Revert "devices: remove surface"

This reverts commit 7bac949a8e.
2026-01-12 07:09:22 +08:00 · 2024-07-24 09:19:26 +08:00
parent 0abc2fb74e
commit a8d2014cf2
11 changed files with 201 additions and 7 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -4,6 +4,7 @@ keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
  - &vps4 age1nnd6u8l20julg4jz4l6kw5gmj6h2tsngpm7n8dx59umgw2s66y4shq6jv4
  - &vps6 age164tyqklwhdm57tfm5u863mdt2xrzrrzac4py8a0j9y6kzqcjy9zsp073t6
  - &vps7 age137x7csalutwvfygvvzpemlsywvdxj3j4z93a50z2sjx03w6zau8q3r5902
+  - &surface age1ck5vzs0xqx0jplmuksrkh45xwmkm2t05m2wyq5k2w2mnkmn79fxs6tvl3l
  - &nas age19lhcwk37jmvn6z0v4dpdfh0k4u23f76twdjknc0p7atktf37rd7s4t4wj3
  - &xmupc1 age1hnarptkze0ujpp05dqr8uma04cxg9zqcx68qgpks5uf5l6rpk5gqhh8wxg
  - &xmupc2 age1l4stuz0vr7gs7pqwjrmezam44702jp2vmqaqyxw0l0r42kf9updq4dfhrw
@@ -35,6 +36,11 @@ creation_rules:
    - age:
      - *chn
      - *nas
+  - path_regex: devices/surface/.*$
+    key_groups:
+    - age:
+      - *chn
+      - *surface
  - path_regex: devices/xmupc1/.*$
    key_groups:
    - age:
--- a/devices/surface/default.nix
+++ b/devices/surface/default.nix
@@ -0,0 +1,66 @@
+inputs:
+{
+  imports = inputs.localLib.mkModules [ inputs.topInputs.nixos-hardware.nixosModules.microsoft-surface-pro-intel ];
+  config =
+  {
+    nixos =
+    {
+      system =
+      {
+        fileSystems =
+        {
+          mount =
+          {
+            vfat."/dev/disk/by-uuid/7179-9C69" = "/boot/efi";
+            btrfs =
+            {
+              "/dev/disk/by-uuid/c6d35075-85fe-4129-aaa8-f436ab85ce43"."/boot" = "/boot";
+              "/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
+            };
+          };
+          decrypt.auto =
+          {
+            "/dev/disk/by-uuid/4f7420f9-ea19-4713-b084-2ac8f0a963ac" = { mapper = "root"; ssd = true; };
+            "/dev/disk/by-uuid/88bd9d44-928b-40a2-8f3d-6dcd257c4601" =
+              { mapper = "swap"; ssd = true; before = [ "root" ]; };
+          };
+          swap = [ "/dev/mapper/swap" ];
+          resume = "/dev/mapper/swap";
+          rollingRootfs = {};
+        };
+        nixpkgs.march = "skylake";
+        grub.installDevice = "efi";
+        nix = { substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ]; githubToken.enable = true; };
+        kernel = { variant = "xanmod-lts"; patches = [ "cjktty" "lantian" "surface" "hibernate-progress" ]; };
+        networking.hostname = "surface";
+        gui.enable = true;
+      };
+      hardware = { cpus = [ "intel" ]; gpu.type = "intel"; };
+      packages.packageSet = "desktop-extra";
+      virtualization = { docker.enable = true; waydroid.enable = true; };
+      services =
+      {
+        snapper.enable = true;
+        sshd = {};
+        xray.client.enable = true;
+        firewall.trustedInterfaces = [ "virbr0" ];
+        wireguard =
+        {
+          enable = true;
+          peers = [ "vps6" ];
+          publicKey = "j7qEeODVMH31afKUQAmKRGLuqg8Bxd0dIPbo17LHqAo=";
+          wireguardIp = "192.168.83.5";
+        };
+        beesd.instances.root = { device = "/"; hashTableSizeMB = 512; };
+      };
+      bugs = [ "xmunet" "suspend-hibernate-no-platform" ];
+    };
+    environment.systemPackages = with inputs.pkgs; [ maliit-keyboard maliit-framework ];
+    powerManagement.resumeCommands = ''${inputs.pkgs.systemd}/bin/systemctl restart iptsd'';
+    services.iptsd.config =
+    {
+      Touch = { DisableOnPalm = true; DisableOnStylus = true; Overshoot = 0.5; };
+      Contacts = { Neutral = "Average"; NeutralValue = 10; };
+    };
+  };
+}
--- a/devices/surface/secrets.yaml
+++ b/devices/surface/secrets.yaml
@@ -0,0 +1,35 @@
+xray-client:
+    uuid: ENC[AES256_GCM,data:WEBAH3PQM5ahNpH/kvTtcjcJ2GllmmRlBR2oclG6AimGenSg,iv:TMp0WTOe9fuELSZoVGenl5XSZUFoiYUBEMWMn4NFv1g=,tag:GJTE0EELcZkrnGAKLYer1g==,type:str]
+wireguard:
+    privateKey: ENC[AES256_GCM,data:P/tyZHaEAahZUBF22dJEZb6mACm/wmUunPDG0vS7SNW3sWbzxRSut0haR/g=,iv:8VMv5iotmDrYDLiszcOvJHkD8l6uE+SboPSILr6KuzU=,tag:U/FIBhvghwDTvFtUWEqr4g==,type:str]
+github:
+    token: ENC[AES256_GCM,data:SyqrpFfy+y7syReWs0Bi23651ew41Us8aqjImBTzkDanOtWQgIYC6g==,iv:H3Y/TuP3VvZv6MlRAdLOY0CiNUeoqGZRNg0s58ZSkQ8=,tag:rSf4E8Whvue/LZ+VlSqDDQ==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzV1pvWkVGSFg5TVAvRlhu
+            TnFnMEszcDRWWHlQanAyRkRpQWdqQkdhTzFvCjBqUG4xNFBiRnlSeTNQSmdkVkdD
+            UlVCQjRFVExuZHdrSnViajZGZ3c2dWsKLS0tIHlQYU5VeGpEQzllMmxLSnJZZzZx
+            N1R3Mkhxa0dOVlJiU0V2OEZVVzZVMFkKae3c1axl22uxh9wMygAHs6q1WA5ImOS8
+            uzKSthWSqtC7DMqgUFaaSjBYM2TN3l402syx71xVFyyAmCcGZbbJcg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1ck5vzs0xqx0jplmuksrkh45xwmkm2t05m2wyq5k2w2mnkmn79fxs6tvl3l
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCSHJVRGIwQUFpVER5SWxq
+            YjJOT0lXN3dFOFpjMFlWV3JCbmZFN0hnNEJBClpQUEczK2RWTGlVTmJRbVZaUC8y
+            bEFrL1RjTTNlYVNnRVRBZlRjaTlnUEEKLS0tIE5GM01pTGFFcWVVSWEvUHE3Z08r
+            a2xybTRFUFZZN20zajZJTVNwVEpGcEEKglmFMk7z1q5IlZ+lZf9M0HtknmvcYt/P
+            2/z5e8wLN1Hy0Zsbv0yIL/NmqwxAOGJOdzz7ElJszk/Y4kUr9aRasg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-05-24T03:36:38Z"
+    mac: ENC[AES256_GCM,data:Dv6WO5K0GFVm4Rt+GjXeE1vwqlPkP+kmRCGU41rbSR3YBcL8mkpBRQQXJiMU99cQQMK/rCGy+k91fhGnG5xFT/FdEZF8qUjRHPZ5MdWCjPOuY/LrXWnSnwwJa2neQLFH/ToUkNaGHCk/FngnZ/e0U43Rnwt3iHRDBG3io8oDY0M=,iv:Jf5EtkTuf/MFDq6UiOo8/31ev5zBiaP9WnlgsUgK5Y4=,tag:r6ql+UbXbG5A1vtbsGXnJQ==,type:str]
+    pgp: []
+    unencrypted_suffix: _unencrypted
+    version: 3.8.1
--- a/devices/vps6/default.nix
+++ b/devices/vps6/default.nix
@@ -72,7 +72,7 @@ inputs:
        wireguard =
        {
          enable = true;
-          peers = [ "pc" "nas" "vps7" "xmupc1" "xmupc2" "pi3b" ];
+          peers = [ "pc" "nas" "vps7" "surface" "xmupc1" "xmupc2" "pi3b" ];
          publicKey = "AVOsYUKQQCvo3ctst3vNi8XSVWo1Wh15066aHh+KpF4=";
          wireguardIp = "192.168.83.1";
          listenIp = "74.211.99.69";
--- a/flake.lock
+++ b/flake.lock
@@ -610,6 +610,22 @@
        "type": "github"
      }
    },
+    "linux-surface": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1719778916,
+        "narHash": "sha256-CfxfDxzCMwrZg375n89rljR6hchJQQ+SOHTBgNCR82w=",
+        "owner": "linux-surface",
+        "repo": "linux-surface",
+        "rev": "dbc445a23d3b546447eab6d46b49ed76af544070",
+        "type": "github"
+      },
+      "original": {
+        "owner": "linux-surface",
+        "repo": "linux-surface",
+        "type": "github"
+      }
+    },
    "lmod": {
      "flake": false,
      "locked": {
@@ -815,6 +831,21 @@
        "type": "github"
      }
    },
+    "nixos-hardware": {
+      "locked": {
+        "lastModified": 1719984813,
+        "narHash": "sha256-/zRdv5J5exywcZXxIatB0Megh1QUs2vC7BCyvBB73ZA=",
+        "owner": "CHN-beta",
+        "repo": "nixos-hardware",
+        "rev": "a939cbb5dfd3648debce81492a17b0bafa301948",
+        "type": "github"
+      },
+      "original": {
+        "owner": "CHN-beta",
+        "repo": "nixos-hardware",
+        "type": "github"
+      }
+    },
    "nixos-stable": {
      "locked": {
        "lastModified": 1719957072,
@@ -1174,6 +1205,7 @@
        "impermanence": "impermanence",
        "kylin-virtual-keyboard": "kylin-virtual-keyboard",
        "lepton": "lepton",
+        "linux-surface": "linux-surface",
        "lmod": "lmod",
        "matplotplusplus": "matplotplusplus",
        "misskey": "misskey",
@@ -1183,6 +1215,7 @@
        "nix-flatpak": "nix-flatpak",
        "nix-index-database": "nix-index-database",
        "nix-vscode-extensions": "nix-vscode-extensions",
+        "nixos-hardware": "nixos-hardware",
        "nixpkgs": "nixpkgs",
        "nixpkgs-22.05": "nixpkgs-22.05",
        "nixpkgs-22.11": "nixpkgs-22.11",
--- a/flake.nix
+++ b/flake.nix
@@ -26,6 +26,7 @@
      inputs = { nixpkgs.follows = "nixpkgs"; home-manager.follows = "home-manager"; };
    };
    nur-linyinfeng = { url = "github:linyinfeng/nur-packages"; inputs.nixpkgs.follows = "nixpkgs"; };
+    nixos-hardware.url = "github:CHN-beta/nixos-hardware";
    envfs = { url = "github:Mic92/envfs"; inputs.nixpkgs.follows = "nixpkgs"; };
    nix-fast-build = { url = "github:/Mic92/nix-fast-build"; inputs.nixpkgs.follows = "nixpkgs"; };
    nix-flatpak.url = "github:gmodena/nix-flatpak";
@@ -53,6 +54,7 @@
    rycee = { url = "gitlab:rycee/nur-expressions"; flake = false; };
    blurred-wallpaper = { url = "github:bouteillerAlan/blurredwallpaper"; flake = false; };
    slate = { url = "github:TheBigWazz/Slate"; flake = false; };
+    linux-surface = { url = "github:linux-surface/linux-surface"; flake = false; };
    lepton = { url = "github:black7375/Firefox-UI-Fix"; flake = false; };
    lmod = { url = "github:TACC/Lmod"; flake = false; };
    mumax = { url = "github:CHN-beta/mumax"; flake = false; };
--- a/modules/packages/ssh.nix
+++ b/modules/packages/ssh.nix
@@ -45,6 +45,11 @@ inputs:
          ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIAoMu0HEaFQsnlJL0L6isnkNZdRq0OiDXyaX3+fl3NjT";
          hostnames = [ "initrd.nas.chn.moe" "192.168.1.2" ];
        };
+        surface =
+        {
+          ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIFdm3DcfHdcLP0oSpVrWwIZ/b9lZuakBSPwCFz2BdTJ7";
+          hostnames = [ "192.168.1.166" "wireguard.surface.chn.moe" "192.168.83.5" ];
+        };
        pc =
        {
          ed25519 = "AAAAC3NzaC1lZDI1NTE5AAAAIMSfREi19OSwQnhdsE8wiNwGSFFJwNGN0M5gN+sdrrLJ";
@@ -105,7 +110,7 @@ inputs:
            [ "vps4" "vps6" "wireguard.vps6" "vps7" "wireguard.vps7" "wireguard.nas" ])
          ++ (builtins.map
            (host: { name = host; value = { inherit host; hostname = "${host}.chn.moe"; forwardX11 = true; }; })
-            [ "wireguard.pc" "wireguard.xmupc1" "wireguard.xmupc2" ])
+            [ "wireguard.pc" "wireguard.surface" "wireguard.xmupc1" "wireguard.xmupc2" ])
          ++ (builtins.map
            (host:
            {
@@ -125,6 +130,7 @@ inputs:
          xmupc2 = { host = "xmupc2"; hostname = "xmupc2.chn.moe"; port = 6394; forwardX11 = true; };
          nas = { host = "nas"; hostname = "192.168.1.2"; forwardX11 = true; };
          pc = { host = "pc"; hostname = "192.168.1.3"; forwardX11 = true; };
+          surface = { host = "surface"; hostname = "192.168.1.4"; forwardX11 = true; };
          gitea = { host = "gitea"; hostname = "ssh.git.chn.moe"; };
          jykang =
          {
--- a/modules/system/kernel/default.nix
+++ b/modules/system/kernel/default.nix
@@ -81,6 +81,45 @@ inputs:
                  HZ = inputs.lib.mkForce (freeform "1000");
                };
              }];
+              surface =
+                let
+                  version =
+                    let versionArray = builtins.splitVersion inputs.config.boot.kernelPackages.kernel.version;
+                    in "${builtins.elemAt versionArray 0}.${builtins.elemAt versionArray 1}";
+                  kernelPatches = builtins.map
+                    (file:
+                    {
+                      name = "surface-${file.name}";
+                      patch = "${inputs.topInputs.linux-surface}/patches/${version}/${file.name}";
+                    })
+                    (builtins.filter
+                      (file: file.value == "regular")
+                      (inputs.localLib.attrsToList (builtins.readDir
+                        "${inputs.topInputs.linux-surface}/patches/${version}")));
+                  kernelConfig = builtins.removeAttrs
+                    (builtins.listToAttrs (builtins.concatLists (builtins.map
+                      (configString:
+                        if builtins.match "CONFIG_.*=." configString == [] then
+                        (
+                          let match = builtins.match "CONFIG_(.*)=(.)" configString; in with inputs.lib.kernel;
+                          [{
+                            name = builtins.elemAt match 0;
+                            value = { m = module; y = yes; }.${builtins.elemAt match 1};
+                          }]
+                        )
+                        else if builtins.match "# CONFIG_.* is not set" configString == [] then
+                        [{
+                          name = builtins.elemAt (builtins.match "# CONFIG_(.*) is not set" configString) 0;
+                          value = inputs.lib.kernel.unset;
+                        }]
+                        else if builtins.match "#.*" configString == [] then []
+                        else if configString == "" then []
+                        else throw "could not parse: ${configString}"
+                      )
+                      (inputs.lib.strings.splitString "\n"
+                        (builtins.readFile "${inputs.topInputs.linux-surface}/configs/surface-${version}.config")))))
+                    [ "VIDEO_IPU3_IMGU" ];
+                in kernelPatches ++ [{ name = "surface-config"; patch = null; extraStructuredConfig = kernelConfig; }];
              hibernate-progress =
              [{
                name = "hibernate-progress";
--- a/modules/user/chn/default.nix
+++ b/modules/user/chn/default.nix
@@ -32,10 +32,10 @@ inputs:
              (system: { name = system; value = { forwardAgent = true; extraOptions.AddKeysToAgent = "yes"; }; })
              [
                "vps4" "vps6" "wireguard.vps6" "vps7" "wireguard.vps7" "wireguard.pc" "nas" "wireguard.nas" "pc"
-                "xmupc1" "wireguard.xmupc1" "xmupc2" "wireguard.xmupc2"
+                "wireguard.surface" "xmupc1" "wireguard.xmupc1" "xmupc2" "wireguard.xmupc2"
              ]));
            extraConfig =
-              inputs.lib.mkIf (builtins.elem inputs.config.nixos.system.networking.hostname [ "pc" ])
+              inputs.lib.mkIf (builtins.elem inputs.config.nixos.system.networking.hostname [ "pc" "surface" ])
              ''
                IdentityFile ~/.ssh/id_rsa
                IdentityFile ~/.ssh/id_ed25519_sk
--- a/modules/user/chn/plasma/autostart.nix
+++ b/modules/user/chn/plasma/autostart.nix
@@ -53,7 +53,11 @@ inputs:
            path = "${inputs.pkgs.crow-translate}/share/applications/${fileName}";
          };
        };
-        devices.pc = [ "nheko" "kclockd" "yakuake" "telegram" "element" "kmail" "discord" "crow-translate" ];
+        devices =
+        {
+          pc = [ "nheko" "kclockd" "yakuake" "telegram" "element" "kmail" "discord" "crow-translate" ];
+          surface = [ "kclockd" "yakuake" "telegram" "element" "crow-translate" ];
+        };
      in builtins.listToAttrs (builtins.map
        (file:
        {
--- a/modules/user/chn/plasma/wallpaper.nix
+++ b/modules/user/chn/plasma/wallpaper.nix
@@ -9,8 +9,11 @@ inputs:
        sha256 = "0faahbzsr44bjmwr6508wi5hg59dfb57fzh5x6jh7zwmv4pzhqlb";
        fetchLFS = true;
      };
-      wallpaper = { pc = "${nixos-wallpaper}/pixiv-117612023.png"; }
-        .${inputs.config.nixos.system.networking.hostname} or "${nixos-wallpaper}/pixiv-96734339-x2.png";
+      wallpaper =
+      {
+        pc = "${nixos-wallpaper}/pixiv-117612023.png";
+        surface = "${nixos-wallpaper}/fanbox-6682738.png";
+      }.${inputs.config.nixos.system.networking.hostname} or "${nixos-wallpaper}/pixiv-96734339-x2.png";
    in
    {
      # "plasma-org.kde.plasma.desktop-appletsrc" =