# Edit this configuration file to define what should be installed on # your system. Help is available in the configuration.nix(5) man page # and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, materusArg, ... }: let nvidia-unpatched = pkgs.stdenv.mkDerivation (f: { pname = config.hardware.nvidia.package.name; version = config.hardware.nvidia.package.version + "-unpatched"; src = config.hardware.nvidia.package.src; nativeBuildInputs = [ ]; sourceRoot = "."; buildInputs = [ ]; unpackPhase = '' VER=${config.hardware.nvidia.package.version} PKGNAME=NVIDIA-Linux-x86_64-''${VER} cp $src ''${PKGNAME}.run chmod +x ./''${PKGNAME}.run ./''${PKGNAME}.run --extract-only mv ./''${PKGNAME} ./nvidia ''; installPhase = '' mkdir -p $out/bin mkdir -p $out/lib mkdir -p $out/lib32 mv nvidia $out/nvidia ''; }); steam = pkgs.steam.override { extraPkgs = pkgs: [ pkgs.nss_latest pkgs.libstrangle pkgs.libkrb5 pkgs.keyutils pkgs.libGL pkgs.libglvnd pkgs.gamescope pkgs.steamPackages.steam pkgs.wqy_zenhei pkgs.xorg.libXcursor pkgs.xorg.libXi pkgs.xorg.libXinerama pkgs.xorg.libXScrnSaver ]; extraLibraries = pkgs: [ pkgs.libkrb5 pkgs.keyutils pkgs.ncurses6 pkgs.fontconfig ]; }; grml-config = pkgs.fetchFromGitHub { owner = "grml"; repo = "grml-etc-core"; rev = "a2cda85d3d56fd5f5a7b954a444fd151318c4680"; sha256 = "0ap8lmqi45yjyjazdm1v64fz1rfqhkhfpdp2z17ag6hs5wi6i67y"; }; in { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix ]; boot.supportedFilesystems = [ "ntfs" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.auto-optimise-store = true; nix.settings.substituters = [ "https://nix-community.cachix.org" "https://cache.nixos.org/" ]; nix.settings.trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ]; nixpkgs.config.allowUnfree = true; nixpkgs.config.firefox.enablePlasmaBrowserIntegration = true; services.xserver.displayManager.startx.enable = true; security.sudo.extraRules = [ { users = [ "materus" ]; commands = [{ command = "${pkgs.podman}/bin/podman"; options = [ "NOPASSWD" ]; }]; } ]; /*security.wrappers.gamescope = { owner = "root"; group = "root"; capabilities = "cap_sys_nice=eip"; source = "${pkgs.gamescope.out}/bin/gamescope"; };*/ # Use the systemd-boot EFI boot loader. boot.loader.grub = { enable = true; efiSupport = true; device = "nodev"; gfxmodeEfi = "1920x1080"; gfxmodeBios = "1920x1080"; useOSProber = true; }; boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.efiSysMountPoint = "/boot/efi"; boot.kernelPackages = pkgs.linuxPackages_zen; boot.kernelParams = [ "ibt=off" "intel_iommu=on" "iommu=pt" "pcie_acs_override=downstream,multifunction" ]; boot.kernelModules = [ "kvm-intel" "vfio-pci" ]; boot.tmpOnTmpfs = true; services.flatpak.enable = true; services.gvfs.enable = true; networking.hostName = "Old-materusPC"; # Define your hostname. # Pick only one of the below networking options. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. # Set your time zone. time.timeZone = "Europe/Warsaw"; services.fstrim = { enable = true; interval = "weekly"; }; # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; # networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain"; # Select internationalisation properties. i18n.defaultLocale = "pl_PL.UTF-8"; console = { font = "lat2-16"; # keyMap = "pl"; useXkbConfig = true; # use xkbOptions in tty. }; networking.extraHosts = '' ''; hardware.bluetooth.enable = true; # Enable the X11 windowing system. services.xserver.enable = true; services.xserver.videoDrivers = [ "nvidia" ]; hardware.opengl.enable = true; hardware.opengl.driSupport32Bit = true; /* hardware.opengl.extraPackages = with pkgs; [ vaapiVdpau nvidia-vaapi-driver libvdpau-va-gl ]; hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ vaapiVdpau nvidia-vaapi-driver libvdpau-va-gl ];*/ # Optionally, you may need to select the appropriate driver version for your specific GPU. #hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.stable; /* #GNOME services.xserver.displayManager.gdm.wayland = false; services.xserver.displayManager.gdm.enable = true; services.xserver.desktopManager.gnome.enable = true; security.pam.services.gdm.enableGnomeKeyring = true; services.gnome.rygel.enable = true; services.gnome.sushi.enable = true; services.gnome.tracker.enable = true; services.gnome.gnome-online-accounts.enable = true; services.gnome.gnome-browser-connector.enable = true; services.gnome.gnome-settings-daemon.enable = true; services.gnome.core-utilities.enable = true; services.gnome.core-shell.enable = true; services.gnome.core-os-services.enable = true; programs.gnome-terminal.enable = true; services.gnome.gnome-keyring.enable = true; services.udev.packages = with pkgs; [ gnome.gnome-settings-daemon gnome2.GConf ]; */ #security.pam.services.login.enableKwallet = true; #services.xserver.displayManager.lightdm.enable = true; #services.xserver.displayManager.lightdm.greeters.enso.enable = true; #services.xserver.displayManager.lightdm.greeters.enso.blur = true; #services.xserver.desktopManager.xfce.enable = true; #xdg.portal.enable = true; #xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ]; # Enable the Plasma 5 Desktop Environment. security.pam.services.sddm.enableKwallet = true; services.xserver.displayManager.sddm.enable = true; services.xserver.desktopManager.plasma5.enable = true; #services.xserver.desktopManager.plasma5.supportDDC = true; services.xserver.desktopManager.plasma5.phononBackend = "gstreamer"; services.xserver.desktopManager.plasma5.useQtScaling = true; services.xserver.desktopManager.plasma5.runUsingSystemd = true; #services.xserver.desktopManager.plasma5.excludePackages = with pkgs.libsForQt5; [ kwallet ]; # Configure keymap in X11 services.xserver.layout = "pl"; # services.xserver.xkbOptions = { # "eurosign:e"; # "caps:escape" # map caps to escape. # }; # Enable CUPS to print documents. services.printing.enable = true; # Enable sound. sound.enable = true; security.rtkit.enable = true; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; # If you want to use JACK applications, uncomment this jack.enable = true; }; hardware.pulseaudio.enable = false; # Enable touchpad support (enabled default in most desktopManager). # services.xserver.libinput.enable = true; virtualisation.podman = { enable = true; enableNvidia = true; dockerCompat = true; dockerSocket.enable = true; }; virtualisation.libvirtd = { enable = true; onBoot = "ignore"; onShutdown = "shutdown"; qemu.ovmf.enable = true; qemu.ovmf.packages = [ pkgs.OVMFFull.fd ]; qemu.runAsRoot = true; qemu.swtpm.enable = true; }; systemd.services.libvirtd = { path = let env = pkgs.buildEnv { name = "qemu-hook-env"; paths = with pkgs; [ bash libvirt kmod systemd ripgrep sd coreutils sudo su killall ]; }; in [ env ]; }; system.activationScripts.libvirt-hooks.text = '' ln -Tfs /etc/libvirt/hooks /var/lib/libvirt/hooks ''; environment.etc = { "libvirt/hooks/qemu" = { text = '' #!/usr/bin/env bash # # Author: Sebastiaan Meijer (sebastiaan@passthroughpo.st) # # Copy this file to /etc/libvirt/hooks, make sure it's called "qemu". # After this file is installed, restart libvirt. # From now on, you can easily add per-guest qemu hooks. # Add your hooks in /etc/libvirt/hooks/qemu.d/vm_name/hook_name/state_name. # For a list of available hooks, please refer to https://www.libvirt.org/hooks.html # GUEST_NAME="$1" HOOK_NAME="$2" STATE_NAME="$3" MISC="''${@:4}" BASEDIR="$(dirname $0)" HOOKPATH="$BASEDIR/qemu.d/$GUEST_NAME/$HOOK_NAME/$STATE_NAME" set -e # If a script exits with an error, we should as well. # check if it's a non-empty executable file if [ -f "$HOOKPATH" ] && [ -s "$HOOKPATH"] && [ -x "$HOOKPATH" ]; then eval \"$HOOKPATH\" "$@" elif [ -d "$HOOKPATH" ]; then while read file; do # check for null string if [ ! -z "$file" ]; then eval \"$file\" "$@" fi done <<< "$(find -L "$HOOKPATH" -maxdepth 1 -type f -executable -print;)" fi ''; mode = "0755"; }; "libvirt/hooks/kvm.conf" = { text = '' VIRSH_GPU_VIDEO=pci_0000_01_00_0 VIRSH_GPU_AUDIO=pci_0000_01_00_1 VIRSH_GPU_USB=pci_0000_01_00_2 VIRSH_GPU_SERIAL_BUS=pci_0000_01_00_3 ''; mode = "0755"; }; "libvirt/hooks/qemu.d/win11/prepare/begin/start.sh" = { text = '' #!/usr/bin/env bash # Debugging exec 19>/home/materus/startlogfile BASH_XTRACEFD=19 set -x exec 3>&1 4>&2 trap 'exec 2>&4 1>&3' 0 1 2 3 exec 1>/home/materus/startlogfile.out 2>&1 # Stop display manager killall -u materus systemctl stop display-manager.service killall gdm-x-session #systemctl isolate multi-user.target sleep 1 # Load variables we defined source "/etc/libvirt/hooks/kvm.conf" # Isolate host to core 0 systemctl set-property --runtime -- user.slice AllowedCPUs=0 systemctl set-property --runtime -- system.slice AllowedCPUs=0 systemctl set-property --runtime -- init.scope AllowedCPUs=0 # Unbind VTconsoles for (( i = 0; i < 16; i++)) do if test -x /sys/class/vtconsole/vtcon"''${i}"; then if [ "$(grep -c "frame buffer" /sys/class/vtconsole/vtcon"''${i}"/name)" = 1 ]; then echo 0 > /sys/class/vtconsole/vtcon"''${i}"/bind echo "$DATE Unbinding Console ''${i}" fi fi done # Unbind EFI Framebuffer echo "efi-framebuffer.0" > /sys/bus/platform/drivers/efi-framebuffer/unbind # Avoid race condition sleep 1 # Unload NVIDIA kernel modules modprobe -r nvidia_uvm modprobe -r nvidia_drm modprobe -r nvidia_modeset modprobe -r nvidia modprobe -r i2c_nvidia_gpu modprobe -r drm_kms_helper modprobe -r drm # Detach GPU devices from host #virsh nodedev-detach $VIRSH_GPU_VIDEO #virsh nodedev-detach $VIRSH_GPU_AUDIO #virsh nodedev-detach $VIRSH_GPU_USB #virsh nodedev-detach $VIRSH_GPU_SERIAL_BUS # Load vfio module modprobe vfio modprobe vfio_pci modprobe vfio_iommu_type1 ''; mode = "0755"; }; "libvirt/hooks/qemu.d/win11/release/end/stop.sh" = { text = '' #!/usr/bin/env bash # Debugging exec 19>/home/materus/stoplogfile BASH_XTRACEFD=19 set -x exec 3>&1 4>&2 trap 'exec 2>&4 1>&3' 0 1 2 3 exec 1>/home/materus/stoplogfile.out 2>&1 # Load variables we defined source "/etc/libvirt/hooks/kvm.conf" # Unload vfio module modprobe -r vfio-pci modprobe -r vfio_iommu_type1 modprobe -r vfio modprobe drm modprobe drm_kms_helper modprobe i2c_nvidia_gpu modprobe nvidia modprobe nvidia_modeset modprobe nvidia_drm modprobe nvidia_uvm # Attach GPU devices from host #virsh nodedev-reattach $VIRSH_GPU_VIDEO #virsh nodedev-reattach $VIRSH_GPU_AUDIO #virsh nodedev-reattach $VIRSH_GPU_USB #virsh nodedev-reattach $VIRSH_GPU_SERIAL_BUS #echo "0000:01:00.0" > /sys/bus/pci/drivers/nvidia/bind # Bind EFI Framebuffer echo "efi-framebuffer.0" > /sys/bus/platform/drivers/efi-framebuffer/bind # Bind VTconsoles echo 1 > /sys/class/vtconsole/vtcon0/bind #echo 1 > /sys/class/vtconsole/vtcon1/bind # Start display manager sleep 1 systemctl start display-manager.service # Return host to all cores systemctl set-property --runtime -- user.slice AllowedCPUs=0-3 systemctl set-property --runtime -- system.slice AllowedCPUs=0-3 systemctl set-property --runtime -- init.scope AllowedCPUs=0-3 ''; /*text = '' #!/usr/bin/env bash reboot '';*/ mode = "0755"; }; "libvirt/vgabios/patched.rom".source = ./vbios.rom; }; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.materus = { isNormalUser = true; extraGroups = [ "wheel" "networkmanager" "kvm" "input" "libvirt" "libvirtd" "podman" ]; # Enable ‘sudo’ for the user. shell = pkgs.zsh; description = "Mateusz Słodkowicz"; # packages = with pkgs; [ # firefox # thunderbird # ]; }; environment.sessionVariables = rec { XDG_CACHE_HOME = "\${HOME}/.cache"; XDG_CONFIG_HOME = "\${HOME}/.config"; XDG_BIN_HOME = "\${HOME}/.local/bin"; XDG_DATA_HOME = "\${HOME}/.local/share"; #SSH_ASKPASS_REQUIRE = "prefer"; STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d"; MOZ_USE_XINPUT2 = "1"; PATH = [ "\${XDG_BIN_HOME}" ]; }; environment.shellInit = '' if ! [ -z "$DISPLAY" ]; then xhost +si:localuser:root &> /dev/null; fi; if ! [ -z "$DISPLAY" ]; then xhost +si:localuser:$USER &> /dev/null; fi; ''; # List packages installed in system profile. To search, run: # $ nix search wget i18n.inputMethod.enabled = "fcitx5"; i18n.inputMethod.fcitx5.addons = [ pkgs.fcitx5-configtool pkgs.fcitx5-lua pkgs.fcitx5-mozc pkgs.libsForQt5.fcitx5-qt ]; environment.systemPackages = with pkgs; [ firefox steam steam.run gamescope (pkgs.lutris.override { extraLibraries = pkgs: with pkgs; [ pkgs.libunwind pkgs.libusb1 pkgs.gnutls pkgs.gtk3 pkgs.pango ]; }) glibc appimage-run patchelf vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. wget killall xorg.xkill xorg.xhost nix-top gitFull curl jdk nss_latest aspell aspellDicts.pl aspellDicts.en aspellDicts.en-computers distrobox p7zip unrar bzip2 rar unzip zstd xz zip gzip tree mc lf htop nmon iftop iptraf-ng mprocs tldr bat pgcli litecli #zenmonitor nix-du git-crypt ark kate kwalletcli krusader wineWowPackages.stagingFull winetricks protontricks openal gnupg pinentry pinentry-gnome pinentry-curses ncurses monkeysphere gparted inkscape gimp (materusArg.pkgs.polymc.wrap { extraJDKs = [ pkgs.graalvm-ce ]; }) virt-manager libguestfs bubblewrap bindfs pulseaudio binutils /* gnome3.adwaita-icon-theme gnome3.gnome-tweaks gnome3.gnome-color-manager gnome3.gnome-shell-extensions gnomeExtensions.appindicator gnomeExtensions.desktop-clock gnomeExtensions.gtk4-desktop-icons-ng-ding gnomeExtensions.compiz-windows-effect gnomeExtensions.burn-my-windows gnomeExtensions.user-themes gnomeExtensions.gsconnect gnomeExtensions.dash-to-panel gnomeExtensions.dash-to-dock */ ]; fonts.fontDir.enable = true; fonts.enableDefaultFonts = true; fonts.fonts = with pkgs; [ dejavu_fonts hack-font noto-fonts noto-fonts-extra noto-fonts-emoji noto-fonts-cjk-sans noto-fonts-cjk-serif ubuntu_font_family wqy_zenhei monocraft (nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "Meslo" "ProFont" ]; }) ]; fonts.fontconfig.enable = true; fonts.fontconfig.cache32Bit = true; fonts.fontconfig.defaultFonts.sansSerif = [ "Noto Sans" "DejaVu Sans" "WenQuanYi Zen Hei" "Noto Color Emoji" ]; fonts.fontconfig.defaultFonts.serif = [ "Noto Serif" "DejaVu Serif" "WenQuanYi Zen Hei" "Noto Color Emoji" ]; fonts.fontconfig.defaultFonts.emoji = [ "Noto Color Emoji" "OpenMoji Color" ]; fonts.fontconfig.defaultFonts.monospace = [ "FiraCode Nerd Font Mono" "Noto Sans Mono" "WenQuanYi Zen Hei Mono" ]; environment.enableAllTerminfo = true; environment.pathsToLink = [ "/share/zsh" ]; environment.shells = with pkgs; [ zsh ]; programs = { steam = { enable = true; dedicatedServer.openFirewall = true; remotePlay.openFirewall = true; }; fish.enable = true; zsh = { enable = true; interactiveShellInit = '' if [[ ''${__MATERUS_HM_ZSH:-0} == 0 ]]; then source ${grml-config}/etc/zsh/zshrc fi ''; promptInit = '' ''; }; java.enable = true; command-not-found.enable = false; dconf.enable = true; }; # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; services.pcscd.enable = true; /*systemd.user.services.gpg-agent.serviceConfig.ExecStart = [ "" '' ${pkgs.gnupg}/bin/gpg-agent --supervised \ --pinentry-program ${pkgs.kwalletcli}/bin/pinentry-kwallet '' ];*/ programs.gnupg.agent = { enable = true; enableSSHSupport = true; enableBrowserSocket = true; }; programs.ssh.startAgent = false; # List services that you want to enable: # Enable the OpenSSH daemon. services.openssh.enable = true; services.samba-wsdd.enable = true; services.samba = { enable = true; securityType = "user"; extraConfig = '' workgroup = WORKGROUP server string = smbnix netbios name = smbnix security = user #use sendfile = yes #max protocol = smb2 # note: localhost is the ipv6 localhost ::1 hosts allow = 192.168.100. 192.168.122. 127.0.0.1 localhost hosts deny = 0.0.0.0/0 guest account = nobody map to guest = bad user ''; shares = { share = { path = "/materus/data/share"; browseable = "yes"; "read only" = "no"; "guest ok" = "no"; "create mask" = "0644"; "directory mask" = "0755"; "force user" = "materus"; "force group" = "users"; }; }; }; # Open ports in the firewall. networking.firewall.allowedTCPPorts = [ 24800 5900 5357 4656 ]; networking.firewall.allowedUDPPorts = [ 24800 5900 3702 4656 ]; # Or disable the firewall altogether. networking.firewall.enable = true; # Copy the NixOS configuration file and link it from the resulting system # (/run/current-system/configuration.nix). This is useful in case you # accidentally delete configuration.nix. system.copySystemConfiguration = false; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "22.11"; # Did you read the comment? }