diff --git a/flake.nix b/flake.nix index b67fc31..692443e 100644 --- a/flake.nix +++ b/flake.nix @@ -68,6 +68,36 @@ ]; }; + mediabox = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + {_module.args = inputs;} + ./common/packages.nix + ./common/suspend.nix + ./mediabox/configuration.nix + ./mediabox/hardware-configuration.nix + sops-nix.nixosModules.sops + home-manager.nixosModules.home-manager + { + home-manager.useGlobalPkgs = true; + home-manager.useUserPackages = true; + home-manager.users.akill = import ./home/home.nix; + } + peerix.nixosModules.peerix + { + services.peerix = { + enable = true; + globalCacheTTL = 10; + package = peerix.packages.x86_64-linux.peerix; + openFirewall = true; # UDP/12304 + privateKeyFile = nixy.config.sops.secrets."peerix/private".path; + publicKeyFile = ./mediabox/peerix-public; + publicKey = "peerix-nixy:8THqS0R2zWF/47ai0RFmqJnieYTZ1jaWOD9tnzpvA6s="; + }; + } + ]; + }; + blue = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; modules = [ diff --git a/mediabox/configuration.nix b/mediabox/configuration.nix new file mode 100644 index 0000000..79a3000 --- /dev/null +++ b/mediabox/configuration.nix @@ -0,0 +1,416 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). +{ + config, + pkgs, + ... +}: { + imports = []; + + system.stateVersion = "23.05"; + system.autoUpgrade.enable = false; + + nix = { + optimise.automatic = true; + gc.automatic = true; + gc.options = "--delete-older-than 7d"; + package = pkgs.nixUnstable; + settings = { + experimental-features = ["nix-command" "flakes"]; + }; + }; + + boot = { + kernelParams = ["msr.allow_writes=on"]; + kernelPackages = pkgs.linuxPackages_latest; + kernelModules = ["acpi_call"]; + supportedFilesystems = ["btrfs"]; + loader.systemd-boot.enable = true; + tmpOnTmpfs = true; + initrd.compressor = "zstd"; + }; + + powerManagement = { + enable = true; + cpuFreqGovernor = "ondemand"; + }; + + networking = { + firewall = { + enable = true; + allowedTCPPorts = [80 443]; + }; + hostName = "mediabox"; + interfaces.enp0s25.useDHCP = true; + interfaces.wlp3s0.useDHCP = false; + useDHCP = false; + wireless.enable = false; + wireless.interfaces = ["wlp3s0"]; + nameservers = ["127.0.0.1" "::1"]; + dhcpcd.extraConfig = "nohook resolv.conf"; + networkmanager.dns = "none"; + extraHosts = '' + 192.168.1.173 nixy.lan + ''; + }; + + time.timeZone = "Europe/Sarajevo"; + + nixpkgs.config.allowUnfree = true; + environment = { + homeBinInPath = true; + variables = { + PATH = "$HOME/.cargo/bin"; + }; + systemPackages = with pkgs; [ + acpi + bluez + bluez-tools + btop + fd + ffmpeg + file + fzf + fzy + htop + imv + interception-tools + jq + macchanger + moreutils + mosh + mpc_cli + nano + neovim + ninja + nix-index + ntfs3g + ntfsprogs + pciutils + pstree + psutils + pulsemixer + python3 + zip + python3Packages.pip + ripgrep + rnix-lsp + rsync + scrot + silver-searcher + strace + tig + unrar + unzip + usbutils + vimpc + xdg_utils + xsel + weechat + wget + z-lua + breeze-icons + hicolor-icon-theme + rtorrent + lm_sensors + alejandra + ethtool + nmap + wireshark + ]; + }; + + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + programs.zsh.enable = true; + programs.light.enable = true; + programs.firejail.enable = true; + programs.adb.enable = false; + programs.wireshark.enable = true; + programs.sway.enable = true; + + # List services that you want to enable: + systemd = { + services = { + "macchanger-wireless" = { + after = ["sys-subsystem-net-devices-wlp3s0.device"]; + before = ["network-pre.target"]; + bindsTo = ["sys-subsystem-net-devices-wlp3s0.device"]; + description = "Changes MAC of my wireless interface for privacy reasons"; + stopIfChanged = false; + wantedBy = ["multi-user.target"]; + wants = ["network-pre.target"]; + script = '' + ${pkgs.macchanger}/bin/macchanger -e wlp3s0 || true + ''; + serviceConfig.Type = "oneshot"; + }; + + wakeonlan = { + description = "Reenable wake on lan every boot"; + after = ["network.target"]; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.ethtool}/sbin/ethtool -s enp0s25 wol m"; + }; + wantedBy = ["default.target" "suspend.target" "shutdown.target"]; + }; + + "cpu_setting" = { + description = "Enable turboot boost and undervolt cpu after suspend"; + wantedBy = ["post-resume.target" "multi-user.target"]; + after = ["post-resume.target"]; + script = '' + echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo + echo 0 > /sys/devices/system/cpu/intel_pstate/no_turbo + ${pkgs.undervolt}/bin/undervolt --core -105 --cache -105 --uncore -105 --gpu -15 -p1 47 28 -p2 57 0.0025 + ''; + serviceConfig.Type = "oneshot"; + }; + }; + }; + + security = { + rtkit.enable = true; + acme = { + acceptTerms = true; + defaults.email = "aasmir@gmx.com"; + }; + }; + + services = { + fwupd.enable = true; + fstrim.enable = true; + ntp.enable = true; + openssh.enable = true; + thinkfan.enable = true; + acpid.enable = true; + btrfs.autoScrub.enable = true; + restya-board.enable = false; + xrdp = { + enable = true; + defaultWindowManager = "icewm"; + openFirewall = true; + }; + + logind = { + lidSwitch = "ignore"; + }; + + jellyfin = { + enable = true; + user = "akill"; + openFirewall = true; + }; + + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + + deluge = { + enable = false; + user = "akill"; + openFirewall = true; + dataDir = "/home/akill/.config/deluge"; + web = { + enable = true; + openFirewall = false; + }; + config = { + download_location = "/media"; + allow_remote = true; + daemon_port = 58846; + }; + }; + + transmission = { + enable = false; + openFirewall = true; + settings = { + rpc-whitelist = "192.168.88.*"; + download-dir = "/media"; + }; + }; + + qbittorrent = { + enable = true; + user = "akill"; + openFirewall = true; + dataDir = "/home/akill/.config/qbittorrent"; + port = 8081; + }; + + nginx = { + enable = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + virtualHosts."deluge.mediabox.lan" = { + locations."/".proxyPass = "http://localhost:8112/"; + }; + virtualHosts."qbittorrent.mediabox.lan" = { + locations."/".proxyPass = "http://localhost:8081/"; + }; + virtualHosts."jellyfin.mediabox.lan" = { + locations."/".proxyPass = "http://localhost:8096/"; + }; + }; + + xserver = { + enable = true; + libinput.enable = true; + desktopManager.xterm.enable = false; + displayManager.lightdm.enable = false; + displayManager.defaultSession = "none+icewm"; + windowManager.icewm.enable = true; + }; + + udev.packages = []; + + tlp = { + enable = true; + settings = {}; + }; + + actkbd = { + enable = true; + bindings = [ + { + keys = [121]; + events = ["key"]; + command = "${pkgs.alsaUtils}/bin/amixer -q set Master toggle"; + } + { + keys = [122]; + events = ["key" "rep"]; + command = "${pkgs.alsaUtils}/bin/amixer -q set Master ${config.sound.mediaKeys.volumeStep}- unmute"; + } + { + keys = [123]; + events = ["key" "rep"]; + command = "${pkgs.alsaUtils}/bin/amixer -q set Master ${config.sound.mediaKeys.volumeStep}+ unmute"; + } + { + keys = [224]; + events = ["key"]; + command = "/run/current-system/sw/bin/light -U 5"; + } + { + keys = [225]; + events = ["key"]; + command = "/run/current-system/sw/bin/light -A 5"; + } + ]; + }; + + mpd = { + musicDirectory = "/home/mpd/music"; + enable = false; + extraConfig = '' + audio_output { + type "pulse" + name "pulsee srv" + server "127.0.0.1" + } + ''; + }; + + batteryNotifier = { + enable = true; + notifyCapacity = 20; + suspendCapacity = 10; + }; + + dnscrypt-proxy2 = { + enable = true; + settings = { + ipv6_servers = true; + require_dnssec = true; + + sources.public-resolvers = { + urls = [ + "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md" + "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md" + ]; + cache_file = "/var/lib/dnscrypt-proxy/public-resolvers.md"; + minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3"; + }; + }; + }; + + }; + + fonts.fonts = with pkgs; [ + dina-font + fira-code + fira-code-symbols + font-awesome + font-awesome_4 + iosevka + jetbrains-mono + liberation_ttf + proggyfonts + siji + ]; + + virtualisation = { + podman = { + enable = true; + dockerCompat = true; + }; + }; + + sound.enable = true; + + hardware = { + bluetooth = { + enable = false; + settings = { + General = { + Enable = "Source,Sink,Media,Socket"; + }; + }; + }; + + opengl = { + enable = true; + driSupport = true; + driSupport32Bit = true; + extraPackages = with pkgs; [ + intel-media-driver + vaapiIntel + ]; + }; + }; + + zramSwap = { + enable = false; + algorithm = "zstd"; + }; + + users.users.akill = { + isNormalUser = true; + shell = pkgs.zsh; + extraGroups = ["wireshark" "wheel" "kvm" "tty" "audio" "sound" "adbusers" "transmission"]; + }; + + users.users.ado = { + isNormalUser = true; + shell = pkgs.zsh; + extraGroups = ["wireshark" "wheel" "kvm" "tty" "audio" "sound" "adbusers" "transmission"]; + }; + + users.users.mediauser = { + isNormalUser = true; + shell = pkgs.bash; + extraGroups = []; + }; +} diff --git a/mediabox/hardware-configuration.nix b/mediabox/hardware-configuration.nix new file mode 100644 index 0000000..ea61a9b --- /dev/null +++ b/mediabox/hardware-configuration.nix @@ -0,0 +1,63 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ + config, + lib, + pkgs, + modulesPath, + ... +}: { + imports = [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = ["xhci_pci" "ehci_pci" "ahci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc"]; + boot.initrd.kernelModules = []; + boot.kernelModules = ["kvm-intel"]; + boot.extraModulePackages = []; + + fileSystems."/" = { + device = "/dev/disk/by-uuid/ae774285-60dc-4b08-ab26-8208e8f4e81e"; + fsType = "btrfs"; + options = ["subvol=root" "compress=lzo" "noatime"]; + }; + + boot.initrd.luks.devices."enc".device = "/dev/disk/by-uuid/60aa7671-bfee-451b-b871-ac7c5a4a9f3a"; + + fileSystems."/home" = { + device = "/dev/disk/by-uuid/ae774285-60dc-4b08-ab26-8208e8f4e81e"; + fsType = "btrfs"; + options = ["subvol=home" "compress=lzo" "noatime"]; + }; + + fileSystems."/nix" = { + device = "/dev/disk/by-uuid/ae774285-60dc-4b08-ab26-8208e8f4e81e"; + fsType = "btrfs"; + options = ["subvol=nix" "compress=lzo" "noatime"]; + }; + + fileSystems."/persist" = { + device = "/dev/disk/by-uuid/ae774285-60dc-4b08-ab26-8208e8f4e81e"; + fsType = "btrfs"; + options = ["subvol=persist" "compress=lzo" "noatime"]; + }; + + fileSystems."/var/log" = { + device = "/dev/disk/by-uuid/ae774285-60dc-4b08-ab26-8208e8f4e81e"; + fsType = "btrfs"; + options = ["subvol=log" "compress=lzo" "noatime"]; + neededForBoot = true; + }; + + fileSystems."/boot" = { + device = "/dev/disk/by-uuid/4B94-6E7B"; + fsType = "vfat"; + }; + + swapDevices = [ + {device = "/dev/disk/by-uuid/7b44ab02-84ff-4ffd-be26-58247cf5a982";} + ]; + + nix.settings.max-jobs = lib.mkDefault 8; +} diff --git a/mediabox/peerix-public b/mediabox/peerix-public new file mode 100644 index 0000000..6b60209 --- /dev/null +++ b/mediabox/peerix-public @@ -0,0 +1 @@ +peerix-mediabox:UDgG3xdQYv7bmx2l4ZPNRPJtp2zMmY++H/fnGeJ9BQw= \ No newline at end of file