system/desktop
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

.

Browse source
This commit is contained in:
root 2026-05-02 10:03:39 -03:00
parent 73ff9ee8ee
commit 664eb70e8c
No known key found for this signature in database
14 changed files with 698 additions and 495 deletions
Download patch file Download diff file Expand all files Collapse all files

21
configuration.nix
View file

@ -76,6 +76,18 @@
# };
# };
tailscale.enable = true;
openssh = {
enable = true;
ports = [ 22 ];
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitRootLogin = "no";
AllowUsers = [
"user"
];
};
};
};
hardware = {
@ -139,5 +151,12 @@
};
};
};
services.openssh.enable = true;
systemd.tmpfiles.rules = [
"d /home/public 2775 root public - -"
"d /home/public/pictures 2775 root public - -"
"a+ /home/public - - - - d:g:public:rwX,d:m::rwX"
"a+ /home/public/pictures - - - - d:g:public:rwX,d:m::rwX"
];
}

111
flake.lock generated
View file

@ -71,11 +71,11 @@
]
},
"locked": {
"lastModified": 1769996383,
"narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=",
"lastModified": 1772408722,
"narHash": "sha256-rHuJtdcOjK7rAHpHphUb1iCvgkU3GpfvicLMwwnfMT0=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "57928607ea566b5db3ad13af0e57e921e6b12381",
"rev": "f20dc5d9b8027381c474144ecabc9034d6a839a3",
"type": "github"
},
"original": {
@ -130,17 +130,16 @@
]
},
"locked": {
"lastModified": 1770260404,
"narHash": "sha256-3iVX1+7YUIt23hBx1WZsUllhbmP2EnXrV8tCRbLxHc8=",
"lastModified": 1774738535,
"narHash": "sha256-2jfBEZUC67IlnxO5KItFCAd7Oc+1TvyV/jQlR+2ykGQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "0d782ee42c86b196acff08acfbf41bb7d13eed5b",
"rev": "769e07ef8f4cf7b1ec3b96ef015abec9bc6b1e2a",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"rev": "0d782ee42c86b196acff08acfbf41bb7d13eed5b",
"type": "github"
}
},
@ -184,27 +183,6 @@
"type": "github"
}
},
"microvm": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"spectrum": "spectrum"
},
"locked": {
"lastModified": 1770310890,
"narHash": "sha256-lyWAs4XKg3kLYaf4gm5qc5WJrDkYy3/qeV5G733fJww=",
"owner": "microvm-nix",
"repo": "microvm.nix",
"rev": "68c9f9c6ca91841f04f726a298c385411b7bfcd5",
"type": "github"
},
"original": {
"owner": "microvm-nix",
"repo": "microvm.nix",
"type": "github"
}
},
"neovim-nightly-overlay": {
"inputs": {
"flake-parts": "flake-parts",
@ -212,11 +190,11 @@
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1771632300,
"narHash": "sha256-uP5SbbbN86+LZ8VubL01UKD6bez5DK9prqIqQOMy3Jw=",
"lastModified": 1774742707,
"narHash": "sha256-a3FjZJxDOn0t18VwtIAgpNuUNaIEl6T+Awu5tXifQQw=",
"owner": "nix-community",
"repo": "neovim-nightly-overlay",
"rev": "0f601090d4d54b3da0d03e270cb6a5c68bf84dd3",
"rev": "7966a9c203276bea3b7e8dd2e125fd2b4c8b6753",
"type": "github"
},
"original": {
@ -228,11 +206,11 @@
"neovim-src": {
"flake": false,
"locked": {
"lastModified": 1771630915,
"narHash": "sha256-7RPG+RG/e0O79HjNT/ztC7K7j/xXazltq3TPk1mauqY=",
"lastModified": 1774725909,
"narHash": "sha256-aOiiQCmjCrvo+jAUDO2oMa377FvOtU97aqvTm74ZRGU=",
"owner": "neovim",
"repo": "neovim",
"rev": "d79a9dcd422133bc1e4b4ef94444962560d7a6d7",
"rev": "d5516daf121aa718e79bcd423ee24c24492893c0",
"type": "github"
},
"original": {
@ -249,11 +227,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1769284707,
"narHash": "sha256-X60XGpLjNTgYyaC/gChHGpqQqLWGI+0n5BbWaybXKiE=",
"lastModified": 1771283045,
"narHash": "sha256-AgD3KAkrQ4cs34kKZE8v/+FyFTc1Vq2sOJaPrWiCRio=",
"owner": "argosnothing",
"repo": "niri",
"rev": "6dcaa349acf3b04ed1593022388b4f1cbef8893b",
"rev": "eab116015a5a4d8f027c915dbd7b0a90e1e9a5e1",
"type": "github"
},
"original": {
@ -272,11 +250,11 @@
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1765743947,
"narHash": "sha256-kx8XFbzG59eLNImygoN9jRjgaxR7kvmjg64equccmK0=",
"lastModified": 1774389340,
"narHash": "sha256-zPxNCLGMQ5gbziogsTl3COikFFco6Em6NDeHOy4fmUg=",
"owner": "argosnothing",
"repo": "niri-scratchpad-rs",
"rev": "163420c14c9199d311627501eedee2a3b2507db2",
"rev": "7288342f08036bfc9abd58ab6a4bc692679dfcd3",
"type": "github"
},
"original": {
@ -320,11 +298,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1771207753,
"narHash": "sha256-b9uG8yN50DRQ6A7JdZBfzq718ryYrlmGgqkRm9OOwCE=",
"lastModified": 1774610258,
"narHash": "sha256-HaThtroVD9wRdx7KQk0B75JmFcXlMUoEdDFNOMOlsOs=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d1c15b7d5806069da59e819999d70e1cec0760bf",
"rev": "832efc09b4caf6b4569fbf9dc01bec3082a00611",
"type": "github"
},
"original": {
@ -352,11 +330,11 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1771342064,
"narHash": "sha256-Aros+b3kQpzJAyxjDyhLUmnEfzQfyor2tiIoUTSgki0=",
"lastModified": 1774786714,
"narHash": "sha256-Hwf8ylZAX3wIk8oRec1AH/0JDp1OTrruuE0w7uUhCAI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3f03a5f1bede585f58c878c22cb12988bb0d1ed2",
"rev": "566e0e6a542cde5fd168783a4b4ed376b6d0435a",
"type": "github"
},
"original": {
@ -367,11 +345,11 @@
},
"nixpkgs_6": {
"locked": {
"lastModified": 1770562336,
"narHash": "sha256-ub1gpAONMFsT/GU2hV6ZWJjur8rJ6kKxdm9IlCT0j84=",
"lastModified": 1774386573,
"narHash": "sha256-4hAV26quOxdC6iyG7kYaZcM3VOskcPUrdCQd/nx8obc=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "d6c71932130818840fc8fe9509cf50be8c64634f",
"rev": "46db2e09e1d3f113a13c0d7b81e2f221c63b8ce9",
"type": "github"
},
"original": {
@ -387,11 +365,11 @@
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1770758031,
"narHash": "sha256-YEq6M9OOEOl7l2zr/YjOi2UnuQZZ02HvXebpWGpkEHM=",
"lastModified": 1774786962,
"narHash": "sha256-d1q1KXQ/IvF0rWtc6LL5lle/Bfsx2PBCCottS5yYCgc=",
"owner": "nix-community",
"repo": "NUR",
"rev": "6701aa01b90606ab75078c1910bb991b8e7a389b",
"rev": "7ed0fb4ccb47ccac7652056e42f42bb70c56ac48",
"type": "github"
},
"original": {
@ -428,7 +406,6 @@
"dms": "dms",
"home-manager": "home-manager",
"impermanence": "impermanence",
"microvm": "microvm",
"neovim-nightly-overlay": "neovim-nightly-overlay",
"niri-branch": "niri-branch",
"niri-scratchpad": "niri-scratchpad",
@ -463,11 +440,11 @@
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1763952169,
"narHash": "sha256-+PeDBD8P+NKauH+w7eO/QWCIp8Cx4mCfWnh9sJmy9CM=",
"lastModified": 1772075164,
"narHash": "sha256-93XcvAt+6p7aAq1ERlxD2T17zLGoYGo64KJYasGcpgc=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "ab726555a9a72e6dc80649809147823a813fa95b",
"rev": "07601339b15fa6810541c0e7dc2f3664d92a7ad0",
"type": "github"
},
"original": {
@ -483,11 +460,11 @@
]
},
"locked": {
"lastModified": 1770683991,
"narHash": "sha256-xVfPvXDf9QN3Eh9dV+Lw6IkWG42KSuQ1u2260HKvpnc=",
"lastModified": 1774760784,
"narHash": "sha256-D+tgywBHldTc0klWCIC49+6Zlp57Y4GGwxP1CqfxZrY=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "8b89f44c2cc4581e402111d928869fe7ba9f7033",
"rev": "8adb84861fe70e131d44e1e33c426a51e2e0bfa5",
"type": "github"
},
"original": {
@ -496,22 +473,6 @@
"type": "github"
}
},
"spectrum": {
"flake": false,
"locked": {
"lastModified": 1759482047,
"narHash": "sha256-H1wiXRQHxxPyMMlP39ce3ROKCwI5/tUn36P8x6dFiiQ=",
"ref": "refs/heads/main",
"rev": "c5d5786d3dc938af0b279c542d1e43bce381b4b9",
"revCount": 996,
"type": "git",
"url": "https://spectrum-os.org/git/spectrum"
},
"original": {
"type": "git",
"url": "https://spectrum-os.org/git/spectrum"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,

18
flake.nix
View file

@ -7,10 +7,10 @@
url = "github:Mic92/sops-nix";
inputs.nixpkgs.follows = "nixpkgs";
};
microvm = {
url = "github:microvm-nix/microvm.nix";
inputs.nixpkgs.follows = "nixpkgs";
};
# microvm = {
# url = "github:microvm-nix/microvm.nix/da28962a2ba84718895b7325f600686c3b4ee099";
# inputs.nixpkgs.follows = "nixpkgs";
# };
disko = {
url = "github:nix-community/disko/latest";
inputs.nixpkgs.follows = "nixpkgs";
@ -18,7 +18,7 @@
impermanence.url = "github:nix-community/impermanence";
neovim-nightly-overlay.url = "github:nix-community/neovim-nightly-overlay";
home-manager = {
url = "github:nix-community/home-manager/0d782ee42c86b196acff08acfbf41bb7d13eed5b";
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
nur.url = "github:nix-community/NUR";
@ -49,7 +49,7 @@
config.allowUnfree = true;
# overlays = [ inputs.neovim-nightly-overlay.overlays.default ];
};
microvm = inputs.microvm.nixosModules.host;
# microvm = inputs.microvm.nixosModules.host;
in
{
nixosConfigurations."${hostname}" = nixpkgs.lib.nixosSystem {
@ -59,7 +59,7 @@
nixpkgs
impermanence
home-manager
microvm
# microvm
sops-nix
;
hostname = hostname;
@ -74,8 +74,8 @@
./kernel
./home
inputs.sops-nix.nixosModules.sops
inputs.microvm.nixosModules.host
(import ./vms)
# inputs.microvm.nixosModules.host
# (import ./vms)
inputs.disko.nixosModules.disko
inputs.impermanence.nixosModules.impermanence
inputs.home-manager.nixosModules.home-manager

200
home/agents.nix Normal file
View file

@ -0,0 +1,200 @@
{ pkgs, lib, ... }:
let
home-manager-config =
{
uid,
username,
}:
let
HOME = "/home/${username}";
in
{
${username} =
{ config, ... }:
{
imports = [
./nvim
./tmux.nix
];
home.username = username;
home.homeDirectory = "${HOME}";
home.stateVersion = "25.11";
home.enableNixpkgsReleaseCheck = false;
home.sessionVariables = {
DISPLAY = ":1";
};
programs = {
chromium.enable = true;
claude-code.enable = true;
opencode.enable = true;
ssh = {
enable = true;
enableDefaultConfig = false;
matchBlocks = {
"*" = {
serverAliveInterval = 60;
serverAliveCountMax = 3;
};
"github.com" = {
identityFile = "${HOME}/.ssh/id_ed25519";
};
};
};
delta = {
enable = true;
options = {
navigate = true;
line-numbers = true;
side-by-side = true;
};
enableGitIntegration = true;
};
git = {
enable = true;
lfs.enable = true;
signing = {
key = "${HOME}/.ssh/id_ed25519.pub";
signByDefault = true;
};
includes = [
{
condition = "gitdir:~/dealwise/";
contents = {
user = {
name = "felipematos";
email = "5471818+fnzr@users.noreply.github.com";
signingkey = "${HOME}/.ssh/id_ed25519.pub";
};
};
}
{
contents = {
user = {
name = "${username}";
email = "${username}@sandbox.dev";
signingkey = "${HOME}/.ssh/id_ed25519.pub";
};
};
}
];
settings = {
user = {
email = "${username}@sandbox.dev";
name = "${username}";
signingkey = "${HOME}/.ssh/id_ed25519.pub";
};
gpg.format = "ssh";
commit.gpgsign = true;
tag.gpgsign = true;
core = {
editor = "nvim";
whitespace = "fix,only-indent-error,trailing-space,space-before-tab";
quotepath = false;
};
diff = {
algorithm = "histogram";
renames = "copies";
tool = "nvim";
};
difftool = {
prompt = false;
nvim.cmd = "nvim -d $LOCAL $REMOTE";
};
merge = {
conflictstyle = "zdiff3";
tool = "nvim";
};
mergetool = {
prompt = false;
keepBackup = false;
nvim.cmd = "nvim -d $LOCAL $REMOTE $MERGED -c 'wincmd w' -c 'wincmd J'";
};
init = {
defaultBranch = "master";
};
push = {
autoSetupRemote = true;
default = "current";
};
pull = {
rebase = true;
};
fetch = {
prune = true;
};
help = {
autocorrect = "prompt";
};
};
};
fish = {
enable = true;
plugins = [
{
name = "puffer";
src = pkgs.fetchFromGitHub {
owner = "nickeb96";
repo = "puffer-fish";
rev = "83174b0";
sha256 = "sha256-Dhx5+XRxJvlhdnFyimNxFyFiASrGU4ZwyefsDwtKnSg=";
};
}
];
interactiveShellInit = ''
set fish_greeting
bind ctrl-space ""
'';
};
starship.enable = true;
};
custom.tmux.enable = true;
custom.neovim = {
enable = true;
colorscheme = "rose-pine-moon";
hostname = "amelia";
};
xdg.configFile."containers/containers.conf".text = ''
[engine]
compose_warning_logs=false
events_logger="file"
[containers]
log_driver="k8s-file"
'';
xdg.configFile."opencode/opencode.json".text = builtins.toJSON {
"$schema" = "https://opencode.ai/config.json";
plugin = [ "opencode-antigravity-auth@latest" ];
# {
# "provider": "ollama",
# "ollama": {
# "base_url": "http://localhost:11434",
# "model": "llama3.2"
# }
# }
provider = {
ollama = {
model = "qwen3.6";
base_url = "http://localhost:11434";
};
};
};
xdg.userDirs = {
enable = true;
extraConfig = {
XDG_CACHE_HOME = "$HOME/.cache";
};
};
};
};
in
{
home-manager.users = lib.mkMerge [
(home-manager-config {
uid = 1002;
username = "agent";
})
];
}

67
home/nvim/default.nix
View file

@ -86,6 +86,7 @@ in
blade = { "blade-formatter" },
go = { "gofmt" },
wgsl = { "wgsl_fmt" },
odin = { "odinfmt" },
},
})
vim.api.nvim_create_autocmd("BufWritePre", {
@ -127,7 +128,14 @@ in
},
adapters = {
require('neotest-pest'),
}
require('neotest-zig'),
-- require('neotest-odin'),
},
watch = {
filter_path = function(path, root)
return true
end,
},
})
vim.keymap.set('n', '<localleader>pn', function() require('neotest').run.run() end, { desc = "test nearest" })
vim.keymap.set('n', '<localleader>pe', function() require('neotest').run.run(vim.fn.expand('%')) end, { desc = "test file" })
@ -138,6 +146,10 @@ in
type = "lua";
}
# {
# plugin = neotest-zig;
# type = "lua";
# }
# {
# plugin = nvim-autopairs;
# type = "lua";
# config = ''
@ -149,19 +161,43 @@ in
type = "lua";
config = ''
local dap = require("dap")
dap.adapters.php = {
type = 'executable',
command = '${pkgs.nodejs}/bin/node',
args = { '${pkgs.vscode-extensions.xdebug.php-debug}/share/vscode/extensions/xdebug.php-debug/out/phpDebug.js' },
dap.adapters = {
php = {
type = "executable",
command = "${pkgs.nodejs}/bin/node",
args = { "${pkgs.vscode-extensions.xdebug.php-debug}/share/vscode/extensions/xdebug.php-debug/out/phpDebug.js" },
},
codelldb = {
type = "server",
port = "''${port}",
executable = {
command = '${pkgs.vscode-extensions.vadimcn.vscode-lldb}/share/vscode/extensions/vadimcn.vscode-lldb/adapter/codelldb',
args = { "--port", "''${port}" },
},
},
}
dap.configurations.php = {
{
type = 'php',
request = 'launch',
name = 'listen for xdebug',
port = 9003,
}
dap.configurations = {
php = {
{
type = 'php',
request = 'launch',
name = 'listen for xdebug',
port = 9003,
}
},
zig = {
{
name = 'launch',
type = 'codelldb',
request = 'launch',
program = "''${workspaceFolder}/zig-out/bin/''${workspaceFolderBasename}",
cwd = "''${workspaceFolder}",
stopOnEntry = false,
args = {},
}
},
}
'';
}
@ -199,7 +235,7 @@ in
'fsharp', 'git_config', 'git_rebase', 'gitignore', 'glsl', 'go', 'gomod', 'graphql',
'haskell', 'hlsl', 'http', 'ini', 'javadoc', 'jq', 'jsdoc', 'json', 'json5', 'kitty',
'latex', 'markdown', 'nginx', 'nix', 'php', 'php_only', 'phpdoc', 'regex', 'rust', 'sql',
'ssh_config', 'tmux', 'vim', 'wgsl', 'yaml', 'zig', 'ols',
'ssh_config', 'tmux', 'vim', 'wgsl', 'yaml', 'zig', 'odin',
},
callback = function()
vim.treesitter.start()
@ -246,12 +282,11 @@ in
config = ''
vim.o.autoread = true
-- Recommended/example keymaps.
vim.keymap.set({ "n", "x" }, "<C-a>", function() require("opencode").ask("@this: ", { submit = true }) end, { desc = "Ask opencode" })
vim.keymap.set({ "n", "x" }, "<leader>h", function() require("opencode").ask("@this: ", { submit = true }) end, { desc = "Ask opencode" })
vim.keymap.set({ "n", "x" }, "<C-x>", function() require("opencode").select() end, { desc = "Execute opencode action" })
vim.keymap.set({ "n", "t" }, "<C-.>", function() require("opencode").toggle() end, { desc = "Toggle opencode" })
vim.keymap.set({ "n", "x" }, "go", function() return require("opencode").operator("@this ") end, { desc = "Add range to opencode", expr = true })
vim.keymap.set("n", "goo", function() return require("opencode").operator("@this ") .. "_" end, { desc = "Add line to opencode", expr = true })
vim.keymap.set("n", "<S-C-u>", function() require("opencode").command("session.half.page.up") end, { desc = "Scroll opencode up" })
vim.keymap.set("n", "<S-C-d>", function() require("opencode").command("session.half.page.down") end, { desc = "Scroll opencode down" })
@ -406,7 +441,7 @@ in
extraConfig = ''
colorscheme ${cfg.colorscheme}
'';
extraLuaConfig = ''
initLua = ''
${builtins.readFile ./settings.lua}
${builtins.replaceStrings [ "@HOSTNAME@" ] [ cfg.hostname ] (builtins.readFile ./plugins.lua)}
require("custom")

19
home/nvim/plugins.lua
View file

@ -42,6 +42,7 @@ local servers = {
zls = {
enable_build_on_save = true,
semantic_tokens = "partial",
global_cache_path = vim.fn.getcwd(0, 0) .. "/.cache/zls",
},
},
},
@ -52,7 +53,11 @@ local servers = {
html = { filetypes = { "html", "blade" } },
htmx = { filetypes = { "html", "blade" } },
gopls = {},
ols = {},
ols = {
enable_semantic_tokens = true,
enable_auto_import = true,
checker_args = "-vet",
},
wgsl_analyzer = {},
}
for server, config in pairs(servers) do
@ -77,12 +82,12 @@ local leap = require("leap")
leap.opts.preview = function(ch0, ch1, ch2)
return not (ch1:match("%s") or (ch0:match("%a") and ch1:match("%a") and ch2:match("%a")))
end
leap.opts.equivalence_classes = {
" \t\r\n",
"([{",
")]}",
"'\"`",
}
-- leap.opts.equivalence_classes = {
-- " \t\r\n",
-- "([{",
-- ")]}",
-- "'\"`",
-- }
vim.api.nvim_set_hl(0, "LeapBackdrop", { link = "Comment" })
do

3
home/nvim/settings.lua
View file

@ -107,9 +107,6 @@ vim.keymap.set({ "n", "t" }, "<C-H>", function()
end, { desc = "Go to previous tab" })
vim.keymap.set({ "n", "t" }, "<C-Space>", "<C-w>p", { desc = "Go to previous pane" })
vim.keymap.set("n", "<localleader>v", "<cmd>vsplit<cr>", { desc = "split (vertical line)" })
vim.keymap.set("n", "<leader>h", "<cmd>split<cr>", { desc = "split (horizontal line)" })
vim.keymap.set("n", "<localleader><localleader>", "<cmd>w<cr>", { desc = "save buffer" })
vim.diagnostic.config({

12
home/root.nix
View file

@ -2,6 +2,9 @@
{
home-manager.users.root =
{ config, ... }:
let
HOME = "/root";
in
{
imports = [ ./nvim ];
home.username = "root";
@ -12,13 +15,6 @@
home.file."/.ssh/desktop.pub".text =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILquARrJ3Vyh5z6aeVoiYrkLpgiMts+V/JzFEvs3Cnth root@icefox.sh";
xdg.userDirs = {
enable = false;
extraConfig = {
XDG_CACHE_HOME = "${config.home.homeDirectory}/.cache";
};
};
programs = {
ssh = {
enable = true;
@ -48,7 +44,7 @@
name = "root";
};
gpg.format = "ssh";
user.signingkey = "${config.home.homeDirectory}/.ssh/desktop.pub";
user.signingkey = "${HOME}/.ssh/desktop.pub";
commit.gpgsign = true;
tag.gpgsign = true;
core = {

307
home/user.nix
View file

@ -7,13 +7,13 @@
lib,
...
}:
let
HOME = "/home/user";
in
{
home.username = "user";
home.homeDirectory = "/home/user";
home.homeDirectory = HOME;
home.stateVersion = "25.11";
home.sessionVariables = {
HOME = "/home/user";
};
imports = [
./nvim
@ -21,15 +21,15 @@
];
sops.defaultSopsFile = ../secrets/home.yaml;
sops.age.keyFile = "/.persist/${config.home.homeDirectory}/.config/sops/age/keys.txt";
sops.age.keyFile = "/.persist/${HOME}/.config/sops/age/keys.txt";
sops.secrets."user/ssh/desktop" = {
path = "${config.home.homeDirectory}/.ssh/desktop";
path = "${HOME}/.ssh/desktop";
mode = "0600";
};
home.file."/.ssh/desktop.pub".text =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILABd/iSJ4gn/ystDqNxLJTG0n0z5VIC9YXlmdUfOhHf desktop@icefox.sh";
sops.secrets."user/ssh/legacy_ed25519" = {
path = "${config.home.homeDirectory}/.ssh/legacy_ed25519";
path = "${HOME}/.ssh/legacy_ed25519";
mode = "0600";
};
home.file."/.ssh/legacy_ed25519.pub".text =
@ -51,18 +51,21 @@
# "Xft.rgba" = "rgb";
# };
# systemd.user.services.xrdb-configure = {
# Unit = {
# Description = "Load Xresources";
# };
# Intall = {
# WantedBy = [ "graphical-session.target" ];
# };
# Service = {
# ExecStart = "${pkgs.xrdb}/bin/xrdb -merge ${config.home.homeDirectory}/.Xresources";
# Type = "oneshot";
# };
# };
systemd.user.services.waypipe-socket = {
Unit = {
Description = "start waypipe client";
};
Install = {
WantedBy = [ "graphical-session.target" ];
};
Service = {
ExecStart = "${pkgs.waypipe}/bin/waypipe --socket /tmp/waypipe.sock client";
ExecStartPost = "${pkgs.acl}/bin/setfacl -m u:agent:rw /tmp/waypipe.sock";
RuntimeDirectory = "waypipe";
Type = "simple";
Restart = "on-failure";
};
};
sops.secrets."user/gpg/legacy_fnzr" = { };
home.activation.importGpgKey = config.lib.dag.entryAfter [ "writeBoundary" ] ''
if [[ -f "${config.sops.secrets."user/gpg/legacy_fnzr".path}" ]]; then
@ -92,225 +95,6 @@
};
};
# xdg.configFile."opencode/opencode.json".text = builtins.toJSON {
# "$schema" = "https://opencode.ai/config.json";
# plugin = [ "opencode-antigravity-auth@latest" ];
# provider = {
# google = {
# models = {
# antigravity-gemini-3-pro = {
# name = "Gemini 3 Pro (Antigravity)";
# limit = {
# context = 1048576;
# output = 65535;
# };
# modalities = {
# input = [
# "text"
# "image"
# "pdf"
# ];
# output = [ "text" ];
# };
# variants = {
# low = {
# thinkingLevel = "low";
# };
# high = {
# thinkingLevel = "high";
# };
# };
# };
# antigravity-gemini-3-flash = {
# name = "Gemini 3 Flash (Antigravity)";
# limit = {
# context = 1048576;
# output = 65536;
# };
# modalities = {
# input = [
# "text"
# "image"
# "pdf"
# ];
# output = [ "text" ];
# };
# variants = {
# minimal = {
# thinkingLevel = "minimal";
# };
# low = {
# thinkingLevel = "low";
# };
# medium = {
# thinkingLevel = "medium";
# };
# high = {
# thinkingLevel = "high";
# };
# };
# };
# antigravity-claude-sonnet-4-5 = {
# name = "Claude Sonnet 4.5 (Antigravity)";
# limit = {
# context = 200000;
# output = 64000;
# };
# modalities = {
# input = [
# "text"
# "image"
# "pdf"
# ];
# output = [ "text" ];
# };
# };
# antigravity-claude-sonnet-4-5-thinking = {
# name = "Claude Sonnet 4.5 Thinking (Antigravity)";
# limit = {
# context = 200000;
# output = 64000;
# };
# modalities = {
# input = [
# "text"
# "image"
# "pdf"
# ];
# output = [ "text" ];
# };
# variants = {
# low = {
# thinkingConfig = {
# thinkingBudget = 8192;
# };
# };
# max = {
# thinkingConfig = {
# thinkingBudget = 32768;
# };
# };
# };
# };
# antigravity-claude-opus-4-5-thinking = {
# name = "Claude Opus 4.5 Thinking (Antigravity)";
# limit = {
# context = 200000;
# output = 64000;
# };
# modalities = {
# input = [
# "text"
# "image"
# "pdf"
# ];
# output = [ "text" ];
# };
# variants = {
# low = {
# thinkingConfig = {
# thinkingBudget = 8192;
# };
# };
# max = {
# thinkingConfig = {
# thinkingBudget = 32768;
# };
# };
# };
# };
# antigravity-claude-opus-4-6-thinking = {
# name = "Claude Opus 4.6 Thinking (Antigravity)";
# limit = {
# context = 200000;
# output = 64000;
# };
# modalities = {
# input = [
# "text"
# "image"
# "pdf"
# ];
# output = [ "text" ];
# };
# variants = {
# low = {
# thinkingConfig = {
# thinkingBudget = 8192;
# };
# };
# max = {
# thinkingConfig = {
# thinkingBudget = 32768;
# };
# };
# };
# };
# "gemini-2.5-flash" = {
# name = "Gemini 2.5 Flash (Gemini CLI)";
# limit = {
# context = 1048576;
# output = 65536;
# };
# modalities = {
# input = [
# "text"
# "image"
# "pdf"
# ];
# output = [ "text" ];
# };
# };
# "gemini-2.5-pro" = {
# name = "Gemini 2.5 Pro (Gemini CLI)";
# limit = {
# context = 1048576;
# output = 65536;
# };
# modalities = {
# input = [
# "text"
# "image"
# "pdf"
# ];
# output = [ "text" ];
# };
# };
# gemini-3-flash-preview = {
# name = "Gemini 3 Flash Preview (Gemini CLI)";
# limit = {
# context = 1048576;
# output = 65536;
# };
# modalities = {
# input = [
# "text"
# "image"
# "pdf"
# ];
# output = [ "text" ];
# };
# };
# gemini-3-pro-preview = {
# name = "Gemini 3 Pro Preview (Gemini CLI)";
# limit = {
# context = 1048576;
# output = 65535;
# };
# modalities = {
# input = [
# "text"
# "image"
# "pdf"
# ];
# output = [ "text" ];
# };
# };
# };
# };
# };
# };
xdg.desktopEntries = {
google-chrome = {
name = "Google Chrome";
@ -427,19 +211,20 @@
xdg.userDirs = {
enable = true;
createDirectories = true;
setSessionVariables = true;
download = "${config.home.homeDirectory}/downloads";
documents = "${config.home.homeDirectory}/documents";
desktop = "${config.home.homeDirectory}/desktop";
pictures = "${config.home.homeDirectory}/pictures";
music = "${config.home.homeDirectory}/music";
videos = "${config.home.homeDirectory}/videos";
templates = "${config.home.homeDirectory}";
publicShare = "${config.home.homeDirectory}";
download = "${HOME}/downloads";
documents = "${HOME}/documents";
desktop = "${HOME}/desktop";
pictures = "${HOME}/pictures";
music = "${HOME}/music";
videos = "${HOME}/videos";
templates = "${HOME}";
publicShare = "${HOME}";
extraConfig = {
SCREENSHOTS = "${config.home.homeDirectory}/pictures/screenshots";
XDG_CACHE_HOME = "${config.home.homeDirectory}/.cache";
SCREENSHOTS = "$HOME/pictures/screenshots";
XDG_CACHE_HOME = "$HOME/.cache";
};
};
@ -475,7 +260,7 @@
enable = true;
lfs.enable = true;
signing = {
key = "${config.home.homeDirectory}/.ssh/desktop.pub";
key = "${HOME}/.ssh/desktop.pub";
signByDefault = true;
};
includes = [
@ -485,6 +270,7 @@
user = {
name = "felipematos";
email = "5471818+fnzr@users.noreply.github.com";
signingkey = "${HOME}/.ssh/desktop.pub";
};
};
}
@ -493,7 +279,7 @@
user = {
email = "felipe@icefox.sh";
name = "icefox";
signingkey = "${config.home.homeDirectory}/.ssh/desktop.pub";
signingkey = "${HOME}/.ssh/desktop.pub";
};
gpg.format = "ssh";
commit.gpgsign = true;
@ -537,12 +323,20 @@
help = {
autocorrect = "prompt";
};
safe = {
directory = [
"/home/agent/*"
];
};
};
};
};
home.packages = with pkgs; [
xrdb
(writeShellScriptBin "agent" ''
machinectl shell agent@ ${waypipe}/bin/waypipe --socket /run/waypipe.sock server fish
'')
(writeShellApplication {
name = "tmux-sessionizer";
runtimeInputs = [
@ -551,20 +345,7 @@
];
text = builtins.readFile ./bin/tmux-sessionizer;
})
(writeShellScriptBin "opencode" ''
ssh -t user@192.168.77.2 "
cd $(pwd) 2>/dev/null || cd \$(mktemp -d)
opencode $*
"
'')
(writeShellScriptBin "claude" ''
ssh -t user@192.168.77.2 "
cd $(pwd) 2>/dev/null || cd \$(mktemp -d)
claude $*
"
'')
];
custom.tmux.enable = true;
custom.neovim = {
enable = true;

63
kernel/default.nix
View file

@ -3,6 +3,22 @@
pkgs,
...
}:
let
nsExec = pkgs.writeShellScriptBin "ns-raw" ''
ns="$1"
shift
exec ${pkgs.iproute2}/bin/ip netns exec "$ns" \
${pkgs.util-linux}/bin/setpriv \
--reuid="$DOAS_USER" --regid="$DOAS_USER" \
--clear-groups \
--inh-caps=-all \
"$@"
'';
nsWrapper = pkgs.writeShellScriptBin "ns" ''
exec /run/wrappers/bin/doas ${nsExec}/bin/ns-raw "$@"
'';
in
{
imports = [
./hardened.nix
@ -38,18 +54,63 @@
extraRules = [
{
users = [ "user" ];
runAs = "root";
keepEnv = true;
persist = true;
}
{
users = [ "user" ];
runAs = "agent";
runAs = "work";
noPass = true;
keepEnv = false;
}
{
users = [ "user" ];
runAs = "agent";
noPass = true;
keepEnv = true;
}
{
users = [
"user"
"agent"
"work"
];
runAs = "root";
noPass = true;
keepEnv = true;
cmd = "${nsExec}/bin/ns-raw";
}
];
};
environment.systemPackages = [ nsWrapper ];
security.pam.services.su.requireWheel = true;
security.pam.services.newgrp.requireWheel = true;
security.pam.services.login.text = ''
# Account management.
account required /nix/store/2hp2kc85zapzjaj9y22jf9xgwqmlsk6m-linux-pam-1.7.1/lib/security/pam_unix.so # unix (order 10900)
# Authentication management.
auth optional /nix/store/2hp2kc85zapzjaj9y22jf9xgwqmlsk6m-linux-pam-1.7.1/lib/security/pam_unix.so likeauth nullok # unix-early (order 11700)
auth optional /nix/store/r7z6w4c2nq9cwjf0m2mjabpa0xy4c7d3-gnome-keyring-48.0/lib/security/pam_gnome_keyring.so # gnome_keyring (order 12200)
auth sufficient /nix/store/2hp2kc85zapzjaj9y22jf9xgwqmlsk6m-linux-pam-1.7.1/lib/security/pam_unix.so likeauth nullok try_first_pass # unix (order 12900)
auth required /nix/store/2hp2kc85zapzjaj9y22jf9xgwqmlsk6m-linux-pam-1.7.1/lib/security/pam_deny.so # deny (order 13700)
# Password management.
password sufficient /nix/store/2hp2kc85zapzjaj9y22jf9xgwqmlsk6m-linux-pam-1.7.1/lib/security/pam_unix.so nullok yescrypt # unix (order 10200)
password optional /nix/store/r7z6w4c2nq9cwjf0m2mjabpa0xy4c7d3-gnome-keyring-48.0/lib/security/pam_gnome_keyring.so use_authtok # gnome_keyring (order 11100)
# Session management.
session required /nix/store/2hp2kc85zapzjaj9y22jf9xgwqmlsk6m-linux-pam-1.7.1/lib/security/pam_env.so conffile=/etc/pam/environment readenv=0 # env (order 10100)
session required /nix/store/2hp2kc85zapzjaj9y22jf9xgwqmlsk6m-linux-pam-1.7.1/lib/security/pam_unix.so # unix (order 10200)
session required /nix/store/2hp2kc85zapzjaj9y22jf9xgwqmlsk6m-linux-pam-1.7.1/lib/security/pam_loginuid.so # loginuid (order 10300)
session optional /nix/store/wxyn8d3m8g4fnn6xazinjwhzhzdg6wib-systemd-259/lib/security/pam_systemd.so # systemd (order 12000)
session required /nix/store/2hp2kc85zapzjaj9y22jf9xgwqmlsk6m-linux-pam-1.7.1/lib/security/pam_limits.so conf=/nix/store/zxagblabdf6xawphfs1w50pg2b0ml9px-limits.conf # limits (order 12200)
session optional /nix/store/r7z6w4c2nq9cwjf0m2mjabpa0xy4c7d3-gnome-keyring-48.0/lib/security/pam_gnome_keyring.so auto_start # gnome_keyring (order 12600)
'';
boot = {
loader = {
systemd-boot.enable = true;

2
networking.nix
View file

@ -33,6 +33,8 @@
# interfaces = [ inetInterface ];
# };
firewall.allowedTCPPorts = [
5900
8080
9003
10000
10001

39
packages.nix
View file

@ -2,6 +2,10 @@
{
environment.systemPackages = with pkgs; [
bat
bc
(pkgs.writeShellScriptBin "bci" ''
echo "$@" | ${bc}/bin/bc -l
'')
black
blade-formatter
cmake
@ -15,6 +19,7 @@
clang-tools
clevis
cliphist
chromium
distrobox
dos2unix
dnsutils
@ -23,6 +28,7 @@
eza
fd
ffmpeg
file
fira-code-symbols
fish
fractal
@ -46,9 +52,10 @@
poppler
jetbrains.datagrip
jq
kitty
lazygit
(pkgs.writeShellScriptBin "lf" ''
cd_file="/tmp/lf-lastdir-$$"
cd_file="/tmp/lf-lastdir"
${pkgs.lf}/bin/lf "$@"
@ -81,12 +88,13 @@
php84Packages.composer
php84Packages.php-cs-fixer
phpactor
pistol
podman-compose
podman-tui
prettierd
playerctl
qemu_full
qmk
quickemu
quickshell
resvg
ripgrep
@ -104,7 +112,6 @@
tmux
thunderbird
tor-browser
ungoogled-chromium
unzip
virt-manager
virt-viewer
@ -146,12 +153,7 @@
virtualisation.podman = {
enable = true;
dockerCompat = true;
# rootless = {
# enable = true;
# setSocketVariable = true;
# };
defaultNetwork.settings.dns_enabled = true;
# storageDriver = "btrfs";
};
virtualisation.spiceUSBRedirection.enable = true;
@ -163,7 +165,7 @@
onBoot = "ignore";
onShutdown = "shutdown";
qemu = {
package = pkgs.qemu_full;
package = pkgs.qemu;
verbatimConfig = ''
cgroup_device_acl = [
"/dev/null", "/dev/full", "/dev/zero",
@ -228,16 +230,15 @@
};
};
# services.ollama = {
# enable = true;
# package = pkgs.ollama-cuda;
# home = "/data/ollama";
# user = "ollama";
# group = "user";
# loadModels = [
# "llama3"
# ];
# };
services.ollama = {
enable = true;
package = pkgs.ollama-cuda;
home = "/data/ollama";
loadModels = [
"qwen3.6"
"glm-5.1"
];
};
# services.open-webui = {
# enable = true;
# port = 11347;

49
users.nix
View file

@ -7,6 +7,7 @@
imports = [
./home/user.nix
./home/root.nix
./home/agents.nix
];
sops.secrets."user/password" = {
neededForUsers = true;
@ -24,17 +25,41 @@
homeMode = "700";
hashedPasswordFile = config.sops.secrets."root/password".path;
};
microvm = {
uid = 999;
isSystemUser = true;
};
# agent = {
# microvm = {
# uid = 999;
# isSystemUser = true;
# };
# work = {
# uid = 1001;
# homeMode = "770";
# home = "/home/work";
# isNormalUser = true;
# shell = pkgs.fish;
# group = "work";
# extraGroups = [
# "public"
# ];
# linger = true;
# };
agent = {
uid = 1002;
homeMode = "770";
home = "/home/agent";
shell = pkgs.fish;
isNormalUser = true;
group = "agent";
extraGroups = [ "public" ];
linger = true;
};
# sandbox = {
# uid = 1003;
# homeMode = "770";
# home = "/home/sandbox";
# shell = pkgs.fish;
# isNormalUser = true;
# group = "agents";
# extraGroups = [ "user" ];
# group = "sandbox";
# extraGroups = [ "public" ];
# linger = true;
# };
user = {
uid = 1000;
@ -47,14 +72,20 @@
"libvirt"
"systemd-journal"
"kvm"
"agents"
"public"
"agent"
"sandbox"
# "work"
];
hashedPasswordFile = config.sops.secrets."user/password".path;
linger = true;
};
};
groups = {
user.gid = 1000;
agents.gid = 777;
agent.gid = 1002;
public.gid = 777;
# sandbox.gid = 1003;
};
};
}

282
vms/default.nix
View file

@ -43,7 +43,7 @@
};
microvm.vms = {
"dealwise" = {
"agent" = {
pkgs = import nixpkgs {
system = "x86_64-linux";
config.allowUnfreePredicate =
@ -55,27 +55,24 @@
config =
let
hostname = "ai-sandbox";
mac = "02:00:00:00:00:06";
hostname = "agent";
mac = "02:00:00:00:00:07";
in
{
config,
lib,
pkgs,
...
}:
{
imports = [
impermanence.nixosModules.impermanence
sops-nix.nixosModules.sops
home-manager.nixosModules.home-manager
];
sops = {
defaultSopsFile = ./secrets/secrets.yaml;
age.keyFile = "/.persist/root/.config/sops/age/keys.txt";
secrets = {
"wg0/private_key" = { };
};
};
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
boot.kernel.sysctl."kernel.unprivileged_userns_clone" = 1;
systemd.network = {
enable = true;
@ -97,6 +94,17 @@
};
};
};
systemd.user.services.wayland-proxy = {
enable = true;
description = "Wayland Proxy";
serviceConfig = with pkgs; {
# Environment = "WAYLAND_DISPLAY=wayland-1";
ExecStart = "${wayland-proxy-virtwl}/bin/wayland-proxy-virtwl --virtio-gpu --x-display=0 --xwayland-binary=${xwayland}/bin/Xwayland";
Restart = "on-failure";
RestartSec = 5;
};
wantedBy = [ "default.target" ];
};
services.resolved.enable = false;
environment.etc."resolv.conf".text = ''
@ -107,23 +115,6 @@
useNetworkd = true;
useDHCP = false;
firewall.enable = false;
wireguard.interfaces.wg0 = {
ips = [ "10.2.0.2/32" ];
listenPort = 45974;
privateKeyFile = config.sops.secrets."wg0/private_key".path;
metric = 10;
peers = [
{
publicKey = "D8Sqlj3TYwwnTkycV08HAlxcXXS3Ura4oamz8rB5ImM=";
endpoint = "103.69.224.4:51820";
allowedIPs = [
"0.0.0.0/0"
"::/0"
];
persistentKeepalive = 25;
}
];
};
};
users.mutableUsers = false;
@ -140,6 +131,9 @@
password = "";
group = "user";
isNormalUser = true;
extraGroups = [
"video"
];
uid = 1000;
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
@ -148,10 +142,24 @@
};
users.groups.user.gid = 1000;
environment.sessionVariables = {
WAYLAND_DISPLAY = "/var/host/wayland-agent";
DISPLAY = ":0";
QT_QPA_PLATFORM = "wayland"; # Qt Applications
GDK_BACKEND = "wayland"; # GTK Applications
XDG_SESSION_TYPE = "wayland"; # Electron Applications
SDL_VIDEODRIVER = "wayland";
CLUTTER_BACKEND = "wayland";
};
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.user = {
imports = [
../home/nvim
../home/tmux.nix
];
home.username = "user";
home.homeDirectory = "/home/user";
home.stateVersion = "25.11";
@ -164,6 +172,13 @@
[containers]
log_driver="k8s-file"
'';
xdg.configFile."lazygit/config.yml".text = lib.generators.toYAML { } {
gui = {
theme = {
selectedLineBgColor = [ "reverse" ];
};
};
};
xdg.configFile."opencode/opencode.json".text = builtins.toJSON {
"$schema" = "https://opencode.ai/config.json";
plugin = [ "opencode-antigravity-auth@latest" ];
@ -382,6 +397,106 @@
};
};
};
home.packages = with pkgs; [
(writeShellApplication {
name = "tmux-sessionizer";
runtimeInputs = [
tmux
fzf
];
text = builtins.readFile ../home/bin/tmux-sessionizer;
})
];
custom.tmux.enable = true;
custom.neovim = {
enable = true;
colorscheme = "rose-pine-moon";
hostname = hostname;
};
programs.fish = {
enable = true;
plugins = [
{
name = "puffer";
src = pkgs.fetchFromGitHub {
owner = "nickeb96";
repo = "puffer-fish";
rev = "83174b0";
sha256 = "sha256-Dhx5+XRxJvlhdnFyimNxFyFiASrGU4ZwyefsDwtKnSg=";
};
}
];
interactiveShellInit = ''
set fish_greeting
bind ctrl-space ""
'';
};
programs = {
delta = {
enable = true;
options = {
navigate = true;
line-numbers = true;
side-by-side = true;
};
enableGitIntegration = true;
};
git = {
enable = true;
lfs.enable = true;
settings = {
user = {
email = "user@sandbox.dev";
name = "sandbox";
};
gpg.format = "ssh";
commit.gpgsign = true;
tag.gpgsign = true;
core = {
editor = "nvim";
whitespace = "fix,only-indent-error,trailing-space,space-before-tab";
quotepath = false;
};
diff = {
algorithm = "histogram";
renames = "copies";
tool = "nvim";
};
difftool = {
prompt = false;
nvim.cmd = "nvim -d $LOCAL $REMOTE";
};
merge = {
conflictstyle = "zdiff3";
tool = "nvim";
};
mergetool = {
prompt = false;
keepBackup = false;
nvim.cmd = "nvim -d $LOCAL $REMOTE $MERGED -c 'wincmd w' -c 'wincmd J'";
};
init = {
defaultBranch = "master";
};
push = {
autoSetupRemote = true;
default = "current";
};
pull = {
rebase = true;
};
fetch = {
prune = true;
};
help = {
autocorrect = "prompt";
};
};
};
};
};
};
@ -389,6 +504,7 @@
"/.persist".neededForBoot = true;
};
environment.systemPackages = with pkgs; [
xdg-utils
coreutils
jq
git
@ -399,14 +515,21 @@
fd
podman-compose
opencode
php
php.packages.composer
pkgs.nodejs_24
pkgs.dotnet-sdk_9
pkgs.go_1_24
lf
lazygit
ungoogled-chromium
bat
eza
ffmpeg
fira-code-symbols
gh
imagemagick
luarocks
wl-clipboard
];
hardware.graphics.enable = true;
programs = {
fish.enable = true;
starship.enable = true;
@ -418,10 +541,6 @@
};
};
systemd.tmpfiles.rules = [
"d /var/log/laravel 0755 1000 1000"
];
environment.persistence."/.persist" = {
enable = true;
hideMounts = true;
@ -439,17 +558,6 @@
".config/sops/age/keys.txt"
];
};
users.user = {
files = [
".claude.json"
".claude.json.backup"
];
directories = [
".claude"
".local/share/containers"
".local/share/opencode"
];
};
};
services = {
@ -486,11 +594,12 @@
};
microvm = {
hypervisor = "qemu";
hypervisor = "crosvm";
graphics.enable = true;
vcpu = 4;
mem = 8192;
socket = "control.sock";
vcpu = 20;
mem = 16384;
# socket = "control.sock";
interfaces = [
{
@ -515,12 +624,6 @@
writableStoreOverlay = "/nix/.rw-store";
shares = [
{
proto = "virtiofs";
tag = "downloads";
source = "/home/user/downloads";
mountPoint = "/home/user/downloads";
}
{
proto = "virtiofs";
tag = "pictures";
@ -529,27 +632,9 @@
}
{
proto = "virtiofs";
tag = "dealwise";
source = "/home/user/work/dealwise";
mountPoint = "/home/user/work/dealwise";
}
{
proto = "virtiofs";
tag = "php-data-transfer-object";
source = "/home/user/dev/icefox/php/data-transfer-object";
mountPoint = "/home/user/dev/icefox/php/data-transfer-object";
}
{
proto = "virtiofs";
tag = "uni";
source = "/home/user/uni";
mountPoint = "/home/user/uni";
}
{
proto = "virtiofs";
tag = "dev";
source = "/home/user/dev";
mountPoint = "/home/user/dev";
tag = "home";
source = "/data/vm/${hostname}";
mountPoint = "/home/user";
}
{
proto = "virtiofs";
@ -557,12 +642,41 @@
source = "/nix/store";
mountPoint = "/nix/.ro-store";
}
# {
# proto = "virtiofs";
# tag = "xdg-host";
# source = "/run/user/1000";
# mountPoint = "/var/host";
# }
# {
# proto = "virtiofs";
# tag = "gpu";
# source = "/dev/dri";
# mountPoint = "/dev/dri";
# }
];
qemu.extraArgs = [
"-cpu"
"host"
crosvm.extraArgs = [
"--disable-sandbox"
];
# qemu.extraArgs = [
# "-cpu"
# "host"
# "-vnc"
# ":0"
# "-vga"
# "qxl"
# "-device"
# "virtio-keyboard"
# "-usb"
# "-device"
# "usb-table,bus=usb-bus.0"
# "-display"
# "spice-app"
# "-device"
# "virtio-gpu"
# "-spice"
# "port=5900,disable-ticketing=on"
# ];
};
system.stateVersion = "25.11";
};