From 9dc034ec86779ce322a3964e39e3e2b95dfbce62 Mon Sep 17 00:00:00 2001 From: waveringana Date: Mon, 16 Jun 2025 06:44:50 -0400 Subject: [PATCH 1/2] idk --- README.md | 0 flake.lock | 0 flake.nix | 9 ++ home/regent/home.nix | 112 +++++++++++++++++++++---- host-secrets.nix | 0 hosts/buer/default.nix | 0 hosts/buer/hardware.nix | 0 hosts/buer/secrets.nix | 0 hosts/focalor/backup.nix | 46 ++++++++++ hosts/focalor/default.nix | 62 +++++++++++++- hosts/focalor/hardware.nix | 18 ++-- hosts/focalor/scripts/vm-win11-hook.sh | 62 ++++++++++++++ hosts/focalor/secrets.nix | 0 hosts/focalor/vfio.nix | 43 ++++++++++ hosts/valefar/default.nix | 0 hosts/valefar/hardware.nix | 0 hosts/valefar/secrets.nix | 0 modules/immich/default.nix | 28 +++++++ secrets/build-token.age | Bin secrets/garage-admin-token.age | Bin secrets/garage-metrics-token.age | Bin secrets/garage-rpc-secret.age | Bin secrets/secrets.nix | 0 23 files changed, 354 insertions(+), 26 deletions(-) mode change 100644 => 100755 README.md mode change 100644 => 100755 flake.lock mode change 100644 => 100755 flake.nix mode change 100644 => 100755 home/regent/home.nix mode change 100644 => 100755 host-secrets.nix mode change 100644 => 100755 hosts/buer/default.nix mode change 100644 => 100755 hosts/buer/hardware.nix mode change 100644 => 100755 hosts/buer/secrets.nix create mode 100755 hosts/focalor/backup.nix mode change 100644 => 100755 hosts/focalor/default.nix mode change 100644 => 100755 hosts/focalor/hardware.nix create mode 100755 hosts/focalor/scripts/vm-win11-hook.sh mode change 100644 => 100755 hosts/focalor/secrets.nix create mode 100755 hosts/focalor/vfio.nix mode change 100644 => 100755 hosts/valefar/default.nix mode change 100644 => 100755 hosts/valefar/hardware.nix mode change 100644 => 100755 hosts/valefar/secrets.nix create mode 100644 modules/immich/default.nix mode change 100644 => 100755 secrets/build-token.age mode change 100644 => 100755 secrets/garage-admin-token.age mode change 100644 => 100755 secrets/garage-metrics-token.age mode change 100644 => 100755 secrets/garage-rpc-secret.age mode change 100644 => 100755 secrets/secrets.nix diff --git a/README.md b/README.md old mode 100644 new mode 100755 diff --git a/flake.lock b/flake.lock old mode 100644 new mode 100755 diff --git a/flake.nix b/flake.nix old mode 100644 new mode 100755 index bbcf3d8..8c3f80a --- a/flake.nix +++ b/flake.nix @@ -15,6 +15,8 @@ url = "github:0xc000022070/zen-browser-flake"; inputs.nixpkgs.follows = "nixpkgs"; }; + #microvm.url = "github:astro/microvm.nix"; + #microvm.inputs.nixpkgs.follows = "nixpkgs"; catppuccin.url = "github:catppuccin/nix"; home-manager = { @@ -46,6 +48,13 @@ ./hosts/focalor lix-module.nixosModules.default + /*microvm.nixosModules.host + { + microvm.autostart = [ + "windows" + ]; + }*/ + vscode-server.nixosModules.default agenix.nixosModules.default diff --git a/home/regent/home.nix b/home/regent/home.nix old mode 100644 new mode 100755 index 017d8d5..a72a81f --- a/home/regent/home.nix +++ b/home/regent/home.nix @@ -1,4 +1,4 @@ -{ config, pkgs, system, inputs, ... }: +{ config, pkgs, system, inputs, lib, ... }: { home.username = "regent"; @@ -11,8 +11,38 @@ /*waybar = { doesnt work for some reason enable = true; };*/ + ghostty.enable = true; + ghostty.flavor = "mocha"; + nvim.enable = true; + nvim.flavor = "mocha"; }; + programs.ghostty.enable = true; + programs.ghostty.settings = { + font-size = 24; + theme = "catppuccin-mocha"; + }; + + programs.neovim.enable = true; + programs.neovim = { + extraPackages = with pkgs; [ + lua-language-server + stylua + ripgrep + ]; + + plugins = with pkgs.vimPlugins; [ + lazy-nvim + ]; + }; + + home.pointerCursor = { + gtk.enable = true; + package = pkgs.phinger-cursors; + name = "Phinger-cursors-light"; + size = 48; + }; + programs.waybar = { enable = true; style = @@ -46,7 +76,7 @@ * { - font-family: FantasqueSansMono Nerd Font; + font-family: 'Fira Code', monospace; font-size: 17px; min-height: 0; } @@ -55,22 +85,22 @@ window#waybar { padding: 0px; margin: 0px; border: 0px; - background-color:rgb(0, 0, 0); + /*background-color:rgb(0, 0, 0);*/ + background-color: @base; color: @text; } -window#waybar.empty { +/*window#waybar.empty { background-color:rgba(255, 255, 255, 0); -} +}*/ #workspaces { border-radius: 1rem; margin: 5px; - background-color: @surface0; margin-left: 1rem; + background-color: rgba(0, 0, 0, 0.21); } - #workspaces button { color: @lavender; border-radius: 1rem; @@ -80,6 +110,7 @@ window#waybar.empty { #workspaces button.active { color: @sky; border-radius: 1rem; + background-color: rgba(255, 255, 255, 0.5); } #workspaces button:hover { @@ -95,35 +126,88 @@ window#waybar.empty { #pulseaudio, #custom-lock, #custom-power { - background-color: @surface0; padding: 0.5rem 1rem; margin: 5px 0; + color: @text; } #clock { - color: @blue; + color: @text; border-radius: 0px 1rem 1rem 0px; margin-right: 1rem; } - ''; settings = { mainBar = { layer = "top"; position = "top"; - height = 34; + mod = "dock"; + exclusive = true; + passthrough = false; + #gtk-layer-shell = true; + height = 0; output = [ "HDMI-A-1" - "DP-2" + "DP-1" + ]; + modules-left = [ + "sway/workspaces" ]; - modules-left = [ "sway/workspaces" ]; modules-center = [ "sway/window" ]; - modules-right = [ "clock" ]; + modules-right = [ + "pulseaudio" + "clock" + ]; "sway/workspaces" = { disable-scroll = true; sort-by-name = true; }; + tray = { + icon-size = 13; + tooltip = false; + spacing = 10; + }; + network = { + format = "󰖩 {essid}"; + format-disconnected = "󰖪 disconnected"; + }; + clock = { + format = " {:%I:%M %p %m/%d} "; + tooltip-format = '' + {:%Y %B} + {calendar}''; + }; + + pulseaudio = { + format = "{icon} {volume}%"; + tooltip = false; + format-muted = " Muted"; + on-click = "pamixer -t"; + on-scroll-up = "pamixer -i 5"; + on-scroll-down = "pamixer -d 5"; + scroll-step = 5; + format-icons = { + headphone = ""; + hands-free = ""; + headset = ""; + phone = ""; + portable = ""; + car = ""; + default = [ "" "" "" ]; + }; + }; + + "pulseaudio#microphone" = { + format = "{format_source}"; + tooltip = false; + format-source = " {volume}%"; + format-source-muted = " Muted"; + on-click = "pamixer --default-source -t"; + on-scroll-up = "pamixer --default-source -i 5"; + on-scroll-down = "pamixer --default-source -d 5"; + scroll-step = 5; + }; }; }; }; diff --git a/host-secrets.nix b/host-secrets.nix old mode 100644 new mode 100755 diff --git a/hosts/buer/default.nix b/hosts/buer/default.nix old mode 100644 new mode 100755 diff --git a/hosts/buer/hardware.nix b/hosts/buer/hardware.nix old mode 100644 new mode 100755 diff --git a/hosts/buer/secrets.nix b/hosts/buer/secrets.nix old mode 100644 new mode 100755 diff --git a/hosts/focalor/backup.nix b/hosts/focalor/backup.nix new file mode 100755 index 0000000..d17b906 --- /dev/null +++ b/hosts/focalor/backup.nix @@ -0,0 +1,46 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ + "vfio" "vfio_iommu_type1" "vfio_pci" + "nvidia" "nvidia-modeset" "nvidia_uvm" "nvidia_drm" + ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.kernelParams = [ + "amd_iommu=on" + "vfio-pci.ids=10de:2484,10de228b,1022:149c,15b7:5045" + ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/2009b305-f22d-4d5c-a9d3-c49a2303232b"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/E53C-502F"; + fsType = "vfat"; + options = [ "fmask=0077" "dmask=0077" ]; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp5s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/focalor/default.nix b/hosts/focalor/default.nix old mode 100644 new mode 100755 index 80f6a7a..6d650ea --- a/hosts/focalor/default.nix +++ b/hosts/focalor/default.nix @@ -6,16 +6,19 @@ # Host-specific hardware ./hardware.nix ./secrets.nix + ./vfio.nix # Common modules shared across hosts ../../common/system.nix ../../common/users.nix ../../common/services.nix ../../common/efi.nix + ../../common/bluetooth.nix # Desktop modules ../../common/desktop/core.nix ../../common/desktop/sway.nix + ../../common/desktop/vnc.nix # Nvidia ../../common/nvidia.nix @@ -24,7 +27,7 @@ #../../host-secrets.nix ]; - system.stateVersion = "24.11"; + system.stateVersion = "25.05"; # pin host platform & microcode nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; @@ -34,7 +37,37 @@ networking.hostName = "focalor"; networking.hostId = "84bdc587"; - networking = { + systemd.network = { + enable = true; + netdevs."br0" = { + netdevConfig = { + Name = "br0"; + Kind = "bridge"; + }; + }; + networks = { + "10-lan" = { + matchConfig.Name = ["enp5s0" "vm-*"]; + networkConfig = { + Bridge = "br0"; + }; + }; + "10-lan-bridge" = { + matchConfig.Name = "br0"; + networkConfig = { + Address = ["10.0.0.34/24" "2601:5c2:8400:26c0:aaa1:59ff:fe94:5aba/64"]; + Gateway = "10.0.0.1"; + DNS = ["10.0.0.210" "1.1.1.1"]; + IPv6AcceptRA = true; + }; + linkConfig.RequiredForOnline = "routable"; + }; + }; + }; + + programs.steam.enable = true; + + /*networking = { firewall.enable = false; firewall.trustedInterfaces = [ "tailscale0" @@ -42,7 +75,7 @@ nameservers = [ "10.0.0.210" "1.1.1.1" ]; useDHCP = true; firewall.allowedTCPPorts = [22 80 443 2456 2457 9000 9001 9002]; - }; + };*/ services.resolved = { enable = true; @@ -57,10 +90,22 @@ #services.zfs.autoScrub.enable = true; #services.zfs.trim.enable = true; + + services.vscode-server.enable = true; + services.vscode-server.nodejsPackage = pkgs.nodejs_20; + + + programs.obs-studio = { + enable = true; + enableVirtualCamera = true; + plugins = with pkgs.obs-studio-plugins; [ + droidcam-obs + ]; + }; environment.systemPackages = with pkgs; [ #lm_sensors - code-server + #code-server inputs.agenix.packages.x86_64-linux.default ]; @@ -73,4 +118,13 @@ buildGoModule = pkgs.buildGo123Module; }; }; + + xdg.portal = { + enable = true; + wlr.enable = true; + extraPortals = with pkgs; [ + xdg-desktop-portal-gtk + xdg-desktop-portal-gnome + ]; + }; } diff --git a/hosts/focalor/hardware.nix b/hosts/focalor/hardware.nix old mode 100644 new mode 100755 index ec76a06..126d39c --- a/hosts/focalor/hardware.nix +++ b/hosts/focalor/hardware.nix @@ -9,30 +9,32 @@ ]; boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "uas" "usbhid" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; + boot.initrd.kernelModules = [ "vfio" "vfio_iommu_type1" "vfio_pci" ]; boot.kernelModules = [ "kvm-amd" ]; + boot.kernelParams = [ + "amd_iommu=on" + "vfio-pci.ids=10de:2484,10de228b,1022:149c,15b7:5045,1dbe:5236,1022:149c" + ]; boot.extraModulePackages = [ ]; fileSystems."/" = - { device = "/dev/disk/by-uuid/01c4129c-ace4-495a-941e-c5fa893a0bb4"; + { device = "/dev/disk/by-uuid/5d42a325-ba0d-4d40-906b-d28603b433ef"; fsType = "ext4"; }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/6CCE-47E4"; + { device = "/dev/disk/by-uuid/404A-728D"; fsType = "vfat"; - options = [ "fmask=0077" "dmask=0077" ]; + options = [ "fmask=0022" "dmask=0022" ]; }; - swapDevices = - [ { device = "/dev/disk/by-uuid/3029e270-a5f5-4a97-a29b-f2bc3e3a33a8"; } - ]; + swapDevices = [ ]; # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; + # networking.useDHCP = lib.mkDefault true; # networking.interfaces.enp5s0.useDHCP = lib.mkDefault true; # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true; diff --git a/hosts/focalor/scripts/vm-win11-hook.sh b/hosts/focalor/scripts/vm-win11-hook.sh new file mode 100755 index 0000000..fab6c4f --- /dev/null +++ b/hosts/focalor/scripts/vm-win11-hook.sh @@ -0,0 +1,62 @@ +#!/run/current-system/sw/bin/bash + +echo "qemu-hook: ${1} ${2}" >> /tmp/qemu-hook.log + +set -x + +readonly GUEST_NAME="$1" +readonly HOOK_NAME="$2" +readonly STATE_NAME="$3" + +function start_hook() { + # Stops GUI + systemctl isolate multi-user.target + + # Avoids race condition + sleep 2 + + # Unloads the NVIDIA drivers + modprobe -r nvidia_drm + modprobe -r nvidia_uvm + modprobe -r nvidia_modeset + modprobe -r nvidia + + # Other code you might want to run +} + +function revert_hook() { + virsh nodedev-reattach pci_0000_0a_00_0 + virsh nodedev-reattach pci_0000_0a_00_1 + virsh nodedev-reattach pci_0000_06_00_1 + virsh nodedev-reattach pci_0000_06_00_3 + virsh nodedev-reattach pci_0000_0c_00_3 + + modprobe -r vfio-pci + + # Loads the NVIDIA drivers + modprobe nvidia_modeset + modprobe nvidia_uvm + modprobe nvidia_drm + modprobe nvidia + + modprobe -r xhci_pci + modprobe xhci_pci + + # Starts the UI again + systemctl restart display-manager + systemctl isolate graphical.target +} + +# I am not using the script from Passthrough-Post +# because hooks option saves it to /var/lib/libvirt/hooks/qemu.d. +# It's simpler to just rewrite it for NixOS. +if [[ "$GUEST_NAME" != "win11" ]]; then + exit 0 +fi + +if [[ "$HOOK_NAME" == "prepare" && "$STATE_NAME" == "begin" ]]; then + #start_hook + echo "do nothing" +elif [[ "$HOOK_NAME" == "release" && "$STATE_NAME" == "end" ]]; then + revert_hook +fi diff --git a/hosts/focalor/secrets.nix b/hosts/focalor/secrets.nix old mode 100644 new mode 100755 diff --git a/hosts/focalor/vfio.nix b/hosts/focalor/vfio.nix new file mode 100755 index 0000000..85b3b1c --- /dev/null +++ b/hosts/focalor/vfio.nix @@ -0,0 +1,43 @@ +{ config, lib, system, pkgs, modulesPath, inputs, ... }: + +{ + programs.virt-manager.enable = true; + virtualisation.spiceUSBRedirection.enable = true; + virtualisation.libvirtd = { + enable = true; + qemu = { + package = pkgs.qemu_kvm; + runAsRoot = true; + swtpm.enable = true; + ovmf = { + enable = true; + packages = [(pkgs.OVMF.override { + secureBoot = true; + tpmSupport = true; + }).fd]; + }; + }; + hooks.qemu = { + win11 = ./scripts/vm-win11-hook.sh; + }; + }; + + systemd.services.libvirtd = { + path = let + env = pkgs.buildEnv { + name = "qemu-hook-env"; + paths = with pkgs; [ + bash + libvirt + kmod + systemd + ripgrep + sd + ]; + }; + in + [ env ]; + }; + + users.extraUsers.regent.extraGroups = [ "libvirtd" ]; +} diff --git a/hosts/valefar/default.nix b/hosts/valefar/default.nix old mode 100644 new mode 100755 diff --git a/hosts/valefar/hardware.nix b/hosts/valefar/hardware.nix old mode 100644 new mode 100755 diff --git a/hosts/valefar/secrets.nix b/hosts/valefar/secrets.nix old mode 100644 new mode 100755 diff --git a/modules/immich/default.nix b/modules/immich/default.nix new file mode 100644 index 0000000..16715d4 --- /dev/null +++ b/modules/immich/default.nix @@ -0,0 +1,28 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.modules.immich; + + immichRoot = "/storage/immich"; #TODO make this configurable through nix + immichPhotos = "${immichRoot}/photos"; +in +{ + options = { + modules = { + immich = { + enable = mkEnableOption "Deploy immich"; + }; + }; + }; + + config = mkIf cfg.enable { + services.immich = { + enable = true; + port = 2283; + host = "photos.nekomimi.pet"; + mediaLocation = immichPhotos; + settings = null; + }; + }; +}; \ No newline at end of file diff --git a/secrets/build-token.age b/secrets/build-token.age old mode 100644 new mode 100755 diff --git a/secrets/garage-admin-token.age b/secrets/garage-admin-token.age old mode 100644 new mode 100755 diff --git a/secrets/garage-metrics-token.age b/secrets/garage-metrics-token.age old mode 100644 new mode 100755 diff --git a/secrets/garage-rpc-secret.age b/secrets/garage-rpc-secret.age old mode 100644 new mode 100755 diff --git a/secrets/secrets.nix b/secrets/secrets.nix old mode 100644 new mode 100755 From 2a961aaa91cc3239d187c7b15f6bd2059ac17bb7 Mon Sep 17 00:00:00 2001 From: waveringana Date: Mon, 16 Jun 2025 07:29:55 -0400 Subject: [PATCH 2/2] fixes --- hosts/valefar/default.nix | 14 ++++++++------ modules/immich/default.nix | 4 ++-- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/hosts/valefar/default.nix b/hosts/valefar/default.nix index 1d30010..930943d 100755 --- a/hosts/valefar/default.nix +++ b/hosts/valefar/default.nix @@ -21,6 +21,7 @@ # Enable modules modules.garage.enable = true; modules.forgejo.enable = true; + modules.immich.enable = true; system.stateVersion = "24.11"; @@ -80,22 +81,23 @@ wants = [ "systemd-udev-settle.service" ]; }; - systemd.mounts = [ - { + systemd.mounts = [{ what = "garage"; where = "/garage"; type = "zfs"; after = [ "zfs-import-scan.service" ]; wants = [ "zfs-import-scan.service" ]; - } - { + } { what = "storage"; where = "/storage"; type = "zfs"; after = [ "zfs-import-scan.service" ]; wants = [ "zfs-import-scan.service" ]; - } -]; + }]; + + systemd.tmpfiles.rules = [ + "d /storage/immich 0755 immich immich -" + ]; services.zfs.autoScrub.enable = true; services.zfs.trim.enable = true; diff --git a/modules/immich/default.nix b/modules/immich/default.nix index 16715d4..c73f29f 100644 --- a/modules/immich/default.nix +++ b/modules/immich/default.nix @@ -20,9 +20,9 @@ in services.immich = { enable = true; port = 2283; - host = "photos.nekomimi.pet"; + host = "0.0.0.0"; mediaLocation = immichPhotos; settings = null; }; }; -}; \ No newline at end of file +}