From 4de15ebaf9be2a4611d5e60dc0524a706dc39cbe Mon Sep 17 00:00:00 2001 From: Ivan Kirilov Dimitrov Date: Thu, 4 Jul 2024 08:38:33 +0200 Subject: [PATCH] vm changes --- .gitignore | 1 + Makefile | 5 +- default.nix | 1 - home/configs/ivand/default.nix | 6 +- home/modules/packages/default.nix | 1 - nixos/configs/default.nix | 36 ++-- nixos/modules/default.nix | 288 ++++++++++++++++++------------ 7 files changed, 203 insertions(+), 135 deletions(-) diff --git a/.gitignore b/.gitignore index e69de29..b2be92b 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1 @@ +result diff --git a/Makefile b/Makefile index a4cfcd7..cc0a278 100644 --- a/Makefile +++ b/Makefile @@ -1,4 +1,4 @@ -.PHONY: default all home nixos update clean +.PHONY: default all home nixos vm update clean default: all @@ -10,6 +10,9 @@ home: nixos: doas nixos-rebuild switch --flake ./. +vm: + nixos-rebuild build-vm --flake ./.#vm + update: nix flake update diff --git a/default.nix b/default.nix index 4533037..061e30e 100644 --- a/default.nix +++ b/default.nix @@ -18,7 +18,6 @@ top@{ inputs, ... }: { inputs.sal.overlays.default ]; }; - stateVersion = "24.05"; }; }; } diff --git a/home/configs/ivand/default.nix b/home/configs/ivand/default.nix index c3c014a..0929d98 100644 --- a/home/configs/ivand/default.nix +++ b/home/configs/ivand/default.nix @@ -1,6 +1,6 @@ toplevel@{ inputs, withSystem, ... }: { - flake.homeConfigurations.ivand = withSystem "x86_64-linux" (ctx@{ pkgs, stateVersion, ... }: + flake.homeConfigurations.ivand = withSystem "x86_64-linux" (ctx@{ pkgs, ... }: inputs.home-manager.lib.homeManagerConfiguration { inherit pkgs; modules = @@ -9,15 +9,15 @@ toplevel@{ inputs, withSystem, ... }: in [ { - home.stateVersion = stateVersion; + home.stateVersion = "24.05"; } inputs.nid.hmModules.nix-index + inputs.catppuccin.homeManagerModules.catppuccin mods.all mods.dev mods.essential mods.random mods.reminders - inputs.catppuccin.homeManagerModules.catppuccin ]; }); } diff --git a/home/modules/packages/default.nix b/home/modules/packages/default.nix index cdb45e2..816d0b0 100644 --- a/home/modules/packages/default.nix +++ b/home/modules/packages/default.nix @@ -30,7 +30,6 @@ xonotic tor-browser electrum - monero-cli bisq-desktop ]; } diff --git a/nixos/configs/default.nix b/nixos/configs/default.nix index 2ab41e1..5affa74 100644 --- a/nixos/configs/default.nix +++ b/nixos/configs/default.nix @@ -3,16 +3,28 @@ let system = "x86_64-linux"; in { - flake.nixosConfigurations.nixos = withSystem system (ctx@{ config, inputs', ... }: - inputs.nixpkgs.lib.nixosSystem { - specialArgs = { - inherit inputs inputs'; - packages = config.packages; - }; - modules = [ - ./nova-hardware.nix - inputs.hosts.nixosModule - inputs.catppuccin.nixosModules.catppuccin - ] ++ (with toplevel.config.flake.nixosModules; [ wireguard catppuccin boot security xdg networking users services programs env rest ]); - }); + flake.nixosConfigurations = { + nixos = withSystem system (ctx@{ config, inputs', ... }: + inputs.nixpkgs.lib.nixosSystem { + specialArgs = { + inherit inputs inputs'; + packages = config.packages; + }; + modules = [ + ./nova-hardware.nix + inputs.hosts.nixosModule + inputs.catppuccin.nixosModules.catppuccin + ] ++ (with toplevel.config.flake.nixosModules; [ grub base sound security ivand wireless wireguard style ]); + }); + vm = withSystem system (ctx@{ config, inputs', ... }: + inputs.nixpkgs.lib.nixosSystem { + specialArgs = { + inherit inputs inputs'; + packages = config.packages; + }; + modules = [ + inputs.hosts.nixosModule + ] ++ (with toplevel.config.flake.nixosModules; [ vm base security testUser ]); + }); + }; } diff --git a/nixos/modules/default.nix b/nixos/modules/default.nix index 16e6516..5cb1295 100644 --- a/nixos/modules/default.nix +++ b/nixos/modules/default.nix @@ -1,5 +1,98 @@ { moduleWithSystem, ... }: { flake.nixosModules = { + grub = { + boot = { + loader = { + grub = { + enable = true; + useOSProber = true; + efiSupport = true; + device = "nodev"; + }; + efi = { + canTouchEfiVariables = true; + }; + }; + }; + }; + base = moduleWithSystem (toplevel@{ ... }: perSystem@{ pkgs, ... }: { + system.stateVersion = "24.05"; + nix = { + extraOptions = '' + experimental-features = nix-command flakes + ''; + }; + i18n.supportedLocales = [ "all" ]; + time.timeZone = "Europe/Prague"; + fonts.packages = with pkgs; [ (nerdfonts.override { fonts = [ "FiraCode" ]; }) noto-fonts noto-fonts-emoji noto-fonts-lgc-plus ]; + environment = { + systemPackages = with pkgs; [ + cmatrix + coreutils-full + cryptsetup + fd + file + git + glibc + gnumake + mlocate + moreutils + openssl + srm + unzip + vim + zip + ]; + shells = with pkgs; [ zsh nushell ]; + }; + programs = { + zsh.enable = true; + nix-ld.enable = true; + dconf.enable = true; + }; + services = { + dbus.enable = true; + }; + networking = { + stevenBlackHosts = { + enable = true; + blockFakenews = true; + blockGambling = true; + }; + }; + }); + sound = moduleWithSystem (toplevel@{ ... }: perSystem@{ ... }: { + services = { + pipewire = { + enable = true; + alsa.enable = true; + pulse.enable = true; + }; + }; + }); + security = moduleWithSystem (toplevel@{ ... }: perSystem@{ ... }: { + security = { + sudo = { + enable = false; + execWheelOnly = true; + extraRules = [ + { + groups = [ "wheel" ]; + } + ]; + }; + doas = { + enable = true; + extraRules = [ + # Allow wheel to run all commands without password and keep user env. + { groups = [ "wheel" ]; noPass = true; keepEnv = true; } + ]; + }; + polkit.enable = true; + rtkit.enable = true; + pam = { services = { swaylock = { }; }; }; + }; + }); wireguard = { networking.wg-quick.interfaces = { wg0 = { @@ -16,63 +109,7 @@ }; }; }; - catppuccin = { - catppuccin = { - enable = true; - flavor = "mocha"; - }; - boot.loader.grub.catppuccin.enable = true; - }; - boot = { - boot = { - loader = { - grub = { - enable = true; - useOSProber = true; - efiSupport = true; - device = "nodev"; - }; - efi = { - canTouchEfiVariables = true; - }; - }; - kernelModules = [ "v4l2loopback" ]; - }; - }; - security = moduleWithSystem (toplevel@{ ... }: nixos@{ pkgs, ... }: { - security = { - sudo = { - enable = false; - execWheelOnly = true; - extraRules = [ - { - groups = [ "wheel" ]; - commands = [{ command = "${pkgs.light}/bin/light"; options = [ "SETENV" "NOPASSWD" ]; }]; - } - ]; - }; - doas = { - enable = true; - extraRules = [ - # Allow wheel to run all commands without password and keep user env. - { groups = [ "wheel" ]; noPass = true; keepEnv = true; } - ]; - }; - polkit.enable = true; - rtkit.enable = true; - pam = { services = { swaylock = { }; }; }; - }; - }); - xdg = { - xdg = { - portal = { - enable = true; - wlr.enable = true; - config.common.default = "*"; - }; - }; - }; - networking = { + wireless = { networking = { wireless = { enable = true; @@ -112,14 +149,9 @@ }; }; }; - stevenBlackHosts = { - enable = true; - blockFakenews = true; - blockGambling = true; - }; }; }; - users = moduleWithSystem (toplevel@{ ... }: perSystem@{ pkgs, ... }: { + ivand = moduleWithSystem (toplevel@{ ... }: perSystem@{ pkgs, ... }: { users = { defaultUserShell = pkgs.zsh; users = { @@ -144,67 +176,89 @@ extraGroups = { mlocate = { }; }; }; }); - services = { - services = { - ollama.enable = true; - xserver.videoDrivers = [ "nouveau" ]; - dbus.enable = true; - flatpak.enable = true; - pipewire = { - enable = true; - alsa.enable = true; - pulse.enable = true; + testUser = moduleWithSystem (toplevel@{ ... }: perSystem@{ pkgs, ... }: { + users = { + defaultUserShell = pkgs.zsh; + users = { + test = { + isNormalUser = true; + createHome = true; + initialPassword = "test"; + extraGroups = [ + "adbusers" + "adm" + "audio" + "bluetooth" + "dialout" + "flatpak" + "kvm" + "mlocate" + "render" + "video" + "wheel" + ]; + }; }; - }; - }; - programs = { - programs = { - zsh.enable = true; - nix-ld.enable = true; - adb.enable = true; - dconf.enable = true; - }; - }; - env = moduleWithSystem (toplevel@{ ... }: perSystem@{ pkgs, ... }: { - environment = { - systemPackages = with pkgs; [ - cmatrix - coreutils-full - cryptsetup - dig - fd - file - git - glibc - gnumake - jq - mlocate - moreutils - ntfs3g - openssl - srm - unzip - vim - zip - ]; - shells = with pkgs; [ zsh nushell ]; + extraGroups = { mlocate = { }; }; }; }); - rest = moduleWithSystem (toplevel@{ ... }: perSystem@{ pkgs, ... }: { - nix = { - extraOptions = '' - experimental-features = nix-command flakes - ''; + style = { + catppuccin = { + enable = true; + flavor = "mocha"; }; - system.stateVersion = "24.05"; - hardware = { - graphics = { + boot.loader.grub.catppuccin.enable = true; + }; + flatpak = { + xdg = { + portal = { enable = true; + wlr.enable = true; + config.common.default = "*"; + }; + }; + services.flatpak.enable = true; + }; + ai = moduleWithSystem (toplevel@{ ... }: perSystem@{ ... }: { + services = { + ollama.enable = true; + }; + }); + vm = moduleWithSystem (toplevel@{ ... }: perSystem@{ pkgs, ... }: { + nixpkgs.hostPlatform = "x86_64-linux"; + virtualisation.vmVariant = { + # following configuration is added only when building VM with build-vm + virtualisation = { + memorySize = 8192; + cores = 4; + resolution = { + x = 1920; + y = 1080; + }; + diskImage = "$HOME/doc/vm.qcow2"; + qemu = { + options = [ "-vga qxl" "-spice port=5900,addr=127.0.0.1,disable-ticketing=on" ]; + }; + }; + services = { + displayManager.sddm.enable = true; + xserver = { + enable = true; + desktopManager.xfce.enable = true; + videoDrivers = [ "qxl" ]; + }; + spice-autorandr.enable = true; + spice-vdagentd.enable = true; + spice-webdavd.enable = true; + }; + environment = { + systemPackages = with pkgs; [ + xorg.xf86videoqxl + tor-browser + gnupg + ]; }; }; - i18n.supportedLocales = [ "all" ]; - time.timeZone = "Europe/Prague"; - fonts.packages = with pkgs; [ (nerdfonts.override { fonts = [ "FiraCode" ]; }) noto-fonts noto-fonts-emoji noto-fonts-lgc-plus ]; }); }; }