add fw-new

hosts/nb-new.cloonar.com/cachix.nix

@@ -0,0 +1,13 @@
+
+# WARN: this file will get overwritten by $ cachix use <name>
+{ pkgs, lib, ... }:
+
+let
+  folder = ./cachix;
+  toImport = name: value: folder + ("/" + name);
+  filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key;
+  imports = lib.mapAttrsToList toImport (lib.filterAttrs filterCaches (builtins.readDir folder));
+in {
+  inherit imports;
+  nix.settings.substituters = ["https://cache.nixos.org/"];
+}

hosts/nb-new.cloonar.com/cachix/nix-community.nix

@@ -0,0 +1,13 @@
+
+{
+  nix = {
+    settings = {
+      substituters = [
+        "https://nix-community.cachix.org"
+      ];
+      trusted-public-keys = [
+        "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
+      ];
+    };
+  };
+}

hosts/nb-new.cloonar.com/configuration.nix

@@ -24,9 +24,13 @@ in {
       ./modules/nvim/default.nix
       ./utils/modules/autoupgrade.nix
 
+      ./cachix.nix
       ./users
 
+      ./modules/steam.nix
+
       ./hardware-configuration.nix
+
     ];
 
   nixpkgs.overlays = [
@@ -35,9 +39,13 @@ in {
 
   fonts.packages = with pkgs; [
     open-sans
-
   ];
 
+  swapDevices = [ {
+    device = "/nix/persist/swapfile";
+    size = 32 * 1024;  # Size is in megabytes
+  } ];
+
   # nixos cross building qemu
   boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
   boot.supportedFilesystems = [ "ntfs" ];
@@ -52,6 +60,25 @@ in {
     ];
   };
 
+  hardware.bluetooth.enable = true;
+  hardware.bluetooth.powerOnBoot = true;
+
+  services.tlp = {
+    enable = true;
+    settings = {
+      CPU_SCALING_GOVERNOR_ON_AC = "performance";
+      CPU_SCALING_GOVERNOR_ON_BAT = "powersave";
+      CPU_ENERGY_PERF_POLICY_ON_BAT = "power";
+      CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
+    };
+  };
+
+  environment.persistence."/nix/persist" = {
+    hideMounts = true;
+    directories = [
+      "/home"
+    ];
+  };
   environment.persistence."/nix/persist/system" = {
     hideMounts = true;
     directories = [
@@ -61,6 +88,7 @@ in {
       "/var/log"
       "/var/lib/bluetooth"
       "/var/lib/docker"
+      "/var/lib/flatpak"
       "/var/lib/nixos"
       "/etc/NetworkManager/system-connections"
     ];
@@ -86,16 +114,21 @@ in {
   sops.secrets.wg-cloonar-key = {};
 
   virtualisation.docker.enable = true;
+  services.flatpak.enable = true;
+  systemd.services.flatpak-repo = {
+    wantedBy = [ "multi-user.target" ];
+    path = [ pkgs.flatpak ];
+    script = ''
+      flatpak remote-add --if-not-exists flathub https://flathub.org/repo/flathub.flatpakrepo
+    '';
+  };
 
   networking.hostName = "nb-01"; # Define your hostname.
   networking.resolvconf.enable = true;
   networking.networkmanager.enable = true;  # Easiest to use and most distros use this by default.
   networking.extraHosts = ''
+    77.119.230.30 vpn.cloonar.com
     10.25.0.25 archive.zeichnemit.at
-    127.0.0.1 wohnservice.local mieterhilfe.local wohnpartner.local wohnberatung.local wienbautvor.local wienwohntbesser.local
-    127.0.0.1 wohnservice-wien.local mieterhilfe.local wohnpartner-wien.local wohnberatung-wien.local wienbautvor.local wienwohntbesser.local
-    127.0.0.1 diabetes.local
-    127.0.0.1 test.cloonar.com
   '';
 
   # Set your time zone.
@@ -165,16 +198,26 @@ in {
       peers = [
         {
           publicKey = "TKQVDmBnf9av46kQxLQSBDhAeaK8r1zh8zpU64zuc1Q=";
-          allowedIPs = [ "10.42.96.0/20" "10.14.0.0/16" "10.25.0.0/16" ];
+          allowedIPs = [
+            "10.42.96.0/20"
+            # wohnservice-wien
+            "10.254.240.0/24"
+            # epicenter.works
+            "10.14.0.0/16"
+            "10.25.0.0/16" ];
           endpoint = "vpn.cloonar.com:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577
           persistentKeepalive = 25;
         }
       ];
+      postSetup = ''
+        printf "nameserver 10.42.97.1\nsearch cloonar.com" | ${pkgs.openresolv}/bin/resolvconf -a wg0 -m 0 -x
+      '';
     };
   };
 
   nix = {
     settings.auto-optimise-store = true;
+    settings.experimental-features = [ "nix-command" "flakes" ];
     # autoOptimiseStore = true;
     gc = {
       automatic = true;

hosts/nb-new.cloonar.com/hardware-configuration.nix

@@ -7,7 +7,10 @@
     (modulesPath + "/installer/scan/not-detected.nix")
   ];
 
-  boot.loader.systemd-boot.enable = true;
+  boot.loader.systemd-boot = {
+    enable = true;
+    configurationLimit = 5;
+  };
   boot.loader.efi.canTouchEfiVariables = true;
   boot.initrd.availableKernelModules = [ "vfat" "xhci_pci" "thunderbolt" "usb_storage" "sd_mod" ];
   boot.initrd.kernelModules = [ "kvm-amd" ];
@@ -58,6 +61,8 @@
     extraPackages = with pkgs; [
       vaapiVdpau
       libvdpau-va-gl
+      libva
+      libva-utils
     ];
   };
 }

hosts/nb-new.cloonar.com/modules/steam.nix

@@ -0,0 +1,34 @@
+{ pkgs, ... }: {
+  programs = {
+    gamescope = {
+      enable = true;
+      capSysNice = true;
+    };
+    steam = {
+      enable = true;
+      gamescopeSession.enable = true;
+    };
+  };
+
+  environment.systemPackages = with pkgs; [
+    mangohud
+    steam-tui
+    steamcmd
+    vulkan-tools
+    vulkan-headers
+    vulkan-loader
+    wlroots
+    libdecor
+  ];
+
+  hardware.opengl = {
+    enable = true;
+    ## radv: an open-source Vulkan driver from freedesktop
+    driSupport = true;
+    driSupport32Bit = true;
+
+    ## amdvlk: an open-source Vulkan driver from AMD
+    extraPackages = [ pkgs.amdvlk ];
+    extraPackages32 = [ pkgs.driversi686Linux.amdvlk ];
+  };
+}

hosts/nb-new.cloonar.com/modules/sway/sway.conf

@@ -310,7 +310,7 @@ exec swayidle \
 exec dunst
 #exec --no-startup-id swaybg -c "#000000" -m fill -i ~/.config/wallpaper/wot.jpg
 # exec --no-startup-id gnome-keyring-daemon --start --components=pkcs11,secrets,ssh
-exec 'sleep 2; swaymsg workspace $ws8; swaymsg layout tabbed'
+exec 'sleep 2; swaymsg workspace "$ws8"; swaymsg layout tabbed'
 exec mako --default-timeout=5000
 
 # wallpaper

hosts/nb-new.cloonar.com/modules/sway/sway.nix

@@ -12,9 +12,13 @@ let
       dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway
       systemctl --user stop pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr
       systemctl --user start pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr
+      systemctl --user import-environment DISPLAY
+      export GDK_BACKEND=x11
+      export STEAM_RUNTIME=0
     '';
   };
 
+
   sway-conf = builtins.readFile ./sway.conf + ''
     exec swaybg -m center -c 252525 -i ~/.wallpaper.png
   '';
@@ -33,6 +37,11 @@ in {
     ./thunderbird.nix
   ];
 
+  hardware.opengl.extraPackages = [ pkgs.amdvlk ];
+  environment.variables.VK_ICD_FILENAMES = "/run/opengl-driver/share/vulkan/icd.d/amd_icd64.json";
+
+  hardware.pulseaudio.support32Bit = true;
+
   hardware.sane.enable = true;
   hardware.pulseaudio.enable = false;
 
@@ -41,6 +50,12 @@ in {
 
   services.gnome.gnome-keyring.enable = true;
 
+  # services.xserver = {
+  #   enable = true;
+  #   displayManager.gdm.enable = true;
+  #   desktopManager.gnome.enable = true;
+  # };
+
   services.displayManager.defaultSession = "sway";
   services.displayManager.sddm = {
     enable = true;
@@ -48,6 +63,12 @@ in {
     theme = "where_is_my_sddm_theme_qt5";
   };
 
+  xdg.portal = {
+    enable = true;
+    wlr.enable = true;
+    extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
+  };
+
   environment.systemPackages = with pkgs; [
     alsaUtils
     audacity
@@ -78,6 +99,7 @@ in {
         passwordInputWidth = 0.25;
         passwordInputBackground = "#60ffffff";
         passwordFontSize = 28;
+        showSessionsByDefault = true;
         sessionsFontSize=24;
         usersFontSize=32;
       };
@@ -103,6 +125,7 @@ in {
     libreoffice
     mako
     mqttui
+    netflix
     networkmanagerapplet
     nextcloud-client
     nodejs_22
@@ -127,6 +150,10 @@ in {
     wofi
     wol
     wtype
+    xorg.libX11
+    xorg.libXcursor
+    xorg.libXi
+    xorg.libXrandr
     yubikey-manager-qt
   ];
 

hosts/nb-new.cloonar.com/modules/sway/waybar.css

@@ -1,5 +1,5 @@
 * {
-	font-size: 30px;
+	font-size: 24px;
 	font-family: monospace;
 }
 

hosts/nb-new.cloonar.com/users/dominik.nix

@@ -1,7 +1,7 @@
 { config, lib, pkgs, ... }:
 let
 
-  impermanence = builtins.fetchTarball "https://github.com/nix-community/impermanence/archive/master.tar.gz";
+  # impermanence = builtins.fetchTarball "https://github.com/nix-community/impermanence/archive/master.tar.gz";
 
   thunderbirdSettings = {
     "extensions.activeThemeID" = "thunderbird-compact-dark@mozilla.org";
@@ -15,7 +15,7 @@ let
     "calendar.ui.version" = 3;
     "calendar.timezone.local" = "Europe/Vienna";
     "calendar.week.start" = 1;
-    "layout.css.devPixelsPerPx" = "1.5";
+    "layout.css.devPixelsPerPx" = "1";
   };
 
   thunderbirdCalendarPersonal = {
@@ -30,7 +30,7 @@ let
     "calendar.registry.cloonar-personal.refreshInterval" = 30;
     "calendar.registry.cloonar-personal.suppressAlarms" = false;
     "calendar.registry.cloonar-personal.type" = "caldav";
-    "calendar.registry.cloonar-personal.uri" = "https://cloud.cloonar.com/remote.php/dav/calendars/dominik.polakovics@cloonar.com/personal/";
+    "calendar.registry.cloonar-personal.uri" = "https://nextcloud.cloonar.com/remote.php/dav/calendars/dominik.polakovics@cloonar.com/personal/";
     "calendar.registry.cloonar-personal.username" = "dominik.polakovics@cloonar.com";
   };
   thunderbirdCalendarEpicenterEmployees = {
@@ -50,7 +50,7 @@ let
 
   thunderbirdContactsPersonal = {
     "ldap_2.servers.Contacts.carddav.token" = "";
-    "ldap_2.servers.Contacts.carddav.url" = "https://cloud.cloonar.com/remote.php/dav/addressbooks/users/dominik.polakovics@cloonar.com/contacts/";
+    "ldap_2.servers.Contacts.carddav.url" = "https://nextcloud.cloonar.com/remote.php/dav/addressbooks/users/dominik.polakovics@cloonar.com/contacts/";
     "ldap_2.servers.Contacts.carddav.username" = "dominik.polakovics@cloonar.com";
     "ldap_2.servers.Contacts.description" = "Contacts";
     "ldap_2.servers.Contacts.dirType" = 102;
@@ -71,7 +71,10 @@ let
     "signon.rememberSignons" = false;
     "identity.sync.tokenserver.uri" = "https://sync.cloonar.com:5000/token/1.0/sync/1.5";
     # "toolkit.legacyUserProfileCustomizations.stylesheets" = true;
-    "layout.css.devPixelsPerPx" = "1.5";
+    "layout.css.devPixelsPerPx" = "1";
+    "media.ffmpeg.vaapi.enabled" = true;
+    "media.ffmpeg.vaapi-drm-display.enabled" = true;
+    "gfx.webrender.all" = true;
   };
 
   firefoxUserChrome = ''
@@ -141,38 +144,40 @@ in
   programs.fuse.userAllowOther = true;
 
   home-manager.users.dominik = { lib, pkgs, ... }: {
-    imports = [ "${impermanence}/home-manager.nix" ];
+    # imports = [ "${impermanence}/home-manager.nix" ];
     /* The home.stateVersion option does not have a default and must be set */
     home.stateVersion = "24.05";
     home.enableNixpkgsReleaseCheck = false;
     /* Here goes the rest of your home-manager config, e.g. home.packages = [ pkgs.foo ]; */
-    home.persistence."/nix/persist/user/dominik" = {
-      allowOther = true;
-      directories = [
-        ".ApacheDirectoryStudio"
-        ".config/Creality"
-        ".config/github-copilot"
-        ".config/libreoffice"
-        ".config/Nextcloud"
-        ".config/OrcaSlicer"
-        ".config/rustdesk"
-        ".config/Signal"
-        ".config/Signal-work"
-        ".config/sops"
-        ".config/VirtualBox"
-        ".local/share/keyrings"
-        ".mozilla"
-        ".ssh"
-        ".thunderbird"
-        "cloud.cloonar.com"
-        "nextcloud.cloonar.com"
-        "cloud.epicenter.works"
-        "OpenAudible"
-        "VirtualBox VMs"
-        "projects"
-        "go"
-      ];
-    };
+    # home.persistence."/nix/persist/user/dominik" = {
+    #   allowOther = true;
+    #   directories = [
+    #     ".ApacheDirectoryStudio"
+    #     ".config/Creality"
+    #     ".config/github-copilot"
+    #     ".config/libreoffice"
+    #     ".config/Nextcloud"
+    #     ".config/OrcaSlicer"
+    #     ".config/rustdesk"
+    #     ".config/Signal"
+    #     ".config/Signal-work"
+    #     ".config/sops"
+    #     ".config/VirtualBox"
+    #     ".local/share/keyrings"
+    #     ".local/share/Steam"
+    #     ".mozilla"
+    #     ".ssh"
+    #     ".thunderbird"
+    #     ".var"
+    #     "cloud.cloonar.com"
+    #     "nextcloud.cloonar.com"
+    #     "cloud.epicenter.works"
+    #     "OpenAudible"
+    #     "VirtualBox VMs"
+    #     "projects"
+    #     "go"
+    #   ];
+    # };
 
     gtk = {
       enable = true;