andreas/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Compare commits

base: andreas:2332cc1e9da3ef26e142c68db72a3505be6dfd82
Branches Tags
andreas:trunk andreas:divergence
..
compare: andreas:164ed80931c0409c5e49dc4b1e88e71737796775
Branches Tags
andreas:trunk andreas:divergence

7 Commits
2332cc1e9d ... 164ed80931

Author SHA1 Message Date
Andreas Schaafsma
164ed80931 firewall rules 2026-03-16 16:07:32 +01:00
Andreas Schaafsma
4a9a71bad1 commit working state 2026-02-28 16:35:41 +01:00
Andreas Schaafsma
b9da82b956 attempt making pytorch work 2026-02-28 16:34:56 +01:00
Andreas Schaafsma
bb596a794e attempt making pytorch work 2026-02-28 16:34:38 +01:00
Andreas Schaafsma
476cab8c9d forward 9090 to vm 2026-02-28 16:34:11 +01:00
Andreas Schaafsma
d57aeb9ef3 working passthrough support 2026-02-28 16:33:52 +01:00
Andreas Schaafsma
aaba57ee2f add nv gpu passthrough vm setup 2026-02-26 02:47:09 +01:00
5 changed files with 117 additions and 5 deletions
Expand all files Collapse all files

26
modules/nixos/desktop-environment/default.nix
View File

@@ -48,11 +48,37 @@ in {
enable = true; enable = true;
}; };
services.desktopManager.gnome.enable = true; services.desktopManager.gnome.enable = true;
services.gnome.gnome-remote-desktop.enable = true;
systemd.services.gnome-remote-desktop = {
wantedBy = [ "graphical.target" ]; # for starting the unit automatically at boot
};
services.displayManager.autoLogin.enable = false;
networking.firewall.allowedTCPPorts = [
3389
3390
];
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
gnome-tweaks gnome-tweaks
gnome-software gnome-software
gnomeExtensions.pop-shell gnomeExtensions.pop-shell
gnome-remote-desktop gnome-remote-desktop
glib-networking # Required gnome-remote-desktop dependency
];
systemd.user.services.gnome-remote-desktop.environment = {
VK_ICD_FILENAMES = "/dev/null";
LIBGL_ALWAYS_SOFTWARE = "1";
};
systemd.services.gnome-remote-desktop.environment = {
VK_ICD_FILENAMES = "/dev/null";
LIBGL_ALWAYS_SOFTWARE = "1";
};
environment.sessionVariables.XDG_DATA_DIRS = lib.mkAfter [
"${pkgs.gnome-remote-desktop}/share"
];
environment.pathsToLink = [
"/share/gsettings-schemas"
"/share"
]; ];
}) })

39
systems/x86_64-linux/drivebystation-nix/configuration.nix
View File

@@ -47,10 +47,10 @@
services = { services = {
# Enable Gnome Session # Enable Gnome Session
displayManager.gdm.enable = false; displayManager.gdm.enable = true;
displayManager.sddm.enable = false; displayManager.sddm.enable = false;
# displayManager.sddm.wayland.enable = true; displayManager.sddm.wayland.enable = false;
displayManager.cosmic-greeter.enable = true; displayManager.cosmic-greeter.enable = false;
displayManager.defaultSession = "gnome"; displayManager.defaultSession = "gnome";
xserver = { xserver = {
@@ -171,13 +171,15 @@
virtualisation.libvirtd = { virtualisation.libvirtd = {
enable = true; enable = true;
qemu = { qemu = {
package = pkgs.qemu_kvm; package = pkgs.qemu_full;
runAsRoot = true; runAsRoot = true;
swtpm.enable = true; swtpm.enable = true;
vhostUserPackages = [ pkgs.virtiofsd ];
}; };
}; };
systemd.tmpfiles.rules = [ "L+ /var/lib/qemu/firmware - - - - ${pkgs.qemu}/share/qemu/firmware" ]; systemd.tmpfiles.rules = [ "L+ /var/lib/qemu/firmware - - - - ${pkgs.qemu}/share/qemu/firmware" ];
# Some programs need SUID wrappers, can be configured further or are # Some programs need SUID wrappers, can be configured further or are
# started in user sessions. # started in user sessions.
@@ -196,11 +198,40 @@
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
24800 #Synergy 24800 #Synergy
53317 #localsend 53317 #localsend
3390 #rdp
9090
8000
]; ];
networking.firewall.allowedUDPPorts = [ networking.firewall.allowedUDPPorts = [
24800 #Synergy 24800 #Synergy
53317 #localsend 53317 #localsend
3390 #rdp
9090
8000
]; ];
networking.firewall.trustedInterfaces = [ "virbr0" ];
networking.nat = {
enable = true;
internalInterfaces = [ "virbr0" ];
externalInterface = "enp75s0";
extraCommands = ''
# MASQUERADE forwarded traffic to VM so it knows how to route back
iptables -t nat -A nixos-nat-post -o virbr0 -j MASQUERADE
'';
forwardPorts = [
{
sourcePort = 9090;
proto = "tcp";
destination = "192.168.122.113:9090";
}
{
sourcePort = 9090;
proto = "udp";
destination = "192.168.122.113:9090";
}
];
};
# Or disable the firewall altogether. # Or disable the firewall altogether.
# networking.firewall.enable = false; # networking.firewall.enable = false;

19
systems/x86_64-linux/drivebystation-nix/hardware/graphics/intel.nix
View File

@@ -26,7 +26,7 @@
"mitigations=off" # Disable CPU mitigations for better performance "mitigations=off" # Disable CPU mitigations for better performance
"module_blacklist=nouveau,nvidia,nvidia_drm,nvidia_modeset,nvidia_uvm" "module_blacklist=nouveau,nvidia,nvidia_drm,nvidia_modeset,nvidia_uvm"
]; ];
services.switcherooControl.enable = true;
environment.variables.VK_ICD_FILENAMES = "/run/opengl-driver/share/vulkan/icd.d/intel_icd.x86_64.json"; environment.variables.VK_ICD_FILENAMES = "/run/opengl-driver/share/vulkan/icd.d/intel_icd.x86_64.json";
hardware.intel-gpu-tools.enable = true; hardware.intel-gpu-tools.enable = true;
hardware.graphics = { hardware.graphics = {
@@ -38,6 +38,7 @@
vpl-gpu-rt # oneVPL runtime vpl-gpu-rt # oneVPL runtime
intel-vaapi-driver # fallback intel-vaapi-driver # fallback
intel-compute-runtime # OpenCL/Level Zero intel-compute-runtime # OpenCL/Level Zero
level-zero # Level Zero API for compute
]; ];
}; };
@@ -66,6 +67,11 @@
# DXVK optimizations # DXVK optimizations
DXVK_HUD = "compiler"; # Monitor shader compilation DXVK_HUD = "compiler"; # Monitor shader compilation
# DXVK_ASYNC = "1"; # Enable if you want async shader compilation (may cause issues) # DXVK_ASYNC = "1"; # Enable if you want async shader compilation (may cause issues)
# Intel IPEX / PyTorch settings
ZE_ENABLE_ALT_DRIVERS = "libze_intel_gpu.so.1"; # Enable Intel GPU driver for Level Zero
SYCL_CACHE_PERSISTENT = "1"; # Enable persistent SYCL cache
SYCL_PI_LEVEL_ZERO_USE_IMMEDIATE_COMMANDLISTS = "1"; # Performance optimization
}; };
@@ -103,4 +109,15 @@
## User Access ## User Access
############################ ############################
users.users.andreas.extraGroups = [ "video" "render" ]; users.users.andreas.extraGroups = [ "video" "render" ];
############################
## System Packages for AI/ML
############################
environment.systemPackages = with pkgs; [
intel-compute-runtime
level-zero
# For checking GPU compute capabilities
clinfo
vulkan-tools
];
} }

37
systems/x86_64-linux/drivebystation-nix/hardware/graphics/passthrough_nvidia.nix Normal file
View File

@@ -0,0 +1,37 @@
{ config, lib, system, pkgs, ... }:
{
boot.kernelModules = [
"vfio"
"vfio-pci"
"vfio_iommu_type1"
];
boot.kernelParams = [
"amd_iommu=on"
"iommu=pt"
];
# Make sure vfio is available inside initrd
boot.initrd.availableKernelModules = [
"vfio_pci"
];
# Bind by IDs (cleaner via modprobe instead of kernel param)
boot.extraModprobeConfig = ''
options vfio-pci ids=10de:1b81,10de:10f0
'';
boot.initrd.preDeviceCommands = ''
modprobe vfio-pci
'';
# # EARLY and deterministic binding
# boot.initrd.preDeviceCommands = ''
# echo 0000:05:00.0 > /sys/bus/pci/drivers/vfio-pci/bind
# echo 0000:05:00.1 > /sys/bus/pci/drivers/vfio-pci/bind
# '';
environment.systemPackages = with pkgs; [
pciutils
virtiofsd
config.virtualisation.libvirtd.qemu.package
looking-glass-client
virt-manager
libguestfs-with-appliance
];
users.extraUsers.andreas.extraGroups = [ "libvirtd" ];
}

1
systems/x86_64-linux/drivebystation-nix/hardware/hardware-configuration.nix
View File

@@ -8,6 +8,7 @@
[ [
(modulesPath + "/installer/scan/not-detected.nix") (modulesPath + "/installer/scan/not-detected.nix")
./graphics/intel.nix ./graphics/intel.nix
./graphics/passthrough_nvidia.nix
# ./graphics/intel_i915.nix # ./graphics/intel_i915.nix
# ./graphics/nvidia.nix # ./graphics/nvidia.nix
./acer-monitor-edid.nix ./acer-monitor-edid.nix