diff --git a/t/configuration.nix b/t/configuration.nix index 4ae3daa..d5453b3 100644 --- a/t/configuration.nix +++ b/t/configuration.nix @@ -28,7 +28,7 @@ ./hosts.nix ./firewall.nix #./systemdSystem.nix - ./systemPackages.nix + #./systemPackages.nix ./home-manager.nix ./nodeExporter.nix ./prometheus.nix @@ -78,19 +78,73 @@ # Set your time zone. time.timeZone = "America/Los_Angeles"; - # Enable the X11 windowing system. - services.xserver.enable = true; + # this option doesn't exist + # hardware.graphics.enable = true; - # Enable the GNOME Desktop Environment. - services.xserver.displayManager.gdm.enable = true; - services.xserver.desktopManager.gnome.enable = true; + # Enable OpenGL + hardware.opengl = { + enable = true; + }; + + # https://nixos.wiki/wiki/Nvidia + hardware.nvidia = { + + # Modesetting is required. + modesetting.enable = true; + + # Nvidia power management. Experimental, and can cause sleep/suspend to fail. + # Enable this if you have graphical corruption issues or application crashes after waking + # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead + # of just the bare essentials. + powerManagement.enable = false; + + # Fine-grained power management. Turns off GPU when not in use. + # Experimental and only works on modern Nvidia GPUs (Turing or newer). + powerManagement.finegrained = false; + + # Use the NVidia open source kernel module (not to be confused with the + # independent third-party "nouveau" open source driver). + # Support is limited to the Turing and later architectures. Full list of + # supported GPUs is at: + # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus + # Only available from driver 515.43.04+ + # Currently alpha-quality/buggy, so false is currently the recommended setting. + open = true; + #open = false; + + # Enable the Nvidia settings menu, + # accessible via `nvidia-settings`. + nvidiaSettings = true; + + # Optionally, you may need to select the appropriate driver version for your specific GPU. + # package = config.boot.kernelPackages.nvidiaPackages.stable; + package = config.boot.kernelPackages.nvidiaPackages.stable; + }; - # Configure keymap in X11 services.xserver = { + # Enable the X11 windowing system + enable = true; + # Load nvidia driver for Xorg and Wayland + videoDrivers = ["nvidia-open"]; + # Display Managers are responsible for handling user login + displayManager = { + gdm.enable = true; + }; + # Enable the GNOME Desktop Environment. + desktopManager = { + gnome.enable = true; + plasma5.enable = false; + xterm.enable = false; + }; + # https://discourse.nixos.org/t/help-with-setting-up-a-different-desktop-environment-window-manager/15025/6 + + # Configure keymap in X11 xkb.layout = "us"; xkb.variant = ""; }; + services.udev.packages = [ pkgs.gnome.gnome-settings-daemon ]; + systemd.services.modem-manager.enable = false; systemd.services."dbus-org.freedesktop.ModemManager1".enable = false; @@ -125,8 +179,14 @@ wget tcpdump iproute2 + nftables + iptables + pciutils + usbutils pciutils virt-manager + cudatoolkit + pkgs.gnomeExtensions.appindicator ]; # Some programs need SUID wrappers, can be configured further or are diff --git a/t/home-manager.nix b/t/home-manager.nix index 2e34768..e1f1571 100644 --- a/t/home-manager.nix +++ b/t/home-manager.nix @@ -96,6 +96,10 @@ golangci-lint golangci-lint-langserver trunk-io + # https://github.com/go-delve/delve + delve + # https://github.com/aarzilli/gdlv + gdlv buf buf-language-server # @@ -127,6 +131,8 @@ gnome.gnome-tweaks gnome.simple-scan gnomeExtensions.appindicator + gnomeExtensions.settingscenter + gnomeExtensions.system-monitor gnomeExtensions.dash-to-dock gnomeExtensions.just-perfection gnomeExtensions.logo-menu @@ -146,7 +152,8 @@ hunspell hunspellDicts.en_AU #hunspellDicts.en_US - gnomeExtensions.system-monitor + # + evince # https://nixos.wiki/wiki/Firefox firefox # https://nixos.wiki/wiki/Chromium @@ -280,18 +287,24 @@ font-antialiasing = "grayscale"; font-hinting = "slight"; gtk-theme = "Nordic"; - toolkit-accessibility = true; + # toolkit-accessibility = true; + toolkit-accessibility = false; }; "org/gnome/shell" = { + disable-user-extensions = false; favorite-apps = [ "firefox.desktop" + "google-chrome-stable.desktop" "code.desktop" "chromium.desktop" "alacritty.desktop" "kitty.desktop" "slack.desktop" ]; - disable-user-extensions = false; + enabled-extensions = with pkgs.gnomeExtensions; [ + blur-my-shell.extensionUuid + gsconnect.extensionUuid + ]; }; }; diff --git a/vms/vm3_old_nixos/Makefile b/vms/vm3_old_nixos/Makefile new file mode 100644 index 0000000..1fc124e --- /dev/null +++ b/vms/vm3_old_nixos/Makefile @@ -0,0 +1,27 @@ +# vm: +# nix-build '' -A vm -I nixpkgs=channel:nixos-24.05 -I nixos-config=./configuration.nix + +# # +# buildvm: +# nix run .#nixosConfigurations..config.system.build.vm + +build: + #nixos-rebuild build-vm -I nixpkgs=channel:nixos-24.05 -I nixos-config=./configuration.nix + nixos-rebuild build-vm -I nixos-config=./configuration.nix + +# https://blog.patapon.info/nixos-local-vm/ +run: + QEMU_NET_OPTS=hostfwd=tcp::2223-:22 ./result/bin/run-vm3-vm + +ssh: + ssh root@localhost -p 2223 + +nographics: + QEMU_KERNEL_PARAMS=console=ttyS0 ./result/bin/run-nixos-vm -nographic; reset + +sync: + rsync -e 'ssh -p 2223' -av --exclude 'db' ./Downloads/xtcp/ localhost:/home/das/Downloads/xtcp/ + +# example +# https://github.com/nh2/nixos-vm-examples/blob/master/grub-test-vm/configuration.nix +# https://mattwidmann.net/notes/running-nixos-in-a-vm/ \ No newline at end of file diff --git a/vms/vm3_old_nixos/configuration.nix b/vms/vm3_old_nixos/configuration.nix new file mode 100644 index 0000000..d9fc9d0 --- /dev/null +++ b/vms/vm3_old_nixos/configuration.nix @@ -0,0 +1,149 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page, on +# https://search.nixos.org/options and in the NixOS manual (`nixos-help`). + +{ config, lib, pkgs, ... }: + +{ + imports = + [ + ./hardware-configuration.nix + ./sysctl.nix + ./locale.nix + ./vm3.systemPackages.nix + + ./home-manager.nix + # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/qemu-vm.nix + # + # + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + # https://www.kernel.org/releases.html + #boot.kernelPackages = pkgs.linuxPackages_4_19; # 4.19.319 + #boot.kernelPackages = pkgs.linuxPackages_5_4; # 5.4.281 + #boot.kernelPackages = pkgs.linuxPackages_5_15; # 5.15.164 + #boot.kernelPackages = pkgs.linuxPackages_6_1; # 6.1.103 + #boot.kernelPackages = pkgs.linuxPackages_6_8; # 6.8 + boot.kernelPackages = pkgs.linuxPackages_6_10; # 6.10 + + # boot.kernelPackages = pkgs.linuxPackagesFor (pkgs.linux_4_19.override { + # argsOverride = rec { + # src = pkgs.fetchurl { + # url = "mirror://kernel/linux/kernel/v4.x/linux-${version}.tar.xz"; + # sha256 = "0ibayrvrnw2lw7si78vdqnr20mm1d3z0g6a0ykndvgn5vdax5x9a"; + # }; + # version = "4.19.60"; + # modDirVersion = "4.19.60"; + # }; + # }); + + # nix = { + # gc = { + # automatic = true; # Enable automatic execution of the task + # dates = "weekly"; # Schedule the task to run weekly + # options = "--delete-older-than 10d"; # Specify options for the task: delete files older than 10 days + # randomizedDelaySec = "14m"; # Introduce a randomized delay of up to 14 minutes before executing the task + # }; + # settings = { + # auto-optimise-store = true; + # experimental-features = [ "nix-command" "flakes" ]; + # }; + # }; + + # https://nixos.wiki/wiki/Networking + networking.hostName = "vm3"; + + # networking.hostName = "nixos"; # Define your hostname. + # Pick only one of the below networking options. + # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + # networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. + + # Set your time zone. + # time.timeZone = "Europe/Amsterdam"; + + users.users.root.initialHashedPassword = "$6$7KZXYg2OjRBy/KiC$T22ywYwqDQjqBTHXAnuVZ1Bl9a8osbttmRMpu2DHcRfR1BTl/Xza3WkSn7zij8pkPk5bye1u93gmJgTSeZgBY."; + + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + vim + curl + wget + tcpdump + iproute2 + htop + ]; + + users.users.das = { + isNormalUser = true; + extraGroups = [ "wheel" "docker" ]; + #initialPassword = "test"; + # mkpasswd -m sha-512 + initialHashedPassword = "$6$Cj2ptTRUdahPwOIP$ftQnDDtv.vppfuHFc0V7tsbG5w4wqR04GHRjFUJ48F9stu199iN69xwl/Sm9lGKG50Ieq4uzbA3g/tIEKj9UJ."; + # https://nixos.wiki/wiki/SSH_public_key_authentication + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGMCFUMSCFJX95eLfm7P9r72NBp9I1FiXwNwJ+x/HGPV das@t" + ]; + }; + + # List packages installed in system profile. To search, run: + # $ nix search wget + # environment.systemPackages = with pkgs; [ + # vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + # wget + # ]; + + services.timesyncd.enable = lib.mkDefault true; + + services.openssh.enable = true; + + # Open ports in the firewall. + networking.firewall.allowedTCPPorts = [ 22 ]; + # networking.firewall.allowedTCPPorts = [ ... ]; + # networking.firewall.allowedUDPPorts = [ ... ]; + # Or disable the firewall altogether. + # networking.firewall.enable = false; + + # https://nixos.wiki/wiki/Docker + # https://medium.com/thelinux/how-to-install-the-docker-in-nixos-with-simple-steps-226a7e9ef260 + virtualisation.docker.enable = true; + virtualisation.docker.rootless = { + enable = true; + setSocketVariable = true; + }; + virtualisation.docker.storageDriver = "btrfs"; + # https://www.qemu.org/docs/master/system/i386/microvm.html + #imports = [ ]; + #virtualisation.qemu.options = [ "-M microvm,accel=kvm:tcg,acpi=on,mem-merge=on,pcie=on,pic=off,pit=off,usb=off" ]; + #virtualisation.qemu.options = [ "-M microvm,accel=kvm:tcg,acpi=on,mem-merge=on,pcie=on,pic=off,pit=off" ]; + + + virtualisation.vmVariant = { + virtualisation = { + memorySize = 2048; + cores = 2; + diskSize = 8192; + }; + }; + # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/virtualisation/qemu-vm.nix#L240 + + # virtualisation.forwardPorts = [ + # { from = "host"; host.port = 8122; guest.port = 22; } + # #{ from = "host"; host.port = 8180; guest.port = 80; } + # ]; + + services.qemuGuest.enable = true; + + # https://releases.nixos.org/?prefix=nixos/ + system.stateVersion = "25.05"; + +} + diff --git a/vms/vm3_old_nixos/hardware-configuration.nix b/vms/vm3_old_nixos/hardware-configuration.nix new file mode 100644 index 0000000..30f5bfd --- /dev/null +++ b/vms/vm3_old_nixos/hardware-configuration.nix @@ -0,0 +1,41 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usbhid" "rtsx_pci_sdmmc" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/adb8ae55-949c-44b3-8abe-7584d2194c17"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/A1E4-3942"; + fsType = "vfat"; + options = [ "fmask=0022" "dmask=0022" ]; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/1a243657-4913-4220-94da-7ef97d4c7966"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp2s0f0.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/vms/vm3_old_nixos/home-manager.nix b/vms/vm3_old_nixos/home-manager.nix new file mode 100644 index 0000000..516505a --- /dev/null +++ b/vms/vm3_old_nixos/home-manager.nix @@ -0,0 +1,165 @@ +{ config, pkgs, ... }: + +# sudo cp ./nixos/modules/* /etc/nixos/ +# sudo nixos-rebuild switch + +{ + # https://nix-community.github.io/home-manager/index.xhtml#ch-installation + home-manager.users.das = { pkgs, ... }: { + + # https://nix-community.github.io/home-manager/options.xhtml#opt-home.sessionVariables + home.sessionVariables = { + #GI_TYPELIB_PATH = "/run/current-system/sw/lib/girepository-1.0"; + # disable wayland + #NIXOS_OZONE_WL = "1"; + }; + + home.packages = with pkgs; [ + # + ncdu + # + tmux + screen + # + libgcc + # https://nixos.wiki/wiki/C + # https://search.nixos.org/packages?channel=24.05&show=gcc&from=0&size=50&sort=relevance&type=packages&query=gcc + gcc + automake + gnumake + #cmake + pkg-config + # + # + gawk + jq + git + htop + # + bzip2 + gzip + lz4 + zip + unzip + xz + zstd + # + rsync + tree + # + ethtool + iproute2 + vlan + tcpdump + bpftools + fping + inetutils + # + hwloc + bpftools + # + inotify-tools + # + neofetch + #ffmpeg-full + # go + # https://nixos.wiki/wiki/Go + # https://nixos.org/manual/nixpkgs/stable/#sec-language-go + # https://nixos.wiki/wiki/FAQ#How_can_I_install_a_package_from_unstable_while_remaining_on_the_stable_channel.3F + libcap + gcc + # thunderbird + go + golangci-lint + golangci-lint-langserver + trunk-io + buf + buf-language-server + # + # debug + strace + # + # rust + # https://nixos.wiki/wiki/Rust + pkgs.cargo + pkgs.rustc + # + # https://nixos.wiki/wiki/Podman + dive + podman + runc + skopeo + podman-tui + podman-compose + ]; + + programs.bash.enable = true; + + programs.vim = { + enable = true; + plugins = with pkgs.vimPlugins; [ vim-airline ]; + settings = { ignorecase = true; }; + extraConfig = '' + set mouse=a + ''; + }; + #ldflags = [ + # "-X main.Version=${version}" + # "-X main.Commit=${version}" + #]; + + programs.git = { + enable = true; + userEmail = "dave.seddon.ca@gmail.com"; + userName = "randomizedcoder "; + #signing.key = "GPG-KEY-ID"; + #signing.signByDefault = true; + }; + + home.file."containers.conf" = { + target = ".config/containers/containers.conf"; + # https://docs.podman.io/en/v4.6.0/markdown/options/security-opt.html + # https://github.com/containers/common/blob/main/docs/containers.conf.5.md + text = '' + [containers] + annotations=["run.oci.keep_original_groups=1",] + label=false + #seccomp=unconfined + ''; + }; + home.file."registries.conf" = { + target = ".config/containers/registries.conf"; + text = '' + [registries.search] + registries = ['docker.io'] + ''; + # text = '' + # [registries.search] + # registries = ['docker.io', 'registry.gitlab.com'] + # ''; + }; + home.file."policy.json" = { + target = ".config/containers/policy.json"; + text = '' + { + "default": [ + { + "type": "insecureAcceptAnything" + } + ], + "transports": + { + "docker-daemon": + { + "": [{"type":"insecureAcceptAnything"}] + } + } + } + ''; + }; + + nixpkgs.config.allowUnfree = true; + + home.stateVersion = "24.05"; + }; +} \ No newline at end of file diff --git a/vms/vm3_old_nixos/locale.nix b/vms/vm3_old_nixos/locale.nix new file mode 100644 index 0000000..6a67b6f --- /dev/null +++ b/vms/vm3_old_nixos/locale.nix @@ -0,0 +1,18 @@ +{ config, pkgs, ... }: + +{ + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + + i18n.extraLocaleSettings = { + LC_ADDRESS = "en_US.UTF-8"; + LC_IDENTIFICATION = "en_US.UTF-8"; + LC_MEASUREMENT = "en_US.UTF-8"; + LC_MONETARY = "en_US.UTF-8"; + LC_NAME = "en_US.UTF-8"; + LC_NUMERIC = "en_US.UTF-8"; + LC_PAPER = "en_US.UTF-8"; + LC_TELEPHONE = "en_US.UTF-8"; + LC_TIME = "en_US.UTF-8"; + }; +} \ No newline at end of file diff --git a/vms/vm3_old_nixos/notes b/vms/vm3_old_nixos/notes new file mode 100644 index 0000000..2030b9e --- /dev/null +++ b/vms/vm3_old_nixos/notes @@ -0,0 +1,23 @@ +https://nix.dev/tutorials/nixos/nixos-configuration-on-vm + +nix-shell -I nixpkgs=channel:nixos-24.05 -p "$(cat < { config = {}; overlays = []; }; + iso-config = pkgs.path + /nixos/modules/installer/cd-dvd/installation-cd-minimal.nix; + nixos = pkgs.nixos iso-config; + in nixos.config.system.build.nixos-generate-config +EOF +)" + +nixos-generate-config --dir ./ + +nix-build '' -A vm -I nixpkgs=channel:nixos-24.05 -I nixos-config=./configuration.nix + + + +https://wiki.nixos.org/wiki/Virt-manager +virsh net-autostart default + +https://blog.patapon.info/nixos-local-vm/ + +https://nixos.mayflower.consulting/blog/2018/09/11/custom-images/ \ No newline at end of file diff --git a/vms/vm3_old_nixos/result b/vms/vm3_old_nixos/result new file mode 120000 index 0000000..326c957 --- /dev/null +++ b/vms/vm3_old_nixos/result @@ -0,0 +1 @@ +/nix/store/2ljb142wx9bi57az73ghgq11493f5gxl-nixos-vm \ No newline at end of file diff --git a/vms/vm3_old_nixos/sysctl.nix b/vms/vm3_old_nixos/sysctl.nix new file mode 100644 index 0000000..81afb4e --- /dev/null +++ b/vms/vm3_old_nixos/sysctl.nix @@ -0,0 +1,39 @@ +{ config, pkgs, ... }: + +{ + # https://www.kernel.org/doc/html/latest/networking/ip-sysctl.html + boot.kernel.sysctl = { + # detect dead connections more quickly + "net.ipv4.tcp_keepalive_intvl" = 30; + #net.ipv4.tcp_keepalive_intvl = 75 + "net.ipv4.tcp_keepalive_probes" = 4; + #net.ipv4.tcp_keepalive_probes = 9 + "net.ipv4.tcp_keepalive_time" = 120; + #net.ipv4.tcp_keepalive_time = 7200 + # 30 * 4 = 120 seconds. / 60 = 2 minutes + # default: 75 seconds * 9 = 675 seconds. /60 = 11.25 minutes + "net.ipv4.tcp_rmem" = "4096 1000000 16000000"; + "net.ipv4.tcp_wmem" = "4096 1000000 16000000"; + #net.ipv4.tcp_rmem = 4096 131072 6291456 + #net.ipv4.tcp_wmem = 4096 16384 4194304 + # enable Enable reuse of TIME-WAIT sockets globally + "net.ipv4.tcp_tw_reuse" = 1; + #net.ipv4.tcp_tw_reuse=2 + "net.ipv4.tcp_timestamps" = 1; + "net.ipv4.tcp_ecn" = 1; + "net.core.default_qdisc" = "fq_codel"; + "net.ipv4.tcp_congestion_control" = "cubic"; + #net.ipv4.tcp_congestion_control=bbr + "net.core.rmem_default" = 26214400; + "net.core.rmem_max" = 26214400; + "net.core.wmem_default" = 26214400; + "net.core.wmem_max" = 26214400; + #net.core.optmem_max = 20480 + #net.core.rmem_default = 212992 + #net.core.rmem_max = 212992 + #net.core.wmem_default = 212992 + #net.core.wmem_max = 212992 + "net.ipv4.ip_local_port_range" = "1025 65535"; + #net.ipv4.ip_local_port_range ="32768 60999" + }; +} \ No newline at end of file diff --git a/vms/vm3_old_nixos/vm3.qcow2 b/vms/vm3_old_nixos/vm3.qcow2 new file mode 100644 index 0000000..90570e1 Binary files /dev/null and b/vms/vm3_old_nixos/vm3.qcow2 differ diff --git a/vms/vm3_old_nixos/vm3.systemPackages.nix b/vms/vm3_old_nixos/vm3.systemPackages.nix new file mode 100644 index 0000000..e0a63e9 --- /dev/null +++ b/vms/vm3_old_nixos/vm3.systemPackages.nix @@ -0,0 +1,19 @@ +{ config, pkgs, ... }: + +{ + # Allow unfree packages + nixpkgs.config.allowUnfree = true; + # $ nix search wget + environment.systemPackages = with pkgs; [ + psmisc + vim + curl + tcpdump + iproute2 + nftables + pciutils + lldpd + #snmp seems to be needed by lldpd + net-snmp + ]; +} \ No newline at end of file