titaniumtown/nixos
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity
Files
5ccd84c77e7cc9b8f7b3a763adfe21eaf6cd333a
nixos/hosts/yarn/default.nix
Simon Gardling 5ccd84c77e
Some checks failed
Build and Deploy / mreow (push) Successful in 1m48s
Details
Build and Deploy / yarn (push) Successful in 4m39s
Details
Build and Deploy / muffin (push) Failing after 31s
Details
yarn: fix steamos-update exit code — 7 means no update, not 0 
Steam interprets exit 0 from 'steamos-update check' as 'update applied
successfully' and shows a persistent 'update available' notification.
The SteamOS convention is exit 7 = no update available.
2026-04-23 20:47:33 -04:00

228 lines
6.6 KiB
Nix
Raw Blame History

{
config,
pkgs,
lib,
username,
inputs,
site_config,
...
}:
{
imports = [
../../modules/desktop-common.nix
../../modules/no-rgb.nix
./disk.nix
./impermanence.nix
./vr.nix
inputs.impermanence.nixosModules.impermanence
inputs.jovian-nixos.nixosModules.default
];
fileSystems."/media/games" = {
device = "/dev/disk/by-uuid/1878136e-765d-4784-b204-3536ab4fdac8";
fsType = "f2fs";
options = [ "nofail" ];
};
systemd.targets = {
sleep.enable = false;
suspend.enable = false;
hibernate.enable = false;
hybrid-sleep.enable = false;
};
networking.hostId = "abf570f9";
# Static IP for consistent SSH access
networking.networkmanager.ensureProfiles.profiles.enp7s0-static = {
connection = {
id = "enp7s0-static";
type = "ethernet";
interface-name = "enp7s0";
autoconnect = true;
};
ipv4 = {
method = "manual";
address1 = "${site_config.hosts.yarn.ip}/24,${site_config.lan.gateway}";
dns = lib.concatMapStrings (n: "${n};") site_config.dns_servers;
};
ipv6.method = "disabled";
};
services.openssh = {
enable = true;
ports = [ 22 ];
settings = {
PasswordAuthentication = false;
PermitRootLogin = "yes";
};
};
users.users.${username}.openssh.authorizedKeys.keys = [
site_config.ssh_keys.laptop
];
users.users.root.openssh.authorizedKeys.keys = [
site_config.ssh_keys.laptop
site_config.ssh_keys.ci_deploy
];
programs.steam = {
remotePlay.openFirewall = true;
localNetworkGameTransfers.openFirewall = true;
};
# LACT (Linux AMDGPU Configuration Tool): https://github.com/ilya-zlobintsev/LACT
environment.systemPackages = with pkgs; [
lact
jovian-stubs
];
systemd.packages = with pkgs; [ lact ];
systemd.services.lactd.wantedBy = [ "multi-user.target" ];
systemd.services.lactd.serviceConfig.ExecStartPre = "${lib.getExe pkgs.bash} -c \"sleep 3s\"";
# root-level service that applies a pending update. Triggered by
# steamos-update (via systemctl start) when the user accepts an update.
# Runs as root so it can write the system profile and boot entry.
systemd.services.pull-update-apply = {
description = "Apply pending NixOS update pulled from binary cache";
serviceConfig = {
Type = "oneshot";
ExecStart = pkgs.writeShellScript "pull-update-apply" ''
set -uo pipefail
export PATH=${
pkgs.lib.makeBinPath [
pkgs.curl
pkgs.coreutils
pkgs.nix
]
}
STORE_PATH=$(curl -sf --max-time 30 "${site_config.binary_cache.url}/deploy/yarn" || true)
if [ -z "$STORE_PATH" ]; then
echo "server unreachable"
exit 1
fi
CURRENT=$(readlink -f /nix/var/nix/profiles/system)
if [ "$CURRENT" = "$STORE_PATH" ]; then
echo "already up to date: $STORE_PATH"
exit 0
fi
echo "applying $STORE_PATH (was $CURRENT)"
nix-store -r --add-root /nix/var/nix/gcroots/pull-update-apply-latest --indirect "$STORE_PATH" \
|| { echo "fetch failed"; exit 1; }
nix-env -p /nix/var/nix/profiles/system --set "$STORE_PATH" \
|| { echo "profile set failed"; exit 1; }
"$STORE_PATH/bin/switch-to-configuration" boot \
|| { echo "boot entry failed"; exit 1; }
echo "update applied; reboot required"
'';
};
};
# Allow primary user to start pull-update-apply.service without a password
security.polkit.extraConfig = ''
polkit.addRule(function(action, subject) {
if (action.id == "org.freedesktop.systemd1.manage-units" &&
action.lookup("unit") == "pull-update-apply.service" &&
subject.user == "${username}") {
return polkit.Result.YES;
}
});
'';
nixpkgs.config.allowUnfreePredicate =
pkg:
builtins.elem (lib.getName pkg) [
"steamdeck-hw-theme"
"steam-jupiter-unwrapped"
"steam"
"steam-original"
"steam-unwrapped"
"steam-run"
];
# Override jovian-stubs to disable steamos-update kernel check
# This prevents Steam from requesting reboots for "system updates"
# Steam client updates will still work normally
nixpkgs.overlays = [
(
final: prev:
let
deploy-url = "${site_config.binary_cache.url}/deploy/yarn";
steamos-update-script = final.writeShellScript "steamos-update" ''
export PATH=${
final.lib.makeBinPath [
final.curl
final.coreutils
final.systemd
]
}
STORE_PATH=$(curl -sf --max-time 30 "${deploy-url}" || true)
if [ -z "$STORE_PATH" ]; then
>&2 echo "[steamos-update] server unreachable"
exit 7
fi
CURRENT=$(readlink -f /nix/var/nix/profiles/system)
if [ "$CURRENT" = "$STORE_PATH" ]; then
>&2 echo "[steamos-update] no update available"
exit 7
fi
# check-only mode: just report that an update exists
if [ "''${1:-}" = "check" ] || [ "''${1:-}" = "--check-only" ]; then
>&2 echo "[steamos-update] update available"
exit 0
fi
# apply: trigger the root-running systemd service to install the update
>&2 echo "[steamos-update] applying update..."
if systemctl start --wait pull-update-apply.service; then
>&2 echo "[steamos-update] update installed, reboot to apply"
exit 0
else
>&2 echo "[steamos-update] apply failed; see 'journalctl -u pull-update-apply'"
exit 1
fi
'';
in
{
# Only replace holo-update (and its steamos-update alias) with our
# binary-cache pull script. All other stubs (pkexec, sudo,
# holo-reboot, holo-select-branch, …) come from upstream unchanged.
jovian-stubs = prev.jovian-stubs.overrideAttrs (old: {
buildCommand = (old.buildCommand or "") + ''
install -D -m 755 ${steamos-update-script} $out/bin/holo-update
install -D -m 755 ${steamos-update-script} $out/bin/steamos-update
'';
});
}
)
];
jovian = {
devices.steamdeck.enable = false;
steam = {
enable = true;
autoStart = true;
desktopSession = "niri";
user = username;
};
};
# Jovian-NixOS requires sddm
# https://github.com/Jovian-Experiments/Jovian-NixOS/commit/52f140c07493f8bb6cd0773c7e1afe3e1fd1d1fa
services.displayManager.sddm.wayland.enable = true;
# Disable gamescope from common.nix to avoid conflict with jovian-nixos
programs.gamescope.enable = lib.mkForce false;
}
Reference in New Issue View Git Blame Copy Permalink