X-Git-Url: https://gitweb.ps.run/flake_thinkpad/blobdiff_plain/fd28c48e3b7400aa3f4bcb492597a54e0a8dfbec..7d4be89983f22a94e36bf18bb21453b36aeee3ae:/configuration.nix diff --git a/configuration.nix b/configuration.nix index 3506b5f..cb526d1 100644 --- a/configuration.nix +++ b/configuration.nix @@ -20,6 +20,8 @@ in [ # Include the results of the hardware scan. ./hardware-configuration.nix inputs.home-manager.nixosModules.default + inputs.extra-container.nixosModules.default + inputs.microvm.nixosModules.host ]; # Bootloader. @@ -33,13 +35,24 @@ in boot.initrd.kernelModules = [ "amdgpu" ]; boot.consoleLogLevel = 0; boot.kernelPackages = pkgs.linuxPackages_latest; - boot.kernelParams = [ "quiet" "udev.log_level=0" "amdgpu.runpm=0" ]; - - networking.hostName = "nixos"; # Define your hostname. + boot.kernelParams = [ "quiet" "udev.log_level=0" "amdgpu.runpm=0" ]; + + # incus admin init --minimal + # incus image list images: + # incus launch images:ubuntu/noble + # incus exec -- /bin/bash + # incus exec -- adduser --shell /bin/bash --ingroup sudo ps + # incus exec -- su - ps -c 'tmux new-session -A -s main' + virtualisation.incus.enable = true; + virtualisation.incus.ui.enable = true; + networking.nftables.enable = true; + networking.firewall.trustedInterfaces = [ "incusbr0" ]; + + networking.hostName = "thinkpad"; # Define your hostname. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. nix.settings.experimental-features = [ "nix-command" "flakes" ]; - nix.package = pkgs.nixVersions.nix_2_28; + nix.settings.download-buffer-size = 500000000; # Configure network proxy if necessary # networking.proxy.default = "http://user:password@proxy:port/"; @@ -67,28 +80,60 @@ in }; programs.dconf.enable = true; + programs.steam.enable = true; + + # Containers + containers = { + im = { + ephemeral = true; + # privateNetwork = true; + localAddress = "10.23.45.2"; + hostAddress = "10.23.45.1"; + + bindMounts."/per".hostPath = "/var/lib/nixos-containers/im"; + bindMounts."/per".isReadOnly = false; + + extraFlags = [ + "--property='MemoryMax=60M'" + "--property='MemoryHigh=50M'" + "--property='CPUQuota=4%'" + ]; + + config = { config, pkgs, ... }: { + imports = [ inputs.impermanence.nixosModules.impermanence ]; + + environment.persistence."/per" = { + directories = [ + "/var/log" + "/var/lib" + { directory = "/home/ps"; user = "ps"; group = "users"; mode = "0750"; } + ]; + files = []; + }; + environment.systemPackages = with pkgs; [ helix python312 deno ]; + + users.users.ps = { isNormalUser = true; }; + + networking.firewall.allowedTCPPorts = [ 80 8080 ]; + + system.stateVersion = "25.05"; + }; + }; + }; + networking.nat.enable = true; + networking.nat.internalInterfaces = ["ve-+"]; + networking.nat.externalInterface = "eth0"; + networking.networkmanager.unmanaged = [ "interface-name:ve-*" ]; # Services services = { - + displayManager = { + defaultSession = "xfce+i3"; + }; xserver = { enable = true; - # Enable the GNOME Desktop Environment. - # displayManager.gdm.enable = true; - # desktopManager.gnome.enable = true; - - # displayManager.sddm.enable = true; - # desktopManager.budgie.enable = true; - - # desktopManager.deepin.enable = true; - # displayManager.lightdm.enable = true; - - # displayManager.gdm.enable = true; - # desktopManager.plasma5.enable = true; - displayManager = { - defaultSession = "xfce+i3"; lightdm = { enable = true; greeters.gtk = { @@ -113,7 +158,7 @@ in xterm.enable = false; xfce = { enable = true; - # noDesktop = true; + noDesktop = true; enableXfwm = false; }; }; @@ -133,6 +178,7 @@ in services.autorandr = { enable = true; + matchEdid = true; hooks = { postswitch = { "set-wallpaper" = "set-wallpaper"; @@ -146,13 +192,68 @@ in dataDir = "/home/ps/sync"; configDir = "/home/ps/.config/syncthing"; }; + + services.auto-cpufreq.enable = true; + services.auto-cpufreq.settings = { + battery = { + governor = "powersave"; + turbo = "never"; + }; + charger = { + governor = "performance"; + turbo = "auto"; + }; + }; + + # services.tlp = { + # enable = true; + # settings = { + # CPU_SCALING_GOVERNOR_ON_AC = "performance"; + # CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; + # + # CPU_ENERGY_PERF_POLICY_ON_AC = "balance_performance"; + # CPU_ENERGY_PERF_POLICY_ON_BAT = "power"; + # + # PLATFORM_PROFILE_ON_AC = "balanced"; + # PLATFORM_PROFILE_ON_BAT = "low-power"; + # + # CPU_BOOST_ON_AC = "1"; + # CPU_BOOST_ON_BAT = "0"; + # + # AMDGPU_ABM_LEVEL_ON_AC = "0"; + # AMDGPU_ABM_LEVEL_ON_BAT = "3"; + # + # CPU_MIN_PERF_ON_AC = 0; + # CPU_MAX_PERF_ON_AC = 100; + # CPU_MIN_PERF_ON_BAT = 0; + # CPU_MAX_PERF_ON_BAT = 20; + # + # # START_CHARGE_THRESH_BAT0 = 40; # 40 and below it starts to charge + # STOP_CHARGE_THRESH_BAT0 = 90; # 85 and above it stops charging + # }; + # }; services.udev.extraRules = '' KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{serial}=="*vial:f64c2b3c*", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl" ''; # OpenGL - hardware.graphics.enable = true; + hardware = { + graphics = { + enable = true; + enable32Bit = true; + extraPackages = with pkgs; [ + rocmPackages.clr.icd + mesa.opencl + amf + ]; + }; + + amdgpu.amdvlk = { + enable = true; + support32Bit.enable = true; + }; + }; # services.logind = { # extraConfig = "HandlePowerKey=suspend"; @@ -166,13 +267,21 @@ in services.printing.enable = true; services.printing.drivers = [ pkgs.gutenprint ]; + # Enable scanners + hardware.sane.enable = true; + hardware.sane.extraBackends = [ pkgs.hplipWithPlugin pkgs.sane-airscan ]; + services.avahi.enable = true; + services.avahi.nssmdns4 = true; + services.avahi.reflector = true; + services.udev.packages = [ pkgs.sane-airscan ]; + # Enable Bluetooth hardware.bluetooth.enable = true; hardware.bluetooth.powerOnBoot = false; services.blueman.enable = true; # Enable sound with pipewire. - hardware.pulseaudio.enable = false; + services.pulseaudio.enable = false; security.rtkit.enable = true; services.pipewire = { enable = true; @@ -202,15 +311,15 @@ in isNormalUser = true; description = "Patrick"; shell = pkgs.bash; - extraGroups = [ "networkmanager" "wheel" "dialout" "jackaudio" ]; - }; - sshd = { - isSystemUser = true; - packages = [ - pkgs.python3 - ]; - group = "ssh"; + extraGroups = [ "networkmanager" "wheel" "dialout" "jackaudio" "lp" "incus-admin" ]; }; + # sshd = { + # isSystemUser = true; + # packages = [ + # pkgs.python3 + # ]; + # group = "ssh"; + # }; chirp = { isSystemUser = true; packages = [ @@ -231,10 +340,9 @@ in inherit inputs; inherit wallpaper; }; - # users = { - # "ps" = import ./home.nix; - # }; - users.ps.imports = [ ./home.nix ]; + users = { + "ps" = import ./home.nix; + }; }; # Enable automatic login for the user. @@ -249,23 +357,37 @@ in # Allow unfree packages nixpkgs.config.allowUnfree = true; + + environment.variables = { + RUSTICL_ENABLE = "radeonsi"; + }; # List packages installed in system profile. To search, run: # $ nix search wget environment.systemPackages = with pkgs; [ - args.inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.zig - args.inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.zls + args.inputs.zls.inputs.zig-overlay.packages.${pkgs.system}.master + args.inputs.zls.packages.${pkgs.system}.zls args.inputs.psch-flakes.packages.${pkgs.system}.resetmsmice + args.inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.zuban vim wget file git kitty i3 gdb mosh cmake + entr + asciinema asciinema-agg + shellify scrcpy xsel + xcwd + + pinta + mupdf + davinci-resolve pavucontrol syncthingtray # xfce plugins + xfce.xfce4-panel xfce.xfce4-pulseaudio-plugin # xfce.xfce4-verve-plugin xfce.xfce4-notes-plugin @@ -295,28 +417,28 @@ in # Enable the OpenSSH daemon. services.openssh = { - enable = false; + enable = true; ports = [ 22 ]; - settings = { - PasswordAuthentication = false; - PermitRootLogin = "no"; - }; - authorizedKeysCommand = - let keys = pkgs.writers.writePython3Bin "keys" {} '' - import sys - - args = sys.argv - - print(args) - ''; - in - "${keys}/bin/keys"; - authorizedKeysCommandUser = "ps"; + # settings = { + # PasswordAuthentication = false; + # PermitRootLogin = "no"; + # }; + # authorizedKeysCommand = + # let keys = pkgs.writers.writePython3Bin "keys" {} '' + # import sys + # + # args = sys.argv + # + # print(args) + # ''; + # in + # "${keys}/bin/keys"; + # authorizedKeysCommandUser = "ps"; }; # Open ports in the firewall. - networking.firewall.allowedTCPPorts = [ 22 1234 5900 6011 6021 6022 8080 53317 ]; - networking.firewall.allowedUDPPorts = [ 5901 53317 ]; + networking.firewall.allowedTCPPorts = [ 22 1234 5900 6011 6021 6022 8080 53317 7236 7250 ]; + networking.firewall.allowedUDPPorts = [ 5901 53317 7236 5353 ]; # Or disable the firewall altogether. # networking.firewall.enable = false;