summary refs log tree commit diff
diff options
context:
space:
mode:
authorRory& <root@rory.gay>2024-06-10 17:33:26 +0200
committerRory& <root@rory.gay>2024-07-04 14:45:02 +0200
commite37b430512bbef89dfe8ab75454286de4836ab6e (patch)
treeaf3468855573725fefc29ab8935edcc663d6b6a3
parentBunch of changes (diff)
downloadRory-Open-Architecture-e37b430512bbef89dfe8ab75454286de4836ab6e.tar.xz
Add portable config, some updates
-rwxr-xr-xflake.nix28
-rw-r--r--host/Rory-desktop/configuration.nix1
-rwxr-xr-xhost/Rory-nginx/services/nginx/nginx.nix14
-rw-r--r--host/Rory-portable/configuration.nix277
-rw-r--r--host/Rory-portable/mariadb.nix10
-rw-r--r--host/Rory-portable/nginx.nix39
-rwxr-xr-xhost/Rory-portable/nginx/discord.localhost.nix37
-rwxr-xr-xhost/Rory-portable/ollama.nix17
-rw-r--r--host/Rory-portable/optional/hardware-specific/amd.nix44
-rw-r--r--host/Rory-portable/optional/hardware-specific/nvidia.nix40
-rwxr-xr-xhost/Rory-portable/postgres.nix34
-rw-r--r--host/Rory-portable/printing.nix51
12 files changed, 590 insertions, 2 deletions
diff --git a/flake.nix b/flake.nix
index 7d5fba5..2a04e87 100755
--- a/flake.nix
+++ b/flake.nix
@@ -119,6 +119,34 @@
         };
       };
 
+      Rory-portable = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          ./host/Rory-portable/configuration.nix
+          ./hardware-configuration.nix
+          home-manager.nixosModules.home-manager
+          ({...}: { 
+            nix = {
+              registry.nixpkgs.flake = nixpkgs;
+              nixPath = [
+                "nixpkgs=${nixpkgs.outPath}"
+              ];
+            };
+          })
+          # ... add this line to the rest of your configuration modules
+          #nix-ld.nixosModules.nix-ld
+
+          # The module in this repository defines a new module under (programs.nix-ld.dev) instead of (programs.nix-ld) 
+          # to not collide with the nixpkgs version.
+          #{ programs.nix-ld.dev.enable = true; }
+        ];
+        specialArgs = {
+          inherit home-manager;
+          inherit (inputs) mtxclientSrc;
+          inherit (inputs) nhekoSrc;
+        };
+      };
+
       #STABLE
       RoryNix = nixpkgs-RoryNix.lib.nixosSystem {
         system = "i686-linux";
diff --git a/host/Rory-desktop/configuration.nix b/host/Rory-desktop/configuration.nix
index 9f8da16..42176d0 100644
--- a/host/Rory-desktop/configuration.nix
+++ b/host/Rory-desktop/configuration.nix
@@ -141,6 +141,7 @@
   };
 
   environment.systemPackages = with pkgs; [
+    libreoffice
     qt6.qtwayland
 
     gnome-console
diff --git a/host/Rory-nginx/services/nginx/nginx.nix b/host/Rory-nginx/services/nginx/nginx.nix
index 91340c7..2e2d671 100755
--- a/host/Rory-nginx/services/nginx/nginx.nix
+++ b/host/Rory-nginx/services/nginx/nginx.nix
@@ -1,6 +1,16 @@
 { config, pkgs, lib, ... }:
-
-{
+let 
+  serveDir = config : {
+    enableACME = if config ? ssl then config.ssl else true;
+    addSSL = if config ? ssl then config.ssl else true;
+    root = if config ? path then config.path else builtins.throw "path is required";
+    locations = {
+      "/" = {
+        index = "index.html";
+      };
+    };
+  };
+in {
   services = {
     nginx = {
       enable = true;
diff --git a/host/Rory-portable/configuration.nix b/host/Rory-portable/configuration.nix
new file mode 100644
index 0000000..579a655
--- /dev/null
+++ b/host/Rory-portable/configuration.nix
@@ -0,0 +1,277 @@
+{ config, pkgs, lib, nhekoSrc, mtxclientSrc, ... }:
+
+{
+  imports =
+    [
+      # base imports
+      ../../modules/base-client.nix
+      ../../modules/packages/vim.nix
+#      ../../modules/environments/home.nix
+      #../../modules/software-templates/profilers.nix
+      #./postgres.nix
+      #./nginx.nix
+
+      # hardware-specific imports
+      #./optional/hardware-specific/amd.nix
+
+      #./printing.nix
+      ./ollama.nix
+    ];
+
+  boot = {
+    kernelPackages = pkgs.linuxPackages_latest;
+    loader = {
+      grub = {
+        enable = true;
+        device = "nodev"; # nodev for EFI only
+        # EFI
+        efiSupport = true;
+        efiInstallAsRemovable = true;
+      };
+    };
+    #readOnlyNixStore = false;
+  };
+
+  services.udev.extraRules = ''
+    #SUBSYSTEM=="usb", ATTR{idVendor}=="18d1", MODE="0664", GROUP="users"
+    # SDP protocol
+    KERNEL=="hidraw*", ATTRS{idVendor}=="1fc9", MODE="0666"
+    ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="1fc9", MODE="0666"
+    ACTION=="add", SUBSYSTEM=="usb", ATTR{idVendor}=="0d28", MODE="0666"
+    # Flashloader
+    KERNEL=="hidraw*", ATTRS{idVendor}=="15a2", MODE="0666"
+    # Controller
+    KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="18d1", MODE="0666"
+    SUBSYSTEMS=="usb", ATTRS{idVendor}=="18d1", ATTRS{idProduct}=="9400", MODE="0660", TAG+="uaccess"
+  '';
+
+  networking = {
+    hostName = "Rory-portable";
+    networkmanager.enable = true;
+    wireless.enable = false;
+    firewall = {
+      enable = false;
+      # allowedTCPPorts = [ ... ];
+      # allowedUDPPorts = [ ... ];
+    };
+
+    #interfaces.enp34s0.ipv4.addresses = [ { 
+    #  address = "192.168.0.3";
+    #  prefixLength = 24;
+    #} ];
+#
+    #defaultGateway = "192.168.0.1";
+    # useDHCP = true;
+  };
+
+  time.timeZone = "Europe/Brussels";
+  i18n.defaultLocale = "en_US.UTF-8";
+
+  services = {
+    xserver = {
+      enable = true;
+      updateDbusEnvironment = true;
+      #videoDrivers = ["amdgpu"]; #"nvidia"
+      #desktopManager.gnome.enable = true;
+      libinput.enable = true;
+      layout = "us";
+      windowManager.i3.enable = true;
+      windowManager.i3.extraSessionCommands = ''
+        # output from arandr:
+        #xrandr --output DP-1 --mode 1920x1080 --pos 3840x1080 --rotate normal --output HDMI-1 --mode 3840x2160 --pos 0x0 --rotate normal --output HDMI-2 --off --output DP-2 --off
+        #xrandr --output HDMI-1 --mode 3840x2160 --pos 0x0 --rotate normal --primary --output DP-1 --mode 1920x1080 --pos 3840x1080 --rotate normal --output HDMI-2 --off --output DP-2 --off
+        ${pkgs.polybarFull}/bin/polybar &
+        ${pkgs.dunst}/bin/dunst &
+        ${pkgs.feh}/bin/feh --no-fehbg --bg-fill ${../../modules/users/Rory/wallpaper.webp}
+      '';
+    };
+    picom.enable = true;
+    picom.vSync = false;
+    picom.backend = "glx";
+    
+    openssh = {
+      enable = true;
+      extraConfig = ''
+        MaxAuthTries 32
+        '';
+    };	
+    pipewire = {
+      enable = true;
+      audio.enable = true;
+      pulse.enable = true;
+      wireplumber.enable = true;
+      jack.enable = true;
+      alsa.enable = true;
+    };
+  };
+
+  sound.enable = true;
+
+  users.users = {
+    Rory = {
+      isNormalUser = true;
+      extraGroups = [ "wheel" ];
+      packages = with pkgs; [
+        #gimp-with-plugins
+
+        #xterm
+        #gnomeExtensions.vitals
+        #gnomeExtensions.runcat
+      ];
+      initialPassword = "password";
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    libreoffice
+    qt6.qtwayland
+
+    gnome-console
+    feh
+    easyeffects
+    kitty
+    youtube-music
+
+    # - IDEs
+    #jetbrains-toolbox
+    jetbrains.rider
+    #jetbrains.webstorm
+    #jetbrains.clion
+    github-copilot-intellij-agent
+    
+    
+    dbeaver-bin
+    #insomnia
+    vscode
+
+    # - Utilities
+    inkscape-with-extensions
+    gimp #-with-plugins
+
+    # - Languages
+    #dotnet-sdk_7
+    #dotnet-sdk_8
+    (callPackage ../../modules/packages/dotnet-pack.nix { inherit pkgs; })
+
+    #games
+    osu-lazer-bin
+    #steam
+    steam-run
+
+    # extra packages
+    dmenu
+
+    cinnamon.nemo
+    gnome.file-roller
+    firefox-bin
+    ungoogled-chromium #needed for Rider in order to debug WASM
+
+    peek
+
+    unrar-wrapper
+
+    #(schildichat-desktop.override { electron = electron; })
+    (callPackage ../../modules/packages/nheko-git.nix { inherit nhekoSrc; inherit mtxclientSrc; voipSupport = false; })
+    #(callPackage ../../modules/packages/mc/server/modpack/curseforge/techopolis-2/5.4.nix { })
+
+    #vesktop
+    virt-viewer
+
+    # (dwarf-fortress-packages.dwarf-fortress-full.override { enableStoneSense = true; enableFPS = true; theme = dwarf-fortress-packages.themes.spacefox; })
+  ];
+
+  programs.steam.enable = true;
+  programs.steam.gamescopeSession.enable = true;
+
+  #environment.gnome.excludePackages = [
+  #  pkgs.orca
+  #  pkgs.gnome-tour
+  #  pkgs.gnome-user-docs
+  #];
+  xdg = {
+    portal = {
+      
+      enable = true;
+      extraPortals = with pkgs; [
+        #xdg-desktop-portal-gtk
+        xdg-desktop-portal-xapp
+        (callPackage ../../modules/packages/xdg-desktop-portal-gtk.nix { })
+      ];
+      config = {
+        common = {
+          default = [ "gtk" ];
+        };
+      };
+      xdgOpenUsePortal = true;
+      gtkUsePortal = true;
+
+    };
+    #sounds.enable = true;
+    #mime.enable = true;
+    #menus.enable = true;
+    #icons.enable = true;
+    #autostart.enable = true;
+  };
+  fonts = {
+    fonts = with pkgs; [
+      (nerdfonts.override { fonts = [ "JetBrainsMono" ]; })
+      noto-fonts-monochrome-emoji
+    ];
+    fontconfig.defaultFonts.monospace = with pkgs; [
+      "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular"
+    ];
+    fontconfig.defaultFonts.sansSerif = with pkgs; [
+      "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular"
+    ];
+    fontconfig.defaultFonts.serif = with pkgs; [
+      "JetBrainsMonoNL Nerd Font,JetBrainsMonoNL NF:style=Regular"
+    ];
+    fontconfig.defaultFonts.emoji = with pkgs; [
+      "freefont"
+    ];
+    enableDefaultPackages = lib.mkForce false;
+    enableGhostscriptFonts = lib.mkForce false;
+  };
+  nix = {
+    settings = {
+      experimental-features = [ "nix-command" "flakes" ];
+      auto-optimise-store = true;
+    };
+  };
+  nixpkgs = {
+    config = {
+      allowUnfree = true;
+      permittedInsecurePackages = [
+        "electron-25.9.0"
+      ];
+    };
+
+  };
+  security = {
+    polkit.enable = true;
+    sudo.wheelNeedsPassword = false;
+  };
+
+  hardware = {
+    pulseaudio.enable = false;
+  };
+  programs.dconf.enable = true;
+  environment.etc."resolv.conf".text = ''
+    nameserver 8.8.8.8
+    nameserver 8.4.4.8
+    nameserver 1.1.1.1
+    nameserver 1.0.0.1
+    '';
+
+    #networking.wireguard.interfaces = {
+    #  wg-KP-Ran = {
+
+      #};
+   # };
+
+  virtualisation.libvirtd.enable = true;
+  programs.virt-manager.enable = true;
+
+  system.stateVersion = "22.11"; # DO NOT EDIT!
+}
+
diff --git a/host/Rory-portable/mariadb.nix b/host/Rory-portable/mariadb.nix
new file mode 100644
index 0000000..3ebbb0b
--- /dev/null
+++ b/host/Rory-portable/mariadb.nix
@@ -0,0 +1,10 @@
+{ config, pkgs, lib, ... }:
+
+{
+  services.mysql = {
+    enable = true;
+    package = pkgs.mariadb;
+  };
+
+}
+
diff --git a/host/Rory-portable/nginx.nix b/host/Rory-portable/nginx.nix
new file mode 100644
index 0000000..fc2adca
--- /dev/null
+++ b/host/Rory-portable/nginx.nix
@@ -0,0 +1,39 @@
+{ config, pkgs, lib, ... }:
+
+{
+  services = {
+    nginx = {
+      enable = true;
+      #package = pkgs.nginxQuic;
+      recommendedProxySettings = true;
+      #recommendedTlsSettings = true;
+      recommendedZstdSettings = true;
+      recommendedGzipSettings = true;
+      recommendedBrotliSettings = true;
+      recommendedOptimisation = true;
+      #defaultMimeTypes = ../../../../modules/packages/nginx/mime.types;
+      appendConfig = ''
+        worker_processes 16;
+        '';
+       eventsConfig = ''
+        #use kqueue;
+        worker_connections 512;
+        '';
+      appendHttpConfig = ''
+        #sendfile on;
+        disable_symlinks off;
+      '';
+      additionalModules = with pkgs.nginxModules; [
+        moreheaders
+      ];
+      virtualHosts = {
+        "discord.localhost" = import ./nginx/discord.localhost.nix { inherit pkgs; };
+        
+      };
+    };
+  };
+  systemd.services.nginx.serviceConfig = {
+    LimitNOFILE=5000000;
+  };
+
+}
diff --git a/host/Rory-portable/nginx/discord.localhost.nix b/host/Rory-portable/nginx/discord.localhost.nix
new file mode 100755
index 0000000..149d2b1
--- /dev/null
+++ b/host/Rory-portable/nginx/discord.localhost.nix
@@ -0,0 +1,37 @@
+{ pkgs, ... }:
+
+{
+  root = "/www/discord";
+  addSSL = true;
+  enableACME = false;
+
+  # We don't care about certificates around here...
+  sslCertificate = "${pkgs.path}/nixos/tests/common/acme/server/acme.test.cert.pem";
+  sslCertificateKey = "${pkgs.path}/nixos/tests/common/acme/server/acme.test.key.pem";
+        
+
+  extraConfig = ''
+    autoindex on;
+    more_set_headers 'Access-Control-Allow-Origin: *';
+    more_set_headers 'Access-Control-Allow-Methods: GET, POST, OPTIONS';
+    more_set_headers 'Access-Control-Allow-Headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
+    more_set_headers 'Access-Control-Expose-Headers: Content-Length,Content-Range';
+    more_set_headers 'Access-Control-Allow-Credentials: true';
+  '';
+
+  locations = {
+    "/" = {
+      index = "index.html";
+      extraConfig = ''
+        more_set_headers 'Access-Control-Allow-Origin: *';
+        more_set_headers 'Access-Control-Allow-Methods: *';
+        more_set_headers 'Access-Control-Allow-Headers: *';
+        more_set_headers 'Access-Control-Expose-Headers: *';
+        more_set_headers 'Access-Control-Max-Age' 1728000;
+
+        # default to /index.html if file not found
+        try_files $uri $uri/ /index.html;
+      '';
+    };
+  };
+}
diff --git a/host/Rory-portable/ollama.nix b/host/Rory-portable/ollama.nix
new file mode 100755
index 0000000..15b347b
--- /dev/null
+++ b/host/Rory-portable/ollama.nix
@@ -0,0 +1,17 @@
+{ config, pkgs, lib, ... }:
+
+{
+  services.ollama = {
+    enable = true;
+    home = "/data/ollama/home";
+    models = "/data/ollama/home/models";
+    environmentVariables = {
+      OLLAMA_LLM_LIBRARY = "cpu_avx2";
+    };
+    writablePaths = [ "/data/ollama/home" ];
+    #listenAddress = "0.0.0.0:11434";
+    host = "0.0.0.0";
+    port = 11434;
+    sandbox = false;
+  };
+}
diff --git a/host/Rory-portable/optional/hardware-specific/amd.nix b/host/Rory-portable/optional/hardware-specific/amd.nix
new file mode 100644
index 0000000..d44766a
--- /dev/null
+++ b/host/Rory-portable/optional/hardware-specific/amd.nix
@@ -0,0 +1,44 @@
+{ config, pkgs, lib, nhekoSrc, mtxclientSrc, ... }:
+
+{
+  imports =
+    [ ];
+
+boot.initrd.kernelModules = [ "amdgpu" ];
+
+  services = {
+    xserver = {
+      windowManager.i3.extraSessionCommands = ''
+        xrandr --output HDMI-1 --mode 3840x2160 --pos 0x0 --rotate normal --primary --output DP-1 --mode 1920x1080 --pos 3840x1080 --rotate normal --output HDMI-2 --off --output DP-2 --off
+      '';
+      wacom.enable = true;
+    };
+    picom.backend = "glx";
+  };
+
+  environment.systemPackages = with pkgs; [
+    rocmPackages.rocm-smi # useful to have
+  ];
+
+  hardware = {
+    opengl = {
+      enable = true;
+      driSupport = true;
+      driSupport32Bit = true;
+      extraPackages = with pkgs; [
+        rocmPackages.clr.icd
+        amdvlk
+      ];
+      extraPackages32 = with pkgs; [
+        driversi686Linux.amdvlk
+      ];
+    };
+  };
+
+  systemd.tmpfiles.rules = [
+    "L+    /opt/rocm/hip   -    -    -     -    ${pkgs.rocmPackages.clr}"
+  ];
+
+  system.stateVersion = "22.11"; # DO NOT EDIT!
+}
+
diff --git a/host/Rory-portable/optional/hardware-specific/nvidia.nix b/host/Rory-portable/optional/hardware-specific/nvidia.nix
new file mode 100644
index 0000000..7278d84
--- /dev/null
+++ b/host/Rory-portable/optional/hardware-specific/nvidia.nix
@@ -0,0 +1,40 @@
+{ config, pkgs, lib, nhekoSrc, mtxclientSrc, ... }:
+
+{
+  imports =
+    [
+     
+    ];
+
+
+  services = {
+    xserver = {
+      videoDrivers = ["nvidia"];
+      #windowManager.i3.extraSessionCommands = ''
+        # todo: restore
+      #'';
+    };
+    picom.backend = "glx";
+  };
+
+  hardware = {
+    opengl = {
+      enable = true;
+      driSupport = true;
+      driSupport32Bit = true;
+    };
+
+    nvidia = {
+      modesetting.enable = true;
+      powerManagement.enable = false;
+      powerManagement.finegrained = false;
+      open = true;
+      nvidiaSettings = true;
+      nvidiaPersistenced = true;
+      package = config.boot.kernelPackages.nvidiaPackages.stable;
+    };
+  };
+
+  system.stateVersion = "22.11"; # DO NOT EDIT!
+}
+
diff --git a/host/Rory-portable/postgres.nix b/host/Rory-portable/postgres.nix
new file mode 100755
index 0000000..e1e4432
--- /dev/null
+++ b/host/Rory-portable/postgres.nix
@@ -0,0 +1,34 @@
+{ config, pkgs, lib, ... }:
+
+{
+  #systemd.tmpfiles.rules = [  "d /mnt/postgres/data 0750 postgres postgres" ];
+
+  services.postgresql = {
+    enable = true;
+    package = pkgs.postgresql_16;
+    enableTCPIP = true;
+    authentication = pkgs.lib.mkOverride 10 ''
+      # TYPE, DATABASE, USER, ADDRESS, METHOD
+      local all all trust
+      host all all 127.0.0.1/32 trust
+      host all all ::1/128 trust
+      host discordbots discordbots 192.168.1.2/32 trust
+      host matrix-synapse-rory-gay matrix-synapse-rory-gay 192.168.1.5/32 trust
+      host all all 0.0.0.0/0 md5
+    '';
+    # initialScript = pkgs.writeText "backend-initScript" ''
+    #   CREATE ROLE nixcloud WITH LOGIN PASSWORD 'nixcloud' CREATEDB;
+    #   CREATE DATABASE nixcloud;
+    #   GRANT ALL PRIVILEGES ON DATABASE nixcloud TO nixcloud;
+    # '';
+    #dataDir = "/mnt/postgres/data";
+    settings = {
+      "max_connections" = "100";
+      "shared_buffers" = "128MB";
+      "max_wal_size" = "1GB";
+      "min_wal_size" = "80MB";
+    };
+  };
+
+}
+
diff --git a/host/Rory-portable/printing.nix b/host/Rory-portable/printing.nix
new file mode 100644
index 0000000..fd33aaa
--- /dev/null
+++ b/host/Rory-portable/printing.nix
@@ -0,0 +1,51 @@
+{ config, pkgs, lib, ... }:
+
+{
+  imports = [ ];
+
+  users.users = {
+    Rory = {
+      extraGroups = [ "lp" "scanner" ];
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    xsane
+    gnome.simple-scan
+  ];
+
+  hardware = {
+    sane.enable = true;
+    sane.extraBackends = [ pkgs.hplipWithPlugin pkgs.sane-airscan ];
+  };
+
+  programs.system-config-printer.enable = true;
+
+  services = {
+    gvfs.enable = true;
+    saned.enable = true;
+    system-config-printer.enable = true;
+    ipp-usb.enable = true;
+    printing = {
+      enable = true;
+      browsing = true;
+      drivers = with pkgs; [ hplip ];
+    };
+    avahi = {
+      enable = true;
+      nssmdns = true;
+      reflector = true;
+      publish = {
+        workstation = true;
+        userServices = true;
+        hinfo = true;
+        enable = true;
+        domain = true;
+        addresses = true;
+      };
+    };
+  };
+
+  system.stateVersion = "22.11"; # DO NOT EDIT!
+}
+