gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

Refactor, mumble domain change, sway changes

Browse source
This commit is contained in:
kat witch 2021-03-24 16:51:48 +00:00
parent 22cf8ab600
commit 1de1018c02
No known key found for this signature in database
GPG key ID: 1B477797DCA5EC72
113 changed files with 53 additions and 46 deletions
Download patch file Download diff file Expand all files Collapse all files

1
hosts/athame/home/default.nix Normal file
View file

@ -0,0 +1 @@
{ ... }: { }

51
hosts/athame/nixos/default.nix Normal file
View file

@ -0,0 +1,51 @@
{ config, pkgs, ... }:
{
imports = [
./hw.nix
# host-specific services
./postgres.nix
./virtualhosts.nix
./fail2ban.nix
# services
../../../services/nginx.nix
../../../services/mail.nix
../../../services/asterisk.nix
../../../services/gitea.nix
../../../services/syncplay.nix
../../../services/bitwarden.nix
../../../services/taskserver.nix
../../../services/murmur.nix
../../../services/znc.nix
../../../services/matrix.nix
];
deploy.profiles = [ "kat" ];
deploy.ssh.host = "athame.kittywit.ch";
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/sda";
networking = {
hostName = "athame";
domain = "kittywit.ch";
hostId = "7b0ac74e";
useDHCP = false;
interfaces.enp1s0.useDHCP = true;
};
networking.firewall.allowedTCPPorts =
[ 80 443 5160 5060 8999 64738 1935 53589 5001 ];
networking.firewall.allowedUDPPorts = [ 5160 5060 64738 ];
networking.firewall.allowedTCPPortRanges = [{
from = 10000;
to = 20000;
}];
networking.firewall.allowedUDPPortRanges = [{
from = 10000;
to = 20000;
}];
system.stateVersion = "20.09";
}

84
hosts/athame/nixos/fail2ban.nix Normal file
View file

@ -0,0 +1,84 @@
{ config, pkgs, ... }:
{
services.fail2ban = {
enable = true;
jails = {
DEFAULT = ''
bantime = 1d
blocktype = DROP
logpath = /var/log/auth.log
'';
asterisk = ''
enabled = true
filter = asterisk
action = iptables-allports[name=ASTERISK, protocol=all]
logpath = /var/log/asterisk/messages
maxretry = 4
'';
ssh = ''
enabled = true
filter = sshd
maxretry = 4
action = iptables[name=SSH, port=ssh, protocol=tcp]
'';
sshd-ddos = ''
enabled = true
filter = sshd-ddos
maxretry = 4
action = iptables[name=ssh, port=ssh, protocol=tcp]
'';
postfix = ''
enabled = true
filter = postfix
maxretry = 3
action = iptables[name=postfix, port=smtp, protocol=tcp]
'';
postfix-sasl = ''
enabled = true
filter = postfix-sasl
port = postfix,imap3,imaps,pop3,pop3s
maxretry = 3
action = iptables[name=postfix, port=smtp, protocol=tcp]
'';
postfix-ddos = ''
enabled = true
filter = postfix-ddos
maxretry = 3
action = iptables[name=postfix, port=submission, protocol=tcp]
bantime = 7200
'';
};
};
environment.etc."fail2ban/filter.d/postfix-sasl.conf" = {
enable = true;
text = ''
# Fail2Ban filter for postfix authentication failures
[INCLUDES]
before = common.conf
[Definition]
daemon = postfix/smtpd
failregex = ^%(__prefix_line)swarning: [-._\w]+\[<HOST>\]: SASL (?:LOGIN|PLAIN|(?:CRAM|DIGEST)-MD5) authentication failed(: [ A-Za-z0-9+/]*={0,2})?\s*$
'';
};
environment.etc."fail2ban/filter.d/postfix-ddos.conf" = {
enable = true;
text = ''
[Definition]
failregex = lost connection after EHLO from \S+\[<HOST>\]
'';
};
environment.etc."fail2ban/filter.d/sshd-ddos.conf" = {
enable = true;
text = ''
[Definition]
failregex = sshd(?:\[\d+\])?: Did not receive identification string from <HOST>$
ignoreregex =
'';
};
systemd.services.fail2ban.serviceConfig.LimitSTACK = 128 * 1024;
}

21
hosts/athame/nixos/hw.nix Normal file
View file

@ -0,0 +1,21 @@
{ config, lib, pkgs, ... }:
{
imports = [ <nixpkgs/nixos/modules/profiles/qemu-guest.nix> ];
boot.initrd.availableKernelModules =
[ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/126049c0-34bd-4d96-a8db-276c5d172abe";
fsType = "ext4";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/1f19daed-1c51-4b14-bfe8-bd7ea075ed96"; }];
nix.maxJobs = lib.mkDefault 3;
}

17
hosts/athame/nixos/postgres.nix Normal file
View file

@ -0,0 +1,17 @@
{ config, pkgs, ... }:
{
services.postgresql.enable = true;
services.postgresql.initialScript = pkgs.writeText "synapse-init.sql" ''
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
TEMPLATE template0
LC_COLLATE = "C"
LC_CTYPE = "C";
'';
services.postgresql.ensureDatabases = [ "nextcloud" ];
services.postgresql.ensureUsers = [{
name = "nextcloud";
ensurePermissions."DATABASE nextcloud" = "ALL PRIVILEGES";
}];
}

13
hosts/athame/nixos/virtualhosts.nix Normal file
View file

@ -0,0 +1,13 @@
{ config, pkgs, witch, ... }:
let
common = {
enableACME = true;
forceSSL = true;
};
in {
services.nginx.virtualHosts = {
"kittywit.ch" = { root = "/var/www/kittywitch"; } // common;
"athame.kittywit.ch" = { root = "/var/www/athame"; } // common;
} // witch.secrets.virtualHosts.athame;
}

1
hosts/boline/home/default.nix Normal file
View file

@ -0,0 +1 @@
{ ... }: { }

29
hosts/boline/nixos/default.nix Normal file
View file

@ -0,0 +1,29 @@
{ config, pkgs, ... }:
{
imports = [ ./hw.nix ../../../services/nginx.nix ];
deploy.profiles = [ "kat" ];
deploy.ssh.host = "boline.kittywit.ch";
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/vda";
networking = {
hostName = "boline";
domain = "kittywit.ch";
hostId = "0417b551";
useDHCP = false;
interfaces.ens3.ipv4.addresses = [{
address = "104.244.73.10";
prefixLength = 24;
}];
defaultGateway = "104.244.73.1";
nameservers = [ "1.1.1.1" ];
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
system.stateVersion = "20.09";
}

20
hosts/boline/nixos/hw.nix Normal file
View file

@ -0,0 +1,20 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules =
[ "ata_piix" "uhci_hcd" "virtio_pci" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "/dev/disk/by-uuid/e0a9f76a-5eed-4dd3-a5a6-a93006f7d526";
fsType = "ext4";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/cf122d6d-eca9-44f5-b655-85aaf5b2e6af"; }];
}

1
hosts/samhain/home/default.nix Normal file
View file

@ -0,0 +1 @@
{ ... }: { }

41
hosts/samhain/nixos/default.nix Normal file
View file

@ -0,0 +1,41 @@
{ config, pkgs, lib, sources, witch, ... }:
{
imports = [
./hw.nix
../../../services/zfs.nix
../../../services/nginx.nix
./thermal
./vm
./torrenting.nix
];
deploy.profiles = [ "gui" "sway" "kat" "private" ];
deploy.groups = [ "gui" ];
deploy.ssh.host = "192.168.1.135";
# graphics tablet
services.xserver.wacom.enable = true;
# other stuffs
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.supportedFilesystems = [ "zfs" "xfs" ];
networking.hostName = "samhain";
networking.hostId = "617050fc";
networking.useDHCP = false;
networking.interfaces.enp34s0.useDHCP = true;
networking.firewall.allowPing = true;
networking.firewall.allowedTCPPorts =
[ 80 445 139 9091 5000 32101 ]; # smb transmission mkchromecast
networking.firewall.allowedUDPPorts = [ 137 138 4010 ]; # smb scream
networking.firewall.allowedUDPPortRanges = [{
from = 32768;
to = 60999;
} # dnla
];
services.avahi.enable = true;
system.stateVersion = "20.09";
}

56
hosts/samhain/nixos/hw.nix Normal file
View file

@ -0,0 +1,56 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" "nct6775" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "rpool/safe/root";
fsType = "zfs";
};
fileSystems."/nix" = {
device = "rpool/local/nix";
fsType = "zfs";
};
fileSystems."/home" = {
device = "rpool/safe/home";
fsType = "zfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/AED6-D0D1";
fsType = "vfat";
};
fileSystems."/disks/excess" = {
device = "/dev/disk/by-uuid/0af88a48-ccfd-4e54-9652-a5ae7f74e21d";
fsType = "xfs";
};
fileSystems."/disks/pool-raw" = {
device = "zstore/raw";
fsType = "zfs";
};
fileSystems."/disks/pool-compress" = {
device = "zstore/compress";
fsType = "zfs";
};
fileSystems."/disks/pool-protect" = {
device = "zstore/protect";
fsType = "zfs";
};
swapDevices = [
{ device = "/dev/disk/by-uuid/89831a0f-93e6-4d30-85e4-09061259f140"; }
{ device = "/dev/disk/by-uuid/8f944315-fe1c-4095-90ce-50af03dd5e3f"; }
];
}

39
hosts/samhain/nixos/thermal/default.nix Normal file
View file

@ -0,0 +1,39 @@
{ config, pkgs, ... }:
{
boot.kernelParams = [ "amdgpu.ppfeaturemask=0xffffffff" ];
powerManagement = {
enable = true;
cpuFreqGovernor = "conservative";
};
systemd = {
services = {
kaede-thermals = {
wantedBy = [ "multi-user.target" ];
path = [ pkgs.bash pkgs.coreutils-full pkgs.gawk ];
serviceConfig = {
RemainAfterExit = "no";
Type = "simple";
ExecStart = "${pkgs.runtimeShell} ${./kaede-thermals.sh} start";
ExecStop = "${pkgs.runtimeShell} ${./kaede-thermals.sh} stop";
User = "root";
};
};
kaede-power = {
wantedBy = [ "multi-user.target" ];
path = [ pkgs.bash pkgs.linuxPackages.cpupower ];
serviceConfig = {
RemainAfterExit = "yes";
Type = "oneshot";
ExecStart = "${pkgs.runtimeShell} ${./kaede-power.sh} start";
ExecStop = "${pkgs.runtimeShell} ${./kaede-power.sh} stop";
User = "root";
};
};
};
};
services.thermald = {
enable = true;
configFile = "${./kaede-thermald.xml}";
};
}

65
hosts/samhain/nixos/thermal/kaede-power.sh Normal file
View file

@ -0,0 +1,65 @@
#!/usr/bin/env bash
################################################################################
# Written by Kaede Fox <kaede@boxedfox.org>
##########
# Default governor, currently required to be "conservative".
METHOD=conservative
# Configuration parameters.
SCALE_UP=40
SCALE_DOWN=30
SCALE_STEP=1
SAMPLING_RATE=10000
SAMPLING_FACTOR=10
NO_NICE=1
##########
script_name=`basename $0`
case "$1" in
"start")
modprobe cpufreq_conservative
modprobe cpufreq_ondemand
# This also needs to be loaded, in case the service is stopped later
# we can fall back to it.
modprobe cpufreq_performance
# The governor must be selected for its relevant configuration entries
# to appear in sysfs.
cpupower frequency-set -g $METHOD
sleep .5s
CONFIG=/sys/devices/system/cpu/cpufreq/$METHOD
chmod $CONFIG 644
echo $SCALE_UP > $CONFIG/up_threshold
echo $SCALE_DOWN > $CONFIG/down_threshold
echo $SCALE_STEP > $CONFIG/freq_step
echo $SAMPLING_RATE > $CONFIG/sampling_rate
echo $SAMPLING_FACTOR > $CONFIG/sampling_down_factor
echo $NO_NICE > $CONFIG/ignore_nice_load
sleep .5s
# Force reload all configuration.
cpupower frequency-set -g $METHOD
echo "enabled cpupower"
echo "loaded ${script_name}"
;;
"stop")
cpupower frequency-set -g performance &&
echo "disabled cpupower" &
wait
sleep .5s
modprobe -r cpufreq_conservative
modprobe -r cpufreq_ondemand
echo "unloaded ${script_name}"
;;
*)
echo "Usage: ${script_name} (start | stop)"
exit 1
;;
esac

308
hosts/samhain/nixos/thermal/kaede-thermald.xml Normal file
View file

@ -0,0 +1,308 @@
<?xml version="1.0"?>
<!--
use "man thermal-conf.xml" for details
-->
<!-- BEGIN -->
<ThermalConfiguration>
<Platform>
<Name>AMD Ryzen 5 3600 6-Core Processor</Name>
<ProductName>*</ProductName>
<UUID>*</UUID>
<Preference>quiet</Preference>
<ThermalSensors>
<ThermalSensor>
<!--CPU sensor on die -->
<Type>CPU_TEMP_CORE</Type>
<Path>/var/cache/kaede-thermals/cpu_core_temp</Path>
<AsyncCapable>1</AsyncCapable>
</ThermalSensor>
<ThermalSensor>
<!-- GPU sensor -->
<Type>GPU_TEMP</Type>
<Path>/var/cache/kaede-thermals/gpu_temp</Path>
<AsyncCapable>1</AsyncCapable>
</ThermalSensor>
</ThermalSensors>
<ThermalZones>
<ThermalZone>
<Type>CPU_CTRL</Type>
<TripPoints>
<!-- CPU PASSIVE CONTROL -->
<!-- Ideal temp: 70-75*C, Max temp: 95*C -->
<TripPoint>
<SensorType>CPU_TEMP_CORE</SensorType>
<Temperature>65000</Temperature>
<Type>passive</Type>
<ControlType>parallel</ControlType>
<CoolingDevice>
<index>1</index>
<type>CPU_FREQ0</type>
<influence>100</influence>
<SamplingPeriod>1</SamplingPeriod>
</CoolingDevice>
<CoolingDevice>
<index>2</index>
<type>CPU_FREQ1</type>
<influence>100</influence>
<SamplingPeriod>1</SamplingPeriod>
</CoolingDevice>
<CoolingDevice>
<index>3</index>
<type>CPU_FREQ2</type>
<influence>100</influence>
<SamplingPeriod>1</SamplingPeriod>
</CoolingDevice>
<CoolingDevice>
<index>4</index>
<type>CPU_FREQ3</type>
<influence>100</influence>
<SamplingPeriod>1</SamplingPeriod>
</CoolingDevice>
<CoolingDevice>
<index>5</index>
<type>CPU_FREQ4</type>
<influence>100</influence>
<SamplingPeriod>1</SamplingPeriod>
</CoolingDevice>
<CoolingDevice>
<index>6</index>
<type>CPU_FREQ5</type>
<influence>100</influence>
<SamplingPeriod>1</SamplingPeriod>
</CoolingDevice>
<CoolingDevice>
<index>7</index>
<type>CPU_FREQ6</type>
<influence>100</influence>
<SamplingPeriod>1</SamplingPeriod>
</CoolingDevice>
<CoolingDevice>
<index>8</index>
<type>CPU_FREQ7</type>
<influence>100</influence>
<SamplingPeriod>1</SamplingPeriod>
</CoolingDevice>
<CoolingDevice>
<index>9</index>
<type>CPU_FREQ8</type>
<influence>100</influence>
<SamplingPeriod>1</SamplingPeriod>
</CoolingDevice>
<CoolingDevice>
<index>10</index>
<type>CPU_FREQ9</type>
<influence>100</influence>
<SamplingPeriod>1</SamplingPeriod>
</CoolingDevice>
<CoolingDevice>
<index>11</index>
<type>CPU_FREQ10</type>
<influence>100</influence>
<SamplingPeriod>1</SamplingPeriod>
</CoolingDevice>
<CoolingDevice>
<index>12</index>
<type>CPU_FREQ11</type>
<influence>100</influence>
<SamplingPeriod>1</SamplingPeriod>
</CoolingDevice>
</TripPoint>
<!-- EMERGENCY THROTTLING. -->
<!-- HOT means suspend the system. -->
<!-- CRITICAL means turn off the system. -->
<TripPoint>
<SensorType>CPU_TEMP_CORE</SensorType>
<Temperature>85000</Temperature>
<Type>hot</Type>
</TripPoint>
<TripPoint>
<SensorType>CPU_TEMP_CORE</SensorType>
<Temperature>90000</Temperature>
<Type>critical</Type>
</TripPoint>
</TripPoints>
</ThermalZone>
<ThermalZone>
<Type>GPU_CTRL</Type>
<TripPoints>
<!-- GPU PASSIVE CONTROL -->
<!-- Ideal temp: 70-75*C, Max temp: 90*C -->
<TripPoint>
<SensorType>GPU_TEMP</SensorType>
<Temperature>70000</Temperature>
<Type>passive</Type>
<ControlType>parallel</ControlType>
<CoolingDevice>
<index>1</index>
<type>GPU_FREQ_CORE</type>
<influence>50</influence>
<SamplingPeriod>1</SamplingPeriod>
</CoolingDevice>
<CoolingDevice>
<index>2</index>
<type>GPU_FREQ_MEM</type>
<influence>50</influence>
<SamplingPeriod>1</SamplingPeriod>
</CoolingDevice>
</TripPoint>
</TripPoints>
</ThermalZone>
</ThermalZones>
<CoolingDevices>
<!-- CPU frequency scaling. -->
<!-- This allows finer control of the CPU scaling in comparison to -->
<!-- thermald's built in 'cpufreq' driver. -->
<CoolingDevice>
<Type>CPU_FREQ0</Type>
<Path>/sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq</Path>
<MinState>3600000</MinState>
<MaxState>2200000</MaxState>
<IncDecStep>-100000</IncDecStep>
<ReadBack>1</ReadBack>
<AutoOffMode>1</AutoOffMode>
<DebouncePeriod>10</DebouncePeriod>
</CoolingDevice>
<CoolingDevice>
<Type>CPU_FREQ1</Type>
<Path>/sys/devices/system/cpu/cpu1/cpufreq/scaling_max_freq</Path>
<MinState>3600000</MinState>
<MaxState>2200000</MaxState>
<IncDecStep>-100000</IncDecStep>
<ReadBack>1</ReadBack>
<AutoOffMode>1</AutoOffMode>
<DebouncePeriod>10</DebouncePeriod>
</CoolingDevice>
<CoolingDevice>
<Type>CPU_FREQ2</Type>
<Path>/sys/devices/system/cpu/cpu2/cpufreq/scaling_max_freq</Path>
<MinState>3600000</MinState>
<MaxState>2200000</MaxState>
<IncDecStep>-100000</IncDecStep>
<ReadBack>1</ReadBack>
<AutoOffMode>1</AutoOffMode>
<DebouncePeriod>10</DebouncePeriod>
</CoolingDevice>
<CoolingDevice>
<Type>CPU_FREQ3</Type>
<Path>/sys/devices/system/cpu/cpu3/cpufreq/scaling_max_freq</Path>
<MinState>3600000</MinState>
<MaxState>2200000</MaxState>
<IncDecStep>-100000</IncDecStep>
<ReadBack>1</ReadBack>
<AutoOffMode>1</AutoOffMode>
<DebouncePeriod>10</DebouncePeriod>
</CoolingDevice>
<CoolingDevice>
<Type>CPU_FREQ4</Type>
<Path>/sys/devices/system/cpu/cpu4/cpufreq/scaling_max_freq</Path>
<MinState>3600000</MinState>
<MaxState>2200000</MaxState>
<IncDecStep>-100000</IncDecStep>
<ReadBack>1</ReadBack>
<AutoOffMode>1</AutoOffMode>
<DebouncePeriod>10</DebouncePeriod>
</CoolingDevice>
<CoolingDevice>
<Type>CPU_FREQ5</Type>
<Path>/sys/devices/system/cpu/cpu5/cpufreq/scaling_max_freq</Path>
<MinState>3600000</MinState>
<MaxState>2200000</MaxState>
<IncDecStep>-100000</IncDecStep>
<ReadBack>1</ReadBack>
<AutoOffMode>1</AutoOffMode>
<DebouncePeriod>10</DebouncePeriod>
</CoolingDevice>
<CoolingDevice>
<Type>CPU_FREQ6</Type>
<Path>/sys/devices/system/cpu/cpu6/cpufreq/scaling_max_freq</Path>
<MinState>3600000</MinState>
<MaxState>2200000</MaxState>
<IncDecStep>-100000</IncDecStep>
<ReadBack>1</ReadBack>
<AutoOffMode>1</AutoOffMode>
<DebouncePeriod>10</DebouncePeriod>
</CoolingDevice>
<CoolingDevice>
<Type>CPU_FREQ7</Type>
<Path>/sys/devices/system/cpu/cpu7/cpufreq/scaling_max_freq</Path>
<MinState>3600000</MinState>
<MaxState>2200000</MaxState>
<IncDecStep>-100000</IncDecStep>
<ReadBack>1</ReadBack>
<AutoOffMode>1</AutoOffMode>
<DebouncePeriod>10</DebouncePeriod>
</CoolingDevice>
<CoolingDevice>
<Type>CPU_FREQ8</Type>
<Path>/sys/devices/system/cpu/cpu8/cpufreq/scaling_max_freq</Path>
<MinState>3600000</MinState>
<MaxState>2200000</MaxState>
<IncDecStep>-100000</IncDecStep>
<ReadBack>1</ReadBack>
<AutoOffMode>1</AutoOffMode>
<DebouncePeriod>10</DebouncePeriod>
</CoolingDevice>
<CoolingDevice>
<Type>CPU_FREQ9</Type>
<Path>/sys/devices/system/cpu/cpu9/cpufreq/scaling_max_freq</Path>
<MinState>3600000</MinState>
<MaxState>2200000</MaxState>
<IncDecStep>-100000</IncDecStep>
<ReadBack>1</ReadBack>
<AutoOffMode>1</AutoOffMode>
<DebouncePeriod>10</DebouncePeriod>
</CoolingDevice>
<CoolingDevice>
<Type>CPU_FREQ10</Type>
<Path>/sys/devices/system/cpu/cpu10/cpufreq/scaling_max_freq</Path>
<MinState>3600000</MinState>
<MaxState>2200000</MaxState>
<IncDecStep>-100000</IncDecStep>
<ReadBack>1</ReadBack>
<AutoOffMode>1</AutoOffMode>
<DebouncePeriod>10</DebouncePeriod>
</CoolingDevice>
<CoolingDevice>
<Type>CPU_FREQ11</Type>
<Path>/sys/devices/system/cpu/cpu7/cpufreq/scaling_max_freq</Path>
<MinState>3600000</MinState>
<MaxState>2200000</MaxState>
<IncDecStep>-100000</IncDecStep>
<ReadBack>1</ReadBack>
<AutoOffMode>1</AutoOffMode>
<DebouncePeriod>10</DebouncePeriod>
</CoolingDevice>
<!-- GPU frequency scaling. -->
<!-- This is read by a custom service and translated into the format
expected by the video driver. -->
<CoolingDevice>
<Type>GPU_FREQ_CORE</Type>
<Path>/var/cache/kaede-thermals/gpu_power_core</Path>
<MinState>255</MinState>
<MaxState>0</MaxState>
<IncDecStep>-5</IncDecStep>
<!-- Make sure ReadBack is disabled as our servive needs to
reset the value periodically. -->
<ReadBack>0</ReadBack>
<AutoOffMode>1</AutoOffMode>
<DebouncePeriod>10</DebouncePeriod>
<!-- As negative values are possible and have special meaning,
leave room for the sign. -->
<WritePrefix> </WritePrefix>
</CoolingDevice>
<CoolingDevice>
<Type>GPU_FREQ_MEM</Type>
<Path>/var/cache/kaede-thermals/gpu_power_mem</Path>
<MinState>255</MinState>
<MaxState>0</MaxState>
<IncDecStep>-5</IncDecStep>
<ReadBack>0</ReadBack>
<AutoOffMode>1</AutoOffMode>
<DebouncePeriod>10</DebouncePeriod>
<WritePrefix> </WritePrefix>
</CoolingDevice>
</CoolingDevices>
</Platform>
</ThermalConfiguration>

157
hosts/samhain/nixos/thermal/kaede-thermals.sh Normal file
View file

@ -0,0 +1,157 @@
#!/usr/bin/env bash
################################################################################
# Written by Kaede Fox <kaede@boxedfox.org>
##########
# thermald can't handle hwmon* moving around, so we use symlinks to resolve
# dynamic paths to static paths.
THERMAL_PATH="/var/cache/kaede-thermals"
# CPU sensor paths.
CPU_SENSOR_CORE="/sys/devices/pci0000:00/0000:00:18.3/hwmon/hwmon*/temp1_input"
#CPU_SENSOR_SOCKET="/sys/devices/platform/nct6775.656/hwmon/hwmon*/temp2_input"
# GPU control and sensor paths (using amdgpu).
GPU_CONTROL="/sys/class/drm/card0/device/"
GPU_SENSOR="/sys/class/drm/card0/device/hwmon/hwmon*/temp1_input"
# WARNING: MAKE ABSOLUTELY SURE THESE ARE THE PERFORMANCE STATES AND NOT THE
# ACTUAL CORE/MEM CLOCKS OR WE COULD DAMAGE THE HARDWARE.
GPUCTRL_CORECLK="${GPU_CONTROL}/pp_dpm_sclk"
GPUCTRL_MEMCLK="${GPU_CONTROL}/pp_dpm_mclk"
# How often to resolve paths (in seconds). Changes are extremely rare, but they
# can occur even while the system is booted.
INTERVAL='300'
# How often to update GPU power settings from thermald.
TIMESLICE='1'
# Formatter used to round floats to integers via printf.
float_to_int='%'\''.0f'
##########
script_name=`basename $0`
# Our simple path resolver subroutine, which uses ls to replace hwmon* with
# whichever hwmon is currently active.
sub_resolve_paths() {
ln -s -f "`ls $CPU_SENSOR_CORE`" "./cpu_core_temp"
# ln -s -f "`ls $CPU_SENSOR_SOCKET`" "./cpu_socket_temp"
ln -s -f "`ls $GPU_SENSOR`" "./gpu_temp"
}
case "$1" in
"start")
echo "loaded ${script_name}"
mkdir -p "$THERMAL_PATH" 2>/dev/null
cd "$THERMAL_PATH"
# Switch the video driver into manual control mode for
# performance levels.
echo "manual" >${GPU_CONTROL}/power_dpm_force_performance_level
echo "enabled gpupower"
# Immediately resolve paths at startup.
sub_resolve_paths
# Followed by starting thermald in case the paths didn't
# exist, which would've made it fail to start.
sleep .5s
systemctl start thermald
# thermald will create these files with the wrong permissions.
rm "./gpu_power_core"; printf "%d\n" '-1'>./gpu_power_core
rm "./gpu_power_mem"; printf "%d\n" '-1'>./gpu_power_mem
# Enter service mode.
slice_counter='0'
while true; do
# Execute a timeslice. Paths are updated every time the
# counter wraps around.
slice_counter=$((slice_counter + TIMESLICE))
if [ "$slice_counter" -ge "$INTERVAL" ]; then
#printf "DEBUG: *** Updating paths after %d seconds ***\n" "$slice_counter"
slice_counter=$((slice_counter - INTERVAL))
# Resolve paths.
sub_resolve_paths
fi
# Read GPU thermal settings from thermald and apply
# them to the driver via sysfs.
#
# The core and memory clock lists are highly specific
# to the hardware, and need updating if the video card
# is ever changed.
#
gpu_power_core="`cat ./gpu_power_core`"
gpu_power_mem="`cat ./gpu_power_mem`"
if [ -z "$gpu_power_core" ]; then gpu_power_core='-1'; fi
if [ -z "$gpu_power_mem" ]; then gpu_power_mem='-1'; fi
# Check if we need to update the core clock.
if [ "$gpu_power_core" -ge '0' ]; then
#printf "DEBUG: *** Updating GPU core clock ***\n"
printf "%d\n" '-1'>./gpu_power_core
printf "$gpu_power_core\n">./gpu_power_core_cached
core_count_f="$(echo "$gpu_power_core" | awk '{ x=(($1/255.0)*(7-1))+1; printf("%f",x) }')"
core_count="$(printf "$float_to_int" "$core_count_f")"
if [ "$core_count" -lt '1' ]; then core_count='1'; fi
if [ "$core_count" -gt '7' ]; then core_count='7'; fi
gpu_list_core="1"
for ((i=2; i<=core_count; i++)); do
gpu_list_core="$gpu_list_core $i"; done
echo "$gpu_list_core" >${GPUCTRL_CORECLK}
#echo "dbg: gpu_power_core: $gpu_power_core"
#echo "dbg: core_count_f: $core_count_f, core_count: $core_count"
#echo "dbg: gpu_list_core: $gpu_list_core"
fi
# Check if we need to update the memory clock.
if [ "$gpu_power_mem" -ge '0' ]; then
#printf "DEBUG: *** Updating GPU memory clock ***\n"
printf "%d\n" '-1'>./gpu_power_mem
printf "$gpu_power_mem\n">./gpu_power_mem_cached
mem_count_f="$(echo "$gpu_power_mem" | awk '{ x=(($1/255.0)*(3-1))+1; printf("%f",x) }')"
mem_count="$(printf "$float_to_int" "$mem_count_f")"
if [ "$mem_count" -lt '1' ]; then mem_count='1'; fi
if [ "$mem_count" -gt '3' ]; then mem_count='3'; fi
gpu_list_mem="1"
for ((i=2; i<=mem_count; i++)); do
gpu_list_mem="$gpu_list_mem $i"; done
echo "$gpu_list_mem" >${GPUCTRL_MEMCLK}
#echo "dbg: gpu_power_mem: $gpu_power_mem"
#echo "dbg: mem_count_f: $mem_count_f, mem_count: $mem_count"
#echo "dbg: gpu_list_mem: $gpu_list_mem"
fi
# Sleep until the next cycle.
sleep "${TIMESLICE}s"
done
;;
"stop")
# Reset all performance level tunings.
echo "1 2 3 4 5 6 7" >${GPUCTRL_CORECLK}
echo "1 2 3" >${GPUCTRL_MEMCLK}
# Switch the video driver into automatic control mode for
# performance levels.
echo "auto" >${GPU_CONTROL}/power_dpm_force_performance_level
echo "disabled gpupower"
sleep .5s
echo "unloaded ${script_name}"
;;
*)
echo "Usage: ${script_name} (start | stop)"
exit 1
;;
esac

86
hosts/samhain/nixos/torrenting.nix Normal file
View file

@ -0,0 +1,86 @@
{ config, lib, pkgs, ... }:
{
services.transmission = let
transmission-done-script = pkgs.writeScriptBin "script" ''
#!${pkgs.bash}/bin/bash
set -e
if [ "$TR_TORRENT_DIR"/"$TR_TORRENT_NAME" != "/" ]; then
cd "$TR_TORRENT_DIR"/"$TR_TORRENT_NAME"
if [ ! -z "*.rar" ]; then
${pkgs.unrar}/bin/unrar x "*.rar"
fi
chmod ugo=rwX .
fi'';
in {
enable = true;
home = "/disks/pool-raw/transmission";
downloadDirPermissions = "777";
settings = {
download-dir = "/disks/pool-raw/media/unsorted";
incomplete-dir = "/disks/pool-raw/media/.incomplete";
incomplete-dir-enabled = true;
rpc-bind-address = "0.0.0.0";
rpc-whitelist = "127.0.0.1,192.168.1.*,192.168.122.*";
script-torrent-done-enabled = true;
dht-enabled = true;
pex-enabled = true;
script-torrent-done-filename = "${transmission-done-script}/bin/script";
umask = 0;
};
};
services.samba = {
enable = true;
securityType = "user";
extraConfig = ''
workgroup = WORKGROUP
server string = samhain
netbios name = samhain
security = user
#use sendfile = yes
#max protocol = smb2
hosts allow = 192.168.1. 192.168.122. localhost
hosts deny = 0.0.0.0/0
guest account = nobody
map to guest = bad user
'';
shares = {
shared = {
path = "/home/kat/shared";
browseable = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "kat";
"force group" = "users";
};
media = {
path = "/disks/pool-raw/media";
browseable = "yes";
"read only" = "no";
"guest ok" = "yes";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "transmission";
"force group" = "transmission";
};
};
};
services.nginx.virtualHosts = {
"192.168.1.135" = {
locations."/share/" = {
alias = "/disks/pool-raw/media/";
extraConfig = "autoindex on;";
};
};
"100.103.111.44" = {
locations."/share/" = {
alias = "/disks/pool-raw/media/";
extraConfig = "autoindex on;";
};
};
};
}

118
hosts/samhain/nixos/vm/default.nix Normal file
View file

@ -0,0 +1,118 @@
{ config, pkgs, lib, sources, witch, ... }:
{
# libvirtd is used for our virtual machine
virtualisation.libvirtd = {
enable = true;
qemuOvmf = true;
qemuRunAsRoot = false;
onBoot = "ignore";
onShutdown = "shutdown";
};
# required for guest reboots with the 580
boot.extraModulePackages = [
(pkgs.linuxPackagesFor config.boot.kernelPackages.kernel).vendor-reset
]; # required groups for various intentions
users.users.kat.extraGroups = [ "libvirtd" "input" "qemu-libvirtd" ];
# video=efifb:off allows the 580 to be passed through regardless of being the boot display and allows the 560 to act as a console device
# pci=noats means that it doesn't kernel panic on my specific configuration
boot.kernelParams = [
"amd_iommu=on"
"pci=noats"
"video=efifb:off"
]; # eventually switch to vfio-pci.ids to replace the boot.initrd.preDeviceCommands block
boot.initrd.availableKernelModules =
[ "amdgpu" "vfio-pci" ]; # vfio-pci is required for pci passthrough
boot.kernelModules =
[ "i2c-dev" "kvm-amd" ]; # i2c-dev is required for DDC/CI for screenstub
# this section makes vfio-pci be injected as the driver for the 580 and its audio thingy
# it should be replaced as mentioned with vfio-pci.ids
# the script provided: https://alexbakker.me/post/nixos-pci-passthrough-qemu-vfio.html can be used to find iommu groups
boot.initrd.preDeviceCommands = ''
DEVS="0000:26:00.0 0000:26:00.1"
for DEV in $DEVS; do
echo "vfio-pci" > /sys/bus/pci/devices/$DEV/driver_override
done
modprobe -i vfio-pci
'';
# rules are for:
# * monitor ddc/ci
# * input for qemu
# * rule for event-mouse (i hope?)
# * uinput rule
services.udev.extraRules = ''
SUBSYSTEM=="i2c-dev", GROUP="users", MODE="0660"
SUBSYSTEM=="usb", ATTRS{idVendor}=="05ac", ATTRS{idProduct}=="12a8", GROUP="qemu-libvirtd"
SUBSYSTEM=="usb", ACTION=="add", ATTRS{idVendor}=="fa58", ATTRS{idProduct}=="04d9", GROUP="users"
SUBSYSTEM=="misc", KERNEL=="uinput", OPTIONS+="static_node=uinput", MODE="0660", GROUP="uinput"
SUBSYSTEM=="input", ACTION=="add", DEVPATH=="/devices/virtual/input/*", MODE="0660", GROUP="qemu-libvirtd", RUN+="${
pkgs.writeShellScript "mewdev"
"${pkgs.coreutils}/bin/echo 'c 13:* rw' > /sys/fs/cgroup/devices/machine.slice/machine-qemu*/devices.allow"
}"
'';
environment.systemPackages = [
# pkgs.nur.repos.arc.packages.screenstub # for DDC/CI and input forwarding (currently disabled due to using changed source)
pkgs.arc.pkgs.scream-arc # for audio forwarding
pkgs.screenstub # for input handling
pkgs.ddcutil # for diagnostics on DDC/CI
pkgs.virt-manager # hmm
];
systemd.services.libvirtd-guest-win10 = {
after = [ "libvirtd.service" ];
requires = [ "libvirtd.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
type = "oneshot";
RemainAfterExit = "yes";
};
script = let
xml =
pkgs.writeText "libvirt-guest-win10.xml" (import ./win10.xml.nix { });
in ''
uuid="$(${pkgs.libvirt}/bin/virsh domuuid 'win10' || true)"
${pkgs.libvirt}/bin/virsh define <(sed "s/UUID/$uuid/" '${xml}')
${pkgs.libvirt}/bin/virsh start 'win10';
'';
preStop = ''
${pkgs.libvirt}/bin/virsh shutdown 'win10'
let "timeout = $(date +%s) + 120"
while [ "$(${pkgs.libvirt}/bin/virsh list --name | grep --count '^win10$')" -gt 0 ]; do
if [ "$(date +%s)" -ge "$timeout" ]; then
# meh, we warned it...
${pkgs.libvirt}/bin/virsh destroy 'win10'
else
# the machine is still running, let's give it some time to shut down
sleep 0.5
fi
done
'';
};
home-manager.users.kat = {
# audio for vm on startup
systemd.user.services = {
scream = {
Unit = { Description = "Scream - Audio forwarding from the VM."; };
Service = {
ExecStart =
"${pkgs.arc.pkgs.scream-arc}/bin/scream -i virbr0 -o pulse";
Restart = "always";
};
Install = { WantedBy = [ "default.target" ]; };
};
};
};
# BusId is used to specify the graphics card used for X / lightdm / wayland
# BusId must be decimal conversion of the equivalent but matching the format, this was 0000:25:00.0
services.xserver.deviceSection = lib.mkDefault ''
Option "TearFree" "true"
BusID "PCI:37:0:0"
'';
}

85
hosts/samhain/nixos/vm/screenstub.yml Normal file
View file

@ -0,0 +1,85 @@
screens:
- monitor: # fill in with info from `screenstub detect`
manufacturer: BNQ
model: BenQ GW2270
#serial: "..."
guest_source: # Could be automatically detected, but best to fill in if monitor has more than two inputs
name: HDMI-1
#value: 0x0f # can also specify raw VCP value
host_source: # Usually automatically detected
name: HDMI-2
#value: 0x11
ddc:
#minimal_delay: 100ms # minimum time to wait between switching inputs again
#guest: [] # disable input switching
#host: [] # disable input switching
guest: # configure how to switch to the guest
#- guest_wait # wait until guest agent responds, otherwise might get stranded on other input
- ddc # (default) Use ddc-rs
#exec: ["ddcutil", "-g", "BNQ", "setvcp", "0x60", "{}"]
#- exec: [ddccontrol, -r, "0x60", -w, "{}", /dev/i2c-5]
host: # configure how to switch back from the guest
- ddc # (default) Controls DDC from the host GPU - requires no guest agent but many monitors won't support this
#- exec: ["ddcutil", "-g", "BNQ", "setvcp", "0x60", "{}"]
#- guest_exec: ["C:/ddcset.exe", "setvcp", "60", "{:x}"] # or "0x{:x}" for hex input value
#- guest_exec: ["C:/ScreenBright.exe", "-set", "0x60", "{}"] # "{}" is for decimal input value
#- exec: ["ssh", "user@vm", "ddcutil", "setvcp", "0x60", "{}"] # system commands can also be used
qemu:
#routing: qmp # (default) does not require extra configuration or dependencies
#routing: spice # no external requirements # CURRENTLY UNIMPLEMENTED
#routing: input-linux # requires uinput
routing: virtio-host # requires uinput, recommended for performance, requires vioinput drivers in guest
#driver: ps2 # use PS/2 in the guest for all input devices (absolute mouse mode unsupported)
#driver: usb # use USB keyboard/mouse/tablet in the guest
#driver: virtio # Recommended but vioinput drivers must be installed in guest
#keyboard_driver: ps2 # (default) can also be set separately per input type, this should rarely be necessary
#relative_driver: usb # (default)
#absolute_driver: usb # (default)
#driver: virtio
#relative_driver: virtio
qmp_socket: /tmp/vfio-qmp # path to QMP socket
ga_socket: /tmp/vfio-qga # path to Guest Agent socket
key_remap: # Arbitrary keys can be remapped in the guest
# See https://docs.rs/input-linux/*/input_linux/enum.Key.html for a list of key names available (mouse buttons can also be used)
LeftMeta: Reserved # disable the windows key
RightAlt: LeftMeta # remap right alt to trigger the windows key
hotkeys: # Trigger various events on key combinations
#- toggle_grab:y
# xdevice: # CURRENTLY UNIMPLEMENTED
# devices: # Only grab specific devices from Xorg
# - "..."
#- exec: [echo, hi] # Execute an arbitrary system command
#- show_host # switch to the host display
#- show_guest # switch to the guest display
#- toggle_show # switch the current display
#- unstick_guest # causes all held keys to be released in the guest
#- shutdown # safely shuts the guest system down
#- reboot # reboots the guest
#- exit # quits screenstub
- triggers: [G]
modifiers: [LeftMeta]
events:
- toggle_grab:
x:
mouse: false # Confine input/mouse to window
- toggle_grab:
evdev: # evdev grab is useful for playing games that don't work with absolute mouse events
exclusive: false # grab exclusive access from the device(s)
#new_device_name: "unique-grab-name" # create a new uinput device for this grab
xcore_ignore: [absolute] # which events to ignore from the window (key, button, absolute)
evdev_ignore: [button] # which events to ignore from the evdev device
devices: # List of devices to forward to guest
- /dev/input/by-id/usb-04d9_USB_Laser_Game_Mouse-event-mouse
- unstick_host # force-depress all Xorg keys (prevents keys getting stuck)
- triggers: [T]
modifiers: [LeftMeta]
on_release: false
events:
- toggle_show
exit_events: # Events to trigger on window close / exit
- show_host
#- shutdown

260
hosts/samhain/nixos/vm/win10.xml.nix Normal file
View file

@ -0,0 +1,260 @@
{ ... }:
''
<domain xmlns:qemu="http://libvirt.org/schemas/domain/qemu/1.0" type="kvm">
<name>win10</name>
<uuid>UUID</uuid>
<metadata>
<libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
<libosinfo:os id="http://microsoft.com/win/10"/>
</libosinfo:libosinfo>
</metadata>
<memory unit="KiB">12582912</memory>
<currentMemory unit="KiB">12582912</currentMemory>
<vcpu placement="static">6</vcpu>
<iothreads>1</iothreads>
<cputune>
<vcpupin vcpu="0" cpuset="0"/>
<vcpupin vcpu="1" cpuset="1"/>
<vcpupin vcpu="2" cpuset="2"/>
<vcpupin vcpu="3" cpuset="6"/>
<vcpupin vcpu="4" cpuset="7"/>
<vcpupin vcpu="5" cpuset="8"/>
<emulatorpin cpuset="3,9"/>
<iothreadpin iothread="1" cpuset="3,9"/>
</cputune>
<os>
<type arch="x86_64" machine="pc-q35-5.1">hvm</type>
<loader readonly="yes" type="pflash">/run/libvirt/nix-ovmf/OVMF_CODE.fd</loader>
<nvram>/var/lib/libvirt/qemu/nvram/win10_VARS.fd</nvram>
</os>
<features>
<acpi/>
<apic/>
<hyperv>
<relaxed state="on"/>
<vapic state="on"/>
<spinlocks state="on" retries="8191"/>
</hyperv>
<vmport state="off"/>
</features>
<cpu mode="host-passthrough" check="partial">
<topology sockets="1" dies="1" cores="3" threads="2"/>
<cache mode="passthrough"/>
<feature policy="require" name="topoext"/>
</cpu>
<clock offset="localtime">
<timer name="rtc" tickpolicy="catchup"/>
<timer name="pit" tickpolicy="delay"/>
<timer name="hpet" present="no"/>
<timer name="hypervclock" present="yes"/>
</clock>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<pm>
<suspend-to-mem enabled="no"/>
<suspend-to-disk enabled="no"/>
</pm>
<devices>
<emulator>/run/libvirt/nix-emulators/qemu-system-x86_64</emulator>
<disk type="file" device="disk">
<driver name="qemu" type="raw" discard="unmap"/>
<source file="/dev/disk/by-id/ata-HFS256G32TNF-N3A0A_MJ8BN15091150BM1Z"/>
<target dev="sda" bus="scsi"/>
<boot order="2"/>
<address type="drive" controller="0" bus="0" target="0" unit="0"/>
</disk>
<controller type="usb" index="0" model="qemu-xhci" ports="15">
<address type="pci" domain="0x0000" bus="0x02" slot="0x00" function="0x0"/>
</controller>
<controller type="pci" index="0" model="pcie-root"/>
<controller type="pci" index="1" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="1" port="0x10"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x0" multifunction="on"/>
</controller>
<controller type="pci" index="2" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="2" port="0x11"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x1"/>
</controller>
<controller type="pci" index="3" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="3" port="0x12"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x2"/>
</controller>
<controller type="pci" index="4" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="4" port="0x13"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x3"/>
</controller>
<controller type="pci" index="5" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="5" port="0x14"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x4"/>
</controller>
<controller type="pci" index="6" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="6" port="0x15"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x5"/>
</controller>
<controller type="pci" index="7" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="7" port="0x16"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x6"/>
</controller>
<controller type="pci" index="8" model="pcie-to-pci-bridge">
<model name="pcie-pci-bridge"/>
<address type="pci" domain="0x0000" bus="0x04" slot="0x00" function="0x0"/>
</controller>
<controller type="pci" index="9" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="9" port="0x17"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x02" function="0x7"/>
</controller>
<controller type="pci" index="10" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="10" port="0x8"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x0" multifunction="on"/>
</controller>
<controller type="pci" index="11" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="11" port="0x9"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x1"/>
</controller>
<controller type="pci" index="12" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="12" port="0xa"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x2"/>
</controller>
<controller type="pci" index="13" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="13" port="0xb"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x3"/>
</controller>
<controller type="pci" index="14" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="14" port="0xc"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x4"/>
</controller>
<controller type="pci" index="15" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="15" port="0xd"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x5"/>
</controller>
<controller type="pci" index="16" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="16" port="0xe"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x6"/>
</controller>
<controller type="pci" index="17" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="17" port="0xf"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x01" function="0x7"/>
</controller>
<controller type="pci" index="18" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="18" port="0x18"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x0" multifunction="on"/>
</controller>
<controller type="pci" index="19" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="19" port="0x19"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x1"/>
</controller>
<controller type="pci" index="20" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="20" port="0x1a"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x2"/>
</controller>
<controller type="pci" index="21" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="21" port="0x1b"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x3"/>
</controller>
<controller type="pci" index="22" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="22" port="0x1c"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x4"/>
</controller>
<controller type="pci" index="23" model="pcie-root-port">
<model name="pcie-root-port"/>
<target chassis="23" port="0x1d"/>
<address type="pci" domain="0x0000" bus="0x00" slot="0x03" function="0x5" multifunction="on"/>
</controller>
<controller type="pci" index="24" model="pcie-to-pci-bridge">
<model name="pcie-pci-bridge"/>
<address type="pci" domain="0x0000" bus="0x0a" slot="0x00" function="0x0"/>
</controller>
<controller type="virtio-serial" index="0">
<address type="pci" domain="0x0000" bus="0x03" slot="0x00" function="0x0"/>
</controller>
<controller type="scsi" index="0" model="virtio-scsi">
<address type="pci" domain="0x0000" bus="0x06" slot="0x00" function="0x0"/>
</controller>
<controller type="sata" index="0">
<address type="pci" domain="0x0000" bus="0x00" slot="0x1f" function="0x2"/>
</controller>
<interface type="network">
<mac address="52:54:00:61:87:37"/>
<source network="default"/>
<model type="virtio"/>
<address type="pci" domain="0x0000" bus="0x01" slot="0x00" function="0x0"/>
</interface>
<serial type="pty">
<target type="isa-serial" port="0">
<model name="isa-serial"/>
</target>
</serial>
<console type="pty">
<target type="serial" port="0"/>
</console>
<channel type="spicevmc">
<target type="virtio" name="com.redhat.spice.0"/>
<address type="virtio-serial" controller="0" bus="0" port="1"/>
</channel>
<input type="tablet" bus="usb">
<address type="usb" bus="0" port="1"/>
</input>
<input type="mouse" bus="ps2"/>
<input type="keyboard" bus="ps2"/>
<hostdev mode="subsystem" type="pci" managed="yes">
<source>
<address domain="0x0000" bus="0x26" slot="0x00" function="0x0"/>
</source>
<rom file="${./vbios.rom}"/>
<address type="pci" domain="0x0000" bus="0x07" slot="0x00" function="0x0"/>
</hostdev>
<hostdev mode="subsystem" type="pci" managed="yes">
<source>
<address domain="0x0000" bus="0x26" slot="0x00" function="0x1"/>
</source>
<address type="pci" domain="0x0000" bus="0x09" slot="0x00" function="0x0"/>
</hostdev>
<redirdev bus="usb" type="spicevmc">
<address type="usb" bus="0" port="2"/>
</redirdev>
<redirdev bus="usb" type="spicevmc">
<address type="usb" bus="0" port="3"/>
</redirdev>
<memballoon model="virtio">
<address type="pci" domain="0x0000" bus="0x05" slot="0x00" function="0x0"/>
</memballoon>
</devices>
<qemu:commandline>
<qemu:arg value="-chardev"/>
<qemu:arg value="socket,path=/tmp/vfio-qmp,server,nowait,id=qmp0"/>
<qemu:arg value="-mon"/>
<qemu:arg value="chardev=qmp0,id=qmp,mode=control"/>
<qemu:arg value="-chardev"/>
<qemu:arg value="socket,path=/tmp/vfio-qga,server,nowait,id=qga0"/>
<qemu:arg value="-device"/>
<qemu:arg value="virtserialport,chardev=qga0,name=org.qemu.guest_agent.0"/>
<qemu:arg value="-set"/>
<qemu:arg value="device.scsi0-0-0-0.rotation_rate=1"/>
<qemu:arg value="-cpu"/>
<qemu:arg value="host,hv_time,kvm=off,hv_vendor_id=null,-hypervisor"/>
</qemu:commandline>
</domain>
''

1
hosts/yule/home/default.nix Normal file
View file

@ -0,0 +1 @@
{ ... }: { }

23
hosts/yule/nixos/default.nix Normal file
View file

@ -0,0 +1,23 @@
{ config, pkgs, ... }:
{
imports = [ ./hw.nix ../../../services/zfs.nix ];
deploy.profiles = [ "gui" "sway" "kat" "laptop" "private" ];
deploy.groups = [ "gui" ];
deploy.ssh.host = "192.168.1.92";
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
boot.supportedFilesystems = [ "zfs" ];
networking.hostId = "dddbb888";
networking.hostName = "yule";
networking.useDHCP = false;
networking.interfaces.enp1s0.useDHCP = true;
networking.interfaces.wlp2s0.useDHCP = true;
system.stateVersion = "20.09";
}

35
hosts/yule/nixos/hw.nix Normal file
View file

@ -0,0 +1,35 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" = {
device = "rpool/safe/root";
fsType = "zfs";
};
fileSystems."/home" = {
device = "rpool/safe/home";
fsType = "zfs";
};
fileSystems."/nix" = {
device = "rpool/local/nix";
fsType = "zfs";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/D680-ED0E";
fsType = "vfat";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/87ff4f68-cc00-494e-8eba-050469c3bf03"; }];
}