kopatz/nix-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

format all

Browse Source
This commit is contained in:
Kopatz
2025-10-30 21:59:31 +01:00
parent b1dda4d037
commit 8a78e618bb
188 changed files with 3526 additions and 1825 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
systems/adam-site/configuration.nix
View File

@@ -1,4 +1,11 @@
{ modulesPath, config, lib, pkgs, ... }: {
{
modulesPath,
config,
lib,
pkgs,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
(modulesPath + "/profiles/qemu-guest.nix")
@@ -6,7 +13,11 @@
];
services.openssh.enable = true;
networking.firewall.allowedTCPPorts = [ 22 80 443 ];
networking.firewall.allowedTCPPorts = [
22
80
443
];
networking = {
defaultGateway6 = {
address = "fe80::1";
@@ -14,10 +25,12 @@
};
interfaces.enp1s0 = {
ipv6.addresses = [ {
address = "2a01:4f8:c013:232b::2";
prefixLength = 64;
} ];
ipv6.addresses = [
{
address = "2a01:4f8:c013:232b::2";
prefixLength = 64;
}
];
};
};
custom = {
@@ -27,7 +40,9 @@
plausible.enable = true;
};
nftables.enable = true;
nix = { settings.enable = true; };
nix = {
settings.enable = true;
};
};
age.secrets.stash-auth = {
@@ -76,7 +91,10 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJTpEPKK38MQHcLHkJ6TCqrhSQ9B2ruVx6ONRVQYJC6"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPb326bQdoNNQ/z38C07TbyhNoj59eJTHRHaMqHSHBXy"
];
environment.systemPackages = map lib.lowPrio [ pkgs.curl pkgs.gitMinimal ];
environment.systemPackages = map lib.lowPrio [
pkgs.curl
pkgs.gitMinimal
];
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
@@ -88,18 +106,23 @@
systemd.services.kop-monitor = {
description = "Kop Monitor";
wants = [ "network-online.target" ];
after = [ "network.target" "network-online.target" ];
after = [
"network.target"
"network-online.target"
];
wantedBy = [ "multi-user.target" ];
path = [ "${pkgs.iputils}" ];
serviceConfig = with lib; {
Type = "simple";
ExecStart = "${(pkgs.kop-monitor.overrideAttrs {
ExecStart = "${
(pkgs.kop-monitor.overrideAttrs {
src = fetchGit {
url = "git@github.com:kropatz/monitor.git";
ref = "monitor-homeserver";
rev = "14e84874302146690491a8ced7e3c89dce183a74";
};
})}/bin/monitor";
})
}/bin/monitor";
DynamicUser = true;
Restart = "on-failure";
RestartSec = "5s";
@@ -137,14 +160,20 @@
networking.wg-quick.interfaces = {
wg0 = {
autostart = true;
address = [ "10.100.0.1/24" "fd42:42:42::1/64" ];
address = [
"10.100.0.1/24"
"fd42:42:42::1/64"
];
listenPort = 51820;
privateKeyFile = config.age.secrets.wireguard.path;
peers = [
{
# kop pc
publicKey = "YgecbWSNRqOmylYqxr/V21LL3UpKEr5x42lXPAxriSc=";
allowedIPs = [ "10.100.0.2/32" "fd42:42:42::2/128" ];
allowedIPs = [
"10.100.0.2/32"
"fd42:42:42::2/128"
];
}
];
};

81
systems/amd-server-vm/configuration.nix
View File

@@ -1,4 +1,10 @@
{ config, pkgs, modulesPath, lib, ... }:
{
config,
pkgs,
modulesPath,
lib,
...
}:
{
imports = [
# Include the results of the hardware scan.
@@ -19,7 +25,10 @@
];
boot = {
kernelParams = [ "console=tty0" "console=ttyS0" ];
kernelParams = [
"console=tty0"
"console=ttyS0"
];
loader.timeout = lib.mkForce 1;
loader.grub = {
@@ -52,17 +61,44 @@
let
kavita = "/data/kavita";
gitolite = "/var/lib/gitolite";
mail = [ "/data/vmail" "/var/lib/opendkim" ];
syncthing = [ "/data/synced/default/" "/data/synced/work_drive/" ];
syncthingFull = syncthing
++ [ "/data/synced/fh/" "/data/synced/books/" ];
backupPathsSmall = [ "/home" gitolite ] ++ syncthing ++ mail;
backupPathsMedium = [ "/home" gitolite ] ++ syncthing ++ mail;
backupPathsFull = [ "/home" kavita gitolite ] ++ syncthingFull ++ mail;
mail = [
"/data/vmail"
"/var/lib/opendkim"
];
syncthing = [
"/data/synced/default/"
"/data/synced/work_drive/"
];
syncthingFull = syncthing ++ [
"/data/synced/fh/"
"/data/synced/books/"
];
backupPathsSmall = [
"/home"
gitolite
]
++ syncthing
++ mail;
backupPathsMedium = [
"/home"
gitolite
]
++ syncthing
++ mail;
backupPathsFull = [
"/home"
kavita
gitolite
]
++ syncthingFull
++ mail;
in
{
enable = true;
excludePaths = lib.mkOptionDefault [ "${kavita}/manga" "/home/anon/projects" ];
excludePaths = lib.mkOptionDefault [
"${kavita}/manga"
"/home/anon/projects"
];
small = backupPathsSmall; # goes to backblaze
medium = backupPathsMedium; # goes to gdrive
large = backupPathsFull; # goes to local storage medium
@@ -108,7 +144,11 @@
services.xserver.videoDrivers = [ "vmware" ];
# 8888 = scheibenmeister skip button
networking.firewall.allowedTCPPorts = [ 25565 25566 8888 ];
networking.firewall.allowedTCPPorts = [
25565
25566
8888
];
networking.nftables.tables.ip_drop = {
family = "inet";
content = ''
@@ -145,21 +185,32 @@
fileSystems."/data" = {
device = "/dev/disk/by-uuid/d117419d-fce9-4d52-85c7-e3481feaa22a";
fsType = "btrfs";
options = [ "compress=zstd" "noatime" "nofail" ];
options = [
"compress=zstd"
"noatime"
"nofail"
];
};
fileSystems."/1tbssd" = {
device = "/dev/disk/by-uuid/801d9217-9c38-4ca8-914e-e31361603892";
fsType = "ext4";
options = [ "defaults" "nofail" "noatime" ];
options = [
"defaults"
"nofail"
"noatime"
];
};
fileSystems."/hdd" = {
device = "/dev/disk/by-uuid/99954059-3801-4abb-a536-0e7802a3e6b4";
fsType = "ext4";
options = [ "defaults" "nofail" "noatime" ];
options = [
"defaults"
"nofail"
"noatime"
];
};
# Configure console keymap
console.keyMap = "us";

8
systems/amd-server-vm/disk-config.nix
View File

@@ -1,5 +1,6 @@
# Example to create a bios compatible gpt partition
{ lib, ... }: {
{ lib, ... }:
{
disko.devices = {
disk.main = {
device = lib.mkDefault "/dev/vda";
@@ -28,7 +29,10 @@
type = "btrfs";
extraArgs = [ "-f" ]; # Override existing partition
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ];
mountOptions = [
"compress=zstd"
"noatime"
];
};
};
};

67
systems/amd-server-vm/mail.nix
View File

@@ -1,10 +1,15 @@
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
let
# create hash -> dovecot -O pw
tmp_dovecot_passwords = ''
lukas:{CRYPT}$2y$05$jqBkvhJ0e439J0PLhef4leOGc3GACGH83kSDCrvmAcsdz68tELkA6:5000:5000::/home/lukas";
work:{CRYPT}$2y$05$bEpY1WJ4j/QovgUv0Pxak.vKcSC/o.0T9OHxaekUpI1GK5mAY6vQS:5000:5000::/home/work";
school:{CRYPT}$2y$05$RRIjDak/PWhHITKMvGJ9b.MSMrsduUXjLJOfuXQ0k.pQX24shAsq2:5000:5000::/home/school";
lukas:{CRYPT}$2y$05$jqBkvhJ0e439J0PLhef4leOGc3GACGH83kSDCrvmAcsdz68tELkA6:5000:5000::/home/lukas";
work:{CRYPT}$2y$05$bEpY1WJ4j/QovgUv0Pxak.vKcSC/o.0T9OHxaekUpI1GK5mAY6vQS:5000:5000::/home/work";
school:{CRYPT}$2y$05$RRIjDak/PWhHITKMvGJ9b.MSMrsduUXjLJOfuXQ0k.pQX24shAsq2:5000:5000::/home/school";
'';
email-domain = "kopatz.dev";
in
@@ -12,7 +17,11 @@ in
# 25 = stmp -> postfix
# 143 = imap -> dovecot
# 587 = submission -> postfix
networking.firewall.allowedTCPPorts = [ 25 143 587 ];
networking.firewall.allowedTCPPorts = [
25
143
587
];
users = {
users = {
vmail = {
@@ -42,25 +51,33 @@ in
type = "inet";
private = false;
command = "smtpd";
args = [ "-o syslog_name=postfix/submission"
"-o smtpd_tls_security_level=encrypt"
"-o smtpd_sasl_auth_enable=yes"
"-o smtpd_client_restrictions=permit_sasl_authenticated,reject"
# TODO: look into check_sender_access hash:/etc/postfix/sender_access
# reject_unknown_sender_domain blocks internal git from evolit
#"-o smtpd_sender_restrictions="
"-o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject"
"-o smtpd_relay_restrictions=permit_sasl_authenticated,reject"
"-o milter_macro_daemon_name=ORIGINATING"
];
args = [
"-o syslog_name=postfix/submission"
"-o smtpd_tls_security_level=encrypt"
"-o smtpd_sasl_auth_enable=yes"
"-o smtpd_client_restrictions=permit_sasl_authenticated,reject"
# TODO: look into check_sender_access hash:/etc/postfix/sender_access
# reject_unknown_sender_domain blocks internal git from evolit
#"-o smtpd_sender_restrictions="
"-o smtpd_recipient_restrictions=reject_non_fqdn_recipient,reject_unknown_recipient_domain,permit_sasl_authenticated,reject"
"-o smtpd_relay_restrictions=permit_sasl_authenticated,reject"
"-o milter_macro_daemon_name=ORIGINATING"
];
};
};
main = {
myhostname = "${email-domain}";
mydomain = "${email-domain}";
#myorigin = "$mydomain";
mynetworks = [ "127.0.0.0/8" "192.168.0.0/24" "192.168.2.0/24" ];
mydestination = [ "localhost.$mydomain" "localhost" ];
mynetworks = [
"127.0.0.0/8"
"192.168.0.0/24"
"192.168.2.0/24"
];
mydestination = [
"localhost.$mydomain"
"localhost"
];
message_size_limit = 25600000; # 25MB
recipient_delimiter = "+";
virtual_mailbox_domains = [ "${email-domain}" ];
@@ -74,15 +91,21 @@ in
# TLS settings
# server settings / SMTP TLS configuration for inbound connections
smtpd_tls_security_level = "may";
smtpd_tls_chain_files = [ "/var/lib/acme/${email-domain}/key.pem " "/var/lib/acme/${email-domain}/fullchain.pem " ];
smtpd_tls_chain_files = [
"/var/lib/acme/${email-domain}/key.pem "
"/var/lib/acme/${email-domain}/fullchain.pem "
];
smtpd_tls_received_header = "yes";
smtpd_tls_auth_only = "yes"; # disable AUTH over non-encrypted connections
smtpd_tls_ciphers = "high"; # ciphers used in opportunistic TLS
smtpd_tls_exclude_ciphers = "aNULL, MD5, DES"; # exclude weak ciphers
smtpd_tls_protocols = ">=TLSv1.2";
#client settings / SMTP TLS configuration for outbound connections
smtp_tls_chain_files = [ "/var/lib/acme/${email-domain}/key.pem " "/var/lib/acme/${email-domain}/fullchain.pem " ]; # private key followed by cert chain
smtp_tls_security_level = "may"; #opportunistic TLS
smtp_tls_chain_files = [
"/var/lib/acme/${email-domain}/key.pem "
"/var/lib/acme/${email-domain}/fullchain.pem "
]; # private key followed by cert chain
smtp_tls_security_level = "may"; # opportunistic TLS
smtp_tls_ciphers = "high"; # ciphers used in opportunistic TLS
smtp_tls_exclude_ciphers = "aNULL, MD5, DES"; # exclude weak ciphers
smtp_tls_protocols = ">=TLSv1.2";
@@ -182,7 +205,7 @@ in
}
namespace inbox {
inbox = yes
# Autocreate special folders
mailbox Drafts {
special_use = \Drafts

17
systems/amd-server-vpn-vm/configuration.nix
View File

@@ -1,4 +1,10 @@
{ config, pkgs, modulesPath, lib, ... }:
{
config,
pkgs,
modulesPath,
lib,
...
}:
{
imports = [
@@ -16,7 +22,10 @@
];
boot = {
kernelParams = [ "console=tty0" "console=ttyS0" ];
kernelParams = [
"console=tty0"
"console=ttyS0"
];
loader.timeout = lib.mkForce 1;
loader.grub.enable = true;
@@ -72,8 +81,8 @@
# settings = {
# server_url = "http://0.0.0.0:8080";
# logtail.enable = false;
# dns = {
# base_domain = "kopatz.dev";
# dns = {
# base_domain = "kopatz.dev";
# override_local_dns = false;
# };
# };

8
systems/amd-server-vpn-vm/disk-config.nix
View File

@@ -1,5 +1,6 @@
# Example to create a bios compatible gpt partition
{ lib, ... }: {
{ lib, ... }:
{
disko.devices = {
disk.main = {
device = lib.mkDefault "/dev/vda";
@@ -28,7 +29,10 @@
type = "btrfs";
extraArgs = [ "-f" ]; # Override existing partition
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ];
mountOptions = [
"compress=zstd"
"noatime"
];
};
};
};

29
systems/amd-server-vpn-vm/hardware.nix
View File

@@ -1,19 +1,30 @@
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "virtio_blk" ];
boot.initrd.availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"virtio_blk"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/f222513b-ded1-49fa-b591-20ce86a2fe7f";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/f222513b-ded1-49fa-b591-20ce86a2fe7f";
fsType = "ext4";
};
swapDevices = [ ];

44
systems/amd-server/configuration.nix
View File

@@ -1,6 +1,11 @@
# 0000:2b:00.0 VGA compatible controller [0300]: NVIDIA Corporation GM204 [GeForce GTX 970] [10de:13c2] (rev a1)
# 0000:2b:00.1 Audio device [0403]: NVIDIA Corporation GM204 High Definition Audio Controller [10de:0fbb] (rev a1)
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
{
imports = [
@@ -28,7 +33,10 @@
ssd.enable = true;
vfio = {
enable = true;
stub_pci = [ "10de:13c2" "10de:0fbb" ]; #nvidia
stub_pci = [
"10de:13c2"
"10de:0fbb"
]; # nvidia
};
wooting.enable = true;
};
@@ -56,23 +64,33 @@
};
mainUser.layout = "de";
mainUser.variant = "us";
services.xserver.displayManager.lightdm.enable = false; #no login manager!
services.xserver.displayManager.lightdm.enable = false; # no login manager!
nix.gc.automatic = lib.mkForce false;
networking = {
useDHCP = false;
defaultGateway.address = "192.168.0.1";
nameservers = [ "192.168.0.10" "1.1.1.1" ];
nameservers = [
"192.168.0.10"
"1.1.1.1"
];
bridges.br0 = { interfaces = [ "enp42s0" ]; };
bridges.br0 = {
interfaces = [ "enp42s0" ];
};
interfaces.br0 = {
ipv4.addresses = [{
address = "192.168.0.20";
prefixLength = 24;
}];
ipv4.addresses = [
{
address = "192.168.0.20";
prefixLength = 24;
}
];
};
firewall.allowedTCPPorts = [ 25565 25566 ]; # localsend
firewall.allowedTCPPorts = [
25565
25566
]; # localsend
};
@@ -130,8 +148,10 @@
boot.blacklistedKernelModules = [ "k10temp" ];
networking.hostName = "amd-server"; # Define your hostname.
nixpkgs.config.permittedInsecurePackages =
[ "electron-28.3.3" "electron-27.3.11" ];
nixpkgs.config.permittedInsecurePackages = [
"electron-28.3.3"
"electron-27.3.11"
];
# List packages installed in system profile. To search, run:
# $ nix search wget

24
systems/amd-server/hardware-configuration-intel.nix
View File

@@ -1,12 +1,24 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "uas" "sd_mod" ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"uas"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
@@ -19,7 +31,10 @@
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/AE1C-16B9";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [ ];
@@ -33,6 +48,5 @@
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.cpu.amd.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

31
systems/amd-server/hardware-configuration.nix
View File

@@ -1,13 +1,25 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
boot.initrd.availableKernelModules =
[ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
@@ -15,13 +27,19 @@
fileSystems."/" = {
device = "/dev/disk/by-uuid/a3c34c9e-06be-49dc-a5d3-4156defa11e7";
fsType = "btrfs";
options = [ "defaults" "noatime"];
options = [
"defaults"
"noatime"
];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/AE1C-16B9";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
options = [
"fmask=0077"
"dmask=0077"
];
};
swapDevices = [ ];
@@ -34,6 +52,5 @@
# networking.interfaces.enp6s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

19
systems/laptop/configuration.nix
View File

@@ -1,4 +1,10 @@
{ config, pkgs, inputs, lib, ... }:
{
config,
pkgs,
inputs,
lib,
...
}:
let
cec = "${pkgs.v4l-utils}/bin/cec-ctl";
in
@@ -102,7 +108,10 @@ in
};
};
nixpkgs.config.permittedInsecurePackages = [ "electron-27.3.11" "electron-28.3.3" ];
nixpkgs.config.permittedInsecurePackages = [
"electron-27.3.11"
"electron-28.3.3"
];
hardware.cpu.amd.ryzen-smu.enable = true;
environment.systemPackages = with pkgs; [
nvtopPackages.amd
@@ -144,8 +153,10 @@ in
];
};
age.identityPaths =
[ "/home/kopatz/.ssh/id_ed25519" "/etc/ssh/ssh_host_ed25519_key" ];
age.identityPaths = [
"/home/kopatz/.ssh/id_ed25519"
"/etc/ssh/ssh_host_ed25519_key"
];
mainUser.layout = "de_us_swapped";
mainUser.variant = "";
console.useXkbConfig = true;

49
systems/laptop/disk-config.nix
View File

@@ -1,5 +1,6 @@
# Example to create a bios compatible gpt partition
{ lib, ... }: {
{ lib, ... }:
{
disko.devices = {
disk.main = {
device = lib.mkDefault "/dev/nvme0n1";
@@ -7,33 +8,33 @@
content = {
type = "gpt";
partitions = {
ESP = {
size = "1G";
type = "EF00";
ESP = {
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
root = {
size = "100%";
content = {
# LUKS passphrase will be prompted interactively only
type = "luks";
name = "crypted";
settings = {
allowDiscards = true;
};
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
format = "ext4";
mountpoint = "/";
mountOptions = [ "noatime" ];
};
};
root = {
size = "100%";
content = {
# LUKS passphrase will be prompted interactively only
type = "luks";
name = "crypted";
settings = {
allowDiscards = true;
};
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [ "noatime" ];
};
};
};
};
};

21
systems/laptop/hardware-configuration.nix
View File

@@ -1,16 +1,25 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
# boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "uas" "sd_mod" "rtsx_pci_sdmmc" "thunderbolt"];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "thunderbolt" ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"thunderbolt"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];

13
systems/laptop/modules/battery.nix
View File

@@ -6,7 +6,10 @@
services.system76-scheduler.settings.cfsProfiles.enable = true;
services.upower.enable = true;
environment.systemPackages = with pkgs; [ gnome-power-manager powertop ];
environment.systemPackages = with pkgs; [
gnome-power-manager
powertop
];
# Enable TLP (better than gnomes internal power manager)
services.tlp = {
@@ -19,11 +22,11 @@
CPU_ENERGY_PERF_POLICY_ON_BAT = "balance_power";
CPU_ENERGY_PERF_POLICY_ON_AC = "performance";
RADEON_POWER_PROFILE_ON_AC="performance";
RADEON_POWER_PROFILE_ON_BAT="battery";
RADEON_POWER_PROFILE_ON_AC = "performance";
RADEON_POWER_PROFILE_ON_BAT = "battery";
AMDGPU_ABM_LEVEL_ON_AC=0;
AMDGPU_ABM_LEVEL_ON_BAT=2;
AMDGPU_ABM_LEVEL_ON_AC = 0;
AMDGPU_ABM_LEVEL_ON_BAT = 2;
#CPU_MIN_PERF_ON_AC = 0;
#CPU_MAX_PERF_ON_AC = 100;

16
systems/laptop/modules/rpi-stuffidk.nix
View File

@@ -10,12 +10,17 @@ in
openFirewall = true;
};
networking.interfaces."${pi_interface}" = {
ipv4.addresses = [{
address = "192.168.1.1";
prefixLength = 24;
}];
ipv4.addresses = [
{
address = "192.168.1.1";
prefixLength = 24;
}
];
};
networking.firewall.allowedUDPPorts = [ 67 68 ];
networking.firewall.allowedUDPPorts = [
67
68
];
services = {
kea.dhcp4 = {
enable = true;
@@ -62,5 +67,4 @@ in
};
};
}

5
systems/laptop/secrets/secrets.nix
View File

@@ -5,5 +5,8 @@ let
systems = [ laptop ];
in
{
"wireguard-private.age".publicKeys = [ laptop-user laptop ];
"wireguard-private.age".publicKeys = [
laptop-user
laptop
];
}

52
systems/pc/configuration.nix
View File

@@ -2,7 +2,14 @@
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, lib, inputs, ... }: {
{
config,
pkgs,
lib,
inputs,
...
}:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
@@ -43,8 +50,15 @@
dns = "192.168.0.10";
#gateway = "192.168.0.10";
};
misc = { docker.enable = true; };
services = { syncthing = { enable = true; }; adguard.ip = "192.168.0.10"; };
misc = {
docker.enable = true;
};
services = {
syncthing = {
enable = true;
};
adguard.ip = "192.168.0.10";
};
hardware = {
android.enable = true;
amd-gpu = {
@@ -107,7 +121,7 @@
services.searx = {
enable = false;
settings = {
use_default_settings=true;
use_default_settings = true;
server.port = 8787;
server.bind_address = "0.0.0.0";
server.secret_key = "1";
@@ -131,15 +145,13 @@
after = [ "graphical-session.target" ];
serviceConfig = {
Type = "simple";
ExecStart =
"${pkgs.scheibnkleister-presence}/bin/scheibnkleister-presence";
ExecStart = "${pkgs.scheibnkleister-presence}/bin/scheibnkleister-presence";
Restart = "on-failure";
RestartSec = 1;
TimeoutStopSec = 10;
};
};
# apple shit
#services.usbmuxd.enable = true;
environment.systemPackages = with pkgs; [
@@ -147,7 +159,8 @@
#kdePackages.qtdeclarative
#libimobiledevice
#ifuse # optional, to mount using 'ifuse'
(wl-clicker.overrideAttrs (old: { # wayland autoclicker
(wl-clicker.overrideAttrs (old: {
# wayland autoclicker
src = pkgs.fetchFromGitHub {
owner = "phonetic112";
repo = "wl-clicker";
@@ -237,17 +250,26 @@
''
];
networking.hosts = let
addr_to_domain_list = config.custom.services.adguard.rewrites |> map (x: { "${x.answer}" = [ x.domain ];} );
flattened = builtins.foldl' (acc: elem:
networking.hosts =
let
addr_to_domain_list =
config.custom.services.adguard.rewrites
|> map (x: {
"${x.answer}" = [ x.domain ];
});
flattened = builtins.foldl' (
acc: elem:
let
ip = builtins.head (builtins.attrNames elem);
names = elem.${ip};
in acc // {
${ip} = (acc.${ip} or []) ++ names;
in
acc
// {
${ip} = (acc.${ip} or [ ]) ++ names;
}
) {} addr_to_domain_list;
in flattened;
) { } addr_to_domain_list;
in
flattened;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions

50
systems/pc/hardware-configuration.nix
View File

@@ -1,34 +1,44 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.availableKernelModules = [
"nvme"
"xhci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/dd65bdf8-c003-439c-a1aa-d050cb20959d";
fsType = "ext4";
options = [
"defaults"
"noatime"
];
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/dd65bdf8-c003-439c-a1aa-d050cb20959d";
fsType = "ext4";
options = [
"defaults"
"noatime"
];
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/CC7C-CF82";
fsType = "vfat";
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/CC7C-CF82";
fsType = "vfat";
};
swapDevices = [ ];

7
systems/pc/tailscale-client.nix
View File

@@ -1,4 +1,9 @@
{pkgs, lib, config, ...}:
{
pkgs,
lib,
config,
...
}:
{
# Run tailscale up --login-server http://<headscale_server>
services.tailscale.enable = true;

58
systems/portable-ssd/configuration.nix
View File

@@ -2,7 +2,12 @@
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
{
config,
lib,
pkgs,
...
}:
{
imports = [ ../../modules/misc/kernel.nix ];
@@ -10,11 +15,23 @@
specialisation = {
nvidia = {
inheritParentConfig = true;
configuration = { custom = { hardware = { nvidia.enable = true; }; }; };
configuration = {
custom = {
hardware = {
nvidia.enable = true;
};
};
};
};
amd-gpu = {
inheritParentConfig = true;
configuration = { custom = { hardware = { amd-gpu.enable = true; }; }; };
configuration = {
custom = {
hardware = {
amd-gpu.enable = true;
};
};
};
};
};
@@ -47,27 +64,50 @@
networking.useDHCP = lib.mkDefault true;
networking.networkmanager.enable = true;
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" "sd_mod" "rtsx_pci_sdmmc" "uas" "usbcore" "ehci_hcd" "uhci_hcd" "ohci_hcd" "scsi_mod" ];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ahci"
"ehci_pci"
"nvme"
"usbhid"
"usb_storage"
"sd_mod"
"sd_mod"
"rtsx_pci_sdmmc"
"uas"
"usbcore"
"ehci_hcd"
"uhci_hcd"
"ohci_hcd"
"scsi_mod"
];
fileSystems."/" = {
device = "/dev/disk/by-label/nixos-ssd";
fsType = "ext4";
options = [ "defaults" "noatime" ];
options = [
"defaults"
"noatime"
];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/7395-0541";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
options = [
"fmask=0077"
"dmask=0077"
];
};
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "portable-ssd"; # Define your hostname.
nixpkgs.config.permittedInsecurePackages =
[ "electron-28.3.3" "electron-27.3.11" ];
nixpkgs.config.permittedInsecurePackages = [
"electron-28.3.3"
"electron-27.3.11"
];
# List packages installed in system profile. To search, run:
# $ nix search wget

9
systems/vm/configuration.nix
View File

@@ -1,4 +1,11 @@
{ pkgs, config, lib, modulesPath, ... }: {
{
pkgs,
config,
lib,
modulesPath,
...
}:
{
imports = [
./vm-common.nix

21
systems/vm/vm-common.nix
View File

@@ -1,10 +1,16 @@
{ pkgs, lib, ... }: {
{ pkgs, lib, ... }:
{
services.xserver = {
enable = true;
resolutions = lib.mkOverride 9 ([ ] ++ [{
x = 1680;
y = 1050;
}]);
resolutions = lib.mkOverride 9 (
[ ]
++ [
{
x = 1680;
y = 1050;
}
]
);
};
virtualisation.vmVariant = {
@@ -15,7 +21,10 @@
};
};
boot = {
kernelParams = [ "console=tty0" "console=ttyS0" ];
kernelParams = [
"console=tty0"
"console=ttyS0"
];
loader.timeout = lib.mkForce 1;
loader.grub = {