testbed-vm: init, will add hardware-configuration later

config/hypr/hyprland.conf

@@ -17,9 +17,11 @@
 ################
 
 # See https://wiki.hypr.land/Configuring/Monitors/
-monitor=eDP-2,2560x1600@165.0,1920x80,1.6
-monitor=DP-5,1920x1080@60.0,0x0,1.0
+monitor=eDP-1,2560x1600@165.0,1920x0,1.6
+monitor=DP-4,1920x1080@60.0,0x0,1.0
 
+monitor=eDP-2,2560x1600@165.0,1920x0,1.6
+monitor=DP-5,1920x1080@60.0,0x0,1.0
 
 ###################
 ### MY PROGRAMS ###

config/hypr/hyprpaper.conf

@@ -1,6 +1,16 @@
 preload = /home/xory/wallpaper.png
 wallpaper = ,/home/xory/wallpaper.png
 
+wallpaper {
+    monitor = eDP-1
+    path = ~/wallpaper.png
+}
+
+wallpaper {
+    monitor = DP-4
+    path = ~/wallpaper.png
+}
+
 wallpaper {
     monitor = eDP-2
     path = ~/wallpaper.png

configuration.nix

@@ -99,7 +99,7 @@
   users.users.xory = {
     isNormalUser = true;
     description = "xory";
-    extraGroups = [ "networkmanager" "wheel" "docker" "libvirt" "dialout" ];
+    extraGroups = [ "networkmanager" "wheel" "docker" "libvirtd" "qemu-libvirtd" "kvm" "dialout" ];
     shell = pkgs.zsh;
     initialHashedPassword = "$6$JXLpG5JYMJgZndm9$0sC8uPJ99cYL.hNv3DFQ20ky8tiZoxioe9GlMEanTwAD99LJ175/bHtN6Bm6bYsQG1BVGRdmphnXEcWS9ApoK0"; # this is defined declaratively, i don't use passwd.
   };
@@ -149,8 +149,8 @@
           "--env=GTK_THEME=Adwaita:dark"
         ];
       };
-      signal-desktop-bin = {
-        executable = "${pkgs.signal-desktop-bin}/bin/signal-desktop";
+      signal-desktop = {
+        executable = "${pkgs.signal-desktop}/bin/signal-desktop";
         profile = "${pkgs.firejail}/etc/firejail/signal-desktop.profile";
         extraArgs = [
           "--env=GTK_THEME=Adwaita:dark"

flake.lock

@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1771469470,
-        "narHash": "sha256-GnqdqhrguKNN3HtVfl6z+zbV9R9jhHFm3Z8nu7R6ml0=",
+        "lastModified": 1772420042,
+        "narHash": "sha256-naZz40TUFMa0E0CutvwWsSPhgD5JldyTUDEgP9ADpfU=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "4707eec8d1d2db5182ea06ed48c820a86a42dc13",
+        "rev": "5af7af10f14706e4095bd6bc0d9373eb097283c6",
         "type": "github"
       },
       "original": {
@@ -45,11 +45,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1771756436,
-        "narHash": "sha256-Tl2I0YXdhSTufGqAaD1ySh8x+cvVsEI1mJyJg12lxhI=",
+        "lastModified": 1772633064,
+        "narHash": "sha256-hawTxa3ciuUGOVla1dgyvjQffiPQtC2kqHfrpdBfMtk=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "5bd3589390b431a63072868a90c0f24771ff4cbb",
+        "rev": "ef26422ded4cc4cdbf8ae1f81447877aea3bf252",
         "type": "github"
       },
       "original": {
@@ -107,11 +107,11 @@
         "nvchad-starter": "nvchad-starter"
       },
       "locked": {
-        "lastModified": 1771479716,
-        "narHash": "sha256-px2OOCb6VDEGNSVpFEbVLnocz34qrfAarx28lTzrWsw=",
+        "lastModified": 1772606251,
+        "narHash": "sha256-xueeMDt9GljPu0VjmQ/veepdcjO0cN1h+s+lkCgjq6k=",
         "owner": "nix-community",
         "repo": "nix4nvchad",
-        "rev": "5098052557a36a148c84740733c4ac5b1bc566a5",
+        "rev": "981382044fab8448a53707f5754558a13eacafa4",
         "type": "github"
       },
       "original": {
@@ -122,11 +122,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1771423359,
-        "narHash": "sha256-yRKJ7gpVmXbX2ZcA8nFi6CMPkJXZGjie2unsiMzj3Ig=",
+        "lastModified": 1771969195,
+        "narHash": "sha256-qwcDBtrRvJbrrnv1lf/pREQi8t2hWZxVAyeMo7/E9sw=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "740a22363033e9f1bb6270fbfb5a9574067af15b",
+        "rev": "41c6b421bdc301b2624486e11905c9af7b8ec68e",
         "type": "github"
       },
       "original": {
@@ -153,11 +153,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1771714954,
-        "narHash": "sha256-nhZJPnBavtu40/L2aqpljrfUNb2rxmWTmSjK2c9UKds=",
+        "lastModified": 1772598333,
+        "narHash": "sha256-YaHht/C35INEX3DeJQNWjNaTcPjYmBwwjFJ2jdtr+5U=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "afbbf774e2087c3d734266c22f96fca2e78d3620",
+        "rev": "fabb8c9deee281e50b1065002c9828f2cf7b2239",
         "type": "github"
       },
       "original": {
@@ -169,11 +169,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1771369470,
-        "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=",
+        "lastModified": 1772542754,
+        "narHash": "sha256-WGV2hy+VIeQsYXpsLjdr4GvHv5eECMISX1zKLTedhdg=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "0182a361324364ae3f436a63005877674cf45efb",
+        "rev": "8c809a146a140c5c8806f13399592dbcb1bb5dc4",
         "type": "github"
       },
       "original": {
@@ -185,18 +185,15 @@
     },
     "nixpkgs_3": {
       "locked": {
-        "lastModified": 1771369470,
-        "narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=",
-        "owner": "NixOS",
-        "repo": "nixpkgs",
-        "rev": "0182a361324364ae3f436a63005877674cf45efb",
-        "type": "github"
+        "lastModified": 1772198003,
+        "narHash": "sha256-UCaQQ8zmHUocQIgCl+53Jj6NuwqrVKtmv7obE9r6wnw=",
+        "rev": "dd9b079222d43e1943b6ebd802f04fd959dc8e61",
+        "type": "tarball",
+        "url": "https://releases.nixos.org/nixos/unstable/nixos-26.05pre955442.dd9b079222d4/nixexprs.tar.xz"
       },
       "original": {
-        "owner": "NixOS",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
+        "type": "tarball",
+        "url": "https://channels.nixos.org/nixos-unstable/nixexprs.tar.xz"
       }
     },
     "nvchad-starter": {
@@ -234,11 +231,11 @@
         "systems": "systems_2"
       },
       "locked": {
-        "lastModified": 1771737804,
-        "narHash": "sha256-7wn9qbzIQQgH8tnq4VwzuWEqEWpekuymlLyhY3vM/j8=",
+        "lastModified": 1772494187,
+        "narHash": "sha256-6ksgNAFXVK+Cg/6ww7bB2nJUPZlnS75UwZC7G+L03EE=",
         "owner": "Gerg-L",
         "repo": "spicetify-nix",
-        "rev": "6dd43010ac2458cc56a6ac5250349b9217a7a2ae",
+        "rev": "915ab06b046d05613041780c575c62a32fe67cea",
         "type": "github"
       },
       "original": {

hosts/nullstar/config.nix

@@ -8,6 +8,10 @@
       (inputs.nixos-hardware.nixosModules.framework-16-7040-amd)
     ];
 
+  specialisation."VFIO".configuration = {
+    imports = [ ./vfio.nix ];
+  };
+
   services.fwupd.enable = true;
 
   networking.hostName = "nullstar";

hosts/nullstar/vfio.nix

@@ -0,0 +1,23 @@
+{ config, pkgs, ... }:
+
+{
+  boot.kernelParams = [
+    "amd_iommu=on"
+    "iommu=pt"
+    "vfio-pci.ids=1002:7480,1002:ab30"
+  ];
+
+  boot.initrd.kernelModules = [
+    "vfio"
+    "vfio_pci"
+    "vfio_iommu_type1"
+  ];
+
+  systemd.tmpfiles.rules = [
+    "f /dev/shm/looking-glass 0660 xory qemu-libvirtd -"
+  ];
+
+  environment.systemPackages = with pkgs; [
+    looking-glass-client
+  ];
+}

hosts/testbed-vm/config.nix

@@ -0,0 +1,11 @@
+{ config, pkgs, pkgs-stable, lib, inputs, ... }:
+
+{
+  imports =
+    [
+      ./hardware/disko.nix
+    ];
+
+  networking.hostName = "nixos-testbed";
+  networking.hostId = "6c3b53a1";
+}

hosts/testbed-vm/hardware/disko.nix

@@ -3,7 +3,7 @@
     disk = {
       main = {
         type = "disk";
-        device = "/dev/nvme0n1";
+        device = "/dev/vda";
         content = {
           type = "gpt";
           partitions = {
@@ -22,8 +22,11 @@
               content = {
                 type = "luks";
                 name = "crypted";
-                # Critical for Samsung NVMe longevity/performance
+                # Disable this if you do not want to allow TRIM requests to pass through LUKS
+                # (Security vs SSD longevity trade-off)
                 settings.allowDiscards = true;
+                # Uncomment if you want to use a keyfile during install:
+                # settings.keyFile = "/tmp/secret.key"; 
                 content = {
                   type = "zfs";
                   pool = "zroot";
@@ -49,10 +52,12 @@
           normalization = "formD";
           relatime = "on";
           canmount = "off";
+          # Prevent auto-snapshotting by default (enable explicitly on datasets that need it)
           "com.sun:auto-snapshot" = "false";
         };
         datasets = {
-          # Ephemeral root (rolls back to blank on boot)
+          # The ephemeral root dataset.
+          # We create a blank snapshot immediately so you can rollback to it on boot.
           "root" = {
             type = "zfs_fs";
             mountpoint = "/";
@@ -60,7 +65,7 @@
             postCreateHook = "zfs snapshot zroot/root@blank";
           };
           
-          # Nix store
+          # The Nix Store (reproducible, doesn't need backing up usually)
           "nix" = {
             type = "zfs_fs";
             mountpoint = "/nix";
@@ -68,11 +73,13 @@
             options."com.sun:auto-snapshot" = "false";
           };
 
-          # Persistent data
+          # Persisted state (for impermanence)
           "persist" = {
             type = "zfs_fs";
             mountpoint = "/persist";
             options.mountpoint = "legacy";
+            # Enable snapshots for data safety if using sanoid/syncoid
+            # options."com.sun:auto-snapshot" = "true";
           };
 
           # Home directories
@@ -80,6 +87,7 @@
             type = "zfs_fs";
             mountpoint = "/home";
             options.mountpoint = "legacy";
+            # options."com.sun:auto-snapshot" = "true";
           };
         };
       };

hosts/voidspear/config.nix

@@ -1,28 +0,0 @@
-{ config, pkgs, lib, inputs, ... }:
-
-{
-  imports = [
-    ./hardware/hardware-configuration.nix
-    ./hardware/disko.nix
-  ];
-
-  networking.hostName = "voidspear";
-  networking.hostID = "ec82a76e";
-
-
-  # nVidia drivers.
-  hardware.graphics.extraPackages = with pkgs; [
-    libvdpau-va-gl
-  ];
-  services.xserver.videoDrivers = [ "nvidia"];
-  hardware.nvidia = {
-    modesetting.enable = true;
-    powerManagement.enable = false;
-    open = false;
-    nvidiaSettings = true;
-    package = config.boot.kernelPackages.nvidiaPackages.stable;
-  };
-  boot.blacklistedKernelModules = [ "nouveau" ];
-
-  services.ollama.package = pkgs.ollama-cuda;
-}

hosts/voidspear/hardware/hardware-configuration.nix

@@ -1,23 +0,0 @@
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-amd" ];
-  boot.extraModulePackages = [ ];
-
-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  # networking.interfaces.enp42s0.useDHCP = lib.mkDefault true;
-  # networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
-
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-}