From 180ecd08a7678ae73e4cc37f04584729a24c898d Mon Sep 17 00:00:00 2001 From: Daniel Olsen Date: Mon, 24 Mar 2025 18:30:27 +0100 Subject: [PATCH] init new soryu --- flake.nix | 35 +++- home/machines/soryu.nix | 31 ++++ hosts/asuka/soryu-old/wack.nix | 7 +- hosts/asuka/soryu/configuration.nix | 181 +++++++++++++++++++ hosts/asuka/soryu/hardware-configuration.nix | 56 ++++++ hosts/asuka/soryu/wack.nix | 72 ++++++++ 6 files changed, 370 insertions(+), 12 deletions(-) create mode 100644 home/machines/soryu.nix create mode 100644 hosts/asuka/soryu/configuration.nix create mode 100644 hosts/asuka/soryu/hardware-configuration.nix create mode 100644 hosts/asuka/soryu/wack.nix diff --git a/flake.nix b/flake.nix index 911e87b..7ce5244 100644 --- a/flake.nix +++ b/flake.nix @@ -1,12 +1,12 @@ { description = "dandellion's home-manager profiles"; - + # nixConfig.extra-substituters = ["https://cache.dodsorf.as"]; # nixConfig.exta-trusted-public-keys = "cache.dodsorf.as:FYKGadXTyI2ax8mirBTOjEqS/8PZKAWxiJVOBjESQXc="; inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11"; - + home-manager.url = "github:nix-community/home-manager/release-24.11"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; @@ -27,7 +27,7 @@ greg-clients.url = "git+https://git.pvv.ntnu.no/Projects/grzegorz-clients"; greg-clients.inputs.nixpkgs.follows = "unstable"; - + # helix.url = "github:helix-editor/helix"; # helix.inputs.nixpkgs.follows = "unstable"; @@ -50,8 +50,8 @@ # helix = inputs.helix.packages.${prev.system}.helix; wack = inputs.wack-ctf.packages.${prev.system}.wack; }) - nur.overlay - nixgl.overlay + nur.overlays.default + nixgl.overlays.default ]; mkHome = @@ -77,11 +77,11 @@ }; mkHomes = machines: extraArgs: nixlib.genAttrs machines (machine: mkHome ({inherit machine; } // extraArgs)); - + allMachines = [ "laptop" "desktop" "headless" "pvv-terminal" "ikari" ]; in { - + homeConfigurations = mkHomes [ "laptop" "headless" "ikari" ] { } // mkHomes [ "desktop" ] { username = "dan"; } // mkHomes [ "pvv-terminal" ] { username = "danio"; homeDirectory = "/home/pvv/d/danio"; }; @@ -107,6 +107,25 @@ ./hosts/asuka/soryu-old/configuration.nix ]; }; + soryu = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = { + inherit inputs; + }; + modules = [ + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = false; + home-manager.useUserPackages = true; + home-manager.users.daniel = import ./home/machines/soryu.nix; + home-manager.extraSpecialArgs = { + overlays = defaultOverlays; + }; + } + + ./hosts/asuka/soryu/configuration.nix + ]; + }; # langley = nixpkgs.lib.nixosSystem { # system = "x86_64-linux"; # specialArgs = { @@ -140,7 +159,7 @@ }); inherit defaultOverlays; - + # hydraJobs = { # laptop.x86_64-linux = self.homeActivations.laptop; # desktop.x86_64-linux = self.homeActivations.desktop; diff --git a/home/machines/soryu.nix b/home/machines/soryu.nix new file mode 100644 index 0000000..b08f061 --- /dev/null +++ b/home/machines/soryu.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, overlays, ... }: +{ + nixpkgs.overlays = overlays; + nixpkgs.config.allowUnfreePredicate = (pkg: true); + nixpkgs.config.allowUnfree = true; + + imports = [ ../profiles ]; + + machine = { + name = "Soryu"; + eth = "enp9s0"; + wlan = null; + secondary-fs = null; + }; + + profiles.base.enable = true; + profiles.base.plus = true; + profiles.xsession.enable = true; + profiles.audio.fancy = true; + profiles.zsh.enable = true; + + profiles.games.enable = true; + + profiles.timetracking.enable = true; + + home.packages = [ + pkgs.unstable.osu-lazer-bin + ]; + + home.stateVersion = "24.11"; +} diff --git a/hosts/asuka/soryu-old/wack.nix b/hosts/asuka/soryu-old/wack.nix index 8fd336f..8d288c6 100644 --- a/hosts/asuka/soryu-old/wack.nix +++ b/hosts/asuka/soryu-old/wack.nix @@ -31,11 +31,11 @@ hostPath = "/dev/dri"; isReadOnly = false; }; - bindMounts."/dev/kfd" = { + bindMounts."/dev/kfd" = { hostPath = "/dev/kfd"; isReadOnly = false; }; - bindMounts."/run/opengl-driver" = { + bindMounts."/run/opengl-driver" = { hostPath = "/run/opengl-driver"; isReadOnly = false; }; @@ -64,9 +64,8 @@ programs.zsh.enable = true; imports = [ (inputs.wack-server-conf + /users/default.nix) ]; - system.stateVersion = "23.05"; + system.stateVersion = "24.11"; }; }; } - diff --git a/hosts/asuka/soryu/configuration.nix b/hosts/asuka/soryu/configuration.nix new file mode 100644 index 0000000..1d2c5a7 --- /dev/null +++ b/hosts/asuka/soryu/configuration.nix @@ -0,0 +1,181 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). + +{ config, lib, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ./hardware-configuration.nix + ./wack.nix + ]; + + + # Use the systemd-boot EFI boot loader. + boot.loader.efi.canTouchEfiVariables = true; + boot.loader.systemd-boot = { + enable = true; + netbootxyz = { enable = true; sortKey = "y_netbootxyz"; }; + edk2-uefi-shell = { enable = true; sortKey = "z_edk2-uefi-shell"; }; + extraEntries = { + "old-soryuu.conf" = '' + title Old Soryuu; + efi /efi/edk2-uefi-shell/shell.efi + options -nointerrupt -nomap -noversion HD1b65535a:\EFI\systemd\systemd-bootx64.efi + sort-key o_soryuu-old + ''; + }; + }; + + boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ]; + boot.kernelPackages = pkgs.linuxPackages_latest; + + # programs.adb.enable = true; + + systemd.enableEmergencyMode = false; + + networking.hostName = "soryu"; + networking.extraHosts = '' + 127.0.0.1 modules-cdn.eac-prod.on.epicgames.com #Star Citizen EAC workaround + ''; + + # Star Citizen resource limits + boot.kernel.sysctl = { + "vm.max_map_count" = 16777216; + "fs.file-max" = 524288; + }; + + zramSwap = { + enable = true; + memoryMax = 96 * 1024 * 1024 * 1024; # 96 GB ZRAM + }; + + services.resolved.enable = true; + services.resolved.dnssec = "false"; + + services.gnome.gnome-keyring.enable = true; + + services.murmur = { + enable = true; + # registerName = "DODSORFAS"; + welcometext = "Dans PC at singsaker smh backup mumble server"; + }; + + programs.steam = { + enable = true; + remotePlay.openFirewall = false; # Open ports in the firewall for Steam Remote Play + dedicatedServer.openFirewall = false; # Open ports in the firewall for Source Dedicated Server + }; + + nixpkgs.config = { + allowUnfree = true; + }; + + services.tailscale.enable = true; + + networking.firewall.interfaces."tailscale0" = let + all = { from = 0; to = 65535; }; + in { + allowedUDPPortRanges = [ all ]; + allowedTCPPortRanges = [ all ]; + }; + + # Select internationalisation properties. + console.keyMap = "no-latin1"; + + time.timeZone = "Europe/Oslo"; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + wget vim git + ]; + + # Some programs need SUID wrappers, can be configured further or are + # started in user sessions. + # programs.mtr.enable = true; + # programs.gnupg.agent = { enable = true; enableSSHSupport = true; }; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + + # Open ports in the firewall. + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + networking.firewall.enable = true; + networking.firewall.allowedTCPPorts = [ 8000 6007 5001 config.services.murmur.port ]; + networking.firewall.allowedUDPPorts = [ 5001 21977 config.services.murmur.port ]; + + + + # Enable CUPS to print documents. + # services.printing.enable = true; + + + security.rtkit.enable = true; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + }; + + hardware.graphics.enable = true; + hardware.graphics.enable32Bit = true; + hardware.graphics.extraPackages = with pkgs; [ + libva + ]; + hardware.amdgpu.opencl.enable = true; + + # Enable the X11 windowing system. + services.xserver.enable = true; + services.xserver.xkb.layout = "no"; + # services.xserver.xkbOptions = "eurosign:e"; + + services.xserver.displayManager.lightdm.enable = true; + services.xserver.videoDrivers = ["amdgpu"]; + + + + programs.zsh.enable = true; + + virtualisation.docker.enable = true; + virtualisation.libvirtd.enable = true; + virtualisation.spiceUSBRedirection.enable = true; + + +# networking.nameservers = lib.mkForce [ "192.168.0.25" ]; + + + +# services.ipfs.enable = true; +# services.ipfs.gatewayAddress = "/ip4/127.0.0.1/tcp/5002"; + + nix.trustedUsers = [ "daniel" ]; + nix.extraOptions = '' + experimental-features = nix-command flakes + ''; + + users.users.daniel = { + isNormalUser = true; + uid = 1000; + shell = pkgs.zsh; + extraGroups = [ "wheel" "networkmanager" "docker" "video" "libvirtd" ]; + initialPassword = "Abc123"; + }; + + programs.dconf.enable = true; + services.dbus.packages = with pkgs; [ dconf ]; + + # This value determines the NixOS release with which your system is to be + # compatible, in order to avoid breaking some software such as database + # servers. You should change this only after NixOS release notes say you + # should. + system.stateVersion = "24.11"; # Did you read the comment? + +} diff --git a/hosts/asuka/soryu/hardware-configuration.nix b/hosts/asuka/soryu/hardware-configuration.nix new file mode 100644 index 0000000..56b7670 --- /dev/null +++ b/hosts/asuka/soryu/hardware-configuration.nix @@ -0,0 +1,56 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "thunderbolt" "usbhid" "sd_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + boot.initrd.luks.devices."crypted-main".device = "/dev/disk/by-uuid/2f59c91a-6765-439a-bc8d-6a84d662ba0c"; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/a1aec49d-4455-44e6-b69a-2576598b8749"; + fsType = "btrfs"; + options = [ "subvol=root" ]; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/a1aec49d-4455-44e6-b69a-2576598b8749"; + fsType = "btrfs"; + options = [ "subvol=home" ]; + }; + + fileSystems."/nix" = + { device = "/dev/disk/by-uuid/a1aec49d-4455-44e6-b69a-2576598b8749"; + fsType = "btrfs"; + options = [ "subvol=nix" ]; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/2285-60E9"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = [ { device = "/dev/disk/by-partlabel/swap"; randomEncryption.enable = true; } ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.docker0.useDHCP = lib.mkDefault true; + # networking.interfaces.enp9s0.useDHCP = lib.mkDefault true; + # networking.interfaces.tailscale0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp10s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/hosts/asuka/soryu/wack.nix b/hosts/asuka/soryu/wack.nix new file mode 100644 index 0000000..8fd336f --- /dev/null +++ b/hosts/asuka/soryu/wack.nix @@ -0,0 +1,72 @@ +{ config, lib, pkgs, inputs, ... }: + +{ + + networking.firewall.allowedTCPPorts = [ 1337 ]; + + networking.nat.forwardPorts = [ + { + destination = "${config.containers.ireul.hostAddress}:1337"; + proto = "tcp"; + sourcePort = 1337; + } + ]; + + containers.ireul = { + bindMounts."/wordlists" = { + hostPath = "/mnt/human/wordlists"; + isReadOnly = false; + }; + privateNetwork = true; + hostAddress = "192.168.10.1"; + localAddress = "192.168.10.2"; + forwardPorts = [ + { containerPort = 1337; + hostPort = 1337; + protocol = "tcp"; + } + ]; + + bindMounts."/dev/dri" = { + hostPath = "/dev/dri"; + isReadOnly = false; + }; + bindMounts."/dev/kfd" = { + hostPath = "/dev/kfd"; + isReadOnly = false; + }; + bindMounts."/run/opengl-driver" = { + hostPath = "/run/opengl-driver"; + isReadOnly = false; + }; + + allowedDevices = [ + { node = "/dev/dri/card0"; modifier = "rw"; } + { node = "/dev/dri/renderD128"; modifier = "rw"; } + { node = "/dev/kfd"; modifier = "rw"; } + ]; + + config = { config, pkgs, ... }: { + services.openssh.enable = true; + services.openssh.ports = [ 1337 ]; + + environment.systemPackages = with pkgs; [ + hashcat + hashcat-utils + john + + kitty.terminfo + ]; + + users.groups.video.members = builtins.attrNames config.users.users; + + + programs.zsh.enable = true; + imports = [ (inputs.wack-server-conf + /users/default.nix) ]; + + system.stateVersion = "23.05"; + }; + }; + +} +