diff --git a/configuration.nix b/configuration.nix index 5ce366d..58a7c9b 100644 --- a/configuration.nix +++ b/configuration.nix @@ -24,8 +24,8 @@ hardware = { - xone.enable = true; - xpadneo.enable = true; + #xone.enable = true; + #xpadneo.enable = true; steam-hardware.enable = true; opengl.enable = true; }; @@ -40,7 +40,7 @@ # Network security # enable firewall and block all ports networking.firewall.enable = true; - networking.firewall.allowedTCPPorts = []; + networking.firewall.allowedTCPPorts = [7777]; networking.firewall.allowedUDPPorts = []; # disable coredump that could be exploited later @@ -150,6 +150,7 @@ jdk cypress jq + swtpm # Controller linuxConsoleTools # Buildtools @@ -174,6 +175,7 @@ remmina krita darktable + kdePackages.kleopatra ]; nixpkgs.config.permittedInsecurePackages = [ @@ -192,6 +194,22 @@ # enable and configure Docker virtualisation.docker.enable = true; + # enable VMs + programs.virt-manager.enable = true; + users.groups.libvirtd.members = ["schulze"]; + virtualisation = { + libvirtd = { + enable = true; + qemu = { + swtpm.enable = true; + ovmf.enable = true; + ovmf.packages = [ pkgs.OVMFFull.fd ]; + # package = pkgs.qemu_kvm; + }; + }; + spiceUSBRedirection.enable = true; + }; + # SSH settings programs.ssh.extraConfig = ""; diff --git a/flake.lock b/flake.lock index 312dbcd..d14b9e9 100644 --- a/flake.lock +++ b/flake.lock @@ -2,11 +2,11 @@ "nodes": { "nixpkgs": { "locked": { - "lastModified": 1724531977, - "narHash": "sha256-XROVLf9ti4rrNCFLr+DmXRZtPjCQTW4cYy59owTEmxk=", + "lastModified": 1735563628, + "narHash": "sha256-OnSAY7XDSx7CtDoqNh8jwVwh4xNL/2HaJxGjryLWzX8=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2527da1ef492c495d5391f3bcf9c1dd9f4514e32", + "rev": "b134951a4c9f3c995fd7be05f3243f8ecd65d798", "type": "github" }, "original": {