diff --git a/README.md b/README.md
old mode 100644
new mode 100755
diff --git a/flake.lock b/flake.lock
old mode 100644
new mode 100755
diff --git a/flake.nix b/flake.nix
old mode 100644
new mode 100755
index bbcf3d8..8c3f80a
--- a/flake.nix
+++ b/flake.nix
@@ -15,6 +15,8 @@
url = "github:0xc000022070/zen-browser-flake";
inputs.nixpkgs.follows = "nixpkgs";
};
+ #microvm.url = "github:astro/microvm.nix";
+ #microvm.inputs.nixpkgs.follows = "nixpkgs";
catppuccin.url = "github:catppuccin/nix";
home-manager = {
@@ -46,6 +48,13 @@
./hosts/focalor
lix-module.nixosModules.default
+ /*microvm.nixosModules.host
+ {
+ microvm.autostart = [
+ "windows"
+ ];
+ }*/
+
vscode-server.nixosModules.default
agenix.nixosModules.default
diff --git a/home/regent/home.nix b/home/regent/home.nix
old mode 100644
new mode 100755
index 017d8d5..a72a81f
--- a/home/regent/home.nix
+++ b/home/regent/home.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, system, inputs, ... }:
+{ config, pkgs, system, inputs, lib, ... }:
{
home.username = "regent";
@@ -11,8 +11,38 @@
/*waybar = { doesnt work for some reason
enable = true;
};*/
+ ghostty.enable = true;
+ ghostty.flavor = "mocha";
+ nvim.enable = true;
+ nvim.flavor = "mocha";
};
+ programs.ghostty.enable = true;
+ programs.ghostty.settings = {
+ font-size = 24;
+ theme = "catppuccin-mocha";
+ };
+
+ programs.neovim.enable = true;
+ programs.neovim = {
+ extraPackages = with pkgs; [
+ lua-language-server
+ stylua
+ ripgrep
+ ];
+
+ plugins = with pkgs.vimPlugins; [
+ lazy-nvim
+ ];
+ };
+
+ home.pointerCursor = {
+ gtk.enable = true;
+ package = pkgs.phinger-cursors;
+ name = "Phinger-cursors-light";
+ size = 48;
+ };
+
programs.waybar = {
enable = true;
style =
@@ -46,7 +76,7 @@
* {
- font-family: FantasqueSansMono Nerd Font;
+ font-family: 'Fira Code', monospace;
font-size: 17px;
min-height: 0;
}
@@ -55,22 +85,22 @@ window#waybar {
padding: 0px;
margin: 0px;
border: 0px;
- background-color:rgb(0, 0, 0);
+ /*background-color:rgb(0, 0, 0);*/
+ background-color: @base;
color: @text;
}
-window#waybar.empty {
+/*window#waybar.empty {
background-color:rgba(255, 255, 255, 0);
-}
+}*/
#workspaces {
border-radius: 1rem;
margin: 5px;
- background-color: @surface0;
margin-left: 1rem;
+ background-color: rgba(0, 0, 0, 0.21);
}
-
#workspaces button {
color: @lavender;
border-radius: 1rem;
@@ -80,6 +110,7 @@ window#waybar.empty {
#workspaces button.active {
color: @sky;
border-radius: 1rem;
+ background-color: rgba(255, 255, 255, 0.5);
}
#workspaces button:hover {
@@ -95,35 +126,88 @@ window#waybar.empty {
#pulseaudio,
#custom-lock,
#custom-power {
- background-color: @surface0;
padding: 0.5rem 1rem;
margin: 5px 0;
+ color: @text;
}
#clock {
- color: @blue;
+ color: @text;
border-radius: 0px 1rem 1rem 0px;
margin-right: 1rem;
}
-
'';
settings = {
mainBar = {
layer = "top";
position = "top";
- height = 34;
+ mod = "dock";
+ exclusive = true;
+ passthrough = false;
+ #gtk-layer-shell = true;
+ height = 0;
output = [
"HDMI-A-1"
- "DP-2"
+ "DP-1"
+ ];
+ modules-left = [
+ "sway/workspaces"
];
- modules-left = [ "sway/workspaces" ];
modules-center = [ "sway/window" ];
- modules-right = [ "clock" ];
+ modules-right = [
+ "pulseaudio"
+ "clock"
+ ];
"sway/workspaces" = {
disable-scroll = true;
sort-by-name = true;
};
+ tray = {
+ icon-size = 13;
+ tooltip = false;
+ spacing = 10;
+ };
+ network = {
+ format = " {essid}";
+ format-disconnected = " disconnected";
+ };
+ clock = {
+ format = " {:%I:%M %p %m/%d} ";
+ tooltip-format = ''
+ {:%Y %B}
+ {calendar}'';
+ };
+
+ pulseaudio = {
+ format = "{icon} {volume}%";
+ tooltip = false;
+ format-muted = " Muted";
+ on-click = "pamixer -t";
+ on-scroll-up = "pamixer -i 5";
+ on-scroll-down = "pamixer -d 5";
+ scroll-step = 5;
+ format-icons = {
+ headphone = "";
+ hands-free = "";
+ headset = "";
+ phone = "";
+ portable = "";
+ car = "";
+ default = [ "" "" "" ];
+ };
+ };
+
+ "pulseaudio#microphone" = {
+ format = "{format_source}";
+ tooltip = false;
+ format-source = " {volume}%";
+ format-source-muted = " Muted";
+ on-click = "pamixer --default-source -t";
+ on-scroll-up = "pamixer --default-source -i 5";
+ on-scroll-down = "pamixer --default-source -d 5";
+ scroll-step = 5;
+ };
};
};
};
diff --git a/host-secrets.nix b/host-secrets.nix
old mode 100644
new mode 100755
diff --git a/hosts/buer/default.nix b/hosts/buer/default.nix
old mode 100644
new mode 100755
diff --git a/hosts/buer/hardware.nix b/hosts/buer/hardware.nix
old mode 100644
new mode 100755
diff --git a/hosts/buer/secrets.nix b/hosts/buer/secrets.nix
old mode 100644
new mode 100755
diff --git a/hosts/focalor/backup.nix b/hosts/focalor/backup.nix
new file mode 100755
index 0000000..d17b906
--- /dev/null
+++ b/hosts/focalor/backup.nix
@@ -0,0 +1,46 @@
+# Do not modify this file! It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations. Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+ imports =
+ [ (modulesPath + "/installer/scan/not-detected.nix")
+ ];
+
+ boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "sd_mod" ];
+ boot.initrd.kernelModules = [
+ "vfio" "vfio_iommu_type1" "vfio_pci"
+ "nvidia" "nvidia-modeset" "nvidia_uvm" "nvidia_drm"
+ ];
+ boot.kernelModules = [ "kvm-amd" ];
+ boot.kernelParams = [
+ "amd_iommu=on"
+ "vfio-pci.ids=10de:2484,10de228b,1022:149c,15b7:5045"
+ ];
+ boot.extraModulePackages = [ ];
+
+ fileSystems."/" =
+ { device = "/dev/disk/by-uuid/2009b305-f22d-4d5c-a9d3-c49a2303232b";
+ fsType = "ext4";
+ };
+
+ fileSystems."/boot" =
+ { device = "/dev/disk/by-uuid/E53C-502F";
+ fsType = "vfat";
+ options = [ "fmask=0077" "dmask=0077" ];
+ };
+
+ swapDevices = [ ];
+
+ # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+ # (the default) this is the recommended approach. When using systemd-networkd it's
+ # still possible to use this option, but it's recommended to use it in conjunction
+ # with explicit per-interface declarations with `networking.interfaces..useDHCP`.
+ networking.useDHCP = lib.mkDefault true;
+ # networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
+ # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
+
+ nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+ hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
diff --git a/hosts/focalor/default.nix b/hosts/focalor/default.nix
old mode 100644
new mode 100755
index 80f6a7a..6d650ea
--- a/hosts/focalor/default.nix
+++ b/hosts/focalor/default.nix
@@ -6,16 +6,19 @@
# Host-specific hardware
./hardware.nix
./secrets.nix
+ ./vfio.nix
# Common modules shared across hosts
../../common/system.nix
../../common/users.nix
../../common/services.nix
../../common/efi.nix
+ ../../common/bluetooth.nix
# Desktop modules
../../common/desktop/core.nix
../../common/desktop/sway.nix
+ ../../common/desktop/vnc.nix
# Nvidia
../../common/nvidia.nix
@@ -24,7 +27,7 @@
#../../host-secrets.nix
];
- system.stateVersion = "24.11";
+ system.stateVersion = "25.05";
# pin host platform & microcode
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
@@ -34,7 +37,37 @@
networking.hostName = "focalor";
networking.hostId = "84bdc587";
- networking = {
+ systemd.network = {
+ enable = true;
+ netdevs."br0" = {
+ netdevConfig = {
+ Name = "br0";
+ Kind = "bridge";
+ };
+ };
+ networks = {
+ "10-lan" = {
+ matchConfig.Name = ["enp5s0" "vm-*"];
+ networkConfig = {
+ Bridge = "br0";
+ };
+ };
+ "10-lan-bridge" = {
+ matchConfig.Name = "br0";
+ networkConfig = {
+ Address = ["10.0.0.34/24" "2601:5c2:8400:26c0:aaa1:59ff:fe94:5aba/64"];
+ Gateway = "10.0.0.1";
+ DNS = ["10.0.0.210" "1.1.1.1"];
+ IPv6AcceptRA = true;
+ };
+ linkConfig.RequiredForOnline = "routable";
+ };
+ };
+ };
+
+ programs.steam.enable = true;
+
+ /*networking = {
firewall.enable = false;
firewall.trustedInterfaces = [
"tailscale0"
@@ -42,7 +75,7 @@
nameservers = [ "10.0.0.210" "1.1.1.1" ];
useDHCP = true;
firewall.allowedTCPPorts = [22 80 443 2456 2457 9000 9001 9002];
- };
+ };*/
services.resolved = {
enable = true;
@@ -57,10 +90,22 @@
#services.zfs.autoScrub.enable = true;
#services.zfs.trim.enable = true;
+
+ services.vscode-server.enable = true;
+ services.vscode-server.nodejsPackage = pkgs.nodejs_20;
+
+
+ programs.obs-studio = {
+ enable = true;
+ enableVirtualCamera = true;
+ plugins = with pkgs.obs-studio-plugins; [
+ droidcam-obs
+ ];
+ };
environment.systemPackages = with pkgs; [
#lm_sensors
- code-server
+ #code-server
inputs.agenix.packages.x86_64-linux.default
];
@@ -73,4 +118,13 @@
buildGoModule = pkgs.buildGo123Module;
};
};
+
+ xdg.portal = {
+ enable = true;
+ wlr.enable = true;
+ extraPortals = with pkgs; [
+ xdg-desktop-portal-gtk
+ xdg-desktop-portal-gnome
+ ];
+ };
}
diff --git a/hosts/focalor/hardware.nix b/hosts/focalor/hardware.nix
old mode 100644
new mode 100755
index ec76a06..126d39c
--- a/hosts/focalor/hardware.nix
+++ b/hosts/focalor/hardware.nix
@@ -9,30 +9,32 @@
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "uas" "usbhid" "sd_mod" ];
- boot.initrd.kernelModules = [ ];
+ boot.initrd.kernelModules = [ "vfio" "vfio_iommu_type1" "vfio_pci" ];
boot.kernelModules = [ "kvm-amd" ];
+ boot.kernelParams = [
+ "amd_iommu=on"
+ "vfio-pci.ids=10de:2484,10de228b,1022:149c,15b7:5045,1dbe:5236,1022:149c"
+ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
- { device = "/dev/disk/by-uuid/01c4129c-ace4-495a-941e-c5fa893a0bb4";
+ { device = "/dev/disk/by-uuid/5d42a325-ba0d-4d40-906b-d28603b433ef";
fsType = "ext4";
};
fileSystems."/boot" =
- { device = "/dev/disk/by-uuid/6CCE-47E4";
+ { device = "/dev/disk/by-uuid/404A-728D";
fsType = "vfat";
- options = [ "fmask=0077" "dmask=0077" ];
+ options = [ "fmask=0022" "dmask=0022" ];
};
- swapDevices =
- [ { device = "/dev/disk/by-uuid/3029e270-a5f5-4a97-a29b-f2bc3e3a33a8"; }
- ];
+ swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces..useDHCP`.
- networking.useDHCP = lib.mkDefault true;
+ # networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
diff --git a/hosts/focalor/scripts/vm-win11-hook.sh b/hosts/focalor/scripts/vm-win11-hook.sh
new file mode 100755
index 0000000..fab6c4f
--- /dev/null
+++ b/hosts/focalor/scripts/vm-win11-hook.sh
@@ -0,0 +1,62 @@
+#!/run/current-system/sw/bin/bash
+
+echo "qemu-hook: ${1} ${2}" >> /tmp/qemu-hook.log
+
+set -x
+
+readonly GUEST_NAME="$1"
+readonly HOOK_NAME="$2"
+readonly STATE_NAME="$3"
+
+function start_hook() {
+ # Stops GUI
+ systemctl isolate multi-user.target
+
+ # Avoids race condition
+ sleep 2
+
+ # Unloads the NVIDIA drivers
+ modprobe -r nvidia_drm
+ modprobe -r nvidia_uvm
+ modprobe -r nvidia_modeset
+ modprobe -r nvidia
+
+ # Other code you might want to run
+}
+
+function revert_hook() {
+ virsh nodedev-reattach pci_0000_0a_00_0
+ virsh nodedev-reattach pci_0000_0a_00_1
+ virsh nodedev-reattach pci_0000_06_00_1
+ virsh nodedev-reattach pci_0000_06_00_3
+ virsh nodedev-reattach pci_0000_0c_00_3
+
+ modprobe -r vfio-pci
+
+ # Loads the NVIDIA drivers
+ modprobe nvidia_modeset
+ modprobe nvidia_uvm
+ modprobe nvidia_drm
+ modprobe nvidia
+
+ modprobe -r xhci_pci
+ modprobe xhci_pci
+
+ # Starts the UI again
+ systemctl restart display-manager
+ systemctl isolate graphical.target
+}
+
+# I am not using the script from Passthrough-Post
+# because hooks option saves it to /var/lib/libvirt/hooks/qemu.d.
+# It's simpler to just rewrite it for NixOS.
+if [[ "$GUEST_NAME" != "win11" ]]; then
+ exit 0
+fi
+
+if [[ "$HOOK_NAME" == "prepare" && "$STATE_NAME" == "begin" ]]; then
+ #start_hook
+ echo "do nothing"
+elif [[ "$HOOK_NAME" == "release" && "$STATE_NAME" == "end" ]]; then
+ revert_hook
+fi
diff --git a/hosts/focalor/secrets.nix b/hosts/focalor/secrets.nix
old mode 100644
new mode 100755
diff --git a/hosts/focalor/vfio.nix b/hosts/focalor/vfio.nix
new file mode 100755
index 0000000..85b3b1c
--- /dev/null
+++ b/hosts/focalor/vfio.nix
@@ -0,0 +1,43 @@
+{ config, lib, system, pkgs, modulesPath, inputs, ... }:
+
+{
+ programs.virt-manager.enable = true;
+ virtualisation.spiceUSBRedirection.enable = true;
+ virtualisation.libvirtd = {
+ enable = true;
+ qemu = {
+ package = pkgs.qemu_kvm;
+ runAsRoot = true;
+ swtpm.enable = true;
+ ovmf = {
+ enable = true;
+ packages = [(pkgs.OVMF.override {
+ secureBoot = true;
+ tpmSupport = true;
+ }).fd];
+ };
+ };
+ hooks.qemu = {
+ win11 = ./scripts/vm-win11-hook.sh;
+ };
+ };
+
+ systemd.services.libvirtd = {
+ path = let
+ env = pkgs.buildEnv {
+ name = "qemu-hook-env";
+ paths = with pkgs; [
+ bash
+ libvirt
+ kmod
+ systemd
+ ripgrep
+ sd
+ ];
+ };
+ in
+ [ env ];
+ };
+
+ users.extraUsers.regent.extraGroups = [ "libvirtd" ];
+}
diff --git a/hosts/valefar/default.nix b/hosts/valefar/default.nix
old mode 100644
new mode 100755
diff --git a/hosts/valefar/hardware.nix b/hosts/valefar/hardware.nix
old mode 100644
new mode 100755
diff --git a/hosts/valefar/secrets.nix b/hosts/valefar/secrets.nix
old mode 100644
new mode 100755
diff --git a/modules/immich/default.nix b/modules/immich/default.nix
new file mode 100644
index 0000000..16715d4
--- /dev/null
+++ b/modules/immich/default.nix
@@ -0,0 +1,28 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+ cfg = config.modules.immich;
+
+ immichRoot = "/storage/immich"; #TODO make this configurable through nix
+ immichPhotos = "${immichRoot}/photos";
+in
+{
+ options = {
+ modules = {
+ immich = {
+ enable = mkEnableOption "Deploy immich";
+ };
+ };
+ };
+
+ config = mkIf cfg.enable {
+ services.immich = {
+ enable = true;
+ port = 2283;
+ host = "photos.nekomimi.pet";
+ mediaLocation = immichPhotos;
+ settings = null;
+ };
+ };
+};
\ No newline at end of file
diff --git a/secrets/build-token.age b/secrets/build-token.age
old mode 100644
new mode 100755
diff --git a/secrets/garage-admin-token.age b/secrets/garage-admin-token.age
old mode 100644
new mode 100755
diff --git a/secrets/garage-metrics-token.age b/secrets/garage-metrics-token.age
old mode 100644
new mode 100755
diff --git a/secrets/garage-rpc-secret.age b/secrets/garage-rpc-secret.age
old mode 100644
new mode 100755
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
old mode 100644
new mode 100755