initial commit

2024-03-15 22:43:08 -04:00 · 2024-03-15 22:43:08 -04:00 · 032de677cc
commit 032de677cc
4 changed files with 281 additions and 0 deletions
--- a/application-configuration.nix
+++ b/application-configuration.nix
@ -0,0 +1,30 @@
+{ pkgs, ... }:
+{
+  users.users.caleb = {
+    packages = with pkgs;
+      [
+        ## staples
+        firefox
+        kate
+	screen
+	john
+	hashcat
+	htop
+
+        ## FAF
+        jq
+        cabextract
+      ];
+  };
+
+  # Enable tailscale
+  services.tailscale.enable = true;
+
+  # install Steam
+  programs.steam = {
+    enable = true;
+    remotePlay.openFirewall = true;
+    dedicatedServer.openFirewall = true;
+  };
+}
+
--- a/bluebubbles-configuration.nix
+++ b/bluebubbles-configuration.nix
@ -0,0 +1,83 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = with pkgs; [
+    podman-compose
+    docker-compose
+    dnsmasq
+    bridge-utils
+    flex
+    bison
+    iptables
+    libguestfs
+  ];
+
+  programs.virt-manager.enable = true;
+  virtualisation = {
+    podman = {
+      enable = true;
+      dockerCompat = false;
+      defaultNetwork.settings.dns_enabled = true;
+    };
+
+    docker = {
+      enable = true;
+      rootless = {
+        enable = true;
+	setSocketVariable = true;
+      };
+    };
+
+    # enable libvirt
+    libvirtd = {
+      enable = true;
+      qemu = {
+        package = pkgs.qemu_kvm;
+        runAsRoot = true;
+        swtpm.enable = true;
+        ovmf = {
+          enable = true;
+          packages = [(pkgs.OVMF.override {
+            secureBoot = true;
+            tpmSupport = true;
+          }).fd];
+        };
+      };
+    };
+  };
+  
+  users.users.caleb = {
+    extraGroups = [ "libvirtd" ];
+  };
+
+  # bluebubbles container as a systemd service
+  virtualisation.oci-containers = {
+    backend = "podman";
+    containers = {
+      bluebubbles = {
+        autoStart = false; # todo
+	ports = [
+	  "5999:5999"
+	  "1234:1234"
+	  "50922:10022"
+	];
+	volumes = [ 
+	  "/tmp/.X11-unix:/tmp/.X11-unix"
+	  "/home/caleb/bluebubbles/maindisk.qcow2:/image"
+	  "/home/caleb/bluebubbles/bootdisk.qcow2:/bootdisk"
+	];
+	environment = {
+	  IMAGE_PATH="/image";
+	  BOOTDISK="/bootdisk";
+	  EXTRA="-display none -vnc 0.0.0.0:99,password-secret=secvnc0 -object secret,id=secvnc0,data=vncpass";
+	  ADDITIONAL_PORTS="hostfwd=tcp::1234-:1234,";
+	  DISPLAY=":99";
+	  WIDTH="1920";
+	  HEIGHT="1080";
+	  NOPICKER="true";
+	};
+	image = "sickcodes/docker-osx:naked";
+      };
+    };
+  };
+}
+
--- a/configuration.nix
+++ b/configuration.nix
@ -0,0 +1,131 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports =
+    [
+      ./hardware-configuration.nix
+      ./application-configuration.nix
+      ./bluebubbles-configuration.nix
+    ];
+
+  # Allow unfree and insecure packages
+  nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
+    "steam"
+    "steam-original"
+    "steam-run"
+    "intel-ocl"
+  ];
+
+  # Bootloader.
+  boot.loader.systemd-boot.enable = true;
+  boot.loader.efi.canTouchEfiVariables = true;
+
+  networking.hostName = "january";
+
+  # AMD GPU
+  boot.initrd.kernelModules = [ "amdgpu" ];
+  services.xserver.videoDrivers = [ "amdgpu" ];
+  hardware.opengl.extraPackages = with pkgs; [
+    rocmPackages.clr.icd
+    intel-ocl
+  ];
+  environment.variables = {
+    ROC_ENABLE_PRE_VEGA = "1";
+  };
+
+  # Enable networking
+  networking.networkmanager.enable = true;
+
+  # Set your time zone.
+  time.timeZone = "America/New_York";
+
+  # Select internationalisation properties.
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "en_US.UTF-8";
+    LC_IDENTIFICATION = "en_US.UTF-8";
+    LC_MEASUREMENT = "en_US.UTF-8";
+    LC_MONETARY = "en_US.UTF-8";
+    LC_NAME = "en_US.UTF-8";
+    LC_NUMERIC = "en_US.UTF-8";
+    LC_PAPER = "en_US.UTF-8";
+    LC_TELEPHONE = "en_US.UTF-8";
+    LC_TIME = "en_US.UTF-8";
+  };
+
+  # Enable the KDE Plasma Desktop Environment.
+  services.xserver = {
+    enable = true;
+    displayManager.sddm.enable = true;
+    desktopManager.plasma5.enable = true;
+  };
+
+  # Enable sound with pipewire.
+  sound.enable = true;
+  hardware.pulseaudio.enable = false;
+  security.rtkit.enable = true;
+  services.pipewire = {
+    enable = true;
+    alsa.enable = true;
+    alsa.support32Bit = true;
+    pulse.enable = true;
+    jack.enable = true;
+  };
+
+  # add unpriveledged user to trusted users
+  nix.settings.trusted-users = [ "nixremote" ];
+
+  # Define a user account. Don't forget to set a password with ‘passwd’.
+  users.users.caleb = {
+    isNormalUser = true;
+    description = "caleb";
+    extraGroups = [ "networkmanager" "wheel" "docker" "video" ];
+    hashedPassword = "$y$j9T$Xl/nIclFRPpaBoZaGleE1/$GlbK09nmyesJPtoeK/wH2RAhrGnFsEjGVjSVS22ZTn1";
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIt0GiBYIY4CxoHxOcHWJYE9/cDD88ufLB82LZCkW4T9 caleb@surface"
+    ];
+  };
+
+  # disable sudo password for wheel 
+  security.sudo.wheelNeedsPassword = false;
+
+  # List packages installed in system profile. To search, run:
+  environment.systemPackages = with pkgs; [
+    git
+    protontricks
+    steam-run
+    wget
+    winetricks
+    wineWowPackages.stable
+  ];
+
+  # Enable the OpenSSH daemon.
+  services.openssh = {
+    enable = true;
+    settings = {
+      PasswordAuthentication = false;
+      KbdInteractiveAuthentication = false;
+      X11Forwarding = true;
+    };
+  };
+
+  # Enable wake on lan
+  networking.interfaces.enp37s0.wakeOnLan.enable = true;
+
+  # neovim 
+  programs.neovim = {
+    enable = true;
+    defaultEditor = true;
+    viAlias = true;
+    vimAlias = true;
+  };
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.11"; # Did you read the comment?
+}
--- a/hardware-configuration.nix
+++ b/hardware-configuration.nix
@ -0,0 +1,37 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/406ab2d8-9cfe-4e69-a8ae-c294dfaaad9a";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/AC42-8854";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp37s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}