materus
/
nixos-config
mirror of https://github.com/materusPL/nixos-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nixos-config/nix/hosts/materusPC.nix

926 lines
24 KiB
Nix
Raw Blame History

# * materusPC
{
lib,
pkgs,
config,
konfig,
...
}:
{
imports = [
# * CONFIG
# ** General Settings
# *** SOPS
{
sops.age.generateKey = false;
sops.gnupg.home = null;
sops.gnupg.sshKeyPaths = [ ];
sops.age.sshKeyPaths = [ (konfig.vars.path.mkk + "/host/keys/ssh_host_ed25519_key") ];
sops.defaultSopsFile = konfig.rootFlake + "/private/materusPC-secrets.yaml";
#sops.secrets."users/materus" = { neededForUsers = true; };
sops.secrets.wireguard = { };
services.openssh.hostKeys = [
{
bits = 4096;
path = konfig.vars.path.mkk + "/host/keys/ssh_host_rsa_key";
type = "rsa";
}
{
path = konfig.vars.path.mkk + "/host/keys/ssh_host_ed25519_key";
type = "ed25519";
}
];
}
# *** Nix System Settings
{
nixpkgs.hostPlatform = "x86_64-linux";
system.copySystemConfiguration = false;
system.stateVersion = "23.05";
}
# *** Users
{
users.users.materus = {
isNormalUser = true;
extraGroups = [
"audio"
"video"
"render"
"pipewire"
"wheel"
"networkmanager"
"input"
"kvm"
"libvirt-qemu"
"libvirt"
"libvirtd"
"podman"
"scanner"
"lp"
];
shell = pkgs.zsh;
description = "Mateusz Słodkowicz";
openssh.authorizedKeys.keyFiles = [ ("${konfig.rootFlake}" + "/private/pubkeys/materus.pub") ];
#hashedPasswordFile = config.sops.secrets."users/materus".path;
};
}
# *** Audio
{
security.rtkit.enable = true;
services.pipewire = {
enable = true;
audio.enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
systemWide = true;
jack.enable = true;
};
services.pulseaudio.enable = false;
environment.sessionVariables =
let
makePluginPath =
format:
"$HOME/.${format}:"
+ (lib.makeSearchPath format [
"$HOME/.nix-profile/lib"
"/run/current-system/sw/lib"
"/etc/profiles/per-user/$USER/lib"
]);
in
{
ALSOFT_DRIVERS = "pulse";
DSSI_PATH = makePluginPath "dssi";
LADSPA_PATH = makePluginPath "ladspa";
LV2_PATH = makePluginPath "lv2";
LXVST_PATH = makePluginPath "lxvst";
VST_PATH = makePluginPath "vst";
VST3_PATH = makePluginPath "vst3";
};
services.udev.extraRules = ''
KERNEL=="rtc0", GROUP="audio"
KERNEL=="hpet", GROUP="audio"
DEVPATH=="/devices/virtual/misc/cpu_dma_latency", OWNER="root", GROUP="audio", MODE="0660"
'';
environment.systemPackages = with pkgs; [
openal
pulseaudio
reaper
audacity
yabridge
yabridgectl
vital
odin2
surge
fire
decent-sampler
lsp-plugins
];
}
# *** Other
{
mkk.os.fonts.enable = true;
}
# ** Desktop
# *** XDG
{
xdg.portal.enable = true;
xdg.portal.wlr.enable = true;
xdg.portal.xdgOpenUsePortal = true;
xdg.portal.extraPortals = [ pkgs.kdePackages.xdg-desktop-portal-kde ];
xdg.portal.config.common.default = "*";
environment.sessionVariables = {
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
};
}
# *** KDE Plasma
{
environment.plasma6.excludePackages = with pkgs.kdePackages; [
kwallet
kwalletmanager
kwallet-pam
];
environment.variables = {
# Old fix for black cursor on amdgpu, seems to work fine now
#KWIN_DRM_NO_AMS = "1";
#Fix for amdgpu crashes
KWIN_DRM_USE_MODIFIERS = "0";
KWIN_DRM_NO_DIRECT_SCANOUT = "1";
QT_PLUGIN_PATH = [
"${pkgs.qt6.qtimageformats}/${pkgs.qt6.qtbase.qtPluginPrefix}"
"${pkgs.kdePackages.ffmpegthumbs}/${pkgs.qt6.qtbase.qtPluginPrefix}"
];
XCURSOR_THEME = "breeze_cursors";
};
environment.systemPackages = with pkgs; [
kdePackages.ark
kdePackages.kcalc
kdePackages.kate
];
programs.kdeconnect.enable = true;
programs.firefox.nativeMessagingHosts.packages = [pkgs.kdePackages.plasma-browser-integration ];
programs.chromium.enablePlasmaBrowserIntegration = true;
}
# *** SDDM
(
let
plasma-materus = pkgs.writeScript "plasma-materus" ''
export KWIN_DRM_DEVICES="/dev/dri/by-path/pci-0000\:53\:00.0-card"
${pkgs.kdePackages.plasma-workspace}/libexec/plasma-dbus-run-session-if-needed ${pkgs.kdePackages.plasma-workspace}/bin/startplasma-wayland
'';
westonSddm =
let
xcfg = config.services.xserver;
in
pkgs.writeText "weston.ini" ''
[core]
xwayland=false
shell=fullscreen-shell.so
[keyboard]
keymap_model = ${builtins.toString xcfg.xkb.model};
keymap_layout = ${builtins.toString xcfg.xkb.layout};
keymap_variant = ${builtins.toString xcfg.xkb.variant};
keymap_options = ${builtins.toString xcfg.xkb.options};
[libinput]
enable-tap = ${builtins.toString xcfg.libinput.mouse.tapping};
left-handed = ${builtins.toString xcfg.libinput.mouse.leftHanded};
[output]
name=DP-3
mode=1920x1080@240
[output]
name=DP-4
mode=off
[output]
name=HDMI-A-3
mode=off
'';
in
{
services.displayManager.defaultSession = "plasma-materus";
services.displayManager.sddm.enable = true;
services.displayManager.sddm.wayland.enable = true;
services.displayManager.sddm.wayland.compositor = lib.mkForce "weston";
services.displayManager.sddm.wayland.compositorCommand = lib.concatStringsSep " " [
"${lib.getExe pkgs.weston}"
"--shell=kiosk"
"-c ${westonSddm}"
];
services.displayManager.sessionPackages = [
(
(pkgs.writeTextDir "share/wayland-sessions/plasma-materus.desktop" ''
[Desktop Entry]
Name=Plasma (Wayland Materus)
Comment=Plasma Desktop with KWIN_DRM_DEVICES env
Exec=${plasma-materus}
DesktopNames=KDE
Type=Application
'').overrideAttrs
(_: {
passthru.providedSessions = [ "plasma-materus" ];
})
)
];
services.displayManager.sddm.settings = {
General = {
InputMethod = "";
};
Theme = {
CursorTheme = "breeze_cursors";
CursorSize = "24";
};
};
}
)
# ** Programs & Services
# *** Java
{
programs = {
java.enable = true;
java.package = pkgs.jdk;
java.binfmt = true;
};
environment.variables = {
JAVA_8_HOME = "${pkgs.jdk8}/lib/openjdk/";
JAVA_17_HOME = "${pkgs.jdk17}/lib/openjdk/";
JAVA_21_HOME = "${pkgs.jdk21}/lib/openjdk/";
};
}
# *** Samba
{
services.samba-wsdd.enable = true;
services.samba-wsdd.openFirewall = true;
services.samba = {
enable = true;
package = pkgs.sambaFull;
openFirewall = true;
settings = {
global = {
"workgroup" = "WORKGROUP";
"server string" = "smbmaterus";
"netbios name " = "smbmaterus";
"security" = "user";
"hosts allow" = "192.168.122. 127.0.0.1 localhost";
"hosts deny" = "0.0.0.0/0";
"guest account" = "nobody";
"map to guest" = "bad user";
"allow insecure wide links" = "yes";
};
windows = {
"path" = "/materus/data/VM/windows_shared";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "materus";
"force group" = "users";
"follow symlinks" = "yes";
"wide links" = "yes";
};
};
};
}
# *** XServer
{
services.xserver.xkb.layout = "pl";
services.xserver.enable = true;
#services.xserver.videoDrivers = [ "amdgpu" "intel" ];
services.xserver.displayManager.startx.enable = false;
services.xserver.exportConfiguration = true;
services.xserver.extraConfig = pkgs.lib.mkDefault ''
Section "OutputClass"
Identifier "amd-options"
Option "TearFree" "True"
Option "SWCursor" "True"
Option "VariableRefresh" "true"
Option "AsyncFlipSecondaries" "true"
Option "DRI3" "1"
MatchDriver "amdgpu"
EndSection
'';
}
# *** Input
{
environment.sessionVariables = {
QT_XKB_CONFIG_ROOT = "\${XKB_CONFIG_ROOT}";
GTK_IM_MODULE = "fcitx";
QT_IM_MODULE = "fcitx";
XMODIFIERS = "@im=fcitx";
SDL_IM_MODULE = "fcitx";
MOZ_USE_XINPUT2 = "1";
PATH = [ "\${XDG_BIN_HOME}" ];
};
i18n.inputMethod.enable = true;
i18n.inputMethod.type = "fcitx5";
i18n.inputMethod.fcitx5.addons = [
pkgs.kdePackages.fcitx5-configtool
pkgs.fcitx5-lua
pkgs.fcitx5-mozc
pkgs.fcitx5-gtk
pkgs.kdePackages.fcitx5-qt
];
services.libinput.enable = true;
services.libinput.mouse = {
accelProfile = "flat";
};
}
# *** Shell
{
environment.shellInit = ''
if ! [ -z "$DISPLAY" ]; then xhost +si:localuser:root &> /dev/null; fi;
if ! [ -z "$DISPLAY" ]; then xhost +si:localuser:$USER &> /dev/null; fi;
'';
environment.enableAllTerminfo = true;
environment.pathsToLink = [
"/share/zsh"
"/share/bash-completion"
"/share/fish"
];
environment.shells = with pkgs; [
zsh
bashInteractive
fish
];
mkk.os.zsh.enable = true;
}
# *** Other Services
{
systemd.tmpfiles.rules = [ "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" ];
services.flatpak.enable = true;
services.gvfs.enable = true;
services.dbus.enable = true;
services.dbus.packages = [ pkgs.gcr ];
services.printing.enable = true;
services.teamviewer.enable = true;
services.pcscd.enable = true;
services.davfs2.enable = true;
# GPG
programs.gnupg.agent = {
enable = true;
enableSSHSupport = false;
enableBrowserSocket = true;
};
# SSH
programs.ssh.startAgent = true;
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "no";
services.openssh.settings.PasswordAuthentication = false;
services.openssh.openFirewall = true;
# Sunshine
services.sunshine = {
enable = true;
capSysAdmin = true;
openFirewall = true;
autoStart = false;
};
}
# *** Other Apps
{
programs = {
fish.enable = true;
command-not-found.enable = false;
dconf.enable = true;
};
programs.firefox.enable = true;
programs.gamemode.enable = true;
programs.corectrl.enable = true;
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [
];
programs.chromium.enable = true;
environment.systemPackages = with pkgs; [
(vivaldi.overrideAttrs (oldAttrs: {
dontWrapQtApps = false;
dontPatchELF = true;
nativeBuildInputs = oldAttrs.nativeBuildInputs ++ [ pkgs.kdePackages.wrapQtAppsHook ];
}))
#(pkgs.lutris.override { extraLibraries = pkgs: with pkgs; [ pkgs.samba pkgs.jansson pkgs.tdb pkgs.libunwind pkgs.libusb1 pkgs.gnutls pkgs.gtk3 pkgs.pango ]; })
konfig.nixerusPkgs.amdgpu-pro-libs.prefixes
(pkgs.bottles.override {
extraPkgs = pkgs: [
pkgs.libsForQt5.breeze-qt5
pkgs.kdePackages.breeze-gtk
pkgs.nss_latest
];
extraLibraries = pkgs: [
pkgs.samba
pkgs.jansson
pkgs.tdb
pkgs.libunwind
pkgs.libusb1
pkgs.gnutls
pkgs.gtk3
pkgs.pango
];
})
glibc
glib
gtk3
gtk4
gsettings-desktop-schemas
kdePackages.dolphin
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
vlc
vkbasalt-cli
patchelf
killall
util-linux
xorg.xhost
nix-top
gitFull
curl
wget
config.programs.java.package
nss_latest
pciutils
(aspellWithDicts (
ds: with ds; [
en
en-computers
en-science
pl
]
))
steamtinkerlaunch
distrobox
# WebP support
libwebp
webp-pixbuf-loader
# Compression
p7zip
unrar
bzip2
rar
unzip
zstd
xz
zip
gzip
tree
mc
lf
htop
nmon
iftop
iptraf-ng
mprocs
tldr
bat
##config.materus.profile.packages.home-manager
gcr
# pgcli
# litecli
#zenmonitor
nix-du
wineWowPackages.stagingFull
winetricks
protontricks
gnupg
pinentry
pinentry-gnome3
pinentry-curses
ncurses
monkeysphere
gparted
virt-viewer
inkscape
gimp
git-crypt
bubblewrap
bindfs
binutils
qbittorrent
mkvtoolnix
nicotine-plus
picard
opusTools
aegisub
];
}
# ** Network
# *** Firewall & Others
{
services = {
syncthing = {
enable = true;
user = "materus";
dataDir = "/home/materus";
};
};
networking.hostName = "materusPC";
networking.useDHCP = lib.mkDefault true;
networking.wireless.iwd.enable = true;
networking.firewall.enable = true;
networking.firewall = {
logReversePathDrops = false;
# wireguard trips rpfilter up
extraCommands = ''
ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport ${konfig.vars.wireguard.ports.materusPC} -j RETURN
ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport ${konfig.vars.wireguard.ports.materusPC} -j RETURN
'';
extraStopCommands = ''
ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport ${konfig.vars.wireguard.ports.materusPC} -j RETURN || true
ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport ${konfig.vars.wireguard.ports.materusPC} -j RETURN || true
'';
allowedTCPPorts = [
24800
5900
5357
4656
8080
9943
9944
# Syncthing
22000
config.services.syncthing.relay.statusPort
config.services.syncthing.relay.port
];
allowedUDPPorts = [
(lib.strings.toInt konfig.vars.wireguard.ports.materusPC)
24800
5900
3702
4656
6000
9943
9944
# Syncthing
22000
21027
# Zomboid
17000
17001
];
};
}
# *** NetworkManager
{
sops.templates."networkmanager.env".content = ''
WIREGUARD_PRIVATEKEY="${config.sops.placeholder.wireguard}"
'';
networking.networkmanager.ensureProfiles.environmentFiles = [
config.sops.templates."networkmanager.env".path
];
networking.networkmanager.enable = true;
#networking.networkmanager.wifi.backend = "iwd";
networking.networkmanager.settings = {
connectivity = {
uri = "http://nmcheck.gnome.org/check_network_status.txt";
};
};
networking.networkmanager.ensureProfiles.profiles = {
wg0 = {
connection = {
id = "wg0";
type = "wireguard";
interface-name = "wg0";
};
wireguard = {
private-key = "$WIREGUARD_PRIVATEKEY";
};
"wireguard-peer.${konfig.vars.wireguard.pubKeys.valkyrie}" = {
endpoint = "${konfig.vars.ip.valkyrie.ipv4}:${konfig.vars.wireguard.ports.valkyrie}";
allowed-ips = "${konfig.vars.wireguard.masks.general};";
persistent-keepalive = "20";
};
ipv4 = {
address1 = "${konfig.vars.wireguard.ip.materusPC}/23";
dns = "${konfig.vars.wireguard.ip.valkyrie};";
method = "manual";
never-default = "true";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "disabled";
};
proxy = { };
};
};
}
# ** Hardware
# *** Kernel & Boot
{
boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_zen;
boot.kernelParams = [
#"rcu_nocbs=${materusArg.materusPC.vmCores}"
#"nohz_full=${materusArg.materusPC.vmCores}"
"vfio_iommu_type1.allow_unsafe_interrupts=1"
"pcie_acs_override=downstream,multifunction"
#''vfio-pci.ids="1002:744c"''
"nox2apic"
"nvme_core.default_ps_max_latency_us=0"
"nvme_core.io_timeout=255"
"nvme_core.max_retries=10"
"nvme_core.shutdown_timeout=10"
"amd_iommu=on"
"amdgpu.ppfeaturemask=0xffffffff"
"amdgpu.runpm=0"
"iommu=pt"
"psi=1"
# Intel Arc A310
"i915.force_probe=!56a6"
"xe.force_probe=56a6"
# Video
"video=HDMI-A-3:1920x1080@144"
"video=DP-3:1920x1080@240"
];
boot.kernelModules = [
"pci-stub"
"amdgpu"
"i2c_dev"
"kvm_amd"
"vfio"
"vfio_iommu_type1"
"vfio-pci"
"kvmfr"
"xe"
];
boot.extraModprobeConfig = ''
options kvm_amd nested=1 avic=1 npt=1 sev=0
options vfio_iommu_type1 allow_unsafe_interrupts=1
options kvmfr static_size_mb=64
'';
boot.kernel.sysctl = {
"vm.max_map_count" = 1000000;
"vm.swappiness" = 10;
"net.ipv4.ip_forward" = 1;
};
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usb_storage"
"usbhid"
"sd_mod"
];
boot.initrd.kernelModules = [
"vfio-pci"
"amdgpu"
];
boot.extraModulePackages = with config.boot.kernelPackages; [
v4l2loopback
kvmfr
];
boot.supportedFilesystems = [
"ntfs"
"btrfs"
"vfat"
"exfat"
"ext4"
];
boot.tmp.useTmpfs = true;
#bootloader
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.loader.grub = {
enable = true;
efiSupport = true;
device = "nodev";
gfxmodeEfi = pkgs.lib.mkDefault "1920x1080@240";
gfxmodeBios = pkgs.lib.mkDefault "1920x1080@240";
useOSProber = true;
memtest86.enable = true;
};
boot.plymouth.enable = true;
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
}
# *** Firmware & Others
{
services.udev = {
packages = with pkgs; [
game-devices-udev-rules
];
};
hardware.uinput.enable = true;
hardware.steam-hardware.enable = true;
hardware.firmware = with pkgs; [
konfig.nixerusPkgs.amdgpu-pro-libs.firmware.vcn
konfig.nixerusPkgs.amdgpu-pro-libs.firmware
linux-firmware
alsa-firmware
sof-firmware
];
environment.variables = {
DISABLE_LAYER_AMD_SWITCHABLE_GRAPHICS_1 = "1";
#VK_ICD_FILENAMES = "${pkgs.mesa.drivers}/share/vulkan/icd.d/radeon_icd.x86_64.json:${pkgs.driversi686Linux.mesa.drivers}/share/vulkan/icd.d/radeon_icd.i686.json";
AMD_VULKAN_ICD = "RADV";
RADV_PERFTEST = "gpl,rt,sam";
#OCL_ICD_VENDORS = "${pkgs.rocmPackages.clr.icd}/etc/OpenCL/vendors/";
};
hardware.cpu.amd.updateMicrocode = lib.mkForce true;
#extra
hardware.wooting.enable = true;
hardware.bluetooth.enable = true;
#Graphics
hardware.graphics.enable = true;
hardware.graphics.enable32Bit = true;
hardware.graphics.extraPackages = with pkgs; [
vaapiVdpau
vpl-gpu-rt
intel-media-driver
libvdpau-va-gl
amdvlk
vkbasalt
rocmPackages.clr.icd
rocmPackages.clr
konfig.nixerusPkgs.amdgpu-pro-libs.vulkan
konfig.nixerusPkgs.amdgpu-pro-libs.amf
];
hardware.graphics.extraPackages32 = with pkgs.pkgsi686Linux; [
vaapiVdpau
vkbasalt
pkgs.driversi686Linux.amdvlk
konfig.nixerusPkgs.i686Linux.amdgpu-pro-libs.vulkan
libvdpau-va-gl
];
/*
services.udev.extraRules = ''
#GPU bar size
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x744c", ATTR{resource0_resize}="15"
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x744c", ATTR{resource2_resize}="8"
'';
*/
#Trim
services.fstrim = {
enable = true;
interval = "weekly";
};
}
# *** Filesystems
{
zramSwap = {
enable = true;
memoryPercent = 25;
};
swapDevices = [
{
label = "NixOS_Swap";
}
];
fileSystems."/etc/nixos" = {
device = "/materus/config/mkk";
fsType = "none";
options = [ "bind" ];
depends = [ "/materus" ];
};
fileSystems."/materus" = {
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [
"subvol=@materus"
"noatime"
"compress=zstd"
"ssd"
"space_cache=v2"
];
neededForBoot = true;
};
fileSystems."/" = {
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [
"subvol=@"
"noatime"
"ssd"
"space_cache=v2"
"compress=zstd"
];
};
fileSystems."/nix" = {
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [
"subvol=@nix"
"noatime"
"compress=zstd"
"ssd"
"space_cache=v2"
];
};
fileSystems."/home" = {
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [
"subvol=@home"
"noatime"
"compress=zstd"
"ssd"
"space_cache=v2"
];
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [
"subvol=@boot"
"ssd"
];
};
fileSystems."/boot/efi" = {
device = "/dev/disk/by-label/NixOS_EFI";
fsType = "vfat";
};
}
# * materusPC END
];
}
Reference in New Issue View Git Blame Copy Permalink