add amd

2026-01-17 14:48:45 +01:00 · 2026-01-17 14:48:45 +01:00 · 7f9248ad00
commit 7f9248ad00
parent 271b15314c
9 changed files with 354 additions and 32 deletions
--- a/.secrets/x1/files.yaml
+++ b/.secrets/x1/files.yaml
@ -1,20 +1,5 @@
-hello: ENC[AES256_GCM,data:fXNDiacuFhmqmbo9FiGmoBKeOk7KvuVw3ytzcEzj/VxkqoDCGtJ2YX/TaVQfsQ==,iv:bHP2CYXZth3DX6OIeqdzv3zmFVWdRaNBvLuZx0FSyf8=,tag:bn1w5QcyyQ5EcXyoFnc1Zw==,type:str]
-example_key: ENC[AES256_GCM,data:lumROh5JwNpCJrNzxg==,iv:FLmpmVtzMUzPV9Y0nLTKXzisUqCZKonv44LviQTMsfU=,tag:Hp2N7AG7lGNQstt27Ty8pw==,type:str]
-#ENC[AES256_GCM,data:KrggG2yc0mFi3zoZ+WLd7w==,iv:GQZPZZH4xGxFcP5BLiwUIVQkCi7Bsmalsz/myNBbdoI=,tag:fzmEQLnWjfVc+iywEFwp9Q==,type:comment]
-example_array:
-    - ENC[AES256_GCM,data:7go3euwMIP7BDuq96vo=,iv:P8hx+DSSbkhrw0SOKLMtcc4/TZBODnQnQFRUxv49oio=,tag:Xi5JbLc+xvcOOv10pY1ydw==,type:str]
-    - ENC[AES256_GCM,data:WVgP3/Hak8ha5yaPmTU=,iv:2DwnOLze1a0vXfOey2xv4qOVE1PhOMq3e+GR/3RiOPU=,tag:TftAtYcHRQctTV5sBHPKFw==,type:str]
-example_number: ENC[AES256_GCM,data:fOprnAAZ/267JQ==,iv:5jvsM3i5iHcpSJWqcryqQJQZCrEP72jcAkyc7qVVirk=,tag:nxecWgcSZOyzuwvOlFawyw==,type:float]
-example_booleans:
-    - ENC[AES256_GCM,data:iCUmxA==,iv:On6DiKbzithmRq+smOW4pEq3tod0zWWT7dyW9ArolLY=,tag:yoD9ODLYSZkuP0qkUrkR3w==,type:bool]
-    - ENC[AES256_GCM,data:dAYxptk=,iv:JAm9mvA5EH581cZkaNK8yYkV8U8o2gWR2jAh+mUMxt0=,tag:W5sHPszsOzUDZ6mQgIcq+w==,type:bool]
-hosts: ENC[AES256_GCM,data:/28ojxFukz4ThwSjQGURtf+h5Ic5WJN6P8nC75zQWan6LANOVc1zk5tVh7qmSLXcGvGW/2IE0dpz2ysY+z7ujYdKSDA2neFy8+NoBXc3REG60nF/QdNiHMg2rlLfq9n7eQAqXGBSpED/41Y/YO2nuV8ehL4GtsDOuFZnxujnLbu+Q6u30yf+/IVqlk3VnWm5C+Fy6bdX2bYOUyM5ce313i4u5slBEBs0l1lQjX1vE4KK5F6t3d410NdGHShB+RXkOhaBujKX/hKEXWQku/nnjgOiP+JURB/qA/SZzxO/yoV7htNvCE/JcfmTk85SVPAmp7uy4egyK4FveKRXtT5Gla1Vnrg1v9NAVCuYgQECqhE3IYEjtUlxul0h+OI4JmnP6y90nLz8RozxGw4qIc8yJgOZmVORqr2PqbFbtdj8MKid9Df0ciU=,iv:YhMTYHV3kc3LQrAGaPgkek5ZrEYYcZxNOPyKUSbgsC8=,tag:Axx5CIPWdDb8hukM7H4sxg==,type:str]
 wg: ENC[AES256_GCM,data:HjvSsKAkH2yIpuPPteNz/7guP46OrRvH2eKIQPxMSf/kiWXHTRUZDUmGakbOryirkakkgQF1fwxRXehiFULvfaPb9WNx6kR7X7orNWmSR5CRmNWBCB5y7CRsSlO3frL8iKR1JLFjew7omktHiXBew63q38YvsvOeXI2zoLumuGuXl6JH5D9hK2AvEBUehMSkBzrLFgZNeNjsxnFatQEic9e6namjJ2TqcT4F1z4u/5yptkmUCpn4isLjV23zFOALOXcjjyy/9ztcKMGiGE+ULQM3fm+7c3ryux/PmREr2Aj0IDQMDXgJCPvdiHhXvC7K/oGwJPDJeP0v,iv:Lnz5RyUi9D3dClgzFmm4EeD6SZGuFFbs6JBIZevUIdo=,tag:EjheBu/a392lcAgQVVtIuw==,type:str]
 sops:
-    kms: []
-    gcp_kms: []
-    azure_kv: []
-    hc_vault: []
    age:
        - recipient: age1z87u2na6vts0sqg6sc73p9ym6e5g9a0gf3hp9e7ha47e83zy4efqcjhk0y
          enc: |
@ -43,8 +28,7 @@ sops:
            ZktoOXRCUHJIbEhYQVhWT0hHRjUzMU0KcL64LuhLbd5wSM0KzLA3ObUm7s4kjUZ5
            IQ9S8DnWyaCurfd+6/fZQR+SVjImI0n67I7EvoFLWUt1heXaRKRqLA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-04-04T11:23:03Z"
-    mac: ENC[AES256_GCM,data:l/WirVeSYQLuaZEjAPyX+5DJu3hfqiw1ZzPUNAbNKFQ1vUQf5Zxo3tfM7ROO+x95T9jGE271TIchTJAVu0C2XFTSPv7fJ9+WWyUr3JeFN1kFXt/k8Q5aLGdffAInhN2exsw/KKP0IXta5t4g2QfFsBZTDKCqLaj+WUeGBEJfjoc=,iv:J+6OIcE6i0Nt1Nb4m+aBBYeCj1iLNFigrRWYyYbY5GU=,tag:XTBvtWFNgRzuVyT7sWkGlg==,type:str]
-    pgp: []
+    lastmodified: "2026-01-16T12:48:19Z"
+    mac: ENC[AES256_GCM,data:U1SIW5TqbvKEWLVIK4cNTqTPROyEqlSdnqaaSHeP2gKbhzCLyV6sTrwoE9D0x8GMXWRAImhI5FtnU1j485cvoYn+LCwjd9RiXNtvuHD8LL2j5lYiMpQHoctpDCx4LR9Mx8MCi9tio+JDUZXKBLM6F/9rHD6rwj0GSQoyG6ExxKI=,iv:6lPl0581yLz5zGN3UBjgiKghk/hsSAWRT1E/JQWBiQc=,tag:HSFHKyd+aVCgr9dl+1ncwQ==,type:str]
    unencrypted_suffix: _unencrypted
-    version: 3.9.4
+    version: 3.11.0
--- a/flake.lock
+++ b/flake.lock
@ -403,11 +403,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1767910483,
-        "narHash": "sha256-MOU5YdVu4DVwuT5ztXgQpPuRRBjSjUGIdUzOQr9iQOY=",
+        "lastModified": 1768603898,
+        "narHash": "sha256-vRV1dWJOCpCal3PRr86wE2WTOMfAhTu6G7bSvOsryUo=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "82fb7dedaad83e5e279127a38ef410bcfac6d77c",
+        "rev": "2a63d0e9d2c72ac4d4150ebb242cf8d86f488c8c",
        "type": "github"
      },
      "original": {
@ -623,11 +623,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1768028080,
-        "narHash": "sha256-50aDK+8eLvsLK39TzQhKNq50/HcXyP4hyxOYoPoVxjo=",
+        "lastModified": 1768323494,
+        "narHash": "sha256-yBXJLE6WCtrGo7LKiB6NOt6nisBEEkguC/lq/rP3zRQ=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "d03088749a110d52a4739348f39a63f84bb0be14",
+        "rev": "2c3e5ec5df46d3aeee2a1da0bfedd74e21f4bf3a",
        "type": "github"
      },
      "original": {
@ -854,11 +854,11 @@
    },
    "unstable": {
      "locked": {
-        "lastModified": 1768127708,
-        "narHash": "sha256-1Sm77VfZh3mU0F5OqKABNLWxOuDeHIlcFjsXeeiPazs=",
+        "lastModified": 1768564909,
+        "narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=",
        "owner": "nixos",
        "repo": "nixpkgs",
-        "rev": "ffbc9f8cbaacfb331b6017d5a5abb21a492c9a38",
+        "rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f",
        "type": "github"
      },
      "original": {
--- a/homes/x86_64-linux/harald@amd/default.nix
+++ b/homes/x86_64-linux/harald@amd/default.nix
@ -0,0 +1,96 @@
+{ config, ... }:
+{
+  home.sessionPath = [
+    "$HOME/bin"
+    "$HOME/.local/share/JetBrains/Toolbox/scripts"
+  ];
+
+  metacfg = {
+    user = {
+      enable = true;
+      name = config.snowfallorg.user.name;
+    };
+    cli-apps = {
+      bash.enable = true;
+      fish.enable = true;
+      neovim.enable = false;
+      bat.enable = true;
+      starship.enable = true;
+      home-manager.enable = true;
+    };
+    tools = {
+      git.enable = true;
+    };
+    gui.kbd.ellipsis = true;
+  };
+
+  fonts.fontconfig.enable = true;
+
+  services.syncthing = {
+    enable = true;
+    tray.enable = true;
+    /*
+      settings = {
+      devices = {
+        "sgx" = {
+          id = "2AAVSVQ-PK66I2B-2B4KWAU-TF674DG-IXNEKLF-CIWK7HG-7MUC7OW-DQQNAQM";
+        };
+        "x1" = {
+          id = "ZXRDFYU-W22PYCZ-7QJJCVN-GGHP3TS-KSY56B4-75OLQRN-UR2A4ZU-7BQBQQZ";
+        };
+      };
+      folders = {
+        "qibxq-03l4j" = {
+          path = "~/Documents/logseq";
+          devices = [
+            "sgx"
+          ];
+        };
+      };
+      };
+    */
+
+    #    overrideFolders = false;
+    #    overrideDevices = false;
+  };
+
+  dconf.settings = {
+    # ...
+    "org/gnome/shell" = {
+      disable-user-extensions = false;
+
+      # `gnome-extensions list` for a list
+      enabled-extensions = [
+        "Vitals@CoreCoding.com"
+        "appindicatorsupport@rgcjonas.gmail.com"
+        "dash-to-panel@jderose9.github.com"
+        "hibernate-status@dromi"
+        "autohide-battery@sitnik.ru"
+        "clipboard-history@alexsaveau.dev"
+      ];
+
+      favorite-apps = [
+        "org.gnome.Terminal.desktop"
+        "jetbrains-toolbox.desktop"
+        "org.mozilla.firefox.desktop"
+        "firefox.desktop"
+        "thunderbird.desktop"
+        "org.mozilla.Thunderbird.desktop"
+        "slack.desktop"
+        "keybase.desktop"
+        "spotify.desktop"
+        "org.gnome.Nautilus.desktop"
+        "virt-manager.desktop"
+      ];
+    };
+    "org/virt-manager/virt-manager/connections" = {
+      autoconnect = [ "qemu:///system" ];
+      uris = [ "qemu:///system" ];
+    };
+  };
+
+  dconf.settings."org/gnome/desktop/input-sources".xkb-options = [ "mod:ellipsis" ];
+
+  xdg.enable = true;
+  xdg.mime.enable = true;
+}
--- a/overlays/unstable/default.nix
+++ b/overlays/unstable/default.nix
@ -5,13 +5,18 @@ final: prev: {
    # opencode
    tailscale
    claude-code
-    gnome-remote-desktop
    freerdp
    # open-webui
    # vscode
    # nodejs_20
    ;

+  gnome-remote-desktop = channels.unstable.gnome-remote-desktop.overrideAttrs (prevAttrs: {
+    patches = (prevAttrs.patches or [ ]) ++ [
+      ./gnome-remote-desktop-mac.patch
+    ];
+  });
+
  # goose-cli = channels.unstable.callPackage ./goose.nix { };
  # claude-code = channels.unstable.callPackage ./claude-code/package.nix { };
  # gemini-cli = channels.unstable.callPackage ./gemini-cli/package.nix { };
--- a/overlays/unstable/gnome-remote-desktop-mac.patch
+++ b/overlays/unstable/gnome-remote-desktop-mac.patch
@ -0,0 +1,38 @@
+From 35f9645cf500695da45e6faeacef536dc929d513 Mon Sep 17 00:00:00 2001
+From: Pascal Nowack <Pascal.Nowack@gmx.de>
+Date: Fri, 2 Aug 2024 15:03:06 +0200
+Subject: [PATCH] session-rdp: Also try to identify MS remote desktop client
+ for Mac
+
+WIP
+---
+ src/grd-session-rdp.c | 12 ++++++++----
+ 1 file changed, 8 insertions(+), 4 deletions(-)
+
+diff --git a/src/grd-session-rdp.c b/src/grd-session-rdp.c
+index ecac9e0a..3923e91d 100644
+--- a/src/grd-session-rdp.c
+++ b/src/grd-session-rdp.c
+@@ -274,11 +274,15 @@ grd_session_rdp_is_client_mstsc (GrdSessionRdp *session_rdp)
+ {
+   rdpContext *rdp_context = session_rdp->peer->context;
+   rdpSettings *rdp_settings = rdp_context->settings;
+  uint32_t os_major_type =
+    freerdp_settings_get_uint32 (rdp_settings, FreeRDP_OsMajorType);
+  uint32_t os_minor_type =
+    freerdp_settings_get_uint32 (rdp_settings, FreeRDP_OsMinorType);
+ 
+-  return freerdp_settings_get_uint32 (rdp_settings, FreeRDP_OsMajorType) ==
+-         OSMAJORTYPE_WINDOWS &&
+-         freerdp_settings_get_uint32 (rdp_settings, FreeRDP_OsMinorType) ==
+-         OSMINORTYPE_WINDOWS_NT;
+  return (os_major_type == OSMAJORTYPE_WINDOWS &&
+          os_minor_type == OSMINORTYPE_WINDOWS_NT) ||
+         (os_major_type == OSMAJORTYPE_OSX &&
+          os_minor_type == OSMINORTYPE_UNSPECIFIED);
+ }
+ 
+ static WCHAR *
+-- 
+2.45.2
+
--- a/systems/x86_64-linux/amd/default.nix
+++ b/systems/x86_64-linux/amd/default.nix
@ -0,0 +1,138 @@
+{
+  pkgs,
+  lib,
+  config,
+  ...
+}:
+with lib;
+with lib.metacfg;
+{
+  imports = [
+    ./hardware-configuration.nix
+    ./xremap.nix
+  ];
+
+  services.rustdesk-server.signal.enable = false;
+  networking.firewall.allowedTCPPorts = [
+    22000
+  ];
+
+  programs.ccache.enable = true;
+  nix.settings.extra-sandbox-paths = [ config.programs.ccache.cacheDir ];
+
+  services.tailscale.enable = true;
+
+  services.cratedocs-mcp.enable = true;
+
+  services.openssh = {
+    enable = true;
+  };
+
+  hardware.bluetooth.input.General.ClassicBondedOnly = false;
+  services.udev.extraRules = ''
+    KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="342d", ATTRS{idProduct}=="e4c5", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
+    KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="342d", ATTRS{idProduct}=="e489", MODE="0660", GROUP="users", TAG+="uaccess", TAG+="udev-acl"
+  '';
+
+  metacfg = {
+    base.enable = true;
+    gui.enable = true;
+    nix-ld.enable = true;
+    nix.enable = true;
+    podman.enable = true;
+    secureboot.enable = true;
+    homeprinter.enable = true;
+
+    system = {
+      limits = {
+        enable = true;
+        nofileLimit = 32768;
+        memlockLimit = 32768;
+      };
+    };
+
+    # User configuration
+    tools = {
+      direnv.enable = true;
+    };
+    user.extraGroups = [
+      "docker"
+      "dialout"
+      "tss"
+    ];
+  };
+
+  nixpkgs.config.permittedInsecurePackages = [
+    "electron-27.3.11"
+  ];
+
+  # increase freezing timeout
+  boot.kernel.sysctl = {
+    "power.pm_freeze_timeout" = 30000;
+  };
+
+  environment.systemPackages = with pkgs; [
+    attic-client
+    azure-cli
+    claude-code
+    claude-desktop-with-fhs
+    desktop-file-utils
+    fabric-ai
+    gemini-cli
+    gnome-terminal
+    gnome-remote-desktop
+    gtypist
+    k9s
+    klavaro
+    kubectl
+    kubectx
+    libcamera
+    logseq
+    obsidian
+    piper-tts
+    tipp10
+    uv
+    vscode
+  ];
+
+  zramSwap.enable = true;
+
+  services.ratbagd.enable = true;
+
+  services.resolved.enable = true;
+  #services.resolved.dnssec = "allow-downgrade";
+  #services.resolved.extraConfig = ''
+  #  ResolveUnicastSingleLabel=yes
+  #'';
+
+  virtualisation = {
+    libvirtd.enable = true;
+  };
+
+  system.autoUpgrade = {
+    enable = true;
+    operation = "boot";
+    allowReboot = false;
+  };
+
+  services.trezord.enable = true;
+
+  services.ollama = {
+    enable = false;
+    acceleration = "rocm";
+    environmentVariables = {
+      HSA_OVERRIDE_GFX_VERSION = "10.1.0";
+    };
+  };
+
+  /*
+    environment.sessionVariables = {
+      LIBVA_DRIVER_NAME = "iHD";
+      # NIXOS_OZONE_WL = "1";
+      # DRI_PRIME = "pci-0000_24_00_0";
+      DRI_PRIME = "pci-0000_00_02_0";
+    };
+  */
+
+  system.stateVersion = "25.11";
+}
--- a/systems/x86_64-linux/amd/hardware-configuration.nix
+++ b/systems/x86_64-linux/amd/hardware-configuration.nix
@ -0,0 +1,31 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "nvme" "ahci" "xhci_pci" "thunderbolt" "usbhid" "uas" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/050c9912-36c3-4a65-ba8b-ba68e5171e18";
+      fsType = "ext4";
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/2C8E-85CB";
+      fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
+    };
+
+  swapDevices = [ ];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/systems/x86_64-linux/amd/xremap.nix
+++ b/systems/x86_64-linux/amd/xremap.nix
@ -0,0 +1,33 @@
+# In /etc/nixos/configuration.nix
+{ ... }:
+{
+  users.users.harald.extraGroups = [ "input" ];
+
+  # Enable the xremap service
+  services.xremap.enable = true;
+  services.xremap.userName = "harald"; # Replace with your username
+  services.xremap.serviceMode = "user"; # Run as user service, not system-wide
+  services.xremap.withGnome = true;
+
+  # Add a specific configuration block to select your keyboard(s) by name
+  services.xremap.deviceNames = [
+    # Use the name found in the log output: "Hangsheng MonsGeek Keyboard System Control"
+    "Hangsheng MonsGeek Keyboard"
+    "HS Galaxy100 Keyboard"
+    # You can usually shorten the name slightly to match the device you want
+  ];
+
+  # Define your remapping configuration using Nix's attribute set format
+  services.xremap.config = {
+    keymap = [
+      {
+        remap = {
+          # Map Alt+C (LeftAlt-C) to Ctrl+C (LeftControl-C)
+          LeftAlt-C = "COPY";
+          LeftAlt-V = "PASTE";
+          LeftAlt-X = "CUT";
+        };
+      }
+    ];
+  };
+}
--- a/systems/x86_64-linux/x1/default.nix
+++ b/systems/x86_64-linux/x1/default.nix
@ -27,11 +27,8 @@ with lib.metacfg;
  sops.age.sshKeyPaths = [ "/var/lib/secrets/ssh_host_ed25519_key" ];
  sops.secrets."wg".sopsFile = ../../../.secrets/x1/files.yaml;
  sops.secrets."wg".mode = "0444";
-  sops.secrets."hosts".sopsFile = ../../../.secrets/x1/files.yaml;
-  sops.secrets."hosts".mode = "0444";

  environment.etc."wg0.backup.conf".source = config.sops.secrets."wg".path;
-  environment.etc."hosts.backup".source = config.sops.secrets."hosts".path;

  services.openssh = {
    enable = true;