From 8ef4d1145f959c90dcbb1a297ea8e1092e577bf3 Mon Sep 17 00:00:00 2001
From: Asmir A <asmir.abdulahovic@gmail.com>
Date: Fri, 6 Jun 2025 20:25:31 +0200
Subject: [PATCH 1/3] enable plasma

---
 nixy/configuration.nix | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/nixy/configuration.nix b/nixy/configuration.nix
index 1d63fa1..5660e5d 100644
--- a/nixy/configuration.nix
+++ b/nixy/configuration.nix
@@ -404,9 +404,13 @@ in
       enable = true;
       dpi = 144;
       desktopManager.xterm.enable = false;
+      #desktopManager.plasma5.bigscreen.enable = true;
+      desktopManager.plasma6.enable = true;
       displayManager = {
         lightdm.enable = false;
         startx.enable = true;
+	sddm.enable = true;
+	sddm.wayland.enable = true;
       };
       windowManager.i3.enable = false;
     };
@@ -433,7 +437,7 @@ in
     };
 
     tlp = {
-      enable = true;
+      enable = false;
     };
 
     batteryNotifier = {

From f7f87e1951f42361c2c0390489e9cc71e30f2d11 Mon Sep 17 00:00:00 2001
From: Asmir A <asmir.abdulahovic@gmail.com>
Date: Sun, 8 Jun 2025 17:36:24 +0200
Subject: [PATCH 2/3] mediabox: update, switch to plasma_bigscreen

---
 mediabox/configuration.nix | 351 +++++++++++++++++--------------------
 1 file changed, 163 insertions(+), 188 deletions(-)

diff --git a/mediabox/configuration.nix b/mediabox/configuration.nix
index 9a9ad23..80aef0b 100644
--- a/mediabox/configuration.nix
+++ b/mediabox/configuration.nix
@@ -1,19 +1,22 @@
-# Edit this configuration file to define what should be installed on
-# your system.  Help is available in the configuration.nix(5) man page
-# and in the NixOS manual (accessible by running ‘nixos-help’).
-{
-  config,
-  pkgs,
-  zremap,
-  system,
-  nvim,
-  ...
+{ config
+, nvim
+, pkgs
+, system
+, zremap
+, ...
 }:
+let
+  USER = "akill";
+in
 {
   imports = [ ];
 
   system.stateVersion = "23.05";
   system.autoUpgrade.enable = false;
+  system.switch = {
+    enable = true;
+    enableNg = true;
+  };
 
   sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
   sops.secrets."peerix/private" = {
@@ -74,29 +77,35 @@
     readOnlyNixStore = true;
     supportedFilesystems = [ "btrfs" ];
     tmp.useTmpfs = true;
-    tmp.tmpfsSize = "80%";
   };
 
   security = {
     rtkit.enable = true;
-    acme = {
-      acceptTerms = true;
-      defaults.email = "aasmir@gmx.com";
-    };
+    allowSimultaneousMultithreading = true;
+    sudo.enable = true;
+    doas.enable = true;
+    doas.extraRules = [
+      {
+        users = [ USER ];
+        keepEnv = true;
+        persist = true;
+      }
+    ];
   };
 
   powerManagement = {
     enable = true;
-    cpuFreqGovernor = "ondemand";
   };
 
   networking = {
+    nftables.enable = true;
     firewall = {
       enable = true;
       allowedTCPPorts = [
         80
         443
         51820
+        8020
       ];
     };
 
@@ -111,14 +120,16 @@
       "::1"
     ];
     dhcpcd.extraConfig = "nohook resolv.conf";
-    networkmanager.dns = "none";
+
     extraHosts = ''
       192.168.1.173 nixy.lan
       192.168.88.171 jellyfin.mediabox.lan
+      192.168.88.171 jellyseerr.mediabox.lan
       192.168.88.171 mediabox.lan
       192.168.88.171 qbittorrent.mediabox.lan
       192.168.88.1   router.lan
       192.168.88.231 workstation.lan
+      192.168.88.121 ender.lan
     '';
 
     wireguard.interfaces = {
@@ -149,44 +160,47 @@
     };
   };
 
-  programs.gnupg.agent = {
-    enable = true;
-    enableSSHSupport = true;
+  programs = {
+    steam = {
+      enable = true;
+      remotePlay.openFirewall = true;
+      dedicatedServer.openFirewall = false;
+      localNetworkGameTransfers.openFirewall = true;
+    };
+    gnupg.agent = {
+      enable = true;
+      enableSSHSupport = true;
+    };
+    appimage = {
+      enable = true;
+      binfmt = true;
+    };
+    nix-ld = {
+      enable = false;
+      libraries = with pkgs; [
+        stdenv.cc.cc.lib
+        zlib
+      ];
+    };
+    zsh.enable = true;
+    firejail.enable = true;
   };
-  programs.zsh.enable = true;
-  programs.light.enable = true;
-  programs.firejail.enable = true;
-  programs.adb.enable = false;
-  programs.wireshark.enable = true;
-  programs.sway.enable = true;
 
   # List services that you want to enable:
   systemd = {
     services = {
-      "macchanger-wireless" = {
-        after = [ "sys-subsystem-net-devices-wlp3s0.device" ];
-        before = [ "network-pre.target" ];
-        bindsTo = [ "sys-subsystem-net-devices-wlp3s0.device" ];
-        description = "Changes MAC of my wireless interface for privacy reasons";
-        stopIfChanged = false;
-        wantedBy = [ "multi-user.target" ];
-        wants = [ "network-pre.target" ];
-        script = ''
-          ${pkgs.macchanger}/bin/macchanger -e wlp3s0 || true
-        '';
-        serviceConfig.Type = "oneshot";
-      };
-
-      "zremap" = {
-        description = "Intercepts keyboard udev events";
-        wants = [ "systemd-udevd.service" ];
-        wantedBy = [ "multi-user.target" ];
+      "zremap@" = {
+        enable = true;
+        restartIfChanged = true;
         serviceConfig.Nice = -20;
-        script = ''
-          sleep 1
-          ${zremap.defaultPackage.${system}}/bin/zremap \
-          /dev/input/by-path/platform-i8042-serio-0-event-kbd
-        '';
+        unitConfig = {
+          Description = "zremap on %I";
+          ConditionPathExists = "%I";
+        };
+        serviceConfig = {
+          Type = "simple";
+          ExecStart = "${zremap.defaultPackage.${system}}/bin/zremap %I";
+        };
       };
 
       "wakeonlan" = {
@@ -202,27 +216,21 @@
           "shutdown.target"
         ];
       };
-
-      /*
-        "cpu_setting" = {
-          description = "Enable turboot boost and undervolt cpu after suspend";
-          wantedBy = ["post-resume.target" "multi-user.target"];
-          after = ["post-resume.target"];
-          script = ''
-                   echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo
-                   echo 0 > /sys/devices/system/cpu/intel_pstate/no_turbo
-            ${pkgs.undervolt}/bin/undervolt --core -105 --cache -105 --uncore -105 --gpu -15 -p1 47 28 -p2 57 0.0025
-          '';
-          serviceConfig.Type = "oneshot";
-        };
-      */
     };
+
+    coredump.enable = false;
+    extraConfig = ''
+      DefaultTimeoutStartSec=30s
+      DefaultTimeoutStopSec=30s
+    '';
   };
 
   services = {
     acpid.enable = true;
     btrfs.autoScrub.enable = true;
     dbus.enable = true;
+    dbus.implementation = "broker";
+    envfs.enable = true;
     fstrim.enable = true;
     fwupd.enable = true;
     ntp.enable = true;
@@ -240,13 +248,13 @@
     };
 
     jellyfin = {
-      enable = true;
+      enable = false;
       user = "akill";
       openFirewall = true;
     };
 
     jellyseerr = {
-      enable = true;
+      enable = false;
       openFirewall = true;
     };
 
@@ -257,144 +265,95 @@
       pulse.enable = true;
     };
 
-    deluge = {
+    avahi = {
       enable = false;
-      user = "akill";
+      nssmdns4 = false;
       openFirewall = true;
-      dataDir = "/home/akill/.config/deluge";
-      web = {
-        enable = true;
-        openFirewall = false;
-      };
-      config = {
-        download_location = "/media";
-        allow_remote = true;
-        daemon_port = 58846;
-      };
     };
 
-    transmission = {
-      enable = false;
-      openFirewall = true;
-      settings = {
-        rpc-whitelist = "192.168.88.*";
-        download-dir = "/media";
-      };
-    };
-
-    qbittorrent = {
-      enable = true;
-      user = "akill";
-      openFirewall = true;
-      dataDir = "/home/akill/.config/qbittorrent";
-      port = 8081;
-    };
-
-    nginx = {
-      enable = true;
-      recommendedGzipSettings = true;
-      recommendedOptimisation = true;
-      recommendedProxySettings = true;
-      recommendedTlsSettings = true;
-
-      virtualHosts."deluge.mediabox.lan" = {
-        locations."/".proxyPass = "http://localhost:8112/";
-      };
-      virtualHosts."qbittorrent.mediabox.lan" = {
-        locations."/".proxyPass = "http://localhost:8081/";
-      };
-      virtualHosts."jellyfin.mediabox.lan" = {
-        locations."/".proxyPass = "http://localhost:8096/";
-      };
-      virtualHosts."jellyseerr.mediabox.lan" = {
-        locations."/".proxyPass = "http://localhost:5055/";
-      };
-    };
-
-    journald.extraConfig = ''
-      SystemMaxUse=50M
-    '';
-
-    logind.extraConfig = ''
-      KillUserProcesses=yes
-    '';
-
+    libinput.enable = true;
     xserver = {
       enable = true;
-      libinput.enable = true;
+      dpi = 144;
       desktopManager.xterm.enable = false;
-      displayManager.lightdm.enable = false;
-      displayManager.defaultSession = "none+icewm";
-      windowManager.icewm.enable = true;
+      desktopManager.plasma5.bigscreen.enable = true;
+      #desktopManager.plasma6.enable = true;
+      displayManager = {
+        lightdm.enable = false;
+        startx.enable = true;
+        sddm.enable = true;
+        sddm.wayland.enable = true;
+      };
+      windowManager.i3.enable = false;
     };
 
-    udev.packages = [ ];
+    udev = {
+      packages = [ ];
+      extraRules = ''
+        #zremap on new keyboard
+        ACTION=="add", SUBSYSTEM=="input", ATTRS{phys}!="", KERNEL=="event[0-9]*", ENV{ID_INPUT_KEY}=="1", ENV{ID_INPUT_KEYBOARD}=="1", TAG+="systemd", ENV{SYSTEMD_WANTS}+="zremap@$env{DEVNAME}.service"
+      '';
+    };
 
     tlp = {
-      enable = true;
-      settings = { };
+      enable = false;
+    };
+
+    batteryNotifier = {
+      enable = false;
+      notifyCapacity = 20;
+      suspendCapacity = 10;
     };
 
     actkbd = {
       enable = true;
       bindings = [
         {
-          keys = [ 121 ];
+          keys = [ 115 ];
           events = [ "key" ];
-          command = "${pkgs.alsaUtils}/bin/amixer -q set Master toggle";
+          command = "XDG_RUNTIME_DIR=/run/user/$(id -u ${USER}) ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+";
         }
+
         {
-          keys = [ 122 ];
+          keys = [ 114 ];
           events = [
             "key"
             "rep"
           ];
-          command = "${pkgs.alsaUtils}/bin/amixer -q set Master ${config.sound.mediaKeys.volumeStep}- unmute";
+          command = "XDG_RUNTIME_DIR=/run/user/$(id -u ${USER}) ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-";
         }
+
         {
-          keys = [ 123 ];
+          keys = [ 113 ];
           events = [
             "key"
             "rep"
           ];
-          command = "${pkgs.alsaUtils}/bin/amixer -q set Master ${config.sound.mediaKeys.volumeStep}+ unmute";
+          command = "XDG_RUNTIME_DIR=/run/user/$(id -u ${USER}) ${pkgs.wireplumber}/bin/wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle";
         }
+
         {
           keys = [ 224 ];
           events = [ "key" ];
-          command = "/run/current-system/sw/bin/light -U 5";
+          command = "${pkgs.light}/bin/light -U 5";
         }
+
         {
           keys = [ 225 ];
           events = [ "key" ];
-          command = "/run/current-system/sw/bin/light -A 5";
+          command = "${pkgs.light}/bin/light -A 5";
         }
       ];
     };
 
-    mpd = {
-      musicDirectory = "/home/mpd/music";
-      enable = false;
-      extraConfig = ''
-        audio_output {
-          type "pulse"
-          name "pulsee srv"
-          server "127.0.0.1"
-        }
-      '';
-    };
-
-    batteryNotifier = {
-      enable = true;
-      notifyCapacity = 20;
-      suspendCapacity = 10;
-    };
-
     dnscrypt-proxy2 = {
       enable = true;
       settings = {
         ipv6_servers = true;
         require_dnssec = true;
+        require_nolog = true;
+        require_nofilter = true;
+        http3 = true;
 
         sources.public-resolvers = {
           urls = [
@@ -406,33 +365,62 @@
         };
       };
     };
+
+    journald.extraConfig = ''
+      SystemMaxUse=50M
+    '';
+
+    logind.extraConfig = ''
+      KillUserProcesses=yes
+    '';
+
   };
 
-  fonts.packages = with pkgs; [
-    dina-font
-    fira-code
-    fira-code-symbols
-    font-awesome
-    font-awesome_4
-    iosevka
-    jetbrains-mono
-    liberation_ttf
-    proggyfonts
-    siji
-  ];
+  fonts = {
+    fontconfig = {
+      cache32Bit = true;
+      allowBitmaps = true;
+      useEmbeddedBitmaps = true;
+      defaultFonts = {
+        monospace = [ "JetBrainsMono" ];
+      };
+    };
+
+    packages = with pkgs; [
+      dejavu_fonts
+      dina-font
+      fira-code
+      fira-code-symbols
+      font-awesome_6
+      inconsolata
+      iosevka
+      jetbrains-mono
+      liberation_ttf
+      libertine
+      noto-fonts
+      noto-fonts-cjk-sans
+      noto-fonts-color-emoji
+      noto-fonts-emoji
+      proggyfonts
+      siji
+      terminus_font
+      terminus_font_ttf
+      ubuntu_font_family
+      vistafonts
+    ];
+  };
 
   virtualisation = {
     podman = {
-      enable = true;
+      enable = false;
+      autoPrune.enable = true;
       dockerCompat = true;
     };
   };
 
-  sound.enable = true;
-
   hardware = {
     bluetooth = {
-      enable = false;
+      enable = true;
       settings = {
         General = {
           Enable = "Source,Sink,Media,Socket";
@@ -440,14 +428,9 @@
       };
     };
 
-    opengl = {
+    graphics = {
       enable = true;
-      driSupport = true;
-      driSupport32Bit = true;
-      extraPackages = with pkgs; [
-        intel-media-driver
-        vaapiIntel
-      ];
+      extraPackages = [ ];
     };
   };
 
@@ -456,18 +439,14 @@
     algorithm = "zstd";
   };
 
-  users.users.akill = {
+  users.users.${USER} = {
     isNormalUser = true;
     shell = pkgs.zsh;
     extraGroups = [
-      "wireshark"
       "wheel"
-      "kvm"
       "tty"
       "audio"
       "sound"
-      "adbusers"
-      "transmission"
     ];
     openssh.authorizedKeys.keys = [
       (builtins.readFile ../nixy/ssh_pubkey)
@@ -478,14 +457,10 @@
     isNormalUser = true;
     shell = pkgs.zsh;
     extraGroups = [
-      "wireshark"
       "wheel"
-      "kvm"
       "tty"
       "audio"
       "sound"
-      "adbusers"
-      "transmission"
     ];
   };
 

From 59680e948c864bf948653cb4fb65bfe279263e99 Mon Sep 17 00:00:00 2001
From: Asmir A <asmir.abdulahovic@gmail.com>
Date: Sun, 8 Jun 2025 17:36:42 +0200
Subject: [PATCH 3/3] Revert "enable plasma"

This reverts commit 8ef4d1145f959c90dcbb1a297ea8e1092e577bf3.
---
 nixy/configuration.nix | 6 +-----
 1 file changed, 1 insertion(+), 5 deletions(-)

diff --git a/nixy/configuration.nix b/nixy/configuration.nix
index 5660e5d..1d63fa1 100644
--- a/nixy/configuration.nix
+++ b/nixy/configuration.nix
@@ -404,13 +404,9 @@ in
       enable = true;
       dpi = 144;
       desktopManager.xterm.enable = false;
-      #desktopManager.plasma5.bigscreen.enable = true;
-      desktopManager.plasma6.enable = true;
       displayManager = {
         lightdm.enable = false;
         startx.enable = true;
-	sddm.enable = true;
-	sddm.wayland.enable = true;
       };
       windowManager.i3.enable = false;
     };
@@ -437,7 +433,7 @@ in
     };
 
     tlp = {
-      enable = false;
+      enable = true;
     };
 
     batteryNotifier = {