mirror of
https://github.com/materusPL/nixos-config
synced 2026-07-02 12:46:42 +00:00
update
This commit is contained in:
@@ -1,7 +1,7 @@
|
||||
{ pkgs, lib, ... }:
|
||||
{
|
||||
|
||||
sound.enable = true;
|
||||
#sound.enable = true;
|
||||
security.rtkit.enable = true;
|
||||
services.pipewire = {
|
||||
enable = true;
|
||||
|
||||
@@ -82,7 +82,7 @@ in
|
||||
execConfig = {
|
||||
Boot = true;
|
||||
SystemCallFilter = [ "@known" ];
|
||||
Timezone = "bind";
|
||||
Timezone = "symlink";
|
||||
Capability = "all";
|
||||
PrivateUsers = "no";
|
||||
ResolvConf = "copy-host";
|
||||
@@ -103,6 +103,8 @@ in
|
||||
|
||||
"/run/udev"
|
||||
|
||||
"/dev/fuse"
|
||||
"/dev/snd"
|
||||
"/dev/input"
|
||||
"/dev/shm"
|
||||
"/dev/kfd"
|
||||
@@ -110,6 +112,9 @@ in
|
||||
"/dev/tty"
|
||||
"/dev/tty0"
|
||||
|
||||
"/var/lib/flatpak"
|
||||
"/var/lib/containers"
|
||||
|
||||
"/tmp/.X11-unix"
|
||||
|
||||
/materus
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
{
|
||||
imports = [
|
||||
./arch.nix
|
||||
./fedora.nix
|
||||
];
|
||||
virtualisation.lxc.enable = true;
|
||||
virtualisation.lxc.lxcfs.enable = true;
|
||||
|
||||
@@ -0,0 +1,75 @@
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
let
|
||||
ttys = [
|
||||
9
|
||||
10
|
||||
];
|
||||
|
||||
in
|
||||
{
|
||||
systemd.nspawn."fedora" = {
|
||||
enable = true;
|
||||
execConfig = {
|
||||
Boot = true;
|
||||
SystemCallFilter = [ "@known" ];
|
||||
Timezone = "symlink";
|
||||
Capability = "all";
|
||||
PrivateUsers = "no";
|
||||
ResolvConf = "off";
|
||||
};
|
||||
|
||||
filesConfig = {
|
||||
BindReadOnly = [
|
||||
"/nix"
|
||||
|
||||
"/run/current-system"
|
||||
"/run/booted-system"
|
||||
"/run/opengl-driver"
|
||||
"/run/opengl-driver-32"
|
||||
|
||||
];
|
||||
Bind = [
|
||||
"/:/run/host-root"
|
||||
|
||||
"/run/udev"
|
||||
|
||||
"/dev/fuse"
|
||||
"/dev/snd"
|
||||
"/dev/input"
|
||||
"/dev/shm"
|
||||
"/dev/kfd"
|
||||
"/dev/dri"
|
||||
"/dev/tty"
|
||||
"/dev/tty0"
|
||||
|
||||
"/var/lib/flatpak"
|
||||
|
||||
"/tmp/.X11-unix"
|
||||
|
||||
/materus
|
||||
|
||||
] ++ lib.lists.forEach ttys (x: "/dev/tty${builtins.toString x}");
|
||||
};
|
||||
networkConfig = {
|
||||
Bridge="br0";
|
||||
};
|
||||
};
|
||||
systemd.services."systemd-nspawn@fedora" = {
|
||||
enable = true;
|
||||
overrideStrategy = "asDropin";
|
||||
serviceConfig = {
|
||||
ConditionPathExists="/var/lib/machines/fedora";
|
||||
DeviceAllow = [
|
||||
"char-tty rwm"
|
||||
"char-input rwm"
|
||||
"char-drm rwm"
|
||||
];
|
||||
|
||||
};
|
||||
};
|
||||
}
|
||||
@@ -25,7 +25,7 @@
|
||||
materus.profile.nix.enable = true;
|
||||
materus.profile.nixpkgs.enable = true;
|
||||
materus.profile.fonts.enable = true;
|
||||
materus.profile.steam.enable = true;
|
||||
materus.profile.steam.enable = false;
|
||||
|
||||
services.logind.extraConfig = ''
|
||||
NAutoVTs=4
|
||||
|
||||
@@ -35,10 +35,11 @@ in
|
||||
"iommu=pt"
|
||||
"psi=1"
|
||||
] ++ video;
|
||||
boot.kernelModules = [ "pci-stub" "amdgpu" "i2c_dev" "kvm_amd" "vfio" "vfio_iommu_type1" "vfio-pci" ];
|
||||
boot.kernelModules = [ "pci-stub" "amdgpu" "i2c_dev" "kvm_amd" "vfio" "vfio_iommu_type1" "vfio-pci" "kvmfr" ];
|
||||
boot.extraModprobeConfig = ''
|
||||
options kvm_amd nested=1 avic=1 npt=1 sev=0
|
||||
options vfio_iommu_type1 allow_unsafe_interrupts=1
|
||||
options kvmfr static_size_mb=64
|
||||
'';
|
||||
boot.kernel.sysctl = {
|
||||
"vm.max_map_count" = 1000000;
|
||||
@@ -50,7 +51,7 @@ in
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
|
||||
boot.initrd.kernelModules = [ "amdgpu" ];
|
||||
|
||||
boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
|
||||
boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback kvmfr ];
|
||||
|
||||
|
||||
boot.supportedFilesystems = [ "ntfs" "btrfs" "vfat" "exfat" "ext4" ];
|
||||
|
||||
@@ -16,10 +16,10 @@
|
||||
|
||||
environment.variables = {
|
||||
DISABLE_LAYER_AMD_SWITCHABLE_GRAPHICS_1 = "1";
|
||||
VK_ICD_FILENAMES = "${pkgs.mesa.drivers}/share/vulkan/icd.d/radeon_icd.x86_64.json:${pkgs.driversi686Linux.mesa.drivers}/share/vulkan/icd.d/radeon_icd.i686.json";
|
||||
#VK_ICD_FILENAMES = "${pkgs.mesa.drivers}/share/vulkan/icd.d/radeon_icd.x86_64.json:${pkgs.driversi686Linux.mesa.drivers}/share/vulkan/icd.d/radeon_icd.i686.json";
|
||||
AMD_VULKAN_ICD = "RADV";
|
||||
RADV_PERFTEST = "gpl,rt,sam";
|
||||
OCL_ICD_VENDORS = "${pkgs.rocmPackages.clr.icd}/etc/OpenCL/vendors/";
|
||||
#OCL_ICD_VENDORS = "${pkgs.rocmPackages.clr.icd}/etc/OpenCL/vendors/";
|
||||
};
|
||||
hardware.cpu.amd.updateMicrocode = lib.mkForce true;
|
||||
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
enableTerminal = lib.mkDefault true;
|
||||
enableTerminalExtra = lib.mkDefault true;
|
||||
enableNixDevel = lib.mkDefault true;
|
||||
editor.emacs.enable = true;
|
||||
editor.emacs.enable = false;
|
||||
editor.code.fhs.enable = true;
|
||||
editor.code.fhs.packages = (ps: with ps; let llvmpkgs = llvmPackages_18; in [
|
||||
llvmpkgs.clang
|
||||
|
||||
@@ -30,6 +30,7 @@
|
||||
networking.firewall.allowedUDPPorts = [ (lib.strings.toInt materusArg.wireguard.port)
|
||||
24800 5900 3702 4656 6000 9943 9944
|
||||
22000 21027 # Syncthing
|
||||
17000 17001 # zomboid
|
||||
];
|
||||
networking.networkmanager.settings = {
|
||||
connectivity = {
|
||||
|
||||
@@ -6,13 +6,23 @@
|
||||
}:
|
||||
{
|
||||
|
||||
services.jackett.enable = true;
|
||||
#services.jackett.enable = true;
|
||||
programs.nix-ld.enable = true;
|
||||
programs.nix-ld.libraries = with pkgs; [
|
||||
|
||||
];
|
||||
programs.chromium.enable = true;
|
||||
programs.chromium.enablePlasmaBrowserIntegration = true;
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
||||
(vivaldi.overrideAttrs
|
||||
(oldAttrs: {
|
||||
dontWrapQtApps = false;
|
||||
dontPatchELF = true;
|
||||
nativeBuildInputs = oldAttrs.nativeBuildInputs ++ [pkgs.kdePackages.wrapQtAppsHook];
|
||||
}))
|
||||
|
||||
#(pkgs.lutris.override { extraLibraries = pkgs: with pkgs; [ pkgs.samba pkgs.jansson pkgs.tdb pkgs.libunwind pkgs.libusb1 pkgs.gnutls pkgs.gtk3 pkgs.pango ]; })
|
||||
materusArg.pkgs.amdgpu-pro-libs.prefixes
|
||||
(pkgs.bottles.override {
|
||||
|
||||
@@ -1,33 +1,29 @@
|
||||
{ config, pkgs, materusArg, ... }:
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
materusArg,
|
||||
...
|
||||
}:
|
||||
|
||||
{
|
||||
|
||||
|
||||
programs.gamemode.enable = true;
|
||||
programs.corectrl.enable = true;
|
||||
|
||||
|
||||
|
||||
services.teamviewer.enable = true;
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}"
|
||||
];
|
||||
systemd.tmpfiles.rules = [ "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" ];
|
||||
|
||||
services.flatpak.enable = true;
|
||||
services.gvfs.enable = true;
|
||||
|
||||
|
||||
services.xserver.xkb.layout = "pl";
|
||||
|
||||
|
||||
services.xserver.enable = true;
|
||||
services.xserver.videoDrivers = [ "amdgpu" ];
|
||||
services.dbus.enable = true;
|
||||
services.dbus.packages = [ pkgs.gcr ];
|
||||
|
||||
|
||||
|
||||
services.xserver.displayManager.startx.enable = false;
|
||||
|
||||
services.xserver.exportConfiguration = true;
|
||||
@@ -44,15 +40,10 @@
|
||||
|
||||
'';
|
||||
|
||||
|
||||
|
||||
|
||||
services.printing.enable = true;
|
||||
|
||||
services.libinput.enable = true;
|
||||
|
||||
|
||||
|
||||
environment.sessionVariables = {
|
||||
XDG_CACHE_HOME = "\${HOME}/.cache";
|
||||
XDG_CONFIG_HOME = "\${HOME}/.config";
|
||||
@@ -64,11 +55,8 @@
|
||||
XMODIFIERS = "@im=fcitx";
|
||||
SDL_IM_MODULE = "fcitx";
|
||||
|
||||
|
||||
MOZ_USE_XINPUT2 = "1";
|
||||
PATH = [
|
||||
"\${XDG_BIN_HOME}"
|
||||
];
|
||||
PATH = [ "\${XDG_BIN_HOME}" ];
|
||||
};
|
||||
environment.shellInit = ''
|
||||
if ! [ -z "$DISPLAY" ]; then xhost +si:localuser:root &> /dev/null; fi;
|
||||
@@ -76,9 +64,13 @@
|
||||
'';
|
||||
|
||||
i18n.inputMethod.enabled = "fcitx5";
|
||||
i18n.inputMethod.fcitx5.addons = [ pkgs.kdePackages.fcitx5-configtool pkgs.fcitx5-lua pkgs.fcitx5-mozc pkgs.fcitx5-gtk pkgs.kdePackages.fcitx5-qt ];
|
||||
|
||||
|
||||
i18n.inputMethod.fcitx5.addons = [
|
||||
pkgs.kdePackages.fcitx5-configtool
|
||||
pkgs.fcitx5-lua
|
||||
pkgs.fcitx5-mozc
|
||||
pkgs.fcitx5-gtk
|
||||
pkgs.kdePackages.fcitx5-qt
|
||||
];
|
||||
|
||||
services.pcscd.enable = true;
|
||||
|
||||
@@ -89,21 +81,21 @@
|
||||
package = pkgs.sambaFull;
|
||||
securityType = "user";
|
||||
openFirewall = true;
|
||||
extraConfig = ''
|
||||
workgroup = WORKGROUP
|
||||
server string = smbmaterus
|
||||
netbios name = smbmaterus
|
||||
security = user
|
||||
hosts allow = 192.168.122. 127.0.0.1 localhost
|
||||
hosts deny = 0.0.0.0/0
|
||||
guest account = nobody
|
||||
map to guest = bad user
|
||||
allow insecure wide links = yes
|
||||
'';
|
||||
shares = {
|
||||
settings = {
|
||||
global = {
|
||||
"workgroup" = "WORKGROUP";
|
||||
"server string" = "smbmaterus";
|
||||
"netbios name " = "smbmaterus";
|
||||
"security" = "user";
|
||||
"hosts allow" = "192.168.122. 127.0.0.1 localhost";
|
||||
"hosts deny" = "0.0.0.0/0";
|
||||
"guest account" = "nobody";
|
||||
"map to guest" = "bad user";
|
||||
"allow insecure wide links" = "yes";
|
||||
};
|
||||
windows = {
|
||||
path = "/materus/data/VM/windows_shared";
|
||||
browseable = "yes";
|
||||
"path" = "/materus/data/VM/windows_shared";
|
||||
"browseable" = "yes";
|
||||
"read only" = "no";
|
||||
"guest ok" = "no";
|
||||
"create mask" = "0644";
|
||||
@@ -113,6 +105,7 @@
|
||||
"follow symlinks" = "yes";
|
||||
"wide links" = "yes";
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
@@ -134,13 +127,21 @@
|
||||
openFirewall = true;
|
||||
autoStart = false;
|
||||
};
|
||||
|
||||
|
||||
hardware.sane.enable = true;
|
||||
hardware.sane.extraBackends = [ pkgs.hplipWithPlugin ];
|
||||
|
||||
environment.enableAllTerminfo = true;
|
||||
environment.pathsToLink = [ "/share/zsh" "/share/bash-completion" "/share/fish" ];
|
||||
environment.shells = with pkgs; [ zsh bashInteractive fish ];
|
||||
environment.pathsToLink = [
|
||||
"/share/zsh"
|
||||
"/share/bash-completion"
|
||||
"/share/fish"
|
||||
];
|
||||
environment.shells = with pkgs; [
|
||||
zsh
|
||||
bashInteractive
|
||||
fish
|
||||
];
|
||||
programs = {
|
||||
fish.enable = true;
|
||||
command-not-found.enable = false;
|
||||
@@ -149,9 +150,6 @@
|
||||
|
||||
materus.profile.browser.enable = true;
|
||||
|
||||
|
||||
services.davfs2.enable = true;
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
@@ -10,7 +10,7 @@ let
|
||||
startedHook = ''
|
||||
QEMU_PID=$(ps aux | grep qemu-system-x86_64 | grep "${VM_UUID}" | tr -s ' ' | cut -d " " -f 2)
|
||||
|
||||
for pid in $(cat /sys/fs/cgroup/cpu/machine.slice/machine-qemu*$1.scope/libvirt/vcpu*/tasks); do
|
||||
for pid in $(ls /proc/$QEMU_PID/task); do
|
||||
renice -n "-15" -p "$pid";
|
||||
done
|
||||
renice -n "-10" -p "$QEMU_PID";
|
||||
@@ -47,7 +47,8 @@ let
|
||||
chmod 0 /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-render
|
||||
chmod 0 /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-card
|
||||
fuser -k /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-render
|
||||
pkill Xwayland
|
||||
fuser -k /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-card
|
||||
#pkill Xwayland
|
||||
|
||||
# Seems to fix reset bug for 7900 XTX
|
||||
echo "0" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/d3cold_allowed"
|
||||
@@ -64,9 +65,11 @@ let
|
||||
echo ''$VIRSH_GPU_VIDEO > /sys/bus/pci/drivers/amdgpu/bind
|
||||
|
||||
sleep 1s
|
||||
|
||||
chmod 0 /dev/dri/renderD128
|
||||
fuser -k /dev/dri/renderD128
|
||||
|
||||
chmod 0 /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-card
|
||||
chmod 0 /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-render
|
||||
fuser -k /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-render
|
||||
fuser -k /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-card
|
||||
#####################################################################
|
||||
|
||||
echo ''$VIRSH_GPU_VIDEO > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/driver/unbind"
|
||||
@@ -152,7 +155,15 @@ in
|
||||
|
||||
|
||||
|
||||
|
||||
virtualisation.libvirtd.qemu.verbatimConfig = ''
|
||||
cgroup_device_acl = [
|
||||
"/dev/null", "/dev/full", "/dev/zero",
|
||||
"/dev/random", "/dev/urandom",
|
||||
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
|
||||
"/dev/rtc","/dev/hpet", "/dev/vfio/vfio",
|
||||
"/dev/kvmfr0"
|
||||
]
|
||||
'';
|
||||
virtualisation.libvirtd.hooks.qemu = {
|
||||
"windows-vfio" = pkgs.writeShellScript "windows.sh" ''
|
||||
VIRSH_GPU_VIDEO="0000:03:00.0"
|
||||
|
||||
@@ -165,12 +165,5 @@
|
||||
dnsProvider = "ovh";
|
||||
};
|
||||
|
||||
security.acme.certs."podkos.xyz" = {
|
||||
domain = "podkos.xyz";
|
||||
group = "nginx";
|
||||
extraDomainNames = [ "*.podkos.xyz" ];
|
||||
dnsProvider = "ovh";
|
||||
};
|
||||
|
||||
}
|
||||
|
||||
|
||||
Binary file not shown.
@@ -1,10 +1,13 @@
|
||||
{ config, pkgs, lib, materusArg, ... }:
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
materusArg,
|
||||
...
|
||||
}:
|
||||
{
|
||||
options.valkyrieService.dcbot.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable muse bot";
|
||||
|
||||
|
||||
|
||||
|
||||
config =
|
||||
let
|
||||
cfg = config.valkyrieService.dcbot;
|
||||
@@ -24,18 +27,12 @@
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /var/lib/muse 0776 root root -"
|
||||
];
|
||||
|
||||
virtualisation.oci-containers.containers.dcbot = {
|
||||
image = "ghcr.io/museofficial/muse:latest";
|
||||
volumes = [
|
||||
"/var/lib/muse:/data"
|
||||
];
|
||||
environmentFiles = [
|
||||
config.sops.templates."muse.env".path
|
||||
];
|
||||
volumes = [ "/var/lib/muse:/data" ];
|
||||
environmentFiles = [ config.sops.templates."muse.env".path ];
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@@ -10,7 +10,7 @@
|
||||
services.adguardhome.enable = true;
|
||||
|
||||
valkyrieService.pihole.enable = false;
|
||||
valkyrieService.pleroma.enable = true;
|
||||
valkyrieService.pleroma.enable = false;
|
||||
valkyrieService.dcbot.enable = true;
|
||||
valkyrieService.secureyoursoul.enable = true;
|
||||
|
||||
|
||||
@@ -50,7 +50,7 @@ in
|
||||
"L+ /var/lib/pleroma/static/frontends/soapbox/${soapbox.version} 0766 pleroma pleroma - ${soapbox}"
|
||||
];
|
||||
|
||||
services.nginx.virtualHosts."podkos.xyz" = {
|
||||
s ervices.nginx.virtualHosts."podkos.xyz" = {
|
||||
http2 = true;
|
||||
useACMEHost = "podkos.xyz";
|
||||
forceSSL = true;
|
||||
|
||||
Binary file not shown.
@@ -16,9 +16,9 @@ let
|
||||
vscode-marketplace.cs128.cs128-clang-tidy
|
||||
|
||||
#Python
|
||||
vscode-marketplace.ms-python.python
|
||||
vscode-marketplace.ms-python.vscode-pylance
|
||||
vscode-marketplace.ms-python.debugpy
|
||||
#vscode-marketplace.ms-python.python
|
||||
#vscode-marketplace.ms-python.vscode-pylance
|
||||
#vscode-marketplace.ms-python.debugpy
|
||||
|
||||
# CSharp
|
||||
open-vsx.muhammad-sammy.csharp
|
||||
@@ -51,15 +51,15 @@ let
|
||||
|
||||
#Git
|
||||
open-vsx.donjayamanne.githistory
|
||||
open-vsx.mhutchie.git-graph
|
||||
#open-vsx.mhutchie.git-graph
|
||||
open-vsx.eamodio.gitlens
|
||||
|
||||
#Other
|
||||
open-vsx.ms-azuretools.vscode-docker
|
||||
open-vsx.webfreak.debug
|
||||
open-vsx.mkhl.direnv
|
||||
vscode-marketplace.ms-vscode-remote.remote-wsl
|
||||
vscode-marketplace.ms-vscode-remote.remote-containers
|
||||
#vscode-marketplace.ms-vscode-remote.remote-wsl
|
||||
#vscode-marketplace.ms-vscode-remote.remote-containers
|
||||
open-vsx.esbenp.prettier-vscode
|
||||
open-vsx.formulahendry.code-runner
|
||||
open-vsx.leonardssh.vscord
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
...
|
||||
}:
|
||||
let
|
||||
emacs-pkg = materusCfg.configInputs.emacs-overlay.packages.x86_64-linux.emacs-unstable;
|
||||
emacs-pkg = pkgs.emacs;
|
||||
|
||||
materus-config =
|
||||
e:
|
||||
@@ -81,6 +81,7 @@ let
|
||||
org-present
|
||||
org-modern
|
||||
org-auto-tangle
|
||||
ox-pandoc
|
||||
visual-fill-column
|
||||
csharp-mode
|
||||
markdown-mode
|
||||
@@ -112,7 +113,7 @@ let
|
||||
zones
|
||||
sudo-edit
|
||||
toc-org
|
||||
empv
|
||||
#empv
|
||||
volatile-highlights
|
||||
highlight
|
||||
elfeed
|
||||
@@ -150,6 +151,7 @@ let
|
||||
name = "emacs-env";
|
||||
paths = with pkgs; [
|
||||
luaformatter
|
||||
pandoc
|
||||
(luajit.withPackages (p: [p.fennel p.lua-lsp]))
|
||||
fennel-ls
|
||||
fnlfmt
|
||||
@@ -280,7 +282,7 @@ in
|
||||
#withXwidgets = true;
|
||||
withGTK3 = true;
|
||||
withAlsaLib = true;
|
||||
withGconf = true;
|
||||
#withGconf = true;
|
||||
withImageMagick = true;
|
||||
}).overrideAttrs
|
||||
(
|
||||
|
||||
Reference in New Issue
Block a user