modules.system.nixpkgs: fix native kernel patch

.sops.yaml

@@ -14,6 +14,7 @@ keys: # cat /etc/ssh/ssh_host_ed25519_key.pub | ssh-to-age
   - &test age1vgqvdqqe3mn0gvh0hydvu9c5f9yn5vek08cagyvwjhyta6utpvuq00g9c2
   - &test-pc age17a8y4yr2ckuek67rt786ujuf7705gvj3vv6ezktxxmgayea9zcyqet7hgc
   - &test-pc-vm age1wmcayhf9eyx9e9yp97850mqas9ns455crce8hfmvnupgcxd6sews5r0cln
+  - &steamdeck age1x7gda43xxsggveu8q2pajttlmgwsjhmksv7hzv3r270gyrpk8a5sza87gz
 creation_rules:
   - path_regex: devices/pc/.*$
     key_groups: [{ age: [ *chn, *pc ] }]
@@ -47,10 +48,12 @@ creation_rules:
     key_groups: [{ age: [ *chn, *test-pc ] }]
   - path_regex: devices/test-pc-vm/.*$
     key_groups: [{ age: [ *chn, *test-pc-vm ] }]
+  - path_regex: devices/steamdeck/.*$
+    key_groups: [{ age: [ *chn, *steamdeck ] }]
   - path_regex: devices/cross/secrets/default.yaml$
     key_groups:
     - age: [ *chn, *pc, *vps4, *vps6, *nas, *one, *srv1-node0, *srv1-node1, *srv1-node2, *srv2-node0, *srv2-node1,
-      *srv3, *test, *test-pc, *test-pc-vm]
+      *srv3, *test, *test-pc, *test-pc-vm, *steamdeck ]
   - path_regex: devices/cross/secrets/chn.yaml$
     key_groups:
     - age: [ *chn, *pc, *one, *nas ]

devices/steamdeck/default.nix

@@ -0,0 +1,34 @@
+inputs:
+{
+  config =
+  {
+    nixos =
+    {
+      model.type = "desktop";
+      system =
+      {
+        fileSystems =
+        {
+          mount =
+          {
+            vfat."/dev/disk/by-partlabel/steamdeck-boot" = "/boot";
+            btrfs."/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
+          };
+          luks.auto."/dev/disk/by-partlabel/steamdeck-root" = { mapper = "root"; ssd = true; };
+          swap = [ "/nix/swap/swap" ];
+          resume = { device = "/dev/mapper/root"; offset = 4728064; };
+        };
+        nixpkgs.march = "znver2";
+        kernel.variant = "steamos";
+      };
+      hardware = { gpu.type = "amd"; steamdeck = {}; };
+      services =
+      {
+        xray.client = {};
+        beesd."/".hashTableSizeMB = 64;
+        sshd = {};
+      };
+      bugs = [ "xmunet" ];
+    };
+  };
+}

devices/steamdeck/secrets.yaml

@@ -0,0 +1,26 @@
+xray-client:
+    uuid: ENC[AES256_GCM,data:x024tCccHGScH485GeeJEsnNTmzGklHO3KXXDl7FvVzYveQq,iv:oTzWSgH4XqA8PaeHEXB684DWA7TwFJ1ClxTJbnR0zdI=,tag:Xg32v1Lb0OgRk/dcr6snNg==,type:str]
+sops:
+    age:
+        - recipient: age19ax6vm3pv8rph5tq3mmehd9sy9jk823tw8svsd790r0lkslycquqvlwz9m
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnRWxFSmFpZ3NOM1hnbVNw
+            czlOREhxNGQvU1I1SGd1QXowck9uY2czTURFCnkyY1MrUUg3ZW1odTFGODQ4NzBy
+            dXd0dzNjYlZVUUpXRXMveEdxRytQUVEKLS0tIGZIeUIwRngwUjBaQy8zQnRhbURS
+            U1M1S0pndTFWOVN0Mng2Qk92SG1SV0kKnrJCXqjW9ZnvFIz7EYYWWgWrByap8pVo
+            3AIe2q//nXm4it+B0ZzIvv8LrkqP1kJr/I6v2GqvB6URi8rL/nGxqg==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1x7gda43xxsggveu8q2pajttlmgwsjhmksv7hzv3r270gyrpk8a5sza87gz
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByUGkzZTZ1TWFIVHZmaExC
+            Vk1xUlBKdUhaaW8rTGdoanQxZ2xkbU0rcjJvCi83K2RhcmkvYUVRSDV2QWxmK2VW
+            akorYVNCRTJhSW5Wa0NUZExMTndja1UKLS0tIGZZZXpsOFBIWHRRVUN2bjFzKzVD
+            a3lMTWNmL2UyTkVwL0d0RFg0L2tBU1EKXwsf8TZEEUKm6716gNFpOQ6JWF948Lgy
+            7ID8/Ug1v6/r+ta4FkZ5KHMqlxGRcBD56d5YvT1VsbjYzare4CgW6Q==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2025-08-07T07:28:26Z"
+    mac: ENC[AES256_GCM,data:0g3+g1xG9aw5EgXmC+LCsCl4jAGLF/vKd86gqFVMqaAL/Ukhb2JjTH3Wh3bdyg8e+c5ugohD4dkg2audy2nilgPXeNyHyb/lQmzUM/O+O7EIcowqPM3xPqnEBmTGjI6VDp44w5r40IQfVTWHha8CgTdYbARQ3RO4QxWnOh8V1zA=,iv:AThu70oSpIRRgGOpLIuqcmGHDcHSyujudX/2HeiZ5PQ=,tag:CVL5pmIc0kONcMndf+8nKw==,type:str]
+    unencrypted_suffix: _unencrypted
+    version: 3.10.2

devices/vps6/secrets.yaml

@@ -12,6 +12,8 @@ xray-server:
         user4: ENC[AES256_GCM,data:/kBaGAqbewLav+WCJPHm1py3pvb7bA/YO2DeBP2FTCZv44wA,iv:iwxV6KHu00oITH/58kBFmf43lkgTU3BHJ/kb9FPnRSE=,tag:ns+6Dvhf/D15bZc0fd6zLA==,type:str]
         #ENC[AES256_GCM,data:AzzKMw==,iv:Z73ISOLhPWP40wTy8PucY3KaB9nS7WQECK3tZFYC1ao=,tag:KJuiCODhHyDl5bXInUSI5g==,type:comment]
         user5: ENC[AES256_GCM,data:iDuLRb4dhLUOjpamioMwoTYrn7Cy+Ln4SaedVXkwVD05rjJ0,iv:AqzBBvLpJuIJCUJq0IyDcHrlqb0e84nQC0c94Rj85uw=,tag:0xou1i/iwAxGngO74OIMXg==,type:str]
+        #ENC[AES256_GCM,data:k2kFgIsD8jrmxg==,iv:qfYqA6zFSMBlUS8og70oYSbBLhUGp2ugGPNnLLSWwGY=,tag:DJPHm63XLD0wqle3Qwhc0Q==,type:comment]
+        user6: ENC[AES256_GCM,data:mmfwa1Z4yd+gLm2vNTp6hnYaBBoVzWhm+04DTuS6Rl50mg+A,iv:4KQGW1zorwRH8sBpN4UR60jV9Sk63JsoIf/Ma1HvpDI=,tag:TXfadko9ar+z4bnx6uesHA==,type:str]
         #ENC[AES256_GCM,data:8FxApg==,iv:vPa5p3QVHAvw+ECusWGqx1ugTcHh42CVFDQcMhG59wM=,tag:lHiZtydcYFBQiXnWh8pCrw==,type:comment]
         user7: ENC[AES256_GCM,data:H/jje9ONEY6XuBXTZmTVGIcWUgGSMf5OB1NNRPtqGCgRP1ei,iv:xew+0BkRqz3nfOoBXTPbBv5hRczy/3tgYSKq432q4iw=,tag:da2ljcffiCVJCsMZaNPZyQ==,type:str]
         #ENC[AES256_GCM,data:QdaYYH3RGJ4qIg==,iv:79NBTEKCPtgVVv3G7wg+vdoLOWxc+bdqT1lF4HJpTC8=,tag:8mRFGjy7lBrdyGyX9vaSOQ==,type:comment]
@@ -66,7 +68,7 @@ sops:
             ZXFTU3ZCaW1pTVh0RUJzdDdGdHlPYTgK2mlgcX2kEc8+2UDdBnhUm6IIuh8V6agW
             ooxH9OEPXUVI/4JcDo4v8ZUhAyU1ehLH0Ef7PJCChOZe2KZmWSNbhA==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-08-01T05:54:47Z"
-    mac: ENC[AES256_GCM,data:OtHwr58A1UOfYxQR88ay76fWmAyWPl5YtNbAiv0LXPLZPRtLGBJKuTjMaHr17AMepFZ+u5IPV2r8z1AUDj0opLXlv3Ik/DJ2PCcQTOBH+/lnSgzJKWfdCip9/wFR6N3dT0PKKLuBiURB9ZCYmtnq6E5+Guadc6ATYDSEpwbENZQ=,iv:kXsYMGjAtUlv1UqFU8Xv0zagohnpHkzSI72mq5HKY7k=,tag:KR+1A8l2VvbzDZV/00hbJg==,type:str]
+    lastmodified: "2025-08-07T07:28:06Z"
+    mac: ENC[AES256_GCM,data:omiQq5zptATaWWKj/4szKRlssEbgD9fQERNWY//nogrYHO4wgC0xjngjlztt9Rs72pavZ23O+WtlSjQ88kPyUy6WhywjJBE7zmMwj27hlFWPJJ94omBKvV0mhRFJ4hQ2cc2RkQAH5ADRVPMMYaGCY3ZW3S3ZmPYedIhNXFT6wDU=,iv:FlLkIBYGQp7bP5YLyw21taedk8Btcz89Qw6YOcu4VN4=,tag:YVQYiuXoGrXKAOjrpZ6o4g==,type:str]
     unencrypted_suffix: _unencrypted
     version: 3.10.2

flake.lock

@@ -469,6 +469,27 @@
         "type": "github"
       }
     },
+    "jovian": {
+      "inputs": {
+        "nix-github-actions": "nix-github-actions",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1754569749,
+        "narHash": "sha256-MxTJFjO+KgmTWSDAsXLt4Al8tIl5F0grF6IKee+bDdA=",
+        "owner": "CHN-beta",
+        "repo": "Jovian-NixOS",
+        "rev": "e889cad7f0198266f634161b8d88ac1ff42844ab",
+        "type": "github"
+      },
+      "original": {
+        "owner": "CHN-beta",
+        "repo": "Jovian-NixOS",
+        "type": "github"
+      }
+    },
     "lepton": {
       "flake": false,
       "locked": {
@@ -654,6 +675,28 @@
         "type": "github"
       }
     },
+    "nix-github-actions": {
+      "inputs": {
+        "nixpkgs": [
+          "jovian",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1729697500,
+        "narHash": "sha256-VFTWrbzDlZyFHHb1AlKRiD/qqCJIripXKiCSFS8fAOY=",
+        "owner": "zhaofengli",
+        "repo": "nix-github-actions",
+        "rev": "e418aeb728b6aa5ca8c5c71974e7159c2df1d8cf",
+        "type": "github"
+      },
+      "original": {
+        "owner": "zhaofengli",
+        "ref": "matrix-name",
+        "repo": "nix-github-actions",
+        "type": "github"
+      }
+    },
     "nix-index-database": {
       "inputs": {
         "nixpkgs": [
@@ -1161,6 +1204,7 @@
         "hextra": "hextra",
         "home-manager": "home-manager",
         "impermanence": "impermanence",
+        "jovian": "jovian",
         "lepton": "lepton",
         "mac-style": "mac-style",
         "matplotplusplus": "matplotplusplus",

flake.nix

@@ -32,6 +32,7 @@
     nixvirt = { url = "github:CHN-beta/NixVirt"; inputs.nixpkgs.follows = "nixpkgs"; };
     buildproxy = { url = "github:polygon/nix-buildproxy"; inputs.nixpkgs.follows = "nixpkgs"; };
     niri.url = "github:sodiboo/niri-flake";
+    jovian = { url = "github:CHN-beta/Jovian-NixOS"; inputs.nixpkgs.follows = "nixpkgs"; };
 
     misskey = { url = "git+https://github.com/CHN-beta/misskey?submodules=1"; flake = false; };
     rsshub = { url = "github:DIYgod/RSSHub"; flake = false; };

flake/lib/buildNixpkgsConfig/default.nix

@@ -118,6 +118,8 @@ in platformConfig //
         openvswitch = prev.openvswitch.overrideAttrs (prev: { doCheck = false; });
         rapidjson = prev.rapidjson.overrideAttrs { doCheck = false; };
         valkey = prev.valkey.overrideAttrs { doCheck = false; };
+        binaryen = prev.binaryen.overrideAttrs
+          { cmakeFlags = (prev.cmakeFlags or []) ++ [ "-DCMAKE_CXX_FLAGS=-Wno-maybe-uninitialized" ]; };
         # -march=xxx cause embree build failed
         # https://github.com/embree/embree/issues/115
         embree = prev.embree.override { stdenv = final.genericPackages.stdenv; };

flake/nixos.nix

@@ -1,6 +1,6 @@
 { inputs, localLib }:
 let
-  singles = [ "nas" "pc" "vps4" "vps6" "one" "srv3" ];
+  singles = [ "nas" "pc" "vps4" "vps6" "one" "srv3" "steamdeck" ];
   cluster = { srv1 = 3; srv2 = 2; };
   deviceModules = builtins.listToAttrs
   (

modules/default.nix

@@ -12,6 +12,15 @@ inputs: let inherit (inputs) topInputs; in
     topInputs.nixvirt.nixosModules.default
     topInputs.niri.nixosModules.niri
     { config.niri-flake.cache.enable = false; }
+    topInputs.jovian.nixosModules.default
+    {
+      config.jovian =
+      {
+        steamos.useSteamOSConfig = inputs.lib.mkDefault false;
+        devices.steamdeck.enableKernelPatches = inputs.lib.mkDefault false;
+        overlay.enable = inputs.lib.mkDefault false;
+      };
+    }
     # TODO: Remove after next release
     "${topInputs.nixpkgs-unstable}/nixos/modules/services/hardware/lact.nix"
     (inputs:

modules/hardware/steamdeck.nix

@@ -0,0 +1,22 @@
+inputs:
+{
+  options.nixos.hardware.steamdeck = let inherit (inputs.lib) mkOption types; in mkOption
+    { type = types.nullOr (types.submodule {}); default = null; };
+  config = let inherit (inputs.config.nixos.hardware) steamdeck; in inputs.lib.mkIf (steamdeck != null)
+  {
+    jovian =
+    {
+      steam = { enable = true; autoStart = true; user = "chn"; desktopSession = "plasma"; };
+      steamos.useSteamOSConfig = true;
+      decky-loader = { enable = true; package = inputs.pkgs.decky-loader-prerelease; };
+      devices.steamdeck.enable = true;
+      overlay.enable = true;
+    };
+    boot.initrd.kernelModules =
+    [
+      "hid_generic" "hid_multitouch" "i2c_designware_core" "i2c_designware_platform" "i2c_hid_acpi" "evdev"
+      "i2c_hid_api"
+    ];
+    nixos.packages.packages._packages = [ inputs.pkgs.steamdeck-firmware ];
+  };
+}

modules/packages/steam.nix

@@ -10,7 +10,7 @@ inputs:
     programs.steam =
     {
       enable = true;
-      package = inputs.pkgs.steam.override (prev:
+      package = inputs.lib.mkIf (inputs.config.nixos.hardware.steamdeck == null) (inputs.pkgs.steam.override (prev:
       {
         steam-unwrapped = prev.steam-unwrapped.overrideAttrs (prev:
         {
@@ -19,7 +19,7 @@ inputs:
             sed -i 's#Comment\[zh_CN\]=.*$#Comment\[zh_CN\]=思题慕®学习平台#' $out/share/applications/steam.desktop
           '';
         });
-      });
+      }));
       extraPackages = [ inputs.pkgs.openssl_1_1 ];
       extraCompatPackages = [ inputs.pkgs.proton-ge-bin ];
       remotePlay.openFirewall = true;
@@ -27,5 +27,11 @@ inputs:
       localNetworkGameTransfers.openFirewall = true;
       dedicatedServer.openFirewall = true;
     };
+    # not easy to override steamdeck's steam package env, just write env vars to global
+    environment.sessionVariables = inputs.lib.mkIf (inputs.config.nixos.hardware.steamdeck != null)
+    {
+      STEAM_EXTRA_COMPAT_TOOLS_PATHS =
+        inputs.lib.makeSearchPathOutput "steamcompattool" "" inputs.config.programs.steam.extraCompatPackages;
+    };
   };
 }

modules/system/gui.nix

@@ -12,7 +12,7 @@ inputs:
       services =
       {
         desktopManager.plasma6.enable = inputs.lib.mkIf (gui.implementation == "kde") true;
-        greetd =
+        greetd = inputs.lib.mkDefault
         {
           enable = true;
           settings.default_session.command =

modules/system/kernel/default.nix

@@ -4,7 +4,7 @@ inputs:
   {
     variant = mkOption
     {
-      type = types.nullOr (types.enum [ "nixos" "xanmod-lts" "xanmod-latest" "xanmod-unstable" ]);
+      type = types.nullOr (types.enum [ "nixos" "xanmod-lts" "xanmod-latest" "xanmod-unstable" "steamos" ]);
       default = "xanmod-lts";
     };
     patches = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
@@ -49,6 +49,7 @@ inputs:
         xanmod-lts = inputs.pkgs.linuxPackages_xanmod;
         xanmod-latest = inputs.pkgs.linuxPackages_xanmod_latest;
         xanmod-unstable = inputs.pkgs.pkgs-unstable.linuxPackages_xanmod_latest;
+        steamos = inputs.pkgs.linuxPackages_jovian;
       }.${kernel.variant};
       kernelPatches =
         let patches.hibernate-progress = [{ name = "hibernate-progress"; patch = ./hibernate-progress.patch; }];

modules/system/nixpkgs.nix

@@ -17,17 +17,18 @@ inputs:
   {
     nixpkgs = inputs.localLib.buildNixpkgsConfig
       { inherit inputs; nixpkgs = nixpkgs // { nixRoot = null; nixos = true; }; };
-    boot.kernelPatches = inputs.lib.mkIf (nixpkgs.march != null)
-    [{
-      name = "native kernel";
-      patch = null;
-      extraStructuredConfig =
-        let kernelConfig = { znver2 = "MZEN2"; znver3 = "MZEN3"; znver4 = "MZEN4"; };
-        in
-        {
-          GENERIC_CPU = inputs.lib.kernel.no;
-          ${kernelConfig.${nixpkgs.march} or "M${inputs.lib.toUpper nixpkgs.march}"} = inputs.lib.kernel.yes;
-        };
-    }];
+    boot.kernelPatches = inputs.lib.mkIf
+      (nixpkgs.march != null && inputs.config.nixos.system.kernel.variant != "steamos")
+      [{
+        name = "native kernel";
+        patch = null;
+        extraStructuredConfig =
+          let kernelConfig = { znver2 = "MZEN2"; znver3 = "MZEN3"; znver4 = "MZEN4"; };
+          in
+          {
+            GENERIC_CPU = inputs.lib.kernel.no;
+            ${kernelConfig.${nixpkgs.march} or "M${inputs.lib.toUpper nixpkgs.march}"} = inputs.lib.kernel.yes;
+          };
+      }];
   };
 }