system/desktop
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
desktop/vms/default.nix
root 664eb70e8c
.
2026-05-02 10:03:39 -03:00

685 lines
21 KiB
Nix
Raw Blame History

{
nixpkgs,
sops-nix,
impermanence,
home-manager,
...
}:
{
systemd.network.netdevs."20-microbr".netdevConfig = {
Kind = "bridge";
Name = "microbr";
};
systemd.network.networks."20-microbr" = {
matchConfig.Name = "microbr";
addresses = [ { Address = "192.168.77.1/24"; } ];
networkConfig = {
ConfigureWithoutCarrier = true;
};
};
systemd.network.networks."21-microvm-tap" = {
matchConfig.Name = "vm-*";
networkConfig.Bridge = "microbr";
};
networking.nat = {
enable = true;
internalInterfaces = [ "microbr" ];
externalInterface = "enp7e0";
};
networking.nftables = {
enable = true;
tables.nat = {
family = "ip";
content = ''
chain postrouting {
type nat hook postrouting priority srcnat;
iifname "microbr" masquerade
}
'';
};
};
microvm.vms = {
"agent" = {
pkgs = import nixpkgs {
system = "x86_64-linux";
config.allowUnfreePredicate =
pkg:
builtins.elem (nixpkgs.lib.getName pkg) [
"claude-code"
];
};
config =
let
hostname = "agent";
mac = "02:00:00:00:00:07";
in
{
config,
lib,
pkgs,
...
}:
{
imports = [
impermanence.nixosModules.impermanence
home-manager.nixosModules.home-manager
];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
boot.kernel.sysctl."kernel.unprivileged_userns_clone" = 1;
systemd.network = {
enable = true;
networks = {
"10-net" = {
matchConfig.MACAddress = mac;
linkConfig.RequiredForOnline = "routable";
addresses = [ { Address = "192.168.77.2/24"; } ];
routes = [
{
Gateway = "192.168.77.1";
Metric = 100;
}
{
Destination = "103.69.224.4/32";
Gateway = "192.168.77.1";
}
];
};
};
};
systemd.user.services.wayland-proxy = {
enable = true;
description = "Wayland Proxy";
serviceConfig = with pkgs; {
# Environment = "WAYLAND_DISPLAY=wayland-1";
ExecStart = "${wayland-proxy-virtwl}/bin/wayland-proxy-virtwl --virtio-gpu --x-display=0 --xwayland-binary=${xwayland}/bin/Xwayland";
Restart = "on-failure";
RestartSec = 5;
};
wantedBy = [ "default.target" ];
};
services.resolved.enable = false;
environment.etc."resolv.conf".text = ''
nameserver 10.2.0.1
'';
networking = {
hostName = hostname;
useNetworkd = true;
useDHCP = false;
firewall.enable = false;
};
users.mutableUsers = false;
users.users.root = {
password = "";
home = "/root";
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILABd/iSJ4gn/ystDqNxLJTG0n0z5VIC9YXlmdUfOhHf desktop@icefox.sh"
];
};
users.users.user = {
linger = true;
home = "/home/user";
password = "";
group = "user";
isNormalUser = true;
extraGroups = [
"video"
];
uid = 1000;
shell = pkgs.fish;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILABd/iSJ4gn/ystDqNxLJTG0n0z5VIC9YXlmdUfOhHf desktop@icefox.sh"
];
};
users.groups.user.gid = 1000;
environment.sessionVariables = {
WAYLAND_DISPLAY = "/var/host/wayland-agent";
DISPLAY = ":0";
QT_QPA_PLATFORM = "wayland"; # Qt Applications
GDK_BACKEND = "wayland"; # GTK Applications
XDG_SESSION_TYPE = "wayland"; # Electron Applications
SDL_VIDEODRIVER = "wayland";
CLUTTER_BACKEND = "wayland";
};
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.user = {
imports = [
../home/nvim
../home/tmux.nix
];
home.username = "user";
home.homeDirectory = "/home/user";
home.stateVersion = "25.11";
home.enableNixpkgsReleaseCheck = false;
xdg.configFile."containers/containers.conf".text = ''
[engine]
compose_warning_logs=false
events_logger="file"
[containers]
log_driver="k8s-file"
'';
xdg.configFile."lazygit/config.yml".text = lib.generators.toYAML { } {
gui = {
theme = {
selectedLineBgColor = [ "reverse" ];
};
};
};
xdg.configFile."opencode/opencode.json".text = builtins.toJSON {
"$schema" = "https://opencode.ai/config.json";
plugin = [ "opencode-antigravity-auth@latest" ];
provider = {
google = {
models = {
antigravity-gemini-3-pro = {
name = "Gemini 3 Pro (Antigravity)";
limit = {
context = 1048576;
output = 65535;
};
modalities = {
input = [
"text"
"image"
"pdf"
];
output = [ "text" ];
};
variants = {
low = {
thinkingLevel = "low";
};
high = {
thinkingLevel = "high";
};
};
};
antigravity-gemini-3-flash = {
name = "Gemini 3 Flash (Antigravity)";
limit = {
context = 1048576;
output = 65536;
};
modalities = {
input = [
"text"
"image"
"pdf"
];
output = [ "text" ];
};
variants = {
minimal = {
thinkingLevel = "minimal";
};
low = {
thinkingLevel = "low";
};
medium = {
thinkingLevel = "medium";
};
high = {
thinkingLevel = "high";
};
};
};
antigravity-claude-sonnet-4-5 = {
name = "Claude Sonnet 4.5 (Antigravity)";
limit = {
context = 200000;
output = 64000;
};
modalities = {
input = [
"text"
"image"
"pdf"
];
output = [ "text" ];
};
};
antigravity-claude-sonnet-4-5-thinking = {
name = "Claude Sonnet 4.5 Thinking (Antigravity)";
limit = {
context = 200000;
output = 64000;
};
modalities = {
input = [
"text"
"image"
"pdf"
];
output = [ "text" ];
};
variants = {
low = {
thinkingConfig = {
thinkingBudget = 8192;
};
};
max = {
thinkingConfig = {
thinkingBudget = 32768;
};
};
};
};
antigravity-claude-opus-4-5-thinking = {
name = "Claude Opus 4.5 Thinking (Antigravity)";
limit = {
context = 200000;
output = 64000;
};
modalities = {
input = [
"text"
"image"
"pdf"
];
output = [ "text" ];
};
variants = {
low = {
thinkingConfig = {
thinkingBudget = 8192;
};
};
max = {
thinkingConfig = {
thinkingBudget = 32768;
};
};
};
};
antigravity-claude-opus-4-6-thinking = {
name = "Claude Opus 4.6 Thinking (Antigravity)";
limit = {
context = 200000;
output = 64000;
};
modalities = {
input = [
"text"
"image"
"pdf"
];
output = [ "text" ];
};
variants = {
low = {
thinkingConfig = {
thinkingBudget = 8192;
};
};
max = {
thinkingConfig = {
thinkingBudget = 32768;
};
};
};
};
"gemini-2.5-flash" = {
name = "Gemini 2.5 Flash (Gemini CLI)";
limit = {
context = 1048576;
output = 65536;
};
modalities = {
input = [
"text"
"image"
"pdf"
];
output = [ "text" ];
};
};
"gemini-2.5-pro" = {
name = "Gemini 2.5 Pro (Gemini CLI)";
limit = {
context = 1048576;
output = 65536;
};
modalities = {
input = [
"text"
"image"
"pdf"
];
output = [ "text" ];
};
};
gemini-3-flash-preview = {
name = "Gemini 3 Flash Preview (Gemini CLI)";
limit = {
context = 1048576;
output = 65536;
};
modalities = {
input = [
"text"
"image"
"pdf"
];
output = [ "text" ];
};
};
gemini-3-pro-preview = {
name = "Gemini 3 Pro Preview (Gemini CLI)";
limit = {
context = 1048576;
output = 65535;
};
modalities = {
input = [
"text"
"image"
"pdf"
];
output = [ "text" ];
};
};
};
};
};
};
home.packages = with pkgs; [
(writeShellApplication {
name = "tmux-sessionizer";
runtimeInputs = [
tmux
fzf
];
text = builtins.readFile ../home/bin/tmux-sessionizer;
})
];
custom.tmux.enable = true;
custom.neovim = {
enable = true;
colorscheme = "rose-pine-moon";
hostname = hostname;
};
programs.fish = {
enable = true;
plugins = [
{
name = "puffer";
src = pkgs.fetchFromGitHub {
owner = "nickeb96";
repo = "puffer-fish";
rev = "83174b0";
sha256 = "sha256-Dhx5+XRxJvlhdnFyimNxFyFiASrGU4ZwyefsDwtKnSg=";
};
}
];
interactiveShellInit = ''
set fish_greeting
bind ctrl-space ""
'';
};
programs = {
delta = {
enable = true;
options = {
navigate = true;
line-numbers = true;
side-by-side = true;
};
enableGitIntegration = true;
};
git = {
enable = true;
lfs.enable = true;
settings = {
user = {
email = "user@sandbox.dev";
name = "sandbox";
};
gpg.format = "ssh";
commit.gpgsign = true;
tag.gpgsign = true;
core = {
editor = "nvim";
whitespace = "fix,only-indent-error,trailing-space,space-before-tab";
quotepath = false;
};
diff = {
algorithm = "histogram";
renames = "copies";
tool = "nvim";
};
difftool = {
prompt = false;
nvim.cmd = "nvim -d $LOCAL $REMOTE";
};
merge = {
conflictstyle = "zdiff3";
tool = "nvim";
};
mergetool = {
prompt = false;
keepBackup = false;
nvim.cmd = "nvim -d $LOCAL $REMOTE $MERGED -c 'wincmd w' -c 'wincmd J'";
};
init = {
defaultBranch = "master";
};
push = {
autoSetupRemote = true;
default = "current";
};
pull = {
rebase = true;
};
fetch = {
prune = true;
};
help = {
autocorrect = "prompt";
};
};
};
};
};
};
fileSystems = {
"/.persist".neededForBoot = true;
};
environment.systemPackages = with pkgs; [
xdg-utils
coreutils
jq
git
fzf
claude-code
neovim
ripgrep
fd
podman-compose
opencode
lf
lazygit
ungoogled-chromium
bat
eza
ffmpeg
fira-code-symbols
gh
imagemagick
luarocks
wl-clipboard
];
hardware.graphics.enable = true;
programs = {
fish.enable = true;
starship.enable = true;
ssh = {
knownHosts = {
"github.com".publicKey =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl";
};
};
};
environment.persistence."/.persist" = {
enable = true;
hideMounts = true;
directories = [
"/var/lib/nixos"
];
files = [
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
];
users.root = {
files = [
".config/sops/age/keys.txt"
];
};
};
services = {
openssh = {
enable = true;
ports = [ 22 ];
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
PermitRootLogin = "yes";
AllowUsers = [
"user"
"root"
];
};
};
getty = {
autologinUser = "root";
autologinOnce = true;
};
};
virtualisation = {
containers.enable = true;
podman = {
enable = true;
defaultNetwork.settings.dns_enabled = true;
dockerCompat = true;
};
};
environment.sessionVariables = {
EDITOR = "nvim";
};
microvm = {
hypervisor = "crosvm";
graphics.enable = true;
vcpu = 20;
mem = 16384;
# socket = "control.sock";
interfaces = [
{
id = "vm-${hostname}";
type = "tap";
mac = mac;
}
];
volumes = [
{
mountPoint = "/.persist";
image = "persist.img";
size = 1024 * 128;
}
{
mountPoint = "/nix/.rw-store";
image = "nix-store.img";
size = 1024 * 128;
}
];
writableStoreOverlay = "/nix/.rw-store";
shares = [
{
proto = "virtiofs";
tag = "pictures";
source = "/home/user/pictures";
mountPoint = "/home/user/pictures";
}
{
proto = "virtiofs";
tag = "home";
source = "/data/vm/${hostname}";
mountPoint = "/home/user";
}
{
proto = "virtiofs";
tag = "ro-store";
source = "/nix/store";
mountPoint = "/nix/.ro-store";
}
# {
# proto = "virtiofs";
# tag = "xdg-host";
# source = "/run/user/1000";
# mountPoint = "/var/host";
# }
# {
# proto = "virtiofs";
# tag = "gpu";
# source = "/dev/dri";
# mountPoint = "/dev/dri";
# }
];
crosvm.extraArgs = [
"--disable-sandbox"
];
# qemu.extraArgs = [
# "-cpu"
# "host"
# "-vnc"
# ":0"
# "-vga"
# "qxl"
# "-device"
# "virtio-keyboard"
# "-usb"
# "-device"
# "usb-table,bus=usb-bus.0"
# "-display"
# "spice-app"
# "-device"
# "virtio-gpu"
# "-spice"
# "port=5900,disable-ticketing=on"
# ];
};
system.stateVersion = "25.11";
};
};
};
}
Reference in a new issue View git blame Copy permalink