nixos-config/machines/AMD-Workstation/default.nix

{ inputs, config, lib, pkgs, secretsDir, ... }: {
  imports = with inputs.self; [
    ./boot.nix
    ./hardware-configuration.nix
    # ./kernel
    customRoles.workstation

    customProfiles.a2ln-server
    customProfiles.act
    customProfiles.aria2
    # customProfiles.attic
    customProfiles.bluetooth
    customProfiles.cassowary
    customProfiles.emulators
    customProfiles.flatpak
    customProfiles.hoyo
    customProfiles.minecraft
    customProfiles.nicotine
    # customProfiles.sunshine
    customProfiles.wine-games

    customProfiles.ollama
    customProfiles.ccache

    inputs.chaotic.nixosModules.default
  ];
  # chaotic.nyx.overlay.enable = true;

  startupApplications = [ "com.valvesoftware.Steam" ];
  # nixpkgs.config.rocmSupport = true;

  security.pki.certificateFiles = [ ../../misc/mitmproxy-ca-cert.pem ];

  virtualisation.libvirt.guests = {
    win10code = {
      autoStart = false;
      user = config.mainuser;
      group = "libvirtd";
      xmlFile = ./vm/win10code.xml;
    };
    win10ed = {
      autoStart = false;
      user = config.mainuser;
      group = "libvirtd";
      xmlFile = ./vm/win10ed.xml;
    };
  };

  deviceSpecific.devInfo = {
    cpu.vendor = "amd";
    drive.type = "ssd";
    gpu.vendor = "amd";
    ram = 48;
    fileSystem = "zfs";
  };
  deviceSpecific.isGaming = true;
  deviceSpecific.enableVirtualisation = true;
  # VPN
  deviceSpecific.vpn.tailscale.enable = true;
  deviceSpecific.vpn.sing-box.enable = true;
  deviceSpecific.vpn.sing-box.config = "ataraxia-singbox";

  # Mount
  # TODO: fix sops
  sops.secrets.files-veracrypt.sopsFile = secretsDir + /amd-workstation/misc.yaml;
  services.cryptmount.files-veracrypt = {
    what = "/dev/disk/by-partuuid/15fa11a1-a6d8-4962-9c03-74b209d7c46a";
    where = "/media/files";
    fsType = "ntfs";
    cryptType = "tcrypt";
    passwordFile = config.sops.secrets.files-veracrypt.path;
    mountOptions = [
      "uid=${toString config.users.users.${config.mainuser}.uid}"
      "gid=${toString config.users.groups.users.gid}"
    ];
  };
  fileSystems = {
    "/media/win-sys" = {
      fsType = "ntfs";
      device = "/dev/disk/by-partuuid/5b47cea7-465c-4051-a6ba-76d0eaf42929";
      options = [
        "nofail"
        "uid=${toString config.users.users.${config.mainuser}.uid}"
        "gid=${toString config.users.groups.users.gid}"
      ];
    };
    "/media/local-nfs" = {
      device = "10.10.10.11:/";
      fsType = "nfs4";
      options = [ "nfsvers=4.2" "x-systemd.automount" "noauto" ];
    };
  };

  powerManagement.cpuFreqGovernor = "schedutil";
  hardware.firmware = [ pkgs.rtl8761b-firmware ];
  services.openssh.settings.PermitRootLogin = lib.mkForce "without-password";
  services.ratbagd.enable = true;
  # Networking
  networking.firewall.allowedTCPPorts = [ 8000 5900 52736 3456 1080 ];
  networking.nameservers = [ "10.10.10.1" ];
  networking.defaultGateway = "10.10.10.1";
  networking.bridges.br0.interfaces = [ "enp9s0" ];
  networking.interfaces.br0 = {
    useDHCP = false;
    ipv4.addresses = [{
      address = "10.10.10.100";
      prefixLength = 24;
    }];
  };

  services.postgresql.settings = {
    full_page_writes = "off";
    wal_init_zero = "off";
    wal_recycle = "off";
  };
  services.modprobed-db.enable = true;

  programs.nix-ld.enable = true;
  environment.systemPackages = [
    pkgs.kdiskmark
  ];
  home-manager.users.${config.mainuser} = {
    home.packages = [
      inputs.nixos-generators.packages.${pkgs.hostPlatform.system}.nixos-generate
      pkgs.devenv
      pkgs.nh
      pkgs.nix-alien
      pkgs.nix-diff
      pkgs.nix-eval-jobs
      pkgs.nix-fast-build
      # pkgs.nix-init
      pkgs.nix-update
      pkgs.nixfmt-rfc-style
      pkgs.nixos-anywhere
      pkgs.nixpkgs-review

      pkgs.anydesk
      pkgs.arduino-ide
      pkgs.dig.dnsutils
      pkgs.distrobox
      pkgs.exercism
      pkgs.freerdp
      pkgs.kdePackages.merkuro
      pkgs.libsForQt5.ark
      pkgs.libsForQt5.dolphin
      pkgs.maa-cli
      pkgs.mitmproxy
      pkgs.mkvtoolnix
      pkgs.modprobed-db
      pkgs.packwiz
      pkgs.piper
      pkgs.prismlauncher
      pkgs.radeontop
      pkgs.streamrip
      pkgs.wayvnc
      pkgs.winbox
      pkgs.yt-archivist
    ];
    xdg.configFile."distrobox/distrobox.conf".text = ''
      container_always_pull="1"
      container_manager="podman"
    '';
    home.stateVersion = "24.05";
  };

  # services.netbird.clients.priv = {
  #   interface = "wt0";
  #   port = 58467;
  #   hardened = false;
  #   ui.enable = true;
  #   autoStart = false;
  #   config = {
  #     AdminURL.Host = "net.ataraxiadev.com:443";
  #     AdminURL.Scheme = "https";
  #     ManagementURL.Host = "net.ataraxiadev.com:443";
  #     ManagementURL.Scheme = "https";
  #     RosenpassEnabled = true;
  #     RosenpassPermissive = true;
  #   };
  # };

  persist.state = {
    directories = [ "/var/lib/netbird-priv" ];
    homeDirectories = [
      ".arduino15"
      ".arduinoIDE"
      ".config/exercism"
      ".config/maa"
      ".config/modprobed-db"
      ".config/sops/age"
      ".config/streamrip"
      ".local/share/distrobox"
      ".local/share/maa"
      ".local/share/PrismLauncher"
      ".local/share/winbox"
      ".mitmproxy"
    ];
  };

  system.stateVersion = "23.05";
}
disable wireguard, enable sing-box on amd, dell, tinyproxy 2024-10-24 01:57:37 +03:00			`{ inputs, config, lib, pkgs, secretsDir, ... }: {`
upgrade system 2022-12-07 22:05:00 +03:00			`imports = with inputs.self; [`
preparation to reinstall workstation 2023-03-25 19:31:05 +03:00			`./boot.nix`
massive refactoring 2021-02-07 02:38:11 +03:00			`./hardware-configuration.nix`
upgrade system 2024-09-11 18:01:30 +03:00			`# ./kernel`
change flake-utils-plus to upstream 2023-10-13 19:43:02 +03:00			`customRoles.workstation`
vfio passthrough module 2022-10-21 14:01:19 +03:00
change flake-utils-plus to upstream 2023-10-13 19:43:02 +03:00			`customProfiles.a2ln-server`
			`customProfiles.act`
add aria2 2024-09-19 23:56:49 +03:00			`customProfiles.aria2`
upgrade system 2024-09-11 18:01:30 +03:00			`# customProfiles.attic`
change flake-utils-plus to upstream 2023-10-13 19:43:02 +03:00			`customProfiles.bluetooth`
			`customProfiles.cassowary`
			`customProfiles.emulators`
add flatpak to amd-workstation 2024-10-24 01:42:29 +03:00			`customProfiles.flatpak`
change flake-utils-plus to upstream 2023-10-13 19:43:02 +03:00			`customProfiles.hoyo`
			`customProfiles.minecraft`
add nicotine-plus 2023-11-16 03:47:35 +03:00			`customProfiles.nicotine`
upgrade 2024-07-16 15:11:12 +03:00			`# customProfiles.sunshine`
change flake-utils-plus to upstream 2023-10-13 19:43:02 +03:00			`customProfiles.wine-games`
move ollama to profiles 2024-06-18 18:28:21 +03:00
			`customProfiles.ollama`
enable ccache 2024-07-16 14:50:57 +03:00			`customProfiles.ccache`
fix dpi issue on AMD-Workstation 2021-09-15 15:41:21 +03:00
cachyos kernel on workstation 2024-11-12 00:59:34 +03:00			`inputs.chaotic.nixosModules.default`
move some services from dead hypervisor to workstation 2024-07-16 15:17:39 +03:00			`];`
remove server stuff from amd-workstation 2024-11-18 03:18:35 +03:00			`# chaotic.nyx.overlay.enable = true;`
move some services from dead hypervisor to workstation 2024-07-16 15:17:39 +03:00
auto start flatpak steam on amd-workstation 2024-10-24 01:42:48 +03:00			`startupApplications = [ "com.valvesoftware.Steam" ];`
remove server stuff from amd-workstation 2024-11-18 03:18:35 +03:00			`# nixpkgs.config.rocmSupport = true;`
move some services from dead hypervisor to workstation 2024-07-16 15:17:39 +03:00
add mitmproxy cerificate to amd-workstation 2024-01-12 23:52:13 +03:00			`security.pki.certificateFiles = [ ../../misc/mitmproxy-ca-cert.pem ];`

add win2k22 vm 2023-04-15 03:13:42 +03:00			`virtualisation.libvirt.guests = {`
new vms 2024-12-28 11:35:48 +03:00			`win10code = {`
remove old vm and fix new 2025-02-12 21:55:40 +03:00			`autoStart = false;`
new vms 2024-12-28 11:35:48 +03:00			`user = config.mainuser;`
			`group = "libvirtd";`
			`xmlFile = ./vm/win10code.xml;`
			`};`
			`win10ed = {`
add new vm to amd-workstation 2024-01-12 23:52:00 +03:00			`autoStart = false;`
			`user = config.mainuser;`
			`group = "libvirtd";`
new vms 2024-12-28 11:35:48 +03:00			`xmlFile = ./vm/win10ed.xml;`
add new vm to amd-workstation 2024-01-12 23:52:00 +03:00			`};`
add win2k22 vm 2023-04-15 03:13:42 +03:00			`};`

massive refactoring 2021-02-07 02:38:11 +03:00			`deviceSpecific.devInfo = {`
huge cleanup and refactoring 2024-01-21 19:29:36 +03:00			`cpu.vendor = "amd";`
			`drive.type = "ssd";`
			`gpu.vendor = "amd";`
using zfs on workstation 2022-10-08 04:32:18 +03:00			`ram = 48;`
			`fileSystem = "zfs";`
massive refactoring 2021-02-07 02:38:11 +03:00			`};`
			`deviceSpecific.isGaming = true;`
			`deviceSpecific.enableVirtualisation = true;`
tailscale + wg-quick on clients 2023-07-05 20:42:56 +03:00			`# VPN`
			`deviceSpecific.vpn.tailscale.enable = true;`
disable wireguard, enable sing-box on amd, dell, tinyproxy 2024-10-24 01:57:37 +03:00			`deviceSpecific.vpn.sing-box.enable = true;`
			`deviceSpecific.vpn.sing-box.config = "ataraxia-singbox";`

huge cleanup and refactoring 2024-01-21 19:29:36 +03:00			`# Mount`
use sops instead of secrets module 2024-01-22 16:44:51 +03:00			`# TODO: fix sops`
disable wireguard, enable sing-box on amd, dell, tinyproxy 2024-10-24 01:57:37 +03:00			`sops.secrets.files-veracrypt.sopsFile = secretsDir + /amd-workstation/misc.yaml;`
mount encrypted partition with sops key 2024-02-09 21:22:02 +03:00			`services.cryptmount.files-veracrypt = {`
			`what = "/dev/disk/by-partuuid/15fa11a1-a6d8-4962-9c03-74b209d7c46a";`
			`where = "/media/files";`
			`fsType = "ntfs";`
			`cryptType = "tcrypt";`
			`passwordFile = config.sops.secrets.files-veracrypt.path;`
			`mountOptions = [`
			`"uid=${toString config.users.users.${config.mainuser}.uid}"`
			`"gid=${toString config.users.groups.users.gid}"`
			`];`
cleanup 2022-12-14 23:49:46 +03:00			`};`
			`fileSystems = {`
amd-workstation settings 2023-05-24 21:24:33 +03:00			`"/media/win-sys" = {`
			`fsType = "ntfs";`
			`device = "/dev/disk/by-partuuid/5b47cea7-465c-4051-a6ba-76d0eaf42929";`
			`options = [`
			`"nofail"`
			`"uid=${toString config.users.users.${config.mainuser}.uid}"`
			`"gid=${toString config.users.groups.users.gid}"`
			`];`
			`};`
auto mount nfs share 2024-12-28 11:37:41 +03:00			`"/media/local-nfs" = {`
			`device = "10.10.10.11:/";`
			`fsType = "nfs4";`
			`options = [ "nfsvers=4.2" "x-systemd.automount" "noauto" ];`
			`};`
cleanup 2022-12-14 23:49:46 +03:00			`};`

update system 2023-02-22 23:57:37 +03:00			`powerManagement.cpuFreqGovernor = "schedutil";`
huge cleanup and refactoring 2024-01-21 19:29:36 +03:00			`hardware.firmware = [ pkgs.rtl8761b-firmware ];`
update 2023-02-11 01:19:24 +03:00			`services.openssh.settings.PermitRootLogin = lib.mkForce "without-password";`
cleanup 2022-12-14 23:49:46 +03:00			`services.ratbagd.enable = true;`
huge cleanup and refactoring 2024-01-21 19:29:36 +03:00			`# Networking`
disable wireguard, enable sing-box on amd, dell, tinyproxy 2024-10-24 01:57:37 +03:00			`networking.firewall.allowedTCPPorts = [ 8000 5900 52736 3456 1080 ];`
change local ip subnet 2024-08-04 13:57:46 +03:00			`networking.nameservers = [ "10.10.10.1" ];`
			`networking.defaultGateway = "10.10.10.1";`
fix bridge on amd-workstation 2023-11-22 05:56:04 +03:00			`networking.bridges.br0.interfaces = [ "enp9s0" ];`
bridge network on amd-workstation 2023-10-13 19:53:37 +03:00			`networking.interfaces.br0 = {`
			`useDHCP = false;`
			`ipv4.addresses = [{`
change local ip subnet 2024-08-04 13:57:46 +03:00			`address = "10.10.10.100";`
bridge network on amd-workstation 2023-10-13 19:53:37 +03:00			`prefixLength = 24;`
			`}];`
			`};`
add wayvnc 2023-09-16 00:52:52 +03:00
tune postgresql for zfs on AMD-Workstation 2024-08-04 13:42:59 +03:00			`services.postgresql.settings = {`
			`full_page_writes = "off";`
			`wal_init_zero = "off";`
			`wal_recycle = "off";`
			`};`
add modprobed-db service 2024-07-16 15:11:58 +03:00			`services.modprobed-db.enable = true;`
tune postgresql for zfs on AMD-Workstation 2024-08-04 13:42:59 +03:00
huge cleanup and refactoring 2024-01-21 19:29:36 +03:00			`programs.nix-ld.enable = true;`
add kdiskmark to amd-workstation 2024-10-24 01:59:43 +03:00			`environment.systemPackages = [`
			`pkgs.kdiskmark`
			`];`
use users module 2022-12-10 22:34:39 +03:00			`home-manager.users.${config.mainuser} = {`
add wayvnc 2023-09-16 00:52:52 +03:00			`home.packages = [`
cleanup 2022-12-14 23:49:46 +03:00			`inputs.nixos-generators.packages.${pkgs.hostPlatform.system}.nixos-generate`
add some packages to workstation 2024-09-14 18:48:27 +03:00			`pkgs.devenv`
			`pkgs.nh`
large cleanup and some fixes 2023-03-27 20:57:06 +03:00			`pkgs.nix-alien`
add some packages to workstation 2024-09-14 18:48:27 +03:00			`pkgs.nix-diff`
			`pkgs.nix-eval-jobs`
			`pkgs.nix-fast-build`
add minecraft server 2023-07-26 21:19:30 +03:00			`# pkgs.nix-init`
add some packages to workstation 2024-09-14 18:48:27 +03:00			`pkgs.nix-update`
			`pkgs.nixfmt-rfc-style`
			`pkgs.nixos-anywhere`
update 2023-02-14 07:04:20 +03:00			`pkgs.nixpkgs-review`
add some packages to workstation 2024-09-14 18:48:27 +03:00
update system 2023-02-22 23:57:37 +03:00			`pkgs.anydesk`
add some packages to workstation 2024-09-14 18:48:27 +03:00			`pkgs.arduino-ide`
			`pkgs.dig.dnsutils`
distrobox conf 2023-10-01 23:39:32 +03:00			`pkgs.distrobox`
add exercism 2024-04-23 21:37:27 +03:00			`pkgs.exercism`
add some packages 2024-12-28 11:40:55 +03:00			`pkgs.freerdp`
add some packages to workstation 2024-09-14 18:48:27 +03:00			`pkgs.kdePackages.merkuro`
add some pkgs to amd-workstation 2024-07-16 15:18:47 +03:00			`pkgs.libsForQt5.ark`
			`pkgs.libsForQt5.dolphin`
upgrade system 2024-11-12 00:58:04 +03:00			`pkgs.maa-cli`
add some packages to workstation 2024-09-14 18:48:27 +03:00			`pkgs.mitmproxy`
add some packages 2024-12-28 11:40:55 +03:00			`pkgs.mkvtoolnix`
add modprobed-db service 2024-07-16 15:11:58 +03:00			`pkgs.modprobed-db`
add some packages to workstation 2024-09-14 18:48:27 +03:00			`pkgs.packwiz`
			`pkgs.piper`
			`pkgs.prismlauncher`
			`pkgs.radeontop`
			`pkgs.streamrip`
			`pkgs.wayvnc`
			`pkgs.winbox`
			`pkgs.yt-archivist`
use users module 2022-12-10 22:34:39 +03:00			`];`
distrobox conf 2023-10-01 23:39:32 +03:00			`xdg.configFile."distrobox/distrobox.conf".text = ''`
			`container_always_pull="1"`
			`container_manager="podman"`
			`'';`
update stateVersion 2024-06-17 19:48:55 +03:00			`home.stateVersion = "24.05";`
use users module 2022-12-10 22:34:39 +03:00			`};`
vfio passthrough module 2022-10-21 14:01:19 +03:00
upgrade 2024-10-24 01:39:51 +03:00			`# services.netbird.clients.priv = {`
			`# interface = "wt0";`
			`# port = 58467;`
			`# hardened = false;`
			`# ui.enable = true;`
			`# autoStart = false;`
			`# config = {`
			`# AdminURL.Host = "net.ataraxiadev.com:443";`
			`# AdminURL.Scheme = "https";`
			`# ManagementURL.Host = "net.ataraxiadev.com:443";`
			`# ManagementURL.Scheme = "https";`
			`# RosenpassEnabled = true;`
			`# RosenpassPermissive = true;`
			`# };`
			`# };`
add netbird daemon to some machines 2024-06-30 13:49:13 +03:00
test ollama 2024-06-17 19:47:18 +03:00			`persist.state = {`
test netbird daemon 2024-07-01 12:01:57 +03:00			`directories = [ "/var/lib/netbird-priv" ];`
test ollama 2024-06-17 19:47:18 +03:00			`homeDirectories = [`
add arduino-ide to workstation 2024-08-04 13:46:46 +03:00			`".arduino15"`
			`".arduinoIDE"`
move ollama to profiles 2024-06-18 18:28:21 +03:00			`".config/exercism"`
upgrade system 2024-11-12 00:58:04 +03:00			`".config/maa"`
add modprobed-db service 2024-07-16 15:11:58 +03:00			`".config/modprobed-db"`
wip age keys for sops 2024-10-24 01:40:30 +03:00			`".config/sops/age"`
add streamrip 2024-07-07 16:59:04 +03:00			`".config/streamrip"`
upgrade system 2024-11-12 00:58:04 +03:00			`".local/share/distrobox"`
			`".local/share/maa"`
			`".local/share/PrismLauncher"`
			`".local/share/winbox"`
			`".mitmproxy"`
move ollama to profiles 2024-06-18 18:28:21 +03:00			`];`
test ollama 2024-06-17 19:47:18 +03:00			`};`
persist winbox folder 2023-04-15 03:14:27 +03:00
update some modules to new install 2023-03-26 19:24:28 +03:00			`system.stateVersion = "23.05";`
massive refactoring 2021-02-07 02:38:11 +03:00			`}`