From 20f537a4925681a6c1baa652e47d7c8d12d56204 Mon Sep 17 00:00:00 2001 From: Inex Code Date: Mon, 2 Dec 2024 12:40:42 +0300 Subject: [PATCH] Update to flakes --- Desktop/common.nix | 216 +++++++++++------- Desktop/configuration.nix | 2 + Desktop/flake.nix | 23 ++ Desktop/hardware-configuration.nix | 69 ++++++ Desktop/lockservice.nix | 17 ++ Desktop/modules/gnome.nix | 12 +- Desktop/modules/my_vim.nix | 47 ++-- Desktop/modules/vscode.nix | 109 +-------- Desktop/modules/zsh.nix | 10 +- Desktop/pipewire.nix | 84 ------- Desktop/pulsed.nix | 15 -- Desktop/software.nix | 111 ++++----- Laptop/configuration.nix | 354 +++++++++++++++++------------ Laptop/flake.nix | 18 ++ Laptop/{modules => }/gnome.nix | 14 +- Laptop/gns3.nix | 20 ++ Laptop/hardware-configuration.nix | 76 +++++++ Laptop/jacked.nix | 26 --- Laptop/modules/my_vim.nix | 25 -- Laptop/modules/vscode.nix | 96 -------- Laptop/pipewire.nix | 94 -------- Laptop/software.nix | 119 +++++----- Laptop/{modules => }/zsh.nix | 11 +- readme.md | 16 -- 24 files changed, 740 insertions(+), 844 deletions(-) create mode 100644 Desktop/flake.nix create mode 100644 Desktop/hardware-configuration.nix create mode 100644 Desktop/lockservice.nix delete mode 100644 Desktop/pulsed.nix create mode 100644 Laptop/flake.nix rename Laptop/{modules => }/gnome.nix (62%) create mode 100644 Laptop/gns3.nix create mode 100644 Laptop/hardware-configuration.nix delete mode 100644 Laptop/jacked.nix delete mode 100644 Laptop/modules/my_vim.nix delete mode 100644 Laptop/modules/vscode.nix delete mode 100644 Laptop/pipewire.nix rename Laptop/{modules => }/zsh.nix (84%) diff --git a/Desktop/common.nix b/Desktop/common.nix index 545e054..89817de 100644 --- a/Desktop/common.nix +++ b/Desktop/common.nix @@ -4,9 +4,6 @@ { config, pkgs, lib, fetchpatch, ... }: -let - unstable = import { }; -in { imports = [ @@ -16,41 +13,24 @@ in ./modules/gnome.nix ./modules/zsh.nix ./modules/vscode.nix - ./vscode.nix + # ./lockservice.nix + # ./vscode.nix ]; - nix.trustedUsers = [ "root" "inex" ]; + nix.settings.trusted-users = [ "root" "inex" ]; + nix.settings.experimental-features = [ "nix-command" "flakes" ]; nixpkgs.config = { allowUnfree = true; android_sdk.accept_license = true; + chromium = { + enableWideVine = true; + }; + permittedInsecurePackages = [ + "olm-3.2.16" + ]; }; - nixpkgs.overlays = [ - (self: super: - { - openhmd = super.openhmd.overrideAttrs (old: { - src = super.fetchFromGitHub { - owner = "OpenHMD"; - repo = "OpenHMD"; - rev = "dfac0203376552c5274976c42f0757b31310c483"; - sha256 = "1rm8iw03glfgnhggg221p8zycm9yjw84bv9ldb0vg2ygybds9m27"; - }; - }); - vscode-extensions = super.vscode-extensions // { - github.copilot = pkgs.vscode-utils.buildVscodeMarketplaceExtension { - mktplcRef = { - publisher = "github"; - name = "copilot"; - version = "1.22.5957"; - sha256 = "04jak6ml7l19ryv2q6qn7qvvgw31jllgvd9g8xlac89xnndsfl6s"; - }; - }; - }; - } - ) - ]; - # Use the systemd-boot EFI boot loader. boot.loader = { systemd-boot.enable = true; @@ -59,49 +39,42 @@ in grub.memtest86.enable = true; }; + boot.kernel.sysctl = { + "kernel.sysrq" = 1; + }; + boot.supportedFilesystems = [ "btrfs" "ntfs" ]; - fileSystems."/mediastorage" = { - device = "/dev/disk/by-uuid/aed202ac-7414-40b9-9d71-011b7043c850"; - fsType = "ext4"; - }; - - fileSystems."/backups" = { - device = "/dev/disk/by-uuid/63db910e-f906-4211-bac5-4330777c8283"; - fsType = "ext4"; - }; - - # fileSystems."/nvme" = { - # device = "/dev/disk/by-uuid/8c1c5508-ecaa-433d-87c0-49d131395ddd"; - # fsType = "btrfs"; - # }; - networking = { hostName = "inex-pc"; networkmanager.enable = true; useDHCP = false; interfaces = { - enp8s0 = { + enp39s0 = { useDHCP = true; }; - wlp5s0 = { + wlo1 = { useDHCP = true; }; }; + nameservers = [ "10.100.0.101" "8.8.8.8" ]; firewall = { - enable = false; - allowedTCPPorts = [ 8437 1716 51820 24642 27036 27037 24800 ]; - allowedUDPPorts = [ 8437 1716 51820 24642 27031 27036 24800 ]; + enable = true; + allowedTCPPorts = [ 8437 1716 51820 24642 27036 27037 24800 26000 3979 ]; + allowedUDPPorts = [ 8437 1716 51820 24642 27031 27036 24800 26000 3979 ]; checkReversePath = false; }; wireguard.interfaces = { wg0 = { # Determines the IP address and subnet of the client's end of the tunnel interface. - ips = [ "10.100.0.6/24" ]; - listenPort = 51820; + ips = [ + "10.100.0.6/24" + ]; + listenPort = 56987; + + + mtu = 1200; - postSetup = "${pkgs.iproute}/bin/ip route add 135.181.97.221 via 192.168.1.1"; - postShutdown = "${pkgs.iproute}/bin/ip route del 135.181.97.221 via 192.168.1.1"; # Path to the private key file. # @@ -122,13 +95,41 @@ in allowedIPs = [ "10.100.0.0/24" ]; # Set this to the server IP and port. - endpoint = "135.181.97.221:51820"; + endpoint = "192.168.1.127:51555"; + # Send keepalives every 25 seconds. Important to keep NAT tables alive. + persistentKeepalive = 25; + } + { + # Public key of the server (not a file path). + publicKey = "33y4aWkI645LztWgQrzkFJphrHQxYvHoduT+1OJQ7m8="; + + # Forward all the traffic via VPN. + #allowedIPs = [ "0.0.0.0/0" ]; + # Or forward only particular subnets + allowedIPs = [ "10.100.0.10/32" "10.100.0.11/32" ]; + + # Set this to the server IP and port. + endpoint = "192.168.1.10:51820"; # Send keepalives every 25 seconds. Important to keep NAT tables alive. persistentKeepalive = 25; } + ]; }; + # wg1 = { + # REDACTED + # }; + # wg2 = { + # REDACTED + # }; + + }; + hosts = { + "192.168.1.10" = [ "homelab.inex.cloud" ]; + "10.100.0.100" = [ "autumn-blaze.inex.cloud" ]; + #"192.168.1.3" = [ "fw.ponychord.rocks" ]; + "127.0.0.1" = [ "traefik.local" ]; }; }; @@ -144,23 +145,50 @@ in time.timeZone = "Europe/Moscow"; services = { - printing.enable = true; + yubikey-agent.enable = true; + printing = { + enable = true; + drivers = [ pkgs.hplipWithPlugin pkgs.cups-brother-dcpt310 ]; + }; + libinput.enable = true; xserver = { enable = true; - layout = "us"; - xkbVariant = "colemak"; - videoDrivers = [ "amdgpu" ]; - libinput.enable = true; + xkb.layout = "us"; + xkb.variant = "colemak"; + videoDrivers = [ "modesetting" ]; exportConfiguration = true; wacom.enable = true; }; + usbmuxd.enable = true; openssh = { enable = true; - passwordAuthentication = false; - forwardX11 = true; + settings = { + X11Forwarding = true; + PasswordAuthentication = false; + }; + }; + ollama = { + enable = true; + acceleration = "rocm"; + environmentVariables = { + HCC_AMDGPU_TARGET = "gfx1100"; # used to be necessary, but doesn't seem to anymore + }; + rocmOverrideGfx = "11.0.0"; }; flatpak.enable = true; udev.packages = [ + pkgs.platformio-core + pkgs.openocd + pkgs.yubikey-personalization + (pkgs.writeTextFile { + name = "yubikey-actions"; + text = '' + # ACTION=="remove", ENV{ID_MODEL_ID}=="0407", ENV{ID_VENDOR_ID}=="1050", RUN+="${pkgs.systemd}/bin/loginctl lock-sessions" + # ACTION=="remove", ENV{HID_NAME}=="Flipper Devices Inc. U2F Token", RUN+="${pkgs.systemd}/bin/loginctl lock-sessions" + ''; + destination = "/etc/udev/rules.d/50-yubikey-actions.rules"; + }) + (pkgs.writeTextFile { name = "wacom_udev"; text = '' @@ -173,25 +201,29 @@ in LABEL="wacom_end" ''; destination = "/etc/udev/rules.d/50-wacom.rules"; - }) ]; + }; - sound.enable = true; + #sound.enable = true; # Video driver hardware = { - opengl = { + graphics = { enable = true; - driSupport32Bit = true; - extraPackages = [ pkgs.amdvlk pkgs.rocm-opencl-icd pkgs.rocm-runtime pkgs.rocm-opencl-runtime ]; + extraPackages = [ pkgs.rocmPackages.clr.icd ]; + }; + sane = { + enable = true; + extraBackends = [ pkgs.hplipWithPlugin ]; + brscan4.enable = true; }; steam-hardware.enable = true; bluetooth = { enable = true; - package = pkgs.bluezFull; + package = pkgs.bluez; }; pulseaudio = { package = pkgs.pulseaudioFull; @@ -200,13 +232,29 @@ in }; }; - environment.variables.VK_ICD_FILENAMES = "${pkgs.amdvlk}/share/vulkan/icd.d/amd_icd64.json"; - programs = { + steam = { + enable = true; + # package = pkgs.steam.override { privateTmp = false; }; + remotePlay.openFirewall = true; + gamescopeSession = { + #enable = true; + #args = [ "--rt" "-O DP-1" "-W 3440" "-H 1440" "--hdr-enabled" ]; + }; + }; adb.enable = true; java = { enable = true; }; + gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + alvr = { + enable = true; + openFirewall = true; + }; + #k3b.enable = true; }; virtualisation = { @@ -217,6 +265,10 @@ in waydroid.enable = true; virtualbox.host = { enable = false; + # enableExtensionPack = true; + }; + libvirtd = { + enable = true; }; }; @@ -226,11 +278,14 @@ in isNormalUser = true; home = "/home/inex"; description = "Inex Code"; - extraGroups = [ "wheel" "networkmanager" "jackaudio" "audio" "video" "adbusers" "docker" "cdrom" ]; # Enable ‘sudo’ for the user. - openssh.authorizedKeys.keys = [ - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCzL0gmvpMOZbijqZOlTuNqtVHZGoNrxCiWJXIDcUwr1cx8M2o61qK/wNMZmyYGROpJbpsFERAjXIXBpwg2KQ3ONRL6q44nPrOSbHm3zL8pnFEvzM0BUKV1Mq2T1dM+geMhQnLrwZhOxvp3+9uhFSTPP/dVzWQ19pEiK5hHpXlD3eyO+LIaS/wkTJvBy/wCKz+O/coLyBQ+Mn5hGQaJAyDec/ovu8OhBkJbbvWp03F2zcWUCxwVfZ1VnLQxn7tk9L4iTw1+rDt0kaRQvVISV3KdqLJnPODku6eC38LcMfHIFXAWBdSUslGUl9Qkd1c+6Gorzt3BrfYL/HDW2Xk3UTQF inex-envy" - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCbUS/AblfzZcfr/iMxHJ5pubzCuriVTu12TKt1iRQFDjQDo+/j0/Ga07zqyB9VUhpJg/IOcJ6o2T4PBixNuHQQX5z4sb/tqzbx3buBz0HIp8VHRC3TtLAmsFj24AldxlADlQpGnlt+g3p200m2dwu/Yoe4+GD8Twwg6FCsyiRjstbfo89Kmwi9yVbXx5aBssscEkXBQODTpwOB05nCz3oUuvQ5ex+yH+o02cTlYyBoglgfzM6HzR0GkmCRDlx613nqa1+ICxwWY0cXMbhnUwDoJASk5eJovtmEqC29qJKABxZaKRYsaW3sMJiMOvPHf9BkVKp4uPINhLc5vopwZI10xsNOn75AXRptkHzenn7ymC+qwJr53Z1tAAfMb5ypJ+u+SE8wazd4x2CIFHH+LbaputqxyfUxNoMbFMGNXICDAOCCQ0nkax7Ifr1NlTp07zTYH6VP0kzqqYiAlBu5qo3qIi5dRsLvb6/McerDNhRmYh25Ww7zpEY4Q9uTWDZkCP8= u0_a122@localhost" - ]; + extraGroups = [ "wheel" "networkmanager" "jackaudio" "audio" "video" "render" "adbusers" "docker" "cdrom" "scanner" "lp" "libvirtd" "dialout" ]; + openssh.authorizedKeys.keys = [ ]; + }; + + + security.pam.services = { + login.u2fAuth = true; + sudo.u2fAuth = true; }; # This value determines the NixOS release from which the default @@ -240,7 +295,16 @@ in # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). system.stateVersion = "20.03"; # Did you read the comment? - system.autoUpgrade.enable = true; + system.autoUpgrade.enable = false; + + environment.sessionVariables.NIXOS_OZONE_WL = "1"; + + environment.variables = + { + # AMD_VULKAN_ICD = "RADV"; + DXVK_HDR = "1"; + ENABLE_GAMESCOPE_WSI = "1"; + }; environment.shellInit = '' export VST_PATH=/nix/var/nix/profiles/default/lib/vst:/var/run/current-system/sw/lib/vst:~/.vst diff --git a/Desktop/configuration.nix b/Desktop/configuration.nix index fed09fa..31c9805 100644 --- a/Desktop/configuration.nix +++ b/Desktop/configuration.nix @@ -15,6 +15,8 @@ in ./pipewire.nix ]; + #chaotic.hdr.enable = true; + # Video driver hardware = { pulseaudio = { diff --git a/Desktop/flake.nix b/Desktop/flake.nix new file mode 100644 index 0000000..b34dddc --- /dev/null +++ b/Desktop/flake.nix @@ -0,0 +1,23 @@ +{ + + inputs = { + #nixpkgs.url = "nixpkgs/nixos-unstable"; + nixpkgs.url = "path:/home/inex/dev/nixpkgs"; + inex-vscode.url = "git+https://inex.dev/inex-flakes/vscode"; + # chaotic.url = "github:chaotic-cx/nyx/nyxpkgs-unstable"; + }; + + + outputs = { self, nixpkgs, inex-vscode, ... }@attrs: { + nixosConfigurations.inex-pc = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = attrs; + modules = + [ + ./configuration.nix + ./pipewire.nix + #chaotic.nixosModules.default + ]; + }; + }; +} diff --git a/Desktop/hardware-configuration.nix b/Desktop/hardware-configuration.nix new file mode 100644 index 0000000..99e0a8c --- /dev/null +++ b/Desktop/hardware-configuration.nix @@ -0,0 +1,69 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ + (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ "amdgpu" ]; + boot.kernelModules = [ "kvm-amd" ]; + boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ]; + boot.kernel.sysctl = { "vm.swappiness" = 10; }; + + fileSystems."/ssd" = + { + device = "/dev/disk/by-uuid/026c76bc-1279-459e-8e63-7b44ca8158db"; + fsType = "btrfs"; + options = [ "compress=zstd" ]; + }; + + fileSystems."/boot" = + { + device = "/dev/disk/by-uuid/D9DD-3F47"; + fsType = "vfat"; + }; + + #fileSystems."/mediastorage" = { + # device = "/dev/disk/by-uuid/aed202ac-7414-40b9-9d71-011b7043c850"; + # fsType = "ext4"; + #}; + + fileSystems."/backups" = { + device = "/dev/disk/by-uuid/63db910e-f906-4211-bac5-4330777c8283"; + fsType = "ext4"; + }; + + fileSystems = { + "/" = { + device = "/dev/disk/by-uuid/7246a5a1-f5e9-44a0-9756-96c0571e3986"; + fsType = "btrfs"; + options = [ "subvol=root" "compress=zstd" ]; + }; + "/home" = { + device = "/dev/disk/by-uuid/7246a5a1-f5e9-44a0-9756-96c0571e3986"; + fsType = "btrfs"; + options = [ "subvol=home" "compress=zstd" ]; + }; + "/nix" = { + device = "/dev/disk/by-uuid/7246a5a1-f5e9-44a0-9756-96c0571e3986"; + fsType = "btrfs"; + options = [ "subvol=nix" "compress=zstd" "noatime" ]; + }; + "/var/lib/docker" = { + device = "/dev/disk/by-uuid/7246a5a1-f5e9-44a0-9756-96c0571e3986"; + fsType = "btrfs"; + options = [ "subvol=docker" "compress=zstd" "noatime" ]; + }; + }; + + swapDevices = + [ + # { device = "/dev/disk/by-uuid/27f0bffa-7705-40c4-af59-e2bd3e2e9f9d"; } + ]; + +} diff --git a/Desktop/lockservice.nix b/Desktop/lockservice.nix new file mode 100644 index 0000000..dcd52c4 --- /dev/null +++ b/Desktop/lockservice.nix @@ -0,0 +1,17 @@ +{ config, pkgs, lib, fetchpatch, ... }: + +{ + systemd.services."lock-inex" = { + description = "Lock Inex' session"; + environment = config.nix.envVars // { + DISPLAY = ":0"; + WAYLAND_DISPLAY = "wayland-0"; + }; + restartIfChanged = false; + serviceConfig = { + User = "inex"; + Type = "simple"; + ExecStart = "${pkgs.xdg-utils}/bin/xdg-screensaver lock"; + }; + }; +} diff --git a/Desktop/modules/gnome.nix b/Desktop/modules/gnome.nix index 890999b..d22c306 100644 --- a/Desktop/modules/gnome.nix +++ b/Desktop/modules/gnome.nix @@ -15,16 +15,20 @@ }; }; + services.gnome.gnome-remote-desktop.enable = true; - qt5.platformTheme = "gnome"; + qt.platformTheme = "gnome"; environment.systemPackages = with pkgs; [ - gnome.pomodoro - gnome.gnome-tweaks - gnome.networkmanager-openvpn + gnome-pomodoro + gnome-tweaks + gnome-remote-desktop + networkmanager-openvpn + mission-center rhythmbox evolution gnomeExtensions.gsconnect paper-icon-theme ]; } + diff --git a/Desktop/modules/my_vim.nix b/Desktop/modules/my_vim.nix index dd1ced4..cfcc97b 100644 --- a/Desktop/modules/my_vim.nix +++ b/Desktop/modules/my_vim.nix @@ -1,26 +1,29 @@ -{neovim, vimUtils, vimPlugins, stdenv, fetchgit}: +{ neovim, vimUtils, vimPlugins, stdenv, fetchgit }: -let custom_config='' -let g:airline_powerline_fonts = 1 -let g:airline_theme='dark' -''; -in neovim.override { - vimAlias = true; - configure = { - customRC = custom_config; - vam.pluginDictionaries = [ - { names = [ - "vim-sensible" - "vim-airline" - "vim-airline-themes" - "nerdtree" - "vim-nix" - "dart-vim-plugin" - "coc-nvim" - ]; - } - ]; - }; +let + custom_config = '' + let g:airline_powerline_fonts = 1 + let g:airline_theme='dark' + ''; +in +neovim.override { + vimAlias = true; + configure = { + customRC = custom_config; + vam.pluginDictionaries = [ + { + names = [ + "vim-sensible" + "vim-airline" + "vim-airline-themes" + "nerdtree" + "vim-nix" + "dart-vim-plugin" + "coc-nvim" + ]; + } + ]; + }; } diff --git a/Desktop/modules/vscode.nix b/Desktop/modules/vscode.nix index 4755345..4dc2fda 100644 --- a/Desktop/modules/vscode.nix +++ b/Desktop/modules/vscode.nix @@ -1,114 +1,9 @@ -{ config, pkgs, ... }: +{ config, pkgs, inex-vscode, ... }: -let - unstable = import { config.allowUnfree = true; }; - extensions = (with pkgs.vscode-extensions; [ - unstable.vscode-extensions.ms-vsliveshare.vsliveshare - arcticicestudio.nord-visual-studio-code - bbenoist.nix - davidanson.vscode-markdownlint - dbaeumer.vscode-eslint - jakebecker.elixir-ls - james-yu.latex-workshop - jnoortheen.nix-ide - mhutchie.git-graph - ms-azuretools.vscode-docker - ms-python.vscode-pylance - ms-python.python - ms-toolsai.jupyter - ms-vscode-remote.remote-ssh - ms-vscode.cpptools - github.copilot - ]) ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [ - { - name = "vscode-standardjs"; - publisher = "chenxsan"; - version = "1.4.1"; - sha256 = "0hiaqflp0d3k2pq3p44wrpyn4v6n0x660f4v47nf9bsdn5lidih3"; - } - { - name = "npm-intellisense"; - publisher = "christian-kohler"; - version = "1.4.1"; - sha256 = "0hph57g8fbwrvj1sdzc7vqsiaf7n2qzvkakc9ir0kkkwwdxc6c5a"; - } - { - name = "dart-code"; - publisher = "Dart-Code"; - version = "3.40.0"; - sha256 = "1cvibhazgz42zzwlk354sihrimw26qvgsq5nirvwx4v27gcirq81"; - } - { - name = "flutter"; - publisher = "Dart-Code"; - version = "3.40.0"; - sha256 = "0yxkqr6ajpdl06rxxad4c1zx5ci4sbaj2lk2xl9bws51imn58wry"; - } - { - name = "vscode-html-css"; - publisher = "ecmel"; - version = "1.12.2"; - sha256 = "059s1yg0b875b3ijhwgpg8v408as5z6r876jv5jing1vjb20pgvb"; - } - { - name = "vscode-npm-script"; - publisher = "eg2"; - version = "0.3.25"; - sha256 = "0z01i0fhl0phmz5bx5fh80flarldk7sdqgr14vx9kjz5yjzz48ys"; - } - { - name = "vsc-community-material-theme"; - publisher = "Equinusocio"; - version = "1.4.4"; - sha256 = "005l4pr9x3v6x8450jn0dh7klv0pv7gv7si955r7b4kh19r4hz9y"; - } - { - name = "vsc-material-theme"; - publisher = "Equinusocio"; - version = "33.4.0"; - sha256 = "11ljird5ja3r0ada639k0bdfdfq2rx0q49nh42cpglg3djh4mn06"; - } - { - name = "vsc-material-theme-icons"; - publisher = "equinusocio"; - version = "2.3.1"; - sha256 = "1djm4k3hcn4aq63d4mxs2n4ffq5x1qr82q6gxwi5pmabrb0hrb30"; - } - { - name = "vscode-firefox-debug"; - publisher = "firefox-devtools"; - version = "2.9.6"; - sha256 = "0mx70gyigz26x56r01vvpdrvgs10zzqzv204jbkjzfwh4za45zv7"; - } - { - name = "vscode-systemd-support"; - publisher = "hangxingliu"; - version = "1.0.1"; - sha256 = "0f7j6y1jngicm475nilx08j55d94nnmymifxcbkszlxg0lnjrqys"; - } - { - name = "materialdesignicons-intellisense"; - publisher = "lukas-tr"; - version = "4.0.0"; - sha256 = "1748pj3jcgddpiamcs4ii2bjsmn9m9fx0dn2swfki8c6ibwrhy0w"; - } - { - name = "remote-containers"; - publisher = "ms-vscode-remote"; - version = "0.234.0"; - sha256 = "07mx08nwvw7jdlvkbr5iwikrcriib4zc1im1lbrqxjv7paj1an86"; - } - - ]; - vscode-with-extensions = pkgs.vscode-with-extensions.override { - vscodeExtensions = extensions; - }; - -in { config = { environment.systemPackages = [ - vscode-with-extensions + inex-vscode.packages.x86_64-linux.default ]; }; } diff --git a/Desktop/modules/zsh.nix b/Desktop/modules/zsh.nix index ada9f31..7b619c2 100644 --- a/Desktop/modules/zsh.nix +++ b/Desktop/modules/zsh.nix @@ -4,7 +4,7 @@ users.defaultUserShell = pkgs.zsh; programs.zsh = { enable = true; - interactiveShellInit = "ponysay -q"; + # interactiveShellInit = "ponysay -q"; autosuggestions = { enable = true; }; @@ -13,10 +13,10 @@ }; ohMyZsh = { enable = true; - plugins = [ - "git" - "python" - "man" + plugins = [ + "git" + "python" + "man" "z" "catimg" "copyfile" diff --git a/Desktop/pipewire.nix b/Desktop/pipewire.nix index 69b283c..3b09df3 100644 --- a/Desktop/pipewire.nix +++ b/Desktop/pipewire.nix @@ -3,90 +3,6 @@ services = { pipewire = { enable = true; - config.pipewire = { - "context.properties" = { - "link.max-buffers" = 16; - "log.level" = 2; - "default.clock.rate" = 48000; - "default.clock.quantum" = 512; - "default.clock.min-quantum" = 512; - "default.clock.max-quantum" = 512; - "core.daemon" = true; - "core.name" = "pipewire-0"; - }; - "context.modules" = [ - { - name = "libpipewire-module-rtkit"; - args = { - "nice.level" = -15; - "rt.prio" = 88; - "rt.time.soft" = 200000; - "rt.time.hard" = 200000; - }; - flags = [ "ifexists" "nofail" ]; - } - { name = "libpipewire-module-protocol-native"; } - { name = "libpipewire-module-profiler"; } - { name = "libpipewire-module-metadata"; } - { name = "libpipewire-module-spa-device-factory"; } - { name = "libpipewire-module-spa-node-factory"; } - { name = "libpipewire-module-client-node"; } - { name = "libpipewire-module-client-device"; } - { - name = "libpipewire-module-portal"; - flags = [ "ifexists" "nofail" ]; - } - { - name = "libpipewire-module-access"; - args = { }; - } - { name = "libpipewire-module-adapter"; } - { name = "libpipewire-module-link-factory"; } - { name = "libpipewire-module-session-manager"; } - ]; - }; - config.pipewire-pulse = { - "context.properties" = { - "log.level" = 2; - }; - "context.modules" = [ - { - name = "libpipewire-module-rtkit"; - args = { - "nice.level" = -15; - "rt.prio" = 88; - "rt.time.soft" = 200000; - "rt.time.hard" = 200000; - }; - flags = [ "ifexists" "nofail" ]; - } - { name = "libpipewire-module-protocol-native"; } - { name = "libpipewire-module-client-node"; } - { name = "libpipewire-module-adapter"; } - { name = "libpipewire-module-metadata"; } - { - name = "libpipewire-module-protocol-pulse"; - args = { - "pulse.min.req" = "512/48000"; - "pulse.default.req" = "512/48000"; - "pulse.max.req" = "512/48000"; - "pulse.min.quantum" = "512/48000"; - "pulse.max.quantum" = "512/48000"; - "server.address" = [ "unix:native" ]; - }; - } - ]; - "stream.properties" = { - "node.latency" = "512/48000"; - "resample.quality" = 1; - }; - }; - config.jack = { - "jack.properties" = { - "node.latency" = "512/48000"; - "node.lock-quantum" = true; - }; - }; pulse.enable = true; jack.enable = true; }; diff --git a/Desktop/pulsed.nix b/Desktop/pulsed.nix deleted file mode 100644 index 7b5a891..0000000 --- a/Desktop/pulsed.nix +++ /dev/null @@ -1,15 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = - [ - ./common.nix - ]; - - services.pipewire = { - pulse.enable = false; - }; - - hardware.pulseaudio.enable = true; - -} diff --git a/Desktop/software.nix b/Desktop/software.nix index d091a22..54d91ca 100644 --- a/Desktop/software.nix +++ b/Desktop/software.nix @@ -1,18 +1,8 @@ -{ config, pkgs, ... }: +{ config, pkgs, inex-vscode, ... }: -let - unstable = import { config.allowUnfree = true; }; - MyOBS = pkgs.wrapOBS.override { obs-studio = pkgs.obs-studio; } { - plugins = with pkgs.obs-studio-plugins; [ - wlrobs - obs-gstreamer - obs-multi-rtmp - ]; -}; -in { environment.systemPackages = with pkgs; [ - # Utils + # Utils pciutils usbutils i2c-tools @@ -26,7 +16,17 @@ in nmap libcec clinfo - alfis + #alfis + + dfu-util + dfu-programmer + hackrf + + #growisofs + + rocmPackages.rocm-smi + rocmPackages.rocminfo + # File systems gparted @@ -40,7 +40,7 @@ in appimage-run # Manuals - unstable.manix + manix tldr # Terminal @@ -49,14 +49,10 @@ in tmux neofetch ponysay - bpytop + btop httpie htop - # Voice - speechd - rhvoice - # Wireguard #wireguard #wireguard-tools @@ -70,10 +66,10 @@ in # Browsers firefox ungoogled-chromium - unstable.tor-browser-bundle-bin + tor-browser-bundle-bin # Downloaders - transmission-gtk + transmission_4-gtk syncthing wget yt-dlp @@ -81,40 +77,36 @@ in # Messangers tdesktop mumble - qtox + #qtox dino gomuks deltachat-desktop # Games - steam + #steam steam-run-native openttd - minecraft + #minecraft + minetest vulkan-tools wineWowPackages.stable winetricks protontricks xonotic - cataclysm-dda + # cataclysm-dda + sidequest lutris - bottles - - # VR - monado - openhmd # VCS git gitAndTools.git-bug + git-cliff # IDE - + inex-vscode.packages.x86_64-linux.default (pkgs.callPackage ./modules/my_vim.nix { }) - lens - postman - androidStudioPackages.canary + android-studio # Compilers and interpretators ccls @@ -125,6 +117,11 @@ in nodejs nixpkgs-fmt pandoc + racket + dart + nil + go + hugo # Docker and orchestration ansible @@ -137,58 +134,64 @@ in # Screen recording obs-studio + gpu-screen-recorder-gtk kooha # Graphics krita - gmic_krita_qt potrace ffmpeg - blender - unstable.shotwell + #blender-hip + shotwell inkscape kdenlive + davinci-resolve + libheif + digikam # Audio audacity # lmms picard - cmus - spotify - pulseeffects-pw - - vlc - syncplay + # cmus + #spotify + easyeffects + #clementine + #vlc + # syncplay mpv - brasero - libsForQt5.k3b + #ylibsForQt5.k3b # DAW - zrythm - distrho + # zrythm + # distrho helvum zam-plugins x42-plugins helm zyn-fusion - lsp-plugins + #lsp-plugins ardour # Documents - anki + #anki libreoffice - homebank klavaro liberation_ttf keepassxc glow - unstable.obsidian + obsidian aegisub + texlive.combined.scheme-full + archi - # Themes - paper-icon-theme - plata-theme + # iPhone passthru + usbmuxd + socat + zotero + + timewarrior ]; } diff --git a/Laptop/configuration.nix b/Laptop/configuration.nix index abccc97..f73b213 100644 --- a/Laptop/configuration.nix +++ b/Laptop/configuration.nix @@ -1,93 +1,123 @@ -# Edit this configuration file to define what should be installed on -# your system. Help is available in the configuration.nix(5) man page -# and in the NixOS manual (accessible by running ‘nixos-help’). -{ config, pkgs, ... }: +{ config, pkgs, lib, fetchpatch, ... }: -let - nvidia-offload = pkgs.writeShellScriptBin "nvidia-offload" '' - export __NV_PRIME_RENDER_OFFLOAD=1 - export __NV_PRIME_RENDER_OFFLOAD_PROVIDER=NVIDIA-G0 - export __GLX_VENDOR_LIBRARY_NAME=nvidia - export __VK_LAYER_NV_optimus=NVIDIA_only - exec -a "$0" "$@" - ''; -in { imports = - [ - # Include the results of the hardware scan. + [ # Include the results of the hardware scan. ./hardware-configuration.nix ./software.nix - ./modules/gnome.nix - # ./modules/i3.nix - ./modules/zsh.nix - ./pipewire.nix + ./gnome.nix + ./zsh.nix + ./gns3.nix ]; + # Use the systemd-boot EFI boot loader. + boot = { + loader = { + systemd-boot.enable = true; + efi.canTouchEfiVariables = true; + }; + extraModulePackages = with config.boot.kernelPackages; [ + v4l2loopback.out + ]; + kernelModules = [ + "v4l2loopback" + ]; + extraModprobeConfig = '' + options v4l2loopback exclisive_caps=1 card_label="Virtual Camera" + ''; + + supportedFilesystems = [ "btrfs" "ntfs" ]; + }; + + nix.settings = { + experimental-features = [ "nix-command" "flakes" ]; + trusted-users = [ "root" "inex" ]; + }; + nixpkgs.config = { allowUnfree = true; - # allowBroken = true; android_sdk.accept_license = true; - chromium.enableWideVine = true; + chromium = { + enableWideVine = true; + }; + permittedInsecurePackages = [ + #"electron-25.9.0" + "electron-30.5.1" + "olm-3.2.16" + ]; }; - nixpkgs.overlays = [ - (self: super: - { - vscode-extensions = super.vscode-extensions // { - github.copilot = pkgs.vscode-utils.buildVscodeMarketplaceExtension { - mktplcRef = { - publisher = "github"; - name = "copilot"; - version = "1.30.6165"; - sha256 = "2Y4zQphaPzTjvOJ4EluaVNFksJ2/PL7UE5ceAW7da6Q="; - }; - }; - }; - } - ) - ]; - - - # Use the systemd-boot EFI boot loader. - boot.loader.systemd-boot.enable = true; - boot.loader.efi.canTouchEfiVariables = true; - - # Networking - networking = { - hostName = "inex-hp-envy"; + hostName = "inex-framework"; networkmanager.enable = true; useDHCP = false; - interfaces = { - enp7s0 = { - useDHCP = true; - }; - wlp8s0 = { - useDHCP = true; - }; - }; firewall = { enable = false; - allowedTCPPorts = [ 3979 1716 51820 24642 ]; - allowedUDPPorts = [ 3979 1716 51820 24642 ]; + allowedTCPPorts = [ 8437 1716 51820 24642 27036 27037 24800 26000 3979 21000 21013 ]; + allowedUDPPorts = [ 8437 1716 51820 24642 27031 27036 24800 26000 3979 60001 ]; + checkReversePath = true; }; + nameservers = [ "10.100.0.101" ]; + hosts = { - "195.201.86.153" = [ "derpy" "server" ]; - "64.227.64.222" = [ "wireguard" ]; - "192.168.1.2" = [ "openhab" ]; - "188.126.61.194" = [ "home" ]; + "10.100.100.3" = [ "sonarqube.selfprivacy" ]; + "10.100.100.1" = [ "grafana.lan" "prometheus.lan" "blackbox.lan" ]; + "192.168.1.10" = [ "homelab.inex.cloud" ]; + "10.100.0.100" = [ "autumn-blaze.inex.cloud" ]; + #"192.168.1.3" = [ "fw.ponychord.rocks" ]; + }; + interfaces = { + # enp0s13f0u1c2 = { + # useDHCP = true; + # }; + # wlp0s20f3 = { + # useDHCP = true; + # }; }; wireguard.interfaces = { wg0 = { + # Determines the IP address and subnet of the client's end of the tunnel interface. ips = [ "10.100.0.2/24" ]; - privateKeyFile = "/home/inex/wireguard-keys/private"; + listenPort = 51839; + + #postSetup = "${pkgs.iproute}/bin/ip route add REDACTED_SERVER_IP via 192.168.1.1"; + #postShutdown = "${pkgs.iproute}/bin/ip route del REDACTED_SERVER_IP via 192.168.1.1"; + + # Path to the private key file. + # + # Note: The private key can also be included inline via the privateKey option, + # but this makes the private key world-readable; thus, using privateKeyFile is + # recommended. + privateKeyFile = "/etc/nixos/wireguard-keys/private"; + + # mtu = 1200; + + preSetup = '' + ${pkgs.udp2raw}/bin/udp2raw -c -l 127.0.0.1:51820 -r REDACTED_SERVER_IP:9853 -k "REDACTED_KEY" --raw-mode faketcp -a --log-level 0 & + ''; + + postShutdown = '' + ${pkgs.procps}/bin/pkill -f "udp2raw.*:51820" + ''; + + peers = [ + # For a client configuration, one peer entry for the server will suffice. { + # Public key of the server (not a file path). publicKey = "8sEAHYhydEGKTVecXcOb28zeGHGLGCsri5evbSQV8mY="; - allowedIPs = [ "10.100.0.0/24" ]; - endpoint = "135.181.97.221:51820"; + + # Forward all the traffic via VPN. + #allowedIPs = [ "0.0.0.0/0" ]; + # Or forward only particular subnets + allowedIPs = [ "10.100.0.0/24" "::/0" ]; + + # Set this to the server IP and port. + # endpoint = "REDACTED_SERVER_IP:51820"; + endpoint = "127.0.0.1:51820"; + + # Send keepalives every 25 seconds. Important to keep NAT tables alive. persistentKeepalive = 25; } ]; @@ -95,84 +125,113 @@ in }; }; - # BLuetooth and audio - sound.enable = true; + console = { + font = "Lat2-Terminus16"; + # keyMap = "de"; + useXkbConfig = true; + }; + + # time.timeZone = "Asia/Tbilisi"; + time.timeZone = "Europe/Moscow"; + + services = { + yubikey-agent.enable = true; + printing = { + enable = true; + drivers = [ pkgs.hplipWithPlugin pkgs.brlaser pkgs.brgenml1lpr pkgs.brgenml1cupswrapper pkgs.gutenprint pkgs.gutenprintBin ]; + }; + libinput.enable = true; + xserver = { + enable = true; + xkb.layout = "us"; + xkb.variant = "colemak"; + videoDrivers = [ "modesetting" ]; + exportConfiguration = true; + wacom.enable = true; + }; + pipewire = { + enable = true; + pulse.enable = true; + jack.enable = true; + }; + usbmuxd.enable = true; + openssh = { + enable = true; + settings = { + X11Forwarding = true; + PasswordAuthentication = false; + }; + }; + flatpak.enable = true; + udev.packages = [ + pkgs.yubikey-personalization + (pkgs.writeTextFile { + name = "yubikey-actions"; + text = '' + # ACTION=="remove", ENV{ID_MODEL_ID}=="0407", ENV{ID_VENDOR_ID}=="1050", RUN+="${pkgs.systemd}/bin/loginctl lock-sessions" + # ACTION=="remove", ENV{HID_NAME}=="Flipper Devices Inc. U2F Token", RUN+="${pkgs.systemd}/bin/loginctl lock-sessions" + ''; + destination = "/etc/udev/rules.d/50-yubikey-actions.rules"; + }) + + (pkgs.writeTextFile { + name = "wacom_udev"; + text = '' + KERNEL!="event[0-9]*", GOTO="wacom_end" + DRIVERS=="wacom", ATTRS{bInterfaceNumber}=="00", ENV{WACOM_TYPE}="stylus" + DRIVERS=="wacom", ATTRS{bInterfaceNumber}=="01", ENV{WACOM_TYPE}="touch" + ATTRS{idVendor}=="056a", ENV{WACOM_TYPE}!="touch", SYMLINK+="input/wacom" + ATTRS{idVendor}=="056a", ENV{WACOM_TYPE}=="touch", SYMLINK+="input/wacom-touch" + #ATTRS{idVendor}=="056a", ACTION=="add", RUN+="check_driver wacom $devpath $env{ID_BUS}" + LABEL="wacom_end" + ''; + destination = "/etc/udev/rules.d/50-wacom.rules"; + }) + ]; + }; + + powerManagement.powerDownCommands = '' + ${pkgs.fw-ectool}/bin/ectool led left blue + ''; + powerManagement.resumeCommands = '' + ${pkgs.fw-ectool}/bin/ectool led left auto + ''; + + hardware.pulseaudio.enable = false; hardware = { - bluetooth = { + graphics = { enable = true; - package = pkgs.bluezFull; - }; - pulseaudio = { - enable = false; - package = pkgs.pulseaudioFull; - support32Bit = true; - extraModules = [ pkgs.pulseaudio-modules-bt ]; + extraPackages = [ pkgs.libva pkgs.vaapiVdpau pkgs.libvdpau-va-gl pkgs.intel-compute-runtime pkgs.intel-media-driver ]; }; sane = { enable = true; + extraBackends = [ pkgs.hplipWithPlugin ]; brscan4.enable = true; }; - }; - - # Select internationalisation properties. - # i18n = { - # consoleFont = "Lat2-Terminus16"; - # consoleKeyMap = "us"; - # defaultLocale = "en_US.UTF-8"; - # }; - - # Set your time zone. - time.timeZone = "Europe/Moscow"; - - # List services that you want to enable: - - # Enable CUPS to print documents. - services.printing = { - enable = true; - drivers = [ pkgs.gutenprint ]; - }; - - services.flatpak.enable = true; - - # Enable the X11 windowing system. - services.xserver = { - enable = true; - layout = "us"; - xkbVariant = "colemak"; - videoDrivers = [ "nvidia" ]; - libinput.enable = true; - exportConfiguration = true; - wacom.enable = true; - #xkbOptions = "eurosign:e"; - #displayManager.startx.enable = true; - }; - - boot.kernelParams = [ "modprobe.blacklist=dvb_usb_rtl28xxu" ]; - services.udev.packages = [ pkgs.rtl-sdr ]; - - # Video driver - hardware = { - opengl = { + steam-hardware.enable = true; + bluetooth = { enable = true; - driSupport32Bit = true; - }; - nvidia = { - modesetting.enable = true; - prime = { - offload.enable = true; - # allowExternalGpu = true; - nvidiaBusId = "PCI:1:0:0"; - intelBusId = "PCI:0:2:0"; - }; + package = pkgs.bluez; }; }; programs = { adb.enable = true; + steam = { + enable = true; + }; java = { enable = true; }; + gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + direnv = { + enable = true; + }; + thunderbird.enable = true; }; virtualisation = { @@ -180,36 +239,33 @@ in enable = true; enableOnBoot = false; }; - }; - - hardware.steam-hardware.enable = true; - - # Define a user account. Don't forget to set a password with ‘passwd’. - users.users = { - inex = { - isNormalUser = true; - home = "/home/inex"; - description = "Inex Code"; - extraGroups = [ "wheel" "user-with-access-to-virtualbox" "networkmanager" "jackaudio" "audio" "video" "adbusers" "docker" "scanner" "lp" "plugdev" ]; # Enable ‘sudo’ for the user. + virtualbox.host = { + enable = true; + # enableExtensionPack = true; }; - + libvirtd = { + enable = true; + }; + waydroid.enable = true; }; - # This value determines the NixOS release with which your system is to be - # compatible, in order to avoid breaking some software such as database - # servers. You should change this only after NixOS release notes say you - # should. - system.stateVersion = "22.05"; # Did you read the comment?} + users.users.inex = { + isNormalUser = true; + home = "/home/inex"; + description = "Inex Code"; + extraGroups = [ "wheel" "networkmanager" "jackaudio" "audio" "video" "render" "adbusers" "docker" "cdrom" "scanner" "lp" "libvirtd" "dialout" ]; + openssh.authorizedKeys.keys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICQmWNN9YccQecQUOB0n4jYH76gEgSAs4d66eFUZoobt inex@inex-pc" + ]; + }; - environment.shellInit = '' - export VST_PATH=/nix/var/nix/profiles/default/lib/vst:/var/run/current-system/sw/lib/vst:~/.vst - export LXVST_PATH=/nix/var/nix/profiles/default/lib/lxvst:/var/run/current-system/sw/lib/lxvst:~/.lxvst - export LADSPA_PATH=/nix/var/nix/profiles/default/lib/ladspa:/var/run/current-system/sw/lib/ladspa:~/.ladspa - export LV2_PATH=/nix/var/nix/profiles/default/lib/lv2:/var/run/current-system/sw/lib/lv2:~/.lv2 - export DSSI_PATH=/nix/var/nix/profiles/default/lib/dssi:/var/run/current-system/sw/lib/dssi:~/.dssi - export VST3_PATH=/nix/var/nix/profiles/default/lib/vst3:/var/run/current-system/sw/lib/vst3:~/.vst3 - ''; + environment.sessionVariables.NIXOS_OZONE_WL = "1"; + security.pam.services = { + login.u2fAuth = true; + sudo.u2fAuth = true; + }; + system.stateVersion = "23.05"; # Did you read the comment? } diff --git a/Laptop/flake.nix b/Laptop/flake.nix new file mode 100644 index 0000000..17ea5c4 --- /dev/null +++ b/Laptop/flake.nix @@ -0,0 +1,18 @@ +{ + inputs = { + nixpkgs.url = "nixpkgs/nixos-unstable"; + inex-vscode.url = "git+https://inex.dev/inex-flakes/vscode"; + nixos-hardware.url = "github:NixOS/nixos-hardware/master"; + }; + outputs = { self, nixpkgs, nixos-hardware, ... }@attrs: { + nixosConfigurations.inex-framework = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + specialArgs = attrs; + modules = + [ + ./configuration.nix + nixos-hardware.nixosModules.framework-11th-gen-intel + ]; + }; + }; +} diff --git a/Laptop/modules/gnome.nix b/Laptop/gnome.nix similarity index 62% rename from Laptop/modules/gnome.nix rename to Laptop/gnome.nix index 471f91b..ac17564 100644 --- a/Laptop/modules/gnome.nix +++ b/Laptop/gnome.nix @@ -6,7 +6,8 @@ displayManager = { gdm = { enable = true; - wayland = false; + wayland = true; + autoSuspend = true; }; }; desktopManager = { @@ -14,13 +15,14 @@ }; }; - - qt5.platformTheme = "gnome"; + qt.platformTheme = "gnome"; environment.systemPackages = with pkgs; [ - gnome.pomodoro - gnome.gnome-tweaks - evolution + gnome-pomodoro + gnome-tweaks + gnome.gnome-remote-desktop + gnome.networkmanager-openvpn + rhythmbox gnomeExtensions.gsconnect paper-icon-theme ]; diff --git a/Laptop/gns3.nix b/Laptop/gns3.nix new file mode 100644 index 0000000..a1dd08e --- /dev/null +++ b/Laptop/gns3.nix @@ -0,0 +1,20 @@ +{ config, pkgs, ... }: + +{ + environment.systemPackages = with pkgs; [ + gns3-gui + gns3-server + inetutils + dynamips + ubridge + vpcs + ]; + + security.wrappers.ubridge = { + source = "/run/current-system/sw/bin/ubridge"; + capabilities = "cap_net_admin,cap_net_raw=ep"; + owner = "root"; + group = "users"; + permissions = "u+rx,g+x"; + }; +} diff --git a/Laptop/hardware-configuration.nix b/Laptop/hardware-configuration.nix new file mode 100644 index 0000000..9af6a51 --- /dev/null +++ b/Laptop/hardware-configuration.nix @@ -0,0 +1,76 @@ +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot = { + initrd = { + availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "usb_storage" "usbhid" "sd_mod" ]; + kernelModules = [ "dm-snapshot" "vfat" "nls_cp437" "nls_iso8859-1" "usbhid" ]; + luks.yubikeySupport = true; + luks.devices = { + "nixos-enc" = { + device = "/dev/nvme0n1p2"; + preLVM = true; + yubikey = { + slot = 2; + twoFactor = true; # Set to false if you did not set up a user password. + storage = { + device = "/dev/nvme0n1p1"; + }; + }; + }; + }; + }; + kernelModules = [ "kvm-intel" ]; + extraModulePackages = [ ]; + kernel.sysctl = { "vm.swappiness" = 5;}; + }; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/b4f478f3-1f32-48ba-a461-f07a91cabc34"; + fsType = "btrfs"; + options = [ "subvol=root" "compress=zstd" ]; + }; + + fileSystems."/home" = + { device = "/dev/disk/by-uuid/b4f478f3-1f32-48ba-a461-f07a91cabc34"; + fsType = "btrfs"; + options = [ "subvol=home" "compress=zstd" ]; + }; + + fileSystems."/nix" = + { device = "/dev/disk/by-uuid/b4f478f3-1f32-48ba-a461-f07a91cabc34"; + fsType = "btrfs"; + options = [ "subvol=nix" "compress=zstd" "noatime" ]; + }; + + fileSystems."/var/lib/docker" = + { device = "/dev/disk/by-uuid/b4f478f3-1f32-48ba-a461-f07a91cabc34"; + fsType = "btrfs"; + options = [ "subvol=docker" "compress=zstd" "noatime" ]; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/6D12-4D2B"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/0ab39d9b-9a74-4f3e-b8ae-5674b2a701dd"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.enp0s13f0u1c2.useDHCP = lib.mkDefault true; + # networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/Laptop/jacked.nix b/Laptop/jacked.nix deleted file mode 100644 index 5d824bc..0000000 --- a/Laptop/jacked.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ config, pkgs, ... }: - -{ - imports = - [ - ./configuration.nix - ]; - - services.jack = { - alsa = { - enable = true; - support32Bit = true; - }; - jackd = { - enable = true; - }; - }; - - environment.systemPackages = [ - pkgs.ardour - # pkgs.cadence - pkgs.qjackctl - ]; - -} - diff --git a/Laptop/modules/my_vim.nix b/Laptop/modules/my_vim.nix deleted file mode 100644 index 653e3dc..0000000 --- a/Laptop/modules/my_vim.nix +++ /dev/null @@ -1,25 +0,0 @@ -{neovim, vimUtils, vimPlugins, stdenv, fetchgit}: - -let custom_config='' -let g:airline_powerline_fonts = 1 -let g:airline_theme='dark' -''; -in neovim.override { - vimAlias = true; - configure = { - customRC = custom_config; - vam.pluginDictionaries = [ - { names = [ - "vim-sensible" - "vim-airline" - "vim-airline-themes" - "nerdtree" - "vim-nix" - "dart-vim-plugin" - "coc-nvim" - ]; - } - ]; - }; -} - diff --git a/Laptop/modules/vscode.nix b/Laptop/modules/vscode.nix deleted file mode 100644 index d311d6e..0000000 --- a/Laptop/modules/vscode.nix +++ /dev/null @@ -1,96 +0,0 @@ -{ config, pkgs, ... }: - -let - unstable = import { config.allowUnfree = true; }; - extensions = (with pkgs.vscode-extensions; [ - unstable.vscode-extensions.ms-vsliveshare.vsliveshare - arcticicestudio.nord-visual-studio-code - bbenoist.nix - davidanson.vscode-markdownlint - dbaeumer.vscode-eslint - jakebecker.elixir-ls - james-yu.latex-workshop - jnoortheen.nix-ide - mhutchie.git-graph - ms-azuretools.vscode-docker - ms-python.vscode-pylance - ms-python.python - ms-toolsai.jupyter - ms-vscode-remote.remote-ssh - ms-vscode.cpptools - github.copilot - ]) ++ pkgs.vscode-utils.extensionsFromVscodeMarketplace [ - { - name = "vscode-standardjs"; - publisher = "chenxsan"; - version = "1.4.1"; - sha256 = "0hiaqflp0d3k2pq3p44wrpyn4v6n0x660f4v47nf9bsdn5lidih3"; - } - { - name = "npm-intellisense"; - publisher = "christian-kohler"; - version = "1.4.1"; - sha256 = "0hph57g8fbwrvj1sdzc7vqsiaf7n2qzvkakc9ir0kkkwwdxc6c5a"; - } - { - name = "dart-code"; - publisher = "Dart-Code"; - version = "3.40.0"; - sha256 = "1cvibhazgz42zzwlk354sihrimw26qvgsq5nirvwx4v27gcirq81"; - } - { - name = "flutter"; - publisher = "Dart-Code"; - version = "3.40.0"; - sha256 = "0yxkqr6ajpdl06rxxad4c1zx5ci4sbaj2lk2xl9bws51imn58wry"; - } - { - name = "vscode-html-css"; - publisher = "ecmel"; - version = "1.12.2"; - sha256 = "059s1yg0b875b3ijhwgpg8v408as5z6r876jv5jing1vjb20pgvb"; - } - { - name = "vscode-npm-script"; - publisher = "eg2"; - version = "0.3.25"; - sha256 = "0z01i0fhl0phmz5bx5fh80flarldk7sdqgr14vx9kjz5yjzz48ys"; - } - { - name = "vsc-material-theme-icons"; - publisher = "equinusocio"; - version = "2.3.1"; - sha256 = "1djm4k3hcn4aq63d4mxs2n4ffq5x1qr82q6gxwi5pmabrb0hrb30"; - } - { - name = "vscode-systemd-support"; - publisher = "hangxingliu"; - version = "1.0.1"; - sha256 = "0f7j6y1jngicm475nilx08j55d94nnmymifxcbkszlxg0lnjrqys"; - } - { - name = "materialdesignicons-intellisense"; - publisher = "lukas-tr"; - version = "4.0.0"; - sha256 = "1748pj3jcgddpiamcs4ii2bjsmn9m9fx0dn2swfki8c6ibwrhy0w"; - } - { - name = "remote-containers"; - publisher = "ms-vscode-remote"; - version = "0.234.0"; - sha256 = "07mx08nwvw7jdlvkbr5iwikrcriib4zc1im1lbrqxjv7paj1an86"; - } - - ]; - vscode-with-extensions = pkgs.vscode-with-extensions.override { - vscodeExtensions = extensions; - }; - -in -{ - config = { - environment.systemPackages = [ - vscode-with-extensions - ]; - }; -} diff --git a/Laptop/pipewire.nix b/Laptop/pipewire.nix deleted file mode 100644 index 12381ea..0000000 --- a/Laptop/pipewire.nix +++ /dev/null @@ -1,94 +0,0 @@ -{ - security.rtkit.enable = true; - services = { - pipewire = { - enable = true; - config.pipewire = { - "context.properties" = { - "link.max-buffers" = 16; - "log.level" = 2; - "default.clock.rate" = 48000; - "default.clock.quantum" = 512; - "default.clock.min-quantum" = 512; - "default.clock.max-quantum" = 512; - "core.daemon" = true; - "core.name" = "pipewire-0"; - }; - "context.modules" = [ - { - name = "libpipewire-module-rtkit"; - args = { - "nice.level" = -15; - "rt.prio" = 88; - "rt.time.soft" = 200000; - "rt.time.hard" = 200000; - }; - flags = [ "ifexists" "nofail" ]; - } - { name = "libpipewire-module-protocol-native"; } - { name = "libpipewire-module-profiler"; } - { name = "libpipewire-module-metadata"; } - { name = "libpipewire-module-spa-device-factory"; } - { name = "libpipewire-module-spa-node-factory"; } - { name = "libpipewire-module-client-node"; } - { name = "libpipewire-module-client-device"; } - { - name = "libpipewire-module-portal"; - flags = [ "ifexists" "nofail" ]; - } - { - name = "libpipewire-module-access"; - args = {}; - } - { name = "libpipewire-module-adapter"; } - { name = "libpipewire-module-link-factory"; } - { name = "libpipewire-module-session-manager"; } - ]; - }; - config.pipewire-pulse = { - "context.properties" = { - "log.level" = 2; - }; - "context.modules" = [ - { - name = "libpipewire-module-rtkit"; - args = { - "nice.level" = -15; - "rt.prio" = 88; - "rt.time.soft" = 200000; - "rt.time.hard" = 200000; - }; - flags = [ "ifexists" "nofail" ]; - } - { name = "libpipewire-module-protocol-native"; } - { name = "libpipewire-module-client-node"; } - { name = "libpipewire-module-adapter"; } - { name = "libpipewire-module-metadata"; } - { - name = "libpipewire-module-protocol-pulse"; - args = { - "pulse.min.req" = "512/48000"; - "pulse.default.req" = "512/48000"; - "pulse.max.req" = "512/48000"; - "pulse.min.quantum" = "512/48000"; - "pulse.max.quantum" = "512/48000"; - "server.address" = [ "unix:native" ]; - }; - } - ]; - "stream.properties" = { - "node.latency" = "512/48000"; - "resample.quality" = 1; - }; - }; - config.jack = { - "jack.properties" = { - "node.latency" = "512/48000"; - "node.lock-quantum" = true; - }; - }; - pulse.enable = true; - jack.enable = true; - }; - }; -} diff --git a/Laptop/software.nix b/Laptop/software.nix index 3f73fea..16b7ea4 100644 --- a/Laptop/software.nix +++ b/Laptop/software.nix @@ -1,53 +1,52 @@ -{ config, pkgs, ... }: +{ config, pkgs, inex-vscode, ... }: -let - unstable = import { config.allowUnfree = true; }; -in { environment.systemPackages = with pkgs; [ # Utils - (pkgs.callPackage ./modules/my_vim.nix { }) pciutils usbutils i2c-tools + lm_sensors bind nix-bundle file - glxinfo - + restic + jq + sbctl + # Connectivity nmap + libcec + clinfo + #alfis + + # File systems gparted + btrfs-progs # Archives unzip unrar + # Running things appimage-run # Manuals - unstable.manix + manix tldr # Terminal - cool-retro-term mosh tmux neofetch ponysay - bpytop + btop httpie htop - # Voice - speechd - rhvoice - unstable.noisetorch - - xsane - # Wireguard - wireguard-tools + #wireguard + #wireguard-tools nextcloud-client @@ -58,40 +57,32 @@ in # Browsers firefox ungoogled-chromium + tor-browser-bundle-bin # Downloaders - transmission-gtk - yt-dlp + transmission_4-gtk syncthing wget + yt-dlp # Messangers tdesktop mumble - qtox dino gomuks + deltachat-desktop - # Games - steam - steam-run - unstable.openttd - minecraft - lutris - vulkan-tools - wineWowPackages.full - wineWowPackages.fonts - xonotic - cataclysm-dda + wineWowPackages.stable + winetricks # VCS git gitAndTools.git-bug # IDE - lens - postman - unstable.androidStudioPackages.canary + inex-vscode.packages.x86_64-linux.default + android-studio + arduino-ide # Compilers and interpretators ccls @@ -101,58 +92,68 @@ in python3Full nodejs nixpkgs-fmt + pandoc + racket + dart + + go + #hugo # Docker and orchestration ansible docker-compose + cookiecutter + # Maps josm # Screen recording obs-studio - peek + kooha # Graphics - blender krita - gmic_krita_qt potrace ffmpeg + #blender-hip inkscape - imagemagick + kdenlive + libheif # Audio audacity - pulseeffects-pw # lmms picard - cmus - spotify - rhythmbox - unstable.helvum + easyeffects + mpv - vlc - syncplay - - # DAW - zrythm - distrho - helvum - zam-plugins - x42-plugins - helm - zyn-fusion - lsp-plugins - ardour + steam-run # Documents - anki libreoffice + klavaro liberation_ttf - obsidian keepassxc glow + obsidian + aegisub + # texlive.combined.scheme-full + + # Themes + paper-icon-theme + plata-theme + + # iPhone passthru + usbmuxd + socat + + zotero + virt-manager + + immersed-vr + + godot_4 ]; } diff --git a/Laptop/modules/zsh.nix b/Laptop/zsh.nix similarity index 84% rename from Laptop/modules/zsh.nix rename to Laptop/zsh.nix index 37f44cd..d34020e 100644 --- a/Laptop/modules/zsh.nix +++ b/Laptop/zsh.nix @@ -4,7 +4,7 @@ users.defaultUserShell = pkgs.zsh; programs.zsh = { enable = true; - #interactiveShellInit = "ponysay -q"; + # interactiveShellInit = "ponysay -q"; autosuggestions = { enable = true; }; @@ -13,16 +13,15 @@ }; ohMyZsh = { enable = true; - plugins = [ - "git" - "python" - "man" + plugins = [ + "git" + "python" + "man" "z" "catimg" "copyfile" "encode64" "extract" - "lol" "npm" "pip" ]; diff --git a/readme.md b/readme.md index 6893d2c..5fee188 100644 --- a/readme.md +++ b/readme.md @@ -1,19 +1,3 @@ # Inex Code's NixOS config ![Logo](nixos-inex.png) - -## Profiles - -### default - -Defined in configuration.nix - -### jacked - -Extends default profile with JACK and Ardour - -## Modules - -- gnome -- zsh -- neovim