diff --git a/.sops.yaml b/.sops.yaml index 74d3ec6a..47667181 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -14,6 +14,7 @@ keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age - &test age1vgqvdqqe3mn0gvh0hydvu9c5f9yn5vek08cagyvwjhyta6utpvuq00g9c2 - &test-pc age17a8y4yr2ckuek67rt786ujuf7705gvj3vv6ezktxxmgayea9zcyqet7hgc - &test-pc-vm age1wmcayhf9eyx9e9yp97850mqas9ns455crce8hfmvnupgcxd6sews5r0cln + - &steamdeck age1x7gda43xxsggveu8q2pajttlmgwsjhmksv7hzv3r270gyrpk8a5sza87gz creation_rules: - path_regex: devices/pc/.*$ key_groups: [{ age: [ *chn, *pc ] }] @@ -47,10 +48,12 @@ creation_rules: key_groups: [{ age: [ *chn, *test-pc ] }] - path_regex: devices/test-pc-vm/.*$ key_groups: [{ age: [ *chn, *test-pc-vm ] }] + - path_regex: devices/steamdeck/.*$ + key_groups: [{ age: [ *chn, *steamdeck ] }] - path_regex: devices/cross/secrets/default.yaml$ key_groups: - age: [ *chn, *pc, *vps4, *vps6, *nas, *one, *srv1-node0, *srv1-node1, *srv1-node2, *srv2-node0, *srv2-node1, - *srv3, *test, *test-pc, *test-pc-vm] + *srv3, *test, *test-pc, *test-pc-vm, *steamdeck ] - path_regex: devices/cross/secrets/chn.yaml$ key_groups: - age: [ *chn, *pc, *one, *nas ] diff --git a/devices/steamdeck/default.nix b/devices/steamdeck/default.nix new file mode 100644 index 00000000..bafbb612 --- /dev/null +++ b/devices/steamdeck/default.nix @@ -0,0 +1,34 @@ +inputs: +{ + config = + { + nixos = + { + model.type = "desktop"; + system = + { + fileSystems = + { + mount = + { + vfat."/dev/disk/by-partlabel/steamdeck-boot" = "/boot"; + btrfs."/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; }; + }; + luks.auto."/dev/disk/by-partlabel/steamdeck-root" = { mapper = "root"; ssd = true; }; + swap = [ "/nix/swap/swap" ]; + resume = { device = "/dev/mapper/root"; offset = 4728064; }; + }; + nixpkgs.march = "znver2"; + kernel.variant = "steamos"; + }; + hardware = { gpu.type = "amd"; steamdeck = {}; }; + services = + { + xray.client = {}; + beesd."/".hashTableSizeMB = 64; + sshd = {}; + }; + bugs = [ "xmunet" ]; + }; + }; +} diff --git a/devices/steamdeck/secrets.yaml b/devices/steamdeck/secrets.yaml new file mode 100644 index 00000000..730a73ea --- /dev/null +++ b/devices/steamdeck/secrets.yaml @@ -0,0 +1,26 @@ +xray-client: + uuid: ENC[AES256_GCM,data:x024tCccHGScH485GeeJEsnNTmzGklHO3KXXDl7FvVzYveQq,iv:oTzWSgH4XqA8PaeHEXB684DWA7TwFJ1ClxTJbnR0zdI=,tag:Xg32v1Lb0OgRk/dcr6snNg==,type:str] +sops: + age: + - recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnRWxFSmFpZ3NOM1hnbVNw + czlOREhxNGQvU1I1SGd1QXowck9uY2czTURFCnkyY1MrUUg3ZW1odTFGODQ4NzBy + dXd0dzNjYlZVUUpXRXMveEdxRytQUVEKLS0tIGZIeUIwRngwUjBaQy8zQnRhbURS + U1M1S0pndTFWOVN0Mng2Qk92SG1SV0kKnrJCXqjW9ZnvFIz7EYYWWgWrByap8pVo + 3AIe2q//nXm4it+B0ZzIvv8LrkqP1kJr/I6v2GqvB6URi8rL/nGxqg== + -----END AGE ENCRYPTED FILE----- + - recipient: age1x7gda43xxsggveu8q2pajttlmgwsjhmksv7hzv3r270gyrpk8a5sza87gz + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByUGkzZTZ1TWFIVHZmaExC + Vk1xUlBKdUhaaW8rTGdoanQxZ2xkbU0rcjJvCi83K2RhcmkvYUVRSDV2QWxmK2VW + akorYVNCRTJhSW5Wa0NUZExMTndja1UKLS0tIGZZZXpsOFBIWHRRVUN2bjFzKzVD + a3lMTWNmL2UyTkVwL0d0RFg0L2tBU1EKXwsf8TZEEUKm6716gNFpOQ6JWF948Lgy + 7ID8/Ug1v6/r+ta4FkZ5KHMqlxGRcBD56d5YvT1VsbjYzare4CgW6Q== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2025-08-07T07:28:26Z" + mac: ENC[AES256_GCM,data:0g3+g1xG9aw5EgXmC+LCsCl4jAGLF/vKd86gqFVMqaAL/Ukhb2JjTH3Wh3bdyg8e+c5ugohD4dkg2audy2nilgPXeNyHyb/lQmzUM/O+O7EIcowqPM3xPqnEBmTGjI6VDp44w5r40IQfVTWHha8CgTdYbARQ3RO4QxWnOh8V1zA=,iv:AThu70oSpIRRgGOpLIuqcmGHDcHSyujudX/2HeiZ5PQ=,tag:CVL5pmIc0kONcMndf+8nKw==,type:str] + unencrypted_suffix: _unencrypted + version: 3.10.2 diff --git a/devices/vps6/secrets.yaml b/devices/vps6/secrets.yaml index 19f55ca7..be1d6913 100644 --- a/devices/vps6/secrets.yaml +++ b/devices/vps6/secrets.yaml @@ -12,6 +12,8 @@ xray-server: user4: ENC[AES256_GCM,data:/kBaGAqbewLav+WCJPHm1py3pvb7bA/YO2DeBP2FTCZv44wA,iv:iwxV6KHu00oITH/58kBFmf43lkgTU3BHJ/kb9FPnRSE=,tag:ns+6Dvhf/D15bZc0fd6zLA==,type:str] #ENC[AES256_GCM,data:AzzKMw==,iv:Z73ISOLhPWP40wTy8PucY3KaB9nS7WQECK3tZFYC1ao=,tag:KJuiCODhHyDl5bXInUSI5g==,type:comment] user5: ENC[AES256_GCM,data:iDuLRb4dhLUOjpamioMwoTYrn7Cy+Ln4SaedVXkwVD05rjJ0,iv:AqzBBvLpJuIJCUJq0IyDcHrlqb0e84nQC0c94Rj85uw=,tag:0xou1i/iwAxGngO74OIMXg==,type:str] + #ENC[AES256_GCM,data:k2kFgIsD8jrmxg==,iv:qfYqA6zFSMBlUS8og70oYSbBLhUGp2ugGPNnLLSWwGY=,tag:DJPHm63XLD0wqle3Qwhc0Q==,type:comment] + user6: ENC[AES256_GCM,data:mmfwa1Z4yd+gLm2vNTp6hnYaBBoVzWhm+04DTuS6Rl50mg+A,iv:4KQGW1zorwRH8sBpN4UR60jV9Sk63JsoIf/Ma1HvpDI=,tag:TXfadko9ar+z4bnx6uesHA==,type:str] #ENC[AES256_GCM,data:8FxApg==,iv:vPa5p3QVHAvw+ECusWGqx1ugTcHh42CVFDQcMhG59wM=,tag:lHiZtydcYFBQiXnWh8pCrw==,type:comment] user7: ENC[AES256_GCM,data:H/jje9ONEY6XuBXTZmTVGIcWUgGSMf5OB1NNRPtqGCgRP1ei,iv:xew+0BkRqz3nfOoBXTPbBv5hRczy/3tgYSKq432q4iw=,tag:da2ljcffiCVJCsMZaNPZyQ==,type:str] #ENC[AES256_GCM,data:QdaYYH3RGJ4qIg==,iv:79NBTEKCPtgVVv3G7wg+vdoLOWxc+bdqT1lF4HJpTC8=,tag:8mRFGjy7lBrdyGyX9vaSOQ==,type:comment] @@ -66,7 +68,7 @@ sops: ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-08-01T05:54:47Z" - mac: ENC[AES256_GCM,data:OtHwr58A1UOfYxQR88ay76fWmAyWPl5YtNbAiv0LXPLZPRtLGBJKuTjMaHr17AMepFZ+u5IPV2r8z1AUDj0opLXlv3Ik/DJ2PCcQTOBH+/lnSgzJKWfdCip9/wFR6N3dT0PKKLuBiURB9ZCYmtnq6E5+Guadc6ATYDSEpwbENZQ=,iv:kXsYMGjAtUlv1UqFU8Xv0zagohnpHkzSI72mq5HKY7k=,tag:KR+1A8l2VvbzDZV/00hbJg==,type:str] + lastmodified: "2025-08-07T07:28:06Z" + mac: ENC[AES256_GCM,data:omiQq5zptATaWWKj/4szKRlssEbgD9fQERNWY//nogrYHO4wgC0xjngjlztt9Rs72pavZ23O+WtlSjQ88kPyUy6WhywjJBE7zmMwj27hlFWPJJ94omBKvV0mhRFJ4hQ2cc2RkQAH5ADRVPMMYaGCY3ZW3S3ZmPYedIhNXFT6wDU=,iv:FlLkIBYGQp7bP5YLyw21taedk8Btcz89Qw6YOcu4VN4=,tag:YVQYiuXoGrXKAOjrpZ6o4g==,type:str] unencrypted_suffix: _unencrypted version: 3.10.2 diff --git a/flake.lock b/flake.lock index d302469e..3638aea2 100644 --- a/flake.lock +++ b/flake.lock @@ -469,6 +469,27 @@ "type": "github" } }, + "jovian": { + "inputs": { + "nix-github-actions": "nix-github-actions", + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754569749, + "narHash": "sha256-MxTJFjO+KgmTWSDAsXLt4Al8tIl5F0grF6IKee+bDdA=", + "owner": "CHN-beta", + "repo": "Jovian-NixOS", + "rev": "e889cad7f0198266f634161b8d88ac1ff42844ab", + "type": "github" + }, + "original": { + "owner": "CHN-beta", + "repo": "Jovian-NixOS", + "type": "github" + } + }, "lepton": { "flake": false, "locked": { @@ -654,6 +675,28 @@ "type": "github" } }, + "nix-github-actions": { + "inputs": { + "nixpkgs": [ + "jovian", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1729697500, + "narHash": "sha256-VFTWrbzDlZyFHHb1AlKRiD/qqCJIripXKiCSFS8fAOY=", + "owner": "zhaofengli", + "repo": "nix-github-actions", + "rev": "e418aeb728b6aa5ca8c5c71974e7159c2df1d8cf", + "type": "github" + }, + "original": { + "owner": "zhaofengli", + "ref": "matrix-name", + "repo": "nix-github-actions", + "type": "github" + } + }, "nix-index-database": { "inputs": { "nixpkgs": [ @@ -1161,6 +1204,7 @@ "hextra": "hextra", "home-manager": "home-manager", "impermanence": "impermanence", + "jovian": "jovian", "lepton": "lepton", "mac-style": "mac-style", "matplotplusplus": "matplotplusplus", diff --git a/flake.nix b/flake.nix index a0562c5f..a1531f8c 100644 --- a/flake.nix +++ b/flake.nix @@ -32,6 +32,7 @@ nixvirt = { url = "github:CHN-beta/NixVirt"; inputs.nixpkgs.follows = "nixpkgs"; }; buildproxy = { url = "github:polygon/nix-buildproxy"; inputs.nixpkgs.follows = "nixpkgs"; }; niri.url = "github:sodiboo/niri-flake"; + jovian = { url = "github:CHN-beta/Jovian-NixOS"; inputs.nixpkgs.follows = "nixpkgs"; }; misskey = { url = "git+https://github.com/CHN-beta/misskey?submodules=1"; flake = false; }; rsshub = { url = "github:DIYgod/RSSHub"; flake = false; }; diff --git a/flake/nixos.nix b/flake/nixos.nix index 6b79f2d5..bd53c136 100644 --- a/flake/nixos.nix +++ b/flake/nixos.nix @@ -1,6 +1,6 @@ { inputs, localLib }: let - singles = [ "nas" "pc" "vps4" "vps6" "one" "srv3" ]; + singles = [ "nas" "pc" "vps4" "vps6" "one" "srv3" "steamdeck" ]; cluster = { srv1 = 3; srv2 = 2; }; deviceModules = builtins.listToAttrs ( diff --git a/modules/default.nix b/modules/default.nix index d64a89e4..96c47f4d 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -12,6 +12,15 @@ inputs: let inherit (inputs) topInputs; in topInputs.nixvirt.nixosModules.default topInputs.niri.nixosModules.niri { config.niri-flake.cache.enable = false; } + topInputs.jovian.nixosModules.default + { + config.jovian = + { + steamos.useSteamOSConfig = inputs.lib.mkDefault false; + devices.steamdeck.enableKernelPatches = inputs.lib.mkDefault false; + overlay.enable = inputs.lib.mkDefault false; + }; + } # TODO: Remove after next release "${topInputs.nixpkgs-unstable}/nixos/modules/services/hardware/lact.nix" (inputs: diff --git a/modules/hardware/steamdeck.nix b/modules/hardware/steamdeck.nix new file mode 100644 index 00000000..db3ec857 --- /dev/null +++ b/modules/hardware/steamdeck.nix @@ -0,0 +1,22 @@ +inputs: +{ + options.nixos.hardware.steamdeck = let inherit (inputs.lib) mkOption types; in mkOption + { type = types.nullOr (types.submodule {}); default = null; }; + config = let inherit (inputs.config.nixos.hardware) steamdeck; in inputs.lib.mkIf (steamdeck != null) + { + jovian = + { + steam = { enable = true; autoStart = true; user = "chn"; desktopSession = "plasma"; }; + steamos.useSteamOSConfig = true; + decky-loader = { enable = true; package = inputs.pkgs.decky-loader-prerelease; }; + devices.steamdeck.enable = true; + overlay.enable = true; + }; + boot.initrd.kernelModules = + [ + "hid_generic" "hid_multitouch" "i2c_designware_core" "i2c_designware_platform" "i2c_hid_acpi" "evdev" + "i2c_hid_api" + ]; + nixos.packages.packages._packages = [ inputs.pkgs.steamdeck-firmware ]; + }; +} \ No newline at end of file diff --git a/modules/packages/steam.nix b/modules/packages/steam.nix index 40dddf02..8310af5f 100644 --- a/modules/packages/steam.nix +++ b/modules/packages/steam.nix @@ -10,7 +10,7 @@ inputs: programs.steam = { enable = true; - package = inputs.pkgs.steam.override (prev: + package = inputs.lib.mkIf (inputs.config.nixos.hardware.steamdeck == null) (inputs.pkgs.steam.override (prev: { steam-unwrapped = prev.steam-unwrapped.overrideAttrs (prev: { @@ -19,7 +19,7 @@ inputs: sed -i 's#Comment\[zh_CN\]=.*$#Comment\[zh_CN\]=思题慕®学习平台#' $out/share/applications/steam.desktop ''; }); - }); + })); extraPackages = [ inputs.pkgs.openssl_1_1 ]; extraCompatPackages = [ inputs.pkgs.proton-ge-bin ]; remotePlay.openFirewall = true; @@ -27,5 +27,11 @@ inputs: localNetworkGameTransfers.openFirewall = true; dedicatedServer.openFirewall = true; }; + # not easy to override steamdeck's steam package env, just write env vars to global + environment.sessionVariables = inputs.lib.mkIf (inputs.config.nixos.hardware.steamdeck != null) + { + STEAM_EXTRA_COMPAT_TOOLS_PATHS = + inputs.lib.makeSearchPathOutput "steamcompattool" "" inputs.config.programs.steam.extraCompatPackages; + }; }; } diff --git a/modules/system/gui.nix b/modules/system/gui.nix index 79638868..aa8afa7f 100644 --- a/modules/system/gui.nix +++ b/modules/system/gui.nix @@ -12,7 +12,7 @@ inputs: services = { desktopManager.plasma6.enable = inputs.lib.mkIf (gui.implementation == "kde") true; - greetd = + greetd = inputs.lib.mkDefault { enable = true; settings.default_session.command = diff --git a/modules/system/kernel/default.nix b/modules/system/kernel/default.nix index 909c85c1..1978a2da 100644 --- a/modules/system/kernel/default.nix +++ b/modules/system/kernel/default.nix @@ -4,7 +4,7 @@ inputs: { variant = mkOption { - type = types.nullOr (types.enum [ "nixos" "xanmod-lts" "xanmod-latest" "xanmod-unstable" ]); + type = types.nullOr (types.enum [ "nixos" "xanmod-lts" "xanmod-latest" "xanmod-unstable" "steamos" ]); default = "xanmod-lts"; }; patches = mkOption { type = types.listOf types.nonEmptyStr; default = []; }; @@ -49,6 +49,7 @@ inputs: xanmod-lts = inputs.pkgs.linuxPackages_xanmod; xanmod-latest = inputs.pkgs.linuxPackages_xanmod_latest; xanmod-unstable = inputs.pkgs.pkgs-unstable.linuxPackages_xanmod_latest; + steamos = inputs.pkgs.linuxPackages_jovian; }.${kernel.variant}; kernelPatches = let patches.hibernate-progress = [{ name = "hibernate-progress"; patch = ./hibernate-progress.patch; }];