From d0b63ce6015a54a6c295e1161a82228ff0dc0aca Mon Sep 17 00:00:00 2001 From: Thiago Sposito Date: Wed, 20 Aug 2025 21:55:46 -0300 Subject: [PATCH] feat: initialize repo with NixOS and Home Manager configs - Add .gitignore for common languages, tools, and OS/editor artifacts - Configure .gitattributes for Git LFS (fonts, images, archives, ISOs) - Add README with repo description - Add flake.nix defining inputs and outputs for NixOS, Home Manager, and related modules - Introduce home-manager configs: - Base home.nix with packages, services, and programs - Hyprland WM configuration (waybar, fuzzel, keybindings, theming) - Vim (nixvim) setup with LSP and plugins - Zsh setup with aliases, Oh My Zsh, clipboard helpers - Systemd user services (e.g., librespot) - Add scripts (GPU monitor, RAM build helper, install automation) - Add host configurations: - Nixbook (Apple laptop) with hardware, disko, and install script - Nixstation (desktop) with firewall, virtualization, Btrfs scrub timer - Nixtest (test VM) with QEMU + Alpine-based install test harness - Common modules (network, NVIDIA, rclone, screen, keychron, users) - Include statix config for linting --- .gitattributes | 6 + .gitignore | 98 +++++++++ .statix.toml | 1 + README.md | 70 +++++++ flake.nix | 94 +++++++++ home-manager/home.nix | 149 ++++++++++++++ home-manager/hyprland/config/fuzzel.ini | 48 +++++ .../hyprland/config/waybar_config.json | 0 home-manager/hyprland/config/waybar_style.css | 0 home-manager/hyprland/default.nix | 194 ++++++++++++++++++ home-manager/scripts/lsgpu.sh | 37 ++++ .../scripts/nixstation-home-ram-build.sh | 17 ++ home-manager/vim.nix | 99 +++++++++ home-manager/zsh.nix | 63 ++++++ hosts/Nixbook/apple.nix | 19 ++ hosts/Nixbook/default.nix | 56 +++++ hosts/Nixbook/disko.nix | 68 ++++++ hosts/Nixbook/hardware-configuration.nix | 32 +++ hosts/Nixbook/scripts/install.sh | 68 ++++++ hosts/Nixstation/default.nix | 170 +++++++++++++++ hosts/Nixstation/hardware-configuration.nix | 65 ++++++ hosts/Nixstation/scripts/motd.sh | 14 ++ hosts/Nixtest/default.nix | 29 +++ hosts/Nixtest/disko.nix | 58 ++++++ hosts/Nixtest/scripts/install_test.sh | 93 +++++++++ hosts/Nixtest/scripts/install_test_shell.nix | 22 ++ hosts/common/default.nix | 64 ++++++ hosts/common/keychron.nix | 41 ++++ hosts/common/network.nix | 116 +++++++++++ hosts/common/nvidia/default.nix | 54 +++++ hosts/common/nvidia/passthrough.nix | 51 +++++ hosts/common/rclone.nix | 12 ++ hosts/common/screen.nix | 8 + hosts/common/users/thiago/default.nix | 38 ++++ 34 files changed, 1954 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 .statix.toml create mode 100644 README.md create mode 100644 flake.nix create mode 100644 home-manager/home.nix create mode 100644 home-manager/hyprland/config/fuzzel.ini create mode 100644 home-manager/hyprland/config/waybar_config.json create mode 100644 home-manager/hyprland/config/waybar_style.css create mode 100644 home-manager/hyprland/default.nix create mode 100755 home-manager/scripts/lsgpu.sh create mode 100755 home-manager/scripts/nixstation-home-ram-build.sh create mode 100644 home-manager/vim.nix create mode 100644 home-manager/zsh.nix create mode 100644 hosts/Nixbook/apple.nix create mode 100644 hosts/Nixbook/default.nix create mode 100644 hosts/Nixbook/disko.nix create mode 100644 hosts/Nixbook/hardware-configuration.nix create mode 100644 hosts/Nixbook/scripts/install.sh create mode 100644 hosts/Nixstation/default.nix create mode 100644 hosts/Nixstation/hardware-configuration.nix create mode 100644 hosts/Nixstation/scripts/motd.sh create mode 100644 hosts/Nixtest/default.nix create mode 100644 hosts/Nixtest/disko.nix create mode 100644 hosts/Nixtest/scripts/install_test.sh create mode 100644 hosts/Nixtest/scripts/install_test_shell.nix create mode 100644 hosts/common/default.nix create mode 100644 hosts/common/keychron.nix create mode 100644 hosts/common/network.nix create mode 100644 hosts/common/nvidia/default.nix create mode 100644 hosts/common/nvidia/passthrough.nix create mode 100644 hosts/common/rclone.nix create mode 100644 hosts/common/screen.nix create mode 100644 hosts/common/users/thiago/default.nix diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..a834076 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,6 @@ +*.otf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.jpg filter=lfs diff=lfs merge=lfs -text +*.jpeg filter=lfs diff=lfs merge=lfs -text +*.iso filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..f802428 --- /dev/null +++ b/.gitignore @@ -0,0 +1,98 @@ +# === General OS/Editor Noise === +*.swp +*.swo +*.tmp +*.bak +*.old +*.orig +*.log +*.lock +.DS_Store +Thumbs.db +ehthumbs.db + +# === Editor Configs === +.vscode/ +.idea/ +*.code-workspace +*.sublime* +*.iml + +# === Nix Specific === +/result +/result-* +/.nix-channels/ +/.nix-defexpr/ +/.nix-profile/ +/.cache/ +*.drv +*.gc-daemon-log + + +# === Zig === +**/.zig-cache/ +**/zig-out/ + +# === Rust === +**/target/ +Cargo.lock + +# === C / C++ / Zig / System === +**/build/ +**/bin/ +**/obj/ +**/*.o +**/*.a +**/*.so +**/*.d +**/*.out +**/*.exe +**/*.dll + +# === Python === +**/__pycache__/ +**/*.pyc +**/.venv/ +**/venv/ +**/.mypy_cache/ +**/.pytest_cache/ +**/.tox/ +**/.coverage +**/.hypothesis/ + +# === JavaScript / TypeScript / Node === +**/node_modules/ +**/dist/ +**/build/ +**/*.tsbuildinfo +**/.eslintcache +**/.parcel-cache/ + +# === Dotfiles and Secrets === +.env +.env.* +*.secret +*.key +*.pem +*.crt + +# === SQLite and data === +*.db +*.sqlite +*.sqlite3 + +# === Compressed files === +*.tar +*.tar.gz +*.tgz +*.zip +*.rar +*.7z +*.xz + +# misc +custom/*/result +custom/*/result/* +**/.zig-cache/ +result/* +result/ \ No newline at end of file diff --git a/.statix.toml b/.statix.toml new file mode 100644 index 0000000..b7440bb --- /dev/null +++ b/.statix.toml @@ -0,0 +1 @@ +disabled = ["empty_pattern"] \ No newline at end of file diff --git a/README.md b/README.md new file mode 100644 index 0000000..4196e24 --- /dev/null +++ b/README.md @@ -0,0 +1,70 @@ +# My personal machines config files + +This repository contains declarative configurations for personal machines managed with NixOS flakes and Home Manager. +The setup is split into host-specific configurations, common reusable modules, and user-level home configurations. + +## Structure +- **flake.nix** — entry point, defines inputs (nixpkgs, home-manager, nixvim, etc.) and system/home outputs. +- **hosts/** — machine-specific system configurations. + - `Nixbook/` — laptop setup (Apple hardware, Hyprland, disk layout via disko). + - `Nixstation/` — desktop workstation (NVIDIA, virtualization, btrfs scrub, firewall). + - `Nixtest/` — minimal VM environment for testing with QEMU. + - `common/` — shared modules (users, keyboard, network, gpus, rclone, etc.). +- **home-manager/** — user environment configurations. + - `home.nix` — main Home Manager entry for user packages and programs. + - `vim.nix`, `zsh.nix`, `gnome.nix`, `hyprland/` — modular desktop and tool configurations. + - `scripts/` — helper shell scripts (GPU monitor, RAM-disk builds, install helpers). + +## Usage +### Build and switch system configuration + +```sh +sudo nixos-rebuild switch --flake .# +```` + +Example for Nixbook: + +```sh +sudo nixos-rebuild switch --flake .#Nixbook +``` + +### Build and switch home configuration +```sh +home-manager switch --flake .#thiago@ +``` + +Example for Nixstation: +```sh +home-manager switch --flake .#thiago@Nixstation +``` + +### Installation +For new installs, use the provided install scripts: +* **hosts/Nixbook/scripts/install.sh** — remote installation with `nixos-anywhere`. +* **hosts/Nixtest/scripts/install\_test.sh** — bootstraps a test VM with Alpine + QEMU. + +### Scripts +Some helper scripts are included: +* `lsgpu.sh` — monitor NVIDIA GPUs in terminal. +* `nixstation-home-ram-build.sh` — run `home-manager` builds in a RAM disk. +* Install scripts under each host as described above. + +## TODOs: +* Device identifiers (disk paths, GPU PCI IDs, monitor names) are currently hardcoded and may need modification on different hardware. +* Find a good secret management system/process + +# Contributing +## Commit tags: +* feat: a new feature +* fix: a bug fix +* chore: maintenance tasks, config, tooling, repo setup +* docs: documentation only +* style: code style/formatting (no logic changes) +* refactor: code restructuring (no feature/bug fix) +* perf: performance improvements +* test: adding or modifying tests +* ci: continuous integration changes +* build: changes to build system or dependencies + +## License +Configuration files are provided under GPLv3 where applicable diff --git a/flake.nix b/flake.nix new file mode 100644 index 0000000..a8e2fb8 --- /dev/null +++ b/flake.nix @@ -0,0 +1,94 @@ +{ + description = "my NixOS Config"; + + inputs = { + disko.url = "github:nix-community/disko"; + disko.inputs.nixpkgs.follows = "nixpkgs"; + nixpkgs.url = "github:nixos/nixpkgs/nixos-25.05"; + nixpkgs-unstable.url = "github:nixos/nixpkgs/nixos-unstable"; + + home-manager = { + inputs.nixpkgs.follows = "nixpkgs"; + url = "github:nix-community/home-manager/release-25.05"; + }; + nixvim = { + url = "github:nix-community/nixvim"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + vscode-extensions = { + url = "github:nix-community/nix-vscode-extensions"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + + flake-utils.follows = "vscode-extensions/flake-utils"; + flake-utils.inputs.nixpkgs.follows = "nixpkgs"; + vs-extensions-pkgs.follows = "vscode-extensions/nixpkgs"; + }; + + outputs = + { self + , nixpkgs + , home-manager + , nixpkgs-unstable + , ... + }@inputs: + let + inherit (self) outputs; + system = "x86_64-linux"; + unstable = import nixpkgs-unstable { inherit system; config.allowUnfree = true; }; + pkgs = import nixpkgs { inherit system; config.allowUnfree = true; }; + in + { + nixosConfigurations = { + Nixbook = nixpkgs.lib.nixosSystem { + specialArgs = { + inherit inputs outputs; + }; + modules = [ + ./hosts/Nixbook + ./hosts/Nixbook/disko.nix + inputs.disko.nixosModules.disko + ]; + }; + Nixstation = nixpkgs.lib.nixosSystem { + specialArgs = { inherit inputs outputs unstable; }; + modules = [ + ./hosts/Nixstation + ]; + }; + }; + + homeConfigurations = { + "thiago@Nixbook" = home-manager.lib.homeManagerConfiguration { + pkgs = nixpkgs.legacyPackages.x86_64-linux; + extraSpecialArgs = { + inherit inputs outputs; + }; + + modules = [ + ./home-manager/home.nix + { custom.sessionType = "wayland"; } + ]; + }; + "thiago@Nixstation" = home-manager.lib.homeManagerConfiguration { + pkgs = nixpkgs.legacyPackages.x86_64-linux; + extraSpecialArgs = { + inherit inputs outputs; + }; + + modules = [ + ./home-manager/home.nix + { custom.sessionType = "wayland"; } + ]; + }; + }; + + apps.x86_64-linux.disko-install = { + type = "app"; + program = "${inputs.disko.packages.x86_64-linux.disko}/bin/disko-install"; + }; + + devShells.x86_64-linux = { }; + }; +} diff --git a/home-manager/home.nix b/home-manager/home.nix new file mode 100644 index 0000000..7a4bf3a --- /dev/null +++ b/home-manager/home.nix @@ -0,0 +1,149 @@ +{ config +, inputs +, lib +, pkgs +, ... +}: +{ + imports = [ + ./hyprland + ./vim.nix + ./zsh.nix + ]; + + nixpkgs = { + config = { + allowUnfree = true; + config.permittedInsecurePackages = [ + "libsoup-2.74.3" + ]; + # Workaround for https://github.com/nix-community/home-manager/issues/2942 + # nixpkgs.config.allowUnfreePredicate = + # pkg: + # builtins.elem (lib.getName pkg) [ + # "steam" + # "steam-original" + # "steam-run" + # "steamtinkerlaunch" + # ]; + }; + }; + + home = { + homeDirectory = "/home/thiago"; + packages = with pkgs; [ + bambu-studio + direnv + fira-code + firefox + heroic + hwinfo + hydralauncher + inkscape + keymapp + lazygit + libinput + librespot + luarocks + nil + nixpkgs-fmt + nordic + obsidian + python3 + python3Packages.pip + rclone + ripgrep + shfmt + statix + stylua + sysbench + transmission_4 + uget + unzip + ]; + username = "thiago"; + }; + + programs = { + git = { + aliases = { + br = "branch"; + ca = "commit --amend"; + can = "commit --amend --no-edit"; + ci = "commit"; + co = "checkout"; + lg = "log --oneline --graph --decorate --all"; + st = "status"; + }; + enable = true; + extraConfig = { + color.ui = "auto"; + core = { + editor = "nvim"; + autocrlf = "input"; + }; + init.defaultBranch = "main"; + pull.rebase = true; + }; + lfs.enable = true; + signing = { + key = "3065EA73A976D430"; + signByDefault = true; + }; + userEmail = "th.spo@pm.me"; + userName = "Thiago Sposito"; + }; + + home-manager.enable = true; + + kitty = { + enable = true; + keybindings = { + "ctrl+alt+left" = "resize_window narrower"; + "ctrl+alt+right" = "resize_window wider"; + "ctrl+alt+up" = "resize_window taller"; + "ctrl+alt+down" = "resize_window shorter"; + }; + + settings = { + hide_window_decorations = "titlebar-only"; + font_size = 16; + font = "ComicShannsMono Nerd Font Mono"; + inactive_text_alpha = "0.6"; + background_blur = 16; + background_opacity = 0.0; + }; + themeFile = "Nord"; + }; + + vscode = { + enable = true; + }; + }; + + systemd.user.services.librespot-connect = { + Unit = { + Description = "Librespot (Spotify Connect) bound to LAN interface"; + After = [ "network.target" ]; + }; + Service = { + ExecStart = "${pkgs.librespot}/bin/librespot \ + --name LS-TEST \ + --backend pulseaudio \ + --device default \ + --bitrate 320 \ + --disable-audio-cache \ + --enable-volume-normalisation \ + --initial-volume 75 \ + --zeroconf-port 17005"; + Restart = "on-failure"; + BindToDevice = "wlp7s0"; # Force binding to LAN interface + }; + Install = { + WantedBy = [ "default.target" ]; + }; + }; + + systemd.user.startServices = "sd-switch"; + home.stateVersion = "24.05"; +} diff --git a/home-manager/hyprland/config/fuzzel.ini b/home-manager/hyprland/config/fuzzel.ini new file mode 100644 index 0000000..d074f03 --- /dev/null +++ b/home-manager/hyprland/config/fuzzel.ini @@ -0,0 +1,48 @@ +[main] +font=JetBrainsMono Nerd Font:size=12 +icon-theme=Papirus +icon-size=16 +layer=overlay +anchor=top +margin-top=10 +margin-left=10 +margin-right=10 +width=40 +height=30 +background-color=#2e3440 +text-color=#eceff4 +selection-color=#5e81ac +selection-text-color=#eceff4 +border-width=1 +border-color=#4c566a +corner-radius=8 +padding-left=12 +padding-right=12 +padding-top=8 +padding-bottom=8 +horizontal-pad=8 +vertical-pad=4 +dpi-aware=yes +prompt-text=> +log-level=warning +log-no-syslog=yes +log-file= + +[keybindings] +scroll-up=ctrl+k,Up,scroll-0 +scroll-down=ctrl+j,Down,scroll-1 +page-up=Page_Up,scroll-page-0 +page-down=Page_Down,scroll-page-1 +beginning-of-list=Home +end-of-list=End +cancel=ctrl+g,Escape +select=Return,KP_Enter +select-1=1 +select-2=2 +select-3=3 +select-4=4 +select-5=5 +select-6=6 +select-7=7 +select-8=8 +select-9=9 \ No newline at end of file diff --git a/home-manager/hyprland/config/waybar_config.json b/home-manager/hyprland/config/waybar_config.json new file mode 100644 index 0000000..e69de29 diff --git a/home-manager/hyprland/config/waybar_style.css b/home-manager/hyprland/config/waybar_style.css new file mode 100644 index 0000000..e69de29 diff --git a/home-manager/hyprland/default.nix b/home-manager/hyprland/default.nix new file mode 100644 index 0000000..e6bb1f7 --- /dev/null +++ b/home-manager/hyprland/default.nix @@ -0,0 +1,194 @@ +_: { + home.sessionVariables = { + fileManager = "thunar"; + menu = "fuzzel --show drun"; + run = "fuzzel --show run"; + file = "fuzzel --show file"; + }; + + programs = { + waybar = { + enable = true; + systemd.enable = true; + }; + }; + home.file = { + ".config/fuzzel/fuzzel.ini".text = builtins.readFile ./config/fuzzel.ini; + ".config/waybar/config".text = builtins.readFile ./config/waybar_config.json; + ".config/waybar/style.css".text = builtins.readFile ./config/waybar_style.css; + }; + + wayland.windowManager.hyprland = { + enable = true; + settings = { + "$mod" = "SUPER"; + layerrule = "ignorezero, waybar"; + bind = [ + "$mod, q, exec, kitty" + "$mod, c, killactive," + "$mod, m, exit," + "$mod, e, exec, $fileManager" + "$mod, v, togglefloating" + "$mod, r, exec, $menu" + "$mod, p, pseudo," + "$mod, j, togglesplit," + + "$mod, d, exec, $run" + "$mod, f, exec, $file" + + "$mod, 1, workspace, 1" + "$mod, 2, workspace, 2" + "$mod, 3, workspace, 3" + "$mod, 4, workspace, 4" + "$mod, 5, workspace, 5" + "$mod, 6, workspace, 6" + "$mod, 7, workspace, 7" + "$mod, 8, workspace, 8" + "$mod, 9, workspace, 9" + "$mod, 0, workspace, 10" + + "$mod SHIFT, 1, movetoworkspace, 1" + "$mod SHIFT, 2, movetoworkspace, 2" + "$mod SHIFT, 3, movetoworkspace, 3" + "$mod SHIFT, 4, movetoworkspace, 4" + "$mod SHIFT, 5, movetoworkspace, 5" + "$mod SHIFT, 6, movetoworkspace, 6" + "$mod SHIFT, 7, movetoworkspace, 7" + "$mod SHIFT, 8, movetoworkspace, 8" + "$mod SHIFT, 9, movetoworkspace, 9" + "$mod SHIFT, 0, movetoworkspace, 10" + + "$mod, S, togglespecialworkspace, magic" + "$mod SHIFT, S, movetoworkspace, special:magic" + "$mod, mouse_down, workspace, e+1" + "$mod, mouse_up, workspace, e-1" + ]; + + bindm = [ + "$mod, mouse:272, movewindow" + "$mod, mouse:273, resizewindow" + ]; + + bindel = [ + ",XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+" + ",XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-" + ",XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle" + ",XF86AudioMicMute, exec, wpctl set-mute @DEFAULT_AUDIO_SOURCE@ toggle" + ",XF86MonBrightnessUp, exec, brightnessctl s 10%+" + ",XF86MonBrightnessDown, exec, brightnessctl s 10%-" + ]; + + bindl = [ + ", XF86AudioNext, exec, playerctl next" + ", XF86AudioPause, exec, playerctl play-pause" + ", XF86AudioPlay, exec, playerctl play-pause" + ", XF86AudioPrev, exec, playerctl previous" + ]; + + env = [ + "XCURSOR_SIZE,24" + "HYPRCURSOR_SIZE,24" + ]; + monitor = [ + ",preferred,auto,auto" + "HDMI-A-2,1920x1080@50,0x0,1" + "eDP-1,2560x1600@60,1920x0,2" + ]; + + general = { + gaps_in = 2; + gaps_out = 3; + border_size = 1; + resize_on_border = true; + allow_tearing = false; + layout = "dwindle"; + }; + + decoration = { + rounding = 2; + active_opacity = 1.0; + inactive_opacity = 0.9; + shadow = { + enabled = true; + range = 4; + render_power = 3; + color = "rgba(1a1a1aee)"; + }; + blur = { + enabled = true; + size = 17; + passes = 1; + vibrancy = 0.1696; + }; + }; + + animations = { + enabled = "yes, please :)"; + bezier = [ + "easeOutQuint,0.23,1,0.32,1" + "easeInOutCubic,0.65,0.05,0.36,1" + "linear,0,0,1,1" + "almostLinear,0.5,0.5,0.75,1.0" + "quick,0.15,0,0.1,1" + ]; + animation = [ + "global, 1, 10, default" + "border, 1, 5.39, easeOutQuint" + "windows, 1, 4.79, easeOutQuint" + "windowsIn, 1, 4.1, easeOutQuint, popin 87%" + "windowsOut, 1, 1.49, linear, popin 87%" + "fadeIn, 1, 1.73, almostLinear" + "fadeOut, 1, 1.46, almostLinear" + "fade, 1, 3.03, quick" + "layers, 1, 3.81, easeOutQuint" + "layersIn, 1, 4, easeOutQuint, fade" + "layersOut, 1, 1.5, linear, fade" + "fadeLayersIn, 1, 1.79, almostLinear" + "fadeLayersOut, 1, 1.39, almostLinear" + "workspaces, 1, 1.94, almostLinear, fade" + "workspacesIn, 1, 1.21, almostLinear, fade" + "workspacesOut, 1, 1.94, almostLinear, fade" + ]; + }; + + dwindle = { + pseudotile = true; + preserve_split = true; + }; + + master = { + new_status = "master"; + }; + + misc = { + force_default_wallpaper = -1; + disable_hyprland_logo = true; + vfr = true; + vrr = 0; + }; + + input = { + kb_layout = "us"; + follow_mouse = 1; + sensitivity = -0.1; + touchpad = { + "tap-to-click" = true; + "tap-and-drag" = true; + "natural_scroll" = true; + "middle_button_emulation" = true; + "clickfinger_behavior" = true; + "tap_button_map" = "lmr"; + }; + }; + + gestures = { + workspace_swipe = true; + }; + + device = { + name = "epic-mouse-v1"; + sensitivity = -0.5; + }; + }; + }; +} diff --git a/home-manager/scripts/lsgpu.sh b/home-manager/scripts/lsgpu.sh new file mode 100755 index 0000000..cc27fd1 --- /dev/null +++ b/home-manager/scripts/lsgpu.sh @@ -0,0 +1,37 @@ +#!/usr/bin/env bash +######################################################################## +# 🄯 2025 Thiago Sposito — All rights reversed # +# This script is free software: you can redistribute it and/or modify # +# it under the terms of the GNU General Public License v3.0. # +# See https://www.gnu.org/licenses/gpl-3.0.html for full details. # +######################################################################## + +clear +if ! command -v nvidia-smi >/dev/null 2>&1; then + echo "non compatible gpu" + exit 1 +fi + +tput civis +stty -echo -icanon time 0 min 0 + +trap 'stty sane; tput cnorm; exit' INT TERM EXIT + +while true; do + nvidia-smi \ + --query-gpu=index,name,temperature.gpu,memory.used,memory.total,utilization.gpu \ + --format=csv,noheader,nounits | + + awk -F", " '{printf "GPU %s (%s): Temp: %s°C | Mem: %s/%s MiB | Util: %s%%\033[K\n", $1, $2, $3, $4, $5, $6}' + echo + + read -n 1 -t 1 first + read -n 1 -t 0.1 second + key="${first}${second}" + + if [[ "$key" == "q" || "$key" == ":q" ]]; then + break + fi + + echo -en "\033[${LINES}A" +done diff --git a/home-manager/scripts/nixstation-home-ram-build.sh b/home-manager/scripts/nixstation-home-ram-build.sh new file mode 100755 index 0000000..eb6c273 --- /dev/null +++ b/home-manager/scripts/nixstation-home-ram-build.sh @@ -0,0 +1,17 @@ +#!/usr/bin/env bash + +set -e + +RAMDISK_PATH="/mnt/ramdisk" +SIZE="16G" +FLAKE_NAME=".#thiago@Nixstation" + +echo "[+] Creating RAM disk at $RAMDISK_PATH ($SIZE)" +sudo mkdir -p "$RAMDISK_PATH" +sudo mount -t tmpfs -o size=$SIZE tmpfs "$RAMDISK_PATH" + +echo "[+] Running home-manager switch with TMPDIR=$RAMDISK_PATH" +TMPDIR="$RAMDISK_PATH" home-manager switch --flake "$FLAKE_NAME" + +echo "[+] Cleaning up RAM disk" +sudo umount "$RAMDISK_PATH" diff --git a/home-manager/vim.nix b/home-manager/vim.nix new file mode 100644 index 0000000..66d647e --- /dev/null +++ b/home-manager/vim.nix @@ -0,0 +1,99 @@ +{ pkgs, inputs, ... }: + +{ + imports = [ + inputs.nixvim.homeManagerModules.nixvim + ]; + home.packages = with pkgs; [ + ripgrep + ]; + programs.nixvim = { + enable = true; + colorschemes.nord.enable = true; + opts = { + clipboard = "unnamedplus"; + number = true; + relativenumber = true; + shiftwidth = 2; + tabstop = 2; + expandtab = true; + smartindent = true; + }; + + plugins = { + lsp.enable = true; + lsp.servers = { + lua_ls.enable = true; + rust_analyzer = { + enable = true; + installRustc = true; + installCargo = true; + }; + pyright.enable = true; + clangd.enable = true; + zls.enable = true; + nixd.enable = true; + }; + + cmp.enable = true; + cmp-nvim-lsp.enable = true; + cmp-buffer.enable = true; + cmp-path.enable = true; + + lspkind.enable = true; + lsp-lines.enable = true; + + none-ls = { + enable = true; + sources = { + formatting = { + stylua.enable = true; + shfmt.enable = true; + }; + diagnostics = { + # luacheck.enable = true; + }; + code_actions = { + statix.enable = true; + }; + }; + }; + conform-nvim.enable = true; + + }; + extraConfigLua = '' + local cmp = require'cmp' + + cmp.setup({ + mapping = { + [''] = cmp.mapping.complete(), -- trigger manually + [''] = cmp.mapping.confirm({ select = true }), -- confirm with Enter + [''] = cmp.mapping.select_next_item(), + [''] = cmp.mapping.select_prev_item(), + }, + sources = { + { name = 'nvim_lsp' }, + { name = 'buffer' }, + { name = 'path' }, + }, + vim.api.nvim_create_autocmd("LspAttach", { + callback = function(args) + local buf = args.buf + local opts = { buffer = buf } + + vim.keymap.set("n", "gd", vim.lsp.buf.definition, opts) + vim.keymap.set("n", "gr", vim.lsp.buf.references, opts) + vim.keymap.set("n", "K", vim.lsp.buf.hover, opts) + vim.keymap.set("n", "rn", vim.lsp.buf.rename, opts) + vim.keymap.set("n", "ca", vim.lsp.buf.code_action, opts) + vim.keymap.set("n", "f", function() vim.lsp.buf.format({ async = true }) end, opts) + + vim.keymap.set("n", "", ":m .+1==") + vim.keymap.set("n", "", ":m .-2==") + end + }) + }) + ''; + }; +} + diff --git a/home-manager/zsh.nix b/home-manager/zsh.nix new file mode 100644 index 0000000..5289149 --- /dev/null +++ b/home-manager/zsh.nix @@ -0,0 +1,63 @@ +{ config +, lib +, pkgs +, ... +}: +let + isWayland = config.custom.sessionType == "wayland"; +in +{ + options.custom.sessionType = lib.mkOption { + type = lib.types.str; + default = "x11"; + description = "The X session type: 'wayland' or 'x11'"; + }; + + config = { + home.file."scripts/lsgpu.sh" = { + source = ./scripts/lsgpu.sh; + executable = true; + }; + + programs.zsh = { + enable = true; + autosuggestion.enable = true; + syntaxHighlighting.enable = true; + initContent = '' + eval "$(direnv hook zsh)" + export GPG_TTY=$(tty) + ''; + + shellAliases = lib.mkMerge [ + { + "vi" = "nvim"; + "vim" = "nvim"; + "ll" = "ls -l"; + "lsgpu" = "$HOME/scripts/lsgpu.sh"; + "gedit" = "gnome-text-editor"; + } + + (lib.mkIf isWayland { + "pbcopy" = "wl-copy"; + "pbpaste" = "wl-paste"; + }) + + (lib.mkIf (!isWayland) { + "pbcopy" = "xclip -selection clipboard -i"; + "pbpaste" = "xclip -selection clipboard -o"; + }) + ]; + + oh-my-zsh = { + enable = true; + theme = "bureau"; + plugins = [ + "git" + "history" + ]; + }; + }; + + home.packages = with pkgs; [ xclip ]; + }; +} diff --git a/hosts/Nixbook/apple.nix b/hosts/Nixbook/apple.nix new file mode 100644 index 0000000..c137761 --- /dev/null +++ b/hosts/Nixbook/apple.nix @@ -0,0 +1,19 @@ +{ config +, lib +, pkgs +, ... +}: + +{ + boot.kernelParams = [ + "hid_apple.iso_layout=0" + ]; + powerManagement = { + cpuFreqGovernor = "schedutil"; + powerUpCommands = lib.mkBefore "${pkgs.kmod}/bin/modprobe brcmfmac"; + powerDownCommands = lib.mkBefore "${pkgs.kmod}/bin/rmmod brcmfmac"; + }; + hardware.facetimehd.enable = lib.mkDefault (config.nixpkgs.config.allowUnfree or false); + + services.mbpfan.enable = lib.mkDefault true; +} diff --git a/hosts/Nixbook/default.nix b/hosts/Nixbook/default.nix new file mode 100644 index 0000000..de9ff46 --- /dev/null +++ b/hosts/Nixbook/default.nix @@ -0,0 +1,56 @@ +{ pkgs, ... }: +{ + + imports = [ + ../common/default.nix + ./apple.nix + ./hardware-configuration.nix + ]; + + networking.hostName = "Nixbook"; + + programs.hyprland.enable = true; + programs.hyprland.withUWSM = true; + + environment.sessionVariables = { + NIXOS_OZONE_WL = "1"; + }; + + services = { + xserver.enable = true; + + displayManager.sddm = { + enable = true; + wayland.enable = true; + }; + + libinput = { + enable = true; + touchpad.clickMethod = "clickfinger"; + }; + + openssh = { + enable = true; + settings = { + PermitRootLogin = "yes"; + PasswordAuthentication = false; + }; + }; + }; + + environment.systemPackages = with pkgs; [ + exfat + gcsfuse + git + home-manager + hwinfo + libinput + neovim + nil + nixpkgs-fmt + rclone + wget + ]; + + system.stateVersion = "23.11"; +} diff --git a/hosts/Nixbook/disko.nix b/hosts/Nixbook/disko.nix new file mode 100644 index 0000000..0cefabd --- /dev/null +++ b/hosts/Nixbook/disko.nix @@ -0,0 +1,68 @@ +{ config, lib, ... }: + +{ + disko.devices = { + disk.main = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + esp = { + size = "512M"; + start = "1M"; + type = "EF00"; + label = "EFI"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + swap = { + size = "16G"; + type = "8200"; + label = "Swap"; + content = { + type = "swap"; + randomEncryption = false; + }; + }; + + root = { + type = "8300"; + label = "NixOS"; + size = "870G"; + content = { + type = "btrfs"; + mountpoint = "/"; + subvolumes = { + "@root" = { + mountpoint = "/"; + }; + "@nix" = { + mountpoint = "/nix"; + }; + "@home" = { + mountpoint = "/home"; + }; + "@log" = { + mountpoint = "/var/log"; + }; + }; + extraArgs = [ + "-L" + "nixos-root" + ]; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + }; + + }; + }; + }; + }; +} diff --git a/hosts/Nixbook/hardware-configuration.nix b/hosts/Nixbook/hardware-configuration.nix new file mode 100644 index 0000000..01f2649 --- /dev/null +++ b/hosts/Nixbook/hardware-configuration.nix @@ -0,0 +1,32 @@ +{ config +, lib +, pkgs +, modulesPath +, inputs +, ... +}: + +{ + imports = [ + (modulesPath + "/hardware/network/broadcom-43xx.nix") + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + initrd.availableKernelModules = [ + "xhci_pci" + "nvme" + "usbhid" + "usb_storage" + "sd_mod" + ]; + initrd.kernelModules = [ ]; + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; + }; + + networking.useDHCP = lib.mkDefault true; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + +} diff --git a/hosts/Nixbook/scripts/install.sh b/hosts/Nixbook/scripts/install.sh new file mode 100644 index 0000000..9b40d35 --- /dev/null +++ b/hosts/Nixbook/scripts/install.sh @@ -0,0 +1,68 @@ +#!/usr/bin/env bash + +set -euo pipefail + +### CONFIGURATION ### +TARGET_IP="192.168.1.65" +INSTALL_USER="nixos" +INSTALL_PASS="123456" +SSH_KEY="$HOME/.ssh/id_rsa.pub" +FLAKE_PATH="./#Nixbook" + +# Export variables needed inside nix-shell +export TARGET_IP INSTALL_USER INSTALL_PASS SSH_KEY FLAKE_PATH HOME + +### Prerequisites Check ### +# Removed check, sshpass will be provided by nix-shell + +### 0. Ensure SSH key is available ### +if [ ! -f "$SSH_KEY" ]; then + echo "❌ SSH key not found at $SSH_KEY" + exit 1 +fi + +### 1. Remove existing SSH known_hosts entry if it exists ### +echo "🧹 Checking for existing SSH known_hosts entry for $TARGET_IP..." +if grep -q "$TARGET_IP" ~/.ssh/known_hosts; then + echo "🔄 Removing existing SSH known_hosts entry for $TARGET_IP..." + ssh-keygen -R "$TARGET_IP" +else + echo "✅ No existing SSH known_hosts entry found for $TARGET_IP." +fi + +### 2, 3, 4: Run commands requiring Nix-provided packages ### +# Use a single nix-shell environment for sshpass, openssh, and nixos-anywhere +nix-shell -p nixos-anywhere sshpass openssh --run ' + # Re-set options for this subshell + set -euo pipefail + + ### 2. Add SSH key to remote temporary user ### + echo "🔐 Copying SSH key to $INSTALL_USER@$TARGET_IP..." + # sshpass and ssh-copy-id are from nix-shell environment + sshpass -p "$INSTALL_PASS" ssh-copy-id -i "$SSH_KEY" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null "$INSTALL_USER@$TARGET_IP" + + ### 3. Grant temporary user passwordless sudo on target machine ### + echo "🔧 Configuring sudo access for $INSTALL_USER on target..." + # ssh is from nix-shell environment + ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null "$INSTALL_USER@$TARGET_IP" < /etc/motd +▗▖ ▗▖▗▄▄▄▖▗▖ ▗▖ ▗▄▄▖▗▄▄▄▖▗▄▖▗▄▄▄▖▗▄▄▄▖ ▗▄▖ ▗▖ ▗▖ +▐▛▚▖▐▌ █ ▝▚▞▘ ▐▌ █ ▐▌ ▐▌ █ █ ▐▌ ▐▌▐▛▚▖▐▌ +▐▌ ▝▜▌ █ ▐▌ ▝▀▚▖ █ ▐▛▀▜▌ █ █ ▐▌ ▐▌▐▌ ▝▜▌ +▐▌ ▐▌▗▄█▄▖▗▞▘▝▚▖▗▄▄▞▘ █ ▐▌ ▐▌ █ ▗▄█▄▖▝▚▄▞▘▐▌ ▐▌ + +[ Ryzen 7 5700G ]-[  64 Gb ]-[ RTX 3090] + + ┏┳┓┓ • ┏┓ • + ┃ ┣┓┓┏┓┏┓┏┓ ┗┓┏┓┏┓┏┓╋┏┓ + ┻ ┛┗┗┗┻┗┫┗┛ ┗┛┣┛┗┛┛┗┗┗┛ + ┛ ┛ + +EOF \ No newline at end of file diff --git a/hosts/Nixtest/default.nix b/hosts/Nixtest/default.nix new file mode 100644 index 0000000..b9ccb35 --- /dev/null +++ b/hosts/Nixtest/default.nix @@ -0,0 +1,29 @@ +{ pkgs, ... }: +{ + + imports = [ + ./disko.nix + ]; + + networking.hostName = "Nixtest"; + services = { + xserver.enable = true; + displayManager.sddm = { + enable = true; + }; + openssh = { + enable = true; + settings = { + PermitRootLogin = "yes"; + PasswordAuthentication = true; + }; + }; + }; + + environment.systemPackages = with pkgs; [ + git + home-manager + ]; + + system.stateVersion = "23.11"; +} diff --git a/hosts/Nixtest/disko.nix b/hosts/Nixtest/disko.nix new file mode 100644 index 0000000..9f7cf0f --- /dev/null +++ b/hosts/Nixtest/disko.nix @@ -0,0 +1,58 @@ +{ config, lib, ... }: + +{ + disko.devices = { + disk.main = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + esp = { + size = "128M"; + start = "1M"; + type = "EF00"; + label = "EFI"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + + root = { + type = "8300"; + label = "NixOS"; + size = "32G"; + content = { + type = "btrfs"; + mountpoint = "/"; + subvolumes = { + "@root" = { + mountpoint = "/"; + }; + "@nix" = { + mountpoint = "/nix"; + }; + "@home" = { + mountpoint = "/home"; + }; + "@log" = { + mountpoint = "/var/log"; + }; + }; + extraArgs = [ + "-L" + "nixos-root" + ]; + mountOptions = [ + "compress=zstd" + "noatime" + ]; + }; + }; + }; + }; + }; + }; +} diff --git a/hosts/Nixtest/scripts/install_test.sh b/hosts/Nixtest/scripts/install_test.sh new file mode 100644 index 0000000..4667155 --- /dev/null +++ b/hosts/Nixtest/scripts/install_test.sh @@ -0,0 +1,93 @@ +#!/usr/bin/env bash + +set -euo pipefail + +### Configuration ### + +# Find virtual images at: https://alpinelinux.org/downloads/ -> Virtual +ALPINE_VERSION="3.19.1" +ALPINE_ARCH="x86_64" +ALPINE_IMAGE_FILENAME="alpine-virt-${ALPINE_VERSION}-${ALPINE_ARCH}.iso" +ALPINE_IMAGE_URL="https://dl-cdn.alpinelinux.org/alpine/v$(echo $ALPINE_VERSION | cut -d. -f1-2)/releases/${ALPINE_ARCH}/${ALPINE_IMAGE_FILENAME}" + +QEMU_MEM="2048" +QEMU_CPUS="2" +QEMU_SSH_HOST_PORT="2222" +QEMU_PID_FILE="qemu_test.pid" + +TARGET_IP="127.0.0.1" +TARGET_PORT="${QEMU_SSH_HOST_PORT}" +TARGET_USER="root" +SSH_KEY_PUB="$HOME/.ssh/id_rsa.pub" +SSH_KEY_PRIV="$HOME/.ssh/id_rsa" + +FLAKE_PATH="./#Nixtest" + +### Helper Functions ### +cleanup_qemu() { + if [ -f "$QEMU_PID_FILE" ]; then + echo "🧹 Cleaning up previous QEMU instance..." + kill -- "-$(cat $QEMU_PID_FILE)" 2>/dev/null || kill "$(cat $QEMU_PID_FILE)" 2>/dev/null || true + rm -f "$QEMU_PID_FILE" + sleep 2 + echo "🧹 Cleanup complete." + fi +} + +launch_qemu_alpine() { + echo "🚀 Launching QEMU with Alpine Linux (${ALPINE_IMAGE_FILENAME})..." + qemu-system-x86_64 \ + -m "${QEMU_MEM}" \ + -smp "${QEMU_CPUS}" \ + -enable-kvm \ + -nic user,model=virtio-net-pci,hostfwd=tcp::${TARGET_PORT}-:22 \ + -drive file="${ALPINE_IMAGE_FILENAME}",media=cdrom,readonly=on \ + -boot d \ + -display none \ + -daemonize \ + -pidfile "$QEMU_PID_FILE" + + echo "⏳ Waiting for QEMU to boot and SSH to become available on port ${TARGET_PORT}..." + local max_wait=90 + local waited=0 + while ! ssh -p "${TARGET_PORT}" -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -o ConnectTimeout=2 -o ConnectionAttempts=3 "${TARGET_USER}@${TARGET_IP}" exit >/dev/null 2>&1; do + sleep 3 + waited=$((waited + 3)) + if [ "$waited" -ge "$max_wait" ]; then + echo "❌ Timed out waiting for SSH on port ${TARGET_PORT}." + cat "$QEMU_PID_FILE" + cleanup_qemu + exit 1 + fi + echo -n "." + done + echo + echo "✅ QEMU Alpine VM is up and SSH is ready on port ${TARGET_PORT}." +} + +### Main Script ### + +trap cleanup_qemu EXIT SIGINT SIGTERM + +if [ ! -f "$ALPINE_IMAGE_FILENAME" ]; then + echo "⏬ Downloading Alpine image: ${ALPINE_IMAGE_FILENAME}..." + wget --progress=bar:force -O "$ALPINE_IMAGE_FILENAME" "$ALPINE_IMAGE_URL" +else + echo "✅ Alpine image found locally: ${ALPINE_IMAGE_FILENAME}" +fi + +if [ ! -f "$SSH_KEY_PUB" ] || [ ! -f "$SSH_KEY_PRIV" ]; then + echo "❌ SSH key not found at $SSH_KEY_PRIV or $SSH_KEY_PUB" + echo " Please generate one using 'ssh-keygen' or specify the correct path." + exit 1 +fi +echo "✅ Using SSH key: ${SSH_KEY_PRIV}" + +cleanup_qemu +launch_qemu_alpine + +# --- Installation logic will go here --- + +echo "🏁 Test script placeholder finished. VM is running." +echo " PID: $(cat $QEMU_PID_FILE)" +echo " To connect: ssh -p ${TARGET_PORT} ${TARGET_USER}@${TARGET_IP}" diff --git a/hosts/Nixtest/scripts/install_test_shell.nix b/hosts/Nixtest/scripts/install_test_shell.nix new file mode 100644 index 0000000..efd3e02 --- /dev/null +++ b/hosts/Nixtest/scripts/install_test_shell.nix @@ -0,0 +1,22 @@ +{ pkgs ? import { } +, +}: + +pkgs.mkShell { + name = "nixos-anywhere-test-env"; + + packages = with pkgs; [ + nix + nixos-anywhere + openssh + sshpass + qemu_full + wget + ]; + + shellHook = '' + echo "Entered NixOS Anywhere Test Environment." + echo "Alpine image will be downloaded if needed." + echo "Run ./install_test.sh to start the QEMU VM and run the installation." + ''; +} diff --git a/hosts/common/default.nix b/hosts/common/default.nix new file mode 100644 index 0000000..b3c6ff2 --- /dev/null +++ b/hosts/common/default.nix @@ -0,0 +1,64 @@ +{ config +, inputs +, lib +, pkgs +, ... +}: +{ + imports = [ ./users/thiago/default.nix ]; + + boot.loader.systemd-boot.enable = true; + environment = { + shells = with pkgs; [ zsh ]; + etc = lib.mapAttrs' + (name: value: { + name = "nix/path/${name}"; + value.source = value.flake; + }) + config.nix.registry; + systemPackages = with pkgs; [ + exfat + file + gcsfuse + git + gnupg + home-manager + keymapp + opensc + pciutils + pcsc-safenet + pcsctools + pkcs11helper + sops + wget + zsa-udev-rules + ]; + }; + hardware.keyboard.zsa.enable = true; + networking.networkmanager.enable = true; + nix = { + registry = (lib.mapAttrs (_: flake: { inherit flake; })) ( + (lib.filterAttrs (_: lib.isType "flake")) inputs + ); + + nixPath = [ "/etc/nix/path" ]; + + settings = { + experimental-features = "nix-command flakes"; + auto-optimise-store = true; + }; + }; + + nixpkgs.config.allowUnfree = true; + programs.zsh.enable = true; + services = { + pcscd.enable = true; + # xserver.displayManager.sessionCommands = + # "${pkgs.xorg.xmodmap}/bin/xmodmap -e 'keycode 64 = Alt_L'"; + + }; + users.groups.scard = { }; + + time.timeZone = "America/Sao_Paulo"; + users.defaultUserShell = pkgs.zsh; +} diff --git a/hosts/common/keychron.nix b/hosts/common/keychron.nix new file mode 100644 index 0000000..b203ff0 --- /dev/null +++ b/hosts/common/keychron.nix @@ -0,0 +1,41 @@ +{ pkgs, ... }: + +{ + services.xserver = { + enable = true; + + xkb = { + layout = "custom-br"; + variant = ""; + model = "pc105"; + extraLayouts = { + custom-br = { + description = "US Custom BR (apostrophe + c → ç)"; + languages = [ "eng" ]; + symbolsFile = pkgs.writeText "custom-br" '' + partial alphanumeric_keys + xkb_symbols "basic" { + include "us(altgr-intl)" + name[Group1]= "US Custom BR (apostrophe + c → ç)"; + + // Override the apostrophe key to be a fake dead key + key { + type= "FOUR_LEVEL", + symbols[Group1]= [ dead_acute, dead_acute, dead_acute, dead_acute ] + }; + + // Redefine the c key to output ç when used after apostrophe + key { + type= "ALPHABETIC", + symbols[Group1]= [ c, C, ccedilla, Ccedilla ] + + }; + replace key { [ Alt_L, Meta_L ] }; + + }; + ''; + }; + }; + }; + }; +} diff --git a/hosts/common/network.nix b/hosts/common/network.nix new file mode 100644 index 0000000..b814b38 --- /dev/null +++ b/hosts/common/network.nix @@ -0,0 +1,116 @@ +{ pkgs, ... }: +{ + networking = { + hostName = "Nixstation"; + networkmanager.enable = true; + + firewall = { + enable = true; + allowPing = true; + allowedTCPPorts = [ + 2375 + 4780 + 11470 + 25565 + ]; + allowedUDPPorts = [ + 8888 + 8899 + ]; + }; + }; + + services = { + tailscale.enable = true; + openssh.enable = true; + # openssh.settings.X11Forwarding = true; + }; + + virtualisation.docker = { + enable = true; + package = pkgs.docker_25; + storageDriver = "btrfs"; + daemon.settings = { + hosts = [ "unix:///var/run/docker.sock" ]; + features.cdi = true; + userland-proxy = false; + experimental = true; + metrics-addr = "0.0.0.0:9323"; + }; + + # daemon.settings = { + + # hosts = [ + # "unix:///var/run/docker.sock" + # ]; + + # features = { + # cdi = true; + # }; + + # userland-proxy = false; + # experimental = true; + # metrics-addr = "0.0.0.0:9323"; + + # default-runtime = "nvidia"; + # runtimes = { + # nvidia = { + # path = "nvidia-container-runtime"; + # }; + # nvidia-cdi = { + # path = "nvidia-container-runtime.cdi"; + # }; + # nvidia-legacy = { + # path = "nvidia-container-runtime.legacy"; + # }; + # }; + # }; + }; + + services.samba = { + enable = true; + openFirewall = true; + + settings = { + global = { + "workgroup" = "WORKGROUP"; + "server string" = "smbnix"; + "netbios name" = "smbnix"; + + # "use sendfile" = "yes"; + # "max protocol" = "smb2"; + # note: localhost is the ipv6 localhost ::1 + "hosts allow" = "192.168.0. 192.168. 192.168.122.55 127.0.0.1 localhost"; + "hosts deny" = "0.0.0.0/0"; + "guest account" = "nobody"; + "map to guest" = "bad user"; + security = "user"; + # shared = { + # path = "/home/thiago/Downloads/oblivion"; + # browseable = true; + # writable = false; + # guestOk = true; + # "force user" = "thiago"; + # }; + }; + + # shares = { + # OneDrive = '' + # path = "/run/media/thiago/hdd0/OneDrive/" + # browseable = "yes" + # "read only" = "no" + # "guest ok" = "no" + # "create mask" = "0644" + # "directory mask" = "0755" + # "force user" = "thiago" + # "force group" = "users" + # ''; + # }; + }; + }; + + services.samba-wsdd = { + enable = true; + openFirewall = true; + }; +} diff --git a/hosts/common/nvidia/default.nix b/hosts/common/nvidia/default.nix new file mode 100644 index 0000000..5689e61 --- /dev/null +++ b/hosts/common/nvidia/default.nix @@ -0,0 +1,54 @@ +{ config +, pkgs +, unstable +, ... +}: +{ + imports = [ + # ./passthrough.nix + ]; + + hardware = { + graphics = { + enable = true; + enable32Bit = true; + }; + nvidia-container-toolkit = { + enable = true; + suppressNvidiaDriverAssertion = true; + }; + nvidia = { + modesetting.enable = true; + powerManagement.enable = false; + powerManagement.finegrained = false; + open = false; # keep it like that for now, unstable!! + nvidiaSettings = true; + package = unstable.linuxPackages.nvidiaPackages.latest; + }; + }; + + services = { + sunshine = { + enable = false; + # autoStart = true; + # openFirewall = true; + package = pkgs.sunshine.overrideAttrs (old: { + cmakeFlags = (old.cmakeFlags or [ ]) ++ [ + "-DSUNSHINE_ENABLE_CUDA=OFF" + "-DCUDA_FAIL_ON_MISSING=OFF" + ]; + }); + }; + }; + nixpkgs.config.cudaSupport = true; + environment.systemPackages = with pkgs; [ + mesa + glxinfo + libepoxy + libglvnd + nvidia-container-toolkit + cudaPackages.cudatoolkit + cudaPackages.cuda_nvcc + ]; + +} diff --git a/hosts/common/nvidia/passthrough.nix b/hosts/common/nvidia/passthrough.nix new file mode 100644 index 0000000..9b5adf4 --- /dev/null +++ b/hosts/common/nvidia/passthrough.nix @@ -0,0 +1,51 @@ +# Under maintanence +{ pkgs +, ... +}: +let + # Optional helper for manual (re)binding at runtime + vfioBindScript = pkgs.writeShellScriptBin "vfio-bind" '' + #!${pkgs.runtimeShell} + DEV="$1" # e.g. 0000:81:00.0 + echo vfio-pci > /sys/bus/pci/devices/$DEV/driver_override + ${pkgs.kmod}/bin/modprobe -i vfio-pci + echo "$DEV" > /sys/bus/pci/drivers/vfio-pci/bind + ''; +in +{ + nixpkgs.config.allowUnfree = true; + + boot = { + # Load vfio early and bind the second GPU before NVIDIA can claim it + initrd = { + kernelModules = [ "vfio_pci" ]; + preDeviceCommands = '' + DEVS="0000:81:00.0 0000:81:00.1" + for DEV in $DEVS; do + echo "vfio-pci" > /sys/bus/pci/devices/$DEV/driver_override + done + modprobe -i vfio-pci + for DEV in $DEVS; do + echo $DEV > /sys/bus/pci/drivers/vfio-pci/bind + done + ''; + }; + + kernelParams = [ + "intel_iommu=on" + "iommu=pt" + ]; + + kernelModules = [ + "vfio_pci" + "vfio" + "vfio_iommu_type1" + "vfio_virqfd" + ]; + blacklistedKernelModules = [ "nouveau" ]; + }; + + environment.systemPackages = with pkgs; [ + vfioBindScript # optional manual tool + ]; +} diff --git a/hosts/common/rclone.nix b/hosts/common/rclone.nix new file mode 100644 index 0000000..71e33a3 --- /dev/null +++ b/hosts/common/rclone.nix @@ -0,0 +1,12 @@ +{ pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + rclone + fuse3 # Required for mounting + ]; + + users.users.thiago = { + extraGroups = [ "fuse" ]; + }; +} diff --git a/hosts/common/screen.nix b/hosts/common/screen.nix new file mode 100644 index 0000000..e4d773a --- /dev/null +++ b/hosts/common/screen.nix @@ -0,0 +1,8 @@ +{ pkgs, ... }: +{ + hardware.i2c.enable = true; + environment.systemPackages = with pkgs; [ + ddcutil + ddcui + ]; +} diff --git a/hosts/common/users/thiago/default.nix b/hosts/common/users/thiago/default.nix new file mode 100644 index 0000000..b4ef1af --- /dev/null +++ b/hosts/common/users/thiago/default.nix @@ -0,0 +1,38 @@ +{ pkgs, config, ... }: +let + ifTheyExist = groups: builtins.filter (group: builtins.hasAttr group config.users.groups) groups; +in +{ + users.users.thiago = { + + isNormalUser = true; + initialPassword = "changeme"; + extraGroups = + [ + "networkmanager" + "wheel" + "scard" + ] + ++ ifTheyExist [ + "wireshark" + "i2c" + "docker" + "git" + "libvirtd" + "libvirt" + "video" + "kvm" + "scanner" + "photos" + ]; + openssh.authorizedKeys.keyFiles = [ + (builtins.fetchurl { + url = "https://github.com/sposito.keys"; + sha256 = "0bwqj8si0q6kp9cdjgkp9kfz17f24wf476zqzvxbygn6f4av0wh2"; + }) + ]; + + packages = [ pkgs.home-manager ]; + }; + +}