commit 9dc034ec86779ce322a3964e39e3e2b95dfbce62 · nekomimi.pet/nixcfg

README.md

flake.lock

+9

flake.nix

···

       15
       15
        
             url = "github:0xc000022070/zen-browser-flake";

     

       16
       16
        
             inputs.nixpkgs.follows = "nixpkgs";

     

       17
       17
        
           };

     

       18
       18
       +
           #microvm.url = "github:astro/microvm.nix";

     

       19
       19
       +
           #microvm.inputs.nixpkgs.follows = "nixpkgs";

     

       18
       20
        
       

     

       19
       21
        
           catppuccin.url = "github:catppuccin/nix";

     

       20
       22
        
           home-manager = {

     
···

       45
       47
        
                 modules = [

     

       46
       48
        
                   ./hosts/focalor

     

       47
       49
        
                   lix-module.nixosModules.default

     

       50
       50
       +
       

     

       51
       51
       +
                   /*microvm.nixosModules.host

     

       52
       52
       +
                   {

     

       53
       53
       +
                     microvm.autostart = [

     

       54
       54
       +
                       "windows"

     

       55
       55
       +
                     ];

     

       56
       56
       +
                   }*/

     

       48
       57
        
       

     

       49
       58
        
                   vscode-server.nixosModules.default

     

       50
       59
        
                   agenix.nixosModules.default

+98 -14

home/regent/home.nix

···

       1
       1
       -
       { config, pkgs, system, inputs, ... }:

     

       1
       1
       +
       { config, pkgs, system, inputs, lib, ... }:

     

       2
       2
        
       

     

       3
       3
        
       {

     

       4
       4
        
         home.username = "regent";

     
···

       11
       11
        
           /*waybar = { doesnt work for some reason

     

       12
       12
        
             enable = true;

     

       13
       13
        
           };*/

     

       14
       14
       +
           ghostty.enable = true;

     

       15
       15
       +
           ghostty.flavor = "mocha";

     

       16
       16
       +
           nvim.enable = true;

     

       17
       17
       +
           nvim.flavor = "mocha";

     

       14
       18
        
         };

     

       15
       19
        
       

     

       20
       20
       +
         programs.ghostty.enable = true;

     

       21
       21
       +
         programs.ghostty.settings = {

     

       22
       22
       +
           font-size = 24;

     

       23
       23
       +
           theme = "catppuccin-mocha";

     

       24
       24
       +
         };

     

       25
       25
       +
       

     

       26
       26
       +
         programs.neovim.enable = true;

     

       27
       27
       +
         programs.neovim = {

     

       28
       28
       +
           extraPackages = with pkgs; [

     

       29
       29
       +
             lua-language-server

     

       30
       30
       +
             stylua

     

       31
       31
       +
             ripgrep

     

       32
       32
       +
           ];

     

       33
       33
       +
       

     

       34
       34
       +
           plugins = with pkgs.vimPlugins; [

     

       35
       35
       +
             lazy-nvim

     

       36
       36
       +
           ];

     

       37
       37
       +
         };

     

       38
       38
       +
       

     

       39
       39
       +
         home.pointerCursor = {

     

       40
       40
       +
           gtk.enable = true;

     

       41
       41
       +
           package = pkgs.phinger-cursors;

     

       42
       42
       +
           name = "Phinger-cursors-light";

     

       43
       43
       +
           size = 48;

     

       44
       44
       +
         }; 

     

       45
       45
       +
       

     

       16
       46
        
         programs.waybar = {

     

       17
       47
        
           enable = true;

     

       18
       48
        
           style =

     
···

       46
       76
        
       

     

       47
       77
        
       

     

       48
       78
        
       * {

     

       49
       49
       -
         font-family: FantasqueSansMono Nerd Font;

     

       79
       79
       +
         font-family: 'Fira Code', monospace;

     

       50
       80
        
         font-size: 17px;

     

       51
       81
        
         min-height: 0;

     

       52
       82
        
       }

     
···

       55
       85
        
         padding: 0px;

     

       56
       86
        
         margin: 0px;

     

       57
       87
        
         border: 0px;

     

       58
       58
       -
         background-color:rgb(0, 0, 0);

     

       88
       88
       +
         /*background-color:rgb(0, 0, 0);*/

     

       89
       89
       +
         background-color: @base;

     

       59
       90
        
         color: @text;

     

       60
       91
        
       }

     

       61
       92
        
       

     

       62
       62
       -
       window#waybar.empty {

     

       93
       93
       +
       /*window#waybar.empty {

     

       63
       94
        
       	background-color:rgba(255, 255, 255, 0);

     

       64
       64
       -
       }

     

       95
       95
       +
       }*/

     

       65
       96
        
       

     

       66
       97
        
       #workspaces {

     

       67
       98
        
         border-radius: 1rem;

     

       68
       99
        
         margin: 5px;

     

       69
       69
       -
         background-color: @surface0;

     

       70
       100
        
         margin-left: 1rem;

     

       101
       101
       +
         background-color: rgba(0, 0, 0, 0.21);

     

       71
       102
        
       }

     

       72
       72
       -
       

     

       73
       103
        
       

     

       74
       104
        
       #workspaces button {

     

       75
       105
        
         color: @lavender;

     
···

       80
       110
        
       #workspaces button.active {

     

       81
       111
        
         color: @sky;

     

       82
       112
        
         border-radius: 1rem;

     

       113
       113
       +
         background-color: rgba(255, 255, 255, 0.5);

     

       83
       114
        
       }

     

       84
       115
        
       

     

       85
       116
        
       #workspaces button:hover {

     
···

       95
       126
        
       #pulseaudio,

     

       96
       127
        
       #custom-lock,

     

       97
       128
        
       #custom-power {

     

       98
       98
       -
         background-color: @surface0;

     

       99
       129
        
         padding: 0.5rem 1rem;

     

       100
       130
        
         margin: 5px 0;

     

       131
       131
       +
         color: @text;

     

       101
       132
        
       }

     

       102
       133
        
       

     

       103
       134
        
       #clock {

     

       104
       104
       -
         color: @blue;

     

       135
       135
       +
         color: @text;

     

       105
       136
        
         border-radius: 0px 1rem 1rem 0px;

     

       106
       137
        
         margin-right: 1rem;

     

       107
       138
        
       }

     

       108
       108
       -
       

     

       109
       139
        
       '';

     

       110
       140
        
           settings = {

     

       111
       141
        
             mainBar = {

     

       112
       142
        
               layer = "top";

     

       113
       143
        
               position = "top";

     

       114
       114
       -
               height = 34;

     

       144
       144
       +
               mod = "dock";

     

       145
       145
       +
               exclusive = true;

     

       146
       146
       +
               passthrough = false;

     

       147
       147
       +
               #gtk-layer-shell = true;

     

       148
       148
       +
               height = 0;

     

       115
       149
        
               output = [

     

       116
       150
        
                 "HDMI-A-1"

     

       117
       117
       -
                 "DP-2"

     

       151
       151
       +
                 "DP-1"

     

       152
       152
       +
               ];

     

       153
       153
       +
               modules-left = [ 

     

       154
       154
       +
                 "sway/workspaces"

     

       118
       155
        
               ];

     

       119
       119
       -
               modules-left = [ "sway/workspaces" ];

     

       120
       156
        
               modules-center = [ "sway/window" ];

     

       121
       121
       -
               modules-right = [ "clock"  ];

     

       157
       157
       +
               modules-right = [

     

       158
       158
       +
                 "pulseaudio"

     

       159
       159
       +
                 "clock"          

     

       160
       160
       +
               ];

     

       122
       161
        
       

     

       123
       162
        
               "sway/workspaces" = {

     

       124
       163
        
                 disable-scroll = true;

     

       125
       164
        
                 sort-by-name = true;

     

       165
       165
       +
               };

     

       166
       166
       +
               tray = {

     

       167
       167
       +
                 icon-size = 13;

     

       168
       168
       +
                 tooltip = false;

     

       169
       169
       +
                 spacing = 10;

     

       170
       170
       +
               };

     

       171
       171
       +
               network = {

     

       172
       172
       +
                 format = "󰖩 {essid}";

     

       173
       173
       +
                 format-disconnected = "󰖪 disconnected";

     

       174
       174
       +
               };

     

       175
       175
       +
               clock = {

     

       176
       176
       +
                 format = " {:%I:%M %p   %m/%d} ";

     

       177
       177
       +
                 tooltip-format = ''

     

       178
       178
       +
                   <big>{:%Y %B}</big>

     

       179
       179
       +
                   <tt><small>{calendar}</small></tt>'';

     

       180
       180
       +
               };

     

       181
       181
       +
       

     

       182
       182
       +
               pulseaudio = {

     

       183
       183
       +
                 format = "{icon} {volume}%";

     

       184
       184
       +
                 tooltip = false;

     

       185
       185
       +
                 format-muted = " Muted";

     

       186
       186
       +
                 on-click = "pamixer -t";

     

       187
       187
       +
                 on-scroll-up = "pamixer -i 5";

     

       188
       188
       +
                 on-scroll-down = "pamixer -d 5";

     

       189
       189
       +
                 scroll-step = 5;

     

       190
       190
       +
                 format-icons = {

     

       191
       191
       +
                   headphone = "";

     

       192
       192
       +
                   hands-free = "";

     

       193
       193
       +
                   headset = "";

     

       194
       194
       +
                   phone = "";

     

       195
       195
       +
                   portable = "";

     

       196
       196
       +
                   car = "";

     

       197
       197
       +
                   default = [ "" "" "" ];

     

       198
       198
       +
                 };

     

       199
       199
       +
               };

     

       200
       200
       +
       

     

       201
       201
       +
               "pulseaudio#microphone" = {

     

       202
       202
       +
                 format = "{format_source}";

     

       203
       203
       +
                 tooltip = false;

     

       204
       204
       +
                 format-source = " {volume}%";

     

       205
       205
       +
                 format-source-muted = " Muted";

     

       206
       206
       +
                 on-click = "pamixer --default-source -t";

     

       207
       207
       +
                 on-scroll-up = "pamixer --default-source -i 5";

     

       208
       208
       +
                 on-scroll-down = "pamixer --default-source -d 5";

     

       209
       209
       +
                 scroll-step = 5;

     

       126
       210
        
               };

     

       127
       211
        
             };

     

       128
       212
        
           };

host-secrets.nix

hosts/buer/default.nix

hosts/buer/hardware.nix

hosts/buer/secrets.nix

+46

hosts/focalor/backup.nix

···

       1
       1
       +
       # Do not modify this file!  It was generated by ‘nixos-generate-config’

     

       2
       2
       +
       # and may be overwritten by future invocations.  Please make changes

     

       3
       3
       +
       # to /etc/nixos/configuration.nix instead.

     

       4
       4
       +
       { config, lib, pkgs, modulesPath, ... }:

     

       5
       5
       +
       

     

       6
       6
       +
       {

     

       7
       7
       +
         imports =

     

       8
       8
       +
           [ (modulesPath + "/installer/scan/not-detected.nix")

     

       9
       9
       +
           ];

     

       10
       10
       +
       

     

       11
       11
       +
         boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "sd_mod" ];

     

       12
       12
       +
         boot.initrd.kernelModules = [

     

       13
       13
       +
            "vfio" "vfio_iommu_type1" "vfio_pci"

     

       14
       14
       +
            "nvidia" "nvidia-modeset" "nvidia_uvm" "nvidia_drm" 

     

       15
       15
       +
         ];

     

       16
       16
       +
         boot.kernelModules = [ "kvm-amd" ];

     

       17
       17
       +
         boot.kernelParams = [

     

       18
       18
       +
           "amd_iommu=on"

     

       19
       19
       +
           "vfio-pci.ids=10de:2484,10de228b,1022:149c,15b7:5045"

     

       20
       20
       +
         ];

     

       21
       21
       +
         boot.extraModulePackages = [ ];

     

       22
       22
       +
       

     

       23
       23
       +
         fileSystems."/" =

     

       24
       24
       +
           { device = "/dev/disk/by-uuid/2009b305-f22d-4d5c-a9d3-c49a2303232b";

     

       25
       25
       +
             fsType = "ext4";

     

       26
       26
       +
           };

     

       27
       27
       +
       

     

       28
       28
       +
         fileSystems."/boot" =

     

       29
       29
       +
           { device = "/dev/disk/by-uuid/E53C-502F";

     

       30
       30
       +
             fsType = "vfat";

     

       31
       31
       +
             options = [ "fmask=0077" "dmask=0077" ];

     

       32
       32
       +
           };

     

       33
       33
       +
       

     

       34
       34
       +
         swapDevices = [ ];

     

       35
       35
       +
       

     

       36
       36
       +
         # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

     

       37
       37
       +
         # (the default) this is the recommended approach. When using systemd-networkd it's

     

       38
       38
       +
         # still possible to use this option, but it's recommended to use it in conjunction

     

       39
       39
       +
         # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.

     

       40
       40
       +
         networking.useDHCP = lib.mkDefault true;

     

       41
       41
       +
         # networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;

     

       42
       42
       +
         # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;

     

       43
       43
       +
       

     

       44
       44
       +
         nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";

     

       45
       45
       +
         hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

     

       46
       46
       +
       }

+58 -4

hosts/focalor/default.nix

···

       6
       6
        
           # Host-specific hardware

     

       7
       7
        
           ./hardware.nix

     

       8
       8
        
           ./secrets.nix

     

       9
       9
       +
           ./vfio.nix

     

       9
       10
        
           

     

       10
       11
        
           # Common modules shared across hosts

     

       11
       12
        
           ../../common/system.nix

     

       12
       13
        
           ../../common/users.nix

     

       13
       14
        
           ../../common/services.nix

     

       14
       15
        
           ../../common/efi.nix

     

       16
       16
       +
           ../../common/bluetooth.nix

     

       15
       17
        
       

     

       16
       18
        
           # Desktop modules

     

       17
       19
        
           ../../common/desktop/core.nix

     

       18
       20
        
           ../../common/desktop/sway.nix

     

       21
       21
       +
           ../../common/desktop/vnc.nix

     

       19
       22
        
       

     

       20
       23
        
           # Nvidia

     

       21
       24
        
           ../../common/nvidia.nix

     
···

       24
       27
        
           #../../host-secrets.nix

     

       25
       28
        
         ];

     

       26
       29
        
       

     

       27
       27
       -
         system.stateVersion = "24.11";

     

       30
       30
       +
         system.stateVersion = "25.05";

     

       28
       31
        
       

     

       29
       32
        
         # pin host platform & microcode

     

       30
       33
        
         nixpkgs.hostPlatform               = lib.mkDefault "x86_64-linux";

     
···

       34
       37
        
         networking.hostName = "focalor";

     

       35
       38
        
         networking.hostId = "84bdc587";

     

       36
       39
        
       

     

       37
       37
       -
         networking = {

     

       40
       40
       +
         systemd.network = {

     

       41
       41
       +
           enable = true;

     

       42
       42
       +
           netdevs."br0" = {

     

       43
       43
       +
             netdevConfig = {

     

       44
       44
       +
               Name = "br0";

     

       45
       45
       +
               Kind = "bridge";

     

       46
       46
       +
             };

     

       47
       47
       +
           };

     

       48
       48
       +
           networks = {

     

       49
       49
       +
             "10-lan" = {

     

       50
       50
       +
               matchConfig.Name = ["enp5s0" "vm-*"];

     

       51
       51
       +
               networkConfig = {

     

       52
       52
       +
                 Bridge = "br0";

     

       53
       53
       +
               };

     

       54
       54
       +
             };

     

       55
       55
       +
             "10-lan-bridge" = {

     

       56
       56
       +
               matchConfig.Name = "br0";

     

       57
       57
       +
               networkConfig = {

     

       58
       58
       +
                 Address = ["10.0.0.34/24" "2601:5c2:8400:26c0:aaa1:59ff:fe94:5aba/64"];

     

       59
       59
       +
                 Gateway = "10.0.0.1";

     

       60
       60
       +
                 DNS = ["10.0.0.210" "1.1.1.1"];

     

       61
       61
       +
                 IPv6AcceptRA = true;

     

       62
       62
       +
               };

     

       63
       63
       +
               linkConfig.RequiredForOnline = "routable";

     

       64
       64
       +
             };

     

       65
       65
       +
           };

     

       66
       66
       +
         };

     

       67
       67
       +
       

     

       68
       68
       +
         programs.steam.enable = true;

     

       69
       69
       +
       

     

       70
       70
       +
         /*networking = {

     

       38
       71
        
           firewall.enable = false;

     

       39
       72
        
           firewall.trustedInterfaces = [

     

       40
       73
        
       	    "tailscale0"

     
···

       42
       75
        
           nameservers   = [ "10.0.0.210" "1.1.1.1" ];

     

       43
       76
        
           useDHCP       = true;

     

       44
       77
        
           firewall.allowedTCPPorts = [22 80 443 2456 2457 9000 9001 9002]; 

     

       45
       45
       -
         };

     

       78
       78
       +
         };*/

     

       46
       79
        
       

     

       47
       80
        
         services.resolved = {

     

       48
       81
        
           enable      = true;

     
···

       57
       90
        
       

     

       58
       91
        
         #services.zfs.autoScrub.enable = true;

     

       59
       92
        
         #services.zfs.trim.enable = true;

     

       93
       93
       +
         

     

       94
       94
       +
         services.vscode-server.enable = true;

     

       95
       95
       +
         services.vscode-server.nodejsPackage = pkgs.nodejs_20;

     

       96
       96
       +
       

     

       97
       97
       +
       

     

       98
       98
       +
         programs.obs-studio = {

     

       99
       99
       +
           enable = true;

     

       100
       100
       +
           enableVirtualCamera = true;

     

       101
       101
       +
           plugins = with pkgs.obs-studio-plugins; [

     

       102
       102
       +
             droidcam-obs

     

       103
       103
       +
           ];

     

       104
       104
       +
         };

     

       60
       105
        
       

     

       61
       106
        
         environment.systemPackages = with pkgs; [

     

       62
       107
        
           #lm_sensors

     

       63
       63
       -
           code-server

     

       108
       108
       +
           #code-server

     

       64
       109
        
           inputs.agenix.packages.x86_64-linux.default

     

       65
       110
        
         ];

     

       66
       111
        
       

     
···

       72
       117
        
           package = pkgs.docker.override {

     

       73
       118
        
             buildGoModule = pkgs.buildGo123Module;

     

       74
       119
        
           };

     

       120
       120
       +
         };

     

       121
       121
       +
       

     

       122
       122
       +
         xdg.portal = {

     

       123
       123
       +
           enable = true;

     

       124
       124
       +
           wlr.enable = true;

     

       125
       125
       +
           extraPortals = with pkgs; [

     

       126
       126
       +
             xdg-desktop-portal-gtk

     

       127
       127
       +
             xdg-desktop-portal-gnome

     

       128
       128
       +
           ];

     

       75
       129
        
         };

     

       76
       130
        
       }

+10 -8

hosts/focalor/hardware.nix

···

       9
       9
        
           ];

     

       10
       10
        
       

     

       11
       11
        
         boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "uas" "usbhid" "sd_mod" ];

     

       12
       12
       -
         boot.initrd.kernelModules = [ ];

     

       12
       12
       +
         boot.initrd.kernelModules = [ "vfio" "vfio_iommu_type1" "vfio_pci"  ];

     

       13
       13
        
         boot.kernelModules = [ "kvm-amd" ];

     

       14
       14
       +
         boot.kernelParams = [

     

       15
       15
       +
           "amd_iommu=on"

     

       16
       16
       +
           "vfio-pci.ids=10de:2484,10de228b,1022:149c,15b7:5045,1dbe:5236,1022:149c"

     

       17
       17
       +
         ];

     

       14
       18
        
         boot.extraModulePackages = [ ];

     

       15
       19
        
       

     

       16
       20
        
         fileSystems."/" =

     

       17
       17
       -
           { device = "/dev/disk/by-uuid/01c4129c-ace4-495a-941e-c5fa893a0bb4";

     

       21
       21
       +
           { device = "/dev/disk/by-uuid/5d42a325-ba0d-4d40-906b-d28603b433ef";

     

       18
       22
        
             fsType = "ext4";

     

       19
       23
        
           };

     

       20
       24
        
       

     

       21
       25
        
         fileSystems."/boot" =

     

       22
       22
       -
           { device = "/dev/disk/by-uuid/6CCE-47E4";

     

       26
       26
       +
           { device = "/dev/disk/by-uuid/404A-728D";

     

       23
       27
        
             fsType = "vfat";

     

       24
       24
       -
             options = [ "fmask=0077" "dmask=0077" ];

     

       28
       28
       +
             options = [ "fmask=0022" "dmask=0022" ];

     

       25
       29
        
           };

     

       26
       30
        
       

     

       27
       27
       -
         swapDevices =

     

       28
       28
       -
           [ { device = "/dev/disk/by-uuid/3029e270-a5f5-4a97-a29b-f2bc3e3a33a8"; }

     

       29
       29
       -
           ];

     

       31
       31
       +
         swapDevices = [ ];

     

       30
       32
        
       

     

       31
       33
        
         # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

     

       32
       34
        
         # (the default) this is the recommended approach. When using systemd-networkd it's

     

       33
       35
        
         # still possible to use this option, but it's recommended to use it in conjunction

     

       34
       36
        
         # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.

     

       35
       35
       -
         networking.useDHCP = lib.mkDefault true;

     

       37
       37
       +
         # networking.useDHCP = lib.mkDefault true;

     

       36
       38
        
         # networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;

     

       37
       39
        
         # networking.interfaces.wlp4s0.useDHCP = lib.mkDefault true;

     

       38
       40

+62

hosts/focalor/scripts/vm-win11-hook.sh

···

       1
       1
       +
       #!/run/current-system/sw/bin/bash

     

       2
       2
       +
       

     

       3
       3
       +
       echo "qemu-hook: ${1} ${2}" >> /tmp/qemu-hook.log

     

       4
       4
       +
       

     

       5
       5
       +
       set -x

     

       6
       6
       +
       

     

       7
       7
       +
       readonly GUEST_NAME="$1"

     

       8
       8
       +
       readonly HOOK_NAME="$2"

     

       9
       9
       +
       readonly STATE_NAME="$3"

     

       10
       10
       +
       

     

       11
       11
       +
       function start_hook() {

     

       12
       12
       +
         # Stops GUI

     

       13
       13
       +
         systemctl isolate multi-user.target

     

       14
       14
       +
       

     

       15
       15
       +
         # Avoids race condition

     

       16
       16
       +
         sleep 2

     

       17
       17
       +
       

     

       18
       18
       +
         # Unloads the NVIDIA drivers

     

       19
       19
       +
         modprobe -r nvidia_drm

     

       20
       20
       +
         modprobe -r nvidia_uvm

     

       21
       21
       +
         modprobe -r nvidia_modeset

     

       22
       22
       +
         modprobe -r nvidia

     

       23
       23
       +
       

     

       24
       24
       +
         # Other code you might want to run

     

       25
       25
       +
       }

     

       26
       26
       +
       

     

       27
       27
       +
       function revert_hook() {

     

       28
       28
       +
         virsh nodedev-reattach pci_0000_0a_00_0

     

       29
       29
       +
         virsh nodedev-reattach pci_0000_0a_00_1

     

       30
       30
       +
         virsh nodedev-reattach pci_0000_06_00_1

     

       31
       31
       +
         virsh nodedev-reattach pci_0000_06_00_3

     

       32
       32
       +
         virsh nodedev-reattach pci_0000_0c_00_3

     

       33
       33
       +
       

     

       34
       34
       +
         modprobe -r vfio-pci

     

       35
       35
       +
       

     

       36
       36
       +
         # Loads the NVIDIA drivers

     

       37
       37
       +
         modprobe nvidia_modeset

     

       38
       38
       +
         modprobe nvidia_uvm

     

       39
       39
       +
         modprobe nvidia_drm

     

       40
       40
       +
         modprobe nvidia

     

       41
       41
       +
       

     

       42
       42
       +
         modprobe -r xhci_pci

     

       43
       43
       +
         modprobe xhci_pci

     

       44
       44
       +
       

     

       45
       45
       +
         # Starts the UI again

     

       46
       46
       +
         systemctl restart display-manager

     

       47
       47
       +
         systemctl isolate graphical.target

     

       48
       48
       +
       }

     

       49
       49
       +
       

     

       50
       50
       +
       # I am not using the script from Passthrough-Post

     

       51
       51
       +
       # because hooks option saves it to /var/lib/libvirt/hooks/qemu.d.

     

       52
       52
       +
       # It's simpler to just rewrite it for NixOS.

     

       53
       53
       +
       if [[ "$GUEST_NAME" != "win11" ]]; then

     

       54
       54
       +
         exit 0

     

       55
       55
       +
       fi

     

       56
       56
       +
       

     

       57
       57
       +
       if [[ "$HOOK_NAME" == "prepare" && "$STATE_NAME" == "begin" ]]; then

     

       58
       58
       +
         #start_hook

     

       59
       59
       +
         echo "do nothing"

     

       60
       60
       +
       elif [[ "$HOOK_NAME" == "release" && "$STATE_NAME" == "end" ]]; then

     

       61
       61
       +
         revert_hook

     

       62
       62
       +
       fi

hosts/focalor/secrets.nix

+43

hosts/focalor/vfio.nix

···

       1
       1
       +
       { config, lib, system, pkgs, modulesPath, inputs, ... }:

     

       2
       2
       +
       

     

       3
       3
       +
       {

     

       4
       4
       +
         programs.virt-manager.enable = true;

     

       5
       5
       +
         virtualisation.spiceUSBRedirection.enable = true;

     

       6
       6
       +
         virtualisation.libvirtd = {

     

       7
       7
       +
           enable = true;

     

       8
       8
       +
           qemu = {

     

       9
       9
       +
             package = pkgs.qemu_kvm;

     

       10
       10
       +
             runAsRoot = true;

     

       11
       11
       +
             swtpm.enable = true;

     

       12
       12
       +
             ovmf = {

     

       13
       13
       +
               enable = true;

     

       14
       14
       +
               packages = [(pkgs.OVMF.override {

     

       15
       15
       +
                 secureBoot = true;

     

       16
       16
       +
                 tpmSupport = true;

     

       17
       17
       +
               }).fd];

     

       18
       18
       +
             };

     

       19
       19
       +
           };

     

       20
       20
       +
           hooks.qemu = {

     

       21
       21
       +
             win11 = ./scripts/vm-win11-hook.sh;

     

       22
       22
       +
           };

     

       23
       23
       +
         };

     

       24
       24
       +
       

     

       25
       25
       +
         systemd.services.libvirtd = {

     

       26
       26
       +
           path = let

     

       27
       27
       +
             env = pkgs.buildEnv {

     

       28
       28
       +
               name = "qemu-hook-env";

     

       29
       29
       +
               paths = with pkgs; [

     

       30
       30
       +
                 bash

     

       31
       31
       +
                 libvirt

     

       32
       32
       +
                 kmod

     

       33
       33
       +
                 systemd

     

       34
       34
       +
                 ripgrep

     

       35
       35
       +
                 sd

     

       36
       36
       +
               ];

     

       37
       37
       +
             };

     

       38
       38
       +
           in

     

       39
       39
       +
             [ env ];

     

       40
       40
       +
         };

     

       41
       41
       +
       

     

       42
       42
       +
         users.extraUsers.regent.extraGroups = [ "libvirtd" ];

     

       43
       43
       +
       }

hosts/valefar/default.nix

hosts/valefar/hardware.nix

hosts/valefar/secrets.nix

+28

modules/immich/default.nix

···

       1
       1
       +
       { config, lib, pkgs, ... }:

     

       2
       2
       +
       

     

       3
       3
       +
       with lib;

     

       4
       4
       +
       let

     

       5
       5
       +
         cfg = config.modules.immich;

     

       6
       6
       +
       

     

       7
       7
       +
         immichRoot = "/storage/immich";  #TODO make this configurable through nix

     

       8
       8
       +
         immichPhotos = "${immichRoot}/photos";

     

       9
       9
       +
       in

     

       10
       10
       +
       {

     

       11
       11
       +
         options = {

     

       12
       12
       +
           modules = {

     

       13
       13
       +
             immich = {

     

       14
       14
       +
               enable = mkEnableOption "Deploy immich";

     

       15
       15
       +
             };

     

       16
       16
       +
           };

     

       17
       17
       +
         };

     

       18
       18
       +
       

     

       19
       19
       +
         config = mkIf cfg.enable {

     

       20
       20
       +
           services.immich = {

     

       21
       21
       +
             enable = true;

     

       22
       22
       +
             port = 2283;

     

       23
       23
       +
             host = "photos.nekomimi.pet";

     

       24
       24
       +
             mediaLocation = immichPhotos;

     

       25
       25
       +
             settings = null;

     

       26
       26
       +
           };

     

       27
       27
       +
         };

     

       28
       28
       +
       };

secrets/build-token.age

secrets/garage-admin-token.age

secrets/garage-metrics-token.age

secrets/garage-rpc-secret.age

secrets/secrets.nix