build: routine update

- updated font names - disabled pulseaudio and switched back to pipewire - update software
LEXUGE · Dec 17, 2024 · 045495d · 045495d
1 parent 756d943
commit 045495d
Show file tree

Hide file tree

Showing 47 changed files with 1,271 additions and 757 deletions.
diff --git a/.github/workflows/buildiso.yaml b/.github/workflows/buildiso.yaml
@@ -82,10 +82,11 @@ jobs:
         name: dcompass
         skipPush: true
 
-    - name: Update flake.lock, show drv, and calculate the hashes
-      id: update
-      run: |
-        nix flake update
+    # NOTE: Don't update automatically, it breaks build
+    # - name: Update flake.lock, show drv, and calculate the hashes
+    #   id: update
+    #   run: |
+    #     nix flake update
 
     - name: Build LiveCD ISO image
       id: iso

diff --git a/cfgs/deck/boot.nix b/cfgs/deck/boot.nix
@@ -1,4 +1,10 @@
-{ config, lib, pkgs, ... }: {
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
   my.lanzaboote.enable = true;
 
   # Clean tmp folder which is a btrfs subvol
@@ -7,7 +13,11 @@
   # Create root on tmpfs
   fileSystems."/" = {
     fsType = "tmpfs";
-    options = [ "defaults" "size=2G" "mode=755" ];
+    options = [
+      "defaults"
+      "size=2G"
+      "mode=755"
+    ];
   };
 
   fileSystems."/persist".neededForBoot = true;

diff --git a/cfgs/deck/default.nix b/cfgs/deck/default.nix
@@ -1,4 +1,10 @@
-{ config, lib, pkgs, ... }: {
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
   imports = [
     ./boot.nix
     ./networking.nix
@@ -67,19 +73,27 @@
       };
 
       # Allow users in wheel to control sing-box without passwords.
-      security.sudo.extraRules = [{
-        groups = [ "whell" ];
-        commands = [
-          {
-            command = "${startSingBox}";
-            options = [ "NOPASSWD" "SETENV" ];
-          }
-          {
-            command = "${stopSingBox}";
-            options = [ "NOPASSWD" "SETENV" ];
-          }
-        ];
-      }];
+      security.sudo.extraRules = [
+        {
+          groups = [ "whell" ];
+          commands = [
+            {
+              command = "${startSingBox}";
+              options = [
+                "NOPASSWD"
+                "SETENV"
+              ];
+            }
+            {
+              command = "${stopSingBox}";
+              options = [
+                "NOPASSWD"
+                "SETENV"
+              ];
+            }
+          ];
+        }
+      ];
 
       my.home.ash = {
         extraPackages = with pkgs; [
@@ -123,7 +137,8 @@
 
         # Extra files
         extraFiles = {
-          ".config/steam-rom-manager/userData/userConfigurations.json".source = ../../misc/blobs/steam-rom-manager/userConfigurations.json;
+          ".config/steam-rom-manager/userData/userConfigurations.json".source =
+            ../../misc/blobs/steam-rom-manager/userConfigurations.json;
           ".config/yuzu/qt-config.ini".source = ../../misc/blobs/yuzu/qt-config.ini;
         };
       };
@@ -138,11 +153,11 @@
       # Fonts
       fonts.packages = with pkgs; [
         noto-fonts
-        noto-fonts-cjk
+        noto-fonts-cjk-sans
         noto-fonts-emoji
         fira-code
         fira-code-symbols
-        fira-code-nerdfont
+        nerd-fonts.fira-code
         # needed by steam to display CJK fonts
         wqy_zenhei
       ];
@@ -184,7 +199,10 @@
               # Both git-credentials and zsh_hist_dir doesn't seem to play well with impermanence
               # NO sensitive task shall be carried out!
               # { directory = ".git_creds_dir"; mode = "0700"; }
-              { directory = ".zsh_hist_dir"; mode = "0700"; }
+              {
+                directory = ".zsh_hist_dir";
+                mode = "0700";
+              }
               # { directory = ".gnupg"; mode = "0700"; }
               # { directory = ".ssh"; mode = "0700"; }
               # { directory = ".local/share/keyrings"; mode = "0700"; }
@@ -196,19 +214,20 @@
       users = {
         mutableUsers = false;
         users = {
-          root.hashedPassword =
-            "$6$oNsoXzCopc6uxli4$vthBqdTNXtq8MWlWRHRGe6QZUMb7CtPWaTdXSOKszeTAtmjG5zE/JPd7F668VTiuOUtpiy1oy061N0LlxjtHD1";
+          root.hashedPassword = "$6$oNsoXzCopc6uxli4$vthBqdTNXtq8MWlWRHRGe6QZUMb7CtPWaTdXSOKszeTAtmjG5zE/JPd7F668VTiuOUtpiy1oy061N0LlxjtHD1";
           ash = {
-            hashedPassword =
-              "$y$j9T$yLdLVVEQoolJR9LNMYGl30$dNnh67D78jLz/YR9YXSR3i8efYd0QmI2ezo2h5v2W78";
+            hashedPassword = "$y$j9T$yLdLVVEQoolJR9LNMYGl30$dNnh67D78jLz/YR9YXSR3i8efYd0QmI2ezo2h5v2W78";
             shell = pkgs.zsh;
             isNormalUser = true;
             # wheel - sudo
             # networkmanager - manage network
             # video - light control
             # libvirtd - virtual manager controls.
             # docker - Docker control
-            extraGroups = [ "wheel" "networkmanager" ];
+            extraGroups = [
+              "wheel"
+              "networkmanager"
+            ];
           };
         };
       };

diff --git a/cfgs/deck/i18n.nix b/cfgs/deck/i18n.nix
@@ -1,4 +1,10 @@
-{ pkgs, lib, config, ... }: {
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+{
   my.timezone = {
     enable = true;
     path = "/etc/persisted-timezone";

diff --git a/cfgs/deck/networking.nix b/cfgs/deck/networking.nix
@@ -1,4 +1,5 @@
-{ config, pkgs, ... }: {
+{ config, pkgs, ... }:
+{
   networking.resolvconf.useLocalResolver = true;
 
   networking.networkmanager = {
@@ -17,24 +18,29 @@
         level = "info";
       };
 
-      inbounds = [{
-        type = "tun";
-        # sing-box version is too old to support this
-        # address = [
-        #   "172.18.0.1/30"
-        #   "fdfe:dcba:9876::1/126"
-        # ];
-        inet4_address = "172.19.0.1/30";
-        inet6_address = "fdfe:dcba:9876::1/126";
-        auto_route = true;
-        strict_route = true;
-        # sniff = true;
-        # # Override IP addr with sniffed domain
-        # sniff_override_destination = true;
-      }];
+      inbounds = [
+        {
+          type = "tun";
+          # sing-box version is too old to support this
+          # address = [
+          #   "172.18.0.1/30"
+          #   "fdfe:dcba:9876::1/126"
+          # ];
+          inet4_address = "172.19.0.1/30";
+          inet6_address = "fdfe:dcba:9876::1/126";
+          auto_route = true;
+          strict_route = true;
+          # sniff = true;
+          # # Override IP addr with sniffed domain
+          # sniff_override_destination = true;
+        }
+      ];
 
       outbounds = [
-        { type = "direct"; tag = "direct"; }
+        {
+          type = "direct";
+          tag = "direct";
+        }
         {
           _secret = config.age.secrets.sing-box.path;
           quote = false;

diff --git a/cfgs/deck/security.nix b/cfgs/deck/security.nix
@@ -1,4 +1,10 @@
-{ pkgs, lib, config, ... }: {
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+{
   # sbctl database files
   age.secrets = {
     secureboot_guid = {

diff --git a/cfgs/deck/services.nix b/cfgs/deck/services.nix
@@ -1,4 +1,10 @@
-{ config, pkgs, lib, ... }: {
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}:
+{
   # Enable SSH for remote access
   services.openssh = {
     enable = true;
@@ -7,9 +13,11 @@
   };
 
   # Also the pub key used for age encryption
-  users.users.ash.openssh.authorizedKeys.keys = let keys = import ../../secrets/keys.nix; in [ keys.ash_pubkey ];
-
-
+  users.users.ash.openssh.authorizedKeys.keys =
+    let
+      keys = import ../../secrets/keys.nix;
+    in
+    [ keys.ash_pubkey ];
 
   ### Power and hardware
   # Enable fwupd service for firmware updates

diff --git a/cfgs/img-deck/default.nix b/cfgs/img-deck/default.nix
@@ -1,4 +1,10 @@
-{ config, lib, pkgs, ... }: with lib;
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib;
 {
   imports = [
     ./networking.nix
@@ -11,13 +17,23 @@
 
     # This is a dummy key in ISO image, we shall not worry about its security.
     # Agenix breaks in LiveCD due to https://github.com/ryantm/agenix/issues/165.
-    age.identityPaths = [ (pkgs.writeText "img_key_ed25519" (builtins.readFile ../../secrets/raw/img_key_ed25519)) ];
+    age.identityPaths = [
+      (pkgs.writeText "img_key_ed25519" (builtins.readFile ../../secrets/raw/img_key_ed25519))
+    ];
 
     # GPG agent that makes GPG work in LiveCD.
     programs.gnupg.agent.enable = true;
 
     # ZFS is currently broken on the latest kernel. Since we don't use it, it's fine to disable it.
-    boot.supportedFilesystems = lib.mkForce [ "btrfs" "reiserfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ];
+    boot.supportedFilesystems = lib.mkForce [
+      "btrfs"
+      "reiserfs"
+      "vfat"
+      "f2fs"
+      "xfs"
+      "ntfs"
+      "cifs"
+    ];
 
     # Needed for boot! Otherwise the initrd couldn't mount the root on hub.
     boot.initrd.availableKernelModules = [ "hub" ];
@@ -32,18 +48,21 @@
       inputMethod = {
         enable = true;
         type = "ibus";
-        ibus.engines = with pkgs.ibus-engines; [ libpinyin typing-booster ];
+        ibus.engines = with pkgs.ibus-engines; [
+          libpinyin
+          typing-booster
+        ];
       };
     };
 
     # Fonts
     fonts.packages = with pkgs; [
       noto-fonts
-      noto-fonts-cjk
+      noto-fonts-cjk-sans
       noto-fonts-emoji
       fira-code
       fira-code-symbols
-      fira-code-nerdfont
+      nerd-fonts.fira-code
     ];
 
     isoImage.edition = "gnome";
@@ -108,20 +127,23 @@
     # This is a LiveCD, please don't enable disk config in NixOS.
     disko.enableConfig = false;
 
-    environment.systemPackages = with pkgs; let
-      create-disko-pkg = name: path: (runCommandLocal "disko-${name}" { } ''
-        mkdir -p $out/bin
-        install ${path} $out/bin/disko-${name}
-      '');
-    in
-    [
-      (writeShellScriptBin "install-script"
-        (builtins.readFile ./install.sh))
-
-      (create-disko-pkg "main" config.system.build.diskoScript)
-      (create-disko-pkg "format" config.system.build.formatScript)
-      (create-disko-pkg "mount" config.system.build.mountScript)
-    ];
+    environment.systemPackages =
+      with pkgs;
+      let
+        create-disko-pkg =
+          name: path:
+          (runCommandLocal "disko-${name}" { } ''
+            mkdir -p $out/bin
+            install ${path} $out/bin/disko-${name}
+          '');
+      in
+      [
+        (writeShellScriptBin "install-script" (builtins.readFile ./install.sh))
+
+        (create-disko-pkg "main" config.system.build.diskoScript)
+        (create-disko-pkg "format" config.system.build.formatScript)
+        (create-disko-pkg "mount" config.system.build.mountScript)
+      ];
 
     users.users.nixos = {
       shell = pkgs.zsh;

diff --git a/cfgs/img-deck/networking.nix b/cfgs/img-deck/networking.nix
@@ -1,4 +1,10 @@
-{ config, lib, pkgs, ... }: {
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
   # Use local DNS server all the time
   networking.resolvconf.useLocalResolver = true;