asmir/nixos_flake_config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

all: format .nix filex with nixfmt-rfc

Browse Source
This commit is contained in:
Asmir A
2025-01-10 18:11:42 +01:00
parent e571ae07c0
commit 77e24e385a
22 changed files with 863 additions and 547 deletions
Download Patch File Download Diff File Expand all files Collapse all files

141
mediabox/configuration.nix
View File

@@ -8,13 +8,14 @@
system,
nvim,
...
}: {
imports = [];
}:
{
imports = [ ];
system.stateVersion = "23.05";
system.autoUpgrade.enable = false;
sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"];
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops.secrets."peerix/private" = {
sopsFile = ./secrets/peerix.yaml;
mode = "0400";
@@ -36,28 +37,31 @@
gc.options = "--delete-older-than 7d";
package = pkgs.nixVersions.latest;
settings = {
experimental-features = ["nix-command" "flakes"];
experimental-features = [
"nix-command"
"flakes"
];
};
};
boot = {
initrd = {
compressor = "zstd";
availableKernelModules = ["e1000e"];
availableKernelModules = [ "e1000e" ];
network = {
enable = true;
udhcpc.enable = true;
ssh = {
enable = true;
hostKeys = [/etc/ssh_dummy_ed25519_key];
authorizedKeys = [(builtins.readFile ../nixy/ssh_pubkey)];
hostKeys = [ /etc/ssh_dummy_ed25519_key ];
authorizedKeys = [ (builtins.readFile ../nixy/ssh_pubkey) ];
};
};
};
kernelModules = ["acpi_call"];
kernelModules = [ "acpi_call" ];
kernelPackages = pkgs.linuxPackages_latest;
kernelParams = ["msr.allow_writes=on"];
kernelParams = [ "msr.allow_writes=on" ];
kernel.sysctl = {
"net.core.default_qdisc" = "fq";
"net.ipv4.tcp_congestion_control" = "bbr";
@@ -68,7 +72,7 @@
memtest86.enable = true;
};
readOnlyNixStore = true;
supportedFilesystems = ["btrfs"];
supportedFilesystems = [ "btrfs" ];
tmp.useTmpfs = true;
tmp.tmpfsSize = "80%";
};
@@ -89,7 +93,11 @@
networking = {
firewall = {
enable = true;
allowedTCPPorts = [80 443 51820];
allowedTCPPorts = [
80
443
51820
];
};
hostName = "mediabox";
@@ -97,8 +105,11 @@
interfaces.wlp3s0.useDHCP = false;
useDHCP = false;
wireless.enable = false;
wireless.interfaces = ["wlp3s0"];
nameservers = ["127.0.0.1" "::1"];
wireless.interfaces = [ "wlp3s0" ];
nameservers = [
"127.0.0.1"
"::1"
];
dhcpcd.extraConfig = "nohook resolv.conf";
networkmanager.dns = "none";
extraHosts = ''
@@ -112,13 +123,13 @@
wireguard.interfaces = {
wg0 = {
ips = ["10.100.0.5/24"];
ips = [ "10.100.0.5/24" ];
privateKeyFile = config.sops.secrets."wg_privkey".path;
peers = [
{
publicKey = builtins.readFile ../magpie/wg_pubkey;
presharedKeyFile = config.sops.secrets."wg_preshared/mediabox".path;
allowedIPs = ["10.100.0.0/24"];
allowedIPs = [ "10.100.0.0/24" ];
endpoint = "5.75.229.224:51820";
persistentKeepalive = 25;
}
@@ -130,7 +141,7 @@
time.timeZone = "Europe/Sarajevo";
nixpkgs.config.allowUnfree = true;
nixpkgs.overlays = [nvim.overlays.${system}.overlay];
nixpkgs.overlays = [ nvim.overlays.${system}.overlay ];
environment = {
homeBinInPath = true;
variables = {
@@ -153,13 +164,13 @@
systemd = {
services = {
"macchanger-wireless" = {
after = ["sys-subsystem-net-devices-wlp3s0.device"];
before = ["network-pre.target"];
bindsTo = ["sys-subsystem-net-devices-wlp3s0.device"];
after = [ "sys-subsystem-net-devices-wlp3s0.device" ];
before = [ "network-pre.target" ];
bindsTo = [ "sys-subsystem-net-devices-wlp3s0.device" ];
description = "Changes MAC of my wireless interface for privacy reasons";
stopIfChanged = false;
wantedBy = ["multi-user.target"];
wants = ["network-pre.target"];
wantedBy = [ "multi-user.target" ];
wants = [ "network-pre.target" ];
script = ''
${pkgs.macchanger}/bin/macchanger -e wlp3s0 || true
'';
@@ -168,8 +179,8 @@
"zremap" = {
description = "Intercepts keyboard udev events";
wants = ["systemd-udevd.service"];
wantedBy = ["multi-user.target"];
wants = [ "systemd-udevd.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.Nice = -20;
script = ''
sleep 1
@@ -180,26 +191,30 @@
"wakeonlan" = {
description = "Reenable wake on lan every boot";
after = ["network.target"];
after = [ "network.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.ethtool}/sbin/ethtool -s enp0s25 wol m";
};
wantedBy = ["default.target" "suspend.target" "shutdown.target"];
wantedBy = [
"default.target"
"suspend.target"
"shutdown.target"
];
};
/*
"cpu_setting" = {
description = "Enable turboot boost and undervolt cpu after suspend";
wantedBy = ["post-resume.target" "multi-user.target"];
after = ["post-resume.target"];
script = ''
echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo
echo 0 > /sys/devices/system/cpu/intel_pstate/no_turbo
${pkgs.undervolt}/bin/undervolt --core -105 --cache -105 --uncore -105 --gpu -15 -p1 47 28 -p2 57 0.0025
'';
serviceConfig.Type = "oneshot";
};
"cpu_setting" = {
description = "Enable turboot boost and undervolt cpu after suspend";
wantedBy = ["post-resume.target" "multi-user.target"];
after = ["post-resume.target"];
script = ''
echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo
echo 0 > /sys/devices/system/cpu/intel_pstate/no_turbo
${pkgs.undervolt}/bin/undervolt --core -105 --cache -105 --uncore -105 --gpu -15 -p1 47 28 -p2 57 0.0025
'';
serviceConfig.Type = "oneshot";
};
*/
};
};
@@ -313,39 +328,45 @@
windowManager.icewm.enable = true;
};
udev.packages = [];
udev.packages = [ ];
tlp = {
enable = true;
settings = {};
settings = { };
};
actkbd = {
enable = true;
bindings = [
{
keys = [121];
events = ["key"];
keys = [ 121 ];
events = [ "key" ];
command = "${pkgs.alsaUtils}/bin/amixer -q set Master toggle";
}
{
keys = [122];
events = ["key" "rep"];
keys = [ 122 ];
events = [
"key"
"rep"
];
command = "${pkgs.alsaUtils}/bin/amixer -q set Master ${config.sound.mediaKeys.volumeStep}- unmute";
}
{
keys = [123];
events = ["key" "rep"];
keys = [ 123 ];
events = [
"key"
"rep"
];
command = "${pkgs.alsaUtils}/bin/amixer -q set Master ${config.sound.mediaKeys.volumeStep}+ unmute";
}
{
keys = [224];
events = ["key"];
keys = [ 224 ];
events = [ "key" ];
command = "/run/current-system/sw/bin/light -U 5";
}
{
keys = [225];
events = ["key"];
keys = [ 225 ];
events = [ "key" ];
command = "/run/current-system/sw/bin/light -A 5";
}
];
@@ -438,7 +459,16 @@
users.users.akill = {
isNormalUser = true;
shell = pkgs.zsh;
extraGroups = ["wireshark" "wheel" "kvm" "tty" "audio" "sound" "adbusers" "transmission"];
extraGroups = [
"wireshark"
"wheel"
"kvm"
"tty"
"audio"
"sound"
"adbusers"
"transmission"
];
openssh.authorizedKeys.keys = [
(builtins.readFile ../nixy/ssh_pubkey)
];
@@ -447,12 +477,21 @@
users.users.ado = {
isNormalUser = true;
shell = pkgs.zsh;
extraGroups = ["wireshark" "wheel" "kvm" "tty" "audio" "sound" "adbusers" "transmission"];
extraGroups = [
"wireshark"
"wheel"
"kvm"
"tty"
"audio"
"sound"
"adbusers"
"transmission"
];
};
users.users.mediauser = {
isNormalUser = true;
shell = pkgs.bash;
extraGroups = [];
extraGroups = [ ];
};
}