From 5e73c697d5c0d88c8637894702451fd3b0941149 Mon Sep 17 00:00:00 2001 From: Chris Thompson Date: Mon, 6 Jan 2025 14:47:40 -0500 Subject: [PATCH 1/5] Update flake and add kernel patch --- flake.lock | 12 ++++++------ hosts/default/configuration.nix | 13 ++++++++++++- 2 files changed, 18 insertions(+), 7 deletions(-) diff --git a/flake.lock b/flake.lock index 4ad035c..d49fafe 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1734093295, - "narHash": "sha256-hSwgGpcZtdDsk1dnzA0xj5cNaHgN9A99hRF/mxMtwS4=", + "lastModified": 1736089250, + "narHash": "sha256-/LPWMiiJGPHGd7ZYEgmbE2da4zvBW0acmshUjYC3WG4=", "owner": "nix-community", "repo": "home-manager", - "rev": "66c5d8b62818ec4c1edb3e941f55ef78df8141a8", + "rev": "172b91bfb2b7f5c4a8c6ceac29fd53a01ef07196", "type": "github" }, "original": { @@ -22,11 +22,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1733940404, - "narHash": "sha256-Pj39hSoUA86ZePPF/UXiYHHM7hMIkios8TYG29kQT4g=", + "lastModified": 1736012469, + "narHash": "sha256-/qlNWm/IEVVH7GfgAIyP6EsVZI6zjAx1cV5zNyrs+rI=", "owner": "nixos", "repo": "nixpkgs", - "rev": "5d67ea6b4b63378b9c13be21e2ec9d1afc921713", + "rev": "8f3e1f807051e32d8c95cd12b9b421623850a34d", "type": "github" }, "original": { diff --git a/hosts/default/configuration.nix b/hosts/default/configuration.nix index 1be658d..83aec86 100644 --- a/hosts/default/configuration.nix +++ b/hosts/default/configuration.nix @@ -38,7 +38,18 @@ # }; boot.initrd.luks.devices."nvme2n1p2_oldcrypt".device = "/dev/disk/by-uuid/44235dca-99e8-4ea8-9516-97d9f5a2d702"; boot.kernelModules = [ "kvm-amd" "nct6775" ]; - + + # Direct patching for enabling for async reprojection (steamvr) + boot.kernelPatches = [ + { + name = "amdgpu-ignore-ctx-privileges"; + patch = pkgs.fetchpatch { + name = "cap_sys_nice_begone.patch"; + url = "https://github.com/Frogging-Family/community-patches/raw/master/linux61-tkg/cap_sys_nice_begone.mypatch"; + hash = "sha256-Y3a0+x2xvHsfLax/uwycdJf3xLxvVfkfDVqjkxNaYEo="; + }; + } + ]; services.fwupd.enable = true; services.hardware.openrgb.enable = true; # Add flakes From 977a67e2fd21a31c92ab6e8583d42ba54fbe9fd8 Mon Sep 17 00:00:00 2001 From: Chris Thompson Date: Mon, 6 Jan 2025 14:48:07 -0500 Subject: [PATCH 2/5] Security changes...ssh/firewall --- hosts/default/configuration.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/hosts/default/configuration.nix b/hosts/default/configuration.nix index 83aec86..e2433d8 100644 --- a/hosts/default/configuration.nix +++ b/hosts/default/configuration.nix @@ -140,7 +140,7 @@ # And system-specific settings: users.users.wolcen = { description = "Chris Thompson"; - openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEdxdKYrlwOolJpYxvWu6gW/60pzT6aKN6JHhnTSBFqN wolcen@typhoon" ]; + openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEdxdKYrlwOolJpYxvWu6gW/60pzT6aKN6JHhnTSBFqN wolcen@typhoon" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINTFJeOIRwEw09EhFdssRHOdb+T7o84FC+ULMQzXDewE wolcen@wolcen-ThinkPad-X220" ]; extraGroups = [ "networkmanager" "wheel" "docker" "dialout" ]; }; @@ -163,7 +163,7 @@ # For xdebug...verify actual necessity # Have had to use this, but I think it can be disabled still - perhaps w/xdebug binding setting...don't know. - networking.firewall.allowedTCPPorts = [ 9003 ]; + #networking.firewall.allowedTCPPorts = [ 9003 ]; # Allow unfree packages nixpkgs.config.allowUnfree = true; @@ -273,6 +273,7 @@ # Enable the OpenSSH daemon. services.openssh.enable = true; services.openssh.ports = [ 2112 ]; # must be a list...for some reason. + services.openssh.settings.PasswordAuthentication = false; # Enable mobile shell (for roaming, intermittent connectivity, etc) programs.mosh.enable = true; From afab34e62e53b1bfb9e43593ecfc79816ca5f8f3 Mon Sep 17 00:00:00 2001 From: Chris Thompson Date: Mon, 6 Jan 2025 14:48:14 -0500 Subject: [PATCH 3/5] Add packages --- hosts/default/configuration.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/hosts/default/configuration.nix b/hosts/default/configuration.nix index e2433d8..c8cf4da 100644 --- a/hosts/default/configuration.nix +++ b/hosts/default/configuration.nix @@ -198,6 +198,7 @@ just # command runner like make #ansible # configuration management system/automation tool kdePackages.kcachegrind # analyze xdebug output + kdePackages.filelight # disk space visualizer libreoffice-qt # libreoffice - qt is best for KDE hunspell # spell checking hunspellDicts.en_US # spell check dictionary @@ -211,6 +212,12 @@ zig # the zig language powerline # prompt utility distrobox # instant alternate OS availability + pigz # muti-treaded replacement for gzip + unzip # old standard zip handler + rpi-imager # rasbperry pi os burner util + screenkey # broadcast key presses + superfile # cli file manager + #obs-studio # open broadcast studio ]; programs.zsh.enable = true; programs.git = { From 9cb2c6be9a7d92abef2e88c52b1dc2f60164da42 Mon Sep 17 00:00:00 2001 From: Chris Thompson Date: Mon, 6 Jan 2025 14:48:24 -0500 Subject: [PATCH 4/5] Monado (vr) updates --- hosts/default/configuration.nix | 7 +++++-- hosts/default/home.nix | 24 ++++++++++++++++++++++++ 2 files changed, 29 insertions(+), 2 deletions(-) diff --git a/hosts/default/configuration.nix b/hosts/default/configuration.nix index c8cf4da..3a7a6f2 100644 --- a/hosts/default/configuration.nix +++ b/hosts/default/configuration.nix @@ -362,8 +362,11 @@ services.monado = { enable = true; defaultRuntime = true; # Register as default OpenXR runtime - #environment.WMR_HANDTRACKING = "1"; # Enable for hand tracking - #environment.U_PACING_COMP_MIN_TIME_MS = "5"; # This is a tweak for something...I forgot + }; + systemd.user.services.monado.environment = { + WMR_HANDTRACKING = "1"; # Enable for hand tracking + XRT_PRINT_OPTIONS = "1"; # Enable printing env vars set/available + #U_PACING_COMP_MIN_TIME_MS = "5"; # This is a tweak for something...I forgot }; # allow clock adjustments/priority change, etc (gamemoderun ./game) # https://wiki.nixos.org/wiki/GameMode diff --git a/hosts/default/home.nix b/hosts/default/home.nix index 3d20564..e4f5fcd 100644 --- a/hosts/default/home.nix +++ b/hosts/default/home.nix @@ -70,7 +70,31 @@ home.sessionVariables = { # EDITOR = "emacs"; }; + # For Monado: + xdg.configFile."openxr/1/active_runtime.json".source = "${pkgs.monado}/share/openxr/1/openxr_monado.json"; + # For WiVRn: + #xdg.configFile."openxr/1/active_runtime.json".source = "${pkgs.wivrn}/share/openxr/1/openxr_wivrn.json"; + + xdg.configFile."openvr/openvrpaths.vrpath".text = '' + { + "config" : + [ + "${config.xdg.dataHome}/Steam/config" + ], + "external_drivers" : null, + "jsonid" : "vrpathreg", + "log" : + [ + "${config.xdg.dataHome}/Steam/logs" + ], + "runtime" : + [ + "${pkgs.opencomposite}/lib/opencomposite" + ], + "version" : 1 + } + ''; # Let Home Manager install and manage itself. programs.home-manager.enable = true; } From ecd4d9c82200f61a754decb4f944cb3b82c9b20a Mon Sep 17 00:00:00 2001 From: Chris Thompson Date: Mon, 6 Jan 2025 14:48:32 -0500 Subject: [PATCH 5/5] User package changes --- hosts/default/main-user.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/hosts/default/main-user.nix b/hosts/default/main-user.nix index 809fb5a..354774d 100644 --- a/hosts/default/main-user.nix +++ b/hosts/default/main-user.nix @@ -23,6 +23,7 @@ in extraGroups = [ "wheel" "networkmanager" "docker" ]; packages = with pkgs; [ #kdePackages.kate # ... why did I add this? + mkcert thunderbird # email client keepassxc # passwords! macchina # like *fetch - display basics @@ -31,6 +32,8 @@ in signal-desktop # messaging ddev # local docker dev awesome vscodium # vs code editor, but free + yubikey-manager-qt # yubi key mgmgt - more needed + #pavucontrol # pulse audio vol control # go to 2.17 when no more servers w/python issues (elizabeth) ansible_2_16 # deployment/automation #python311Full # troubleshooting ansible things. @@ -39,12 +42,11 @@ in # switch to an ansible build environment instead. php81 php81Packages.composer - php81Packages.composer php81Extensions.zip php81Extensions.xml php81Extensions.dom php81Extensions.bz2 - php81Extensions.yaml + #php81Extensions.yaml php81Extensions.zlib php81Extensions.zstd php81Extensions.intl