harald/nixcfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

add amd

Browse source
This commit is contained in:
Harald Hoyer 2026-01-17 14:48:45 +01:00
parent 271b15314c
commit 7f9248ad00
9 changed files with 354 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

22
.secrets/x1/files.yaml
View file

@ -1,20 +1,5 @@
hello: ENC[AES256_GCM,data:fXNDiacuFhmqmbo9FiGmoBKeOk7KvuVw3ytzcEzj/VxkqoDCGtJ2YX/TaVQfsQ==,iv:bHP2CYXZth3DX6OIeqdzv3zmFVWdRaNBvLuZx0FSyf8=,tag:bn1w5QcyyQ5EcXyoFnc1Zw==,type:str]
example_key: ENC[AES256_GCM,data:lumROh5JwNpCJrNzxg==,iv:FLmpmVtzMUzPV9Y0nLTKXzisUqCZKonv44LviQTMsfU=,tag:Hp2N7AG7lGNQstt27Ty8pw==,type:str]
#ENC[AES256_GCM,data:KrggG2yc0mFi3zoZ+WLd7w==,iv:GQZPZZH4xGxFcP5BLiwUIVQkCi7Bsmalsz/myNBbdoI=,tag:fzmEQLnWjfVc+iywEFwp9Q==,type:comment]
example_array:
- ENC[AES256_GCM,data:7go3euwMIP7BDuq96vo=,iv:P8hx+DSSbkhrw0SOKLMtcc4/TZBODnQnQFRUxv49oio=,tag:Xi5JbLc+xvcOOv10pY1ydw==,type:str]
- ENC[AES256_GCM,data:WVgP3/Hak8ha5yaPmTU=,iv:2DwnOLze1a0vXfOey2xv4qOVE1PhOMq3e+GR/3RiOPU=,tag:TftAtYcHRQctTV5sBHPKFw==,type:str]
example_number: ENC[AES256_GCM,data:fOprnAAZ/267JQ==,iv:5jvsM3i5iHcpSJWqcryqQJQZCrEP72jcAkyc7qVVirk=,tag:nxecWgcSZOyzuwvOlFawyw==,type:float]
example_booleans:
- ENC[AES256_GCM,data:iCUmxA==,iv:On6DiKbzithmRq+smOW4pEq3tod0zWWT7dyW9ArolLY=,tag:yoD9ODLYSZkuP0qkUrkR3w==,type:bool]
- ENC[AES256_GCM,data:dAYxptk=,iv:JAm9mvA5EH581cZkaNK8yYkV8U8o2gWR2jAh+mUMxt0=,tag:W5sHPszsOzUDZ6mQgIcq+w==,type:bool]
hosts: ENC[AES256_GCM,data:/28ojxFukz4ThwSjQGURtf+h5Ic5WJN6P8nC75zQWan6LANOVc1zk5tVh7qmSLXcGvGW/2IE0dpz2ysY+z7ujYdKSDA2neFy8+NoBXc3REG60nF/QdNiHMg2rlLfq9n7eQAqXGBSpED/41Y/YO2nuV8ehL4GtsDOuFZnxujnLbu+Q6u30yf+/IVqlk3VnWm5C+Fy6bdX2bYOUyM5ce313i4u5slBEBs0l1lQjX1vE4KK5F6t3d410NdGHShB+RXkOhaBujKX/hKEXWQku/nnjgOiP+JURB/qA/SZzxO/yoV7htNvCE/JcfmTk85SVPAmp7uy4egyK4FveKRXtT5Gla1Vnrg1v9NAVCuYgQECqhE3IYEjtUlxul0h+OI4JmnP6y90nLz8RozxGw4qIc8yJgOZmVORqr2PqbFbtdj8MKid9Df0ciU=,iv:YhMTYHV3kc3LQrAGaPgkek5ZrEYYcZxNOPyKUSbgsC8=,tag:Axx5CIPWdDb8hukM7H4sxg==,type:str]
wg: ENC[AES256_GCM,data:HjvSsKAkH2yIpuPPteNz/7guP46OrRvH2eKIQPxMSf/kiWXHTRUZDUmGakbOryirkakkgQF1fwxRXehiFULvfaPb9WNx6kR7X7orNWmSR5CRmNWBCB5y7CRsSlO3frL8iKR1JLFjew7omktHiXBew63q38YvsvOeXI2zoLumuGuXl6JH5D9hK2AvEBUehMSkBzrLFgZNeNjsxnFatQEic9e6namjJ2TqcT4F1z4u/5yptkmUCpn4isLjV23zFOALOXcjjyy/9ztcKMGiGE+ULQM3fm+7c3ryux/PmREr2Aj0IDQMDXgJCPvdiHhXvC7K/oGwJPDJeP0v,iv:Lnz5RyUi9D3dClgzFmm4EeD6SZGuFFbs6JBIZevUIdo=,tag:EjheBu/a392lcAgQVVtIuw==,type:str] wg: ENC[AES256_GCM,data:HjvSsKAkH2yIpuPPteNz/7guP46OrRvH2eKIQPxMSf/kiWXHTRUZDUmGakbOryirkakkgQF1fwxRXehiFULvfaPb9WNx6kR7X7orNWmSR5CRmNWBCB5y7CRsSlO3frL8iKR1JLFjew7omktHiXBew63q38YvsvOeXI2zoLumuGuXl6JH5D9hK2AvEBUehMSkBzrLFgZNeNjsxnFatQEic9e6namjJ2TqcT4F1z4u/5yptkmUCpn4isLjV23zFOALOXcjjyy/9ztcKMGiGE+ULQM3fm+7c3ryux/PmREr2Aj0IDQMDXgJCPvdiHhXvC7K/oGwJPDJeP0v,iv:Lnz5RyUi9D3dClgzFmm4EeD6SZGuFFbs6JBIZevUIdo=,tag:EjheBu/a392lcAgQVVtIuw==,type:str]
sops: sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age: age:
- recipient: age1z87u2na6vts0sqg6sc73p9ym6e5g9a0gf3hp9e7ha47e83zy4efqcjhk0y - recipient: age1z87u2na6vts0sqg6sc73p9ym6e5g9a0gf3hp9e7ha47e83zy4efqcjhk0y
enc: | enc: |
@ -43,8 +28,7 @@ sops:
ZktoOXRCUHJIbEhYQVhWT0hHRjUzMU0KcL64LuhLbd5wSM0KzLA3ObUm7s4kjUZ5 ZktoOXRCUHJIbEhYQVhWT0hHRjUzMU0KcL64LuhLbd5wSM0KzLA3ObUm7s4kjUZ5
IQ9S8DnWyaCurfd+6/fZQR+SVjImI0n67I7EvoFLWUt1heXaRKRqLA== IQ9S8DnWyaCurfd+6/fZQR+SVjImI0n67I7EvoFLWUt1heXaRKRqLA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-04-04T11:23:03Z" lastmodified: "2026-01-16T12:48:19Z"
mac: ENC[AES256_GCM,data:l/WirVeSYQLuaZEjAPyX+5DJu3hfqiw1ZzPUNAbNKFQ1vUQf5Zxo3tfM7ROO+x95T9jGE271TIchTJAVu0C2XFTSPv7fJ9+WWyUr3JeFN1kFXt/k8Q5aLGdffAInhN2exsw/KKP0IXta5t4g2QfFsBZTDKCqLaj+WUeGBEJfjoc=,iv:J+6OIcE6i0Nt1Nb4m+aBBYeCj1iLNFigrRWYyYbY5GU=,tag:XTBvtWFNgRzuVyT7sWkGlg==,type:str] mac: ENC[AES256_GCM,data:U1SIW5TqbvKEWLVIK4cNTqTPROyEqlSdnqaaSHeP2gKbhzCLyV6sTrwoE9D0x8GMXWRAImhI5FtnU1j485cvoYn+LCwjd9RiXNtvuHD8LL2j5lYiMpQHoctpDCx4LR9Mx8MCi9tio+JDUZXKBLM6F/9rHD6rwj0GSQoyG6ExxKI=,iv:6lPl0581yLz5zGN3UBjgiKghk/hsSAWRT1E/JQWBiQc=,tag:HSFHKyd+aVCgr9dl+1ncwQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.4 version: 3.11.0

18
flake.lock generated
View file

@ -403,11 +403,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1767910483, "lastModified": 1768603898,
"narHash": "sha256-MOU5YdVu4DVwuT5ztXgQpPuRRBjSjUGIdUzOQr9iQOY=", "narHash": "sha256-vRV1dWJOCpCal3PRr86wE2WTOMfAhTu6G7bSvOsryUo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "82fb7dedaad83e5e279127a38ef410bcfac6d77c", "rev": "2a63d0e9d2c72ac4d4150ebb242cf8d86f488c8c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -623,11 +623,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1768028080, "lastModified": 1768323494,
"narHash": "sha256-50aDK+8eLvsLK39TzQhKNq50/HcXyP4hyxOYoPoVxjo=", "narHash": "sha256-yBXJLE6WCtrGo7LKiB6NOt6nisBEEkguC/lq/rP3zRQ=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "d03088749a110d52a4739348f39a63f84bb0be14", "rev": "2c3e5ec5df46d3aeee2a1da0bfedd74e21f4bf3a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -854,11 +854,11 @@
}, },
"unstable": { "unstable": {
"locked": { "locked": {
"lastModified": 1768127708, "lastModified": 1768564909,
"narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=", "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38", "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f",
"type": "github" "type": "github"
}, },
"original": { "original": {

96
homes/x86_64-linux/harald@amd/default.nix Normal file
View file

@ -0,0 +1,96 @@
{ config, ... }:
{
home.sessionPath = [
"$HOME/bin"
"$HOME/.local/share/JetBrains/Toolbox/scripts"
];
metacfg = {
user = {
enable = true;
name = config.snowfallorg.user.name;
};
cli-apps = {
bash.enable = true;
fish.enable = true;
neovim.enable = false;
bat.enable = true;
starship.enable = true;
home-manager.enable = true;
};
tools = {
git.enable = true;
};
gui.kbd.ellipsis = true;
};
fonts.fontconfig.enable = true;
services.syncthing = {
enable = true;
tray.enable = true;
/*
settings = {
devices = {
"sgx" = {
id = "2AAVSVQ-PK66I2B-2B4KWAU-TF674DG-IXNEKLF-CIWK7HG-7MUC7OW-DQQNAQM";
};
"x1" = {
id = "ZXRDFYU-W22PYCZ-7QJJCVN-GGHP3TS-KSY56B4-75OLQRN-UR2A4ZU-7BQBQQZ";
};
};
folders = {
"qibxq-03l4j" = {
path = "~/Documents/logseq";
devices = [
"sgx"
];
};
};
};
*/
# overrideFolders = false;
# overrideDevices = false;
};
dconf.settings = {
# ...
"org/gnome/shell" = {
disable-user-extensions = false;
# `gnome-extensions list` for a list
enabled-extensions = [
"Vitals@CoreCoding.com"
"appindicatorsupport@rgcjonas.gmail.com"
"dash-to-panel@jderose9.github.com"
"hibernate-status@dromi"
"autohide-battery@sitnik.ru"
"clipboard-history@alexsaveau.dev"
];
favorite-apps = [
"org.gnome.Terminal.desktop"
"jetbrains-toolbox.desktop"
"org.mozilla.firefox.desktop"
"firefox.desktop"
"thunderbird.desktop"
"org.mozilla.Thunderbird.desktop"
"slack.desktop"
"keybase.desktop"
"spotify.desktop"
"org.gnome.Nautilus.desktop"
"virt-manager.desktop"
];
};
"org/virt-manager/virt-manager/connections" = {
autoconnect = [ "qemu:///system" ];
uris = [ "qemu:///system" ];
};
};
dconf.settings."org/gnome/desktop/input-sources".xkb-options = [ "mod:ellipsis" ];
xdg.enable = true;
xdg.mime.enable = true;
}

7
overlays/unstable/default.nix
View file

@ -5,13 +5,18 @@ final: prev: {
# opencode # opencode
tailscale tailscale
claude-code claude-code
gnome-remote-desktop
freerdp freerdp
# open-webui # open-webui
# vscode # vscode
# nodejs_20 # nodejs_20
; ;
gnome-remote-desktop = channels.unstable.gnome-remote-desktop.overrideAttrs (prevAttrs: {
patches = (prevAttrs.patches or [ ]) ++ [
./gnome-remote-desktop-mac.patch
];
});
# goose-cli = channels.unstable.callPackage ./goose.nix { }; # goose-cli = channels.unstable.callPackage ./goose.nix { };
# claude-code = channels.unstable.callPackage ./claude-code/package.nix { }; # claude-code = channels.unstable.callPackage ./claude-code/package.nix { };
# gemini-cli = channels.unstable.callPackage ./gemini-cli/package.nix { }; # gemini-cli = channels.unstable.callPackage ./gemini-cli/package.nix { };

38
overlays/unstable/gnome-remote-desktop-mac.patch Normal file
View file

@ -0,0 +1,38 @@
From 35f9645cf500695da45e6faeacef536dc929d513 Mon Sep 17 00:00:00 2001
From: Pascal Nowack <Pascal.Nowack@gmx.de>
Date: Fri, 2 Aug 2024 15:03:06 +0200
Subject: [PATCH] session-rdp: Also try to identify MS remote desktop client
for Mac
WIP
---
src/grd-session-rdp.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/src/grd-session-rdp.c b/src/grd-session-rdp.c
index ecac9e0a..3923e91d 100644
--- a/src/grd-session-rdp.c
+++ b/src/grd-session-rdp.c
@@ -274,11 +274,15 @@ grd_session_rdp_is_client_mstsc (GrdSessionRdp *session_rdp)
{
rdpContext *rdp_context = session_rdp->peer->context;
rdpSettings *rdp_settings = rdp_context->settings;
+ uint32_t os_major_type =
+ freerdp_settings_get_uint32 (rdp_settings, FreeRDP_OsMajorType);
+ uint32_t os_minor_type =
+ freerdp_settings_get_uint32 (rdp_settings, FreeRDP_OsMinorType);
- return freerdp_settings_get_uint32 (rdp_settings, FreeRDP_OsMajorType) ==
- OSMAJORTYPE_WINDOWS &&
- freerdp_settings_get_uint32 (rdp_settings, FreeRDP_OsMinorType) ==
- OSMINORTYPE_WINDOWS_NT;
+ return (os_major_type == OSMAJORTYPE_WINDOWS &&
+ os_minor_type == OSMINORTYPE_WINDOWS_NT) ||
+ (os_major_type == OSMAJORTYPE_OSX &&
+ os_minor_type == OSMINORTYPE_UNSPECIFIED);
}
static WCHAR *
--
2.45.2

138
systems/x86_64-linux/amd/default.nix Normal file
View file

@ -0,0 +1,138 @@
{
pkgs,
lib,
config,
...
}:
with lib;
with lib.metacfg;
{
imports = [
./hardware-configuration.nix
./xremap.nix
];
services.rustdesk-server.signal.enable = false;
networking.firewall.allowedTCPPorts = [
22000
];
programs.ccache.enable = true;
nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ];
services.tailscale.enable = true;
services.cratedocs-mcp.enable = true;
services.openssh = {
enable = true;
};
hardware.bluetooth.input.General.ClassicBondedOnly = false;
services.udev.extraRules = ''
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="342d", ATTRS{idProduct}=="e4c5", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="342d", ATTRS{idProduct}=="e489", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
'';
metacfg = {
base.enable = true;
gui.enable = true;
nix-ld.enable = true;
nix.enable = true;
podman.enable = true;
secureboot.enable = true;
homeprinter.enable = true;
system = {
limits = {
enable = true;
nofileLimit = 32768;
memlockLimit = 32768;
};
};
# User configuration
tools = {
direnv.enable = true;
};
user.extraGroups = [
"docker"
"dialout"
"tss"
];
};
nixpkgs.config.permittedInsecurePackages = [
"electron-27.3.11"
];
# increase freezing timeout
boot.kernel.sysctl = {
"power.pm_freeze_timeout" = 30000;
};
environment.systemPackages = with pkgs; [
attic-client
azure-cli
claude-code
claude-desktop-with-fhs
desktop-file-utils
fabric-ai
gemini-cli
gnome-terminal
gnome-remote-desktop
gtypist
k9s
klavaro
kubectl
kubectx
libcamera
logseq
obsidian
piper-tts
tipp10
uv
vscode
];
zramSwap.enable = true;
services.ratbagd.enable = true;
services.resolved.enable = true;
#services.resolved.dnssec = "allow-downgrade";
#services.resolved.extraConfig = ''
# ResolveUnicastSingleLabel=yes
#'';
virtualisation = {
libvirtd.enable = true;
};
system.autoUpgrade = {
enable = true;
operation = "boot";
allowReboot = false;
};
services.trezord.enable = true;
services.ollama = {
enable = false;
acceleration = "rocm";
environmentVariables = {
HSA_OVERRIDE_GFX_VERSION = "10.1.0";
};
};
/*
environment.sessionVariables = {
LIBVA_DRIVER_NAME = "iHD";
# NIXOS_OZONE_WL = "1";
# DRI_PRIME = "pci-0000_24_00_0";
DRI_PRIME = "pci-0000_00_02_0";
};
*/
system.stateVersion = "25.11";
}

31
systems/x86_64-linux/amd/hardware-configuration.nix Normal file
View file

@ -0,0 +1,31 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "ahci" "xhci_pci" "thunderbolt" "usbhid" "uas" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/050c9912-36c3-4a65-ba8b-ba68e5171e18";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/2C8E-85CB";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices = [ ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

33
systems/x86_64-linux/amd/xremap.nix Normal file
View file

@ -0,0 +1,33 @@
# In /etc/nixos/configuration.nix
{ ... }:
{
users.users.harald.extraGroups = [ "input" ];
# Enable the xremap service
services.xremap.enable = true;
services.xremap.userName = "harald"; # Replace with your username
services.xremap.serviceMode = "user"; # Run as user service, not system-wide
services.xremap.withGnome = true;
# Add a specific configuration block to select your keyboard(s) by name
services.xremap.deviceNames = [
# Use the name found in the log output: "Hangsheng MonsGeek Keyboard System Control"
"Hangsheng MonsGeek Keyboard"
"HS Galaxy100 Keyboard"
# You can usually shorten the name slightly to match the device you want
];
# Define your remapping configuration using Nix's attribute set format
services.xremap.config = {
keymap = [
{
remap = {
# Map Alt+C (LeftAlt-C) to Ctrl+C (LeftControl-C)
LeftAlt-C = "COPY";
LeftAlt-V = "PASTE";
LeftAlt-X = "CUT";
};
}
];
};
}

3
systems/x86_64-linux/x1/default.nix
View file

@ -27,11 +27,8 @@ with lib.metacfg;
sops.age.sshKeyPaths = [ "/var/lib/secrets/ssh_host_ed25519_key" ]; sops.age.sshKeyPaths = [ "/var/lib/secrets/ssh_host_ed25519_key" ];
sops.secrets."wg".sopsFile = ../../../.secrets/x1/files.yaml; sops.secrets."wg".sopsFile = ../../../.secrets/x1/files.yaml;
sops.secrets."wg".mode = "0444"; sops.secrets."wg".mode = "0444";
sops.secrets."hosts".sopsFile = ../../../.secrets/x1/files.yaml;
sops.secrets."hosts".mode = "0444";
environment.etc."wg0.backup.conf".source = config.sops.secrets."wg".path; environment.etc."wg0.backup.conf".source = config.sops.secrets."wg".path;
environment.etc."hosts.backup".source = config.sops.secrets."hosts".path;
services.openssh = { services.openssh = {
enable = true; enable = true;