some fixes for home-hypervisor

2024-11-18 03:15:33 +03:00 · 2024-11-18 03:15:33 +03:00 · 7ac42248a5
commit 7ac42248a5
parent 6576e43d82
6 changed files with 37 additions and 54 deletions
--- a/profiles/hardware.nix
+++ b/profiles/hardware.nix
@ -1,31 +1,36 @@
-{ pkgs, config, ... }:
+{ config, lib, pkgs, ... }:
 with config.deviceSpecific; {
-  hardware.cpu.${devInfo.cpu.vendor}.updateMicrocode = true;
-  hardware.enableRedistributableFirmware = true;
+  config = lib.mkMerge [
+    ({
+      hardware.cpu.${devInfo.cpu.vendor}.updateMicrocode = true;
+      hardware.enableRedistributableFirmware = true;

-  hardware.graphics =  {
-    enable = true;
-    enable32Bit = true;
-    extraPackages = if devInfo.gpu.vendor == "intel" then [
-      pkgs.intel-media-driver
-      pkgs.intel-vaapi-driver
-      pkgs.libvdpau-va-gl
-    ] else if devInfo.gpu.vendor == "amd" then [
-      pkgs.rocmPackages.clr.icd
-    ] else [ ];
-  };
+      boot.initrd.kernelModules = if devInfo.gpu.vendor == "amd" then [
+        "amdgpu"
+      ] else if devInfo.gpu.vendor == "intel" then [
+        "i915"
+      ] else [ ];
+    })
+    (lib.mkIf (!isServer) {
+      hardware.graphics = {
+        enable = true;
+        enable32Bit = true;
+        extraPackages = if devInfo.gpu.vendor == "intel" then [
+          pkgs.intel-media-driver
+          pkgs.intel-vaapi-driver
+          pkgs.libvdpau-va-gl
+        ] else if devInfo.gpu.vendor == "amd" then [
+          pkgs.rocmPackages.clr.icd
+        ] else [ ];
+      };

-  environment.sessionVariables = if (devInfo.gpu.vendor == "intel") then {
-    GST_VAAPI_ALL_DRIVERS = "1";
-    LIBVA_DRIVER_NAME = "iHD";
-    VDPAU_DRIVER = "va_gl";
-  } else if (devInfo.gpu.vendor == "amd") then {
-    AMD_VULKAN_ICD = "RADV";
-  } else {};
-
-  boot.initrd.kernelModules = if devInfo.gpu.vendor == "amd" then [
-    "amdgpu"
-  ] else if devInfo.gpu.vendor == "intel" then [
-    "i915"
-  ] else [ ];
+      environment.sessionVariables = if (devInfo.gpu.vendor == "intel") then {
+        GST_VAAPI_ALL_DRIVERS = "1";
+        LIBVA_DRIVER_NAME = "iHD";
+        VDPAU_DRIVER = "va_gl";
+      } else if (devInfo.gpu.vendor == "amd") then {
+        AMD_VULKAN_ICD = "RADV";
+      } else {};
+    })
+  ];
 }
--- a/profiles/security/user.nix
+++ b/profiles/security/user.nix
@ -1,7 +1,5 @@
 { config, pkgs, ... }: {
  security.apparmor.enable = true;
-  programs.firejail.enable = true;
-
  users.mutableUsers = false;
  users.users.${config.mainuser} = {
    isNormalUser = true;
--- a/profiles/servers/tinyproxy.nix
+++ b/profiles/servers/tinyproxy.nix
@ -38,24 +38,6 @@
          rejectPackets = false;
        };
      };
-
-      nixpkgs.overlays = [(final: prev: {
-        sing-box =
-        if (lib.versionOlder prev.sing-box.version "1.10.1") then
-          prev.sing-box.overrideAttrs (_: {
-            version = "1.10.1";
-            src = prev.fetchFromGitHub {
-              owner = "SagerNet";
-              repo = "sing-box";
-              rev = "v1.10.1";
-              hash = "sha256-WGlYaD4u9M1hfT+L6Adc5gClIYOkFsn4c9FAympmscQ=";
-            };
-            vendorHash = "sha256-lyZ2Up1SSaRGvai0gGtq43MSdHfXc2PuxflSbASYZ4A=";
-          })
-        else
-          prev.sing-box;
-      })];
-
      system.stateVersion = "24.11";
    };
  };
--- a/profiles/virtualisation.nix
+++ b/profiles/virtualisation.nix
@ -78,8 +78,6 @@ with config.deviceSpecific; {
      "/var/lib/containers"
    ];

-    networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 5353 ];
-
    # cross compilation of aarch64 uefi currently broken
    # link existing extracted from fedora package
    system.activationScripts.aarch64-ovmf = lib.mkIf (!isServer) {
--- a/profiles/vpn.nix
+++ b/profiles/vpn.nix
@ -1,6 +1,6 @@
 { config, lib, pkgs, secretsDir, ... }:
 let
-  isTailscale = config.deviceSpecific.vpn.tailscale.enable;
+  tailscale = config.deviceSpecific.vpn.tailscale;
  wg = config.deviceSpecific.vpn.wireguard;
  sing-box = config.deviceSpecific.vpn.sing-box;
  wgIFName = "wg0";
@ -23,7 +23,7 @@ in {
        wantedBy = [ "multi-user.target" ];
      };
    })
-    (lib.mkIf isTailscale {
+    (lib.mkIf tailscale.enable {
      services.tailscale.enable = true;
      services.tailscale.useRoutingFeatures = "client";
      persist.state.directories = [ "/var/lib/tailscale" ];
--- a/profiles/workspace/misc.nix
+++ b/profiles/workspace/misc.nix
@ -14,7 +14,7 @@ with config.deviceSpecific; {
  services.journald.extraConfig = "Compress=false";
  services.gvfs.enable = !isServer;
  services.upower.enable = lib.mkDefault isLaptop;
-  xdg.portal.enable = true;
+  xdg.portal.enable = !isServer;
  xdg.portal.config.common.default = "*";
  # xdg.portal.xdgOpenUsePortal = true;

@ -43,10 +43,10 @@ with config.deviceSpecific; {
  persist.state.directories = [
    "/var/lib/nixos"
    "/var/lib/systemd"
-  ] ++ lib.optionals config.services.postgresql.enable [
-    "/var/lib/postgresql"
  ] ++ lib.optionals config.services.mysql.enable [
    config.services.mysql.dataDir
+  ] ++ lib.optionals ((devInfo.fileSystem != "zfs") && config.services.postgresql.enable) [
+    "/var/lib/postgresql"
  ];
  persist.state.homeDirectories = [
    "projects"