Init commit

This commit is contained in:
2023-10-08 11:42:08 +02:00
commit bf276c349f
56 changed files with 6779 additions and 0 deletions
+66
View File
@@ -0,0 +1,66 @@
{ inputs, materusFlake }:
let
profiles = import ../profile;
in
{
materusPC = inputs.nixpkgs.lib.nixosSystem rec {
specialArgs = { inherit inputs; inherit materusFlake; };
system = "x86_64-linux";
modules = [
./materusPC
inputs.private.systemModule
profiles.osProfile
];
};
flamaster = inputs.nixpkgs.lib.nixosSystem rec {
specialArgs = { inherit inputs; inherit materusFlake; };
system = "x86_64-linux";
modules = [
./flamaster
inputs.private.systemModule
profiles.osProfile
inputs.home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.materus = { config ,... }: {
imports = [
../home/materus
flamaster/extraHome.nix
profiles.homeProfile
inputs.private.homeModule
];
materus.profile.nixpkgs.enable = false;
};
home-manager.extraSpecialArgs = { inherit inputs; inherit materusFlake; };
}
];
};
valkyrie = inputs.nixpkgs.lib.nixosSystem rec {
specialArgs = { inherit inputs; inherit materusFlake; };
system = "x86_64-linux";
modules = [
./valkyrie
inputs.private.systemModule
profiles.osProfile
inputs.home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.materus = { config ,... }: {
imports = [
../home/materus
valkyrie/extraHome.nix
profiles.homeProfile
inputs.private.homeModule
];
materus.profile.nixpkgs.enable = false;
};
home-manager.extraSpecialArgs = { inherit inputs; inherit materusFlake; };
}
];
};
}
@@ -0,0 +1,191 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, materusFlake, materusPkgs, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
];
networking.wireless.iwd.enable = true;
services.logind.lidSwitch = "ignore";
services.logind.lidSwitchExternalPower = "ignore";
programs.steam = {
enable = true;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
};
programs.tmux = {
enable = true;
clock24 = true;
};
programs.java = {
enable = true;
package = pkgs.graalvm-ce;
binfmt = true;
};
# Bootloader.
boot.loader.grub = {
enable = true;
efiSupport = true;
device = "nodev";
useOSProber = true;
gfxmodeEfi = pkgs.lib.mkDefault "1920x1080";
gfxmodeBios = pkgs.lib.mkDefault "1920x1080";
#efiInstallAsRemovable = true;
};
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
networking.hostName = "flamaster"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Enable networking
networking.networkmanager.enable = true;
networking.networkmanager.wifi.backend = "iwd";
# Set your time zone.
time.timeZone = "Europe/Warsaw";
# Select internationalisation properties.
i18n.defaultLocale = "pl_PL.utf8";
# Enable the X11 windowing system.
services.xserver.enable = true;
services.xserver.videoDrivers = [ "nvidia" ];
hardware.opengl.enable = true;
hardware.nvidia.prime = {
offload.enable = true;
# Bus ID of the Intel GPU. You can find it using lspci, either under 3D or VGA
intelBusId = "PCI:0:2:0";
# Bus ID of the NVIDIA GPU. You can find it using lspci, either under 3D or VGA
nvidiaBusId = "PCI:1:0:0";
};
# Enable the KDE Plasma Desktop Environment.
services.xserver.displayManager.sddm.enable = true;
services.xserver.desktopManager.plasma5.enable = true;
# Configure keymap in X11
services.xserver = {
layout = "pl";
xkbVariant = "";
};
# Configure console keymap
console.keyMap = "pl2";
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable sound with pipewire.
sound.enable = true;
hardware.pulseaudio.enable = false;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
# If you want to use JACK applications, uncomment this
jack.enable = true;
# use the example session manager (no others are packaged yet so this is enabled by default,
# no need to redefine it in your config for now)
#media-session.enable = true;
};
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.materus = {
isNormalUser = true;
description = "Mateusz Słodkowicz";
extraGroups = [ "networkmanager" "wheel" ];
openssh.authorizedKeys.keyFiles = [ (materusFlake.selfPath + /extraFiles/keys/ssh/materus.pub) ];
packages = with pkgs; [
kate
];
};
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
wget
util-linux
killall
pciutils
lshw
steamcmd
distrobox
steamcmd
config.materus.profile.packages.firefox
config.programs.java.package
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 22 27015 25565 24454 8123 ];
networking.firewall.allowedTCPPortRanges = [{ from = 16262; to = 16272; }];
networking.firewall.allowedUDPPorts = [ 22 16261 16262 8766 8767 25565 24454 8123 ];
# Or disable the firewall altogether.
networking.firewall.enable = true;
networking.networkmanager.extraConfig = lib.mkDefault ''
[connectivity]
uri=http://nmcheck.gnome.org/check_network_status.txt
'';
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
programs.neovim.enable = true;
programs.neovim.vimAlias = true;
programs.neovim.viAlias = true;
services.flatpak.enable = true;
xdg.portal.enable = true;
virtualisation.podman.enable = true;
virtualisation.podman.dockerCompat = true;
virtualisation.podman.enableNvidia = true;
virtualisation.podman.dockerSocket.enable = true;
}
+12
View File
@@ -0,0 +1,12 @@
{ config, lib, pkgs, ... }:
{
imports =
[
# Include the results of the hardware scan.
./configuration.nix
];
materus.profile.nix.enable = true;
materus.profile.steam.enable = true;
}
@@ -0,0 +1,21 @@
{ config, pkgs, materusPkgs, lib, ... }:
{
home.stateVersion = "23.05";
home.homeDirectory = "/home/materus";
materus.profile = {
fonts.enable = lib.mkDefault true;
nixpkgs.enable = lib.mkDefault false;
enableDesktop = lib.mkDefault true;
enableTerminal = lib.mkDefault true;
enableTerminalExtra = lib.mkDefault true;
enableNixDevel = lib.mkDefault true;
};
home.packages = [
pkgs.papirus-icon-theme
(materusPkgs.polymc.wrap { extraJDKs = [ pkgs.graalvm-ce ]; })
];
}
@@ -0,0 +1,54 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "sd_mod" "rtsx_usb_sdmmc" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "ext4";
};
fileSystems."/boot/efi" =
{
device = "/dev/disk/by-label/NixOS_EFI";
fsType = "vfat";
};
fileSystems."/etc/nixos" =
{
device = "/materus/config/nixos-config";
fsType = "none";
options = [ "bind" ];
};
swapDevices = [{
device = "/var/.swapfile";
size = 32 * 1024;
}];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp5s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlo1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}
+26
View File
@@ -0,0 +1,26 @@
{ config, pkgs, lib, inputs, materusFlake, ... }:
{
imports =
[
./hardware
./vm
./scripts.nix
./tmp.nix
./network.nix
./kde.nix
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
system.copySystemConfiguration = false;
system.stateVersion = "23.05";
materus.profile.nix.enable = true;
materus.profile.nixpkgs.enable = true;
materus.profile.fonts.enable = true;
materus.profile.steam.enable = true;
}
@@ -0,0 +1,38 @@
{ config, pkgs, materusPkgs, lib, ... }:
{
home.stateVersion = "23.05";
home.homeDirectory = "/home/materus";
programs.git.signing.signByDefault = true;
materus.profile = {
fonts.enable = lib.mkDefault true;
nixpkgs.enable = lib.mkDefault false;
enableDesktop = lib.mkDefault true;
enableTerminal = lib.mkDefault true;
enableTerminalExtra = lib.mkDefault true;
enableNixDevel = lib.mkDefault true;
editor.code.fhs.enable = true;
editor.code.fhs.packages = (ps: with ps;[
llvmPackages_16.clang
llvmPackages_16.llvm
llvmPackages_16.bintools
llvmPackages_16.lld
llvmPackages_16.lldb
llvmPackages_16.libllvm
]);
};
home.packages = [
pkgs.papirus-icon-theme
materusPkgs.ffmpeg6-amf-full
(materusPkgs.polymc.wrap { extraJDKs = [ pkgs.graalvm-ce ]; extraLibs = [ ]; })
];
programs.obs-studio = {
enable = true;
plugins = with pkgs.obs-studio-plugins; [ wlrobs obs-vaapi obs-vkcapture obs-gstreamer input-overlay obs-multi-rtmp obs-pipewire-audio-capture ];
package = materusPkgs.obs-amf;
};
}
+45
View File
@@ -0,0 +1,45 @@
{ config, pkgs, lib, inputs, materusFlake, materusPkgs, ... }:
{
services.xserver.displayManager.gdm.enable = true;
services.xserver.displayManager.gdm.wayland = true;
services.xserver.desktopManager.gnome.enable = true;
services.xserver.desktopManager.gnome.sessionPath = [ pkgs.gnome.gpaste ];
services.gnome.gnome-online-accounts.enable = true;
services.gnome.gnome-browser-connector.enable = true;
services.gnome.core-utilities.enable = true;
services.gnome.core-shell.enable = true;
services.gnome.core-os-services.enable = true;
programs.gnupg.agent.pinentryFlavor = "gnome3";
programs.gnome-terminal.enable = true;
services.udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
services.dbus.packages = with pkgs; [ gnome2.GConf ];
environment.systemPackages = with pkgs; [
gnome3.adwaita-icon-theme
gnome3.gnome-tweaks
gnome3.gnome-color-manager
gnome3.gnome-shell-extensions
gnomeExtensions.appindicator
gnomeExtensions.desktop-clock
gnomeExtensions.gtk4-desktop-icons-ng-ding
gnomeExtensions.compiz-windows-effect
gnomeExtensions.burn-my-windows
gnomeExtensions.user-themes
gnomeExtensions.gsconnect
];
}
@@ -0,0 +1,55 @@
{ config, pkgs, lib, inputs, materusFlake, ... }:
let
video = [
"video=HDMI-A-3:1920x1080@144"
"video=DP-3:1920x1080@240"
#"video=DP-1:1920x1080@240"
#"video=DP-2:1920x1080@240"
#"video=HDMI-A-1:1920x1080@240"
#"video=HDMI-A-2:1920x1080@240"
];
in
{
#Kernel
boot.kernelPackages = pkgs.linuxPackages_zen;
boot.kernelParams = [ /*"pci-stub.ids=1002:744c"*/ "nox2apic" "nvme_core.default_ps_max_latency_us=0" "nvme_core.io_timeout=255" "nvme_core.max_retries=10" "nvme_core.shutdown_timeout=10" "amd_iommu=on" "iommu=pt"] ++ video;
boot.kernelModules = [ "pci-stub" "amdgpu" "i2c_dev" "kvm_amd" "vfio" "vfio_iommu_type1" "vfio-pci" "v4l2loopback" ];
boot.extraModprobeConfig = ''
options kvm_amd nested=1 avic=1 npt=1
options vfio_iommu_type1 allow_unsafe_interrupts=1
'';
boot.kernel.sysctl = {
"vm.max_map_count" = 1000000;
"vm.swappiness" = 10;
};
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ];
boot.supportedFilesystems = [ "ntfs" "btrfs" "vfat" "exfat" "ext4"];
boot.tmp.useTmpfs = true;
#bootloader
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.loader.grub = {
enable = true;
efiSupport = true;
device = "nodev";
gfxmodeEfi = pkgs.lib.mkDefault "1920x1080@240";
gfxmodeBios = pkgs.lib.mkDefault "1920x1080@240";
useOSProber = true;
memtest86.enable = true;
};
}
@@ -0,0 +1,55 @@
{ config, pkgs, lib, inputs, materusFlake, materusPkgs, ... }:
{
imports =
[
./filesystem.nix
./boot.nix
];
hardware.firmware = with pkgs; [
materusPkgs.amdgpu-pro-libs.firmware.vcn
#materusPkgs.amdgpu-pro-libs.firmware
linux-firmware
alsa-firmware
sof-firmware
];
hardware.cpu.amd.updateMicrocode = lib.mkForce true;
#extra
hardware.wooting.enable = true;
hardware.bluetooth.enable = true;
#Graphics
hardware.opengl.enable = true;
hardware.opengl.driSupport32Bit = true;
hardware.opengl.extraPackages = with pkgs; [
vaapiVdpau
libvdpau-va-gl
amdvlk
rocm-opencl-icd
rocm-opencl-runtime
materusPkgs.amdgpu-pro-libs.vulkan
materusPkgs.amdgpu-pro-libs.amf
];
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [
vaapiVdpau
pkgs.driversi686Linux.amdvlk
materusPkgs.i686Linux.amdgpu-pro-libs.vulkan
libvdpau-va-gl
];
services.udev.extraRules = ''
#GPU bar size
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x744c", ATTR{resource0_resize}="15"
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x744c", ATTR{resource2_resize}="8"
'';
#Trim
services.fstrim = {
enable = true;
interval = "weekly";
};
}
@@ -0,0 +1,69 @@
{ config, pkgs, lib, inputs, materusFlake, ... }:
{
zramSwap = {
enable = true;
memoryPercent = 25;
};
swapDevices = [
{
label = "NixOS_Swap";
}
];
fileSystems."/etc/nixos" =
{
device = "/materus/config/nixos-config";
fsType = "none";
options = [ "bind" ];
};
fileSystems."/materus" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@materus" "noatime" "compress=zstd" "ssd" "space_cache=v2" ];
};
fileSystems."/" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@" "noatime" "ssd" "space_cache=v2" "compress=zstd" ];
};
fileSystems."/nix" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@nix" "noatime" "compress=zstd" "ssd" "space_cache=v2" ];
};
fileSystems."/home" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@home" "noatime" "compress=zstd" "ssd" "space_cache=v2" ];
};
fileSystems."/boot" =
{
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [ "subvol=@boot" "ssd" ];
};
fileSystems."/boot/efi" =
{
device = "/dev/disk/by-label/NixOS_EFI";
fsType = "vfat";
};
}
+61
View File
@@ -0,0 +1,61 @@
{ config, pkgs, lib, inputs, materusFlake, materusPkgs, ... }:
let
westonSddm = pkgs.writeText "weston.ini"
''
[core]
xwayland=true
shell=fullscreen-shell.so
[keyboard]
keymap_layout=pl
[output]
name=DP-3
mode=1920x1080@240
[output]
name=DP-2
mode=off
[output]
name=HDMI-A-3
mode=off
''
;
in
{
services.xserver.displayManager.defaultSession = "plasmawayland";
services.xserver.displayManager.sddm.enable = true;
services.xserver.displayManager.sddm.settings = {
General = {
DisplayServer = "wayland";
InputMethod="";
};
Theme = {
CursorTheme = "breeze_cursors";
CursorSize = "24";
};
Wayland = {
CompositorCommand = "${pkgs.weston}/bin/weston -c ${westonSddm}";
};
};
services.xserver.desktopManager.plasma5.enable = true;
services.xserver.desktopManager.plasma5.phononBackend = "gstreamer";
services.xserver.desktopManager.plasma5.useQtScaling = true;
services.xserver.desktopManager.plasma5.runUsingSystemd = true;
programs.gnupg.agent.pinentryFlavor = "qt";
environment.plasma5.excludePackages = with pkgs; [ libsForQt5.kwallet libsForQt5.kwalletmanager libsForQt5.kwallet-pam ];
environment.variables = {
# Old fix for black cursor on amdgpu, seems to work fine now
#KWIN_DRM_NO_AMS = "1";
#Fix fo amdgpu crashes
KWIN_DRM_USE_MODIFIERS="0";
KWIN_DRM_NO_DIRECT_SCANOUT="1";
};
environment.systemPackages = with pkgs; [
];
}
+18
View File
@@ -0,0 +1,18 @@
{ config, pkgs, lib, inputs, materusFlake, ... }:
{
networking.useDHCP = lib.mkDefault true;
networking.hostName = "materusPC";
networking.wireless.iwd.enable = true;
networking.networkmanager.enable = true;
networking.networkmanager.wifi.backend = "iwd";
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 24800 5900 5357 4656 8080 9943 9944];
networking.firewall.allowedUDPPorts = [ 24800 5900 3702 4656 6000 9943 9944];
#Fix warning
networking.networkmanager.extraConfig = lib.mkDefault ''
[connectivity]
uri=http://nmcheck.gnome.org/check_network_status.txt
'';
}
+59
View File
@@ -0,0 +1,59 @@
{ config, pkgs, lib, inputs, materusFlake, ... }:
let
valkyrie-sync = pkgs.writeShellScriptBin "valkyrie-sync" ''
${pkgs.rsync}/bin/rsync -avzrh --delete --exclude ".git*" --exclude "flake.lock" /materus/config/Nixerus materus@valkyrie:/materus/config/ && \
${pkgs.rsync}/bin/rsync -avzrh --delete --exclude ".git*" /materus/config/private/valkyrie materus@valkyrie:/materus/config/private
'';
valkyrie-flakelock = pkgs.writeShellScriptBin "valkyrie-flakelock" ''
${pkgs.openssh}/bin/ssh materus@valkyrie "nix flake update /materus/config/Nixerus --override-input nixpkgs github:NixOS/nixpkgs/23.05 \
--override-input home-manager github:nix-community/home-manager/release-23.05 \
--override-input private /materus/config/private/valkyrie/flake"
'';
valkyrie-rebuild-boot = pkgs.writeShellScriptBin "valkyrie-rebuild-boot" ''
${pkgs.openssh}/bin/ssh -t materus@valkyrie "sudo nixos-rebuild boot --flake /materus/config/Nixerus#valkyrie \
--override-input private /materus/config/private/valkyrie/flake"
'';
valkyrie-rebuild-switch = pkgs.writeShellScriptBin "valkyrie-rebuild-switch" ''
${pkgs.openssh}/bin/ssh -t materus@valkyrie "sudo nixos-rebuild switch --flake /materus/config/Nixerus#valkyrie \
--override-input private /materus/config/private/valkyrie/flake"
'';
flamaster-sync = pkgs.writeShellScriptBin "flamaster-sync" ''
${pkgs.rsync}/bin/rsync -avzrh --delete --exclude ".git*" --exclude "flake.lock" /materus/config/Nixerus materus@flamaster:/materus/config/ && \
${pkgs.rsync}/bin/rsync -avzrh --delete --exclude ".git*" /materus/config/private/flamaster materus@flamaster:/materus/config/private
'';
flamaster-flakelock = pkgs.writeShellScriptBin "flamaster-flakelock" ''
${pkgs.openssh}/bin/ssh materus@flamaster "nix flake update /materus/config/Nixerus --override-input nixpkgs github:NixOS/nixpkgs/23.05 \
--override-input home-manager github:nix-community/home-manager/release-23.05 \
--override-input private /materus/config/private/flamaster/flake"
'';
flamaster-rebuild-boot = pkgs.writeShellScriptBin "flamaster-rebuild-boot" ''
${pkgs.openssh}/bin/ssh -t materus@flamaster "sudo nixos-rebuild boot --flake /materus/config/Nixerus#flamaster \
--override-input private /materus/config/private/flamaster/flake"
'';
flamaster-rebuild-switch = pkgs.writeShellScriptBin "flamaster-rebuild-switch" ''
${pkgs.openssh}/bin/ssh -t materus@flamaster "sudo nixos-rebuild switch --flake /materus/config/Nixerus#flamaster \
--override-input private /materus/config/private/flamaster/flake"
'';
in
{
environment.systemPackages = [
valkyrie-rebuild-boot
valkyrie-rebuild-switch
valkyrie-sync
valkyrie-flakelock
flamaster-rebuild-boot
flamaster-rebuild-switch
flamaster-sync
flamaster-flakelock
];
}
+442
View File
@@ -0,0 +1,442 @@
{ config, pkgs, lib, inputs, materusFlake, materusPkgs, ... }:
{
virtualisation.lxc.enable = false;
virtualisation.lxc.lxcfs.enable = false;
virtualisation.lxd.enable = false;
#virtualisation.lxd.recommendedSysctlSettings = true;
programs.corectrl.enable = true;
programs.corectrl.gpuOverclock.enable = true;
programs.corectrl.gpuOverclock.ppfeaturemask = "0xffffffff";
programs.gamemode.enable = true;
services.teamviewer.enable = true;
systemd.tmpfiles.rules = [
"L+ /opt/rocm/hip - - - - ${pkgs.hip}"
];
services.flatpak.enable = true;
services.gvfs.enable = true;
time.timeZone = "Europe/Warsaw";
i18n.defaultLocale = "pl_PL.UTF-8";
console = {
font = "lat2-16";
# keyMap = "pl";
useXkbConfig = true; # use xkbOptions in tty.
};
services.xserver.layout = "pl";
services.xserver.enable = true;
services.xserver.videoDrivers = [ "amdgpu" ];
services.dbus.enable = true;
services.dbus.packages = [ pkgs.gcr_4 ];
#services.xserver.displayManager.autoLogin.user = "materus";
services.xserver.displayManager.startx.enable = false;
/*
services.xserver.displayManager.lightdm.enable = true;
services.xserver.displayManager.lightdm.greeters.enso.enable = true;
services.xserver.displayManager.lightdm.greeters.enso.blur = true;
*/
services.xserver.config = pkgs.lib.mkAfter ''
Section "OutputClass"
Identifier "amd-options"
Option "TearFree" "True"
Option "SWCursor" "True"
Option "VariableRefresh" "true"
Option "AsyncFlipSecondaries" "true"
MatchDriver "amdgpu"
EndSection
'';
services.printing.enable = true;
sound.enable = true;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
audio.enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
systemWide = false;
# If you want to use JACK applications, uncomment this
jack.enable = true;
};
hardware.pulseaudio.enable = false;
services.xserver.libinput.enable = true;
virtualisation.waydroid.enable = false;
virtualisation.podman = {
enable = true;
#enableNvidia = true;
dockerCompat = true;
dockerSocket.enable = true;
};
users.users.materus = {
isNormalUser = true;
extraGroups = [ "audio" "video" "render" "pipewire" "wheel" "networkmanager" "input" "kvm" "libvirt-qemu" "libvirt" "libvirtd" "podman" "lxd" ]; # Enable sudo for the user.
shell = pkgs.bashInteractive;
description = "Mateusz Słodkowicz";
# packages = with pkgs; [
# firefox
# thunderbird
# ];
};
environment.variables = {
DISABLE_LAYER_AMD_SWITCHABLE_GRAPHICS_1 = "1";
VK_ICD_FILENAMES = "/run/opengl-driver/share/vulkan/icd.d/radeon_icd.x86_64.json:/run/opengl-driver-32/share/vulkan/icd.d/radeon_icd.i686.json";
AMD_VULKAN_ICD = "RADV";
RADV_PERFTEST = "gpl,rt,sam";
ALSOFT_DRIVERS = "pulse";
};
environment.sessionVariables = rec {
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
SDL_AUDIODRIVER = "pipewire";
#SSH_ASKPASS_REQUIRE = "prefer";
MOZ_USE_XINPUT2 = "1";
PATH = [
"\${XDG_BIN_HOME}"
];
};
environment.shellInit = ''
if ! [ -z "$DISPLAY" ]; then xhost +si:localuser:root &> /dev/null; fi;
if ! [ -z "$DISPLAY" ]; then xhost +si:localuser:$USER &> /dev/null; fi;
'';
i18n.inputMethod.enabled = "fcitx5";
i18n.inputMethod.fcitx5.addons = [ pkgs.fcitx5-configtool pkgs.fcitx5-lua pkgs.fcitx5-mozc pkgs.fcitx5-gtk pkgs.libsForQt5.fcitx5-qt ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
services.pcscd.enable = true;
services.samba-wsdd.enable = true;
services.samba = {
enable = true;
package = pkgs.sambaFull;
};
programs.gnupg.agent = {
enable = true;
enableSSHSupport = false;
enableBrowserSocket = true;
};
programs.ssh.startAgent = true;
services.openssh.enable = true;
environment.enableAllTerminfo = true;
environment.pathsToLink = [ "/share/zsh" "/share/bash-completion" "/share/fish" ];
environment.shells = with pkgs; [ zsh bashInteractive fish ];
programs = {
fish.enable = true;
zsh = {
enable = true;
interactiveShellInit = ''
if [[ ''${__MATERUS_HM_ZSH:-0} == 0 ]]; then
source ${pkgs.grml-zsh-config}/etc/zsh/zshrc
fi
'';
promptInit = ''
'';
};
java.enable = true;
java.package = pkgs.graalvm-ce;
java.binfmt = true;
command-not-found.enable = false;
dconf.enable = true;
};
/*containers.test = {
config = { config, pkgs, ... }: { environment.systemPackages = with pkgs; [ wayfire ]; };
autoStart = false;
};*/
environment.systemPackages = with pkgs; [
firefox
gamescope
#(pkgs.lutris.override { extraLibraries = pkgs: with pkgs; [ pkgs.samba pkgs.jansson pkgs.tdb pkgs.libunwind pkgs.libusb1 pkgs.gnutls pkgs.gtk3 pkgs.pango ]; })
materusPkgs.amdgpu-pro-libs.prefixes
(pkgs.bottles.override { extraPkgs = pkgs: with pkgs; [ pkgs.libsForQt5.breeze-qt5 pkgs.libsForQt5.breeze-gtk pkgs.nss_latest ]; extraLibraries = pkgs: with pkgs; [ pkgs.samba pkgs.jansson pkgs.tdb pkgs.libunwind pkgs.libusb1 pkgs.gnutls pkgs.gtk3 pkgs.pango ]; })
glibc
glib
gtk3
gtk4
gsettings-desktop-schemas
libsForQt5.dolphin
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
patchelf
killall
util-linux
xorg.xhost
nix-top
gitFull
curl
wget
config.programs.java.package
nss_latest
aspell
aspellDicts.pl
aspellDicts.en
aspellDicts.en-computers
steamtinkerlaunch
distrobox
p7zip
unrar
bzip2
rar
unzip
zstd
xz
zip
gzip
tree
mc
lf
htop
nmon
iftop
iptraf-ng
mprocs
tldr
bat
##config.materus.profile.packages.home-manager
# pgcli
# litecli
#zenmonitor
nix-du
ark
kate
krusader
wineWowPackages.stagingFull
winetricks
protontricks
openal
gnupg
pinentry
pinentry-gnome
pinentry-curses
ncurses
monkeysphere
gparted
virt-viewer
inkscape
gimp
bubblewrap
bindfs
pulseaudio
binutils
config.materus.profile.packages.firefox
];
environment.etc = {
/*
"libvirt/hooks/qemu.d/win11/prepare/begin/start.sh" = {
text =
''
#!/usr/bin/env bash
# Debugging
exec 19>/home/materus/startlogfile
BASH_XTRACEFD=19
set -x
exec 3>&1 4>&2
trap 'exec 2>&4 1>&3' 0 1 2 3
exec 1>/home/materus/startlogfile.out 2>&1
# Stop display manager
killall -u materus
systemctl stop display-manager.service
killall gdm-x-session
#systemctl isolate multi-user.target
sleep 1
# Load variables we defined
source "/etc/libvirt/hooks/kvm.conf"
# Isolate host to core 0
systemctl set-property --runtime -- user.slice AllowedCPUs=0
systemctl set-property --runtime -- system.slice AllowedCPUs=0
systemctl set-property --runtime -- init.scope AllowedCPUs=0
# Unbind VTconsoles
for (( i = 0; i < 16; i++))
do
if test -x /sys/class/vtconsole/vtcon"''${i}"; then
if [ "$(grep -c "frame buffer" /sys/class/vtconsole/vtcon"''${i}"/name)" = 1 ]; then
echo 0 > /sys/class/vtconsole/vtcon"''${i}"/bind
echo "$DATE Unbinding Console ''${i}"
fi
fi
done
# Unbind EFI Framebuffer
echo "efi-framebuffer.0" > /sys/bus/platform/drivers/efi-framebuffer/unbind
# Avoid race condition
sleep 1
# Unload NVIDIA kernel modules
modprobe -r nvidia_uvm
modprobe -r nvidia_drm
modprobe -r nvidia_modeset
modprobe -r nvidia
modprobe -r i2c_nvidia_gpu
modprobe -r drm_kms_helper
modprobe -r drm
# Detach GPU devices from host
#virsh nodedev-detach $VIRSH_GPU_VIDEO
#virsh nodedev-detach $VIRSH_GPU_AUDIO
#virsh nodedev-detach $VIRSH_GPU_USB
#virsh nodedev-detach $VIRSH_GPU_SERIAL_BUS
# Load vfio module
modprobe vfio
modprobe vfio_pci
modprobe vfio_iommu_type1
'';
mode = "0755";
};
"libvirt/hooks/qemu.d/win11/release/end/stop.sh" = {
text =
''
#!/usr/bin/env bash
# Debugging
exec 19>/home/materus/stoplogfile
BASH_XTRACEFD=19
set -x
exec 3>&1 4>&2
trap 'exec 2>&4 1>&3' 0 1 2 3
exec 1>/home/materus/stoplogfile.out 2>&1
# Load variables we defined
source "/etc/libvirt/hooks/kvm.conf"
# Unload vfio module
modprobe -r vfio-pci
modprobe -r vfio_iommu_type1
modprobe -r vfio
modprobe drm
modprobe drm_kms_helper
modprobe i2c_nvidia_gpu
modprobe nvidia
modprobe nvidia_modeset
modprobe nvidia_drm
modprobe nvidia_uvm
# Attach GPU devices from host
#virsh nodedev-reattach $VIRSH_GPU_VIDEO
#virsh nodedev-reattach $VIRSH_GPU_AUDIO
#virsh nodedev-reattach $VIRSH_GPU_USB
#virsh nodedev-reattach $VIRSH_GPU_SERIAL_BUS
#echo "0000:01:00.0" > /sys/bus/pci/drivers/nvidia/bind
# Bind EFI Framebuffer
echo "efi-framebuffer.0" > /sys/bus/platform/drivers/efi-framebuffer/bind
# Bind VTconsoles
echo 1 > /sys/class/vtconsole/vtcon0/bind
#echo 1 > /sys/class/vtconsole/vtcon1/bind
# Start display manager
sleep 1
systemctl start display-manager.service
# Return host to all cores
systemctl set-property --runtime -- user.slice AllowedCPUs=0-3
systemctl set-property --runtime -- system.slice AllowedCPUs=0-3
systemctl set-property --runtime -- init.scope AllowedCPUs=0-3
'';
text = ''
#!/usr/bin/env bash
reboot
'';*-/
mode = "0755";
};
"libvirt/vgabios/patched.rom".source = ./vbios.rom;
};
};
*/
};
}
@@ -0,0 +1,55 @@
{ config, pkgs, lib, inputs, materusFlake, ... }:
{
imports = [
./win10
];
virtualisation.libvirtd = {
enable = true;
onBoot = "ignore";
onShutdown = "shutdown";
qemu.ovmf.enable = true;
qemu.ovmf.packages = [ pkgs.OVMFFull.fd ];
qemu.runAsRoot = true;
qemu.swtpm.enable = true;
qemu.package = pkgs.qemu_full;
};
virtualisation.spiceUSBRedirection.enable = true;
environment.systemPackages = with pkgs; [
virtiofsd
config.virtualisation.libvirtd.qemu.package
looking-glass-client
virt-manager
libguestfs-with-appliance
];
systemd.services.libvirtd = {
path =
let
env = pkgs.buildEnv {
name = "qemu-hook-env";
paths = with pkgs; [
bash
libvirt
kmod
systemd
ripgrep
sd
coreutils
sudo
su
killall
procps
util-linux
bindfs
qemu-utils
psmisc
];
};
in
[ env ];
};
}
@@ -0,0 +1,128 @@
{ config, pkgs, lib, inputs, materusFlake, ... }:
let
startHook = /*''
# Debugging
exec 19>/home/materus/startlogfile
BASH_XTRACEFD=19
set -x
exec 3>&1 4>&2
trap 'exec 2>&4 1>&3' 0 1 2 3
exec 1>/home/materus/startlogfile.out 2>&1
''
+*/
''
# Make sure nothing renders on gpu to prevent "sysfs: cannot create duplicate filename" after rebinding to amdgpu
chmod 0 /dev/dri/renderD128
fuser -k /dev/dri/renderD128
# Seems to fix reset bug for 7900 XTX
echo "0" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/d3cold_allowed"
systemctl stop mountWin10Share.service
echo ''$VIRSH_GPU_VIDEO > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/driver/unbind"
echo ''$VIRSH_GPU_AUDIO > "/sys/bus/pci/devices/''${VIRSH_GPU_AUDIO}/driver/unbind"
sleep 1s
echo "10" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource0_resize"
echo "8" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource2_resize"
systemctl set-property --runtime -- user.slice AllowedCPUs=12-15,28-31
systemctl set-property --runtime -- system.slice AllowedCPUs=12-15,28-31
systemctl set-property --runtime -- init.scope AllowedCPUs=12-15,28-31
'';
stopHook = ''
# Debugging
# exec 19>/home/materus/stoplogfile
# BASH_XTRACEFD=19
# set -x
# exec 3>&1 4>&2
# trap 'exec 2>&4 1>&3' 0 1 2 3
# exec 1>/home/materus/stoplogfile.out 2>&1
sleep 1s
echo ''$VIRSH_GPU_VIDEO > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/driver/unbind"
echo ''$VIRSH_GPU_AUDIO > "/sys/bus/pci/devices/''${VIRSH_GPU_AUDIO}/driver/unbind"
echo "15" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource0_resize"
echo "8" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource2_resize"
echo "1" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/d3cold_allowed"
echo ''$VIRSH_GPU_VIDEO > /sys/bus/pci/drivers/amdgpu/bind
echo ''$VIRSH_GPU_AUDIO > /sys/bus/pci/drivers/snd_hda_intel/bind
systemctl start mountWin10Share.service
systemctl set-property --runtime -- user.slice AllowedCPUs=0-31
systemctl set-property --runtime -- system.slice AllowedCPUs=0-31
systemctl set-property --runtime -- init.scope AllowedCPUs=0-31
'';
in
{
virtualisation.libvirtd.hooks.qemu = {
"win10" = pkgs.writeShellScript "win10.sh" ''
VIRSH_GPU_VIDEO="0000:03:00.0"
VIRSH_GPU_AUDIO="0000:03:00.1"
VIRSH_USB1="0000:10:00.0"
if [ ''$1 = "win10" ] || [ ''$1 = "win11" ]; then
if [ ''$2 = "prepare" ] && [ ''$3 = "begin" ]; then
${startHook}
fi
if [ ''$2 = "release" ] && [ ''$3 = "end" ]; then
${stopHook}
fi
fi
'';
};
systemd.services.mountWin10Share = {
wantedBy = [ "multi-user.target" ];
path = [ config.virtualisation.libvirtd.qemu.package pkgs.util-linux pkgs.kmod pkgs.coreutils ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
script = ''
modprobe nbd max_part=16
sleep 1
qemu-nbd -c /dev/nbd0 /materus/data/VM/data.qcow2 --cache=unsafe --discard=unmap
sleep 1
mount /dev/nbd0p1 /materus/data/Windows -o uid=1000,gid=100
'';
preStop = ''
umount /materus/data/Windows
qemu-nbd -d /dev/nbd0
'';
};
}
+169
View File
@@ -0,0 +1,169 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ config, pkgs, materusFlake, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
./pleroma.nix
];
materus.profile.nix.enable = true;
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
networking.hostName = "valkyrie"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = false; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Europe/Warsaw";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "pl_PL.UTF-8";
console = {
font = "lat2-16";
keyMap = "pl";
useXkbConfig = false; # use xkbOptions in tty.
};
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
users.users.materus = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user.
packages = with pkgs; [
];
openssh.authorizedKeys.keyFiles = [ (materusFlake.selfPath + /extraFiles/keys/ssh/materus.pub) ];
};
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
wget
nano
git
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.openssh.openFirewall = false;
services.openssh.settings.PermitRootLogin = "no";
services.openssh.settings.PasswordAuthentication = true;
services.adguardhome.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
networking.firewall.enable = true;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
services.nginx = {
enable = true;
package = pkgs.tengine;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
};
services.postgresql = {
enable = true;
package = pkgs.postgresql_15;
enableTCPIP = true;
authentication = pkgs.lib.mkOverride 10 ''
local all all trust
'';
};
security.acme.acceptTerms = true;
security.acme.defaults.email = "materus+acme@podkos.pl";
security.acme.certs."materus.pl" = {
domain = "materus.pl";
group = "nginx";
extraDomainNames = [ "*.materus.pl" ];
dnsProvider = "ovh";
credentialsFile = "/materus/config/private/valkyrie/certs.secret";
};
security.acme.certs."podkos.pl" = {
domain = "podkos.pl";
group = "nginx";
extraDomainNames = [ "*.podkos.pl" ];
dnsProvider = "ovh";
credentialsFile = "/materus/config/private/valkyrie/certs.secret";
};
security.acme.certs."podkos.xyz" = {
domain = "podkos.xyz";
group = "nginx";
extraDomainNames = [ "*.podkos.xyz" ];
dnsProvider = "ovh";
credentialsFile = "/materus/config/private/valkyrie/certs.secret";
};
}
@@ -0,0 +1,16 @@
{ config, pkgs, materusPkgs, lib, ... }:
{
home.stateVersion = "23.05";
home.homeDirectory = "/home/materus";
materus.profile = {
fonts.enable = false;
nixpkgs.enable = false;
enableDesktop = false;
enableTerminal = false;
enableTerminalExtra = false;
enableNixDevel = false;
fish.enable = true;
bash.enable = true;
};
}
@@ -0,0 +1,47 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "floppy" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ];
boot.kernel.sysctl = { "net.ipv4.ip_forward" = 1; };
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = true;
fileSystems."/" =
{
device = "/dev/disk/by-uuid/924b1a69-2256-444f-baf6-d2d9405e451d";
fsType = "ext4";
};
fileSystems."/etc/nixos" =
{
device = "/materus/config/nixos-config";
fsType = "none";
options = [ "bind" ];
};
swapDevices = [
{
device = "/swapfile";
size = 4 * 1024;
}
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = false;
networking.nameservers = [ "9.9.9.9" "1.1.1.1" "8.8.8.8" ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}
+146
View File
@@ -0,0 +1,146 @@
{ config, pkgs, lib, materusFlake, ... }:
let
socketPath = "/run/pleroma/http.sock";
socketChmod = with pkgs; with lib; pkgs.writers.writeBashBin "pleroma-socket"
''
coproc {
${inotify-tools}/bin/inotifywait -q -m -e create ${escapeShellArg (dirOf socketPath)}
}
trap 'kill "$COPROC_PID"' EXIT TERM
until ${pkgs.coreutils}/bin/test -S ${escapeShellArg socketPath}
do read -r -u "''${COPROC[0]}"
done
${pkgs.coreutils}/bin/chmod 0666 ${socketPath}
'';
soapbox = pkgs.stdenv.mkDerivation rec {
pname = "soapbox";
version = "v3.2.0";
dontBuild = true;
dontConfigure = true;
src = pkgs.fetchurl {
name = "soapbox";
url = "https://gitlab.com/soapbox-pub/soapbox/-/jobs/artifacts/${version}/download?job=build-production";
sha256 = "sha256-AdW6JK7JkIKLZ8X+N9STeOHqmGNUdhcXyC9jsQPTa9o=";
};
nativeBuildInputs = [pkgs.unzip];
unpackPhase = ''
unzip $src -d .
'';
installPhase = ''
mv ./static $out
'';
};
in
{
systemd.tmpfiles.rules = [
"d /var/lib/pleroma 0766 pleroma pleroma -"
"d /var/lib/pleroma/static 0766 pleroma pleroma -"
"d /var/lib/pleroma/uploads 0766 pleroma pleroma -"
"L+ /var/lib/pleroma/static/frontends/soapbox/${soapbox.version} 0766 pleroma pleroma - ${soapbox}"
];
services.nginx.virtualHosts."podkos.xyz" = {
http2 = true;
useACMEHost = "podkos.xyz";
forceSSL = true;
locations."/" = {
proxyPass = "http://unix:${socketPath}";
extraConfig = ''
etag on;
gzip on;
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'POST, PUT, DELETE, GET, PATCH, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Idempotency-Key' always;
add_header 'Access-Control-Expose-Headers' 'Link, X-RateLimit-Reset, X-RateLimit-Limit, X-RateLimit-Remaining, X-Request-Id' always;
if ($request_method = OPTIONS) {
return 204;
}
add_header X-XSS-Protection "1; mode=block";
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header Referrer-Policy same-origin;
add_header X-Download-Options noopen;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
client_max_body_size 8m;
'';
};
};
systemd.services.pleroma.serviceConfig = {
RuntimeDirectory = "pleroma";
RuntimeDirectoryPreserve = true;
ExecStartPost = "${socketChmod}/bin/pleroma-socket";
ExecStopPost = ''${pkgs.coreutils}/bin/rm -f ${socketPath}'';
};
services.pleroma = {
enable = true;
secretConfigFile = "/var/lib/pleroma/secrets.exs";
configs = [
''
import Config
config :pleroma, Pleroma.Web.Endpoint,
url: [host: "podkos.xyz", scheme: "https", port: 443],
http: [ip: {:local, "${socketPath}"}, port: 0]
config :pleroma, :instance,
name: "Podziemia Kosmosu",
email: "admin@podkos.xyz",
notify_email: "noreply@podkos.xyz",
limit: 5000,
registrations_open: false
config :pleroma, :media_proxy,
enabled: false,
redirect_on_failure: true
config :pleroma, Pleroma.Repo,
adapter: Ecto.Adapters.Postgres,
socket: "/run/postgresql/.s.PGSQL.5432",
username: "pleroma",
database: "pleroma"
# Configure web push notifications
config :web_push_encryption, :vapid_details,
subject: "mailto:admin@podkos.x yz"
config :pleroma, :frontends,
primary: %{
"name" => "soapbox",
"ref" => "${soapbox.version}"
}
config :pleroma, :database, rum_enabled: false
config :pleroma, :instance, static_dir: "/var/lib/pleroma/static"
config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads"
config :pleroma, configurable_from_database: true
config :pleroma, Pleroma.Upload, filters: [Pleroma.Upload.Filter.AnonymizeFilename]
''
];
};
}