wew lad

2021-03-29 15:22:47 -07:00 · 2021-03-29 15:22:47 -07:00 · d78da97be7
commit d78da97be7
35 changed files with 6762 additions and 0 deletions
--- a/modules/default.nix
+++ b/modules/default.nix
@ -0,0 +1,13 @@
+{ config, lib, pkgs, ... }:
+
+{
+  imports = [
+    ./ezvahi.nix
+    ./ezwg.nix
+    ./ezpc.nix
+    ./kiosk.nix
+    ./ezpassthru.nix
+    ./fuckingprint.nix
+    ./workstation.nix
+  ];
+}
--- a/modules/ezpassthru.nix
+++ b/modules/ezpassthru.nix
@ -0,0 +1,51 @@
+{ config, lib, pkgs, ... }:
+with lib;
+let
+  cfg = config.services.ezpassthru;
+in
+{
+  options.services.ezpassthru = {
+    enable =
+      mkEnableOption
+        "Enable simple VM PCI passthrough config (NOTE: this is only for ppl with a primary AMD/Intel, and a non-primary NVidia)";
+
+    PCIs = mkOption {
+      description = "The ID pairs of your PCI devices to passthrough";
+      example = {
+        "10de:1b80" = "0000:41:00.0";
+        "10de:10f0" = "0000:41:00.1";
+        "1022:43ba" = "0000:01:00.0";
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    boot.kernelModules = [
+      "kvm-intel"
+      "kvm-amd"
+      "vfio_virqfd"
+      "vfio_pci"
+      "vfio_iommu_type1"
+      "vfio"
+    ];
+
+    boot.kernelParams = [
+      "intel_iommu=on"
+      "amd_iommu=on"
+      "pcie_aspm=off"
+    ];
+
+    boot.extraModprobeConfig = "options vfio-pci ids=${
+        builtins.concatStringsSep "," (builtins.attrNames cfg.PCIs)
+      }";
+
+    boot.postBootCommands = ''
+      DEVS="${builtins.concatStringsSep " " (builtins.attrValues cfg.PCIs)}"
+      for DEV in $DEVS; do
+        echo "vfio-pci" > /sys/bus/pci/devices/$DEV/driver_override
+      done
+
+      modprobe -i vfio-pci
+    '';
+  };
+}
--- a/modules/ezpc.nix
+++ b/modules/ezpc.nix
@ -0,0 +1,197 @@
+{ config, lib, pkgs, ... }:
+with lib;
+let
+  cfg = config.ezpc;
+
+  mainConfig = {
+    services.thermald.enable = true;
+
+    environment.etc."chromium/policies/managed/policies.json".text = ''
+      {
+        "NewTabPageLocation": "https://wizbos.club/"
+      }
+    '';
+
+    workstation.enable = true;
+    workstation.user = cfg.user;
+
+    networking.firewall.allowedTCPPorts = [ 22 ];
+    networking.firewall.allowedUDPPorts = [ 1900 ];
+
+    hardware.pulseaudio.enable = lib.mkDefault (!cfg.portals);
+
+    services.pipewire.enable = lib.mkDefault cfg.portals;
+    services.pipewire.jack.enable = lib.mkDefault cfg.portals;
+    services.pipewire.alsa.enable = lib.mkDefault cfg.portals;
+    services.pipewire.alsa.support32Bit = lib.mkDefault cfg.portals;
+    services.pipewire.pulse.enable = lib.mkDefault cfg.portals;
+
+    xdg.portal.enable = lib.mkDefault cfg.portals;
+    xdg.portal.gtkUsePortal = lib.mkDefault cfg.portals;
+    xdg.portal.extraPortals = lib.mkDefault (if cfg.portals then with pkgs; [ xdg-desktop-portal-wlr xdg-desktop-portal-gtk ] else []);
+    # https://github.com/NixOS/nixpkgs/issues/108855
+    systemd.user.services.xdg-desktop-portal.environment = lib.mkDefault (lib.mkIf cfg.portals {
+      XDG_DESKTOP_PORTAL_DIR = config.environment.variables.XDG_DESKTOP_PORTAL_DIR;
+    });
+
+    # let me use audio and phones
+    programs.adb.enable = cfg.developer;
+
+    # Set some X11 props
+    services.xserver = {
+      enable = lib.mkDefault (cfg.gfx == "nvidia");
+      layout = lib.mkDefault "us";
+      libinput.enable = true;
+
+      # automatic gfx drivers
+      videoDrivers = mkIf (cfg.gfx != null) [ cfg.gfx ];
+    };
+    security.pam.services = {
+      swaylock.text = ''
+        auth include login
+      '';
+    };
+  };
+  notBatteryConfig = {
+    powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
+  };
+  batteryConfig = {
+    services.upower = {
+      enable = true;
+      percentageLow = 15;
+      percentageCritical = 10;
+      percentageAction = 5;
+    };
+    services.tlp.enable = true;
+    services.tlp.extraConfig = ''
+      TLP_ENABLE=1
+      CPU_SCALING_GOVERNOR_ON_BAT=powersave
+      CPU_SCALING_GOVERNOR_ON_AC=ondemand
+      CPU_BOOST_ON_BAT=0
+      CPU_BOOST_ON_AC=1
+      CPU_MIN_PERF_ON_BAT=0
+      CPU_MAX_PERF_ON_BAT=30
+      CPU_MIN_PERF_ON_AC=0
+      CPU_MAX_PERF_ON_AC=100
+      CPU_ENERGY_PERF_POLICY_ON_BAT=power
+      CPU_ENERGY_PERF_POLICY_ON_AC=ondemand
+    '';
+  };
+  gamingConfig = {
+    environment.systemPackages =
+      let
+        steam = pkgs.steam.override { withJava = true; };
+
+        steam-run = steam.run;
+
+        newwine = (pkgs.wineFull.override { wineBuild = "wineWow"; wineRelease = "staging"; });
+        newwinetricks = pkgs.winetricks.override { wine = newwine; };
+
+        oldwine = (pkgs.wineFull.override { wineBuild = "wineWow"; });
+        oldwinetricks = pkgs.winetricks.override { wine = oldwine; };
+      in
+      with pkgs; ([
+        steam
+        steam-run
+        xlibs.xf86inputjoystick
+        oldwine
+        oldwinetricks
+        (writeScriptBin "steam-run-native" ''
+          #!${pkgs.stdenv.shell}
+          ${(steam.override { nativeOnly = true; }).run}/bin/steam-run $@
+        '')
+      ] ++ (
+        if cfg.newWine then [
+          (
+            pkgs.runCommand "new-wine-stuff"
+              { } ''
+              mkdir -p $out/bin
+              ln -s ${newwine}/bin/wine $out/bin/new-wine
+              ln -s ${newwine}/bin/winecfg $out/bin/new-winecfg
+              ln -s ${newwinetricks}/bin/winetricks $out/bin/new-winetricks
+            ''
+          )
+        ] else [ ]
+      ));
+  };
+in
+{
+  options.ezpc = {
+    enable = mkEnableOption "Enable simple PC config";
+
+    battery = mkOption {
+      type = types.bool;
+      default = false;
+      description = "If this device has a battery";
+    };
+
+    portals = mkOption {
+      type = types.bool;
+      default = false;
+      description = "use weird new hipster portal shit";
+    };
+
+    user = mkOption {
+      type = types.str;
+      description = "The main user of this PC";
+    };
+
+    gaming = mkOption {
+      type = types.bool;
+      default = false;
+      description = "If this PC is used for gaming";
+    };
+
+    touchscreen = mkOption {
+      type = types.bool;
+      default = false;
+      description = "If this PC has a touchscreen";
+    };
+
+    gfx = mkOption {
+      type = types.nullOr types.str;
+      default = null;
+      description = "Type of your PC's graphics card";
+      example = "intel";
+    };
+
+    print = mkOption {
+      type = types.bool;
+      default = false;
+      description = "If this PC should support printing/scanning";
+    };
+
+    developer = mkOption {
+      type = types.bool;
+      default = true;
+      description = "Should enable advanced shit for developers";
+    };
+
+    bluetooth = mkOption {
+      type = types.bool;
+      default = false;
+      description = "If this PC has bluetooth support";
+    };
+
+    tiling = mkOption {
+      type = types.bool;
+      default = true;
+      description = "If you are based and redpilled, and want a tiling WM (deprecated, default)";
+    };
+
+    newWine = mkOption {
+      type = types.bool;
+      default = false;
+      description = "If you want to include wine-staging as new-wine";
+    };
+  };
+
+  config = mkIf cfg.enable (
+    mkMerge [
+      mainConfig
+      (mkIf cfg.gaming gamingConfig)
+      (mkIf cfg.battery batteryConfig)
+      (mkIf (cfg.battery != true) notBatteryConfig)
+    ]
+  );
+}
--- a/modules/ezvahi.nix
+++ b/modules/ezvahi.nix
@ -0,0 +1,22 @@
+{ config, lib, pkgs, ... }:
+with lib;
+let
+  cfg = config.services.ezvahi;
+in
+{
+  options.services.ezvahi.enable = mkEnableOption "Enable simple Avahi config";
+
+  config = mkIf cfg.enable {
+    services.avahi = {
+      enable = true;
+      nssmdns = true;
+      publish = {
+        enable = true;
+        addresses = true;
+        domain = true;
+        workstation = true;
+        userServices = true;
+      };
+    };
+  };
+}
--- a/modules/ezwg.nix
+++ b/modules/ezwg.nix
@ -0,0 +1,97 @@
+{ config, lib, pkgs, ... }:
+with lib;
+let
+  cfg = config.services.ezwg;
+in
+{
+  options.services.ezwg = {
+    enable = mkEnableOption "Enable simple Wireguard connection";
+
+    proxy = mkOption {
+      type = types.bool;
+      default = true;
+      description = "Route all your traffic through this connection";
+    };
+
+    lanSize = mkOption {
+      type = types.int;
+      default = 24;
+      description = "Size of your VLAN (only relevant if proxy is false)";
+    };
+
+    serverIP = mkOption {
+      type = types.str;
+      description = "The IP of the wg server";
+    };
+
+    serverPort = mkOption {
+      type = types.int;
+      default = 51820;
+      description = "The port of the wg server";
+    };
+
+    serverKey = mkOption {
+      type = types.str;
+      description = "The public key of the wg server";
+    };
+
+    privateKeyFile = mkOption {
+      type = types.str;
+      description = "Private wg key";
+    };
+
+    vlanIP = mkOption {
+      type = types.str;
+      description = "The IP to use on the wg VLAN";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    networking.firewall.checkReversePath = false;
+    networking.wireguard.interfaces.wg0 =
+      let
+        generateRangesScript =
+          builtins.toFile "exclusionary-wildcard-ranges-generator.py" ''
+            import ipaddress
+            n1 = ipaddress.ip_network('0.0.0.0/0')
+            n2 = ipaddress.ip_network('${cfg.serverIP}/32')
+            print(':'.join(list(map(lambda x: str(x), list(n1.address_exclude(n2))))), end="")
+          '';
+
+        rangesOutput =
+          pkgs.runCommandNoCC "exclusionary-wildcard-ranges"
+            { } ''
+            ${pkgs.python3}/bin/python3 ${generateRangesScript} > $out
+          '';
+
+        generateSubnetScript =
+          builtins.toFile "subnet-without-host-bits-generator.py" ''
+            import ipaddress
+            n1 = ipaddress.ip_network('${cfg.vlanIP}/${toString cfg.lanSize}', False)
+            print(n1, end="")
+          '';
+
+        subnetOutput =
+          pkgs.runCommandNoCC "subnet-without-host-bits"
+            { } ''
+            ${pkgs.python3}/bin/python3 ${generateSubnetScript} > $out
+          '';
+
+        ranges = lib.splitString ":" (builtins.readFile "${rangesOutput}");
+        subnet = builtins.readFile "${subnetOutput}";
+      in
+      {
+        ips = [ "${cfg.vlanIP}/32" ];
+        privateKeyFile = cfg.privateKeyFile;
+
+        peers = [
+          {
+            publicKey = cfg.serverKey;
+            allowedIPs = if cfg.proxy then ranges else [ subnet ];
+            endpoint = "${cfg.serverIP}:${toString cfg.serverPort}";
+            persistentKeepalive = 25;
+          }
+        ];
+      };
+  };
+}
--- a/modules/fuckingprint.nix
+++ b/modules/fuckingprint.nix
@ -0,0 +1,57 @@
+{ config, lib, pkgs, ... }:
+with lib;
+let
+  cfg = config.fuckingprint;
+in
+{
+  options.fuckingprint.enable = mkEnableOption "Make my fucking printer work";
+
+  config = mkIf cfg.enable {
+    services.ezvahi.enable = lib.mkDefault true;
+
+    # Enable CUPS and SANE for printing and scanning
+    services.printing.enable = true;
+    services.printing.browsing = true;
+    services.printing.listenAddresses = [ "*:631" ];
+    services.printing.allowFrom = [ "all" ];
+    services.printing.defaultShared = true;
+    services.printing.drivers = with pkgs; [
+      gutenprint
+      gutenprintBin
+
+      hplip
+
+      samsungUnifiedLinuxDriver
+      splix
+      brlaser
+
+      brgenml1lpr
+      brgenml1cupswrapper
+
+      cups-brother-hl1110
+
+      mfcj470dw-cupswrapper
+      mfcj6510dw-cupswrapper
+
+      mfcl3770cdwcupswrapper
+      mfcl2700dncupswrapper
+      mfcl2720dwcupswrapper
+      mfcl2740dwcupswrapper
+
+      mfcj470dwlpr
+      mfcj6510dwlpr
+
+      mfcl3770cdwlpr
+      mfcl2700dnlpr
+      mfcl2720dwlpr
+      mfcl2740dwlpr
+    ];
+    hardware.sane.enable = true;
+    hardware.sane.brscan4.enable = true;
+    hardware.sane.extraBackends = with pkgs; [
+      utsushi
+      epkowa
+      hplipWithPlugin
+    ];
+  };
+}
--- a/modules/kiosk.nix
+++ b/modules/kiosk.nix
@ -0,0 +1,84 @@
+{ config, lib, pkgs, ... }:
+with lib;
+let
+  cfg = config.services.kiosk;
+in
+{
+  options.services.kiosk = {
+    enable = mkEnableOption "Enable simple kiosk display";
+
+    user = mkOption {
+      type = types.str;
+      default = "root";
+      description = "The user to run the kiosk under";
+    };
+
+    cursor = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Allow a cursor";
+    };
+
+    session = mkOption {
+      type = types.lines;
+      default = "${pkgs.kitty}/bin/kitty ${pkgs.htop}/bin/htop";
+      description = "The session script to run for the kiosk";
+    };
+
+    wayland = mkOption {
+      type = types.bool;
+      default = false;
+      description = "Use wayland instead of xserver";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.cage = mkIf cfg.wayland {
+      enable = true;
+      user = cfg.user;
+      program = cfg.session;
+      # TODO cursor
+    };
+
+    services.xserver = mkIf (!cfg.wayland) {
+      enable = true;
+
+      windowManager.ratpoison.enable = true;
+
+      monitorSection = ''
+        Option   "NODPMS"
+      '';
+
+      serverLayoutSection = ''
+        Option   "BlankTime" "0"
+        Option   "DPMS" "false"
+      '';
+
+      displayManager.lightdm = {
+        enable = true;
+        autoLogin = {
+          enable = true;
+          user = "${cfg.user}";
+        };
+      };
+
+      displayManager.xserverArgs = if cfg.cursor then [ ] else [ "-nocursor" ];
+      displayManager.defaultSession = "kiosk+ratpoison";
+
+      desktopManager.session = [
+        {
+          name = "kiosk";
+          start = ''
+            # dont blank the screen after 5min
+            xset dpms force on
+            xset -dpms
+            xset s noblank
+            xset s off
+
+            ${cfg.session}
+          '';
+        }
+      ];
+    };
+  };
+}
--- a/modules/workstation.nix
+++ b/modules/workstation.nix
@ -0,0 +1,118 @@
+{ config, lib, pkgs, ... }:
+with lib;
+let
+  cfg = config.workstation;
+in
+{
+  options.workstation = {
+    enable = mkEnableOption "make my computer work";
+
+    user = mkOption {
+      type = types.str;
+      description = "The main user of this PC";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    # support gay men (and video)
+    hardware.opengl = {
+      enable = true;
+      driSupport32Bit = true;
+      extraPackages = with pkgs; [
+        vaapiIntel
+        vaapiVdpau
+        libvdpau-va-gl
+      ];
+    };
+    hardware.steam-hardware.enable = true;
+    hardware.uinput.enable = true;
+    fonts.fontconfig.cache32Bit = true;
+
+    # proton esync
+    systemd.extraConfig = "DefaultLimitNOFILE=1048576";
+    security.pam.loginLimits = [
+      {
+        domain = "*";
+        type = "hard";
+        item = "nofile";
+        value = "1048576";
+      }
+    ];
+
+    # the user should have some basic permissions lol
+    users.users."${cfg.user}" = {
+      extraGroups = [ "adbusers" "audio" "video" "libvirtd" "sway" "wheel" "networkmanager" "docker" "input" "uinput" ];
+
+      subUidRanges = [
+        {
+          startUid = 100000;
+          count = 65536;
+        }
+      ];
+      subGidRanges = [
+        {
+          startGid = 100000;
+          count = 65536;
+        }
+      ];
+    };
+
+    # fuck alsa
+    nixpkgs.config.pulseaudio = true;
+
+    # brightness
+    programs.light.enable = true;
+
+    # make fonts not fucked up
+    fonts.fontconfig.enable = true;
+    fonts.fontconfig.dpi = lib.mkDefault 96;
+    services.xserver.dpi = lib.mkDefault 96;
+
+    # this helps with some compatibility
+    hardware.pulseaudio.daemon.config = {
+      "default-sample-rate" = "48000";
+    };
+
+    # networking.networkmanager.ethernet.macAddress = "random";
+    networking.networkmanager.wifi.macAddress = lib.mkDefault "random";
+    networking.networkmanager.wifi.scanRandMacAddress = lib.mkDefault true;
+
+    # Used for chromecast bullshit
+    networking.firewall.allowedUDPPortRanges = [
+      {
+        from = 32768;
+        to = 60999;
+      }
+    ];
+
+    # Shit breaks without this lol
+    services.dbus.packages = [ pkgs.gnome3.dconf ];
+
+    # better default swap
+    boot.kernel.sysctl = { "vm.swappiness" = lib.mkDefault 45; };
+
+    # you probably want this system wide?
+    environment.systemPackages = with pkgs; [
+      exfat
+    ];
+
+    # self explanatory
+    fuckingprint.enable = true;
+
+    # Enable sound.
+    sound.enable = true;
+    hardware.pulseaudio.enable = lib.mkOverride 1100 true;
+    hardware.pulseaudio.support32Bit = lib.mkDefault true;
+    hardware.pulseaudio.zeroconf.discovery.enable = lib.mkDefault true;
+    hardware.pulseaudio.package = pkgs.pulseaudioFull;
+    hardware.pulseaudio.extraConfig = ''
+      load-module module-dbus-protocol
+    '';
+
+    # bluetooth
+    services.blueman.enable = true;
+    hardware.bluetooth.enable = true;
+    hardware.pulseaudio.extraModules = [ pkgs.pulseaudio-modules-bt ];
+    hardware.bluetooth.config.General.Enable = "Source,Sink,Media,Socket";
+  };
+}