fix xrdp, add vpn vm

2025-06-02 15:08:38 +02:00
parent 6c21647214
commit 3bf278cef4
42 changed files with 306 additions and 89 deletions
--- a/modules/default.nix
+++ b/modules/default.nix
@@ -13,6 +13,8 @@
  # Set your time zone.
  time.timeZone = "Europe/Vienna";

+  services.speechd.enable = false;
+
  # Select internationalisation properties.
  i18n = {
    defaultLocale = "en_US.UTF-8";
--- a/modules/hardware/amd-gpu.nix
+++ b/modules/hardware/amd-gpu.nix
@@ -3,12 +3,13 @@ let cfg = config.custom.hardware.amd-gpu;
 in {
  options.custom.hardware.amd-gpu = {
    enable = lib.mkEnableOption "Enables amd gpus";
+    overdrive = lib.mkEnableOption "Enables overdrive";
    rocm.enable = lib.mkEnableOption "Enables rocm";
  };

  config =
    lib.mkIf cfg.enable {
-      boot.kernelParams =
+      boot.kernelParams = lib.mkIf cfg.overdrive
        [ "amdgpu.ppfeaturemask=0xfff7ffff" "split_lock_detect=off" ];

      hardware.graphics = {
@@ -21,16 +22,17 @@ in {
      services.xserver.videoDrivers = [ "amdgpu" ];
      # controller (overclock, undervolt, fan curves)
      environment.systemPackages = with pkgs; [
-        lact
        nvtopPackages.amd
        amdgpu_top
      ] ++ lib.optionals cfg.rocm.enable [
        clinfo
        rocmPackages.rocminfo
+      ] ++ lib.optionals cfg.overdrive [
+        lact
      ];
      systemd = {
-        packages = with pkgs; [ lact ];
-        services.lactd.wantedBy = [ "multi-user.target" ];
+        packages = lib.mkIf cfg.overdrive (with pkgs; [ lact ]);
+        services.lactd.wantedBy = lib.mkIf cfg.overdrive [ "multi-user.target" ];
        #rocm
        tmpfiles.rules =
          let
--- a/modules/misc/default.nix
+++ b/modules/misc/default.nix
@@ -13,5 +13,6 @@
    ./virt-manager.nix
    ./wireshark.nix
    ./podman.nix
+    ./nixvim.nix
  ];
 }
--- a/modules/misc/nixvim.nix
+++ b/modules/misc/nixvim.nix
@@ -0,0 +1,6 @@
+{ lib, config, pkgs, inputs, ... }:
+with lib;
+let cfg = config.custom.nixvimPlugins;
+in {
+  options.custom.nixvimPlugins = mkEnableOption "Enables nixvim plugins";
+}
--- a/modules/services/wireguard.nix
+++ b/modules/services/wireguard.nix
@@ -11,6 +11,16 @@ in
      type = types.str;
      description = "ipv4 address";
    };
+    secretFile = mkOption {
+      type = types.path;
+      default = ../../secrets/wireguard-private.age;
+      description = "agenix secret file for wireguard";
+    };
+    externalInterface = mkOption {
+      type = types.str;
+      default = "eth0";
+      description = "external interface";
+    };
  };
  config =
    let
@@ -19,11 +29,11 @@ in
    lib.mkIf cfg.enable {

      age.secrets.wireguard-private = {
-        file = ../../secrets/wireguard-private.age;
+        file = cfg.secretFile;
      };

      networking.nat.enable = true;
-      networking.nat.externalInterface = "eth0";
+      networking.nat.externalInterface = cfg.externalInterface;
      networking.nat.internalInterfaces = [ "wg0" ];
      networking.firewall.allowedUDPPorts = [ 51820 ];

@@ -35,6 +45,7 @@ in
            "${wireguardIp}/24"
          ];
          peers = [
+            #pc
            {
              allowedIPs = [
                "192.168.2.2/32"