From 0a0324c40e36f61e7f5ba4add576bc615903e57e Mon Sep 17 00:00:00 2001 From: Alexander Szczepanski Date: Sat, 2 Nov 2024 18:22:53 +0100 Subject: [PATCH] desktop-2024-11-02-18-22-53 --- configs/browser.nix | 5 +- configs/user-gui.nix | 1 - configs/user.nix | 1 - configs/virtualisation.nix | 26 ----- flake.lock | 30 ++--- machine/desktop/configuration.nix | 123 +++++++++++---------- machine/desktop/hardware-configuration.nix | 2 +- 7 files changed, 84 insertions(+), 104 deletions(-) diff --git a/configs/browser.nix b/configs/browser.nix index 3dad123..2076b5b 100755 --- a/configs/browser.nix +++ b/configs/browser.nix @@ -2,13 +2,12 @@ { programs.firefox = { enable = true; - nativeMessagingHosts.packages = with pkgs; [ uget-integrator ]; + # nativeMessagingHosts.packages = with pkgs; [ uget-integrator ]; }; environment.systemPackages = with pkgs; [ - uget + # uget brave - # firefox librewolf tor-browser-bundle-bin ]; diff --git a/configs/user-gui.nix b/configs/user-gui.nix index 0fefbc2..6f70a31 100755 --- a/configs/user-gui.nix +++ b/configs/user-gui.nix @@ -66,7 +66,6 @@ ]; home-manager.users.alex = { pkgs, ... }: { - # services = { syncthing = { enable = true; }; }; programs = { vscode = { enable = true; diff --git a/configs/user.nix b/configs/user.nix index 2082b86..a2737ae 100755 --- a/configs/user.nix +++ b/configs/user.nix @@ -30,7 +30,6 @@ in users.alex = { isNormalUser = true; uid = 1000; - # hashedPassword = secrets.hashedPassword; hashedPasswordFile = config.sops.secrets.hashedPassword.path; extraGroups = [ "wheel" diff --git a/configs/virtualisation.nix b/configs/virtualisation.nix index e4e324c..04245a3 100755 --- a/configs/virtualisation.nix +++ b/configs/virtualisation.nix @@ -2,36 +2,10 @@ { users.extraGroups.vboxusers.members = [ "alex" ]; - # "libvirtd" - # "qemu-libvirtd" - # "kvm" - virtualisation = { virtualbox.host = { enable = true; enableExtensionPack = true; }; - - vmware.host.enable = true; - - # libvirtd = { - # enable = true; - # qemu = { - # package = pkgs.qemu_kvm; - # swtpm.enable = true; - # ovmf = { - # enable = true; - # packages = [ - # (pkgs.OVMF.override { - # secureBoot = true; - # tpmSupport = true; - # }).fd - # ]; - # }; - # }; - # }; - # spiceUSBRedirection.enable = true; }; - - # environment.systemPackages = with pkgs; [ proot virtiofsd ]; } diff --git a/flake.lock b/flake.lock index 0ea9f9d..cf1bdae 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1730390431, - "narHash": "sha256-M+rMhDB69Y35IlhmAMN4ErDige+wKPwhb6HDqpF14Rw=", + "lastModified": 1730555728, + "narHash": "sha256-jBr4WUPat+R/79DBdk85hKyqDfoJII4Z+V+GoevYNDY=", "owner": "chaotic-cx", "repo": "nyx", - "rev": "40388a7427ee32af175c5169ae7587ffd2dec125", + "rev": "e734744bc2e9ca9aa577555bf028c5ea51eb5f77", "type": "github" }, "original": { @@ -102,11 +102,11 @@ ] }, "locked": { - "lastModified": 1730450782, - "narHash": "sha256-0AfApF8aexgB6o34qqLW2cCX4LaWJajBVdU6ddiWZBM=", + "lastModified": 1730490306, + "narHash": "sha256-AvCVDswOUM9D368HxYD25RsSKp+5o0L0/JHADjLoD38=", "owner": "nix-community", "repo": "home-manager", - "rev": "8ca921e5a806b5b6171add542defe7bdac79d189", + "rev": "1743615b61c7285976f85b303a36cdf88a556503", "type": "github" }, "original": { @@ -161,11 +161,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1730399394, - "narHash": "sha256-ryBNcIi3X3YPc7hsTLYzp13NFsnp/i+v+stWjB8fryk=", + "lastModified": 1730468752, + "narHash": "sha256-PixWHyqvcwst38jnOunWe/WjwlZ5R327zR/C+e0slAA=", "owner": "taj-ny", "repo": "kwin-effects-forceblur", - "rev": "9100b4f6fb7c81b66fd773f7943ad6a51371a496", + "rev": "411567be19109495f9afe56a2ccf404be0599d86", "type": "github" }, "original": { @@ -199,11 +199,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1730368399, - "narHash": "sha256-F8vJtG389i9fp3k2/UDYHMed3PLCJYfxCqwiVP7b9ig=", + "lastModified": 1730537918, + "narHash": "sha256-GJB1/aaTnAtt9sso/EQ77TAGJ/rt6uvlP0RqZFnWue8=", "owner": "nixos", "repo": "nixos-hardware", - "rev": "da14839ac5f38ee6adbdb4e6db09b5eef6d6ccdc", + "rev": "f6e0cd5c47d150c4718199084e5764f968f1b560", "type": "github" }, "original": { @@ -331,11 +331,11 @@ "systems": "systems" }, "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", + "lastModified": 1726560853, + "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", "owner": "numtide", "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", + "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", "type": "github" }, "original": { diff --git a/machine/desktop/configuration.nix b/machine/desktop/configuration.nix index 374a177..b0821f9 100755 --- a/machine/desktop/configuration.nix +++ b/machine/desktop/configuration.nix @@ -52,8 +52,8 @@ in defaultSopsFile = ../../secrets.yaml; validateSopsFiles = true; age = { - sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; - keyFile = "/var/lib/sops-nix/key.txt"; + sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ]; + keyFile = "/persist/var/lib/sops-nix/key.txt"; generateKey = true; }; @@ -76,12 +76,20 @@ in "benchmark" "big-parallel" "kvm" - "gccarch-znver2" + "gccarch-znver3" ]; trusted-substituters = [ "https://ai.cachix.org" ]; trusted-public-keys = [ "ai.cachix.org-1:N9dzRK+alWwoKXQlnn0H6aUx0lU/mspIoz8hMvGvbbc=" ]; }; + chaotic.nyx.cache.enable = false; + + # nixpkgs.localSystem = { + # gcc.arch = "znver3"; + # gcc.tune = "znver3"; + # system = "x86_64-linux"; + # }; + boot = { loader = { grub = { @@ -96,9 +104,9 @@ in tmp.useTmpfs = false; supportedFilesystems = [ "btrfs" ]; - kernelPackages = pkgs.pkgs.linuxPackages_cachyos-rc; + kernelPackages = pkgs.pkgs.linuxPackages_cachyos; kernelModules = [ "nct6775" ]; - extraModulePackages = with pkgs.pkgs.linuxPackages_cachyos-rc; [ ryzen-smu ]; + extraModulePackages = with pkgs.pkgs.linuxPackages_cachyos; [ ryzen-smu ]; # kernelParams = [ "clearcpuid=514" ]; # kernelParams = [ "amdgpu.ppfeaturemask=0xffffffff" ]; # kernelPatches = [{ @@ -157,31 +165,6 @@ in }; }; - environment.persistence."/persist" = { - directories = [ - "/etc/coolercontrol" - "/etc/NetworkManager/system-connections" - "/etc/nixos" - "/var/lib/bluetooth" - "/var/lib/docker" - "/var/lib/nixos" - "/var/lib/samba" - # "/var/lib/sddm" - "/var/lib/systemd/rfkill" - "/var/lib/tailscale" - "/var/lib/tuptime" - "/var/lib/vnstat" - ]; - files = [ - # "/etc/machine-id" - "/etc/NIXOS" - "/etc/ssh/ssh_host_ed25519_key" - "/etc/ssh/ssh_host_ed25519_key.pub" - "/etc/ssh/ssh_host_rsa_key" - "/etc/ssh/ssh_host_rsa_key.pub" - ]; - }; - systemd.services = { monitor = { description = "AMDGPU Control Daemon"; @@ -198,30 +181,56 @@ in time.timeZone = "Europe/Berlin"; - environment.systemPackages = with pkgs; [ - inputs.kwin-effects-forceblur.packages.${pkgs.system}.default - lact - amdgpu_top + environment = { + systemPackages = with pkgs; [ + inputs.kwin-effects-forceblur.packages.${pkgs.system}.default + lact + amdgpu_top - python3 - python311Packages.tkinter + python3 + python311Packages.tkinter - snapraid - mergerfs - gimp + snapraid + mergerfs + gimp - clinfo - gparted - mission-center - resources - stressapptest - ryzen-monitor-ng - qdiskinfo - # fan2go - # unigine-superposition + clinfo + gparted + mission-center + resources + stressapptest + ryzen-monitor-ng + qdiskinfo + # fan2go + # unigine-superposition - jdk - ]; + jdk + ]; + persistence."/persist" = { + directories = [ + "/etc/coolercontrol" + "/etc/NetworkManager/system-connections" + "/etc/nixos" + "/var/lib/bluetooth" + "/var/lib/docker" + "/var/lib/nixos" + "/var/lib/samba" + "/var/lib/sddm" + "/var/lib/systemd/rfkill" + "/var/lib/tailscale" + "/var/lib/tuptime" + "/var/lib/vnstat" + ]; + files = [ + # "/etc/machine-id" + "/etc/NIXOS" + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + ]; + }; + }; hardware = { keyboard.qmk.enable = true; @@ -354,14 +363,14 @@ in }; security = { - rtkit.enable = true; - apparmor.enable = true; + # rtkit.enable = true; + # apparmor.enable = true; - auditd.enable = true; - audit.enable = true; - audit.rules = [ - "-a exit,always -F arch=b64 -S execve" - ]; + # auditd.enable = true; + # audit.enable = true; + # audit.rules = [ + # "-a exit,always -F arch=b64 -S execve" + # ]; sudo.extraConfig = '' # rollback results in sudo lectures after each reboot diff --git a/machine/desktop/hardware-configuration.nix b/machine/desktop/hardware-configuration.nix index 7df0d00..7215b0f 100644 --- a/machine/desktop/hardware-configuration.nix +++ b/machine/desktop/hardware-configuration.nix @@ -57,6 +57,6 @@ swapDevices = [{ device = "/dev/disk/by-uuid/831be7b8-5b1b-4bda-a27d-5a1c4efb2c4d"; }]; networking.useDHCP = lib.mkDefault true; - nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + # nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; }