Satori: misc changes

hosts/personal/satori/boot.nix

@@ -4,9 +4,17 @@
   boot = {
  #   kernelPackages = pkgs.linuxPackages_lqx;
     initrd={
-      availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod"];
-      kernelModules = [ ];
+      availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "vfio-pci"];
+ /*     preDeviceCommands = ''
+        DEVS="0000:01:00.0 0000:01:00.1 0000:01:00.2 0000:01:00.3"
+        for DEV in $DEVS; do
+          echo "vfio-pci" > /sys/bus/pci/devices/$DEV/driver_override
+        done
+        modprobe -i vfio-pci
+        '';*/
+      kernelModules = [];
     };
+    kernelParams = [ "nvidia-drm.modeset=1" "intel_pstate=active" "intel_iommu=on" ]; 
     kernelModules = [ "kvm-intel"];
     extraModulePackages = [ config.boot.kernelPackages.nvidia_x11 ];
     loader = {
@@ -24,6 +32,5 @@
         configurationName = "nixbruh";
       };
     };
-    kernelParams = [ "nvidia-drm.modeset=1" "intel_pstate=active" ]; 
   };
 }

hosts/personal/satori/networking.nix

@@ -4,9 +4,10 @@
   networking = {
     hostName = "Satori";
     wireless.enable = true;
+    wireless.interfaces = [ "wlp0s20f3" ];
     firewall = {
-      allowedTCPPorts = [ 22 ];
-      allowedUDPPorts = [ 17840 ];
+      allowedTCPPorts = [ 22 18172 ];
+      allowedUDPPorts = [ 22 17840 18172 ];
     };
     interfaces = {
       enp7s0.useDHCP = true;
@@ -21,7 +22,7 @@
     wireguard.interfaces.wg0 = {
       ips = [ "10.55.0.3/32" ];
       listenPort = 17840;
-      privateKeyFile = "/var/secrets/wg.key";
+      privateKeyFile = "/var/wg";
       peers = [
         {
         #Oracle VM1

hosts/personal/satori/pkgs.nix

@@ -18,6 +18,7 @@
     gcc
     rustc
     jdk
+    virtmanager
   ];
 
   programs = {
@@ -77,5 +78,7 @@
       experimental-features = nix-command ca-references flakes
     '';
     trustedUsers = [ "root" "natto" ];
+ #   binaryCaches = ["http://152.67.11.101/" "https://cache.nixos.org/"];
+ #   binaryCachePublicKeys = ["152.67.11.101:lbEG3jz8pB5IxxjCQcZwS1a85XK5HIYN7g2E9Zw0r1M="];
   };
 }

hosts/personal/satori/services.nix

@@ -15,42 +15,10 @@
   services = {
     tor.enable = true;
     logmein-hamachi.enable = true;
-    mysql = {
-      enable = true;
-      package = pkgs.mysql;
-      dataDir = "/var/db";
-    };
     openssh = {
       enable = true;
       permitRootLogin = "yes";
     };
-    vault-agent = {
-      enable = true;
-      settings = {
-        vault = {
-          address = "https://10.55.0.2:8800";
-          client_cert = "/var/vault/cert.pem";
-          client_key = "/var/vault/key.pem";
-        };
-        auto_auth = {
-          method = [
-            {
-              "cert" = {
-                name = "Satori";
-              };
-            }
-          ];
-        };
-        template = [
-          {
-            source = pkgs.writeText "wg.tpl" ''
-              {{ with secret "kv/systems/Satori/wg" }}{{ .Data.data.private }}{{ end }}
-            '';
-            destination = "/var/secrets/wg.key";
-          }
-        ];
-      };
-    };
     btrfs.autoScrub.enable = true;
     udev.extraRules = ''
       ACTION=="add|change", KERNEL=="sda", ATTR{queue/rotational}=="0", ATTR{queue/scheduler}="bfq"
@@ -60,9 +28,14 @@
     tor.wantedBy = lib.mkForce [];
     logmein-hamachi.wantedBy = lib.mkForce [];
     openssh.wantedBy = lib.mkForce [];
-    mysql.wantedBy = lib.mkForce [];
     #printing.wantedBy = lib.mkForce [];
     #vault.wantedBy = lib.mkForce [];
   };
   security.pki.certificateFiles = [ ../../../cert.pem ];
+ /* virtualisation.libvirtd = {
+    enable = true;
+    onBoot = "ignore";
+    onShutdown = "shutdown";
+    qemuRunAsRoot = false;
+  };*/
 }

hosts/personal/satori/stuff.nix

@@ -32,7 +32,7 @@
     isNormalUser = true;
     shell = pkgs.zsh;
     home = "/home/natto";
-    extraGroups = [ "wheel" "adbusers" "video" ];
+    extraGroups = [ "wheel" "adbusers" "video" "libvirtd" ];
   };
   i18n.inputMethod = {
  #   enabled = "fcitx5";