Merge branch 'master' of clank:repos/nixos

Merge upstream with Ratchets local changes
2025-06-12 14:57:53 +03:00
parent d2495b9049 337e7411c0
commit 7d26a3afa8
13 changed files with 255 additions and 28 deletions
@@ -0,0 +1,4 @@
+{ ... }:
+{
+  	services.xserver.desktopManager.xfce.enable = true;
+}
@@ -17,10 +17,31 @@
        "type": "indirect"
      }
    },
+    "hm-stable": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs-stable"
+        ]
+      },
+      "locked": {
+        "lastModified": 1749154018,
+        "narHash": "sha256-gjN3j7joRvT3a8Zgcylnd4NFsnXeDBumqiu4HmY1RIg=",
+        "owner": "nix-community",
+        "repo": "home-manager",
+        "rev": "7aae0ee71a17b19708b93b3ed448a1a0952bf111",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "ref": "release-25.05",
+        "repo": "home-manager",
+        "type": "github"
+      }
+    },
    "home-manager": {
      "inputs": {
        "nixpkgs": [
-          "nixpkgs"
+          "nixpkgs-unstable"
        ]
      },
      "locked": {
@@ -54,22 +75,6 @@
      }
    },
    "nixpkgs": {
-      "locked": {
-        "lastModified": 1748693115,
-        "narHash": "sha256-StSrWhklmDuXT93yc3GrTlb0cKSS0agTAxMGjLKAsY8=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "910796cabe436259a29a72e8d3f5e180fc6dfacc",
-        "type": "github"
-      },
-      "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
-    "nixpkgs_2": {
      "locked": {
        "lastModified": 1741379970,
        "narHash": "sha256-Wh7esNh7G24qYleLvgOSY/7HlDUzWaL/n4qzlBePpiw=",
@@ -85,7 +90,39 @@
        "type": "github"
      }
    },
-    "nixpkgs_3": {
+    "nixpkgs-stable": {
+      "locked": {
+        "lastModified": 1749494155,
+        "narHash": "sha256-FG4DEYBpROupu758beabUk9lhrblSf5hnv84v1TLqMc=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "88331c17ba434359491e8d5889cce872464052c2",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-25.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-unstable": {
+      "locked": {
+        "lastModified": 1749285348,
+        "narHash": "sha256-frdhQvPbmDYaScPFiCnfdh3B/Vh81Uuoo0w5TkWmmjU=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "3e3afe5174c561dee0df6f2c2b2236990146329f",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
      "locked": {
        "lastModified": 1716044191,
        "narHash": "sha256-V/JRCf9iOKGMmmMCs/K1n+vOP01Y7ZPJntHXxDEvzWM=",
@@ -103,9 +140,11 @@
    },
    "root": {
      "inputs": {
+        "hm-stable": "hm-stable",
        "home-manager": "home-manager",
        "impermanence": "impermanence",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs-stable": "nixpkgs-stable",
+        "nixpkgs-unstable": "nixpkgs-unstable",
        "yandex-music": "yandex-music",
        "zapret": "zapret"
      }
@@ -128,7 +167,7 @@
    "yandex-music": {
      "inputs": {
        "flake-utils": "flake-utils",
-        "nixpkgs": "nixpkgs_2",
+        "nixpkgs": "nixpkgs",
        "ymExe": "ymExe"
      },
      "locked": {
@@ -159,7 +198,7 @@
    },
    "zapret": {
      "inputs": {
-        "nixpkgs": "nixpkgs_3",
+        "nixpkgs": "nixpkgs_2",
        "zapret-src": "zapret-src"
      },
      "locked": {
@@ -6,19 +6,24 @@
    ];
  };
  inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable";
+    nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.05";
    impermanence.url = "github:nix-community/impermanence";
    yandex-music.url = "github:cucumber-sp/yandex-music-linux";
    home-manager = {
      url = "github:nix-community/home-manager/master";
-      inputs.nixpkgs.follows = "nixpkgs";
+      inputs.nixpkgs.follows = "nixpkgs-unstable";
+    };
+    hm-stable = {
+      url = "github:nix-community/home-manager/release-25.05";
+      inputs.nixpkgs.follows = "nixpkgs-stable";
    };
    zapret.url = "github:n0vvvonder/zapret-flake.nix";
  };

-  outputs = { self, nixpkgs, impermanence, home-manager, zapret, ...}@inputs: {
+  outputs = { self, nixpkgs-unstable, impermanence, home-manager, zapret, nixpkgs-stable, hm-stable, ...}@inputs: {
    nixosConfigurations = {
-      Ratchet = nixpkgs.lib.nixosSystem {
+      Ratchet = nixpkgs-unstable.lib.nixosSystem {
        system = "x86_64-linux";
        specialArgs = { inherit inputs; };
        modules = [
@@ -47,7 +52,7 @@
          }
        ];
      };
-      Aphelion = nixpkgs.lib.nixosSystem {
+      Aphelion = nixpkgs-unstable.lib.nixosSystem {
        system = "x86_64-linux";
        specialArgs = { inherit inputs; };
        modules = [
@@ -64,6 +69,7 @@
          ./hosts/Aphelion/nvidia.nix
          ./hosts/Aphelion/sunshine.nix
          ./hosts/Aphelion/nfs.nix
+          ./misc/disable_suspend.nix
          ./desktop/gnome.nix
          ./home/yaroslav/steam.nix
          home-manager.nixosModules.home-manager
@@ -78,6 +84,28 @@
          }
        ];
      };
+      Qwark = nixpkgs-stable.lib.nixosSystem {
+        system = "x86_64-linux";
+        specialArgs = { inherit inputs; };
+        modules = [
+          impermanence.nixosModules.impermanence
+          ./hosts/generic/configuration_generic.nix
+          ./hosts/generic/users.nix
+          ./hosts/Quark/Quark-hardware.nix
+	  ./hosts/Quark/smb.nix
+	  ./hosts/Quark/sound.nix
+          ./hosts/generic/virtualization.nix
+	  ./desktop/cinnamon.nix
+          hm-stable.nixosModules.home-manager {
+            home-manager.useUserPackages = true;
+            home-manager.users.yaroslav = {
+              imports = [
+                ./home/yaroslav/home.nix
+              ];
+            };
+          }
+        ];
    };
  };
+};
 }
@@ -9,6 +9,11 @@
        type            "pipewire"
        name            "PipeWire Sound Server"
      }
+      audio_output {
+        type            "pulse"
+        name            "Qwark pulseuadio"
+        server          "192.168.1.94"
+      }
    '';
  };
 }
@@ -13,6 +13,7 @@
  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];
  boot.kernelPackages = pkgs.linuxPackages_zen;
+  boot.extraModprobeConfig = "options kvm_amd nested=1";

  fileSystems."/" =
    { #device = "/dev/disk/by-uuid/3126fadd-b793-4110-bcb7-577b7978cba2";
@@ -6,4 +6,5 @@
    capSysAdmin = true;
    openFirewall = true;
  };
+  programs.noisetorch.enable = true;
 }
@@ -0,0 +1,63 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+  boot.initrd.supportedFilesystems = [ "nfs" "nfsv4" "overlay" ];
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "sr_mod" "nfs" "nfsv4" ];
+  boot.initrd.kernelModules = [ 
+    "vfio_pci"
+    "vfio"
+    "vfio_iommu_type1"
+  ];
+  boot.kernelModules = [ 
+    "kvm-intel" 
+  ];
+  boot.extraModulePackages = [ ];
+  swapDevices = [ ];
+  boot.extraModprobeConfig = "options kvm_intel nested=1";
+  boot.kernelParams = [
+    "intel_iommu=on"
+  ];
+
+  fileSystems."/" = {
+    device = "/dev/sda4";
+    fsType = "btrfs";
+    options = [ "subvol=@" ];
+  };
+  fileSystems."/nix" = {
+    device = "/dev/sda4";
+    fsType = "btrfs";
+    options = [ "subvol=@nix" ];
+  };
+  fileSystems."/vol/me" = {
+    device = "/dev/sda1";
+    fsType = "ntfs3";
+  };
+  fileSystems."/vol/dad" = {
+    device = "/dev/sda2";
+    fsType = "ntfs3";
+  };
+  fileSystems."/vol/mom" = {
+    device = "/dev/sda3";
+    fsType = "ntfs3";
+  };
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  #networking.useDHCP = lib.mkDefault true;
+  #boot.initrd.network.flushBeforeStage2 = false;
+  # networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
+  networking.firewall.allowedTCPPorts = [ 4713 ];
+  networking.hostName = "Qwark";
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  system.stateVersion = "25.05";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
@@ -0,0 +1,67 @@
+{ ... }:
+{
+services.samba = {
+  enable = true;
+  openFirewall = true;
+  settings = {
+    global = {
+      "workgroup" = "WORKGROUP";
+      "server string" = "Qwark";
+      "netbios name" = "qwark";
+      "security" = "user";
+      #"use sendfile" = "yes";
+      #"max protocol" = "smb2";
+      # note: localhost is the ipv6 localhost ::1
+      "hosts allow" = "192.168.0. 127.0.0.1 localhost 192.168.122.2";
+      "hosts deny" = "0.0.0.0/0";
+      "guest account" = "nobody";
+      "map to guest" = "bad user";
+    };
+    "dad" = {
+      "path" = "/vol/dad";
+      "browseable" = "yes";
+      "read only" = "no";
+      "guest ok" = "no";
+      "create mask" = "0644";
+      "directory mask" = "0755";
+      "force user" = "yaroslav";
+      "force group" = "users";
+    };
+    "mom" = {
+      "path" = "/vol/mom";
+      "browseable" = "yes";
+      "read only" = "no";
+      "guest ok" = "no";
+      "create mask" = "0644";
+      "directory mask" = "0755";
+      "force user" = "yaroslav";
+      "force group" = "users";
+    };
+    "me" = {
+      "path" = "/vol/me";
+      "browseable" = "yes";
+      "read only" = "no";
+      "guest ok" = "no";
+      "create mask" = "0644";
+      "directory mask" = "0755";
+      "force user" = "yaroslav";
+      "force group" = "users";
+    };
+  };
+};
+
+services.samba-wsdd = {
+  enable = true;
+  openFirewall = true;
+};
+
+services.avahi = {
+  publish.enable = true;
+  publish.userServices = true;
+  # ^^ Needed to allow samba to automatically register mDNS records (without the need for an `extraServiceFile`
+  nssmdns4 = true;
+  # ^^ Not one hundred percent sure if this is needed- if it aint broke, don't fix it
+  enable = true;
+  openFirewall = true;
+};
+}
@@ -0,0 +1,12 @@
+{ ... }:
+{
+#  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    # If you want to use JACK applications, uncomment this
+    jack.enable = true;
+  };
+}
@@ -12,6 +12,7 @@
  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-amd" ];
  boot.extraModulePackages = [ ];
+  boot.extraModprobeConfig = "options kvm_amd nested=1";

  fileSystems."/" =
    { device = "none";
@@ -24,6 +24,7 @@
  };

  services.openssh.enable = true;
+  services.openssh.settings.X11Forwarding = true;

  # networking
  networking.networkmanager.enable = true;
@@ -9,6 +9,11 @@
      tree
    ];
    initialHashedPassword = "$6$.r5fJE91KtrOA2T.$JVjtzlFWx.RsTsNmO5WOsi1MhK6TUTKo8K5F2GgG.bAXYuYjGu4sK3SMzhk4oJ9FBoAcnyHmk7sLMsgLbUeoE1";
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEqOGDr8w8p2rYpePF7rDS4RRtIEOBggx85ybERyjngI yaroslav@Ratchet"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHqNEL4CNjvbgCdlaXNo/u+rHu7uPYpL2onEJ12H1bjZ u0_a326@localhost"
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINgYswQa7LdwBpNkiw73du4nocbbET9FXKzWtjivBwHv yaroslav@Aphelion"
+      ];
  };
  users.users.root = {
    initialHashedPassword = "$y$j9T$eS.via4Hx/iPNJKAFbVah/$aHFf172uH6UYrSXPMrnbaFkAQ2o8AnJcYd4JgX1/of5";
@@ -2,7 +2,7 @@

 {
    environment = {
-    systemPackages = [ pkgs.qemu ];
+    systemPackages = [ pkgs.qemu pkgs.virt-manager ];
    };
    systemd.tmpfiles.rules = [ "L+ /var/lib/qemu/firmware - - - - ${pkgs.qemu}/share/qemu/firmware" ];
    boot.binfmt.emulatedSystems = [
@@ -24,5 +24,5 @@
        };
        };
    };
-    boot.extraModprobeConfig = "options kvm_amd nested=1";
+   
 }