/sys/machines -> /hosts

hosts/nixdesk/autologin.nix

@@ -0,0 +1,6 @@
+{
+  services.getty = {
+    autologinUser = "xun";
+    autologinOnce = true;
+  };
+}

hosts/nixdesk/default.nix

@@ -0,0 +1,132 @@
+{
+  lib,
+  pkgs,
+  inputs,
+  systemProfiles,
+  specialArgs,
+  ...
+}: {
+  # imports = with systemProfiles; [
+  imports =
+    [
+      ./hardware.nix
+      ./hibernate-boot.nix
+      ./samba-mount.nix
+      ./wireguard.nix
+      ./restic-server.nix
+      ./autologin.nix
+
+      inputs.impermanence.nixosModules.impermanence
+      inputs.stylix.nixosModules.stylix
+
+      {
+        home-manager = {
+          backupFileExtension = "hm-backup";
+          users.xun.imports = [
+            ./home.nix
+            inputs.sops-nix.homeManagerModules.sops
+            {home.stateVersion = "23.11";}
+          ];
+          extraSpecialArgs = specialArgs;
+        };
+      }
+    ]
+    ++ (map (x: systemProfiles + x) [
+      /core/security.nix
+      /core/keyring.nix
+      /core/users.nix
+      /core/ssh.nix
+      /core/locale.nix
+      /nix
+      /programs/zsh.nix
+      /programs/fish.nix
+      /core/tools.nix
+      /core/compat.nix
+      /core/boot.nix
+      # core.docs
+      /core/gvfs.nix
+
+      /nix/gc.nix
+
+      /hardware/graphics.nix
+      /hardware/steam-hardware.nix
+      /hardware/bluetooth.nix
+      /hardware/qmk.nix
+
+      /network/networkd.nix
+      /network/avahi.nix
+      /network/localsend.nix
+      /network/tailscale.nix
+      /network/goldberg.nix
+
+      /desktop/sway.nix
+
+      /programs/dconf.nix
+      /programs/fonts.nix
+      /programs/home-manager.nix
+      # programs.qt
+      /programs/adb.nix
+      /programs/openrgb.nix
+      /programs/tools.nix
+      /programs/thunar.nix
+
+      /services
+      /services/pipewire.nix
+      /services/podman.nix
+      /services/flatpak.nix
+
+      # services.syncthing
+      /services/waydroid.nix
+      /services/virt-manager.nix
+      /services/sunshine.nix
+      /services/locate.nix
+      # network.wifi
+
+      /themes/dark.nix
+
+      /programs/gamemode.nix
+      /programs/gamescope.nix
+      /programs/steam.nix
+      /programs/reverse-engineering.nix
+    ]);
+
+  services.locate.prunePaths = lib.mkOptionDefault ["/home/xun/backup"];
+
+  # for running waydroid as root, needed for cage-xtmapper
+  services.dbus.packages = [
+    (pkgs.writeTextDir "/etc/dbus-1/session.d/dbus-allow-root.conf" ''
+      <busconfig>
+        <policy context="mandatory">
+          <allow user="root"/>
+        </policy>
+      </busconfig>
+    '')
+  ];
+
+  nixpkgs.config = {
+    # rocmSupport = true;
+    allowUnfreePredicate = pkg:
+      builtins.elem (lib.getName pkg) [
+        "apple_cursor"
+        "steam"
+        "steam-unwrapped"
+        "discord"
+        "discord-ptb"
+        "obsidian"
+        "rider"
+        "idea-ultimate"
+        "android-studio-stable"
+
+        "stremio-shell"
+        "stremio-server"
+      ];
+    android_sdk.accept_license = true;
+  };
+
+  environment.persistence."/persist".enable = false;
+
+  networking.interfaces.eno1.wakeOnLan.enable = true;
+
+  networking.hostName = "nixdesk";
+  system.stateVersion = "23.11";
+}

hosts/nixdesk/hardware.nix

@@ -0,0 +1,93 @@
+{
+  inputs,
+  config,
+  pkgs,
+  lib,
+  ...
+}: {
+  imports = [
+    inputs.hardware.nixosModules.common-cpu-amd
+    inputs.hardware.nixosModules.common-gpu-amd
+    inputs.hardware.nixosModules.common-pc-ssd
+    inputs.hardware.nixosModules.gigabyte-b550
+  ];
+
+  boot = {
+    kernelPackages = pkgs.linuxPackages_latest;
+    initrd = {
+      verbose = false;
+      availableKernelModules = [
+        "nvme"
+        "xhci_pci"
+        "ahci"
+        "usb_storage"
+        "usbhid"
+        "sd_mod"
+      ];
+      kernelModules = ["amdgpu"];
+    };
+    kernelModules = ["kvm-amd" "msr"];
+    extraModulePackages = with config.boot.kernelPackages; [
+      # rtl88xxau-aircrack # usb wifi card
+    ];
+    loader = {
+      timeout = 0;
+      systemd-boot = {
+        enable = true;
+        consoleMode = "max";
+        configurationLimit = 120;
+        editor = false;
+      };
+      efi = {
+        canTouchEfiVariables = true;
+        efiSysMountPoint = "/boot";
+      };
+    };
+    tmp.cleanOnBoot = true;
+  };
+
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-uuid/d87276c0-ef9c-422e-b2de-effc1b47c654";
+      fsType = "btrfs";
+      options = ["subvol=root" "compress=zstd"];
+    };
+    "/home" = {
+      device = "/dev/disk/by-uuid/d87276c0-ef9c-422e-b2de-effc1b47c654";
+      fsType = "btrfs";
+      options = ["subvol=home" "compress=zstd"];
+    };
+    "/nix" = {
+      device = "/dev/disk/by-uuid/d87276c0-ef9c-422e-b2de-effc1b47c654";
+      fsType = "btrfs";
+      options = ["subvol=nix" "compress=zstd" "noatime"];
+    };
+    "/.swapvol" = {
+      device = "/dev/disk/by-uuid/d87276c0-ef9c-422e-b2de-effc1b47c654";
+      fsType = "btrfs";
+      options = ["subvol=swap" "noatime"];
+    };
+    "/boot" = {
+      device = "/dev/disk/by-uuid/588B-CB97";
+      fsType = "vfat";
+    };
+  };
+
+  boot.resumeDevice = "/dev/disk/by-uuid/d87276c0-ef9c-422e-b2de-effc1b47c654";
+  boot.kernelParams = [
+    "nowatchdog"
+    # btrfs inspect-internal map-swapfile -r /.swapvol/swapfile
+    "resume_offset=326444288"
+  ];
+
+  swapDevices = lib.singleton {
+    device = "/.swapvol/swapfile";
+  };
+
+  hardware.enableRedistributableFirmware = true;
+
+  services.xserver.videoDrivers = ["amdgpu"];
+
+  nixpkgs.hostPlatform.system = "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = true;
+}

hosts/nixdesk/hibernate-boot.nix

@@ -0,0 +1,28 @@
+{pkgs, ...}: {
+  # hibernate and reboot to firmware
+  # this allows me to save linux state and boot into another os (such as windows)
+  # make sure not to mount any filesystems from the other os or you risk losing data
+  environment.systemPackages = [
+    (pkgs.writeShellScriptBin "hib-boot" ''
+      set -e
+
+      if [ ! -v 1 ]; then
+        echo "no argument provided"
+        echo "please provide the id for the os you want to boot"
+        echo "these are the valid id's:"
+        echo ""
+        ${pkgs.efibootmgr}/bin/efibootmgr
+        exit
+      fi
+
+      if [ ! -w /sys/power/disk -o ! -w /sys/power/state ]; then
+        echo "you lack permission to write to /sys/power/{disk,state}, are you not running this script as root?"
+        exit
+      fi
+
+      ${pkgs.efibootmgr}/bin/efibootmgr -n "$1" >/dev/null
+      echo reboot >/sys/power/disk
+      echo disk >/sys/power/state
+    '')
+  ];
+}

hosts/nixdesk/home.nix

@@ -0,0 +1,159 @@
+{
+  self,
+  lib,
+  pkgs,
+  inputs,
+  homeProfiles,
+  ...
+}: {
+  imports = map (x: homeProfiles + x) [
+    /default.nix
+
+    /terminal/shell/zsh.nix
+    /terminal/shell/fish.nix
+
+    /terminal/programs/xdg.nix
+    /terminal/programs/direnv.nix
+    /terminal/programs/tmux.nix
+    /terminal/programs/comma.nix
+    /terminal/programs/irssi.nix
+    /terminal/programs/git.nix
+    /terminal/programs/github.nix
+    /terminal/programs/jujutsu.nix
+
+    /editors/nvim.nix
+
+    /programs/browsers/firefox/default.nix
+    /programs/browsers/tor.nix
+    /programs/browsers/chromium.nix
+
+    /terminal/emulator/foot.nix
+
+    /themes/dark/default.nix
+
+    # desktop
+    /programs/desktop/default.nix
+    /programs/desktop/sway/default.nix
+
+    # development
+    /develop/common.nix
+    /develop/docs.nix
+
+    /develop/langs/haskell.nix
+    /develop/langs/go.nix
+    /develop/langs/js.nix
+    /develop/langs/rust.nix
+    /develop/langs/elixir.nix
+    /develop/langs/nix.nix
+    /develop/langs/zig.nix
+    /develop/langs/lua.nix
+    /develop/langs/c.nix
+    /develop/langs/csharp.nix
+
+    # programs
+    /programs/misc/discord.nix
+    /programs/misc/obs.nix
+
+    /programs/music/beets.nix
+    /programs/music/cmus.nix
+
+    /programs/media/mpv.nix
+
+    # gaming
+    /programs/games/default.nix
+    /programs/games/jc141.nix
+
+    /services/playerctl.nix
+    /services/polkit-agent.nix
+  ];
+
+  wayland.windowManager.sway.extraConfig = ''
+    exec obs --startreplaybuffer --disable-shutdown-check --minimize-to-tray
+  '';
+
+  wayland.windowManager.sway.config.output = {
+    "DP-3" = {
+      mode = "1920x1080@165Hz";
+      position = "1920 0";
+      # allow_tearing = "yes";
+      bg = "${inputs.wallpaper.outPath} fill";
+    };
+    "HDMI-A-1" = {
+      position = "0 0";
+    };
+  };
+  xdg.mimeApps = {
+    enable = true;
+    defaultApplications = {
+      "text/html" = "firefox.desktop";
+      "x-scheme-handler/http" = "firefox.desktop";
+      "x-scheme-handler/https" = "firefox.desktop";
+      "x-scheme-handler/about" = "firefox.desktop";
+      "x-scheme-handler/unknown" = "firefox.desktop";
+    };
+  };
+
+  home.sessionVariables.DEFAULT_BROWSER = lib.getExe pkgs.firefox;
+
+  services = {
+    udiskie.enable = true;
+  };
+  programs = {
+    starship.enable = true;
+    zoxide.enable = true;
+    lazygit.enable = true;
+    distrobox.enable = true;
+  };
+  home.packages = with pkgs; [
+    # coding
+    tokei
+    devenv
+    lazyjj
+    jjui
+    vscodium-fhs
+    android-studio
+    jetbrains.rider
+    jetbrains.idea-ultimate
+
+    # communication
+    element-desktop
+
+    # audio
+    pwvucontrol
+    qpwgraph
+
+    # productivity
+    tdf # terminal pdf reader
+    obsidian
+
+    # passwords
+    keepassxc
+    bitwarden-desktop
+
+    # creating
+    krita
+    blender
+    godot
+    libreoffice-qt6
+
+    # system things
+    kdePackages.dolphin
+
+    # music
+    puddletag
+    picard
+
+    # media
+    stremio
+    feishin
+    foliate
+
+    # games
+    heroic
+    lutris
+    ryubing # switch emu
+    prismlauncher
+    inputs.sobercookie.packages.${pkgs.system}.default
+    self.packages.${pkgs.system}.krunker
+  ];
+}

hosts/nixdesk/restic-server.nix

@@ -0,0 +1,7 @@
+{
+  services.restic.server = {
+    enable = true;
+    dataDir = "/srv/backup";
+    extraFlags = ["--no-auth"];
+  };
+}

hosts/nixdesk/samba-mount.nix

@@ -0,0 +1,72 @@
+{
+  config,
+  pkgs,
+  ...
+}: {
+  environment.systemPackages = [pkgs.cifs-utils];
+  systemd.mounts = [
+    {
+      description = "smb hopper transmission download directory";
+      what = "//192.168.50.97/transmission"; # hopper local ip
+      where = "/server/transmission";
+      type = "cifs";
+      options = "uid=xun,gid=users,credentials=${config.sops.secrets.samba.path}";
+    }
+    {
+      description = "smb hopper vault";
+      what = "//192.168.50.97/vault"; # hopper local ip
+      where = "/server/vault";
+      type = "cifs";
+      options = "uid=xun,gid=users,credentials=${config.sops.secrets.samba.path}";
+    }
+    {
+      description = "smb hopper library";
+      what = "//192.168.50.97/library"; # hopper local ip
+      where = "/server/library";
+      type = "cifs";
+      options = "uid=xun,gid=users,credentials=${config.sops.secrets.samba.path},vers=3.0";
+    }
+    {
+      description = "smb hopper slskd files";
+      what = "//192.168.50.97/slskd"; # hopper local ip
+      where = "/server/slskd";
+      type = "cifs";
+      options = "uid=xun,gid=users,credentials=${config.sops.secrets.samba.path}";
+    }
+  ];
+
+  systemd.automounts = [
+    {
+      requires = ["network-online.target"];
+      where = "/server/transmission";
+      wantedBy = ["multi-user.target"];
+      automountConfig = {
+        TimeoutIdleSec = "10min";
+      };
+    }
+    {
+      requires = ["network-online.target"];
+      where = "/server/vault";
+      wantedBy = ["multi-user.target"];
+      automountConfig = {
+        TimeoutIdleSec = "10min";
+      };
+    }
+    {
+      requires = ["network-online.target"];
+      where = "/server/library";
+      wantedBy = ["multi-user.target"];
+      automountConfig = {
+        TimeoutIdleSec = "10min";
+      };
+    }
+    {
+      requires = ["network-online.target"];
+      where = "/server/slskd";
+      wantedBy = ["multi-user.target"];
+      automountConfig = {
+        TimeoutIdleSec = "10min";
+      };
+    }
+  ];
+}

hosts/nixdesk/wireguard.nix

@@ -0,0 +1,29 @@
+{
+  config,
+  inputs,
+  lib,
+  ...
+}: {
+  imports = [inputs.vpn-confinement.nixosModules.default];
+
+  # networking.wg-quick.interfaces."wireguard".configFile = config.sops.secrets.wireguard.path;
+
+  vpnNamespaces."wg" = {
+    enable = true;
+    wireguardConfigFile = config.sops.secrets.wireguard.path;
+    accessibleFrom = ["192.168.0.0/24"];
+
+    # Forwarded to my vpn, for making things accessible from outside
+    openVPNPorts =
+      lib.range 23000 23010
+      |> map (num: {
+        port = num;
+        protocol = "both";
+      });
+
+    # From inside of the vpn namespace to outside of it, for making things inside accessible to LAN
+    portMappings = [];
+  };
+
+  systemd.services.wg.wantedBy = lib.mkForce [];
+}