idk

flake.nix

@@ -15,6 +15,8 @@
       url = "github:0xc000022070/zen-browser-flake";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    #microvm.url = "github:astro/microvm.nix";
+    #microvm.inputs.nixpkgs.follows = "nixpkgs";
 
     catppuccin.url = "github:catppuccin/nix";
     home-manager = {
@@ -46,6 +48,13 @@
             ./hosts/focalor
             lix-module.nixosModules.default
 
+            /*microvm.nixosModules.host
+            {
+              microvm.autostart = [
+                "windows"
+              ];
+            }*/
+
             vscode-server.nixosModules.default
             agenix.nixosModules.default
 

home/regent/home.nix

@@ -1,4 +1,4 @@
-{ config, pkgs, system, inputs, ... }:
+{ config, pkgs, system, inputs, lib, ... }:
 
 {
   home.username = "regent";
@@ -11,6 +11,36 @@
     /*waybar = { doesnt work for some reason
       enable = true;
     };*/
+    ghostty.enable = true;
+    ghostty.flavor = "mocha";
+    nvim.enable = true;
+    nvim.flavor = "mocha";
+  };
+
+  programs.ghostty.enable = true;
+  programs.ghostty.settings = {
+    font-size = 24;
+    theme = "catppuccin-mocha";
+  };
+
+  programs.neovim.enable = true;
+  programs.neovim = {
+    extraPackages = with pkgs; [
+      lua-language-server
+      stylua
+      ripgrep
+    ];
+
+    plugins = with pkgs.vimPlugins; [
+      lazy-nvim
+    ];
+  };
+
+  home.pointerCursor = {
+    gtk.enable = true;
+    package = pkgs.phinger-cursors;
+    name = "Phinger-cursors-light";
+    size = 48;
   }; 
 
   programs.waybar = {
@@ -46,7 +76,7 @@
 
 
 * {
-  font-family: FantasqueSansMono Nerd Font;
+  font-family: 'Fira Code', monospace;
   font-size: 17px;
   min-height: 0;
 }
@@ -55,22 +85,22 @@ window#waybar {
   padding: 0px;
   margin: 0px;
   border: 0px;
-  background-color:rgb(0, 0, 0);
+  /*background-color:rgb(0, 0, 0);*/
+  background-color: @base;
   color: @text;
 }
 
-window#waybar.empty {
+/*window#waybar.empty {
 	background-color:rgba(255, 255, 255, 0);
-}
+}*/
 
 #workspaces {
   border-radius: 1rem;
   margin: 5px;
-  background-color: @surface0;
   margin-left: 1rem;
+  background-color: rgba(0, 0, 0, 0.21);
 }
 
-
 #workspaces button {
   color: @lavender;
   border-radius: 1rem;
@@ -80,6 +110,7 @@ window#waybar.empty {
 #workspaces button.active {
   color: @sky;
   border-radius: 1rem;
+  background-color: rgba(255, 255, 255, 0.5);
 }
 
 #workspaces button:hover {
@@ -95,35 +126,88 @@ window#waybar.empty {
 #pulseaudio,
 #custom-lock,
 #custom-power {
-  background-color: @surface0;
   padding: 0.5rem 1rem;
   margin: 5px 0;
+  color: @text;
 }
 
 #clock {
-  color: @blue;
+  color: @text;
   border-radius: 0px 1rem 1rem 0px;
   margin-right: 1rem;
 }
-
 '';
     settings = {
       mainBar = {
         layer = "top";
         position = "top";
-        height = 34;
+        mod = "dock";
+        exclusive = true;
+        passthrough = false;
+        #gtk-layer-shell = true;
+        height = 0;
         output = [
           "HDMI-A-1"
-          "DP-2"
+          "DP-1"
+        ];
+        modules-left = [ 
+          "sway/workspaces"
         ];
-        modules-left = [ "sway/workspaces" ];
         modules-center = [ "sway/window" ];
-        modules-right = [ "clock"  ];
+        modules-right = [
+          "pulseaudio"
+          "clock"          
+        ];
 
         "sway/workspaces" = {
           disable-scroll = true;
           sort-by-name = true;
         };
+        tray = {
+          icon-size = 13;
+          tooltip = false;
+          spacing = 10;
+        };
+        network = {
+          format = "󰖩 {essid}";
+          format-disconnected = "󰖪 disconnected";
+        };
+        clock = {
+          format = " {:%I:%M %p   %m/%d} ";
+          tooltip-format = ''
+            <big>{:%Y %B}</big>
+            <tt><small>{calendar}</small></tt>'';
+        };
+
+        pulseaudio = {
+          format = "{icon} {volume}%";
+          tooltip = false;
+          format-muted = " Muted";
+          on-click = "pamixer -t";
+          on-scroll-up = "pamixer -i 5";
+          on-scroll-down = "pamixer -d 5";
+          scroll-step = 5;
+          format-icons = {
+            headphone = "";
+            hands-free = "";
+            headset = "";
+            phone = "";
+            portable = "";
+            car = "";
+            default = [ "" "" "" ];
+          };
+        };
+
+        "pulseaudio#microphone" = {
+          format = "{format_source}";
+          tooltip = false;
+          format-source = " {volume}%";
+          format-source-muted = " Muted";
+          on-click = "pamixer --default-source -t";
+          on-scroll-up = "pamixer --default-source -i 5";
+          on-scroll-down = "pamixer --default-source -d 5";
+          scroll-step = 5;
+        };
       };
     };
   };

hosts/focalor/backup.nix

@@ -0,0 +1,46 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "sd_mod" ];
+  boot.initrd.kernelModules = [
+     "vfio" "vfio_iommu_type1" "vfio_pci"
+     "nvidia" "nvidia-modeset" "nvidia_uvm" "nvidia_drm" 
+  ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.kernelParams = [
+    "amd_iommu=on"
+    "vfio-pci.ids=10de:2484,10de228b,1022:149c,15b7:5045"
+  ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/2009b305-f22d-4d5c-a9d3-c49a2303232b";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/E53C-502F";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/focalor/default.nix

@@ -6,16 +6,19 @@
     # Host-specific hardware
     ./hardware.nix
     ./secrets.nix
+    ./vfio.nix
     
     # Common modules shared across hosts
     ../../common/system.nix
     ../../common/users.nix
     ../../common/services.nix
     ../../common/efi.nix
+    ../../common/bluetooth.nix
 
     # Desktop modules
     ../../common/desktop/core.nix
     ../../common/desktop/sway.nix
+    ../../common/desktop/vnc.nix
 
     # Nvidia
     ../../common/nvidia.nix
@@ -24,7 +27,7 @@
     #../../host-secrets.nix
   ];
 
-  system.stateVersion = "24.11";
+  system.stateVersion = "25.05";
 
   # pin host platform & microcode
   nixpkgs.hostPlatform               = lib.mkDefault "x86_64-linux";
@@ -34,7 +37,37 @@
   networking.hostName = "focalor";
   networking.hostId = "84bdc587";
 
-  networking = {
+  systemd.network = {
+    enable = true;
+    netdevs."br0" = {
+      netdevConfig = {
+        Name = "br0";
+        Kind = "bridge";
+      };
+    };
+    networks = {
+      "10-lan" = {
+        matchConfig.Name = ["enp5s0" "vm-*"];
+        networkConfig = {
+          Bridge = "br0";
+        };
+      };
+      "10-lan-bridge" = {
+        matchConfig.Name = "br0";
+        networkConfig = {
+          Address = ["10.0.0.34/24" "2601:5c2:8400:26c0:aaa1:59ff:fe94:5aba/64"];
+          Gateway = "10.0.0.1";
+          DNS = ["10.0.0.210" "1.1.1.1"];
+          IPv6AcceptRA = true;
+        };
+        linkConfig.RequiredForOnline = "routable";
+      };
+    };
+  };
+
+  programs.steam.enable = true;
+
+  /*networking = {
     firewall.enable = false;
     firewall.trustedInterfaces = [
 	    "tailscale0"
@@ -42,7 +75,7 @@
     nameservers   = [ "10.0.0.210" "1.1.1.1" ];
     useDHCP       = true;
     firewall.allowedTCPPorts = [22 80 443 2456 2457 9000 9001 9002]; 
-  };
+  };*/
 
   services.resolved = {
     enable      = true;
@@ -58,9 +91,21 @@
   #services.zfs.autoScrub.enable = true;
   #services.zfs.trim.enable = true;
   
+  services.vscode-server.enable = true;
+  services.vscode-server.nodejsPackage = pkgs.nodejs_20;
+
+
+  programs.obs-studio = {
+    enable = true;
+    enableVirtualCamera = true;
+    plugins = with pkgs.obs-studio-plugins; [
+      droidcam-obs
+    ];
+  };
+
   environment.systemPackages = with pkgs; [
     #lm_sensors
-    code-server
+    #code-server
     inputs.agenix.packages.x86_64-linux.default
   ];
 
@@ -73,4 +118,13 @@
       buildGoModule = pkgs.buildGo123Module;
     };
   };
+
+  xdg.portal = {
+    enable = true;
+    wlr.enable = true;
+    extraPortals = with pkgs; [
+      xdg-desktop-portal-gtk
+      xdg-desktop-portal-gnome
+    ];
+  };
 }

hosts/focalor/hardware.nix

@@ -9,30 +9,32 @@
     ];
 
   boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "uas" "usbhid" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
+  boot.initrd.kernelModules = [ "vfio" "vfio_iommu_type1" "vfio_pci"  ];
   boot.kernelModules = [ "kvm-amd" ];
+  boot.kernelParams = [
+    "amd_iommu=on"
+    "vfio-pci.ids=10de:2484,10de228b,1022:149c,15b7:5045,1dbe:5236,1022:149c"
+  ];
   boot.extraModulePackages = [ ];
 
   fileSystems."/" =
-    { device = "/dev/disk/by-uuid/01c4129c-ace4-495a-941e-c5fa893a0bb4";
+    { device = "/dev/disk/by-uuid/5d42a325-ba0d-4d40-906b-d28603b433ef";
       fsType = "ext4";
     };
 
   fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/6CCE-47E4";
+    { device = "/dev/disk/by-uuid/404A-728D";
       fsType = "vfat";
-      options = [ "fmask=0077" "dmask=0077" ];
+      options = [ "fmask=0022" "dmask=0022" ];
     };
 
-  swapDevices =
+  swapDevices = [ ];
-    [ { device = "/dev/disk/by-uuid/3029e270-a5f5-4a97-a29b-f2bc3e3a33a8"; }
-    ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's
   # still possible to use this option, but it's recommended to use it in conjunction
   # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
+  # networking.useDHCP = lib.mkDefault true;
   # networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
   # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;
 

hosts/focalor/scripts/vm-win11-hook.sh

@@ -0,0 +1,62 @@
+#!/run/current-system/sw/bin/bash
+
+echo "qemu-hook: ${1} ${2}" >> /tmp/qemu-hook.log
+
+set -x
+
+readonly GUEST_NAME="$1"
+readonly HOOK_NAME="$2"
+readonly STATE_NAME="$3"
+
+function start_hook() {
+  # Stops GUI
+  systemctl isolate multi-user.target
+
+  # Avoids race condition
+  sleep 2
+
+  # Unloads the NVIDIA drivers
+  modprobe -r nvidia_drm
+  modprobe -r nvidia_uvm
+  modprobe -r nvidia_modeset
+  modprobe -r nvidia
+
+  # Other code you might want to run
+}
+
+function revert_hook() {
+  virsh nodedev-reattach pci_0000_0a_00_0
+  virsh nodedev-reattach pci_0000_0a_00_1
+  virsh nodedev-reattach pci_0000_06_00_1
+  virsh nodedev-reattach pci_0000_06_00_3
+  virsh nodedev-reattach pci_0000_0c_00_3
+
+  modprobe -r vfio-pci
+
+  # Loads the NVIDIA drivers
+  modprobe nvidia_modeset
+  modprobe nvidia_uvm
+  modprobe nvidia_drm
+  modprobe nvidia
+
+  modprobe -r xhci_pci
+  modprobe xhci_pci
+
+  # Starts the UI again
+  systemctl restart display-manager
+  systemctl isolate graphical.target
+}
+
+# I am not using the script from Passthrough-Post
+# because hooks option saves it to /var/lib/libvirt/hooks/qemu.d.
+# It's simpler to just rewrite it for NixOS.
+if [[ "$GUEST_NAME" != "win11" ]]; then
+  exit 0
+fi
+
+if [[ "$HOOK_NAME" == "prepare" && "$STATE_NAME" == "begin" ]]; then
+  #start_hook
+  echo "do nothing"
+elif [[ "$HOOK_NAME" == "release" && "$STATE_NAME" == "end" ]]; then
+  revert_hook
+fi

hosts/focalor/vfio.nix

@@ -0,0 +1,43 @@
+{ config, lib, system, pkgs, modulesPath, inputs, ... }:
+
+{
+  programs.virt-manager.enable = true;
+  virtualisation.spiceUSBRedirection.enable = true;
+  virtualisation.libvirtd = {
+    enable = true;
+    qemu = {
+      package = pkgs.qemu_kvm;
+      runAsRoot = true;
+      swtpm.enable = true;
+      ovmf = {
+        enable = true;
+        packages = [(pkgs.OVMF.override {
+          secureBoot = true;
+          tpmSupport = true;
+        }).fd];
+      };
+    };
+    hooks.qemu = {
+      win11 = ./scripts/vm-win11-hook.sh;
+    };
+  };
+
+  systemd.services.libvirtd = {
+    path = let
+      env = pkgs.buildEnv {
+        name = "qemu-hook-env";
+        paths = with pkgs; [
+          bash
+          libvirt
+          kmod
+          systemd
+          ripgrep
+          sd
+        ];
+      };
+    in
+      [ env ];
+  };
+
+  users.extraUsers.regent.extraGroups = [ "libvirtd" ];
+}

modules/immich/default.nix

@@ -0,0 +1,28 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+  cfg = config.modules.immich;
+
+  immichRoot = "/storage/immich";  #TODO make this configurable through nix
+  immichPhotos = "${immichRoot}/photos";
+in
+{
+  options = {
+    modules = {
+      immich = {
+        enable = mkEnableOption "Deploy immich";
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.immich = {
+      enable = true;
+      port = 2283;
+      host = "photos.nekomimi.pet";
+      mediaLocation = immichPhotos;
+      settings = null;
+    };
+  };
+};