diff --git a/builder.nix b/builder.nix deleted file mode 100644 index 78bbeee..0000000 --- a/builder.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ ... }: - -{ - nix.buildMachines = [ { - hostName = "builder"; - system = "x86_64-linux"; - protocol = "ssh-ng"; - # if the builder supports building for multiple architectures, - # replace the previous line by, e.g. - # systems = ["x86_64-linux" "aarch64-linux"]; - maxJobs = 16; - speedFactor = 8; - supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; - mandatoryFeatures = [ ]; - }] ; - nix.distributedBuilds = true; - # optional, useful when the builder has a faster internet connection than yours - nix.extraOptions = '' - builders-use-substitutes = true - ''; - programs.ssh.extraConfig = '' - Host builder - HostName 192.168.1.222 - Port 22 - StrictHostKeyChecking=accept-new - ''; -} - diff --git a/desktop/cinnamon.nix b/desktop/cinnamon.nix deleted file mode 100644 index b7d1819..0000000 --- a/desktop/cinnamon.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ ... }: -{ - services.xserver.desktopManager.xfce.enable = true; -} diff --git a/desktop/cosmic.nix b/desktop/cosmic.nix deleted file mode 100644 index f425145..0000000 --- a/desktop/cosmic.nix +++ /dev/null @@ -1,8 +0,0 @@ -{...}: -{ - # Enable the COSMIC login manager - services.displayManager.cosmic-greeter.enable = true; - - # Enable the COSMIC desktop environment - services.desktopManager.cosmic.enable = true; -} diff --git a/flake.nix b/flake.nix index 16ec473..99e65ac 100644 --- a/flake.nix +++ b/flake.nix @@ -46,19 +46,26 @@ modules = [ impermanence.nixosModules.impermanence asus-numberpad-driver.nixosModules.default + + ./desktop/kde.nix + ./hosts/generic/configuration_generic.nix ./hosts/generic/users.nix - ./hosts/Ratchet/hardware-Ratchet.nix - ./hosts/Ratchet/fingerprint.nix - ./hosts/Ratchet/misc_Ratchet.nix - ./hosts/generic/persistence.nix - ./hosts/generic/cups.nix - ./hosts/generic/security_quirks.nix - ./desktop/kde.nix + ./hosts/generic/networking.nix ./hosts/generic/unfree_allow.nix - ./hosts/generic/virtualization.nix + ./hosts/generic/persistence.nix + ./hosts/generic/printing.nix ./hosts/generic/plymouth.nix + ./hosts/generic/virtualization.nix + ./hosts/generic/security_quirks.nix + + ./hosts/Ratchet/hardware.nix + ./hosts/Ratchet/filesystems.nix + ./hosts/Ratchet/fingerprint.nix + ./hosts/Ratchet/misc.nix + ./home/yaroslav/steam.nix + lanzaboote.nixosModules.lanzaboote ({ pkgs, lib, ... }: { # Lanzaboote currently replaces the systemd-boot module. @@ -84,27 +91,31 @@ } ]; }; + Aphelion = nixpkgs-unstable.lib.nixosSystem { system = "x86_64-linux"; specialArgs = { inherit inputs; }; modules = [ - #lix-module.nixosModules.default impermanence.nixosModules.impermanence - ./hosts/generic/persistence.nix + ./desktop/kde.nix + ./hosts/generic/configuration_generic.nix ./hosts/generic/users.nix + ./hosts/generic/networking.nix + ./hosts/generic/persistence.nix + ./hosts/generic/plymouth.nix ./hosts/generic/virtualization.nix ./hosts/generic/unfree_allow.nix - ./hosts/Aphelion/hardware-Aphelion.nix - ./hosts/Aphelion/sunshine.nix - ./desktop/kde.nix + ./hosts/generic/printing.nix + ./hosts/generic/nix-ld.nix + + ./hosts/Aphelion/hardware.nix + ./hosts/Aphelion/filesystems.nix + ./hosts/Aphelion/media.nix + ./hosts/Aphelion/misc.nix + ./home/yaroslav/steam.nix - ./hosts/generic/teamspeak.nix - ./hosts/Aphelion/nfs.nix - ./hosts/generic/cups.nix -# ./hosts/generic/zapret.nix - ./hosts/Aphelion/dlna.nix - ./hosts/Aphelion/Aphelion_misc.nix + lanzaboote.nixosModules.lanzaboote ({ pkgs, lib, ... }: { # Lanzaboote currently replaces the systemd-boot module. @@ -117,6 +128,7 @@ pkiBundle = "/var/lib/sbctl"; }; }) + home-manager.nixosModules.home-manager { home-manager.useUserPackages = true; @@ -130,6 +142,7 @@ } ]; }; + Qwark = nixpkgs-stable.lib.nixosSystem { system = "x86_64-linux"; specialArgs = { inherit inputs; }; @@ -138,10 +151,9 @@ ./hosts/generic/configuration_generic.nix ./hosts/generic/users.nix ./hosts/Quark/Quark-hardware.nix - ./hosts/Quark/smb.nix - ./hosts/Quark/sound.nix + ./hosts/Quark/smb.nix + ./hosts/Quark/sound.nix ./hosts/generic/virtualization.nix - ./desktop/cinnamon.nix hm-stable.nixosModules.home-manager { home-manager.useUserPackages = true; home-manager.users.yaroslav = { diff --git a/hosts/Aphelion/filesystems.nix b/hosts/Aphelion/filesystems.nix new file mode 100644 index 0000000..4938d73 --- /dev/null +++ b/hosts/Aphelion/filesystems.nix @@ -0,0 +1,53 @@ +# filesystem and storage specific options for Aphelion + +{...}: +{ + boot.initrd.clevis = { + enable = true; + devices."aphelion-zroot/data/sensitive".secretFile = ../../secrets/Aphelion/sensitive.jwe; + devices."aphelion-zroot/nix-enc".secretFile = ../../secrets/Aphelion/sensitive.jwe; + }; + fileSystems = { + "/" = { + device = "none"; + fsType = "tmpfs"; + options = ["defaults" "mode=755"]; + }; + "/boot" = { + device = "/dev/disk/by-uuid/278A-0FB0"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + "/nix" = { + device = "aphelion-zroot/nix-enc"; + fsType = "zfs"; + }; + "/home" = { + device = "aphelion-zroot/home"; + fsType = "zfs"; + }; + "/home/yaroslav/.local/share/Steam"= { + device = "aphelion-zroot/data/steam"; + fsType = "zfs"; + }; + "/Volumes/Trash" = { + device = "/dev/yarikpc/trash"; + fsType = "ext4"; + options = [ "x-mount.mkdir" "rw" ]; + }; + "/Volumes/Games" = { + device = "/dev/yarikpc/games"; + fsType = "ext4"; + options = [ "x-mount.mkdir" "rw" ]; + }; + "/Volumes/Sensitive" = { + device = "aphelion-zroot/data/sensitive"; + fsType = "zfs"; + options = [ "x-mount.mkdir" "rw" ]; + }; + }; + services.nfs.server.enable = true; + services.nfs.server.exports = '' + /Volumes/Trash 192.168.1.0/24(rw) + ''; +} \ No newline at end of file diff --git a/hosts/Aphelion/hardware-Aphelion.nix b/hosts/Aphelion/hardware-Aphelion.nix deleted file mode 100644 index 5876a34..0000000 --- a/hosts/Aphelion/hardware-Aphelion.nix +++ /dev/null @@ -1,113 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = - [ (modulesPath + "/installer/scan/not-detected.nix") - ]; - - boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; - boot.initrd.kernelModules = [ "dm-snapshot" ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - boot.supportedFilesystems = [ "zfs" ]; - boot.kernelPackages = pkgs.linuxPackages_latest; - boot.zfs.package = pkgs.zfs_2_4; - - boot.initrd.clevis = { - enable = true; - devices."aphelion-zroot/data/sensitive".secretFile = ../../secrets/Aphelion/sensitive.jwe; - devices."aphelion-zroot/nix-enc".secretFile = ../../secrets/Aphelion/sensitive.jwe; - }; - fileSystems."/" = - { device = "none"; - fsType = "tmpfs"; - options = ["defaults" "mode=755"]; - }; - - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/278A-0FB0"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - - fileSystems."/nix" = - { device = "aphelion-zroot/nix-enc"; - fsType = "zfs"; - }; - - fileSystems."/home" = - { device = "aphelion-zroot/home"; - fsType = "zfs"; - }; - fileSystems."/home/yaroslav/.local/share/Steam"= - { device = "aphelion-zroot/data/steam"; - fsType = "zfs"; - }; - fileSystems."/Volumes/Trash" = - { - device = "/dev/yarikpc/trash"; - fsType = "ext4"; - options = [ "x-mount.mkdir" "rw" ]; - }; - fileSystems."/Volumes/Games" = - { - device = "/dev/yarikpc/games"; - fsType = "ext4"; - options = [ "x-mount.mkdir" "rw" ]; - }; - fileSystems."/Volumes/Sensitive" = - { - device = "aphelion-zroot/data/sensitive"; - fsType = "zfs"; - options = [ "x-mount.mkdir" "rw" ]; - }; -# fileSystems."/Volumes/ssd_g" = -# { -# device = "/dev/disk/by-id/ata-KINGSTON_SA400S37240G_50026B77846D940A-part1"; -# fsType = "btrfs"; -# options = [ "x-mount.mkdir" "rw" ]; -# }; - - swapDevices = [ ]; - - hardware.graphics.extraPackages = with pkgs; [ - rocmPackages.clr.icd - ]; - systemd.tmpfiles.rules = [ - "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" - ]; - - #chaotic.mesa-git.enable = true; - - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking - # (the default) this is the recommended approach. When using systemd-networkd it's - # still possible to use this option, but it's recommended to use it in conjunction - # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; - networking.firewall.allowedTCPPorts = [ 42420 25565 ]; - networking.firewall.allowedUDPPorts = [ 5900 ]; - - networking.firewall.trustedInterfaces = [ "enp12s0" "wlp11s0" "wg0"]; - #networking.firewall.enable = false; - - # networking.interfaces.enp12s0.useDHCP = lib.mkDefault true; - # networking.interfaces.wlp11s0.useDHCP = lib.mkDefault true; - hardware.bluetooth.enable = true; # enables support for Bluetooth - hardware.bluetooth.powerOnBoot = true; # powers up the default Bluetooth controller on boot - - services.lact = { - enable = true; - }; - - services.hardware.openrgb.enable = true; - - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; - hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - system.stateVersion = "25.11"; - networking.hostName = "Aphelion"; - networking.hostId = "b7fa9c25"; - -} diff --git a/hosts/Aphelion/hardware.nix b/hosts/Aphelion/hardware.nix new file mode 100644 index 0000000..0e9674a --- /dev/null +++ b/hosts/Aphelion/hardware.nix @@ -0,0 +1,47 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ "dm-snapshot" ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + boot.supportedFilesystems = [ "zfs" ]; + boot.kernelPackages = pkgs.linuxPackages_latest; + boot.zfs.package = pkgs.zfs_2_4; + swapDevices = [ ]; + hardware.graphics.extraPackages = with pkgs; [ + rocmPackages.clr.icd + ]; + systemd.tmpfiles.rules = [ + "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + + #networking.firewall.enable = false; + + # networking.interfaces.enp12s0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp11s0.useDHCP = lib.mkDefault true; + hardware.bluetooth.enable = true; # enables support for Bluetooth + hardware.bluetooth.powerOnBoot = true; # powers up the default Bluetooth controller on boot + + services.lact = { + enable = true; + }; + + services.hardware.openrgb.enable = true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + system.stateVersion = "25.11"; + networking.hostName = "Aphelion"; + networking.hostId = "b7fa9c25"; + +} diff --git a/hosts/Aphelion/dlna.nix b/hosts/Aphelion/media.nix similarity index 50% rename from hosts/Aphelion/dlna.nix rename to hosts/Aphelion/media.nix index 44028d1..c234380 100644 --- a/hosts/Aphelion/dlna.nix +++ b/hosts/Aphelion/media.nix @@ -1,3 +1,4 @@ +# various entertainment-related services { ... }: { services.minidlna = { @@ -10,4 +11,11 @@ }; openFirewall = true; }; + services.sunshine = { + enable = true; + autoStart = true; + capSysAdmin = true; + openFirewall = true; + }; + programs.noisetorch.enable = true; } diff --git a/hosts/Aphelion/Aphelion_misc.nix b/hosts/Aphelion/misc.nix similarity index 50% rename from hosts/Aphelion/Aphelion_misc.nix rename to hosts/Aphelion/misc.nix index 1d26512..729273f 100644 --- a/hosts/Aphelion/Aphelion_misc.nix +++ b/hosts/Aphelion/misc.nix @@ -4,8 +4,7 @@ nixpkgs.overlays = [ inputs.millennium.overlays.default ]; virtualisation.waydroid.enable = true; services.flatpak.enable = true; - programs.throne.enable = true; - programs.throne.tunMode.enable = true; + programs.obs-studio.enable = true; programs.obs-studio.enableVirtualCamera = true; boot.extraModulePackages = with config.boot.kernelPackages; [ @@ -15,36 +14,15 @@ boot.extraModprobeConfig = '' options v4l2loopback devices=1 video_nr=1 card_label="OBS Cam" exclusive_caps=1 ''; + security.polkit.enable = true; nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ "ida-free" "pantum-driver" ]; - programs.hyprland.enable = true; - - networking.interfaces.enp12s0.wakeOnLan.enable = true; - networking.interfaces.enp12s0.wakeOnLan.policy = [ "magic" ]; - - # build substituter - users.users.nixremote = { - isNormalUser = true; - createHome = false; - group = "nixremote"; - - openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIt6Ts4SNWXv2hObOOKyyxXr/6iZBRZXEwE0mtEpCa8X root@Ratchet" - ]; - }; - - users.groups.nixremote = {}; services.nix-serve.secretKeyFile = "/home/store_secret.pem"; + + services.displayManager.plasma-login-manager.enable = true; - nix.settings.trusted-users = [ "nixremote" ]; - -# services.xrdp.enable = true; -# services.xrdp.defaultWindowManager = "startplasma-x11"; -# services.xrdp.openFirewall = true; - - } diff --git a/hosts/Aphelion/networking.nix b/hosts/Aphelion/networking.nix new file mode 100644 index 0000000..d808702 --- /dev/null +++ b/hosts/Aphelion/networking.nix @@ -0,0 +1,12 @@ +{...} : +{ + networking.firewall.allowedTCPPorts = [ 42420 25565 2049 ]; # 2049 - nfs, 25565 - generic + networking.firewall.allowedUDPPorts = [ 5900 ]; # 5900 - vnc + networking.firewall.trustedInterfaces = [ "enp12s0" "wlp11s0"]; + # WoL + networking.interfaces.enp12s0.wakeOnLan.enable = true; + networking.interfaces.enp12s0.wakeOnLan.policy = [ "magic" ]; + # throne + programs.throne.enable = true; + programs.throne.tunMode.enable = true; +} \ No newline at end of file diff --git a/hosts/Aphelion/nfs.nix b/hosts/Aphelion/nfs.nix deleted file mode 100644 index 2003e84..0000000 --- a/hosts/Aphelion/nfs.nix +++ /dev/null @@ -1,8 +0,0 @@ -{ ... }: -{ - services.nfs.server.enable = true; - services.nfs.server.exports = '' - /Volumes/Trash 192.168.1.0/24(rw) - ''; - networking.firewall.allowedTCPPorts = [ 2049 ]; -} diff --git a/hosts/Aphelion/nvidia.nix b/hosts/Aphelion/nvidia.nix deleted file mode 100644 index ed75c34..0000000 --- a/hosts/Aphelion/nvidia.nix +++ /dev/null @@ -1,12 +0,0 @@ -{ ... }: -{ - boot.initrd.kernelModules = [ "nvidia" ]; - hardware.graphics.enable = true; - services.xserver.videoDrivers = [ "nvidia" ]; - hardware.nvidia = { - modesetting.enable = true; - powerManagement.enable = true; - open = true; - nvidiaSettings = true; - }; -} diff --git a/hosts/Aphelion/sunshine.nix b/hosts/Aphelion/sunshine.nix deleted file mode 100644 index 418498d..0000000 --- a/hosts/Aphelion/sunshine.nix +++ /dev/null @@ -1,10 +0,0 @@ -{ ... }: -{ - services.sunshine = { - enable = true; - autoStart = true; - capSysAdmin = true; - openFirewall = true; - }; - programs.noisetorch.enable = true; -} diff --git a/hosts/Ratchet/filesystems.nix b/hosts/Ratchet/filesystems.nix new file mode 100644 index 0000000..375391e --- /dev/null +++ b/hosts/Ratchet/filesystems.nix @@ -0,0 +1,49 @@ +{...}: +{ + boot.initrd.clevis = { + enable = true; + devices."luks-zroot".secretFile = ../../secrets/Ratchet/main.jwe; + devices."luks-swap".secretFile = ../../secrets/Ratchet/main.jwe; + }; + + boot.initrd.luks.devices = { + luks-zroot.device = "/dev/nvme0n1p2"; + luks-swap.device = "/dev/nvme0n1p3"; + }; + + boot.zfs.requestEncryptionCredentials = [ ]; + + swapDevices = [ { device = "/dev/mapper/luks-swap"; } ]; + boot.kernel.sysctl."vm.swappiness" = 0; + + fileSystems = { + "/" = { + device = "none"; + fsType = "tmpfs"; + options = ["defaults" "size=1G" "mode=755"]; + }; + "/nix" = { + device = "ratchet-zroot/system/nix"; + fsType = "zfs"; + }; + "/home" = { + device = "ratchet-zroot/system/home"; + fsType = "zfs"; + }; + "/boot" = { + device = "/dev/nvme0n1p1"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + "/home/yaroslav/tmp" = { + device = "none"; + fsType = "tmpfs"; + }; + "/Volumes/Trash" = { + device = "aphelion:/Volumes/Trash"; + options = ["x-mount.mkdir" "user" "rw" "noauto" ]; + fsType = "nfs"; + }; + }; + +} \ No newline at end of file diff --git a/hosts/Ratchet/fingerprint.nix b/hosts/Ratchet/fingerprint.nix index cde9fb6..a1aff3f 100644 --- a/hosts/Ratchet/fingerprint.nix +++ b/hosts/Ratchet/fingerprint.nix @@ -5,19 +5,5 @@ wantedBy = [ "multi-user.target" ]; serviceConfig.Type = "simple"; }; - -# Install the driver services.fprintd.enable = true; -# If simply enabling fprintd is not enough, try enabling fprintd.tod... - #services.fprintd.tod.enable = true; -# ...and use one of the next four drivers - #services.fprintd.tod.driver = pkgs.libfprint-2-tod1-goodix; # Goodix driver module -# services.fprintd.tod.driver = pkgs.libfprint-2-tod1-elan; # Elan(04f3:0c4b) driver -# services.fprintd.tod.driver = pkgs.libfprint-2-tod1-vfs0090; # (Marked as broken as of 2025/04/23!) driver for 2016 ThinkPads -# services.fprintd.tod.driver = pkgs.libfprint-2-tod1-goodix-550a; # Goodix 550a driver (from Lenovo) - -# however for focaltech 2808:a658, use fprintd with overidden package (without tod) -# services.fprintd.package = pkgs.fprintd.override { -# libfprint = pkgs.libfprint-focaltech-2808-a658; -# }; } diff --git a/hosts/Ratchet/hardware-Ratchet.nix b/hosts/Ratchet/hardware.nix similarity index 50% rename from hosts/Ratchet/hardware-Ratchet.nix rename to hosts/Ratchet/hardware.nix index 70241a2..16c3799 100644 --- a/hosts/Ratchet/hardware-Ratchet.nix +++ b/hosts/Ratchet/hardware.nix @@ -1,6 +1,3 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. { config, lib, pkgs, modulesPath, ... }: { @@ -14,55 +11,8 @@ boot.extraModulePackages = [ ]; boot.extraModprobeConfig = "options kvm_amd nested=1"; - boot.initrd.clevis = { - enable = true; - devices."luks-zroot".secretFile = ../../secrets/Ratchet/main.jwe; - devices."luks-swap".secretFile = ../../secrets/Ratchet/main.jwe; - }; - - boot.initrd.luks.devices = { - luks-zroot.device = "/dev/nvme0n1p2"; - luks-swap.device = "/dev/nvme0n1p3"; - }; - fileSystems."/" = - { device = "none"; - fsType = "tmpfs"; - options = ["defaults" "size=1G" "mode=755"]; - }; - fileSystems."/nix" = - { device = "ratchet-zroot/system/nix"; - fsType = "zfs"; - }; - - fileSystems."/home" = - { device = "ratchet-zroot/system/home"; - fsType = "zfs"; - }; - - fileSystems."/boot" = - { device = "/dev/nvme0n1p1"; - fsType = "vfat"; - options = [ "fmask=0022" "dmask=0022" ]; - }; - fileSystems."/home/yaroslav/tmp" = - { - device = "none"; - fsType = "tmpfs"; - }; - fileSystems."/Volumes/Trash" = - { - device = "aphelion:/Volumes/Trash"; - options = ["x-mount.mkdir" "user" "rw" "noauto" ]; - fsType = "nfs"; - }; - boot.zfs.requestEncryptionCredentials = [ - - ]; - - services.nfs.server.enable = true; - swapDevices = [ { device = "/dev/mapper/luks-swap"; } ]; - boot.kernel.sysctl."vm.swappiness" = 0; + boot.zfs.allowHibernation = true; boot.zfs.forceImportRoot = false; boot.supportedFilesystems = [ "zfs" ]; @@ -83,16 +33,13 @@ }; }; - # chaotic.mesa-git.enable = true; - # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's # still possible to use this option, but it's recommended to use it in conjunction # with explicit per-interface declarations with `networking.interfaces..useDHCP`. - networking.useDHCP = lib.mkDefault true; + # networking.useDHCP = lib.mkDefault true; networking.hostName = "Ratchet"; - # networking.interfaces.wlp1s0.useDHCP = lib.mkDefault true; - + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/hosts/Ratchet/misc.nix b/hosts/Ratchet/misc.nix new file mode 100644 index 0000000..b24d2cb --- /dev/null +++ b/hosts/Ratchet/misc.nix @@ -0,0 +1,15 @@ +{ inputs, config, pkgs, ...}: +{ + + virtualisation.waydroid.enable = true; + hardware.opentabletdriver.enable = true; + # Required by OpenTabletDriver + hardware.uinput.enable = true; + boot.kernelModules = [ "uinput" ]; + # millenium steam + nixpkgs.overlays = [ inputs.millennium.overlays.default ]; + services.flatpak.enable = true; + programs.throne.enable = true; + programs.throne.tunMode.enable = true; + +} diff --git a/hosts/Ratchet/misc_Ratchet.nix b/hosts/Ratchet/misc_Ratchet.nix deleted file mode 100644 index 1cf7716..0000000 --- a/hosts/Ratchet/misc_Ratchet.nix +++ /dev/null @@ -1,37 +0,0 @@ -{ inputs, config, pkgs, ...}: -{ - nix.buildMachines = [ { - hostName = "Aphelion"; - system = "x86_64-linux"; - protocol = "ssh-ng"; - # if the builder supports building for multiple architectures, - # replace the previous line by, e.g. - # systems = ["x86_64-linux" "aarch64-linux"]; - maxJobs = 16; - speedFactor = 2; - supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; - mandatoryFeatures = [ ]; - }] ; -# nix.distributedBuilds = true; - # optional, useful when the builder has a faster internet connection than yours -# nix.extraOptions = '' -# builders-use-substitutes = true - # ''; - # nix.settings.trusted-public-keys = [ - # "Aphelion:8l9lrL3kszDTXkpA/R4ZFhSifiBoogiOIt1srgLb6Vw=" - # ]; - # nix.settings.extra-substituters = [ - # "ssh-ng://nixremote@Aphelion" - # ]; - virtualisation.waydroid.enable = true; - hardware.opentabletdriver.enable = true; - # Required by OpenTabletDriver - hardware.uinput.enable = true; - boot.kernelModules = [ "uinput" ]; - # millenium steam - nixpkgs.overlays = [ inputs.millennium.overlays.default ]; - services.flatpak.enable = true; - programs.throne.enable = true; - programs.throne.tunMode.enable = true; - -} diff --git a/hosts/generic/configuration_generic.nix b/hosts/generic/configuration_generic.nix index 796c18b..15ca6e5 100644 --- a/hosts/generic/configuration_generic.nix +++ b/hosts/generic/configuration_generic.nix @@ -1,15 +1,12 @@ { config, lib, pkgs, ... }: { nix.settings.experimental-features = [ "nix-command" "flakes"]; + time.timeZone = "Europe/Moscow"; # loader setup boot.loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; }; - - # timezone - time.timeZone = "Europe/Moscow"; - programs.zsh.enable = true; programs.fish.enable = true; @@ -19,8 +16,6 @@ nfs-utils sbctl ]; - #enable scanner support - hardware.sane.enable = true; nixpkgs.config.allowUnfree = true; @@ -37,154 +32,6 @@ services.openssh.enable = true; services.openssh.settings.X11Forwarding = true; - # networking - networking.networkmanager = { - enable = true; - plugins = with pkgs; [ - networkmanager-openvpn - ]; - }; - networking.firewall.allowedTCPPorts = [ 22 3240 2049 25565 554 80 27040 8044 38008 47989 48010 48000]; - networking.firewall.allowedUDPPorts = [ 38401 25565 554 80 27031 27032 27033 27034 27035 27036 3658 38008 47998 47999 47800 48010 48000]; - networking.nftables.enable = true; - - # tailscale - services.tailscale.enable = true; - - # fking nix-ld - programs.nix-ld = { - enable = true; - libraries = with pkgs; [ - - ## Put here any library that is required when running a package - ## ... - ## Uncomment if you want to use the libraries provided by default in the steam distribution - ## but this is quite far from being exhaustive - ## https://github.com/NixOS/nixpkgs/issues/354513 - (pkgs.runCommand "steamrun-lib" {} "mkdir $out; ln -s ${pkgs.steam-run.fhsenv}/usr/lib64 $out/lib") - kdePackages.qtwayland - kdePackages.qtbase - kdePackages.qtsvg - kdePackages.qtmultimedia - SDL - SDL2 - SDL2_image - SDL2_mixer - SDL2_ttf - SDL_image - SDL_mixer - SDL_ttf - alsa-lib - at-spi2-atk - at-spi2-core - atk - bzip2 - cairo - cups - curlWithGnuTls - dbus - dbus-glib - desktop-file-utils - e2fsprogs - expat - flac - fontconfig - freeglut - freetype - fribidi - fuse - fuse3 - gdk-pixbuf - glew110 - glib - gmp - gst_all_1.gst-plugins-base - gst_all_1.gst-plugins-ugly - gst_all_1.gstreamer - gtk2 - harfbuzz - icu - keyutils.lib - libGL - libGLU - libappindicator-gtk2 - libcaca - libcanberra - libcap - libclang.lib - libdbusmenu - libdrm - libgcrypt - libgpg-error - libidn - libjack2 - libjpeg - libmikmod - libogg - libpng12 - libpulseaudio - librsvg - libsamplerate - libsecret - libthai - libtheora - libtiff - libudev0-shim - libusb1 - libuuid - libvdpau - libvorbis - libvpx - libxcrypt-legacy - libxkbcommon - libxml2 - mesa - nspr - nss - openssl - p11-kit - pango - pixman - python3 - speex - stdenv.cc.cc - tbb - udev - vulkan-loader - wayland - webkitgtk_4_1 - libICE - libSM - libX11 - libXScrnSaver - libXcomposite - libXcursor - libXdamage - libXext - libXfixes - libXft - libXi - libXinerama - libXmu - libXrandr - libXrender - libXt - libXtst - libXxf86vm - libpciaccess - libxcb - xcbutil - xcbutilimage - xcbutilkeysyms - xcbutilrenderutil - xcbutilwm - xkeyboardconfig - xz - zlib - ]; - }; - ## Uncomment if you used steamrun's libraries - networking.hosts = { "192.168.1.116" = [ "Clank" ]; "192.168.1.222" = [ "Aphelion" ]; diff --git a/hosts/generic/networking.nix b/hosts/generic/networking.nix new file mode 100644 index 0000000..97d6131 --- /dev/null +++ b/hosts/generic/networking.nix @@ -0,0 +1,13 @@ +{lib, pkgs, ...}: { + networking.useDHCP = lib.mkDefault true; + networking.networkmanager = { + enable = true; + plugins = with pkgs; [ + networkmanager-openvpn + ]; + }; + # tailscale + services.tailscale.enable = true; + + networking.nftables.enable = true; +} \ No newline at end of file diff --git a/hosts/generic/nix-ld.nix b/hosts/generic/nix-ld.nix new file mode 100644 index 0000000..e02b45a --- /dev/null +++ b/hosts/generic/nix-ld.nix @@ -0,0 +1,129 @@ +{ pkgs, ...}: +{ + # fking nix-ld + programs.nix-ld = { + enable = true; + libraries = with pkgs; [ + (pkgs.runCommand "steamrun-lib" {} "mkdir $out; ln -s ${pkgs.steam-run.fhsenv}/usr/lib64 $out/lib") + kdePackages.qtwayland + kdePackages.qtbase + kdePackages.qtsvg + kdePackages.qtmultimedia + SDL + SDL2 + SDL2_image + SDL2_mixer + SDL2_ttf + SDL_image + SDL_mixer + SDL_ttf + alsa-lib + at-spi2-atk + at-spi2-core + atk + bzip2 + cairo + cups + curlWithGnuTls + dbus + dbus-glib + desktop-file-utils + e2fsprogs + expat + flac + fontconfig + freeglut + freetype + fribidi + fuse + fuse3 + gdk-pixbuf + glew_1_10 + glib + gmp + gst_all_1.gst-plugins-base + gst_all_1.gst-plugins-ugly + gst_all_1.gstreamer + gtk2 + harfbuzz + icu + keyutils.lib + libGL + libGLU + libappindicator-gtk2 + libcaca + libcanberra + libcap + libclang.lib + libdbusmenu + libdrm + libgcrypt + libgpg-error + libidn + libjack2 + libjpeg + libmikmod + libogg + libpng12 + libpulseaudio + librsvg + libsamplerate + libsecret + libthai + libtheora + libtiff + libudev0-shim + libusb1 + libuuid + libvdpau + libvorbis + libvpx + libxcrypt-legacy + libxkbcommon + libxml2 + mesa + nspr + nss + openssl + p11-kit + pango + pixman + python3 + speex + stdenv.cc.cc + tbb + udev + vulkan-loader + wayland + webkitgtk_4_1 + libICE + libSM + libX11 + libXScrnSaver + libXcomposite + libXcursor + libXdamage + libXext + libXfixes + libXft + libXi + libXinerama + libXmu + libXrandr + libXrender + libXt + libXtst + libXxf86vm + libpciaccess + libxcb + xcbutil + xcbutilimage + xcbutilkeysyms + xcbutilrenderutil + xcbutilwm + xkeyboardconfig + xz + zlib + ]; + }; +} \ No newline at end of file diff --git a/hosts/generic/plymouth.nix b/hosts/generic/plymouth.nix index 071ac61..1ed7db3 100644 --- a/hosts/generic/plymouth.nix +++ b/hosts/generic/plymouth.nix @@ -1,6 +1,5 @@ { pkgs, ... }: { boot = { - plymouth = { enable = true; theme = "nixos-bgrt"; @@ -9,7 +8,6 @@ nixos-bgrt-plymouth ]; }; - # Enable "Silent boot" consoleLogLevel = 3; initrd.verbose = false; @@ -20,9 +18,5 @@ "udev.log_priority=3" "rd.systemd.show_status=auto" ]; - # Hide the OS choice for bootloaders. - # It's still possible to open the bootloader list by pressing any key - # It will just not appear on screen unless a key is pressed - }; } diff --git a/hosts/generic/cups.nix b/hosts/generic/printing.nix similarity index 70% rename from hosts/generic/cups.nix rename to hosts/generic/printing.nix index c108848..75bafc4 100644 --- a/hosts/generic/cups.nix +++ b/hosts/generic/printing.nix @@ -6,4 +6,6 @@ nssmdns4 = true; openFirewall = true; }; + #enable scanner support + hardware.sane.enable = true; } diff --git a/hosts/generic/teamspeak.nix b/hosts/generic/teamspeak.nix deleted file mode 100644 index fb0b6f5..0000000 --- a/hosts/generic/teamspeak.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ ... }: -{ - services.teamspeak3 = { - enable = true; - openFirewall = true; - }; -} diff --git a/hosts/generic/virtualization.nix b/hosts/generic/virtualization.nix index 1bd1cf9..1d856f4 100644 --- a/hosts/generic/virtualization.nix +++ b/hosts/generic/virtualization.nix @@ -21,10 +21,8 @@ virtualisation = { podman = { enable = true; - # Create a `docker` alias for podman, to use it as a drop-in replacement dockerCompat = true; - # Required for containers under podman-compose to be able to talk to each other. defaultNetwork.settings.dns_enabled = true; }; diff --git a/hosts/generic/home-persistence.nix b/recycle_bin/home-persistence.nix similarity index 100% rename from hosts/generic/home-persistence.nix rename to recycle_bin/home-persistence.nix