materus/nixos-config
1
0
Fork 0
mirror of https://github.com/materusPL/nixos-config synced 2026-02-12 16:17:21 +01:00
Code Issues Packages Projects Releases Wiki Activity

materusPC: Init new config

Browse Source
This commit is contained in:
Mateusz Słodkowicz 2026-02-08 10:52:41 +01:00
parent e31a724c4b
commit bd10321f19
Signed by: materus
SSH Key Fingerprint: SHA256:rzVduzTiiszuYfLPYD0SDZV+g8lxhpcRgpbOZA1X0Uo
30 changed files with 5728 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitattributes vendored Normal file
View File

@ -0,0 +1,2 @@
**/private/** filter=git-crypt diff=git-crypt
encrypted-test filter=git-crypt diff=git-crypt

2
.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
\#*\#
.vscode

45
config/shell/zsh/extra/zinputrc Normal file
View File

@ -0,0 +1,45 @@
# Stolen from ArchWiki
# create a zkbd compatible hash;
# to add other keys to this hash, see: man 5 terminfo
typeset -A key
key[Home]=${terminfo[khome]}
key[End]=${terminfo[kend]}
key[Insert]=${terminfo[kich1]}
key[Delete]=${terminfo[kdch1]}
key[Up]=${terminfo[kcuu1]}
key[Down]=${terminfo[kcud1]}
key[Left]=${terminfo[kcub1]}
key[Right]=${terminfo[kcuf1]}
key[PageUp]=${terminfo[kpp]}
key[PageDown]=${terminfo[knp]}
# setup key accordingly
[[ -n "${key[Home]}" ]] && bindkey "${key[Home]}" beginning-of-line
[[ -n "${key[End]}" ]] && bindkey "${key[End]}" end-of-line
[[ -n "${key[Insert]}" ]] && bindkey "${key[Insert]}" overwrite-mode
[[ -n "${key[Delete]}" ]] && bindkey "${key[Delete]}" delete-char
[[ -n "${key[Up]}" ]] && bindkey "${key[Up]}" up-line-or-history
[[ -n "${key[Down]}" ]] && bindkey "${key[Down]}" down-line-or-history
[[ -n "${key[Left]}" ]] && bindkey "${key[Left]}" backward-char
[[ -n "${key[Right]}" ]] && bindkey "${key[Right]}" forward-char
[[ -n "${key[PageUp]}" ]] && bindkey "${key[PageUp]}" beginning-of-buffer-or-history
[[ -n "${key[PageDown]}" ]] && bindkey "${key[PageDown]}" end-of-buffer-or-history
# Finally, make sure the terminal is in application mode, when zle is
# active. Only then are the values from $terminfo valid.
if (( ${+terminfo[smkx]} )) && (( ${+terminfo[rmkx]} )); then
function zle-line-init () {
printf '%s' "${terminfo[smkx]}"
}
function zle-line-finish () {
printf '%s' "${terminfo[rmkx]}"
}
zle -N zle-line-init
zle -N zle-line-finish
fi

190
config/shell/zsh/extra/zshcompletion.zsh Normal file
View File

@ -0,0 +1,190 @@
#Stolen from grml zsh config
function __zsh_compl () {
# TODO: This could use some additional information
# Make sure the completion system is initialised
(( ${+_comps} )) || return 1
# allow one error for every three characters typed in approximate completer
zstyle ':completion:*:approximate:' max-errors 'reply=( $((($#PREFIX+$#SUFFIX)/3 )) numeric )'
# don't complete backup files as executables
zstyle ':completion:*:complete:-command-::commands' ignored-patterns '(aptitude-*|*\~)'
# start menu completion only if it could find no unambiguous initial string
zstyle ':completion:*:correct:*' insert-unambiguous true
zstyle ':completion:*:corrections' format $'%{\e[0;31m%}%d (errors: %e)%{\e[0m%}'
zstyle ':completion:*:correct:*' original true
# activate color-completion
zstyle ':completion:*:default' list-colors ${(s.:.)LS_COLORS}
# format on completion
zstyle ':completion:*:descriptions' format $'%{\e[0;31m%}completing %B%d%b%{\e[0m%}'
# automatically complete 'cd -<tab>' and 'cd -<ctrl-d>' with menu
# zstyle ':completion:*:*:cd:*:directory-stack' menu yes select
# insert all expansions for expand completer
zstyle ':completion:*:expand:*' tag-order all-expansions
zstyle ':completion:*:history-words' list false
# activate menu
zstyle ':completion:*:history-words' menu yes
# ignore duplicate entries
zstyle ':completion:*:history-words' remove-all-dups yes
zstyle ':completion:*:history-words' stop yes
# match uppercase from lowercase
zstyle ':completion:*' matcher-list 'm:{a-z}={A-Z}'
# separate matches into groups
zstyle ':completion:*:matches' group 'yes'
zstyle ':completion:*' group-name ''
if [[ "$NOMENU" -eq 0 ]] ; then
# if there are more than 5 options allow selecting from a menu
zstyle ':completion:*' menu select=5
else
# don't use any menus at all
setopt no_auto_menu
fi
zstyle ':completion:*:messages' format '%d'
zstyle ':completion:*:options' auto-description '%d'
# describe options in full
zstyle ':completion:*:options' description 'yes'
# on processes completion complete all user processes
zstyle ':completion:*:processes' command 'ps -au$USER'
# offer indexes before parameters in subscripts
zstyle ':completion:*:*:-subscript-:*' tag-order indexes parameters
# provide verbose completion information
zstyle ':completion:*' verbose true
# recent (as of Dec 2007) zsh versions are able to provide descriptions
# for commands (read: 1st word in the line) that it will list for the user
# to choose from. The following disables that, because it's not exactly fast.
zstyle ':completion:*:-command-:*:' verbose false
# set format for warnings
zstyle ':completion:*:warnings' format $'%{\e[0;31m%}No matches for:%{\e[0m%} %d'
# define files to ignore for zcompile
zstyle ':completion:*:*:zcompile:*' ignored-patterns '(*~|*.zwc)'
zstyle ':completion:correct:' prompt 'correct to: %e'
# Ignore completion functions for commands you don't have:
zstyle ':completion::(^approximate*):*:functions' ignored-patterns '_*'
# Provide more processes in completion of programs like killall:
zstyle ':completion:*:processes-names' command 'ps c -u ${USER} -o command | uniq'
# complete manual by their section
zstyle ':completion:*:manuals' separate-sections true
zstyle ':completion:*:manuals.*' insert-sections true
zstyle ':completion:*:man:*' menu yes select
# Search path for sudo completion
zstyle ':completion:*:sudo:*' command-path /usr/local/sbin \
/usr/local/bin \
/usr/sbin \
/usr/bin \
/sbin \
/bin \
/usr/X11R6/bin \
/run/current-system/sw/bin \
/run/current-system/sw/sbin
# provide .. as a completion
zstyle ':completion:*' special-dirs ..
# run rehash on completion so new installed program are found automatically:
function _force_rehash () {
(( CURRENT == 1 )) && rehash
return 1
}
## correction
# some people don't like the automatic correction - so run 'NOCOR=1 zsh' to deactivate it
if [[ "$NOCOR" -gt 0 ]] ; then
zstyle ':completion:*' completer _oldlist _expand _force_rehash _complete _files _ignored
setopt nocorrect
else
# try to be smart about when to use what completer...
setopt correct
zstyle -e ':completion:*' completer '
if [[ $_last_try != "$HISTNO$BUFFER$CURSOR" ]] ; then
_last_try="$HISTNO$BUFFER$CURSOR"
reply=(_complete _match _ignored _prefix _files)
else
if [[ $words[1] == (rm|mv) ]] ; then
reply=(_complete _files)
else
reply=(_oldlist _expand _force_rehash _complete _ignored _correct _approximate _files)
fi
fi'
fi
# command for process lists, the local web server details and host completion
zstyle ':completion:*:urls' local 'www' '/var/www/' 'public_html'
# Some functions, like _apt and _dpkg, are very slow. We can use a cache in
# order to speed things up
if [[ ${__COMP_CACHING:-yes} == yes ]]; then
__COMP_CACHE_DIR=${__COMP_CACHE_DIR:-${ZDOTDIR:-$HOME}/.cache}
if [[ ! -d ${__COMP_CACHE_DIR} ]]; then
command mkdir -p "${__COMP_CACHE_DIR}"
fi
zstyle ':completion:*' use-cache yes
zstyle ':completion:*:complete:*' cache-path "${__COMP_CACHE_DIR}"
fi
# host completion
_etc_hosts=()
_ssh_config_hosts=()
_ssh_hosts=()
if [[ -r ~/.ssh/config ]] ; then
_ssh_config_hosts=(${${(s: :)${(ps:\t:)${${(@M)${(f)"$(<$HOME/.ssh/config)"}:#Host *}#Host }}}:#*[*?]*})
fi
if [[ -r ~/.ssh/known_hosts ]] ; then
_ssh_hosts=(${${${${(f)"$(<$HOME/.ssh/known_hosts)"}:#[\|]*}%%\ *}%%,*})
fi
if [[ -r /etc/hosts ]] && [[ "$NOETCHOSTS" -eq 0 ]] ; then
: ${(A)_etc_hosts:=${(s: :)${(ps:\t:)${${(f)~~"$(grep -v '^0\.0\.0\.0\|^127\.0\.0\.1\|^::1 ' /etc/hosts)"}%%\#*}##[:blank:]#[^[:blank:]]#}}}
fi
local localname
localname="$(uname -n)"
hosts=(
"${localname}"
"$_ssh_config_hosts[@]"
"$_ssh_hosts[@]"
"$_etc_hosts[@]"
localhost
)
zstyle ':completion:*:hosts' hosts $hosts
# TODO: so, why is this here?
# zstyle '*' hosts $hosts
# use generic completion system for programs not yet defined; (_gnu_generic works
# with commands that provide a --help option with "standard" gnu-like output.)
for compcom in cp deborphan df feh fetchipac gpasswd head hnb ipacsum mv \
pal stow uname ; do
[[ -z ${_comps[$compcom]} ]] && compdef _gnu_generic ${compcom}
done; unset compcom
# see upgrade function in this file
compdef _hosts upgrade
}
__zsh_compl

1643
config/shell/zsh/p10kcfg/compatibility.zsh Normal file
View File

File diff suppressed because it is too large Load Diff

1750
config/shell/zsh/p10kcfg/fullcolor.zsh Normal file
View File

File diff suppressed because it is too large Load Diff

1
config/shell/zsh/zshenv Normal file
View File

@ -0,0 +1 @@
__MATERUS_HM_ZSH=1

110
config/shell/zsh/zshrc Normal file
View File

@ -0,0 +1,110 @@
if [[ -r "${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-${(%):-%n}.zsh" ]]; then
source "${XDG_CACHE_HOME:-$HOME/.cache}/p10k-instant-prompt-${(%):-%n}.zsh"
fi
bindkey -e
if [ -n "$EAT_SHELL_INTEGRATION_DIR" ]; then
source "$EAT_SHELL_INTEGRATION_DIR/zsh";
fi
export ZSH_DATA_DIR="${XDG_CONFIG_HOME:-"$HOME/.config"}/zsh/data"
export ZSH_CONFIG_DIR="${XDG_CONFIG_HOME:-"$HOME/.config"}/zsh/cfg"
#Check if terminal is fullcolor
if zmodload zsh/terminfo && (( "$terminfo[colors]" >= "256" )); then
__MATERUS_ZSH_256COLORS="${__MATERUS_ZSH_256COLORS:-1}"; else
__MATERUS_ZSH_256COLORS="${__MATERUS_ZSH_256COLORS:-0}";
fi
#region Plugins
# Clone plugins if not exists
[ -d $ZSH_DATA_DIR/plugins/powerlevel10k ] || git clone https://github.com/romkatv/powerlevel10k $ZSH_DATA_DIR/plugins/powerlevel10k
[ -d $ZSH_DATA_DIR/plugins/zsh-syntax-highlighting ] || git clone https://github.com/zsh-users/zsh-syntax-highlighting.git $ZSH_DATA_DIR/plugins/zsh-syntax-highlighting
[ -d $ZSH_DATA_DIR/plugins/zsh-history-substring-search ] || git clone https://github.com/zsh-users/zsh-history-substring-search.git $ZSH_DATA_DIR/plugins/zsh-history-substring-search
[ -d $ZSH_DATA_DIR/plugins/zsh-autosuggestions ] || git clone https://github.com/zsh-users/zsh-autosuggestions $ZSH_DATA_DIR/plugins/zsh-autosuggestions
source ${ZSH_DATA_DIR}/plugins/powerlevel10k/powerlevel10k.zsh-theme
source ${ZSH_CONFIG_DIR}/extra/zinputrc
source ${ZSH_CONFIG_DIR}/extra/zshcompletion.zsh
source ${ZSH_DATA_DIR}/plugins/zsh-syntax-highlighting/zsh-syntax-highlighting.zsh
source ${ZSH_DATA_DIR}/plugins/zsh-history-substring-search/zsh-history-substring-search.zsh
source ${ZSH_DATA_DIR}/plugins/zsh-autosuggestions/zsh-autosuggestions.zsh
#endregion
#region SUBSTRING SEARCH
history-substring-search-up-prefixed(){
HISTORY_SUBSTRING_SEARCH_PREFIXED=1 history-substring-search-up
}
history-substring-search-down-prefixed(){
HISTORY_SUBSTRING_SEARCH_PREFIXED=1 history-substring-search-down
}
zle -N history-substring-search-up-prefixed
zle -N history-substring-search-down-prefixed
#endregion
#region Init Variables
export SAVEHIST=100000
export HISTSIZE=$SAVEHIST
export ZSH_PRIVATE=${ZSH_PRIVATE:-0}
mkdir -p $ZSH_DATA_DIR
mkdir -p $ZSH_DATA_DIR/plugins
# Load config generated by nix
[[ -f "$ZSH_DATA_DIR/nix.sh" ]] && source "$ZSH_DATA_DIR/nix.sh"
setopt HIST_SAVE_NO_DUPS
setopt HIST_IGNORE_SPACE
setopt HIST_IGNORE_DUPS
setopt HIST_IGNORE_ALL_DUPS
setopt EXTENDED_HISTORY
# Private history mode
if [[ $ZSH_PRIVATE == 1 ]] then
export HISTFILE="/dev/null";
unsetopt SHARE_HISTORY;
else
export HISTFILE="$ZSH_DATA_DIR/zsh_history";
setopt SHARE_HISTORY;
fi
#endregion
#region Bindings
bindkey -r "^["
bindkey "^[[1;5C" forward-word
bindkey "^[[1;5D" backward-word
bindkey "^[[1;5A" history-substring-search-up-prefixed
bindkey "^[[1;5B" history-substring-search-down-prefixed
bindkey "$key[Up]" history-substring-search-up
bindkey "$key[Down]" history-substring-search-down
bindkey '^[[3~' delete-char
bindkey '^[[3;2~' delete-word
#endregion
#region Completions
ZSH_COMPDUMP="${ZSH_COMPDUMP:-${XDG_CACHE_HOME:-${HOME}/.cache}/.zcompdump-${HOST}-${ZSH_VERSION}}"
autoload -U compinit && compinit -d $ZSH_COMPDUMP
#endregion
#region Functions
zsh-private() {
ZSH_PRIVATE=1 zsh
}
myip() {
wget -qO- https://wtfismyip.com/text
}
speedtest() {
curl -s https://raw.githubusercontent.com/sivel/speedtest-cli/master/speedtest.py | python3
}
#endregion
if [[ "$__MATERUS_ZSH_256COLORS" = "1" ]] ; then [[ ! -f ${ZSH_CONFIG_DIR}/p10kcfg/fullcolor.zsh ]] || source ${ZSH_CONFIG_DIR}/p10kcfg/fullcolor.zsh;
else [[ ! -f ${ZSH_CONFIG_DIR}/p10kcfg/compatibility.zsh ]] || source ${ZSH_CONFIG_DIR}/p10kcfg/compatibility.zsh;
fi

15
default.nix Normal file
View File

@ -0,0 +1,15 @@
let
flake-compatish = import (
builtins.fetchTree {
type = "github";
owner = "lillecarl";
repo = "flake-compatish";
ref = "main";
}
);
flake = flake-compatish ./.;
in
flake.impure
# sudo -i nixos-rebuild switch --file . --attr nixosConfigurations.${HOSTNAME}

18
extra-files/patches/bubblewrap.patch Normal file
View File

@ -0,0 +1,18 @@
diff --git a/bubblewrap.c b/bubblewrap.c
index f606257..4ccb199 100644
--- a/bubblewrap.c
+++ b/bubblewrap.c
@@ -876,13 +876,6 @@ acquire_privs (void)
/* Keep only the required capabilities for setup */
set_required_caps ();
}
- else if (real_uid != 0 && has_caps ())
- {
- /* We have some capabilities in the non-setuid case, which should not happen.
- Probably caused by the binary being setcap instead of setuid which we
- don't support anymore */
- die ("Unexpected capabilities but not setuid, old file caps config?");
- }
else if (real_uid == 0)
{
/* If our uid is 0, default to inheriting all caps; the caller

1
extra-files/ssh/materus.pub Normal file
View File

@ -0,0 +1 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPEDY+H8Hc/RSLE064AAh8IojvqxPd8BE5gec2aOfYMh materus@podkos.pl

456
flake.lock generated Normal file
View File

@ -0,0 +1,456 @@
{
"nodes": {
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"materus-inputs",
"nixerus",
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"materus-inputs-unstable",
"nixerus",
"nur",
"nixpkgs"
]
},
"locked": {
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"ref": "main",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"ref": "main",
"repo": "flake-utils",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"materus-inputs",
"nixpkgs"
]
},
"locked": {
"lastModified": 1770260404,
"narHash": "sha256-3iVX1+7YUIt23hBx1WZsUllhbmP2EnXrV8tCRbLxHc8=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "0d782ee42c86b196acff08acfbf41bb7d13eed5b",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "release-25.11",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"materus-inputs-unstable",
"nixpkgs"
]
},
"locked": {
"lastModified": 1770491427,
"narHash": "sha256-8b+0vixdqGnIIcgsPhjdX7EGPdzcVQqYxF+ujjex654=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "cbd8a72e5fe6af19d40e2741dc440d9227836860",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "home-manager",
"type": "github"
}
},
"materus-inputs": {
"inputs": {
"flake-utils": "flake-utils",
"home-manager": "home-manager",
"nix-vscode-extensions": "nix-vscode-extensions",
"nixerus": "nixerus",
"nixpkgs": [
"nixpkgs"
],
"sops-nix": "sops-nix"
},
"locked": {
"path": "./nix-config/subflake",
"type": "path"
},
"original": {
"path": "./nix-config/subflake",
"type": "path"
},
"parent": []
},
"materus-inputs-unstable": {
"inputs": {
"flake-utils": "flake-utils_2",
"home-manager": "home-manager_2",
"nix-vscode-extensions": "nix-vscode-extensions_2",
"nixerus": "nixerus_2",
"nixpkgs": [
"nixpkgs-unstable"
],
"sops-nix": "sops-nix_2"
},
"locked": {
"path": "./nix-config/subflake",
"type": "path"
},
"original": {
"path": "./nix-config/subflake",
"type": "path"
},
"parent": []
},
"nix-vscode-extensions": {
"inputs": {
"nixpkgs": [
"materus-inputs",
"nixpkgs"
]
},
"locked": {
"lastModified": 1770519952,
"narHash": "sha256-Ba2onCjl55f34Nyopcgwao0ekcVx1TbWoXNZCVwSLJ8=",
"owner": "nix-community",
"repo": "nix-vscode-extensions",
"rev": "efaad19ea43b72af40c8522418a8a3771a6e9d9b",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "nix-vscode-extensions",
"type": "github"
}
},
"nix-vscode-extensions_2": {
"inputs": {
"nixpkgs": [
"materus-inputs-unstable",
"nixpkgs"
]
},
"locked": {
"lastModified": 1770519952,
"narHash": "sha256-Ba2onCjl55f34Nyopcgwao0ekcVx1TbWoXNZCVwSLJ8=",
"owner": "nix-community",
"repo": "nix-vscode-extensions",
"rev": "efaad19ea43b72af40c8522418a8a3771a6e9d9b",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "master",
"repo": "nix-vscode-extensions",
"type": "github"
}
},
"nixerus": {
"inputs": {
"home-manager": [
"materus-inputs",
"home-manager"
],
"nixpkgs": [
"materus-inputs",
"nixpkgs"
],
"nur": "nur"
},
"locked": {
"lastModified": 1767995196,
"narHash": "sha256-aHcce1tj2ilO3BYGbHsuKkMWGPnJA7luMr0ihX/Ez0Y=",
"owner": "materusPL",
"repo": "Nixerus",
"rev": "b151b5139b93a9bf7d990f112ed3bc55358bfa68",
"type": "github"
},
"original": {
"owner": "materusPL",
"ref": "master",
"repo": "Nixerus",
"type": "github"
}
},
"nixerus_2": {
"inputs": {
"home-manager": [
"materus-inputs-unstable",
"home-manager"
],
"nixpkgs": [
"materus-inputs-unstable",
"nixpkgs"
],
"nur": "nur_2"
},
"locked": {
"lastModified": 1767995196,
"narHash": "sha256-aHcce1tj2ilO3BYGbHsuKkMWGPnJA7luMr0ihX/Ez0Y=",
"owner": "materusPL",
"repo": "Nixerus",
"rev": "b151b5139b93a9bf7d990f112ed3bc55358bfa68",
"type": "github"
},
"original": {
"owner": "materusPL",
"ref": "master",
"repo": "Nixerus",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1755615617,
"narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "20075955deac2583bb12f07151c2df830ef346b4",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1770197578,
"narHash": "sha256-AYqlWrX09+HvGs8zM6ebZ1pwUqjkfpnv8mewYwAo+iM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "00c21e4c93d963c50d4c0c89bfa84ed6e0694df2",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1755615617,
"narHash": "sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs+StOp19xNsbqdOg=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "20075955deac2583bb12f07151c2df830ef346b4",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1770464364,
"narHash": "sha256-z5NJPSBwsLf/OfD8WTmh79tlSU8XgIbwmk6qB1/TFzY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "23d72dabcb3b12469f57b37170fcbc1789bd7457",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-25.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nur": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs"
},
"locked": {
"lastModified": 1756145408,
"narHash": "sha256-ltkbs5Watrq+V2l9hWefSdM7cfvxLkabtMJeZn0MiCo=",
"owner": "nix-community",
"repo": "NUR",
"rev": "c9c985b60eb46d97370f7d3fefdc300b953c044d",
"type": "github"
},
"original": {
"id": "nur",
"type": "indirect"
}
},
"nur_2": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1756145408,
"narHash": "sha256-ltkbs5Watrq+V2l9hWefSdM7cfvxLkabtMJeZn0MiCo=",
"owner": "nix-community",
"repo": "NUR",
"rev": "c9c985b60eb46d97370f7d3fefdc300b953c044d",
"type": "github"
},
"original": {
"id": "nur",
"type": "indirect"
}
},
"root": {
"inputs": {
"materus-inputs": "materus-inputs",
"materus-inputs-unstable": "materus-inputs-unstable",
"nixpkgs": "nixpkgs_3",
"nixpkgs-unstable": "nixpkgs-unstable"
}
},
"sops-nix": {
"inputs": {
"nixpkgs": [
"materus-inputs",
"nixpkgs"
]
},
"locked": {
"lastModified": 1770526836,
"narHash": "sha256-xbvX5Ik+0inJcLJtJ/AajAt7xCk6FOCrm5ogpwwvVDg=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "d6e0e666048a5395d6ea4283143b7c9ac704720d",
"type": "github"
},
"original": {
"owner": "Mic92",
"ref": "master",
"repo": "sops-nix",
"type": "github"
}
},
"sops-nix_2": {
"inputs": {
"nixpkgs": [
"materus-inputs-unstable",
"nixpkgs"
]
},
"locked": {
"lastModified": 1770526836,
"narHash": "sha256-xbvX5Ik+0inJcLJtJ/AajAt7xCk6FOCrm5ogpwwvVDg=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "d6e0e666048a5395d6ea4283143b7c9ac704720d",
"type": "github"
},
"original": {
"owner": "Mic92",
"ref": "master",
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",
"version": 7
}

135
flake.nix Normal file
View File

@ -0,0 +1,135 @@
{
description = "Materus hosts and user config";
#region Inputs
inputs = {
nixpkgs = {
type = "github";
owner = "NixOS";
repo = "nixpkgs";
ref = "nixos-25.11";
};
nixpkgs-unstable = {
type = "github";
owner = "NixOS";
repo = "nixpkgs";
ref = "nixos-unstable";
};
materus-inputs = {
url = "path:./nix-config/subflake";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.url = "github:nix-community/home-manager/release-25.11";
};
materus-inputs-unstable = {
url = "path:./nix-config/subflake";
inputs.nixpkgs.follows = "nixpkgs-unstable";
};
};
#endregion
outputs =
inputs@{
self,
nixpkgs,
nixpkgs-unstable,
materus-inputs,
materus-inputs-unstable,
}:
let
#region Variables
path = builtins.toString ./.;
files = {
ssh-keys = {
materus = ./extra-files/ssh/materus.pub;
};
patches = {
bwrap = ./extra-files/patches/bubblewrap.patch;
};
};
#endregion
#region System make helper
makeSystem =
{
host,
arch ? "x86_64-linux",
stable ? true,
extraArgs ? { },
}:
let
inp = if stable then materus-inputs else materus-inputs-unstable;
sys-nixpkgs = if stable then nixpkgs else nixpkgs-unstable;
materusArgs = {
inherit files;
inputs = inp;
flake-path = path;
host-path = path + "/nix-config/host/${host}";
};
in
(sys-nixpkgs.lib.nixosSystem {
system = arch;
specialArgs = extraArgs // {
inherit materusArgs;
};
modules = [
./nix-config/host/${host}
./nix-config/shared
];
});
#endregion
#region Home make helper
makeHome =
{
user,
arch ? "x86_64-linux",
stable ? true,
extraArgs ? { },
host ? null,
}:
let
inp = if stable then materus-inputs else materus-inputs-unstable;
home-nixpkgs = if stable then nixpkgs else nixpkgs-unstable;
pkgs = import home-nixpkgs {
system = arch;
config.allowUnfree = true;
};
materusArgs = {
inherit files;
inputs = inp;
flake-path = path;
home-path = path + "/nix-config/home/${user}";
};
in
inp.home-manager.lib.homeManagerConfiguration {
inherit pkgs;
modules =
let
host-path = ./. + "/nix-config/host/${host}/home-manager/${user}.nix";
in
[
./nix-config/home/${user}
./nix-config/shared
]
++ (if (host != null && builtins.pathExists host-path) then [ host-path ] else [ ]);
extraSpecialArgs = extraArgs // {
inherit materusArgs;
};
};
#endregion
in
rec {
nixosConfigurations = {
materusPC = makeSystem { host = "materusPC"; };
};
homeConfigurations = {
"materus@materusPC" = makeHome {
user = "materus";
host = "materusPC";
};
};
};
}

65
nix-config/home/materus/default.nix Normal file
View File

@ -0,0 +1,65 @@
{
config,
pkgs,
lib,
materusArgs,
...
}:
{
home.username = "materus";
home.homeDirectory = lib.mkDefault "/home/materus";
home.stateVersion = "25.11";
home.file = {
".zshrc".source = "${config.xdg.configFile."zsh/cfg".source}/zshrc";
".zshenv".source = "${config.xdg.configFile."zsh/cfg".source}/zshenv";
};
xdg.enable = true;
xdg.configFile."zsh/cfg".source =
config.lib.file.mkOutOfStoreSymlink "/mkk/config/config/shell/zsh";
xdg.configFile."zsh/data/plugins/powerlevel10k".source =
"${pkgs.zsh-powerlevel10k}/share/zsh-powerlevel10k";
xdg.configFile."zsh/data/plugins/zsh-history-substring-search".source =
"${pkgs.zsh-history-substring-search}/share/zsh-history-substring-search";
xdg.configFile."zsh/data/plugins/zsh-syntax-highlighting".source =
"${pkgs.zsh-syntax-highlighting}/share/zsh-syntax-highlighting";
xdg.configFile."zsh/data/plugins/zsh-autosuggestions".source =
"${pkgs.zsh-autosuggestions}/share/zsh-autosuggestions";
xdg.configFile."zsh/data/nix.sh".text = ''
source ${pkgs.vte}/etc/profile.d/vte.sh
'';
xdg.userDirs.enable = lib.mkDefault true;
xdg.userDirs.createDirectories = lib.mkDefault config.xdg.userDirs.enable;
xdg.userDirs.desktop = lib.mkDefault "${config.home.homeDirectory}/Pulpit";
xdg.userDirs.documents = lib.mkDefault "${config.home.homeDirectory}/Dokumenty";
xdg.userDirs.download = lib.mkDefault "${config.home.homeDirectory}/Pobrane";
xdg.userDirs.music = lib.mkDefault "${config.xdg.userDirs.extraConfig.XDG_AUDIO_DIR}/Muzyka";
xdg.userDirs.pictures = lib.mkDefault "${config.home.homeDirectory}/Obrazy";
xdg.userDirs.publicShare = lib.mkDefault "${config.home.homeDirectory}/Publiczny";
xdg.userDirs.templates = lib.mkDefault "${config.home.homeDirectory}/Szablony";
xdg.userDirs.videos = lib.mkDefault "${config.home.homeDirectory}/Wideo";
xdg.userDirs.extraConfig = {
XDG_MISC_DIR = lib.mkDefault "${config.home.homeDirectory}/Inne";
XDG_PIC_SCREENSHOTS_DIR = lib.mkDefault "${config.xdg.userDirs.pictures}/Zrzuty ekranu";
XDG_PIC_MEMES_DIR = lib.mkDefault "${config.xdg.userDirs.pictures}/Memy";
XDG_PIC_MISC_DIR = lib.mkDefault "${config.xdg.userDirs.pictures}/Inne";
XDG_PIC_PHOTOS_DIR = lib.mkDefault "${config.xdg.userDirs.pictures}/Zdjęcia";
XDG_PIC_AVATARS_DIR = "${config.xdg.userDirs.pictures}/Avatar";
XDG_AUDIO_DIR = lib.mkDefault "${config.home.homeDirectory}/Audio";
XDG_KEYS_DIR = lib.mkDefault "${config.xdg.userDirs.documents}/Klucze";
};
home.sessionVariables = {
};
programs.home-manager.enable = true;
}

59
nix-config/host/materusPC/audio.nix Normal file
View File

@ -0,0 +1,59 @@
{ pkgs, lib, ... }:
{
security.rtkit.enable = true;
services.pipewire = {
enable = true;
audio.enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
systemWide = true;
jack.enable = true;
};
environment.sessionVariables =
let
makePluginPath =
format:
"$HOME/.${format}:"
+ (lib.makeSearchPath format [
"$HOME/.nix-profile/lib"
"/run/current-system/sw/lib"
"/etc/profiles/per-user/$USER/lib"
]);
in
{
ALSOFT_DRIVERS = "pulse";
DSSI_PATH = makePluginPath "dssi";
LADSPA_PATH = makePluginPath "ladspa";
LV2_PATH = makePluginPath "lv2";
LXVST_PATH = makePluginPath "lxvst";
VST_PATH = makePluginPath "vst";
VST3_PATH = makePluginPath "vst3";
};
environment.systemPackages = with pkgs; [
openal
pulseaudio
reaper
yabridge
yabridgectl
vital
odin2
surge
fire
decent-sampler
lsp-plugins
];
services.udev.extraRules = ''
KERNEL=="rtc0", GROUP="audio"
KERNEL=="hpet", GROUP="audio"
DEVPATH=="/devices/virtual/misc/cpu_dma_latency", OWNER="root", GROUP="audio", MODE="0660"
'';
}

312
nix-config/host/materusPC/configuration.nix Normal file
View File

@ -0,0 +1,312 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{
config,
lib,
pkgs,
materusArgs,
...
}:
let
patchedBwrap = pkgs.bubblewrap.overrideAttrs (o: {
patches = (o.patches or [ ]) ++ [
materusArgs.files.patches.bwrap
];
});
in
{
# Use the systemd-boot EFI boot loader.
boot.plymouth.enable = true;
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
# Use latest kernel.
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_zen;
# Set your time zone.
time.timeZone = "Europe/Warsaw";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "pl_PL.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "pl";
useXkbConfig = false; # use xkb.options in tty.
};
hardware.graphics = {
enable = true;
extraPackages = with pkgs; [
];
};
programs.java.enable = true;
programs.steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = true;
extraPackages = with pkgs; [
vlc
libva
libva-utils
libva-vdpau-driver
mesa
mesa-demos
libvdpau-va-gl
nss
materusArgs.inputs.nixerus.packages.x86_64-linux.polymc
];
extraCompatPackages = [
pkgs.proton-ge-bin
];
package = pkgs.steam.override {
extraEnv = {
PRESSURE_VESSEL_FILESYSTEMS_RW="\${XDG_RUNTIME_DIR}/wivrn/comp_ipc";
#PRESSURE_VESSEL_IMPORT_OPENXR_1_RUNTIMES="1";
};
extraLibraries =
p: with p; [
];
};
};
programs.git = {
enable = true;
lfs.enable = true;
};
programs.gnupg.agent = {
enable = true;
enableSSHSupport = false;
enableBrowserSocket = true;
};
programs.gamescope.enable = true;
programs.gamescope.capSysNice = true;
hardware.uinput.enable = true;
hardware.steam-hardware.enable = true;
programs.gamemode.enable = true;
programs.corectrl.enable = true;
programs.fish.enable = true;
programs.command-not-found.enable = false;
programs.dconf.enable = true;
environment.systemPackages = with pkgs; [
kdePackages.ark
kdePackages.kcalc
vim
nano
(vscodium.fhsWithPackages (
ps: with ps; [
nixfmt-rfc-style
nixd
]
))
obsidian
git-crypt
telegram-desktop
discord
thunderbird-latest
floorp-bin
brave
keepassxc
spotify
remmina
mesa-demos
vulkan-tools
pciutils
schroot
vlc
fastfetch
];
environment.variables = {
};
environment.sessionVariables = {
STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${STEAM_EXTRA_COMPAT_TOOLS_PATHS}\${STEAM_EXTRA_COMPAT_TOOLS_PATHS:+:}\${HOME}/.steam/root/compatibilitytools.d";
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
QT_XKB_CONFIG_ROOT = "\${XKB_CONFIG_ROOT}";
GTK_IM_MODULE = "fcitx";
QT_IM_MODULE = "fcitx";
XMODIFIERS = "@im=fcitx";
SDL_IM_MODULE = "fcitx";
MOZ_USE_XINPUT2 = "1";
PATH = [ "\${XDG_BIN_HOME}" ];
};
environment.shellInit = ''
if ! [ -z "$DISPLAY" ]; then xhost +si:localuser:root &> /dev/null; fi;
if ! [ -z "$DISPLAY" ]; then xhost +si:localuser:$USER &> /dev/null; fi;
'';
i18n.inputMethod.enabled = "fcitx5";
i18n.inputMethod.fcitx5.addons = [
pkgs.kdePackages.fcitx5-configtool
pkgs.fcitx5-lua
pkgs.fcitx5-mozc
pkgs.fcitx5-gtk
pkgs.kdePackages.fcitx5-qt
];
environment.enableAllTerminfo = true;
environment.pathsToLink = [
"/share/zsh"
"/share/bash-completion"
"/share/fish"
];
environment.shells = with pkgs; [
zsh
bashInteractive
fish
nushell
];
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Define a user account. Don't forget to set a password with passwd.
users.users.materus = {
isNormalUser = true;
extraGroups = [
"audio"
"video"
"render"
"pipewire"
"wheel"
"networkmanager"
"input"
"kvm"
"libvirt-qemu"
"libvirt"
"libvirtd"
"podman"
"scanner"
"lp"
];
#shell = pkgs.zsh;
description = "Mateusz Słodkowicz";
#openssh.authorizedKeys.keyFiles = [ ("${materusArg.cfg.path}" + "/extraFiles/keys/ssh/materus.pub") ];
#hashedPasswordFile = config.sops.secrets."users/materus".path;
};
programs.firefox.enable = true;
fonts.packages = [
pkgs.dejavu_fonts
pkgs.freefont_ttf
pkgs.gyre-fonts
pkgs.liberation_ttf
pkgs.unifont
pkgs.noto-fonts
pkgs.noto-fonts-color-emoji
pkgs.noto-fonts-cjk-sans
pkgs.noto-fonts-cjk-serif
pkgs.wqy_zenhei
pkgs.corefonts
pkgs.hack-font
pkgs.nerd-fonts.hack
pkgs.ubuntu-classic
pkgs.monocraft
pkgs.nerd-fonts.droid-sans-mono
pkgs.nerd-fonts.meslo-lg
pkgs.nerd-fonts.profont
pkgs.nerd-fonts.fira-code
];
fonts.enableDefaultPackages = lib.mkDefault true;
fonts.fontconfig.enable = lib.mkDefault true;
fonts.fontconfig.cache32Bit = lib.mkDefault true;
fonts.fontconfig.defaultFonts.sansSerif = [
"Noto Sans"
"DejaVu Sans"
"WenQuanYi Zen Hei"
"Noto Color Emoji"
];
fonts.fontconfig.defaultFonts.serif = [
"Noto Serif"
"DejaVu Serif"
"WenQuanYi Zen Hei"
"Noto Color Emoji"
];
fonts.fontconfig.defaultFonts.emoji = [
"Noto Color Emoji"
"OpenMoji Color"
];
fonts.fontconfig.defaultFonts.monospace = [
"Hack Nerd Font"
"Noto Sans Mono"
"WenQuanYi Zen Hei Mono"
];
fonts.fontDir.enable = lib.mkDefault true;
nixpkgs.config.allowUnfree = true;
nix.settings = {
experimental-features = lib.mkMerge [
[
"nix-command"
"flakes"
"no-url-literals"
]
];
auto-optimise-store = true;
trusted-users = [
"root"
"@wheel"
];
substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
"https://nixerus.cachix.org/"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixerus.cachix.org-1:2x7sIG7y1vAoxc8BNRJwsfapZsiX4hIl4aTi9V5ZDdE="
];
};
users.defaultUserShell = pkgs.zsh;
programs.zsh = {
enable = true;
enableGlobalCompInit = false;
interactiveShellInit = ''
if [[ ''${__MATERUS_HM_ZSH:-0} == 0 ]]; then
source ${pkgs.grml-zsh-config}/etc/zsh/zshrc
fi
'';
promptInit = '''';
};
systemd.sleep.extraConfig = ''
AllowSuspend=yes
AllowHibernation=no
AllowHybridSleep=no
AllowSuspendThenHibernate=no
'';
system.stateVersion = "25.11";
}

17
nix-config/host/materusPC/default.nix Normal file
View File

@ -0,0 +1,17 @@
{ ... }:
{
imports = [
./configuration.nix
./audio.nix
./network.nix
./services.nix
./virtualization/libvirt.nix
./virtualization/vfio.nix
./virtualization/containers.nix
./hardware-configuration.nix
./private
];
}

196
nix-config/host/materusPC/hardware-configuration.nix Normal file
View File

@ -0,0 +1,196 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
let
video = [
"video=HDMI-A-3:1920x1080@144"
"video=DP-3:1920x1080@240"
];
vmCores = "8-15,24-31";
in
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"pci-stub"
"amdgpu"
"i2c_dev"
"kvm_amd"
"vfio"
"vfio_iommu_type1"
"vfio-pci"
"kvmfr"
];
boot.extraModprobeConfig = ''
options kvm_amd nested=1 avic=1 npt=1 sev=0
options vfio_iommu_type1 allow_unsafe_interrupts=1
options kvmfr static_size_mb=64
'';
boot.kernel.sysctl = {
"vm.max_map_count" = 1000000;
"vm.swappiness" = 10;
"net.ipv4.ip_forward" = 1;
};
boot.extraModulePackages = with config.boot.kernelPackages; [
v4l2loopback
kvmfr
];
boot.kernelParams = [
"rcu_nocbs=${vmCores}"
"nohz_full=${vmCores}"
"vfio_iommu_type1.allow_unsafe_interrupts=1"
"pcie_acs_override=downstream,multifunction"
#''vfio-pci.ids="1002:744c"''
"nox2apic"
"nvme_core.default_ps_max_latency_us=0"
"nvme_core.io_timeout=255"
"nvme_core.max_retries=10"
"nvme_core.shutdown_timeout=10"
"amd_iommu=on"
"amdgpu.ppfeaturemask=0xffffffff"
#"amdgpu.runpm=0"
"iommu=pt"
"psi=1"
"i915.force_probe=!56a6"
"xe.force_probe=56a6"
]
++ video;
boot.supportedFilesystems = [
"ntfs"
"btrfs"
"vfat"
"exfat"
"ext4"
];
boot.tmp.useTmpfs = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.loader.grub = {
enable = true;
efiSupport = true;
device = "nodev";
gfxmodeEfi = pkgs.lib.mkDefault "1920x1080@240";
gfxmodeBios = pkgs.lib.mkDefault "1920x1080@240";
useOSProber = true;
memtest86.enable = true;
};
fileSystems."/" = {
device = "/dev/disk/by-label/materusPC_ROOT";
fsType = "btrfs";
options = [
"subvol=@"
"noatime"
"compress=zstd"
"ssd"
"space_cache=v2"
];
};
boot.initrd.luks.devices."ROOT_1".device = "/dev/disk/by-label/CRYPT_ROOT_1";
boot.initrd.luks.devices."ROOT_2".device = "/dev/disk/by-label/CRYPT_ROOT_2";
fileSystems."/home" = {
device = "/dev/disk/by-label/materusPC_ROOT";
fsType = "btrfs";
options = [
"subvol=@home"
"noatime"
"compress=zstd"
"ssd"
"space_cache=v2"
];
};
fileSystems."/nix" = {
device = "/dev/disk/by-label/materusPC_ROOT";
fsType = "btrfs";
options = [
"subvol=@nix"
"noatime"
"compress=zstd"
"ssd"
"space_cache=v2"
];
};
fileSystems."/var/log" = {
device = "/dev/disk/by-label/materusPC_ROOT";
fsType = "btrfs";
options = [
"subvol=@log"
"noatime"
"compress=zstd"
"ssd"
"space_cache=v2"
];
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/materusPC_BOOT";
fsType = "ext4";
};
fileSystems."/boot/efi" = {
device = "/dev/disk/by-label/EFI";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
fileSystems."/etc/nixos" = {
device = "/mkk/config";
fsType = "none";
options = [ "bind" ];
depends = [ "/" ];
};
swapDevices = [
{ label = "materusPC_SWAP"; }
];
zramSwap = {
enable = true;
memoryPercent = 50;
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.bluetooth = {
enable = true;
powerOnBoot = true;
settings = {
General = {
Experimental = true;
FastConnectable = true;
};
Policy = {
AutoEnable = true;
};
};
};
}

33
nix-config/host/materusPC/home-manager/materus.nix Normal file
View File

@ -0,0 +1,33 @@
{ pkgs, materusArgs, ... }:
{
programs.git = {
enable = true;
lfs.enable = true;
settings = {
user.email = "materus@podkos.pl";
user.name = "materus";
commit.gpgsign = true;
gpg.format = "ssh";
};
signing.signByDefault = true;
signing.key = "/mkk/config/extra-files/ssh/materus.pub";
};
home.packages = with pkgs; [
materusArgs.inputs.nixerus.packages.x86_64-linux.polymc
curl
wget
python3
packwiz
ani-cli
mpv
libreoffice-qt6-fresh
];
xdg.dataFile."java-runtimes/graalvm-oracle-17".source = pkgs.graalvmPackages.graalvm-oracle_17;
xdg.dataFile."java-runtimes/graalvm-oracle-latest".source = pkgs.graalvmPackages.graalvm-oracle;
xdg.dataFile."java-runtimes/openjdk21".source = pkgs.jdk21;
}

49
nix-config/host/materusPC/network.nix Normal file
View File

@ -0,0 +1,49 @@
{
config,
pkgs,
lib,
mkk,
...
}:
{
sops.templates."networkmanager.env".content = ''
WIREGUARD_PRIVATEKEY="${config.sops.placeholder.wireguard}"
'';
networking.hostName = "materusPC";
networking.wireless.iwd.enable = true;
networking.networkmanager.enable = true;
networking.firewall.enable = false;
networking.networkmanager.ensureProfiles.environmentFiles = [
config.sops.templates."networkmanager.env".path
];
networking.networkmanager.ensureProfiles.profiles = {
wg0 = {
connection = {
id = "PodKos";
type = "wireguard";
interface-name = "wg-podkos";
};
wireguard = {
private-key = "$WIREGUARD_PRIVATEKEY";
};
"wireguard-peer.${mkk.wireguard.peers.valkyrie.pubKey}" = {
endpoint = "${mkk.network.valkyrie.ip}:${mkk.wireguard.peers.valkyrie.port}";
allowed-ips = "${mkk.wireguard.ip-masks.main};${mkk.wireguard.ip-masks.guest};${mkk.wireguard.ip-masks.asia};${mkk.wireguard.peers.valkyrie.ip}/32;";
persistent-keepalive = "20";
};
ipv4 = {
address1 = "${mkk.wireguard.peers.materusPC.ip}/32";
dns = "${mkk.wireguard.peers.valkyrie.ip};";
method = "manual";
never-default = "true";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "disabled";
};
proxy = { };
};
};
}

BIN
nix-config/host/materusPC/private/default.nix Normal file
View File

Binary file not shown.

BIN
nix-config/host/materusPC/private/secrets.yaml Normal file
View File

Binary file not shown.

112
nix-config/host/materusPC/services.nix Normal file
View File

@ -0,0 +1,112 @@
{ pkgs, ... }:
{
imports = [
#region KDE
{
services.displayManager.sddm.enable = true;
services.displayManager.sddm.wayland.enable = true;
services.desktopManager.plasma6.enable = true;
services.desktopManager.plasma6.enableQt5Integration = true;
environment.variables = {
#Fix for amdgpu crashes
KWIN_DRM_USE_MODIFIERS = "0";
KWIN_DRM_NO_DIRECT_SCANOUT = "1";
QT_PLUGIN_PATH = [
"${pkgs.qt6.qtimageformats}/${pkgs.qt6.qtbase.qtPluginPrefix}"
"${pkgs.kdePackages.ffmpegthumbs}/${pkgs.qt6.qtbase.qtPluginPrefix}"
];
XCURSOR_THEME = "breeze_cursors";
};
}
#endregion
];
#region Printing
services.avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
};
services.printing = {
enable = true;
drivers = with pkgs; [
cups-filters
cups-browsed
hplipWithPlugin
];
};
#endregion
programs.kdeconnect.enable = true;
services.libinput.enable = true;
services.dbus.enable = true;
services.dbus.packages = [ pkgs.gcr ];
services.flatpak.enable = true;
services.gvfs.enable = true;
services.davfs2.enable = true;
programs.ssh.startAgent = true;
services.openssh.enable = true;
services.openssh.openFirewall = true;
#region Sunshine
services.sunshine = {
enable = true;
capSysAdmin = true;
openFirewall = true;
autoStart = false;
};
#endregion
#region Syncthing
services.syncthing = {
enable = true;
user = "materus";
dataDir = "/home/materus";
};
#endregion
#region Samba
services.samba-wsdd.enable = true;
services.samba-wsdd.openFirewall = true;
services.samba = {
enable = true;
package = pkgs.sambaFull;
openFirewall = true;
settings = {
global = {
"workgroup" = "WORKGROUP";
"server string" = "smbmaterus";
"netbios name " = "smbmaterus";
"security" = "user";
"hosts allow" = "192.168.122. 127.0.0.1 localhost";
"hosts deny" = "0.0.0.0/0";
"guest account" = "nobody";
"map to guest" = "bad user";
"allow insecure wide links" = "yes";
};
windows = {
"path" = "/mkk/data/share/vm_share/";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "materus";
"force group" = "users";
"follow symlinks" = "yes";
"wide links" = "yes";
};
};
};
#endregion
#region WiVRn
services.wivrn = {
enable = true;
openFirewall = true;
defaultRuntime = true;
};
#endregion
}

16
nix-config/host/materusPC/virtualization/containers.nix Normal file
View File

@ -0,0 +1,16 @@
{ ... }:
{
imports = [
./nspawn/arch.nix
];
virtualisation.lxc.enable = true;
virtualisation.lxc.lxcfs.enable = true;
virtualisation.waydroid.enable = true;
virtualisation.podman = {
enable = true;
dockerCompat = true;
dockerSocket.enable = true;
};
}

111
nix-config/host/materusPC/virtualization/libvirt.nix Normal file
View File

@ -0,0 +1,111 @@
{ pkgs, config, ... }:
{
virtualisation.libvirtd = {
enable = true;
onBoot = "ignore";
onShutdown = "shutdown";
qemu.runAsRoot = true;
qemu.swtpm.enable = true;
qemu.package = pkgs.qemu_full;
};
virtualisation.spiceUSBRedirection.enable = true;
environment.systemPackages = with pkgs; [
virtiofsd
config.virtualisation.libvirtd.qemu.package
looking-glass-client
virt-manager
libguestfs-with-appliance
];
# Packages for QEMU hooks
systemd.services.libvirtd = {
path =
let
env = pkgs.buildEnv {
name = "qemu-hook-env";
paths = with pkgs; [
bash
libvirt
kmod
systemd
ripgrep
sd
coreutils
sudo
su
killall
procps
util-linux
bindfs
qemu-utils
psmisc
procps
];
};
in
[ env ];
};
# Shared qcow drive
systemd.services.windows-share-mount = {
wantedBy = [ "multi-user.target" ];
path = [
config.virtualisation.libvirtd.qemu.package
pkgs.util-linux
pkgs.kmod
pkgs.coreutils
];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
unitConfig.ConditionPathExists = "/mkk/data/vm/data.qcow2";
script = ''
modprobe nbd max_part=10
sleep 1
qemu-nbd -c /dev/nbd10 /mkk/data/vm/data.qcow2 --discard=unmap
sleep 1
mount /dev/nbd10p1 /mkk/data/mounts/windows -o uid=1000,gid=100
'';
preStop = ''
umount -r /dev/nbd10p1
qemu-nbd -d /dev/nbd10
'';
};
#Hugepages
systemd.mounts = [
{
where = "/dev/hugepages";
enable = false;
}
{
where = "/dev/hugepages/hugepages-2048kB";
enable = true;
what = "hugetlbfs";
type = "hugetlbfs";
options = "pagesize=2M";
requiredBy = [ "basic.target" ];
}
{
where = "/dev/hugepages/hugepages-1048576kB";
enable = true;
what = "hugetlbfs";
type = "hugetlbfs";
options = "pagesize=1G";
requiredBy = [ "basic.target" ];
}
];
virtualisation.libvirtd.qemu.verbatimConfig = ''
cgroup_device_acl = [
"/dev/null", "/dev/full", "/dev/zero",
"/dev/random", "/dev/urandom",
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
"/dev/rtc","/dev/hpet", "/dev/vfio/vfio",
"/dev/kvmfr0"
]
'';
}

146
nix-config/host/materusPC/virtualization/nspawn/arch.nix Normal file
View File

@ -0,0 +1,146 @@
{
config,
pkgs,
lib,
...
}:
let
mainMirror = "https://ftp.icm.edu.pl/pub/Linux/dist/archlinux";
extraMirrors = [ ];
getty = [
8
9
];
ttys = [
8
9
] ++ getty;
startPkgs = lib.strings.concatStringsSep " " [
"base"
"base-devel"
"dbus"
"less"
"nano"
"bash-completion"
];
scripts = {
preStart = pkgs.writeShellScript "arch-pre-start" ''
if [ ! -d "/var/lib/machines/archlinux" ]; then
export PATH=''${PATH:+''${PATH}:}${
lib.strings.makeBinPath (
with pkgs;
[
wget
coreutils-full
gnutar
zstd
]
)
}
ARCH_IMAGE=$(mktemp)
trap 'rm $ARCH_IMAGE' EXIT
wget "${mainMirror}/iso/latest/archlinux-bootstrap-x86_64.tar.zst" -O $ARCH_IMAGE
mkdir -p /var/lib/machines/archlinux
trap 'rm -rf /var/lib/machines/archlinux' ERR
tar -xaf $ARCH_IMAGE -C "/var/lib/machines/archlinux" --strip-components=1 --numeric-owner
printf 'Server = %s/$repo/os/$arch\n' "${mainMirror}" > /var/lib/machines/archlinux/etc/pacman.d/mirrorlist
rm "/var/lib/machines/archlinux/etc/resolv.conf"
[ -f "/var/lib/machines/archlinux/etc/securetty" ] && \
printf 'pts/%d\n' $(seq 0 10) >>"/var/lib/machines/archlinux/etc/securetty"
systemd-machine-id-setup --root="/var/lib/machines/archlinux"
systemd-nspawn -q --settings=false --system-call-filter=@sandbox -D "/var/lib/machines/archlinux" /bin/sh -c "
export PATH=/bin
touch /etc/systemd/do-not-udevadm-trigger-on-update
pacman-key --init && pacman-key --populate
pacman -Rs --noconfirm arch-install-scripts
pacman -Sy --noconfirm --needed ${startPkgs}
pacman -Syu --noconfirm
systemctl disable getty@tty1.service
${
lib.strings.concatStringsSep "\n" (
lib.lists.forEach getty (x: "systemctl enable getty@tty${builtins.toString x}.service")
)
}
"
fi
'';
};
in
{
systemd.nspawn."archlinux" = {
enable = true;
execConfig = {
Boot = true;
SystemCallFilter = [ "@known" ];
Timezone = "symlink";
Capability = "all";
PrivateUsers = "no";
ResolvConf = "copy-host";
};
filesConfig = {
BindReadOnly = [
"/nix"
"/run/current-system"
"/run/booted-system"
"/run/opengl-driver"
"/run/opengl-driver-32"
];
Bind = [
"/:/run/host-root"
"/run/udev"
"/run/pipewire"
"/run/pulse"
"/sys/class"
"/sys/devices"
"/dev/fuse"
"/dev/snd"
"/dev/input"
"/dev/uinput"
"/dev/shm"
"/dev/kfd"
"/dev/dri"
"/dev/tty"
"/dev/tty0"
"/var/lib/flatpak"
"/var/lib/containers"
"/tmp/.X11-unix"
/mkk
] ++ lib.lists.forEach ttys (x: "/dev/tty${builtins.toString x}");
};
networkConfig = {
Bridge = "br0";
};
};
systemd.services."systemd-nspawn@archlinux" = {
enable = true;
preStart = "${scripts.preStart}";
overrideStrategy = "asDropin";
serviceConfig = {
DeviceAllow = [
"char-* rwm"
"block-* rwm"
"/dev/shm rwm"
];
};
};
}

178
nix-config/host/materusPC/virtualization/vfio.nix Normal file
View File

@ -0,0 +1,178 @@
{ config, pkgs, ... }:
let
bar0_guest = "15";
bar2_guest = "8";
bar0_host = "15";
bar2_host = "8";
allCores = "0-31";
allCoresMask = "ffffffff";
hostCores = "0-7,16-23";
hostCoresMask = "00ff00ff";
vmCores = "8-15,24-31";
vmCoresMask = "ff00ff00";
VM_UUID = "ad2632db-0da0-4204-98b3-0592a185ebd0";
startedHook = ''
# Renice QEMU process and threads
QEMU_PID=$(ps aux | grep qemu-system-x86_64 | grep "${VM_UUID}" | tr -s ' ' | cut -d " " -f 2)
for pid in $(ls /proc/$QEMU_PID/task); do
renice -n "-15" -p "$pid";
done
renice -n "-10" -p "$QEMU_PID";
'';
startHook =
/*
''
# Debugging
exec 19>/home/materus/startlogfile
BASH_XTRACEFD=19
set -x
exec 3>&1 4>&2
trap 'exec 2>&4 1>&3' 0 1 2 3
exec 1>/home/materus/startlogfile.out 2>&1
''
+
*/
''
# Service for my shared qcow2 drive, it's mounted to host when VM not running
systemctl stop windows-share-mount.service
# Stop arch container, script doesnt kill things in container so gpu will be in broken state without it
if [ $(systemctl is-active systemd-nspawn@archlinux) = "active" ]; then
systemctl stop systemd-nspawn@archlinux;
sleep 5s;
while [ $(systemctl is-active systemd-nspawn@archlinux) = "active" ];do sleep 2s; done;
fi
# Remember non symlink path to card and render, symlink might get deleted
DRI_RENDER=$(readlink -f /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-render)
DRI_CARD=$(readlink -f /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-card)
# Send "remove" event so wayland compositors can release gpu, sleep because it doesnt work instantly
echo remove > /sys/bus/pci/devices/$VIRSH_GPU_VIDEO/drm/card*/uevent
sleep 3s
# Remove all permissions from DRI nodes so no new processes will attach to it, kill all processes currently using it
chmod 0 $DRI_RENDER
chmod 0 $DRI_CARD
fuser -k $DRI_RENDER
fuser -k $DRI_CARD
# Seems to fix reset bug for 7900 XTX
echo "0" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/d3cold_allowed"
# Unbind GPU from drivers
echo ''$VIRSH_GPU_VIDEO > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/driver/unbind"
echo ''$VIRSH_GPU_AUDIO > "/sys/bus/pci/devices/''${VIRSH_GPU_AUDIO}/driver/unbind"
# Optionally resize bars, it's pointless for me since it's full size here but keeping just in case
echo "${bar0_guest}" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource0_resize"
echo "${bar2_guest}" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource2_resize"
# Compact memory if possible to make continuous space for transparent huge pages
sync
echo "3" > /proc/sys/vm/drop_caches
sync
echo "1" > /proc/sys/vm/compact_memory
# Set host cgroups and workqueue to use defined cpu cores (I'm using first half of cpu on host, second half on guest)
systemctl set-property --runtime -- user.slice AllowedCPUs=${hostCores}
systemctl set-property --runtime -- system.slice AllowedCPUs=${hostCores}
systemctl set-property --runtime -- init.scope AllowedCPUs=${hostCores}
echo "${hostCoresMask}" > /sys/bus/workqueue/devices/writeback/cpumask
# Set performance governor if not set
echo performance | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
# Reduce interval of memory statistics to 120s from default 1s
sysctl vm.stat_interval=120
'';
stopHook = ''
# Debugging
# exec 19>/home/materus/stoplogfile
# BASH_XTRACEFD=19
# set -x
# exec 3>&1 4>&2
# trap 'exec 2>&4 1>&3' 0 1 2 3
# exec 1>/home/materus/stoplogfile.out 2>&1
# echo performance | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
# Stop arch container, sometimes gpu doesnt return properly if it's active
if [ $(systemctl is-active systemd-nspawn@archlinux) = "active" ]; then
systemctl stop systemd-nspawn@archlinux;
sleep 5s;
while [ $(systemctl is-active systemd-nspawn@archlinux) = "active" ]; do sleep 2s; done;
fi
sysctl vm.stat_interval=1
sleep 1s
echo ''$VIRSH_GPU_VIDEO > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/driver/unbind"
echo ''$VIRSH_GPU_AUDIO > "/sys/bus/pci/devices/''${VIRSH_GPU_AUDIO}/driver/unbind"
echo "${bar0_host}" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource0_resize"
echo "${bar2_host}" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource2_resize"
echo "1" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/d3cold_allowed"
echo ''$VIRSH_GPU_VIDEO > /sys/bus/pci/drivers/amdgpu/bind
echo ''$VIRSH_GPU_AUDIO > /sys/bus/pci/drivers/snd_hda_intel/bind
systemctl start windows-share-mount.service
systemctl set-property --runtime -- user.slice AllowedCPUs=${allCores}
systemctl set-property --runtime -- system.slice AllowedCPUs=${allCores}
systemctl set-property --runtime -- init.scope AllowedCPUs=${allCores}
echo "${allCoresMask}" > /sys/bus/workqueue/devices/writeback/cpumask
'';
in
{
services.udev.extraRules = ''
SUBSYSTEM=="kvmfr", OWNER="root", GROUP="kvm", MODE="0660"
'';
virtualisation.libvirtd.hooks.qemu = {
"windows-vfio" = pkgs.writeShellScript "windows.sh" ''
VIRSH_GPU_VIDEO="0000:03:00.0"
VIRSH_GPU_AUDIO="0000:03:00.1"
VIRSH_USB1="0000:10:00.0"
if [ ''$1 = "windows-vfio" ]; then
if [ ''$2 = "prepare" ] && [ ''$3 = "begin" ]; then
${startHook}
fi
#if [ ''$2 = "started" ] && [ ''$3 = "begin" ]; then
${startedHook}
#fi
if [ ''$2 = "release" ] && [ ''$3 = "end" ]; then
${stopHook}
fi
fi
'';
};
}

4
nix-config/shared/default.nix Normal file
View File

@ -0,0 +1,4 @@
{ ... }:
{
config._module.args.mkk = import ./private/variables.nix;
}

BIN
nix-config/shared/private/variables.nix Normal file
View File

Binary file not shown.

62
nix-config/subflake/flake.nix Normal file
View File

@ -0,0 +1,62 @@
{
description = "All the flakes";
inputs = {
nixpkgs = {
type = "github";
owner = "NixOS";
repo = "nixpkgs";
ref = "nixos-unstable";
};
flake-utils = {
type = "github";
owner = "numtide";
repo = "flake-utils";
ref = "main";
};
home-manager = {
type = "github";
owner = "nix-community";
repo = "home-manager";
ref = "master";
inputs = {
nixpkgs.follows = "nixpkgs";
};
};
nixerus = {
type = "github";
owner = "materusPL";
repo = "Nixerus";
ref = "master";
inputs = {
nixpkgs.follows = "nixpkgs";
home-manager.follows = "home-manager";
};
};
sops-nix = {
type = "github";
owner = "Mic92";
repo = "sops-nix";
ref = "master";
inputs = {
nixpkgs.follows = "nixpkgs";
};
};
nix-vscode-extensions = {
type = "github";
owner = "nix-community";
repo = "nix-vscode-extensions";
ref = "master";
inputs = {
nixpkgs.follows = "nixpkgs";
};
};
};
outputs = inputs: inputs;
}