329 lines
10 KiB
Nix
329 lines
10 KiB
Nix
{ config, pkgs, modulesPath, lib, fetchGit, ... }:
|
|
|
|
{
|
|
imports = [
|
|
./generic.nix
|
|
../modules/hardware/generic.nix ../modules/hardware/video.nix ../modules/hardware/desktop.nix
|
|
../modules/fonts.nix
|
|
../modules/users/alexander.nix
|
|
../modules/programs/zsh ../modules/programs/git ../modules/programs/mpv ../modules/programs/tmux ../modules/programs/emacs ../modules/programs/firefox ../modules/programs/gnome-terminal ../modules/programs/gnome ../modules/programs/i18n.nix ../modules/programs/gamemode ../modules/programs/nonvm
|
|
../modules/programs/distributed-build/builder.nix
|
|
../modules/programs/music
|
|
];
|
|
|
|
nixpkgs.overlays = [
|
|
(import (builtins.fetchGit {
|
|
url = "https://github.com/nix-community/emacs-overlay.git";
|
|
ref = "master";
|
|
rev = "ce0e9482d53d69bedc8416d8a984d00e17607826";
|
|
}))
|
|
|
|
# Steam overlay
|
|
(import ../overlays/steam.nix pkgs)
|
|
|
|
# Simple overrides
|
|
(final: prev: {
|
|
mpv = prev.wrapMpv prev.mpv-unwrapped {
|
|
# Prevent the need for prefixing mpv with DRI_PRIME=1
|
|
extraMakeWrapperArgs = [
|
|
"--set" "DRI_PRIME" "1"
|
|
];
|
|
};
|
|
|
|
gajim = prev.gajim.overrideAttrs (old: {
|
|
# Enable notification sounds
|
|
propagatedBuildInputs = old.propagatedBuildInputs ++ [ prev.gsound ];
|
|
});
|
|
})
|
|
|
|
# Unstable, NUR, ...
|
|
(import ../overlays/unstable.nix pkgs)
|
|
(import ../overlays/nur.nix pkgs)
|
|
(import ../overlays/custom.nix pkgs)
|
|
];
|
|
|
|
security = {
|
|
pam.loginLimits = [
|
|
{
|
|
domain = "@gamemode";
|
|
item = "-";
|
|
type = "nice";
|
|
value = "-10";
|
|
}
|
|
];
|
|
wrappers = {
|
|
gamemoded = {
|
|
source = "${pkgs.gamemode}/bin/gamemoded";
|
|
capabilities = "cap_sys_nice+ep";
|
|
};
|
|
};
|
|
};
|
|
|
|
environment = {
|
|
systemPackages = with pkgs; [
|
|
emacsPgtkGcc
|
|
unstable.firmwareLinuxNonfree
|
|
gajim
|
|
libvirt virt-manager qemu scream
|
|
gamemode # Custom package
|
|
key-mapper # Custom package
|
|
replaysorcery # Custom package
|
|
evdev-proxy # Custom package
|
|
vfio-isolate # Custom Package
|
|
steam
|
|
];
|
|
|
|
sessionVariables = {
|
|
# Prevent us from having to always type it out
|
|
NIXOS_CONFIG = "/home/${config.system.singleUser}/Development/Personal/nixos-config/hosts/miku.nix";
|
|
};
|
|
|
|
etc = {
|
|
"evdev-proxy/config.toml".source = pkgs.writeText "config.toml" ''
|
|
log_level = "INFO"
|
|
|
|
[[device]]
|
|
[device.Simple]
|
|
name = "EvdevProxyMouse"
|
|
vendor = 0x1337
|
|
model = 0x1337
|
|
class = "Mouse"
|
|
[[device.Simple.selector]]
|
|
USBIDClass = {vendor=0x046d, model=0xc531, class="Mouse"}
|
|
[[device.Simple.selector]]
|
|
USBIDClass = {vendor=0x046d, model=0xc07c, class="Mouse"}
|
|
[[device]]
|
|
[device.Simple]
|
|
name = "EvdevProxyTartarus"
|
|
vendor = 0x1337
|
|
model = 0x1338
|
|
class = "Keyboard"
|
|
# This is to give a deterministic /dev/input/by-id/ path to
|
|
# the mapped version of the Tartarus evdev node.
|
|
# (Useful for qemu)
|
|
[[device.Simple.selector]]
|
|
EVDEVClass = {phys="\"key-mapper\""}
|
|
'';
|
|
"libvirt/hooks/qemu".source = let
|
|
vfio-isolate-state = "/tmp/vfio-isolate-state";
|
|
in pkgs.writeScript "qemu" ''
|
|
#!${pkgs.stdenv.shell}
|
|
guest=$1
|
|
action=$2
|
|
phase=$3
|
|
extra=$4
|
|
|
|
if [[ "$guest" = "win10" ]]; then
|
|
case "$action" in
|
|
prepare)
|
|
# Only do this while in preparation
|
|
[[ ! "$phase" = "prepare" ]] && exit 0
|
|
|
|
sudo -u alexander systemctl --user start evdev-proxy.service
|
|
sudo -u alexander systemctl --user start scream.service
|
|
sleep 2
|
|
|
|
${pkgs.vfio-isolate}/bin/vfio-isolate \
|
|
-u ${vfio-isolate-state} \
|
|
cpu-governor performance "$GUEST_CORES" \
|
|
cpuset-create --cpus "$GUEST_CORES" /guest.slice \
|
|
cpuset-create --cpus C0,4 /host.slice \
|
|
move-tasks / /host.slice \
|
|
irq-affinity mask "$GUEST_CORES"
|
|
;;
|
|
stopped)
|
|
# Only run when the VM is fully stopped
|
|
[[ ! "$phase" = "end" ]] && exit 0
|
|
sudo -u alexander systemctl --user stop evdev-proxy.service
|
|
sudo -u alexander systemctl --user stop scream.service
|
|
|
|
${pkgs.vfio-isolate}/bin/vfio-isolate \
|
|
restore ${vfio-isolate-state}
|
|
esac
|
|
fi
|
|
'';
|
|
};
|
|
};
|
|
|
|
networking = {
|
|
interfaces.enp6s0.useDHCP = false;
|
|
hostName = "miku";
|
|
# Nix otherwise has a conflict with this option
|
|
wireless.enable = lib.mkForce false;
|
|
|
|
# Allow scream to connect to this host
|
|
firewall.allowedUDPPorts = [ 4010 ];
|
|
};
|
|
|
|
boot = {
|
|
loader = {
|
|
systemd-boot.enable = true;
|
|
efi.canTouchEfiVariables = true;
|
|
};
|
|
extraModprobeConfig = ''
|
|
options kvm_amd nested=1
|
|
options vfio-pci ids=1002:67df,1002:aaf0
|
|
'';
|
|
initrd = {
|
|
availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" "amdgpu" "vendor-reset" ];
|
|
kernelModules = [
|
|
"amdgpu" # GPU (duh)
|
|
"kvm-amd" "vfio_virqfd" "vfio_pci" "vfio_iommu_type1" "vfio" # Virt
|
|
"uinput" # key-mapper
|
|
"vendor-reset"
|
|
];
|
|
};
|
|
kernelParams = [
|
|
"amd_iommu=on"
|
|
"iommu=pt"
|
|
"sysrq_always_enabled=1"
|
|
"kvm.ignore_msrs=1"
|
|
"kvm.report_ignored_msrs=N"
|
|
"fbcon=rotate:1"
|
|
"quiet"
|
|
];
|
|
kernelModules = [];
|
|
extraModulePackages = [ pkgs.linuxPackages.vendor-reset ];
|
|
# NOTE: A regression appears to have happend between 5.10 and 5.12
|
|
# which leads to the RX590 to have the fence fallback timer on
|
|
# sdma0 time out (whatever this means). Maybe bisect?
|
|
#kernelPackages = pkgs.linuxPackages_zen;
|
|
};
|
|
|
|
services = {
|
|
# NOTE: key-mapper has a dbus policy file that we need to include
|
|
dbus.packages = [ pkgs.key-mapper ];
|
|
emacs.package = pkgs.emacsPgtkGcc;
|
|
flatpak.enable = true;
|
|
xserver.videoDrivers = [ "amdgpu" ];
|
|
udev.extraRules = ''
|
|
KERNEL=="uinput", GROUP="input"
|
|
|
|
# This rule allows the input group to access /dev/uinput device to create virtual input devices
|
|
KERNEL=="uinput", SUBSYSTEM=="misc", GROUP="input", MODE="660"
|
|
|
|
# Create rules for your virtual devices to get persistent names
|
|
KERNEL=="event*", SUBSYSTEM=="input", ATTRS{name}=="EvdevProxy*", SYMLINK+="input/by-id/virtual-event-$attr{name}"
|
|
'';
|
|
|
|
sshd.enable = true;
|
|
};
|
|
|
|
virtualisation.libvirtd = {
|
|
enable = true;
|
|
qemuOvmf = true;
|
|
#qemuRunAsRoot = false;
|
|
qemuPackage = pkgs.unstable.qemu;
|
|
qemuVerbatimConfig = ''
|
|
seccomp_sandbox = 0
|
|
cgroup_device_acl = [
|
|
"/dev/null", "/dev/full", "/dev/zero",
|
|
"/dev/random", "/dev/urandom",
|
|
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
|
|
"/dev/rtc","/dev/hpet",
|
|
"/dev/input/by-id/usb-Logitech_USB_Receiver-if02-event-mouse",
|
|
"/dev/input/by-id/usb-Razer_Razer_Tartarus_V2-event-kbd",
|
|
"/dev/input/by-id/virtual-event-EvdevProxyMouse",
|
|
"/dev/input/by-id/virtual-event-EvdevProxyTartarus",
|
|
"/dev/input/by-id/usb-Razer_Razer_BlackWidow_Ultimate-event-kbd"
|
|
]
|
|
'';
|
|
};
|
|
# NOTE: Workaround for libvirt's SYSCONFDIR being set to /var/lib
|
|
# (See https://github.com/NixOS/nixpkgs/issues/51152#issuecomment-899374407)
|
|
system.activationScripts.libvirt-hooks.text = ''
|
|
ln -Tfs /etc/libvirt/hooks /var/lib/libvirt/hooks
|
|
'';
|
|
|
|
systemd = {
|
|
services = {
|
|
NetworkManager-wait-online.enable = false;
|
|
libvirtd.path = with pkgs; [ vfio-isolate systemd ];
|
|
};
|
|
|
|
user.services = {
|
|
scream = {
|
|
description = "Audio receiver for the Scream virtual network sound card";
|
|
#wantedBy = [ "default.target" ];
|
|
serviceConfig = {
|
|
Type = "simple";
|
|
ExecStart = "${pkgs.scream}/bin/scream -i virbr0 -o pulse";
|
|
Restart = "always";
|
|
};
|
|
};
|
|
replaysorcery-kms = {
|
|
description = "An open-source, instant-replay solution for Linux; KMS service";
|
|
#wantedBy = [ "default.target" ];
|
|
serviceConfig = {
|
|
Type = "simple";
|
|
ExecStart = "${pkgs.replaysorcery}/bin/replay-sorcery kms-service";
|
|
Restart = "always";
|
|
};
|
|
};
|
|
key-mapper = {
|
|
description = "A tool to change the mapping of your input device buttons";
|
|
wantedBy = [ "default.target" ];
|
|
serviceConfig = {
|
|
Type = "simple";
|
|
ExecStart = "${pkgs.key-mapper}/bin/key-mapper-service";
|
|
Restart = "always";
|
|
# NOTE: The Tartarus may not be connected, so don't fail if we cannot set the preset
|
|
ExecPostStart = "${pkgs.key-mapper}/bin/key-mapper --command start --preset NOOP --device \"Razer Razer Tartarus V2\"; exit 0";
|
|
};
|
|
};
|
|
replaysorcery = {
|
|
description = "An open-source, instant-replay solution for Linux";
|
|
#wantedBy = [ "default.target" ];
|
|
requires = [ "replaysorcery-kms.service" ];
|
|
serviceConfig = {
|
|
Type = "simple";
|
|
ExecStart = "${pkgs.replaysorcery}/bin/replay-sorcery";
|
|
Restart = "always";
|
|
};
|
|
};
|
|
evdev-proxy = {
|
|
description = "Creates virtual device to proxy evdev devices events";
|
|
#wantedBy = [ "default.target" ];
|
|
serviceConfig = {
|
|
Type = "simple";
|
|
ExecStart = "${pkgs.evdev-proxy}/bin/evdev-proxy";
|
|
Restart = "always";
|
|
};
|
|
};
|
|
# TODO: Remove once in stable or I decide to use unstable
|
|
gamemode = {
|
|
description = "A daemon/lib combo for Linux that allows games to request a set of optimisations be temporarily applied to the host OS.";
|
|
wantedBy = [ "default.target" ];
|
|
environment.PATH = lib.mkForce (pkgs.linkFarm "pkexec" [
|
|
{
|
|
name = "pkexec";
|
|
path = "${config.security.wrapperDir}/pkexec";
|
|
}
|
|
]);
|
|
serviceConfig = {
|
|
Type = "simple";
|
|
#ExecStart = "${pkgs.gamemode}/bin/gamemoded";
|
|
ExecStart = "${config.security.wrapperDir}/gamemoded";
|
|
Restart = "always";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
fileSystems = {
|
|
"/" = {
|
|
device = "/dev/disk/by-label/root";
|
|
fsType = "btrfs";
|
|
};
|
|
"/boot" = {
|
|
device = "/dev/disk/by-label/boot";
|
|
fsType = "vfat";
|
|
};
|
|
"/mnt/Storage" = {
|
|
device = "/dev/disk/by-label/storage";
|
|
fsType = "ext4";
|
|
};
|
|
};
|
|
swapDevices = [ ];
|
|
}
|