chayleaf/dotfiles
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

massive cleanup

Browse source
This commit is contained in:
chayleaf 2023-12-18 08:48:49 +07:00
parent a624526c5b
commit 2de8bfdfe2
Signed by: chayleaf
GPG key ID: 78171AD46227E68E
17 changed files with 309 additions and 514 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
flake.lock
View file

@ -218,11 +218,11 @@
"mobile-nixos": { "mobile-nixos": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1697544701, "lastModified": 1702635187,
"narHash": "sha256-u/59b13bwEqxR1x2l9SeSya2ZXABmjpUCdTrXVMLrsA=", "narHash": "sha256-SrPY118ozIUfGWWbDfcwolgtMuQBDBvPZ/TCLaWqoSs=",
"owner": "chayleaf", "owner": "chayleaf",
"repo": "mobile-nixos", "repo": "mobile-nixos",
"rev": "b3ec466c5abbda7de279dccb010ab10e74dd07ee", "rev": "d63c2a8d6488a15dffa0a1c1771239074b474f91",
"type": "github" "type": "github"
}, },
"original": { "original": {

292
flake.nix
View file

@ -59,38 +59,33 @@
}; };
}; };
outputs = inputs@ outputs = base-inputs@{ self, nixpkgs, ... }:
{ self
, coop-ofd
, nixpkgs
, nixos-hardware
, mobile-nixos
, impermanence
, home-manager
, nur
, nix-gaming
, notlua
, notnft
, nixos-mailserver
, nixos-router
, maubot
, ... }:
let let
# --impure required for developing # --impure required for developing
# it takes the paths for modules from filesystem as opposed to flake inputs # it takes the paths for modules from filesystem as opposed to flake inputs
devNft = false; dev = {
devNixRt = false; # notnft = true;
devMaubot = false; # nixos-router = true;
devCoopOfd = false; # maubot = true;
# coop-ofd = true;
};
# IRL-related stuff I'd rather not put into git # IRL-related stuff I'd rather not put into git
priv = priv =
if builtins.pathExists ./private.nix then (import ./private.nix { }) if builtins.pathExists ./private.nix then import ./private.nix { }
else if builtins.pathExists ./private/default.nix then (import ./private { }) else if builtins.pathExists ./private/default.nix then import ./private { }
# workaround for git flakes not having access to non-checked out files # workaround for git flakes not having access to non-checked out files
else if builtins?extraBuiltins.secrets then builtins.extraBuiltins.secrets else if builtins?extraBuiltins.secrets then builtins.extraBuiltins.secrets
# yes, this is impure, this is a last ditch effort at getting access to secrets # yes, this is impure, this is a last ditch effort at getting access to secrets
else import /etc/nixos/private { }; else import /etc/nixos/private { };
devPath = priv.devPath or ../.; devPath = priv.devPath or ../.;
inputs = builtins.mapAttrs
(name: input:
if dev.${name} or false then
(if input.flake or true
then import base-inputs.flake-compat { src = /${devPath}/${name}; }
else /${devPath}/${name})
else input)
base-inputs;
# if x has key s, get it. Otherwise return def # if x has key s, get it. Otherwise return def
# All private config for hostname # All private config for hostname
getPriv = hostname: priv.${hostname} or { }; getPriv = hostname: priv.${hostname} or { };
@ -99,20 +94,13 @@
# Private home-manager config for hostname and username # Private home-manager config for hostname and username
getPrivUser = hostname: user: (getPriv hostname).${user} or { }; getPrivUser = hostname: user: (getPriv hostname).${user} or { };
# extended lib # extended lib
lib = nixpkgs.lib // { lib = nixpkgs.lib // import ./lib.nix { inherit (nixpkgs) lib; };
quoteListenAddr = addr:
if nixpkgs.lib.hasInfix ":" addr then "[${addr}]" else addr;
};
# can't use callPackage ./pkgs here, idk why; use import instead # can't use callPackage ./pkgs here, idk why; use import instead
overlay' = args: self: super: import ./pkgs ({ overlay' = args: self: super: import ./pkgs ({
pkgs = super; pkgs = super;
pkgs' = self; pkgs' = self;
lib = super.lib; lib = super.lib;
nur = import nur { inherit inputs;
pkgs = super;
nurpkgs = super;
};
inherit nix-gaming;
} // args); } // args);
overlay = overlay' { }; overlay = overlay' { };
# I override some settings down the line, but overlays always stay the same # I override some settings down the line, but overlays always stay the same
@ -129,183 +117,42 @@
system = "aarch64-linux"; system = "aarch64-linux";
modules = [ modules = [
{ {
_module.args.server-config = nixosConfigurations.server.config; _module.args.server-config = self.nixosConfigurations.server.config;
_module.args.notnft = if devNft then (import /${devPath}/notnft { inherit (nixpkgs) lib; }).config.notnft else notnft.lib.${system}; _module.args.notnft = inputs.notnft.lib.${system};
} }
(if devNixRt then import /${devPath}/nixos-router else nixos-router.nixosModules.default) inputs.nixos-router.nixosModules.default
./system/modules/ping-exporter.nix
]; ];
}; };
crossConfig' = from: config: config // { in {
modules = config.modules ++ [
{
_module.args.fromSourcePkgs = (mkPkgs { system = from; }).pkgsCross.${{
aarch64-linux = "aarch64-multiplatform";
}.${config.system}};
}
];
};
crossConfig = config: crossConfig' ({
x86_64-linux = "aarch64-linux";
aarch64-linux = "x86_64-linux";
}.${config.system}) config;
in rec {
router-emmc = mkBpiR3 "emmc" routerConfig; router-emmc = mkBpiR3 "emmc" routerConfig;
router-sd = mkBpiR3 "sd" routerConfig; router-sd = mkBpiR3 "sd" routerConfig;
router-emmc-cross = crossConfig router-emmc;
router-sd-cross = crossConfig router-emmc;
server = { server = {
system = "aarch64-linux"; system = "aarch64-linux";
modules = [ modules = [
{ _module.args.router-config = nixosConfigurations.router-emmc.config; } { _module.args.router-config = self.nixosConfigurations.router-emmc.config; }
nixos-mailserver.nixosModules.default
./system/devices/radxa-rock5a-server.nix ./system/devices/radxa-rock5a-server.nix
(if devMaubot then import /${devPath}/maubot.nix/module else maubot.nixosModules.default)
(if devCoopOfd then import /${devPath}/coop-ofd else coop-ofd).nixosModules.default
./system/modules/scanservjs.nix
./system/modules/qbittorrent.nix
]; ];
}; };
server-cross = crossConfig server;
nixmsi = rec { nixmsi = rec {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [ ./system/devices/msi-delta-15-workstation.nix ];
nix-gaming.nixosModules.pipewireLowLatency
./system/devices/msi-delta-15-workstation.nix
];
home.common.enableNixosModule = false;
home.common.extraSpecialArgs = { home.common.extraSpecialArgs = {
notlua = notlua.lib.${system}; notlua = inputs.notlua.lib.${system};
}; };
home.user = [ home.user = [ ./home/hosts/nixmsi.nix ];
nur.nixosModules.nur
./home/hosts/nixmsi.nix
];
}; };
nixmsi-cross = crossConfig nixmsi;
phone = { phone = {
system = "aarch64-linux"; system = "aarch64-linux";
modules = [ modules = [
(import "${mobile-nixos}/lib/configuration.nix" { (import "${inputs.mobile-nixos}/lib/configuration.nix" {
device = "oneplus-enchilada"; device = "oneplus-enchilada";
}) })
./system/hosts/phone/default.nix ./system/hosts/phone/default.nix
]; ];
}; };
phone-cross = crossConfig phone;
}; };
# this is the system config processing part
nixosConfigurations = builtins.mapAttrs (hostname: args @ { system, modules, specialArgs ? {}, nixpkgs ? {}, home ? {}, ... }:
lib.nixosSystem ({
inherit system;
# allow modules to access nixpkgs directly, use customized lib,
# and pass nixos-harware to let hardware modules import parts of nixos-hardware
specialArgs = {
inherit lib nixpkgs;
hardware = nixos-hardware.nixosModules;
} // specialArgs;
modules = modules ++ [
# Third-party NixOS modules
impermanence.nixosModule
# My custom NixOS modules
./system/modules/vfio.nix
./system/modules/ccache.nix
./system/modules/impermanence.nix
./system/modules/common.nix
(getPrivSys hostname)
# The common configuration that isn't part of common.nix
({ config, pkgs, lib, ... }: {
networking.hostName = lib.mkDefault hostname;
nixpkgs.overlays = [ overlay ];
nix.extraOptions = ''
plugin-files = ${pkgs.nix-plugins.override { nix = config.nix.package; }}/lib/nix/plugins/libnix-extra-builtins.so
'';
# registry is used for the new flaky nix command
nix.registry =
builtins.mapAttrs
(_: v: { flake = v; })
(lib.filterAttrs (_: v: v?outputs) inputs);
# add import'able flake inputs (like nixpkgs) to nix path
# nix path is used for old nix commands (like nix-build, nix-shell)
environment.etc = lib.mapAttrs'
(name: value: {
name = "nix/inputs/${name}";
value = { source = value.outPath; };
})
(lib.filterAttrs (_: v: builtins.pathExists "${v}/default.nix") inputs);
nix.nixPath = [ "/etc/nix/inputs" ];
})
]
# the following is NixOS home-manager module configuration. Currently unused, but I might start using it for some hosts later.
++ (lib.optionals (home != {} && ((home.common or {}).enableNixosModule or true)) [
home-manager.nixosModules.home-manager
{
home-manager = builtins.removeAttrs (home.common or { }) [ "nixpkgs" "nix" "enableNixosModule" ];
}
{
# set both to false to match behavior with standalone home-manager
home-manager.useGlobalPkgs = false;
home-manager.useUserPackages = false;
home-manager.users = builtins.mapAttrs (username: modules: {
imports = modules ++ [
{
nixpkgs = (home.common or { }).nixpkgs or { };
nix = (home.common or { }).nix or { };
}
({ config, pkgs, lib, ...}: {
nixpkgs.overlays = [ overlay ];
nix.package = lib.mkDefault pkgs.nixForNixPlugins;
# this is only needed if nixos doesnt set plugin-files already
/*nix.extraOptions = ''
plugin-files = ${pkgs.nix-plugins.override { nix = config.nix.package; }}/lib/nix/plugins/libnix-extra-builtins.so
'';*/
})
(getPrivUser hostname username)
];
}) (builtins.removeAttrs home [ "common" ]);
}
]);
} // (builtins.removeAttrs args [ "home" "modules" "nixpkgs" ])))
config;
# for each hostname, for each user, generate an attribute "${user}@${hostname}"
homeConfigurations =
builtins.foldl'
(a: b: a // b)
{ }
(builtins.concatLists
(lib.mapAttrsToList
(hostname: sysConfig:
let
inherit (sysConfig) system;
common' = builtins.removeAttrs (sysConfig.home.common or { }) [ "nix" "nixpkgs" "enableNixosModule" ];
pkgs = mkPkgs ({ inherit system; } // ((sysConfig.home.common or { }).nixpkgs or {}));
common = common' // { inherit pkgs; };
in
lib.mapAttrsToList
# this is where actual config takes place
(user: homeConfig: {
"${user}@${hostname}" = home-manager.lib.homeManagerConfiguration (common // {
modules = homeConfig ++ [
(getPrivUser hostname user)
({ config, pkgs, lib, ... }: {
nixpkgs.overlays = [ overlay ];
nix.package = lib.mkDefault pkgs.nixForNixPlugins;
# this is only needed if nixos doesnt set plugin-files already
/*nix.extraOptions = ''
plugin-files = ${pkgs.nix-plugins.override { nix = config.nix.package; }}/lib/nix/plugins/libnix-extra-builtins.so
'';*/
})
];
});
})
(builtins.removeAttrs (sysConfig.home or { }) [ "common" ]))
config));
in { in {
inherit nixosConfigurations homeConfigurations;
overlays.default = overlay; overlays.default = overlay;
packages = lib.genAttrs [ packages = lib.genAttrs [
"x86_64-linux" "x86_64-linux"
@ -313,24 +160,87 @@
] (system: let self = overlay' { isOverlay = false; } (mkPkgs { inherit system; } // self) (import nixpkgs { inherit system; }); in self); ] (system: let self = overlay' { isOverlay = false; } (mkPkgs { inherit system; } // self) (import nixpkgs { inherit system; }); in self);
nixosImages.router = let pkgs = mkPkgs { inherit (config.router-emmc) system; }; in { nixosImages.router = let pkgs = mkPkgs { inherit (config.router-emmc) system; }; in {
emmcImage = pkgs.callPackage ./system/hardware/bpi-r3/image.nix { emmcImage = pkgs.callPackage ./system/hardware/bpi-r3/image.nix {
inherit (nixosConfigurations.router-emmc) config; inherit (self.nixosConfigurations.router-emmc) config;
rootfsImage = nixosConfigurations.router-emmc.config.system.build.rootfsImage; rootfsImage = self.nixosConfigurations.router-emmc.config.system.build.rootfsImage;
bpiR3Stuff = pkgs.bpiR3StuffEmmc; bpiR3Stuff = pkgs.bpiR3StuffEmmc;
}; };
sdImage = pkgs.callPackage ./system/hardware/bpi-r3/image.nix { sdImage = pkgs.callPackage ./system/hardware/bpi-r3/image.nix {
inherit (nixosConfigurations.router-sd) config; inherit (self.nixosConfigurations.router-sd) config;
rootfsImage = nixosConfigurations.router-sd.config.system.build.rootfsImage; rootfsImage = self.nixosConfigurations.router-sd.config.system.build.rootfsImage;
bpiR3Stuff = pkgs.bpiR3StuffSd; bpiR3Stuff = pkgs.bpiR3StuffSd;
}; };
}; };
nixosImages.phone = nixosConfigurations.phone.config.mobile.outputs.disk-image;
nixosImages.phone-fastboot = nixosConfigurations.phone.config.mobile.outputs.android.android-fastboot-image;
hydraJobs = { hydraJobs = {
server.${config.server.system} = nixosConfigurations.server.config.system.build.toplevel; server.${config.server.system} = self.nixosConfigurations.server.config.system.build.toplevel;
workstation.${config.nixmsi.system} = nixosConfigurations.nixmsi.config.system.build.toplevel; workstation.${config.nixmsi.system} = self.nixosConfigurations.nixmsi.config.system.build.toplevel;
router.${config.router-emmc.system} = nixosConfigurations.router-emmc.config.system.build.toplevel; router.${config.router-emmc.system} = self.nixosConfigurations.router-emmc.config.system.build.toplevel;
workstation-home.${config.nixmsi.system} = homeConfigurations."user@nixmsi".activation-script; workstation-home.${config.nixmsi.system} = self.homeConfigurations."user@nixmsi".activation-script;
}; };
# this is the system config processing part
nixosConfigurations = lib.flip builtins.mapAttrs config (hostname: args @ { modules, nixpkgs ? {}, home ? {}, ... }:
lib.nixosSystem {
inherit (args) system;
# allow modules to access nixpkgs directly, use customized lib,
# and pass nixos-harware to let hardware modules import parts of nixos-hardware
specialArgs = {
inherit inputs lib;
hardware = inputs.nixos-hardware.nixosModules;
} // args.specialArgs or { };
modules = args.modules or [ ]
++ [
(getPrivSys hostname)
{ networking.hostName = lib.mkDefault hostname;
nixpkgs.overlays = [ overlay ]; }
inputs.impermanence.nixosModule
]
++ map (x: ./system/modules/${x}) (builtins.attrNames (builtins.readDir ./system/modules))
# the following is NixOS home-manager module configuration. Currently unused, but I might start using it for some hosts later.
++ lib.optionals (home != { } && home.common.enableNixosModule or false) [
inputs.home-manager.nixosModules.home-manager
{ home-manager = builtins.removeAttrs (home.common or { }) [ "nixpkgs" "nix" "enableNixosModule" ]; }
{ # set both to false to match behavior with standalone home-manager
home-manager.useGlobalPkgs = false;
home-manager.useUserPackages = false;
home-manager.users = builtins.mapAttrs (username: modules: {
imports = modules ++ [
{ nixpkgs = home.common.nixpkgs or { };
nix = home.common.nix or { }; }
({ config, pkgs, lib, ...}: {
nixpkgs.overlays = [ overlay ];
nix.package = lib.mkDefault pkgs.nixForNixPlugins; })
(getPrivUser hostname username)
];
}) (builtins.removeAttrs home [ "common" ]); }
];
});
# for each hostname, for each user, generate an attribute "${user}@${hostname}"
homeConfigurations =
builtins.listToAttrs (builtins.concatLists
(lib.flip lib.mapAttrsToList config
(hostname: { system, home ? {}, ... }:
let
common' = builtins.removeAttrs (home.common or { }) [ "nix" "nixpkgs" "enableNixosModule" ];
pkgs = mkPkgs ({ inherit system; } // home.common.nixpkgs or { });
common = common' // { inherit pkgs; };
in
lib.flip lib.mapAttrsToList (builtins.removeAttrs home [ "common" ])
# this is where actual config takes place
(user: homeConfig: lib.nameValuePair "${user}@${hostname}"
(inputs.home-manager.lib.homeManagerConfiguration (common // {
extraSpecialArgs = (common.extraSpecialArgs or { }) // { inherit inputs; };
modules =
homeConfig
++ common.modules or [ ]
++ [
(getPrivUser hostname user)
({ pkgs, lib, ... }: {
nixpkgs.overlays = [ overlay ];
nix.package = lib.mkDefault pkgs.nixForNixPlugins;
})
];
}))))));
}; };
} }

8
home/hosts/nixmsi.nix
View file

@ -1,4 +1,9 @@
{ pkgs, lib, ... }: { pkgs
, lib
, inputs,
...
}:
{ {
imports = [ imports = [
../common/general.nix ../common/general.nix
@ -7,6 +12,7 @@
../common/nvim.nix ../common/nvim.nix
../common/helix.nix ../common/helix.nix
../common/kakoune.nix ../common/kakoune.nix
inputs.nur.nixosModules.nur
]; ];
nix.settings = { nix.settings = {

6
lib.nix Normal file
View file

@ -0,0 +1,6 @@
{ lib, ... }:
{
quoteListenAddr = addr:
if lib.hasInfix ":" addr then "[${addr}]" else addr;
}

13
pkgs/default.nix
View file

@ -1,20 +1,25 @@
{ pkgs { pkgs
, lib , lib
, nur , inputs
, nix-gaming
, pkgs' ? pkgs , pkgs' ? pkgs
, isOverlay ? true , isOverlay ? true
, ... }: , ...
}:
let let
inherit (pkgs') callPackage; inherit (pkgs') callPackage;
sources = import ./_sources/generated.nix { sources = import ./_sources/generated.nix {
inherit (pkgs) fetchgit fetchurl fetchFromGitHub dockerTools; inherit (pkgs) fetchgit fetchurl fetchFromGitHub dockerTools;
}; };
nixForNixPlugins = pkgs.nixVersions.nix_2_18; nixForNixPlugins = pkgs.nixVersions.nix_2_18;
nur = import inputs.nur {
inherit pkgs;
nurpkgs = pkgs;
};
in in
{ {
inherit (nix-gaming.packages.${pkgs.system}) faf-client osu-lazer-bin; inherit (inputs.nix-gaming.packages.${pkgs.system}) faf-client osu-lazer-bin;
inherit nixForNixPlugins; inherit nixForNixPlugins;
nix = nixForNixPlugins; nix = nixForNixPlugins;
nixVersions = pkgs.nixVersions.extend (self: super: { nixVersions = pkgs.nixVersions.extend (self: super: {

3
system/hardware/bpi-r3/default.nix
View file

@ -8,8 +8,7 @@
generic-extlinux-compatible.enable = true; generic-extlinux-compatible.enable = true;
}; };
#boot.kernelPackages = config._module.args.fromSourcePkgs.linuxPackages_bpiR3_ccache or pkgs.linuxPackages_bpiR3_ccache; boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.buildLinuxWithCcache pkgs.linux_bpiR3);
boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.buildLinuxWithCcache (config._module.args.fromSourcePkgs.linux_bpiR3 or pkgs.linux_bpiR3));
hardware.deviceTree.enable = true; hardware.deviceTree.enable = true;
hardware.deviceTree.filter = "mt7986a-bananapi-bpi-r3.dtb"; hardware.deviceTree.filter = "mt7986a-bananapi-bpi-r3.dtb";

41
system/hardware/msi-delta-15/default.nix
View file

@ -24,45 +24,4 @@
"amdgpu.noretry=0" "amdgpu.noretry=0"
]; ];
}; };
# TODO: really, really, please, I want latest firmware to work...
nixpkgs.overlays = [
(final: prev: {
amd-ucode = prev.amd-ucode.override { inherit (final) linux-firmware; };
linux-firmware = prev.stdenvNoCC.mkDerivation {
inherit (prev.linux-firmware) pname version meta src dontFixup installFlags nativeBuildInputs;
passthru = { inherit (prev.linux-firmware) version; };
# revert microcode updates which break boot for me
patches = [
./revert-amd-ucode-update-fam17h.patch
./revert-amd-ucode-update-fam19h.patch
];
postPatch = ''
cp ${final.fetchurl {
name = "microcode_amd_fam17h.bin";
url = "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/amd-ucode/microcode_amd_fam17h.bin?id=b250b32ab1d044953af2dc5e790819a7703b7ee6";
hash = "sha256-HnKjEb2di7BiKB09JYUjIUuZNCVgXlwRSbjijnuYBcM=";
}} amd-ucode/microcode_amd_fam17h.bin
cp ${final.fetchurl {
name = "microcode_amd_fam19h.bin";
url = "https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/plain/amd-ucode/microcode_amd_fam19h.bin?id=0ab353f8d8aa96d68690911cea22ec538f3095c4";
hash = "sha256-LlA+E4EVQpfjD3/cg6Y52BsCGW/5ZfY0J2UnCUI/3MQ";
}} amd-ucode/microcode_amd_fam19h.bin
'';
};
})
];
specialisation.no_patches.configuration = {
nixpkgs.overlays = [
(final: prev: {
amd-ucode = prev.amd-ucode.override { inherit (final) linux-firmware; };
linux-firmware = prev.stdenvNoCC.mkDerivation {
inherit (prev.linux-firmware) pname version meta src dontFixup installFlags nativeBuildInputs;
passthru = { inherit (prev.linux-firmware) version; };
patches = [ ];
postPatch = "";
};
})
];
};
} }

52
system/hardware/msi-delta-15/revert-amd-ucode-update-fam17h.patch
View file

@ -1,52 +0,0 @@
diff --git a/WHENCE b/WHENCE
index dbcdced..9ae8ff7 100644
--- a/WHENCE
+++ b/WHENCE
@@ -3919,7 +3919,7 @@ Version: 2018-05-24
RawFile: amd-ucode/microcode_amd_fam16h.bin
Version: 2014-10-28
RawFile: amd-ucode/microcode_amd_fam17h.bin
-Version: 2023-07-19
+Version: 2023-04-13
RawFile: amd-ucode/microcode_amd_fam19h.bin
Version: 2023-08-08
File: amd-ucode/README
diff --git a/amd-ucode/README b/amd-ucode/README
index f47743c..5dc5108 100644
--- a/amd-ucode/README
+++ b/amd-ucode/README
@@ -32,9 +32,8 @@ Microcode patches in microcode_amd_fam16h.bin:
Microcode patches in microcode_amd_fam17h.bin:
Family=0x17 Model=0x08 Stepping=0x02: Patch=0x0800820d Length=3200 bytes
- Family=0x17 Model=0x31 Stepping=0x00: Patch=0x0830107a Length=3200 bytes
- Family=0x17 Model=0xa0 Stepping=0x00: Patch=0x08a00008 Length=3200 bytes
Family=0x17 Model=0x01 Stepping=0x02: Patch=0x0800126e Length=3200 bytes
+ Family=0x17 Model=0x31 Stepping=0x00: Patch=0x08301072 Length=3200 bytes
Microcode patches in microcode_amd_fam19h.bin:
Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a10113e Length=5568 bytes
diff --git a/amd-ucode/microcode_amd_fam17h.bin.asc b/amd-ucode/microcode_amd_fam17h.bin.asc
index 34a4024..27da52c 100644
--- a/amd-ucode/microcode_amd_fam17h.bin.asc
+++ b/amd-ucode/microcode_amd_fam17h.bin.asc
@@ -1,11 +1,11 @@
-----BEGIN PGP SIGNATURE-----
-iQEzBAABCgAdFiEE/HxsUF2vzBRxg1fK5L5TOfMornMFAmS4Mm4ACgkQ5L5TOfMo
-rnN35wgAkllCunxE6J5hQyLMx5o4WTHZkbNvXmu6nV1Y3vjiL1oeaK+pmx8BlkPt
-fGZJCe/068kqmp3N4EtOZLxXn55t3jNBYectPr0RmFqpjMsEJEcfXfuXROA4N9Ti
-Zd/o6X21eHEsm0kK0q4YfppfgTd5Ze7k1jTkUuuU6/yh6uRk1MiFreEzkPO3Aayh
-iEWlYx33vq3HccTPgdY3D64Zr8gmgKG+8mdEvqb1jK4SVZ1/9vy4OKIIpUZB/eqx
-46h9Ejwn9pktnYkHi/A/zCREEcIQ10HXFF5bjxJTFQkM5S46/QEO7uuvnpMb+6Yy
-4V1/QIWMG6ixqCRx9GqbBK7GHdYODw==
-=+IsI
+iQEzBAABCgAdFiEE/HxsUF2vzBRxg1fK5L5TOfMornMFAmQeEvgACgkQ5L5TOfMo
+rnPOpAf/dYhPqq/ktg1muI/khV4EhDiguX6OXib3fmfSZdvPIAI0cRI77M3Lvf0b
+nlV8D67e5HOQ5foJbix5tunz0sZjqr2QU8U9dNk/ut0KC7UiCRc8VH40aSi/OQBG
+Y8c7tb6IJ+N+jyJ6Ii6koUuRO2Lk2MckcrWLRuLRV4bB+osyJrGjc/X54Z6UJ/Ma
+VDg13Yxy5WvC7sMmlmnY42JLeLBKDVUvg0zDvJ4aOLLxRE2l3eiAKE+TV122LmxN
+ca5WA/ESYQ9BjxHYIrpTd9nQaWa/TIZ+rOmJGLMtnQ1gGlW97zQuJR7zh+8vdLzC
+iwVlS1cu7kcV7KYDytTkWJ+2gwb3uQ==
+=lP2S
-----END PGP SIGNATURE-----

64
system/hardware/msi-delta-15/revert-amd-ucode-update-fam19h.patch
View file

@ -1,64 +0,0 @@
diff --git a/WHENCE b/WHENCE
index dbcdced..dd7b8d5 100644
--- a/WHENCE
+++ b/WHENCE
@@ -3921,7 +3921,7 @@ Version: 2014-10-28
RawFile: amd-ucode/microcode_amd_fam17h.bin
Version: 2023-07-19
RawFile: amd-ucode/microcode_amd_fam19h.bin
-Version: 2023-10-19
+Version: 2023-07-18
File: amd-ucode/README
License: Redistributable. See LICENSE.amd-ucode for details
diff --git a/amd-ucode/README b/amd-ucode/README
index f47743c..6a9ff1e 100644
--- a/amd-ucode/README
+++ b/amd-ucode/README
@@ -37,22 +37,9 @@ Microcode patches in microcode_amd_fam17h.bin:
Family=0x17 Model=0x01 Stepping=0x02: Patch=0x0800126e Length=3200 bytes
Microcode patches in microcode_amd_fam19h.bin:
- Family=0x19 Model=0x11 Stepping=0x02: Patch=0x0a101244 Length=5568 bytes
Family=0x19 Model=0x01 Stepping=0x01: Patch=0x0a0011d1 Length=5568 bytes
Family=0x19 Model=0x01 Stepping=0x00: Patch=0x0a001079 Length=5568 bytes
- Family=0x19 Model=0xa0 Stepping=0x02: Patch=0x0aa00213 Length=5568 bytes
Family=0x19 Model=0x01 Stepping=0x02: Patch=0x0a001234 Length=5568 bytes
- Family=0x19 Model=0xa0 Stepping=0x01: Patch=0x0aa00116 Length=5568 bytes
- Family=0x19 Model=0x11 Stepping=0x01: Patch=0x0a101144 Length=5568 bytes
-
-NOTE: For Genoa (Family=0x19 Model=0x11) and Bergamo (Family=0x19 Model=0xa0),
-either AGESA version >= 1.0.0.8 OR a kernel with the following commit is
-required:
-a32b0f0db3f3 ("x86/microcode/AMD: Load late on both threads too")
-
-When late loading the patches for Genoa or Bergamo, there may be one spurious
-NMI observed per physical core. These NMIs are benign and don't cause any
-functional issue but will result in kernel messages being logged.
NOTE: When running 5.19+ kernels on Genoa or Bergamo systems, some microcode
patches are known to trigger warnings in the PMI handler. The following are
diff --git a/amd-ucode/microcode_amd_fam19h.bin.asc b/amd-ucode/microcode_amd_fam19h.bin.asc
index 8cff901..a32b4d6 100644
--- a/amd-ucode/microcode_amd_fam19h.bin.asc
+++ b/amd-ucode/microcode_amd_fam19h.bin.asc
@@ -1,11 +1,11 @@
-----BEGIN PGP SIGNATURE-----
-iQEzBAABCgAdFiEE/HxsUF2vzBRxg1fK5L5TOfMornMFAmUoW6AACgkQ5L5TOfMo
-rnMHAAf/SxaKEu5l7FGXR+QJYc2oSJDpf9ZsHTkVnxqF1I3ReItEGAR3iqSWrsRw
-KA4niP9Ihr8EqwhOaOtqkRKKF9D5yg+DksnRWbh2VTUECO4KQxjHNrPp3JWEzBwb
-Xn+vRVP02ZRi3u4MCYbnDC4AfUSnKnldY3TTlNi/6HUaGS2pcw8Vjli/C06zwfgh
-WwUAoFMQl4SDJhbGfC9cb93MKjBl/0Hv4uhK5W8fJ1iUkMvY8Ijna/oDTZCNPqP0
-0AgOwdAdzoyOYWjbUXcwofz2Umpz12xmJW8yXNwdv1pmaCvv9aCJz1L49lGwFH9E
-lhhoFQ1SQL3hhPjTXO6DbeeT9+fjOg==
-=9Xav
+iQEzBAABCgAdFiEE/HxsUF2vzBRxg1fK5L5TOfMornMFAmS3F00ACgkQ5L5TOfMo
+rnNEhQgAizSV8IFpvaYNytaJKLA4uevrZneGPV4czjCXnnj1yHpfQmCTyZQnoLnx
+7gyzf7K5271zO51FBQ5z2Nm48a3XPUhMbQLNP4BZdekLiA3bRpMtSyHct6zD0ULm
+xaFaOQ7MR1tGADhlon1bDvtnOuixUhwrZhEIlR9MzQAzERKDMOAVTbxn9ZhMfYiT
+LhA791Blyyi+6Z9uh7BpaA8l8uvoxt+uuvlBTjQMR3ER/TEjgcsoy+XhhK4QKS0V
+wJCtcDle/3pF+N6SAFWiXbNZ+P8p19afhcYddDl97xtpzA6/8b20a2eHkrqnu/Ds
+jTozF9kmhiifYMYpXtXgSOwI3GRZbQ==
+=t+j1
-----END PGP SIGNATURE-----

22
system/hosts/nixmsi.nix
View file

@ -1,11 +1,12 @@
{ lib { lib
, pkgs , pkgs
, config , config
, inputs
, ... }: , ... }:
/* /*
# for old kernel versions # for old kernel versions
zenKernels = pkgs.callPackage "${nixpkgs}/pkgs/os-specific/linux/kernel/zen-kernels.nix"; zenKernels = pkgs.callPackage "${pkgs.path}/pkgs/os-specific/linux/kernel/zen-kernels.nix";
zenKernel = (version: sha256: (zenKernels { zenKernel = (version: sha256: (zenKernels {
kernelPatches = [ kernelPatches = [
pkgs.linuxKernel.kernelPatches.bridge_stp_helper pkgs.linuxKernel.kernelPatches.bridge_stp_helper
@ -26,6 +27,8 @@
*/ */
{ {
imports = [ inputs.nix-gaming.nixosModules.pipewireLowLatency ];
system.stateVersion = "22.11"; system.stateVersion = "22.11";
### SECTION 1: HARDWARE/BOOT PARAMETERS ### ### SECTION 1: HARDWARE/BOOT PARAMETERS ###
@ -122,26 +125,15 @@
# users.groups.wireshark.members = [ config.common.mainUsername ]; # users.groups.wireshark.members = [ config.common.mainUsername ];
services.printing.enable = true; services.printing.enable = true;
services.printing.drivers = [ pkgs.hplip ]; services.printing.drivers = [ pkgs.hplip ];
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
# from nix-gaming # from nix-gaming
lowLatency = { services.pipewire.lowLatency = {
enable = true; enable = false;
# 96 is mostly fine but has some xruns # 96 is mostly fine but has some xruns
# 128 has xruns every now and then too, but is overall fine # 128 has xruns every now and then too
quantum = 128; quantum = 128;
rate = 48000; rate = 48000;
}; };
};
security.polkit.enable = true;
security.rtkit.enable = true;
services.dbus.enable = true;
programs.sway.enable = true; programs.sway.enable = true;
xdg.portal = { xdg.portal = {
enable = true; enable = true;

3
system/hosts/server/home.nix
View file

@ -1,6 +1,7 @@
{ config { config
, lib , lib
, pkgs , pkgs
, inputs
, ... }: , ... }:
let let
@ -16,6 +17,8 @@ let
withQt5 = false; withQt5 = false;
}; };
in { in {
imports = [ inputs.coop-ofd.nixosModules.default ];
# a bunch of services for personal use not intended for the public # a bunch of services for personal use not intended for the public
# TODO: keycloakify this # TODO: keycloakify this
services.grafana = { services.grafana = {

3
system/hosts/server/mailserver.nix
View file

@ -1,10 +1,13 @@
{ config { config
, pkgs , pkgs
, inputs
, ... }: , ... }:
let let
cfg = config.server; cfg = config.server;
in { in {
imports = [ inputs.nixos-mailserver.nixosModules.default ];
impermanence.directories = [ impermanence.directories = [
{ directory = config.mailserver.dkimKeyDirectory; user = "opendkim"; group = "opendkim"; mode = "0755"; } { directory = config.mailserver.dkimKeyDirectory; user = "opendkim"; group = "opendkim"; mode = "0755"; }
{ directory = config.mailserver.mailDirectory; user = "virtualMail"; group = "virtualMail"; mode = "0700"; } { directory = config.mailserver.mailDirectory; user = "virtualMail"; group = "virtualMail"; mode = "0700"; }

3
system/hosts/server/maubot.nix
View file

@ -1,11 +1,14 @@
{ config { config
, lib , lib
, pkgs , pkgs
, inputs
, ... }: , ... }:
let let
cfg = config.server; cfg = config.server;
in { in {
imports = [ inputs.maubot.nixosModules.default ];
services.nginx.virtualHosts."matrix.${cfg.domainName}".locations = let services.nginx.virtualHosts."matrix.${cfg.domainName}".locations = let
inherit (config.services.maubot) settings; inherit (config.services.maubot) settings;
in { in {

144
system/modules/common.nix
View file

@ -1,11 +1,13 @@
{ lib { lib
, pkgs , pkgs
, config , config
, inputs
, ... }: , ... }:
let let
# force some defaults even if they were set with mkDefault already... # force some defaults even if they were set with mkDefault already...
mkForceDefault = lib.mkOverride 999; mkForceDefault = lib.mkOverride 999;
cfg = config.common;
in { in {
options.common = with lib; mkOption { options.common = with lib; mkOption {
type = types.submodule { type = types.submodule {
@ -34,9 +36,8 @@ in {
}; };
default = { }; default = { };
}; };
config = let config = lib.mkMerge [
cfg = config.common; {
in {
nix = { nix = {
# nix.channel.enable is needed for NIX_PATH to work for some reason # nix.channel.enable is needed for NIX_PATH to work for some reason
# channel.enable = false; # channel.enable = false;
@ -58,15 +59,35 @@ in {
options = "--delete-older-than 30d"; options = "--delete-older-than 30d";
}; };
package = pkgs.nixForNixPlugins; package = pkgs.nixForNixPlugins;
extraOptions = ''
plugin-files = ${pkgs.nix-plugins.override { nix = config.nix.package; }}/lib/nix/plugins/libnix-extra-builtins.so
'';
}; };
systemd.services.nix-daemon.serviceConfig.LimitSTACKSoft = "infinity"; systemd.services.nix-daemon.serviceConfig.LimitSTACKSoft = "infinity";
nix.daemonCPUSchedPolicy = lib.mkDefault "idle"; nix.daemonCPUSchedPolicy = lib.mkDefault "idle";
nix.daemonIOSchedClass = lib.mkDefault "idle"; nix.daemonIOSchedClass = lib.mkDefault "idle";
# registry is used for the new flaky nix command
nix.registry =
builtins.mapAttrs
(_: v: { flake = v; })
(lib.filterAttrs (_: v: v?outputs) inputs);
# add import'able flake inputs (like nixpkgs) to nix path
# nix path is used for old nix commands (like nix-build, nix-shell)
environment.etc = lib.mapAttrs'
(name: value: {
name = "nix/inputs/${name}";
value.source = value.outPath;
})
(lib.filterAttrs (_: v: builtins.pathExists "${v}/default.nix") inputs);
nix.nixPath = [ "/etc/nix/inputs" ];
boot.kernelParams = lib.optionals (cfg.resolution != null) [ boot.kernelParams = lib.optionals (cfg.resolution != null) [
"consoleblank=60" "consoleblank=60"
] ++ (lib.optionals (cfg.resolution == "1920x1080") [ ] ++ lib.optionals (cfg.resolution == "1920x1080") [
"fbcon=font:TER16x32" "fbcon=font:TER16x32"
]); ];
console.font = console.font =
lib.mkIf (cfg.resolution == "1920x1080" || cfg.resolution == "1366x768") { lib.mkIf (cfg.resolution == "1920x1080" || cfg.resolution == "1366x768") {
"1920x1080" = "${pkgs.terminus_font}/share/consolefonts/ter-v32n.psf.gz"; "1920x1080" = "${pkgs.terminus_font}/share/consolefonts/ter-v32n.psf.gz";
@ -81,9 +102,11 @@ in {
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
services.openssh.settings.PasswordAuthentication = false; services.openssh.settings.PasswordAuthentication = false;
services.tlp.settings.USB_EXCLUDE_PHONE = 1; services.tlp.settings.USB_EXCLUDE_PHONE = 1;
services.tlp.settings.START_CHARGE_THRESH_BAT0 = 75; services.tlp.settings.START_CHARGE_THRESH_BAT0 = 75;
services.tlp.settings.STOP_CHARGE_THRESH_BAT0 = 80; services.tlp.settings.STOP_CHARGE_THRESH_BAT0 = 80;
i18n.defaultLocale = lib.mkDefault "en_US.UTF-8"; i18n.defaultLocale = lib.mkDefault "en_US.UTF-8";
i18n.supportedLocales = lib.mkDefault [ i18n.supportedLocales = lib.mkDefault [
"C.UTF-8/UTF-8" "C.UTF-8/UTF-8"
@ -92,50 +115,13 @@ in {
]; ];
# ISO-8601 # ISO-8601
i18n.extraLocaleSettings.LC_TIME = "en_DK.UTF-8"; i18n.extraLocaleSettings.LC_TIME = "en_DK.UTF-8";
environment.systemPackages = with pkgs; ([ environment.systemPackages = with pkgs; [
bottom bottom
wget wget
git git
tmux tmux
] ++ lib.optionals cfg.minimal [ ];
kitty.terminfo
# rxvt-unicode-unwrapped.terminfo
]);
programs.fish.interactiveShellInit = lib.mkIf cfg.minimal ''
set -gx SHELL ${pkgs.zsh}/bin/zsh
set -g fish_color_autosuggestion 777 brblack
set -g fish_color_command green
set -g fish_color_operator white
set -g fish_color_param white
set -g fish_key_bindings fish_vi_key_bindings
set -g fish_cursor_insert line
set -g fish_cursor_replace underscore
'';
programs.vim = lib.mkIf cfg.minimal {
defaultEditor = lib.mkDefault true;
package = pkgs.vim-full.customize {
vimrcConfig.customRC = ''
syntax on
au FileType markdown set colorcolumn=73 textwidth=72
au FileType gitcommit set colorcolumn=73
au BufReadPre * set foldmethod=syntax
au BufReadPost * folddoc foldopen!
autocmd BufReadPost * if @% !~# '\.git[\/\\]COMMIT_EDITMSG$' && line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g`\"" | endif
'';
vimrcConfig.packages.myVimPackage = with pkgs.vimPlugins; {
start = [ vim-sleuth ];
};
};
};
# this is supposed to default to false, but it doesn't because of nixos fish module
documentation.man.generateCaches = lib.mkIf cfg.minimal (mkForceDefault false);
# we don't need stuff like html files (NixOS manual and so on) on minimal machines
documentation.doc.enable = lib.mkIf cfg.minimal (lib.mkDefault false);
programs.fish.enable = true; programs.fish.enable = true;
# conflicts with bash module's mkDefault
# only override on minimal systems because on non-minimal systems
# because my fish config doesn't work well in fb/drm console
users.defaultUserShell = lib.mkIf cfg.minimal (mkForceDefault pkgs.fish);
users.users.${cfg.mainUsername} = { users.users.${cfg.mainUsername} = {
uid = 1000; uid = 1000;
isNormalUser = true; isNormalUser = true;
@ -143,17 +129,6 @@ in {
}; };
# nixos-hardware uses mkDefault here, so we use slightly higher priority # nixos-hardware uses mkDefault here, so we use slightly higher priority
services.xserver.libinput.enable = mkForceDefault (!cfg.minimal); services.xserver.libinput.enable = mkForceDefault (!cfg.minimal);
/*
services.xserver = {
enable = true;
libinput.enable = true;
desktopManager.xterm.enable = false;
# I couldn't get lightdm to start sway, so let's just do this
displayManager.startx.enable = true;
windowManager.i3.enable = true;
};
*/
# pipewire:
programs.fuse.userAllowOther = true; programs.fuse.userAllowOther = true;
# autologin once after boot # autologin once after boot
# --skip-login means directly call login instead of first asking for username # --skip-login means directly call login instead of first asking for username
@ -169,5 +144,62 @@ in {
exec ${shadow}/bin/login -f user exec ${shadow}/bin/login -f user
fi fi
''); '');
}; }
(lib.mkIf cfg.minimal {
environment.systemPackages = with pkgs; [
kitty.terminfo
# rxvt-unicode-unwrapped.terminfo
];
programs.fish.interactiveShellInit = ''
set -gx SHELL ${pkgs.zsh}/bin/zsh
set -g fish_color_autosuggestion 777 brblack
set -g fish_color_command green
set -g fish_color_operator white
set -g fish_color_param white
set -g fish_key_bindings fish_vi_key_bindings
set -g fish_cursor_insert line
set -g fish_cursor_replace underscore
'';
# this is supposed to default to false, but it doesn't because of nixos fish module
documentation.man.generateCaches = mkForceDefault false;
# we don't need stuff like html files (NixOS manual and so on) on minimal machines
documentation.doc.enable = lib.mkDefault false;
# conflicts with bash module's mkDefault
# only override on minimal systems because on non-minimal systems
# my fish config doesn't work well in fb/drm console
users.defaultUserShell = lib.mkIf cfg.minimal (mkForceDefault pkgs.fish);
programs.vim = {
defaultEditor = lib.mkDefault true;
package = pkgs.vim-full.customize {
vimrcConfig.customRC = ''
syntax on
au FileType markdown set colorcolumn=73 textwidth=72
au FileType gitcommit set colorcolumn=73
au BufReadPre * set foldmethod=syntax
au BufReadPost * folddoc foldopen!
autocmd BufReadPost * if @% !~# '\.git[\/\\]COMMIT_EDITMSG$' && line("'\"") > 1 && line("'\"") <= line("$") | exe "normal! g`\"" | endif
'';
vimrcConfig.packages.myVimPackage = with pkgs.vimPlugins; {
start = [ vim-sleuth ];
};
};
};
})
(lib.mkIf (!cfg.minimal) {
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
jack.enable = true;
};
security.polkit.enable = true;
security.rtkit.enable = true;
services.dbus.enable = true;
})
];
} }

2
system/modules/impermanence.nix
View file

@ -75,7 +75,7 @@ in {
{ directory = config.programs.ccache.cacheDir; user = "root"; group = "nixbld"; mode = "0770"; } { directory = config.programs.ccache.cacheDir; user = "root"; group = "nixbld"; mode = "0770"; }
{ directory = /var/cache/sccache; user = "root"; group = "nixbld"; mode = "0770"; } { directory = /var/cache/sccache; user = "root"; group = "nixbld"; mode = "0770"; }
] ++ lib.optionals (config.services.coop-ofd.enable or false) [ ] ++ lib.optionals (config.services.coop-ofd.enable or false) [
{ directory = /var/lib/coop-ofd; mode = "0750"; } { directory = /var/lib/private/coop-ofd; mode = "0750"; }
] ++ lib.optionals config.services.dovecot2.enable [ ] ++ lib.optionals config.services.dovecot2.enable [
{ directory = /var/lib/dhparams; user = "root"; group = "root"; mode = "0755"; } { directory = /var/lib/dhparams; user = "root"; group = "root"; mode = "0755"; }
{ directory = /var/lib/dovecot; user = "root"; group = "root"; mode = "0755"; } { directory = /var/lib/dovecot; user = "root"; group = "root"; mode = "0755"; }

31
system/modules/vfio.nix
View file

@ -1,14 +1,14 @@
{ config { config
, options
, lib , lib
, pkgs , pkgs
, ... }: , ... }:
let let
cfg = config.vfio; cfg = config.vfio;
enableIvshmem = cfg.lookingGlass.enable && (builtins.length cfg.lookingGlass.ivshmem) > 0;
in { in {
options.vfio = with lib; mkOption { options.vfio = with lib; {
type = types.submodule {
options = {
enable = mkOption { enable = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
@ -73,14 +73,7 @@ in {
description = "Looking glass config"; description = "Looking glass config";
}; };
}; };
}; config = lib.mkIf cfg.enable {
description = "VFIO settings";
default = { };
};
# compatibility so this module loads on non-amd hardware
config = let
enableIvshmem = cfg.lookingGlass.enable && (builtins.length cfg.lookingGlass.ivshmem) > 0;
in lib.mkIf cfg.enable {
# add a custom kernel param for early loading vfio drivers # add a custom kernel param for early loading vfio drivers
# because if we change boot.initrd options in a specialization, two initrds will be built # because if we change boot.initrd options in a specialization, two initrds will be built
# and we don't want to build two initrds # and we don't want to build two initrds
@ -120,11 +113,11 @@ in {
''; '';
initrd.kernelModules = [ initrd.kernelModules = [
(if cfg.intelCpu then "kvm-intel" else "kvm-amd") (if cfg.intelCpu then "kvm-intel" else "kvm-amd")
] ++ (if cfg.passGpuAtBoot then [ ] ++ lib.optionals cfg.passGpuAtBoot [
"vfio" "vfio"
"vfio_iommu_type1" "vfio_iommu_type1"
"vfio_pci" "vfio_pci"
] else []); ];
initrd.availableKernelModules = lib.mkIf (!cfg.passGpuAtBoot) [ initrd.availableKernelModules = lib.mkIf (!cfg.passGpuAtBoot) [
"vfio" "vfio"
"vfio_iommu_type1" "vfio_iommu_type1"
@ -137,9 +130,9 @@ in {
extraModprobeConfig = '' extraModprobeConfig = ''
options vfio-pci ids=${builtins.concatStringsSep "," cfg.pciIDs} disable_idle_d3=1 options vfio-pci ids=${builtins.concatStringsSep "," cfg.pciIDs} disable_idle_d3=1
options kvm ignore_msrs=1 options kvm ignore_msrs=1
${if enableIvshmem then '' ${lib.optionalString enableIvshmem ''
options kvmfr static_size_mb=${builtins.concatStringsSep "," (map (x: toString x.size) cfg.lookingGlass.ivshmem)}'' options kvmfr static_size_mb=${builtins.concatStringsSep "," (map (x: toString x.size) cfg.lookingGlass.ivshmem)}
else ""} ''}
''; '';
kernelParams = [ kernelParams = [
(if cfg.intelCpu then "intel_iommu=on" else "amd_iommu=on") (if cfg.intelCpu then "intel_iommu=on" else "amd_iommu=on")
@ -147,7 +140,7 @@ in {
]; ];
kernelModules = [ kernelModules = [
"vhost-net" "vhost-net"
] ++ (if enableIvshmem then [ "kvmfr" ] else []); ] ++ lib.optional enableIvshmem "kvmfr";
}; };
services.udev.extraRules = lib.mkIf enableIvshmem services.udev.extraRules = lib.mkIf enableIvshmem
(builtins.concatStringsSep (builtins.concatStringsSep
@ -159,11 +152,11 @@ in {
cfg.lookingGlass.ivshmem)); cfg.lookingGlass.ivshmem));
hardware = { hardware = {
opengl.enable = true; opengl.enable = true;
} // (lib.optionalAttrs (cfg.enable && !(cfg.nvidiaGpu)) { } // lib.optionalAttrs (cfg.enable && !cfg.nvidiaGpu && options?hardware.amdgpu.loadInInitrd) {
# disable early KMS so GPU can be properly unbound # disable early KMS so GPU can be properly unbound
# can't use mkif because the option may not even exist # can't use mkif because the option may not even exist
amdgpu.loadInInitrd = false; amdgpu.loadInInitrd = false;
}); };
# needed for virt-manager # needed for virt-manager
programs.dconf.enable = true; programs.dconf.enable = true;
virtualisation.libvirtd = { virtualisation.libvirtd = {