thiago/nix-conf
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: initialize repo with NixOS and Home Manager configs

Browse source 
- Add .gitignore for common languages, tools, and OS/editor artifacts
- Configure .gitattributes for Git LFS (fonts, images, archives, ISOs)
- Add README with repo description
- Add flake.nix defining inputs and outputs for NixOS, Home Manager, and related modules
- Introduce home-manager configs:
  - Base home.nix with packages, services, and programs
  - Hyprland WM configuration (waybar, fuzzel, keybindings, theming)
  - Vim (nixvim) setup with LSP and plugins
  - Zsh setup with aliases, Oh My Zsh, clipboard helpers
  - Systemd user services (e.g., librespot)
- Add scripts (GPU monitor, RAM build helper, install automation)
- Add host configurations:
  - Nixbook (Apple laptop) with hardware, disko, and install script
  - Nixstation (desktop) with firewall, virtualization, Btrfs scrub timer
  - Nixtest (test VM) with QEMU + Alpine-based install test harness
  - Common modules (network, NVIDIA, rclone, screen, keychron, users)
- Include statix config for linting
This commit is contained in:
Thiago Sposito 2025-08-20 21:55:46 -03:00 committed by Thiago Alexandria Sposito
commit 095e9f4f6b
34 changed files with 1954 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.gitattributes vendored Normal file
View file

@ -0,0 +1,6 @@
*.otf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.jpg filter=lfs diff=lfs merge=lfs -text
*.jpeg filter=lfs diff=lfs merge=lfs -text
*.iso filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text

98
.gitignore vendored Normal file
View file

@ -0,0 +1,98 @@
# === General OS/Editor Noise ===
*.swp
*.swo
*.tmp
*.bak
*.old
*.orig
*.log
*.lock
.DS_Store
Thumbs.db
ehthumbs.db
# === Editor Configs ===
.vscode/
.idea/
*.code-workspace
*.sublime*
*.iml
# === Nix Specific ===
/result
/result-*
/.nix-channels/
/.nix-defexpr/
/.nix-profile/
/.cache/
*.drv
*.gc-daemon-log
# === Zig ===
**/.zig-cache/
**/zig-out/
# === Rust ===
**/target/
Cargo.lock
# === C / C++ / Zig / System ===
**/build/
**/bin/
**/obj/
**/*.o
**/*.a
**/*.so
**/*.d
**/*.out
**/*.exe
**/*.dll
# === Python ===
**/__pycache__/
**/*.pyc
**/.venv/
**/venv/
**/.mypy_cache/
**/.pytest_cache/
**/.tox/
**/.coverage
**/.hypothesis/
# === JavaScript / TypeScript / Node ===
**/node_modules/
**/dist/
**/build/
**/*.tsbuildinfo
**/.eslintcache
**/.parcel-cache/
# === Dotfiles and Secrets ===
.env
.env.*
*.secret
*.key
*.pem
*.crt
# === SQLite and data ===
*.db
*.sqlite
*.sqlite3
# === Compressed files ===
*.tar
*.tar.gz
*.tgz
*.zip
*.rar
*.7z
*.xz
# misc
custom/*/result
custom/*/result/*
**/.zig-cache/
result/*
result/

1
.statix.toml Normal file
View file

@ -0,0 +1 @@
disabled = ["empty_pattern"]

70
README.md Normal file
View file

@ -0,0 +1,70 @@
# My personal machines config files
This repository contains declarative configurations for personal machines managed with NixOS flakes and Home Manager.
The setup is split into host-specific configurations, common reusable modules, and user-level home configurations.
## Structure
- **flake.nix** — entry point, defines inputs (nixpkgs, home-manager, nixvim, etc.) and system/home outputs.
- **hosts/** — machine-specific system configurations.
- `Nixbook/` — laptop setup (Apple hardware, Hyprland, disk layout via disko).
- `Nixstation/` — desktop workstation (NVIDIA, virtualization, btrfs scrub, firewall).
- `Nixtest/` — minimal VM environment for testing with QEMU.
- `common/` — shared modules (users, keyboard, network, gpus, rclone, etc.).
- **home-manager/** — user environment configurations.
- `home.nix` — main Home Manager entry for user packages and programs.
- `vim.nix`, `zsh.nix`, `gnome.nix`, `hyprland/` — modular desktop and tool configurations.
- `scripts/` — helper shell scripts (GPU monitor, RAM-disk builds, install helpers).
## Usage
### Build and switch system configuration
```sh
sudo nixos-rebuild switch --flake .#<hostname>
````
Example for Nixbook:
```sh
sudo nixos-rebuild switch --flake .#Nixbook
```
### Build and switch home configuration
```sh
home-manager switch --flake .#thiago@<hostname>
```
Example for Nixstation:
```sh
home-manager switch --flake .#thiago@Nixstation
```
### Installation
For new installs, use the provided install scripts:
* **hosts/Nixbook/scripts/install.sh** — remote installation with `nixos-anywhere`.
* **hosts/Nixtest/scripts/install\_test.sh** — bootstraps a test VM with Alpine + QEMU.
### Scripts
Some helper scripts are included:
* `lsgpu.sh` — monitor NVIDIA GPUs in terminal.
* `nixstation-home-ram-build.sh` — run `home-manager` builds in a RAM disk.
* Install scripts under each host as described above.
## TODOs:
* Device identifiers (disk paths, GPU PCI IDs, monitor names) are currently hardcoded and may need modification on different hardware.
* Find a good secret management system/process
# Contributing
## Commit tags:
* feat: a new feature
* fix: a bug fix
* chore: maintenance tasks, config, tooling, repo setup
* docs: documentation only
* style: code style/formatting (no logic changes)
* refactor: code restructuring (no feature/bug fix)
* perf: performance improvements
* test: adding or modifying tests
* ci: continuous integration changes
* build: changes to build system or dependencies
## License
Configuration files are provided under GPLv3 where applicable

94
flake.nix Normal file
View file

@ -0,0 +1,94 @@
{
description = "my NixOS Config";
inputs = {
disko.url = "github:nix-community/disko";
disko.inputs.nixpkgs.follows = "nixpkgs";
nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05";
nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable";
home-manager = {
inputs.nixpkgs.follows = "nixpkgs";
url = "github:nix-community/home-manager/release-25.05";
};
nixvim = {
url = "github:nix-community/nixvim";
inputs.nixpkgs.follows = "nixpkgs";
};
vscode-extensions = {
url = "github:nix-community/nix-vscode-extensions";
inputs.nixpkgs.follows = "nixpkgs";
};
flake-utils.follows = "vscode-extensions/flake-utils";
flake-utils.inputs.nixpkgs.follows = "nixpkgs";
vs-extensions-pkgs.follows = "vscode-extensions/nixpkgs";
};
outputs =
{ self
, nixpkgs
, home-manager
, nixpkgs-unstable
, ...
}@inputs:
let
inherit (self) outputs;
system = "x86_64-linux";
unstable = import nixpkgs-unstable { inherit system; config.allowUnfree = true; };
pkgs = import nixpkgs { inherit system; config.allowUnfree = true; };
in
{
nixosConfigurations = {
Nixbook = nixpkgs.lib.nixosSystem {
specialArgs = {
inherit inputs outputs;
};
modules = [
./hosts/Nixbook
./hosts/Nixbook/disko.nix
inputs.disko.nixosModules.disko
];
};
Nixstation = nixpkgs.lib.nixosSystem {
specialArgs = { inherit inputs outputs unstable; };
modules = [
./hosts/Nixstation
];
};
};
homeConfigurations = {
"thiago@Nixbook" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.x86_64-linux;
extraSpecialArgs = {
inherit inputs outputs;
};
modules = [
./home-manager/home.nix
{ custom.sessionType = "wayland"; }
];
};
"thiago@Nixstation" = home-manager.lib.homeManagerConfiguration {
pkgs = nixpkgs.legacyPackages.x86_64-linux;
extraSpecialArgs = {
inherit inputs outputs;
};
modules = [
./home-manager/home.nix
{ custom.sessionType = "wayland"; }
];
};
};
apps.x86_64-linux.disko-install = {
type = "app";
program = "${inputs.disko.packages.x86_64-linux.disko}/bin/disko-install";
};
devShells.x86_64-linux = { };
};
}

149
home-manager/home.nix Normal file
View file

@ -0,0 +1,149 @@
{ config
, inputs
, lib
, pkgs
, ...
}:
{
imports = [
./hyprland
./vim.nix
./zsh.nix
];
nixpkgs = {
config = {
allowUnfree = true;
config.permittedInsecurePackages = [
"libsoup-2.74.3"
];
# Workaround for https://github.com/nix-community/home-manager/issues/2942
# nixpkgs.config.allowUnfreePredicate =
# pkg:
# builtins.elem (lib.getName pkg) [
# "steam"
# "steam-original"
# "steam-run"
# "steamtinkerlaunch"
# ];
};
};
home = {
homeDirectory = "/home/thiago";
packages = with pkgs; [
bambu-studio
direnv
fira-code
firefox
heroic
hwinfo
hydralauncher
inkscape
keymapp
lazygit
libinput
librespot
luarocks
nil
nixpkgs-fmt
nordic
obsidian
python3
python3Packages.pip
rclone
ripgrep
shfmt
statix
stylua
sysbench
transmission_4
uget
unzip
];
username = "thiago";
};
programs = {
git = {
aliases = {
br = "branch";
ca = "commit --amend";
can = "commit --amend --no-edit";
ci = "commit";
co = "checkout";
lg = "log --oneline --graph --decorate --all";
st = "status";
};
enable = true;
extraConfig = {
color.ui = "auto";
core = {
editor = "nvim";
autocrlf = "input";
};
init.defaultBranch = "main";
pull.rebase = true;
};
lfs.enable = true;
signing = {
key = "3065EA73A976D430";
signByDefault = true;
};
userEmail = "th.spo@pm.me";
userName = "Thiago Sposito";
};
home-manager.enable = true;
kitty = {
enable = true;
keybindings = {
"ctrl+alt+left" = "resize_window narrower";
"ctrl+alt+right" = "resize_window wider";
"ctrl+alt+up" = "resize_window taller";
"ctrl+alt+down" = "resize_window shorter";
};
settings = {
hide_window_decorations = "titlebar-only";
font_size = 16;
font = "ComicShannsMono Nerd Font Mono";
inactive_text_alpha = "0.6";
background_blur = 16;
background_opacity = 0.0;
};
themeFile = "Nord";
};
vscode = {
enable = true;
};
};
systemd.user.services.librespot-connect = {
Unit = {
Description = "Librespot (Spotify Connect) bound to LAN interface";
After = [ "network.target" ];
};
Service = {
ExecStart = "${pkgs.librespot}/bin/librespot \
--name LS-TEST \
--backend pulseaudio \
--device default \
--bitrate 320 \
--disable-audio-cache \
--enable-volume-normalisation \
--initial-volume 75 \
--zeroconf-port 17005";
Restart = "on-failure";
BindToDevice = "wlp7s0"; # Force binding to LAN interface
};
Install = {
WantedBy = [ "default.target" ];
};
};
systemd.user.startServices = "sd-switch";
home.stateVersion = "24.05";
}

48
home-manager/hyprland/config/fuzzel.ini Normal file
View file

@ -0,0 +1,48 @@
[main]
font=JetBrainsMono Nerd Font:size=12
icon-theme=Papirus
icon-size=16
layer=overlay
anchor=top
margin-top=10
margin-left=10
margin-right=10
width=40
height=30
background-color=#2e3440
text-color=#eceff4
selection-color=#5e81ac
selection-text-color=#eceff4
border-width=1
border-color=#4c566a
corner-radius=8
padding-left=12
padding-right=12
padding-top=8
padding-bottom=8
horizontal-pad=8
vertical-pad=4
dpi-aware=yes
prompt-text=>
log-level=warning
log-no-syslog=yes
log-file=
[keybindings]
scroll-up=ctrl+k,Up,scroll-0
scroll-down=ctrl+j,Down,scroll-1
page-up=Page_Up,scroll-page-0
page-down=Page_Down,scroll-page-1
beginning-of-list=Home
end-of-list=End
cancel=ctrl+g,Escape
select=Return,KP_Enter
select-1=1
select-2=2
select-3=3
select-4=4
select-5=5
select-6=6
select-7=7
select-8=8
select-9=9

0
home-manager/hyprland/config/waybar_config.json Normal file
View file

0
home-manager/hyprland/config/waybar_style.css Normal file
View file

194
home-manager/hyprland/default.nix Normal file
View file

@ -0,0 +1,194 @@
_: {
home.sessionVariables = {
fileManager = "thunar";
menu = "fuzzel --show drun";
run = "fuzzel --show run";
file = "fuzzel --show file";
};
programs = {
waybar = {
enable = true;
systemd.enable = true;
};
};
home.file = {
".config/fuzzel/fuzzel.ini".text = builtins.readFile ./config/fuzzel.ini;
".config/waybar/config".text = builtins.readFile ./config/waybar_config.json;
".config/waybar/style.css".text = builtins.readFile ./config/waybar_style.css;
};
wayland.windowManager.hyprland = {
enable = true;
settings = {
"$mod" = "SUPER";
layerrule = "ignorezero, waybar";
bind = [
"$mod, q, exec, kitty"
"$mod, c, killactive,"
"$mod, m, exit,"
"$mod, e, exec, $fileManager"
"$mod, v, togglefloating"
"$mod, r, exec, $menu"
"$mod, p, pseudo,"
"$mod, j, togglesplit,"
"$mod, d, exec, $run"
"$mod, f, exec, $file"
"$mod, 1, workspace, 1"
"$mod, 2, workspace, 2"
"$mod, 3, workspace, 3"
"$mod, 4, workspace, 4"
"$mod, 5, workspace, 5"
"$mod, 6, workspace, 6"
"$mod, 7, workspace, 7"
"$mod, 8, workspace, 8"
"$mod, 9, workspace, 9"
"$mod, 0, workspace, 10"
"$mod SHIFT, 1, movetoworkspace, 1"
"$mod SHIFT, 2, movetoworkspace, 2"
"$mod SHIFT, 3, movetoworkspace, 3"
"$mod SHIFT, 4, movetoworkspace, 4"
"$mod SHIFT, 5, movetoworkspace, 5"
"$mod SHIFT, 6, movetoworkspace, 6"
"$mod SHIFT, 7, movetoworkspace, 7"
"$mod SHIFT, 8, movetoworkspace, 8"
"$mod SHIFT, 9, movetoworkspace, 9"
"$mod SHIFT, 0, movetoworkspace, 10"
"$mod, S, togglespecialworkspace, magic"
"$mod SHIFT, S, movetoworkspace, special:magic"
"$mod, mouse_down, workspace, e+1"
"$mod, mouse_up, workspace, e-1"
];
bindm = [
"$mod, mouse:272, movewindow"
"$mod, mouse:273, resizewindow"
];
bindel = [
",XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+"
",XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-"
",XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle"
",XF86AudioMicMute, exec, wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle"
",XF86MonBrightnessUp, exec, brightnessctl s 10%+"
",XF86MonBrightnessDown, exec, brightnessctl s 10%-"
];
bindl = [
", XF86AudioNext, exec, playerctl next"
", XF86AudioPause, exec, playerctl play-pause"
", XF86AudioPlay, exec, playerctl play-pause"
", XF86AudioPrev, exec, playerctl previous"
];
env = [
"XCURSOR_SIZE,24"
"HYPRCURSOR_SIZE,24"
];
monitor = [
",preferred,auto,auto"
"HDMI-A-2,1920x1080@50,0x0,1"
"eDP-1,2560x1600@60,1920x0,2"
];
general = {
gaps_in = 2;
gaps_out = 3;
border_size = 1;
resize_on_border = true;
allow_tearing = false;
layout = "dwindle";
};
decoration = {
rounding = 2;
active_opacity = 1.0;
inactive_opacity = 0.9;
shadow = {
enabled = true;
range = 4;
render_power = 3;
color = "rgba(1a1a1aee)";
};
blur = {
enabled = true;
size = 17;
passes = 1;
vibrancy = 0.1696;
};
};
animations = {
enabled = "yes, please :)";
bezier = [
"easeOutQuint,0.23,1,0.32,1"
"easeInOutCubic,0.65,0.05,0.36,1"
"linear,0,0,1,1"
"almostLinear,0.5,0.5,0.75,1.0"
"quick,0.15,0,0.1,1"
];
animation = [
"global, 1, 10, default"
"border, 1, 5.39, easeOutQuint"
"windows, 1, 4.79, easeOutQuint"
"windowsIn, 1, 4.1, easeOutQuint, popin 87%"
"windowsOut, 1, 1.49, linear, popin 87%"
"fadeIn, 1, 1.73, almostLinear"
"fadeOut, 1, 1.46, almostLinear"
"fade, 1, 3.03, quick"
"layers, 1, 3.81, easeOutQuint"
"layersIn, 1, 4, easeOutQuint, fade"
"layersOut, 1, 1.5, linear, fade"
"fadeLayersIn, 1, 1.79, almostLinear"
"fadeLayersOut, 1, 1.39, almostLinear"
"workspaces, 1, 1.94, almostLinear, fade"
"workspacesIn, 1, 1.21, almostLinear, fade"
"workspacesOut, 1, 1.94, almostLinear, fade"
];
};
dwindle = {
pseudotile = true;
preserve_split = true;
};
master = {
new_status = "master";
};
misc = {
force_default_wallpaper = -1;
disable_hyprland_logo = true;
vfr = true;
vrr = 0;
};
input = {
kb_layout = "us";
follow_mouse = 1;
sensitivity = -0.1;
touchpad = {
"tap-to-click" = true;
"tap-and-drag" = true;
"natural_scroll" = true;
"middle_button_emulation" = true;
"clickfinger_behavior" = true;
"tap_button_map" = "lmr";
};
};
gestures = {
workspace_swipe = true;
};
device = {
name = "epic-mouse-v1";
sensitivity = -0.5;
};
};
};
}

37
home-manager/scripts/lsgpu.sh Executable file
View file

@ -0,0 +1,37 @@
#!/usr/bin/env bash
########################################################################
# 🄯 2025 Thiago Sposito — All rights reversed #
# This script is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License v3.0. #
# See https://www.gnu.org/licenses/gpl-3.0.html for full details. #
########################################################################
clear
if ! command -v nvidia-smi >/dev/null 2>&1; then
echo "non compatible gpu"
exit 1
fi
tput civis
stty -echo -icanon time 0 min 0
trap 'stty sane; tput cnorm; exit' INT TERM EXIT
while true; do
nvidia-smi \
--query-gpu=index,name,temperature.gpu,memory.used,memory.total,utilization.gpu \
--format=csv,noheader,nounits |
awk -F", " '{printf "GPU %s (%s): Temp: %s°C | Mem: %s/%s MiB | Util: %s%%\033[K\n", $1, $2, $3, $4, $5, $6}'
echo
read -n 1 -t 1 first
read -n 1 -t 0.1 second
key="${first}${second}"
if [[ "$key" == "q" || "$key" == ":q" ]]; then
break
fi
echo -en "\033[${LINES}A"
done

17
home-manager/scripts/nixstation-home-ram-build.sh Executable file
View file

@ -0,0 +1,17 @@
#!/usr/bin/env bash
set -e
RAMDISK_PATH="/mnt/ramdisk"
SIZE="16G"
FLAKE_NAME=".#thiago@Nixstation"
echo "[+] Creating RAM disk at $RAMDISK_PATH ($SIZE)"
sudo mkdir -p "$RAMDISK_PATH"
sudo mount -t tmpfs -o size=$SIZE tmpfs "$RAMDISK_PATH"
echo "[+] Running home-manager switch with TMPDIR=$RAMDISK_PATH"
TMPDIR="$RAMDISK_PATH" home-manager switch --flake "$FLAKE_NAME"
echo "[+] Cleaning up RAM disk"
sudo umount "$RAMDISK_PATH"

99
home-manager/vim.nix Normal file
View file

@ -0,0 +1,99 @@
{ pkgs, inputs, ... }:
{
imports = [
inputs.nixvim.homeManagerModules.nixvim
];
home.packages = with pkgs; [
ripgrep
];
programs.nixvim = {
enable = true;
colorschemes.nord.enable = true;
opts = {
clipboard = "unnamedplus";
number = true;
relativenumber = true;
shiftwidth = 2;
tabstop = 2;
expandtab = true;
smartindent = true;
};
plugins = {
lsp.enable = true;
lsp.servers = {
lua_ls.enable = true;
rust_analyzer = {
enable = true;
installRustc = true;
installCargo = true;
};
pyright.enable = true;
clangd.enable = true;
zls.enable = true;
nixd.enable = true;
};
cmp.enable = true;
cmp-nvim-lsp.enable = true;
cmp-buffer.enable = true;
cmp-path.enable = true;
lspkind.enable = true;
lsp-lines.enable = true;
none-ls = {
enable = true;
sources = {
formatting = {
stylua.enable = true;
shfmt.enable = true;
};
diagnostics = {
# luacheck.enable = true;
};
code_actions = {
statix.enable = true;
};
};
};
conform-nvim.enable = true;
};
extraConfigLua = ''
local cmp = require'cmp'
cmp.setup({
mapping = {
['<C-Space>'] = cmp.mapping.complete(), -- trigger manually
['<CR>'] = cmp.mapping.confirm({ select = true }), -- confirm with Enter
['<Tab>'] = cmp.mapping.select_next_item(),
['<S-Tab>'] = cmp.mapping.select_prev_item(),
},
sources = {
{ name = 'nvim_lsp' },
{ name = 'buffer' },
{ name = 'path' },
},
vim.api.nvim_create_autocmd("LspAttach", {
callback = function(args)
local buf = args.buf
local opts = { buffer = buf }
vim.keymap.set("n", "gd", vim.lsp.buf.definition, opts)
vim.keymap.set("n", "gr", vim.lsp.buf.references, opts)
vim.keymap.set("n", "K", vim.lsp.buf.hover, opts)
vim.keymap.set("n", "<leader>rn", vim.lsp.buf.rename, opts)
vim.keymap.set("n", "<leader>ca", vim.lsp.buf.code_action, opts)
vim.keymap.set("n", "<leader>f", function() vim.lsp.buf.format({ async = true }) end, opts)
vim.keymap.set("n", "<A-j>", ":m .+1<CR>==")
vim.keymap.set("n", "<A-k>", ":m .-2<CR>==")
end
})
})
'';
};
}

63
home-manager/zsh.nix Normal file
View file

@ -0,0 +1,63 @@
{ config
, lib
, pkgs
, ...
}:
let
isWayland = config.custom.sessionType == "wayland";
in
{
options.custom.sessionType = lib.mkOption {
type = lib.types.str;
default = "x11";
description = "The X session type: 'wayland' or 'x11'";
};
config = {
home.file."scripts/lsgpu.sh" = {
source = ./scripts/lsgpu.sh;
executable = true;
};
programs.zsh = {
enable = true;
autosuggestion.enable = true;
syntaxHighlighting.enable = true;
initContent = ''
eval "$(direnv hook zsh)"
export GPG_TTY=$(tty)
'';
shellAliases = lib.mkMerge [
{
"vi" = "nvim";
"vim" = "nvim";
"ll" = "ls -l";
"lsgpu" = "$HOME/scripts/lsgpu.sh";
"gedit" = "gnome-text-editor";
}
(lib.mkIf isWayland {
"pbcopy" = "wl-copy";
"pbpaste" = "wl-paste";
})
(lib.mkIf (!isWayland) {
"pbcopy" = "xclip -selection clipboard -i";
"pbpaste" = "xclip -selection clipboard -o";
})
];
oh-my-zsh = {
enable = true;
theme = "bureau";
plugins = [
"git"
"history"
];
};
};
home.packages = with pkgs; [ xclip ];
};
}

19
hosts/Nixbook/apple.nix Normal file
View file

@ -0,0 +1,19 @@
{ config
, lib
, pkgs
, ...
}:
{
boot.kernelParams = [
"hid_apple.iso_layout=0"
];
powerManagement = {
cpuFreqGovernor = "schedutil";
powerUpCommands = lib.mkBefore "${pkgs.kmod}/bin/modprobe brcmfmac";
powerDownCommands = lib.mkBefore "${pkgs.kmod}/bin/rmmod brcmfmac";
};
hardware.facetimehd.enable = lib.mkDefault (config.nixpkgs.config.allowUnfree or false);
services.mbpfan.enable = lib.mkDefault true;
}

56
hosts/Nixbook/default.nix Normal file
View file

@ -0,0 +1,56 @@
{ pkgs, ... }:
{
imports = [
../common/default.nix
./apple.nix
./hardware-configuration.nix
];
networking.hostName = "Nixbook";
programs.hyprland.enable = true;
programs.hyprland.withUWSM = true;
environment.sessionVariables = {
NIXOS_OZONE_WL = "1";
};
services = {
xserver.enable = true;
displayManager.sddm = {
enable = true;
wayland.enable = true;
};
libinput = {
enable = true;
touchpad.clickMethod = "clickfinger";
};
openssh = {
enable = true;
settings = {
PermitRootLogin = "yes";
PasswordAuthentication = false;
};
};
};
environment.systemPackages = with pkgs; [
exfat
gcsfuse
git
home-manager
hwinfo
libinput
neovim
nil
nixpkgs-fmt
rclone
wget
];
system.stateVersion = "23.11";
}

68
hosts/Nixbook/disko.nix Normal file
View file

@ -0,0 +1,68 @@
{ config, lib, ... }:
{
disko.devices = {
disk.main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
esp = {
size = "512M";
start = "1M";
type = "EF00";
label = "EFI";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
swap = {
size = "16G";
type = "8200";
label = "Swap";
content = {
type = "swap";
randomEncryption = false;
};
};
root = {
type = "8300";
label = "NixOS";
size = "870G";
content = {
type = "btrfs";
mountpoint = "/";
subvolumes = {
"@root" = {
mountpoint = "/";
};
"@nix" = {
mountpoint = "/nix";
};
"@home" = {
mountpoint = "/home";
};
"@log" = {
mountpoint = "/var/log";
};
};
extraArgs = [
"-L"
"nixos-root"
];
mountOptions = [
"compress=zstd"
"noatime"
];
};
};
};
};
};
};
}

32
hosts/Nixbook/hardware-configuration.nix Normal file
View file

@ -0,0 +1,32 @@
{ config
, lib
, pkgs
, modulesPath
, inputs
, ...
}:
{
imports = [
(modulesPath + "/hardware/network/broadcom-43xx.nix")
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd.availableKernelModules = [
"xhci_pci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
];
initrd.kernelModules = [ ];
kernelModules = [ "kvm-intel" ];
extraModulePackages = [ ];
};
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

68
hosts/Nixbook/scripts/install.sh Normal file
View file

@ -0,0 +1,68 @@
#!/usr/bin/env bash
set -euo pipefail
### CONFIGURATION ###
TARGET_IP="192.168.1.65"
INSTALL_USER="nixos"
INSTALL_PASS="123456"
SSH_KEY="$HOME/.ssh/id_rsa.pub"
FLAKE_PATH="./#Nixbook"
# Export variables needed inside nix-shell
export TARGET_IP INSTALL_USER INSTALL_PASS SSH_KEY FLAKE_PATH HOME
### Prerequisites Check ###
# Removed check, sshpass will be provided by nix-shell
### 0. Ensure SSH key is available ###
if [ ! -f "$SSH_KEY" ]; then
echo "❌ SSH key not found at $SSH_KEY"
exit 1
fi
### 1. Remove existing SSH known_hosts entry if it exists ###
echo "🧹 Checking for existing SSH known_hosts entry for $TARGET_IP..."
if grep -q "$TARGET_IP" ~/.ssh/known_hosts; then
echo "🔄 Removing existing SSH known_hosts entry for $TARGET_IP..."
ssh-keygen -R "$TARGET_IP"
else
echo "✅ No existing SSH known_hosts entry found for $TARGET_IP."
fi
### 2, 3, 4: Run commands requiring Nix-provided packages ###
# Use a single nix-shell environment for sshpass, openssh, and nixos-anywhere
nix-shell -p nixos-anywhere sshpass openssh --run '
# Re-set options for this subshell
set -euo pipefail
### 2. Add SSH key to remote temporary user ###
echo "🔐 Copying SSH key to $INSTALL_USER@$TARGET_IP..."
# sshpass and ssh-copy-id are from nix-shell environment
sshpass -p "$INSTALL_PASS" ssh-copy-id -i "$SSH_KEY" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null "$INSTALL_USER@$TARGET_IP"
### 3. Grant temporary user passwordless sudo on target machine ###
echo "🔧 Configuring sudo access for $INSTALL_USER on target..."
# ssh is from nix-shell environment
ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null "$INSTALL_USER@$TARGET_IP" <<EOF
# Ensure the sudoers.d directory exists
sudo mkdir -p /etc/sudoers.d
# Write the sudo rule
echo "$INSTALL_USER ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/90-$INSTALL_USER
sudo chmod 0440 /etc/sudoers.d/90-$INSTALL_USER
EOF
### 4. Run nixos-anywhere ###
echo "🚀 Starting nixos-anywhere install to $TARGET_IP..."
# nixos-anywhere is from nix-shell environment
nixos-anywhere \
-i ~/.ssh/id_rsa \
--ssh-option User=$INSTALL_USER \
--ssh-option StrictHostKeyChecking=no \
--ssh-option UserKnownHostsFile=/dev/null \
--flake $FLAKE_PATH \
--build-on-remote \
$TARGET_IP
'
echo "✅ Installation complete!"

170
hosts/Nixstation/default.nix Normal file
View file

@ -0,0 +1,170 @@
{ pkgs
, ...
}:
{
imports = [
../common/default.nix
../common/keychron.nix
../common/network.nix
../common/nvidia/default.nix
../common/rclone.nix
../common/screen.nix
./hardware-configuration.nix
];
boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
};
environment = {
systemPackages = with pkgs; [
act
btrfs-progs
cudatoolkit
networkmanagerapplet
];
variables = {
NIXOS_HOST = "nixstation";
NIXOS_DE = "wayland";
};
sessionVariables = {
NIXOS_OZONE_WL = "1";
XDG_SESSION_TYPE = "wayland";
QT_QPA_PLATFORM = "wayland";
GDK_BACKEND = "wayland";
};
};
hardware = {
sane.enable = true;
graphics.enable = true;
};
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "pt_BR.UTF-8";
LC_IDENTIFICATION = "pt_BR.UTF-8";
LC_MEASUREMENT = "pt_BR.UTF-8";
LC_MONETARY = "pt_BR.UTF-8";
LC_NAME = "pt_BR.UTF-8";
LC_NUMERIC = "pt_BR.UTF-8";
LC_PAPER = "pt_BR.UTF-8";
LC_TELEPHONE = "pt_BR.UTF-8";
LC_TIME = "pt_BR.UTF-8";
};
networking.firewall = {
enable = true;
allowPing = true;
allowedTCPPorts = [
11434
8888
8000
8080
];
};
nix = {
settings = {
auto-optimise-store = true;
};
};
programs = {
# steam = {
# enable = true;
# remotePlay.openFirewall = true;
# dedicatedServer.openFirewall = true;
# localNetworkGameTransfers.openFirewall = true;
# };
dconf.enable = true;
hyprland = {
enable = true;
withUWSM = true;
xwayland.enable = true;
};
virt-manager.enable = true;
};
# security.pam.services.gdm.enableGnomeKeyring = true;
security.rtkit.enable = true;
services = {
avahi = {
enable = true;
nssmdns4 = true;
openFirewall = true;
extraConfig = ''
[server]
allow-interfaces=wlp7s0
'';
};
earlyoom = {
enable = true;
freeMemThreshold = 5;
freeSwapThreshold = 10;
};
flatpak.enable = true;
greetd = {
enable = true;
settings.default_session = {
command = "${pkgs.hyprland}/bin/Hyprland";
user = "thiago";
};
};
pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
};
};
systemd = {
services."getty@tty1".enable = false;
services."autovt@tty1".enable = false;
};
systemd.timers.btrfs-scrub = {
description = "Run Btrfs Scrub Daily";
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "daily";
Persistent = true;
};
};
systemd.services = {
btrfs-scrub = {
description = "Daily Btrfs Scrub";
serviceConfig = {
Type = "oneshot";
Nice = 19;
IOSchedulingClass = "idle";
ExecStart = "${pkgs.btrfs-progs}/bin/btrfs scrub start -n 2 -B / && ${pkgs.btrfs-progs}/bin/btrfs scrub start -n 2 -B /mnt/hdd0";
};
};
};
system.stateVersion = "24.05"; # keep it!
time.timeZone = "America/Sao_Paulo";
virtualisation = {
vmware.host.enable = false;
spiceUSBRedirection.enable = true;
libvirtd = {
enable = true;
qemu.ovmf.enable = true;
qemu.package = pkgs.qemu_full;
};
};
zramSwap = {
enable = true;
memoryPercent = 30;
algorithm = "zstd";
};
}

65
hosts/Nixstation/hardware-configuration.nix Normal file
View file

@ -0,0 +1,65 @@
{ config
, lib
, modulesPath
, ...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot = {
initrd.availableKernelModules = [
"xhci_pci"
"ehci_pci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
"ahci"
];
kernelParams = [ "amd_pstate=active" ];
initrd.kernelModules = [ ];
kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ];
};
fileSystems = {
"/" = {
device = "/dev/disk/by-uuid/df74093a-637d-41a5-8c6a-2bf2dccc1506";
fsType = "btrfs";
options = [ "subvol=@" ];
};
"/boot" = {
device = "/dev/disk/by-uuid/E9BA-D1A3";
fsType = "vfat";
options = [
"fmask=0022"
"dmask=0022"
];
};
"/mnt/hdd0" = {
device = "/dev/disk/by-uuid/940353dd-5774-4577-aba3-516d3f9c404d";
fsType = "btrfs";
options = [ "defaults" ];
};
};
swapDevices = [ ];
networking = {
useDHCP = lib.mkDefault true;
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware = {
cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
enableRedistributableFirmware = true;
bluetooth.enable = true;
};
services.blueman.enable = true;
}

14
hosts/Nixstation/scripts/motd.sh Normal file
View file

@ -0,0 +1,14 @@
cat << 'EOF' > /etc/motd
▗▖ ▗▖▗▄▄▄▖▗▖ ▗▖ ▗▄▄▖▗▄▄▄▖▗▄▖▗▄▄▄▖▗▄▄▄▖ ▗▄▖ ▗▖ ▗▖
▐▛▚▖▐▌ █ ▝▚▞▘ ▐▌ █ ▐▌ ▐▌ █ █ ▐▌ ▐▌▐▛▚▖▐▌
▐▌ ▝▜▌ █ ▐▌ ▝▀▚▖ █ ▐▛▀▜▌ █ █ ▐▌ ▐▌▐▌ ▝▜▌
▐▌ ▐▌▗▄█▄▖▗▞▘▝▚▖▗▄▄▞▘ █ ▐▌ ▐▌ █ ▗▄█▄▖▝▚▄▞▘▐▌ ▐▌
[ Ryzen 7 5700G ]-[64 Gb ]-[ RTX 3090]
┏┳┓┓ • ┏┓ •
┃ ┣┓┓┏┓┏┓┏┓ ┗┓┏┓┏┓┏┓╋┏┓
┻ ┛┗┗┗┻┗┫┗┛ ┗┛┣┛┗┛┛┗┗┗┛
┛ ┛
EOF

29
hosts/Nixtest/default.nix Normal file
View file

@ -0,0 +1,29 @@
{ pkgs, ... }:
{
imports = [
./disko.nix
];
networking.hostName = "Nixtest";
services = {
xserver.enable = true;
displayManager.sddm = {
enable = true;
};
openssh = {
enable = true;
settings = {
PermitRootLogin = "yes";
PasswordAuthentication = true;
};
};
};
environment.systemPackages = with pkgs; [
git
home-manager
];
system.stateVersion = "23.11";
}

58
hosts/Nixtest/disko.nix Normal file
View file

@ -0,0 +1,58 @@
{ config, lib, ... }:
{
disko.devices = {
disk.main = {
type = "disk";
device = "/dev/nvme0n1";
content = {
type = "gpt";
partitions = {
esp = {
size = "128M";
start = "1M";
type = "EF00";
label = "EFI";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
type = "8300";
label = "NixOS";
size = "32G";
content = {
type = "btrfs";
mountpoint = "/";
subvolumes = {
"@root" = {
mountpoint = "/";
};
"@nix" = {
mountpoint = "/nix";
};
"@home" = {
mountpoint = "/home";
};
"@log" = {
mountpoint = "/var/log";
};
};
extraArgs = [
"-L"
"nixos-root"
];
mountOptions = [
"compress=zstd"
"noatime"
];
};
};
};
};
};
};
}

93
hosts/Nixtest/scripts/install_test.sh Normal file
View file

@ -0,0 +1,93 @@
#!/usr/bin/env bash
set -euo pipefail
### Configuration ###
# Find virtual images at: https://alpinelinux.org/downloads/ -> Virtual
ALPINE_VERSION="3.19.1"
ALPINE_ARCH="x86_64"
ALPINE_IMAGE_FILENAME="alpine-virt-${ALPINE_VERSION}-${ALPINE_ARCH}.iso"
ALPINE_IMAGE_URL="https://dl-cdn.alpinelinux.org/alpine/v$(echo $ALPINE_VERSION | cut -d. -f1-2)/releases/${ALPINE_ARCH}/${ALPINE_IMAGE_FILENAME}"
QEMU_MEM="2048"
QEMU_CPUS="2"
QEMU_SSH_HOST_PORT="2222"
QEMU_PID_FILE="qemu_test.pid"
TARGET_IP="127.0.0.1"
TARGET_PORT="${QEMU_SSH_HOST_PORT}"
TARGET_USER="root"
SSH_KEY_PUB="$HOME/.ssh/id_rsa.pub"
SSH_KEY_PRIV="$HOME/.ssh/id_rsa"
FLAKE_PATH="./#Nixtest"
### Helper Functions ###
cleanup_qemu() {
if [ -f "$QEMU_PID_FILE" ]; then
echo "🧹 Cleaning up previous QEMU instance..."
kill -- "-$(cat $QEMU_PID_FILE)" 2>/dev/null || kill "$(cat $QEMU_PID_FILE)" 2>/dev/null || true
rm -f "$QEMU_PID_FILE"
sleep 2
echo "🧹 Cleanup complete."
fi
}
launch_qemu_alpine() {
echo "🚀 Launching QEMU with Alpine Linux (${ALPINE_IMAGE_FILENAME})..."
qemu-system-x86_64 \
-m "${QEMU_MEM}" \
-smp "${QEMU_CPUS}" \
-enable-kvm \
-nic user,model=virtio-net-pci,hostfwd=tcp::${TARGET_PORT}-:22 \
-drive file="${ALPINE_IMAGE_FILENAME}",media=cdrom,readonly=on \
-boot d \
-display none \
-daemonize \
-pidfile "$QEMU_PID_FILE"
echo "⏳ Waiting for QEMU to boot and SSH to become available on port ${TARGET_PORT}..."
local max_wait=90
local waited=0
while ! ssh -p "${TARGET_PORT}" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ConnectTimeout=2 -o ConnectionAttempts=3 "${TARGET_USER}@${TARGET_IP}" exit >/dev/null 2>&1; do
sleep 3
waited=$((waited + 3))
if [ "$waited" -ge "$max_wait" ]; then
echo "❌ Timed out waiting for SSH on port ${TARGET_PORT}."
cat "$QEMU_PID_FILE"
cleanup_qemu
exit 1
fi
echo -n "."
done
echo
echo "✅ QEMU Alpine VM is up and SSH is ready on port ${TARGET_PORT}."
}
### Main Script ###
trap cleanup_qemu EXIT SIGINT SIGTERM
if [ ! -f "$ALPINE_IMAGE_FILENAME" ]; then
echo "⏬ Downloading Alpine image: ${ALPINE_IMAGE_FILENAME}..."
wget --progress=bar:force -O "$ALPINE_IMAGE_FILENAME" "$ALPINE_IMAGE_URL"
else
echo "✅ Alpine image found locally: ${ALPINE_IMAGE_FILENAME}"
fi
if [ ! -f "$SSH_KEY_PUB" ] || [ ! -f "$SSH_KEY_PRIV" ]; then
echo "❌ SSH key not found at $SSH_KEY_PRIV or $SSH_KEY_PUB"
echo " Please generate one using 'ssh-keygen' or specify the correct path."
exit 1
fi
echo "✅ Using SSH key: ${SSH_KEY_PRIV}"
cleanup_qemu
launch_qemu_alpine
# --- Installation logic will go here ---
echo "🏁 Test script placeholder finished. VM is running."
echo " PID: $(cat $QEMU_PID_FILE)"
echo " To connect: ssh -p ${TARGET_PORT} ${TARGET_USER}@${TARGET_IP}"

22
hosts/Nixtest/scripts/install_test_shell.nix Normal file
View file

@ -0,0 +1,22 @@
{ pkgs ? import <nixpkgs> { }
,
}:
pkgs.mkShell {
name = "nixos-anywhere-test-env";
packages = with pkgs; [
nix
nixos-anywhere
openssh
sshpass
qemu_full
wget
];
shellHook = ''
echo "Entered NixOS Anywhere Test Environment."
echo "Alpine image will be downloaded if needed."
echo "Run ./install_test.sh to start the QEMU VM and run the installation."
'';
}

64
hosts/common/default.nix Normal file
View file

@ -0,0 +1,64 @@
{ config
, inputs
, lib
, pkgs
, ...
}:
{
imports = [ ./users/thiago/default.nix ];
boot.loader.systemd-boot.enable = true;
environment = {
shells = with pkgs; [ zsh ];
etc = lib.mapAttrs'
(name: value: {
name = "nix/path/${name}";
value.source = value.flake;
})
config.nix.registry;
systemPackages = with pkgs; [
exfat
file
gcsfuse
git
gnupg
home-manager
keymapp
opensc
pciutils
pcsc-safenet
pcsctools
pkcs11helper
sops
wget
zsa-udev-rules
];
};
hardware.keyboard.zsa.enable = true;
networking.networkmanager.enable = true;
nix = {
registry = (lib.mapAttrs (_: flake: { inherit flake; })) (
(lib.filterAttrs (_: lib.isType "flake")) inputs
);
nixPath = [ "/etc/nix/path" ];
settings = {
experimental-features = "nix-command flakes";
auto-optimise-store = true;
};
};
nixpkgs.config.allowUnfree = true;
programs.zsh.enable = true;
services = {
pcscd.enable = true;
# xserver.displayManager.sessionCommands =
# "${pkgs.xorg.xmodmap}/bin/xmodmap -e 'keycode 64 = Alt_L'";
};
users.groups.scard = { };
time.timeZone = "America/Sao_Paulo";
users.defaultUserShell = pkgs.zsh;
}

41
hosts/common/keychron.nix Normal file
View file

@ -0,0 +1,41 @@
{ pkgs, ... }:
{
services.xserver = {
enable = true;
xkb = {
layout = "custom-br";
variant = "";
model = "pc105";
extraLayouts = {
custom-br = {
description = "US Custom BR (apostrophe + c ç)";
languages = [ "eng" ];
symbolsFile = pkgs.writeText "custom-br" ''
partial alphanumeric_keys
xkb_symbols "basic" {
include "us(altgr-intl)"
name[Group1]= "US Custom BR (apostrophe + c ç)";
// Override the apostrophe key to be a fake dead key
key <AC10> {
type= "FOUR_LEVEL",
symbols[Group1]= [ dead_acute, dead_acute, dead_acute, dead_acute ]
};
// Redefine the c key to output ç when used after apostrophe
key <AC03> {
type= "ALPHABETIC",
symbols[Group1]= [ c, C, ccedilla, Ccedilla ]
};
replace key <LALT> { [ Alt_L, Meta_L ] };
};
'';
};
};
};
};
}

116
hosts/common/network.nix Normal file
View file

@ -0,0 +1,116 @@
{ pkgs, ... }:
{
networking = {
hostName = "Nixstation";
networkmanager.enable = true;
firewall = {
enable = true;
allowPing = true;
allowedTCPPorts = [
2375
4780
11470
25565
];
allowedUDPPorts = [
8888
8899
];
};
};
services = {
tailscale.enable = true;
openssh.enable = true;
# openssh.settings.X11Forwarding = true;
};
virtualisation.docker = {
enable = true;
package = pkgs.docker_25;
storageDriver = "btrfs";
daemon.settings = {
hosts = [ "unix:///var/run/docker.sock" ];
features.cdi = true;
userland-proxy = false;
experimental = true;
metrics-addr = "0.0.0.0:9323";
};
# daemon.settings = {
# hosts = [
# "unix:///var/run/docker.sock"
# ];
# features = {
# cdi = true;
# };
# userland-proxy = false;
# experimental = true;
# metrics-addr = "0.0.0.0:9323";
# default-runtime = "nvidia";
# runtimes = {
# nvidia = {
# path = "nvidia-container-runtime";
# };
# nvidia-cdi = {
# path = "nvidia-container-runtime.cdi";
# };
# nvidia-legacy = {
# path = "nvidia-container-runtime.legacy";
# };
# };
# };
};
services.samba = {
enable = true;
openFirewall = true;
settings = {
global = {
"workgroup" = "WORKGROUP";
"server string" = "smbnix";
"netbios name" = "smbnix";
# "use sendfile" = "yes";
# "max protocol" = "smb2";
# note: localhost is the ipv6 localhost ::1
"hosts allow" = "192.168.0. 192.168. 192.168.122.55 127.0.0.1 localhost";
"hosts deny" = "0.0.0.0/0";
"guest account" = "nobody";
"map to guest" = "bad user";
security = "user";
# shared = {
# path = "/home/thiago/Downloads/oblivion";
# browseable = true;
# writable = false;
# guestOk = true;
# "force user" = "thiago";
# };
};
# shares = {
# OneDrive = ''
# path = "/run/media/thiago/hdd0/OneDrive/"
# browseable = "yes"
# "read only" = "no"
# "guest ok" = "no"
# "create mask" = "0644"
# "directory mask" = "0755"
# "force user" = "thiago"
# "force group" = "users"
# '';
# };
};
};
services.samba-wsdd = {
enable = true;
openFirewall = true;
};
}

54
hosts/common/nvidia/default.nix Normal file
View file

@ -0,0 +1,54 @@
{ config
, pkgs
, unstable
, ...
}:
{
imports = [
# ./passthrough.nix
];
hardware = {
graphics = {
enable = true;
enable32Bit = true;
};
nvidia-container-toolkit = {
enable = true;
suppressNvidiaDriverAssertion = true;
};
nvidia = {
modesetting.enable = true;
powerManagement.enable = false;
powerManagement.finegrained = false;
open = false; # keep it like that for now, unstable!!
nvidiaSettings = true;
package = unstable.linuxPackages.nvidiaPackages.latest;
};
};
services = {
sunshine = {
enable = false;
# autoStart = true;
# openFirewall = true;
package = pkgs.sunshine.overrideAttrs (old: {
cmakeFlags = (old.cmakeFlags or [ ]) ++ [
"-DSUNSHINE_ENABLE_CUDA=OFF"
"-DCUDA_FAIL_ON_MISSING=OFF"
];
});
};
};
nixpkgs.config.cudaSupport = true;
environment.systemPackages = with pkgs; [
mesa
glxinfo
libepoxy
libglvnd
nvidia-container-toolkit
cudaPackages.cudatoolkit
cudaPackages.cuda_nvcc
];
}

51
hosts/common/nvidia/passthrough.nix Normal file
View file

@ -0,0 +1,51 @@
# Under maintanence
{ pkgs
, ...
}:
let
# Optional helper for manual (re)binding at runtime
vfioBindScript = pkgs.writeShellScriptBin "vfio-bind" ''
#!${pkgs.runtimeShell}
DEV="$1" # e.g. 0000:81:00.0
echo vfio-pci > /sys/bus/pci/devices/$DEV/driver_override
${pkgs.kmod}/bin/modprobe -i vfio-pci
echo "$DEV" > /sys/bus/pci/drivers/vfio-pci/bind
'';
in
{
nixpkgs.config.allowUnfree = true;
boot = {
# Load vfio early and bind the second GPU before NVIDIA can claim it
initrd = {
kernelModules = [ "vfio_pci" ];
preDeviceCommands = ''
DEVS="0000:81:00.0 0000:81:00.1"
for DEV in $DEVS; do
echo "vfio-pci" > /sys/bus/pci/devices/$DEV/driver_override
done
modprobe -i vfio-pci
for DEV in $DEVS; do
echo $DEV > /sys/bus/pci/drivers/vfio-pci/bind
done
'';
};
kernelParams = [
"intel_iommu=on"
"iommu=pt"
];
kernelModules = [
"vfio_pci"
"vfio"
"vfio_iommu_type1"
"vfio_virqfd"
];
blacklistedKernelModules = [ "nouveau" ];
};
environment.systemPackages = with pkgs; [
vfioBindScript # optional manual tool
];
}

12
hosts/common/rclone.nix Normal file
View file

@ -0,0 +1,12 @@
{ pkgs, ... }:
{
environment.systemPackages = with pkgs; [
rclone
fuse3 # Required for mounting
];
users.users.thiago = {
extraGroups = [ "fuse" ];
};
}

8
hosts/common/screen.nix Normal file
View file

@ -0,0 +1,8 @@
{ pkgs, ... }:
{
hardware.i2c.enable = true;
environment.systemPackages = with pkgs; [
ddcutil
ddcui
];
}

38
hosts/common/users/thiago/default.nix Normal file
View file

@ -0,0 +1,38 @@
{ pkgs, config, ... }:
let
ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups;
in
{
users.users.thiago = {
isNormalUser = true;
initialPassword = "changeme";
extraGroups =
[
"networkmanager"
"wheel"
"scard"
]
++ ifTheyExist [
"wireshark"
"i2c"
"docker"
"git"
"libvirtd"
"libvirt"
"video"
"kvm"
"scanner"
"photos"
];
openssh.authorizedKeys.keyFiles = [
(builtins.fetchurl {
url = "https://github.com/sposito.keys";
sha256 = "0bwqj8si0q6kp9cdjgkp9kfz17f24wf476zqzvxbygn6f4av0wh2";
})
];
packages = [ pkgs.home-manager ];
};
}