refactor: rename old profiles->modules [part 2]

2025-12-06 09:07:21 +01:00 · 2025-03-27 01:47:14 +01:00 · 2025-03-27 01:47:14 +01:00 · 289f072c13
commit 289f072c13
parent de9b5cf40c
138 changed files with 355 additions and 355 deletions
--- a/modules/nixos/optional/autologin.nix
+++ b/modules/nixos/optional/autologin.nix
@ -0,0 +1,10 @@
+{ config, ... }:
+let
+  inherit (config.swarselsystems) mainUser;
+in
+{
+  services = {
+    getty.autologinUser = mainUser;
+    greetd.settings.initial_session.user = mainUser;
+  };
+}
--- a/modules/nixos/optional/gaming.nix
+++ b/modules/nixos/optional/gaming.nix
@ -0,0 +1,37 @@
+{ pkgs, lib, ... }:
+{
+  specialisation = {
+    gaming.configuration = {
+      networking = {
+        firewall.enable = lib.mkForce false;
+        firewall = {
+          allowedUDPPorts = [ 4380 27036 14242 34197 ]; # 34197: factorio; 4380 27036 14242: barotrauma;
+          allowedTCPPorts = [ ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard
+          allowedTCPPortRanges = [
+            { from = 27015; to = 27030; } # barotrauma
+            { from = 27036; to = 27037; } # barotrauma
+          ];
+          allowedUDPPortRanges = [
+            { from = 27000; to = 27031; } # barotrauma
+            { from = 58962; to = 58964; } # barotrauma
+          ];
+        };
+      };
+
+      programs.steam = {
+        enable = true;
+        package = pkgs.steam;
+        extraCompatPackages = [
+          pkgs.proton-ge-bin
+        ];
+      };
+
+      hardware.xone.enable = true;
+
+      environment.systemPackages = [
+        pkgs.linuxKernel.packages.linux_6_12.xone
+      ];
+    };
+  };
+
+}
--- a/modules/nixos/optional/nswitch-rcm.nix
+++ b/modules/nixos/optional/nswitch-rcm.nix
@ -0,0 +1,10 @@
+{ pkgs, ... }:
+{
+  services.nswitch-rcm = {
+    enable = true;
+    package = pkgs.fetchurl {
+      url = "https://github.com/Atmosphere-NX/Atmosphere/releases/download/1.3.2/fusee.bin";
+      hash = "sha256-5AXzNsny45SPLIrvWJA9/JlOCal5l6Y++Cm+RtlJppI=";
+    };
+  };
+}
--- a/modules/nixos/optional/virtualbox.nix
+++ b/modules/nixos/optional/virtualbox.nix
@ -0,0 +1,21 @@
+{ lib, pkgs, ... }:
+{
+
+  specialisation = {
+    VBox.configuration = {
+      virtualisation.virtualbox = {
+        host = {
+          enable = true;
+          enableExtensionPack = true;
+        };
+        # leaving this here for future notice. setting guest.enable = true will make 'restarting sysinit-reactivation.target' take till timeout on nixos-rebuild switch
+        guest = {
+          enable = false;
+        };
+      };
+      # run an older kernel to provide compatibility with windows vm
+      boot.kernelPackages = lib.mkForce pkgs.linuxPackages;
+    };
+  };
+
+}
--- a/modules/nixos/optional/vmware.nix
+++ b/modules/nixos/optional/vmware.nix
@ -0,0 +1,6 @@
+_:
+{
+
+  virtualisation.vmware.host.enable = true;
+  virtualisation.vmware.guest.enable = true;
+}
--- a/modules/nixos/optional/work.nix
+++ b/modules/nixos/optional/work.nix
@ -0,0 +1,168 @@
+{ self, lib, pkgs, config, ... }:
+let
+  inherit (config.swarselsystems) mainUser homeDir xdgDir;
+  owner = mainUser;
+  sopsFile = self + /secrets/work/secrets.yaml;
+  swarselService = name: description: execStart: {
+    "${name}" = {
+      enable = true;
+      inherit description;
+      serviceConfig = {
+        ExecStart = execStart;
+        User = mainUser;
+        Group = "users";
+        Environment = [
+          "PATH=/run/current-system/sw/bin:/etc/profiles/per-user/${mainUser}/bin"
+          "XDG_RUNTIME_DIR=${xdgDir}"
+          "WAYLAND_DISPLAY=wayland-1"
+        ];
+        Type = "oneshot";
+        StandardOutput = "journal";
+        StandardError = "journal";
+      };
+    };
+  };
+in
+{
+  sops = {
+    secrets = {
+      vcuser = {
+        inherit owner sopsFile;
+      };
+      vcpw = {
+        inherit owner sopsFile;
+      };
+    };
+  };
+
+  boot.initrd = {
+    systemd.enable = lib.mkForce true; # make sure we are using initrd systemd even when not using Impermanence
+    luks = {
+      # disable "support" since we use systemd-cryptenroll
+      # make sure yubikeys are enrolled using
+      # sudo systemd-cryptenroll --fido2-device=auto --fido2-with-user-verification=no --fido2-with-user-presence=true --fido2-with-client-pin=no /dev/nvme0n1p2
+      yubikeySupport = false;
+      fido2Support = false;
+    };
+  };
+
+  programs = {
+    zsh.shellInit = ''
+      export VSPHERE_USER="$(cat ${config.sops.secrets.vcuser.path})"
+      export VSPHERE_PW="$(cat ${config.sops.secrets.vcpw.path})"
+    '';
+
+    browserpass.enable = true;
+    _1password.enable = true;
+    _1password-gui = {
+      enable = true;
+      polkitPolicyOwners = [ "${mainUser}" ];
+    };
+  };
+
+  networking = {
+    firewall.trustedInterfaces = [ "virbr0" ];
+    search = [
+      "vbc.ac.at"
+      "clip.vbc.ac.at"
+      "imp.univie.ac.at"
+    ];
+  };
+
+  virtualisation = {
+    docker.enable = lib.mkIf (!config.virtualisation.podman.dockerCompat) true;
+    spiceUSBRedirection.enable = true;
+    libvirtd = {
+      enable = true;
+      qemu = {
+        package = pkgs.qemu_kvm;
+        runAsRoot = true;
+        swtpm.enable = true;
+        vhostUserPackages = with pkgs; [ virtiofsd ];
+        ovmf = {
+          enable = true;
+          packages = [
+            (pkgs.OVMFFull.override {
+              secureBoot = true;
+              tpmSupport = true;
+            }).fd
+          ];
+        };
+      };
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    # (python39.withPackages (ps: with ps; [
+    # cryptography
+    # ]))
+    #   docker
+    python39
+    qemu
+    packer
+    gnumake
+    libisoburn
+    govc
+    terraform
+    graphviz
+
+    # vm
+    virt-manager
+    virt-viewer
+    virtiofsd
+    spice
+    spice-gtk
+    spice-protocol
+    win-virtio
+    win-spice
+  ];
+
+
+  services = {
+    spice-vdagentd.enable = true;
+    openssh = {
+      enable = true;
+      extraConfig = ''
+                  '';
+    };
+
+    syncthing = {
+      settings = {
+        "winters" = {
+          id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA";
+        };
+        folders = {
+          "Documents" = {
+            path = "${homeDir}/Documents";
+            devices = [ "magicant" "winters" ];
+            id = "hgr3d-pfu3w";
+          };
+        };
+      };
+    };
+
+    udev.extraRules = ''
+      # share screen when dongle detected
+      SUBSYSTEM=="usb", ACTION=="add", ATTRS{idVendor}=="04e8", ATTRS{idProduct}=="6860", TAG+="systemd", ENV{SYSTEMD_WANTS}="swarsel-screenshare.service"
+
+      # lock screen when yubikey removed
+      ACTION=="remove", ENV{PRODUCT}=="3/1050/407/110", RUN+="${pkgs.systemd}/bin/systemctl suspend"
+    '';
+
+  };
+
+  systemd.services = lib.mkMerge [
+    (swarselService "swarsel-screenshare" "Start screensharing after HDMI dongle is detected" "${pkgs.screenshare}/bin/screenshare -h")
+  ];
+
+  # cgroups v1 is required for centos7 dockers
+  specialisation = {
+    cgroup_v1.configuration = {
+      boot.kernelParams = [
+        "SYSTEMD_CGROUP_ENABLE_LEGACY_FORCE=1"
+        "systemd.unified_cgroup_hierarchy=0"
+      ];
+    };
+  };
+
+}