fix xrdp, add vpn vm

2025-06-02 15:08:38 +02:00
parent 6c21647214
commit 3bf278cef4
42 changed files with 306 additions and 89 deletions
--- a/systems/amd-server-vpn-vm/configuration.nix
+++ b/systems/amd-server-vpn-vm/configuration.nix
@@ -0,0 +1,83 @@
+{ config, pkgs, modulesPath, lib, ... }:
+
+{
+  imports = [
+    # Include the results of the hardware scan.
+    #./hardware-configuration.nix
+    ../../modules/services/ssh.nix
+    ../../modules/misc/logging.nix
+    ../../modules/misc/motd.nix
+    ../../modules/misc/kernel.nix
+    ../../modules/work/vpn.nix
+    #./disk-config.nix
+    ./hardware.nix
+    (modulesPath + "/installer/scan/not-detected.nix")
+    (modulesPath + "/profiles/qemu-guest.nix")
+  ];
+
+  boot = {
+    kernelParams = [ "console=tty0" "console=ttyS0" ];
+    loader.timeout = lib.mkForce 1;
+
+    loader.grub.enable = true;
+    loader.grub.device = "/dev/vda";
+    #loader.grub = {
+    #  efiSupport = true;
+    #  efiInstallAsRemovable = true;
+    #  device = "nodev";
+    #};
+  };
+
+  programs.firefox.enable = true;
+  services.spice-vdagentd.enable = true;
+
+  networking.usePredictableInterfaceNames = false;
+
+  mainUser.layout = "de";
+  mainUser.variant = "us";
+  custom = {
+    user = {
+      name = "anon";
+      layout = "de";
+      variant = "us";
+    };
+    hardware = {
+      firmware.enable = true;
+      ssd.enable = true;
+    };
+    services = {
+      wireguard = {
+        enable = true;
+        ip = "192.168.2.1";
+        secretFile = ../../secrets/wireguard-evo-vpn.age;
+        externalInterface = "tun0";
+      };
+    };
+    nftables.enable = true;
+    cli-tools.enable = true;
+    nix = {
+      index.enable = true;
+      settings.enable = true;
+    };
+    graphical = {
+      lxqt.enable = true;
+    };
+  };
+
+  #fileSystems."/" = {
+  #  device = "/dev/disk/by-label/nixos";
+  #  fsType = "ext4";
+  #  options = [ "defaults" "noatime" ];
+  #};
+  #fileSystems."/boot" =
+  #{ device = "/dev/disk/by-label/ESP";
+  #    fsType = "vfat";
+  #};
+
+  networking.hostName = "amd-server-vpn-vm"; # Define your hostname.
+
+  # Configure console keymap
+  console.keyMap = "us";
+
+  system.stateVersion = "25.05"; # Did you read the comment?
+}
--- a/systems/amd-server-vpn-vm/disk-config.nix
+++ b/systems/amd-server-vpn-vm/disk-config.nix
@@ -0,0 +1,38 @@
+# Example to create a bios compatible gpt partition
+{ lib, ... }: {
+  disko.devices = {
+    disk.main = {
+      device = lib.mkDefault "/dev/vda";
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          boot = {
+            name = "boot";
+            size = "1M";
+            type = "EF02";
+          };
+          esp = {
+            name = "ESP";
+            size = "500M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+            };
+          };
+          root = {
+            size = "100%";
+            content = {
+              type = "btrfs";
+              extraArgs = [ "-f" ]; # Override existing partition
+              mountpoint = "/";
+              mountOptions = [ "compress=zstd" "noatime" ];
+            };
+          };
+        };
+      };
+    };
+  };
+}
--- a/systems/amd-server-vpn-vm/hardware.nix
+++ b/systems/amd-server-vpn-vm/hardware.nix
@@ -0,0 +1,28 @@
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_blk" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/f222513b-ded1-49fa-b591-20ce86a2fe7f";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}
--- a/systems/laptop/configuration.nix
+++ b/systems/laptop/configuration.nix
@@ -26,6 +26,7 @@
    tmpfs.enable = true;
    wireshark.enable = true;
    virt-manager.enable = true;
+    nixvimPlugins = true;
    nix = {
      ld.enable = true;
      settings.enable = true;
--- a/systems/pc/configuration.nix
+++ b/systems/pc/configuration.nix
@@ -26,6 +26,7 @@
    virt-manager.enable = true;
    nftables.enable = true;
    cli-tools.enable = true;
+    nixvimPlugins = true;
    nix = {
      index.enable = true;
      ld.enable = true;
@@ -43,8 +44,11 @@
    services = { syncthing = { enable = true; }; };
    hardware = {
      android.enable = true;
-      amd-gpu.enable = true;
-      amd-gpu.rocm.enable = true;
+      amd-gpu = {
+        enable = true;
+        rocm.enable = true;
+        overdrive = true;
+      };
      nvidia = {
        enable = false;
        clock = {