diff --git a/configuration.nix b/configuration.nix new file mode 100644 index 0000000..1428810 --- /dev/null +++ b/configuration.nix @@ -0,0 +1,341 @@ +# Edit this configuration file to define what should be installed on +# your system. Help is available in the configuration.nix(5) man page +# and in the NixOS manual (accessible by running ‘nixos-help’). +{ + config, + pkgs, + lib, + caps2esc, + nix-xilinx, + sops-nix, + zremap, + ... +}: { + imports = []; + + system.stateVersion = "23.05"; + system.autoUpgrade.enable = false; + + sops.age.sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; + sops.secrets."peerix/private" = { + sopsFile = ./secrets/peerix.yaml; + mode = "0400"; + owner = config.users.users.nobody.name; + group = config.users.users.nobody.group; + }; + + nix = { + optimise.automatic = true; + gc.automatic = true; + gc.options = "--delete-older-than 7d"; + package = pkgs.nixUnstable; + settings = { + experimental-features = ["nix-command" "flakes"]; + trusted-public-keys = [ + "binarycache.mediabox.lan:3vZwbCaCuOK5fc92rKknvyU7e5fDbnKEKLb/VTaICoU=" + ]; + }; + }; + + boot = { + extraModulePackages = with config.boot.kernelPackages; [usbip]; + initrd.compressor = "zstd"; + initrd.kernelModules = ["amdgpu"]; + kernelPackages = pkgs.linuxPackages_latest; + kernelParams = ["psmouse.synaptics_intertouch=0"]; + loader.efi.canTouchEfiVariables = true; + loader.systemd-boot.editor = false; + loader.systemd-boot.enable = true; + readOnlyNixStore = true; + supportedFilesystems = ["btrfs"]; + tmp.useTmpfs = true; + }; + + security = { + rtkit.enable = true; + allowSimultaneousMultithreading = true; + sudo.enable = true; + doas.enable = true; + doas.extraRules = [ + { + users = ["akill"]; + keepEnv = true; + persist = true; + } + ]; + }; + + powerManagement = { + enable = true; + }; + + networking = { + firewall = { + enable = true; + allowedTCPPorts = [80 443]; + }; + + hostName = "nixy"; + nameservers = ["127.0.0.1" "::1"]; + dhcpcd.extraConfig = "nohook resolv.conf"; + + extraHosts = '' + 192.168.88.171 jellyfin.mediabox.lan + 192.168.88.171 mediabox.lan + 192.168.88.171 qbittorrent.mediabox.lan + 192.168.88.1 router.lan + 192.168.88.231 workstation.lan + ''; + + networkmanager = { + enable = true; + dns = "none"; + wifi.backend = "iwd"; + }; + + wireless.iwd = { + enable = true; + settings = { + General = { + AddressRandomization = "network"; + #EnableNetworkConfiguration = true; + }; + }; + }; + }; + + time.timeZone = "Europe/Sarajevo"; + + nixpkgs.config.allowUnfree = true; + nixpkgs.overlays = [nix-xilinx.overlay]; + environment = { + homeBinInPath = true; + variables = { + PATH = "$HOME/.cargo/bin"; + }; + }; + + programs = { + gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + zsh.enable = true; + firejail.enable = true; + adb.enable = true; + wireshark.enable = true; + sway.enable = true; + }; + + # List services that you want to enable: + systemd = { + services = { + "zremap" = { + description = "Intercepts keyboard udev events"; + wants = ["systemd-udevd.service"]; + wantedBy = ["multi-user.target"]; + serviceConfig.Nice = -20; + script = '' + sleep 1 + ${zremap.defaultPackage.x86_64-linux}/bin/zremap \ + /dev/input/by-path/platform-i8042-serio-0-event-kbd + ''; + }; + }; + + extraConfig = '' + DefaultTimeoutStartSec=30s + DefaultTimeoutStopSec=30s + ''; + }; + + services = { + acpid.enable = true; + btrfs.autoScrub.enable = true; + dbus.enable = true; + fstrim.enable = true; + fwupd.enable = true; + ntp.enable = true; + openssh.enable = true; + printing.enable = true; + + pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + + xserver = { + enable = true; + dpi = 144; + libinput.enable = true; + desktopManager.xterm.enable = false; + displayManager = { + lightdm.enable = false; + startx.enable = true; + defaultSession = "none+i3"; + }; + windowManager.i3.enable = true; + }; + + udev = { + packages = [pkgs.rtl-sdr pkgs.openhantek6022]; + extraRules = '' + #Xilinx FTDI + ACTION=="add", ATTR{idVendor}=="0403", ATTR{manufacturer}=="Xilinx", MODE:="666" + + #Xilinx Digilent + ATTR{idVendor}=="1443", MODE:="666" + ACTION=="add", ATTR{idVendor}=="0403", ATTR{manufacturer}=="Digilent", MODE:="666" + ''; + }; + + tlp = { + enable = true; + }; + + actkbd = { + enable = true; + bindings = [ + { + keys = [113]; + events = ["key"]; + command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master toggle'"; + } + + { + keys = [114]; + events = ["key" "rep"]; + command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master 5%- unmute'"; + } + + { + keys = [115]; + events = ["key" "rep"]; + command = "/run/current-system/sw/bin/runuser -l akill -c 'amixer -q set Master 5%+ unmute'"; + } + + { + keys = [224]; + events = ["key"]; + command = "${pkgs.light}/bin/light -U 5"; + } + + { + keys = [225]; + events = ["key"]; + command = "${pkgs.light}/bin/light -A 5"; + } + ]; + }; + + dnscrypt-proxy2 = { + enable = true; + settings = { + ipv6_servers = true; + require_dnssec = true; + + sources.public-resolvers = { + urls = [ + "https://raw.githubusercontent.com/DNSCrypt/dnscrypt-resolvers/master/v3/public-resolvers.md" + "https://download.dnscrypt.info/resolvers-list/v3/public-resolvers.md" + ]; + cache_file = "/var/lib/dnscrypt-proxy2/public-resolvers.md"; + minisign_key = "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3"; + }; + }; + }; + + nix-serve = { + enable = false; + secretKeyFile = "/var/cache-priv-key.pem"; + }; + + journald.extraConfig = '' + SystemMaxUse=50M + ''; + + logind.extraConfig = '' + KillUserProcesses=yes + ''; + }; + + fonts = { + fontconfig = { + cache32Bit = true; + allowBitmaps = true; + useEmbeddedBitmaps = true; + defaultFonts = { + monospace = ["JetBrainsMono"]; + }; + }; + + packages = with pkgs; [ + dejavu_fonts + dina-font + fira-code + fira-code-symbols + font-awesome + font-awesome_4 + inconsolata + iosevka + jetbrains-mono + liberation_ttf + noto-fonts + noto-fonts-cjk + noto-fonts-emoji + proggyfonts + siji + terminus_font + terminus_font_ttf + ubuntu_font_family + ]; + }; + + virtualisation = { + containers.storage.settings = { + storage = { + driver = "btrfs"; + graphroot = "/var/lib/containers/storage"; + runroot = "/run/containers/storage"; + }; + }; + podman = { + enable = true; + autoPrune.enable = true; + dockerCompat = true; + }; + }; + + sound.enable = true; + + hardware = { + bluetooth = { + enable = true; + settings = { + General = { + Enable = "Source,Sink,Media,Socket"; + }; + }; + }; + + opengl = { + enable = true; + driSupport = true; + driSupport32Bit = true; + extraPackages = with pkgs; []; + }; + }; + + zramSwap = { + enable = false; + algorithm = "zstd"; + }; + + users.users.akill = { + isNormalUser = true; + shell = pkgs.zsh; + extraGroups = ["wireshark" "kvm" "tty" "audio" "sound" "adbusers" "dialout" "wheel"]; + }; +} diff --git a/flake.lock b/flake.lock index f19defd..a6c1c90 100644 --- a/flake.lock +++ b/flake.lock @@ -73,9 +73,7 @@ "nix-xilinx": { "inputs": { "flake-compat": "flake-compat", - "nixpkgs": [ - "nixpkgs" - ] + "nixpkgs": "nixpkgs" }, "locked": { "lastModified": 1685780173, @@ -93,18 +91,16 @@ }, "nixpkgs": { "locked": { - "lastModified": 1695830400, - "narHash": "sha256-gToZXQVr0G/1WriO83olnqrLSHF2Jb8BPcmCt497ro0=", - "owner": "nixos", + "lastModified": 1695806987, + "narHash": "sha256-fX5kGs66NZIxCMcpAGIpxuftajHL8Hil1vjHmjjl118=", + "owner": "NixOS", "repo": "nixpkgs", - "rev": "8a86b98f0ba1c405358f1b71ff8b5e1d317f5db2", + "rev": "f3dab3509afca932f3f4fd0908957709bb1c1f57", "type": "github" }, "original": { - "owner": "nixos", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" + "id": "nixpkgs", + "type": "indirect" } }, "nixpkgs-stable": { @@ -123,6 +119,22 @@ "type": "github" } }, + "nixpkgs_2": { + "locked": { + "lastModified": 1695830400, + "narHash": "sha256-gToZXQVr0G/1WriO83olnqrLSHF2Jb8BPcmCt497ro0=", + "owner": "nixos", + "repo": "nixpkgs", + "rev": "8a86b98f0ba1c405358f1b71ff8b5e1d317f5db2", + "type": "github" + }, + "original": { + "owner": "nixos", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "peerix": { "inputs": { "flake-compat": "flake-compat_2", @@ -149,7 +161,7 @@ "inputs": { "home-manager": "home-manager", "nix-xilinx": "nix-xilinx", - "nixpkgs": "nixpkgs", + "nixpkgs": "nixpkgs_2", "peerix": "peerix", "sops-nix": "sops-nix", "zremap": "zremap" diff --git a/flake.nix b/flake.nix index 8b059c4..70a6e84 100644 --- a/flake.nix +++ b/flake.nix @@ -1,13 +1,11 @@ { description = "NixOS configuration"; + inputs = { nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable"; - nix-xilinx = { - url = "gitlab:asmir.abdulahovic/nix-xilinx"; - inputs.nixpkgs.follows = "nixpkgs"; - }; + nix-xilinx.url = "gitlab:asmir.abdulahovic/nix-xilinx"; peerix = { url = "gitlab:asmir.abdulahovic/peerix";