diff --git a/flake.lock b/flake.lock index 8fdaced..66b8058 100644 --- a/flake.lock +++ b/flake.lock @@ -203,11 +203,11 @@ ] }, "locked": { - "lastModified": 1687969886, - "narHash": "sha256-tC2qFLmuM0PFaw0tMHVcFmzsG/351q09qa1EpuL2n1U=", + "lastModified": 1688302761, + "narHash": "sha256-YIYKeX3YfoAIg9DTe6cl1ga87rDCNDZugdGuqsvEN30=", "owner": "nix-community", "repo": "home-manager", - "rev": "a7002d6bfca54742d5fc9b485a1879953b4585b9", + "rev": "c85d9137db45a1c9c161f4718b13cc3bd4cbd173", "type": "github" }, "original": { @@ -223,11 +223,11 @@ ] }, "locked": { - "lastModified": 1687101087, - "narHash": "sha256-7whjv4o+IsqyILNPGtNA3TdBOdGTNqi7gd3SYneQXEs=", + "lastModified": 1688282687, + "narHash": "sha256-OS8ua5R5r3R7D6sGN3dQteELASn1ZN6E7xxkAY81J/0=", "owner": "therealr5", "repo": "TruckSimulatorBot-images", - "rev": "c2b85c3117b9ddbab6c93d6ea3e3fca452643b71", + "rev": "f27975d1d364cab329077e53a7021e99146cbc65", "type": "github" }, "original": { @@ -333,11 +333,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1688049487, - "narHash": "sha256-100g4iaKC9MalDjUW9iN6Jl/OocTDtXdeAj7pEGIRh4=", + "lastModified": 1688231357, + "narHash": "sha256-ZOn16X5jZ6X5ror58gOJAxPfFLAQhZJ6nOUeS4tfFwo=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4bc72cae107788bf3f24f30db2e2f685c9298dc9", + "rev": "645ff62e09d294a30de823cb568e9c6d68e92606", "type": "github" }, "original": { @@ -409,11 +409,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1687031877, - "narHash": "sha256-yMFcVeI+kZ6KD2QBrFPNsvBrLq2Gt//D0baHByMrjFY=", + "lastModified": 1688256355, + "narHash": "sha256-/E+OSabu4ii5+ccWff2k4vxDsXYhpc4hwnm0s6JOz7Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "e2e2059d19668dab1744301b8b0e821e3aae9c99", + "rev": "f553c016a31277246f8d3724d3b1eee5e8c0842c", "type": "github" }, "original": { @@ -461,11 +461,11 @@ ] }, "locked": { - "lastModified": 1687686412, - "narHash": "sha256-Wq9D5tBxKNJVpeUDW8ZJRm1PM+JLgr16tdvaULuPMbo=", + "lastModified": 1688283850, + "narHash": "sha256-MYqRBDJL1DJHbwexYxDb/9R1qvuhYakh1E+SfzDadc8=", "owner": "therealr5", "repo": "purge", - "rev": "4fc0ee4454dc5afaa8b370f1f642e012a06fe42e", + "rev": "0a5ca0cc596afd360639bfd8ac6187245b3734ec", "type": "github" }, "original": { @@ -548,11 +548,11 @@ "nixpkgs-stable": "nixpkgs-stable_2" }, "locked": { - "lastModified": 1687398569, - "narHash": "sha256-e/umuIKFcFtZtWeX369Hbdt9r+GQ48moDmlTcyHWL28=", + "lastModified": 1688268466, + "narHash": "sha256-fArazqgYyEFiNcqa136zVYXihuqzRHNOOeVICayU2Yg=", "owner": "Mic92", "repo": "sops-nix", - "rev": "2ff6973350682f8d16371f8c071a304b8067f192", + "rev": "5ed3c22c1fa0515e037e36956a67fe7e32c92957", "type": "github" }, "original": { @@ -583,11 +583,11 @@ ] }, "locked": { - "lastModified": 1687686435, - "narHash": "sha256-G/GW1x4UEcj41ss6hjmtGim0tKzS/mFQ9lnE2b2hhig=", + "lastModified": 1688282790, + "narHash": "sha256-7+/witOmi7o6oPp8ILjcY/2BBjQnTaeOkeJ+NND3ZjI=", "owner": "therealr5", "repo": "TruckSimulatorBot", - "rev": "17e3c09b0b29067614841d183800ac361773cd9a", + "rev": "f2b10439be8238ed2123851dd80f280b8ca2eddc", "type": "github" }, "original": { diff --git a/hosts/thinkpad/default.nix b/hosts/thinkpad/default.nix index 4257d7d..67d5fcf 100755 --- a/hosts/thinkpad/default.nix +++ b/hosts/thinkpad/default.nix @@ -6,6 +6,7 @@ ./hardware-configuration.nix ./modules/networks ./modules/greetd + ./modules/virtualisation ./modules/snapper ]; @@ -156,7 +157,6 @@ fwupd.enable = true; # firmware updates }; - # fun fact: if I disable this, Hyprland breaks due to missing egl dependencies programs.steam.enable = true; # putting steam in here cause in home manager it doesn't work programs.ausweisapp = { @@ -164,22 +164,6 @@ openFirewall = true; }; - virtualisation.libvirtd.enable = true; - virtualisation.spiceUSBRedirection.enable = true; - - # fix to enable secure boot in vms - environment.etc = { - "ovmf/edk2-x86_64-secure-code.fd" = { - source = config.virtualisation.libvirtd.qemu.package + "/share/qemu/edk2-x86_64-secure-code.fd"; - }; - - "ovmf/edk2-i386-vars.fd" = { - source = config.virtualisation.libvirtd.qemu.package + "/share/qemu/edk2-i386-vars.fd"; - mode = "0644"; - user = "libvirtd"; - }; - }; - systemd.sleep.extraConfig = '' HibernateDelaySec=2h ''; @@ -221,8 +205,8 @@ killall zip unzip + pciutils - virt-viewer # multi monitor for vms sbctl deploy-rs diff --git a/hosts/thinkpad/modules/virtualisation/default.nix b/hosts/thinkpad/modules/virtualisation/default.nix new file mode 100644 index 0000000..7b3e795 --- /dev/null +++ b/hosts/thinkpad/modules/virtualisation/default.nix @@ -0,0 +1,88 @@ +{ config, lib, pkgs, ... }: +# Virtualisation with gpu passthrough +# Following https://astrid.tech/2022/09/22/0/nixos-gpu-vfio/ +let + gpuHook = pkgs.writeShellScript "gpuhook.sh" '' + export PATH=$PATH:${lib.makeBinPath [pkgs.pciutils pkgs.kmod pkgs.psmisc pkgs.systemd pkgs.coreutils]} + gpu_domains=( + win11 + ) + function gpu_begin { + set -x + device=$(lspci -nnD | grep "VGA compatible controller" | grep Intel) + # Stop display manager + systemctl stop greetd.service + # Unbind vtconsole + for i in /sys/class/vtconsole/*/bind; do + echo 0 > "$i" + done + # Kill pulseaudio + killall pipewire + killall pipewire-pulse + # Unbind GPU + echo "$device" | cut -d' ' -f1 > /sys/module/i915/drivers/pci:i915/unbind + # Unload modules + rmmod snd_hda_intel + rmmod i915 + # Load vfio + modprobe vfio-pci ids="$(echo "$device" | grep -o 8086:....)" + } + function gpu_end { + set -x + # Unload vfio + rmmod vfio_pci + # Load modules + modprobe snd_hda_intel + modprobe i915 + # Rebind vtconsole + for i in /sys/class/vtconsole/*/bind; do + echo 1 > "$i" + done + # Start display manager + systemctl start greetd.service + } + # Run only for gpu_domains + for d in "''${gpu_domains[@]}"; do + [ "$d" = "$1" ] && gpu_domain=true + done + if [ "$gpu_domain" = true ]; then + [ "$2" = prepare ] && [ "$3" = begin ] && gpu_begin + [ "$2" = release ] && [ "$3" = end ] && gpu_end + fi + true + ''; +in +{ + + virtualisation.libvirtd.enable = true; + virtualisation.spiceUSBRedirection.enable = true; + + # fix to enable secure boot in vms + environment.etc = { + "ovmf/edk2-x86_64-secure-code.fd" = { + source = config.virtualisation.libvirtd.qemu.package + "/share/qemu/edk2-x86_64-secure-code.fd"; + }; + + "ovmf/edk2-i386-vars.fd" = { + source = config.virtualisation.libvirtd.qemu.package + "/share/qemu/edk2-i386-vars.fd"; + mode = "0644"; + user = "libvirtd"; + }; + + }; + environment.systemPackages = with pkgs; [ + virt-viewer + ]; + systemd.services.libvirtd.preStart = + '' + mkdir -p /var/lib/libvirt/hooks + chmod 755 /var/lib/libvirt/hooks + + # Copy hook files + cp -f ${gpuHook} /var/lib/libvirt/hooks/qemu + + # Make them executable + chmod +x /var/lib/libvirt/hooks/qemu + ''; + +} diff --git a/users/rouven/modules/packages.nix b/users/rouven/modules/packages.nix index fb79eac..523541e 100644 --- a/users/rouven/modules/packages.nix +++ b/users/rouven/modules/packages.nix @@ -12,6 +12,7 @@ evince # pdf viewer gimp ffmpeg + drawio thunderbird diff --git a/users/rouven/modules/wayland/river.nix b/users/rouven/modules/wayland/river.nix index 51aa915..7f4fcba 100644 --- a/users/rouven/modules/wayland/river.nix +++ b/users/rouven/modules/wayland/river.nix @@ -44,9 +44,9 @@ riverctl map normal Super L focus-output next riverctl map normal Super H focus-output previous riverctl map normal Super O send-to-output next - # riverctl map-pointer normal Super BTN_LEFT move-view + riverctl map-pointer normal Super BTN_LEFT move-view - # riverctl map-pointer normal Super BTN_RIGHT resize-view + riverctl map-pointer normal Super BTN_RIGHT resize-view riverctl map normal Alt Space spawn ${lib.getExe pkgs.fuzzel} riverctl map normal Super Space toggle-float