gerg-l/nixos
1
0
Fork 0
mirror of https://github.com/Gerg-L/nixos.git synced 2025-12-10 00:43:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

treewide reformat

Browse source
This commit is contained in:
Gerg-L 2023-09-23 21:55:56 -04:00
parent de7683556e
commit fc21bf9436
Signed by: gerg-l
SSH key fingerprint: SHA256:FPYDHIkvMocr4wdmZXpgpJjsb2Tw6rASs2ISPbOb0KI
42 changed files with 1012 additions and 876 deletions
Download patch file Download diff file Expand all files Collapse all files

92
hosts/gerg-desktop/disko.nix
View file

@ -1,46 +1,58 @@
{disko, ...}: {lib, ...}: {
imports = [disko.nixosModules.disko];
{ disko, ... }:
{ lib, ... }:
{
imports = [ disko.nixosModules.disko ];
disko.devices.disk = lib.genAttrs ["0E" "22"] (name: let
fullName = "/dev/disk/by-id/nvme-SHPP41-500GM_SSB4N6719101A4N${name}";
in {
type = "disk";
device = fullName;
content = {
type = "gpt";
partitions = {
BOOT = {
device = "${fullName}-part1";
type = "EF00";
start = "0";
end = "4G";
disko.devices.disk =
lib.genAttrs
[
"0E"
"22"
]
(
name:
let
fullName = "/dev/disk/by-id/nvme-SHPP41-500GM_SSB4N6719101A4N${name}";
in
{
type = "disk";
device = fullName;
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/efi${name}";
type = "gpt";
partitions = {
BOOT = {
device = "${fullName}-part1";
type = "EF00";
start = "0";
end = "4G";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/efi${name}";
};
};
swap = {
device = "${fullName}-part2";
start = "5G";
end = "21G";
content = {
type = "swap";
randomEncryption = true;
};
};
zfsroot = {
device = "${fullName}-part3";
start = "21G";
end = "100%";
content = {
type = "zfs";
pool = "rpool";
};
};
};
};
};
swap = {
device = "${fullName}-part2";
start = "5G";
end = "21G";
content = {
type = "swap";
randomEncryption = true;
};
};
zfsroot = {
device = "${fullName}-part3";
start = "21G";
end = "100%";
content = {
type = "zfs";
pool = "rpool";
};
};
};
};
});
}
);
disko.devices.zpool = {
rpool = {

8
hosts/gerg-desktop/git.nix
View file

@ -1,8 +1,6 @@
_: {
pkgs,
config,
...
}: {
_:
{ pkgs, config, ... }:
{
programs.git = {
enable = true;
package = pkgs.gitMinimal;

83
hosts/gerg-desktop/main.nix
View file

@ -1,8 +1,6 @@
{nvim-flake, nixfmt, ...}: {
pkgs,
config,
...
}: {
{ nvim-flake, nixfmt, ... }:
{ pkgs, config, ... }:
{
local = {
remoteBuild.isBuilder = true;
X11Programs = {
@ -18,11 +16,9 @@
enable = true;
kmscon.enable = true;
};
allowedUnfree = [
"nvidia-x11"
];
allowedUnfree = [ "nvidia-x11" ];
};
boot.binfmt.emulatedSystems = ["aarch64-linux"];
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
hardware.nvidia = {
package = config.boot.kernelPackages.nvidiaPackages.beta;
nvidiaPersistenced = false;
@ -31,7 +27,10 @@
open = false;
};
services.xserver = {
videoDrivers = ["nvidia" "amdgpu"];
videoDrivers = [
"nvidia"
"amdgpu"
];
};
programs.direnv = {
@ -40,19 +39,24 @@
silent = true;
};
nix.settings.system-features = ["kvm" "big-parallel" "nixos-test" "benchmark"];
nix.settings.system-features = [
"kvm"
"big-parallel"
"nixos-test"
"benchmark"
];
environment = {
systemPackages = let
fmt = pkgs.nixfmt.overrideAttrs {
version = "0.6.0-${nixfmt.shortRev}";
systemPackages =
let
fmt = pkgs.nixfmt.overrideAttrs {
version = "0.6.0-${nixfmt.shortRev}";
src = nixfmt;
};
in
src = nixfmt;
};
in
builtins.attrValues {
inherit
(pkgs)
inherit (pkgs)
bitwarden # store stuff
qbittorrent # steal stuff
pavucontrol # gui volume control
@ -69,13 +73,13 @@
nix-index
element-desktop
webcord
;
;
inherit (nvim-flake.packages.${pkgs.system}) neovim;
inherit fmt;
lint = pkgs.writeShellApplication {
name = "lint";
runtimeInputs = [
fmt
fmt
pkgs.deadnix
pkgs.statix
pkgs.fd
@ -99,9 +103,7 @@
};
};
services.udev.packages = [
pkgs.android-udev-rules
];
services.udev.packages = [ pkgs.android-udev-rules ];
programs.adb.enable = true;
networking = {
@ -122,22 +124,16 @@
networks = {
"enp11s0" = {
name = "enp11s0";
bridge = ["br0"];
bridge = [ "br0" ];
linkConfig.RequiredForOnline = "enslaved";
};
"br0" = {
name = "br0";
address = [
"192.168.1.4/24"
];
gateway = [
"192.168.1.1"
];
dns = [
"192.168.1.1"
];
address = [ "192.168.1.4/24" ];
gateway = [ "192.168.1.1" ];
dns = [ "192.168.1.1" ];
DHCP = "no";
bridgeConfig = {};
bridgeConfig = { };
linkConfig = {
MACAddress = "D8:5E:D3:E5:47:90";
RequiredForOnline = "routable";
@ -157,7 +153,12 @@
useDefaultShell = true;
uid = 1000;
isNormalUser = true;
extraGroups = ["wheel" "audio" "adbusers" "plugdev"];
extraGroups = [
"wheel"
"audio"
"adbusers"
"plugdev"
];
openssh.authorizedKeys.keys = [
config.local.keys.gerg_gerg-phone
config.local.keys.gerg_gerg-windows
@ -172,9 +173,15 @@
};
};
boot = {
kernelModules = ["amdgpu"];
kernelModules = [ "amdgpu" ];
initrd = {
availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "sd_mod"];
availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"sd_mod"
];
includeDefaultModules = false;
};
};

10
hosts/gerg-desktop/services/gitea.nix
View file

@ -1,10 +1,12 @@
_: {config, ...}: {
_:
{ config, ... }:
{
users.users = {
${config.services.gitea.user} = {
openssh.authorizedKeys.keys = [config.local.keys.gerg_gerg-desktop];
extraGroups = ["postgres"];
openssh.authorizedKeys.keys = [ config.local.keys.gerg_gerg-desktop ];
extraGroups = [ "postgres" ];
};
${config.services.nginx.user}.extraGroups = [config.services.gitea.group];
${config.services.nginx.user}.extraGroups = [ config.services.gitea.group ];
};
services.gitea = {
enable = true;

34
hosts/gerg-desktop/services/minecraft.nix
View file

@ -1,11 +1,9 @@
{self, ...}: {
pkgs,
lib,
...
}: {
{ self, ... }:
{ pkgs, lib, ... }:
{
# I manually switch this sometimes
config = lib.mkIf false {
networking.firewall.allowedTCPPorts = [25565];
networking.firewall.allowedTCPPorts = [ 25565 ];
users.users.minecraft = {
description = "Minecraft server service user";
@ -14,10 +12,10 @@
isSystemUser = true;
group = "minecraft";
};
users.groups.minecraft = {};
users.groups.minecraft = { };
systemd.sockets.minecraft-server = {
bindsTo = ["minecraft-server.service"];
bindsTo = [ "minecraft-server.service" ];
socketConfig = {
ListenFIFO = "/run/minecraft-server.stdin";
SocketMode = "0660";
@ -31,10 +29,13 @@
systemd.services.minecraft-server = {
enable = true;
description = "Minecraft Server Service";
wantedBy = ["multi-user.target"];
requires = ["minecraft-server.socket"];
after = ["network.target" "minecraft-server.socket"];
path = [self.packages.${pkgs.system}.papermc];
wantedBy = [ "multi-user.target" ];
requires = [ "minecraft-server.socket" ];
after = [
"network.target"
"minecraft-server.socket"
];
path = [ self.packages.${pkgs.system}.papermc ];
script = ''
minecraft-server \
-Xms8G \
@ -70,8 +71,8 @@
StandardError = "journal";
# Hardening
CapabilityBoundingSet = [""];
DeviceAllow = [""];
CapabilityBoundingSet = [ "" ];
DeviceAllow = [ "" ];
LockPersonality = true;
PrivateDevices = true;
PrivateTmp = true;
@ -84,7 +85,10 @@
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
RestrictAddressFamilies = ["AF_INET" "AF_INET6"];
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;

46
hosts/gerg-desktop/services/miniflux.nix
View file

@ -1,17 +1,23 @@
_: {
_:
{
config,
lib,
pkgs,
...
}: {
}:
{
sops.secrets.minifluxenv.owner = "miniflux";
systemd.services = {
miniflux = {
description = "Miniflux service";
wantedBy = ["multi-user.target"];
requires = ["miniflux-dbsetup.service"];
after = ["network.target" "postgresql.service" "miniflux-dbsetup.service"];
wantedBy = [ "multi-user.target" ];
requires = [ "miniflux-dbsetup.service" ];
after = [
"network.target"
"postgresql.service"
"miniflux-dbsetup.service"
];
script = lib.getExe' pkgs.miniflux "miniflux";
serviceConfig = {
@ -20,8 +26,8 @@ _: {
RuntimeDirectoryMode = "0770";
EnvironmentFile = config.sops.secrets.minifluxenv.path;
# Hardening
CapabilityBoundingSet = [""];
DeviceAllow = [""];
CapabilityBoundingSet = [ "" ];
DeviceAllow = [ "" ];
LockPersonality = true;
MemoryDenyWriteExecute = true;
PrivateDevices = true;
@ -35,12 +41,19 @@ _: {
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
RestrictAddressFamilies = ["AF_INET" "AF_INET6" "AF_UNIX"];
RestrictAddressFamilies = [
"AF_INET"
"AF_INET6"
"AF_UNIX"
];
RestrictNamespaces = true;
RestrictRealtime = true;
RestrictSUIDSGID = true;
SystemCallArchitectures = "native";
SystemCallFilter = ["@system-service" "~@privileged"];
SystemCallFilter = [
"@system-service"
"~@privileged"
];
UMask = "0077";
};
@ -54,10 +67,15 @@ _: {
};
miniflux-dbsetup = {
description = "Miniflux database setup";
requires = ["postgresql.service"];
after = ["network.target" "postgresql.service"];
requires = [ "postgresql.service" ];
after = [
"network.target"
"postgresql.service"
];
script = ''
${lib.getExe' config.services.postgresql.package "psql"} "miniflux" -c "CREATE EXTENSION IF NOT EXISTS hstore"
${
lib.getExe' config.services.postgresql.package "psql"
} "miniflux" -c "CREATE EXTENSION IF NOT EXISTS hstore"
'';
serviceConfig = {
Type = "oneshot";
@ -72,11 +90,11 @@ _: {
users = {
miniflux = {
group = "miniflux";
extraGroups = ["postgres"];
extraGroups = [ "postgres" ];
isSystemUser = true;
uid = 377;
};
${config.services.nginx.user}.extraGroups = ["miniflux"];
${config.services.nginx.user}.extraGroups = [ "miniflux" ];
};
};
}

10
hosts/gerg-desktop/services/nextcloud.nix
View file

@ -1,11 +1,9 @@
_: {
pkgs,
config,
...
}: {
_:
{ pkgs, config, ... }:
{
sops.secrets.nextcloud.owner = "nextcloud";
users.users.nextcloud.extraGroups = ["postgres"];
users.users.nextcloud.extraGroups = [ "postgres" ];
services.nextcloud = {
enable = true;

38
hosts/gerg-desktop/services/nginx.nix
View file

@ -1,19 +1,20 @@
_: {
config,
lib,
...
}: {
_:
{ config, lib, ... }:
{
sops.secrets =
lib.genAttrs [
"nixfu_ssl_cert"
"nixfu_ssl_key"
"gerg_ssl_key"
"gerg_ssl_cert"
]
(_: {
owner = config.services.nginx.user;
inherit (config.services.nginx) group;
});
lib.genAttrs
[
"nixfu_ssl_cert"
"nixfu_ssl_key"
"gerg_ssl_key"
"gerg_ssl_cert"
]
(
_: {
owner = config.services.nginx.user;
inherit (config.services.nginx) group;
}
);
services.nginx = {
enable = true;
@ -33,7 +34,7 @@ _: {
forceSSL = true;
sslCertificate = config.sops.secrets.nixfu_ssl_cert.path;
sslCertificateKey = config.sops.secrets.nixfu_ssl_key.path;
serverAliases = ["www.nix-fu.com"];
serverAliases = [ "www.nix-fu.com" ];
globalRedirect = "github.com/Gerg-L";
};
"search.gerg-l.com" = {
@ -62,6 +63,9 @@ _: {
};
};
};
networking.firewall.allowedTCPPorts = [80 443];
networking.firewall.allowedTCPPorts = [
80
443
];
_file = ./nginx.nix;
}

14
hosts/gerg-desktop/services/parrot.nix
View file

@ -1,15 +1,17 @@
_: {
_:
{
pkgs,
config,
lib,
...
}: {
sops.secrets.discordenv = {};
}:
{
sops.secrets.discordenv = { };
systemd.services.parrot = {
enable = true;
wantedBy = ["multi-user.target"];
wants = ["network-online.target"];
after = ["network-online.target"];
wantedBy = [ "multi-user.target" ];
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
script = lib.getExe pkgs.parrot;
serviceConfig = {
EnvironmentFile = config.sops.secrets.discordenv.path;

18
hosts/gerg-desktop/services/postgresql.nix
View file

@ -1,8 +1,6 @@
_: {
config,
pkgs,
...
}: {
_:
{ config, pkgs, ... }:
{
services.postgresql = {
enable = true;
package = pkgs.postgresql_13;
@ -12,12 +10,10 @@ _: {
"miniflux"
config.services.gitea.database.user
];
ensureUsers = [
{
name = "miniflux";
ensurePermissions."DATABASE miniflux" = "ALL PRIVILEGES";
}
];
ensureUsers = [ {
name = "miniflux";
ensurePermissions."DATABASE miniflux" = "ALL PRIVILEGES";
} ];
settings.unix_socket_permissions = "0770";
};

15
hosts/gerg-desktop/services/searxng.nix
View file

@ -1,20 +1,17 @@
_: {
config,
pkgs,
...
}: {
_:
{ config, pkgs, ... }:
{
sops.secrets.searxngenv = {
owner = "searx";
group = "searx";
};
users.users.${config.services.nginx.user}.extraGroups = ["searx"];
users.users.${config.services.nginx.user}.extraGroups = [ "searx" ];
services.searx = {
enable = true;
package = pkgs.searxng;
#Later
/*
redisCreateLocally = true;
limiterSettings = {};
/* redisCreateLocally = true;
limiterSettings = {};
*/
runInUwsgi = true;
uwsgiConfig = {

18
hosts/gerg-desktop/spicetify.nix
View file

@ -1,17 +1,15 @@
{spicetify-nix, ...}: {pkgs, ...}: let
{ spicetify-nix, ... }:
{ pkgs, ... }:
let
spicePkgs = spicetify-nix.legacyPackages.${pkgs.system};
in {
imports = [spicetify-nix.nixosModules.default];
local.allowedUnfree = ["spotify"];
in
{
imports = [ spicetify-nix.nixosModules.default ];
local.allowedUnfree = [ "spotify" ];
programs.spicetify = {
enable = true;
enabledExtensions = builtins.attrValues {
inherit
(spicePkgs.extensions)
adblock
hidePodcasts
shuffle
;
inherit (spicePkgs.extensions) adblock hidePodcasts shuffle;
};
theme = spicePkgs.themes.Comfy;
colorScheme = "custom";

168
hosts/gerg-desktop/vfio.nix
View file

@ -1,4 +1,5 @@
_: {
_:
{
pkgs,
lib,
config,
@ -7,55 +8,61 @@ _: {
###TAKEN FROM HERE:https://github.com/NixOS/nixpkgs/blob/4787ebf7ae2ab071389be7ff86cf38edeee7e9f8/nixos/modules/services/x11/xserver.nix#L106-L136
let
xcfg = config.services.xserver;
xserverbase = let
fontsForXServer =
config.fonts.packages
++ [
xserverbase =
let
fontsForXServer = config.fonts.packages ++ [
pkgs.xorg.fontadobe100dpi
pkgs.xorg.fontadobe75dpi
];
fontpath =
lib.optionalString (xcfg.fontPath != null)
''FontPath "${xcfg.fontPath}"'';
in ''
echo 'Section "Files"' >> $out
echo ${fontpath} >> $out
for i in ${toString fontsForXServer}; do
if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then
for j in $(find $i -name fonts.dir); do
echo " FontPath \"$(dirname $j)\"" >> $out
done
fi
done
for i in $(find ${toString xcfg.modules} -type d); do
if test $(echo $i/*.so* | wc -w) -ne 0; then
echo " ModulePath \"$i\"" >> $out
fi
done
echo '${xcfg.filesSection}' >> $out
echo 'EndSection' >> $out
echo >> $out
'';
fontpath =
lib.optionalString (xcfg.fontPath != null)
''FontPath "${xcfg.fontPath}"'';
in
''
echo 'Section "Files"' >> $out
echo ${fontpath} >> $out
for i in ${toString fontsForXServer}; do
if test "''${i:0:''${#NIX_STORE}}" == "$NIX_STORE"; then
for j in $(find $i -name fonts.dir); do
echo " FontPath \"$(dirname $j)\"" >> $out
done
fi
done
for i in $(find ${toString xcfg.modules} -type d); do
if test $(echo $i/*.so* | wc -w) -ne 0; then
echo " ModulePath \"$i\"" >> $out
fi
done
echo '${xcfg.filesSection}' >> $out
echo 'EndSection' >> $out
echo >> $out
'';
###END OF TAKEN PART
cfg_monitors = pkgs.writeShellApplication {
name = "cfg_monitors";
runtimeInputs = [pkgs.xorg.xrandr pkgs.xorg.xset pkgs.gawk pkgs.gnugrep];
runtimeInputs = [
pkgs.xorg.xrandr
pkgs.xorg.xset
pkgs.gawk
pkgs.gnugrep
];
text = ''
xrandr --output DP-0 --auto --mode 3440x1440 --rate 120 --primary --pos 0x0
xrandr --output "$(xrandr | grep -e 'HDMI.* connected.*'| awk '{ print$1 }')" --auto --mode 1920x1080 --rate 144 --set TearFree on --pos 3440x360
xset -dpms
'';
};
in {
in
{
environment.etc = {
"Xorg/1_mon.conf".source = pkgs.runCommand "1_mon.conf" {} (
"Xorg/1_mon.conf".source = pkgs.runCommand "1_mon.conf" { } (
xserverbase
+ ''
cat ${./1_mon.conf} >> $out
''
);
"Xorg/2_mon.conf".source = pkgs.runCommand "2_mon.conf" {} (
"Xorg/2_mon.conf".source = pkgs.runCommand "2_mon.conf" { } (
xserverbase
+ ''
cat ${./2_mon.conf} >> $out
@ -74,10 +81,9 @@ in {
enable = true;
qemu = {
#don't hook evdev at vm start
package = pkgs.qemu_kvm.overrideAttrs (old: {
patches =
old.patches
++ [
package = pkgs.qemu_kvm.overrideAttrs (
old: {
patches = old.patches ++ [
(pkgs.writeText "qemu.diff" ''
diff --git a/ui/input-linux.c b/ui/input-linux.c
index e572a2e..a9d76ba 100644
@ -98,7 +104,8 @@ in {
return;
'')
];
});
}
);
runAsRoot = true;
ovmf.enable = true;
verbatimConfig = ''
@ -123,9 +130,14 @@ in {
programs.dconf.enable = true;
users.users.gerg.extraGroups = ["kvm" "libvirtd"];
users.users.gerg.extraGroups = [
"kvm"
"libvirtd"
];
services.xserver.displayManager.xserverArgs = lib.mkAfter ["-config /etc/Xorg/active.conf"];
services.xserver.displayManager.xserverArgs = lib.mkAfter [
"-config /etc/Xorg/active.conf"
];
services.xserver.displayManager.sessionCommands = lib.mkBefore ''
if ! [ -e "/etc/Xorg/ONE_MONITOR" ] ; then
${lib.getExe cfg_monitors}
@ -133,47 +145,53 @@ in {
'';
systemd.tmpfiles.rules = let
qemuHook = pkgs.writeShellApplication {
name = "qemu-hook";
systemd.tmpfiles.rules =
let
qemuHook = pkgs.writeShellApplication {
name = "qemu-hook";
runtimeInputs = [pkgs.libvirt pkgs.systemd pkgs.kmod];
text = ''
GUEST_NAME="$1"
OPERATION="$2"
runtimeInputs = [
pkgs.libvirt
pkgs.systemd
pkgs.kmod
];
text = ''
GUEST_NAME="$1"
OPERATION="$2"
if [ "$GUEST_NAME" == "Windows" ]; then
if [ "$OPERATION" == "prepare" ]; then
if [ "$GUEST_NAME" == "Windows" ]; then
if [ "$OPERATION" == "prepare" ]; then
systemctl stop display-manager.service
modprobe -r -a nvidia_uvm nvidia_drm nvidia nvidia_modeset
virsh nodedev-detach pci_0000_01_00_0
virsh nodedev-detach pci_0000_01_00_1
systemctl set-property --runtime -- user.slice AllowedCPUs=8-15,24-31
systemctl set-property --runtime -- system.slice AllowedCPUs=8-15,24-31
systemctl set-property --runtime -- init.scope AllowedCPUs=8-15,24-31
ln -fs /etc/Xorg/1_mon.conf /etc/Xorg/active.conf
touch /etc/Xorg/ONE_MONITOR
systemctl start display-manager.service
fi
if [ "$OPERATION" == "release" ]; then
systemctl stop display-manager.service
modprobe -r -a nvidia_uvm nvidia_drm nvidia nvidia_modeset
virsh nodedev-detach pci_0000_01_00_0
virsh nodedev-detach pci_0000_01_00_1
systemctl set-property --runtime -- user.slice AllowedCPUs=8-15,24-31
systemctl set-property --runtime -- system.slice AllowedCPUs=8-15,24-31
systemctl set-property --runtime -- init.scope AllowedCPUs=8-15,24-31
ln -fs /etc/Xorg/1_mon.conf /etc/Xorg/active.conf
touch /etc/Xorg/ONE_MONITOR
systemctl set-property --runtime -- user.slice AllowedCPUs=0-31
systemctl set-property --runtime -- system.slice AllowedCPUs=0-31
systemctl set-property --runtime -- init.scope AllowedCPUs=0-31
virsh nodedev-reattach pci_0000_01_00_0
virsh nodedev-reattach pci_0000_01_00_1
modprobe -a nvidia_uvm nvidia_drm nvidia nvidia_modeset
ln -fs /etc/Xorg/2_mon.conf /etc/Xorg/active.conf
rm /etc/Xorg/ONE_MONITOR
systemctl start display-manager.service
fi
fi
if [ "$OPERATION" == "release" ]; then
systemctl stop display-manager.service
systemctl set-property --runtime -- user.slice AllowedCPUs=0-31
systemctl set-property --runtime -- system.slice AllowedCPUs=0-31
systemctl set-property --runtime -- init.scope AllowedCPUs=0-31
virsh nodedev-reattach pci_0000_01_00_0
virsh nodedev-reattach pci_0000_01_00_1
modprobe -a nvidia_uvm nvidia_drm nvidia nvidia_modeset
ln -fs /etc/Xorg/2_mon.conf /etc/Xorg/active.conf
rm /etc/Xorg/ONE_MONITOR
systemctl start display-manager.service
fi
fi
'';
};
in [
"L /etc/Xorg/active.conf - - - - /etc/Xorg/2_mon.conf"
"C /var/lib/libvirt/hooks/qemu - - - - ${lib.getExe qemuHook}"
"C /var/lib/libvirt/qemu/Windows.xml - - - - ${./Windows.xml}"
];
'';
};
in
[
"L /etc/Xorg/active.conf - - - - /etc/Xorg/2_mon.conf"
"C /var/lib/libvirt/hooks/qemu - - - - ${lib.getExe qemuHook}"
"C /var/lib/libvirt/qemu/Windows.xml - - - - ${./Windows.xml}"
];
_file = ./vfio.nix;
}

38
hosts/gerg-desktop/zfs.nix
View file

@ -1,9 +1,11 @@
_: {
_:
{
config,
lib,
pkgs,
...
}: {
}:
{
#link some stuff
systemd.tmpfiles.rules = [
"L+ /etc/ssh/ssh_host_ed25519_key - - - - /persist/ssh/ssh_host_ed25519_key"
@ -16,11 +18,11 @@ _: {
mode = "0644";
};
#make sure the sopskey is found
sops.age.sshKeyPaths = lib.mkForce ["/persist/ssh/ssh_host_ed25519_key"];
sops.age.sshKeyPaths = lib.mkForce [ "/persist/ssh/ssh_host_ed25519_key" ];
fileSystems = {
"/persist".neededForBoot = true;
"/efi22".options = ["nofail"];
"/efi0E".options = ["nofail"];
"/efi22".options = [ "nofail" ];
"/efi0E".options = [ "nofail" ];
};
boot = {
@ -30,23 +32,29 @@ _: {
};
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
#disable hibernate and set cache max
kernelParams = ["nohibernate" "zfs.zfs_arc_max=17179869184"];
kernelParams = [
"nohibernate"
"zfs.zfs_arc_max=17179869184"
];
initrd = {
supportedFilesystems = ["zfs" "vfat"];
supportedFilesystems = [
"zfs"
"vfat"
];
#module for multiple swap devices
kernelModules = ["dm_mod"];
kernelModules = [ "dm_mod" ];
#keyboard module for zfs password
availableKernelModules = ["hid_generic"];
availableKernelModules = [ "hid_generic" ];
systemd.services.rollback = {
path = [pkgs.zfs];
path = [ pkgs.zfs ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
unitConfig.DefaultDependencies = "no";
wantedBy = ["initrd.target"];
after = ["zfs-import.target"];
before = ["sysroot.mount"];
wantedBy = [ "initrd.target" ];
after = [ "zfs-import.target" ];
before = [ "sysroot.mount" ];
script = ''
zfs rollback -r rpool/root@empty
zfs rollback -r rpool/var@empty
@ -73,11 +81,11 @@ _: {
mirroredBoots = [
{
path = "/efi22";
devices = ["nodev"];
devices = [ "nodev" ];
}
{
path = "/efi0E";
devices = ["nodev"];
devices = [ "nodev" ];
}
];
splashImage = null;