materus/nixos-config
1
0
Fork 0
mirror of https://github.com/materusPL/nixos-config synced 2026-06-24 17:36:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

materusPC: Init new config

Browse Source
This commit is contained in:
Mateusz Słodkowicz
2026-02-08 10:52:41 +01:00
parent e31a724c4b
commit bd10321f19
30 changed files with 5728 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
nix-config/home/materus/default.nix
+65
View File
@@ -0,0 +1,65 @@
{
config,
pkgs,
lib,
materusArgs,
...
}:
{
home.username = "materus";
home.homeDirectory = lib.mkDefault "/home/materus";
home.stateVersion = "25.11";
home.file = {
".zshrc".source = "${config.xdg.configFile."zsh/cfg".source}/zshrc";
".zshenv".source = "${config.xdg.configFile."zsh/cfg".source}/zshenv";
};
xdg.enable = true;
xdg.configFile."zsh/cfg".source =
config.lib.file.mkOutOfStoreSymlink "/mkk/config/config/shell/zsh";
xdg.configFile."zsh/data/plugins/powerlevel10k".source =
"${pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k";
xdg.configFile."zsh/data/plugins/zsh-history-substring-search".source =
"${pkgs.zsh-history-substring-search}/share/zsh-history-substring-search";
xdg.configFile."zsh/data/plugins/zsh-syntax-highlighting".source =
"${pkgs.zsh-syntax-highlighting}/share/zsh-syntax-highlighting";
xdg.configFile."zsh/data/plugins/zsh-autosuggestions".source =
"${pkgs.zsh-autosuggestions}/share/zsh-autosuggestions";
xdg.configFile."zsh/data/nix.sh".text = ''
source ${pkgs.vte}/etc/profile.d/vte.sh
'';
xdg.userDirs.enable = lib.mkDefault true;
xdg.userDirs.createDirectories = lib.mkDefault config.xdg.userDirs.enable;
xdg.userDirs.desktop = lib.mkDefault "${config.home.homeDirectory}/Pulpit";
xdg.userDirs.documents = lib.mkDefault "${config.home.homeDirectory}/Dokumenty";
xdg.userDirs.download = lib.mkDefault "${config.home.homeDirectory}/Pobrane";
xdg.userDirs.music = lib.mkDefault "${config.xdg.userDirs.extraConfig.XDG_AUDIO_DIR}/Muzyka";
xdg.userDirs.pictures = lib.mkDefault "${config.home.homeDirectory}/Obrazy";
xdg.userDirs.publicShare = lib.mkDefault "${config.home.homeDirectory}/Publiczny";
xdg.userDirs.templates = lib.mkDefault "${config.home.homeDirectory}/Szablony";
xdg.userDirs.videos = lib.mkDefault "${config.home.homeDirectory}/Wideo";
xdg.userDirs.extraConfig = {
XDG_MISC_DIR = lib.mkDefault "${config.home.homeDirectory}/Inne";
XDG_PIC_SCREENSHOTS_DIR = lib.mkDefault "${config.xdg.userDirs.pictures}/Zrzuty ekranu";
XDG_PIC_MEMES_DIR = lib.mkDefault "${config.xdg.userDirs.pictures}/Memy";
XDG_PIC_MISC_DIR = lib.mkDefault "${config.xdg.userDirs.pictures}/Inne";
XDG_PIC_PHOTOS_DIR = lib.mkDefault "${config.xdg.userDirs.pictures}/Zdjęcia";
XDG_PIC_AVATARS_DIR = "${config.xdg.userDirs.pictures}/Avatar";
XDG_AUDIO_DIR = lib.mkDefault "${config.home.homeDirectory}/Audio";
XDG_KEYS_DIR = lib.mkDefault "${config.xdg.userDirs.documents}/Klucze";
};
home.sessionVariables = {
};
programs.home-manager.enable = true;
}
nix-config/host/materusPC/audio.nix
+59
View File
@@ -0,0 +1,59 @@
{ pkgs, lib, ... }:
{
security.rtkit.enable = true;
services.pipewire = {
enable = true;
audio.enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
systemWide = true;
jack.enable = true;
};
environment.sessionVariables =
let
makePluginPath =
format:
"$HOME/.${format}:"
+ (lib.makeSearchPath format [
"$HOME/.nix-profile/lib"
"/run/current-system/sw/lib"
"/etc/profiles/per-user/$USER/lib"
]);
in
{
ALSOFT_DRIVERS = "pulse";
DSSI_PATH = makePluginPath "dssi";
LADSPA_PATH = makePluginPath "ladspa";
LV2_PATH = makePluginPath "lv2";
LXVST_PATH = makePluginPath "lxvst";
VST_PATH = makePluginPath "vst";
VST3_PATH = makePluginPath "vst3";
};
environment.systemPackages = with pkgs; [
openal
pulseaudio
reaper
yabridge
yabridgectl
vital
odin2
surge
fire
decent-sampler
lsp-plugins
];
services.udev.extraRules = ''
KERNEL=="rtc0", GROUP="audio"
KERNEL=="hpet", GROUP="audio"
DEVPATH=="/devices/virtual/misc/cpu_dma_latency", OWNER="root", GROUP="audio", MODE="0660"
'';
}
nix-config/host/materusPC/configuration.nix
+312
View File
@@ -0,0 +1,312 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{
config,
lib,
pkgs,
materusArgs,
...
}:
let
patchedBwrap = pkgs.bubblewrap.overrideAttrs (o: {
patches = (o.patches or [ ]) ++ [
materusArgs.files.patches.bwrap
];
});
in
{
# Use the systemd-boot EFI boot loader.
boot.plymouth.enable = true;
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
# Use latest kernel.
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_zen;
# Set your time zone.
time.timeZone = "Europe/Warsaw";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "pl_PL.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "pl";
useXkbConfig = false; # use xkb.options in tty.
};
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
];
};
programs.java.enable = true;
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
extraPackages = with pkgs; [
vlc
libva
libva-utils
libva-vdpau-driver
mesa
mesa-demos
libvdpau-va-gl
nss
materusArgs.inputs.nixerus.packages.x86_64-linux.polymc
];
extraCompatPackages = [
pkgs.proton-ge-bin
];
package = pkgs.steam.override {
extraEnv = {
PRESSURE_VESSEL_FILESYSTEMS_RW="\${XDG_RUNTIME_DIR}/wivrn/comp_ipc";
#PRESSURE_VESSEL_IMPORT_OPENXR_1_RUNTIMES="1";
};
extraLibraries =
p: with p; [
];
};
};
programs.git = {
enable = true;
lfs.enable = true;
};
programs.gnupg.agent = {
enable = true;
enableSSHSupport = false;
enableBrowserSocket = true;
};
programs.gamescope.enable = true;
programs.gamescope.capSysNice = true;
hardware.uinput.enable = true;
hardware.steam-hardware.enable = true;
programs.gamemode.enable = true;
programs.corectrl.enable = true;
programs.fish.enable = true;
programs.command-not-found.enable = false;
programs.dconf.enable = true;
environment.systemPackages = with pkgs; [
kdePackages.ark
kdePackages.kcalc
vim
nano
(vscodium.fhsWithPackages (
ps: with ps; [
nixfmt-rfc-style
nixd
]
))
obsidian
git-crypt
telegram-desktop
discord
thunderbird-latest
floorp-bin
brave
keepassxc
spotify
remmina
mesa-demos
vulkan-tools
pciutils
schroot
vlc
fastfetch
];
environment.variables = {
};
environment.sessionVariables = {
STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${STEAM_EXTRA_COMPAT_TOOLS_PATHS}\${STEAM_EXTRA_COMPAT_TOOLS_PATHS:+:}\${HOME}/.steam/root/compatibilitytools.d";
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
QT_XKB_CONFIG_ROOT = "\${XKB_CONFIG_ROOT}";
GTK_IM_MODULE = "fcitx";
QT_IM_MODULE = "fcitx";
XMODIFIERS = "@im=fcitx";
SDL_IM_MODULE = "fcitx";
MOZ_USE_XINPUT2 = "1";
PATH = [ "\${XDG_BIN_HOME}" ];
};
environment.shellInit = ''
if ! [ -z "$DISPLAY" ]; then xhost +si:localuser:root &> /dev/null; fi;
if ! [ -z "$DISPLAY" ]; then xhost +si:localuser:$USER &> /dev/null; fi;
'';
i18n.inputMethod.enabled = "fcitx5";
i18n.inputMethod.fcitx5.addons = [
pkgs.kdePackages.fcitx5-configtool
pkgs.fcitx5-lua
pkgs.fcitx5-mozc
pkgs.fcitx5-gtk
pkgs.kdePackages.fcitx5-qt
];
environment.enableAllTerminfo = true;
environment.pathsToLink = [
"/share/zsh"
"/share/bash-completion"
"/share/fish"
];
environment.shells = with pkgs; [
zsh
bashInteractive
fish
nushell
];
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Define a user account. Don't forget to set a password with passwd.
users.users.materus = {
isNormalUser = true;
extraGroups = [
"audio"
"video"
"render"
"pipewire"
"wheel"
"networkmanager"
"input"
"kvm"
"libvirt-qemu"
"libvirt"
"libvirtd"
"podman"
"scanner"
"lp"
];
#shell = pkgs.zsh;
description = "Mateusz Słodkowicz";
#openssh.authorizedKeys.keyFiles = [ ("${materusArg.cfg.path}" + "/extraFiles/keys/ssh/materus.pub") ];
#hashedPasswordFile = config.sops.secrets."users/materus".path;
};
programs.firefox.enable = true;
fonts.packages = [
pkgs.dejavu_fonts
pkgs.freefont_ttf
pkgs.gyre-fonts
pkgs.liberation_ttf
pkgs.unifont
pkgs.noto-fonts
pkgs.noto-fonts-color-emoji
pkgs.noto-fonts-cjk-sans
pkgs.noto-fonts-cjk-serif
pkgs.wqy_zenhei
pkgs.corefonts
pkgs.hack-font
pkgs.nerd-fonts.hack
pkgs.ubuntu-classic
pkgs.monocraft
pkgs.nerd-fonts.droid-sans-mono
pkgs.nerd-fonts.meslo-lg
pkgs.nerd-fonts.profont
pkgs.nerd-fonts.fira-code
];
fonts.enableDefaultPackages = lib.mkDefault true;
fonts.fontconfig.enable = lib.mkDefault true;
fonts.fontconfig.cache32Bit = lib.mkDefault true;
fonts.fontconfig.defaultFonts.sansSerif = [
"Noto Sans"
"DejaVu Sans"
"WenQuanYi Zen Hei"
"Noto Color Emoji"
];
fonts.fontconfig.defaultFonts.serif = [
"Noto Serif"
"DejaVu Serif"
"WenQuanYi Zen Hei"
"Noto Color Emoji"
];
fonts.fontconfig.defaultFonts.emoji = [
"Noto Color Emoji"
"OpenMoji Color"
];
fonts.fontconfig.defaultFonts.monospace = [
"Hack Nerd Font"
"Noto Sans Mono"
"WenQuanYi Zen Hei Mono"
];
fonts.fontDir.enable = lib.mkDefault true;
nixpkgs.config.allowUnfree = true;
nix.settings = {
experimental-features = lib.mkMerge [
[
"nix-command"
"flakes"
"no-url-literals"
]
];
auto-optimise-store = true;
trusted-users = [
"root"
"@wheel"
];
substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
"https://nixerus.cachix.org/"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixerus.cachix.org-1:2x7sIG7y1vAoxc8BNRJwsfapZsiX4hIl4aTi9V5ZDdE="
];
};
users.defaultUserShell = pkgs.zsh;
programs.zsh = {
enable = true;
enableGlobalCompInit = false;
interactiveShellInit = ''
if [[ ''${__MATERUS_HM_ZSH:-0} == 0 ]]; then
source ${pkgs.grml-zsh-config}/etc/zsh/zshrc
fi
'';
promptInit = '''';
};
systemd.sleep.extraConfig = ''
AllowSuspend=yes
AllowHibernation=no
AllowHybridSleep=no
AllowSuspendThenHibernate=no
'';
system.stateVersion = "25.11";
}
nix-config/host/materusPC/default.nix
+17
View File
@@ -0,0 +1,17 @@
{ ... }:
{
imports = [
./configuration.nix
./audio.nix
./network.nix
./services.nix
./virtualization/libvirt.nix
./virtualization/vfio.nix
./virtualization/containers.nix
./hardware-configuration.nix
./private
];
}
nix-config/host/materusPC/hardware-configuration.nix
+196
View File
@@ -0,0 +1,196 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
let
video = [
"video=HDMI-A-3:1920x1080@144"
"video=DP-3:1920x1080@240"
];
vmCores = "8-15,24-31";
in
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"pci-stub"
"amdgpu"
"i2c_dev"
"kvm_amd"
"vfio"
"vfio_iommu_type1"
"vfio-pci"
"kvmfr"
];
boot.extraModprobeConfig = ''
options kvm_amd nested=1 avic=1 npt=1 sev=0
options vfio_iommu_type1 allow_unsafe_interrupts=1
options kvmfr static_size_mb=64
'';
boot.kernel.sysctl = {
"vm.max_map_count" = 1000000;
"vm.swappiness" = 10;
"net.ipv4.ip_forward" = 1;
};
boot.extraModulePackages = with config.boot.kernelPackages; [
v4l2loopback
kvmfr
];
boot.kernelParams = [
"rcu_nocbs=${vmCores}"
"nohz_full=${vmCores}"
"vfio_iommu_type1.allow_unsafe_interrupts=1"
"pcie_acs_override=downstream,multifunction"
#''vfio-pci.ids="1002:744c"''
"nox2apic"
"nvme_core.default_ps_max_latency_us=0"
"nvme_core.io_timeout=255"
"nvme_core.max_retries=10"
"nvme_core.shutdown_timeout=10"
"amd_iommu=on"
"amdgpu.ppfeaturemask=0xffffffff"
#"amdgpu.runpm=0"
"iommu=pt"
"psi=1"
"i915.force_probe=!56a6"
"xe.force_probe=56a6"
]
++ video;
boot.supportedFilesystems = [
"ntfs"
"btrfs"
"vfat"
"exfat"
"ext4"
];
boot.tmp.useTmpfs = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.loader.grub = {
enable = true;
efiSupport = true;
device = "nodev";
gfxmodeEfi = pkgs.lib.mkDefault "1920x1080@240";
gfxmodeBios = pkgs.lib.mkDefault "1920x1080@240";
useOSProber = true;
memtest86.enable = true;
};
fileSystems."/" = {
device = "/dev/disk/by-label/materusPC_ROOT";
fsType = "btrfs";
options = [
"subvol=@"
"noatime"
"compress=zstd"
"ssd"
"space_cache=v2"
];
};
boot.initrd.luks.devices."ROOT_1".device = "/dev/disk/by-label/CRYPT_ROOT_1";
boot.initrd.luks.devices."ROOT_2".device = "/dev/disk/by-label/CRYPT_ROOT_2";
fileSystems."/home" = {
device = "/dev/disk/by-label/materusPC_ROOT";
fsType = "btrfs";
options = [
"subvol=@home"
"noatime"
"compress=zstd"
"ssd"
"space_cache=v2"
];
};
fileSystems."/nix" = {
device = "/dev/disk/by-label/materusPC_ROOT";
fsType = "btrfs";
options = [
"subvol=@nix"
"noatime"
"compress=zstd"
"ssd"
"space_cache=v2"
];
};
fileSystems."/var/log" = {
device = "/dev/disk/by-label/materusPC_ROOT";
fsType = "btrfs";
options = [
"subvol=@log"
"noatime"
"compress=zstd"
"ssd"
"space_cache=v2"
];
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/materusPC_BOOT";
fsType = "ext4";
};
fileSystems."/boot/efi" = {
device = "/dev/disk/by-label/EFI";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
fileSystems."/etc/nixos" = {
device = "/mkk/config";
fsType = "none";
options = [ "bind" ];
depends = [ "/" ];
};
swapDevices = [
{ label = "materusPC_SWAP"; }
];
zramSwap = {
enable = true;
memoryPercent = 50;
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
settings = {
General = {
Experimental = true;
FastConnectable = true;
};
Policy = {
AutoEnable = true;
};
};
};
}
nix-config/host/materusPC/home-manager/materus.nix
+33
View File
@@ -0,0 +1,33 @@
{ pkgs, materusArgs, ... }:
{
programs.git = {
enable = true;
lfs.enable = true;
settings = {
user.email = "materus@podkos.pl";
user.name = "materus";
commit.gpgsign = true;
gpg.format = "ssh";
};
signing.signByDefault = true;
signing.key = "/mkk/config/extra-files/ssh/materus.pub";
};
home.packages = with pkgs; [
materusArgs.inputs.nixerus.packages.x86_64-linux.polymc
curl
wget
python3
packwiz
ani-cli
mpv
libreoffice-qt6-fresh
];
xdg.dataFile."java-runtimes/graalvm-oracle-17".source = pkgs.graalvmPackages.graalvm-oracle_17;
xdg.dataFile."java-runtimes/graalvm-oracle-latest".source = pkgs.graalvmPackages.graalvm-oracle;
xdg.dataFile."java-runtimes/openjdk21".source = pkgs.jdk21;
}
nix-config/host/materusPC/network.nix
+49
View File
@@ -0,0 +1,49 @@
{
config,
pkgs,
lib,
mkk,
...
}:
{
sops.templates."networkmanager.env".content = ''
WIREGUARD_PRIVATEKEY="${config.sops.placeholder.wireguard}"
'';
networking.hostName = "materusPC";
networking.wireless.iwd.enable = true;
networking.networkmanager.enable = true;
networking.firewall.enable = false;
networking.networkmanager.ensureProfiles.environmentFiles = [
config.sops.templates."networkmanager.env".path
];
networking.networkmanager.ensureProfiles.profiles = {
wg0 = {
connection = {
id = "PodKos";
type = "wireguard";
interface-name = "wg-podkos";
};
wireguard = {
private-key = "$WIREGUARD_PRIVATEKEY";
};
"wireguard-peer.${mkk.wireguard.peers.valkyrie.pubKey}" = {
endpoint = "${mkk.network.valkyrie.ip}:${mkk.wireguard.peers.valkyrie.port}";
allowed-ips = "${mkk.wireguard.ip-masks.main};${mkk.wireguard.ip-masks.guest};${mkk.wireguard.ip-masks.asia};${mkk.wireguard.peers.valkyrie.ip}/32;";
persistent-keepalive = "20";
};
ipv4 = {
address1 = "${mkk.wireguard.peers.materusPC.ip}/32";
dns = "${mkk.wireguard.peers.valkyrie.ip};";
method = "manual";
never-default = "true";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "disabled";
};
proxy = { };
};
};
}
nix-config/host/materusPC/private/default.nix
BIN
View File
Binary file not shown.
nix-config/host/materusPC/private/secrets.yaml
BIN
View File
Binary file not shown.
nix-config/host/materusPC/services.nix
+112
View File
@@ -0,0 +1,112 @@
{ pkgs, ... }:
{
imports = [
#region KDE
{
services.displayManager.sddm.enable = true;
services.displayManager.sddm.wayland.enable = true;
services.desktopManager.plasma6.enable = true;
services.desktopManager.plasma6.enableQt5Integration = true;
environment.variables = {
#Fix for amdgpu crashes
KWIN_DRM_USE_MODIFIERS = "0";
KWIN_DRM_NO_DIRECT_SCANOUT = "1";
QT_PLUGIN_PATH = [
"${pkgs.qt6.qtimageformats}/${pkgs.qt6.qtbase.qtPluginPrefix}"
"${pkgs.kdePackages.ffmpegthumbs}/${pkgs.qt6.qtbase.qtPluginPrefix}"
];
XCURSOR_THEME = "breeze_cursors";
};
}
#endregion
];
#region Printing
services.avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
services.printing = {
enable = true;
drivers = with pkgs; [
cups-filters
cups-browsed
hplipWithPlugin
];
};
#endregion
programs.kdeconnect.enable = true;
services.libinput.enable = true;
services.dbus.enable = true;
services.dbus.packages = [ pkgs.gcr ];
services.flatpak.enable = true;
services.gvfs.enable = true;
services.davfs2.enable = true;
programs.ssh.startAgent = true;
services.openssh.enable = true;
services.openssh.openFirewall = true;
#region Sunshine
services.sunshine = {
enable = true;
capSysAdmin = true;
openFirewall = true;
autoStart = false;
};
#endregion
#region Syncthing
services.syncthing = {
enable = true;
user = "materus";
dataDir = "/home/materus";
};
#endregion
#region Samba
services.samba-wsdd.enable = true;
services.samba-wsdd.openFirewall = true;
services.samba = {
enable = true;
package = pkgs.sambaFull;
openFirewall = true;
settings = {
global = {
"workgroup" = "WORKGROUP";
"server string" = "smbmaterus";
"netbios name " = "smbmaterus";
"security" = "user";
"hosts allow" = "192.168.122. 127.0.0.1 localhost";
"hosts deny" = "0.0.0.0/0";
"guest account" = "nobody";
"map to guest" = "bad user";
"allow insecure wide links" = "yes";
};
windows = {
"path" = "/mkk/data/share/vm_share/";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "materus";
"force group" = "users";
"follow symlinks" = "yes";
"wide links" = "yes";
};
};
};
#endregion
#region WiVRn
services.wivrn = {
enable = true;
openFirewall = true;
defaultRuntime = true;
};
#endregion
}
nix-config/host/materusPC/virtualization/containers.nix
+16
View File
@@ -0,0 +1,16 @@
{ ... }:
{
imports = [
./nspawn/arch.nix
];
virtualisation.lxc.enable = true;
virtualisation.lxc.lxcfs.enable = true;
virtualisation.waydroid.enable = true;
virtualisation.podman = {
enable = true;
dockerCompat = true;
dockerSocket.enable = true;
};
}
nix-config/host/materusPC/virtualization/libvirt.nix
+111
View File
@@ -0,0 +1,111 @@
{ pkgs, config, ... }:
{
virtualisation.libvirtd = {
enable = true;
onBoot = "ignore";
onShutdown = "shutdown";
qemu.runAsRoot = true;
qemu.swtpm.enable = true;
qemu.package = pkgs.qemu_full;
};
virtualisation.spiceUSBRedirection.enable = true;
environment.systemPackages = with pkgs; [
virtiofsd
config.virtualisation.libvirtd.qemu.package
looking-glass-client
virt-manager
libguestfs-with-appliance
];
# Packages for QEMU hooks
systemd.services.libvirtd = {
path =
let
env = pkgs.buildEnv {
name = "qemu-hook-env";
paths = with pkgs; [
bash
libvirt
kmod
systemd
ripgrep
sd
coreutils
sudo
su
killall
procps
util-linux
bindfs
qemu-utils
psmisc
procps
];
};
in
[ env ];
};
# Shared qcow drive
systemd.services.windows-share-mount = {
wantedBy = [ "multi-user.target" ];
path = [
config.virtualisation.libvirtd.qemu.package
pkgs.util-linux
pkgs.kmod
pkgs.coreutils
];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
unitConfig.ConditionPathExists = "/mkk/data/vm/data.qcow2";
script = ''
modprobe nbd max_part=10
sleep 1
qemu-nbd -c /dev/nbd10 /mkk/data/vm/data.qcow2 --discard=unmap
sleep 1
mount /dev/nbd10p1 /mkk/data/mounts/windows -o uid=1000,gid=100
'';
preStop = ''
umount -r /dev/nbd10p1
qemu-nbd -d /dev/nbd10
'';
};
#Hugepages
systemd.mounts = [
{
where = "/dev/hugepages";
enable = false;
}
{
where = "/dev/hugepages/hugepages-2048kB";
enable = true;
what = "hugetlbfs";
type = "hugetlbfs";
options = "pagesize=2M";
requiredBy = [ "basic.target" ];
}
{
where = "/dev/hugepages/hugepages-1048576kB";
enable = true;
what = "hugetlbfs";
type = "hugetlbfs";
options = "pagesize=1G";
requiredBy = [ "basic.target" ];
}
];
virtualisation.libvirtd.qemu.verbatimConfig = ''
cgroup_device_acl = [
"/dev/null", "/dev/full", "/dev/zero",
"/dev/random", "/dev/urandom",
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
"/dev/rtc","/dev/hpet", "/dev/vfio/vfio",
"/dev/kvmfr0"
]
'';
}
nix-config/host/materusPC/virtualization/nspawn/arch.nix
+146
View File
@@ -0,0 +1,146 @@
{
config,
pkgs,
lib,
...
}:
let
mainMirror = "https://ftp.icm.edu.pl/pub/Linux/dist/archlinux";
extraMirrors = [ ];
getty = [
8
9
];
ttys = [
8
9
] ++ getty;
startPkgs = lib.strings.concatStringsSep " " [
"base"
"base-devel"
"dbus"
"less"
"nano"
"bash-completion"
];
scripts = {
preStart = pkgs.writeShellScript "arch-pre-start" ''
if [ ! -d "/var/lib/machines/archlinux" ]; then
export PATH=''${PATH:+''${PATH}:}${
lib.strings.makeBinPath (
with pkgs;
[
wget
coreutils-full
gnutar
zstd
]
)
}
ARCH_IMAGE=$(mktemp)
trap 'rm $ARCH_IMAGE' EXIT
wget "${mainMirror}/iso/latest/archlinux-bootstrap-x86_64.tar.zst" -O $ARCH_IMAGE
mkdir -p /var/lib/machines/archlinux
trap 'rm -rf /var/lib/machines/archlinux' ERR
tar -xaf $ARCH_IMAGE -C "/var/lib/machines/archlinux" --strip-components=1 --numeric-owner
printf 'Server = %s/$repo/os/$arch\n' "${mainMirror}" > /var/lib/machines/archlinux/etc/pacman.d/mirrorlist
rm "/var/lib/machines/archlinux/etc/resolv.conf"
[ -f "/var/lib/machines/archlinux/etc/securetty" ] && \
printf 'pts/%d\n' $(seq 0 10) >>"/var/lib/machines/archlinux/etc/securetty"
systemd-machine-id-setup --root="/var/lib/machines/archlinux"
systemd-nspawn -q --settings=false --system-call-filter=@sandbox -D "/var/lib/machines/archlinux" /bin/sh -c "
export PATH=/bin
touch /etc/systemd/do-not-udevadm-trigger-on-update
pacman-key --init && pacman-key --populate
pacman -Rs --noconfirm arch-install-scripts
pacman -Sy --noconfirm --needed ${startPkgs}
pacman -Syu --noconfirm
systemctl disable getty@tty1.service
${
lib.strings.concatStringsSep "\n" (
lib.lists.forEach getty (x: "systemctl enable getty@tty${builtins.toString x}.service")
)
}
"
fi
'';
};
in
{
systemd.nspawn."archlinux" = {
enable = true;
execConfig = {
Boot = true;
SystemCallFilter = [ "@known" ];
Timezone = "symlink";
Capability = "all";
PrivateUsers = "no";
ResolvConf = "copy-host";
};
filesConfig = {
BindReadOnly = [
"/nix"
"/run/current-system"
"/run/booted-system"
"/run/opengl-driver"
"/run/opengl-driver-32"
];
Bind = [
"/:/run/host-root"
"/run/udev"
"/run/pipewire"
"/run/pulse"
"/sys/class"
"/sys/devices"
"/dev/fuse"
"/dev/snd"
"/dev/input"
"/dev/uinput"
"/dev/shm"
"/dev/kfd"
"/dev/dri"
"/dev/tty"
"/dev/tty0"
"/var/lib/flatpak"
"/var/lib/containers"
"/tmp/.X11-unix"
/mkk
] ++ lib.lists.forEach ttys (x: "/dev/tty${builtins.toString x}");
};
networkConfig = {
Bridge = "br0";
};
};
systemd.services."systemd-nspawn@archlinux" = {
enable = true;
preStart = "${scripts.preStart}";
overrideStrategy = "asDropin";
serviceConfig = {
DeviceAllow = [
"char-* rwm"
"block-* rwm"
"/dev/shm rwm"
];
};
};
}
nix-config/host/materusPC/virtualization/vfio.nix
+178
View File
@@ -0,0 +1,178 @@
{ config, pkgs, ... }:
let
bar0_guest = "15";
bar2_guest = "8";
bar0_host = "15";
bar2_host = "8";
allCores = "0-31";
allCoresMask = "ffffffff";
hostCores = "0-7,16-23";
hostCoresMask = "00ff00ff";
vmCores = "8-15,24-31";
vmCoresMask = "ff00ff00";
VM_UUID = "ad2632db-0da0-4204-98b3-0592a185ebd0";
startedHook = ''
# Renice QEMU process and threads
QEMU_PID=$(ps aux | grep qemu-system-x86_64 | grep "${VM_UUID}" | tr -s ' ' | cut -d " " -f 2)
for pid in $(ls /proc/$QEMU_PID/task); do
renice -n "-15" -p "$pid";
done
renice -n "-10" -p "$QEMU_PID";
'';
startHook =
/*
''
# Debugging
exec 19>/home/materus/startlogfile
BASH_XTRACEFD=19
set -x
exec 3>&1 4>&2
trap 'exec 2>&4 1>&3' 0 1 2 3
exec 1>/home/materus/startlogfile.out 2>&1
''
+
*/
''
# Service for my shared qcow2 drive, it's mounted to host when VM not running
systemctl stop windows-share-mount.service
# Stop arch container, script doesnt kill things in container so gpu will be in broken state without it
if [ $(systemctl is-active systemd-nspawn@archlinux) = "active" ]; then
systemctl stop systemd-nspawn@archlinux;
sleep 5s;
while [ $(systemctl is-active systemd-nspawn@archlinux) = "active" ];do sleep 2s; done;
fi
# Remember non symlink path to card and render, symlink might get deleted
DRI_RENDER=$(readlink -f /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-render)
DRI_CARD=$(readlink -f /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-card)
# Send "remove" event so wayland compositors can release gpu, sleep because it doesnt work instantly
echo remove > /sys/bus/pci/devices/$VIRSH_GPU_VIDEO/drm/card*/uevent
sleep 3s
# Remove all permissions from DRI nodes so no new processes will attach to it, kill all processes currently using it
chmod 0 $DRI_RENDER
chmod 0 $DRI_CARD
fuser -k $DRI_RENDER
fuser -k $DRI_CARD
# Seems to fix reset bug for 7900 XTX
echo "0" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/d3cold_allowed"
# Unbind GPU from drivers
echo ''$VIRSH_GPU_VIDEO > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/driver/unbind"
echo ''$VIRSH_GPU_AUDIO > "/sys/bus/pci/devices/''${VIRSH_GPU_AUDIO}/driver/unbind"
# Optionally resize bars, it's pointless for me since it's full size here but keeping just in case
echo "${bar0_guest}" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource0_resize"
echo "${bar2_guest}" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource2_resize"
# Compact memory if possible to make continuous space for transparent huge pages
sync
echo "3" > /proc/sys/vm/drop_caches
sync
echo "1" > /proc/sys/vm/compact_memory
# Set host cgroups and workqueue to use defined cpu cores (I'm using first half of cpu on host, second half on guest)
systemctl set-property --runtime -- user.slice AllowedCPUs=${hostCores}
systemctl set-property --runtime -- system.slice AllowedCPUs=${hostCores}
systemctl set-property --runtime -- init.scope AllowedCPUs=${hostCores}
echo "${hostCoresMask}" > /sys/bus/workqueue/devices/writeback/cpumask
# Set performance governor if not set
echo performance | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
# Reduce interval of memory statistics to 120s from default 1s
sysctl vm.stat_interval=120
'';
stopHook = ''
# Debugging
# exec 19>/home/materus/stoplogfile
# BASH_XTRACEFD=19
# set -x
# exec 3>&1 4>&2
# trap 'exec 2>&4 1>&3' 0 1 2 3
# exec 1>/home/materus/stoplogfile.out 2>&1
# echo performance | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
# Stop arch container, sometimes gpu doesnt return properly if it's active
if [ $(systemctl is-active systemd-nspawn@archlinux) = "active" ]; then
systemctl stop systemd-nspawn@archlinux;
sleep 5s;
while [ $(systemctl is-active systemd-nspawn@archlinux) = "active" ]; do sleep 2s; done;
fi
sysctl vm.stat_interval=1
sleep 1s
echo ''$VIRSH_GPU_VIDEO > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/driver/unbind"
echo ''$VIRSH_GPU_AUDIO > "/sys/bus/pci/devices/''${VIRSH_GPU_AUDIO}/driver/unbind"
echo "${bar0_host}" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource0_resize"
echo "${bar2_host}" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource2_resize"
echo "1" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/d3cold_allowed"
echo ''$VIRSH_GPU_VIDEO > /sys/bus/pci/drivers/amdgpu/bind
echo ''$VIRSH_GPU_AUDIO > /sys/bus/pci/drivers/snd_hda_intel/bind
systemctl start windows-share-mount.service
systemctl set-property --runtime -- user.slice AllowedCPUs=${allCores}
systemctl set-property --runtime -- system.slice AllowedCPUs=${allCores}
systemctl set-property --runtime -- init.scope AllowedCPUs=${allCores}
echo "${allCoresMask}" > /sys/bus/workqueue/devices/writeback/cpumask
'';
in
{
services.udev.extraRules = ''
SUBSYSTEM=="kvmfr", OWNER="root", GROUP="kvm", MODE="0660"
'';
virtualisation.libvirtd.hooks.qemu = {
"windows-vfio" = pkgs.writeShellScript "windows.sh" ''
VIRSH_GPU_VIDEO="0000:03:00.0"
VIRSH_GPU_AUDIO="0000:03:00.1"
VIRSH_USB1="0000:10:00.0"
if [ ''$1 = "windows-vfio" ]; then
if [ ''$2 = "prepare" ] && [ ''$3 = "begin" ]; then
${startHook}
fi
#if [ ''$2 = "started" ] && [ ''$3 = "begin" ]; then
${startedHook}
#fi
if [ ''$2 = "release" ] && [ ''$3 = "end" ]; then
${stopHook}
fi
fi
'';
};
}
nix-config/shared/default.nix
+4
View File
@@ -0,0 +1,4 @@
{ ... }:
{
config._module.args.mkk = import ./private/variables.nix;
}
nix-config/shared/private/variables.nix
BIN
View File
Binary file not shown.
nix-config/subflake/flake.nix
+62
View File
@@ -0,0 +1,62 @@
{
description = "All the flakes";
inputs = {
nixpkgs = {
type = "github";
owner = "NixOS";
repo = "nixpkgs";
ref = "nixos-unstable";
};
flake-utils = {
type = "github";
owner = "numtide";
repo = "flake-utils";
ref = "main";
};
home-manager = {
type = "github";
owner = "nix-community";
repo = "home-manager";
ref = "master";
inputs = {
nixpkgs.follows = "nixpkgs";
};
};
nixerus = {
type = "github";
owner = "materusPL";
repo = "Nixerus";
ref = "master";
inputs = {
nixpkgs.follows = "nixpkgs";
home-manager.follows = "home-manager";
};
};
sops-nix = {
type = "github";
owner = "Mic92";
repo = "sops-nix";
ref = "master";
inputs = {
nixpkgs.follows = "nixpkgs";
};
};
nix-vscode-extensions = {
type = "github";
owner = "nix-community";
repo = "nix-vscode-extensions";
ref = "master";
inputs = {
nixpkgs.follows = "nixpkgs";
};
};
};
outputs = inputs: inputs;
}