From e37b430512bbef89dfe8ab75454286de4836ab6e Mon Sep 17 00:00:00 2001 From: Rory& Date: Mon, 10 Jun 2024 17:33:26 +0200 Subject: Add portable config, some updates --- flake.nix | 28 +++ host/Rory-desktop/configuration.nix | 1 + host/Rory-nginx/services/nginx/nginx.nix | 14 +- host/Rory-portable/configuration.nix | 277 +++++++++++++++++++++ host/Rory-portable/mariadb.nix | 10 + host/Rory-portable/nginx.nix | 39 +++ host/Rory-portable/nginx/discord.localhost.nix | 37 +++ host/Rory-portable/ollama.nix | 17 ++ .../optional/hardware-specific/amd.nix | 44 ++++ .../optional/hardware-specific/nvidia.nix | 40 +++ host/Rory-portable/postgres.nix | 34 +++ host/Rory-portable/printing.nix | 51 ++++ 12 files changed, 590 insertions(+), 2 deletions(-) create mode 100644 host/Rory-portable/configuration.nix create mode 100644 host/Rory-portable/mariadb.nix create mode 100644 host/Rory-portable/nginx.nix create mode 100755 host/Rory-portable/nginx/discord.localhost.nix create mode 100755 host/Rory-portable/ollama.nix create mode 100644 host/Rory-portable/optional/hardware-specific/amd.nix create mode 100644 host/Rory-portable/optional/hardware-specific/nvidia.nix create mode 100755 host/Rory-portable/postgres.nix create mode 100644 host/Rory-portable/printing.nix diff --git a/flake.nix b/flake.nix index 7d5fba5..2a04e87 100755 --- a/flake.nix +++ b/flake.nix @@ -119,6 +119,34 @@ }; }; + Rory-portable = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./host/Rory-portable/configuration.nix + ./hardware-configuration.nix + home-manager.nixosModules.home-manager + ({...}: { + nix = { + registry.nixpkgs.flake = nixpkgs; + nixPath = [ + "nixpkgs=${nixpkgs.outPath}" + ]; + }; + }) + # ... add this line to the rest of your configuration modules + #nix-ld.nixosModules.nix-ld + + # The module in this repository defines a new module under (programs.nix-ld.dev) instead of (programs.nix-ld) + # to not collide with the nixpkgs version. + #{ programs.nix-ld.dev.enable = true; } + ]; + specialArgs = { + inherit home-manager; + inherit (inputs) mtxclientSrc; + inherit (inputs) nhekoSrc; + }; + }; + #STABLE RoryNix = nixpkgs-RoryNix.lib.nixosSystem { system = "i686-linux"; diff --git a/host/Rory-desktop/configuration.nix b/host/Rory-desktop/configuration.nix index 9f8da16..42176d0 100644 --- a/host/Rory-desktop/configuration.nix +++ b/host/Rory-desktop/configuration.nix @@ -141,6 +141,7 @@ }; environment.systemPackages = with pkgs; [ + libreoffice qt6.qtwayland gnome-console diff --git a/host/Rory-nginx/services/nginx/nginx.nix b/host/Rory-nginx/services/nginx/nginx.nix index 91340c7..2e2d671 100755 --- a/host/Rory-nginx/services/nginx/nginx.nix +++ b/host/Rory-nginx/services/nginx/nginx.nix @@ -1,6 +1,16 @@ { config, pkgs, lib, ... }: - -{ +let + serveDir = config : { + enableACME = if config ? ssl then config.ssl else true; + addSSL = if config ? ssl then config.ssl else true; + root = if config ? path then config.path else builtins.throw "path is required"; + locations = { + "/" = { + index = "index.html"; + }; + }; + }; +in { services = { nginx = { enable = true; diff --git a/host/Rory-portable/configuration.nix b/host/Rory-portable/configuration.nix new file mode 100644 index 0000000..579a655 --- /dev/null +++ b/host/Rory-portable/configuration.nix @@ -0,0 +1,277 @@ +{ config, pkgs, lib, nhekoSrc, mtxclientSrc, ... }: + +{ + imports = + [ + # base imports + ../../modules/base-client.nix + ../../modules/packages/vim.nix +# ../../modules/environments/home.nix + #../../modules/software-templates/profilers.nix + #./postgres.nix + #./nginx.nix + + # hardware-specific imports + #./optional/hardware-specific/amd.nix + + #./printing.nix + ./ollama.nix + ]; + + boot = { + kernelPackages = pkgs.linuxPackages_latest; + loader = { + grub = { + enable = true; + device = "nodev"; # nodev for EFI only + # EFI + efiSupport = true; + efiInstallAsRemovable = true; + }; + }; + #readOnlyNixStore = false; + }; + + services.udev.extraRules = '' + #SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", MODE="0664", GROUP="users" + # SDP protocol + KERNEL=="hidraw*", ATTRS{idVendor}=="1fc9", MODE="0666" + ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="1fc9", MODE="0666" + ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="0d28", MODE="0666" + # Flashloader + KERNEL=="hidraw*", ATTRS{idVendor}=="15a2", MODE="0666" + # Controller + KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="18d1", MODE="0666" + SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="9400", MODE="0660", TAG+="uaccess" + ''; + + networking = { + hostName = "Rory-portable"; + networkmanager.enable = true; + wireless.enable = false; + firewall = { + enable = false; + # allowedTCPPorts = [ ... ]; + # allowedUDPPorts = [ ... ]; + }; + + #interfaces.enp34s0.ipv4.addresses = [ { + # address = "192.168.0.3"; + # prefixLength = 24; + #} ]; +# + #defaultGateway = "192.168.0.1"; + # useDHCP = true; + }; + + time.timeZone = "Europe/Brussels"; + i18n.defaultLocale = "en_US.UTF-8"; + + services = { + xserver = { + enable = true; + updateDbusEnvironment = true; + #videoDrivers = ["amdgpu"]; #"nvidia" + #desktopManager.gnome.enable = true; + libinput.enable = true; + layout = "us"; + windowManager.i3.enable = true; + windowManager.i3.extraSessionCommands = '' + # output from arandr: + #xrandr --output DP-1 --mode 1920x1080 --pos 3840x1080 --rotate normal --output HDMI-1 --mode 3840x2160 --pos 0x0 --rotate normal --output HDMI-2 --off --output DP-2 --off + #xrandr --output HDMI-1 --mode 3840x2160 --pos 0x0 --rotate normal --primary --output DP-1 --mode 1920x1080 --pos 3840x1080 --rotate normal --output HDMI-2 --off --output DP-2 --off + ${pkgs.polybarFull}/bin/polybar & + ${pkgs.dunst}/bin/dunst & + ${pkgs.feh}/bin/feh --no-fehbg --bg-fill ${../../modules/users/Rory/wallpaper.webp} + ''; + }; + picom.enable = true; + picom.vSync = false; + picom.backend = "glx"; + + openssh = { + enable = true; + extraConfig = '' + MaxAuthTries 32 + ''; + }; + pipewire = { + enable = true; + audio.enable = true; + pulse.enable = true; + wireplumber.enable = true; + jack.enable = true; + alsa.enable = true; + }; + }; + + sound.enable = true; + + users.users = { + Rory = { + isNormalUser = true; + extraGroups = [ "wheel" ]; + packages = with pkgs; [ + #gimp-with-plugins + + #xterm + #gnomeExtensions.vitals + #gnomeExtensions.runcat + ]; + initialPassword = "password"; + }; + }; + + environment.systemPackages = with pkgs; [ + libreoffice + qt6.qtwayland + + gnome-console + feh + easyeffects + kitty + youtube-music + + # - IDEs + #jetbrains-toolbox + jetbrains.rider + #jetbrains.webstorm + #jetbrains.clion + github-copilot-intellij-agent + + + dbeaver-bin + #insomnia + vscode + + # - Utilities + inkscape-with-extensions + gimp #-with-plugins + + # - Languages + #dotnet-sdk_7 + #dotnet-sdk_8 + (callPackage ../../modules/packages/dotnet-pack.nix { inherit pkgs; }) + + #games + osu-lazer-bin + #steam + steam-run + + # extra packages + dmenu + + cinnamon.nemo + gnome.file-roller + firefox-bin + ungoogled-chromium #needed for Rider in order to debug WASM + + peek + + unrar-wrapper + + #(schildichat-desktop.override { electron = electron; }) + (callPackage ../../modules/packages/nheko-git.nix { inherit nhekoSrc; inherit mtxclientSrc; voipSupport = false; }) + #(callPackage ../../modules/packages/mc/server/modpack/curseforge/techopolis-2/5.4.nix { }) + + #vesktop + virt-viewer + + # (dwarf-fortress-packages.dwarf-fortress-full.override { enableStoneSense = true; enableFPS = true; theme = dwarf-fortress-packages.themes.spacefox; }) + ]; + + programs.steam.enable = true; + programs.steam.gamescopeSession.enable = true; + + #environment.gnome.excludePackages = [ + # pkgs.orca + # pkgs.gnome-tour + # pkgs.gnome-user-docs + #]; + xdg = { + portal = { + + enable = true; + extraPortals = with pkgs; [ + #xdg-desktop-portal-gtk + xdg-desktop-portal-xapp + (callPackage ../../modules/packages/xdg-desktop-portal-gtk.nix { }) + ]; + config = { + common = { + default = [ "gtk" ]; + }; + }; + xdgOpenUsePortal = true; + gtkUsePortal = true; + + }; + #sounds.enable = true; + #mime.enable = true; + #menus.enable = true; + #icons.enable = true; + #autostart.enable = true; + }; + fonts = { + fonts = with pkgs; [ + (nerdfonts.override { fonts = [ "JetBrainsMono" ]; }) + noto-fonts-monochrome-emoji + ]; + fontconfig.defaultFonts.monospace = with pkgs; [ + "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular" + ]; + fontconfig.defaultFonts.sansSerif = with pkgs; [ + "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular" + ]; + fontconfig.defaultFonts.serif = with pkgs; [ + "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular" + ]; + fontconfig.defaultFonts.emoji = with pkgs; [ + "freefont" + ]; + enableDefaultPackages = lib.mkForce false; + enableGhostscriptFonts = lib.mkForce false; + }; + nix = { + settings = { + experimental-features = [ "nix-command" "flakes" ]; + auto-optimise-store = true; + }; + }; + nixpkgs = { + config = { + allowUnfree = true; + permittedInsecurePackages = [ + "electron-25.9.0" + ]; + }; + + }; + security = { + polkit.enable = true; + sudo.wheelNeedsPassword = false; + }; + + hardware = { + pulseaudio.enable = false; + }; + programs.dconf.enable = true; + environment.etc."resolv.conf".text = '' + nameserver 8.8.8.8 + nameserver 8.4.4.8 + nameserver 1.1.1.1 + nameserver 1.0.0.1 + ''; + + #networking.wireguard.interfaces = { + # wg-KP-Ran = { + + #}; + # }; + + virtualisation.libvirtd.enable = true; + programs.virt-manager.enable = true; + + system.stateVersion = "22.11"; # DO NOT EDIT! +} + diff --git a/host/Rory-portable/mariadb.nix b/host/Rory-portable/mariadb.nix new file mode 100644 index 0000000..3ebbb0b --- /dev/null +++ b/host/Rory-portable/mariadb.nix @@ -0,0 +1,10 @@ +{ config, pkgs, lib, ... }: + +{ + services.mysql = { + enable = true; + package = pkgs.mariadb; + }; + +} + diff --git a/host/Rory-portable/nginx.nix b/host/Rory-portable/nginx.nix new file mode 100644 index 0000000..fc2adca --- /dev/null +++ b/host/Rory-portable/nginx.nix @@ -0,0 +1,39 @@ +{ config, pkgs, lib, ... }: + +{ + services = { + nginx = { + enable = true; + #package = pkgs.nginxQuic; + recommendedProxySettings = true; + #recommendedTlsSettings = true; + recommendedZstdSettings = true; + recommendedGzipSettings = true; + recommendedBrotliSettings = true; + recommendedOptimisation = true; + #defaultMimeTypes = ../../../../modules/packages/nginx/mime.types; + appendConfig = '' + worker_processes 16; + ''; + eventsConfig = '' + #use kqueue; + worker_connections 512; + ''; + appendHttpConfig = '' + #sendfile on; + disable_symlinks off; + ''; + additionalModules = with pkgs.nginxModules; [ + moreheaders + ]; + virtualHosts = { + "discord.localhost" = import ./nginx/discord.localhost.nix { inherit pkgs; }; + + }; + }; + }; + systemd.services.nginx.serviceConfig = { + LimitNOFILE=5000000; + }; + +} diff --git a/host/Rory-portable/nginx/discord.localhost.nix b/host/Rory-portable/nginx/discord.localhost.nix new file mode 100755 index 0000000..149d2b1 --- /dev/null +++ b/host/Rory-portable/nginx/discord.localhost.nix @@ -0,0 +1,37 @@ +{ pkgs, ... }: + +{ + root = "/www/discord"; + addSSL = true; + enableACME = false; + + # We don't care about certificates around here... + sslCertificate = "${pkgs.path}/nixos/tests/common/acme/server/acme.test.cert.pem"; + sslCertificateKey = "${pkgs.path}/nixos/tests/common/acme/server/acme.test.key.pem"; + + + extraConfig = '' + autoindex on; + more_set_headers 'Access-Control-Allow-Origin: *'; + more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS'; + more_set_headers 'Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range'; + more_set_headers 'Access-Control-Expose-Headers: Content-Length,Content-Range'; + more_set_headers 'Access-Control-Allow-Credentials: true'; + ''; + + locations = { + "/" = { + index = "index.html"; + extraConfig = '' + more_set_headers 'Access-Control-Allow-Origin: *'; + more_set_headers 'Access-Control-Allow-Methods: *'; + more_set_headers 'Access-Control-Allow-Headers: *'; + more_set_headers 'Access-Control-Expose-Headers: *'; + more_set_headers 'Access-Control-Max-Age' 1728000; + + # default to /index.html if file not found + try_files $uri $uri/ /index.html; + ''; + }; + }; +} diff --git a/host/Rory-portable/ollama.nix b/host/Rory-portable/ollama.nix new file mode 100755 index 0000000..15b347b --- /dev/null +++ b/host/Rory-portable/ollama.nix @@ -0,0 +1,17 @@ +{ config, pkgs, lib, ... }: + +{ + services.ollama = { + enable = true; + home = "/data/ollama/home"; + models = "/data/ollama/home/models"; + environmentVariables = { + OLLAMA_LLM_LIBRARY = "cpu_avx2"; + }; + writablePaths = [ "/data/ollama/home" ]; + #listenAddress = "0.0.0.0:11434"; + host = "0.0.0.0"; + port = 11434; + sandbox = false; + }; +} diff --git a/host/Rory-portable/optional/hardware-specific/amd.nix b/host/Rory-portable/optional/hardware-specific/amd.nix new file mode 100644 index 0000000..d44766a --- /dev/null +++ b/host/Rory-portable/optional/hardware-specific/amd.nix @@ -0,0 +1,44 @@ +{ config, pkgs, lib, nhekoSrc, mtxclientSrc, ... }: + +{ + imports = + [ ]; + +boot.initrd.kernelModules = [ "amdgpu" ]; + + services = { + xserver = { + windowManager.i3.extraSessionCommands = '' + xrandr --output HDMI-1 --mode 3840x2160 --pos 0x0 --rotate normal --primary --output DP-1 --mode 1920x1080 --pos 3840x1080 --rotate normal --output HDMI-2 --off --output DP-2 --off + ''; + wacom.enable = true; + }; + picom.backend = "glx"; + }; + + environment.systemPackages = with pkgs; [ + rocmPackages.rocm-smi # useful to have + ]; + + hardware = { + opengl = { + enable = true; + driSupport = true; + driSupport32Bit = true; + extraPackages = with pkgs; [ + rocmPackages.clr.icd + amdvlk + ]; + extraPackages32 = with pkgs; [ + driversi686Linux.amdvlk + ]; + }; + }; + + systemd.tmpfiles.rules = [ + "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" + ]; + + system.stateVersion = "22.11"; # DO NOT EDIT! +} + diff --git a/host/Rory-portable/optional/hardware-specific/nvidia.nix b/host/Rory-portable/optional/hardware-specific/nvidia.nix new file mode 100644 index 0000000..7278d84 --- /dev/null +++ b/host/Rory-portable/optional/hardware-specific/nvidia.nix @@ -0,0 +1,40 @@ +{ config, pkgs, lib, nhekoSrc, mtxclientSrc, ... }: + +{ + imports = + [ + + ]; + + + services = { + xserver = { + videoDrivers = ["nvidia"]; + #windowManager.i3.extraSessionCommands = '' + # todo: restore + #''; + }; + picom.backend = "glx"; + }; + + hardware = { + opengl = { + enable = true; + driSupport = true; + driSupport32Bit = true; + }; + + nvidia = { + modesetting.enable = true; + powerManagement.enable = false; + powerManagement.finegrained = false; + open = true; + nvidiaSettings = true; + nvidiaPersistenced = true; + package = config.boot.kernelPackages.nvidiaPackages.stable; + }; + }; + + system.stateVersion = "22.11"; # DO NOT EDIT! +} + diff --git a/host/Rory-portable/postgres.nix b/host/Rory-portable/postgres.nix new file mode 100755 index 0000000..e1e4432 --- /dev/null +++ b/host/Rory-portable/postgres.nix @@ -0,0 +1,34 @@ +{ config, pkgs, lib, ... }: + +{ + #systemd.tmpfiles.rules = [ "d /mnt/postgres/data 0750 postgres postgres" ]; + + services.postgresql = { + enable = true; + package = pkgs.postgresql_16; + enableTCPIP = true; + authentication = pkgs.lib.mkOverride 10 '' + # TYPE, DATABASE, USER, ADDRESS, METHOD + local all all trust + host all all 127.0.0.1/32 trust + host all all ::1/128 trust + host discordbots discordbots 192.168.1.2/32 trust + host matrix-synapse-rory-gay matrix-synapse-rory-gay 192.168.1.5/32 trust + host all all 0.0.0.0/0 md5 + ''; + # initialScript = pkgs.writeText "backend-initScript" '' + # CREATE ROLE nixcloud WITH LOGIN PASSWORD 'nixcloud' CREATEDB; + # CREATE DATABASE nixcloud; + # GRANT ALL PRIVILEGES ON DATABASE nixcloud TO nixcloud; + # ''; + #dataDir = "/mnt/postgres/data"; + settings = { + "max_connections" = "100"; + "shared_buffers" = "128MB"; + "max_wal_size" = "1GB"; + "min_wal_size" = "80MB"; + }; + }; + +} + diff --git a/host/Rory-portable/printing.nix b/host/Rory-portable/printing.nix new file mode 100644 index 0000000..fd33aaa --- /dev/null +++ b/host/Rory-portable/printing.nix @@ -0,0 +1,51 @@ +{ config, pkgs, lib, ... }: + +{ + imports = [ ]; + + users.users = { + Rory = { + extraGroups = [ "lp" "scanner" ]; + }; + }; + + environment.systemPackages = with pkgs; [ + xsane + gnome.simple-scan + ]; + + hardware = { + sane.enable = true; + sane.extraBackends = [ pkgs.hplipWithPlugin pkgs.sane-airscan ]; + }; + + programs.system-config-printer.enable = true; + + services = { + gvfs.enable = true; + saned.enable = true; + system-config-printer.enable = true; + ipp-usb.enable = true; + printing = { + enable = true; + browsing = true; + drivers = with pkgs; [ hplip ]; + }; + avahi = { + enable = true; + nssmdns = true; + reflector = true; + publish = { + workstation = true; + userServices = true; + hinfo = true; + enable = true; + domain = true; + addresses = true; + }; + }; + }; + + system.stateVersion = "22.11"; # DO NOT EDIT! +} + -- cgit 1.4.1