AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

some fixes for home-hypervisor

Browse Source
This commit is contained in:
Dmitriy Kholkin 2024-11-18 03:15:33 +03:00
parent 6576e43d82
commit 7ac42248a5
Signed by: AtaraxiaDev
GPG Key ID: FD266B810DF48DF2
6 changed files with 37 additions and 54 deletions

59
profiles/hardware.nix

@ -1,31 +1,36 @@
{ pkgs, config, ... }: { config, lib, pkgs, ... }:
with config.deviceSpecific; { with config.deviceSpecific; {
hardware.cpu.${devInfo.cpu.vendor}.updateMicrocode = true; config = lib.mkMerge [
hardware.enableRedistributableFirmware = true; ({
hardware.cpu.${devInfo.cpu.vendor}.updateMicrocode = true;
hardware.enableRedistributableFirmware = true;
hardware.graphics = { boot.initrd.kernelModules = if devInfo.gpu.vendor == "amd" then [
enable = true; "amdgpu"
enable32Bit = true; ] else if devInfo.gpu.vendor == "intel" then [
extraPackages = if devInfo.gpu.vendor == "intel" then [ "i915"
pkgs.intel-media-driver ] else [ ];
pkgs.intel-vaapi-driver })
pkgs.libvdpau-va-gl (lib.mkIf (!isServer) {
] else if devInfo.gpu.vendor == "amd" then [ hardware.graphics = {
pkgs.rocmPackages.clr.icd enable = true;
] else [ ]; enable32Bit = true;
}; extraPackages = if devInfo.gpu.vendor == "intel" then [
pkgs.intel-media-driver
pkgs.intel-vaapi-driver
pkgs.libvdpau-va-gl
] else if devInfo.gpu.vendor == "amd" then [
pkgs.rocmPackages.clr.icd
] else [ ];
};
environment.sessionVariables = if (devInfo.gpu.vendor == "intel") then { environment.sessionVariables = if (devInfo.gpu.vendor == "intel") then {
GST_VAAPI_ALL_DRIVERS = "1"; GST_VAAPI_ALL_DRIVERS = "1";
LIBVA_DRIVER_NAME = "iHD"; LIBVA_DRIVER_NAME = "iHD";
VDPAU_DRIVER = "va_gl"; VDPAU_DRIVER = "va_gl";
} else if (devInfo.gpu.vendor == "amd") then { } else if (devInfo.gpu.vendor == "amd") then {
AMD_VULKAN_ICD = "RADV"; AMD_VULKAN_ICD = "RADV";
} else {}; } else {};
})
boot.initrd.kernelModules = if devInfo.gpu.vendor == "amd" then [ ];
"amdgpu"
] else if devInfo.gpu.vendor == "intel" then [
"i915"
] else [ ];
} }

2
profiles/security/user.nix

@ -1,7 +1,5 @@
{ config, pkgs, ... }: { { config, pkgs, ... }: {
security.apparmor.enable = true; security.apparmor.enable = true;
programs.firejail.enable = true;
users.mutableUsers = false; users.mutableUsers = false;
users.users.${config.mainuser} = { users.users.${config.mainuser} = {
isNormalUser = true; isNormalUser = true;

18
profiles/servers/tinyproxy.nix

@ -38,24 +38,6 @@
rejectPackets = false; rejectPackets = false;
}; };
}; };
nixpkgs.overlays = [(final: prev: {
sing-box =
if (lib.versionOlder prev.sing-box.version "1.10.1") then
prev.sing-box.overrideAttrs (_: {
version = "1.10.1";
src = prev.fetchFromGitHub {
owner = "SagerNet";
repo = "sing-box";
rev = "v1.10.1";
hash = "sha256-WGlYaD4u9M1hfT+L6Adc5gClIYOkFsn4c9FAympmscQ=";
};
vendorHash = "sha256-lyZ2Up1SSaRGvai0gGtq43MSdHfXc2PuxflSbASYZ4A=";
})
else
prev.sing-box;
})];
system.stateVersion = "24.11"; system.stateVersion = "24.11";
}; };
}; };

2
profiles/virtualisation.nix

@ -78,8 +78,6 @@ with config.deviceSpecific; {
"/var/lib/containers" "/var/lib/containers"
]; ];
networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 5353 ];
# cross compilation of aarch64 uefi currently broken # cross compilation of aarch64 uefi currently broken
# link existing extracted from fedora package # link existing extracted from fedora package
system.activationScripts.aarch64-ovmf = lib.mkIf (!isServer) { system.activationScripts.aarch64-ovmf = lib.mkIf (!isServer) {

4
profiles/vpn.nix

@ -1,6 +1,6 @@
{ config, lib, pkgs, secretsDir, ... }: { config, lib, pkgs, secretsDir, ... }:
let let
isTailscale = config.deviceSpecific.vpn.tailscale.enable; tailscale = config.deviceSpecific.vpn.tailscale;
wg = config.deviceSpecific.vpn.wireguard; wg = config.deviceSpecific.vpn.wireguard;
sing-box = config.deviceSpecific.vpn.sing-box; sing-box = config.deviceSpecific.vpn.sing-box;
wgIFName = "wg0"; wgIFName = "wg0";
@ -23,7 +23,7 @@ in {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
}; };
}) })
(lib.mkIf isTailscale { (lib.mkIf tailscale.enable {
services.tailscale.enable = true; services.tailscale.enable = true;
services.tailscale.useRoutingFeatures = "client"; services.tailscale.useRoutingFeatures = "client";
persist.state.directories = [ "/var/lib/tailscale" ]; persist.state.directories = [ "/var/lib/tailscale" ];

6
profiles/workspace/misc.nix

@ -14,7 +14,7 @@ with config.deviceSpecific; {
services.journald.extraConfig = "Compress=false"; services.journald.extraConfig = "Compress=false";
services.gvfs.enable = !isServer; services.gvfs.enable = !isServer;
services.upower.enable = lib.mkDefault isLaptop; services.upower.enable = lib.mkDefault isLaptop;
xdg.portal.enable = true; xdg.portal.enable = !isServer;
xdg.portal.config.common.default = "*"; xdg.portal.config.common.default = "*";
# xdg.portal.xdgOpenUsePortal = true; # xdg.portal.xdgOpenUsePortal = true;
@ -43,10 +43,10 @@ with config.deviceSpecific; {
persist.state.directories = [ persist.state.directories = [
"/var/lib/nixos" "/var/lib/nixos"
"/var/lib/systemd" "/var/lib/systemd"
] ++ lib.optionals config.services.postgresql.enable [
"/var/lib/postgresql"
] ++ lib.optionals config.services.mysql.enable [ ] ++ lib.optionals config.services.mysql.enable [
config.services.mysql.dataDir config.services.mysql.dataDir
] ++ lib.optionals ((devInfo.fileSystem != "zfs") && config.services.postgresql.enable) [
"/var/lib/postgresql"
]; ];
persist.state.homeDirectories = [ persist.state.homeDirectories = [
"projects" "projects"