diff --git a/flake.lock b/flake.lock index a29ddba..8457ed0 100644 --- a/flake.lock +++ b/flake.lock @@ -20,11 +20,11 @@ }, "emacs": { "locked": { - "lastModified": 1642445080, - "narHash": "sha256-2jIQeXfAxkfLkl1Atady0f5XkJmB12RqBaCcnb0mGpQ=", + "lastModified": 1645179483, + "narHash": "sha256-Q11wkzvQvtUNgMpPxE0fofp5XT9K2wglhOi4nNG6nyg=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "5fcafb9229a347b2f5f5dc4ec9f0f5f977b42b85", + "rev": "6a753da27cd3d5c0be49be6faaf2ed1feabdb240", "type": "github" }, "original": { @@ -35,11 +35,11 @@ }, "flake-utils": { "locked": { - "lastModified": 1638122382, - "narHash": "sha256-sQzZzAbvKEqN9s0bzWuYmRaA03v40gaJ4+iL1LXjaeI=", + "lastModified": 1644229661, + "narHash": "sha256-1YdnJAsNy69bpcjuoKdOYQX0YxZBiCYZo4Twxerqv7k=", "owner": "numtide", "repo": "flake-utils", - "rev": "74f7e4319258e287b0f9cb95426c9853b282730b", + "rev": "3cecb5b042f7f209c56ffd8371b2711a290ec797", "type": "github" }, "original": { @@ -68,11 +68,11 @@ "nixpkgs": "nixpkgs" }, "locked": { - "lastModified": 1642445622, - "narHash": "sha256-EpiRAcFWs5HdyPr+1i5wtc7tsDUm/BoIIyP9wjAck2o=", + "lastModified": 1645140957, + "narHash": "sha256-WTJzLSCDLBI537o2L/3kRyqEV5YRT7+1QSGryeKReHE=", "owner": "nix-community", "repo": "home-manager", - "rev": "a69f3e9b0390f03defb834b15e80c236a537157d", + "rev": "4f4165a8b9108818ab0193bbd1a252106870b2a2", "type": "github" }, "original": { @@ -87,16 +87,16 @@ "nixpkgs": "nixpkgs_4" }, "locked": { - "lastModified": 1638281721, - "narHash": "sha256-d3vAVFG6zov9NwjSuYntBiD+I5KjJLwX09c7uAzbONI=", + "lastModified": 1643933536, + "narHash": "sha256-yRmsWAG4DnLxLIUtlaZsl0kH7rN5xSoyNRlf0YZrcH4=", "owner": "nix-community", "repo": "home-manager", - "rev": "7329ffc6e911106494183557fc249180d5422929", + "rev": "2860d7e3bb350f18f7477858f3513f9798896831", "type": "github" }, "original": { "owner": "nix-community", - "ref": "release-21.05", + "ref": "release-21.11", "repo": "home-manager", "type": "github" } @@ -136,11 +136,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1641965797, - "narHash": "sha256-AfxfIzAZbt9aAzpVBn0Bwhd/M4Wix7G91kEjm9H6FPo=", + "lastModified": 1644870092, + "narHash": "sha256-RLPD92lqXW98LDIbbwYqwAbt3R4iD1V1PiylfgBq5cU=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "87a35a0d58f546dc23f37b4f6af575d0e4be6a7a", + "rev": "10eab1c4cd8e715c0b41d32c28af2b89fc67bed0", "type": "github" }, "original": { @@ -168,10 +168,10 @@ }, "nixpkgs": { "locked": { - "lastModified": 1641210259, - "narHash": "sha256-O7oWcTw9WY/gbZPPqDpNYOAeT4bOK+1rtYC9ZaevTT0=", - "path": "/nix/store/pd02d3qni4zn5hvi24flpp7nzyn66rvc-source", - "rev": "18c84ea816348e2a098390101b92d1e39a9dbd45", + "lastModified": 1642104392, + "narHash": "sha256-m71b7MgMh9FDv4MnI5sg9MiBVW6DhE1zq+d/KlLWSC8=", + "path": "/nix/store/bfllm0im5z34n4v84zvip0kwy6vwl2yz-source", + "rev": "5aaed40d22f0d9376330b6fa413223435ad6fee5", "type": "path" }, "original": { @@ -197,11 +197,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1642104392, - "narHash": "sha256-m71b7MgMh9FDv4MnI5sg9MiBVW6DhE1zq+d/KlLWSC8=", + "lastModified": 1644525281, + "narHash": "sha256-D3VuWLdnLmAXIkooWAtbTGSQI9Fc1lkvAr94wTxhnTU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5aaed40d22f0d9376330b6fa413223435ad6fee5", + "rev": "48d63e924a2666baf37f4f14a18f19347fbd54a2", "type": "github" }, "original": { @@ -226,10 +226,10 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1641210259, - "narHash": "sha256-O7oWcTw9WY/gbZPPqDpNYOAeT4bOK+1rtYC9ZaevTT0=", - "path": "/nix/store/pd02d3qni4zn5hvi24flpp7nzyn66rvc-source", - "rev": "18c84ea816348e2a098390101b92d1e39a9dbd45", + "lastModified": 1642104392, + "narHash": "sha256-m71b7MgMh9FDv4MnI5sg9MiBVW6DhE1zq+d/KlLWSC8=", + "path": "/nix/store/bfllm0im5z34n4v84zvip0kwy6vwl2yz-source", + "rev": "5aaed40d22f0d9376330b6fa413223435ad6fee5", "type": "path" }, "original": { @@ -239,26 +239,26 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1640653651, - "narHash": "sha256-fByFYXYoE/6TqwKGbT7XBCOAlSsFzOXm4ZsRLoO70m8=", + "lastModified": 1644750380, + "narHash": "sha256-c4LvV88zB9YvM/6rLElbq4e62XtEO9pBINqsrlmH++M=", "owner": "nixos", "repo": "nixpkgs", - "rev": "7bca80140fc7732c7357b26002db3d87b3ba4c61", + "rev": "c28fb0a4671ff2715c1922719797615945e5b6a0", "type": "github" }, "original": { "owner": "nixos", - "ref": "nixos-21.05", + "ref": "nixos-21.11", "repo": "nixpkgs", "type": "github" } }, "nixpkgs_6": { "locked": { - "lastModified": 1641210259, - "narHash": "sha256-O7oWcTw9WY/gbZPPqDpNYOAeT4bOK+1rtYC9ZaevTT0=", - "path": "/nix/store/pd02d3qni4zn5hvi24flpp7nzyn66rvc-source", - "rev": "18c84ea816348e2a098390101b92d1e39a9dbd45", + "lastModified": 1642104392, + "narHash": "sha256-m71b7MgMh9FDv4MnI5sg9MiBVW6DhE1zq+d/KlLWSC8=", + "path": "/nix/store/bfllm0im5z34n4v84zvip0kwy6vwl2yz-source", + "rev": "5aaed40d22f0d9376330b6fa413223435ad6fee5", "type": "path" }, "original": { @@ -284,11 +284,11 @@ }, "nur": { "locked": { - "lastModified": 1642443450, - "narHash": "sha256-wzu8ifk0rPi/qNXe2hgZiAr5MoQBkj9bgtO3IKqnTw4=", + "lastModified": 1645182018, + "narHash": "sha256-esXJXkK70fvlztdhqE+tYJtQliwOfvZvvT/ZiwRGW6A=", "owner": "nix-community", "repo": "nur", - "rev": "cc8e4d5e2d5a44f1cbc54bf1dcd3c037b4d58c73", + "rev": "9bfbaf7fcf989f4fe5ac3818f4e3d740d4d90143", "type": "github" }, "original": { @@ -309,11 +309,11 @@ "rnix-lsp": "rnix-lsp" }, "locked": { - "lastModified": 1641167986, - "narHash": "sha256-3rsvxh53szG4Bsi+Z9soKUeQ0mkPIIXRKLcd7ixhGH8=", + "lastModified": 1645134535, + "narHash": "sha256-uevN8fmSoV1pCs4dNaPg78LfsGd5iQAVnEehp0R442o=", "ref": "master", - "rev": "f433548e1182c66e5fe403b80dc213a09c630455", - "revCount": 155, + "rev": "114a8d500801e1947e6572a41f6490f3864adcfb", + "revCount": 160, "type": "git", "url": "https://dev.ostylk.de/NixDistro/Config" }, diff --git a/hosts/miku.nix b/hosts/miku.nix index 25a2354..36a25d5 100644 --- a/hosts/miku.nix +++ b/hosts/miku.nix @@ -50,21 +50,11 @@ primaryScreen = "C27F398"; enable = true; }; - sway = { - enable = true; - extraSessionCommands = '' - # Pick the dGPU as the first one - #DGPU_DRM_NODE=$(ls /sys/bus/pci/devices/0000:01:00.0/drm | grep card) - #IGPU_DRM_NODE=$(ls /sys/bus/pci/devices/0000:08:00.0/drm | grep card) - - #export WLR_DRM_DEVICES=/dev/dri/$DGPU_DRM_NODE:/dev/dri/$IGPU_DRM_NODE - ''; - }; + sway.enable = true; alacritty.enable = true; emacs.enable = true; firefox.enable = true; - git.enable = true; - #gnome-terminal.enable = true; + git.enable = true; #gnome-terminal.enable = true; tmux.enable = true; waybar = { enable = true; @@ -79,51 +69,6 @@ services = { gamemode.enable = true; #gnome.enable = true; - greetd = { - enable = false; - /* - swayExtra = '' - output HDMI-A-3 transform 90 anticlockwise - - workspace 1 output HDMI-A-3 - ''; - */ - }; - kanshi = let - horizontal = "Samsung Electric Company C27F398 H4ZR101145"; - vertical = "Goldstar Company Ltd IPS235 305NDPHKN600"; - - helpers = import ../lib/helpers/kanshi.nix; - mkProfile = helpers.mkProfile; - wallpaperScript = helpers.mkWallpaperScript { - inherit pkgs config; - }; - in { - enable = true; - profiles = { - homeMultihead = mkProfile { - outputs = [ - { - criteria = vertical; - status = "enable"; - mode = "1920x1080"; - transform = "90"; - position = "-1080,0"; - } - { - criteria = horizontal; - status = "enable"; - mode = "1920x1080"; - position = "0,0"; - } - ]; - - name = "homeMultihead"; - script = wallpaperScript; - }; - }; - }; - swaync.enable = true; input-remapper = { enable = true; postStartCommand = "${pkgs.input-remapper}/bin/input-remapper-control --command start --preset NOOP --device \"Razer Razer Tartarus V2\""; @@ -147,17 +92,16 @@ }; virtualisation = { - podman = { - enable = true; - dockerCompat = true; - }; + #podman = { + # enable = true; + # dockerCompat = true; + #}; }; boot = { extraModprobeConfig = '' options kvm_amd nested=1 options vfio-pci ids=1002:67df,1002:aaf0 - options amdgpu dpm=0 ''; initrd = { availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" "amdgpu" "vendor-reset" ]; @@ -209,6 +153,7 @@ }; desktopManager.plasma5.enable = true; }; + earlyoom.enable = lib.mkForce false; }; hardware = { diff --git a/lib/baseSystem.nix b/lib/baseSystem.nix index 0393888..f9be1ee 100644 --- a/lib/baseSystem.nix +++ b/lib/baseSystem.nix @@ -213,7 +213,7 @@ in { upower.enable = true; # What generated entropy? - haveged.enable = true; + #haveged.enable = true; printing.enable = lib.mkDefault false; avahi.enable = false; diff --git a/modules/offloading/builder.nix b/modules/offloading/builder.nix index ac8c2f9..799b3c7 100644 --- a/modules/offloading/builder.nix +++ b/modules/offloading/builder.nix @@ -10,7 +10,7 @@ in { config = lib.mkIf cfg.enable { boot.binfmt.emulatedSystems = [ "i686-linux" "aarch64-linux" ]; # For remote building environment.systemPackages = with pkgs; [ openssh ]; - nix.trustedUsers = [ "builder" ]; + nix.settings.trusted-users = [ "builder" ]; # TODO: Specify a firewall rule to only allow this from my other NixOS machines users = { diff --git a/modules/programs/firefox/default.nix b/modules/programs/firefox/default.nix index b163c6b..66679a0 100644 --- a/modules/programs/firefox/default.nix +++ b/modules/programs/firefox/default.nix @@ -9,7 +9,7 @@ in { config = lib.mkIf cfg.enable { environment = { - systemPackages = with pkgs; [ firefox-wayland tor-browser-bundle-bin ]; + systemPackages = with pkgs; [ firefox-wayland /*tor-browser-bundle-bin*/ ]; # Deploy a Firefox policy to set the search engine and do some other things etc."firefox/policies/policies.json".source = ./policies.json; diff --git a/packages/default.nix b/packages/default.nix index e18238e..e344b4d 100644 --- a/packages/default.nix +++ b/packages/default.nix @@ -59,4 +59,6 @@ in { wlrootsqt = prev.libsForQt5.callPackage ./wlrootsqt.nix {}; qtgreet = prev.libsForQt5.callPackage ./qtgreet.nix {}; + + spice-gtk = prev.callPackage temp/spice-gtk/default.nix {}; } diff --git a/packages/temp/spice-gtk/default.nix b/packages/temp/spice-gtk/default.nix new file mode 100644 index 0000000..16cf654 --- /dev/null +++ b/packages/temp/spice-gtk/default.nix @@ -0,0 +1,143 @@ +{ lib, stdenv +, fetchurl +, acl +, cyrus_sasl +, docbook_xsl +, libepoxy +, gettext +, gobject-introspection +, gst_all_1 +, gtk-doc +, gtk3 +, hwdata +, json-glib +, libcacard +, libcap_ng +, libdrm +, libjpeg_turbo +, libopus +, libsoup +, libusb1 +, lz4 +, meson +, ninja +, openssl +, perl +, phodav +, pixman +, pkg-config +, polkit +, python3 +, spice-protocol +, usbredir +, vala +, wayland-protocols +, zlib +, withPolkit ? true +}: + +# If this package is built with polkit support (withPolkit=true), +# usb redirection reqires spice-client-glib-usb-acl-helper to run setuid root. +# The helper confirms via polkit that the user has an active session, +# then adds a device acl entry for that user. +# Example NixOS config to create a setuid wrapper for the helper: +# security.wrappers.spice-client-glib-usb-acl-helper.source = +# "${pkgs.spice-gtk}/bin/spice-client-glib-usb-acl-helper"; +# On non-NixOS installations, make a setuid copy of the helper +# outside the store and adjust PATH to find the setuid version. + +# If this package is built without polkit support (withPolkit=false), +# usb redirection requires read-write access to usb devices. +# This can be granted by adding users to a custom group like "usb" +# and using a udev rule to put all usb devices in that group. +# Example NixOS config: +# users.groups.usb = {}; +# users.users.dummy.extraGroups = [ "usb" ]; +# services.udev.extraRules = '' +# KERNEL=="*", SUBSYSTEMS=="usb", MODE="0664", GROUP="usb" +# ''; + +stdenv.mkDerivation rec { + pname = "spice-gtk"; + version = "0.40"; + + outputs = [ "out" "dev" "devdoc" "man" ]; + + src = fetchurl { + url = "https://www.spice-space.org/download/gtk/${pname}-${version}.tar.xz"; + sha256 = "sha256-I/X/f6gLdWR85zzaXq+LMi80Mtu7f286g5Y0YYrbztM="; + }; + + postPatch = '' + # get rid of absolute path to helper in store so we can use a setuid wrapper + substituteInPlace src/usb-acl-helper.c \ + --replace 'ACL_HELPER_PATH"/' '"' + # don't try to setcap/suid in a nix builder + substituteInPlace src/meson.build \ + --replace "meson.add_install_script('../build-aux/setcap-or-suid'," \ + "# meson.add_install_script('../build-aux/setcap-or-suid'," + ''; + + nativeBuildInputs = [ + docbook_xsl + gettext + gobject-introspection + gtk-doc + libsoup + meson + ninja + perl + pkg-config + python3 + python3.pkgs.pyparsing + python3.pkgs.six + vala + ]; + + propagatedBuildInputs = [ + gst_all_1.gst-plugins-base gst_all_1.gst-plugins-good + ]; + + buildInputs = [ + cyrus_sasl + libepoxy + gtk3 + json-glib + libcacard + libcap_ng + libdrm + libjpeg_turbo + libopus + libusb1 + lz4 + openssl + phodav + pixman + spice-protocol + usbredir + wayland-protocols + zlib + ] ++ lib.optionals withPolkit [ polkit acl ] ; + + PKG_CONFIG_POLKIT_GOBJECT_1_POLICYDIR = "${placeholder "out"}/share/polkit-1/actions"; + + mesonFlags = [ + "-Dusb-acl-helper-dir=${placeholder "out"}/bin" + "-Dusb-ids-path=${hwdata}/share/hwdata/usb.ids" + ]; + + meta = with lib; { + description = "GTK 3 SPICE widget"; + longDescription = '' + spice-gtk is a GTK 3 SPICE widget. It features glib-based + objects for SPICE protocol parsing and a gtk widget for embedding + the SPICE display into other applications such as virt-manager. + Python bindings are available too. + ''; + + homepage = "https://www.spice-space.org/"; + license = licenses.lgpl21; + maintainers = [ maintainers.xeji ]; + platforms = platforms.linux; + }; +}