materus
/
nixos-config
mirror of https://github.com/materusPL/nixos-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
nixos-config/configurations/host/Old-materusPC/configuration.nix

776 lines
22 KiB
Nix
Executable File
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, materusArg, ... }:
let
nvidia-unpatched = pkgs.stdenv.mkDerivation (f: {
pname = config.hardware.nvidia.package.name;
version = config.hardware.nvidia.package.version + "-unpatched";
src = config.hardware.nvidia.package.src;
nativeBuildInputs = [
];
sourceRoot = ".";
buildInputs = [
];
unpackPhase = ''
VER=${config.hardware.nvidia.package.version}
PKGNAME=NVIDIA-Linux-x86_64-''${VER}
cp $src ''${PKGNAME}.run
chmod +x ./''${PKGNAME}.run
./''${PKGNAME}.run --extract-only
mv ./''${PKGNAME} ./nvidia
'';
installPhase = ''
mkdir -p $out/bin
mkdir -p $out/lib
mkdir -p $out/lib32
mv nvidia $out/nvidia
'';
});
steam = pkgs.steam.override {
extraPkgs = pkgs: [
pkgs.nss_latest
pkgs.libstrangle
pkgs.libkrb5
pkgs.keyutils
pkgs.libGL
pkgs.libglvnd
pkgs.gamescope
pkgs.steamPackages.steam
pkgs.wqy_zenhei
pkgs.xorg.libXcursor
pkgs.xorg.libXi
pkgs.xorg.libXinerama
pkgs.xorg.libXScrnSaver
];
extraLibraries = pkgs: [
pkgs.libkrb5
pkgs.keyutils
pkgs.ncurses6
pkgs.fontconfig
];
};
grml-config = pkgs.fetchFromGitHub {
owner = "grml";
repo = "grml-etc-core";
rev = "a2cda85d3d56fd5f5a7b954a444fd151318c4680";
sha256 = "0ap8lmqi45yjyjazdm1v64fz1rfqhkhfpdp2z17ag6hs5wi6i67y";
};
in
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
];
boot.supportedFilesystems = [ "ntfs" ];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.settings.auto-optimise-store = true;
nix.settings.substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
nix.settings.trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" ];
nixpkgs.config.allowUnfree = true;
nixpkgs.config.firefox.enablePlasmaBrowserIntegration = true;
services.xserver.displayManager.startx.enable = true;
security.sudo.extraRules = [
{ users = [ "materus" ]; commands = [{ command = "${pkgs.podman}/bin/podman"; options = [ "NOPASSWD" ]; }]; }
];
/*security.wrappers.gamescope = {
owner = "root";
group = "root";
capabilities = "cap_sys_nice=eip";
source = "${pkgs.gamescope.out}/bin/gamescope";
};*/
# Use the systemd-boot EFI boot loader.
boot.loader.grub = {
enable = true;
efiSupport = true;
device = "nodev";
gfxmodeEfi = "1920x1080";
gfxmodeBios = "1920x1080";
useOSProber = true;
};
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.kernelPackages = pkgs.linuxPackages_zen;
boot.kernelParams = [ "ibt=off" "intel_iommu=on" "iommu=pt" "pcie_acs_override=downstream,multifunction" ];
boot.kernelModules = [ "kvm-intel" "vfio-pci" ];
boot.tmpOnTmpfs = true;
services.flatpak.enable = true;
services.gvfs.enable = true;
networking.hostName = "Old-materusPC"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Europe/Warsaw";
services.fstrim = {
enable = true;
interval = "weekly";
};
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "pl_PL.UTF-8";
console = {
font = "lat2-16";
# keyMap = "pl";
useXkbConfig = true; # use xkbOptions in tty.
};
networking.extraHosts =
''
'';
hardware.bluetooth.enable = true;
# Enable the X11 windowing system.
services.xserver.enable = true;
services.xserver.videoDrivers = [ "nvidia" ];
hardware.opengl.enable = true;
hardware.opengl.driSupport32Bit = true;
/* hardware.opengl.extraPackages = with pkgs; [
vaapiVdpau
nvidia-vaapi-driver
libvdpau-va-gl
];
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [
vaapiVdpau
nvidia-vaapi-driver
libvdpau-va-gl
];*/
# Optionally, you may need to select the appropriate driver version for your specific GPU.
#hardware.nvidia.package = config.boot.kernelPackages.nvidiaPackages.stable;
/*
#GNOME
services.xserver.displayManager.gdm.wayland = false;
services.xserver.displayManager.gdm.enable = true;
services.xserver.desktopManager.gnome.enable = true;
security.pam.services.gdm.enableGnomeKeyring = true;
services.gnome.rygel.enable = true;
services.gnome.sushi.enable = true;
services.gnome.tracker.enable = true;
services.gnome.gnome-online-accounts.enable = true;
services.gnome.gnome-browser-connector.enable = true;
services.gnome.gnome-settings-daemon.enable = true;
services.gnome.core-utilities.enable = true;
services.gnome.core-shell.enable = true;
services.gnome.core-os-services.enable = true;
programs.gnome-terminal.enable = true;
services.gnome.gnome-keyring.enable = true;
services.udev.packages = with pkgs; [ gnome.gnome-settings-daemon gnome2.GConf ];
*/
#security.pam.services.login.enableKwallet = true;
#services.xserver.displayManager.lightdm.enable = true;
#services.xserver.displayManager.lightdm.greeters.enso.enable = true;
#services.xserver.displayManager.lightdm.greeters.enso.blur = true;
#services.xserver.desktopManager.xfce.enable = true;
#xdg.portal.enable = true;
#xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
# Enable the Plasma 5 Desktop Environment.
security.pam.services.sddm.enableKwallet = true;
services.xserver.displayManager.sddm.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
#services.xserver.desktopManager.plasma5.supportDDC = true;
services.xserver.desktopManager.plasma5.phononBackend = "gstreamer";
services.xserver.desktopManager.plasma5.useQtScaling = true;
services.xserver.desktopManager.plasma5.runUsingSystemd = true;
#services.xserver.desktopManager.plasma5.excludePackages = with pkgs.libsForQt5; [ kwallet ];
# Configure keymap in X11
services.xserver.layout = "pl";
# services.xserver.xkbOptions = {
# "eurosign:e";
# "caps:escape" # map caps to escape.
# };
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable sound.
sound.enable = true;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
jack.enable = true;
};
hardware.pulseaudio.enable = false;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
virtualisation.podman = {
enable = true;
enableNvidia = true;
dockerCompat = true;
dockerSocket.enable = true;
};
virtualisation.libvirtd = {
enable = true;
onBoot = "ignore";
onShutdown = "shutdown";
qemu.ovmf.enable = true;
qemu.ovmf.packages = [ pkgs.OVMFFull.fd ];
qemu.runAsRoot = true;
qemu.swtpm.enable = true;
};
systemd.services.libvirtd = {
path =
let
env = pkgs.buildEnv {
name = "qemu-hook-env";
paths = with pkgs; [
bash
libvirt
kmod
systemd
ripgrep
sd
coreutils
sudo
su
killall
];
};
in
[ env ];
};
system.activationScripts.libvirt-hooks.text =
''
ln -Tfs /etc/libvirt/hooks /var/lib/libvirt/hooks
'';
environment.etc = {
"libvirt/hooks/qemu" = {
text =
''
#!/usr/bin/env bash
#
# Author: Sebastiaan Meijer (sebastiaan@passthroughpo.st)
#
# Copy this file to /etc/libvirt/hooks, make sure it's called "qemu".
# After this file is installed, restart libvirt.
# From now on, you can easily add per-guest qemu hooks.
# Add your hooks in /etc/libvirt/hooks/qemu.d/vm_name/hook_name/state_name.
# For a list of available hooks, please refer to https://www.libvirt.org/hooks.html
#
GUEST_NAME="$1"
HOOK_NAME="$2"
STATE_NAME="$3"
MISC="''${@:4}"
BASEDIR="$(dirname $0)"
HOOKPATH="$BASEDIR/qemu.d/$GUEST_NAME/$HOOK_NAME/$STATE_NAME"
set -e # If a script exits with an error, we should as well.
# check if it's a non-empty executable file
if [ -f "$HOOKPATH" ] && [ -s "$HOOKPATH"] && [ -x "$HOOKPATH" ]; then
eval \"$HOOKPATH\" "$@"
elif [ -d "$HOOKPATH" ]; then
while read file; do
# check for null string
if [ ! -z "$file" ]; then
eval \"$file\" "$@"
fi
done <<< "$(find -L "$HOOKPATH" -maxdepth 1 -type f -executable -print;)"
fi
'';
mode = "0755";
};
"libvirt/hooks/kvm.conf" = {
text =
''
VIRSH_GPU_VIDEO=pci_0000_01_00_0
VIRSH_GPU_AUDIO=pci_0000_01_00_1
VIRSH_GPU_USB=pci_0000_01_00_2
VIRSH_GPU_SERIAL_BUS=pci_0000_01_00_3
'';
mode = "0755";
};
"libvirt/hooks/qemu.d/win11/prepare/begin/start.sh" = {
text =
''
#!/usr/bin/env bash
# Debugging
exec 19>/home/materus/startlogfile
BASH_XTRACEFD=19
set -x
exec 3>&1 4>&2
trap 'exec 2>&4 1>&3' 0 1 2 3
exec 1>/home/materus/startlogfile.out 2>&1
# Stop display manager
killall -u materus
systemctl stop display-manager.service
killall gdm-x-session
#systemctl isolate multi-user.target
sleep 1
# Load variables we defined
source "/etc/libvirt/hooks/kvm.conf"
# Isolate host to core 0
systemctl set-property --runtime -- user.slice AllowedCPUs=0
systemctl set-property --runtime -- system.slice AllowedCPUs=0
systemctl set-property --runtime -- init.scope AllowedCPUs=0
# Unbind VTconsoles
for (( i = 0; i < 16; i++))
do
if test -x /sys/class/vtconsole/vtcon"''${i}"; then
if [ "$(grep -c "frame buffer" /sys/class/vtconsole/vtcon"''${i}"/name)" = 1 ]; then
echo 0 > /sys/class/vtconsole/vtcon"''${i}"/bind
echo "$DATE Unbinding Console ''${i}"
fi
fi
done
# Unbind EFI Framebuffer
echo "efi-framebuffer.0" > /sys/bus/platform/drivers/efi-framebuffer/unbind
# Avoid race condition
sleep 1
# Unload NVIDIA kernel modules
modprobe -r nvidia_uvm
modprobe -r nvidia_drm
modprobe -r nvidia_modeset
modprobe -r nvidia
modprobe -r i2c_nvidia_gpu
modprobe -r drm_kms_helper
modprobe -r drm
# Detach GPU devices from host
#virsh nodedev-detach $VIRSH_GPU_VIDEO
#virsh nodedev-detach $VIRSH_GPU_AUDIO
#virsh nodedev-detach $VIRSH_GPU_USB
#virsh nodedev-detach $VIRSH_GPU_SERIAL_BUS
# Load vfio module
modprobe vfio
modprobe vfio_pci
modprobe vfio_iommu_type1
'';
mode = "0755";
};
"libvirt/hooks/qemu.d/win11/release/end/stop.sh" = {
text =
''
#!/usr/bin/env bash
# Debugging
exec 19>/home/materus/stoplogfile
BASH_XTRACEFD=19
set -x
exec 3>&1 4>&2
trap 'exec 2>&4 1>&3' 0 1 2 3
exec 1>/home/materus/stoplogfile.out 2>&1
# Load variables we defined
source "/etc/libvirt/hooks/kvm.conf"
# Unload vfio module
modprobe -r vfio-pci
modprobe -r vfio_iommu_type1
modprobe -r vfio
modprobe drm
modprobe drm_kms_helper
modprobe i2c_nvidia_gpu
modprobe nvidia
modprobe nvidia_modeset
modprobe nvidia_drm
modprobe nvidia_uvm
# Attach GPU devices from host
#virsh nodedev-reattach $VIRSH_GPU_VIDEO
#virsh nodedev-reattach $VIRSH_GPU_AUDIO
#virsh nodedev-reattach $VIRSH_GPU_USB
#virsh nodedev-reattach $VIRSH_GPU_SERIAL_BUS
#echo "0000:01:00.0" > /sys/bus/pci/drivers/nvidia/bind
# Bind EFI Framebuffer
echo "efi-framebuffer.0" > /sys/bus/platform/drivers/efi-framebuffer/bind
# Bind VTconsoles
echo 1 > /sys/class/vtconsole/vtcon0/bind
#echo 1 > /sys/class/vtconsole/vtcon1/bind
# Start display manager
sleep 1
systemctl start display-manager.service
# Return host to all cores
systemctl set-property --runtime -- user.slice AllowedCPUs=0-3
systemctl set-property --runtime -- system.slice AllowedCPUs=0-3
systemctl set-property --runtime -- init.scope AllowedCPUs=0-3
'';
/*text = ''
#!/usr/bin/env bash
reboot
'';*/
mode = "0755";
};
"libvirt/vgabios/patched.rom".source = ./vbios.rom;
};
# Define a user account. Don't forget to set a password with passwd.
users.users.materus = {
isNormalUser = true;
extraGroups = [ "wheel" "networkmanager" "kvm" "input" "libvirt" "libvirtd" "podman" ]; # Enable sudo for the user.
shell = pkgs.zsh;
description = "Mateusz Słodkowicz";
# packages = with pkgs; [
# firefox
# thunderbird
# ];
};
environment.sessionVariables = rec {
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
#SSH_ASKPASS_REQUIRE = "prefer";
STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d";
MOZ_USE_XINPUT2 = "1";
PATH = [
"\${XDG_BIN_HOME}"
];
};
environment.shellInit = ''
if ! [ -z "$DISPLAY" ]; then xhost +si:localuser:root &> /dev/null; fi;
if ! [ -z "$DISPLAY" ]; then xhost +si:localuser:$USER &> /dev/null; fi;
'';
# List packages installed in system profile. To search, run:
# $ nix search wget
i18n.inputMethod.enabled = "fcitx5";
i18n.inputMethod.fcitx5.addons = [ pkgs.fcitx5-configtool pkgs.fcitx5-lua pkgs.fcitx5-mozc pkgs.libsForQt5.fcitx5-qt ];
environment.systemPackages = with pkgs; [
firefox
steam
steam.run
gamescope
(pkgs.lutris.override { extraLibraries = pkgs: with pkgs; [ pkgs.libunwind pkgs.libusb1 pkgs.gnutls pkgs.gtk3 pkgs.pango ]; })
glibc
appimage-run
patchelf
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
wget
killall
xorg.xkill
xorg.xhost
nix-top
gitFull
curl
jdk
nss_latest
aspell
aspellDicts.pl
aspellDicts.en
aspellDicts.en-computers
distrobox
p7zip
unrar
bzip2
rar
unzip
zstd
xz
zip
gzip
tree
mc
lf
htop
nmon
iftop
iptraf-ng
mprocs
tldr
bat
pgcli
litecli
#zenmonitor
nix-du
git-crypt
ark
kate
kwalletcli
krusader
wineWowPackages.stagingFull
winetricks
protontricks
openal
gnupg
pinentry
pinentry-gnome
pinentry-curses
ncurses
monkeysphere
gparted
inkscape
gimp
(materusArg.pkgs.polymc.wrap { extraJDKs = [ pkgs.graalvm-ce ]; })
virt-manager
libguestfs
bubblewrap
bindfs
pulseaudio
binutils
/*
gnome3.adwaita-icon-theme
gnome3.gnome-tweaks
gnome3.gnome-color-manager
gnome3.gnome-shell-extensions
gnomeExtensions.appindicator
gnomeExtensions.desktop-clock
gnomeExtensions.gtk4-desktop-icons-ng-ding
gnomeExtensions.compiz-windows-effect
gnomeExtensions.burn-my-windows
gnomeExtensions.user-themes
gnomeExtensions.gsconnect
gnomeExtensions.dash-to-panel
gnomeExtensions.dash-to-dock
*/
];
fonts.fontDir.enable = true;
fonts.enableDefaultFonts = true;
fonts.fonts = with pkgs; [
dejavu_fonts
hack-font
noto-fonts
noto-fonts-extra
noto-fonts-emoji
noto-fonts-cjk-sans
noto-fonts-cjk-serif
ubuntu_font_family
wqy_zenhei
monocraft
(nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "Meslo" "ProFont" ]; })
];
fonts.fontconfig.enable = true;
fonts.fontconfig.cache32Bit = true;
fonts.fontconfig.defaultFonts.sansSerif = [ "Noto Sans" "DejaVu Sans" "WenQuanYi Zen Hei" "Noto Color Emoji" ];
fonts.fontconfig.defaultFonts.serif = [ "Noto Serif" "DejaVu Serif" "WenQuanYi Zen Hei" "Noto Color Emoji" ];
fonts.fontconfig.defaultFonts.emoji = [ "Noto Color Emoji" "OpenMoji Color" ];
fonts.fontconfig.defaultFonts.monospace = [ "FiraCode Nerd Font Mono" "Noto Sans Mono" "WenQuanYi Zen Hei Mono" ];
environment.enableAllTerminfo = true;
environment.pathsToLink = [ "/share/zsh" ];
environment.shells = with pkgs; [ zsh ];
programs = {
steam = {
enable = true;
dedicatedServer.openFirewall = true;
remotePlay.openFirewall = true;
};
fish.enable = true;
zsh = {
enable = true;
interactiveShellInit = ''
if [[ ''${__MATERUS_HM_ZSH:-0} == 0 ]]; then
source ${grml-config}/etc/zsh/zshrc
fi
'';
promptInit = ''
'';
};
java.enable = true;
command-not-found.enable = false;
dconf.enable = true;
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
services.pcscd.enable = true;
/*systemd.user.services.gpg-agent.serviceConfig.ExecStart = [
""
''
${pkgs.gnupg}/bin/gpg-agent --supervised \
--pinentry-program ${pkgs.kwalletcli}/bin/pinentry-kwallet
''
];*/
programs.gnupg.agent = {
enable = true;
enableSSHSupport = true;
enableBrowserSocket = true;
};
programs.ssh.startAgent = false;
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.samba-wsdd.enable = true;
services.samba = {
enable = true;
securityType = "user";
extraConfig = ''
workgroup = WORKGROUP
server string = smbnix
netbios name = smbnix
security = user
#use sendfile = yes
#max protocol = smb2
# note: localhost is the ipv6 localhost ::1
hosts allow = 192.168.100. 192.168.122. 127.0.0.1 localhost
hosts deny = 0.0.0.0/0
guest account = nobody
map to guest = bad user
'';
shares = {
share = {
path = "/materus/data/share";
browseable = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "materus";
"force group" = "users";
};
};
};
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 24800 5900 5357 4656 ];
networking.firewall.allowedUDPPorts = [ 24800 5900 3702 4656 ];
# Or disable the firewall altogether.
networking.firewall.enable = true;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
system.copySystemConfiguration = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.11"; # Did you read the comment?
}
Reference in New Issue View Git Blame Copy Permalink