Merge branch 'blue'

2023-09-29 20:49:16 +02:00 · 2023-09-29 20:49:16 +02:00 · 46209f2a68
commit 46209f2a68
parent 74b009b816 2d8a742ed1
8 changed files with 411 additions and 46 deletions
--- a/blue/configuration.nix
+++ b/blue/configuration.nix
@ -0,0 +1,305 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, lib, ... }:
+{
+  imports =
+    [
+    ];
+
+
+  system.stateVersion = "23.05";
+  system.autoUpgrade.enable = true;
+
+  nix = {
+    optimise.automatic = true;
+    gc.automatic = true;
+    gc.options = "--delete-older-than 7d";
+    package = pkgs.nixUnstable;
+    settings.experimental-features = [ "nix-command" "flakes" ];
+  };
+
+  boot = {
+    kernelPackages = pkgs.linuxPackages_latest;
+    kernelParams = [ "msr.allow_writes=on" ];
+    supportedFilesystems = [ "btrfs" ];
+    tmpOnTmpfs = true;
+    initrd.compressor = "zstd";
+    loader.systemd-boot.enable = true;
+    loader.efi.canTouchEfiVariables = true;
+    #readOnlyNixStore = true;
+  };
+
+  security = {
+    rtkit.enable = true;
+    allowSimultaneousMultithreading = true;
+    sudo.enable = false;
+    doas.enable = true;
+    doas.extraRules = [{
+      users = [ "akill" ];
+      keepEnv = true;
+      persist = true;
+    }];
+  };
+
+  powerManagement = {
+    enable = true;
+  };
+
+  networking = {
+    firewall.enable = true;
+    hostName = "blue";
+    nameservers = [ "127.0.0.1" "::1" ];
+    dhcpcd.extraConfig = "nohook resolv.conf";
+
+    networkmanager = {
+      enable = true;
+      dns = "none";
+      /*wifi.backend = "iwd"; */
+    };
+
+  };
+
+  time.timeZone = "Europe/Sarajevo";
+
+  nixpkgs.config.allowUnfree = true;
+  environment = {
+    homeBinInPath = true;
+    variables = {
+      PATH = "$HOME/.cargo/bin";
+    };
+  };
+
+  programs = {
+    gnupg.agent = { enable = true; enableSSHSupport = true; };
+    zsh.enable = true;
+    firejail.enable = true;
+    adb.enable = true;
+    wireshark.enable = true;
+    sway.enable = true;
+  };
+
+  # List services that you want to enable:
+  systemd = {
+    services = {
+      "caps2esc" = {
+        description = "Intercepts keyboard udev events";
+        wants = [ "systemd-udevd.service" ];
+        wantedBy = [ "multi-user.target" ];
+        serviceConfig.Nice = -20;
+        script = ''
+          ${pkgs.interception-tools}/bin/intercept \
+          -g /dev/input/by-path/*-kbd | \
+          /opt/caps2esc  | ${pkgs.interception-tools}/bin/uinput   \
+          -d /dev/input/by-path/*-kbd   \
+        '';
+      };
+    };
+
+    extraConfig = ''
+      DefaultTimeoutStartSec=30s
+      DefaultTimeoutStopSec=30s
+    '';
+  };
+
+  services = {
+    acpid.enable = true;
+    btrfs.autoScrub.enable = true;
+    dbus.enable = true;
+    fstrim.enable = true;
+    fwupd.enable = true;
+    ntp.enable = true;
+    openssh.enable = false;
+    printing.enable = true;
+
+    nextcloud = {
+      enable = true;
+      hostName = "localhost";
+      config.adminpassFile = "${pkgs.writeText "adminpass" "test123"}";
+    };
+
+    jellyfin = {
+      enable = false;
+      user = "akill";
+      openFirewall = false;
+    };
+
+    pipewire = {
+      enable = true;
+      alsa.enable = true;
+      alsa.support32Bit = true;
+      pulse.enable = true;
+    };
+
+    xserver = {
+      enable = true;
+      dpi = 144;
+      libinput.enable = true;
+      desktopManager.xterm.enable = false;
+      displayManager = {
+        lightdm.enable = false;
+        startx.enable = true;
+        defaultSession = "none+i3";
+      };
+      windowManager.i3.enable = true;
+    };
+
+    udev.packages = [  pkgs.rtl-sdr pkgs.openhantek6022 ];
+
+    tlp = {
+      enable = true;
+    };
+
+    actkbd = {
+      enable = true;
+      bindings = [
+
+        {
+          keys = [ 113 ];
+          events = [ "key" ];
+          command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master toggle'";
+        }
+
+        {
+          keys = [ 114 ];
+          events = [ "key" "rep" ];
+          command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master 5%- unmute'";
+        }
+
+        {
+          keys = [ 115 ];
+          events = [ "key" "rep" ];
+          command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master 5%+ unmute'";
+        }
+
+        {
+          keys = [ 224 ];
+          events = [ "key" ];
+          command = "${pkgs.light}/bin/light -U 5";
+        }
+
+        {
+          keys = [ 225 ];
+          events = [ "key" ];
+          command = "${pkgs.light}/bin/light -A 5";
+        }
+      ];
+    };
+
+    mpd = {
+      musicDirectory = "/home/mpd/music";
+      enable = false;
+      extraConfig = ''
+        audio_output {
+          type "pulse"
+          name "pulsee srv"
+          server "127.0.0.1"
+        }
+      '';
+    };
+
+    dnscrypt-proxy2 = {
+      enable = true;
+      settings = {
+        ipv6_servers = true;
+        require_dnssec = true;
+
+        sources.public-resolvers = {
+          urls = [
+            "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md"
+            "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md"
+          ];
+          cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md";
+          minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
+        };
+      };
+    };
+
+    journald.extraConfig = ''
+      SystemMaxUse=50M
+    '';
+
+    logind.extraConfig = ''
+      KillUserProcesses=yes
+    '';
+  };
+
+  fonts = {
+    fontconfig = {
+      cache32Bit = true;
+      allowBitmaps = true;
+      useEmbeddedBitmaps = true;
+      defaultFonts = {
+        monospace = [ "JetBrainsMono" ];
+      };
+    };
+
+    fonts = with pkgs; [
+      dejavu_fonts
+      dina-font
+      fira-code
+      fira-code-symbols
+      font-awesome
+      font-awesome_4
+      inconsolata
+      iosevka
+      jetbrains-mono
+      liberation_ttf
+      noto-fonts
+      noto-fonts-cjk
+      noto-fonts-emoji
+      proggyfonts
+      siji
+      terminus_font
+      terminus_font_ttf
+      ubuntu_font_family
+    ];
+  };
+
+  virtualisation = {
+    containers.storage.settings = {
+      storage = {
+        driver = "btrfs";
+        graphroot = "/var/lib/containers/storage";
+        runroot = "/run/containers/storage";
+      };
+    };
+    podman = {
+      enable = true;
+      dockerCompat = true;
+    };
+  };
+
+  sound.enable = true;
+
+  hardware = {
+    bluetooth = {
+      enable = true;
+      settings = {
+        General = {
+          Enable = "Source,Sink,Media,Socket";
+        };
+      };
+    };
+
+    opengl = {
+      enable = true;
+      driSupport = true;
+      driSupport32Bit = true;
+      extraPackages = with pkgs; [
+      ];
+    };
+  };
+
+  zramSwap = {
+    enable = false;
+    algorithm = "zstd";
+  };
+
+  users.users.akill = {
+    isNormalUser = true;
+    shell = pkgs.zsh;
+    extraGroups = [ "wireshark" "kvm" "tty" "audio" "sound" "adbusers" "dialout" ];
+  };
+}
--- a/blue/hardware-configuration.nix
+++ b/blue/hardware-configuration.nix
@ -0,0 +1,67 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/0af4dcb9-6e59-4946-87b2-0d2f14b808d4";
+      fsType = "btrfs";
+      options = [ "subvol=root" "compress=zstd" "noatime" ];
+    };
+
+  boot.initrd.luks.devices."enc_root".device = "/dev/disk/by-uuid/8eb8ac22-d89d-4406-bfbd-ce43e283649f";
+
+  fileSystems."/home" =
+    { device = "/dev/disk/by-uuid/0af4dcb9-6e59-4946-87b2-0d2f14b808d4";
+      fsType = "btrfs";
+      options = [ "subvol=home" "compress=zstd" "noatime" ];
+    };
+
+  fileSystems."/nix" =
+    { device = "/dev/disk/by-uuid/0af4dcb9-6e59-4946-87b2-0d2f14b808d4";
+      fsType = "btrfs";
+      options = [ "subvol=nix" "compress=zstd" "noatime" ];
+    };
+
+  fileSystems."/var/log" =
+    { device = "/dev/disk/by-uuid/0af4dcb9-6e59-4946-87b2-0d2f14b808d4";
+      fsType = "btrfs";
+      options = [ "subvol=log" "compress=zstd" "noatime" ];
+      neededForBoot = true;
+    };
+
+  fileSystems."/persist" =
+    { device = "/dev/disk/by-uuid/0af4dcb9-6e59-4946-87b2-0d2f14b808d4";
+      fsType = "btrfs";
+      options = [ "subvol=persist" "compress=zstd" "noatime" ];
+    };
+
+  fileSystems."/boot" =
+    { device = "/dev/disk/by-uuid/6C85-D29B";
+      fsType = "vfat";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}
--- a/flake.lock
+++ b/flake.lock
@ -182,45 +182,22 @@
        "type": "indirect"
      }
    },
-    "peerix": {
-      "inputs": {
-        "flake-compat": "flake-compat_2",
-        "flake-utils": "flake-utils",
-        "nixpkgs": "nixpkgs_4"
-      },
+    "nixpkgs_5": {
      "locked": {
-        "lastModified": 1684706914,
-        "narHash": "sha256-pBlTtsC28e/5MUTe4NWeNNOc/4Kf6EzGQGppQEQ/ioo=",
-        "owner": "asmir.abdulahovic",
-        "repo": "peerix",
-        "rev": "8fdbbd0039240e05b4f93bbd5b454d5643e8a8d1",
-        "type": "gitlab"
+        "lastModified": 1693626178,
+        "narHash": "sha256-Rpiy6lIOu4zny8tfGuIeN1ji9eSz9nPmm9yBhh/4IOM=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "bfb7dfec93f3b5d7274db109f2990bc889861caf",
+        "type": "github"
      },
      "original": {
-        "owner": "asmir.abdulahovic",
-        "repo": "peerix",
-        "type": "gitlab"
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
      }
    },
-    "root": {
-      "inputs": {
-        "caps2esc": "caps2esc",
-        "home-manager": "home-manager",
-        "nix-xilinx": "nix-xilinx",
-        "nixpkgs": "nixpkgs_3",
-        "peerix": "peerix",
-        "sops-nix": "sops-nix",
-        "zremap": "zremap"
-      }
-    },
-    "sops-nix": {
-      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ],
-        "nixpkgs-stable": "nixpkgs-stable"
-      },
-      "locked": {
        "lastModified": 1695284550,
        "narHash": "sha256-z9fz/wz9qo9XePEvdduf+sBNeoI9QG8NJKl5ssA8Xl4=",
        "owner": "Mic92",
--- a/flake.nix
+++ b/flake.nix
@ -64,6 +64,22 @@
          }
        ];
      };
+
+      blue = nixpkgs.lib.nixosSystem {
+        system = "x86_64-linux";
+        modules = [
+          {_module.args = inputs;}
+          ./blue/configuration.nix
+          ./blue/hardware-configuration.nix
+          ./packages.nix
+          home-manager.nixosModules.home-manager
+          {
+            home-manager.useGlobalPkgs = true;
+            home-manager.useUserPackages = true;
+            home-manager.users.akill = import ./home/home.nix;
+          }
+        ];
+      };
    };

    devShell.x86_64-linux = pkgs.mkShell {
--- a/home/home.nix
+++ b/home/home.nix
@ -53,7 +53,7 @@ in {
        slang = "eng,en";
        alang = "eng,en";
        hwdec = "auto";
-        vo = "dmabuf-wayland";
+        vo = "gpu-next";
        ao = "pipewire";
        script-opts-set = "ytdl_hook-ytdl_path=yt-dlp,sponsorblock-local_database=no,sponsorblock-skip_categories=[sponsor,intro,selfpromo]";
        ytdl-format = "bestvideo[height<=?1080]+bestaudio/best";
--- a/home/home_packages.nix
+++ b/home/home_packages.nix
@ -32,7 +32,7 @@
    imv
    jellyfin-media-player
    kdenlive
-    kicad
+    /*kicad*/
    kodi-wayland
    libnotify
    libreoffice
--- a/home/i3status-rust.nix
+++ b/home/i3status-rust.nix
@ -31,12 +31,7 @@
        }
        {
          block = "net";
-          device = "wlan0";
-          interval = 2;
-        }
-        {
-          block = "net";
-          device = "enp5s0";
+          device = "eno1";
          interval = 2;
        }
        {
--- a/home/sway.nix
+++ b/home/sway.nix
@ -33,16 +33,21 @@
      modifier = "Mod4";
      output = {
        eDP-1 = {
-          bg = "~/pic/weird_dragon.jpg stretch";
          /*
+          bg = "~/pic/weird_dragon.jpg stretch";
          scale = "1.4";
          */
        };
+
+	HDMI-A-4 = {
+	  res = "1920x1080";
+	};
      };
+
      input = {
-        "1:1:AT_Translated_Set_2_keyboard" = {repeat_delay = "150";};
-        "1:1:AT_Translated_Set_2_keyboard" = {repeat_rate = "70";};
-        "2:7:SynPS/2_Synaptics_TouchPad" = {tap = "enabled";};
+        "type:keyboard" = { repeat_delay = "150"; };
+        "type:keyboard" = { repeat_rate = "70"; };
+        "*TouchPad" = { tap = "enabled"; };
      };

      bars = [