tom/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 38 Wiki Activity

refactor os configurations
All checks were successful
Build iso when a new version is pushed / test (push) Successful in 2m10s
Details

Browse Source
This commit is contained in:
tomoron
2025-09-06 01:27:10 +02:00
parent 4b66e2489b
commit fbc24916b5
23 changed files with 543 additions and 281 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
osConfigs/hosts/desktop.nix
View File

@ -1,11 +1,22 @@
# **************************************************************************** #
# #
# ::: :::::::: #
# desktop.nix :+: :+: :+: #
# +:+ +:+ +:+ #
# By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ #
# +#+#+#+#+#+ +#+ #
# Created: 2025/09/06 00:57:04 by tomoron #+# #+# #
# Updated: 2025/09/06 00:57:05 by tomoron ### ########.fr #
# #
# **************************************************************************** #
{ config, lib, inputs, pkgs, ... }:
{
boot.kernelParams = [ "nvidia-drm-modset=1" ];
environment.systemPackages = with pkgs; [
cudatoolkit
lm_sensors
lm_sensors # can be user (and global)
];
networking.hostName = "nixos-fixe";
@ -16,14 +27,14 @@
mods.displayManager.enable = true;
hardware.nvidia = {
package = config.boot.kernelPackages.nvidiaPackages.beta;
open = true;
package = config.boot.kernelPackages.nvidiaPackages.beta;
open = true;
prime.nvidiaBusId = "PCI:1:0:0";
prime.intelBusId = "PCI:0:2:0";
prime.sync.enable = true;
prime.nvidiaBusId = "PCI:1:0:0";
prime.intelBusId = "PCI:0:2:0";
prime.sync.enable = true;
modesetting.enable = true;
modesetting.enable = true;
};
services.openssh.enable = true;

25
osConfigs/hosts/iso.nix
View File

@ -1,8 +1,20 @@
{lib, inputs, pkgs, ... }:
# **************************************************************************** #
# #
# ::: :::::::: #
# iso.nix :+: :+: :+: #
# +:+ +:+ +:+ #
# By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ #
# +#+#+#+#+#+ +#+ #
# Created: 2025/09/06 00:57:02 by tomoron #+# #+# #
# Updated: 2025/09/06 00:57:03 by tomoron ### ########.fr #
# #
# **************************************************************************** #
{lib, ... }:
{
imports = [
../packages.nix
../global/packages.nix
];
users.users.tom = {
@ -13,13 +25,4 @@
services.getty.autologinUser = lib.mkForce "tom";
services.getty.helpLine = lib.mkForce "";
# programs.hyprland.enable = true;
# home-manager.extraSpecialArgs = { inherit inputs; inherit pkgs; isOs = true;};
# home-manager.users.tom = {
# imports = [
# ../../homeConfigs/home.nix
# ../../homeConfigs/hosts/iso.nix
# ];
# };
}

136
osConfigs/hosts/laptop.nix
View File

@ -1,3 +1,15 @@
# **************************************************************************** #
# #
# ::: :::::::: #
# laptop.nix :+: :+: :+: #
# +:+ +:+ +:+ #
# By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ #
# +#+#+#+#+#+ +#+ #
# Created: 2025/09/06 00:56:57 by tomoron #+# #+# #
# Updated: 2025/09/06 01:11:42 by tomoron ### ########.fr #
# #
# **************************************************************************** #
{ config, pkgs, ... }:
{
@ -5,26 +17,25 @@
services.udev.packages = [ pkgs.yubikey-personalization ];
boot.initrd.kernelModules = [ "vfat" "nls_cp437" "nls_iso8859-1" "usbhid" ];
boot.initrd.luks.devices.cryptroot = {
device = "/dev/disk/by-uuid/a4593b01-069d-4a5d-a550-74a762b89b3f";
allowDiscards = true;
#set up initial : https://wiki.nixos.org/wiki/Yubikey_based_Full_Disk_Encryption_(FDE)_on_NixOS
yubikey = {
twoFactor = false;
keyLength = 64;
saltLength = 32;
storage = {
device = "/dev/disk/by-uuid/BA5C-F216";
path = "/default";
};
};
device = "/dev/disk/by-uuid/a4593b01-069d-4a5d-a550-74a762b89b3f";
allowDiscards = true;
#set up initial : https://wiki.nixos.org/wiki/Yubikey_based_Full_Disk_Encryption_(FDE)_on_NixOS
yubikey = {
twoFactor = false;
keyLength = 64;
saltLength = 32;
storage = {
device = "/dev/disk/by-uuid/BA5C-F216";
path = "/default";
};
};
};
programs.fuse.enable = true;
boot.blacklistedKernelModules = [ "nvidia" "nvidia_drm" "nvidia_uvm" ];
boot.blacklistedKernelModules = [ "nvidia" "nvidia_drm" "nvidia_uvm" ]; #speeds up startup
mods.displayManager.enable = true;
mods.virtualManager.enable = false;
mods.virtualHost.enable = false;
mods.yubikey.pam.enable = true;
networking.firewall.enable = false;
networking.hostName = "patate-douce";
@ -33,61 +44,46 @@
specialisation.vfio_ready.configuration = {
boot.kernel.sysctl."vm.nr_hugepages" = 5120;
boot.extraModulePackages = with config.boot.kernelPackages; [ kvmfr ];
boot.kernelModules = [ "kvmfr" ];
boot.extraModprobeConfig = ''
options kvmfr static_size_mb=128
blacklist xpad
'';
virtualisation.libvirtd.qemu.verbatimConfig = ''
cgroup_device_acl = [
"/dev/kvmfr0", "/dev/null", "/dev/full", "/dev/zero",
"/dev/random", "/dev/urandom",
"/dev/ptmx", "/dev/kvm",
"/dev/rtc","/dev/hpet",
"/dev/input/by-id/[some_mouse_device]-event-mouse",
"/dev/input/by-id/[some_keyboard_device]-event-kbd"
]
'';
services.udev.extraRules = ''
SUBSYSTEM=="kvmfr", OWNER="tom", GROUP="kvm", MODE="0660"
'';
environment.systemPackages = with pkgs; [ looking-glass-client ];
boot.extraModulePackages = with config.boot.kernelPackages; [ kvmfr ];
boot.kernelModules = [ "kvmfr" ];
boot.extraModprobeConfig = ''
options kvmfr static_size_mb=128
blacklist xpad
'';
virtualisation.libvirtd.qemu.verbatimConfig = ''
cgroup_device_acl = [
"/dev/kvmfr0", "/dev/null", "/dev/full", "/dev/zero",
"/dev/random", "/dev/urandom",
"/dev/ptmx", "/dev/kvm",
"/dev/rtc","/dev/hpet",
"/dev/input/by-id/[some_mouse_device]-event-mouse",
"/dev/input/by-id/[some_keyboard_device]-event-kbd"
]
'';
services.udev.extraRules = ''
SUBSYSTEM=="kvmfr", OWNER="tom", GROUP="kvm", MODE="0660"
'';
environment.systemPackages = with pkgs; [ looking-glass-client ];
};
programs.virt-manager.enable = true;
virtualisation.libvirtd.enable = true;
virtualisation.libvirtd.qemu.runAsRoot = true;
virtualisation.libvirtd.qemu.vhostUserPackages = [ pkgs.virtiofsd ];
networking.dhcpcd.enable = false;
systemd.network.enable = true;
networking.useNetworkd = true;
environment.systemPackages = with pkgs; [
acpi
tlp
fprintd
];
hardware.nvidia.prime.offload = {
enable = true;
enableOffloadCmd = true;
};
services.libinput.enable = true;
services.libinput.touchpad.clickMethod = "clickfinger";
services.libinput.touchpad.tapping = false;
hardware.bluetooth.enable = true;
#power management
powerManagement.enable = true;
powerManagement.cpuFreqGovernor = "powersave";
environment.systemPackages = with pkgs; [
acpi # can be user (global)
];
mods.touchpad.enable = true;
mods.powerSave.enable = true;
services.asusd = {
enable = true;
enableUserService = true;
enableUserService = true;
};
services.supergfxd.enable = true;
@ -101,21 +97,21 @@
hotplug_type = "None";
};
services.upower.enable = true;
programs.wireshark.enable = true;
programs.wireshark.usbmon.enable = true;
programs.alvr.enable = true;
programs.alvr.openFirewall = true;
services.usbmuxd.enable = true;
mods.docker.enable = true;
mods.gayming.enable = true;
mods.nvidia.enable = true;
mods.nvidia.prime = true;
# services.usbmuxd.enable = true; #hangs when shutting down
# boot.plymouth = {
# enable = true;
# theme = "ycontre-glow";
# themePackages = [
# inputs.plymouth-theme-ycontre-glow.defaultPackage.x86_64-linux
# ];
# theme = "ycontre-glow";
# themePackages = [
# inputs.plymouth-theme-ycontre-glow.defaultPackage.x86_64-linux
# ];
# };
}

122
osConfigs/hosts/server.nix
View File

@ -1,99 +1,75 @@
# **************************************************************************** #
# #
# ::: :::::::: #
# server.nix :+: :+: :+: #
# +:+ +:+ +:+ #
# By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ #
# +#+#+#+#+#+ +#+ #
# Created: 2025/09/06 00:57:09 by tomoron #+# #+# #
# Updated: 2025/09/06 01:26:26 by tomoron ### ########.fr #
# #
# **************************************************************************** #
{ config, lib, inputs, pkgs, ... }:
{ config, pkgs, ... }:
{
imports = [
../modules/game.nix
../modules/vboxHost.nix
../modules/nvidia.nix
let
ports = [
22 #git ssh
80 443 #http server
5000 #frigate
8083 137 138 139 445 548 3702 5357 #prob some samba shit
24454 #minecraft voice chat
25565 # minecraft server
];
portRanges = [
{from = 47950; to = 49000;} #moonlight (wolf)
];
in
{
boot.kernelPackages = pkgs.linuxPackages;
boot.extraModulePackages = [ config.boot.kernelPackages.gasket ];
boot.extraModulePackages = [
config.boot.kernelPackages.gasket #driver for google coral edge tpu
];
networking.hostName = "server";
services.openssh.enable = true;
services.openssh.settings.PasswordAuthentication = false;
services.openssh.ports = [ 1880 ];
services.xserver.videoDrivers = [ "nvidia" ];
boot.extraModprobeConfig = ''
options amdgpu virtual_display=1
'';
environment.systemPackages = with pkgs; [
zfs
nvidia-docker
libnvidia-container
screen
];
''; #create dummy display to be able to start x11
boot.supportedFilesystems = [ "zfs" ];
# services.cron.enable = false;
# services.cron.systemCronJobs = [
# # m h dom m dow
# # https://crontab.guru <3
# ];
networking.firewall.allowedTCPPorts = [
22 #git ssh
80 443 #http server
5000 #frigate
8083 137 138 139 445 548 3702 5357 #prob some samba shit
24454 #minecraft voice chat
25565 # minecraft server
];
networking.firewall.allowedUDPPorts = [
22 #git ssh
80 443 #http server
5000 #frigate
8083 137 138 139 445 548 3702 5357 #prob some samba shit
24454 #minecraft voice chat
25565 # minecraft server
];
networking.firewall.allowedUDPPortRanges = [
{from = 47950; to = 49000;}
];
networking.firewall.allowedTCPPortRanges = [
{from = 47950; to = 49000;}
environment.systemPackages = with pkgs; [
zfs
screen #can be user (and global)
];
networking = {
hostName = "server";
interfaces.eth0.ipv4.addresses = [ {
address = "192.168.1.24";
prefixLength = 24;
} ];
defaultGateway.address = "192.168.1.254";
defaultGateway.interface = "eth0";
nameservers = ["8.8.8.8" "8.8.4.4" "1.1.1.1"];
hostId = "68290da7";
};
virtualisation.docker = {
liveRestore = false;
enableOnBoot = true;
# daemon.settings = {
# runtimes.nvidia.path = "${pkgs.nvidia-docker}/bin/nvidia-container-runtime";
# exec-opts = ["native.cgroupdriver=cgroupfs"];
# };
prefixLength = 24;
}
];
defaultGateway.address = "192.168.1.254";
defaultGateway.interface = "eth0";
nameservers = ["8.8.8.8" "8.8.4.4" "1.1.1.1"];
hostId = "68290da7";
firewall.allowedTCPPorts = ports;
firewall.allowedUDPPorts = ports;
firewall.allowedUDPPortRanges = portRanges;
firewall.allowedTCPPortRanges = portRanges;
};
services.fail2ban.enable = true;
services.fail2ban.bantime = "2h";
services.fail2ban.bantime = "5h";
hardware.nvidia-container-toolkit.enable = true;
hardware.nvidia = {
package = config.boot.kernelPackages.nvidiaPackages.beta;
open = true;
# prime.nvidiaBusId = "PCI:1:0:0";
# prime.amdgpuBusId = "PCI:13:0:0";
# prime.sync.enable = true;
# modesetting.enable = true;
mods.docker = {
enable = true;
boot = true;
};
}

15
osConfigs/hosts/vbox.nix
View File

@ -1,9 +1,18 @@
# **************************************************************************** #
# #
# ::: :::::::: #
# vbox.nix :+: :+: :+: #
# +:+ +:+ +:+ #
# By: tomoron <tomoron@student.42angouleme.fr> +#+ +:+ +#+ #
# +#+#+#+#+#+ +#+ #
# Created: 2025/09/06 00:56:42 by tomoron #+# #+# #
# Updated: 2025/09/06 00:56:52 by tomoron ### ########.fr #
# #
# **************************************************************************** #
{ ... }:
{
virtualisation.virtualbox.guest.enable = true;
mods.nvidia-graphics.enable = false;
mods.virtualManager.enable = false;
mods.gayming.enable = false;
}