From 032de677cc5b03dd709b4d2f859983e80e3d7f10 Mon Sep 17 00:00:00 2001 From: caleb Date: Fri, 15 Mar 2024 22:43:08 -0400 Subject: [PATCH] initial commit --- application-configuration.nix | 30 ++++++++ bluebubbles-configuration.nix | 83 +++++++++++++++++++++ configuration.nix | 131 ++++++++++++++++++++++++++++++++++ hardware-configuration.nix | 37 ++++++++++ 4 files changed, 281 insertions(+) create mode 100644 application-configuration.nix create mode 100644 bluebubbles-configuration.nix create mode 100644 configuration.nix create mode 100644 hardware-configuration.nix diff --git a/application-configuration.nix b/application-configuration.nix new file mode 100644 index 0000000..c091662 --- /dev/null +++ b/application-configuration.nix @@ -0,0 +1,30 @@ +{ pkgs, ... }: +{ + users.users.caleb = { + packages = with pkgs; + [ + ## staples + firefox + kate + screen + john + hashcat + htop + + ## FAF + jq + cabextract + ]; + }; + + # Enable tailscale + services.tailscale.enable = true; + + # install Steam + programs.steam = { + enable = true; + remotePlay.openFirewall = true; + dedicatedServer.openFirewall = true; + }; +} + diff --git a/bluebubbles-configuration.nix b/bluebubbles-configuration.nix new file mode 100644 index 0000000..01e16e8 --- /dev/null +++ b/bluebubbles-configuration.nix @@ -0,0 +1,83 @@ +{ pkgs, ... }: +{ + environment.systemPackages = with pkgs; [ + podman-compose + docker-compose + dnsmasq + bridge-utils + flex + bison + iptables + libguestfs + ]; + + programs.virt-manager.enable = true; + virtualisation = { + podman = { + enable = true; + dockerCompat = false; + defaultNetwork.settings.dns_enabled = true; + }; + + docker = { + enable = true; + rootless = { + enable = true; + setSocketVariable = true; + }; + }; + + # enable libvirt + libvirtd = { + enable = true; + qemu = { + package = pkgs.qemu_kvm; + runAsRoot = true; + swtpm.enable = true; + ovmf = { + enable = true; + packages = [(pkgs.OVMF.override { + secureBoot = true; + tpmSupport = true; + }).fd]; + }; + }; + }; + }; + + users.users.caleb = { + extraGroups = [ "libvirtd" ]; + }; + + # bluebubbles container as a systemd service + virtualisation.oci-containers = { + backend = "podman"; + containers = { + bluebubbles = { + autoStart = false; # todo + ports = [ + "5999:5999" + "1234:1234" + "50922:10022" + ]; + volumes = [ + "/tmp/.X11-unix:/tmp/.X11-unix" + "/home/caleb/bluebubbles/maindisk.qcow2:/image" + "/home/caleb/bluebubbles/bootdisk.qcow2:/bootdisk" + ]; + environment = { + IMAGE_PATH="/image"; + BOOTDISK="/bootdisk"; + EXTRA="-display none -vnc 0.0.0.0:99,password-secret=secvnc0 -object secret,id=secvnc0,data=vncpass"; + ADDITIONAL_PORTS="hostfwd=tcp::1234-:1234,"; + DISPLAY=":99"; + WIDTH="1920"; + HEIGHT="1080"; + NOPICKER="true"; + }; + image = "sickcodes/docker-osx:naked"; + }; + }; + }; +} + diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..dc918d9 --- /dev/null +++ b/configuration.nix @@ -0,0 +1,131 @@ +{ config, lib, pkgs, ... }: + +{ + imports = + [ + ./hardware-configuration.nix + ./application-configuration.nix + ./bluebubbles-configuration.nix + ]; + + # Allow unfree and insecure packages + nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ + "steam" + "steam-original" + "steam-run" + "intel-ocl" + ]; + + # Bootloader. + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "january"; + + # AMD GPU + boot.initrd.kernelModules = [ "amdgpu" ]; + services.xserver.videoDrivers = [ "amdgpu" ]; + hardware.opengl.extraPackages = with pkgs; [ + rocmPackages.clr.icd + intel-ocl + ]; + environment.variables = { + ROC_ENABLE_PRE_VEGA = "1"; + }; + + # Enable networking + networking.networkmanager.enable = true; + + # Set your time zone. + time.timeZone = "America/New_York"; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; + + # Enable the KDE Plasma Desktop Environment. + services.xserver = { + enable = true; + displayManager.sddm.enable = true; + desktopManager.plasma5.enable = true; + }; + + # Enable sound with pipewire. + sound.enable = true; + hardware.pulseaudio.enable = false; + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + }; + + # add unpriveledged user to trusted users + nix.settings.trusted-users = [ "nixremote" ]; + + # Define a user account. Don't forget to set a password with ‘passwd’. + users.users.caleb = { + isNormalUser = true; + description = "caleb"; + extraGroups = [ "networkmanager" "wheel" "docker" "video" ]; + hashedPassword = "$y$j9T$Xl/nIclFRPpaBoZaGleE1/$GlbK09nmyesJPtoeK/wH2RAhrGnFsEjGVjSVS22ZTn1"; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIt0GiBYIY4CxoHxOcHWJYE9/cDD88ufLB82LZCkW4T9 caleb@surface" + ]; + }; + + # disable sudo password for wheel + security.sudo.wheelNeedsPassword = false; + + # List packages installed in system profile. To search, run: + environment.systemPackages = with pkgs; [ + git + protontricks + steam-run + wget + winetricks + wineWowPackages.stable + ]; + + # Enable the OpenSSH daemon. + services.openssh = { + enable = true; + settings = { + PasswordAuthentication = false; + KbdInteractiveAuthentication = false; + X11Forwarding = true; + }; + }; + + # Enable wake on lan + networking.interfaces.enp37s0.wakeOnLan.enable = true; + + # neovim + programs.neovim = { + enable = true; + defaultEditor = true; + viAlias = true; + vimAlias = true; + }; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.11"; # Did you read the comment? +} diff --git a/hardware-configuration.nix b/hardware-configuration.nix new file mode 100644 index 0000000..125a0e0 --- /dev/null +++ b/hardware-configuration.nix @@ -0,0 +1,37 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/406ab2d8-9cfe-4e69-a8ae-c294dfaaad9a"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/AC42-8854"; + fsType = "vfat"; + }; + + swapDevices = [ ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp37s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +}