asmir/nixos_flake_config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge branch 'plasma_bigscreen'

Browse Source
This commit is contained in:
Asmir A 2025-06-08 17:37:33 +02:00
commit b453f835a2
Signed by: asmir
GPG Key ID: 020C42B7A9ABA3E2
1 changed files with 163 additions and 188 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

327
mediabox/configuration.nix
View File

@ -1,19 +1,22 @@
# Edit this configuration file to define what should be installed on { config
# your system. Help is available in the configuration.nix(5) man page , nvim
# and in the NixOS manual (accessible by running nixos-help). , pkgs
{ , system
config, , zremap
pkgs, , ...
zremap,
system,
nvim,
...
}: }:
let
USER = "akill";
in
{ {
imports = [ ]; imports = [ ];
system.stateVersion = "23.05"; system.stateVersion = "23.05";
system.autoUpgrade.enable = false; system.autoUpgrade.enable = false;
system.switch = {
enable = true;
enableNg = true;
};
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops.secrets."peerix/private" = { sops.secrets."peerix/private" = {
@ -74,29 +77,35 @@
readOnlyNixStore = true; readOnlyNixStore = true;
supportedFilesystems = [ "btrfs" ]; supportedFilesystems = [ "btrfs" ];
tmp.useTmpfs = true; tmp.useTmpfs = true;
tmp.tmpfsSize = "80%";
}; };
security = { security = {
rtkit.enable = true; rtkit.enable = true;
acme = { allowSimultaneousMultithreading = true;
acceptTerms = true; sudo.enable = true;
defaults.email = "aasmir@gmx.com"; doas.enable = true;
}; doas.extraRules = [
{
users = [ USER ];
keepEnv = true;
persist = true;
}
];
}; };
powerManagement = { powerManagement = {
enable = true; enable = true;
cpuFreqGovernor = "ondemand";
}; };
networking = { networking = {
nftables.enable = true;
firewall = { firewall = {
enable = true; enable = true;
allowedTCPPorts = [ allowedTCPPorts = [
80 80
443 443
51820 51820
8020
]; ];
}; };
@ -111,14 +120,16 @@
"::1" "::1"
]; ];
dhcpcd.extraConfig = "nohook resolv.conf"; dhcpcd.extraConfig = "nohook resolv.conf";
networkmanager.dns = "none";
extraHosts = '' extraHosts = ''
192.168.1.173 nixy.lan 192.168.1.173 nixy.lan
192.168.88.171 jellyfin.mediabox.lan 192.168.88.171 jellyfin.mediabox.lan
192.168.88.171 jellyseerr.mediabox.lan
192.168.88.171 mediabox.lan 192.168.88.171 mediabox.lan
192.168.88.171 qbittorrent.mediabox.lan 192.168.88.171 qbittorrent.mediabox.lan
192.168.88.1 router.lan 192.168.88.1 router.lan
192.168.88.231 workstation.lan 192.168.88.231 workstation.lan
192.168.88.121 ender.lan
''; '';
wireguard.interfaces = { wireguard.interfaces = {
@ -149,44 +160,47 @@
}; };
}; };
programs.gnupg.agent = { programs = {
steam = {
enable = true;
remotePlay.openFirewall = true;
dedicatedServer.openFirewall = false;
localNetworkGameTransfers.openFirewall = true;
};
gnupg.agent = {
enable = true; enable = true;
enableSSHSupport = true; enableSSHSupport = true;
}; };
programs.zsh.enable = true; appimage = {
programs.light.enable = true; enable = true;
programs.firejail.enable = true; binfmt = true;
programs.adb.enable = false; };
programs.wireshark.enable = true; nix-ld = {
programs.sway.enable = true; enable = false;
libraries = with pkgs; [
stdenv.cc.cc.lib
zlib
];
};
zsh.enable = true;
firejail.enable = true;
};
# List services that you want to enable: # List services that you want to enable:
systemd = { systemd = {
services = { services = {
"macchanger-wireless" = { "zremap@" = {
after = [ "sys-subsystem-net-devices-wlp3s0.device" ]; enable = true;
before = [ "network-pre.target" ]; restartIfChanged = true;
bindsTo = [ "sys-subsystem-net-devices-wlp3s0.device" ];
description = "Changes MAC of my wireless interface for privacy reasons";
stopIfChanged = false;
wantedBy = [ "multi-user.target" ];
wants = [ "network-pre.target" ];
script = ''
${pkgs.macchanger}/bin/macchanger -e wlp3s0 || true
'';
serviceConfig.Type = "oneshot";
};
"zremap" = {
description = "Intercepts keyboard udev events";
wants = [ "systemd-udevd.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig.Nice = -20; serviceConfig.Nice = -20;
script = '' unitConfig = {
sleep 1 Description = "zremap on %I";
${zremap.defaultPackage.${system}}/bin/zremap \ ConditionPathExists = "%I";
/dev/input/by-path/platform-i8042-serio-0-event-kbd };
''; serviceConfig = {
Type = "simple";
ExecStart = "${zremap.defaultPackage.${system}}/bin/zremap %I";
};
}; };
"wakeonlan" = { "wakeonlan" = {
@ -202,27 +216,21 @@
"shutdown.target" "shutdown.target"
]; ];
}; };
};
/* coredump.enable = false;
"cpu_setting" = { extraConfig = ''
description = "Enable turboot boost and undervolt cpu after suspend"; DefaultTimeoutStartSec=30s
wantedBy = ["post-resume.target" "multi-user.target"]; DefaultTimeoutStopSec=30s
after = ["post-resume.target"];
script = ''
echo 1 > /sys/devices/system/cpu/intel_pstate/no_turbo
echo 0 > /sys/devices/system/cpu/intel_pstate/no_turbo
${pkgs.undervolt}/bin/undervolt --core -105 --cache -105 --uncore -105 --gpu -15 -p1 47 28 -p2 57 0.0025
''; '';
serviceConfig.Type = "oneshot";
};
*/
};
}; };
services = { services = {
acpid.enable = true; acpid.enable = true;
btrfs.autoScrub.enable = true; btrfs.autoScrub.enable = true;
dbus.enable = true; dbus.enable = true;
dbus.implementation = "broker";
envfs.enable = true;
fstrim.enable = true; fstrim.enable = true;
fwupd.enable = true; fwupd.enable = true;
ntp.enable = true; ntp.enable = true;
@ -240,13 +248,13 @@
}; };
jellyfin = { jellyfin = {
enable = true; enable = false;
user = "akill"; user = "akill";
openFirewall = true; openFirewall = true;
}; };
jellyseerr = { jellyseerr = {
enable = true; enable = false;
openFirewall = true; openFirewall = true;
}; };
@ -257,144 +265,95 @@
pulse.enable = true; pulse.enable = true;
}; };
deluge = { avahi = {
enable = false; enable = false;
user = "akill"; nssmdns4 = false;
openFirewall = true; openFirewall = true;
dataDir = "/home/akill/.config/deluge";
web = {
enable = true;
openFirewall = false;
};
config = {
download_location = "/media";
allow_remote = true;
daemon_port = 58846;
};
}; };
transmission = { libinput.enable = true;
enable = false;
openFirewall = true;
settings = {
rpc-whitelist = "192.168.88.*";
download-dir = "/media";
};
};
qbittorrent = {
enable = true;
user = "akill";
openFirewall = true;
dataDir = "/home/akill/.config/qbittorrent";
port = 8081;
};
nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."deluge.mediabox.lan" = {
locations."/".proxyPass = "http://localhost:8112/";
};
virtualHosts."qbittorrent.mediabox.lan" = {
locations."/".proxyPass = "http://localhost:8081/";
};
virtualHosts."jellyfin.mediabox.lan" = {
locations."/".proxyPass = "http://localhost:8096/";
};
virtualHosts."jellyseerr.mediabox.lan" = {
locations."/".proxyPass = "http://localhost:5055/";
};
};
journald.extraConfig = ''
SystemMaxUse=50M
'';
logind.extraConfig = ''
KillUserProcesses=yes
'';
xserver = { xserver = {
enable = true; enable = true;
libinput.enable = true; dpi = 144;
desktopManager.xterm.enable = false; desktopManager.xterm.enable = false;
displayManager.lightdm.enable = false; desktopManager.plasma5.bigscreen.enable = true;
displayManager.defaultSession = "none+icewm"; #desktopManager.plasma6.enable = true;
windowManager.icewm.enable = true; displayManager = {
lightdm.enable = false;
startx.enable = true;
sddm.enable = true;
sddm.wayland.enable = true;
};
windowManager.i3.enable = false;
}; };
udev.packages = [ ]; udev = {
packages = [ ];
extraRules = ''
#zremap on new keyboard
ACTION=="add", SUBSYSTEM=="input", ATTRS{phys}!="", KERNEL=="event[0-9]*", ENV{ID_INPUT_KEY}=="1", ENV{ID_INPUT_KEYBOARD}=="1", TAG+="systemd", ENV{SYSTEMD_WANTS}+="zremap@$env{DEVNAME}.service"
'';
};
tlp = { tlp = {
enable = true; enable = false;
settings = { }; };
batteryNotifier = {
enable = false;
notifyCapacity = 20;
suspendCapacity = 10;
}; };
actkbd = { actkbd = {
enable = true; enable = true;
bindings = [ bindings = [
{ {
keys = [ 121 ]; keys = [ 115 ];
events = [ "key" ]; events = [ "key" ];
command = "${pkgs.alsaUtils}/bin/amixer -q set Master toggle"; command = "XDG_RUNTIME_DIR=/run/user/$(id -u ${USER}) ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+";
} }
{ {
keys = [ 122 ]; keys = [ 114 ];
events = [ events = [
"key" "key"
"rep" "rep"
]; ];
command = "${pkgs.alsaUtils}/bin/amixer -q set Master ${config.sound.mediaKeys.volumeStep}- unmute"; command = "XDG_RUNTIME_DIR=/run/user/$(id -u ${USER}) ${pkgs.wireplumber}/bin/wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-";
} }
{ {
keys = [ 123 ]; keys = [ 113 ];
events = [ events = [
"key" "key"
"rep" "rep"
]; ];
command = "${pkgs.alsaUtils}/bin/amixer -q set Master ${config.sound.mediaKeys.volumeStep}+ unmute"; command = "XDG_RUNTIME_DIR=/run/user/$(id -u ${USER}) ${pkgs.wireplumber}/bin/wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle";
} }
{ {
keys = [ 224 ]; keys = [ 224 ];
events = [ "key" ]; events = [ "key" ];
command = "/run/current-system/sw/bin/light -U 5"; command = "${pkgs.light}/bin/light -U 5";
} }
{ {
keys = [ 225 ]; keys = [ 225 ];
events = [ "key" ]; events = [ "key" ];
command = "/run/current-system/sw/bin/light -A 5"; command = "${pkgs.light}/bin/light -A 5";
} }
]; ];
}; };
mpd = {
musicDirectory = "/home/mpd/music";
enable = false;
extraConfig = ''
audio_output {
type "pulse"
name "pulsee srv"
server "127.0.0.1"
}
'';
};
batteryNotifier = {
enable = true;
notifyCapacity = 20;
suspendCapacity = 10;
};
dnscrypt-proxy2 = { dnscrypt-proxy2 = {
enable = true; enable = true;
settings = { settings = {
ipv6_servers = true; ipv6_servers = true;
require_dnssec = true; require_dnssec = true;
require_nolog = true;
require_nofilter = true;
http3 = true;
sources.public-resolvers = { sources.public-resolvers = {
urls = [ urls = [
@ -406,33 +365,62 @@
}; };
}; };
}; };
journald.extraConfig = ''
SystemMaxUse=50M
'';
logind.extraConfig = ''
KillUserProcesses=yes
'';
}; };
fonts.packages = with pkgs; [ fonts = {
fontconfig = {
cache32Bit = true;
allowBitmaps = true;
useEmbeddedBitmaps = true;
defaultFonts = {
monospace = [ "JetBrainsMono" ];
};
};
packages = with pkgs; [
dejavu_fonts
dina-font dina-font
fira-code fira-code
fira-code-symbols fira-code-symbols
font-awesome font-awesome_6
font-awesome_4 inconsolata
iosevka iosevka
jetbrains-mono jetbrains-mono
liberation_ttf liberation_ttf
libertine
noto-fonts
noto-fonts-cjk-sans
noto-fonts-color-emoji
noto-fonts-emoji
proggyfonts proggyfonts
siji siji
terminus_font
terminus_font_ttf
ubuntu_font_family
vistafonts
]; ];
};
virtualisation = { virtualisation = {
podman = { podman = {
enable = true; enable = false;
autoPrune.enable = true;
dockerCompat = true; dockerCompat = true;
}; };
}; };
sound.enable = true;
hardware = { hardware = {
bluetooth = { bluetooth = {
enable = false; enable = true;
settings = { settings = {
General = { General = {
Enable = "Source,Sink,Media,Socket"; Enable = "Source,Sink,Media,Socket";
@ -440,14 +428,9 @@
}; };
}; };
opengl = { graphics = {
enable = true; enable = true;
driSupport = true; extraPackages = [ ];
driSupport32Bit = true;
extraPackages = with pkgs; [
intel-media-driver
vaapiIntel
];
}; };
}; };
@ -456,18 +439,14 @@
algorithm = "zstd"; algorithm = "zstd";
}; };
users.users.akill = { users.users.${USER} = {
isNormalUser = true; isNormalUser = true;
shell = pkgs.zsh; shell = pkgs.zsh;
extraGroups = [ extraGroups = [
"wireshark"
"wheel" "wheel"
"kvm"
"tty" "tty"
"audio" "audio"
"sound" "sound"
"adbusers"
"transmission"
]; ];
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
(builtins.readFile ../nixy/ssh_pubkey) (builtins.readFile ../nixy/ssh_pubkey)
@ -478,14 +457,10 @@
isNormalUser = true; isNormalUser = true;
shell = pkgs.zsh; shell = pkgs.zsh;
extraGroups = [ extraGroups = [
"wireshark"
"wheel" "wheel"
"kvm"
"tty" "tty"
"audio" "audio"
"sound" "sound"
"adbusers"
"transmission"
]; ];
}; };