wip: migrate client modules

modules-clone/nixos/optional/amdcpu.nix

@@ -0,0 +1,8 @@
+_:
+{
+  config = {
+    hardware = {
+      cpu.amd.updateMicrocode = true;
+    };
+  };
+}

modules-clone/nixos/optional/amdgpu.nix

@@ -0,0 +1,15 @@
+_:
+{
+  config = {
+    hardware = {
+      amdgpu = {
+        opencl.enable = true;
+        initrd.enable = true;
+        # amdvlk = {
+        #   enable = true;
+        #   support32Bit.enable = true;
+        # };
+      };
+    };
+  };
+}

modules-clone/nixos/optional/default.nix

@@ -0,0 +1,8 @@
+# @ future me: dont panic, this file is not read in by readNix
+{ lib, ... }:
+let
+  importNames = lib.swarselsystems.readNix "modules-clone/nixos/optional";
+in
+{
+  imports = lib.swarselsystems.mkImports importNames "modules-clone/nixos/optional";
+}

modules-clone/nixos/optional/framework.nix

@@ -0,0 +1,34 @@
+{ self, lib, config, withHomeManager, ... }:
+{
+  config = {
+
+
+    services = {
+      fwupd = {
+        enable = true;
+        # framework also uses lvfs-testing, but I do not want to use it
+        extraRemotes = [ "lvfs" ];
+      };
+      udev.extraRules = ''
+        # disable Wakeup on Framework Laptop 16 Keyboard (ANSI)
+        ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0012", ATTR{power/wakeup}="disabled"
+        # disable Wakeup on Framework Laptop 16 Numpad Module
+        ACTION=="add", SUBSYSTEM=="usb", ATTRS{idVendor}=="32ac", ATTRS{idProduct}=="0014", ATTR{power/wakeup}="disabled"
+        # disable Wakeup on Framework Laptop 16 Trackpad
+        ACTION=="add", SUBSYSTEM=="i2c", DRIVERS=="i2c_hid_acpi", ATTRS{name}=="PIXA3854:00", ATTR{power/wakeup}="disabled"
+      '';
+    };
+    hardware.fw-fanctrl = {
+      enable = true;
+      config = {
+        defaultStrategy = "lazy";
+      };
+    };
+  } // lib.optionalAttrs withHomeManager {
+    home-manager.users."${config.swarselsystems.mainUser}" = {
+      imports = [
+        "${self}/modules/home/optional/framework.nix"
+      ];
+    };
+  };
+}

modules-clone/nixos/optional/gaming.nix

@@ -0,0 +1,46 @@
+{ self, lib, pkgs, config, withHomeManager, ... }:
+{
+  config = {
+
+    programs.steam = {
+      enable = true;
+      package = pkgs.steam;
+      extraCompatPackages = [
+        pkgs.proton-ge-bin
+      ];
+    };
+    # specialisation = {
+    #   gaming.configuration = {
+    #     networking = {
+    #       firewall.enable = lib.mkForce false;
+    #       firewall = {
+    #         allowedUDPPorts = [ 4380 27036 14242 34197 ]; # 34197: factorio; 4380 27036 14242: barotrauma;
+    #         allowedTCPPorts = [ ]; # 34197: factorio; 4380 27036 14242: barotrauma; 51820: wireguard
+    #         allowedTCPPortRanges = [
+    #           { from = 27015; to = 27030; } # barotrauma
+    #           { from = 27036; to = 27037; } # barotrauma
+    #         ];
+    #         allowedUDPPortRanges = [
+    #           { from = 27000; to = 27031; } # barotrauma
+    #           { from = 58962; to = 58964; } # barotrauma
+    #         ];
+    #       };
+    #     };
+
+
+    #     hardware.xone.enable = true;
+
+    #     environment.systemPackages = [
+    #       pkgs.linuxKernel.packages.linux_6_12.xone
+    #     ];
+    #   };
+    # };
+  } // lib.optionalAttrs withHomeManager {
+    home-manager.users."${config.swarselsystems.mainUser}" = {
+      imports = [
+        "${self}/modules/home/optional/gaming.nix"
+      ];
+    };
+  };
+
+}

modules-clone/nixos/optional/hibernation.nix

@@ -0,0 +1,30 @@
+{ lib, config, ... }:
+{
+  options.swarselsystems = {
+    hibernation = {
+      offset = lib.mkOption {
+        type = lib.types.int;
+        default = 0;
+      };
+      resumeDevice = lib.mkOption {
+        type = lib.types.str;
+        default = "/dev/disk/by-label/nixos";
+      };
+    };
+  };
+  config = {
+    boot = {
+      kernelParams = [
+        "resume_offset=${builtins.toString config.swarselsystems.hibernation.offset}"
+        # "mem_sleep_default=deep"
+      ];
+      inherit (config.swarselsystems.hibernation) resumeDevice;
+    };
+    systemd.services."systemd-suspend-then-hibernate".aliases = [ "systemd-suspend.service" ];
+    powerManagement.enable = true;
+    systemd.sleep.settings.Sleep = {
+      HibernateDelaySec = "120m";
+      SuspendState = "freeze";
+    };
+  };
+}

modules-clone/nixos/optional/microvm-guest-shares.nix

@@ -0,0 +1,15 @@
+{ lib, config, microVMParent, nodes, ... }:
+{
+  config = {
+    microvm = {
+      shares = [
+        {
+          tag = "persist";
+          source = "${lib.optionalString nodes.${microVMParent}.config.swarselsystems.isImpermanence "/persist"}/microvms/${config.networking.hostName}";
+          mountPoint = "/persist";
+          proto = "virtiofs";
+        }
+      ];
+    };
+  };
+}

modules-clone/nixos/optional/microvm-guest.nix

@@ -0,0 +1,63 @@
+{ self, config, inputs, ... }:
+{
+  imports = [
+    inputs.disko.nixosModules.disko
+    inputs.home-manager.nixosModules.home-manager
+    inputs.impermanence.nixosModules.impermanence
+    inputs.lanzaboote.nixosModules.lanzaboote
+    inputs.microvm.nixosModules.microvm
+    inputs.nix-index-database.nixosModules.nix-index
+    inputs.nix-minecraft.nixosModules.minecraft-servers
+    inputs.nix-topology.nixosModules.default
+    inputs.nswitch-rcm-nix.nixosModules.nswitch-rcm
+    inputs.simple-nixos-mailserver.nixosModules.default
+    inputs.sops.nixosModules.sops
+    inputs.stylix.nixosModules.stylix
+    inputs.swarsel-nix.nixosModules.default
+    inputs.nixos-nftables-firewall.nixosModules.default
+    inputs.pia.nixosModules.default
+
+    (inputs.nixos-extra-modules + "/modules/interface-naming.nix")
+
+    "${self}/modules/shared/meta.nix"
+  ];
+
+  config = {
+    _module.args.dns = inputs.dns;
+
+    nix.settings.experimental-features = [
+      "nix-command"
+      "flakes"
+    ];
+    systemd.services."systemd-networkd".environment.SYSTEMD_LOG_LEVEL = "debug";
+    # NOTE: this is needed, we dont import sevrer network module for microvms
+    globals.hosts.${config.node.name}.isHome = true;
+
+    systemd.network.networks."10-vlan-services" = {
+      dhcpV6Config = {
+        WithoutRA = "solicit";
+        # duid-en is nice in principle, but I already have MAC info anyways for reservations
+        DUIDType = "link-layer";
+      };
+      # networkConfig = {
+      #   IPv6PrivacyExtensions = "no";
+      #   IPv6AcceptRA = false;
+      # };
+      ipv6AcceptRAConfig = {
+        DHCPv6Client = "always";
+      };
+    };
+
+    # microvm = {
+    #   mount the writeable overlay so that we can use nix shells inside the microvm
+    #   volumes = [
+    #     {
+    #       image = "/tmp/nix-store-overlay-${config.networking.hostName}.img";
+    #       autoCreate = true;
+    #       mountPoint = config.microvm.writableStoreOverlay;
+    #       size = 1024;
+    #     }
+    #   ];
+    # };
+  };
+}

modules-clone/nixos/optional/microvm-host.nix

@@ -0,0 +1,23 @@
+{ config, lib, confLib, ... }:
+{
+  config = lib.mkIf (config.guests != { }) {
+
+    systemd.tmpfiles.settings."15-microvms" = builtins.listToAttrs (
+      map
+        (path: {
+          name = "${lib.optionalString config.swarselsystems.isImpermanence "/persist"}/microvms/${path}";
+          value = {
+            d = {
+              group = "kvm";
+              user = "microvm";
+              mode = "0750";
+            };
+          };
+        })
+        (builtins.attrNames config.guests)
+    );
+
+    users.persistentIds.microvm = confLib.mkIds 999;
+
+  };
+}

modules-clone/nixos/optional/niri.nix

@@ -0,0 +1,31 @@
+{ self, inputs, config, pkgs, ... }:
+{
+  imports = [
+    inputs.niri-flake.nixosModules.niri
+  ];
+  config = {
+
+    niri-flake.cache.enable = true;
+    home-manager.users.${config.swarselsystems.mainUser}.imports = [
+      "${self}/modules/home/optional/niri.nix"
+    ];
+
+    environment.systemPackages = with pkgs; [
+      wl-clipboard
+      wayland-utils
+      libsecret
+      cage
+      gamescope
+      xwayland-satellite-unstable
+    ];
+
+    services.niritiling.enable = true;
+
+    programs = {
+      niri = {
+        enable = true;
+        package = pkgs.niri-stable; # the actual niri that will be installed and used
+      };
+    };
+  };
+}

modules-clone/nixos/optional/nix-topology-self.nix

@@ -0,0 +1,25 @@
+{ lib, config, globals, confLib, ... }:
+let
+  inherit (confLib.static) webProxy;
+in
+{
+  topology.self = {
+    icon = lib.mkIf config.swarselsystems.isCloud "devices.cloud-server";
+    interfaces = {
+      wan = lib.mkIf (config.swarselsystems.isCloud && config.swarselsystems.server.localNetwork == "wan") { };
+      lan = lib.mkIf (config.swarselsystems.isCloud && config.swarselsystems.server.localNetwork == "lan") { };
+      wgProxy = lib.mkIf (config.swarselsystems.server.wireguard ? wgHome) {
+        addresses = [ globals.networks."${webProxy}-wg.hosts".${config.node.name}.ipv4 ];
+        renderer.hidePhysicalConnections = true;
+        virtual = true;
+        type = "wireguard";
+      };
+      wgHome = lib.mkIf (config.swarselsystems.server.wireguard ? wgHome) {
+        addresses = [ globals.networks.home-wgHome.hosts.${config.node.name}.ipv4 ];
+        renderer.hidePhysicalConnections = true;
+        virtual = true;
+        type = "wireguard";
+      };
+    };
+  };
+}

modules-clone/nixos/optional/noctalia.nix

@@ -0,0 +1,26 @@
+{ self, inputs, config, ... }:
+{
+  disabledModules = [ "programs/gpu-screen-recorder.nix" ];
+  imports = [
+    "${inputs.nixpkgs-dev}/nixos/modules/programs/gpu-screen-recorder.nix"
+  ];
+  config = {
+    home-manager.users.${config.swarselsystems.mainUser}.imports = [
+      "${self}/modules/home/optional/noctalia.nix"
+    ];
+    services = {
+      upower.enable = true; # needed for battery percentage
+      gnome.evolution-data-server.enable = true; # needed for calendar integration
+
+      noctoggle = {
+        enable = true;
+        # noctaliaPackage = pkgs.noctalia-shell;
+      };
+
+    };
+    programs = {
+      gpu-screen-recorder.enable = true;
+      evolution.enable = true;
+    };
+  };
+}

modules-clone/nixos/optional/nswitch-rcm.nix

@@ -0,0 +1,12 @@
+{ pkgs, ... }:
+{
+  config = {
+    services.nswitch-rcm = {
+      enable = true;
+      package = pkgs.fetchurl {
+        url = "https://github.com/Atmosphere-NX/Atmosphere/releases/download/1.3.2/fusee.bin";
+        hash = "sha256-5AXzNsny45SPLIrvWJA9/JlOCal5l6Y++Cm+RtlJppI=";
+      };
+    };
+  };
+}

modules-clone/nixos/optional/systemd-networkd-base.nix

@@ -0,0 +1,13 @@
+{ lib, config, ... }:
+{
+  networking = {
+    useDHCP = lib.mkForce false;
+    useNetworkd = true;
+    dhcpcd.enable = lib.mkIf (!config.swarselsystems.isMicroVM) false;
+    renameInterfacesByMac = lib.mkIf (!config.swarselsystems.isMicroVM) (lib.mapAttrs (_: v: if (v ? mac) then v.mac else "") (
+      config.repo.secrets.local.networking.networks or { }
+    ));
+  };
+
+  systemd.network.enable = true;
+}

modules-clone/nixos/optional/systemd-networkd-server-home.nix

@@ -0,0 +1,146 @@
+{ self, lib, config, globals, ... }:
+let
+  inherit (globals.general) routerServer;
+  inherit (config.swarselsystems) withMicroVMs isCrypted initrdVLAN;
+
+  isRouter = config.node.name == routerServer;
+  localVLANsList = config.swarselsystems.localVLANs;
+  localVLANs = lib.genAttrs localVLANsList (x: globals.networks.home-lan.vlans.${x});
+in
+{
+  imports = [
+    "${self}/modules/nixos/optional/systemd-networkd-server.nix"
+  ];
+  config = {
+    assertions = [
+      {
+        assertion = ((localVLANsList != [ ]) && (initrdVLAN != null)) || (localVLANsList == [ ]) || (!isCrypted);
+        message = "This host uses VLANs and disk encryption, thus a VLAN must be specified for initrd or disk encryption must be removed.";
+      }
+    ];
+
+    boot.initrd = lib.mkIf (isCrypted && (localVLANsList != [ ]) && (!isRouter)) {
+      availableKernelModules = [ "8021q" ];
+      kernelModules = [ "8021q" ]; # at least summers needs this to actually find the interfaces
+      systemd.network = {
+        enable = true;
+        netdevs."30-vlan-${initrdVLAN}" = {
+          netdevConfig = {
+            Kind = "vlan";
+            Name = "vlan-${initrdVLAN}";
+          };
+          vlanConfig.Id = globals.networks.home-lan.vlans.${initrdVLAN}.id;
+        };
+        networks = {
+          "10-lan" = {
+            matchConfig.Name = "lan";
+            # This interface should only be used from attached vlans.
+            # So don't acquire a link local address and only wait for
+            # this interface to gain a carrier.
+            networkConfig.LinkLocalAddressing = "no";
+            linkConfig.RequiredForOnline = "carrier";
+            vlan = [ "vlan-${initrdVLAN}" ];
+          };
+          "30-vlan-${initrdVLAN}" = {
+            address = [
+              globals.networks.home-lan.vlans.${initrdVLAN}.hosts.${config.node.name}.cidrv4
+              globals.networks.home-lan.vlans.${initrdVLAN}.hosts.${config.node.name}.cidrv6
+            ];
+            matchConfig.Name = "vlan-${initrdVLAN}";
+            networkConfig = {
+              IPv6PrivacyExtensions = "yes";
+            };
+            linkConfig.RequiredForOnline = "routable";
+          };
+        };
+      };
+    };
+
+    topology.self.interfaces = (lib.mapAttrs'
+      (vlanName: _:
+        lib.nameValuePair "vlan-${vlanName}" {
+          network = lib.mkForce vlanName;
+        }
+      )
+      localVLANs) // (lib.mapAttrs'
+      (vlanName: _:
+        lib.nameValuePair "me-${vlanName}" {
+          network = lib.mkForce vlanName;
+        }
+      )
+      localVLANs);
+
+    systemd.network = {
+      netdevs = lib.flip lib.concatMapAttrs localVLANs (
+        vlanName: vlanCfg: {
+          "30-vlan-${vlanName}" = {
+            netdevConfig = {
+              Kind = "vlan";
+              Name = "vlan-${vlanName}";
+            };
+            vlanConfig.Id = vlanCfg.id;
+          };
+          # Create a MACVTAP for ourselves too, so that we can communicate with
+          # our guests on the same interface.
+          "40-me-${vlanName}" = lib.mkIf withMicroVMs {
+            netdevConfig = {
+              Name = "me-${vlanName}";
+              Kind = "macvlan";
+            };
+            extraConfig = ''
+              [MACVLAN]
+              Mode=bridge
+            '';
+          };
+        }
+      );
+      networks = {
+        "10-lan" = lib.mkIf (!isRouter) {
+          matchConfig.Name = "lan";
+          # This interface should only be used from attached vlans.
+          # So don't acquire a link local address and only wait for
+          # this interface to gain a carrier.
+          networkConfig.LinkLocalAddressing = "no";
+          linkConfig.RequiredForOnline = "carrier";
+          vlan = map (name: "vlan-${name}") (builtins.attrNames localVLANs);
+        };
+        # Remaining macvtap interfaces should not be touched.
+        "90-macvtap-ignore" = lib.mkIf withMicroVMs {
+          matchConfig.Kind = "macvtap";
+          linkConfig.ActivationPolicy = "manual";
+          linkConfig.Unmanaged = "yes";
+        };
+      }
+      // lib.flip lib.concatMapAttrs localVLANs (
+        vlanName: vlanCfg:
+          let
+            me = {
+              address = [
+                vlanCfg.hosts.${config.node.name}.cidrv4
+                vlanCfg.hosts.${config.node.name}.cidrv6
+              ];
+              gateway = lib.optionals (vlanName == "services") [ vlanCfg.hosts.${routerServer}.ipv4 vlanCfg.hosts.${routerServer}.ipv6 ];
+              matchConfig.Name = "${if withMicroVMs then "me" else "vlan"}-${vlanName}";
+              networkConfig.IPv6PrivacyExtensions = "yes";
+              linkConfig.RequiredForOnline = "routable";
+            };
+
+          in
+          {
+            "30-vlan-${vlanName}" = if (!withMicroVMs) then me else {
+              matchConfig.Name = "vlan-${vlanName}";
+              # This interface should only be used from attached macvlans.
+              # So don't acquire a link local address and only wait for
+              # this interface to gain a carrier.
+              networkConfig.LinkLocalAddressing = "no";
+              networkConfig.MACVLAN = "me-${vlanName}";
+              linkConfig.RequiredForOnline = if isRouter then "no" else "carrier";
+            };
+            "40-me-${vlanName}" = lib.mkIf withMicroVMs (lib.mkDefault me);
+          }
+      );
+    };
+
+  };
+
+}

modules-clone/nixos/optional/systemd-networkd-server.nix

@@ -0,0 +1,53 @@
+{ self, lib, config, globals, ... }:
+let
+  inherit (config.swarselsystems) isCrypted localVLANs;
+  inherit (globals.general) routerServer;
+
+  isRouter = config.node.name == routerServer;
+  ifName = config.swarselsystems.server.localNetwork;
+in
+{
+  imports = [
+    "${self}/modules/nixos/optional/systemd-networkd-base.nix"
+  ];
+
+  boot.initrd.systemd.network = lib.mkIf (isCrypted && ((localVLANs == [ ]) || isRouter)) {
+    enable = true;
+    networks."10-${ifName}" = config.systemd.network.networks."10-${ifName}";
+  };
+
+  systemd = {
+    network = {
+      wait-online.enable = false;
+      networks =
+        let
+          netConfig = config.repo.secrets.local.networking;
+        in
+        {
+          "10-${ifName}" = lib.mkIf (isRouter || (localVLANs == [ ])) {
+            # address = lib.optionals (isRouter || (localVLANs == [ ])) [
+            address = [
+              "${globals.networks.${config.swarselsystems.server.netConfigName}.hosts.${config.node.name}.cidrv4}"
+              "${globals.networks.${config.swarselsystems.server.netConfigName}.hosts.${config.node.name}.cidrv6}"
+            ];
+            routes = [
+              {
+                Gateway = netConfig.defaultGateway6;
+                GatewayOnLink = true;
+              }
+              {
+                Gateway = netConfig.defaultGateway4;
+                GatewayOnLink = true;
+              }
+            ];
+            networkConfig = {
+              IPv6PrivacyExtensions = true;
+              IPv6AcceptRA = false;
+            };
+            matchConfig.MACAddress = netConfig.networks.${config.swarselsystems.server.localNetwork}.mac;
+            linkConfig.RequiredForOnline = "routable";
+          };
+        };
+    };
+  };
+}

modules-clone/nixos/optional/uni.nix

@@ -0,0 +1,11 @@
+{ self, config, withHomeManager, ... }:
+{
+  config = { } // lib.optionalAttrs withHomeManager {
+
+    home-manager.users."${config.swarselsystems.mainUser}" = {
+      imports = [
+        "${self}/modules/home/optional/work.nix"
+      ];
+    };
+  };
+}

modules-clone/nixos/optional/virtualbox.nix

@@ -0,0 +1,35 @@
+{ lib, config, pkgs, ... }:
+{
+  config = {
+    # specialisation = {
+    #   VBox.configuration = {
+    virtualisation.virtualbox = {
+      host = {
+        enable = true;
+        enableKvm = true;
+        addNetworkInterface = lib.mkIf config.virtualisation.virtualbox.host.enableKvm false;
+        package = pkgs.virtualbox;
+        enableExtensionPack = true;
+      };
+      # leaving this here for future notice. setting guest.enable = true will make 'restarting sysinit-reactivation.target' take till timeout on nixos-rebuild switch
+      guest = {
+        enable = false;
+      };
+    };
+    # run an older kernel to provide compatibility with windows vm
+    # boot = {
+    #   kernelPackages = lib.mkForce pkgs.stable24_05.linuxPackages;
+    #   # kernelParams = [
+    #   #   "amd_iommu=on"
+    #   # ];
+    # };
+
+
+    # fixes the issue of running together with QEMU
+    # NOTE: once you start a QEMU VM (use kvm) VirtualBox will fail to start VMs
+    # boot.kernelParams = [ "kvm.enable_virt_at_load=0" ];
+    #   };
+    # };
+  };
+
+}

modules-clone/nixos/optional/vmware.nix

@@ -0,0 +1,8 @@
+_:
+{
+
+  config = {
+    virtualisation.vmware.host.enable = true;
+    virtualisation.vmware.guest.enable = true;
+  };
+}