Merge branch 'main' of github.com:alexmickelson/infrastructure

nix/ai-server-1.nix

@@ -122,7 +122,7 @@
     dbus
 
 
-
+    # protontricks stuff?
     freetype
     # freetype.bin
     fontconfig
@@ -131,6 +131,8 @@
     zlib
 
     quickemu
+
+    git-lfs
   ];
   programs.nix-ld.enable = true;
 

nix/ai-vm.nix

@@ -72,6 +72,7 @@
       git
       tmux
       vscode
+      zip
     ];
   };
   home-manager.users.alex = { pgks, ...}: {

nix/alex-desktop.nix

@@ -9,8 +9,7 @@
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
-  networking.hostName = "alex-desktop"; # Define your hostname.
-  # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
+  networking.hostName = "alex-desktop";
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
   networking.networkmanager.enable = true;
 
@@ -50,8 +49,21 @@
     alsa.enable = true;
     alsa.support32Bit = true;
     pulse.enable = true;
+
+    wireplumber = {
+      enable = true;
+
+      extraConfig = {
+        "disable-x11" = {
+          "wireplumber.settings" = {
+            "support.x11" = false;
+          };
+        };
+      };
+    };
   };
 
+
   users.users.alex = {
     isNormalUser = true;
     description = "alex";
@@ -73,6 +85,7 @@
   services.fwupd.enable = true;
   hardware.enableAllFirmware = true;
   hardware.firmware = with pkgs; [ linux-firmware ];
+  programs.nix-ld.enable = true;
   
   nixpkgs.config.allowUnfree = true;
   environment.systemPackages = with pkgs; [
@@ -91,7 +104,6 @@
     mangohud
     mlocate
 
-
     wineWowPackages.stable
     wine
     (wine.override { wineBuild = "wine64"; })
@@ -99,20 +111,13 @@
     wineWowPackages.staging
     winetricks
     wineWowPackages.waylandFull
-    # woeusb ntfs3g
-    # (lutris.override {
-    #   extraLibraries =  pkgs: [
-    #     # List library dependencies here
-    #   ];
-    #   extraPkgs = pkgs: [
-    #     # List package dependencies here
-    #   ];
-    # })
-
 
     mesa-gl-headers
     mesa
     driversi686Linux.mesa
+    mesa-demos
+
+    android-tools
   ];
   services.tailscale.enable = true;
   services.openssh.enable = true;
@@ -122,20 +127,6 @@
   programs.fish.enable = true;
   services.flatpak.enable = true;
   hardware.steam-hardware.enable = true;
-  programs.adb.enable = true; # graphene
-
-  # programs.gamescope = {
-  #   enable = true;
-  #   capSysNice = true;
-  # };
-  # programs.gamemode.enable = true;
-  # programs.steam = {
-  #   enable = true;
-  #   gamescopeSession.enable = true;
-  #   remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
-  #   dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
-  #   localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
-  # };
   networking.firewall.enable = false;
 
   hardware.graphics = {
@@ -143,7 +134,6 @@
     enable = true;
   };
 
-
   fileSystems."/steam-data" =
   { 
     device = "/dev/disk/by-uuid/437358fd-b9e4-46e2-bd45-f6b368acaac1";
@@ -155,6 +145,21 @@
   boot.zfs.extraPools = [ "data" "data2" ];
  
 
+  systemd.timers."nix-garbage-collect-weekly" = {
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnCalendar = "weekly";
+      Persistent = true;
+    };
+  };
+
+  systemd.services."nix-garbage-collect-weekly" = {
+    serviceConfig = {
+      Type = "oneshot";
+      ExecStart = "/run/current-system/sw/bin/nix-collect-garbage --delete-older-than 7d";
+    };
+  };
+
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
   # on your system were taken. It‘s perfectly fine and recommended to leave

nix/flakes/opencode/flake.lock

@@ -20,11 +20,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1759520764,
-        "narHash": "sha256-jERdfBm1rQc9qAdPi1lMEv9inEl7kvvnXCst//ZD2Yc=",
+        "lastModified": 1767726775,
+        "narHash": "sha256-mpA/pevxXJzu/5rbdb7u0BzgEJCDDQd1EZ3oyyOo8VI=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "bcbcd4e5a8cb24199859dd73e448494c8c7d55cb",
+        "rev": "f8ce89e3edbc488a5b17c559ad55f083282420e9",
         "type": "github"
       },
       "original": {

nix/flakes/opencode/flake.nix

@@ -19,6 +19,7 @@
               };
               models = {
                 "gpt-oss-120b" = { };
+                "devstral-123b" = { };
               };
             };
             home = {

nix/home-manager/alex.home.nix

@@ -29,6 +29,10 @@
   programs.direnv = {
     enable = true;
   };
+  programs.ghostty = {
+    enable = true;
+    enableFishIntegration = true;
+  };
   home.sessionVariables = {
     EDITOR = "vim";
   };
@@ -58,6 +62,8 @@ export DOTNET_WATCH_RESTART_ON_RUDE_EDIT=1
 export DOTNET_CLI_TELEMETRY_OPTOUT=1
 set -x LIBVIRT_DEFAULT_URI qemu:///system
 
+alias blue="bluetui"
+alias jelly="jellyfin-tui"
      '';
     };
     home.file = {

nix/home-manager/desktop.home.nix

@@ -20,11 +20,21 @@
     ffmpeg
     gh
     bitwarden-desktop
+    jellyfin-tui
+    bluetui
+    nexusmods-app-unfree
   ];
 
   programs.ghostty = {
     enable = true;
     enableFishIntegration = true;
+    settings = {
+      window-inherit-working-directory = "false";
+      theme = "Atom";
+      font-size = 14;
+      window-height = 30;
+      window-width = 100; 
+    };
   };
 
   fonts.fontconfig.enable = true;

nix/home-manager/server.home.nix

@@ -5,5 +5,6 @@
         opencode
         quickemu
         tree
+        kubernetes-helm
     ];
 }

nix/home-manager/work.home.nix

@@ -2,6 +2,8 @@
 
 let
   opencodeFlake = builtins.getFlake (toString ../flakes/opencode);
+  monitorTuiFlake = builtins.getFlake (toString ../../monitors/monitor-tui-rs);
+  zenBrowserFlake = builtins.getFlake "github:youwen5/zen-browser-flake";
   nixgl = import
     (fetchTarball "https://github.com/nix-community/nixGL/archive/main.tar.gz")
     { };
@@ -50,10 +52,13 @@ in {
     firefoxpwa
     bluetui
     #nixfmt-classic
-    opencodeFlake.packages.${system}.opencode
+    opencodeFlake.packages.${pkgs.stdenv.hostPlatform.system}.opencode
+    monitorTuiFlake.packages.${pkgs.stdenv.hostPlatform.system}.default
+    (config.lib.nixGL.wrap zenBrowserFlake.packages.${pkgs.stdenv.hostPlatform.system}.default)
     bitwarden-desktop
     wiremix
-    moonlight-qt
+    (config.lib.nixGL.wrap moonlight-qt)
+    nvtopPackages.amd
     # jan
     # texlivePackages.jetbrainsmono-otf
     # nerd-fonts.fira-code
@@ -69,7 +74,17 @@ in {
   };
 
   programs.direnv = { enable = true; };
-  programs.ghostty = { enable = true; };
+  programs.ghostty = {
+    enable = true;
+    enableFishIntegration = true;
+    settings = {
+      window-inherit-working-directory = "false";
+      theme = "Atom";
+      font-size = "18";
+      window-height = "30";
+      window-width = "120"; 
+    };
+  };
   programs.fish = {
     enable = true;
     shellInit = ''
@@ -106,6 +121,8 @@ in {
       set -x LIBVIRT_DEFAULT_URI qemu:///system
       set -x TERM xterm-256color # ghostty
 
+      source "$HOME/.cargo/env.fish"
+
       export SSH_AUTH_SOCK=/home/alexm/.bitwarden-ssh-agent.sock # ssh agent
     '';
   };
@@ -193,6 +210,28 @@ in {
       Terminal=false
       Categories=Network;WebBrowser;
     '';
+    ".local/share/applications/zen-browser.desktop".text = ''
+      [Desktop Entry]
+      Version=1.0
+      Type=Application
+      Name=Zen Browser
+      Comment=A calmer Firefox-based browser
+      Exec=nixGLIntel zen
+      Icon=${zenBrowserFlake.packages.${pkgs.stdenv.hostPlatform.system}.default}/share/icons/hicolor/128x128/apps/zen.png
+      Terminal=false
+      Categories=Network;WebBrowser;
+      MimeType=text/html;text/xml;application/xhtml+xml;x-scheme-handler/http;x-scheme-handler/https;
+      StartupWMClass=zen
+      Actions=new-window;new-private-window;
+
+      [Desktop Action new-window]
+      Name=Open a New Window
+      Exec=nixGLIntel zen --new-window
+
+      [Desktop Action new-private-window]
+      Name=Open a New Private Window
+      Exec=nixGLIntel zen --private-window
+    '';
   };
 
   home.sessionVariables = { EDITOR = "vim"; };
@@ -222,6 +261,5 @@ in {
       package = pkgs.gnome-themes-extra;
     };
   };
-  # Let Home Manager install and manage itself.
   programs.home-manager.enable = true;
 }

nix/home-server.nix

@@ -58,6 +58,9 @@
     description = "github";
     extraGroups = [ "docker" ];
     shell = pkgs.fish;
+    packages = with pkgs; [
+      kubernetes-helm
+    ];
   };
   users.users.alex = {
     isNormalUser = true;
@@ -75,7 +78,7 @@
   home-manager.useGlobalPkgs = true;
 
   services.fwupd.enable = true;
-   systemd.timers."nix-garbage-collect-weekly" = {
+  systemd.timers."nix-garbage-collect-weekly" = {
     wantedBy = [ "timers.target" ];
     timerConfig = {
       OnCalendar = "weekly";
@@ -167,13 +170,6 @@
       package = pkgs.qemu_kvm;
       runAsRoot = true;
       swtpm.enable = true;
-      ovmf = {
-        enable = true;
-        packages = [ pkgs.OVMFFull.fd ];
-        # packages = [
-        #   (pkgs.OVMF.override { secureBoot = true; tpmSupport = true; }).fd
-        # ];
-      };
     };
   };
   networking.interfaces.enp5s0.useDHCP = true;
@@ -183,19 +179,14 @@
       interfaces = [ "enp5s0" ];
     };
   };
-
-  # not working yet, in theory simplifies xml for vm
-  # environment.etc."qemu/edk2-x86_64-secure-code.fd".source = "${pkgs.OVMF.fd}/FV/OVMF_CODE.secboot.fd";
-  # environment.etc."qemu/edk2-i386-vars.fd".source = "${pkgs.OVMF.fd}/FV/OVMF_VARS.fd";
-
-  # environment.etc."qemu/edk2-x86_64-secure-code.fd".source = "${pkgs.OVMF.fd}/FV/OVMF_CODE.secboot.fd";
-  # environment.etc."qemu/edk2-x86_64-secure-vars.fd".source = "${pkgs.OVMF.fd}/FV/OVMF_VARS.secboot.fd";
-
+  
   environment.etc = {
     "qemu/edk2-x86_64-secure-code.fd".source =
-      lib.mkForce "${pkgs.OVMF.fd}/FV/OVMF_CODE.ms.fd";
+      lib.mkForce "${pkgs.OVMFFull.fd}/FV/OVMF_CODE.ms.fd";
     "qemu/edk2-x86_64-secure-vars.fd".source =
-      lib.mkForce "${pkgs.OVMF.fd}/FV/OVMF_VARS.ms.fd";
+      lib.mkForce "${pkgs.OVMFFull.fd}/FV/OVMF_VARS.ms.fd";
+    "qemu/OVMF_VARS.fd".source =
+      lib.mkForce "${pkgs.OVMFFull.fd}/FV/OVMF_VARS.fd";
   };
   systemd.tmpfiles.rules = [
     "d /var/lib/libvirt/qemu/nvram 0755 root root -"
@@ -209,7 +200,7 @@
   boot.supportedFilesystems = [ "zfs" ];
   boot.zfs.forceImportRoot = false;
   networking.hostId = "eafe9551";
-  boot.zfs.extraPools = [ "data-ssd" "backup" "vms" "vms-2" ];
+  boot.zfs.extraPools = [ "data-ssd" "backup" "vms-2" "vms-3" ];
   services.sanoid = {
     enable = true;
     templates.production = {
@@ -266,7 +257,6 @@
       tokenFile = "/data/runner/github-infrastructure-token.txt";
       url = "https://github.com/alexmickelson/infrastructure";
       extraLabels = [ "home-server" ];
-      #workDir = "/data/runner/infrastructure/";
       replace = true;
       serviceOverrides = { 
         ReadWritePaths = [ 
@@ -281,12 +271,8 @@
         ProtectSystem = false;
         PrivateMounts = false;
         PrivateUsers = false;
-        #DynamicUser = true;
-        #NoNewPrivileges = false;
         ProtectHome = false;
-        #RuntimeDirectoryPreserve = "yes";
         Restart = lib.mkForce  "always";
-        #RuntimeMaxSec = "7d";
       };
       extraPackages = with pkgs; [
         docker
@@ -295,18 +281,13 @@
         sanoid
         mbuffer
         lzop
+        kubectl
+        kubernetes-helm
       ];
     };
   };
-  # services.cron = {
-  #   enable = true;
-  #   systemCronJobs = [
-  #     "*/5 * * * *      root    date >> /tmp/cron.log"
-  #   ];
-  # };
   
   networking.firewall.enable = false;
-  # networking.firewall.trustedInterfaces = [ "docker0" ]; 
 
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions

nix/modules/k3s.nix

@@ -6,11 +6,17 @@
     enable = true;
     role = "server";
     extraFlags = toString [
-      # "--debug" # Optionally add additional args to k3s
       "--disable=traefik"
       "--bind-address 100.122.128.107"
       "--node-external-ip 100.122.128.107"
       "--tls-san 100.122.128.107"
+
+
+      # Disable disk-based evictions
+      "--kubelet-arg=eviction-hard="
+      "--kubelet-arg=eviction-soft="
+      "--kubelet-arg=eviction-soft-grace-period="
+      "--kubelet-arg=eviction-pressure-transition-period=0s"
     ];
     serverAddr = "https://100.122.128.107:6443";
   };

nix/tv-computer.nix

@@ -64,6 +64,7 @@
 
   programs.firefox.enable = true;
   nixpkgs.config.allowUnfree = true;
+  services.fwupd.enable = true;
 
   environment.systemPackages = with pkgs; [
     vim
@@ -101,6 +102,6 @@
   systemd.targets.hibernate.enable = false;
   systemd.targets.hybrid-sleep.enable = false;
 
-  system.stateVersion = "24.05"; # Did you read the comment?
+  system.stateVersion = "25.11"; # Did you read the comment?
 
 }