From f103062e0b0b73ec8a1c356e4c0323f2cc47b89b Mon Sep 17 00:00:00 2001 From: mirage <119869686+ClementBobin@users.noreply.github.com> Date: Sun, 31 Aug 2025 15:43:01 +0200 Subject: [PATCH 01/10] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'chaotic': 'github:chaotic-cx/nyx/4a5332e5a4eba9eac822b660c8c6acadc9501b48?narHash=sha256-qHwmBOx6RATjYkdoVzf%2BLN55DTBCAarTjs2ANNs7yzA%3D' (2025-08-26) → 'github:chaotic-cx/nyx/9e9e58125b4ba190658235106858f9733b25a1b4?narHash=sha256-lcHMwq0LVcS1mP9o0pq00Von8PsXMsFPPo3ZXGWa7DU%3D' (2025-08-31) • Updated input 'chaotic/home-manager': 'github:nix-community/home-manager/9e3a33c0bcbc25619e540b9dfea372282f8a9740?narHash=sha256-J1i35r4HfNDdPpwL0vOBaZopQudAUVtartEerc1Jryc%3D' (2025-08-24) → 'github:nix-community/home-manager/77f348da3176dc68b20a73dab94852a417daf361?narHash=sha256-eiy0klFK5EVJLNilutR7grsZN/7Itj9DyD75eyOf83k%3D' (2025-08-27) • Updated input 'chaotic/jovian': 'github:Jovian-Experiments/Jovian-NixOS/bcad5af8eb475df936f6cf2d04b076dc6784af95?narHash=sha256-j8ghatY34DbEnHe42r8VtAe05WyMUK%2Bd66uGKsfLbbk%3D' (2025-08-23) → 'github:Jovian-Experiments/Jovian-NixOS/9f6745bd704ab7f2617d41c2b02f4fd5f9ed0e89?narHash=sha256-bK5j5cwJgO5AZXlDl5AgISzpOv9YV1Fcv2nDr9RW/5o%3D' (2025-08-26) • Updated input 'chaotic/nixpkgs': 'github:NixOS/nixpkgs/20075955deac2583bb12f07151c2df830ef346b4?narHash=sha256-HMwfAJBdrr8wXAkbGhtcby1zGFvs%2BStOp19xNsbqdOg%3D' (2025-08-19) → 'github:NixOS/nixpkgs/d7600c775f877cd87b4f5a831c28aa94137377aa?narHash=sha256-tlOn88coG5fzdyqz6R93SQL5Gpq%2Bm/DsWpekNFhqPQk%3D' (2025-08-30) • Updated input 'chaotic/rust-overlay': 'github:oxalica/rust-overlay/88ceedecde53e809b4bf8b5fd10d181889d9bac7?narHash=sha256-lmEMhIIbjt8Wp1EYbNqCojuU9ygyDFv8Tu0X1k8qIMc%3D' (2025-08-24) → 'github:oxalica/rust-overlay/86e5140961c91a9ee1dde1c17d18a787d44ceef8?narHash=sha256-5UJRyxZ8QCm%2Bpgh5pNHXFJMmopMqHVraUhRA1g2AmA0%3D' (2025-08-29) • Updated input 'hydenix': 'github:richen604/hydenix/9836f27996b1eee38a6da3a04ad783943941bbce?narHash=sha256-t6M3TU5%2B4ZzqUSEk%2BKBv0mREtQ3UiR933YNRkDMHWBM%3D' (2025-08-23) → 'github:richen604/hydenix/5f57152efaadcef47f7998fc56728783eaf1166e?narHash=sha256-4k6ImV1a4LItXdNfkgbh/Vj5gkBEUEvrhn2M5zKGEZ0%3D' (2025-08-28) • Updated input 'hydenix/home-manager': 'github:nix-community/home-manager/c5d7e957397ecb7d48b99c928611c6e780db1b56?narHash=sha256-NLWIkn1qM0wxtZu/2NXRaujWJ4Y1PSZlc7h0y6pOzOQ%3D' (2025-08-05) → 'github:nix-community/home-manager/77f348da3176dc68b20a73dab94852a417daf361?narHash=sha256-eiy0klFK5EVJLNilutR7grsZN/7Itj9DyD75eyOf83k%3D' (2025-08-27) • Added input 'hydenix/hyde-config': 'github:richen604/hyde-config/59dc0659e0cfb72552616553f5b2635cf40c2184?narHash=sha256-kn35QcO7OxZxcYyaZNxQ4tBsLdeSi1u2kbWdPg/pky0%3D' (2025-08-11) • Added input 'hydenix/hyde-config/nixpkgs': follows 'hydenix/hydenix-nixpkgs' • Added input 'hydenix/hyde-ipc': 'github:richen604/hyde-ipc/016b6e7bd5959a18c2cefeb4a952098468f6bb8f?narHash=sha256-TsiA83Gd16VfIMatHa6o56Rvf7Vi2Lr/9ch9T6%2Bn/qg%3D' (2025-08-11) • Added input 'hydenix/hyde-ipc/nixpkgs': follows 'hydenix/hydenix-nixpkgs' • Added input 'hydenix/hyde-ipc/rust-overlay': 'github:oxalica/rust-overlay/17c591a44e4eb77f05f27cd37e1cfc3f219c7fc4?narHash=sha256-tG6l0wiX8V8IvG4HFYY8IYN5vpNAxQ%2BUWunjjpE6SqU%3D' (2025-08-11) • Added input 'hydenix/hyde-ipc/rust-overlay/nixpkgs': 'github:NixOS/nixpkgs/18dd725c29603f582cf1900e0d25f9f1063dbf11?narHash=sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38%3D' (2025-04-13) • Added input 'hydenix/hydectl': 'github:richen604/hydectl/a19610347de2230175e5d8807584db65d0588134?narHash=sha256-TVLjDL4%2BSdoXJrNu5TLiUSDD73CdVWfAn3aE2c4aShg%3D' (2025-08-13) • Added input 'hydenix/hydectl/nixpkgs': follows 'hydenix/hydenix-nixpkgs' • Updated input 'hydenix/hydenix-nixpkgs': 'github:nixos/nixpkgs/c539ae8d21e49776966d714f82fba33b1fca78bc?narHash=sha256-zcGClfkXh4pckf4aGOZ18GFv73n1xHbdMWl17cPLouE%3D' (2025-06-17) → 'github:nixos/nixpkgs/ddd1826f294a0ee5fdc198ab72c8306a0ea73aa9?narHash=sha256-Om8adB1lfkU7D33VpR%2B/haZ2gI5r3Q%2BZbIPzE5sYnwE%3D' (2025-08-27) • Removed input 'hydenix/hypridle' • Removed input 'hydenix/hypridle/hyprland-protocols' • Removed input 'hydenix/hypridle/hyprland-protocols/nixpkgs' • Removed input 'hydenix/hypridle/hyprland-protocols/systems' • Removed input 'hydenix/hypridle/hyprlang' • Removed input 'hydenix/hypridle/hyprlang/hyprutils' • Removed input 'hydenix/hypridle/hyprlang/nixpkgs' • Removed input 'hydenix/hypridle/hyprlang/systems' • Removed input 'hydenix/hypridle/hyprutils' • Removed input 'hydenix/hypridle/hyprutils/nixpkgs' • Removed input 'hydenix/hypridle/hyprutils/systems' • Removed input 'hydenix/hypridle/hyprwayland-scanner' • Removed input 'hydenix/hypridle/hyprwayland-scanner/nixpkgs' • Removed input 'hydenix/hypridle/hyprwayland-scanner/systems' • Removed input 'hydenix/hypridle/nixpkgs' • Removed input 'hydenix/hypridle/systems' • Removed input 'hydenix/hyprland' • Removed input 'hydenix/hyprland/aquamarine' • Removed input 'hydenix/hyprland/aquamarine/hyprutils' • Removed input 'hydenix/hyprland/aquamarine/hyprwayland-scanner' • Removed input 'hydenix/hyprland/aquamarine/nixpkgs' • Removed input 'hydenix/hyprland/aquamarine/systems' • Removed input 'hydenix/hyprland/hyprcursor' • Removed input 'hydenix/hyprland/hyprcursor/hyprlang' • Removed input 'hydenix/hyprland/hyprcursor/nixpkgs' • Removed input 'hydenix/hyprland/hyprcursor/systems' • Removed input 'hydenix/hyprland/hyprgraphics' • Removed input 'hydenix/hyprland/hyprgraphics/hyprutils' • Removed input 'hydenix/hyprland/hyprgraphics/nixpkgs' • Removed input 'hydenix/hyprland/hyprgraphics/systems' • Removed input 'hydenix/hyprland/hyprland-protocols' • Removed input 'hydenix/hyprland/hyprland-protocols/nixpkgs' • Removed input 'hydenix/hyprland/hyprland-protocols/systems' • Removed input 'hydenix/hyprland/hyprland-qtutils' • Removed input 'hydenix/hyprland/hyprland-qtutils/hyprland-qt-support' • Removed input 'hydenix/hyprland/hyprland-qtutils/hyprland-qt-support/hyprlang' • Removed input 'hydenix/hyprland/hyprland-qtutils/hyprland-qt-support/nixpkgs' • Removed input 'hydenix/hyprland/hyprland-qtutils/hyprland-qt-support/systems' • Removed input 'hydenix/hyprland/hyprland-qtutils/hyprlang' • Removed input 'hydenix/hyprland/hyprland-qtutils/hyprutils' • Removed input 'hydenix/hyprland/hyprland-qtutils/nixpkgs' • Removed input 'hydenix/hyprland/hyprland-qtutils/systems' • Removed input 'hydenix/hyprland/hyprlang' • Removed input 'hydenix/hyprland/hyprlang/hyprutils' • Removed input 'hydenix/hyprland/hyprlang/nixpkgs' • Removed input 'hydenix/hyprland/hyprlang/systems' • Removed input 'hydenix/hyprland/hyprutils' • Removed input 'hydenix/hyprland/hyprutils/nixpkgs' • Removed input 'hydenix/hyprland/hyprutils/systems' • Removed input 'hydenix/hyprland/hyprwayland-scanner' • Removed input 'hydenix/hyprland/hyprwayland-scanner/nixpkgs' • Removed input 'hydenix/hyprland/hyprwayland-scanner/systems' • Removed input 'hydenix/hyprland/nixpkgs' • Removed input 'hydenix/hyprland/pre-commit-hooks' • Removed input 'hydenix/hyprland/pre-commit-hooks/flake-compat' • Removed input 'hydenix/hyprland/pre-commit-hooks/gitignore' • Removed input 'hydenix/hyprland/pre-commit-hooks/gitignore/nixpkgs' • Removed input 'hydenix/hyprland/pre-commit-hooks/nixpkgs' • Removed input 'hydenix/hyprland/systems' • Removed input 'hydenix/hyprland/xdph' • Removed input 'hydenix/hyprland/xdph/hyprland-protocols' • Removed input 'hydenix/hyprland/xdph/hyprlang' • Removed input 'hydenix/hyprland/xdph/hyprutils' • Removed input 'hydenix/hyprland/xdph/hyprwayland-scanner' • Removed input 'hydenix/hyprland/xdph/nixpkgs' • Removed input 'hydenix/hyprland/xdph/systems' • Added input 'hydenix/hyq': 'github:richen604/hyprquery/afe6da39cf94f3e24dcfd13abf88da6ea5d661ac?narHash=sha256-2G8YwNzELvklrYftaRAzNLZ2AbDtIrWzgRgnhReNnuk%3D' (2025-08-28) • Added input 'hydenix/hyq/flake-utils': 'github:numtide/flake-utils/11707dc2f618dd54ca8739b309ec4fc024de578b?narHash=sha256-l0KFg5HjrsfsO/JpG%2Br7fRrqm12kzFHyUHqHCVpMMbI%3D' (2024-11-13) • Added input 'hydenix/hyq/flake-utils/systems': 'github:nix-systems/default/da67096a3b9bf56a91d16901293e51ba5b49a27e?narHash=sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768%3D' (2023-04-09) • Added input 'hydenix/hyq/nixpkgs': follows 'hydenix/hydenix-nixpkgs' • Updated input 'hydenix/nix-index-database': 'github:nix-community/nix-index-database/b7fcd4e26d67fca48e77de9b0d0f954b18ae9562?narHash=sha256-YL71IEf2OugH3gmAsxQox6BJI0KOcHKtW2QqT/%2Bs2SA%3D' (2025-08-03) → 'github:nix-community/nix-index-database/52dec1cb33a614accb9e01307e17816be974d24d?narHash=sha256-rfTBWuTXi9/X7GhtF562FKNXKh2kvKb6dwI5lV1SjPE%3D' (2025-08-24) • Updated input 'hydenix/nixos-hardware': 'github:NixOS/nixos-hardware/9368056b73efb46eb14fd4667b99e0f81b805f28?narHash=sha256-Ry1gd1BQrNVJJfT11cpVP0FY8XFMx4DJV2IDp01CH9w%3D' (2025-08-04) → 'github:NixOS/nixos-hardware/a65b650d6981e23edd1afa1f01eb942f19cdcbb7?narHash=sha256-9bHzrVbjAudbO8q4vYFBWlEkDam31fsz0J7GB8k4AsI%3D' (2025-08-26) • Updated input 'nix-darwin/nixpkgs': 'github:NixOS/nixpkgs/84c256e42600cb0fdf25763b48d28df2f25a0c8b?narHash=sha256-ohMvsjtSVdT/bruXf5ClBh8ZYXRmD4krmjKrXhEvwMg%3D' (2025-08-25) → 'github:NixOS/nixpkgs/2f9173bde1d3fbf1ad26ff6d52f952f9e9da52ea?narHash=sha256-NnXFQu7g4LnvPIPfJmBuZF7LFy/fey2g2%2BLCzjQhTUk%3D' (2025-05-20) • Updated input 'nix-gaming': 'github:fufexan/nix-gaming/00beb5274d213427a78794f719ed9e7505b091ec?narHash=sha256-gAdXP1w5ADA9ekT/gVCQMrGxLDVPKjfiMaoUT7xx4gY%3D' (2025-08-26) → 'github:fufexan/nix-gaming/4c92760b8d12d0d36e8e189d890d1c01a7ae646e?narHash=sha256-qLvZwPsuUUL2B/yqFJBeWmz6fdsloQyMAWK/6dYDXMU%3D' (2025-08-31) • Updated input 'nix-gaming/nixpkgs': 'github:NixOS/nixpkgs/f937f8ecd1c70efd7e9f90ba13dfb400cf559de4?narHash=sha256-4/Jd%2BLkQ2ssw8luQVkqVs9spDBVE6h/u/hC/tzngsPo%3D' (2025-08-22) → 'github:NixOS/nixpkgs/a918bb3594dd243c2f8534b3be01b3cb4ed35fd1?narHash=sha256-ynQxPVN2FIPheUgTFhv01gYLbaiSOS7NgWJPm9LF9D0%3D' (2025-08-30) • Updated input 'nix-index-database': 'github:nix-community/nix-index-database/52dec1cb33a614accb9e01307e17816be974d24d?narHash=sha256-rfTBWuTXi9/X7GhtF562FKNXKh2kvKb6dwI5lV1SjPE%3D' (2025-08-24) → 'github:nix-community/nix-index-database/3fe768e1f058961095b4a0d7a2ba15dc9736bdc6?narHash=sha256-/glV6VAq8Va3ghIbmhET3S1dzkbZqicsk5h%2BFtvwiPE%3D' (2025-08-31) • Updated input 'nix-podman-stacks': 'github:Tarow/nix-podman-stacks/f6ca61cf048c97a4ad96f4e5026f0ac25928d751?narHash=sha256-gNOnFFVO7%2BAKFcnygvY8lwbqWegLpb49kZSZyOljBFo%3D' (2025-08-26) → 'github:Tarow/nix-podman-stacks/b84320f19bb906644be85aeab717dcf4870df2e6?narHash=sha256-iNfoqZyShPzXcARe6lMXR9OM/b3uykgpEtyD983hH8Q%3D' (2025-08-31) • Updated input 'nixpkgs': 'github:nixos/nixpkgs/3b9f00d7a7bf68acd4c4abb9d43695afb04e03a5?narHash=sha256-XexyKZpf46cMiO5Vbj%2BdWSAXOnr285GHsMch8FBoHbc%3D' (2025-08-25) → 'github:nixos/nixpkgs/d7600c775f877cd87b4f5a831c28aa94137377aa?narHash=sha256-tlOn88coG5fzdyqz6R93SQL5Gpq%2Bm/DsWpekNFhqPQk%3D' (2025-08-30) • Updated input 'nixpkgs-stable': 'github:nixos/nixpkgs/4a55998176831003c7a4dc14bb47dfb03e46d4cf?narHash=sha256-7SN8kh2y29uMqWfqxoC591nUwDfFitBPwx4AMweo9Yc%3D' (2025-08-27) → 'github:nixos/nixpkgs/5eb9271c6e5096d5bb9af338448efc30b11b84f0?narHash=sha256-CxUlNyB2SRKv7Q7vMn1osVk9yqkxehwLvalcO4O/XN8%3D' (2025-08-31) --- flake.lock | 530 +++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 436 insertions(+), 94 deletions(-) diff --git a/flake.lock b/flake.lock index 7f76bd7..6d086f5 100755 --- a/flake.lock +++ b/flake.lock @@ -2,18 +2,18 @@ "nodes": { "chaotic": { "inputs": { - "fenix": "fenix", "flake-schemas": "flake-schemas", "home-manager": "home-manager", "jovian": "jovian", - "nixpkgs": "nixpkgs" + "nixpkgs": "nixpkgs", + "rust-overlay": "rust-overlay" }, "locked": { - "lastModified": 1749757487, - "narHash": "sha256-yPxNQ2wo4Iiv/QiacFcL4gPC/uansnY6FmPvW53fUhg=", + "lastModified": 1756606761, + "narHash": "sha256-lcHMwq0LVcS1mP9o0pq00Von8PsXMsFPPo3ZXGWa7DU=", "owner": "chaotic-cx", "repo": "nyx", - "rev": "12314126ea2c78758055c1f413182fbea617801c", + "rev": "9e9e58125b4ba190658235106858f9733b25a1b4", "type": "github" }, "original": { @@ -45,28 +45,6 @@ "type": "github" } }, - "fenix": { - "inputs": { - "nixpkgs": [ - "chaotic", - "nixpkgs" - ], - "rust-analyzer-src": "rust-analyzer-src" - }, - "locked": { - "lastModified": 1737009074, - "narHash": "sha256-BF+OxooVz4KeSIJyLXCnX2VTMsyfGrpEsay76hGRyrI=", - "owner": "nix-community", - "repo": "fenix", - "rev": "fe17a42e2c306d1a8a4fb3f977b12048d8cf7471", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "fenix", - "type": "github" - } - }, "flake-compat": { "flake": false, "locked": { @@ -88,11 +66,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1743550720, - "narHash": "sha256-hIshGgKZCgWh6AYJpJmRgFdR3WUbkY04o82X05xqQiY=", + "lastModified": 1754487366, + "narHash": "sha256-pHYj8gUBapuUzKV/kN/tR3Zvqc7o6gdFB9XKXIp1SQ8=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "c621e8422220273271f52058f618c94e405bb0f5", + "rev": "af66ad14b28a127c5c0f3bbb298218fc63528a18", "type": "github" }, "original": { @@ -115,6 +93,42 @@ "url": "https://flakehub.com/f/DeterminateSystems/flake-schemas/%3D0.1.5.tar.gz" } }, + "flake-utils": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_3" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -123,11 +137,11 @@ ] }, "locked": { - "lastModified": 1736883540, - "narHash": "sha256-dgPgoPUSg8cGAMqbhQRkww665sZtgzpWXxWjlyqhv94=", + "lastModified": 1756261190, + "narHash": "sha256-eiy0klFK5EVJLNilutR7grsZN/7Itj9DyD75eyOf83k=", "owner": "nix-community", "repo": "home-manager", - "rev": "0dfec9deb275854a56c97c356c40ef72e3a2e632", + "rev": "77f348da3176dc68b20a73dab94852a417daf361", "type": "github" }, "original": { @@ -144,31 +158,140 @@ ] }, "locked": { - "lastModified": 1742670145, - "narHash": "sha256-xQ2F9f+ICAGBp/nNv3ddD2U4ZvzuLOci0u/5lyMXPvk=", + "lastModified": 1756261190, + "narHash": "sha256-eiy0klFK5EVJLNilutR7grsZN/7Itj9DyD75eyOf83k=", + "owner": "nix-community", + "repo": "home-manager", + "rev": "77f348da3176dc68b20a73dab94852a417daf361", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "home-manager", + "type": "github" + } + }, + "home-manager_3": { + "inputs": { + "nixpkgs": [ + "nix-podman-stacks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1755928099, + "narHash": "sha256-OILVkfhRCm8u18IZ2DKR8gz8CVZM2ZcJmQBXmjFLIfk=", "owner": "nix-community", "repo": "home-manager", - "rev": "63e77d09a133ac641a0c204e7cfb0c97e133706d", + "rev": "4a44fb9f7555da362af9d499817084f4288a957f", "type": "github" }, "original": { "owner": "nix-community", + "ref": "release-25.05", "repo": "home-manager", "type": "github" } }, + "hyde": { + "flake": false, + "locked": { + "lastModified": 1752889605, + "narHash": "sha256-hT7xLsfqsVwcYS/YscRwVOPqK8ZpubhGdpK58INkdJ0=", + "owner": "HyDE-Project", + "repo": "HyDE", + "rev": "168287f2f10e95a4a9a623c955c7e08147c48472", + "type": "github" + }, + "original": { + "owner": "HyDE-Project", + "repo": "HyDE", + "rev": "168287f2f10e95a4a9a623c955c7e08147c48472", + "type": "github" + } + }, + "hyde-config": { + "inputs": { + "nixpkgs": [ + "hydenix", + "hydenix-nixpkgs" + ] + }, + "locked": { + "lastModified": 1754889600, + "narHash": "sha256-kn35QcO7OxZxcYyaZNxQ4tBsLdeSi1u2kbWdPg/pky0=", + "owner": "richen604", + "repo": "hyde-config", + "rev": "59dc0659e0cfb72552616553f5b2635cf40c2184", + "type": "github" + }, + "original": { + "owner": "richen604", + "repo": "hyde-config", + "type": "github" + } + }, + "hyde-ipc": { + "inputs": { + "nixpkgs": [ + "hydenix", + "hydenix-nixpkgs" + ], + "rust-overlay": "rust-overlay_2" + }, + "locked": { + "lastModified": 1754887268, + "narHash": "sha256-TsiA83Gd16VfIMatHa6o56Rvf7Vi2Lr/9ch9T6+n/qg=", + "owner": "richen604", + "repo": "hyde-ipc", + "rev": "016b6e7bd5959a18c2cefeb4a952098468f6bb8f", + "type": "github" + }, + "original": { + "owner": "richen604", + "repo": "hyde-ipc", + "type": "github" + } + }, + "hydectl": { + "inputs": { + "nixpkgs": [ + "hydenix", + "hydenix-nixpkgs" + ] + }, + "locked": { + "lastModified": 1755057332, + "narHash": "sha256-TVLjDL4+SdoXJrNu5TLiUSDD73CdVWfAn3aE2c4aShg=", + "owner": "richen604", + "repo": "hydectl", + "rev": "a19610347de2230175e5d8807584db65d0588134", + "type": "github" + }, + "original": { + "owner": "richen604", + "repo": "hydectl", + "type": "github" + } + }, "hydenix": { "inputs": { "home-manager": "home-manager_2", + "hyde": "hyde", + "hyde-config": "hyde-config", + "hyde-ipc": "hyde-ipc", + "hydectl": "hydectl", "hydenix-nixpkgs": "hydenix-nixpkgs", + "hyq": "hyq", + "nix-index-database": "nix-index-database", "nixos-hardware": "nixos-hardware" }, "locked": { - "lastModified": 1743370967, - "narHash": "sha256-GYP0EprbMD1bARQUijYyL93hyxJebS5sPZC13D5HGrE=", + "lastModified": 1756353325, + "narHash": "sha256-4k6ImV1a4LItXdNfkgbh/Vj5gkBEUEvrhn2M5zKGEZ0=", "owner": "richen604", "repo": "hydenix", - "rev": "174f11d016c18724f5357cfba6ba2b06d466db4c", + "rev": "5f57152efaadcef47f7998fc56728783eaf1166e", "type": "github" }, "original": { @@ -179,17 +302,67 @@ }, "hydenix-nixpkgs": { "locked": { - "lastModified": 1742288794, - "narHash": "sha256-Txwa5uO+qpQXrNG4eumPSD+hHzzYi/CdaM80M9XRLCo=", + "lastModified": 1756288264, + "narHash": "sha256-Om8adB1lfkU7D33VpR+/haZ2gI5r3Q+ZbIPzE5sYnwE=", "owner": "nixos", "repo": "nixpkgs", - "rev": "b6eaf97c6960d97350c584de1b6dcff03c9daf42", + "rev": "ddd1826f294a0ee5fdc198ab72c8306a0ea73aa9", "type": "github" }, "original": { "owner": "nixos", "repo": "nixpkgs", - "rev": "b6eaf97c6960d97350c584de1b6dcff03c9daf42", + "rev": "ddd1826f294a0ee5fdc198ab72c8306a0ea73aa9", + "type": "github" + } + }, + "hyq": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "hydenix", + "hydenix-nixpkgs" + ] + }, + "locked": { + "lastModified": 1756353138, + "narHash": "sha256-2G8YwNzELvklrYftaRAzNLZ2AbDtIrWzgRgnhReNnuk=", + "owner": "richen604", + "repo": "hyprquery", + "rev": "afe6da39cf94f3e24dcfd13abf88da6ea5d661ac", + "type": "github" + }, + "original": { + "owner": "richen604", + "repo": "hyprquery", + "type": "github" + } + }, + "ixx": { + "inputs": { + "flake-utils": [ + "nix-podman-stacks", + "search", + "flake-utils" + ], + "nixpkgs": [ + "nix-podman-stacks", + "search", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754860581, + "narHash": "sha256-EM0IE63OHxXCOpDHXaTyHIOk2cNvMCGPqLt/IdtVxgk=", + "owner": "NuschtOS", + "repo": "ixx", + "rev": "babfe85a876162c4acc9ab6fb4483df88fa1f281", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "ref": "v0.1.1", + "repo": "ixx", "type": "github" } }, @@ -202,11 +375,11 @@ ] }, "locked": { - "lastModified": 1737007397, - "narHash": "sha256-uJ7Lk0moWSn8Tr0QkUbOCWR7WrhiLeha4E00rckhl8I=", + "lastModified": 1756201372, + "narHash": "sha256-bK5j5cwJgO5AZXlDl5AgISzpOv9YV1Fcv2nDr9RW/5o=", "owner": "Jovian-Experiments", "repo": "Jovian-NixOS", - "rev": "6bbb19666e753c18ef8af35f590cbc3ba42dd0ca", + "rev": "9f6745bd704ab7f2617d41c2b02f4fd5f9ed0e89", "type": "github" }, "original": { @@ -217,36 +390,32 @@ }, "nix-darwin": { "inputs": { - "nixpkgs": [ - "nixpkgs" - ] + "nixpkgs": "nixpkgs_3" }, "locked": { - "lastModified": 1750618568, - "narHash": "sha256-w9EG5FOXrjXGfbqCcQg9x1lMnTwzNDW5BMXp8ddy15E=", + "lastModified": 1755825449, + "narHash": "sha256-XkiN4NM9Xdy59h69Pc+Vg4PxkSm9EWl6u7k6D5FZ5cM=", "owner": "nix-darwin", "repo": "nix-darwin", - "rev": "1dd19f19e4b53a1fd2e8e738a08dd5fe635ec7e5", + "rev": "8df64f819698c1fee0c2969696f54a843b2231e8", "type": "github" }, "original": { - "owner": "nix-darwin", - "ref": "master", - "repo": "nix-darwin", - "type": "github" + "id": "nix-darwin", + "type": "indirect" } }, "nix-gaming": { "inputs": { "flake-parts": "flake-parts", - "nixpkgs": "nixpkgs_2" + "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1746410227, - "narHash": "sha256-F2gKEIBfqfeQUcvMg0YD3xRnJIPyEgINR+ouTedoAtg=", + "lastModified": 1756604975, + "narHash": "sha256-qLvZwPsuUUL2B/yqFJBeWmz6fdsloQyMAWK/6dYDXMU=", "owner": "fufexan", "repo": "nix-gaming", - "rev": "3b68db5adeda4b4ac018aea0acf8ebb4941c4b15", + "rev": "4c92760b8d12d0d36e8e189d890d1c01a7ae646e", "type": "github" }, "original": { @@ -279,17 +448,38 @@ } }, "nix-index-database": { + "inputs": { + "nixpkgs": [ + "hydenix", + "hydenix-nixpkgs" + ] + }, + "locked": { + "lastModified": 1756008611, + "narHash": "sha256-rfTBWuTXi9/X7GhtF562FKNXKh2kvKb6dwI5lV1SjPE=", + "owner": "nix-community", + "repo": "nix-index-database", + "rev": "52dec1cb33a614accb9e01307e17816be974d24d", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "nix-index-database", + "type": "github" + } + }, + "nix-index-database_2": { "inputs": { "nixpkgs": [ "nixpkgs" ] }, "locked": { - "lastModified": 1746330942, - "narHash": "sha256-ShizFaJCAST23tSrHHtFFGF0fwd72AG+KhPZFFQX/0o=", + "lastModified": 1756612744, + "narHash": "sha256-/glV6VAq8Va3ghIbmhET3S1dzkbZqicsk5h+FtvwiPE=", "owner": "nix-community", "repo": "nix-index-database", - "rev": "137fd2bd726fff343874f85601b51769b48685cc", + "rev": "3fe768e1f058961095b4a0d7a2ba15dc9736bdc6", "type": "github" }, "original": { @@ -298,13 +488,36 @@ "type": "github" } }, + "nix-podman-stacks": { + "inputs": { + "home-manager": "home-manager_3", + "nixpkgs": [ + "nixpkgs" + ], + "search": "search", + "sops-nix": "sops-nix" + }, + "locked": { + "lastModified": 1756640992, + "narHash": "sha256-iNfoqZyShPzXcARe6lMXR9OM/b3uykgpEtyD983hH8Q=", + "owner": "Tarow", + "repo": "nix-podman-stacks", + "rev": "b84320f19bb906644be85aeab717dcf4870df2e6", + "type": "github" + }, + "original": { + "owner": "Tarow", + "repo": "nix-podman-stacks", + "type": "github" + } + }, "nixos-hardware": { "locked": { - "lastModified": 1742631601, - "narHash": "sha256-yJ3OOAmsGAxSl0bTmKUp3+cEYtSS+V6hUPK2rYhIPr8=", + "lastModified": 1756245047, + "narHash": "sha256-9bHzrVbjAudbO8q4vYFBWlEkDam31fsz0J7GB8k4AsI=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "380ed15bcd6440606c6856db44a99140d422b46f", + "rev": "a65b650d6981e23edd1afa1f01eb942f19cdcbb7", "type": "github" }, "original": { @@ -316,11 +529,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1737062831, - "narHash": "sha256-Tbk1MZbtV2s5aG+iM99U8FqwxU/YNArMcWAv6clcsBc=", + "lastModified": 1756542300, + "narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "5df43628fdf08d642be8ba5b3625a6c70731c19c", + "rev": "d7600c775f877cd87b4f5a831c28aa94137377aa", "type": "github" }, "original": { @@ -332,11 +545,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1743296961, - "narHash": "sha256-b1EdN3cULCqtorQ4QeWgLMrd5ZGOjLSLemfa00heasc=", + "lastModified": 1753579242, + "narHash": "sha256-zvaMGVn14/Zz8hnp4VWT9xVnhc8vuL3TStRqwk22biA=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "e4822aea2a6d1cdd36653c134cacfd64c97ff4fa", + "rev": "0f36c44e01a6129be94e3ade315a5883f0228a6e", "type": "github" }, "original": { @@ -347,27 +560,27 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1735651292, - "narHash": "sha256-YLbzcBtYo1/FEzFsB3AnM16qFc6fWPMIoOuSoDwvg9g=", + "lastModified": 1756643543, + "narHash": "sha256-CxUlNyB2SRKv7Q7vMn1osVk9yqkxehwLvalcO4O/XN8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "0da3c44a9460a26d2025ec3ed2ec60a895eb1114", + "rev": "5eb9271c6e5096d5bb9af338448efc30b11b84f0", "type": "github" }, "original": { "owner": "nixos", - "ref": "release-24.05", + "ref": "release-25.05", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_2": { "locked": { - "lastModified": 1746269363, - "narHash": "sha256-Q0lKWway9OmZnkDTpAoAE9VLXHOHqCqdJ3N0tkSM99g=", + "lastModified": 1744536153, + "narHash": "sha256-awS2zRgF4uTwrOKwwiJcByDzDOdo3Q1rPZbiHQg/N38=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "b6aef6c3553f849e1e6c08f1bcd3061df2b69fc4", + "rev": "18dd725c29603f582cf1900e0d25f9f1063dbf11", "type": "github" }, "original": { @@ -379,11 +592,43 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1743315132, - "narHash": "sha256-6hl6L/tRnwubHcA4pfUUtk542wn2Om+D4UnDhlDW9BE=", + "lastModified": 1747728033, + "narHash": "sha256-NnXFQu7g4LnvPIPfJmBuZF7LFy/fey2g2+LCzjQhTUk=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2f9173bde1d3fbf1ad26ff6d52f952f9e9da52ea", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_4": { + "locked": { + "lastModified": 1756536218, + "narHash": "sha256-ynQxPVN2FIPheUgTFhv01gYLbaiSOS7NgWJPm9LF9D0=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "a918bb3594dd243c2f8534b3be01b3cb4ed35fd1", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixpkgs-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs_5": { + "locked": { + "lastModified": 1756542300, + "narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=", "owner": "nixos", "repo": "nixpkgs", - "rev": "52faf482a3889b7619003c0daec593a1912fddc1", + "rev": "d7600c775f877cd87b4f5a831c28aa94137377aa", "type": "github" }, "original": { @@ -400,25 +645,92 @@ "hydenix": "hydenix", "nix-darwin": "nix-darwin", "nix-gaming": "nix-gaming", - "nix-index-database": "nix-index-database", - "nixpkgs": "nixpkgs_3", + "nix-index-database": "nix-index-database_2", + "nix-podman-stacks": "nix-podman-stacks", + "nixpkgs": "nixpkgs_5", "nixpkgs-stable": "nixpkgs-stable" } }, - "rust-analyzer-src": { - "flake": false, + "rust-overlay": { + "inputs": { + "nixpkgs": [ + "chaotic", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1756434910, + "narHash": "sha256-5UJRyxZ8QCm+pgh5pNHXFJMmopMqHVraUhRA1g2AmA0=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "86e5140961c91a9ee1dde1c17d18a787d44ceef8", + "type": "github" + }, + "original": { + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "rust-overlay_2": { + "inputs": { + "nixpkgs": "nixpkgs_2" + }, "locked": { - "lastModified": 1736970696, - "narHash": "sha256-WP5yBCVkidEf5y3kCaUSjRd0udpAE6nmY3MMx3Q2aNo=", - "owner": "rust-lang", - "repo": "rust-analyzer", - "rev": "7d337c7f350a163ac3a9bd4ce0c4dae2df20579b", + "lastModified": 1754880555, + "narHash": "sha256-tG6l0wiX8V8IvG4HFYY8IYN5vpNAxQ+UWunjjpE6SqU=", + "owner": "oxalica", + "repo": "rust-overlay", + "rev": "17c591a44e4eb77f05f27cd37e1cfc3f219c7fc4", "type": "github" }, "original": { - "owner": "rust-lang", - "ref": "nightly", - "repo": "rust-analyzer", + "owner": "oxalica", + "repo": "rust-overlay", + "type": "github" + } + }, + "search": { + "inputs": { + "flake-utils": "flake-utils_2", + "ixx": "ixx", + "nixpkgs": [ + "nix-podman-stacks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1755555503, + "narHash": "sha256-WiOO7GUOsJ4/DoMy2IC5InnqRDSo2U11la48vCCIjjY=", + "owner": "NuschtOS", + "repo": "search", + "rev": "6f3efef888b92e6520f10eae15b86ff537e1d2ea", + "type": "github" + }, + "original": { + "owner": "NuschtOS", + "repo": "search", + "type": "github" + } + }, + "sops-nix": { + "inputs": { + "nixpkgs": [ + "nix-podman-stacks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1754988908, + "narHash": "sha256-t+voe2961vCgrzPFtZxha0/kmFSHFobzF00sT8p9h0U=", + "owner": "Mic92", + "repo": "sops-nix", + "rev": "3223c7a92724b5d804e9988c6b447a0d09017d48", + "type": "github" + }, + "original": { + "owner": "Mic92", + "repo": "sops-nix", "type": "github" } }, @@ -437,6 +749,36 @@ "type": "github" } }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_3": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, "utils": { "inputs": { "systems": "systems" From a9f67f90d29d68cdc881976be2e294f0c1705fff Mon Sep 17 00:00:00 2001 From: mirage <119869686+ClementBobin@users.noreply.github.com> Date: Mon, 1 Sep 2025 22:07:40 +0200 Subject: [PATCH 02/10] refactor: update default.nix for games and security configurations; add new modules for hayase, scalar, and wrkflw --- modules/system/hosts/oak/default.nix | 34 +++--- modules/wrapper/hayase.nix | 39 +++++++ modules/wrapper/safing/module.nix | 164 +++++++++++++++++++++++++++ modules/wrapper/scalar.nix | 62 ++++++++++ modules/wrapper/wrkflw.nix | 24 ++++ 5 files changed, 310 insertions(+), 13 deletions(-) create mode 100644 modules/wrapper/hayase.nix create mode 100644 modules/wrapper/safing/module.nix create mode 100644 modules/wrapper/scalar.nix create mode 100644 modules/wrapper/wrkflw.nix diff --git a/modules/system/hosts/oak/default.nix b/modules/system/hosts/oak/default.nix index 56c1ee6..ddf1487 100644 --- a/modules/system/hosts/oak/default.nix +++ b/modules/system/hosts/oak/default.nix @@ -2,6 +2,7 @@ { imports = [ ../../common + ../../../wrapper/safing/module.nix ]; modules.system = { @@ -13,24 +14,18 @@ polkit.enable = true; }; games = { - clients = ["steam" "nexus"]; + clients = ["steam"]; gamemode.enable = true; }; networks.vpn = ["tailscale"]; - virtualisation.containers.engines = ["docker"]; - backup.syncthing = { + virtualisation.enable = true; + server.storage.syncthing = { enable = true; dirSync = "/home/${vars.user}"; subDir = "Documents"; }; - security = { - antivirus = { - engines = ["clamav"]; - gui.enable = true; - }; - passwordManager.backend = ["bitwarden"]; - }; - dev = { + security.passwordManager.backend = ["bitwarden"]; + dev.languages = { php.enable = true; flutter = { enable = true; @@ -40,10 +35,23 @@ hardware.powersave = { enable = true; architecture = "amd"; - batteryHealth.enable = true; + enableBenchmarkTools = true; + forcePerfOnAC = false; + batteryHealth = { + enable = true; + chargeThresholds = { + start = 55; + stop = 60; + }; + }; managePowerProfiles = false; - disk = [ "nvme0n1" ]; + disk = [ "nvme0n1" "nvme1n1" ]; asus.enable = true; }; }; + + services.portmaster = { + enable = true; + devmode.enable = true; + }; } diff --git a/modules/wrapper/hayase.nix b/modules/wrapper/hayase.nix new file mode 100644 index 0000000..0a3fede --- /dev/null +++ b/modules/wrapper/hayase.nix @@ -0,0 +1,39 @@ +{ lib +, fetchurl +, appimageTools +}: + +let + pname = "hayase"; + version = "6.4.23"; + hash = "sha256-lP1F1jFXenFDyLX04YZZ00KhG21LUU2OaI0OvHxpgNo="; +in + +appimageTools.wrapType2 rec { + inherit pname version; + + src = fetchurl { + url = "https://github.com/hayase-app/ui/releases/download/v${version}/linux-hayase-${version}-linux.AppImage"; + name = "${pname}-${version}.AppImage"; + inherit hash; + }; + + extraInstallCommands = let + contents = appimageTools.extractType2 { inherit pname version src; }; + in '' + mkdir -p "$out/share/applications" + mkdir -p "$out/share/lib/hayase" + cp -r ${contents}/{locales,resources} "$out/share/lib/hayase" + cp -r ${contents}/usr/* "$out" + cp "${contents}/${pname}.desktop" "$out/share/applications/" + substituteInPlace $out/share/applications/${pname}.desktop --replace 'Exec=AppRun' 'Exec=${pname}' + ''; + + meta = with lib; { + description = "A bittorrent streaming application for anime"; + homepage = "https://github.com/ThaUnknown/miru"; + license = licenses.gpl3Only; + maintainers = with maintainers; [ ]; + platforms = [ "x86_64-linux" ]; + }; +} \ No newline at end of file diff --git a/modules/wrapper/safing/module.nix b/modules/wrapper/safing/module.nix new file mode 100644 index 0000000..f73ac53 --- /dev/null +++ b/modules/wrapper/safing/module.nix @@ -0,0 +1,164 @@ +{ config, lib, pkgs, ... }: + +with lib; + +let + cfg = config.services.portmaster; + portmasterPkg = pkgs.callPackage ./package.nix {}; +in { + options.services.portmaster = { + enable = mkEnableOption "Portmaster application firewall"; + + package = mkOption { + type = types.package; + default = portmasterPkg; + description = "Portmaster package to use"; + }; + + devmode.enable = mkOption { + type = types.bool; + default = false; + description = "Enable development mode (makes UI available at 127.0.0.1:817)"; + }; + + extraArgs = mkOption { + type = types.listOf types.str; + default = []; + description = "Extra command-line arguments for portmaster-core"; + }; + }; + + config = mkIf cfg.enable { + environment.systemPackages = [ cfg.package ]; + + boot.kernelModules = [ "netfilter_queue" ]; + + systemd.tmpfiles.rules = [ + "d /var/lib/portmaster 0755 root root -" + "d /var/lib/portmaster/logs 0755 root root -" + "d /var/lib/portmaster/download_binaries 0755 root root -" + "d /var/lib/portmaster/updates 0755 root root -" + "d /var/lib/portmaster/databases 0755 root root -" + "d /var/lib/portmaster/databases/icons 0755 root root -" + "d /var/lib/portmaster/config 0755 root root -" + "d /var/lib/portmaster/intel 0755 root root -" + "d /usr/lib/portmaster 0755 root root -" + "L+ /usr/lib/portmaster/portmaster-core - - - - ${cfg.package}/usr/lib/portmaster/portmaster-core" + "L+ /usr/lib/portmaster/portmaster - - - - ${cfg.package}/usr/lib/portmaster/portmaster" + "L+ /usr/lib/portmaster/portmaster.zip - - - - ${cfg.package}/usr/lib/portmaster/portmaster.zip" + "L+ /usr/lib/portmaster/assets.zip - - - - ${cfg.package}/usr/lib/portmaster/assets.zip" + ]; + + systemd.services.portmaster = { + description = "Portmaster by Safing"; + documentation = [ "https://safing.io" "https://docs.safing.io" ]; + before = [ "nss-lookup.target" "network.target" "shutdown.target" ]; + after = [ "systemd-networkd.service" "systemd-tmpfiles-setup.service" ]; + conflicts = [ "shutdown.target" "firewalld.service" ]; + wants = [ "nss-lookup.target" ]; + wantedBy = [ "multi-user.target" ]; + requires = [ "systemd-tmpfiles-setup.service" ]; + + preStart = '' + if [ ! -e "/usr/lib/portmaster/portmaster-core" ]; then + echo "Creating portmaster symlinks manually..." + mkdir -p /usr/lib/portmaster + ln -sf ${cfg.package}/usr/lib/portmaster/portmaster-core /usr/lib/portmaster/portmaster-core + ln -sf ${cfg.package}/usr/lib/portmaster/portmaster /usr/lib/portmaster/portmaster + ln -sf ${cfg.package}/usr/lib/portmaster/portmaster.zip /usr/lib/portmaster/portmaster.zip + ln -sf ${cfg.package}/usr/lib/portmaster/assets.zip /usr/lib/portmaster/assets.zip + fi + + if [ ! -f "/var/lib/portmaster/intel/index.json" ]; then + echo "Copying initial intel data..." + if [ -d "${cfg.package}/var/lib/portmaster/intel" ]; then + cp -r ${cfg.package}/var/lib/portmaster/intel/* /var/lib/portmaster/intel/ || true + else + echo "Warning: No intel data found in package" + fi + fi + ''; + + script = let + baseArgs = [ + "/usr/lib/portmaster/portmaster-core" + "--log-dir=/var/lib/portmaster/logs" + ]; + devmodeArgs = lib.optional cfg.devmode.enable "--devmode"; + allArgs = baseArgs ++ devmodeArgs ++ [ "--" ] ++ cfg.extraArgs; + in lib.concatStringsSep " " allArgs; + + postStop = '' + /usr/lib/portmaster/portmaster-core recover-iptables || echo "Iptables cleanup completed" + ''; + + serviceConfig = { + Type = "simple"; + Restart = "on-failure"; + RestartSec = "10"; + RestartPreventExitStatus = "24"; + User = "root"; + Group = "root"; + LockPersonality = true; + MemoryDenyWriteExecute = true; + MemoryLow = "2G"; + NoNewPrivileges = true; + PrivateTmp = true; + PIDFile = "/var/lib/portmaster/core-lock.pid"; + StateDirectory = "portmaster"; + WorkingDirectory = "/var/lib/portmaster"; + ProtectSystem = true; + ReadWritePaths = [ "/usr/lib/portmaster" "/var/lib/portmaster" ]; + ProtectHome = "read-only"; + ProtectKernelTunables = true; + ProtectKernelLogs = true; + ProtectControlGroups = true; + PrivateDevices = true; + RestrictNamespaces = true; + AmbientCapabilities = [ + "cap_chown" + "cap_kill" + "cap_net_admin" + "cap_net_bind_service" + "cap_net_broadcast" + "cap_net_raw" + "cap_sys_module" + "cap_sys_ptrace" + "cap_dac_override" + "cap_fowner" + "cap_fsetid" + "cap_sys_resource" + "cap_bpf" + "cap_perfmon" + ]; + CapabilityBoundingSet = [ + "cap_chown" + "cap_kill" + "cap_net_admin" + "cap_net_bind_service" + "cap_net_broadcast" + "cap_net_raw" + "cap_sys_module" + "cap_sys_ptrace" + "cap_dac_override" + "cap_fowner" + "cap_fsetid" + "cap_sys_resource" + "cap_bpf" + "cap_perfmon" + ]; + RestrictAddressFamilies = + [ "AF_UNIX" "AF_NETLINK" "AF_INET" "AF_INET6" ]; + Environment = [ "LOGLEVEL=info" "PORTMASTER_ARGS=" ]; + EnvironmentFile = [ "-/etc/default/portmaster" ]; + }; + }; + + networking.firewall.allowedTCPPorts = lib.optional cfg.devmode.enable 817; + + boot.kernel.sysctl = { + "net.ipv4.ip_forward" = 1; + "net.ipv6.conf.all.forwarding" = 1; + }; + }; +} \ No newline at end of file diff --git a/modules/wrapper/scalar.nix b/modules/wrapper/scalar.nix new file mode 100644 index 0000000..8d1d131 --- /dev/null +++ b/modules/wrapper/scalar.nix @@ -0,0 +1,62 @@ +{ config, lib, pkgs, ... }: + +let + scalar-deb = pkgs.fetchurl { + url = "https://download.scalar.com/linux/deb/x64"; + sha256 = "sha256-25TbihHJ6cVQvktI8MW/upP46tEYX7/9DJiS3qPBIk0="; + }; + + scalar-app = pkgs.stdenv.mkDerivation { + name = "scalar-desktop"; + src = scalar-deb; + + nativeBuildInputs = [ pkgs.autoPatchelfHook pkgs.dpkg pkgs.makeWrapper ]; + buildInputs = with pkgs; [ + alsa-lib + mesa + libdrm + libglvnd + vulkan-loader + libva + gtk3 + libsecret + nss + xorg.libXdamage + xorg.libXtst + xorg.libXcomposite + xorg.libXrandr + ]; + + unpackPhase = "dpkg -x $src ."; + + installPhase = '' + # Install application + mkdir -p $out/opt/Scalar + cp -r opt/Scalar/* $out/opt/Scalar/ + + # Install desktop file and icons from usr/share + mkdir -p $out/share + cp -r usr/share/* $out/share/ + + # Fix the Exec path in the desktop file + substituteInPlace $out/share/applications/scalar-app.desktop \ + --replace "Exec=/opt/Scalar/scalar-app" "Exec=$out/bin/scalar-desktop" + + # Create binary wrapper with proper library paths + mkdir -p $out/bin + makeWrapper $out/opt/Scalar/scalar-app $out/bin/scalar-desktop \ + --prefix LD_LIBRARY_PATH : ${lib.makeLibraryPath (with pkgs; [ + alsa-lib + mesa + libdrm + libglvnd + vulkan-loader + libva + ])} \ + --prefix PATH : ${lib.makeBinPath [ pkgs.xorg.xrandr ]} + ''; + }; +in +{ + scalarApp = scalar-app; +} \ No newline at end of file diff --git a/modules/wrapper/wrkflw.nix b/modules/wrapper/wrkflw.nix new file mode 100644 index 0000000..d1f71cb --- /dev/null +++ b/modules/wrapper/wrkflw.nix @@ -0,0 +1,24 @@ +{ lib, stdenv, rustPlatform, fetchCrate, pkg-config, openssl, sqlite, dbus }: + +rustPlatform.buildRustPackage rec { + pname = "wrkflw"; + version = "0.7.0"; + + src = fetchCrate { + inherit pname version; + hash = "sha256-CeNZ5jb+8vtrXcn4d/UVcS0q2m+k9UgbPYSj6STGZ4k="; + }; + + cargoHash = "sha256-4xPuQdVMF6INYoxZkRIreJ5PUbEwa8FEIEmD2jV6v5g="; + + nativeBuildInputs = [ pkg-config ]; + buildInputs = [ openssl sqlite dbus ]; + + meta = with lib; { + description = "A tool for working with GitHub Actions workflows locally"; + homepage = "https://github.com/bahdotsh/wrkflw"; + license = licenses.mit; + maintainers = with maintainers; [ ]; + platforms = platforms.all; + }; +} \ No newline at end of file From 0be1f1c29ff0a63c576469fea7ea1f368218bca0 Mon Sep 17 00:00:00 2001 From: mirage <119869686+ClementBobin@users.noreply.github.com> Date: Mon, 1 Sep 2025 22:09:24 +0200 Subject: [PATCH 03/10] remove obsolete scripts and configuration --- .github/workflows/flake-check.yml | 31 -- .github/workflows/lint-commits.yml | 23 -- .../hm/common/communication/mail/bluemail.nix | 18 - .../hm/common/communication/mail/default.nix | 29 -- modules/hm/common/dev/dotnet.nix | 34 -- .../hm/common/dev/editor/android-studio.nix | 17 - modules/hm/common/dev/editor/dbeaver.nix | 16 - modules/hm/common/dev/editor/jetbrains.nix | 26 -- modules/hm/common/dev/editor/vs-code.nix | 18 - .../hm/common/dev/global-tools/act-github.nix | 16 - modules/hm/common/dev/global-tools/cli.nix | 29 -- modules/hm/common/dev/global-tools/nix.nix | 36 -- modules/hm/common/dev/node/node.nix | 77 ---- modules/hm/common/dev/node/pm2.nix | 16 - modules/hm/common/dev/node/prisma.nix | 25 -- modules/hm/common/dev/python.nix | 97 ----- modules/hm/common/dev/rust.nix | 26 -- modules/hm/common/emulator/default.nix | 82 ----- .../hm/common/extra/ignore-file-retriever.nix | 157 -------- modules/hm/common/multimedia/gimp.nix | 16 - modules/hm/common/multimedia/mpv.nix | 34 -- modules/hm/common/multimedia/obs.nix | 25 -- modules/hm/common/multimedia/openshot-qt.nix | 16 - modules/hm/common/multimedia/parsec.nix | 16 - modules/hm/common/multimedia/stremio.nix | 16 - modules/hm/common/shell/btop.nix | 32 -- modules/hm/common/shell/fzf.nix | 14 - modules/hm/common/shell/navi.nix | 18 - modules/hm/common/shell/ranger.nix | 16 - modules/hm/common/shell/starship.nix | 25 -- modules/system/common/backup/syncthing.nix | 56 --- modules/system/common/dev/dev.nix | 36 -- modules/system/common/dev/flatpak.nix | 40 --- modules/system/common/dev/flutter.nix | 73 ---- modules/system/common/dev/php.nix | 66 ---- modules/system/common/games/games.nix | 103 ------ modules/system/common/hardware/powersave.nix | 174 --------- .../system/common/networks/print/print.nix | 29 -- .../common/virtualisation/containers.nix | 34 -- modules/system/hosts/fern/plex.nix | 84 ----- modules/system/hosts/fern/sunshine.nix | 137 ------- modules/system/hosts/fern/vfio/default.nix | 337 ------------------ .../fern/vfio/scripts/99-vendor-reset.rules | 135 ------- modules/system/hosts/fern/vfio/scripts/lg.sh | 10 - modules/system/hosts/fern/vfio/scripts/rdp.sh | 36 -- .../hosts/fern/vfio/scripts/start-vfio.sh | 92 ----- .../hosts/fern/vfio/scripts/stop-vfio.sh | 42 --- .../system/hosts/fern/vfio/scripts/vfio.sh | 111 ------ modules/system/hosts/fern/vfio/scripts/vm.sh | 101 ------ .../system/hosts/fern/vfio/scripts/win11.xml | 291 --------------- 50 files changed, 2988 deletions(-) delete mode 100644 .github/workflows/flake-check.yml delete mode 100644 .github/workflows/lint-commits.yml delete mode 100644 modules/hm/common/communication/mail/bluemail.nix delete mode 100644 modules/hm/common/communication/mail/default.nix delete mode 100644 modules/hm/common/dev/dotnet.nix delete mode 100644 modules/hm/common/dev/editor/android-studio.nix delete mode 100644 modules/hm/common/dev/editor/dbeaver.nix delete mode 100644 modules/hm/common/dev/editor/jetbrains.nix delete mode 100644 modules/hm/common/dev/editor/vs-code.nix delete mode 100644 modules/hm/common/dev/global-tools/act-github.nix delete mode 100644 modules/hm/common/dev/global-tools/cli.nix delete mode 100755 modules/hm/common/dev/global-tools/nix.nix delete mode 100644 modules/hm/common/dev/node/node.nix delete mode 100644 modules/hm/common/dev/node/pm2.nix delete mode 100644 modules/hm/common/dev/node/prisma.nix delete mode 100644 modules/hm/common/dev/python.nix delete mode 100644 modules/hm/common/dev/rust.nix delete mode 100644 modules/hm/common/emulator/default.nix delete mode 100644 modules/hm/common/extra/ignore-file-retriever.nix delete mode 100644 modules/hm/common/multimedia/gimp.nix delete mode 100644 modules/hm/common/multimedia/mpv.nix delete mode 100755 modules/hm/common/multimedia/obs.nix delete mode 100644 modules/hm/common/multimedia/openshot-qt.nix delete mode 100644 modules/hm/common/multimedia/parsec.nix delete mode 100644 modules/hm/common/multimedia/stremio.nix delete mode 100644 modules/hm/common/shell/btop.nix delete mode 100644 modules/hm/common/shell/fzf.nix delete mode 100644 modules/hm/common/shell/navi.nix delete mode 100644 modules/hm/common/shell/ranger.nix delete mode 100644 modules/hm/common/shell/starship.nix delete mode 100644 modules/system/common/backup/syncthing.nix delete mode 100755 modules/system/common/dev/dev.nix delete mode 100644 modules/system/common/dev/flatpak.nix delete mode 100755 modules/system/common/dev/flutter.nix delete mode 100644 modules/system/common/dev/php.nix delete mode 100755 modules/system/common/games/games.nix delete mode 100644 modules/system/common/hardware/powersave.nix delete mode 100644 modules/system/common/networks/print/print.nix delete mode 100644 modules/system/common/virtualisation/containers.nix delete mode 100755 modules/system/hosts/fern/plex.nix delete mode 100755 modules/system/hosts/fern/sunshine.nix delete mode 100755 modules/system/hosts/fern/vfio/default.nix delete mode 100755 modules/system/hosts/fern/vfio/scripts/99-vendor-reset.rules delete mode 100755 modules/system/hosts/fern/vfio/scripts/lg.sh delete mode 100755 modules/system/hosts/fern/vfio/scripts/rdp.sh delete mode 100755 modules/system/hosts/fern/vfio/scripts/start-vfio.sh delete mode 100755 modules/system/hosts/fern/vfio/scripts/stop-vfio.sh delete mode 100755 modules/system/hosts/fern/vfio/scripts/vfio.sh delete mode 100755 modules/system/hosts/fern/vfio/scripts/vm.sh delete mode 100755 modules/system/hosts/fern/vfio/scripts/win11.xml diff --git a/.github/workflows/flake-check.yml b/.github/workflows/flake-check.yml deleted file mode 100644 index ec98aa5..0000000 --- a/.github/workflows/flake-check.yml +++ /dev/null @@ -1,31 +0,0 @@ -name: Flake Check - -on: - push: - branches: [main] - pull_request: - branches: [main] - types: [opened, synchronize, ready_for_review] - -jobs: - check: - runs-on: ubuntu-latest - if: github.event.pull_request.draft == false - steps: - - uses: actions/checkout@v4 - - - uses: cachix/install-nix-action@v24 - with: - nix_path: nixpkgs=channel:nixos-unstable - - - name: Check Root Flake - run: nix flake check - - - name: Check Template Flake - run: | - cd template - sed -i 's|url = "github:ClementBobin/FlakeHypr"|url = "path:./"|' flake.nix - nix flake check - git checkout flake.nix - rm -f flake.lock - \ No newline at end of file diff --git a/.github/workflows/lint-commits.yml b/.github/workflows/lint-commits.yml deleted file mode 100644 index db4f5a7..0000000 --- a/.github/workflows/lint-commits.yml +++ /dev/null @@ -1,23 +0,0 @@ -name: Lint Commit Messages -on: - pull_request: - types: [opened, synchronize, ready_for_review] -jobs: - commitlint: - runs-on: ubuntu-latest - if: github.event.pull_request.draft == false - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - uses: cachix/install-nix-action@v24 - with: - nix_path: nixpkgs=channel:nixos-unstable - - - name: Copy commitlint config - run: cp .commitlintrc.json $HOME/.commitlintrc.json - - - name: Validate PR commits - run: nix-shell -p commitlint --run "commitlint --from ${{ github.event.pull_request.base.sha }} --to ${{ github.event.pull_request.head.sha }} --verbose" - \ No newline at end of file diff --git a/modules/hm/common/communication/mail/bluemail.nix b/modules/hm/common/communication/mail/bluemail.nix deleted file mode 100644 index c3c11dc..0000000 --- a/modules/hm/common/communication/mail/bluemail.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ pkgs, config, lib, ... }: -let - bluemail = pkgs.bluemail; - - bluemailWithGPU = pkgs.symlinkJoin { - name = "bluemail-with-gpu"; - paths = [ bluemail ]; - nativeBuildInputs = [ pkgs.makeWrapper ]; - postBuild = '' - rm -f $out/bin/bluemail - makeWrapper ${bluemail}/bin/bluemail $out/bin/bluemail --add-flags "--in-process-gpu" - ''; - }; - -in { - # export for other module - bluemailWithGPU = bluemailWithGPU; -} \ No newline at end of file diff --git a/modules/hm/common/communication/mail/default.nix b/modules/hm/common/communication/mail/default.nix deleted file mode 100644 index 876b42d..0000000 --- a/modules/hm/common/communication/mail/default.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ pkgs, lib, config, ... }: - -let - cfg = config.modules.hm.communication.mail; - - serviceList = cfg.services; - - # Map service names to their corresponding packages or list of packages - serviceToPackage = { - thunderbird = [ pkgs.thunderbird-latest ]; - bluemail = [ (import ./bluemail.nix { inherit pkgs lib config; }).bluemailWithGPU ]; - }; - - # Flatten the list of packages from all enabled services - packagesToInstall = lib.unique (lib.concatMap (s: serviceToPackage.${s}) serviceList); -in -{ - options.modules.hm.communication.mail = { - services = lib.mkOption { - type = lib.types.listOf (lib.types.enum (lib.attrNames serviceToPackage)); - default = []; - description = "List of mail services to enable"; - }; - }; - - config = { - home.packages = packagesToInstall; - }; -} \ No newline at end of file diff --git a/modules/hm/common/dev/dotnet.nix b/modules/hm/common/dev/dotnet.nix deleted file mode 100644 index 3a2d92f..0000000 --- a/modules/hm/common/dev/dotnet.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ pkgs, lib, config, ... }: - -let - cfg = config.modules.hm.dev.dotnet; - - sdkVersions = cfg.sdk-versions; - - dotnetPackages = (map (v: pkgs."dotnet-sdk_${v}") sdkVersions) ++ - (map (pkgName: - if pkgs ? ${pkgName} - then pkgs.${pkgName} - else throw "Package '${pkgName}' not found in pkgs" - ) cfg.extraPackages); - -in -{ - options.modules.hm.dev.dotnet = { - enable = lib.mkEnableOption "Enable .NET development environment"; - sdk-versions = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ "8" ]; - description = "List of .NET SDK versions to install (e.g. ["6" "7" "8"])"; - }; - extraPackages = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Additional .NET packages to install; need to specify dotnetPackages.{name of package (e.g. ['nuget' 'dotnet-ef'])}"; - }; - }; - - config = lib.mkIf cfg.enable { - home.packages = dotnetPackages; - }; -} diff --git a/modules/hm/common/dev/editor/android-studio.nix b/modules/hm/common/dev/editor/android-studio.nix deleted file mode 100644 index 84af0ba..0000000 --- a/modules/hm/common/dev/editor/android-studio.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ pkgs, lib, config, ... }: - -let - cfg = config.modules.hm.dev.editor.android-studio; -in -{ - options.modules.hm.dev.editor.android-studio = { - enable = lib.mkEnableOption "Enable Android Studio development environment"; - }; - - config = lib.mkIf cfg.enable { - home.packages = (with pkgs; [ - android-studio - android-studio-tools - ]); - }; -} diff --git a/modules/hm/common/dev/editor/dbeaver.nix b/modules/hm/common/dev/editor/dbeaver.nix deleted file mode 100644 index ba96f26..0000000 --- a/modules/hm/common/dev/editor/dbeaver.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ pkgs, lib, config, ... }: - -let - cfg = config.modules.hm.dev.editor.dbeaver; -in -{ - options.modules.hm.dev.editor.dbeaver = { - enable = lib.mkEnableOption "Enable DBeaver database management tool"; - }; - - config = lib.mkIf cfg.enable { - home.packages = (with pkgs; [ - dbeaver-bin - ]); - }; -} diff --git a/modules/hm/common/dev/editor/jetbrains.nix b/modules/hm/common/dev/editor/jetbrains.nix deleted file mode 100644 index cee4d15..0000000 --- a/modules/hm/common/dev/editor/jetbrains.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ pkgs, lib, config, ... }: - -let - cfg = config.modules.hm.dev.editor.jetbrains; -in -{ - options.modules.hm.dev.editor.jetbrains = { - enable = lib.mkEnableOption "Enable JetBrains IDEs for development"; - - ides = lib.mkOption { - type = lib.types.listOf (lib.types.enum [ "webstorm" "rider" "phpstorm" "datagrip" ]); - default = ["webstorm" "rider" "phpstorm" "datagrip"]; - description = "List of JetBrains IDEs to install (e.g., webstorm, rider, phpstorm, datagrip)"; - }; - }; - - config = lib.mkIf cfg.enable { - home.packages = lib.optionals (cfg.ides != []) - (lib.concatMap (ide: - let - idePackage = builtins.getAttr ide pkgs.jetbrains; - in - [ idePackage ] - ) (lib.unique cfg.ides)); - }; -} diff --git a/modules/hm/common/dev/editor/vs-code.nix b/modules/hm/common/dev/editor/vs-code.nix deleted file mode 100644 index 5f2c2e0..0000000 --- a/modules/hm/common/dev/editor/vs-code.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ config, lib, pkgs, vars, ... }: - -let - cfg = config.modules.hm.dev.editor.vs-code; -in -{ - # Add options for vs-code - options.modules.hm.dev.editor.vs-code = { - enable = lib.mkEnableOption "Enable Visual Studio Code for development"; - }; - - # VS Code configuration, conditional on vs-code.enable - config = lib.mkIf cfg.enable { - programs.vscode = { - enable = true; - }; - }; -} \ No newline at end of file diff --git a/modules/hm/common/dev/global-tools/act-github.nix b/modules/hm/common/dev/global-tools/act-github.nix deleted file mode 100644 index 61f8c56..0000000 --- a/modules/hm/common/dev/global-tools/act-github.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ pkgs, lib, config, ... }: - -let - cfg = config.modules.hm.dev.global-tools.act-github; -in -{ - options.modules.hm.dev.global-tools.act-github = { - enable = lib.mkEnableOption "Enable act for running GitHub Actions locally"; - }; - - config = lib.mkIf cfg.enable { - home.packages = (with pkgs; [ - act - ]); - }; -} diff --git a/modules/hm/common/dev/global-tools/cli.nix b/modules/hm/common/dev/global-tools/cli.nix deleted file mode 100644 index ce51bd4..0000000 --- a/modules/hm/common/dev/global-tools/cli.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ pkgs, lib, config, ... }: - -let - cfg = config.modules.hm.dev.global-tools; - - # Map CLI tools to their packages - cliToPackage = with pkgs; { - vercel = nodePackages.vercel; - graphite = graphite-cli; - }; - - # Get packages for enabled CLI tools - cliPackages = lib.filter (pkg: pkg != null) - (map (tool: cliToPackage.${tool} or null) cfg.cli); - -in -{ - options.modules.hm.dev.global-tools = { - cli = lib.mkOption { - type = lib.types.listOf (lib.types.enum (lib.attrNames cliToPackage)); - default = []; - description = "List of CLI tools to install"; - }; - }; - - config = { - home.packages = lib.unique cliPackages; - }; -} \ No newline at end of file diff --git a/modules/hm/common/dev/global-tools/nix.nix b/modules/hm/common/dev/global-tools/nix.nix deleted file mode 100755 index c5bc2c8..0000000 --- a/modules/hm/common/dev/global-tools/nix.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ pkgs, lib, config, ... }: - -let - cfg = config.modules.hm.dev.global-tools.nix; -in -{ - options.modules.hm.dev.global-tools.nix = { - enable = lib.mkEnableOption "Enable Nix development environment"; - }; - - config = lib.mkIf cfg.enable { - # Install nix-related tools via home-manager - home.packages = (with pkgs; [ - nixfmt-rfc-style - nix-direnv - direnv - nix-output-monitor - nix-fast-build - openssl - ]); - - # Programs configuration should be inside the config block - programs.direnv = { - enable = true; - silent = true; - nix-direnv.enable = true; - enableZshIntegration = true; - }; - - programs.zsh = { - initExtra = lib.mkAfter '' - source ${pkgs.nix-index}/etc/profile.d/command-not-found.sh - ''; - }; - }; -} diff --git a/modules/hm/common/dev/node/node.nix b/modules/hm/common/dev/node/node.nix deleted file mode 100644 index d243733..0000000 --- a/modules/hm/common/dev/node/node.nix +++ /dev/null @@ -1,77 +0,0 @@ -{ pkgs, lib, config, ... }: - -let - cfg = config.modules.hm.dev.node; - - expandPath = path: if lib.hasPrefix "~/" path - then "${config.home.homeDirectory}/${lib.removePrefix "~/" path}" - else path; - npmGlobalPath = expandPath cfg.npmGlobalPrefix; - - # Function to get node + package manager for a given version - nodeWithPackageManager = version: let - nodeAttr = "nodejs_${version}"; - - # Validate that the Node.js version exists - nodePkg = if builtins.hasAttr nodeAttr pkgs - then pkgs.${nodeAttr} - else throw "Node.js version ${version} not available in nixpkgs"; - - managerPkg = { - pnpm = pkgs.pnpm; - yarn = pkgs.yarn; - npm = null; # npm ships with node, no extra package - }.${cfg.packageManager}; - in lib.filter (x: x != null) [ nodePkg managerPkg ]; - - allNodePackages = lib.flatten (map nodeWithPackageManager cfg.versions) ++ (map (pkgName: pkgs.${pkgName}) cfg.extraPackages); -in -{ - options.modules.hm.dev.node = { - enable = lib.mkEnableOption "Enable Node.js development environment"; - packageManager = lib.mkOption { - type = lib.types.enum [ "pnpm" "yarn" "npm" ]; - default = "pnpm"; - description = "Package manager to use for Node.js development"; - }; - versions = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ "20" ]; - description = "List of Node.js versions to install (e.g. ["18" "20"])"; - }; - - extraPackages = lib.mkOption { - type = lib.types.listOf lib.types.package; - default = []; - description = "Additional node packages to install; need to specify nodePackages.{name of package}"; - }; - - allowGlobalInstalls = lib.mkOption { - type = lib.types.bool; - default = true; - description = "Whether to allow global package installations via npm/yarn/pnpm"; - }; - - npmGlobalPrefix = lib.mkOption { - type = lib.types.str; - default = "~/.npm-global"; - description = "Directory for npm global installations"; - }; - }; - - config = lib.mkIf cfg.enable { - home.packages = allNodePackages; - - home.activation = lib.mkIf cfg.allowGlobalInstalls { - createNpmGlobalDir = lib.hm.dag.entryAfter ["writeBoundary"] '' - mkdir -p "${npmGlobalPath}/bin" - ''; - }; - - home.shellAliases = lib.mkIf cfg.allowGlobalInstalls { - npm-g = "npm install --global"; - pnpm-g = "pnpm add --global"; - yarn-g = "yarn global add"; - }; - }; -} diff --git a/modules/hm/common/dev/node/pm2.nix b/modules/hm/common/dev/node/pm2.nix deleted file mode 100644 index 3f8de7e..0000000 --- a/modules/hm/common/dev/node/pm2.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ pkgs, lib, config, ... }: - -let - cfg = config.modules.hm.dev.node.pm2; -in -{ - options.modules.hm.dev.node.pm2 = { - enable = lib.mkEnableOption "Enable PM2 process manager for Node.js applications"; - }; - - config = lib.mkIf cfg.enable { - home.packages = (with pkgs; [ - pm2 - ]); - }; -} diff --git a/modules/hm/common/dev/node/prisma.nix b/modules/hm/common/dev/node/prisma.nix deleted file mode 100644 index 5844966..0000000 --- a/modules/hm/common/dev/node/prisma.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ pkgs, lib, config, ... }: - -let - cfg = config.modules.hm.dev.node.prisma; -in -{ - options.modules.hm.dev.node.prisma = { - enable = lib.mkEnableOption "Enable Prisma ORM for Node.js applications"; - }; - - config = lib.mkIf cfg.enable { - # Install shell tools via home-manager - home.packages = (with pkgs; [ - prisma - ]); - - home.sessionVariables = { - PRISMA_SCHEMA_ENGINE_BINARY = "${pkgs.prisma-engines}/bin/schema-engine"; - PRISMA_QUERY_ENGINE_BINARY = "${pkgs.prisma-engines}/bin/query-engine"; - PRISMA_QUERY_ENGINE_LIBRARY = "${pkgs.prisma-engines}/lib/libquery_engine.node"; - PRISMA_FMT_BINARY = "${pkgs.prisma-engines}/bin/prisma-fmt"; - PRISMA_ENGINES_CHECKSUM_IGNORE_MISSING = 1; - }; - }; -} diff --git a/modules/hm/common/dev/python.nix b/modules/hm/common/dev/python.nix deleted file mode 100644 index 92ad47e..0000000 --- a/modules/hm/common/dev/python.nix +++ /dev/null @@ -1,97 +0,0 @@ -{ pkgs, lib, config, ... }: - -let - # Shorthand for accessing module config - cfg = config.modules.hm.dev.python; - - # Function to get the required Python version with pipx, pip, and extra packages - pythonWithPipx = version: let - pythonAttr = "python${version}"; - pythonPkg = pkgs.${pythonAttr}; - pythonPkgsAttr = "${pythonAttr}Packages"; - pythonPkgs = pkgs.${pythonPkgsAttr}; - - # Map extra package names to actual derivations - extraPkgsMapped = map (pkg: pythonPkgs.${pkg}) cfg.extraPackages; - in - # Special case for Python 3.12 when using hydenix.hm - # hydenix.hm already provides the Python 3.12 interpreter, - # so only pipx and pip (plus extras) are needed here. - if version == "312" && config.hydenix.hm.enable then - [ pythonPkgs.pipx pythonPkgs.pip ] ++ extraPkgsMapped - else - [ pythonPkg pythonPkgs.pipx pythonPkgs.pip ] ++ extraPkgsMapped; - - # Flattened list of all selected Python versions with extras - allPythonPackages = lib.flatten (map pythonWithPipx cfg.versions); - -in { - options.modules.hm.dev.python = { - # Main toggle - enable = lib.mkEnableOption "Enable Python development environment"; - - # List of Python versions to install - versions = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ "312" ]; - description = "Python versions to install"; - }; - - # Default Python version for shell and aliases - defaultVersion = lib.mkOption { - type = lib.types.str; - default = builtins.head cfg.versions; - description = "Default Python version for the shell"; - }; - - # Python packages (from pythonXXXPackages) to include - extraPackages = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = ''Extra Python packages (e.g., ["requests" "httpx"])''; - }; - - # Optional package toggles - poetry.enable = lib.mkEnableOption "Install Poetry"; - pdm.enable = lib.mkEnableOption "Install PDM"; - tools.enable = lib.mkEnableOption "Install dev tools (pytest, black, flake8)"; - }; - - # Actual config if module is enabled - config = lib.mkIf cfg.enable { - # Install core packages and optional tools - home = { - packages = - allPythonPackages - ++ lib.optional cfg.poetry.enable pkgs.poetry - ++ lib.optional cfg.pdm.enable pkgs.pdm - ++ lib.optionals cfg.tools.enable [ - pkgs."python${cfg.defaultVersion}Packages".black - pkgs."python${cfg.defaultVersion}Packages".flake8 - pkgs."python${cfg.defaultVersion}Packages".pytest - ]; - - # Files to write to the home directory - file = lib.mkMerge ( - [ - { - ".config/profile.d/python-aliases.sh".text = '' - export PATH=${pkgs."python${cfg.defaultVersion}"}/bin:$PATH - alias py="python" - alias pipx="pipx" - alias pip="pip" - alias pyclean="find . -type f -name '*.py[co]' -delete" - alias pytest="python -m pytest" - ''; - } - ] - ); - # Shell aliases - shellAliases = { - py = "python"; - pyclean = "find . -type f -name '*.py[co]' -delete"; - pytest = "python -m pytest"; - }; - }; - }; -} diff --git a/modules/hm/common/dev/rust.nix b/modules/hm/common/dev/rust.nix deleted file mode 100644 index a39a730..0000000 --- a/modules/hm/common/dev/rust.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ pkgs, lib, config, ... }: - -let - cfg = config.modules.hm.dev.rust; - - rustDefaultPackages = with pkgs; [rustc cargo rust-analyzer clippy rustfmt]; - - rustPackages = rustDefaultPackages - ++ (map (pkgName: pkgs.${pkgName} or (abort "Unknown Rust pkg: ${pkgName}")) - cfg.extraPackages); - -in -{ - options.modules.hm.dev.rust = { - enable = lib.mkEnableOption "Enable Rust development environment"; - extraPackages = lib.mkOption { - type = lib.types.listOf lib.types.package; - default = []; - description = "Additional rust packages to install; need to specify {name of package}"; - }; - }; - - config = lib.mkIf cfg.enable { - home.packages = rustPackages; - }; -} diff --git a/modules/hm/common/emulator/default.nix b/modules/hm/common/emulator/default.nix deleted file mode 100644 index 1b4e41f..0000000 --- a/modules/hm/common/emulator/default.nix +++ /dev/null @@ -1,82 +0,0 @@ -{ pkgs, lib, config, ... }: - -let - cfg = config.modules.hm.emulator; - - # Map emulators to their packages - emulatorToPackage = with pkgs; { - playonlinux = [ playonlinux ]; - bottles = [ bottles ]; - dosbox = [ dosbox ]; - }; - - # Wine packages based on version - winePackages = with pkgs; { - stable = wine; - wayland = wineWayland; - fonts = wine; - }; - - # Proton packages - protonPackages = with pkgs; [ - protonup-qt - protontricks - ]; - - # Get packages for enabled emulators - baseEmulatorPackages = lib.concatMap (emulator: emulatorToPackage.${emulator} or []) cfg.emulators; - - # Additional packages based on configuration - additionalPackages = with pkgs; [] - ++ lib.optionals cfg.wine.enable [ (winePackages.${cfg.wine.version} or pkgs.wine) winetricks ] - ++ lib.optionals cfg.proton.enable protonPackages; - -in { - options.modules.hm.emulator = { - emulators = lib.mkOption { - type = lib.types.listOf (lib.types.enum ["playonlinux" "proton" "wine" "bottles" "dosbox"]); - default = []; - description = "List of emulators to enable"; - }; - - wine = { - enable = lib.mkOption { - type = lib.types.bool; - default = lib.elem "wine" cfg.emulators; - defaultText = "true if 'wine' is in emulators list"; - description = "Enable Wine Windows compatibility layer"; - }; - - version = lib.mkOption { - type = lib.types.enum ["stable" "wayland" "fonts"]; - default = "stable"; - description = "Wine version to install"; - }; - - prefix = lib.mkOption { - type = lib.types.str; - default = "${config.home.homeDirectory}/.wine"; - description = "Custom WINEPREFIX value"; - }; - }; - - proton = { - enable = lib.mkOption { - type = lib.types.bool; - default = lib.elem "proton" cfg.emulators; - defaultText = "true if 'proton' is in emulators list"; - description = "Enable Proton (Steam Play)"; - }; - }; - }; - - config = { - home.packages = lib.unique (baseEmulatorPackages ++ additionalPackages); - - # Environment variables for Wine/Proton - home.sessionVariables = lib.mkIf (cfg.wine.enable || cfg.proton.enable) { - WINEPREFIX = cfg.wine.prefix; - WINEARCH = "win64"; - }; - }; -} \ No newline at end of file diff --git a/modules/hm/common/extra/ignore-file-retriever.nix b/modules/hm/common/extra/ignore-file-retriever.nix deleted file mode 100644 index eec0e09..0000000 --- a/modules/hm/common/extra/ignore-file-retriever.nix +++ /dev/null @@ -1,157 +0,0 @@ -{ pkgs, lib, config, ... }: - -let - cfg = config.modules.hm.extra.ignore-file-retriever; - - expandPath = path: let - normalized = lib.removeSuffix "/" path; - in if lib.hasPrefix "~/" normalized then - config.home.homeDirectory + (lib.removePrefix "~/" normalized) - else - normalized; - - templatePath = expandPath cfg.templatePath; - outputPath = expandPath cfg.outputPath; - - ignoreFileRetrieverScript = pkgs.writeShellScriptBin "ignore-file-retriever" '' - #!/usr/bin/env bash - set -euo pipefail - - TEMPLATE_FILE="''${TEMPLATE_FILE:-${templatePath}}" - OUTPUT_FILE="''${OUTPUT_FILE:-${outputPath}}" - WORKING_DIR="''${WORKING_DIR:-.}" - - # Verify template exists - if [ ! -f "$TEMPLATE_FILE" ]; then - echo "Error: Template file not found at $TEMPLATE_FILE" >&2 - exit 1 - fi - - # Create output directory if needed - mkdir -p "$(dirname "$OUTPUT_FILE")" - - # Initialize output file with template if it doesn't exist - if [ ! -f "$OUTPUT_FILE" ]; then - cp "$TEMPLATE_FILE" "$OUTPUT_FILE" - echo "Created $OUTPUT_FILE from template" - fi - - # Create temporary file - TMP_FILE="$(mktemp)" - - # Process all .gitignore files recursively - find "$WORKING_DIR" -name ".gitignore" | while read -r gitignore; do - echo "Processing $gitignore" - - # Get relative path from working directory - rel_path="$(realpath --relative-to="$WORKING_DIR" "$(dirname "$gitignore")")" - - # Special case for root directory - if [ "$rel_path" = "." ]; then - rel_path="" - else - rel_path="$rel_path/" - fi - - # Process each pattern - while IFS= read -r pattern; do - # Skip comments and empty lines - [[ "$pattern" =~ ^#|^$ ]] && continue - - # Handle absolute paths - if [[ "$pattern" =~ ^/ ]]; then - echo "$pattern" >> "$TMP_FILE" - continue - fi - - # Handle directory patterns - if [[ "$pattern" =~ /$ ]]; then - echo "''${rel_path}''${pattern}" >> "$TMP_FILE" - else - # Handle normal patterns with proper directory prefix - if [[ "$pattern" =~ / ]]; then - # Pattern contains subdirectories - echo "''${rel_path}''${pattern}" >> "$TMP_FILE" - else - # Simple pattern applies to all levels - echo "**/''${pattern}" >> "$TMP_FILE" - fi - fi - done < "$gitignore" - done - - # Re-assemble final file: template + generated patterns - cat "$TEMPLATE_FILE" > "$OUTPUT_FILE" - cat "$TMP_FILE" >> "$OUTPUT_FILE" - rm "$TMP_FILE" - echo "Updated $OUTPUT_FILE with patterns from .gitignore files" - ''; -in -{ - options.modules.hm.extra.ignore-file-retriever = { - enable = lib.mkEnableOption "Enable ignore file retriever script to create .stignore from .gitignore patterns"; - - templatePath = lib.mkOption { - type = lib.types.str; - default = "~/Templates/gitignore/.stignore.template"; - description = "Path to the template .stignore file"; - }; - - outputPath = lib.mkOption { - type = lib.types.str; - default = "~/Templates/gitignore/.stignore"; - description = "Path to the output .stignore file"; - }; - - watchMode = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Whether to watch for .gitignore changes and auto-update"; - }; - - watchPaths = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "Additional paths to watch for .gitignore changes"; - }; - }; - - config = lib.mkIf cfg.enable { - home.packages = [ - ignoreFileRetrieverScript - pkgs.inotify-tools - ]; - - home.file."${templatePath}".text = lib.mkIf (!lib.pathExists (expandPath cfg.templatePath)) '' - # Syncthing ignore patterns - # Generated from .gitignore files - # (?!).* - # - # This file is automatically generated. Manual changes may be overwritten. - # Add permanent custom patterns to the template file instead. - ''; - - systemd.user.services.ignore-file-watcher = lib.mkIf cfg.watchMode { - Unit = { - Description = "Watch for .gitignore changes and update .stignore"; - After = [ "network.target" ]; - }; - Service = { - ExecStart = let - watchDirs = lib.concatStringsSep " " ( - ["%h"] ++ map expandPath cfg.watchPaths - ); - in - "${pkgs.inotify-tools}/bin/inotifywait -m -r -e modify,move,create,delete \ - --format '%w%f' ${watchDirs} | \ - grep '\.gitignore$' | \ - while read -r path; do \ - WORKING_DIR=\"$(dirname \"$path\")\" ignore-file-retriever; \ - done"; - Restart = "always"; - RestartSec = "5s"; - }; - Install.WantedBy = [ "default.target" ]; - }; - }; -} \ No newline at end of file diff --git a/modules/hm/common/multimedia/gimp.nix b/modules/hm/common/multimedia/gimp.nix deleted file mode 100644 index 95a92e0..0000000 --- a/modules/hm/common/multimedia/gimp.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ pkgs, lib, config, ... }: - -let - cfg = config.modules.hm.multimedia.gimp; -in -{ - options.modules.hm.multimedia.gimp = { - enable = lib.mkEnableOption "Enable GIMP image editor"; - }; - - config = lib.mkIf cfg.enable { - home.packages = (with pkgs; [ - gimp - ]); - }; -} diff --git a/modules/hm/common/multimedia/mpv.nix b/modules/hm/common/multimedia/mpv.nix deleted file mode 100644 index 0dc8479..0000000 --- a/modules/hm/common/multimedia/mpv.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ pkgs, lib, config, ... }: - -let - cfg = config.modules.hm.multimedia.mpv; -in -{ - options.modules.hm.multimedia.mpv = { - enable = lib.mkEnableOption "Enable mpv media player with custom scripts"; - }; - - config = lib.mkIf cfg.enable { - # Configure mpv media player - programs.mpv = { - - # Enable mpv - enable = true; - - # Install custom scripts - scripts = with pkgs; [ - mpvScripts.uosc - ]; - - # Script configuration - scriptOpts."uosc" = { - - # Style of timeline - "timeline_style" = "bar"; - - # Volume to step when scrolling - "volume_step" = 5; - }; - }; - }; -} diff --git a/modules/hm/common/multimedia/obs.nix b/modules/hm/common/multimedia/obs.nix deleted file mode 100755 index d972804..0000000 --- a/modules/hm/common/multimedia/obs.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ pkgs, config, lib, ... }: - -let - cfg = config.modules.hm.multimedia.obs; -in -{ - options.modules.hm.multimedia.obs = { - enable = lib.mkEnableOption "Enable OBS Studio for video recording and streaming"; - }; - - config = lib.mkIf cfg.enable { - home.packages = (with pkgs; [ - v4l-utils - ]); - - programs.obs-studio = { - enable = true; - plugins = with pkgs.obs-studio-plugins; [ - wlrobs - looking-glass-obs - obs-pipewire-audio-capture - ]; - }; - }; -} diff --git a/modules/hm/common/multimedia/openshot-qt.nix b/modules/hm/common/multimedia/openshot-qt.nix deleted file mode 100644 index 695d98b..0000000 --- a/modules/hm/common/multimedia/openshot-qt.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ pkgs, lib, config, ... }: - -let - cfg = config.modules.hm.multimedia.openshot-qt; -in -{ - options.modules.hm.multimedia.openshot-qt = { - enable = lib.mkEnableOption "Enable OpenShot video editor"; - }; - - config = lib.mkIf cfg.enable { - home.packages = (with pkgs; [ - openshot-qt - ]); - }; -} diff --git a/modules/hm/common/multimedia/parsec.nix b/modules/hm/common/multimedia/parsec.nix deleted file mode 100644 index b9234ba..0000000 --- a/modules/hm/common/multimedia/parsec.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ pkgs, lib, config, ... }: - -let - cfg = config.modules.hm.multimedia.parsec; -in -{ - options.modules.hm.multimedia.parsec = { - enable = lib.mkEnableOption "Enable Parsec for remote desktop access"; - }; - - config = lib.mkIf cfg.enable { - home.packages = (with pkgs; [ - parsec-bin - ]); - }; -} diff --git a/modules/hm/common/multimedia/stremio.nix b/modules/hm/common/multimedia/stremio.nix deleted file mode 100644 index 092328a..0000000 --- a/modules/hm/common/multimedia/stremio.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ pkgs, lib, config, ... }: - -let - cfg = config.modules.hm.multimedia.stremio; -in -{ - options.modules.hm.multimedia.stremio = { - enable = lib.mkEnableOption "Enable Stremio media center"; - }; - - config = lib.mkIf cfg.enable { - home.packages = (with pkgs; [ - stremio - ]); - }; -} diff --git a/modules/hm/common/shell/btop.nix b/modules/hm/common/shell/btop.nix deleted file mode 100644 index 5298165..0000000 --- a/modules/hm/common/shell/btop.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ pkgs, lib, config, ... }: - -let - cfg = config.modules.hm.shell.btop; -in -{ - options.modules.hm.shell.btop = { - enable = lib.mkEnableOption "Enable btop system monitor"; - }; - - config = lib.mkIf cfg.enable { - # Configure btop - programs.btop = { - - # Enable btop - enable = true; - - # Configuration for btop - settings = { - - # Use default terminal background - theme_background = false; - - # Use vim keys - vim_keys = true; - - # Organise processes as a tree by default - proc_tree = true; - }; - }; - }; -} diff --git a/modules/hm/common/shell/fzf.nix b/modules/hm/common/shell/fzf.nix deleted file mode 100644 index 35e1f31..0000000 --- a/modules/hm/common/shell/fzf.nix +++ /dev/null @@ -1,14 +0,0 @@ -{ pkgs, lib, config, ... }: - -let - cfg = config.modules.hm.shell.fzf; -in -{ - options.modules.hm.shell.fzf = { - enable = lib.mkEnableOption "Enable FZF (fuzzy finder)"; - }; - - config.home.packages = (with pkgs; [ - fzf - ]); -} diff --git a/modules/hm/common/shell/navi.nix b/modules/hm/common/shell/navi.nix deleted file mode 100644 index 4e2ea17..0000000 --- a/modules/hm/common/shell/navi.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ pkgs, lib, config, ... }: - -let - cfg = config.modules.hm.shell.navi; -in -{ - options.modules.hm.shell.navi = { - enable = lib.mkEnableOption "Enable Navi (CLI cheat sheet tool)"; - }; - - config = lib.mkIf cfg.enable { - # Configure navi - programs.navi = { - # Enable navi - enable = true; - }; - }; -} diff --git a/modules/hm/common/shell/ranger.nix b/modules/hm/common/shell/ranger.nix deleted file mode 100644 index 83e988c..0000000 --- a/modules/hm/common/shell/ranger.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ pkgs, lib, config, ... }: - -let - cfg = config.modules.hm.shell.ranger; -in -{ - options.modules.hm.shell.ranger = { - enable = lib.mkEnableOption "Enable Ranger (file manager)"; - }; - - config = lib.mkIf cfg.enable { - home.packages = (with pkgs; [ - ranger - ]); - }; -} diff --git a/modules/hm/common/shell/starship.nix b/modules/hm/common/shell/starship.nix deleted file mode 100644 index 3238df9..0000000 --- a/modules/hm/common/shell/starship.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - pkgs, - lib, - config, - vars, - ... -}: -let - cfg = config.modules.hm.shell.starship; -in -{ - options.modules.hm.shell.starship = { - enable = lib.mkEnableOption "Enable Starship (cross-shell prompt)"; - }; - - config = lib.mkIf cfg.enable { - - # Install starship if desired - # Configure starship prompt for various shells - programs.starship = { - # Enable starship - enable = true; - }; - }; -} diff --git a/modules/system/common/backup/syncthing.nix b/modules/system/common/backup/syncthing.nix deleted file mode 100644 index 6772a43..0000000 --- a/modules/system/common/backup/syncthing.nix +++ /dev/null @@ -1,56 +0,0 @@ -{ - pkgs, - config, - lib, - vars, - ... -}: - -let - cfg = config.modules.system.backup.syncthing; -in -{ - options.modules.system.backup.syncthing = { - enable = lib.mkEnableOption "Enable Syncthing for file synchronization"; - - port = lib.mkOption { - type = lib.types.port; - default = 8384; - description = "Port for syncthing GUI"; - }; - - dirSync = lib.mkOption { - type = lib.types.str; - default = "/"; - description = "Directory containing sync principal"; - }; - - subDir = lib.mkOption { - type = lib.types.str; - default = ""; - description = "Directory containing sync sub"; - }; - }; - - config = lib.mkIf cfg.enable { - services.syncthing = { - enable = true; - guiAddress = "127.0.0.1:${toString cfg.port}"; - user = vars.user; - dataDir = lib.cleanSource "${cfg.dirSync}/${cfg.subDir}"; # default location for new folders - configDir = "${cfg.dirSync}/.config/syncthing"; - openDefaultPorts = true; - }; - - systemd.services.syncthing = { - description = "Syncthing service"; - wantedBy = [ "multi-user.target" ]; - after = [ "network.target" ]; - serviceConfig = { - Type = "notify"; - Restart = "on-failure"; - RestartSec = 5; - }; - }; - }; -} diff --git a/modules/system/common/dev/dev.nix b/modules/system/common/dev/dev.nix deleted file mode 100755 index f8a184d..0000000 --- a/modules/system/common/dev/dev.nix +++ /dev/null @@ -1,36 +0,0 @@ -{ - pkgs, - config, - lib, - ... -}: - -let - cfg = config.modules.system.dev.dev-global; -in -{ - options.modules.system.dev.dev-global = { - enable = lib.mkEnableOption "Enable global development tools and libraries"; - }; - - config = lib.mkIf cfg.enable { - - # Nix-ld - programs.nix-ld = { - enable = true; - libraries = with pkgs; [ - # Add common dynamic libraries that programs might need - stdenv.cc.cc - openssl - curl - glib - util-linux - glibc - icu - libunwind - libuuid - zlib - ]; - }; - }; -} diff --git a/modules/system/common/dev/flatpak.nix b/modules/system/common/dev/flatpak.nix deleted file mode 100644 index 55e4a2d..0000000 --- a/modules/system/common/dev/flatpak.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ - pkgs, - config, - lib, - ... -}: - -let - cfg = config.modules.system.dev.flatpak; -in -{ - options.modules.system.dev.flatpak = { - enable = lib.mkEnableOption "Enable Flatpak development environment"; - - flathubRepoUrls = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ "https://flathub.org/repo/flathub.flatpakrepo" ]; - description = "List of URLs of Flathub repositories to add for Flatpak applications."; - }; - - deployTool.enable = lib.mkEnableOption "Enable Flatpak deploy tool"; - }; - - config = lib.mkIf cfg.enable { - services.flatpak.enable = true; - systemd.services.flatpak-repo = { - wantedBy = [ "multi-user.target" ]; - path = [ pkgs.flatpak ]; - script = '' - ${lib.concatStringsSep "\n" (lib.imap0 (i: url: '' - flatpak remote-add --if-not-exists flathub-repo-${toString i} ${url} - '') cfg.flathubRepoUrls)} - ''; - }; - - environment.systemPackages = lib.mkIf cfg.deployTool.enable (with pkgs; [ - flatpak-builder - ]); - }; -} diff --git a/modules/system/common/dev/flutter.nix b/modules/system/common/dev/flutter.nix deleted file mode 100755 index 303782a..0000000 --- a/modules/system/common/dev/flutter.nix +++ /dev/null @@ -1,73 +0,0 @@ -{ pkgs, lib, config, vars, ... }: - -let - cfg = config.modules.system.dev.flutter; - - # Android SDK configuration - androidComposition = pkgs.androidenv.composeAndroidPackages { - buildToolsVersions = cfg.android.buildToolsVersions; - platformVersions = cfg.android.platformVersions; - abiVersions = cfg.android.abiVersions; - }; - androidSdk = androidComposition.androidsdk; -in -{ - options.modules.system.dev.flutter = { - enable = lib.mkEnableOption "Flutter development environment"; - - withAndroid = lib.mkEnableOption "Include Android SDK tooling"; - - jdkPackage = lib.mkOption { - type = lib.types.package; - default = pkgs.jdk17; - description = "Java Development Kit package to use for Flutter development"; - }; - - android = { - buildToolsVersions = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ "30.0.3" "28.0.3" ]; - description = "List of Android build tools versions to include."; - }; - - platformVersions = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ "31" "28" ]; - description = "List of Android platform versions to include."; - }; - - abiVersions = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ "armeabi-v7a" "arm64-v8a" ]; - description = "List of Android ABI versions to include."; - }; - }; - }; - - config = lib.mkIf cfg.enable { - - environment.systemPackages = - [ - pkgs.flutter - cfg.jdkPackage - ] - ++ lib.optional cfg.withAndroid androidSdk; - - # Environment variables - environment.variables = lib.mkMerge [ - { JAVA_HOME = "${cfg.jdkPackage}"; } - #{ STUDIO_JDK = "${cfg.jdkPackage}"; } - (lib.mkIf cfg.withAndroid { - ANDROID_HOME = "${androidSdk}/libexec/android-sdk"; - }) - ]; - - programs = lib.mkIf cfg.withAndroid { adb.enable = true; }; - - users.users.${vars.user} = { - extraGroups = [ - "adbusers" - ]; - }; - }; -} \ No newline at end of file diff --git a/modules/system/common/dev/php.nix b/modules/system/common/dev/php.nix deleted file mode 100644 index d13e7e6..0000000 --- a/modules/system/common/dev/php.nix +++ /dev/null @@ -1,66 +0,0 @@ -{ pkgs, lib, config, ... }: - -let - cfg = config.modules.system.dev.php; -in -{ - options.modules.system.dev.php = { - enable = lib.mkEnableOption "Enable PHP development environment"; - }; - - config = lib.mkIf cfg.enable { - environment.systemPackages = (with pkgs; [ - php83Extensions.xdebug - php83Extensions.sqlsrv - php83 - php83Packages.composer - ]); - - # Optionally, configure HTTPD with PHP support - services.httpd.phpPackage = pkgs.php.buildEnv { - extensions = ({ enabled, all }: enabled ++ (with all; [ - xdebug - sqlsrv - pdo_sqlsrv - ])); - extraConfig = '' - [PHP] - [Syslog] - define_syslog_variables=Off - [Session] - define_syslog_variables=Off - [Date] - date.timezone=Europe/Berlin - [MySQL] - mysql.allow_local_infile=On - mysql.allow_persistent=On - mysql.cache_size=2000 - mysql.max_persistent=-1 - mysql.max_link=-1 - mysql.default_port=3306 - mysql.default_socket="MySQL" - mysql.connect_timeout=3 - mysql.trace_mode=Off - [Sybase-CT] - sybct.allow_persistent=On - sybct.max_persistent=-1 - sybct.max_links=-1 - sybct.min_server_severity=10 - sybct.min_client_severity=10 - [MSSQL] - mssql.allow_persistent=On - mssql.max_persistent=-1 - mssql.max_links=-1 - mssql.min_error_severity=10 - mssql.min_message_severity=10 - mssql.compatibility_mode=Off - mssql.secure_connection=Off - zend_extension=xdebug - xdebug.mode=debug - xdebug.start_with_request=yes - extension=sqlsrv - extension=pdo_sqlsrv - ''; - }; - }; -} diff --git a/modules/system/common/games/games.nix b/modules/system/common/games/games.nix deleted file mode 100755 index 35a97a5..0000000 --- a/modules/system/common/games/games.nix +++ /dev/null @@ -1,103 +0,0 @@ -{ pkgs, config, lib, ... }: - -let - cfg = config.modules.system.games; - - # Map gaming clients to their packages - clientToPackage = with pkgs; { - steam = [ steam ]; - lutris = [ lutris ]; - heroic = [ heroic ]; - nexus = [ nexusmods-app-unfree ]; - }; - - # Get packages for enabled clients - clientPackages = lib.concatMap (client: clientToPackage.${client} or []) cfg.clients; - -in { - options.modules.system.games = { - clients = lib.mkOption { - type = lib.types.listOf (lib.types.enum (lib.attrNames clientToPackage)); - default = []; - description = '' - List of gaming clients to enable. Supported options are "steam", "lutris", - "heroic", and "nexus". This allows you to specify which gaming clients should be - configured in your NixOS setup. - ''; - }; - - steam.compatToolsPath = lib.mkOption { - type = lib.types.path; - default = "${builtins.getEnv "HOME"}/.steam/root/compatibilitytools.d"; - description = "Path for Steam compatibility tools"; - }; - - gamemode = { - enable = lib.mkEnableOption "Enable GameMode support"; - enableRenice = lib.mkOption { - type = lib.types.bool; - default = true; - description = "Enable renice support in GameMode"; - }; - notificationCommands = lib.mkOption { - type = lib.types.attrsOf lib.types.str; - default = { - start = "notify-send 'GameMode started'"; - end = "notify-send 'GameMode ended'"; - }; - description = "Custom notification commands for GameMode start and end events"; - }; - generalSettings = lib.mkOption { - type = lib.types.attrsOf (lib.types.oneOf [ lib.types.int lib.types.bool lib.types.str ]); - default = { - inhibit_screensaver = 1; - }; - description = "General GameMode settings"; - }; - gpuSettings = lib.mkOption { - type = lib.types.attrsOf lib.types.str; - default = { - apply_gpu_optimisations = "accept-responsibility"; - }; - description = "GPU-related GameMode settings"; - }; - }; - }; - - config = lib.mkMerge [ - { - environment.systemPackages = lib.unique clientPackages; - environment.sessionVariables = lib.mkIf (lib.elem "steam" cfg.clients) { - STEAM_EXTRA_COMPAT_TOOLS_PATHS = cfg.steam.compatToolsPath; - }; - } - - (lib.mkIf cfg.gamemode.enable { - programs.gamemode = { - enable = true; - enableRenice = cfg.gamemode.enableRenice; - settings = { - general = cfg.gamemode.generalSettings; - gpu = cfg.gamemode.gpuSettings; - custom = cfg.gamemode.notificationCommands; - }; - }; - }) - - (lib.mkIf (lib.elem "steam" cfg.clients) { - programs = { - gamescope = { - enable = true; - capSysNice = true; - }; - steam = { - enable = true; - remotePlay.openFirewall = true; - gamescopeSession.enable = true; - localNetworkGameTransfers.openFirewall = true; - dedicatedServer.openFirewall = true; - }; - }; - }) - ]; -} \ No newline at end of file diff --git a/modules/system/common/hardware/powersave.nix b/modules/system/common/hardware/powersave.nix deleted file mode 100644 index c49046b..0000000 --- a/modules/system/common/hardware/powersave.nix +++ /dev/null @@ -1,174 +0,0 @@ -{ config, lib, pkgs, vars, ... }: - -let - cfg = config.modules.system.hardware.powersave; -in { - options.modules.system.hardware.powersave = { - enable = lib.mkEnableOption "Enable power saving configuration"; - - architecture = lib.mkOption { - type = lib.types.enum [ "intel" "amd" ]; - default = "amd"; - description = "Select the architecture for power saving optimizations"; - }; - - batteryHealth = { - enable = lib.mkEnableOption "Enable battery health preservation features"; - chargeThresholds = { - start = lib.mkOption { - type = lib.types.int; - default = 75; - description = "Start charging when battery falls below this percentage"; - }; - stop = lib.mkOption { - type = lib.types.int; - default = 80; - description = "Stop charging when battery reaches this percentage"; - }; - }; - }; - - disk = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = []; - description = "List of disks for power management"; - }; - - managePowerProfiles = lib.mkOption { - type = lib.types.bool; - default = true; - description = '' - Enable basic power profile management through kernel parameters. - Note: For advanced control (fan curves, lighting, etc.) use asusctl instead. - ''; - }; - - asus = { - enable = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Enable ASUS hardware support for power management."; - }; - }; - }; - - config = lib.mkIf cfg.enable { - # Add required packages - environment.systemPackages = with pkgs; [ - powertop - acpi - ] ++ lib.optional (cfg.architecture == "amd") amdctl - ++ lib.optionals cfg.asus.enable [ asusctl supergfxctl ]; - - # Enable power management - powerManagement = { - enable = true; - cpuFreqGovernor = lib.mkDefault "powersave"; - powertop.enable = true; - }; - - # Enable TLP for advanced power management - services.tlp = { - enable = true; - settings = let - disks = lib.concatStringsSep " " cfg.disk; - diskSettings = lib.concatStringsSep " " (lib.genList (_: "128") (lib.length cfg.disk)); - in { - # CPU settings - CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; - CPU_ENERGY_PERF_POLICY_ON_BAT = "power"; - CPU_BOOST_ON_BAT = 0; - - # Architecture specific settings - CPU_HWP_ON_BAT = if cfg.architecture == "amd" then "power" else "balance_performance"; - PLATFORM_PROFILE_ON_BAT = "low-power"; - - # PCIe power management - PCIE_ASPM_ON_BAT = "powersupersave"; - - # WiFi power saving - WIFI_PWR_ON_BAT = "on"; - - # Audio power saving - SOUND_POWER_SAVE_ON_BAT = 1; - - # USB autosuspend - USB_AUTOSUSPEND = 1; - USB_BLACKLIST_BTUSB = 1; - - # Disk power management - DISK_DEVICES = disks; - DISK_APM_LEVEL_ON_BAT = diskSettings; - DISK_SPINDOWN_TIMEOUT_ON_BAT = diskSettings; - - # Runtime power management - RUNTIME_PM_ON_BAT = "auto"; - - # Explicitly set charge thresholds for all batteries - # Set charge thresholds for primary battery (BAT0) - START_CHARGE_THRESH_BAT0 = lib.optionalString cfg.batteryHealth.enable - cfg.batteryHealth.chargeThresholds.start; - STOP_CHARGE_THRESH_BAT0 = lib.optionalString cfg.batteryHealth.enable - cfg.batteryHealth.chargeThresholds.stop; - - # Set charge thresholds for secondary battery (BAT1) if present - START_CHARGE_THRESH_BAT1 = lib.optionalString cfg.batteryHealth.enable - cfg.batteryHealth.chargeThresholds.start; - STOP_CHARGE_THRESH_BAT1 = lib.optionalString cfg.batteryHealth.enable - cfg.batteryHealth.chargeThresholds.stop; - - # Threshold persistence settings - # Ensures thresholds are maintained across power state changes - RESTORE_THRESHOLDS_ON_BAT = lib.optionalString cfg.batteryHealth.enable 1; # Restore when on battery - RESTORE_THRESHOLDS_ON_AC = lib.optionalString cfg.batteryHealth.enable 1; # Restore when on AC power - }; - }; - - # Enable auto-cpufreq for dynamic CPU frequency scaling - services.auto-cpufreq = { - enable = true; - settings = { - battery = { - governor = "powersave"; - turbo = "never"; - }; - charger = { - governor = if cfg.architecture == "amd" then "ondemand" else "performance"; - turbo = "auto"; - }; - }; - }; - - # Kernel parameters - boot.kernelParams = - (if cfg.managePowerProfiles then [ - "mem_sleep_default=deep" - "power_supply.wakeup=disabled" - "libata.force=noncq" - "pcie_aspm=force" - ] else []) ++ - (if cfg.architecture == "amd" then [ - "amd_pstate=active" - "amd_pstate.shared_mem=1" - ] else [ - "intel_idle.max_cstate=4" - "processor.max_cstate=5" - ]); - - # Services configuration - services = { - thermald.enable = lib.mkDefault (cfg.architecture == "intel"); - power-profiles-daemon.enable = lib.mkForce (!(cfg.batteryHealth.enable || cfg.managePowerProfiles)); - upower.enable = true; - - # ASUS control services - asusd = lib.mkIf cfg.asus.enable { - enable = true; - enableUserService = true; - }; - supergfxd = lib.mkIf cfg.asus.enable { - enable = true; - }; - }; - }; -} \ No newline at end of file diff --git a/modules/system/common/networks/print/print.nix b/modules/system/common/networks/print/print.nix deleted file mode 100644 index 482840c..0000000 --- a/modules/system/common/networks/print/print.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let - cfg = config.modules.system.networks.print; -in { - options.modules.system.networks.print = { - enable = mkEnableOption "Print services"; - cups.enable = mkOption { - type = types.bool; - default = true; - description = "Enable CUPS (Common Unix Printing System)"; - }; - drivers = mkOption { - type = types.listOf types.package; - default = [ pkgs.cnijfilter2 ]; - description = '' - List of printer drivers to use. Defaults to [ pkgs.cnijfilter2 ], which - is an unfree package for Canon printers. - ''; - }; - }; - - config = mkIf cfg.enable { - services.printing.enable = cfg.cups.enable; - services.printing.drivers = lib.mkIf cfg.cups.enable cfg.drivers; - }; -} \ No newline at end of file diff --git a/modules/system/common/virtualisation/containers.nix b/modules/system/common/virtualisation/containers.nix deleted file mode 100644 index 4fe9031..0000000 --- a/modules/system/common/virtualisation/containers.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - pkgs, - config, - lib, - vars, - ... -}: - -let - cfg = config.modules.system.virtualisation.containers; -in -{ - options.modules.system.virtualisation.containers = { - engines = lib.mkOption { - type = lib.types.listOf (lib.types.enum ["docker" "podman"]); - default = []; - description = "List of container engines to enable"; - }; - }; - config = lib.mkMerge [ - (lib.mkIf (lib.elem "docker" cfg.engines) { - users.groups.docker.members = [ "${vars.user}" ]; - - virtualisation.docker.enable = true; - - environment.systemPackages = [ pkgs.docker pkgs.docker-compose ]; - }) - (lib.mkIf (lib.elem "podman" cfg.engines) { - virtualisation.podman.enable = true; - - environment.systemPackages = [ pkgs.podman pkgs.podman-compose ]; - }) - ]; -} diff --git a/modules/system/hosts/fern/plex.nix b/modules/system/hosts/fern/plex.nix deleted file mode 100755 index 4b7ea90..0000000 --- a/modules/system/hosts/fern/plex.nix +++ /dev/null @@ -1,84 +0,0 @@ -{ - pkgs, - config, - lib, - ... -}: - -# TODO: proxy, requires passwords -# TODO: sonarr search, requires passwords -# TODO: qbitorrent web instance, requires passwords - -let - cfg = config.modules.system.fern.plex; -in -{ - options.modules.system.fern.plex = { - enable = lib.mkEnableOption "plex"; - }; - - config = lib.mkIf cfg.enable { - services.plex = { - enable = true; - openFirewall = true; - user = "plex"; - group = "plex"; - dataDir = "/var/lib/plex"; - accelerationDevices = [ - "*" - ]; - }; - - fileSystems."/data/plex" = { - device = "/dev/disk/by-id/764A73A84A736431"; - fsType = "ntfs"; - options = [ - "rw" - "uid=plex" - "gid=plex" - "permissions" - "acl" - "dmask=0002" - "fmask=0002" - "nofail" - ]; - }; - - users.groups.plex = { - name = "plex"; - members = [ "richen" ]; - }; - users.users.plex = { - group = "plex"; - home = "/var/lib/plex"; - createHome = true; - isSystemUser = true; - }; - - systemd.tmpfiles.rules = [ - "d /var/lib/plex 0775 plex plex" - "Z /var/lib/plex - plex plex" - "d /data/plex 0775 plex plex" - "Z /data/plex - plex plex" - ]; - - # Add qBittorrent service configuration - systemd.services.qbittorrent = { - description = "qBittorrent"; - after = [ "network.target" ]; - wantedBy = [ "multi-user.target" ]; - - serviceConfig = { - Type = "simple"; - User = "richen"; - Group = "plex"; - ExecStart = "${pkgs.qbittorrent-enhanced-nox}/bin/qbittorrent-nox"; - Restart = "on-failure"; - }; - }; - - environment.systemPackages = with pkgs; [ - plex-desktop - ]; - }; -} diff --git a/modules/system/hosts/fern/sunshine.nix b/modules/system/hosts/fern/sunshine.nix deleted file mode 100755 index 701bc6e..0000000 --- a/modules/system/hosts/fern/sunshine.nix +++ /dev/null @@ -1,137 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -let - cfg = config.modules.system.fern.sunshine; -in -{ - options.modules.system.fern.sunshine = { - enable = lib.mkEnableOption "Sunshine streaming server"; - - allowedNetworks = lib.mkOption { - type = lib.types.listOf lib.types.str; - default = [ - "192.168.0.0/16" - "10.0.0.0/8" - ]; - description = "Networks allowed to connect to Sunshine"; - }; - }; - - config = lib.mkIf cfg.enable { - # Install sunshine and required X11 packages - environment.systemPackages = with pkgs; [ - sunshine - ]; - - services.sunshine = { - enable = true; - autoStart = true; - capSysAdmin = true; - openFirewall = true; - settings = { - # key_rightalt_to_key_win = "enabled"; - adapter_name = "/dev/dri/renderD128"; - }; - applications = { - env = { - PATH = "$(PATH):$(HOME)/.local/bin"; - }; - apps = [ - { - name = "Programming Mode (Note 11 2400*1080)"; - prep-cmd = [ - { - do = "${pkgs.writeShellScript "stream-mode" '' - sed -i 's/\$mainMod = Super/\$mainMod = ALT_R/' ~/.config/hypr/keybindings.conf - ${pkgs.hyprland}/bin/hyprctl keyword input:kb_layout "us" - ${pkgs.hyprland}/bin/hyprctl keyword monitor DP-4,disable - ${pkgs.hyprland}/bin/hyprctl keyword monitor DP-6,disable - ${pkgs.hyprland}/bin/hyprctl keyword monitor DP-5,addreserved,0,0,0,0 - ${pkgs.hyprland}/bin/hyprctl keyword monitor DP-5,2320x1080@60,0x0,2 - ${pkgs.hyprland}/bin/hyprctl keyword misc:cursor_zoom_factor 2 - ${pkgs.hyprland}/bin/hyprctl keyword misc:no_direct_scanout 1 - ''}"; - undo = "${pkgs.writeShellScript "regular-mode" '' - sed -i 's/\$mainMod = ALT_R/\$mainMod = Super/' ~/.config/hypr/keybindings.conf - Hyde reload - ${pkgs.hyprland}/bin/hyprctl reload - ''}"; - } - ]; - auto-detach = "true"; - output = "DP-5"; - } - { - name = "Mobile Stream (1080p)"; - prep-cmd = [ - { - do = "${pkgs.writeShellScript "stream-mode" '' - ${pkgs.hyprland}/bin/hyprctl keyword monitor DP-4,disable - ${pkgs.hyprland}/bin/hyprctl keyword monitor DP-6,disable - sleep 1 - ${pkgs.hyprland}/bin/hyprctl keyword monitor DP-5,2560x1440@144,0x0,1.6 - ${pkgs.hyprland}/bin/hyprctl keyword misc:cursor_zoom_factor 1.6 - ''}"; - undo = "${pkgs.writeShellScript "regular-mode" '' - - ${pkgs.hyprland}/bin/hyprctl reload - ''}"; - } - ]; - auto-detach = "true"; - output = "DP-5"; - } - { - name = "Mobile Stream (Performance)"; - prep-cmd = [ - { - do = "${pkgs.writeShellScript "stream-mode" '' - ${pkgs.hyprland}/bin/hyprctl keyword monitor DP-4,disable - ${pkgs.hyprland}/bin/hyprctl keyword monitor DP-6,disable - sleep 1 - ${pkgs.hyprland}/bin/hyprctl keyword monitor DP-5,1920x1080@144,0x0,1.25 - ${pkgs.hyprland}/bin/hyprctl keyword misc:cursor_zoom_factor 1.25 - ''}"; - undo = "${pkgs.writeShellScript "regular-mode" '' - ${pkgs.hyprland}/bin/hyprctl reload - ''}"; - } - ]; - auto-detach = "true"; - output = "DP-5"; - } - ]; - }; - }; - - users.groups.keyd = { - members = [ "richen" ]; - }; - # Additional groups for Wayland/KMS access - users.users.richen.extraGroups = [ - "video" - "input" - "render" - "kvm" - "uinput" - ]; - - # Add uinput configuration - boot.kernelModules = [ "uinput" ]; - services.udev.extraRules = '' - KERNEL=="uinput", SUBSYSTEM=="misc", MODE="0660", GROUP="input" - ''; - - # Firewall rules - networking.firewall = { - extraCommands = lib.concatMapStrings (net: '' - iptables -A INPUT -p tcp -s ${net} -j ACCEPT - iptables -A INPUT -p udp -s ${net} -j ACCEPT - '') cfg.allowedNetworks; - }; - }; -} diff --git a/modules/system/hosts/fern/vfio/default.nix b/modules/system/hosts/fern/vfio/default.nix deleted file mode 100755 index 7c0f601..0000000 --- a/modules/system/hosts/fern/vfio/default.nix +++ /dev/null @@ -1,337 +0,0 @@ -{ - config, - pkgs, - lib, - ... -}: - -# TODO: make this module more generic, extendable, move to common -let - cfg = config.modules.system.fern.vfio; - - prime-run = pkgs.writeShellScriptBin "prime-run" '' - export __NV_PRIME_RENDER_OFFLOAD=1 - export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0 - export __GLX_VENDOR_LIBRARY_NAME=nvidia - export __VK_LAYER_NV_optimus=NVIDIA_only - export DRI_PRIME=1 - export GBM_BACKEND=nvidia-drm - export __GLX_PRIME_RENDER_OFFLOAD=1 - export LIBVA_DRIVER_NAME=nvidia - export WLR_NO_HARDWARE_CURSORS=1 - exec "$@" - ''; -in -{ - options.modules.system.fern.vfio = { - enable = lib.mkOption { - type = lib.types.bool; - default = false; - description = "Enable VFIO configuration"; - }; - }; - - config = lib.mkIf cfg.enable { - - system.activationScripts = { - postActivation = '' - # Create directories first - mkdir -p /home/richen/.local/bin - # Copy VFIO scripts and set permissions - cp -f ${./scripts/vfio.sh} /home/richen/.local/bin/vfio - cp -f ${./scripts/lg.sh} /home/richen/.local/bin/lg - cp -f ${./scripts/start-vfio.sh} /home/richen/.local/bin/start-vfio - cp -f ${./scripts/stop-vfio.sh} /home/richen/.local/bin/stop-vfio - cp -f ${./scripts/vm.sh} /home/richen/.local/bin/vm - cp -f ${./scripts/rdp.sh} /home/richen/.local/bin/rdp - - chown richen:users /home/richen/.local/bin/vfio - chown richen:users /home/richen/.local/bin/lg - chown richen:users /home/richen/.local/bin/start-vfio - chown richen:users /home/richen/.local/bin/stop-vfio - chown richen:users /home/richen/.local/bin/vm - chown richen:users /home/richen/.local/bin/rdp - chmod +x /home/richen/.local/bin/vfio - chmod +x /home/richen/.local/bin/lg - chmod +x /home/richen/.local/bin/start-vfio - chmod +x /home/richen/.local/bin/stop-vfio - chmod +x /home/richen/.local/bin/vm - chmod +x /home/richen/.local/bin/rdp - - # Create a new directory for environment variables - mkdir -p /etc/profile.d - - # Add scripts directory to system-wide PATH via profile.d - echo 'export PATH="/home/richen/.local/bin:$PATH"' > /etc/profile.d/vfio-scripts.sh - chmod +x /etc/profile.d/vfio-scripts.sh - ''; - }; - - services = { - spice-vdagentd.enable = true; - spice-webdavd.enable = true; - udev.extraRules = '' - SUBSYSTEM=="kvmfr", OWNER="richen", GROUP="kvm", MODE="0660" - ${builtins.readFile ./scripts/99-vendor-reset.rules} - ''; - }; - - networking = { - interfaces.br0 = { - useDHCP = true; - }; - bridges.br0 = { - interfaces = [ "enp7s0" ]; - rstp = true; - }; - firewall = { - allowedUDPPorts = [ - 53 - 67 - ]; - checkReversePath = false; - }; - networkmanager.unmanaged = [ - "br0" - "enp7s0" - ]; - }; - - users.users.richen = { - extraGroups = pkgs.lib.mkAfter [ - "wheel" - "networkmanager" - "video" - "libvirtd" - "kvm" - "qemu-libvirtd" - ]; - }; - - security = { - polkit = { - enable = true; - }; - sudo.extraRules = [ - { - groups = [ "wheel" ]; - commands = [ - { - command = "/home/richen/.local/bin/vfio"; - options = [ "NOPASSWD" ]; - } - { - command = "/home/richen/.local/bin/rdp"; - options = [ "NOPASSWD" ]; - } - { - command = "/home/richen/.local/bin/vm"; - options = [ "NOPASSWD" ]; - } - { - command = "/home/richen/.local/bin/lg"; - options = [ "NOPASSWD" ]; - } - ]; - } - ]; - }; - - # VFIO-related configurations - programs.virt-manager.enable = true; - systemd.tmpfiles.rules = [ - "d /dev/hugepages 1770 root kvm -" - "d /dev/shm 1777 root root -" - "f /dev/shm/looking-glass 0660 richen kvm -" - ]; - fileSystems."/dev/hugepages" = { - device = "hugetlbfs"; - fsType = "hugetlbfs"; - options = [ - "mode=01770" - "gid=kvm" - ]; - }; - - boot = { - kernelParams = [ - # Memory Management - "default_hugepagesz=2M" # Set default huge page size to 2MB - "hugepagesz=2M" # Configure huge page size as 2MB - "transparent_hugepage=never" # Disable transparent huge pages - "mem_sleep_default=deep" # Set default sleep mode to deep sleep - - # Boot Optimization - "fastboot" # Fast boot - "quiet" # Reduce boot verbosity - "rd.timeout=0" # Reduce initrd timeout - "rd.systemd.show_status=false" # Hide systemd status during boot - - # Performance & Security - "mitigations=off" # Disable CPU vulnerabilities mitigations (security trade-off) - "nowatchdog" # Disable watchdog timer - "nmi_watchdog=0" # Disable NMI watchdog - "split_lock_detect=off" # Disable split lock detection - "pcie_aspm=off" # Disable PCIe Active State Power Management - "amdgpu.dc=1" - "amdgpu.powerplay=1" - "amdgpu.ppfeaturemask=0xffffffff" - "radeon.modeset=0" - - # IOMMU & VFIO - "intel_iommu=on" # Enable Intel IOMMU - "iommu=pt" # Enable IOMMU pass-through - "vfio-pci.ids=10de:2782,10de:22bc" # Specify VFIO PCI device IDs - - # KVM Settings - "kvm.ignore_msrs=1" # Ignore unhandled Model Specific Registers - "kvm.report_ignored_msrs=0" # Don't report ignored MSRs - - # ACPI & Power Management - "acpi_osi=Linux" # Set ACPI OS interface to Linux - "acpi=force" # Force ACPI - "resume_offset=0" # Set resume offset to 0 - ]; - kernelModules = [ - "vfio_pci" - "vfio" - "vfio_iommu_type1" - "kvmfr" - "kvm-intel" - "kvm" - "amdgpu" - ]; - initrd.kernelModules = [ - "amdgpu" - "vfio_pci" - "vfio" - "vfio_iommu_type1" - ]; - extraModulePackages = with config.boot.kernelPackages; [ - kvmfr - ]; - blacklistedKernelModules = [ - "nouveau" - "nvidia" - "nvidia_drm" - "nvidia_modeset" - "nvidia_uvm" - ]; - extraModprobeConfig = '' - options kvmfr static_size_mb=64 - blacklist nouveau - options nouveau modeset=0 - ''; - }; - - virtualisation = { - libvirtd = { - enable = true; - hooks = { - qemu = { - # TODO: figure out the prepare script - # "prepare" = ./modules/vfio/start.sh; - # "release" = ./modules/vfio/stop.sh; - }; - }; - qemu = { - ovmf = { - enable = true; - packages = [ - (pkgs.OVMF.override { - secureBoot = true; - tpmSupport = true; - }) - ]; - }; - swtpm.enable = true; - runAsRoot = true; - package = pkgs.qemu_kvm; - verbatimConfig = '' - user = "richen" - group = "kvm" - cgroup_device_acl = [ - "/dev/null", "/dev/full", "/dev/zero", - "/dev/random", "/dev/urandom", - "/dev/ptmx", "/dev/kvm", "/dev/kqemu", - "/dev/rtc","/dev/hpet", "/dev/sev", - "/dev/kvmfr0", - "/dev/vfio/vfio" - ] - hugetlbfs_mount = "/dev/hugepages" - bridge_helper = "/run/wrappers/bin/qemu-bridge-helper" - ''; - }; - }; - spiceUSBRedirection.enable = true; - }; - - users.groups.libvirtd.members = [ "richen" ]; - users.groups.kvm.members = [ "richen" ]; - - systemd.services.define-win11-vm = { - description = "Define Windows 11 VM"; - after = [ "libvirtd.service" ]; - requires = [ "libvirtd.service" ]; - wantedBy = [ "multi-user.target" ]; - - serviceConfig = { - Type = "oneshot"; - RemainAfterExit = true; - User = "root"; - }; - - script = '' - # Ensure NVRAM directory exists with proper permissions - mkdir -p /var/lib/libvirt/qemu/nvram - chown -R richen:kvm /var/lib/libvirt/qemu/nvram - chmod 775 /var/lib/libvirt/qemu/nvram - - # Create symlink directory for OVMF files - mkdir -p /var/libvirt/nix-ovmf - ln -sf ${pkgs.OVMF.fd}/FV/OVMF_CODE.fd /var/libvirt/nix-ovmf/OVMF_CODE.fd - ln -sf ${pkgs.OVMF.fd}/FV/OVMF_VARS.fd /var/libvirt/nix-ovmf/OVMF_VARS.fd - chown -R richen:kvm /var/libvirt/nix-ovmf - chmod -R 775 /var/libvirt/nix-ovmf - - # Copy OVMF NVRAM template if it doesn't exist - if [ ! -f /var/lib/libvirt/qemu/nvram/win11_VARS.fd ]; then - cp ${pkgs.OVMF.fd}/FV/OVMF_VARS.fd /var/lib/libvirt/qemu/nvram/win11_VARS.fd - chown richen:kvm /var/lib/libvirt/qemu/nvram/win11_VARS.fd - chmod 660 /var/lib/libvirt/qemu/nvram/win11_VARS.fd - fi - - # Check if VM already exists - if ! ${pkgs.libvirt}/bin/virsh list --all --name | grep -q "^win11$"; then - ${pkgs.libvirt}/bin/virsh define ${./scripts/win11.xml} - fi - ''; - }; - - environment.systemPackages = with pkgs; [ - # Add prime-run script as package - prime-run - # -------------------- Virtualization & VFIO -------------------- - qemu - virt-manager # Virtual machine manager - virt-viewer # Virtual machine viewer - libvirt # Virtualization API - spice-gtk # Remote display - spice-protocol # Spice protocol - spice-vdagent # Spice vdagent - win-virtio # Windows virtio drivers - win-spice # Windows spice drivers - OVMF # UEFI firmware - OVMFFull # UEFI firmware (with extra features) - looking-glass-client # VFIO display - freerdp3 # RDP client - - udisks # Storage device daemon - udiskie # Automounter - ntfs3g # NTFS filesystem support - cpuset # CPU management - kmod # Kernel module management - inotify-tools # File change notification - ]; - }; -} diff --git a/modules/system/hosts/fern/vfio/scripts/99-vendor-reset.rules b/modules/system/hosts/fern/vfio/scripts/99-vendor-reset.rules deleted file mode 100755 index 7efe6bd..0000000 --- a/modules/system/hosts/fern/vfio/scripts/99-vendor-reset.rules +++ /dev/null @@ -1,135 +0,0 @@ -# Rules to ensure vendor-reset is loaded and the reset_method for our devices is set to 'device_specific' for kernel 5.15+ -# (the module must be loaded, otherwise setting this may fail) -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x67C0", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x67C1", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x67C2", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x67C4", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x67C7", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x67D0", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x67DF", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x67C8", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x67C9", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x67CA", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x67CC", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x67CF", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x6FDF", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x67E0", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x67E3", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x67E8", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x67EB", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x67EF", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x67FF", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x67E1", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x67E7", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x67E9", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x6980", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x6981", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x6985", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x6986", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x6987", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x6995", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x6997", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x699F", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x6860", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x6861", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x6862", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x6863", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x6864", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x6867", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x6868", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x6869", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x686a", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x686b", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x686c", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x686d", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x686e", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x686f", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x687f", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x66a0", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x66a1", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x66a2", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x66a3", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x66a4", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x66a7", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x66af", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x7310", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x7312", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x7318", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x7319", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x731a", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x731b", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x731e", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x731f", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x7340", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x7341", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x7347", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x734F", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x7360", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x7362", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" - -ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x738c", RUN+="/bin/sh -c '/sbin/modprobe vendor-reset; echo device_specific > /sys$env{DEVPATH}/reset_method'" diff --git a/modules/system/hosts/fern/vfio/scripts/lg.sh b/modules/system/hosts/fern/vfio/scripts/lg.sh deleted file mode 100755 index 1188250..0000000 --- a/modules/system/hosts/fern/vfio/scripts/lg.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/bin/env bash - -# Check if the win11 VM is running -if ! sudo virsh list --state-running --name | grep -q "win11"; then - echo "The win11 VM is not running. Please start it before connecting via looking glass." - exit 1 -fi - -# Launch looking-glass-client with F10 as the mouse capture key -nohup looking-glass-client -f /dev/kvmfr0 -m 59 >/dev/null 2>&1 & diff --git a/modules/system/hosts/fern/vfio/scripts/rdp.sh b/modules/system/hosts/fern/vfio/scripts/rdp.sh deleted file mode 100755 index 9cd77c6..0000000 --- a/modules/system/hosts/fern/vfio/scripts/rdp.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/usr/bin/env bash - -# Check if the win11 VM is running -if ! sudo virsh list --state-running --name | grep -q "win11"; then - echo "The win11 VM is not running. Please start it before connecting via RDP." - exit 1 -fi - -# Prompt for password and hide input -read -sp "Enter password: " password -echo # Add a newline after password input - -# Check if RDP is running -if ! pgrep -f "xfreerdp" > /dev/null; then - echo "RDP is not running. Starting RDP..." - nohup xfreerdp \ - /v:10.0.0.172 \ - /u:richard \ - /p:"$password" \ - +dynamic-resolution \ - /gfx:avc444 \ - /network:auto \ - /compression-level:2 \ - /sound \ - /microphone \ - +clipboard \ - +fonts \ - +aero \ - +window-drag \ - +menu-anims \ - +themes \ - /cert:ignore > /dev/null 2>&1 & - echo "RDP started in the background." -else - echo "RDP is already running." -fi diff --git a/modules/system/hosts/fern/vfio/scripts/start-vfio.sh b/modules/system/hosts/fern/vfio/scripts/start-vfio.sh deleted file mode 100755 index e8fbdc4..0000000 --- a/modules/system/hosts/fern/vfio/scripts/start-vfio.sh +++ /dev/null @@ -1,92 +0,0 @@ -#!/run/current-system/sw/bin/bash -# https://rokups.github.io/#!pages/gaming-vm-performance.md - -set -e - -log() { - echo "[$(date '+%Y-%m-%d %H:%M:%S')] $1" | tee -a /var/log/libvirt/hooks.log >&2 -} - -error() { - log "ERROR: $1" - exit 1 -} - -main() { - # Check if running as root - if [[ $EUID -ne 0 ]]; then - error "This script must be run as root" - fi - - log "Starting VM preparation..." - - # Reset PCI device - if [[ -e /sys/bus/pci/devices/0000:08:00.0/reset ]]; then - echo 1 > /sys/bus/pci/devices/0000:08:00.0/reset || error "Failed to reset PCI device" - else - log "PCI device reset file not found, skipping reset" - fi - - HOST_CORES='12-19' # 2 P-cores (threads 12-15) + 4 E-cores (threads 16-19) - VIRT_CORES='0-11' # 6 P-cores (threads 0-11) - - # Function to convert core range to hexadecimal mask - cores_to_mask() { - local cores="$1" - local mask=0 - for core in $(seq ${cores/-/ }); do - mask=$((mask | 1< /dev/null 2>&1 || true - done - } - - # Set CPU affinity for systemd slices - systemctl set-property --runtime -- user.slice AllowedCPUs=$HOST_CORES || log "Failed to set CPU affinity for user.slice" - systemctl set-property --runtime -- system.slice AllowedCPUs=$HOST_CORES || log "Failed to set CPU affinity for system.slice" - systemctl set-property --runtime -- init.scope AllowedCPUs=$HOST_CORES || log "Failed to set CPU affinity for init.scope" - - # Drop caches and compact memory before allocating hugepages - sync - sysctl -w vm.drop_caches=3 || log "Failed to drop caches" - sysctl -w vm.compact_memory=1 || log "Failed to compact memory" - - # Hugepages allocation - sysctl -w vm.nr_hugepages=31744 || log "Failed to allocate hugepages" - - # Shield VM cores - pin_vm_cores - - # Reduce VM jitter and set other kernel parameters - sysctl -w vm.stat_interval=120 || log "Failed to set vm.stat_interval" - sysctl -w kernel.watchdog=0 || log "Failed to disable kernel watchdog" - echo $HOST_CORES_MASK > /sys/bus/workqueue/devices/writeback/cpumask || log "Failed to set writeback cpumask" - - # Check if transparent hugepages are available - if [[ -f /sys/kernel/mm/transparent_hugepage/enabled ]]; then - echo never > /sys/kernel/mm/transparent_hugepage/enabled || log "Failed to disable THP" - else - log "Transparent hugepages not available, skipping THP disable" - fi - - # Force P-states to P0 - for governor in /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor; do - echo performance > "$governor" || log "Failed to set CPU governor to performance" - done - - log "VM preparation completed successfully" -} - -main - -# TODO: Implement NVIDIA driver check and VFIO setup for NixOS -# This part needs to be adapted to NixOS-specific commands and paths diff --git a/modules/system/hosts/fern/vfio/scripts/stop-vfio.sh b/modules/system/hosts/fern/vfio/scripts/stop-vfio.sh deleted file mode 100755 index eea3e07..0000000 --- a/modules/system/hosts/fern/vfio/scripts/stop-vfio.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/run/current-system/sw/bin/bash -# https://rokups.github.io/#!pages/gaming-vm-performance.md - - -TOTAL_CORES='0-19' -TOTAL_CORES_MASK=FFFFF # bitmask for all 20 threads -HOST_CORES='12-19' # 2 P-cores (threads 12-15) + 4 E-cores (threads 16-19) -HOST_CORES_MASK=FF000 # bitmask 0b11111111000000000000 -VIRT_CORES='0-11' # 6 P-cores (threads 0-11) -VIRT_CORES_MASK=00FFF # bitmask 0b00000000111111111111 - -unpin_cores() { - # Reset all tasks to use all cores - for pid in $(ps -eo pid --no-headers); do - taskset -pc $TOTAL_CORES $pid > /dev/null 2>&1 - done -} - -# Reset CPU affinity for systemd slices -systemctl set-property --runtime -- user.slice AllowedCPUs=$TOTAL_CORES -systemctl set-property --runtime -- system.slice AllowedCPUs=$TOTAL_CORES -systemctl set-property --runtime -- init.scope AllowedCPUs=$TOTAL_CORES - -# All VMs offline -sysctl vm.stat_interval=1 -sysctl -w kernel.watchdog=1 -unpin_cores - -# Reset writeback workqueue to use all cores -echo $TOTAL_CORES_MASK > /sys/bus/workqueue/devices/writeback/cpumask - -# Hugepages deallocation -echo 0 | tee /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages -echo 0 | tee /proc/sys/vm/nr_hugepages - -echo always | tee /sys/kernel/mm/transparent_hugepage/enabled -echo powersave | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor - -echo >&2 "VMs Unpinned" - -# TODO: Implement NVIDIA driver reattachment and VFIO cleanup for NixOS -# This part needs to be adapted to NixOS-specific commands and paths diff --git a/modules/system/hosts/fern/vfio/scripts/vfio.sh b/modules/system/hosts/fern/vfio/scripts/vfio.sh deleted file mode 100755 index 4f1773f..0000000 --- a/modules/system/hosts/fern/vfio/scripts/vfio.sh +++ /dev/null @@ -1,111 +0,0 @@ -#!/usr/bin/env bash - -NVIDIA_GPU="0000:08:00.0" -NVIDIA_AUDIO="0000:08:00.1" - -bind_device() { - local device=$1 - local from_driver=$2 - local to_driver=$3 - - echo "Unbinding $device from $from_driver..." - if [ "$from_driver" = "nvidia" ]; then - # Disable DRM modesetting before unbinding - if lsmod | grep -q nvidia_drm; then - sudo rmmod nvidia_drm - sudo rmmod nvidia_uvm - sudo rmmod nvidia_modeset - sudo rmmod nvidia - fi - fi - - if [ -e "/sys/bus/pci/drivers/$from_driver/$device" ]; then - echo -n "$device" | sudo tee "/sys/bus/pci/drivers/$from_driver/unbind" >/dev/null - fi - - # Make sure the new driver is loaded - if [ "$to_driver" = "nvidia" ]; then - # Remove vfio drivers first - sudo modprobe -r vfio-pci vfio_iommu_type1 vfio - # Load NVIDIA drivers in correct order - sudo modprobe nvidia - sudo modprobe nvidia_modeset - sudo modprobe nvidia_uvm - sudo modprobe nvidia_drm modeset=1 - elif [ "$to_driver" = "vfio-pci" ]; then - # NVIDIA drivers are already unloaded above - sudo modprobe vfio-pci vfio_iommu_type1 vfio - fi - - # Remove the device ID from the old driver and add it to the new one - echo "Binding $device to $to_driver..." - echo -n "$device" | sudo tee "/sys/bus/pci/drivers/$to_driver/new_id" >/dev/null 2>&1 || true - echo -n "$device" | sudo tee "/sys/bus/pci/drivers/$to_driver/bind" >/dev/null - - # Verify the binding - if [ -e "/sys/bus/pci/drivers/$to_driver/$device" ]; then - echo "Successfully bound $device to $to_driver" - else - echo "Failed to bind $device to $to_driver" - fi -} - -bind_gpu() { - # Bind GPU - bind_device "$NVIDIA_GPU" "nvidia" "vfio-pci" - sleep 1 - # Bind Audio - bind_device "$NVIDIA_AUDIO" "snd_hda_intel" "vfio-pci" # Changed from nvidia to snd_hda_intel - echo "GPU and Audio devices binding completed" -} - -unbind_gpu() { - # Unbind Audio - bind_device "$NVIDIA_AUDIO" "vfio-pci" "snd_hda_intel" # Changed to snd_hda_intel - sleep 1 - # Unbind GPU - bind_device "$NVIDIA_GPU" "vfio-pci" "nvidia" - echo "GPU and Audio devices unbinding completed" -} - -status() { - echo "Checking device status..." - echo - - echo "GPU ($NVIDIA_GPU):" - if [ -e "/sys/bus/pci/devices/$NVIDIA_GPU" ]; then - driver=$(readlink "/sys/bus/pci/devices/$NVIDIA_GPU/driver" 2>/dev/null) - driver=${driver##*/} - echo " Driver in use: ${driver:-None}" - else - echo " Not found" - fi - - echo - echo "Audio ($NVIDIA_AUDIO):" - if [ -e "/sys/bus/pci/devices/$NVIDIA_AUDIO" ]; then - driver=$(readlink "/sys/bus/pci/devices/$NVIDIA_AUDIO/driver" 2>/dev/null) - driver=${driver##*/} - echo " Driver in use: ${driver:-None}" - else - echo " Not found" - fi -} - -case "$1" in - bind) - bind_gpu - ;; - unbind) - unbind_gpu - ;; - status) - status - ;; - *) - echo "Usage: $0 {bind|unbind|status}" - exit 1 - ;; -esac - -exit 0 \ No newline at end of file diff --git a/modules/system/hosts/fern/vfio/scripts/vm.sh b/modules/system/hosts/fern/vfio/scripts/vm.sh deleted file mode 100755 index e86f100..0000000 --- a/modules/system/hosts/fern/vfio/scripts/vm.sh +++ /dev/null @@ -1,101 +0,0 @@ -#!/usr/bin/env bash - -# Function to check if Win11 VM is running -check_win11_vm() { - sudo virsh list --all | grep -q "win11.*running" -} - -# Function to display VM status and available commands -show_status() { - echo "Windows 11 VM Status:" - if check_win11_vm; then - echo " Status: Running" - else - echo " Status: Stopped" - fi - echo - echo "Available commands:" - echo " vm - Show this status" - echo " vm start - Start the VM" - echo " vm stop - Stop the VM" -} - -# Function to start Win11 VM -start_win11_vm() { - if check_win11_vm; then - echo "VM is already running" - return 1 - fi - - echo "Starting Windows 11 VM..." - sudo start-vfio - sudo virsh start win11 - - # Set up trap to wait for VM shutdown using inotifywait with proper cleanup - nohup bash -c ' - # Create a unique PID file for this monitor instance - MONITOR_PID_FILE="/tmp/vm_monitor_$$.pid" - echo $$ > "$MONITOR_PID_FILE" - - # Cleanup function - cleanup() { - rm -f "$MONITOR_PID_FILE" - exit 0 - } - - # Set trap for cleanup - trap cleanup EXIT - - echo "$(date): Waiting for VM shutdown" >> /tmp/vm_shutdown.log - if inotifywait -e delete /var/run/libvirt/qemu/win11.pid; then - echo "$(date): VM shutdown detected" >> /tmp/vm_shutdown.log - sudo stop-vfio - echo "$(date): VFIO stopped" >> /tmp/vm_shutdown.log - else - echo "$(date): inotifywait failed" >> /tmp/vm_shutdown.log - fi - ' >/dev/null 2>&1 & - - # Store the monitor process PID - MONITOR_PID=$! - echo "Background monitoring process started with PID $MONITOR_PID" -} - -# Function to stop Win11 VM -stop_win11_vm() { - if ! check_win11_vm; then - echo "VM is not running" - return 1 - fi - - echo "Stopping Windows 11 VM..." - sudo virsh shutdown win11 - sudo stop-vfio - - # Cleanup any existing monitor processes - for pid_file in /tmp/vm_monitor_*.pid; do - if [ -f "$pid_file" ]; then - pid=$(cat "$pid_file") - kill $pid 2>/dev/null || true - rm -f "$pid_file" - fi - done -} - -# Main script command handling -case "${1:-status}" in -start) - start_win11_vm - ;; -stop) - stop_win11_vm - ;; -status | "") - show_status - ;; -*) - echo "Unknown command: $1" - echo "Usage: $0 [start|stop|status]" - exit 1 - ;; -esac diff --git a/modules/system/hosts/fern/vfio/scripts/win11.xml b/modules/system/hosts/fern/vfio/scripts/win11.xml deleted file mode 100755 index fc3fd86..0000000 --- a/modules/system/hosts/fern/vfio/scripts/win11.xml +++ /dev/null @@ -1,291 +0,0 @@ - - win11 - 8431eb34-6047-49f9-85a7-02886f1da29b - - - - - - 32768000 - 32768000 - - - - 12 - - - - - - - - - - - - - - - - - hvm - /var/libvirt/nix-ovmf/OVMF_CODE.fd - /var/lib/libvirt/qemu/nvram/win11_VARS.fd - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - destroy - restart - destroy - - - - - - /run/current-system/sw/bin/qemu-system-x86_64 - - - - - - -
- - - - - - -
- - -
- - - - - -
- - - - -
- - - - -
- - - - -
- - - - -
- - - - -
- - - - -
- - - - -
- - - - -
- - - - -
- - - - -
- - - - -
- - - - -
- - - - -
- - - - -
- - - -
- - -
- - -
- - -
- - - - - - -
- - - - - - - - - - - -
- - -
- - -
- - - - - - - - - -