From 287648124cdc8f89b751e7792d3826dd0cac9c37 Mon Sep 17 00:00:00 2001
From: Sebastian Moser <sebastian@c2vi.dev>
Date: Tue, 9 Sep 2025 20:45:00 +0200
Subject: [PATCH] added fes and other things

---
 common/nixos-wayland.nix |  54 ++++++++-----
 flake.nix                |   8 ++
 hosts/fes.nix            | 166 +++++++++++++++++++++++++++++++++++++++
 users/me/gui-home.nix    |   2 +-
 4 files changed, 210 insertions(+), 20 deletions(-)
 create mode 100644 hosts/fes.nix

diff --git a/common/nixos-wayland.nix b/common/nixos-wayland.nix
index 115ca96..56359d3 100644
--- a/common/nixos-wayland.nix
+++ b/common/nixos-wayland.nix
@@ -8,26 +8,41 @@
 # - win + D command
 # - kernel output for luks pwd on all displays
 
-{ lib, pkgs, nur, unstable, ... }: let
+{ lib, pkgs, nur, unstable, ... }:
+let
+        newerUnstableSrc = builtins.getFlake "nixpkgs/d0fc30899600b9b3466ddb260fd83deb486c32f1";
+        newerUnstable = import newerUnstableSrc.outPath {};
 
-  # use sway from unstable, to have swayfx 0.5.3 to have sway 1.11 to have wlroots 0.19.0 to have ability to share individual windows
-mySway = unstable.sway.overrideAttrs (prev: {
-    /*
-    src = pkgs.fetchFromGitHub {
-      owner = "WillPower3309";
-      repo = "swayfx";
-      rev = "";
-      hash = "";
-    };
-    */
-    src = pkgs.fetchFromGitHub {
-      owner = "swaywm";
-      repo = "sway";
-      rev = "73c244fb4807a29c6599d42c15e8a8759225b2d6";
-      hash = "sha256-P2w1oRVUNBWajt8jZOxPXvBE29urbrhtORy+lfYqnF8=";
-    };
-  });
+        mySway = newerUnstable.sway.override {
+          sway-unwrapped = (newerUnstable.sway-unwrapped.overrideAttrs (prev: {
+            /*
+            src = pkgs.fetchFromGitHub {
+              owner = "WillPower3309";
+              repo = "swayfx";
+              rev = "";
+              hash = "";
+            };
+            */
+            src = pkgs.fetchFromGitHub {
+              owner = "swaywm";
+              repo = "sway";
+              rev = "73c244fb4807a29c6599d42c15e8a8759225b2d6";
+              hash = "sha256-P2w1oRVUNBWajt8jZOxPXvBE29urbrhtORy+lfYqnF8=";
+            };
+          })).override {
+            wlroots = newerUnstable.wlroots.overrideAttrs (prev: {
+              version = "master";
+              src = pkgs.fetchFromGitLab {
+                domain = "gitlab.freedesktop.org";
+                owner = "wlroots";
+                repo = "wlroots";
+                rev = "master";
+                sha256 = "sha256-2FK6FGRpgf/YYqwJST0LVA/pnNRSUDrfrrp6mSwA0Fk=";
+              };
 
+            });
+          };
+        };
 in {
 
   services.greetd = {
@@ -148,6 +163,7 @@ in {
     }))
     */
 
+    sway
     bemenu
 
     xdg-desktop-portal
@@ -446,7 +462,7 @@ in {
           workspace 8 output $disp2 $disp1
           workspace 9 output $disp2 $disp1
           workspace 7 output eDP-1
-          workspace 0 output HEADLESS-1
+          workspace 0 output eDP-1
 
           workspace_auto_back_and_forth false
           focus_wrapping workspace
diff --git a/flake.nix b/flake.nix
index 6c5751f..56b568a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -365,6 +365,14 @@
       		];
    		};
 
+   		"fes" = nixpkgs.lib.nixosSystem {
+				inherit specialArgs;
+      		system = "x86_64-linux";
+      		modules = [
+         		./hosts/fes.nix
+      		];
+   		};
+
       # server that hosts stuff
    		"fasu" = nixpkgs.lib.nixosSystem {
 				inherit specialArgs;
diff --git a/hosts/fes.nix b/hosts/fes.nix
new file mode 100644
index 0000000..def7d78
--- /dev/null
+++ b/hosts/fes.nix
@@ -0,0 +1,166 @@
+
+{ inputs, pkgs, secretsDir, lib, ... }:
+{
+
+  #disabledModules = [ "services/databases/couchdb.nix" ];
+	imports = [
+    #"${inputs.nixpkgs-unstable}/nixos/modules/services/databases/couchdb.nix"
+		../common/all.nix
+		../common/nixos.nix
+    ../common/building.nix
+
+		inputs.home-manager.nixosModules.home-manager
+    ../users/me/headless.nix
+    ../users/root/default.nix
+    ../users/server/headless.nix
+	];
+
+
+  services.tailscale.enable = true;
+
+  virtualisation.libvirtd = {
+    enable = true;
+    qemuOvmf = true;
+    qemuSwtpm = true;
+    #qemuOvmfPackage = pkgs.OVMFFull;
+  };
+  virtualisation.docker.enable = true;
+  users.users.server.extraGroups = [ "docker" ];
+
+	# Use the GRUB 2 boot loader.
+	boot.loader.grub = {
+  	enable = true;
+    #device = "/dev/disk/by-id/ata-TOSHIBA_MQ04ABF100_11MYT5RBT";
+    device = "nodev"; # don't install, when i do nixre -h fusu ... but when installing onto the two discs (sata hdd and nvme ssd) change to the device like above
+  	efiSupport = true;
+		extraConfig = ''
+			set timeout=2
+		'';
+  };
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/fes-root";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-label/fes-boot";
+    fsType = "fat32";
+  };
+
+	services.openssh = {
+  		enable = true;
+  		# require public key authentication for better security
+  		settings.PasswordAuthentication = false;
+  		settings.KbdInteractiveAuthentication = false;
+  		settings.PermitRootLogin = "yes";
+      ports = [ 22 ];
+
+      settings.X11Forwarding = true;
+
+      extraConfig = ''
+        X11UseLocalhost no
+      '';
+	};
+
+	networking.firewall.allowPing = true;
+	networking.firewall.enable = true;
+
+  networking.firewall.interfaces."tailscale0".allowedTCPPorts = [ 
+    443 # couchdb for obsidian live sync https
+    44444 # resilio sync
+    9000 # resilio webui
+  ];
+
+	services.samba.openFirewall = true;
+
+	networking.firewall.allowedTCPPorts = [
+		8888 # for general usage
+		9999 # for general usage
+    8080 # for mitm proxy
+    5901 # vnc
+
+  	5357 # wsdd
+    8080 # for mitm proxy
+
+    49388
+    49389
+    49390
+    49391
+    49392
+    49393
+
+	];
+
+
+  networking.firewall.allowedTCPPortRanges = [
+    { from = 25500; to = 27777;} # minecraft
+  ];
+  networking.firewall.allowedUDPPortRanges = [
+    { from = 27700; to = 28800;} # minecraft
+  ];
+
+	networking.firewall.allowedUDPPorts = [
+  		3702 # wsdd
+      67 # allow DHCP traffic
+      53 # allow dns
+	];
+
+  networking.networkmanager.enable = false;  # Easiest to use and most distros use this by default.
+
+  # to build rpi images
+  boot.binfmt.emulatedSystems = [ 
+    "aarch64-linux"
+  ];
+
+  environment.systemPackages = with pkgs; [
+    sshfs
+    ntfs3g
+    virtiofsd
+    bcache-tools
+    su
+    fuse3
+    terraform
+    usbutils
+  ];
+
+	nix.settings = {
+		trusted-public-keys = [
+			"sebastian@c2vi.dev:0tIXGRJMLaI9H1ZPdU4gh+BikUuBVHtk+e1B5HggdZo="
+		];
+      trusted-users = [ "me" ];
+	};
+
+  networking.useDHCP = false;
+  networking.bridges = {
+    "br0" = {
+      interfaces = [ "enp4s0" ];
+    };
+  };
+  networking.interfaces.br0.ipv4.addresses = [ {
+    address = "192.168.1.4";
+    prefixLength = 24;
+  } ];
+	networking = {
+		usePredictableInterfaceNames = true;
+		defaultGateway = {
+			address = "192.168.1.1";
+			interface = "br0";
+		};
+		hostName = "fes";
+		nameservers = [ "1.1.1.1" "8.8.8.8" ];
+	};
+
+  boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "sd_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  swapDevices = [{
+    device = "/swapfile";
+    size = 63 * 1024; # 64GB
+  }];
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+
+}
diff --git a/users/me/gui-home.nix b/users/me/gui-home.nix
index ecea2ea..500871e 100755
--- a/users/me/gui-home.nix
+++ b/users/me/gui-home.nix
@@ -112,7 +112,7 @@
 
     # use signal from unstable, because the app itself says it would to update to be usable
 		self.inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.signal-desktop
-		self.inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.ticktick
+		#self.inputs.nixpkgs-unstable.legacyPackages.x86_64-linux.ticktick
 		element-desktop
 		discord
 		wireshark