diff --git a/configurations/host/flamaster/configuration.nix b/configurations/host/flamaster/configuration.nix index 8251b5e..06211c7 100644 --- a/configurations/host/flamaster/configuration.nix +++ b/configurations/host/flamaster/configuration.nix @@ -157,9 +157,13 @@ # Enable the OpenSSH daemon. services.openssh.enable = true; + services.openssh.settings.PermitRootLogin = "no"; + services.openssh.settings.PasswordAuthentication = false; + services.openssh.openFirewall = true; + programs.ssh.startAgent = true; # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [ 22 27015 25565 24454 8123 24800 ]; + networking.firewall.allowedTCPPorts = [ 22 27015 25565 25570 8123 8100 24800 ]; networking.firewall.allowedTCPPortRanges = [{ from = 16262; to = 16272; }]; networking.firewall.allowedUDPPorts = [ 22 16261 16262 8766 8767 25565 24454 8123 24800 ]; # Or disable the firewall altogether. diff --git a/configurations/host/flamaster/hardware-configuration.nix b/configurations/host/flamaster/hardware-configuration.nix index 309d817..0be147b 100644 --- a/configurations/host/flamaster/hardware-configuration.nix +++ b/configurations/host/flamaster/hardware-configuration.nix @@ -26,6 +26,12 @@ fsType = "btrfs"; options = [ "subvol=@nix" "noatime" "compress=zstd" "ssd" "space_cache=v2" ]; }; + fileSystems."/data" = + { + device = "/dev/disk/by-label/HDD_DATA"; + fsType = "btrfs"; + options = [ "noatime" "compress=zstd" "nossd" "autodefrag" ]; + }; fileSystems."/boot" = { device = "/dev/disk/by-label/NixOS_Root_Laptop"; @@ -48,10 +54,15 @@ }; swapDevices = [{ - device = "/var/.swapfile"; + device = "/data/.swapfile"; size = 32 * 1024; }]; + zramSwap = { + enable = true; + memoryPercent = 50; + }; + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking # (the default) this is the recommended approach. When using systemd-networkd it's diff --git a/configurations/host/flamaster/home/materus/default.nix b/configurations/host/flamaster/home/materus/default.nix index 317a326..94c435a 100644 --- a/configurations/host/flamaster/home/materus/default.nix +++ b/configurations/host/flamaster/home/materus/default.nix @@ -2,6 +2,10 @@ { home.stateVersion = "23.05"; home.homeDirectory = "/home/materus"; + + xdg.dataFile."java-runtimes/graalvm-oracle-17".source = pkgs.graalvmPackages.graalvm-oracle_17; + xdg.dataFile."java-runtimes/graalvm-oracle-latest".source = pkgs.graalvmPackages.graalvm-oracle; + xdg.dataFile."java-runtimes/openjdk21".source = pkgs.jdk21; materus.profile = { fonts.enable = lib.mkDefault true; diff --git a/configurations/host/materusPC/hardware/filesystem.nix b/configurations/host/materusPC/hardware/filesystem.nix index 14f76f7..c84a25f 100644 --- a/configurations/host/materusPC/hardware/filesystem.nix +++ b/configurations/host/materusPC/hardware/filesystem.nix @@ -2,7 +2,7 @@ { zramSwap = { enable = true; - memoryPercent = 25; + memoryPercent = 50; }; swapDevices = [ diff --git a/configurations/host/materusPC/home/materus/default.nix b/configurations/host/materusPC/home/materus/default.nix index 028d59f..217ea91 100644 --- a/configurations/host/materusPC/home/materus/default.nix +++ b/configurations/host/materusPC/home/materus/default.nix @@ -15,7 +15,7 @@ materus.profile.wezterm.enable = true; programs.git.signing.signByDefault = true; - + xdg.userDirs.enable = true; materus.profile = { @@ -133,7 +133,10 @@ org.gradle.home=${pkgs.jdk21} ''; - + xdg.dataFile."java-runtimes/graalvm-oracle-17".source = pkgs.graalvmPackages.graalvm-oracle_17; + xdg.dataFile."java-runtimes/graalvm-oracle-latest".source = pkgs.graalvmPackages.graalvm-oracle; + xdg.dataFile."java-runtimes/openjdk21".source = pkgs.jdk21; + xdg.desktopEntries.brave-browser = let env = lib.concatStringsSep " " [ diff --git a/configurations/host/materusPC/network.nix b/configurations/host/materusPC/network.nix index ed350f5..2636ff7 100644 --- a/configurations/host/materusPC/network.nix +++ b/configurations/host/materusPC/network.nix @@ -26,7 +26,7 @@ networking.firewall.allowedTCPPorts = [ 24800 5900 5357 4656 8080 9943 9944 22000 config.services.syncthing.relay.statusPort config.services.syncthing.relay.port # Syncthing - 25565 8100 # Minecraft + BlueMap + 25565 25570 8100 # Minecraft + BlueMap + Velocity ]; networking.firewall.allowedUDPPorts = [ (lib.strings.toInt materusArg.wireguard.port) 24800 5900 3702 4656 6000 9943 9944 diff --git a/configurations/host/materusPC/other/apps.nix b/configurations/host/materusPC/other/apps.nix index 1609ae9..6334d56 100644 --- a/configurations/host/materusPC/other/apps.nix +++ b/configurations/host/materusPC/other/apps.nix @@ -14,6 +14,9 @@ programs.chromium.enable = true; programs.chromium.enablePlasmaBrowserIntegration = true; + services.guix.enable = true; + + environment.systemPackages = with pkgs; [ vivaldi diff --git a/configurations/host/materusPC/vm/win-vfio/default.nix b/configurations/host/materusPC/vm/win-vfio/default.nix index 45f9c3d..c4ed45a 100644 --- a/configurations/host/materusPC/vm/win-vfio/default.nix +++ b/configurations/host/materusPC/vm/win-vfio/default.nix @@ -14,18 +14,6 @@ let renice -n "-15" -p "$pid"; done renice -n "-10" -p "$QEMU_PID"; - - echo "${materusArg.materusPC.hostCoresMask}" > /proc/irq/default_smp_affinity - for irq in /proc/irq/[0-9]*/smp_affinity; do - if [ $(cat $irq) = "${materusArg.materusPC.allCoresMask}" ]; then - echo "${materusArg.materusPC.hostCoresMask}" > $irq 2> /dev/null - fi; - done; - for irq in $(cat /proc/interrupts | grep vfio | cut -d ":" -f 1); do - echo "${materusArg.materusPC.vmCoresMask}" > /proc/irq/$irq/smp_affinity; - done - - ''; startHook = /*'' @@ -50,29 +38,9 @@ let chmod 0 /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-card fuser -k /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-render fuser -k /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-card - #pkill Xwayland # Seems to fix reset bug for 7900 XTX echo "0" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/d3cold_allowed" - - ##################################################################### - # Weird bug on kernel 6.7+, after changing bar sizes and binding to vfio driver, performance after returning to host will be lower than expected - # binding to amdgpu after changing bar sizes and binding after it to vfio will work as expected. - # I could skip changing bar sizes since I'm able to use full bar, but keeping it just in case - #echo ''$VIRSH_GPU_VIDEO > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/driver/unbind" - #sleep 1s - #echo "${bar0_host}" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource0_resize" - #echo "${bar2_host}" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource2_resize" - - #echo ''$VIRSH_GPU_VIDEO > /sys/bus/pci/drivers/amdgpu/bind - - #sleep 1s - #echo remove > /sys/bus/pci/devices/$VIRSH_GPU_VIDEO/drm/card*/uevent - #chmod 0 /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-card - #chmod 0 /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-render - #fuser -k /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-render - #fuser -k /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-card - ##################################################################### echo ''$VIRSH_GPU_VIDEO > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/driver/unbind" echo ''$VIRSH_GPU_AUDIO > "/sys/bus/pci/devices/''${VIRSH_GPU_AUDIO}/driver/unbind" @@ -116,12 +84,6 @@ let sysctl vm.stat_interval=1 sysctl -w kernel.watchdog=1 - echo "${materusArg.materusPC.allCoresMask}" > /proc/irq/default_smp_affinity - for irq in /proc/irq/[0-9]*/smp_affinity; do - if [ $(cat $irq) = "${materusArg.materusPC.hostCoresMask}" ] || [ $(cat $irq) = "${materusArg.materusPC.vmCoresMask}" ]; then - echo "${materusArg.materusPC.allCoresMask}" > $irq 2> /dev/null - fi; - done; sleep 1s @@ -178,7 +140,7 @@ in fi #if [ ''$2 = "started" ] && [ ''$3 = "begin" ]; then - + ${startedHook} #fi if [ ''$2 = "release" ] && [ ''$3 = "end" ]; then diff --git a/configurations/host/valkyrie/secrets/private/default.nix b/configurations/host/valkyrie/secrets/private/default.nix index 45d6243..13b986b 100644 Binary files a/configurations/host/valkyrie/secrets/private/default.nix and b/configurations/host/valkyrie/secrets/private/default.nix differ diff --git a/flake.lock b/flake.lock index 4aef523..f0d2c51 100644 --- a/flake.lock +++ b/flake.lock @@ -159,11 +159,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1753549647, - "narHash": "sha256-xGJsvyqRiALpue6g4ZfFANS9CXLGsBdrHmu716UZ5c4=", + "lastModified": 1755594710, + "narHash": "sha256-ShyH8K/qF8E5FhgU0ymh4eVgsR1f0m9ShRVzKawLaw8=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "983dc5dacc3654f92e9c914c10d678ff32f5ca13", + "rev": "c67dd16b807bc8089f5bacc9480c97ea89f973b3", "type": "github" }, "original": { @@ -182,11 +182,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1753549647, - "narHash": "sha256-xGJsvyqRiALpue6g4ZfFANS9CXLGsBdrHmu716UZ5c4=", + "lastModified": 1755594710, + "narHash": "sha256-ShyH8K/qF8E5FhgU0ymh4eVgsR1f0m9ShRVzKawLaw8=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "983dc5dacc3654f92e9c914c10d678ff32f5ca13", + "rev": "c67dd16b807bc8089f5bacc9480c97ea89f973b3", "type": "github" }, "original": { @@ -436,11 +436,11 @@ ] }, "locked": { - "lastModified": 1753479839, - "narHash": "sha256-E/rPVh7vyPMJUFl2NAew+zibNGfVbANr8BP8nLRbLkQ=", + "lastModified": 1753592768, + "narHash": "sha256-oV695RvbAE4+R9pcsT9shmp6zE/+IZe6evHWX63f2Qg=", "owner": "nix-community", "repo": "home-manager", - "rev": "0b9bf983db4d064764084cd6748efb1ab8297d1e", + "rev": "fc3add429f21450359369af74c2375cb34a2d204", "type": "github" }, "original": { @@ -458,11 +458,11 @@ ] }, "locked": { - "lastModified": 1753567913, - "narHash": "sha256-eYrqSRI1/mrnVGCGYO+zkKHUszwJQodq/qDHh+mzvkI=", + "lastModified": 1755569926, + "narHash": "sha256-s7D28zPHlFWVZ7dDxm0L1o5+t423rMJUfgCMGUeyYSk=", "owner": "nix-community", "repo": "home-manager", - "rev": "2b73c2fcca690b6eca4f520179e54ae760f25d4e", + "rev": "c613ac14f5600033bf84ae75c315d5ce24a0229b", "type": "github" }, "original": { @@ -477,11 +477,11 @@ "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1753567913, - "narHash": "sha256-eYrqSRI1/mrnVGCGYO+zkKHUszwJQodq/qDHh+mzvkI=", + "lastModified": 1755569926, + "narHash": "sha256-s7D28zPHlFWVZ7dDxm0L1o5+t423rMJUfgCMGUeyYSk=", "owner": "nix-community", "repo": "home-manager", - "rev": "2b73c2fcca690b6eca4f520179e54ae760f25d4e", + "rev": "c613ac14f5600033bf84ae75c315d5ce24a0229b", "type": "github" }, "original": { @@ -501,11 +501,11 @@ ] }, "locked": { - "lastModified": 1753495822, - "narHash": "sha256-aGZhjaICmLAW0BnG+V0zGCP6xqoYFfr/d4LlLIvap9A=", + "lastModified": 1755568911, + "narHash": "sha256-3hukAjjalnsIpH1N8jkacT5xHA0Z3f+TTW3O63mQWC0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "14f622f160847effcdfae7ef15b8aa9745addf7f", + "rev": "8bb1109dab2a4477e226144ba139066b7720af61", "type": "github" }, "original": { @@ -527,11 +527,11 @@ ] }, "locked": { - "lastModified": 1753495822, - "narHash": "sha256-aGZhjaICmLAW0BnG+V0zGCP6xqoYFfr/d4LlLIvap9A=", + "lastModified": 1755568911, + "narHash": "sha256-3hukAjjalnsIpH1N8jkacT5xHA0Z3f+TTW3O63mQWC0=", "owner": "nix-community", "repo": "nix-vscode-extensions", - "rev": "14f622f160847effcdfae7ef15b8aa9745addf7f", + "rev": "8bb1109dab2a4477e226144ba139066b7720af61", "type": "github" }, "original": { @@ -597,11 +597,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1753122741, - "narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=", + "lastModified": 1755330281, + "narHash": "sha256-aJHFJWP9AuI8jUGzI77LYcSlkA9wJnOIg4ZqftwNGXA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22", + "rev": "3dac8a872557e0ca8c083cdcfc2f218d18e113b0", "type": "github" }, "original": { @@ -613,11 +613,11 @@ }, "nixos-hardware_2": { "locked": { - "lastModified": 1753122741, - "narHash": "sha256-nFxE8lk9JvGelxClCmwuJYftbHqwnc01dRN4DVLUroM=", + "lastModified": 1755330281, + "narHash": "sha256-aJHFJWP9AuI8jUGzI77LYcSlkA9wJnOIg4ZqftwNGXA=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "cc66fddc6cb04ab479a1bb062f4d4da27c936a22", + "rev": "3dac8a872557e0ca8c083cdcfc2f218d18e113b0", "type": "github" }, "original": { @@ -677,11 +677,11 @@ }, "nixpkgs-stable_3": { "locked": { - "lastModified": 1753345091, - "narHash": "sha256-CdX2Rtvp5I8HGu9swBmYuq+ILwRxpXdJwlpg8jvN4tU=", + "lastModified": 1755471983, + "narHash": "sha256-axUoWcm4cNQ36jOlnkD9D40LTfSQgk8ExfHSRm3rTtg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3ff0e34b1383648053bba8ed03f201d3466f90c9", + "rev": "48f4c982de68d966421d2b6f1ddbeb6227cc5ceb", "type": "github" }, "original": { @@ -741,11 +741,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1752950548, - "narHash": "sha256-NS6BLD0lxOrnCiEOcvQCDVPXafX1/ek1dfJHX1nUIzc=", + "lastModified": 1755186698, + "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c87b95e25065c028d31a94f06a62927d18763fdf", + "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", "type": "github" }, "original": { @@ -757,11 +757,11 @@ }, "nixpkgs_6": { "locked": { - "lastModified": 1753429684, - "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=", + "lastModified": 1755186698, + "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7fd36ee82c0275fb545775cc5e4d30542899511d", + "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", "type": "github" }, "original": { @@ -773,11 +773,11 @@ }, "nixpkgs_7": { "locked": { - "lastModified": 1753429684, - "narHash": "sha256-9h7+4/53cSfQ/uA3pSvCaBepmZaz/dLlLVJnbQ+SJjk=", + "lastModified": 1755186698, + "narHash": "sha256-wNO3+Ks2jZJ4nTHMuks+cxAiVBGNuEBXsT29Bz6HASo=", "owner": "nixos", "repo": "nixpkgs", - "rev": "7fd36ee82c0275fb545775cc5e4d30542899511d", + "rev": "fbcf476f790d8a217c3eab4e12033dc4a0f6d23c", "type": "github" }, "original": { @@ -812,11 +812,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1741294988, - "narHash": "sha256-3408u6q615kVTb23WtDriHRmCBBpwX7iau6rvfipcu4=", + "lastModified": 1753980880, + "narHash": "sha256-aj1pbYxL6N+XFqBHjB4B1QP0bnKRcg1AfpgT5zUFsW8=", "owner": "nix-community", "repo": "NUR", - "rev": "b30c245e2c44c7352a27485bfd5bc483df660f0e", + "rev": "16db3e61da7606984a05b4dfc33cd1d26d22fb22", "type": "github" }, "original": { @@ -851,11 +851,11 @@ "treefmt-nix": "treefmt-nix_4" }, "locked": { - "lastModified": 1741294988, - "narHash": "sha256-3408u6q615kVTb23WtDriHRmCBBpwX7iau6rvfipcu4=", + "lastModified": 1753980880, + "narHash": "sha256-aj1pbYxL6N+XFqBHjB4B1QP0bnKRcg1AfpgT5zUFsW8=", "owner": "nix-community", "repo": "NUR", - "rev": "b30c245e2c44c7352a27485bfd5bc483df660f0e", + "rev": "16db3e61da7606984a05b4dfc33cd1d26d22fb22", "type": "github" }, "original": { @@ -871,11 +871,11 @@ "nixpkgs": "nixpkgs_7" }, "locked": { - "lastModified": 1753562419, - "narHash": "sha256-hSutp1wLoj2DBGdhkFUCy8gJHu7YJ8Nt/OgsYrQ/O50=", + "lastModified": 1755595965, + "narHash": "sha256-EBXB+Up0CL+Twt6gHyrk1x7p3g8AZ6vUExFzJor9D8Y=", "owner": "nix-community", "repo": "NUR", - "rev": "294f62a0da32efbda589682cc1f038e773530959", + "rev": "bf9b3a8dd0bb5d78e440cd5b4f0646b581abce79", "type": "github" }, "original": { @@ -895,11 +895,11 @@ ] }, "locked": { - "lastModified": 1748196248, - "narHash": "sha256-1iHjsH6/5UOerJEoZKE+Gx1BgAoge/YcnUsOA4wQ/BU=", + "lastModified": 1754501628, + "narHash": "sha256-FExJ54tVB5iu7Dh2tLcyCSWpaV+lmUzzWKZUkemwXvo=", "owner": "nix-community", "repo": "plasma-manager", - "rev": "b7697abe89967839b273a863a3805345ea54ab56", + "rev": "cca090f8115c4172b9aef6c5299ae784bdd5e133", "type": "github" }, "original": { @@ -921,11 +921,11 @@ ] }, "locked": { - "lastModified": 1748196248, - "narHash": "sha256-1iHjsH6/5UOerJEoZKE+Gx1BgAoge/YcnUsOA4wQ/BU=", + "lastModified": 1754501628, + "narHash": "sha256-FExJ54tVB5iu7Dh2tLcyCSWpaV+lmUzzWKZUkemwXvo=", "owner": "nix-community", "repo": "plasma-manager", - "rev": "b7697abe89967839b273a863a3805345ea54ab56", + "rev": "cca090f8115c4172b9aef6c5299ae784bdd5e133", "type": "github" }, "original": { @@ -971,11 +971,11 @@ ] }, "locked": { - "lastModified": 1752544651, - "narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=", + "lastModified": 1754988908, + "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=", "owner": "Mic92", "repo": "sops-nix", - "rev": "2c8def626f54708a9c38a5861866660395bb3461", + "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48", "type": "github" }, "original": { @@ -993,11 +993,11 @@ ] }, "locked": { - "lastModified": 1752544651, - "narHash": "sha256-GllP7cmQu7zLZTs9z0J2gIL42IZHa9CBEXwBY9szT0U=", + "lastModified": 1754988908, + "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=", "owner": "Mic92", "repo": "sops-nix", - "rev": "2c8def626f54708a9c38a5861866660395bb3461", + "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48", "type": "github" }, "original": {