initial commit

hosts/Alfa/conf/GM/configs/cfsystem.nix

@@ -0,0 +1,79 @@
+{
+  config,
+  lib,
+  inputs,
+  pkgs,
+  ...
+}:
+{
+
+  ## Configuração da internet
+  networking = {
+    networkmanager.enable = true;
+    interfaces.enp9s0.wakeOnLan.enable = true;
+    firewall.allowedTCPPorts = [ 22 ];
+    firewall.allowedUDPPorts = [
+    ];
+  };
+  ## Ativar Bluetooth
+  hardware.bluetooth.enable = true;
+
+  ## Configuração de áudio
+  services = {
+    pulseaudio.enable = false;
+    pipewire = {
+      enable = true;
+      alsa.enable = true;
+      alsa.support32Bit = true;
+      pulse.enable = true;
+      #jack.enable = true; # Descomente se usar aplicações JACK
+    };
+  };
+  security.rtkit.enable = true;
+
+  ## Configuraçao de idioma
+
+  ## Definir fuso horário
+  time.timeZone = "America/Bahia";
+
+  ## Configurações de idioma e localidade
+  i18n = {
+    defaultLocale = "pt_BR.UTF-8";
+    extraLocaleSettings = {
+      LC_ADDRESS = "pt_BR.UTF-8";
+      LC_IDENTIFICATION = "pt_BR.UTF-8";
+      LC_MEASUREMENT = "pt_BR.UTF-8";
+      LC_MONETARY = "pt_BR.UTF-8";
+      LC_NAME = "pt_BR.UTF-8";
+      LC_NUMERIC = "pt_BR.UTF-8";
+      LC_PAPER = "pt_BR.UTF-8";
+      LC_TELEPHONE = "pt_BR.UTF-8";
+      LC_TIME = "pt_BR.UTF-8";
+    };
+  };
+
+  ## Configurar layout do teclado no X11 e console
+  services.xserver.xkb = {
+    layout = "br";
+    variant = "";
+  };
+  console.keyMap = "br-abnt2";
+
+  ## Alias do fish
+  programs.fish.shellAliases = {
+    # upd = "sudo nix flake update --flake /etc/nixos && sudo nixos-rebuild switch --flake path:/etc/nixos#Alfa";
+    upd = "nh home switch -a -u && nh os switch -a";
+    gitupdate = "git add . && git commit && git push origin main";
+  };
+
+  ## Config do fish
+  programs.fish.enable = true;
+  programs.bash = {
+    interactiveShellInit = ''
+      if [[ $(${pkgs.procps}/bin/ps --no-header --pid=$PPID --format=comm) != "fish" && -z ''${BASH_EXECUTION_STRING} ]]
+         then
+           shopt -q login_shell && LOGIN_OPTION='--login' || LOGIN_OPTION=""
+           exec ${pkgs.fish}/bin/fish $LOGIN_OPTION
+         fi '';
+  };
+}

hosts/Alfa/conf/GM/configs/imp.nix

@@ -0,0 +1,18 @@
+{
+  config,
+  lib,
+  inputs,
+  pkgs,
+  ...
+}:
+{
+
+  imports = [
+    ./cfsystem.nix
+    ./nixhelper.nix
+    ./nvidia.nix
+    ./patchs.nix
+    ./self-host.nix
+    ./kernel.nix
+  ];
+}

hosts/Alfa/conf/GM/configs/kernel.nix

@@ -0,0 +1,25 @@
+{
+  config,
+  lib,
+  inputs,
+  pkgs,
+  ...
+}:
+{
+
+  boot.kernelPackages =
+    let
+      customKernel =
+        inputs.nix-cachyos-kernel.legacyPackages.x86_64-linux.linuxPackages-cachyos-latest.kernel.override
+          {
+            processorOpt = "native";
+
+            lto = "thin";
+
+            scheduler = "bore";
+
+          };
+    in
+    pkgs.linuxPackagesFor customKernel;
+
+}

hosts/Alfa/conf/GM/configs/nixhelper.nix

@@ -0,0 +1,62 @@
+{
+  config,
+  lib,
+  inputs,
+  pkgs,
+  ...
+}:
+{
+
+  programs = {
+    ## nix-ld
+    nix-ld = {
+      enable = true;
+      libraries = with pkgs; [ ];
+    };
+    ## nh
+    nh = {
+      enable = true;
+      clean.enable = true;
+      clean.extraArgs = "--keep-since 8d --keep 7";
+      flake = "/etc/nixos"; # sets NH_OS_FLAKE variable for you
+    };
+    ## appimage
+    appimage = {
+      enable = true;
+      binfmt = true;
+    };
+    ## Cache
+    ccache.enable = true;
+    ccache.cacheDir = "/var/cache/ccache";
+  };
+
+  nix = {
+    settings = {
+      cores = 0;
+      max-jobs = "auto";
+      auto-optimise-store = true;
+      extra-sandbox-paths = [ "/var/cache/ccache" ];
+    };
+
+    ## Lix
+    package = pkgs.lixPackageSets.latest.lix;
+
+    ## ativaçao do flakes
+    settings.experimental-features = [
+      "nix-command"
+      "flakes"
+    ];
+    nixPath = lib.mapAttrsToList (key: _: "${key}=flake:${key}") config.nix.registry;
+    registry = lib.mapAttrs (_: value: { flake = value; }) (
+      lib.filterAttrs (_: value: lib.isType "flake" value) inputs
+    );
+    settings.flake-registry = "";
+  };
+
+  services = {
+    flatpak = {
+      enable = true;
+    };
+  };
+
+}

hosts/Alfa/conf/GM/configs/nvidia.nix

@@ -0,0 +1,34 @@
+{
+  config,
+  lib,
+  inputs,
+  pkgs,
+  ...
+}:
+{
+
+  ## Driver da nvidia proprietario
+
+  services.xserver.videoDrivers = [ "nvidia" ];
+  hardware = {
+    graphics.enable = true;
+    nvidia.open = false; # # Se sua placa for pascal pra cima troque isso para true
+    nvidia.package = config.boot.kernelPackages.nvidiaPackages.legacy_580;
+  };
+
+  ## Teste sobre o nvk nao recomendo usar
+
+  #services.xserver.videoDrivers = [ "nouveau" ];
+  #hardware.graphics = {
+  # enable = true;
+  # extraPackages = with pkgs; [
+  #   mesa
+  # ];
+  #};
+
+  #hardware.enableRedistributableFirmware = true;
+  #environment.variables = {
+  #  MESA_VK_DRIVER_OVERRIDE = "nvk";
+  #  VK_ICD_FILENAMES = "/run/opengl-driver/share/vulkan/icd.d/nouveau_icd.x86_64.json";
+  #};
+}

hosts/Alfa/conf/GM/configs/patchs.nix

@@ -0,0 +1,114 @@
+{
+  config,
+  lib,
+  inputs,
+  pkgs,
+  ...
+}:
+{
+
+  ## Variaveis de ambiente contendo o aumento de cache para placas da nvidia
+  environment.variables = {
+    __GL_SHADER_DISK_CACHE_SIZE = "12000000000";
+    VK_LAYER_PATH = "${pkgs.vulkan-validation-layers}/share/vulkan/explicit_layer.d";
+  };
+
+  ## Configuraçoes de boot para otimzar o kernel e alguns patchs para nvidia
+  boot = {
+    modprobeConfig.enable = true;
+    kernelModules = [ "tcp_bbr" ];
+    extraModprobeConfig = "options nvidia NVreg_UsePageAttributeTable=1 \
+    NVreg_InitializeSystemMemoryAllocations=0 \
+    NVreg_DynamicPowerManagement=0x02";
+    kernel.sysctl = {
+      "kernel.split_lock_mitigate" = 0;
+      "kernel.nmi_watchdog" = 0;
+      "net.core.netdev_max_backlog" = 4096;
+      "fs.file-max" = 2097152;
+      "net.ipv4.tcp_congestion_control" = "bbr";
+    };
+  };
+
+  services = {
+
+    earlyoom = {
+      enable = true;
+      freeSwapThreshold = 2;
+      freeMemThreshold = 2;
+      extraArgs = [
+        "-g"
+        "--avoid"
+        "'^(X|plasma.*|konsole|kwin|wayland|gnome.*)$'"
+      ];
+    };
+
+    ## Otimizaçao do Udev para placas de Video da Nvidia
+    udev = {
+      enable = true;
+      extraRules = ''
+             # Enable runtime PM for NVIDIA VGA/3D controller devices on driver bind
+             ACTION=="add|bind", SUBSYSTEM=="pci", DRIVERS=="nvidia", \
+             ATTR{vendor}=="0x10de", ATTR{class}=="0x03[0-9]*", \
+             TEST=="power/control", ATTR{power/control}="auto"
+
+             # Disable runtime PM for NVIDIA VGA/3D controller devices on driver unbind
+             ACTION=="remove|unbind", SUBSYSTEM=="pci", DRIVERS=="nvidia", \
+             ATTR{vendor}=="0x10de", ATTR{class}=="0x03[0-9]*", \
+             TEST=="power/control", ATTR{power/control}="on"
+
+             # enable udev xiaomi
+             SUBSYSTEM=="usb", ATTR{idVendor}=="2717", MODE="0666", GROUP="plugdev"
+        	     '';
+    };
+
+    preload-ng = {
+      enable = true;
+      settings = {
+        cycle = 15;
+        memTotal = -5;
+        memFree = 70;
+        memCached = 10;
+        memBuffers = 50;
+        minSize = 1000000;
+        processes = 60;
+        sortStrategy = 0;
+        autoSave = 1800;
+        mapPrefix = "/nix/store/;/run/current-system/;!/";
+        exePrefix = "/nix/store/;/run/current-system/;!/";
+      };
+    };
+  };
+
+  systemd.services.set-min-free-mem = {
+    description = "Set vm.min_free_kbytes dynamically";
+    wantedBy = [ "multi-user.target" ];
+    after = [ "local-fs.target" ];
+    serviceConfig = {
+      User = "root";
+      RemainAfterExit = true;
+    };
+    script = ''
+      TOTAL_MEM=$(${pkgs.gawk}/bin/awk '/MemTotal/ {printf "%.0f", $2 * 0.01}' /proc/meminfo)
+      if [ -z "$TOTAL_MEM" ] || [ "$TOTAL_MEM" -eq 0 ]; then
+        echo "Failed to calculate memory size" >&2
+        exit 1
+      fi
+      ${pkgs.sysctl}/bin/sysctl -w vm.min_free_kbytes=$TOTAL_MEM
+    '';
+  };
+
+  ## sistema de compressao compressao brtfs
+  fileSystems = {
+    "/" = {
+      options = [ "compress=zstd:3" ];
+    };
+  };
+
+  ## confiuraçao da zram
+  zramSwap = {
+    enable = true;
+    memoryPercent = 40;
+    algorithm = "zstd";
+  };
+
+}

hosts/Alfa/conf/GM/configs/self-host.nix

@@ -0,0 +1,71 @@
+{
+  config,
+  lib,
+  inputs,
+  pkgs,
+  ...
+}:
+{
+
+  ## tailscale
+  services.tailscale = {
+    enable = true;
+    extraUpFlags = [
+      "--exit-node-allow-lan-access=true"
+      "--ssh"
+      "--accept-dns=true"
+    ];
+  };
+  networking.nftables.enable = true;
+  networking.firewall = {
+    enable = true;
+    allowedTCPPorts = [
+      47984
+      47989
+      48910
+    ];
+    allowedUDPPortRanges = [
+      {
+        from = 47998;
+        to = 48000;
+      }
+      {
+        from = 48002;
+        to = 48010;
+      }
+    ];
+    trustedInterfaces = [ "tailscale0" ];
+    allowedUDPPorts = [ config.services.tailscale.port ];
+  };
+
+  ## Configuraçao de Docker
+
+  boot.kernel.sysctl = {
+    "net.ipv4.ip_unprivileged_port_start" = 53;
+    "net.ipv6.conf.all.forwarding" = true;
+  };
+
+  users.users.gui.extraGroups = [ "docker" ];
+  users.groups.docker.gid = 131;
+  virtualisation.docker = {
+    enable = true;
+
+    #rootless = {
+    #  enable = true;
+    #  setSocketVariable = true;
+    #};
+  };
+
+  services.openssh = {
+    enable = true;
+  };
+
+  services.sunshine = {
+    enable = true;
+    autoStart = true;
+    capSysAdmin = true;
+    openFirewall = true;
+
+  };
+
+}