From e802168d142e779fa758c4f4cf61d50992eab043 Mon Sep 17 00:00:00 2001 From: Dave Gallant Date: Thu, 2 Dec 2021 01:14:24 -0500 Subject: [PATCH] Switch back to nixos-unstable with nvidia_legacy470 and hardened kernel --- common/linux.nix | 6 ++- common/packages.nix | 12 ++--- flake.lock | 63 ++++++++++++++++----------- flake.nix | 2 +- home/default.nix | 24 +++++----- home/nvim/lua/init.lua | 4 +- machines/hephaestus/configuration.nix | 3 ++ 7 files changed, 66 insertions(+), 48 deletions(-) diff --git a/common/linux.nix b/common/linux.nix index d22858f..4a6720a 100644 --- a/common/linux.nix +++ b/common/linux.nix @@ -1,12 +1,14 @@ { pkgs, ... }: { - system.stateVersion = "stable"; + system.stateVersion = "unstable"; system.autoUpgrade.enable = true; # Automatically optimize the Nix store. nix.autoOptimiseStore = true; + boot.kernel.sysctl."kernel.unprivileged_userns_clone" = 1; + # Enable Nix flake support. nix.package = pkgs.nixUnstable; nix.extraOptions = "experimental-features = nix-command flakes"; @@ -18,7 +20,7 @@ ]; }; - boot.kernelPackages = pkgs.linuxPackages_latest; + boot.kernelPackages = pkgs.linuxPackages_hardened; # Enable support for additional filesystems boot.supportedFilesystems = [ "ntfs" ]; diff --git a/common/packages.nix b/common/packages.nix index 9e94c03..6a261e9 100644 --- a/common/packages.nix +++ b/common/packages.nix @@ -29,7 +29,7 @@ in git-crypt github-cli gnumake - # hadolint # broken + hadolint lazygit pre-commit shellcheck @@ -76,7 +76,7 @@ in # lua lua53Packages.luacheck - # stylua + stylua # golang golangci-lint @@ -133,7 +133,7 @@ in ## aws aws-connect - # aws-role-play + aws-role-play aws-vault awscli2 awslogs @@ -142,9 +142,9 @@ in # python python39 python39Packages.black - # python39Packages.ipython + python39Packages.ipython python39Packages.pip - # python39Packages.poetry + python39Packages.poetry python39Packages.setuptools python39Packages.virtualenv @@ -153,7 +153,7 @@ in rubocop ruby rufo - # rubyPackages.solargraph # not in 21.05 + rubyPackages.solargraph # news srv diff --git a/flake.lock b/flake.lock index 0eeb720..200738e 100644 --- a/flake.lock +++ b/flake.lock @@ -58,11 +58,11 @@ ] }, "locked": { - "lastModified": 1637915295, - "narHash": "sha256-jWW2Q83O4O/TV3PDsZkEo0bhKzlLBhJ5CGqQFMM05lE=", + "lastModified": 1638415301, + "narHash": "sha256-iqszstbHaO5PYeBXQf1ukgYj/aq9wznBbZMrtYMZzgI=", "owner": "nix-community", "repo": "home-manager", - "rev": "a28cf79a78040b4e6d8d50a39760a296d5e95dd6", + "rev": "de54d513c74bf8f4f3a58954b80b5f690639fe72", "type": "github" }, "original": { @@ -74,18 +74,15 @@ "neovim-flake": { "inputs": { "flake-utils": "flake-utils", - "nixpkgs": [ - "neovim-nightly-overlay", - "nixpkgs" - ] + "nixpkgs": "nixpkgs" }, "locked": { "dir": "contrib", - "lastModified": 1638043901, - "narHash": "sha256-/ptPh9yDIFYik13bOv6nhPWlWaozOI9SVPe7F/nCzrw=", + "lastModified": 1638329954, + "narHash": "sha256-xYlTATWAX9Vu0yK39mFO4UX0Yl/Xz3if+/a7iAV3kV8=", "owner": "neovim", "repo": "neovim", - "rev": "07223fae54b5b8095da16c598fc1395ec3677691", + "rev": "d3585e0ec52ee828fd68c4bd3e3ec1c294e1f4a0", "type": "github" }, "original": { @@ -99,14 +96,14 @@ "inputs": { "flake-compat": "flake-compat", "neovim-flake": "neovim-flake", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs_2" }, "locked": { - "lastModified": 1638087178, - "narHash": "sha256-2Z1bFOdtqJz3259xIXaAqu3n0iD0uaKOG53uSCQEr34=", + "lastModified": 1638346476, + "narHash": "sha256-n6gMG7+3C2DjpvzwRYC1Ag3QsfovJPKPj5Ds3LOTXg0=", "owner": "nix-community", "repo": "neovim-nightly-overlay", - "rev": "e1a53537b1c7ad2a16da1493cd75b773635a9319", + "rev": "3099b910be69b6e9c1bf00b25df9de2932d5318f", "type": "github" }, "original": { @@ -117,11 +114,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1637831601, - "narHash": "sha256-axRY9AehHGXfU52RK3oqDNXd9F92Tm65vEBQir3tRLI=", + "lastModified": 1638182287, + "narHash": "sha256-vBzf+hbTJz2ZdXV/DWirl6wOO7tjdqzTIU+0FANt65U=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "aad66afc1cac4a654223f6ba326899c731e57441", + "rev": "6b3f79de09c3de7c91ab51e55e87879f61b6faec", "type": "github" }, "original": { @@ -133,11 +130,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1637841632, - "narHash": "sha256-QYqiKHdda0EOnLGQCHE+GluD/Lq2EJj4hVTooPM55Ic=", + "lastModified": 1638376152, + "narHash": "sha256-ucgLpVqhFnClH7YRUHBHnmiOd82RZdFR3XJt36ks5fE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "73369f8d0864854d1acfa7f1e6217f7d6b6e3fa1", + "rev": "6daa4a5c045d40e6eae60a3b6e427e8700f1c07f", "type": "github" }, "original": { @@ -149,16 +146,32 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1637973395, - "narHash": "sha256-wp/QgsnnKJAIMZeQgJT1bWQ/OutZ+80lHwtpYAUWDfE=", + "lastModified": 1638286143, + "narHash": "sha256-A+rgjbIpz3uPRKHPXwdmouVcVn5pZqLnaZHymjkraG4=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "29d1f6e1f625d246dcf84a78ef97b4da3cafc6ea", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_3": { + "locked": { + "lastModified": 1638376152, + "narHash": "sha256-ucgLpVqhFnClH7YRUHBHnmiOd82RZdFR3XJt36ks5fE=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4f37689c8a219a9d756c5ff38525ad09349f422f", + "rev": "6daa4a5c045d40e6eae60a3b6e427e8700f1c07f", "type": "github" }, "original": { "owner": "NixOS", - "ref": "nixos-21.05", + "ref": "nixos-unstable", "repo": "nixpkgs", "type": "github" } @@ -169,7 +182,7 @@ "home-manager": "home-manager", "neovim-nightly-overlay": "neovim-nightly-overlay", "nixos-hardware": "nixos-hardware", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_3" } } }, diff --git a/flake.nix b/flake.nix index 8fb6b8a..50df2a5 100644 --- a/flake.nix +++ b/flake.nix @@ -7,7 +7,7 @@ inputs.nixpkgs.follows = "nixpkgs"; }; - nixpkgs.url = "github:NixOS/nixpkgs/nixos-21.05"; + nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixos-hardware.url = "github:NixOS/nixos-hardware/master"; diff --git a/home/default.nix b/home/default.nix index 1c8fa1d..9b032e0 100644 --- a/home/default.nix +++ b/home/default.nix @@ -11,16 +11,16 @@ let sha256 = "sha256-FDeyGH5OPAYV7zePCfDujsj+nGd5AFnqySPStJYEY2E="; }; }; - # hound-nvim = pkgs.vimUtils.buildVimPlugin { - # name = "hound-nvim"; - # nativeBuildInputs = with pkgs; [ lua53Packages.luacheck ]; - # src = pkgs.fetchFromGitHub { - # owner = "davegallant"; - # repo = "hound.nvim"; - # rev = "e85ba4f65ece79fe6332d8a0ccc594a0d367f4ed"; - # sha256 = "sha256-fxPtixVB6dVjrxpJ1oP+eA00JSiKxWuii8pMxVeuyMY="; - # }; - # }; + hound-nvim = pkgs.vimUtils.buildVimPlugin { + name = "hound-nvim"; + nativeBuildInputs = with pkgs; [ lua53Packages.luacheck stylua ]; + src = pkgs.fetchFromGitHub { + owner = "davegallant"; + repo = "hound.nvim"; + rev = "e85ba4f65ece79fe6332d8a0ccc594a0d367f4ed"; + sha256 = "sha256-fxPtixVB6dVjrxpJ1oP+eA00JSiKxWuii8pMxVeuyMY="; + }; + }; inherit (pkgs) stdenv; in { @@ -320,10 +320,10 @@ in plugins = with pkgs.vimPlugins; [ completion-nvim git-blame-nvim - # gitlinker-nvim # not in 21.05 + gitlinker-nvim glow-nvim gruvbox-nvim - # hound-nvim + hound-nvim lualine-nvim nvim-lspconfig nvim-tree-lua diff --git a/home/nvim/lua/init.lua b/home/nvim/lua/init.lua index b78869b..beabded 100644 --- a/home/nvim/lua/init.lua +++ b/home/nvim/lua/init.lua @@ -106,7 +106,7 @@ require("lspconfig").gopls.setup({}) require("lspconfig").pyright.setup({}) require("lspconfig").rls.setup({}) require("lspconfig").rnix.setup({}) --- require("lspconfig").solargraph.setup({}) # not in 21.05 +require("lspconfig").solargraph.setup({}) require("lspconfig").terraformls.setup({}) require("lspconfig").tflint.setup({}) require("lspconfig").yamlls.setup({}) @@ -129,7 +129,7 @@ end) -- Plugins {{{1 --------------------------------------------------------------- ------------------------------------------------------------------------------- -- gitlinker --- require("gitlinker").setup() +require("gitlinker").setup() -- status line require("lualine").setup({ diff --git a/machines/hephaestus/configuration.nix b/machines/hephaestus/configuration.nix index 94bd6ec..f7afc99 100644 --- a/machines/hephaestus/configuration.nix +++ b/machines/hephaestus/configuration.nix @@ -7,6 +7,9 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + hardware.nvidia.modesetting.enable = true; + hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_470; + networking.hostName = "hephaestus"; networking = {