thiago/nix-conf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: initialize repo with NixOS and Home Manager configs

Browse source 
- Add .gitignore for common languages, tools, and OS/editor artifacts
- Configure .gitattributes for Git LFS (fonts, images, archives, ISOs)
- Add README with repo description
- Add flake.nix defining inputs and outputs for NixOS, Home Manager, and related modules
- Introduce home-manager configs:
  - Base home.nix with packages, services, and programs
  - Hyprland WM configuration (waybar, fuzzel, keybindings, theming)
  - Vim (nixvim) setup with LSP and plugins
  - Zsh setup with aliases, Oh My Zsh, clipboard helpers
  - Systemd user services (e.g., librespot)
- Add scripts (GPU monitor, RAM build helper, install automation)
- Add host configurations:
  - Nixbook (Apple laptop) with hardware, disko, and install script
  - Nixstation (desktop) with firewall, virtualization, Btrfs scrub timer
  - Nixtest (test VM) with QEMU + Alpine-based install test harness
  - Common modules (network, NVIDIA, rclone, screen, keychron, users)
- Include statix config for linting
This commit is contained in:
Thiago Sposito 2025-08-20 21:55:46 -03:00 committed by Thiago Alexandria Sposito
commit 095e9f4f6b
34 changed files with 1954 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

19
hosts/Nixbook/apple.nix Normal file
View file

@ -0,0 +1,19 @@
{ config
, lib
, pkgs
, ...
}:
{
boot.kernelParams = [
"hid_apple.iso_layout=0"
];
powerManagement = {
cpuFreqGovernor = "schedutil";
powerUpCommands = lib.mkBefore "${pkgs.kmod}/bin/modprobe brcmfmac";
powerDownCommands = lib.mkBefore "${pkgs.kmod}/bin/rmmod brcmfmac";
};
hardware.facetimehd.enable = lib.mkDefault (config.nixpkgs.config.allowUnfree or false);
services.mbpfan.enable = lib.mkDefault true;
}

56
hosts/Nixbook/default.nix Normal file
View file

@ -0,0 +1,56 @@
{ pkgs, ... }:
{
imports = [
../common/default.nix
./apple.nix
./hardware-configuration.nix
];
networking.hostName = "Nixbook";
programs.hyprland.enable = true;
programs.hyprland.withUWSM = true;
environment.sessionVariables = {
NIXOS_OZONE_WL = "1";
};
services = {
xserver.enable = true;
displayManager.sddm = {
enable = true;
wayland.enable = true;
};
libinput = {
enable = true;
touchpad.clickMethod = "clickfinger";
};
openssh = {
enable = true;
settings = {
PermitRootLogin = "yes";
PasswordAuthentication = false;
};
};
};
environment.systemPackages = with pkgs; [
exfat
gcsfuse
git
home-manager
hwinfo
libinput
neovim
nil
nixpkgs-fmt
rclone
wget
];
system.stateVersion = "23.11";
}

68
hosts/Nixbook/disko.nix Normal file
View file

@ -0,0 +1,68 @@
{ config, lib, ... }:
{
disko.devices = {
disk.main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
esp = {
size = "512M";
start = "1M";
type = "EF00";
label = "EFI";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
swap = {
size = "16G";
type = "8200";
label = "Swap";
content = {
type = "swap";
randomEncryption = false;
};
};
root = {
type = "8300";
label = "NixOS";
size = "870G";
content = {
type = "btrfs";
mountpoint = "/";
subvolumes = {
"@root" = {
mountpoint = "/";
};
"@nix" = {
mountpoint = "/nix";
};
"@home" = {
mountpoint = "/home";
};
"@log" = {
mountpoint = "/var/log";
};
};
extraArgs = [
"-L"
"nixos-root"
];
mountOptions = [
"compress=zstd"
"noatime"
];
};
};
};
};
};
};
}

32
hosts/Nixbook/hardware-configuration.nix Normal file
View file

@ -0,0 +1,32 @@
{ config
, lib
, pkgs
, modulesPath
, inputs
, ...
}:
{
imports = [
(modulesPath + "/hardware/network/broadcom-43xx.nix")
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
];
initrd.kernelModules = [ ];
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

68
hosts/Nixbook/scripts/install.sh Normal file
View file

@ -0,0 +1,68 @@
#!/usr/bin/env bash
set -euo pipefail
### CONFIGURATION ###
TARGET_IP="192.168.1.65"
INSTALL_USER="nixos"
INSTALL_PASS="123456"
SSH_KEY="$HOME/.ssh/id_rsa.pub"
FLAKE_PATH="./#Nixbook"
# Export variables needed inside nix-shell
export TARGET_IP INSTALL_USER INSTALL_PASS SSH_KEY FLAKE_PATH HOME
### Prerequisites Check ###
# Removed check, sshpass will be provided by nix-shell
### 0. Ensure SSH key is available ###
if [ ! -f "$SSH_KEY" ]; then
echo "❌ SSH key not found at $SSH_KEY"
exit 1
fi
### 1. Remove existing SSH known_hosts entry if it exists ###
echo "🧹 Checking for existing SSH known_hosts entry for $TARGET_IP..."
if grep -q "$TARGET_IP" ~/.ssh/known_hosts; then
echo "🔄 Removing existing SSH known_hosts entry for $TARGET_IP..."
ssh-keygen -R "$TARGET_IP"
else
echo "✅ No existing SSH known_hosts entry found for $TARGET_IP."
fi
### 2, 3, 4: Run commands requiring Nix-provided packages ###
# Use a single nix-shell environment for sshpass, openssh, and nixos-anywhere
nix-shell -p nixos-anywhere sshpass openssh --run '
# Re-set options for this subshell
set -euo pipefail
### 2. Add SSH key to remote temporary user ###
echo "🔐 Copying SSH key to $INSTALL_USER@$TARGET_IP..."
# sshpass and ssh-copy-id are from nix-shell environment
sshpass -p "$INSTALL_PASS" ssh-copy-id -i "$SSH_KEY" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null "$INSTALL_USER@$TARGET_IP"
### 3. Grant temporary user passwordless sudo on target machine ###
echo "🔧 Configuring sudo access for $INSTALL_USER on target..."
# ssh is from nix-shell environment
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null "$INSTALL_USER@$TARGET_IP" <<EOF
# Ensure the sudoers.d directory exists
sudo mkdir -p /etc/sudoers.d
# Write the sudo rule
echo "$INSTALL_USER ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/90-$INSTALL_USER
sudo chmod 0440 /etc/sudoers.d/90-$INSTALL_USER
EOF
### 4. Run nixos-anywhere ###
echo "🚀 Starting nixos-anywhere install to $TARGET_IP..."
# nixos-anywhere is from nix-shell environment
nixos-anywhere \
-i ~/.ssh/id_rsa \
--ssh-option User=$INSTALL_USER \
--ssh-option StrictHostKeyChecking=no \
--ssh-option UserKnownHostsFile=/dev/null \
--flake $FLAKE_PATH \
--build-on-remote \
$TARGET_IP
'
echo "✅ Installation complete!"

170
hosts/Nixstation/default.nix Normal file
View file

@ -0,0 +1,170 @@
{ pkgs
, ...
}:
{
imports = [
../common/default.nix
../common/keychron.nix
../common/network.nix
../common/nvidia/default.nix
../common/rclone.nix
../common/screen.nix
./hardware-configuration.nix
];
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
};
environment = {
systemPackages = with pkgs; [
act
btrfs-progs
cudatoolkit
networkmanagerapplet
];
variables = {
NIXOS_HOST = "nixstation";
NIXOS_DE = "wayland";
};
sessionVariables = {
NIXOS_OZONE_WL = "1";
XDG_SESSION_TYPE = "wayland";
QT_QPA_PLATFORM = "wayland";
GDK_BACKEND = "wayland";
};
};
hardware = {
sane.enable = true;
graphics.enable = true;
};
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "pt_BR.UTF-8";
LC_IDENTIFICATION = "pt_BR.UTF-8";
LC_MEASUREMENT = "pt_BR.UTF-8";
LC_MONETARY = "pt_BR.UTF-8";
LC_NAME = "pt_BR.UTF-8";
LC_NUMERIC = "pt_BR.UTF-8";
LC_PAPER = "pt_BR.UTF-8";
LC_TELEPHONE = "pt_BR.UTF-8";
LC_TIME = "pt_BR.UTF-8";
};
networking.firewall = {
enable = true;
allowPing = true;
allowedTCPPorts = [
11434
8888
8000
8080
];
};
nix = {
settings = {
auto-optimise-store = true;
};
};
programs = {
# steam = {
# enable = true;
# remotePlay.openFirewall = true;
# dedicatedServer.openFirewall = true;
# localNetworkGameTransfers.openFirewall = true;
# };
dconf.enable = true;
hyprland = {
enable = true;
withUWSM = true;
xwayland.enable = true;
};
virt-manager.enable = true;
};
# security.pam.services.gdm.enableGnomeKeyring = true;
security.rtkit.enable = true;
services = {
avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
extraConfig = ''
[server]
allow-interfaces=wlp7s0
'';
};
earlyoom = {
enable = true;
freeMemThreshold = 5;
freeSwapThreshold = 10;
};
flatpak.enable = true;
greetd = {
enable = true;
settings.default_session = {
command = "${pkgs.hyprland}/bin/Hyprland";
user = "thiago";
};
};
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
};
systemd = {
services."getty@tty1".enable = false;
services."autovt@tty1".enable = false;
};
systemd.timers.btrfs-scrub = {
description = "Run Btrfs Scrub Daily";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
};
};
systemd.services = {
btrfs-scrub = {
description = "Daily Btrfs Scrub";
serviceConfig = {
Type = "oneshot";
Nice = 19;
IOSchedulingClass = "idle";
ExecStart = "${pkgs.btrfs-progs}/bin/btrfs scrub start -n 2 -B / && ${pkgs.btrfs-progs}/bin/btrfs scrub start -n 2 -B /mnt/hdd0";
};
};
};
system.stateVersion = "24.05"; # keep it!
time.timeZone = "America/Sao_Paulo";
virtualisation = {
vmware.host.enable = false;
spiceUSBRedirection.enable = true;
libvirtd = {
enable = true;
qemu.ovmf.enable = true;
qemu.package = pkgs.qemu_full;
};
};
zramSwap = {
enable = true;
memoryPercent = 30;
algorithm = "zstd";
};
}

65
hosts/Nixstation/hardware-configuration.nix Normal file
View file

@ -0,0 +1,65 @@
{ config
, lib
, modulesPath
, ...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd.availableKernelModules = [
"xhci_pci"
"ehci_pci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
"ahci"
];
kernelParams = [ "amd_pstate=active" ];
initrd.kernelModules = [ ];
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/df74093a-637d-41a5-8c6a-2bf2dccc1506";
fsType = "btrfs";
options = [ "subvol=@" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/E9BA-D1A3";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
"/mnt/hdd0" = {
device = "/dev/disk/by-uuid/940353dd-5774-4577-aba3-516d3f9c404d";
fsType = "btrfs";
options = [ "defaults" ];
};
};
swapDevices = [ ];
networking = {
useDHCP = lib.mkDefault true;
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware = {
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
enableRedistributableFirmware = true;
bluetooth.enable = true;
};
services.blueman.enable = true;
}

14
hosts/Nixstation/scripts/motd.sh Normal file
View file

@ -0,0 +1,14 @@
cat << 'EOF' > /etc/motd
▗▖ ▗▖▗▄▄▄▖▗▖ ▗▖ ▗▄▄▖▗▄▄▄▖▗▄▖▗▄▄▄▖▗▄▄▄▖ ▗▄▖ ▗▖ ▗▖
▐▛▚▖▐▌ █ ▝▚▞▘ ▐▌ █ ▐▌ ▐▌ █ █ ▐▌ ▐▌▐▛▚▖▐▌
▐▌ ▝▜▌ █ ▐▌ ▝▀▚▖ █ ▐▛▀▜▌ █ █ ▐▌ ▐▌▐▌ ▝▜▌
▐▌ ▐▌▗▄█▄▖▗▞▘▝▚▖▗▄▄▞▘ █ ▐▌ ▐▌ █ ▗▄█▄▖▝▚▄▞▘▐▌ ▐▌
[ Ryzen 7 5700G ]-[64 Gb ]-[ RTX 3090]
┏┳┓┓ • ┏┓ •
┃ ┣┓┓┏┓┏┓┏┓ ┗┓┏┓┏┓┏┓╋┏┓
┻ ┛┗┗┗┻┗┫┗┛ ┗┛┣┛┗┛┛┗┗┗┛
┛ ┛
EOF

29
hosts/Nixtest/default.nix Normal file
View file

@ -0,0 +1,29 @@
{ pkgs, ... }:
{
imports = [
./disko.nix
];
networking.hostName = "Nixtest";
services = {
xserver.enable = true;
displayManager.sddm = {
enable = true;
};
openssh = {
enable = true;
settings = {
PermitRootLogin = "yes";
PasswordAuthentication = true;
};
};
};
environment.systemPackages = with pkgs; [
git
home-manager
];
system.stateVersion = "23.11";
}

58
hosts/Nixtest/disko.nix Normal file
View file

@ -0,0 +1,58 @@
{ config, lib, ... }:
{
disko.devices = {
disk.main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
esp = {
size = "128M";
start = "1M";
type = "EF00";
label = "EFI";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
type = "8300";
label = "NixOS";
size = "32G";
content = {
type = "btrfs";
mountpoint = "/";
subvolumes = {
"@root" = {
mountpoint = "/";
};
"@nix" = {
mountpoint = "/nix";
};
"@home" = {
mountpoint = "/home";
};
"@log" = {
mountpoint = "/var/log";
};
};
extraArgs = [
"-L"
"nixos-root"
];
mountOptions = [
"compress=zstd"
"noatime"
];
};
};
};
};
};
};
}

93
hosts/Nixtest/scripts/install_test.sh Normal file
View file

@ -0,0 +1,93 @@
#!/usr/bin/env bash
set -euo pipefail
### Configuration ###
# Find virtual images at: https://alpinelinux.org/downloads/ -> Virtual
ALPINE_VERSION="3.19.1"
ALPINE_ARCH="x86_64"
ALPINE_IMAGE_FILENAME="alpine-virt-${ALPINE_VERSION}-${ALPINE_ARCH}.iso"
ALPINE_IMAGE_URL="https://dl-cdn.alpinelinux.org/alpine/v$(echo $ALPINE_VERSION | cut -d. -f1-2)/releases/${ALPINE_ARCH}/${ALPINE_IMAGE_FILENAME}"
QEMU_MEM="2048"
QEMU_CPUS="2"
QEMU_SSH_HOST_PORT="2222"
QEMU_PID_FILE="qemu_test.pid"
TARGET_IP="127.0.0.1"
TARGET_PORT="${QEMU_SSH_HOST_PORT}"
TARGET_USER="root"
SSH_KEY_PUB="$HOME/.ssh/id_rsa.pub"
SSH_KEY_PRIV="$HOME/.ssh/id_rsa"
FLAKE_PATH="./#Nixtest"
### Helper Functions ###
cleanup_qemu() {
if [ -f "$QEMU_PID_FILE" ]; then
echo "🧹 Cleaning up previous QEMU instance..."
kill -- "-$(cat $QEMU_PID_FILE)" 2>/dev/null || kill "$(cat $QEMU_PID_FILE)" 2>/dev/null || true
rm -f "$QEMU_PID_FILE"
sleep 2
echo "🧹 Cleanup complete."
fi
}
launch_qemu_alpine() {
echo "🚀 Launching QEMU with Alpine Linux (${ALPINE_IMAGE_FILENAME})..."
qemu-system-x86_64 \
-m "${QEMU_MEM}" \
-smp "${QEMU_CPUS}" \
-enable-kvm \
-nic user,model=virtio-net-pci,hostfwd=tcp::${TARGET_PORT}-:22 \
-drive file="${ALPINE_IMAGE_FILENAME}",media=cdrom,readonly=on \
-boot d \
-display none \
-daemonize \
-pidfile "$QEMU_PID_FILE"
echo "⏳ Waiting for QEMU to boot and SSH to become available on port ${TARGET_PORT}..."
local max_wait=90
local waited=0
while ! ssh -p "${TARGET_PORT}" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ConnectTimeout=2 -o ConnectionAttempts=3 "${TARGET_USER}@${TARGET_IP}" exit >/dev/null 2>&1; do
sleep 3
waited=$((waited + 3))
if [ "$waited" -ge "$max_wait" ]; then
echo "❌ Timed out waiting for SSH on port ${TARGET_PORT}."
cat "$QEMU_PID_FILE"
cleanup_qemu
exit 1
fi
echo -n "."
done
echo
echo "✅ QEMU Alpine VM is up and SSH is ready on port ${TARGET_PORT}."
}
### Main Script ###
trap cleanup_qemu EXIT SIGINT SIGTERM
if [ ! -f "$ALPINE_IMAGE_FILENAME" ]; then
echo "⏬ Downloading Alpine image: ${ALPINE_IMAGE_FILENAME}..."
wget --progress=bar:force -O "$ALPINE_IMAGE_FILENAME" "$ALPINE_IMAGE_URL"
else
echo "✅ Alpine image found locally: ${ALPINE_IMAGE_FILENAME}"
fi
if [ ! -f "$SSH_KEY_PUB" ] || [ ! -f "$SSH_KEY_PRIV" ]; then
echo "❌ SSH key not found at $SSH_KEY_PRIV or $SSH_KEY_PUB"
echo " Please generate one using 'ssh-keygen' or specify the correct path."
exit 1
fi
echo "✅ Using SSH key: ${SSH_KEY_PRIV}"
cleanup_qemu
launch_qemu_alpine
# --- Installation logic will go here ---
echo "🏁 Test script placeholder finished. VM is running."
echo " PID: $(cat $QEMU_PID_FILE)"
echo " To connect: ssh -p ${TARGET_PORT} ${TARGET_USER}@${TARGET_IP}"

22
hosts/Nixtest/scripts/install_test_shell.nix Normal file
View file

@ -0,0 +1,22 @@
{ pkgs ? import <nixpkgs> { }
,
}:
pkgs.mkShell {
name = "nixos-anywhere-test-env";
packages = with pkgs; [
nix
nixos-anywhere
openssh
sshpass
qemu_full
wget
];
shellHook = ''
echo "Entered NixOS Anywhere Test Environment."
echo "Alpine image will be downloaded if needed."
echo "Run ./install_test.sh to start the QEMU VM and run the installation."
'';
}

64
hosts/common/default.nix Normal file
View file

@ -0,0 +1,64 @@
{ config
, inputs
, lib
, pkgs
, ...
}:
{
imports = [ ./users/thiago/default.nix ];
boot.loader.systemd-boot.enable = true;
environment = {
shells = with pkgs; [ zsh ];
etc = lib.mapAttrs'
(name: value: {
name = "nix/path/${name}";
value.source = value.flake;
})
config.nix.registry;
systemPackages = with pkgs; [
exfat
file
gcsfuse
git
gnupg
home-manager
keymapp
opensc
pciutils
pcsc-safenet
pcsctools
pkcs11helper
sops
wget
zsa-udev-rules
];
};
hardware.keyboard.zsa.enable = true;
networking.networkmanager.enable = true;
nix = {
registry = (lib.mapAttrs (_: flake: { inherit flake; })) (
(lib.filterAttrs (_: lib.isType "flake")) inputs
);
nixPath = [ "/etc/nix/path" ];
settings = {
experimental-features = "nix-command flakes";
auto-optimise-store = true;
};
};
nixpkgs.config.allowUnfree = true;
programs.zsh.enable = true;
services = {
pcscd.enable = true;
# xserver.displayManager.sessionCommands =
# "${pkgs.xorg.xmodmap}/bin/xmodmap -e 'keycode 64 = Alt_L'";
};
users.groups.scard = { };
time.timeZone = "America/Sao_Paulo";
users.defaultUserShell = pkgs.zsh;
}

41
hosts/common/keychron.nix Normal file
View file

@ -0,0 +1,41 @@
{ pkgs, ... }:
{
services.xserver = {
enable = true;
xkb = {
layout = "custom-br";
variant = "";
model = "pc105";
extraLayouts = {
custom-br = {
description = "US Custom BR (apostrophe + c ç)";
languages = [ "eng" ];
symbolsFile = pkgs.writeText "custom-br" ''
partial alphanumeric_keys
xkb_symbols "basic" {
include "us(altgr-intl)"
name[Group1]= "US Custom BR (apostrophe + c ç)";
// Override the apostrophe key to be a fake dead key
key <AC10> {
type= "FOUR_LEVEL",
symbols[Group1]= [ dead_acute, dead_acute, dead_acute, dead_acute ]
};
// Redefine the c key to output ç when used after apostrophe
key <AC03> {
type= "ALPHABETIC",
symbols[Group1]= [ c, C, ccedilla, Ccedilla ]
};
replace key <LALT> { [ Alt_L, Meta_L ] };
};
'';
};
};
};
};
}

116
hosts/common/network.nix Normal file
View file

@ -0,0 +1,116 @@
{ pkgs, ... }:
{
networking = {
hostName = "Nixstation";
networkmanager.enable = true;
firewall = {
enable = true;
allowPing = true;
allowedTCPPorts = [
2375
4780
11470
25565
];
allowedUDPPorts = [
8888
8899
];
};
};
services = {
tailscale.enable = true;
openssh.enable = true;
# openssh.settings.X11Forwarding = true;
};
virtualisation.docker = {
enable = true;
package = pkgs.docker_25;
storageDriver = "btrfs";
daemon.settings = {
hosts = [ "unix:///var/run/docker.sock" ];
features.cdi = true;
userland-proxy = false;
experimental = true;
metrics-addr = "0.0.0.0:9323";
};
# daemon.settings = {
# hosts = [
# "unix:///var/run/docker.sock"
# ];
# features = {
# cdi = true;
# };
# userland-proxy = false;
# experimental = true;
# metrics-addr = "0.0.0.0:9323";
# default-runtime = "nvidia";
# runtimes = {
# nvidia = {
# path = "nvidia-container-runtime";
# };
# nvidia-cdi = {
# path = "nvidia-container-runtime.cdi";
# };
# nvidia-legacy = {
# path = "nvidia-container-runtime.legacy";
# };
# };
# };
};
services.samba = {
enable = true;
openFirewall = true;
settings = {
global = {
"workgroup" = "WORKGROUP";
"server string" = "smbnix";
"netbios name" = "smbnix";
# "use sendfile" = "yes";
# "max protocol" = "smb2";
# note: localhost is the ipv6 localhost ::1
"hosts allow" = "192.168.0. 192.168. 192.168.122.55 127.0.0.1 localhost";
"hosts deny" = "0.0.0.0/0";
"guest account" = "nobody";
"map to guest" = "bad user";
security = "user";
# shared = {
# path = "/home/thiago/Downloads/oblivion";
# browseable = true;
# writable = false;
# guestOk = true;
# "force user" = "thiago";
# };
};
# shares = {
# OneDrive = ''
# path = "/run/media/thiago/hdd0/OneDrive/"
# browseable = "yes"
# "read only" = "no"
# "guest ok" = "no"
# "create mask" = "0644"
# "directory mask" = "0755"
# "force user" = "thiago"
# "force group" = "users"
# '';
# };
};
};
services.samba-wsdd = {
enable = true;
openFirewall = true;
};
}

54
hosts/common/nvidia/default.nix Normal file
View file

@ -0,0 +1,54 @@
{ config
, pkgs
, unstable
, ...
}:
{
imports = [
# ./passthrough.nix
];
hardware = {
graphics = {
enable = true;
enable32Bit = true;
};
nvidia-container-toolkit = {
enable = true;
suppressNvidiaDriverAssertion = true;
};
nvidia = {
modesetting.enable = true;
powerManagement.enable = false;
powerManagement.finegrained = false;
open = false; # keep it like that for now, unstable!!
nvidiaSettings = true;
package = unstable.linuxPackages.nvidiaPackages.latest;
};
};
services = {
sunshine = {
enable = false;
# autoStart = true;
# openFirewall = true;
package = pkgs.sunshine.overrideAttrs (old: {
cmakeFlags = (old.cmakeFlags or [ ]) ++ [
"-DSUNSHINE_ENABLE_CUDA=OFF"
"-DCUDA_FAIL_ON_MISSING=OFF"
];
});
};
};
nixpkgs.config.cudaSupport = true;
environment.systemPackages = with pkgs; [
mesa
glxinfo
libepoxy
libglvnd
nvidia-container-toolkit
cudaPackages.cudatoolkit
cudaPackages.cuda_nvcc
];
}

51
hosts/common/nvidia/passthrough.nix Normal file
View file

@ -0,0 +1,51 @@
# Under maintanence
{ pkgs
, ...
}:
let
# Optional helper for manual (re)binding at runtime
vfioBindScript = pkgs.writeShellScriptBin "vfio-bind" ''
#!${pkgs.runtimeShell}
DEV="$1" # e.g. 0000:81:00.0
echo vfio-pci > /sys/bus/pci/devices/$DEV/driver_override
${pkgs.kmod}/bin/modprobe -i vfio-pci
echo "$DEV" > /sys/bus/pci/drivers/vfio-pci/bind
'';
in
{
nixpkgs.config.allowUnfree = true;
boot = {
# Load vfio early and bind the second GPU before NVIDIA can claim it
initrd = {
kernelModules = [ "vfio_pci" ];
preDeviceCommands = ''
DEVS="0000:81:00.0 0000:81:00.1"
for DEV in $DEVS; do
echo "vfio-pci" > /sys/bus/pci/devices/$DEV/driver_override
done
modprobe -i vfio-pci
for DEV in $DEVS; do
echo $DEV > /sys/bus/pci/drivers/vfio-pci/bind
done
'';
};
kernelParams = [
"intel_iommu=on"
"iommu=pt"
];
kernelModules = [
"vfio_pci"
"vfio"
"vfio_iommu_type1"
"vfio_virqfd"
];
blacklistedKernelModules = [ "nouveau" ];
};
environment.systemPackages = with pkgs; [
vfioBindScript # optional manual tool
];
}

12
hosts/common/rclone.nix Normal file
View file

@ -0,0 +1,12 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
rclone
fuse3 # Required for mounting
];
users.users.thiago = {
extraGroups = [ "fuse" ];
};
}

8
hosts/common/screen.nix Normal file
View file

@ -0,0 +1,8 @@
{ pkgs, ... }:
{
hardware.i2c.enable = true;
environment.systemPackages = with pkgs; [
ddcutil
ddcui
];
}

38
hosts/common/users/thiago/default.nix Normal file
View file

@ -0,0 +1,38 @@
{ pkgs, config, ... }:
let
ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
in
{
users.users.thiago = {
isNormalUser = true;
initialPassword = "changeme";
extraGroups =
[
"networkmanager"
"wheel"
"scard"
]
++ ifTheyExist [
"wireshark"
"i2c"
"docker"
"git"
"libvirtd"
"libvirt"
"video"
"kvm"
"scanner"
"photos"
];
openssh.authorizedKeys.keyFiles = [
(builtins.fetchurl {
url = "https://github.com/sposito.keys";
sha256 = "0bwqj8si0q6kp9cdjgkp9kfz17f24wf476zqzvxbygn6f4av0wh2";
})
];
packages = [ pkgs.home-manager ];
};
}