This commit is contained in:
2025-04-18 11:50:53 +02:00
parent 730482c98b
commit c8a9b3cf43
22 changed files with 609 additions and 256 deletions
+1 -1
View File
@@ -1,7 +1,7 @@
{ pkgs, lib, ... }:
{
sound.enable = true;
#sound.enable = true;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
@@ -82,7 +82,7 @@ in
execConfig = {
Boot = true;
SystemCallFilter = [ "@known" ];
Timezone = "bind";
Timezone = "symlink";
Capability = "all";
PrivateUsers = "no";
ResolvConf = "copy-host";
@@ -103,6 +103,8 @@ in
"/run/udev"
"/dev/fuse"
"/dev/snd"
"/dev/input"
"/dev/shm"
"/dev/kfd"
@@ -110,6 +112,9 @@ in
"/dev/tty"
"/dev/tty0"
"/var/lib/flatpak"
"/var/lib/containers"
"/tmp/.X11-unix"
/materus
@@ -2,6 +2,7 @@
{
imports = [
./arch.nix
./fedora.nix
];
virtualisation.lxc.enable = true;
virtualisation.lxc.lxcfs.enable = true;
@@ -0,0 +1,75 @@
{
config,
pkgs,
lib,
...
}:
let
ttys = [
9
10
];
in
{
systemd.nspawn."fedora" = {
enable = true;
execConfig = {
Boot = true;
SystemCallFilter = [ "@known" ];
Timezone = "symlink";
Capability = "all";
PrivateUsers = "no";
ResolvConf = "off";
};
filesConfig = {
BindReadOnly = [
"/nix"
"/run/current-system"
"/run/booted-system"
"/run/opengl-driver"
"/run/opengl-driver-32"
];
Bind = [
"/:/run/host-root"
"/run/udev"
"/dev/fuse"
"/dev/snd"
"/dev/input"
"/dev/shm"
"/dev/kfd"
"/dev/dri"
"/dev/tty"
"/dev/tty0"
"/var/lib/flatpak"
"/tmp/.X11-unix"
/materus
] ++ lib.lists.forEach ttys (x: "/dev/tty${builtins.toString x}");
};
networkConfig = {
Bridge="br0";
};
};
systemd.services."systemd-nspawn@fedora" = {
enable = true;
overrideStrategy = "asDropin";
serviceConfig = {
ConditionPathExists="/var/lib/machines/fedora";
DeviceAllow = [
"char-tty rwm"
"char-input rwm"
"char-drm rwm"
];
};
};
}
+1 -1
View File
@@ -25,7 +25,7 @@
materus.profile.nix.enable = true;
materus.profile.nixpkgs.enable = true;
materus.profile.fonts.enable = true;
materus.profile.steam.enable = true;
materus.profile.steam.enable = false;
services.logind.extraConfig = ''
NAutoVTs=4
@@ -35,10 +35,11 @@ in
"iommu=pt"
"psi=1"
] ++ video;
boot.kernelModules = [ "pci-stub" "amdgpu" "i2c_dev" "kvm_amd" "vfio" "vfio_iommu_type1" "vfio-pci" ];
boot.kernelModules = [ "pci-stub" "amdgpu" "i2c_dev" "kvm_amd" "vfio" "vfio_iommu_type1" "vfio-pci" "kvmfr" ];
boot.extraModprobeConfig = ''
options kvm_amd nested=1 avic=1 npt=1 sev=0
options vfio_iommu_type1 allow_unsafe_interrupts=1
options kvmfr static_size_mb=64
'';
boot.kernel.sysctl = {
"vm.max_map_count" = 1000000;
@@ -50,7 +51,7 @@ in
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ "amdgpu" ];
boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback kvmfr ];
boot.supportedFilesystems = [ "ntfs" "btrfs" "vfat" "exfat" "ext4" ];
@@ -16,10 +16,10 @@
environment.variables = {
DISABLE_LAYER_AMD_SWITCHABLE_GRAPHICS_1 = "1";
VK_ICD_FILENAMES = "${pkgs.mesa.drivers}/share/vulkan/icd.d/radeon_icd.x86_64.json:${pkgs.driversi686Linux.mesa.drivers}/share/vulkan/icd.d/radeon_icd.i686.json";
#VK_ICD_FILENAMES = "${pkgs.mesa.drivers}/share/vulkan/icd.d/radeon_icd.x86_64.json:${pkgs.driversi686Linux.mesa.drivers}/share/vulkan/icd.d/radeon_icd.i686.json";
AMD_VULKAN_ICD = "RADV";
RADV_PERFTEST = "gpl,rt,sam";
OCL_ICD_VENDORS = "${pkgs.rocmPackages.clr.icd}/etc/OpenCL/vendors/";
#OCL_ICD_VENDORS = "${pkgs.rocmPackages.clr.icd}/etc/OpenCL/vendors/";
};
hardware.cpu.amd.updateMicrocode = lib.mkForce true;
@@ -17,7 +17,7 @@
enableTerminal = lib.mkDefault true;
enableTerminalExtra = lib.mkDefault true;
enableNixDevel = lib.mkDefault true;
editor.emacs.enable = true;
editor.emacs.enable = false;
editor.code.fhs.enable = true;
editor.code.fhs.packages = (ps: with ps; let llvmpkgs = llvmPackages_18; in [
llvmpkgs.clang
@@ -30,6 +30,7 @@
networking.firewall.allowedUDPPorts = [ (lib.strings.toInt materusArg.wireguard.port)
24800 5900 3702 4656 6000 9943 9944
22000 21027 # Syncthing
17000 17001 # zomboid
];
networking.networkmanager.settings = {
connectivity = {
+11 -1
View File
@@ -6,13 +6,23 @@
}:
{
services.jackett.enable = true;
#services.jackett.enable = true;
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [
];
programs.chromium.enable = true;
programs.chromium.enablePlasmaBrowserIntegration = true;
environment.systemPackages = with pkgs; [
(vivaldi.overrideAttrs
(oldAttrs: {
dontWrapQtApps = false;
dontPatchELF = true;
nativeBuildInputs = oldAttrs.nativeBuildInputs ++ [pkgs.kdePackages.wrapQtAppsHook];
}))
#(pkgs.lutris.override { extraLibraries = pkgs: with pkgs; [ pkgs.samba pkgs.jansson pkgs.tdb pkgs.libunwind pkgs.libusb1 pkgs.gnutls pkgs.gtk3 pkgs.pango ]; })
materusArg.pkgs.amdgpu-pro-libs.prefixes
(pkgs.bottles.override {
+41 -43
View File
@@ -1,33 +1,29 @@
{ config, pkgs, materusArg, ... }:
{
config,
pkgs,
materusArg,
...
}:
{
programs.gamemode.enable = true;
programs.corectrl.enable = true;
services.teamviewer.enable = true;
systemd.tmpfiles.rules = [
"L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}"
];
systemd.tmpfiles.rules = [ "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" ];
services.flatpak.enable = true;
services.gvfs.enable = true;
services.xserver.xkb.layout = "pl";
services.xserver.enable = true;
services.xserver.videoDrivers = [ "amdgpu" ];
services.dbus.enable = true;
services.dbus.packages = [ pkgs.gcr ];
services.xserver.displayManager.startx.enable = false;
services.xserver.exportConfiguration = true;
@@ -44,15 +40,10 @@
'';
services.printing.enable = true;
services.libinput.enable = true;
environment.sessionVariables = {
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
@@ -64,11 +55,8 @@
XMODIFIERS = "@im=fcitx";
SDL_IM_MODULE = "fcitx";
MOZ_USE_XINPUT2 = "1";
PATH = [
"\${XDG_BIN_HOME}"
];
PATH = [ "\${XDG_BIN_HOME}" ];
};
environment.shellInit = ''
if ! [ -z "$DISPLAY" ]; then xhost +si:localuser:root &> /dev/null; fi;
@@ -76,9 +64,13 @@
'';
i18n.inputMethod.enabled = "fcitx5";
i18n.inputMethod.fcitx5.addons = [ pkgs.kdePackages.fcitx5-configtool pkgs.fcitx5-lua pkgs.fcitx5-mozc pkgs.fcitx5-gtk pkgs.kdePackages.fcitx5-qt ];
i18n.inputMethod.fcitx5.addons = [
pkgs.kdePackages.fcitx5-configtool
pkgs.fcitx5-lua
pkgs.fcitx5-mozc
pkgs.fcitx5-gtk
pkgs.kdePackages.fcitx5-qt
];
services.pcscd.enable = true;
@@ -89,21 +81,21 @@
package = pkgs.sambaFull;
securityType = "user";
openFirewall = true;
extraConfig = ''
workgroup = WORKGROUP
server string = smbmaterus
netbios name = smbmaterus
security = user
hosts allow = 192.168.122. 127.0.0.1 localhost
hosts deny = 0.0.0.0/0
guest account = nobody
map to guest = bad user
allow insecure wide links = yes
'';
shares = {
settings = {
global = {
"workgroup" = "WORKGROUP";
"server string" = "smbmaterus";
"netbios name " = "smbmaterus";
"security" = "user";
"hosts allow" = "192.168.122. 127.0.0.1 localhost";
"hosts deny" = "0.0.0.0/0";
"guest account" = "nobody";
"map to guest" = "bad user";
"allow insecure wide links" = "yes";
};
windows = {
path = "/materus/data/VM/windows_shared";
browseable = "yes";
"path" = "/materus/data/VM/windows_shared";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0644";
@@ -113,6 +105,7 @@
"follow symlinks" = "yes";
"wide links" = "yes";
};
};
};
@@ -134,13 +127,21 @@
openFirewall = true;
autoStart = false;
};
hardware.sane.enable = true;
hardware.sane.extraBackends = [ pkgs.hplipWithPlugin ];
environment.enableAllTerminfo = true;
environment.pathsToLink = [ "/share/zsh" "/share/bash-completion" "/share/fish" ];
environment.shells = with pkgs; [ zsh bashInteractive fish ];
environment.pathsToLink = [
"/share/zsh"
"/share/bash-completion"
"/share/fish"
];
environment.shells = with pkgs; [
zsh
bashInteractive
fish
];
programs = {
fish.enable = true;
command-not-found.enable = false;
@@ -149,9 +150,6 @@
materus.profile.browser.enable = true;
services.davfs2.enable = true;
}
@@ -10,7 +10,7 @@ let
startedHook = ''
QEMU_PID=$(ps aux | grep qemu-system-x86_64 | grep "${VM_UUID}" | tr -s ' ' | cut -d " " -f 2)
for pid in $(cat /sys/fs/cgroup/cpu/machine.slice/machine-qemu*$1.scope/libvirt/vcpu*/tasks); do
for pid in $(ls /proc/$QEMU_PID/task); do
renice -n "-15" -p "$pid";
done
renice -n "-10" -p "$QEMU_PID";
@@ -47,7 +47,8 @@ let
chmod 0 /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-render
chmod 0 /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-card
fuser -k /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-render
pkill Xwayland
fuser -k /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-card
#pkill Xwayland
# Seems to fix reset bug for 7900 XTX
echo "0" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/d3cold_allowed"
@@ -64,9 +65,11 @@ let
echo ''$VIRSH_GPU_VIDEO > /sys/bus/pci/drivers/amdgpu/bind
sleep 1s
chmod 0 /dev/dri/renderD128
fuser -k /dev/dri/renderD128
chmod 0 /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-card
chmod 0 /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-render
fuser -k /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-render
fuser -k /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-card
#####################################################################
echo ''$VIRSH_GPU_VIDEO > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/driver/unbind"
@@ -152,7 +155,15 @@ in
virtualisation.libvirtd.qemu.verbatimConfig = ''
cgroup_device_acl = [
"/dev/null", "/dev/full", "/dev/zero",
"/dev/random", "/dev/urandom",
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
"/dev/rtc","/dev/hpet", "/dev/vfio/vfio",
"/dev/kvmfr0"
]
'';
virtualisation.libvirtd.hooks.qemu = {
"windows-vfio" = pkgs.writeShellScript "windows.sh" ''
VIRSH_GPU_VIDEO="0000:03:00.0"
-7
View File
@@ -165,12 +165,5 @@
dnsProvider = "ovh";
};
security.acme.certs."podkos.xyz" = {
domain = "podkos.xyz";
group = "nginx";
extraDomainNames = [ "*.podkos.xyz" ];
dnsProvider = "ovh";
};
}
+10 -13
View File
@@ -1,10 +1,13 @@
{ config, pkgs, lib, materusArg, ... }:
{
config,
pkgs,
lib,
materusArg,
...
}:
{
options.valkyrieService.dcbot.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable muse bot";
config =
let
cfg = config.valkyrieService.dcbot;
@@ -24,18 +27,12 @@
systemd.tmpfiles.rules = [
"d /var/lib/muse 0776 root root -"
];
virtualisation.oci-containers.containers.dcbot = {
image = "ghcr.io/museofficial/muse:latest";
volumes = [
"/var/lib/muse:/data"
];
environmentFiles = [
config.sops.templates."muse.env".path
];
volumes = [ "/var/lib/muse:/data" ];
environmentFiles = [ config.sops.templates."muse.env".path ];
};
};
}
}
@@ -10,7 +10,7 @@
services.adguardhome.enable = true;
valkyrieService.pihole.enable = false;
valkyrieService.pleroma.enable = true;
valkyrieService.pleroma.enable = false;
valkyrieService.dcbot.enable = true;
valkyrieService.secureyoursoul.enable = true;
@@ -50,7 +50,7 @@ in
"L+ /var/lib/pleroma/static/frontends/soapbox/${soapbox.version} 0766 pleroma pleroma - ${soapbox}"
];
services.nginx.virtualHosts."podkos.xyz" = {
s ervices.nginx.virtualHosts."podkos.xyz" = {
http2 = true;
useACMEHost = "podkos.xyz";
forceSSL = true;