.

2026-05-02 10:03:39 -03:00 · 2026-05-02 10:03:39 -03:00 · 664eb70e8c
commit 664eb70e8c
parent 73ff9ee8ee
14 changed files with 698 additions and 495 deletions
--- a/vms/default.nix
+++ b/vms/default.nix
@ -43,7 +43,7 @@
  };

  microvm.vms = {
-    "dealwise" = {
+    "agent" = {
      pkgs = import nixpkgs {
        system = "x86_64-linux";
        config.allowUnfreePredicate =
@ -55,27 +55,24 @@

      config =
        let
-          hostname = "ai-sandbox";
-          mac = "02:00:00:00:00:06";
+          hostname = "agent";
+          mac = "02:00:00:00:00:07";
        in
        {
          config,
+          lib,
          pkgs,
          ...
        }:
        {
          imports = [
            impermanence.nixosModules.impermanence
-            sops-nix.nixosModules.sops
            home-manager.nixosModules.home-manager
          ];
-          sops = {
-            defaultSopsFile = ./secrets/secrets.yaml;
-            age.keyFile = "/.persist/root/.config/sops/age/keys.txt";
-            secrets = {
-              "wg0/private_key" = { };
-            };
-          };
+          nix.settings.experimental-features = [
+            "nix-command"
+            "flakes"
+          ];
          boot.kernel.sysctl."kernel.unprivileged_userns_clone" = 1;
          systemd.network = {
            enable = true;
@ -97,6 +94,17 @@
              };
            };
          };
+          systemd.user.services.wayland-proxy = {
+            enable = true;
+            description = "Wayland Proxy";
+            serviceConfig = with pkgs; {
+              # Environment = "WAYLAND_DISPLAY=wayland-1";
+              ExecStart = "${wayland-proxy-virtwl}/bin/wayland-proxy-virtwl --virtio-gpu --x-display=0 --xwayland-binary=${xwayland}/bin/Xwayland";
+              Restart = "on-failure";
+              RestartSec = 5;
+            };
+            wantedBy = [ "default.target" ];
+          };

          services.resolved.enable = false;
          environment.etc."resolv.conf".text = ''
@ -107,23 +115,6 @@
            useNetworkd = true;
            useDHCP = false;
            firewall.enable = false;
-            wireguard.interfaces.wg0 = {
-              ips = [ "10.2.0.2/32" ];
-              listenPort = 45974;
-              privateKeyFile = config.sops.secrets."wg0/private_key".path;
-              metric = 10;
-              peers = [
-                {
-                  publicKey = "D8Sqlj3TYwwnTkycV08HAlxcXXS3Ura4oamz8rB5ImM=";
-                  endpoint = "103.69.224.4:51820";
-                  allowedIPs = [
-                    "0.0.0.0/0"
-                    "::/0"
-                  ];
-                  persistentKeepalive = 25;
-                }
-              ];
-            };
          };

          users.mutableUsers = false;
@ -140,6 +131,9 @@
            password = "";
            group = "user";
            isNormalUser = true;
+            extraGroups = [
+              "video"
+            ];
            uid = 1000;
            shell = pkgs.fish;
            openssh.authorizedKeys.keys = [
@ -148,10 +142,24 @@
          };
          users.groups.user.gid = 1000;

+          environment.sessionVariables = {
+            WAYLAND_DISPLAY = "/var/host/wayland-agent";
+            DISPLAY = ":0";
+            QT_QPA_PLATFORM = "wayland"; # Qt Applications
+            GDK_BACKEND = "wayland"; # GTK Applications
+            XDG_SESSION_TYPE = "wayland"; # Electron Applications
+            SDL_VIDEODRIVER = "wayland";
+            CLUTTER_BACKEND = "wayland";
+          };
+
          home-manager = {
            useGlobalPkgs = true;
            useUserPackages = true;
            users.user = {
+              imports = [
+                ../home/nvim
+                ../home/tmux.nix
+              ];
              home.username = "user";
              home.homeDirectory = "/home/user";
              home.stateVersion = "25.11";
@ -164,6 +172,13 @@
                [containers]
                log_driver="k8s-file"
              '';
+              xdg.configFile."lazygit/config.yml".text = lib.generators.toYAML { } {
+                gui = {
+                  theme = {
+                    selectedLineBgColor = [ "reverse" ];
+                  };
+                };
+              };
              xdg.configFile."opencode/opencode.json".text = builtins.toJSON {
                "$schema" = "https://opencode.ai/config.json";
                plugin = [ "opencode-antigravity-auth@latest" ];
@ -382,6 +397,106 @@
                  };
                };
              };
+
+              home.packages = with pkgs; [
+                (writeShellApplication {
+                  name = "tmux-sessionizer";
+                  runtimeInputs = [
+                    tmux
+                    fzf
+                  ];
+                  text = builtins.readFile ../home/bin/tmux-sessionizer;
+                })
+              ];
+              custom.tmux.enable = true;
+              custom.neovim = {
+                enable = true;
+                colorscheme = "rose-pine-moon";
+                hostname = hostname;
+              };
+
+              programs.fish = {
+                enable = true;
+                plugins = [
+                  {
+                    name = "puffer";
+                    src = pkgs.fetchFromGitHub {
+                      owner = "nickeb96";
+                      repo = "puffer-fish";
+                      rev = "83174b0";
+                      sha256 = "sha256-Dhx5+XRxJvlhdnFyimNxFyFiASrGU4ZwyefsDwtKnSg=";
+                    };
+                  }
+                ];
+
+                interactiveShellInit = ''
+                  set fish_greeting
+                  bind ctrl-space ""
+                '';
+              };
+              programs = {
+                delta = {
+                  enable = true;
+                  options = {
+                    navigate = true;
+                    line-numbers = true;
+                    side-by-side = true;
+                  };
+                  enableGitIntegration = true;
+                };
+                git = {
+                  enable = true;
+                  lfs.enable = true;
+                  settings = {
+                    user = {
+                      email = "user@sandbox.dev";
+                      name = "sandbox";
+                    };
+                    gpg.format = "ssh";
+                    commit.gpgsign = true;
+                    tag.gpgsign = true;
+                    core = {
+                      editor = "nvim";
+                      whitespace = "fix,only-indent-error,trailing-space,space-before-tab";
+                      quotepath = false;
+                    };
+                    diff = {
+                      algorithm = "histogram";
+                      renames = "copies";
+                      tool = "nvim";
+                    };
+                    difftool = {
+                      prompt = false;
+                      nvim.cmd = "nvim -d $LOCAL $REMOTE";
+                    };
+                    merge = {
+                      conflictstyle = "zdiff3";
+                      tool = "nvim";
+                    };
+                    mergetool = {
+                      prompt = false;
+                      keepBackup = false;
+                      nvim.cmd = "nvim -d $LOCAL $REMOTE $MERGED -c 'wincmd w' -c 'wincmd J'";
+                    };
+                    init = {
+                      defaultBranch = "master";
+                    };
+                    push = {
+                      autoSetupRemote = true;
+                      default = "current";
+                    };
+                    pull = {
+                      rebase = true;
+                    };
+                    fetch = {
+                      prune = true;
+                    };
+                    help = {
+                      autocorrect = "prompt";
+                    };
+                  };
+                };
+              };
            };
          };

@ -389,6 +504,7 @@
            "/.persist".neededForBoot = true;
          };
          environment.systemPackages = with pkgs; [
+            xdg-utils
            coreutils
            jq
            git
@ -399,14 +515,21 @@
            fd
            podman-compose
            opencode
-
-            php
-            php.packages.composer
-            pkgs.nodejs_24
-            pkgs.dotnet-sdk_9
-            pkgs.go_1_24
+            lf
+            lazygit
+            ungoogled-chromium
+            bat
+            eza
+            ffmpeg
+            fira-code-symbols
+            gh
+            imagemagick
+            luarocks
+            wl-clipboard
          ];

+          hardware.graphics.enable = true;
+
          programs = {
            fish.enable = true;
            starship.enable = true;
@ -418,10 +541,6 @@
            };
          };

-          systemd.tmpfiles.rules = [
-            "d /var/log/laravel 0755 1000 1000"
-          ];
-
          environment.persistence."/.persist" = {
            enable = true;
            hideMounts = true;
@ -439,17 +558,6 @@
                ".config/sops/age/keys.txt"
              ];
            };
-            users.user = {
-              files = [
-                ".claude.json"
-                ".claude.json.backup"
-              ];
-              directories = [
-                ".claude"
-                ".local/share/containers"
-                ".local/share/opencode"
-              ];
-            };
          };

          services = {
@ -486,11 +594,12 @@
          };

          microvm = {
-            hypervisor = "qemu";
+            hypervisor = "crosvm";
+            graphics.enable = true;

-            vcpu = 4;
-            mem = 8192;
-            socket = "control.sock";
+            vcpu = 20;
+            mem = 16384;
+            # socket = "control.sock";

            interfaces = [
              {
@ -515,12 +624,6 @@

            writableStoreOverlay = "/nix/.rw-store";
            shares = [
-              {
-                proto = "virtiofs";
-                tag = "downloads";
-                source = "/home/user/downloads";
-                mountPoint = "/home/user/downloads";
-              }
              {
                proto = "virtiofs";
                tag = "pictures";
@ -529,27 +632,9 @@
              }
              {
                proto = "virtiofs";
-                tag = "dealwise";
-                source = "/home/user/work/dealwise";
-                mountPoint = "/home/user/work/dealwise";
-              }
-              {
-                proto = "virtiofs";
-                tag = "php-data-transfer-object";
-                source = "/home/user/dev/icefox/php/data-transfer-object";
-                mountPoint = "/home/user/dev/icefox/php/data-transfer-object";
-              }
-              {
-                proto = "virtiofs";
-                tag = "uni";
-                source = "/home/user/uni";
-                mountPoint = "/home/user/uni";
-              }
-              {
-                proto = "virtiofs";
-                tag = "dev";
-                source = "/home/user/dev";
-                mountPoint = "/home/user/dev";
+                tag = "home";
+                source = "/data/vm/${hostname}";
+                mountPoint = "/home/user";
              }
              {
                proto = "virtiofs";
@ -557,12 +642,41 @@
                source = "/nix/store";
                mountPoint = "/nix/.ro-store";
              }
+              # {
+              #   proto = "virtiofs";
+              #   tag = "xdg-host";
+              #   source = "/run/user/1000";
+              #   mountPoint = "/var/host";
+              # }
+              # {
+              #   proto = "virtiofs";
+              #   tag = "gpu";
+              #   source = "/dev/dri";
+              #   mountPoint = "/dev/dri";
+              # }
            ];
-
-            qemu.extraArgs = [
-              "-cpu"
-              "host"
+            crosvm.extraArgs = [
+              "--disable-sandbox"
            ];
+            # qemu.extraArgs = [
+            #   "-cpu"
+            #   "host"
+            #   "-vnc"
+            #   ":0"
+            #   "-vga"
+            #   "qxl"
+            #   "-device"
+            #   "virtio-keyboard"
+            #   "-usb"
+            #   "-device"
+            #   "usb-table,bus=usb-bus.0"
+            #   "-display"
+            #   "spice-app"
+            #   "-device"
+            #   "virtio-gpu"
+            #   "-spice"
+            #   "port=5900,disable-ticketing=on"
+            # ];
          };
          system.stateVersion = "25.11";
        };