable-features=${enableFeatures}" \
--add-flags "--disable-features=${disableFeatures}" \
${lib.concatMapStringsSep " " (a: "--add-flags ${lib.escapeShellArg a}") cfg.extraCommandLineArgs}
cp ${desktopItem}/share/applications/${launcherName}.desktop \
$out/share/applications/${launcherName}.desktop
'';
selectedPackages = lib.filter (
name:
let
spec = browserCatalog.${name};
in
lib.meta.availableOn pkgs.stdenv.hostPlatform spec.package
) cfg.packages;
wrappers = map mkChromiumHevc selectedPackages;
in
{
options.chiasson.home.browsers.chromiumHevc = {
enable = lib.mkEnableOption ''
`google-chrome-hevc`: Chromium with VA-API HEVC for Jellyfin / MSE playback.
Default GPU is **Intel** (`vaapi.gpu = "intel"`): Chromium + NVIDIA VA-API is
unsupported upstream (`nvidia-vaapi-driver` README) and fails with
`failed Initialize()ing the frame pool` in Jellyfin.
Requires `chiasson.system.chromiumHevc.enable` on NixOS.
'';
packages = lib.mkOption {
type = lib.types.listOf (
lib.types.enum (lib.attrNames browserCatalog)
);
default = [ "google-chrome" ];
description = "Chromium-based browsers to wrap.";
};
vaapi.gpu = lib.mkOption {
type = lib.types.enum [
"intel"
"nvidia"
];
default = "intel";
description = ''
VA-API stack for `google-chrome-hevc`. Use **intel** for Jellyfin (Chromium +
nvidia-vaapi-driver is unsupported and hits frame-pool init errors). **nvidia**
keeps renderD129 + VaapiOnNvidiaGPUs for experiments only.
'';
};
extraCommandLineArgs = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
description = "Extra Chromium flags appended after the HEVC profile flags.";
};
};
config = lib.mkIf (root.enable && cfg.enable) {
home.packages = wrappers;
};
};
}
modules/wisdom/default.nix
-1
View File
@@ -3,7 +3,6 @@
imports = [
./apps/discord.nix
./apps/localsend.nix
./apps/spacedrive
./apps/pokeclicker
./apps/spotify.nix
./browsers/orion.nix
modules/wisdom/editors/cursor.nix
+35 -2
View File
@@ -21,6 +21,23 @@
pkgs.cursor-cli
else
null;
nixIdeTools = [ pkgs.nixd pkgs.nixfmt ];
cursorWithNixIde =
if cursorPkg == null then
null
else
pkgs.symlinkJoin {
name = "cursor-with-nix-ide";
paths = [ cursorPkg ];
buildInputs = [ pkgs.makeWrapper ];
postBuild = ''
for prog in $out/bin/*; do
if [ -x "$prog" ]; then
wrapProgram "$prog" --prefix PATH : "${lib.makeBinPath nixIdeTools}"
fi
done
'';
};
in
{
options.chiasson.home.editors.cursor = {
@@ -45,12 +62,28 @@
'';
};
};
nixIde = {
enable = lib.mkEnableOption ''
Nix IDE extension tooling (`nixd` LSP, `nixfmt` formatter).
Installs `nixd` / `nixfmt` and wraps Cursor so they are on the editor `PATH`
(the GUI does not inherit your shell profile).
'' // {
default = true;
};
};
};
config = lib.mkIf (root.enable && cfg.enable && cursorPkg != null) {
home.packages =
[ cursorPkg ]
++ lib.optionals (cfg.agent.enable && cfg.agent.package != null) [ cfg.agent.package ];
[
(if cfg.nixIde.enable && cursorWithNixIde != null then
cursorWithNixIde
else
cursorPkg)
]
++ lib.optionals (cfg.agent.enable && cfg.agent.package != null) [ cfg.agent.package ]
++ lib.optionals cfg.nixIde.enable nixIdeTools;
home.sessionVariables = lib.mkIf cfg.setAsDefaultEditor {
EDITOR = "cursor --wait";
VISUAL = "cursor --wait";
secrets/attic-secrets.yaml
+4 -3
View File
File diff suppressed because one or more lines are too long