416 Commits

Author SHA1 Message Date
materus 431fc8f7ae valkyrie: add new materusVM key 2026-01-10 12:23:05 +01:00
materus 2921f8d9cc Updates 2025-10-08 08:42:32 +02:00
materus dba31836a5 Updates 2025-08-19 12:28:58 +02:00
materus a556bc0e8a Updates 2025-08-19 11:59:56 +02:00
materus d99f184f31 valkyrie: add alexa ip 2025-07-27 01:19:38 +02:00
materus 81cd54faa8 valkyrie: remove test ips 2025-07-27 01:10:41 +02:00
materus a3d6fbeb40 flake: update lock; Network updates 2025-07-27 00:57:10 +02:00
materus 65492a133e Old-materusPC: VM 2025-07-27 00:09:09 +02:00
materus 15babc1afd Network update 2025-07-27 00:08:21 +02:00
materus 1091489449 update 2025-07-20 23:49:26 +02:00
materus 834ead36d7 Old-materusPC: vscode update 2025-07-20 15:18:15 +02:00
materus fce385129f Old-materusPC: flake update, minecraft update 2025-07-20 12:49:35 +02:00
materus 9c1b52829b flamaster: update 2025-07-17 07:30:36 +02:00
materus ed47b3a9d3 codium: update JS/TS settings 2025-07-13 13:46:59 +02:00
materus 9884d1a8a3 Merge branch 'master' of github.com:materusPL/nixos-config 2025-07-10 19:40:51 +02:00
materus 1e83c8adf7 update 2025-07-10 19:39:04 +02:00
materus 4f2a9a71a6 update 2025-06-13 20:12:28 +02:00
materus c9eeaca475 update 2025-06-13 16:55:29 +02:00
materus e85eda8035 Merge branch 'master' of github.com:materusPL/nixos-config 2025-06-08 19:24:24 +02:00
materus cf1895a14e 25.05 updates 2025-06-08 19:24:01 +02:00
materus 18012450c0 update to 25.05 2025-06-07 01:03:14 +02:00
materus 81f6d6f06d update 2025-05-23 20:38:05 +02:00
materus 371b1b1432 update 2025-05-23 18:07:26 +02:00
materus fd229ecd76 Update Emacs Config 2025-05-02 19:12:00 +02:00
materus f5d0d4065f emacs changes 2025-04-20 14:07:31 +02:00
materus c53025cdc4 update old pc 2025-04-18 20:59:07 +02:00
materus c8a9b3cf43 update 2025-04-18 11:50:53 +02:00
materus 730482c98b Update 2024-12-05 16:00:58 +01:00
materus a69bbcbf6a update 2024-11-27 13:46:39 +01:00
materus 434aae4ac5 done test 2024-11-22 00:13:27 +01:00
materus 1ac33dd3a4 test 2024-11-22 00:12:27 +01:00
materus 7ddede1bb4 test 2024-11-22 00:11:35 +01:00
materus 1e929fedae test 2024-11-22 00:10:14 +01:00
materus 3a1f46d4e6 test 2024-11-22 00:09:03 +01:00
materus 8b25020998 test 2024-11-22 00:07:31 +01:00
materus 99627a1343 test 2024-11-22 00:06:28 +01:00
materus f7bfded848 test 2024-11-22 00:05:22 +01:00
materus 41b70d8fa4 done test 2024-11-21 23:52:25 +01:00
materus 3146038d53 test 2024-11-21 23:48:51 +01:00
materus 7dc2a4befa test 2024-11-21 22:45:05 +01:00
materus 9a1d03dd96 test 2024-11-21 22:41:34 +01:00
materus 2076d2c16b test 2024-11-21 22:36:35 +01:00
materus 011ae1606b test 2024-11-21 22:34:26 +01:00
materus b81698d1e0 test 2024-11-21 22:33:13 +01:00
materus 1c84c80bfc test 2024-11-21 22:30:12 +01:00
materus 9733c9fee4 test 2024-11-21 22:21:57 +01:00
materus e374cc2f6f test 2024-11-21 22:04:08 +01:00
materus 241d269789 test 2024-11-21 21:57:55 +01:00
materus 30ca0d4dcf test 2024-11-21 21:56:29 +01:00
materus 35380d2465 test 2024-11-21 21:52:35 +01:00
materus 44228e35c9 test 2024-11-21 21:51:37 +01:00
materus 3c1f23b5d4 Change tangle rules 2024-11-21 21:33:57 +01:00
materus 3ee90d9e60 Updates 2024-11-21 20:55:04 +01:00
materus 1d99fb630f Emacs update, fix corfu-mouse 2024-11-20 22:41:58 +01:00
materus 443da9482a update 2024-11-20 00:57:28 +01:00
materus 1e436f0842 update 2024-11-20 00:49:27 +01:00
materus fec28354bd Updates 2024-11-18 00:28:37 +01:00
materus 9e97dc6f65 Lot of changes, ignoring previous commits format 2024-11-15 18:01:13 +01:00
materus 3d1cc80150 configurations: emacs 2024-11-11 01:22:14 +01:00
materus d3d3397c23 configurations: emacs default encoding 2024-11-10 13:48:00 +01:00
materus 20ace25096 configurations: emacs org config, fix new lines 2024-11-10 13:19:45 +01:00
materus 9652b3877f configurations: emacs tests 2024-11-10 13:12:20 +01:00
materus cecc49700e configurations: emacs tests 2024-11-10 13:07:35 +01:00
materus 9a31ce388f configurations: emacs tests 2024-11-10 13:02:42 +01:00
materus 0a20666db2 configurations: emacs tests 2024-11-10 13:00:18 +01:00
materus ff3cd527f6 configurations: emacs tests 2024-11-10 12:48:01 +01:00
materus 3a6e84cb9c configurations: emacs tests 2024-11-10 12:47:16 +01:00
materus c0b1e1fe57 configurations: emacs tests 2024-11-10 12:46:02 +01:00
materus 8affc46e78 configurations: emacs tests 2024-11-10 12:45:20 +01:00
materus 41f8d29038 configurations: emacs tests 2024-11-10 12:41:54 +01:00
materus 2a09e184df configurations: emacs test org rendering 2024-11-10 12:29:28 +01:00
materus 828f5df566 configurations: emacs org test 2024-11-10 11:58:50 +01:00
materus b2c7c75790 materusPC: plasma defaults update 2024-11-10 11:51:15 +01:00
materus ae24e92771 configurations: vscode changes 2024-11-10 11:50:48 +01:00
materus c390ed0977 configurations: emacs, move config to org file 2024-11-10 11:50:21 +01:00
materus 8dbe62606b configurations: update vscode config 2024-11-04 20:15:41 +01:00
materus ec15512b0e configurations: emacs 2024-11-03 14:03:17 +01:00
materus 729dce48c5 Old-materusPC: vscode settings csharp 2024-11-02 09:25:12 +01:00
materus 9761f22f0c Old-materusPC: vscode settings 4 2024-11-01 22:51:06 +01:00
materus b6dbd01553 Old-materusPC: vscode settings 3 2024-11-01 22:26:09 +01:00
materus 8643263568 Old-materusPC: vscode settings 2 2024-11-01 18:25:36 +01:00
materus 5550ce20e7 Old-materusPC: vscode settings 2024-11-01 15:15:20 +01:00
materus 6590f99c8d configurations & Old-materusPC: vscode settings 2024-11-01 00:10:11 +01:00
materus aaf9221f44 configurations: add nix vscode-extensions to registry 2024-10-31 21:19:28 +01:00
materus fde5aa4bda flake: update lock 2024-10-31 21:19:04 +01:00
materus a2cfe918f4 .gitignore 2024-10-31 21:09:53 +01:00
materus 08870222f3 .gitignore 2024-10-31 21:05:37 +01:00
materus 2971dd2dc7 configurations: emacs changes 2 2024-10-30 22:06:16 +01:00
materus eb746b0e7c configurations: emacs changes 2024-10-30 16:37:59 +01:00
materus 868a49fb74 configurations: emacs and plasma-manger changes, crypt.sh formatting 2024-10-30 14:09:43 +01:00
materus 4912a5bc99 configurations: replace nil with nixd 2024-10-29 14:28:17 +01:00
materus cf452a09ed configurations: add micro to terminalApps 2024-10-29 13:32:14 +01:00
materus d9995faa9a materusPC: disable emacs 2024-10-29 13:27:33 +01:00
materus 11987e1f3b configurations: update emacs config 2024-10-29 13:15:12 +01:00
materus 1154c45291 materusPC: plasma-manager and emacs updates 2024-10-28 16:31:39 +01:00
materus a69b24ac89 materusPC: plasma-manager update spectacle 2024-10-28 08:08:27 +01:00
materus 58f86d3b84 materusPC: plasma-manager reset spectacle 2024-10-28 00:27:29 +01:00
materus 4dfcc37c3c materusPC: updates 2024-10-27 22:00:57 +01:00
materus 319f3899ab materusPC: plasma-manager customButtonImage 2024-10-25 23:37:21 +02:00
materus b7c314c6cc materusPC: disable ozone for brave 2024-10-25 23:34:45 +02:00
materus 8425f3547c materusPC: samba follow links for VM 2024-10-25 23:29:33 +02:00
materus d3a1c9260a configurations: add qalculate-qt to desktopPackages 2024-10-24 12:14:16 +02:00
materus a5199290d4 materusPC: mount windows disk to non vfio vm 2024-10-24 11:11:32 +02:00
materus 0113129093 materusPC: plasma-manager video filename 2024-10-23 21:05:47 +02:00
materus 1056568b6c materusPC: plasma-manager disable kwallet 2024-10-23 15:28:13 +02:00
materus c2f4b59d90 homes: move shared modules to hosts 2024-10-23 11:35:54 +02:00
materus 1ab225b553 homes: add plasma-manager as shared home modules for nixos hosts 2024-10-23 11:10:28 +02:00
materus 4737695b57 homes: add plasma-manager as shared home module, remove from hosts 2024-10-23 11:07:05 +02:00
materus 0a163b6dc0 hosts: add plasma-manager as shared home module 2024-10-23 11:06:09 +02:00
materus badbe9c8d2 configurations: fix plasma-manager in registry 2024-10-23 10:59:28 +02:00
materus bb86604348 configurations: add plasma-manager to registry 2024-10-22 09:49:51 +02:00
materus 0ecfadd82c flake: update lock 2024-10-21 23:13:08 +02:00
materus 5b908cb519 flake: update lock 2024-10-21 23:07:28 +02:00
materus 9a209160a9 configurations: disable wezterm 2024-10-21 17:09:26 +02:00
materus 935de5f352 materusPC: remove test user 2024-10-21 16:49:19 +02:00
materus c4fccc6f11 flake: update lock 2024-10-21 16:39:29 +02:00
materus a14063f51d materusPC: move user config 2024-10-21 16:37:27 +02:00
materus a1cf15a3ad materusPC: add test user 2024-10-21 16:36:20 +02:00
materus 6d16c995e2 materusPC: desktop env changes 2024-10-18 17:32:47 +02:00
materus 6ac8524294 materusPC: add nix ld 2024-10-18 17:00:45 +02:00
materus 533691247d materusPC: init archlinux nspawn container 2024-10-15 23:45:46 +02:00
materus a075a51ed4 flake: update lock 2024-10-15 22:48:55 +02:00
materus 55264c7d5e waffentrager: fix spaces count in samba cfg 2024-10-15 21:24:25 +02:00
materus 006250b806 configurations: add vk basalt, add hp drivers, vim changes 2024-10-15 21:22:16 +02:00
materus 8327d4cfd3 materusPC: java settings 2024-09-26 00:04:39 +02:00
materus 710108fd6f profile: mpv 2024-09-25 23:54:01 +02:00
materus 59aaa7f319 waffentrager: updates 2024-09-25 23:53:39 +02:00
materus cba573ed94 flake: update lock 2024-09-25 23:53:21 +02:00
materus fecfdec551 Old-materusPC: use unstable kernel and nvidia, rename fonts.fonts; 2024-09-21 11:08:41 +02:00
materus 6bb1330d70 Old-materusPC & materusPC: wireguard keep-alive 2024-09-21 11:07:57 +02:00
materus 5b84ce4c5d valkyrie: ipv6 config 2024-09-20 11:02:08 +02:00
materus 2e8ee98b26 common: mpv changes 2024-09-18 10:19:30 +02:00
materus 1f822e8211 waffentrager: valkyrie: jellyfin and wireguard related changes 2024-09-15 21:44:06 +02:00
materus f8acddeb2c waffentrager: change nginx to tengine, add default location 2024-09-15 21:43:20 +02:00
materus d4b7c80be6 materusPC: remove lxd group 2024-09-15 21:42:17 +02:00
materus 7135b53f7d materusPC: change rpfilter for wireguard 2024-09-15 21:41:55 +02:00
materus 879c876721 materusPC: change max VTs to 4 2024-09-15 21:41:28 +02:00
materus 79bc6c72df common: add syncplay to home apps 2024-09-15 21:40:59 +02:00
materus c5602cebbf scripts: convert: add nix build to ensure path 2024-09-15 21:40:25 +02:00
materus ed1b629386 flake: update lock 2024-09-15 21:39:51 +02:00
materus 448e1c58ae waffentrager: add maloja and multi-scrobbler, file restructure. valkyrie: reverse proxy (correct commit) 2024-09-12 11:56:18 +02:00
materus e233dc9efa waffentrager: add maloja and multi-scrobbler, file restructure. valkyrie: reverse proxy 2024-09-12 11:55:35 +02:00
materus dd0283e65a configurations: updates to script, moniotoring and dcbot 2024-09-09 11:04:15 +02:00
materus 3406af1780 waffentrager: move prometheus stateDir 2024-09-03 10:43:00 +02:00
materus f892292aa0 waffentrager: monitoring 2024-09-03 10:12:23 +02:00
materus b9f78639c8 flake: update lock 2024-09-02 23:20:21 +02:00
materus f0e03b7e01 waffentrager: samba updates 2024-09-02 23:20:13 +02:00
materus fde2617ea8 waffentrager: add disabled grafana 2024-09-02 23:19:58 +02:00
materus fd5e096b37 waffentrager: upnp ports 2024-08-31 17:41:26 +02:00
materus 4452704de0 valkyrie: wireguard changes 2024-08-30 17:10:33 +02:00
materus 5c9fb14d41 waffentrager: commented out service 2024-08-30 16:57:34 +02:00
materus 7ef15e5f5a materusPC: add jackett 2024-08-30 16:57:16 +02:00
materus 8f2f6b2c37 flake: update lock 2024-08-30 16:56:52 +02:00
materus e7bff66b1e waffentrager: changes to services 2024-08-23 18:48:38 +02:00
materus 04808eb9da flake: update lock 2024-08-23 18:47:57 +02:00
materus b5fa9e6f4c scripts: convert: another change quality 2024-08-23 18:47:47 +02:00
materus 1381df6297 Merge branch 'master' of github.com:materusPL/nixos-config 2024-08-19 20:14:44 +02:00
materus ab0f13a542 materusPC: add some apps 2024-08-19 20:14:01 +02:00
materus 25fffb3879 flake: update lock 2024-08-19 20:13:31 +02:00
materus 9c9d53b976 valkyrie: dcbot disable update alerts 2024-08-19 20:13:13 +02:00
materus bb4b85013c Old-materusPC: syncthing settings 2024-08-19 08:27:50 +02:00
materus c5aeae2cff valkyrie: jellyfin nginx changes 2024-08-11 20:05:30 +02:00
materus 5e96a9fcca materusPC: add kde connect 2024-08-08 20:45:54 +02:00
materus 4fdee87636 waffentrager: add jellyfin 2024-08-08 20:45:42 +02:00
materus 87bdc15245 materusPC: rename windows virtual machine 2024-08-05 00:27:55 +02:00
materus b9ce475a3e Old-materusPC: nvidia settings, renames to new 2024-07-26 21:23:58 +02:00
materus 3dc734957e waffentrager: updates to use ldap and postgres, fix samba characters 2024-07-22 15:31:57 +02:00
materus f833382298 materusPC: use qcow2 again 2024-07-13 23:53:37 +02:00
materus 94db4c8851 waffentrager: lldap changes 2024-07-13 20:11:06 +02:00
materus ffa133d894 waffentrager: lldap use postgresql 2024-07-13 19:02:17 +02:00
materus 7abe845c5a waffentrager: config lldap 2024-07-13 15:44:07 +02:00
materus 6a1700f0b7 waffentrager: samba and syncthing 2024-07-12 15:53:54 +02:00
materus c8cbb1f2f9 scripts: convert: another change of command 2024-07-12 11:51:46 +02:00
materus afbe226504 valkyrie: dcbot changes 2024-07-12 01:54:56 +02:00
materus 3403a4cb3b materusPC: ffmpegthumbs 2024-07-12 01:28:51 +02:00
materus 672349895d waffentrager: nextcloud add formats for thumbnail 2024-07-12 01:28:33 +02:00
materus 30ca179cb2 valkyrie: dcbot change 2024-07-12 01:28:06 +02:00
materus 2c27517ab1 waffentrager: disable samba ad 2024-07-09 23:45:39 +02:00
materus 5de90edd9c flake: update lock 2024-07-09 23:45:21 +02:00
materus e0394f866c scripts: convert: change convert command 2024-07-09 20:49:32 +02:00
materus 3ec62e702a materusPC: move container config, add vulkan headers, add image convert script 2024-07-09 14:10:48 +02:00
materus 026b04add6 materusPC: vscodium env update llvm and add xmake 2024-07-03 15:48:36 +02:00
materus 711b0a7860 configurations: disable default gamescope setcap for steam 2024-07-03 14:43:54 +02:00
materus a3b69adbdd flake: update lock 2024-07-03 14:43:24 +02:00
materus 0040f1d23e materusPC: add vlc, change ffmpeg and obs 2024-06-25 16:28:50 +02:00
materus 33d7f92b92 flake: update lock 2024-06-25 16:28:24 +02:00
materus f122625e71 materusPC: fix tmp.nix 2024-06-17 13:50:07 +02:00
materus d9c5af566b waffentrager: update nextcloud 2024-06-17 13:41:18 +02:00
materus 7d90f5f210 flake: updates to 24.05 2024-06-17 13:09:58 +02:00
materus 636eb2a8e6 flake: update lock, Old-materusPC: brave settings 2024-06-16 13:23:48 +02:00
materus b4cafcfe3a configurations: updates 2024-05-20 15:40:24 +02:00
materus a8fc766902 flake: update lock 2024-05-20 15:40:00 +02:00
materus c04f1f41fd materusPC: fix for reattach performance issue 2024-05-20 15:39:47 +02:00
materus ab43f858ea materusPC: ssh changes, vm changes, steam changes 2024-05-10 18:12:05 +02:00
materus f4dd3ab0ac materusPC: brave desktop file 2024-05-06 13:12:12 +02:00
materus c4beb9542b Old-materusPC: portal settings 2024-05-02 20:20:37 +02:00
materus 143a8ef419 flake: update lock, Old-materusPC: wayland changes 2024-05-02 18:33:26 +02:00
materus 3abec20d7f waffentrager, valkyrie: change wg port 2024-05-02 12:16:55 +02:00
materus 7d42994f21 Old-materusPC: use nvidia gpu for steam and browser 2024-05-02 10:15:29 +02:00
materus cff5051f75 Old-materusPC: network and audio update 2024-05-02 08:50:39 +02:00
materus e901f042fb flake: update lock, update things to new lock 2024-05-01 12:38:15 +02:00
materus 400dadba7f materusPC: more vm tuning 2024-04-22 15:33:31 +02:00
materus c6cdd9d8af materusPC: Window VM changes 2024-04-22 11:33:57 +02:00
materus fd3599f7f3 materusPC & Old-materusPC: set "/materus" as needed for boot to fix sops 2024-04-19 19:54:06 +02:00
materus d90b32d282 home-profile: add desktop packages 2024-04-19 18:30:42 +02:00
materus d6a451b6c5 materusPC: add wireguard config to networkmanager 2024-04-19 18:28:40 +02:00
materus f19a1bd613 materusPC: import apps.nix 2024-04-19 18:28:22 +02:00
materus be955fe3ca materusPC: fix kde after flake update 2024-04-19 18:27:59 +02:00
materus 7fabda1305 os-config: change steam tbb pkg 2024-04-19 18:27:36 +02:00
materus 15d193b2eb flake: update lock 2024-04-19 18:27:17 +02:00
materus 3fd49d452b materusPC: add apps.nix 2024-04-19 18:27:05 +02:00
materus 2959e10532 waffentrager: remove cert 2024-04-19 17:21:22 +02:00
materus 5d9c165df4 waffentrager: samba change dirs 2024-04-12 11:49:25 +02:00
materus afac05dad3 waffentrager: samba changes 2024-04-12 09:56:47 +02:00
materus d4125a7370 waffentrager: prepare samba DC 2024-04-12 01:38:50 +02:00
materus 98c975c430 os-config: wireguard settings 2024-04-11 22:12:03 +02:00
materus 6050896298 materusPC: change x11 options 2024-04-11 18:44:03 +02:00
materus 80e17cc9f4 waffentrager: add restart to nginx 2024-04-11 18:43:38 +02:00
materus b2d466a450 valkyrie: add links 2024-04-11 18:42:30 +02:00
materus a49963bb5c materusPC: disable emacs 2024-04-09 11:12:09 +02:00
materus c022070323 materusPC: change boot settings 2024-04-06 18:51:08 +02:00
materus 353bc71e19 os-config: remove setfont from zsh 2024-04-06 18:50:52 +02:00
materus b014b62c60 os-config: make default console config 2024-04-06 18:28:17 +02:00
materus 778fcb1b9d os-config: add zsh to "environment.shells" 2024-04-06 15:20:44 +02:00
materus 4cd531103a os-config: set zsh as default shell for users 2024-04-06 15:10:57 +02:00
materus f374e1a698 materusPC: console change font to full path 2024-04-06 14:23:59 +02:00
materus a0a81309cb materusPC: change console settings 2024-04-06 14:10:24 +02:00
materus 5fc7a32788 valkyrie: reorder links 2024-04-06 09:24:02 +02:00
materus 214c293128 valkyrie: slice archive timer to 3 units 2024-04-06 09:21:05 +02:00
materus cb5feba4a0 valkyrie: change links order 2024-04-06 03:17:29 +02:00
materus 7a2306bbd8 valkyrie: fix name 2024-04-06 03:14:41 +02:00
materus b28248d90f valkyrie: add links for webarchive 2024-04-06 02:39:27 +02:00
materus b28f17bc1c valkyrie: add links for webarchive 2024-04-06 02:17:06 +02:00
materus 563278d09a valkyrie: add links for webarchive 2024-04-06 01:43:21 +02:00
materus ebd32b675e valkyrie: add links for webarchive 2024-04-06 01:42:56 +02:00
materus 5da0de61a1 valkyrie: add web archive and steamladder curl request timer 2024-04-06 01:32:24 +02:00
materus f4107f214a home-profile: init tmux config 2024-04-05 23:02:26 +02:00
materus 575c698aa1 hosts: use zsh for materus user 2024-04-05 22:41:31 +02:00
materus 860c28efad waffentrager: fix auth 2024-04-05 22:41:05 +02:00
materus b4e3c7cea3 home-profile: change emacs package and font. materusPC: enable emacs 2024-04-05 21:57:37 +02:00
materus 38eafec797 valkyrie: increase dc bot playlist limit 2024-04-05 21:57:02 +02:00
materus 6870263c6a flake: update lock 2024-04-05 21:56:31 +02:00
materus 2cfdcf34bb valkyrie: change muse bot to evobot 2024-04-03 18:02:23 +02:00
materus b6ce980d0d valkyrie: change muse bot to evobot 2024-04-03 17:54:07 +02:00
materus 91c694193c valkyrie: add 404 error page 2024-04-03 14:28:48 +02:00
materus 75906dd151 flake: update lock 2024-04-03 11:08:59 +02:00
materus aff6076875 os-config: use brave as default browser 2024-04-03 11:08:02 +02:00
materus 6b5b53956b waffentrager: make auth emtpy 2024-04-03 10:52:20 +02:00
materus 12cba54eee materusPC: remove some comments 2024-04-03 10:45:17 +02:00
materus fe49e00096 materusPC: change materus shell to zsh, group formatting 2024-04-02 19:45:43 +02:00
materus b485f8a228 waffentrager: prepare auth service 2024-04-02 19:43:49 +02:00
materus 47c8d1c4ea home-profile & os-profile: zsh compinit changes 2024-04-01 22:52:49 +02:00
materus 0c31caf113 home-profile: updates 2024-04-01 22:14:27 +02:00
materus e4a320cbc8 home-profile: updates 2024-04-01 22:10:17 +02:00
materus fd039ff7cd home-profile: zsh remove starship option 2024-04-01 22:06:42 +02:00
materus e69a55340e home-profile: zsh and wezterm change 2024-04-01 21:57:25 +02:00
materus a19b5b9a3f home-profile: zsh ignore all hist dups 2024-04-01 21:15:32 +02:00
materus f0ae63d1b6 home-profile: change zsh keybind 2024-04-01 21:10:56 +02:00
materus 48e82bb70f os-profile: use hack instead firacode 2024-04-01 19:13:49 +02:00
materus 61ca7ef3bb home-profile: fix zsh propt if no env var 2024-03-31 23:52:36 +02:00
materus 62c24e24b8 home-profile: fix completion for zsh extract 2024-03-31 23:44:10 +02:00
materus 2a65700253 home-profile: changes to wezterm 2024-03-31 23:15:38 +02:00
materus eceae11a41 home-profile: changes to zsh and wezterm 2024-03-31 23:07:50 +02:00
materus b925022a9e home-profile: fix zsh config, fix type of wezterm option 2024-03-31 22:49:39 +02:00
materus ee7bcb1c0d home-profile: add extract plugin to zsh 2024-03-31 22:42:18 +02:00
materus a1eccd4d77 home-profile: move wezterm config to own file 2024-03-31 22:28:57 +02:00
materus 369ed384a4 home-profile: add "run" to emacs command 2024-03-31 22:09:15 +02:00
materus 8b1d9ff963 home-profile: init wezterm 2024-03-31 21:11:40 +02:00
materus e046b8878e home-profile: prepare for wezterm 2024-03-31 20:01:34 +02:00
materus 305c891d7d home-profile: zsh move colors check from zshenv 2024-03-31 19:03:36 +02:00
materus 6da0978779 home-profile: zsh add speedtest, use lib.getExe 2024-03-31 00:35:26 +01:00
materus e442af49ba home-profile: zsh add sudo plugin 2024-03-31 00:28:17 +01:00
materus cb65f9b455 Old-materusPC,materusPC: kde set XCURSOR_THEME 2024-03-30 23:21:37 +01:00
materus b299e40e3a home-profile: zsh change private mode 2024-03-30 21:23:50 +01:00
materus 8691fcd211 home-profile: zsh change colors detect 2024-03-30 21:10:34 +01:00
materus b91142f643 home-profile: zsh style changes 2 2024-03-30 20:58:11 +01:00
materus 8870c0e7e7 home-profile: zsh style changes 2024-03-30 20:44:41 +01:00
materus 9a18e2a37e Old-materusPC: ssh changes 2024-03-30 19:55:07 +01:00
materus 5f363c0709 Old-materusPC: add import of secrets 2024-03-30 19:52:14 +01:00
materus 9c09161f7b Old-materusPC: add import of secrets 2024-03-30 19:27:11 +01:00
materus 22bc3e753a Old-materusPC: init secrets 2024-03-30 19:22:46 +01:00
materus 6b9b5c42eb Old-materusPC: changes after reinstall 2024-03-30 18:58:33 +01:00
materus c8d584f8a4 configuration: prepare for browser changes 2024-03-30 15:41:52 +01:00
materus 1ccceb3415 configuration: clean, fix genHomes 2024-03-30 15:34:52 +01:00
materus 8f8ca90bba configuration: changes to browsers 2024-03-30 15:26:48 +01:00
materus 01c2d9809a home-profile: zsh change substring search 2024-03-30 00:32:38 +01:00
materus 9d791cf738 home-profile: zsh updates 2024-03-30 00:01:34 +01:00
materus 96c76e1578 Old-materusPC: update 2024-03-29 23:25:54 +01:00
materus 170cc0fc10 materusPC: xdg changes 2024-03-29 15:01:25 +01:00
materus 20683564ce materusPC: use wayland sddm 2024-03-29 14:51:39 +01:00
materus 8fda1956a1 home-config: add xdg.userDirs options 2024-03-28 22:49:38 +01:00
materus b20da0c854 waffentrager: postgres auth 2024-03-28 19:41:57 +01:00
materus 2deb047c86 materusPC: add hosts 2024-03-28 17:18:59 +01:00
materus 53566aa9e4 waffentrager: nextcloud php settings 2024-03-28 17:13:49 +01:00
materus 2c3ac41ee3 flake: update lock 2024-03-28 17:13:31 +01:00
materus 8ce0c144e5 configuration: changes 2024-03-27 11:23:52 +01:00
materus d1b0530596 waffentrager: nextcloud - edit preview formats 2024-03-26 20:14:37 +01:00
materus b08931075a materusPC: add webp support 2024-03-26 20:01:48 +01:00
materus 9dc390d1a4 waffentrager: nextcloud - add preview config 2024-03-26 15:29:45 +01:00
materus c2cac01772 waffentrager: nextcloud - enable profiles 2024-03-26 13:34:43 +01:00
materus 9329921cfb waffentrager: nextcloud - add config 2024-03-26 13:30:07 +01:00
materus 4d4157e63a waffentrager: nextcloud - add php extensions 2024-03-26 10:53:37 +01:00
materus f4e0d49672 waffentrager: postgresql - enable jit 2024-03-26 10:21:50 +01:00
materus f141ffaf89 waffentrager: nextcloud php settings 2024-03-26 10:21:34 +01:00
materus 382504ee53 waffentrager: add archivizers 2024-03-26 09:22:50 +01:00
materus 9242bc2a04 valkyrie: redirect change 2024-03-26 01:42:38 +01:00
materus e60d1a81f9 waffentrager: add nextcloud deps 2024-03-26 00:52:23 +01:00
materus 45d7f70792 waffentrager: allow iframe of gitea from nextcloud 2024-03-25 21:56:28 +01:00
materus f242dd700d waffentrager: add samba for nextcloud 2024-03-25 21:56:01 +01:00
materus f8b7da96a7 valkyrie: reverse proxy for nextcloud 2024-03-25 21:55:35 +01:00
materus f9d19b1d66 waffentrager: update gitea option 2024-03-25 20:13:18 +01:00
materus a9146bb628 waffentrager: add nextcloud, config: remove private inputs 2024-03-25 19:46:18 +01:00
materus cd78aabf19 Update README.md 2024-03-24 01:38:21 +01:00
materus 31cb2f4e65 valkyrie: nginx changes 2024-03-23 21:42:56 +01:00
materus d1cf546ac6 waffentrager: add gitea 2024-03-23 20:58:26 +01:00
materus 68e64038ff waffentrager: disable ssh root login 2024-03-23 17:56:09 +01:00
materus 4e0b7b6dd0 waffentrager: use nginx gid instead of uid 2024-03-23 16:36:22 +01:00
materus 3b285229d7 waffentrager: add acme mount from valkyrie 2024-03-23 16:18:53 +01:00
materus 597131aba4 waffentrager: add elements service description 2024-03-23 15:48:51 +01:00
materus 7c52e76348 valkyrie: add acme access for waffentrager 2024-03-23 15:39:15 +01:00
materus bc4d4750c0 valkyrie: move certs to sops file 2024-03-23 15:21:13 +01:00
materus b9397c8fd4 home-profile: restore old zsh settings name to work on stable 2024-03-23 15:21:05 +01:00
materus 78ee10572a configuration: update options to get rid of deprecation warnings 2024-03-23 14:02:51 +01:00
materus 0e985b318f waffentrager: postresql dir creation 2024-03-23 12:42:02 +01:00
materus d5ef421ebb waffentrager: postresql version 2024-03-23 12:39:23 +01:00
materus b700364ac1 waffentrager: changes to postgresql dir 2024-03-23 12:33:10 +01:00
materus d204976cce waffentrager: add postgresql 2024-03-23 11:45:10 +01:00
materus c47555fec7 waffentrager: add elements drive service 2024-03-23 02:30:39 +01:00
materus e9998e42c3 valkyrie: fix muse description 2024-03-23 01:49:03 +01:00
materus a66570226c Add muse bot to valkyrie 2024-03-22 20:12:00 +01:00
materus a76b42c3da valkyrie: move secrets 2024-03-22 00:00:20 +01:00
materus e17d19dcfd commond: change warning to assertion 2024-03-21 23:43:36 +01:00
materus 1c58fc1a2f crypt.sh: check git only before encrypt/decrypt 2024-03-21 23:36:48 +01:00
materus cdc41c3934 configurations: use home-manager module by default 2024-03-21 23:01:42 +01:00
materus bc40af000f waffentrager: import secrets 2024-03-21 19:36:19 +01:00
materus 8217fb3c80 flake: update lock 2024-03-21 19:33:18 +01:00
materus 15cf859638 waffentrager: add secrets 2024-03-21 19:30:54 +01:00
materus 114c2e93be Fix zsh prompt 2024-03-21 18:55:50 +01:00
materus fe55b38bf9 Change usage of mkForce 2024-03-17 10:25:09 +01:00
materus 14349441ac materusPC: updates to work on unstable 2024-03-16 19:24:04 +01:00
materus bec5c7e764 flake: update lock 2024-03-16 19:23:25 +01:00
materus 4e9a593443 materusPC: fixes for plasma 6 2024-03-11 16:46:48 +01:00
materus 04ad6ac1cd code: nixpkgs-fmt to format code 2024-03-11 16:19:31 +01:00
materus 8ecb892244 common: change remove rnix-lsp, add nil and nixpkgs-fmt, move nix default package to common 2024-03-11 16:15:04 +01:00
materus c88c7c029a flake: update lock 2024-03-11 15:36:12 +01:00
materus 990e23c0af Merge branch 'master' of github.com:materusPL/nixos-config 2024-03-11 15:34:41 +01:00
materus c48c02593f materusPC: add rustup again 2024-03-11 15:33:14 +01:00
materus b76733543c Old-materusPC: home, disable emacs 2024-03-09 19:33:08 +01:00
materus 59b65b3dd6 Old-materusPC: add git-crypt 2024-03-09 19:32:51 +01:00
materus 205ab654f3 flake: update lock 2024-03-09 19:17:31 +01:00
materus 130fbaddb4 Revert "materusPC: add rustup to vscodium"
This reverts commit 60542cf0c9.
2024-03-07 12:15:23 +01:00
materus 60542cf0c9 materusPC: add rustup to vscodium 2024-03-07 11:43:15 +01:00
materus dee6533fd1 materusPC: add audio plugins 2024-03-05 13:36:20 +01:00
materus 53ef892a5b materusPC: change audio settings 2024-03-05 13:25:01 +01:00
materus 2cd1ceb0b9 materusPC: kde changes 2024-03-05 12:46:35 +01:00
materus 98129881a1 config: add flake registry option 2024-03-05 12:46:21 +01:00
materus c9e496d80c flake: update lock 2024-03-05 12:45:46 +01:00
materus f9182a61b8 materusPC: change to plasma6 2024-03-04 12:33:48 +01:00
materus 81d7fdfec1 crypt.sh: add delete and create file func 2024-03-03 13:20:02 +01:00
materus 24885efdb4 materusPC: use gnome3 pinentry 2024-03-03 13:19:40 +01:00
materus 8293c9ff44 hosts: add hostPath; home: add homePath 2024-03-03 02:50:46 +01:00
materus 41114f4960 fix typo 2024-03-03 01:24:55 +01:00
materus e702504dee git-crypt: more tests 2024-03-03 01:23:53 +01:00
materus deaa785e1f git-crypt: add simple script to unlock repo 2024-03-03 00:55:45 +01:00
materus 3e93bbfd82 materusPC: add git-crypt to all users 2024-03-03 00:31:40 +01:00
materus e449ce8c56 git-cryp: test 2024-03-03 00:26:24 +01:00
materus cf78dd369e materusPC: secrets test 2024-03-03 00:03:02 +01:00
materus 36e1db6cb1 materusPC: secrets 2024-03-02 23:34:32 +01:00
materus 2af5e3f2a3 materusPC: add git-crypt to home 2024-03-02 22:50:52 +01:00
materus 960ee6fee6 git-crypt: test 2024-03-02 22:41:06 +01:00
materus ad67342e5d Add 1 git-crypt collaborator
New collaborators:

	B75B790D Mateusz "materus" Słodkowicz (materus.pl) <materus@podkos.pl>
2024-03-02 22:39:35 +01:00
materus e8a91e22b6 git-crypt: attributes 2024-03-02 22:38:39 +01:00
materus 8218e3e8cb materusPC: prepare sops 2024-03-02 22:36:43 +01:00
materus c5a5265557 flake: update lock; change all configInputs.inputs to configInputs 2024-03-02 19:51:38 +01:00
materus a7ad639465 flake: update lock; materusPC: remove useless caps config, change sddm to x11 2024-03-02 19:43:32 +01:00
materus 547fd5165c zsh: update 2024-02-26 01:23:15 +01:00
materus 88bdef3961 config: add check if home-manager 2024-02-25 22:30:13 +01:00
materus 64e8520dbd Revert "config: add check if home-manager"
This reverts commit 1b6e1b5d58.
2024-02-25 22:21:11 +01:00
materus 1b6e1b5d58 config: add check if home-manager 2024-02-25 22:07:53 +01:00
materus c1f9da7b40 config: add materusArg module 2024-02-25 18:51:56 +01:00
materus f0d5df9cca flake: update, config: code cleaning 2024-02-25 18:25:39 +01:00
materus 011ceddcb5 flake: update lock 2024-02-23 01:26:47 +01:00
materus 0ea4fac018 remove args, disable emacs, change jdk 2024-02-23 01:19:54 +01:00
materus 59e69924bb update 2024-02-10 12:29:42 +01:00
materus 44dc207b5b config update 2023-12-22 11:53:49 +01:00
materus 4198f3d2d9 configurations: update 2023-11-20 14:14:23 +01:00
materus 32c47479b1 emacs: create one config file 2023-11-15 00:07:16 +01:00
materus cf3a2d98c7 update lock and emacs 2023-11-14 23:25:05 +01:00
materus cf0c1a685e configuration: changes to emacs and others 2023-11-13 00:44:03 +01:00
materus c0cd2a0f19 configurations: update 2023-11-08 10:46:45 +01:00
materus a6c581ee04 emacs: update 2023-11-05 11:59:54 +01:00
materus 4dde3a0e00 .gitignore 2023-11-05 00:16:44 +01:00
materus cc175120b5 emacs: remove evil, add .gitignore 2023-11-04 16:44:02 +01:00
materus dd8779a2e4 emacs: changes to config 2023-11-04 10:50:50 +01:00
materus 1bd2fc3ae1 flake: update lock, change to home-manager stable flake 2023-11-03 16:07:18 +01:00
materus c999f5581d Old-materusPC: Move config of old PC here 2023-11-03 16:06:37 +01:00
materus da1a963d51 configurations: update 2023-10-31 14:40:57 +01:00
materus 54fde216c1 valkyrie: resolved adguard problems, go back to adguard instead of pihole 2023-10-29 01:17:48 +02:00
materus 12926bd6a1 flake: update lock 2023-10-29 01:16:55 +02:00
materus 8896ae977e configurations: add waffentrager host 2023-10-27 19:04:55 +02:00
materus f2c82ea93f configurations: formatting and some cleaning 2023-10-27 17:00:26 +02:00
materus 0ac720823c Create README.md 2023-10-27 14:52:21 +02:00
materus 203a6d868a remove pointless flake 2023-10-27 14:03:09 +02:00
materus 2f0a613381 configurations: Add stable nixpkgs for other hosts, use one Arg 2023-10-27 14:01:54 +02:00
materus 154d850e49 configurations: formatting 2023-10-27 12:30:38 +02:00
materus 1bbf628ea9 configurations: update emacs conf 2023-10-25 19:28:25 +02:00
materus 614dea0e57 configurations: update 2023-10-25 15:34:43 +02:00
materus fbcd102ea1 configurations: update 2023-10-25 00:06:20 +02:00
materus 6e78af6852 flake: update lock 2023-10-25 00:06:05 +02:00
materus 1b234d065d configurations: update 2023-10-20 23:29:09 +02:00
materus 1c7efbba8d valkyrie: change adguard to pihole 2023-10-20 23:28:59 +02:00
materus e7e17d4e39 flake: update lock 2023-10-20 23:28:10 +02:00
materus 736d751962 configurations: update 2023-10-14 15:01:22 +02:00
materus 609f9252dc configurations: update 2023-10-14 14:40:37 +02:00
materus 08819b8107 flake: update configInputs 2023-10-08 16:38:42 +02:00
materus ef9fa061e6 update flake 2023-10-08 16:32:38 +02:00
142 changed files with 9081 additions and 1832 deletions
+4
View File
@@ -0,0 +1,4 @@
# Do not edit this file. To specify the files to encrypt, create your own
# .gitattributes file in the directory where your files are.
* !filter !diff
*.gpg binary
+2
View File
@@ -0,0 +1,2 @@
**/private/** filter=git-crypt diff=git-crypt
encrypted-test filter=git-crypt diff=git-crypt
+2
View File
@@ -0,0 +1,2 @@
\#*\#
.vscode
+21
View File
@@ -0,0 +1,21 @@
#+TITLE: nixos-config
#+AUTHOR: materus
#+DESCRIPTION: NixOS config and dotfiles
#+OPTIONS: \n:t
My NixOS and home-manager configs.
Dotfiles and helper scripts.
Part of it is encrypted by git-crypt, mostly just ips and names. Secrets are managed by sops.
* Hosts
[[./configurations/host/materusPC/][materusPC]] - my main PC
[[./configurations/host/Old-materusPC/][Old-materusPC]] - my old PC, barely used
[[./configurations/host/flamaster/][flamaster]] - my laptop, used mostly as server for games.
[[./configurations/host/valkyrie/][valkyrie]] - VPS, my website and pleroma instance
[[./configurations/host/waffentrager/][waffentrager]] - raspberry pi4, home server
-44
View File
@@ -1,44 +0,0 @@
{ inputs, materusFlake, ... }:
let
profiles = import ../profile;
hosts = builtins.attrNames materusFlake.nixosConfigurations;
genHomes = username:
let
#Make host specific user profile "username@host"
_list = builtins.map (host: username + "@" + host) hosts;
_for = i: (
let len = builtins.length hosts; in
([{
name = builtins.elemAt _list i;
value = let host = builtins.elemAt hosts i; in
inputs.configInputs.inputs.home-manager.lib.homeManagerConfiguration {
pkgs = materusFlake.nixosConfigurations.${host}.pkgs;
extraSpecialArgs = { inherit inputs; inherit materusFlake; };
modules = [
./${username}
../host/${host}/extraHome.nix
profiles.homeProfile
inputs.private.homeModule
];
};
}]
++ (if ((i + 1) < len) then _for (i + 1) else [ ]))
);
in
(builtins.listToAttrs (_for 0)) // {
#Make generic x86_64-linux user profile "username"
${username} = inputs.configInputs.inputs.home-manager.lib.homeManagerConfiguration {
pkgs = import inputs.nixpkgs { system = "x86_64-linux"; config = {allowUnfree = true;}; };
extraSpecialArgs = { inherit inputs; inherit materusFlake; };
modules = [
./${username}
profiles.homeProfile
inputs.private.homeModule
];
};
};
in
genHomes
+363
View File
@@ -0,0 +1,363 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
config,
pkgs,
materusCfg,
materusArg,
...
}:
let
unstable = import materusCfg.materusFlake.inputs.nixpkgs {
system = "x86_64-linux";
config = {
allowUnfree = true;
nvidia.acceptLicense = true;
};
};
in
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
./network.nix
];
boot.supportedFilesystems = [ "ntfs" ];
nix.settings.experimental-features = [
"nix-command"
"flakes"
];
nix.settings.auto-optimise-store = true;
nix.settings.substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
];
nix.settings.trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
nixpkgs.config.allowUnfree = true;
# Use the systemd-boot EFI boot loader.
boot.loader.grub = {
enable = true;
efiSupport = true;
device = "nodev";
gfxmodeEfi = "1920x1080";
gfxmodeBios = "1920x1080";
useOSProber = true;
};
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.kernelPackages = unstable.linuxPackages_zen;
boot.tmp.useTmpfs = true;
services.flatpak.enable = true;
services.gvfs.enable = true;
programs.kdeconnect.enable = true;
# Set your time zone.
time.timeZone = "Europe/Warsaw";
services.syncthing = {
enable = true;
user = "materus";
dataDir = "/home/materus";
};
services.fstrim = {
enable = true;
interval = "weekly";
};
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "pl_PL.UTF-8";
console = {
font = "lat2-16";
# keyMap = "pl";
useXkbConfig = true; # use xkbOptions in tty.
};
hardware.bluetooth.enable = true;
# Enable the X11 windowing system.
services.xserver.enable = true;
hardware.opengl.enable = true;
hardware.opengl.driSupport32Bit = true;
materus.profile.steam.enable = false;
# Configure keymap in X11
services.xserver.xkb.layout = "pl";
# services.xserver.xkbOptions = {
# "eurosign:e";
# "caps:escape" # map caps to escape.
# };
# Enable CUPS to print documents.
services.printing.enable = true;
# Enable sound.
#sound.enable = true;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
systemWide = true;
# If you want to use JACK applications, uncomment this
jack.enable = true;
};
hardware.pulseaudio.enable = false;
services.udev = {
extraRules = ''
KERNEL=="rtc0", GROUP="audio"
KERNEL=="hpet", GROUP="audio"
DEVPATH=="/devices/virtual/misc/cpu_dma_latency", OWNER="root", GROUP="audio", MODE="0660"
'';
};
virtualisation.podman = {
enable = true;
dockerCompat = true;
dockerSocket.enable = true;
};
users.users.materus = {
isNormalUser = true;
extraGroups = [
"wheel"
"networkmanager"
"kvm"
"input"
"libvirt"
"libvirtd"
"podman"
"audio"
"pipewire"
];
shell = pkgs.zsh;
description = "Mateusz Słodkowicz";
};
virtualisation.libvirtd = {
enable = true;
onBoot = "ignore";
onShutdown = "shutdown";
qemu.ovmf.enable = true;
qemu.ovmf.packages = [ pkgs.OVMFFull.fd ];
qemu.runAsRoot = true;
qemu.swtpm.enable = true;
qemu.package = pkgs.qemu_full;
};
environment.sessionVariables = rec {
XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share";
#SSH_ASKPASS_REQUIRE = "prefer";
STEAM_EXTRA_COMPAT_TOOLS_PATHS = "\${HOME}/.steam/root/compatibilitytools.d";
MOZ_USE_XINPUT2 = "1";
PATH = [ "\${XDG_BIN_HOME}" ];
};
environment.shellInit = ''
if ! [ -z "$DISPLAY" ]; then xhost +si:localuser:root &> /dev/null; fi;
if ! [ -z "$DISPLAY" ]; then xhost +si:localuser:$USER &> /dev/null; fi;
'';
# List packages installed in system profile. To search, run:
# $ nix search wget
i18n.inputMethod.enabled = "fcitx5";
i18n.inputMethod.fcitx5.addons = [
pkgs.fcitx5-configtool
pkgs.fcitx5-lua
pkgs.fcitx5-mozc
pkgs.libsForQt5.fcitx5-qt
];
environment.systemPackages = with pkgs; [
(vivaldi.overrideAttrs
(oldAttrs: {
dontWrapQtApps = false;
dontPatchELF = true;
nativeBuildInputs = oldAttrs.nativeBuildInputs ++ [pkgs.kdePackages.wrapQtAppsHook];
}))
brave
glibc
patchelf
vim
wget
killall
xorg.xkill
xorg.xhost
nix-top
gitFull
curl
jdk
nss_latest
(aspellWithDicts (
ds: with ds; [
en
en-computers
en-science
pl
]
))
distrobox
p7zip
unrar
bzip2
rar
unzip
zstd
xz
zip
gzip
sops
tree
mc
lf
htop
nmon
iftop
iptraf-ng
mprocs
nix-du
git-crypt
wineWowPackages.stagingFull
winetricks
protontricks
openal
gnupg
ncurses
monkeysphere
gparted
inkscape
gimp
virt-manager
libguestfs
bubblewrap
bindfs
pulseaudio
binutils
];
fonts.fontDir.enable = true;
fonts.enableDefaultPackages = true;
fonts.packages = with pkgs; [
dejavu_fonts
hack-font
noto-fonts
noto-fonts-extra
noto-fonts-emoji
noto-fonts-cjk-sans
noto-fonts-cjk-serif
ubuntu_font_family
wqy_zenhei
monocraft
nerd-fonts.fira-code
nerd-fonts.droid-sans-mono
nerd-fonts.meslo-lg
nerd-fonts.profont
];
fonts.fontconfig.enable = true;
fonts.fontconfig.cache32Bit = true;
fonts.fontconfig.defaultFonts.sansSerif = [
"Noto Sans"
"DejaVu Sans"
"WenQuanYi Zen Hei"
"Noto Color Emoji"
];
fonts.fontconfig.defaultFonts.serif = [
"Noto Serif"
"DejaVu Serif"
"WenQuanYi Zen Hei"
"Noto Color Emoji"
];
fonts.fontconfig.defaultFonts.emoji = [
"Noto Color Emoji"
"OpenMoji Color"
];
fonts.fontconfig.defaultFonts.monospace = [
"Hack Nerd Font"
"Noto Sans Mono"
"WenQuanYi Zen Hei Mono"
];
environment.enableAllTerminfo = true;
environment.pathsToLink = [ "/share/zsh" ];
environment.shells = with pkgs; [ zsh ];
programs = {
steam = {
enable = false;
dedicatedServer.openFirewall = true;
remotePlay.openFirewall = true;
};
fish.enable = true;
java.enable = true;
java.package = pkgs.graalvmPackages.graalvm-oracle;
command-not-found.enable = false;
dconf.enable = true;
};
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
services.pcscd.enable = true;
/*
systemd.user.services.gpg-agent.serviceConfig.ExecStart = [
""
''
${pkgs.gnupg}/bin/gpg-agent --supervised \
--pinentry-program ${pkgs.kwalletcli}/bin/pinentry-kwallet
''
];
*/
programs.gnupg.agent = {
enable = true;
enableSSHSupport = false;
enableBrowserSocket = true;
};
programs.ssh.startAgent = true;
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
system.copySystemConfiguration = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
}
@@ -0,0 +1,13 @@
{ config, pkgs, lib, ... }:
{
imports =
[
./secrets
./configuration.nix
./nvidia.nix
./plasma.nix
];
}
@@ -0,0 +1,152 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
config,
lib,
pkgs,
modulesPath,
...
}:
{
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [
"xhci_pci"
"ehci_pci"
"ahci"
"usbhid"
"usb_storage"
"sd_mod"
];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [
"kvm-intel"
"vfio-pci"
];
boot.extraModulePackages = [ ];
boot.kernel.sysctl = {
"vm.swappiness" = 10;
};
boot.kernelParams = [
"ibt=off"
"intel_iommu=on"
"iommu=pt"
"pcie_acs_override=downstream,multifunction"
];
fileSystems."/" = {
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [
"subvol=@"
"noatime"
"ssd"
"space_cache=v2"
];
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [
"subvol=@boot"
"ssd"
];
};
fileSystems."/materus" = {
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [
"subvol=@materus"
"noatime"
"compress=zstd"
"ssd"
"space_cache=v2"
];
neededForBoot = true;
};
fileSystems."/nix" = {
device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs";
options = [
"subvol=@nix"
"noatime"
"compress=zstd"
"ssd"
"space_cache=v2"
];
};
fileSystems."/home" = {
device = "/dev/disk/by-label/NixOS_Home";
fsType = "btrfs";
options = [
"subvol=@home"
"nossd"
"noatime"
"compress=zstd"
"space_cache=v2"
"autodefrag"
];
};
fileSystems."/materus/data" = {
device = "/dev/disk/by-label/NixOS_Home";
fsType = "btrfs";
options = [
"subvol=@data"
"nossd"
"noatime"
"compress=zstd"
"space_cache=v2"
"autodefrag"
];
};
fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/A5C2-31D1";
fsType = "vfat";
};
zramSwap = {
enable = true;
memoryPercent = 50;
priority = 10;
};
swapDevices = [
{
device = "/var/lib/swapfile";
size = 32 * 1024;
priority = 5;
}
{
device = "/dev/disk/by-label/NixOS_Swap";
priority = 0;
}
];
fileSystems."/etc/nixos" = {
device = "/materus/config/nixos-config";
fsType = "none";
options = [ "bind" ];
depends = [ "/materus" ];
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp6s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkForce true;
}
@@ -0,0 +1,161 @@
{ config, pkgs, materusArg, materusCfg, lib, ... }:
{
home.stateVersion = "22.11";
home.homeDirectory = "/home/materus";
programs.wezterm.enable = true;
programs.git = {
userEmail = "materus@podkos.pl";
userName = "materus";
signing.signByDefault = true;
signing.key = "${materusArg.cfg.path}/extraFiles/keys/ssh/materus.pub";
extraConfig = {
commit.gpgsign = true;
gpg.format = "ssh";
};
};
programs.vscode.userSettings = {
"vscord.app.name" = "VSCodium";
"window.dialogStyle" = "custom";
"window.titleBarStyle" = "custom";
"editor.fontFamily" = "'Hack Nerd Font', 'monospace', monospace";
"workbench.colorTheme" = "Dracula Theme";
"workbench.productIconTheme" = "material-product-icons";
"workbench.iconTheme" = "material-icon-theme";
"d.aggressiveUpdate" = false;
"d.servedPath" = "${pkgs.serve-d}/bin/serve-d";
"direnv.path.executable" = "${pkgs.direnv}/bin/direnv";
"nix.enableLanguageServer" = true;
"nix.serverPath" = "${pkgs.nixd}/bin/nixd";
"nix.formatterPath" = "${pkgs.nixfmt-rfc-style}/bin/nixfmt";
"C_Cpp.clang_format_path" = "${pkgs.clang-tools}/bin/clang-format";
"C_Cpp.clang_format_fallbackStyle" = "Microsoft";
"clang-tidy.executable" = "${pkgs.clang-tools}/bin/clang-tidy";
"typescript.tsserver.maxTsServerMemory" = 1024 * 8;
"typescript.tsserver.nodePath"= lib.mkDefault "${pkgs.nodejs}/bin/node";
"python.defaultInterpreterPath" = "${pkgs.python3Full}/bin/python";
"[cpp]" = {
"editor.defaultFormatter" = "xaver.clang-format";
};
};
materus.profile = {
fonts.enable = lib.mkDefault true;
nixpkgs.enable = lib.mkDefault false;
enableDesktop = lib.mkDefault true;
enableTerminal = lib.mkDefault true;
enableTerminalExtra = lib.mkDefault true;
enableNixDevel = lib.mkDefault true;
editor.code.fhs.enable = false;
editor.code.fhs.packages = (ps: with ps; let llvmpkgs = llvmPackages_16; in [
llvmpkgs.clang
llvmpkgs.llvm
llvmpkgs.bintools
llvmpkgs.lld
llvmpkgs.lldb
llvmpkgs.libllvm
llvmpkgs.libllvm.dev
gcc
gdb
cmake
gnumake
ninja
binutils
coreutils
util-linux
dotnet-sdk_8
mono
mold
python3
lua
gtk4.dev
gtk4
miniaudio
SDL2.dev
SDL2
freeglut.dev
freeglut
boost.dev
boost
glew.dev
libGL.dev
libGLU.dev
vulkan-loader.dev
jdk
ldc
dmd
dub
]);
editor.emacs.enable = true;
};
xdg.desktopEntries.brave-browser =
let
env = lib.concatStringsSep " " [
''__NV_PRIME_RENDER_OFFLOAD="1"''
''__NV_PRIME_RENDER_OFFLOAD_PROVIDER="NVIDIA-G0"''
''__GLX_VENDOR_LIBRARY_NAME="nvidia"''
''__VK_LAYER_NV_optimus="NVIDIA_only"''
''NIXOS_OZONE_WL="1"''
];
script = pkgs.writeShellScript "brave" ''
${env} brave "$@"
'';
in
{
name = "Brave Web Browser";
genericName = "Przeglądarka WWW";
comment = "Skorzystaj z internetu";
exec = "${script} %U";
icon = "brave-browser";
terminal = false;
categories = [ "Application" "Network" "WebBrowser" ];
mimeType = [
"application/pdf"
"application/rdf+xml"
"application/rss+xml"
"application/xhtml+xml"
"application/xhtml_xml"
"application/xml"
"image/gif"
"image/jpeg"
"image/png"
"image/webp"
"text/html"
"text/xml"
"x-scheme-handler/http"
"x-scheme-handler/https"
"x-scheme-handler/ipfs"
"x-scheme-handler/ipns"
];
actions.new-windows = {
exec = "${script}";
name = "Nowe okno";
};
actions.new-private-windows = {
exec = "${script} --incognito";
name = "Nowe okno incognito";
};
};
home.packages = [
pkgs.papirus-icon-theme
(materusArg.pkgs.polymc.wrap { extraJDKs = [ pkgs.graalvmPackages.graalvm-oracle pkgs.graalvmPackages.graalvm-oracle_17]; })
];
}
@@ -0,0 +1,57 @@
{ config, pkgs, lib, materusArg, ... }:
{
sops.templates."networkmanager.env".content = ''
WIREGUARD_PRIVATEKEY="${config.sops.placeholder.wg-key}"
'';
networking.useDHCP = lib.mkDefault true;
networking.hostName = "Old-materusPC";
networking.wireless.iwd.enable = true;
networking.networkmanager.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 24800 5900 5357 4656
22000 config.services.syncthing.relay.statusPort config.services.syncthing.relay.port # Syncthing
];
networking.firewall.allowedUDPPorts = [ 24800 5900 3702 4656
22000 21027 # Syncthing
];
# Or disable the firewall altogether.
networking.firewall.enable = true;
networking.networkmanager.settings = {
connectivity = {
uri = "http://nmcheck.gnome.org/check_network_status.txt";
};
};
networking.networkmanager.ensureProfiles.environmentFiles = [
config.sops.templates."networkmanager.env".path
];
networking.networkmanager.ensureProfiles.profiles = {
wg0 = {
connection = {
id = "wg0";
type = "wireguard";
interface-name = "wg0";
};
wireguard = {
private-key = "$WIREGUARD_PRIVATEKEY";
};
"wireguard-peer.${materusArg.wireguard.pubKeys.valkyrie}" = {
endpoint = "${materusArg.ips.valkyrie}:${materusArg.wireguard.port}";
allowed-ips = "${materusArg.ip-masks.wireguard.main};${materusArg.ip-masks.wireguard.guest};${materusArg.ip-masks.wireguard.asia};${materusArg.ips.wireguard.valkyrie}/32;";
persistent-keepalive = "20";
};
ipv4 = {
address1 = "${materusArg.ips.wireguard.Old-materusPC}/32";
dns = "${materusArg.ips.wireguard.valkyrie};";
method = "manual";
never-default = "true";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "disabled";
};
proxy = { };
};
};
}
@@ -0,0 +1,29 @@
{ config, pkgs, ... }:
{
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia = {
package = config.boot.kernelPackages.nvidiaPackages.latest;
modesetting.enable = true;
nvidiaSettings = true;
open = true;
};
hardware.opengl.extraPackages = with pkgs; [
vaapiVdpau
nvidia-vaapi-driver
libvdpau-va-gl
];
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [
vaapiVdpau
nvidia-vaapi-driver
libvdpau-va-gl
];
materus.profile.steam.extraEnv = {
VK_ICD_FILENAMES=''''$VK_ICD_FILENAMES:/run/opengl-driver/share/vulkan/icd.d/nvidia_icd.x86_64.json:/run/opengl-driver-32/share/vulkan/icd.d/nvidia_icd.i686.json'';
__NV_PRIME_RENDER_OFFLOAD="1";
__NV_PRIME_RENDER_OFFLOAD_PROVIDER="NVIDIA-G0";
__GLX_VENDOR_LIBRARY_NAME="nvidia";
__VK_LAYER_NV_optimus="NVIDIA_only";
};
}
@@ -0,0 +1,31 @@
{ pkgs, ... }:
{
services.displayManager.sddm.enable = true;
services.displayManager.sddm.wayland.enable = true;
services.displayManager.sddm.settings = {
General = {
InputMethod = "";
};
Theme = {
CursorTheme = "breeze_cursors";
CursorSize = "24";
};
};
environment.variables = {
QT_PLUGIN_PATH = [ "${pkgs.qt6.qtimageformats}/${pkgs.qt6.qtbase.qtPluginPrefix}" ];
XCURSOR_THEME = "breeze_cursors";
};
xdg.portal.enable = true;
xdg.portal.wlr.enable = true;
xdg.portal.xdgOpenUsePortal = true;
xdg.portal.extraPortals = [ pkgs.kdePackages.xdg-desktop-portal-kde ];
services.desktopManager.plasma6.enable = true;
services.desktopManager.plasma6.enableQt5Integration = true;
environment.plasma6.excludePackages = with pkgs.kdePackages; [ kwallet kwalletmanager kwallet-pam ];
environment.systemPackages = with pkgs.kdePackages; [
ark
kate
];
materus.profile.steam.extraPkgs = [ pkgs.kdePackages.breeze pkgs.kdePackages.breeze-gtk pkgs.kdePackages.dolphin ];
}
@@ -0,0 +1,25 @@
{ config, pkgs, lib, materusCfg, ... }:
{
imports =
[
] ++ (if (materusCfg.materusFlake.decrypted) then [ ./private ] else [ ]);
sops.age.generateKey = false;
sops.gnupg.home = null;
sops.gnupg.sshKeyPaths = [ ];
sops.defaultSopsFile = materusCfg.hostPath + "/secrets/secrets.yaml";
sops.secrets."wg-key" = { };
services.openssh.hostKeys = [
{
bits = 4096;
path = "/materus/root/ssh_host_rsa_key";
type = "rsa";
}
{
path = "/materus/root/ssh_host_ed25519_key";
type = "ed25519";
}
];
}
@@ -0,0 +1,33 @@
wg-key: ENC[AES256_GCM,data:+z+Xxq6A1h5ceCOZry9PSz871zVZpd9Y6vtqpfoAulHCN03DjzZ/PLmRvYQ=,iv:7hdjnUuaRk30hFJ8rv4zXxI8v42RWC1iQb64LMNgBnQ=,tag:eUSTVygR+u9ERPU9gfhYIw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1el7zhjxkrlravpt7hw36fuac0xfgd42qkjjkvxzqmyl28u8csasqkd4a40
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsT2w4SCt2ZGdLYktHckMw
QVhza2tqU2M1Q3lsYnhld1dKcTdYUHcvSzFrCjMxT05yU01nUmFQK0FCUThUNDNN
V2EyTUhoVUNjNlNwTU9FeTlGRkxvVDgKLS0tIDBFYys1TmI0T0x0RnE2N3JCWWpq
VFVjMGUvRVBaY0JsR2lVcUFsdk4rYjQKEiiqEcTaQSVXSAm5c9uylaf2Tt/KJtPl
GDp+2YSBHHnVYjtYf7k9WqsIEe5/0AifDp3YA8jNhOXuZwZdvk+fLw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-03-30T18:21:12Z"
mac: ENC[AES256_GCM,data:0DMB+ukujc6PMU45n1QJGryGie25Bj2hXmia69QgYZNk2vgfO+nYmWSpmqK4Z00xXNtbsgejfDto5mrzU/OJ4FF3eOfwWfdIwxQLEQKoPF5U3niON3YO8FEA+JIn+/fNGF3fY1AgBfhberST5ikKnmff1Nwe5GOwQHSB3LU+CZE=,iv:V89EFUby3bwsoZKpoJRmJS9E/UheMBkKDq7j40IzBTA=,tag:aOJnFFGIuzQ3T7YrIFiWtw==,type:str]
pgp:
- created_at: "2024-03-30T18:20:23Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4D5fSX77p80GYSAQdAnUVLGsgIKd3EtSAGTPyXqSlsz1T8RnDvAtBz/XaH0y0w
pkp84zTe85FRZDnTO8a44WkpNIrUih0CYQSPPCZqSi/qnIxPWgx67HTC1bPAO9Iw
1GgBCQIQNcrKr4YNKSP5XxJqMXOyZD7rZ4g02Xdw5XplZ/y34m9c83S44XRgHwg4
0obXI1UlsqyHf/ZnTM1pbXO/kdTdFomWvWbfbuKDgDvyiJJ18mJ48GOsv/SBBJjJ
3877O+Ia5I8Chg==
=q58P
-----END PGP MESSAGE-----
fp: 28D140BCA60B4FD1
unencrypted_suffix: _unencrypted
version: 3.8.1
Binary file not shown.
+58 -58
View File
@@ -2,65 +2,65 @@
let let
profiles = import ../profile; profiles = import ../profile;
makeSystem = { host, arch ? "x86_64-linux", extraModules ? [ ], stable ? true, hmAsModule ? true, hmUsers ? [ "materus" ] }:
let
nixosSystem = if stable then inputs.nixpkgs-stable.lib.nixosSystem else inputs.nixpkgs.lib.nixosSystem;
hm = if stable then inputs.configInputs-stable.home-manager else inputs.configInputs.home-manager;
materusCfg = {
inherit stable;
inherit materusFlake;
inherit host;
inherit hm;
inherit hmAsModule;
inherit arch;
nixerus = if stable then inputs.configInputs-stable.nixerus else inputs.configInputs.nixerus;
configInputs = if stable then inputs.configInputs-stable else inputs.configInputs;
path = materusFlake.selfPath;
hostPath = materusFlake.selfPath + "/configurations/host/${host}";
isHm = false;
};
in
(nixosSystem {
specialArgs = { inherit materusCfg; };
system = arch;
modules = [
./${host}
profiles.osProfile
materusCfg.configInputs.sops-nix.nixosModules.sops
(if hmAsModule then hm.nixosModules.home-manager else { })
(if hmAsModule then
{
home-manager.backupFileExtension = "hm-backup";
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.sharedModules = [
materusCfg.configInputs.plasma-manager.homeManagerModules.plasma-manager
materusCfg.configInputs.sops-nix.homeManagerModules.sops
];
home-manager.users = (builtins.foldl' (a: b: a // b) { } (builtins.map
(user: {
${user} = ({ ... }:
{
imports = [
(materusFlake.selfPath + "/configurations/shared/home/${user}")
(materusFlake.selfPath + "/configurations/host/${host}/home/${user}")
profiles.homeProfile
];
});
})
hmUsers));
home-manager.extraSpecialArgs = { materusCfg = materusCfg // { isHm = true; }; };
} else { })
] ++ extraModules;
}) // { inherit materusCfg; };
in in
{ {
materusPC = inputs.nixpkgs.lib.nixosSystem rec { materusPC = makeSystem { host = "materusPC"; stable = true; };
specialArgs = { inherit inputs; inherit materusFlake; }; flamaster = makeSystem { host = "flamaster"; stable = true; };
system = "x86_64-linux"; valkyrie = makeSystem { host = "valkyrie"; stable = true; };
modules = [ waffentrager = makeSystem { host = "waffentrager"; stable = true; arch = "aarch64-linux"; };
./materusPC
inputs.private.systemModule
profiles.osProfile
];
};
flamaster = inputs.nixpkgs.lib.nixosSystem rec {
specialArgs = { inherit inputs; inherit materusFlake; };
system = "x86_64-linux";
modules = [
./flamaster
inputs.private.systemModule
profiles.osProfile
inputs.home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.materus = { config ,... }: {
imports = [
../home/materus
flamaster/extraHome.nix
profiles.homeProfile
inputs.private.homeModule
];
materus.profile.nixpkgs.enable = false;
};
home-manager.extraSpecialArgs = { inherit inputs; inherit materusFlake; };
}
];
};
valkyrie = inputs.nixpkgs.lib.nixosSystem rec {
specialArgs = { inherit inputs; inherit materusFlake; };
system = "x86_64-linux";
modules = [
./valkyrie
inputs.private.systemModule
profiles.osProfile
inputs.home-manager.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
home-manager.useUserPackages = true;
home-manager.users.materus = { config ,... }: {
imports = [
../home/materus
valkyrie/extraHome.nix
profiles.homeProfile
inputs.private.homeModule
];
materus.profile.nixpkgs.enable = false;
};
home-manager.extraSpecialArgs = { inherit inputs; inherit materusFlake; };
}
];
};
Old-materusPC = makeSystem { host = "Old-materusPC"; stable = true; };
} }
+37 -32
View File
@@ -2,7 +2,7 @@
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{ config, lib, pkgs, materusFlake, materusPkgs, ... }: { config, lib, pkgs, materusArg, ... }:
{ {
imports = imports =
@@ -56,11 +56,12 @@
time.timeZone = "Europe/Warsaw"; time.timeZone = "Europe/Warsaw";
# Select internationalisation properties. # Select internationalisation properties.
i18n.defaultLocale = "pl_PL.utf8"; i18n.defaultLocale = "pl_PL.UTF-8";
# Enable the X11 windowing system. # Enable the X11 windowing system.
services.xserver.enable = true; services.xserver.enable = true;
hardware.nvidia.open = false;
services.xserver.videoDrivers = [ "nvidia" ]; services.xserver.videoDrivers = [ "nvidia" ];
hardware.opengl.enable = true; hardware.opengl.enable = true;
hardware.nvidia.prime = { hardware.nvidia.prime = {
@@ -76,7 +77,7 @@
# Enable the KDE Plasma Desktop Environment. # Enable the KDE Plasma Desktop Environment.
services.xserver.displayManager.sddm.enable = true; services.xserver.displayManager.sddm.enable = true;
services.xserver.desktopManager.plasma5.enable = true; services.xserver.desktopManager.plasma6.enable = true;
# Configure keymap in X11 # Configure keymap in X11
services.xserver = { services.xserver = {
@@ -91,7 +92,7 @@
services.printing.enable = true; services.printing.enable = true;
# Enable sound with pipewire. # Enable sound with pipewire.
sound.enable = true; #sound.enable = true;
hardware.pulseaudio.enable = false; hardware.pulseaudio.enable = false;
security.rtkit.enable = true; security.rtkit.enable = true;
services.pipewire = { services.pipewire = {
@@ -108,17 +109,18 @@
}; };
# Enable touchpad support (enabled default in most desktopManager). # Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true; services.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd. # Define a user account. Don't forget to set a password with passwd.
users.users.materus = { users.users.materus = {
isNormalUser = true; isNormalUser = true;
description = "Mateusz Słodkowicz"; description = "Mateusz Słodkowicz";
extraGroups = [ "networkmanager" "wheel" ]; extraGroups = [ "networkmanager" "wheel" ];
openssh.authorizedKeys.keyFiles = [ (materusFlake.selfPath + /extraFiles/keys/ssh/materus.pub) ]; openssh.authorizedKeys.keyFiles = [ ("${materusArg.cfg.path}" + "/extraFiles/keys/ssh/materus.pub") ];
packages = with pkgs; [ packages = with pkgs; [
kate kdePackages.kate
]; ];
shell = pkgs.zsh;
}; };
# Allow unfree packages # Allow unfree packages
@@ -135,9 +137,9 @@
lshw lshw
steamcmd steamcmd
distrobox distrobox
steamcmd
config.materus.profile.packages.firefox
firefox
config.programs.java.package config.programs.java.package
@@ -155,37 +157,40 @@
# Enable the OpenSSH daemon. # Enable the OpenSSH daemon.
services.openssh.enable = true; services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "no";
services.openssh.settings.PasswordAuthentication = false;
services.openssh.openFirewall = true;
programs.ssh.startAgent = true;
# Open ports in the firewall. # Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 22 27015 25565 24454 8123 ]; networking.firewall.allowedTCPPorts = [ 22 27015 25565 25570 8123 8100 24800 ];
networking.firewall.allowedTCPPortRanges = [{ from = 16262; to = 16272; }]; networking.firewall.allowedTCPPortRanges = [{ from = 16262; to = 16272; }];
networking.firewall.allowedUDPPorts = [ 22 16261 16262 8766 8767 25565 24454 8123 ]; networking.firewall.allowedUDPPorts = [ 22 16261 16262 8766 8767 25565 24454 8123 24800 ];
# Or disable the firewall altogether. # Or disable the firewall altogether.
networking.firewall.enable = true; networking.firewall.enable = true;
networking.networkmanager.extraConfig = lib.mkDefault '' networking.networkmanager.settings = {
[connectivity] connectivity = { uri = lib.mkDefault "http://nmcheck.gnome.org/check_network_status.txt"; };
uri=http://nmcheck.gnome.org/check_network_status.txt };
'';
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions # settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave # on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system. # this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option # Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment? system.stateVersion = "23.05"; # Did you read the comment?
programs.neovim.enable = true; programs.neovim.enable = true;
programs.neovim.vimAlias = true; programs.neovim.vimAlias = true;
programs.neovim.viAlias = true; programs.neovim.viAlias = true;
services.flatpak.enable = true; services.flatpak.enable = true;
xdg.portal.enable = true; xdg.portal.enable = true;
virtualisation.podman.enable = true; virtualisation.podman.enable = true;
virtualisation.podman.dockerCompat = true; virtualisation.podman.dockerCompat = true;
virtualisation.podman.enableNvidia = true; virtualisation.podman.enableNvidia = true;
virtualisation.podman.dockerSocket.enable = true; virtualisation.podman.dockerSocket.enable = true;
} }
+1 -1
View File
@@ -6,7 +6,7 @@
./configuration.nix ./configuration.nix
]; ];
materus.profile.nix.enable = true; materus.profile.nix.enable = true;
materus.profile.steam.enable = true; #materus.profile.steam.enable = true;
} }
@@ -1,21 +0,0 @@
{ config, pkgs, materusPkgs, lib, ... }:
{
home.stateVersion = "23.05";
home.homeDirectory = "/home/materus";
materus.profile = {
fonts.enable = lib.mkDefault true;
nixpkgs.enable = lib.mkDefault false;
enableDesktop = lib.mkDefault true;
enableTerminal = lib.mkDefault true;
enableTerminalExtra = lib.mkDefault true;
enableNixDevel = lib.mkDefault true;
};
home.packages = [
pkgs.papirus-icon-theme
(materusPkgs.polymc.wrap { extraJDKs = [ pkgs.graalvm-ce ]; })
];
}
@@ -16,13 +16,32 @@
fileSystems."/" = fileSystems."/" =
{ {
device = "/dev/disk/by-label/NixOS_Root"; device = "/dev/disk/by-label/NixOS_Root_Laptop";
fsType = "ext4"; fsType = "btrfs";
options = [ "subvol=@" "noatime" "ssd" "space_cache=v2" "compress=zstd" ];
};
fileSystems."/nix" =
{
device = "/dev/disk/by-label/NixOS_Root_Laptop";
fsType = "btrfs";
options = [ "subvol=@nix" "noatime" "compress=zstd" "ssd" "space_cache=v2" ];
};
fileSystems."/data" =
{
device = "/dev/disk/by-label/HDD_DATA";
fsType = "btrfs";
options = [ "noatime" "compress=zstd" "nossd" "autodefrag" ];
};
fileSystems."/boot" =
{
device = "/dev/disk/by-label/NixOS_Root_Laptop";
fsType = "btrfs";
options = [ "subvol=@boot" "ssd" ];
}; };
fileSystems."/boot/efi" = fileSystems."/boot/efi" =
{ {
device = "/dev/disk/by-label/NixOS_EFI"; device = "/dev/disk/by-label/NixOS_EFI_L";
fsType = "vfat"; fsType = "vfat";
}; };
@@ -35,10 +54,15 @@
}; };
swapDevices = [{ swapDevices = [{
device = "/var/.swapfile"; device = "/data/.swapfile";
size = 32 * 1024; size = 32 * 1024;
}]; }];
zramSwap = {
enable = true;
memoryPercent = 50;
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's # (the default) this is the recommended approach. When using systemd-networkd it's
@@ -0,0 +1,87 @@
{ config, pkgs, materusArg, lib, ... }:
{
home.stateVersion = "23.05";
home.homeDirectory = "/home/materus";
xdg.dataFile."java-runtimes/graalvm-oracle-17".source = pkgs.graalvmPackages.graalvm-oracle_17;
xdg.dataFile."java-runtimes/graalvm-oracle-latest".source = pkgs.graalvmPackages.graalvm-oracle;
xdg.dataFile."java-runtimes/openjdk21".source = pkgs.jdk21;
materus.profile = {
fonts.enable = lib.mkDefault true;
nixpkgs.enable = lib.mkDefault false;
enableDesktop = lib.mkDefault true;
enableTerminal = lib.mkDefault true;
enableTerminalExtra = lib.mkDefault true;
enableNixDevel = lib.mkDefault true;
bash.enable = true;
zsh.enable = true;
editor.code.fhs.enable = true;
editor.code.fhs.packages = (ps: with ps; let llvmpkgs = llvmPackages_16; in [
llvmpkgs.clang
llvmpkgs.llvm
llvmpkgs.bintools
llvmpkgs.lld
llvmpkgs.lldb
llvmpkgs.libllvm
llvmpkgs.libllvm.dev
raylib
gcc
gdb
materusArg.unstable.nixd
nixfmt-rfc-style
nixpkgs-fmt
cmake
gnumake
ninja
binutils
coreutils
util-linux
openssl
openssl.dev
pkg-config
dotnet-sdk_8
mono
mold
python3
lua
gtk4.dev
gtk4
miniaudio
SDL2.dev
SDL2
freeglut.dev
freeglut
boost.dev
boost
glew.dev
libGL.dev
libGLU.dev
vulkan-loader.dev
xorg.xorgproto
xorg.libX11.dev
xorg.libXrandr.dev
xorg.libXrender.dev
rustup
freetype.dev
fpc
openjdk21
bison
flex
ldc
dmd
dub
]);
};
home.packages = [
pkgs.papirus-icon-theme
(materusArg.pkgs.polymc.wrap { extraJDKs = [ pkgs.graalvm-ce ]; })
];
}
+90
View File
@@ -0,0 +1,90 @@
{ pkgs, lib, ... }:
{
#REGION test
#sound.enable = true;
security.rtkit.enable = true;
services.pipewire = {
enable = true;
audio.enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
systemWide = true;
jack.enable = true;
};
hardware.pulseaudio.enable = false;
environment.sessionVariables =
let
makePluginPath =
format:
"$HOME/.${format}:"
+ (lib.makeSearchPath format [
"$HOME/.nix-profile/lib"
"/run/current-system/sw/lib"
"/etc/profiles/per-user/$USER/lib"
]);
in
{
ALSOFT_DRIVERS = "pulse";
DSSI_PATH = makePluginPath "dssi";
LADSPA_PATH = makePluginPath "ladspa";
LV2_PATH = makePluginPath "lv2";
LXVST_PATH = makePluginPath "lxvst";
VST_PATH = makePluginPath "vst";
VST3_PATH = makePluginPath "vst3";
};
services.udev = let
script = pkgs.writeShellScript "arch-mknod" ''
ACTION=$1
KERNEL=$(basename $2)
MAJOR=$3
MINOR=$4
if (systemctl is-active --quiet systemd-nspawn@archlinux); then
if [[ $ACTION == "add" || "$ACTION" == "change" ]]; then
machinectl shell root@archlinux /bin/bash -c "
if ! [ -f /dev/$KERNEL ]; then
mknod /dev/$KERNEL c $MAJOR $MINOR
chmod 660 /dev/$KERNEL
chown root:input /dev/$KERNEL
fi
"
elif [[ $ACTION == "remove" ]]; then
machinectl shell root@archlinux /bin/rm /dev/$KERNEL
fi
fi
'';
in {
extraRules = ''
KERNEL=="rtc0", GROUP="audio"
KERNEL=="hpet", GROUP="audio"
DEVPATH=="/devices/virtual/misc/cpu_dma_latency", OWNER="root", GROUP="audio", MODE="0660"
SUBSYSTEM=="hidraw", KERNEL=="hidraw*", RUN+="${script} ''$env{ACTION} ''$env{DEVNAME} ''$env{MAJOR} ''$env{MINOR}"
'';
};
environment.systemPackages = with pkgs; [
openal
pulseaudio
reaper
yabridge
yabridgectl
vital
odin2
surge
fire
decent-sampler
lsp-plugins
];
}
@@ -0,0 +1,147 @@
{
config,
pkgs,
lib,
...
}:
let
mainMirror = "https://ftp.icm.edu.pl/pub/Linux/dist/archlinux";
extraMirrors = [ ];
getty = [
6
7
];
ttys = [
6
7
8
] ++ getty;
startPkgs = lib.strings.concatStringsSep " " [
"base"
"base-devel"
"dbus"
"less"
"nano"
"bash-completion"
];
scripts = {
preStart = pkgs.writeShellScript "arch-pre-start" ''
if [ ! -d "/var/lib/machines/archlinux" ]; then
export PATH=''${PATH:+''${PATH}:}${
lib.strings.makeBinPath (
with pkgs;
[
wget
coreutils-full
gnutar
zstd
]
)
}
ARCH_IMAGE=$(mktemp)
trap 'rm $ARCH_IMAGE' EXIT
wget "${mainMirror}/iso/latest/archlinux-bootstrap-x86_64.tar.zst" -O $ARCH_IMAGE
mkdir -p /var/lib/machines/archlinux
trap 'rm -rf /var/lib/machines/archlinux' ERR
tar -xaf $ARCH_IMAGE -C "/var/lib/machines/archlinux" --strip-components=1 --numeric-owner
printf 'Server = %s/$repo/os/$arch\n' "${mainMirror}" > /var/lib/machines/archlinux/etc/pacman.d/mirrorlist
rm "/var/lib/machines/archlinux/etc/resolv.conf"
[ -f "/var/lib/machines/archlinux/etc/securetty" ] && \
printf 'pts/%d\n' $(seq 0 10) >>"/var/lib/machines/archlinux/etc/securetty"
systemd-machine-id-setup --root="/var/lib/machines/archlinux"
systemd-nspawn -q --settings=false --system-call-filter=@sandbox -D "/var/lib/machines/archlinux" /bin/sh -c "
export PATH=/bin
touch /etc/systemd/do-not-udevadm-trigger-on-update
pacman-key --init && pacman-key --populate
pacman -Rs --noconfirm arch-install-scripts
pacman -Sy --noconfirm --needed ${startPkgs}
pacman -Syu --noconfirm
systemctl disable getty@tty1.service
${
lib.strings.concatStringsSep "\n" (
lib.lists.forEach getty (x: "systemctl enable getty@tty${builtins.toString x}.service")
)
}
"
fi
'';
};
in
{
systemd.nspawn."archlinux" = {
enable = true;
execConfig = {
Boot = true;
SystemCallFilter = [ "@known" ];
Timezone = "symlink";
Capability = "all";
PrivateUsers = "no";
ResolvConf = "copy-host";
};
filesConfig = {
BindReadOnly = [
"/nix"
"/run/current-system"
"/run/booted-system"
"/run/opengl-driver"
"/run/opengl-driver-32"
];
Bind = [
"/:/run/host-root"
"/run/udev"
"/run/pipewire"
"/run/pulse"
"/sys/class"
"/sys/devices"
"/dev/fuse"
"/dev/snd"
"/dev/input"
"/dev/uinput"
"/dev/shm"
"/dev/kfd"
"/dev/dri"
"/dev/tty"
"/dev/tty0"
"/var/lib/flatpak"
"/var/lib/containers"
"/tmp/.X11-unix"
/materus
] ++ lib.lists.forEach ttys (x: "/dev/tty${builtins.toString x}");
};
networkConfig = {
Private = false;
};
};
systemd.services."systemd-nspawn@archlinux" = {
enable = true;
preStart = "${scripts.preStart}";
overrideStrategy = "asDropin";
serviceConfig = {
DeviceAllow = [
"char-* rwm"
"block-* rwm"
"/dev/shm rwm"
];
};
};
}
@@ -0,0 +1,17 @@
{...}:
{
imports = [
./arch.nix
./fedora.nix
];
virtualisation.lxc.enable = true;
virtualisation.lxc.lxcfs.enable = true;
virtualisation.lxd.enable = false;
virtualisation.waydroid.enable = true;
virtualisation.podman = {
enable = true;
dockerCompat = true;
dockerSocket.enable = true;
};
}
@@ -0,0 +1,75 @@
{
config,
pkgs,
lib,
...
}:
let
ttys = [
9
10
];
in
{
systemd.nspawn."fedora" = {
enable = true;
execConfig = {
Boot = true;
SystemCallFilter = [ "@known" ];
Timezone = "symlink";
Capability = "all";
PrivateUsers = "no";
ResolvConf = "off";
};
filesConfig = {
BindReadOnly = [
"/nix"
"/run/current-system"
"/run/booted-system"
"/run/opengl-driver"
"/run/opengl-driver-32"
];
Bind = [
"/:/run/host-root"
"/run/udev"
"/dev/fuse"
"/dev/snd"
"/dev/input"
"/dev/shm"
"/dev/kfd"
"/dev/dri"
"/dev/tty"
"/dev/tty0"
"/var/lib/flatpak"
"/tmp/.X11-unix"
/materus
] ++ lib.lists.forEach ttys (x: "/dev/tty${builtins.toString x}");
};
networkConfig = {
Bridge="br0";
};
};
systemd.services."systemd-nspawn@fedora" = {
enable = true;
overrideStrategy = "asDropin";
serviceConfig = {
ConditionPathExists="/var/lib/machines/fedora";
DeviceAllow = [
"char-tty rwm"
"char-input rwm"
"char-drm rwm"
];
};
};
}
+12 -3
View File
@@ -1,18 +1,22 @@
{ config, pkgs, lib, inputs, materusFlake, ... }: { config, pkgs, lib, ... }:
{ {
imports = imports =
[ [
./hardware ./hardware
./vm ./vm
./secrets
./containers
./other
./scripts.nix ./scripts.nix
./tmp.nix ./tmp.nix
./network.nix ./network.nix
./kde.nix ./audio.nix
]; ];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
system.copySystemConfiguration = false; system.copySystemConfiguration = false;
system.stateVersion = "23.05"; system.stateVersion = "23.05";
@@ -21,6 +25,11 @@
materus.profile.nix.enable = true; materus.profile.nix.enable = true;
materus.profile.nixpkgs.enable = true; materus.profile.nixpkgs.enable = true;
materus.profile.fonts.enable = true; materus.profile.fonts.enable = true;
materus.profile.steam.enable = true; materus.profile.steam.enable = false;
services.logind.extraConfig = ''
NAutoVTs=4
ReserveVT=4
'';
} }
@@ -1,38 +0,0 @@
{ config, pkgs, materusPkgs, lib, ... }:
{
home.stateVersion = "23.05";
home.homeDirectory = "/home/materus";
programs.git.signing.signByDefault = true;
materus.profile = {
fonts.enable = lib.mkDefault true;
nixpkgs.enable = lib.mkDefault false;
enableDesktop = lib.mkDefault true;
enableTerminal = lib.mkDefault true;
enableTerminalExtra = lib.mkDefault true;
enableNixDevel = lib.mkDefault true;
editor.code.fhs.enable = true;
editor.code.fhs.packages = (ps: with ps;[
llvmPackages_16.clang
llvmPackages_16.llvm
llvmPackages_16.bintools
llvmPackages_16.lld
llvmPackages_16.lldb
llvmPackages_16.libllvm
]);
};
home.packages = [
pkgs.papirus-icon-theme
materusPkgs.ffmpeg6-amf-full
(materusPkgs.polymc.wrap { extraJDKs = [ pkgs.graalvm-ce ]; extraLibs = [ ]; })
];
programs.obs-studio = {
enable = true;
plugins = with pkgs.obs-studio-plugins; [ wlrobs obs-vaapi obs-vkcapture obs-gstreamer input-overlay obs-multi-rtmp obs-pipewire-audio-capture ];
package = materusPkgs.obs-amf;
};
}
-45
View File
@@ -1,45 +0,0 @@
{ config, pkgs, lib, inputs, materusFlake, materusPkgs, ... }:
{
services.xserver.displayManager.gdm.enable = true;
services.xserver.displayManager.gdm.wayland = true;
services.xserver.desktopManager.gnome.enable = true;
services.xserver.desktopManager.gnome.sessionPath = [ pkgs.gnome.gpaste ];
services.gnome.gnome-online-accounts.enable = true;
services.gnome.gnome-browser-connector.enable = true;
services.gnome.core-utilities.enable = true;
services.gnome.core-shell.enable = true;
services.gnome.core-os-services.enable = true;
programs.gnupg.agent.pinentryFlavor = "gnome3";
programs.gnome-terminal.enable = true;
services.udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
services.dbus.packages = with pkgs; [ gnome2.GConf ];
environment.systemPackages = with pkgs; [
gnome3.adwaita-icon-theme
gnome3.gnome-tweaks
gnome3.gnome-color-manager
gnome3.gnome-shell-extensions
gnomeExtensions.appindicator
gnomeExtensions.desktop-clock
gnomeExtensions.gtk4-desktop-icons-ng-ding
gnomeExtensions.compiz-windows-effect
gnomeExtensions.burn-my-windows
gnomeExtensions.user-themes
gnomeExtensions.gsconnect
];
}
+47 -20
View File
@@ -1,41 +1,64 @@
{ config, pkgs, lib, inputs, materusFlake, ... }: { config, pkgs, lib, materusArg, ... }:
let let
video = [ video = [
"video=HDMI-A-3:1920x1080@144" "video=HDMI-A-3:1920x1080@144"
"video=DP-3:1920x1080@240" "video=DP-3:1920x1080@240"
#"video=DP-1:1920x1080@240" #"video=DP-1:1920x1080@240"
#"video=DP-2:1920x1080@240" #"video=DP-2:1920x1080@240"
#"video=HDMI-A-1:1920x1080@240" #"video=HDMI-A-1:1920x1080@240"
#"video=HDMI-A-2:1920x1080@240" #"video=HDMI-A-2:1920x1080@240"
]; ];
in in
{ {
#Kernel #Kernel
boot.kernelPackages = pkgs.linuxPackages_zen;
boot.kernelParams = [ /*"pci-stub.ids=1002:744c"*/ "nox2apic" "nvme_core.default_ps_max_latency_us=0" "nvme_core.io_timeout=255" "nvme_core.max_retries=10" "nvme_core.shutdown_timeout=10" "amd_iommu=on" "iommu=pt"] ++ video; boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_zen;
boot.kernelModules = [ "pci-stub" "amdgpu" "i2c_dev" "kvm_amd" "vfio" "vfio_iommu_type1" "vfio-pci" "v4l2loopback" ];
boot.kernelParams = [
"rcu_nocbs=${materusArg.materusPC.vmCores}"
"nohz_full=${materusArg.materusPC.vmCores}"
"vfio_iommu_type1.allow_unsafe_interrupts=1"
"pcie_acs_override=downstream,multifunction"
#''vfio-pci.ids="1002:744c"''
"nox2apic"
"nvme_core.default_ps_max_latency_us=0"
"nvme_core.io_timeout=255"
"nvme_core.max_retries=10"
"nvme_core.shutdown_timeout=10"
"amd_iommu=on"
"amdgpu.ppfeaturemask=0xffffffff"
#"amdgpu.runpm=0"
"iommu=pt"
"psi=1"
"i915.force_probe=!56a6"
"xe.force_probe=56a6"
] ++ video;
boot.kernelModules = [ "pci-stub" "amdgpu" "i2c_dev" "kvm_amd" "vfio" "vfio_iommu_type1" "vfio-pci" "kvmfr" "xe" ];
boot.extraModprobeConfig = '' boot.extraModprobeConfig = ''
options kvm_amd nested=1 avic=1 npt=1 options kvm_amd nested=1 avic=1 npt=1 sev=0
options vfio_iommu_type1 allow_unsafe_interrupts=1 options vfio_iommu_type1 allow_unsafe_interrupts=1
options kvmfr static_size_mb=64
''; '';
boot.kernel.sysctl = { boot.kernel.sysctl = {
"vm.max_map_count" = 1000000; "vm.max_map_count" = 1000000;
"vm.swappiness" = 10; "vm.swappiness" = 10;
}; "net.ipv4.ip_forward"=1;
};
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ "vfio-pci" "amdgpu" ];
boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback ]; boot.extraModulePackages = with config.boot.kernelPackages; [ v4l2loopback kvmfr ];
boot.supportedFilesystems = [ "ntfs" "btrfs" "vfat" "exfat" "ext4"]; boot.supportedFilesystems = [ "ntfs" "btrfs" "vfat" "exfat" "ext4" ];
boot.tmp.useTmpfs = true; boot.tmp.useTmpfs = true;
@@ -52,4 +75,8 @@ in
useOSProber = true; useOSProber = true;
memtest86.enable = true; memtest86.enable = true;
}; };
boot.plymouth.enable = true;
boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
} }
@@ -1,4 +1,4 @@
{ config, pkgs, lib, inputs, materusFlake, materusPkgs, ... }: { config, pkgs, lib, materusArg, ... }:
{ {
imports = imports =
[ [
@@ -7,43 +7,53 @@
]; ];
hardware.firmware = with pkgs; [ hardware.firmware = with pkgs; [
materusPkgs.amdgpu-pro-libs.firmware.vcn materusArg.pkgs.amdgpu-pro-libs.firmware.vcn
#materusPkgs.amdgpu-pro-libs.firmware materusArg.pkgs.amdgpu-pro-libs.firmware
linux-firmware linux-firmware
alsa-firmware alsa-firmware
sof-firmware sof-firmware
]; ];
environment.variables = {
DISABLE_LAYER_AMD_SWITCHABLE_GRAPHICS_1 = "1";
#VK_ICD_FILENAMES = "${pkgs.mesa.drivers}/share/vulkan/icd.d/radeon_icd.x86_64.json:${pkgs.driversi686Linux.mesa.drivers}/share/vulkan/icd.d/radeon_icd.i686.json";
AMD_VULKAN_ICD = "RADV";
RADV_PERFTEST = "gpl,rt,sam";
#OCL_ICD_VENDORS = "${pkgs.rocmPackages.clr.icd}/etc/OpenCL/vendors/";
};
hardware.cpu.amd.updateMicrocode = lib.mkForce true; hardware.cpu.amd.updateMicrocode = lib.mkForce true;
#extra #extra
hardware.wooting.enable = true; hardware.wooting.enable = true;
hardware.bluetooth.enable = true; hardware.bluetooth.enable = true;
#Graphics #Graphics
hardware.opengl.enable = true; hardware.opengl.enable = true;
hardware.opengl.driSupport32Bit = true; hardware.opengl.driSupport32Bit = true;
hardware.opengl.extraPackages = with pkgs; [ hardware.opengl.extraPackages = with pkgs; [
vaapiVdpau vaapiVdpau
vpl-gpu-rt
intel-media-driver
libvdpau-va-gl libvdpau-va-gl
amdvlk amdvlk
rocm-opencl-icd vkbasalt
rocm-opencl-runtime rocmPackages.clr.icd
materusPkgs.amdgpu-pro-libs.vulkan rocmPackages.clr
materusPkgs.amdgpu-pro-libs.amf materusArg.pkgs.amdgpu-pro-libs.vulkan
materusArg.pkgs.amdgpu-pro-libs.amf
]; ];
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [
vaapiVdpau vaapiVdpau
vkbasalt
pkgs.driversi686Linux.amdvlk pkgs.driversi686Linux.amdvlk
materusPkgs.i686Linux.amdgpu-pro-libs.vulkan materusArg.pkgs.i686Linux.amdgpu-pro-libs.vulkan
libvdpau-va-gl libvdpau-va-gl
]; ];
services.udev.extraRules = '' /*services.udev.extraRules = ''
#GPU bar size #GPU bar size
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x744c", ATTR{resource0_resize}="15" ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x744c", ATTR{resource0_resize}="15"
ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x744c", ATTR{resource2_resize}="8" ACTION=="add", SUBSYSTEM=="pci", ATTR{vendor}=="0x1002", ATTR{device}=="0x744c", ATTR{resource2_resize}="8"
''; '';*/
#Trim #Trim
@@ -1,8 +1,8 @@
{ config, pkgs, lib, inputs, materusFlake, ... }: { config, pkgs, lib, ... }:
{ {
zramSwap = { zramSwap = {
enable = true; enable = true;
memoryPercent = 25; memoryPercent = 50;
}; };
swapDevices = [ swapDevices = [
@@ -12,14 +12,12 @@
]; ];
fileSystems."/etc/nixos" = fileSystems."/etc/nixos" =
{ {
device = "/materus/config/nixos-config"; device = "/materus/config/nixos-config";
fsType = "none"; fsType = "none";
options = [ "bind" ]; options = [ "bind" ];
depends = [ "/materus" ];
}; };
@@ -28,6 +26,7 @@
device = "/dev/disk/by-label/NixOS_Root"; device = "/dev/disk/by-label/NixOS_Root";
fsType = "btrfs"; fsType = "btrfs";
options = [ "subvol=@materus" "noatime" "compress=zstd" "ssd" "space_cache=v2" ]; options = [ "subvol=@materus" "noatime" "compress=zstd" "ssd" "space_cache=v2" ];
neededForBoot = true;
}; };
fileSystems."/" = fileSystems."/" =
@@ -0,0 +1,188 @@
{
pkgs,
materusArg,
lib,
config,
...
}:
{
imports = [
./plasma.nix
];
home.stateVersion = "23.05";
home.homeDirectory = "/home/materus";
materus.profile.wezterm.enable = true;
programs.git.signing.signByDefault = true;
xdg.userDirs.enable = true;
materus.profile = {
fonts.enable = lib.mkDefault true;
nixpkgs.enable = lib.mkDefault false;
enableDesktop = lib.mkDefault true;
enableTerminal = lib.mkDefault true;
enableTerminalExtra = lib.mkDefault true;
enableNixDevel = lib.mkDefault true;
editor.emacs.enable = true;
editor.code.fhs.enable = true;
editor.code.fhs.packages = (
ps:
with ps;
let
llvmpkgs = llvmPackages_18;
in
[
llvmpkgs.clang
llvmpkgs.llvm
llvmpkgs.bintools
llvmpkgs.lld
llvmpkgs.lldb
llvmpkgs.libllvm
llvmpkgs.mlir
llvmpkgs.libllvm.dev
fpc
xmake
raylib
gcc
gdb
materusArg.unstable.nixd
nixfmt-rfc-style
nixpkgs-fmt
cmake
gnumake
ninja
binutils
coreutils
util-linux
openssl
openssl.dev
pkg-config
dotnet-sdk_8
mono
mold
python3
lua
gtk4.dev
gtk4
glib
glib.dev
miniaudio
SDL2.dev
SDL2
freeglut.dev
freeglut
boost.dev
boost
glew.dev
libGL.dev
libGLU.dev
vulkan-loader.dev
vulkan-headers
xorg.xorgproto
xorg.libX11.dev
xorg.libXrandr.dev
xorg.libXrender.dev
rustup
freetype.dev
fpc
gradle
bison
flex
ldc
dmd
dub
]
);
};
home.packages = [
(pkgs.ffmpeg-full)
(materusArg.pkgs.polymc.wrap {
extraJDKs = [ pkgs.graalvm-ce ];
extraLibs = [ ];
})
pkgs.git-crypt
pkgs.obsidian
];
programs.obs-studio = {
enable = true;
plugins = with pkgs.obs-studio-plugins; [
wlrobs
input-overlay
obs-source-switcher
obs-tuna
obs-vaapi
obs-vkcapture
obs-gstreamer
obs-backgroundremoval
obs-multi-rtmp
obs-pipewire-audio-capture
];
};
home.file.".gradle/gradle.properties".text = ''
org.gradle.java.installations.fromEnv=JAVA_8_HOME,JAVA_17_HOME,JAVA_21_HOME
org.gradle.home=${pkgs.jdk21}
'';
xdg.dataFile."java-runtimes/graalvm-oracle-17".source = pkgs.graalvmPackages.graalvm-oracle_17;
xdg.dataFile."java-runtimes/graalvm-oracle-latest".source = pkgs.graalvmPackages.graalvm-oracle;
xdg.dataFile."java-runtimes/openjdk21".source = pkgs.jdk21;
xdg.desktopEntries.brave-browser =
let
env = lib.concatStringsSep " " [
];
script = pkgs.writeShellScript "brave" ''
${env} brave "$@"
'';
in
{
name = "Brave Web Browser";
genericName = "Przeglądarka WWW";
comment = "Skorzystaj z internetu";
exec = "${script} %U";
icon = "brave-browser";
terminal = false;
categories = [
"Application"
"Network"
"WebBrowser"
];
mimeType = [
"application/pdf"
"application/rdf+xml"
"application/rss+xml"
"application/xhtml+xml"
"application/xhtml_xml"
"application/xml"
"image/gif"
"image/jpeg"
"image/png"
"image/webp"
"text/html"
"text/xml"
"x-scheme-handler/http"
"x-scheme-handler/https"
"x-scheme-handler/ipfs"
"x-scheme-handler/ipns"
];
actions.new-windows = {
exec = "${script}";
name = "Nowe okno";
};
actions.new-private-windows = {
exec = "${script} --incognito";
name = "Nowe okno incognito";
};
};
}
@@ -0,0 +1,139 @@
{ pkgs, materusArg, ... }:
{
home.packages = [
pkgs.papirus-icon-theme
pkgs.nerd-fonts.hack
];
xdg.dataFile."konsole/materus-linux.keytab".source = ("${materusArg.cfg.path}" + "/extraFiles/config/plasma/materus-linux.keytab");
programs.konsole = {
enable = true;
profiles = {
materus = {
colorScheme = "Breeze";
font.name = "Hack Nerd Font";
extraConfig = {
Keyboard = {
KeyBindings="materus-linux";
};
Scrolling = {
HistoryMode = 2;
};
};
};
};
extraConfig = {
KonsoleWindow = {
RememberWindowSize = "false";
};
MainWindow = {
MenuBar = "Enabled";
};
"Desktop Entry" = {
DefaultProfile = "materus.profile";
};
};
};
programs.plasma = {
enable = true;
overrideConfig = false;
workspace = {
lookAndFeel = "org.kde.breezedark.desktop";
iconTheme = "Papirus-Dark";
};
shortcuts = {
"kwin"."Grid View" = "Meta+Alt+Tab";
"kwin"."Overview" = "Meta+Tab";
"services/org.kde.kcalc.desktop"."_launch" = [ ];
};
spectacle.shortcuts = {
captureActiveWindow = "Meta+Print";
captureCurrentMonitor = "Print";
captureEntireDesktop = "Shift+Print";
captureRectangularRegion = "Meta+S";
launchWithoutCapturing = "Meta+Shift+S";
launch = "Meta+Alt+S";
};
kwin = {
effects = {
wobblyWindows.enable = true;
};
};
input = {
keyboard = {
options = [ "caps:none" ];
};
};
kscreenlocker = {
autoLock = false;
};
panels = [
{
location = "left";
screen = 0;
widgets = [
{
name = "org.kde.plasma.kickerdash";
config = {
General = {
icon = "nix-snowflake-white";
customButtonImage="nix-snowflake-white";
alphaSort = true;
};
};
}
"org.kde.plasma.icontasks"
"org.kde.plasma.marginsseparator"
"org.kde.plasma.systemtray"
{
name = "org.kde.plasma.digitalclock";
config = {
Appearance = {
showDate = "false";
};
};
}
];
}
];
configFile = {
"kwinrc"."Effect-overview"."BorderActivate" = 9;
"klaunchrc"."BusyCursorSettings"."Timeout" = 1;
"klaunchrc"."FeedbackStyle"."TaskbarButton" = false;
"kcminputrc"."Libinput/9610/46/SINOWEALTH Wired Gaming Mouse"."PointerAccelerationProfile" = 1;
"kcminputrc"."Libinput/9610/47/SINOWEALTH 2.4G Wireless Receiver"."PointerAccelerationProfile" = 1;
"spectaclerc"."ImageSave"."imageFilenameTemplate" = "<yyyy>-<MM>-<dd>.<hh>_<mm>_<ss>-<t>.materusPC";
"spectaclerc"."VideoSave"."videoFilenameTemplate" = "<yyyy>-<MM>-<dd>.<hh>_<mm>_<ss>-<t>.materusPC";
"spectaclerc"."ImageSave"."preferredImageFormat" = "WEBP";
"spectaclerc"."ImageSave"."translatedScreenshotsFolder" = "Zrzuty ekranu";
"spectaclerc"."VideoSave"."translatedScreencastsFolder" = "Nagranie ekranu";
"dolphinrc"."General"."RememberOpenedTabs" = false;
"kwalletrc"."Wallet"."Enabled" = true;
};
dataFile = {
"dolphin/view_properties/global/.directory"."Settings"."HiddenFilesShown" = true;
};
resetFiles = [
"spectaclerc"
];
};
}
-61
View File
@@ -1,61 +0,0 @@
{ config, pkgs, lib, inputs, materusFlake, materusPkgs, ... }:
let
westonSddm = pkgs.writeText "weston.ini"
''
[core]
xwayland=true
shell=fullscreen-shell.so
[keyboard]
keymap_layout=pl
[output]
name=DP-3
mode=1920x1080@240
[output]
name=DP-2
mode=off
[output]
name=HDMI-A-3
mode=off
''
;
in
{
services.xserver.displayManager.defaultSession = "plasmawayland";
services.xserver.displayManager.sddm.enable = true;
services.xserver.displayManager.sddm.settings = {
General = {
DisplayServer = "wayland";
InputMethod="";
};
Theme = {
CursorTheme = "breeze_cursors";
CursorSize = "24";
};
Wayland = {
CompositorCommand = "${pkgs.weston}/bin/weston -c ${westonSddm}";
};
};
services.xserver.desktopManager.plasma5.enable = true;
services.xserver.desktopManager.plasma5.phononBackend = "gstreamer";
services.xserver.desktopManager.plasma5.useQtScaling = true;
services.xserver.desktopManager.plasma5.runUsingSystemd = true;
programs.gnupg.agent.pinentryFlavor = "qt";
environment.plasma5.excludePackages = with pkgs; [ libsForQt5.kwallet libsForQt5.kwalletmanager libsForQt5.kwallet-pam ];
environment.variables = {
# Old fix for black cursor on amdgpu, seems to work fine now
#KWIN_DRM_NO_AMS = "1";
#Fix fo amdgpu crashes
KWIN_DRM_USE_MODIFIERS="0";
KWIN_DRM_NO_DIRECT_SCANOUT="1";
};
environment.systemPackages = with pkgs; [
];
}
+73 -9
View File
@@ -1,18 +1,82 @@
{ config, pkgs, lib, inputs, materusFlake, ... }: { config, pkgs, lib, materusArg, ... }:
{ {
sops.templates."networkmanager.env".content = ''
WIREGUARD_PRIVATEKEY="${config.sops.placeholder.wireguard}"
'';
networking.firewall = {
logReversePathDrops = false;
# wireguard trips rpfilter up
extraCommands = ''
ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport ${materusArg.wireguard.port} -j RETURN
ip46tables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport ${materusArg.wireguard.port} -j RETURN
'';
extraStopCommands = ''
ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport ${materusArg.wireguard.port} -j RETURN || true
ip46tables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport ${materusArg.wireguard.port} -j RETURN || true
'';
};
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
networking.hostName = "materusPC"; networking.hostName = "materusPC";
networking.wireless.iwd.enable = true; networking.wireless.iwd.enable = true;
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
networking.networkmanager.wifi.backend = "iwd"; #networking.networkmanager.wifi.backend = "iwd";
networking.firewall.enable = true; networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [ 24800 5900 5357 4656 8080 9943 9944]; networking.firewall.allowedTCPPorts = [
networking.firewall.allowedUDPPorts = [ 24800 5900 3702 4656 6000 9943 9944]; 24800 5900 5357 4656 8080 9943 9944
#Fix warning 22000 config.services.syncthing.relay.statusPort config.services.syncthing.relay.port # Syncthing
networking.networkmanager.extraConfig = lib.mkDefault '' 25565 25570 8100 # Minecraft + BlueMap + Velocity
[connectivity] ];
uri=http://nmcheck.gnome.org/check_network_status.txt networking.firewall.allowedUDPPorts = [ (lib.strings.toInt materusArg.wireguard.port)
''; 24800 5900 3702 4656 6000 9943 9944
22000 21027 # Syncthing
17000 17001 # zomboid
24454 # Minecraft Voice Chat
];
networking.networkmanager.settings = {
connectivity = {
uri = "http://nmcheck.gnome.org/check_network_status.txt";
};
};
networking.networkmanager.ensureProfiles.environmentFiles = [
config.sops.templates."networkmanager.env".path
];
networking.networkmanager.ensureProfiles.profiles = {
wg0 = {
connection = {
id = "wg0";
type = "wireguard";
interface-name = "wg0";
};
wireguard = {
private-key = "$WIREGUARD_PRIVATEKEY";
};
"wireguard-peer.${materusArg.wireguard.pubKeys.valkyrie}" = {
endpoint = "${materusArg.ips.valkyrie}:${materusArg.wireguard.port}";
allowed-ips = "${materusArg.ip-masks.wireguard.main};${materusArg.ip-masks.wireguard.guest};${materusArg.ip-masks.wireguard.asia};${materusArg.ips.wireguard.valkyrie}/32;";
persistent-keepalive = "20";
};
ipv4 = {
address1 = "${materusArg.ips.wireguard.materusPC}/32";
dns = "${materusArg.ips.wireguard.valkyrie};";
method = "manual";
never-default = "true";
};
ipv6 = {
addr-gen-mode = "stable-privacy";
method = "disabled";
};
proxy = { };
};
};
services = {
syncthing = {
enable = true;
user = "materus";
dataDir = "/home/materus";
};
};
} }
@@ -0,0 +1,147 @@
{
config,
pkgs,
materusArg,
...
}:
{
#services.jackett.enable = true;
programs.nix-ld.enable = true;
programs.nix-ld.libraries = with pkgs; [
];
programs.chromium.enable = true;
programs.chromium.enablePlasmaBrowserIntegration = true;
services.guix.enable = true;
environment.systemPackages = with pkgs; [
vivaldi
#(pkgs.lutris.override { extraLibraries = pkgs: with pkgs; [ pkgs.samba pkgs.jansson pkgs.tdb pkgs.libunwind pkgs.libusb1 pkgs.gnutls pkgs.gtk3 pkgs.pango ]; })
materusArg.pkgs.amdgpu-pro-libs.prefixes
(pkgs.bottles.override {
extraPkgs = pkgs: [
pkgs.libsForQt5.breeze-qt5
pkgs.kdePackages.breeze-gtk
pkgs.nss_latest
];
extraLibraries = pkgs: [
pkgs.samba
pkgs.jansson
pkgs.tdb
pkgs.libunwind
pkgs.libusb1
pkgs.gnutls
pkgs.gtk3
pkgs.pango
];
})
glibc
glib
gtk3
gtk4
gsettings-desktop-schemas
kdePackages.dolphin
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
vlc
vkbasalt-cli
patchelf
killall
util-linux
xorg.xhost
nix-top
gitFull
curl
wget
config.programs.java.package
nss_latest
pciutils
(aspellWithDicts (
ds: with ds; [
en
en-computers
en-science
pl
]
))
steamtinkerlaunch
distrobox
# WebP support
libwebp
webp-pixbuf-loader
# Compression
p7zip
unrar
bzip2
rar
unzip
zstd
xz
zip
gzip
tree
mc
lf
htop
nmon
iftop
iptraf-ng
mprocs
tldr
bat
##config.materus.profile.packages.home-manager
gcr
# pgcli
# litecli
materusArg.pkgs.alvr
#zenmonitor
nix-du
kdePackages.kate
krusader
wineWowPackages.stagingFull
winetricks
protontricks
gnupg
pinentry
pinentry-gnome3
pinentry-curses
ncurses
monkeysphere
gparted
virt-viewer
inkscape
gimp
git-crypt
bubblewrap
bindfs
binutils
materusArg.unstable.qbittorrent
mkvtoolnix
nicotine-plus
picard
opusTools
aegisub
audacity
];
}
@@ -0,0 +1,10 @@
{ ... }:
{
imports = [
./apps.nix
./java.nix
./users.nix
./desktop
];
}
@@ -0,0 +1,9 @@
{ ... }:
{
imports = [
./kde.nix
./sddm.nix
];
}
@@ -0,0 +1,38 @@
{ config, pkgs, lib, ... }:
{
services.displayManager.defaultSession = "gnome";
services.xserver.desktopManager.gnome.enable = true;
services.xserver.desktopManager.gnome.sessionPath = [ pkgs.gnome.gpaste ];
services.gnome.gnome-online-accounts.enable = true;
services.gnome.gnome-browser-connector.enable = true;
services.gnome.core-utilities.enable = true;
services.gnome.core-shell.enable = true;
services.gnome.core-os-services.enable = true;
programs.gnupg.agent.pinentryPackage = lib.mkForce pkgs.pinentry-gnome3;
programs.gnome-terminal.enable = true;
services.udev.packages = with pkgs; [ gnome.gnome-settings-daemon ];
services.dbus.packages = with pkgs; [ gnome2.GConf ];
environment.systemPackages = with pkgs; [
gnome3.adwaita-icon-theme
gnome3.gnome-tweaks
gnome3.gnome-color-manager
gnome3.gnome-shell-extensions
gnomeExtensions.appindicator
gnomeExtensions.desktop-clock
gnomeExtensions.gtk4-desktop-icons-ng-ding
gnomeExtensions.compiz-windows-effect
gnomeExtensions.burn-my-windows
gnomeExtensions.user-themes
gnomeExtensions.gsconnect
];
}
@@ -0,0 +1,40 @@
{ config, pkgs, lib, ... }:
{
xdg.portal.enable = true;
xdg.portal.wlr.enable = true;
xdg.portal.xdgOpenUsePortal = true;
xdg.portal.extraPortals = [ pkgs.kdePackages.xdg-desktop-portal-kde ];
services.desktopManager.plasma6.enable = true;
services.desktopManager.plasma6.enableQt5Integration = true;
#programs.gnupg.agent.pinentryPackage = lib.mkForce (pkgs.kwalletcli.overrideAttrs {meta.mainProgram = "pinentry-kwallet";});
#environment.plasma6.excludePackages = with pkgs.kdePackages; [ kwallet kwalletmanager kwallet-pam ];
environment.variables = {
# Old fix for black cursor on amdgpu, seems to work fine now
#KWIN_DRM_NO_AMS = "1";
#Fix for amdgpu crashes
KWIN_DRM_USE_MODIFIERS = "0";
KWIN_DRM_NO_DIRECT_SCANOUT = "1";
QT_PLUGIN_PATH = [
"${pkgs.qt6.qtimageformats}/${pkgs.qt6.qtbase.qtPluginPrefix}"
"${pkgs.kdePackages.ffmpegthumbs}/${pkgs.qt6.qtbase.qtPluginPrefix}"
];
XCURSOR_THEME = "breeze_cursors";
};
environment.systemPackages = with pkgs; [
kdePackages.ark
kdePackages.kcalc
];
programs.kdeconnect.enable = true;
materus.profile.steam.extraPkgs = [ pkgs.kdePackages.breeze pkgs.kdePackages.breeze-gtk pkgs.kdePackages.dolphin pkgs.vlc pkgs.vkbasalt-cli ];
programs.firefox = {
enable = true;
autoConfig = builtins.readFile(builtins.fetchurl {
url = "https://raw.githubusercontent.com/MrOtherGuy/fx-autoconfig/master/program/config.js";
sha256 = "1mx679fbc4d9x4bnqajqx5a95y1lfasvf90pbqkh9sm3ch945p40";
});
};
}
@@ -0,0 +1,81 @@
{
config,
pkgs,
lib,
...
}:
let
plasma-materus = pkgs.writeScript "plasma-materus" ''
export KWIN_DRM_DEVICES="/dev/dri/by-path/pci-0000\:53\:00.0-card"
${pkgs.kdePackages.plasma-workspace}/libexec/plasma-dbus-run-session-if-needed ${pkgs.kdePackages.plasma-workspace}/bin/startplasma-wayland
'';
westonSddm =
let
xcfg = config.services.xserver;
in
pkgs.writeText "weston.ini" ''
[core]
xwayland=false
shell=fullscreen-shell.so
[keyboard]
keymap_model = ${builtins.toString xcfg.xkb.model};
keymap_layout = ${builtins.toString xcfg.xkb.layout};
keymap_variant = ${builtins.toString xcfg.xkb.variant};
keymap_options = ${builtins.toString xcfg.xkb.options};
[libinput]
enable-tap = ${builtins.toString xcfg.libinput.mouse.tapping};
left-handed = ${builtins.toString xcfg.libinput.mouse.leftHanded};
[output]
name=DP-3
mode=1920x1080@240
[output]
name=DP-4
mode=off
[output]
name=HDMI-A-3
mode=off
'';
in
{
services.displayManager.defaultSession = "plasma-materus";
services.displayManager.sddm.enable = true;
services.displayManager.sddm.wayland.enable = true;
services.displayManager.sddm.wayland.compositor = lib.mkForce "weston";
services.displayManager.sddm.wayland.compositorCommand = lib.concatStringsSep " " [
"${lib.getExe pkgs.weston}"
"--shell=kiosk"
"-c ${westonSddm}"
];
services.displayManager.sessionPackages = [
(
(pkgs.writeTextDir "share/wayland-sessions/plasma-materus.desktop" ''
[Desktop Entry]
Name=Plasma (Wayland Materus)
Comment=Plasma Desktop with KWIN_DRM_DEVICES env
Exec=${plasma-materus}
DesktopNames=KDE
Type=Application
'').overrideAttrs
(_: {
passthru.providedSessions = [ "plasma-materus" ];
})
)
];
services.displayManager.sddm.settings = {
General = {
InputMethod = "";
};
Theme = {
CursorTheme = "breeze_cursors";
CursorSize = "24";
};
};
}
@@ -0,0 +1,14 @@
{ pkgs, ... }:
{
programs = {
java.enable = true;
java.package = pkgs.jdk;
java.binfmt = true;
};
environment.variables = {
JAVA_8_HOME = "${pkgs.jdk8}/lib/openjdk/";
JAVA_17_HOME = "${pkgs.jdk17}/lib/openjdk/";
JAVA_21_HOME = "${pkgs.jdk21}/lib/openjdk/";
};
}
@@ -0,0 +1,27 @@
{ pkgs, materusArg, config, ... }:
{
users.users.materus = {
isNormalUser = true;
extraGroups = [
"audio"
"video"
"render"
"pipewire"
"wheel"
"networkmanager"
"input"
"kvm"
"libvirt-qemu"
"libvirt"
"libvirtd"
"podman"
"scanner"
"lp"
];
shell = pkgs.zsh;
description = "Mateusz Słodkowicz";
openssh.authorizedKeys.keyFiles = [ ("${materusArg.cfg.path}" + "/extraFiles/keys/ssh/materus.pub") ];
#hashedPasswordFile = config.sops.secrets."users/materus".path;
};
}
+36 -36
View File
@@ -1,46 +1,46 @@
{ config, pkgs, lib, inputs, materusFlake, ... }: { config, pkgs, lib, ... }:
let let
valkyrie-sync = pkgs.writeShellScriptBin "valkyrie-sync" '' valkyrie-sync = pkgs.writeShellScriptBin "valkyrie-sync" ''
${pkgs.rsync}/bin/rsync -avzrh --delete --exclude ".git*" --exclude "flake.lock" /materus/config/Nixerus materus@valkyrie:/materus/config/ && \ ${pkgs.rsync}/bin/rsync -avzrh --delete --exclude ".git*" --exclude "flake.lock" /materus/config/nixos-config materus@valkyrie:/materus/config/ && \
${pkgs.rsync}/bin/rsync -avzrh --delete --exclude ".git*" /materus/config/private/valkyrie materus@valkyrie:/materus/config/private ${pkgs.rsync}/bin/rsync -avzrh --delete --exclude ".git*" /materus/config/private/valkyrie materus@valkyrie:/materus/config/private
''; '';
valkyrie-flakelock = pkgs.writeShellScriptBin "valkyrie-flakelock" '' valkyrie-flakelock = pkgs.writeShellScriptBin "valkyrie-flakelock" ''
${pkgs.openssh}/bin/ssh materus@valkyrie "nix flake update /materus/config/Nixerus --override-input nixpkgs github:NixOS/nixpkgs/23.05 \ ${pkgs.openssh}/bin/ssh materus@valkyrie "nix flake update /materus/config/nixos-config --override-input nixpkgs github:NixOS/nixpkgs/23.05 \
--override-input home-manager github:nix-community/home-manager/release-23.05 \ --override-input home-manager github:nix-community/home-manager/release-23.05 \
--override-input private /materus/config/private/valkyrie/flake" --override-input private /materus/config/private/valkyrie/flake"
''; '';
valkyrie-rebuild-boot = pkgs.writeShellScriptBin "valkyrie-rebuild-boot" '' valkyrie-rebuild-boot = pkgs.writeShellScriptBin "valkyrie-rebuild-boot" ''
${pkgs.openssh}/bin/ssh -t materus@valkyrie "sudo nixos-rebuild boot --flake /materus/config/Nixerus#valkyrie \ ${pkgs.openssh}/bin/ssh -t materus@valkyrie "sudo nixos-rebuild boot --flake /materus/config/nixos-config#valkyrie \
--override-input private /materus/config/private/valkyrie/flake" --override-input private /materus/config/private/valkyrie/flake"
''; '';
valkyrie-rebuild-switch = pkgs.writeShellScriptBin "valkyrie-rebuild-switch" '' valkyrie-rebuild-switch = pkgs.writeShellScriptBin "valkyrie-rebuild-switch" ''
${pkgs.openssh}/bin/ssh -t materus@valkyrie "sudo nixos-rebuild switch --flake /materus/config/Nixerus#valkyrie \ ${pkgs.openssh}/bin/ssh -t materus@valkyrie "sudo nixos-rebuild switch --flake /materus/config/nixos-config#valkyrie \
--override-input private /materus/config/private/valkyrie/flake" --override-input private /materus/config/private/valkyrie/flake"
''; '';
flamaster-sync = pkgs.writeShellScriptBin "flamaster-sync" '' flamaster-sync = pkgs.writeShellScriptBin "flamaster-sync" ''
${pkgs.rsync}/bin/rsync -avzrh --delete --exclude ".git*" --exclude "flake.lock" /materus/config/Nixerus materus@flamaster:/materus/config/ && \ ${pkgs.rsync}/bin/rsync -avzrh --delete --exclude ".git*" --exclude "flake.lock" /materus/config/nixos-config materus@flamaster:/materus/config/ && \
${pkgs.rsync}/bin/rsync -avzrh --delete --exclude ".git*" /materus/config/private/flamaster materus@flamaster:/materus/config/private ${pkgs.rsync}/bin/rsync -avzrh --delete --exclude ".git*" /materus/config/private/flamaster materus@flamaster:/materus/config/private
''; '';
flamaster-flakelock = pkgs.writeShellScriptBin "flamaster-flakelock" '' flamaster-flakelock = pkgs.writeShellScriptBin "flamaster-flakelock" ''
${pkgs.openssh}/bin/ssh materus@flamaster "nix flake update /materus/config/Nixerus --override-input nixpkgs github:NixOS/nixpkgs/23.05 \ ${pkgs.openssh}/bin/ssh materus@flamaster "nix flake update /materus/config/nixos-config --override-input nixpkgs github:NixOS/nixpkgs/23.05 \
--override-input home-manager github:nix-community/home-manager/release-23.05 \ --override-input home-manager github:nix-community/home-manager/release-23.05 \
--override-input private /materus/config/private/flamaster/flake" --override-input private /materus/config/private/flamaster/flake"
''; '';
flamaster-rebuild-boot = pkgs.writeShellScriptBin "flamaster-rebuild-boot" '' flamaster-rebuild-boot = pkgs.writeShellScriptBin "flamaster-rebuild-boot" ''
${pkgs.openssh}/bin/ssh -t materus@flamaster "sudo nixos-rebuild boot --flake /materus/config/Nixerus#flamaster \ ${pkgs.openssh}/bin/ssh -t materus@flamaster "sudo nixos-rebuild boot --flake /materus/config/nixos-config#flamaster \
--override-input private /materus/config/private/flamaster/flake" --override-input private /materus/config/private/flamaster/flake"
''; '';
flamaster-rebuild-switch = pkgs.writeShellScriptBin "flamaster-rebuild-switch" '' flamaster-rebuild-switch = pkgs.writeShellScriptBin "flamaster-rebuild-switch" ''
${pkgs.openssh}/bin/ssh -t materus@flamaster "sudo nixos-rebuild switch --flake /materus/config/Nixerus#flamaster \ ${pkgs.openssh}/bin/ssh -t materus@flamaster "sudo nixos-rebuild switch --flake /materus/config/nixos-config#flamaster \
--override-input private /materus/config/private/flamaster/flake" --override-input private /materus/config/private/flamaster/flake"
''; '';
in in
@@ -55,5 +55,5 @@ in
flamaster-rebuild-switch flamaster-rebuild-switch
flamaster-sync flamaster-sync
flamaster-flakelock flamaster-flakelock
]; ];
} }
@@ -0,0 +1,27 @@
{ config, pkgs, lib, materusCfg, ... }:
{
imports =
[
] ++ (if (materusCfg.materusFlake.decrypted) then [ ./private ] else [ ]);
sops.age.generateKey = false;
sops.gnupg.home = null;
sops.gnupg.sshKeyPaths = [ ];
sops.age.sshKeyPaths = [ "/materus/root/ssh_host_ed25519_key" ];
sops.defaultSopsFile = materusCfg.hostPath + "/secrets/secrets.yaml";
#sops.secrets."users/materus" = { neededForUsers = true; };
sops.secrets.wireguard = { };
services.openssh.hostKeys = [
{
bits = 4096;
path = "/materus/root/ssh_host_rsa_key";
type = "rsa";
}
{
path = "/materus/root/ssh_host_ed25519_key";
type = "ed25519";
}
];
}
@@ -0,0 +1,36 @@
users:
materus: ENC[AES256_GCM,data:okqSgMvdFq1BMAg+Gs725zaNbeAQIpJKSPB2Sa83i3EYimphZNBtrJLen+gQEGNq4yeTyAc9Ih/hcnr+3z+Tea/g9ffh/UC4YA==,iv:OhKoWLREAqCbtmS3Rw9nE9+PtcBLwEHimJXcj4oejRA=,tag:Ht/SQSwumnQR6E45Pl47AQ==,type:str]
root: ENC[AES256_GCM,data:vnPjK+xayk/Zk895rERYAeCzpjv5NJ7EAyK4MRDUzDbW++4Dy+UEI81v1v7w9dfpDeL+x5kOqUFO5zVVDUGfZ3yf/l8M8N8KcA==,iv:gGFGcy3K27nQxn0+7I/t0kg3nZyXeGWqysOl2auZJXo=,tag:N+LYhKpPCbI1EjEBwxuh1g==,type:str]
wireguard: ENC[AES256_GCM,data:rBkftzBcdamhP0xZB3qxfLptL8bX1qc7SdcfPNpYV67TeQs6i79+5KB/da4=,iv:22J5SZbFtYco7iSHvD2GD1bcazfGWlyEJ2isa3Ab4bI=,tag:BeUn9Srl2vyoDgK5Xv0UCg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1fq9ckkwtgvm69w045rf9pgurnhch6ukdxejr8yxgrthn7j8vp48qvd9rkx
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEbHZZUVF1dVJSU1NvNXVk
N3VtTm00ZHRWb082T0FkNXJncUxCU3haVmpVCk9FQkJBZnVJVFNLOThjZzlxNVF1
b0phQ2daejRrdVhEZ2YvRHVRRU5BQlEKLS0tIGdQeDlOSzl4VDhGNURQditCWUFG
dWVzbzUyakxXUGpTQjNsYzcyVG1aRDgKXVa8tIAbmggw1vSt3NJYRLgXhbagpNrX
RNXyndPaeQXVPVXuJWmHgRCYbwPTcfAFpGwFlX2IxVLlmC914Zklhw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-19T15:58:46Z"
mac: ENC[AES256_GCM,data:BLa0G3ci8EWH43UkLI2OoFJp2F9YeuKDrg6+2I/bq/lLi/YUitkJvBkA9VSIbvCyYWs/5SlEL5MayX8iiVdJ7r9bCiw+LVsWNAdaYDCafbZRW5F7KiHS5WXV3v4c201kFok7rmnRhEfKfdDxLlQ/mFHqOhupHU/qCNMTuUzJBiA=,iv:EPRoXHVMB6I16lTFJdFVAuSnMD/B55fPYtSBOQddutE=,tag:gohg+BdRlMPAQmNpRdk8sg==,type:str]
pgp:
- created_at: "2024-03-02T22:10:50Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4D5fSX77p80GYSAQdAvGVUu56Pd2+DMHqgIcJokyh11952nQK2eVtQNj42CAUw
NQfulNRUHX5BonsLyvXPx74bVku6Wxr80loIWoz049/xbFj4S7FyftkakY8rOUGu
1GgBCQIQOoEFvTQB8qGbea/85fktuljXPou/WgUY6Mxd4n0dBz54f69B/NttnBGc
7eUDKfe79Omr0o/0CVC/6SGKoiS38suV903QHeF1MXFPeOG72k4TvfF9lVlBgK8H
k4DXtzC7wm3WWg==
=eh7Z
-----END PGP MESSAGE-----
fp: 28D140BCA60B4FD1
unencrypted_suffix: _unencrypted
version: 3.8.1
+97 -371
View File
@@ -1,130 +1,78 @@
{ config, pkgs, lib, inputs, materusFlake, materusPkgs, ... }: {
config,
pkgs,
materusArg,
...
}:
{ {
virtualisation.lxc.enable = false;
virtualisation.lxc.lxcfs.enable = false;
virtualisation.lxd.enable = false;
#virtualisation.lxd.recommendedSysctlSettings = true;
programs.corectrl.enable = true;
programs.corectrl.gpuOverclock.enable = true;
programs.corectrl.gpuOverclock.ppfeaturemask = "0xffffffff";
programs.gamemode.enable = true; programs.gamemode.enable = true;
programs.corectrl.enable = true;
services.teamviewer.enable = true; services.teamviewer.enable = true;
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [ "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" ];
"L+ /opt/rocm/hip - - - - ${pkgs.hip}"
];
# Gamepad
services.udev = {
packages = with pkgs; [
game-devices-udev-rules
];
};
hardware.uinput.enable = true;
hardware.steam-hardware.enable = true;
nix.package = pkgs.nixVersions.nix_2_28;
programs.steam = {
enable = false;
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers
};
services.flatpak.enable = true; services.flatpak.enable = true;
services.gvfs.enable = true; services.gvfs.enable = true;
services.xserver.xkb.layout = "pl";
time.timeZone = "Europe/Warsaw";
i18n.defaultLocale = "pl_PL.UTF-8";
console = {
font = "lat2-16";
# keyMap = "pl";
useXkbConfig = true; # use xkbOptions in tty.
};
services.xserver.layout = "pl";
services.xserver.enable = true; services.xserver.enable = true;
services.xserver.videoDrivers = [ "amdgpu" ]; #services.xserver.videoDrivers = [ "amdgpu" "intel" ];
services.dbus.enable = true; services.dbus.enable = true;
services.dbus.packages = [ pkgs.gcr_4 ]; services.dbus.packages = [ pkgs.gcr ];
#services.xserver.displayManager.autoLogin.user = "materus";
services.xserver.displayManager.startx.enable = false; services.xserver.displayManager.startx.enable = false;
/*
services.xserver.displayManager.lightdm.enable = true;
services.xserver.displayManager.lightdm.greeters.enso.enable = true;
services.xserver.displayManager.lightdm.greeters.enso.blur = true;
*/
services.xserver.config = pkgs.lib.mkAfter '' services.xserver.exportConfiguration = true;
services.xserver.extraConfig = pkgs.lib.mkDefault ''
Section "OutputClass" Section "OutputClass"
Identifier "amd-options" Identifier "amd-options"
Option "TearFree" "True" Option "TearFree" "True"
Option "SWCursor" "True" Option "SWCursor" "True"
Option "VariableRefresh" "true" Option "VariableRefresh" "true"
Option "AsyncFlipSecondaries" "true" Option "AsyncFlipSecondaries" "true"
Option "DRI3" "1"
MatchDriver "amdgpu" MatchDriver "amdgpu"
EndSection EndSection
''; '';
services.printing.enable = true; services.printing.enable = true;
services.libinput.enable = true;
sound.enable = true; environment.sessionVariables = {
security.rtkit.enable = true;
services.pipewire = {
enable = true;
audio.enable = true;
alsa.enable = true;
alsa.support32Bit = true;
pulse.enable = true;
systemWide = false;
# If you want to use JACK applications, uncomment this
jack.enable = true;
};
hardware.pulseaudio.enable = false;
services.xserver.libinput.enable = true;
virtualisation.waydroid.enable = false;
virtualisation.podman = {
enable = true;
#enableNvidia = true;
dockerCompat = true;
dockerSocket.enable = true;
};
users.users.materus = {
isNormalUser = true;
extraGroups = [ "audio" "video" "render" "pipewire" "wheel" "networkmanager" "input" "kvm" "libvirt-qemu" "libvirt" "libvirtd" "podman" "lxd" ]; # Enable sudo for the user.
shell = pkgs.bashInteractive;
description = "Mateusz Słodkowicz";
# packages = with pkgs; [
# firefox
# thunderbird
# ];
};
environment.variables = {
DISABLE_LAYER_AMD_SWITCHABLE_GRAPHICS_1 = "1";
VK_ICD_FILENAMES = "/run/opengl-driver/share/vulkan/icd.d/radeon_icd.x86_64.json:/run/opengl-driver-32/share/vulkan/icd.d/radeon_icd.i686.json";
AMD_VULKAN_ICD = "RADV";
RADV_PERFTEST = "gpl,rt,sam";
ALSOFT_DRIVERS = "pulse";
};
environment.sessionVariables = rec {
XDG_CACHE_HOME = "\${HOME}/.cache"; XDG_CACHE_HOME = "\${HOME}/.cache";
XDG_CONFIG_HOME = "\${HOME}/.config"; XDG_CONFIG_HOME = "\${HOME}/.config";
XDG_BIN_HOME = "\${HOME}/.local/bin"; XDG_BIN_HOME = "\${HOME}/.local/bin";
XDG_DATA_HOME = "\${HOME}/.local/share"; XDG_DATA_HOME = "\${HOME}/.local/share";
QT_XKB_CONFIG_ROOT = "\${XKB_CONFIG_ROOT}";
SDL_AUDIODRIVER = "pipewire"; GTK_IM_MODULE = "fcitx";
QT_IM_MODULE = "fcitx";
#SSH_ASKPASS_REQUIRE = "prefer"; XMODIFIERS = "@im=fcitx";
SDL_IM_MODULE = "fcitx";
MOZ_USE_XINPUT2 = "1"; MOZ_USE_XINPUT2 = "1";
PATH = [ PATH = [ "\${XDG_BIN_HOME}" ];
"\${XDG_BIN_HOME}"
];
}; };
environment.shellInit = '' environment.shellInit = ''
if ! [ -z "$DISPLAY" ]; then xhost +si:localuser:root &> /dev/null; fi; if ! [ -z "$DISPLAY" ]; then xhost +si:localuser:root &> /dev/null; fi;
@@ -132,20 +80,50 @@
''; '';
i18n.inputMethod.enabled = "fcitx5"; i18n.inputMethod.enabled = "fcitx5";
i18n.inputMethod.fcitx5.addons = [ pkgs.fcitx5-configtool pkgs.fcitx5-lua pkgs.fcitx5-mozc pkgs.fcitx5-gtk pkgs.libsForQt5.fcitx5-qt ]; i18n.inputMethod.fcitx5.addons = [
pkgs.kdePackages.fcitx5-configtool
pkgs.fcitx5-lua
pkgs.fcitx5-mozc
pkgs.fcitx5-gtk
pkgs.kdePackages.fcitx5-qt
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
services.pcscd.enable = true; services.pcscd.enable = true;
services.samba-wsdd.enable = true;
services.samba-wsdd.enable = true;
services.samba-wsdd.openFirewall = true;
services.samba = { services.samba = {
enable = true; enable = true;
package = pkgs.sambaFull; package = pkgs.sambaFull;
}; securityType = "user";
openFirewall = true;
settings = {
global = {
"workgroup" = "WORKGROUP";
"server string" = "smbmaterus";
"netbios name " = "smbmaterus";
"security" = "user";
"hosts allow" = "192.168.122. 127.0.0.1 localhost";
"hosts deny" = "0.0.0.0/0";
"guest account" = "nobody";
"map to guest" = "bad user";
"allow insecure wide links" = "yes";
};
windows = {
"path" = "/materus/data/VM/windows_shared";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0644";
"directory mask" = "0755";
"force user" = "materus";
"force group" = "users";
"follow symlinks" = "yes";
"wide links" = "yes";
};
};
};
programs.gnupg.agent = { programs.gnupg.agent = {
enable = true; enable = true;
@@ -155,288 +133,36 @@
}; };
programs.ssh.startAgent = true; programs.ssh.startAgent = true;
services.openssh.enable = true; services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "no";
services.openssh.settings.PasswordAuthentication = false;
services.openssh.openFirewall = true;
services.sunshine = {
enable = true;
capSysAdmin = true;
openFirewall = true;
autoStart = false;
};
environment.enableAllTerminfo = true; environment.enableAllTerminfo = true;
environment.pathsToLink = [ "/share/zsh" "/share/bash-completion" "/share/fish" ]; environment.pathsToLink = [
environment.shells = with pkgs; [ zsh bashInteractive fish ]; "/share/zsh"
"/share/bash-completion"
"/share/fish"
];
environment.shells = with pkgs; [
zsh
bashInteractive
fish
];
programs = { programs = {
fish.enable = true; fish.enable = true;
zsh = {
enable = true;
interactiveShellInit = ''
if [[ ''${__MATERUS_HM_ZSH:-0} == 0 ]]; then
source ${pkgs.grml-zsh-config}/etc/zsh/zshrc
fi
'';
promptInit = ''
'';
};
java.enable = true;
java.package = pkgs.graalvm-ce;
java.binfmt = true;
command-not-found.enable = false; command-not-found.enable = false;
dconf.enable = true; dconf.enable = true;
}; };
materus.profile.browser.enable = true;
services.davfs2.enable = true;
/*containers.test = {
config = { config, pkgs, ... }: { environment.systemPackages = with pkgs; [ wayfire ]; };
autoStart = false;
};*/
environment.systemPackages = with pkgs; [
firefox
gamescope
#(pkgs.lutris.override { extraLibraries = pkgs: with pkgs; [ pkgs.samba pkgs.jansson pkgs.tdb pkgs.libunwind pkgs.libusb1 pkgs.gnutls pkgs.gtk3 pkgs.pango ]; })
materusPkgs.amdgpu-pro-libs.prefixes
(pkgs.bottles.override { extraPkgs = pkgs: with pkgs; [ pkgs.libsForQt5.breeze-qt5 pkgs.libsForQt5.breeze-gtk pkgs.nss_latest ]; extraLibraries = pkgs: with pkgs; [ pkgs.samba pkgs.jansson pkgs.tdb pkgs.libunwind pkgs.libusb1 pkgs.gnutls pkgs.gtk3 pkgs.pango ]; })
glibc
glib
gtk3
gtk4
gsettings-desktop-schemas
libsForQt5.dolphin
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
patchelf
killall
util-linux
xorg.xhost
nix-top
gitFull
curl
wget
config.programs.java.package
nss_latest
aspell
aspellDicts.pl
aspellDicts.en
aspellDicts.en-computers
steamtinkerlaunch
distrobox
p7zip
unrar
bzip2
rar
unzip
zstd
xz
zip
gzip
tree
mc
lf
htop
nmon
iftop
iptraf-ng
mprocs
tldr
bat
##config.materus.profile.packages.home-manager
# pgcli
# litecli
#zenmonitor
nix-du
ark
kate
krusader
wineWowPackages.stagingFull
winetricks
protontricks
openal
gnupg
pinentry
pinentry-gnome
pinentry-curses
ncurses
monkeysphere
gparted
virt-viewer
inkscape
gimp
bubblewrap
bindfs
pulseaudio
binutils
config.materus.profile.packages.firefox
];
environment.etc = {
/*
"libvirt/hooks/qemu.d/win11/prepare/begin/start.sh" = {
text =
''
#!/usr/bin/env bash
# Debugging
exec 19>/home/materus/startlogfile
BASH_XTRACEFD=19
set -x
exec 3>&1 4>&2
trap 'exec 2>&4 1>&3' 0 1 2 3
exec 1>/home/materus/startlogfile.out 2>&1
# Stop display manager
killall -u materus
systemctl stop display-manager.service
killall gdm-x-session
#systemctl isolate multi-user.target
sleep 1
# Load variables we defined
source "/etc/libvirt/hooks/kvm.conf"
# Isolate host to core 0
systemctl set-property --runtime -- user.slice AllowedCPUs=0
systemctl set-property --runtime -- system.slice AllowedCPUs=0
systemctl set-property --runtime -- init.scope AllowedCPUs=0
# Unbind VTconsoles
for (( i = 0; i < 16; i++))
do
if test -x /sys/class/vtconsole/vtcon"''${i}"; then
if [ "$(grep -c "frame buffer" /sys/class/vtconsole/vtcon"''${i}"/name)" = 1 ]; then
echo 0 > /sys/class/vtconsole/vtcon"''${i}"/bind
echo "$DATE Unbinding Console ''${i}"
fi
fi
done
# Unbind EFI Framebuffer
echo "efi-framebuffer.0" > /sys/bus/platform/drivers/efi-framebuffer/unbind
# Avoid race condition
sleep 1
# Unload NVIDIA kernel modules
modprobe -r nvidia_uvm
modprobe -r nvidia_drm
modprobe -r nvidia_modeset
modprobe -r nvidia
modprobe -r i2c_nvidia_gpu
modprobe -r drm_kms_helper
modprobe -r drm
# Detach GPU devices from host
#virsh nodedev-detach $VIRSH_GPU_VIDEO
#virsh nodedev-detach $VIRSH_GPU_AUDIO
#virsh nodedev-detach $VIRSH_GPU_USB
#virsh nodedev-detach $VIRSH_GPU_SERIAL_BUS
# Load vfio module
modprobe vfio
modprobe vfio_pci
modprobe vfio_iommu_type1
'';
mode = "0755";
};
"libvirt/hooks/qemu.d/win11/release/end/stop.sh" = {
text =
''
#!/usr/bin/env bash
# Debugging
exec 19>/home/materus/stoplogfile
BASH_XTRACEFD=19
set -x
exec 3>&1 4>&2
trap 'exec 2>&4 1>&3' 0 1 2 3
exec 1>/home/materus/stoplogfile.out 2>&1
# Load variables we defined
source "/etc/libvirt/hooks/kvm.conf"
# Unload vfio module
modprobe -r vfio-pci
modprobe -r vfio_iommu_type1
modprobe -r vfio
modprobe drm
modprobe drm_kms_helper
modprobe i2c_nvidia_gpu
modprobe nvidia
modprobe nvidia_modeset
modprobe nvidia_drm
modprobe nvidia_uvm
# Attach GPU devices from host
#virsh nodedev-reattach $VIRSH_GPU_VIDEO
#virsh nodedev-reattach $VIRSH_GPU_AUDIO
#virsh nodedev-reattach $VIRSH_GPU_USB
#virsh nodedev-reattach $VIRSH_GPU_SERIAL_BUS
#echo "0000:01:00.0" > /sys/bus/pci/drivers/nvidia/bind
# Bind EFI Framebuffer
echo "efi-framebuffer.0" > /sys/bus/platform/drivers/efi-framebuffer/bind
# Bind VTconsoles
echo 1 > /sys/class/vtconsole/vtcon0/bind
#echo 1 > /sys/class/vtconsole/vtcon1/bind
# Start display manager
sleep 1
systemctl start display-manager.service
# Return host to all cores
systemctl set-property --runtime -- user.slice AllowedCPUs=0-3
systemctl set-property --runtime -- system.slice AllowedCPUs=0-3
systemctl set-property --runtime -- init.scope AllowedCPUs=0-3
'';
text = ''
#!/usr/bin/env bash
reboot
'';*-/
mode = "0755";
};
"libvirt/vgabios/patched.rom".source = ./vbios.rom;
};
};
*/
};
} }
+33 -3
View File
@@ -1,9 +1,38 @@
{ config, pkgs, lib, inputs, materusFlake, ... }: { config, pkgs, ... }:
{ {
imports = [ imports = [
./win10 ./win-vfio
];
materus.materusArg.materusPC = {
allCores = "0-31";
allCoresMask = "ffffffff";
hostCores = "0-7,16-23";
hostCoresMask = "00ff00ff";
vmCores = "8-15,24-31";
vmCoresMask = "ff00ff00";
};
systemd.mounts = [
{
where = "/dev/hugepages";
enable = false;
}
{
where = "/dev/hugepages/hugepages-2048kB";
enable = true;
what = "hugetlbfs";
type = "hugetlbfs";
options = "pagesize=2M";
requiredBy = [ "basic.target" ];
}
{
where = "/dev/hugepages/hugepages-1048576kB";
enable = true;
what = "hugetlbfs";
type = "hugetlbfs";
options = "pagesize=1G";
requiredBy = [ "basic.target" ];
}
]; ];
virtualisation.libvirtd = { virtualisation.libvirtd = {
enable = true; enable = true;
@@ -47,6 +76,7 @@
bindfs bindfs
qemu-utils qemu-utils
psmisc psmisc
procps
]; ];
}; };
in in
@@ -0,0 +1,187 @@
{ config, pkgs, materusArg, ... }:
let
bar0_guest="15";
bar2_guest="8";
bar0_host="15";
bar2_host="8";
VM_UUID = "ad2632db-0da0-4204-98b3-0592a185ebd0";
startedHook = ''
# Renice QEMU process and threads
QEMU_PID=$(ps aux | grep qemu-system-x86_64 | grep "${VM_UUID}" | tr -s ' ' | cut -d " " -f 2)
for pid in $(ls /proc/$QEMU_PID/task); do
renice -n "-15" -p "$pid";
done
renice -n "-10" -p "$QEMU_PID";
'';
startHook = /*''
# Debugging
exec 19>/home/materus/startlogfile
BASH_XTRACEFD=19
set -x
exec 3>&1 4>&2
trap 'exec 2>&4 1>&3' 0 1 2 3
exec 1>/home/materus/startlogfile.out 2>&1
''
+*/
''
# Service for my shared qcow2 drive, it's mounted to host when VM not running
systemctl stop windows-share-mount.service
systemctl stop systemd-nspawn@archlinux
# Remember non symlink path to card and render, symlink might get deleted
DRI_RENDER=$(readlink -f /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-render)
DRI_CARD=$(readlink -f /dev/dri/by-path/pci-$VIRSH_GPU_VIDEO-card)
# Send "remove" event so wayland compositors can release gpu, sleep because it doesnt work instantly
echo remove > /sys/bus/pci/devices/$VIRSH_GPU_VIDEO/drm/card*/uevent
sleep 3s
# Remove all permissions from DRI nodes so no new processes will attach to it, kill all processes currently using it
chmod 0 $DRI_RENDER
chmod 0 $DRI_CARD
fuser -k $DRI_RENDER
fuser -k $DRI_CARD
# Seems to fix reset bug for 7900 XTX
echo "0" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/d3cold_allowed"
# Unbind GPU from drivers
echo ''$VIRSH_GPU_VIDEO > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/driver/unbind"
echo ''$VIRSH_GPU_AUDIO > "/sys/bus/pci/devices/''${VIRSH_GPU_AUDIO}/driver/unbind"
# Optionally resize bars, it's pointless for me since it's full size here but keeping just in case
echo "${bar0_guest}" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource0_resize"
echo "${bar2_guest}" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource2_resize"
# Compact memory if possible to make continuous space for transparent huge pages
sync
echo "3" > /proc/sys/vm/drop_caches
sync
echo "1" > /proc/sys/vm/compact_memory
# Set host cgroups and workqueue to use defined cpu cores (I'm using first half of cpu on host, second half on guest)
systemctl set-property --runtime -- user.slice AllowedCPUs=${materusArg.materusPC.hostCores}
systemctl set-property --runtime -- system.slice AllowedCPUs=${materusArg.materusPC.hostCores}
systemctl set-property --runtime -- init.scope AllowedCPUs=${materusArg.materusPC.hostCores}
echo "${materusArg.materusPC.hostCoresMask}" > /sys/bus/workqueue/devices/writeback/cpumask
# Set performance governor if not set
echo performance | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
# Reduce interval of memory statistics to 120s from default 1s
sysctl vm.stat_interval=120
'';
stopHook = ''
# Debugging
# exec 19>/home/materus/stoplogfile
# BASH_XTRACEFD=19
# set -x
# exec 3>&1 4>&2
# trap 'exec 2>&4 1>&3' 0 1 2 3
# exec 1>/home/materus/stoplogfile.out 2>&1
# echo performance | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
sysctl vm.stat_interval=1
sleep 1s
echo ''$VIRSH_GPU_VIDEO > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/driver/unbind"
echo ''$VIRSH_GPU_AUDIO > "/sys/bus/pci/devices/''${VIRSH_GPU_AUDIO}/driver/unbind"
echo "${bar0_host}" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource0_resize"
echo "${bar2_host}" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource2_resize"
echo "1" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/d3cold_allowed"
echo ''$VIRSH_GPU_VIDEO > /sys/bus/pci/drivers/amdgpu/bind
echo ''$VIRSH_GPU_AUDIO > /sys/bus/pci/drivers/snd_hda_intel/bind
systemctl start windows-share-mount.service
systemctl set-property --runtime -- user.slice AllowedCPUs=${materusArg.materusPC.allCores}
systemctl set-property --runtime -- system.slice AllowedCPUs=${materusArg.materusPC.allCores}
systemctl set-property --runtime -- init.scope AllowedCPUs=${materusArg.materusPC.allCores}
echo "${materusArg.materusPC.allCoresMask}" > /sys/bus/workqueue/devices/writeback/cpumask
'';
in
{
virtualisation.libvirtd.qemu.verbatimConfig = ''
cgroup_device_acl = [
"/dev/null", "/dev/full", "/dev/zero",
"/dev/random", "/dev/urandom",
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
"/dev/rtc","/dev/hpet", "/dev/vfio/vfio",
"/dev/kvmfr0"
]
'';
virtualisation.libvirtd.hooks.qemu = {
"windows-vfio" = pkgs.writeShellScript "windows.sh" ''
VIRSH_GPU_VIDEO="0000:03:00.0"
VIRSH_GPU_AUDIO="0000:03:00.1"
VIRSH_USB1="0000:10:00.0"
if [ ''$1 = "windows-vfio" ]; then
if [ ''$2 = "prepare" ] && [ ''$3 = "begin" ]; then
${startHook}
fi
#if [ ''$2 = "started" ] && [ ''$3 = "begin" ]; then
${startedHook}
#fi
if [ ''$2 = "release" ] && [ ''$3 = "end" ]; then
${stopHook}
fi
fi
'';
};
systemd.services.windows-share-mount = {
wantedBy = [ "multi-user.target" ];
path = [ config.virtualisation.libvirtd.qemu.package pkgs.util-linux pkgs.kmod pkgs.coreutils ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
script = ''
modprobe nbd max_part=16
sleep 1
qemu-nbd -c /dev/nbd10 /materus/data/VM/data.qcow2 --discard=unmap
sleep 1
mount /dev/nbd10p1 /materus/data/Windows -o uid=1000,gid=100
'';
preStop = ''
umount -r /dev/nbd10p1
qemu-nbd -d /dev/nbd10
'';
};
}
@@ -1,128 +0,0 @@
{ config, pkgs, lib, inputs, materusFlake, ... }:
let
startHook = /*''
# Debugging
exec 19>/home/materus/startlogfile
BASH_XTRACEFD=19
set -x
exec 3>&1 4>&2
trap 'exec 2>&4 1>&3' 0 1 2 3
exec 1>/home/materus/startlogfile.out 2>&1
''
+*/
''
# Make sure nothing renders on gpu to prevent "sysfs: cannot create duplicate filename" after rebinding to amdgpu
chmod 0 /dev/dri/renderD128
fuser -k /dev/dri/renderD128
# Seems to fix reset bug for 7900 XTX
echo "0" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/d3cold_allowed"
systemctl stop mountWin10Share.service
echo ''$VIRSH_GPU_VIDEO > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/driver/unbind"
echo ''$VIRSH_GPU_AUDIO > "/sys/bus/pci/devices/''${VIRSH_GPU_AUDIO}/driver/unbind"
sleep 1s
echo "10" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource0_resize"
echo "8" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource2_resize"
systemctl set-property --runtime -- user.slice AllowedCPUs=12-15,28-31
systemctl set-property --runtime -- system.slice AllowedCPUs=12-15,28-31
systemctl set-property --runtime -- init.scope AllowedCPUs=12-15,28-31
'';
stopHook = ''
# Debugging
# exec 19>/home/materus/stoplogfile
# BASH_XTRACEFD=19
# set -x
# exec 3>&1 4>&2
# trap 'exec 2>&4 1>&3' 0 1 2 3
# exec 1>/home/materus/stoplogfile.out 2>&1
sleep 1s
echo ''$VIRSH_GPU_VIDEO > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/driver/unbind"
echo ''$VIRSH_GPU_AUDIO > "/sys/bus/pci/devices/''${VIRSH_GPU_AUDIO}/driver/unbind"
echo "15" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource0_resize"
echo "8" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/resource2_resize"
echo "1" > "/sys/bus/pci/devices/''${VIRSH_GPU_VIDEO}/d3cold_allowed"
echo ''$VIRSH_GPU_VIDEO > /sys/bus/pci/drivers/amdgpu/bind
echo ''$VIRSH_GPU_AUDIO > /sys/bus/pci/drivers/snd_hda_intel/bind
systemctl start mountWin10Share.service
systemctl set-property --runtime -- user.slice AllowedCPUs=0-31
systemctl set-property --runtime -- system.slice AllowedCPUs=0-31
systemctl set-property --runtime -- init.scope AllowedCPUs=0-31
'';
in
{
virtualisation.libvirtd.hooks.qemu = {
"win10" = pkgs.writeShellScript "win10.sh" ''
VIRSH_GPU_VIDEO="0000:03:00.0"
VIRSH_GPU_AUDIO="0000:03:00.1"
VIRSH_USB1="0000:10:00.0"
if [ ''$1 = "win10" ] || [ ''$1 = "win11" ]; then
if [ ''$2 = "prepare" ] && [ ''$3 = "begin" ]; then
${startHook}
fi
if [ ''$2 = "release" ] && [ ''$3 = "end" ]; then
${stopHook}
fi
fi
'';
};
systemd.services.mountWin10Share = {
wantedBy = [ "multi-user.target" ];
path = [ config.virtualisation.libvirtd.qemu.package pkgs.util-linux pkgs.kmod pkgs.coreutils ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
script = ''
modprobe nbd max_part=16
sleep 1
qemu-nbd -c /dev/nbd0 /materus/data/VM/data.qcow2 --cache=unsafe --discard=unmap
sleep 1
mount /dev/nbd0p1 /materus/data/Windows -o uid=1000,gid=100
'';
preStop = ''
umount /materus/data/Windows
qemu-nbd -d /dev/nbd0
'';
};
}
+20 -20
View File
@@ -2,15 +2,16 @@
# your system. Help is available in the configuration.nix(5) man page # your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`). # and in the NixOS manual (accessible by running `nixos-help`).
{ config, pkgs, materusFlake, ... }: { pkgs, materusArg, config, ... }:
{ {
imports = imports =
[ [
# Include the results of the hardware scan. # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
./pleroma.nix ./services
]; ./secrets
];
materus.profile.nix.enable = true; materus.profile.nix.enable = true;
@@ -28,7 +29,7 @@
networking.hostName = "valkyrie"; # Define your hostname. networking.hostName = "valkyrie"; # Define your hostname.
# Pick only one of the below networking options. # Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
networking.networkmanager.enable = false; # Easiest to use and most distros use this by default. networking.networkmanager.enable = false;
# Set your time zone. # Set your time zone.
time.timeZone = "Europe/Warsaw"; time.timeZone = "Europe/Warsaw";
@@ -63,17 +64,19 @@
# hardware.pulseaudio.enable = true; # hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager). # Enable touchpad support (enabled default in most desktopManager).
# services.xserver.libinput.enable = true; services.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd. # Define a user account. Don't forget to set a password with passwd.
users.users.materus = { users.users.materus = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable sudo for the user. extraGroups = [ "wheel" ]; # Enable sudo for the user.
packages = with pkgs; [ packages = [
]; ];
openssh.authorizedKeys.keyFiles = [ (materusFlake.selfPath + /extraFiles/keys/ssh/materus.pub) ]; openssh.authorizedKeys.keyFiles = [ ("${materusArg.cfg.path}" + "/extraFiles/keys/ssh/materus.pub") ];
shell = pkgs.zsh;
}; };
users.users.acme.openssh.authorizedKeys.keyFiles = [ ("${materusArg.cfg.path}" + "/extraFiles/keys/ssh/waffentrager.pub") ];
users.users.acme.shell = pkgs.scponly;
# List packages installed in system profile. To search, run: # List packages installed in system profile. To search, run:
# $ nix search wget # $ nix search wget
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@@ -97,10 +100,10 @@
services.openssh.enable = true; services.openssh.enable = true;
services.openssh.openFirewall = false; services.openssh.openFirewall = false;
services.openssh.settings.PermitRootLogin = "no"; services.openssh.settings.PermitRootLogin = "no";
services.openssh.settings.PasswordAuthentication = true; services.openssh.settings.PasswordAuthentication = false;
services.adguardhome.enable = true;
# Open ports in the firewall. # Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ]; # networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ]; # networking.firewall.allowedUDPPorts = [ ... ];
@@ -139,14 +142,20 @@
}; };
virtualisation.podman.autoPrune.enable = true;
virtualisation.podman.autoPrune.dates = "daily";
virtualisation.oci-containers.backend = "podman";
security.acme.acceptTerms = true; security.acme.acceptTerms = true;
security.acme.defaults.email = "materus+acme@podkos.pl"; security.acme.defaults.email = "materus+acme@podkos.pl";
security.acme.defaults.credentialsFile = config.sops.secrets.certs.path;
security.acme.defaults.dnsResolver = "9.9.9.9:53";
security.acme.certs."materus.pl" = { security.acme.certs."materus.pl" = {
domain = "materus.pl"; domain = "materus.pl";
group = "nginx"; group = "nginx";
extraDomainNames = [ "*.materus.pl" ]; extraDomainNames = [ "*.materus.pl" ];
dnsProvider = "ovh"; dnsProvider = "ovh";
credentialsFile = "/materus/config/private/valkyrie/certs.secret";
}; };
security.acme.certs."podkos.pl" = { security.acme.certs."podkos.pl" = {
@@ -154,15 +163,6 @@
group = "nginx"; group = "nginx";
extraDomainNames = [ "*.podkos.pl" ]; extraDomainNames = [ "*.podkos.pl" ];
dnsProvider = "ovh"; dnsProvider = "ovh";
credentialsFile = "/materus/config/private/valkyrie/certs.secret";
};
security.acme.certs."podkos.xyz" = {
domain = "podkos.xyz";
group = "nginx";
extraDomainNames = [ "*.podkos.xyz" ];
dnsProvider = "ovh";
credentialsFile = "/materus/config/private/valkyrie/certs.secret";
}; };
} }
@@ -11,7 +11,7 @@
boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "floppy" "sr_mod" "virtio_blk" ]; boot.initrd.availableKernelModules = [ "ata_piix" "virtio_pci" "floppy" "sr_mod" "virtio_blk" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernel.sysctl = { "net.ipv4.ip_forward" = 1; }; boot.kernel.sysctl = { "net.ipv4.ip_forward" = 1; "net.ipv6.conf.all.forwarding" = 1; };
boot.kernelModules = [ ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
boot.tmp.useTmpfs = true; boot.tmp.useTmpfs = true;
@@ -1,4 +1,4 @@
{ config, pkgs, materusPkgs, lib, ... }: { ... }:
{ {
home.stateVersion = "23.05"; home.stateVersion = "23.05";
home.homeDirectory = "/home/materus"; home.homeDirectory = "/home/materus";
@@ -10,7 +10,8 @@
enableTerminalExtra = false; enableTerminalExtra = false;
enableNixDevel = false; enableNixDevel = false;
fish.enable = true; fish.enable = false;
bash.enable = true; bash.enable = true;
zsh.enable = true;
}; };
} }
-146
View File
@@ -1,146 +0,0 @@
{ config, pkgs, lib, materusFlake, ... }:
let
socketPath = "/run/pleroma/http.sock";
socketChmod = with pkgs; with lib; pkgs.writers.writeBashBin "pleroma-socket"
''
coproc {
${inotify-tools}/bin/inotifywait -q -m -e create ${escapeShellArg (dirOf socketPath)}
}
trap 'kill "$COPROC_PID"' EXIT TERM
until ${pkgs.coreutils}/bin/test -S ${escapeShellArg socketPath}
do read -r -u "''${COPROC[0]}"
done
${pkgs.coreutils}/bin/chmod 0666 ${socketPath}
'';
soapbox = pkgs.stdenv.mkDerivation rec {
pname = "soapbox";
version = "v3.2.0";
dontBuild = true;
dontConfigure = true;
src = pkgs.fetchurl {
name = "soapbox";
url = "https://gitlab.com/soapbox-pub/soapbox/-/jobs/artifacts/${version}/download?job=build-production";
sha256 = "sha256-AdW6JK7JkIKLZ8X+N9STeOHqmGNUdhcXyC9jsQPTa9o=";
};
nativeBuildInputs = [pkgs.unzip];
unpackPhase = ''
unzip $src -d .
'';
installPhase = ''
mv ./static $out
'';
};
in
{
systemd.tmpfiles.rules = [
"d /var/lib/pleroma 0766 pleroma pleroma -"
"d /var/lib/pleroma/static 0766 pleroma pleroma -"
"d /var/lib/pleroma/uploads 0766 pleroma pleroma -"
"L+ /var/lib/pleroma/static/frontends/soapbox/${soapbox.version} 0766 pleroma pleroma - ${soapbox}"
];
services.nginx.virtualHosts."podkos.xyz" = {
http2 = true;
useACMEHost = "podkos.xyz";
forceSSL = true;
locations."/" = {
proxyPass = "http://unix:${socketPath}";
extraConfig = ''
etag on;
gzip on;
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'POST, PUT, DELETE, GET, PATCH, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Idempotency-Key' always;
add_header 'Access-Control-Expose-Headers' 'Link, X-RateLimit-Reset, X-RateLimit-Limit, X-RateLimit-Remaining, X-Request-Id' always;
if ($request_method = OPTIONS) {
return 204;
}
add_header X-XSS-Protection "1; mode=block";
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header Referrer-Policy same-origin;
add_header X-Download-Options noopen;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
client_max_body_size 8m;
'';
};
};
systemd.services.pleroma.serviceConfig = {
RuntimeDirectory = "pleroma";
RuntimeDirectoryPreserve = true;
ExecStartPost = "${socketChmod}/bin/pleroma-socket";
ExecStopPost = ''${pkgs.coreutils}/bin/rm -f ${socketPath}'';
};
services.pleroma = {
enable = true;
secretConfigFile = "/var/lib/pleroma/secrets.exs";
configs = [
''
import Config
config :pleroma, Pleroma.Web.Endpoint,
url: [host: "podkos.xyz", scheme: "https", port: 443],
http: [ip: {:local, "${socketPath}"}, port: 0]
config :pleroma, :instance,
name: "Podziemia Kosmosu",
email: "admin@podkos.xyz",
notify_email: "noreply@podkos.xyz",
limit: 5000,
registrations_open: false
config :pleroma, :media_proxy,
enabled: false,
redirect_on_failure: true
config :pleroma, Pleroma.Repo,
adapter: Ecto.Adapters.Postgres,
socket: "/run/postgresql/.s.PGSQL.5432",
username: "pleroma",
database: "pleroma"
# Configure web push notifications
config :web_push_encryption, :vapid_details,
subject: "mailto:admin@podkos.x yz"
config :pleroma, :frontends,
primary: %{
"name" => "soapbox",
"ref" => "${soapbox.version}"
}
config :pleroma, :database, rum_enabled: false
config :pleroma, :instance, static_dir: "/var/lib/pleroma/static"
config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads"
config :pleroma, configurable_from_database: true
config :pleroma, Pleroma.Upload, filters: [Pleroma.Upload.Filter.AnonymizeFilename]
''
];
};
}
@@ -0,0 +1,35 @@
{ materusCfg, ... }:
{
imports =
[
] ++ (if (materusCfg.materusFlake.decrypted) then [ ./private ] else [ ]);
sops.age.generateKey = false;
sops.gnupg.home = null;
sops.gnupg.sshKeyPaths = [ ];
sops.defaultSopsFile = materusCfg.hostPath + "/secrets/secrets.yaml";
sops.secrets.wireguard = { };
sops.secrets.discord-token = {};
sops.secrets.spotify-client-id = {};
sops.secrets.spotify-client-secret = {};
sops.secrets.youtube-api = {};
sops.secrets.certs = {};
sops.secrets.steamladder-api = {};
sops.secrets.webarchive-accesskey = {};
sops.secrets.webarchive-secretkey = {};
services.openssh.hostKeys = [
{
bits = 4096;
path = "/materus/root/ssh_host_rsa_key";
type = "rsa";
}
{
path = "/materus/root/ssh_host_ed25519_key";
type = "ed25519";
}
];
}
@@ -0,0 +1,41 @@
wireguard: ENC[AES256_GCM,data:i98U0ugxbNqWNuKR8u+mdWoSMLViHXfsWRBS1lvjb+hgGxveyzjBcagBIeY=,iv:/hF9oH2R6NSeHT/UQTlbmtx+gPX/3CJOLPNnxrzsY/g=,tag:2ub5w8uH2O1B2hoku8Kowg==,type:str]
discord-token: ENC[AES256_GCM,data:JQ/6MJvBlJpKzs/L0hFB1LPpQSfJvDdEB6YerVZyDqGo7plA0S5wORACgA88Dei1x1NGsXhYtiwT4vE9jjeCOlWXZdl1mA==,iv:BsDu1De0qLX/8VDiZ5co1q1LXxkz/Som9+hvm/67/xU=,tag:YO0wQNF3/AXbifpeAa935Q==,type:str]
spotify-client-id: ENC[AES256_GCM,data:WK7CJGw6mtIG3Jfp59cWx3ool4z1P09TvHcpbOQ2JV0=,iv:EaJ5ecXdmx0Ky+43xZITM811IOo4EisvPSyogXrJXng=,tag:NYTI4vLsWGa695CJ+TIgbw==,type:str]
spotify-client-secret: ENC[AES256_GCM,data:TnR+zLLklTfzMdR4woaZWuMVJQ9VIYsFM588GRO6WCY=,iv:cYiqw8ZdMgLeug4ptwPV3L+MeY6xIldfUBfiYg1mFD8=,tag:YDLh6BXFcBHnpdgM7e87wg==,type:str]
youtube-api: ENC[AES256_GCM,data:qmpFlFvudS9rXQfN+Th/UrPWCW0mg5GkpMucS/01AmOnlChqtojC,iv:q3bKwI2I6BNa3L9ezKCE1fWT/vZLiJ8uzug1z2z+TWA=,tag:gKG3HTz8jp2LAFh8e8O6sg==,type:str]
steamladder-api: ENC[AES256_GCM,data:m30o5atqugwqn/WbXGkUq5GvqiIKQT0kSRQCtHc1Gxk/dC3YcbDvMw==,iv:duLKl1NvysD0XMaUOkl/6nclMQB6seXcQYkGMrm7K7Y=,tag:9dw+UH10uAdca5fVdlw1Mg==,type:str]
webarchive-accesskey: ENC[AES256_GCM,data:jdKlHsZq2Dkk1BcBfUVv5g==,iv:BXCgPb/2W57PYXxRktInz1LxSEwlw6m3xnQU4TOPMeY=,tag:kK4+InaH7K4D4n1hyGaR+w==,type:str]
webarchive-secretkey: ENC[AES256_GCM,data:t7lZ1aA72BrBxaE+jXmE3w==,iv:A8PF/MyRTIluqEzzt4uCw7eNCYDXAt4iB29PSrwlVyY=,tag:6HbtcrFeFcpagjzPXOANzA==,type:str]
certs: ENC[AES256_GCM,data:ttmSNTTx51a3L2HTC8RnSphDLHO2OSyIgXQ0YpZGySTdu69mgEyhaiSi+IAXg/1AHKRjpFJgE4fhsLAiW78pNYb+Zg7aDL47YtABO99sTZrZnBxZo6k6itpZ3oClDch2ZALzoXChLroc0tUbZKwsfOwGe3pw9lOJZJT34AhV+BVoXDDLQcpQoxz23Baa8oxklecT6wpJ1u1nW+aAHw33gm41Vw==,iv:b0aNZwaRKBg+ipe5+19BowyFbCjZt52S738om6emYGo=,tag:lUqtcc4vVWKx/fnc19vj7A==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1wscr6kv8393wv0fjaux8juplaxq55znlzrp62qyteq0fauu3yg0s7d7k98
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSRXNLdUZaVU13alNhVGgz
aXdMb3IzNjNQcHJFV2JLNVM2SUVBa3VNZlRFCkxxd21CTWVDUkVXbzR6ZEkxbm5J
VGorSkp6a2xSdHRHcFk5T3VYVlJJa0UKLS0tIE1WdHo5eTlpNEEyN25oSjk1KzdS
d2dMUUh1RDB3UnpEdFJsNHpQRXFWemMKc41dlOapTsvH91QLNhdPbrzerPFakOiX
J/uoZDMIhsmQxgQM7Fqxr05NywhI/ZjOtJS2bayp73O57xjjMYcyNQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-18T09:01:39Z"
mac: ENC[AES256_GCM,data:CVsqff1qCcxyQ0e78ewottYKgqA2rG3j1m8X0Sb8If3qibAiBMMblc8T0doB+Fg4dVhPpbJSZdCx4JiV7sHopv2wNdguXd6Xe0L8iJqWtBeHTGTxSLvJ8UIHknak9c+JeQzZz8jAkbHYUXsc7VyeJaXoQptosz1BbE74D48Xjrg=,iv:0e+etjwabJx7PXgDUoh41Ha3aziQxBlH6QJZGG02ME0=,tag:oQIf503tmFlPoLE5d8Y24w==,type:str]
pgp:
- created_at: "2024-03-21T22:55:36Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4D5fSX77p80GYSAQdA667A9P/3ktuS2iEjxkv3aYMAGSu0oPGIX7dsC23VVgkw
OmcwhXxBnipcG+izbtNylXz5VonyyKHwdR2QIgkt9FEuC8lI17GHVyogTCFiP7Dj
1GgBCQIQN4EqFdiXqzJUeeE+PdOzVPs+1kStz+S1H22NjrJAFv67cbyIgwpItuXD
Sfao+MU1HWDY4iKZrcfWArUgpQj/pvsmUeJ72iXD3bkTTrK61g3GZA+g9lFewl/B
SORJMu9btS4GAw==
=aBMP
-----END PGP MESSAGE-----
fp: 28D140BCA60B4FD1
unencrypted_suffix: _unencrypted
version: 3.8.1
@@ -0,0 +1,38 @@
{
config,
pkgs,
lib,
materusArg,
...
}:
{
options.valkyrieService.dcbot.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable muse bot";
config =
let
cfg = config.valkyrieService.dcbot;
in
lib.mkIf cfg.enable {
sops.templates."muse.env".content = ''
CACHE_LIMIT=512MB
BOT_STATUS=online
BOT_ACTIVITY_TYPE=LISTENING
BOT_ACTIVITY=Coś
DISCORD_TOKEN=${config.sops.placeholder.discord-token}
YOUTUBE_API_KEY=${config.sops.placeholder.youtube-api}
SPOTIFY_CLIENT_ID=${config.sops.placeholder.spotify-client-id}
SPOTIFY_CLIENT_SECRET=${config.sops.placeholder.spotify-client-secret}
'';
systemd.tmpfiles.rules = [
"d /var/lib/muse 0776 root root -"
];
virtualisation.oci-containers.containers.dcbot = {
image = "ghcr.io/museofficial/muse:latest";
volumes = [ "/var/lib/muse:/data" ];
environmentFiles = [ config.sops.templates."muse.env".path ];
};
};
}
@@ -0,0 +1,17 @@
{ config, pkgs, ... }:
{
imports =
[
./pleroma.nix
./pihole.nix
./dcbot.nix
./secureyoursoul.nix
];
services.adguardhome.enable = true;
valkyrieService.pihole.enable = false;
valkyrieService.pleroma.enable = false;
valkyrieService.dcbot.enable = true;
valkyrieService.secureyoursoul.enable = true;
}
@@ -0,0 +1,56 @@
{ config, pkgs, lib, materusArg, ... }:
{
options.valkyrieService.pihole.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable pihole";
options.valkyrieService.pihole.dnsIP = lib.mkOption { default = "127.0.0.1"; };
options.valkyrieService.pihole.webIP = lib.mkOption { default = "127.0.0.1"; };
config =
let
cfg = config.valkyrieService.pihole;
dnsmasqConf = pkgs.writeText "02-dnsmasq-custom.conf" ''
no-hosts
'';
in
lib.mkIf config.valkyrieService.pihole.enable {
systemd.tmpfiles.rules = [
"d /var/lib/dnsmasq.d 0776 root root -"
"d /var/lib/pihole 0776 root root -"
"L+ /var/lib/dnsmasq.d/02-dnsmasq-custom.conf 0776 root root - ${dnsmasqConf}"
];
virtualisation.oci-containers.containers.pihole = {
image = "pihole/pihole:latest";
ports =
[
"${cfg.dnsIP}:53:53/tcp"
"${cfg.dnsIP}:53:53/udp"
"${cfg.webIP}:3000:80"
];
environment = {
TZ = "Europe/Warsaw";
FTLCONF_LOCAL_IPV4 = "127.0.0.1";
DNSMASQ_USER = "root";
VIRTUAL_HOST = "pi.hole";
PROXY_LOCATION = "pi.hole";
};
volumes = [
"/var/lib/pihole/:/etc/pihole/"
"/var/lib/dnsmasq.d:/etc/dnsmasq.d/"
"/nix/store:/nix/store"
];
extraOptions =
[
"--cap-add=NET_ADMIN"
"--dns=127.0.0.1"
"--dns=9.9.9.9"
"--hostname=pi.hole"
];
};
};
}
@@ -0,0 +1,149 @@
{ config, pkgs, lib, materusArg, ... }:
let
socketPath = "/run/pleroma/http.sock";
socketChmod = with pkgs; with lib; pkgs.writers.writeBashBin "pleroma-socket"
''
coproc {
${inotify-tools}/bin/inotifywait -q -m -e create ${escapeShellArg (dirOf socketPath)}
}
trap 'kill "$COPROC_PID"' EXIT TERM
until ${pkgs.coreutils}/bin/test -S ${escapeShellArg socketPath}
do read -r -u "''${COPROC[0]}"
done
${pkgs.coreutils}/bin/chmod 0666 ${socketPath}
'';
soapbox = pkgs.stdenv.mkDerivation rec {
pname = "soapbox";
version = "v3.2.0";
dontBuild = true;
dontConfigure = true;
src = pkgs.fetchurl {
name = "soapbox";
url = "https://gitlab.com/soapbox-pub/soapbox/-/jobs/artifacts/${version}/download?job=build-production";
sha256 = "sha256-AdW6JK7JkIKLZ8X+N9STeOHqmGNUdhcXyC9jsQPTa9o=";
};
nativeBuildInputs = [ pkgs.unzip ];
unpackPhase = ''
unzip $src -d .
'';
installPhase = ''
mv ./static $out
'';
};
in
{
options.valkyrieService.pleroma.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable pleroma";
config = lib.mkIf config.valkyrieService.pleroma.enable {
systemd.tmpfiles.rules = [
"d /var/lib/pleroma 0766 pleroma pleroma -"
"d /var/lib/pleroma/static 0766 pleroma pleroma -"
"d /var/lib/pleroma/uploads 0766 pleroma pleroma -"
"L+ /var/lib/pleroma/static/frontends/soapbox/${soapbox.version} 0766 pleroma pleroma - ${soapbox}"
];
services.nginx.virtualHosts."podkos.xyz" = {
http2 = true;
useACMEHost = "podkos.xyz";
forceSSL = true;
locations."/" = {
proxyPass = "http://unix:${socketPath}";
extraConfig = ''
etag on;
gzip on;
add_header 'Access-Control-Allow-Origin' '*' always;
add_header 'Access-Control-Allow-Methods' 'POST, PUT, DELETE, GET, PATCH, OPTIONS' always;
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Idempotency-Key' always;
add_header 'Access-Control-Expose-Headers' 'Link, X-RateLimit-Reset, X-RateLimit-Limit, X-RateLimit-Remaining, X-Request-Id' always;
if ($request_method = OPTIONS) {
return 204;
}
add_header X-XSS-Protection "1; mode=block";
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header Referrer-Policy same-origin;
add_header X-Download-Options noopen;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
client_max_body_size 8m;
'';
};
};
systemd.services.pleroma.serviceConfig = {
RuntimeDirectory = "pleroma";
RuntimeDirectoryPreserve = true;
ExecStartPost = "${socketChmod}/bin/pleroma-socket";
ExecStopPost = ''${pkgs.coreutils}/bin/rm -f ${socketPath}'';
};
services.pleroma = {
enable = true;
secretConfigFile = "/var/lib/pleroma/secrets.exs";
configs = [
''
import Config
config :pleroma, Pleroma.Web.Endpoint,
url: [host: "podkos.xyz", scheme: "https", port: 443],
http: [ip: {:local, "${socketPath}"}, port: 0]
config :pleroma, :instance,
name: "Podziemia Kosmosu",
email: "admin@podkos.xyz",
notify_email: "noreply@podkos.xyz",
limit: 5000,
registrations_open: false
config :pleroma, :media_proxy,
enabled: false,
redirect_on_failure: true
config :pleroma, Pleroma.Repo,
adapter: Ecto.Adapters.Postgres,
socket: "/run/postgresql/.s.PGSQL.5432",
username: "pleroma",
database: "pleroma"
# Configure web push notifications
config :web_push_encryption, :vapid_details,
subject: "mailto:admin@podkos.x yz"
config :pleroma, :frontends,
primary: %{
"name" => "soapbox",
"ref" => "${soapbox.version}"
}
config :pleroma, :database, rum_enabled: false
config :pleroma, :instance, static_dir: "/var/lib/pleroma/static"
config :pleroma, Pleroma.Uploaders.Local, uploads: "/var/lib/pleroma/uploads"
config :pleroma, configurable_from_database: true
config :pleroma, Pleroma.Upload, filters: [Pleroma.Upload.Filter.AnonymizeFilename]
''
];
};
};
}
@@ -0,0 +1,141 @@
{ config, pkgs, lib, materusArg, ... }:
{
options.valkyrieService.secureyoursoul.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable secureyoursoul, web archive";
config =
let
cfg = config.valkyrieService.secureyoursoul;
in
lib.mkIf cfg.enable {
systemd.timers.secureyoursoul-steam = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*-*-1,7,14,21 3:00:00";
Persistent = true;
Unit = "secureyoursoul-steam.service";
};
};
systemd.timers.secureyoursoul-p1 = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*-*-3,9,16,23 3:00:00";
Persistent = true;
Unit = "secureyoursoul-p1.service";
};
};
systemd.timers.secureyoursoul-p2 = {
wantedBy = [ "timers.target" ];
timerConfig = {
OnCalendar = "*-*-5,11,18,25 3:00:00";
Persistent = true;
Unit = "secureyoursoul-p2.service";
};
};
systemd.services.secureyoursoul-steam = {
description = "Make curl requests to archive steam related things";
path = [ pkgs.coreutils pkgs.util-linux pkgs.curl ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = false;
script = ''
STEAM_IDS=( ${ builtins.foldl' (x: y: x +"\""+ y + "\" ") "" materusArg.to_save.steamids })
EXTRA_LINKS=( ${ builtins.foldl' (x: y: x +"\""+ y + "\" ") "" materusArg.to_save.extraLinks-steam })
steamladder() {
for id in ''${STEAM_IDS[@]}; do
curl -X POST -H "Authorization: Token ''$(cat ${config.sops.secrets.steamladder-api.path})" \
"https://steamladder.com/api/v1/profile/$id/"
done;
}
webarchive(){
for id in ''${STEAM_IDS[@]}; do
curl -X POST -H "Accept: application/json" \
-H "Authorization: LOW ''$(cat ${config.sops.secrets.webarchive-accesskey.path}):''$(cat ${config.sops.secrets.webarchive-secretkey.path})" \
-d"url=https://steamcommunity.com/profiles/$id" \
-d"capture_outlinks=1" \
-d"capture_screenshot=on" \
-d"capture_all=on" \
"https://web.archive.org/save";
sleep 180;
done;
for link in ''${EXTRA_LINKS[@]}; do
curl -X POST -H "Accept: application/json" \
-H "Authorization: LOW ''$(cat ${config.sops.secrets.webarchive-accesskey.path}):''$(cat ${config.sops.secrets.webarchive-secretkey.path})" \
-d"url=$link" \
-d"capture_outlinks=1" \
-d"capture_screenshot=on" \
-d"capture_all=on" \
"https://web.archive.org/save";
sleep 180;
done;
}
steamladder &
webarchive
wait
'';
};
systemd.services.secureyoursoul-p1 = {
description = "Make curl requests to archive related things";
path = [ pkgs.coreutils pkgs.util-linux pkgs.curl ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = false;
script = ''
EXTRA_LINKS=( ${ builtins.foldl' (x: y: x +"\""+ y + "\" ") "" materusArg.to_save.extraLinks1 })
webarchive(){
for link in ''${EXTRA_LINKS[@]}; do
curl -X POST -H "Accept: application/json" \
-H "Authorization: LOW ''$(cat ${config.sops.secrets.webarchive-accesskey.path}):''$(cat ${config.sops.secrets.webarchive-secretkey.path})" \
-d"url=$link" \
-d"capture_outlinks=1" \
-d"capture_screenshot=on" \
-d"capture_all=on" \
"https://web.archive.org/save";
sleep 180;
done;
}
webarchive
'';
};
systemd.services.secureyoursoul-p2 = {
description = "Make curl requests to archive related things - part 2";
path = [ pkgs.coreutils pkgs.util-linux pkgs.curl ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = false;
script = ''
EXTRA_LINKS=( ${ builtins.foldl' (x: y: x +"\""+ y + "\" ") "" materusArg.to_save.extraLinks2 })
webarchive(){
for link in ''${EXTRA_LINKS[@]}; do
curl -X POST -H "Accept: application/json" \
-H "Authorization: LOW ''$(cat ${config.sops.secrets.webarchive-accesskey.path}):''$(cat ${config.sops.secrets.webarchive-secretkey.path})" \
-d"url=$link" \
-d"capture_outlinks=1" \
-d"capture_screenshot=on" \
-d"capture_all=on" \
"https://web.archive.org/save";
sleep 180;
done;
}
webarchive
'';
};
};
}
@@ -0,0 +1,154 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running `nixos-help`).
{ config, pkgs, materusArg, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
];
networking.firewall.allowedTCPPorts = [ 1900 ];
networking.firewall.allowedUDPPorts = [ 1900 7359];
materus.profile.nixpkgs.enable = true;
environment.systemPackages = with pkgs; [
libraspberrypi
raspberrypi-eeprom
git
p7zip
unrar
bzip2
unzip
zstd
xz
zip
gzip
];
boot.tmp.useTmpfs = true;
services.xserver.enable = false;
networking.hostName = "waffentrager";
services.openssh.enable = true;
services.openssh.settings.PermitRootLogin = "no";
users.users.materus = {
isNormalUser = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keyFiles = [ ("${materusArg.cfg.path}" + "/extraFiles/keys/ssh/materus.pub") ];
hashedPasswordFile = config.sops.secrets."users/materus".path;
shell = pkgs.zsh;
};
nix = {
settings = {
auto-optimise-store = true;
experimental-features = [ "nix-command" "flakes" "no-url-literals" ];
trusted-users = [ "root" "@wheel" ];
substituters = [
"https://nix-community.cachix.org"
"https://cache.nixos.org/"
"https://nixerus.cachix.org/"
];
trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nixerus.cachix.org-1:2x7sIG7y1vAoxc8BNRJwsfapZsiX4hIl4aTi9V5ZDdE=" ];
};
};
# Use the extlinux boot loader. (NixOS wants to enable GRUB by default)
boot.loader.grub.enable = false;
# Enables the generation of /boot/extlinux/extlinux.conf
boot.loader.generic-extlinux-compatible.enable = true;
# networking.hostName = "nixos"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
# time.timeZone = "Europe/Amsterdam";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkbOptions in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
# services.xserver.layout = "us";
# services.xserver.xkbOptions = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# sound.enable = true;
# hardware.pulseaudio.enable = true;
# Enable touchpad support (enabled default in most desktopManager).
services.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.alice = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = with pkgs; [
# firefox
# tree
# ];
# };
# List packages installed in system profile. To search, run:
# $ nix search wget
# environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
# services.openssh.enable = true;
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It's perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
}
@@ -0,0 +1,18 @@
{ config, pkgs, materusCfg, ... }:
{
imports = [
materusCfg.configInputs.nixos-hardware.nixosModules.raspberry-pi-4
./configuration.nix
./secrets
./services
];
virtualisation.podman.autoPrune.enable = true;
virtualisation.podman.autoPrune.dates = "daily";
virtualisation.podman.defaultNetwork.settings = {
default_subnet = "10.88.0.0/16";
};
virtualisation.oci-containers.backend = "podman";
}
@@ -0,0 +1,46 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.kernelPackages = pkgs.linuxPackages_rpi4;
boot.initrd.availableKernelModules = [ "xhci_pci" "usb_storage" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.kernel.sysctl = {
"vm.swappiness" = 10;
};
fileSystems."/" =
{
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
fsType = "ext4";
};
fileSystems."/etc/nixos" =
{
device = "/materus/config/nixos-config";
fsType = "none";
options = [ "bind" ];
};
swapDevices = [{
device = "/var/.swapfile";
size = 8 * 1024;
}];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.end0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = "aarch64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand";
}
@@ -0,0 +1,17 @@
{ config, pkgs, lib, ... }:
{
home.stateVersion = "23.11";
home.homeDirectory = "/home/materus";
materus.profile = {
fonts.enable = false;
nixpkgs.enable = false;
enableDesktop = false;
enableTerminal = false;
enableTerminalExtra = false;
enableNixDevel = false;
fish.enable = false;
bash.enable = true;
zsh.enable = true;
};
}
@@ -0,0 +1,38 @@
{ materusCfg, ... }:
{
imports =
[
] ++ (if (materusCfg.materusFlake.decrypted) then [ ./private ] else [ ]);
sops.age.generateKey = false;
sops.gnupg.home = null;
sops.gnupg.sshKeyPaths = [ ];
sops.defaultSopsFile = materusCfg.hostPath + "/secrets/secrets.yaml";
services.openssh.hostKeys = [
{
bits = 4096;
path = "/materus/root/ssh_host_rsa_key";
type = "rsa";
}
{
path = "/materus/root/ssh_host_ed25519_key";
type = "ed25519";
}
];
sops.secrets.wireguard = { };
sops.secrets."users/materus" = { neededForUsers = true; };
sops.secrets.elements = { };
sops.secrets.nextcloud-adminpass = { };
sops.secrets.maloja = { };
sops.secrets.maloja-api = { };
sops.secrets.spotify-client-id = {};
sops.secrets.spotify-client-secret = {};
sops.secrets.lastfm-user= {};
sops.secrets.lastfm-pass = {};
sops.secrets.lastfm-api = {};
sops.secrets.lastfm-secret = {};
sops.secrets.lastfm-token = {};
sops.secrets.listenbrainz-api = {};
}
@@ -0,0 +1,52 @@
wireguard: ENC[AES256_GCM,data:fFQKj78HGLDmslDST+usAZxWDanHkUORBgIeOb7lQN4EPXdz6mQODHhn1ek=,iv:/BbbiFlfk8fMX4yFgVXuYkxitbRJqai5PHku2wZUFw4=,tag:cutoXkApljbB3bgSvaS1LQ==,type:str]
nextcloud-adminpass: ENC[AES256_GCM,data:5vohRPEcJJ8gIRro38O73ufSYYEp1DXpBgjCPdPnMcg=,iv:STh3k5wUwx3AfSDTPCXhuXbPb3d+Vi1cAaQN2a9eW1w=,tag:Ef/Z2Idvl6575Jvs2GDJ8A==,type:str]
jwt: ENC[AES256_GCM,data:1Qn7DaBZr8vEa8VZiv2BpwePPOBYRTdHEiDv0asUbvhCtfHvhG4mX5/plyRPlQok6FLEjEzKZTEdnvyyOtFEgA==,iv:kqfHkEr0jkKAro9gQup6CeopQnjfMGhEqbVL81wnDgc=,tag:gP/WACy5cOzzmQOh1v8wsQ==,type:str]
lldap-database: ENC[AES256_GCM,data:rNLS4WwvqRd3TFWDXaf8UmDTRsHZNPPS,iv:URV4Oz4ik2vHb03+Zh7ND+AbozSmoXpxENpvad4yvRI=,tag:6TbuMCnHwtTaG5mMWVN/mQ==,type:str]
authelia-storagekey: ENC[AES256_GCM,data:T5b5QWf6vlGHniuUic0tEFSJNNWaFbvi3emZOWEQz0AhNqDpxJZqO57KdjZ02NVMoxHN54c0ChWlHRCoAj234A==,iv:Rch5RQ0oblTTWXz0it7zZuYQNYhYMa0MsorAx9N4GV0=,tag:+GlwGnPXLukzDnW6BUf6Hg==,type:str]
authelia-database: ENC[AES256_GCM,data:XZYk4clzLaMb3/plELOnEoy4bwu/YSQg,iv:TGDKjLdcdmwEI12XDDNGHTgYnJxB+vV6RaomKU+jwpY=,tag:c/p7X4tzPWWiLvAL7DJmYg==,type:str]
ldap-master: ENC[AES256_GCM,data:jiinK8xzuKiTwB9k44okgj+sWWEgbeay,iv:Slvci3EBylIbP/I6NFIJTd3eitxVApXrORtnXY48eGg=,tag:OwaVYBNxNbQyIHrqOcUGhg==,type:str]
elements: ENC[AES256_GCM,data:Kh6ueReXpj9h5yQ3P0qY8X1ow4RRZD9zyXZLS6DUIIVuthgqgu9dPzBc7ojnz6nXoYTHt1I2LJJKLOGQYZC+iVxXOk+QADJMPwY4NCyeZ3prgvYMghlD,iv:WFA/UQ0XDFjpbgaDEacrBxkteLitXv3CJP54ANVSJHM=,tag:M+tTpTR0alvQxvUiP2MWlA==,type:str]
users:
materus: ENC[AES256_GCM,data:MhPrMJ4/0oxEsFZDUKcYb3WMUWLI2ZbRTgnh1fQZG1Ly2J781jcUWtA8vVAdMBedNfWky0mDq5+KEQ/2fJNGU4IkTBvLdAqnWw==,iv:Dpl+M+x1weNIVkEsf3I/uXpG0SM6bDz+d9w7AYwn/MY=,tag:yGc1D2ODp6Te/QAztOj7yA==,type:str]
maloja: ENC[AES256_GCM,data:V/WV0181zupKLiDtf5pinwYFFzL1hg+j,iv:KmGHapsD7thnmgkHwnTYFP/fvBS6dft9ZmmFN4AZEXs=,tag:uEmZaFkvBIQfu+3+0gQFlg==,type:str]
maloja-api: ENC[AES256_GCM,data:8vLC1a5pL8ldS7LWXqA/HOqtnyYFQk7/oisGgOOYH7TtnpBL93I2O3mWQIGCZUwWqMWFLvbOxIAnpoS0Qmg=,iv:swziHFypoh1YZkyEpDhqH2BhqUrWi0J63CqzORyY4s4=,tag:B9kkYHqyWP0KGPMD4S1I1A==,type:str]
spotify-client-id: ENC[AES256_GCM,data:2vC2E7rHBrZ2VHTGqYRJp1fWNWprDaYq4J6gJ7tTfF0=,iv:KQJgzUiD70N2vQeTO9r8ucC96xc9mSW9VlU2IGmKT7Y=,tag:kWR+1Hhb4yGK/AAqxMCd3A==,type:str]
spotify-client-secret: ENC[AES256_GCM,data:MKHo36AF1hHiXERltKdeMiuMhiGyyH8E3TqQfTf1tqc=,iv:/dPWUqjDtxZUOLZRx2lrHuU5Sf2fch2Fvnl+20KZ5dk=,tag:ZgsbCFBNHXSUuHbdSlrm4w==,type:str]
lastfm-user: ENC[AES256_GCM,data:o/FUjIiB9PcFTQ==,iv:UtovNmHISz9jUj+HFZPIduZj6h3ayjA5RyVlh11k8LM=,tag:bS3ReGR2BRcs3lcutt95UQ==,type:str]
lastfm-pass: ENC[AES256_GCM,data:g90kxN+HkSqN+B9XFH6AvbD376bHFPVI,iv:ZRxKxdKXIgKOm7TKKPLR1yLzTBjuCWQk4tTJN5d/0N4=,tag:soIJI75WAhoiXwVYlxkmQA==,type:str]
lastfm-api: ENC[AES256_GCM,data:UxGOqFEsjDb5zBXjm6G+66zlr5M0pk/NdTad3a5MBVE=,iv:3v9Lg0bjmlAhcSOjCW44CN7FezSdNG3KVVLrk1G9Ies=,tag:amgDr25PYiB+E7+D/fVEOw==,type:str]
lastfm-secret: ENC[AES256_GCM,data:z+XqodyRm9qnZwYwdON/KwAQ3E6hSI+mA0Nby0PQVT4=,iv:sY3Eqr7ZCx5lwjZaRFSghx/3OjuWlDQHQywgt7LpoIo=,tag:f7j1PFanHfLdDK+ASusCMA==,type:str]
lastfm-token: ENC[AES256_GCM,data:X877lDOXtou5OF0KbkvuJ4rhJ+3IY5XnyXlqq4LuSb8=,iv:f8t36ut6zlHvBuKGmJabyc9nHViQvUcqNvCVy0YIeB8=,tag:0h9Jm1h2cxegUXXk6UTz9Q==,type:str]
listenbrainz-api: ENC[AES256_GCM,data:eh03MPc5kn7CUDXXnEJTx4DXv9BpyabyRL+ENDFJw+kS66tV,iv:gerOaZ3gqM7ccLursFuCJrW1HcSjlTGk0wOLM8x4/2A=,tag:ZqxYNlgdqV0zRUUHm7VK3Q==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1j34lqh0z6ak2c94n564wgyjeykn9srma34f5e5e7xvf498fwk3rqxvwx0l
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvejRrcGVwZHNkTVB5dkYr
RnhVVjNEblFVd0xXSStqdjFhWVVNS3ljUTNZCnBFVmRRVVVENGhJUVg2L1lSM1NO
dkQydVhOaFVxd0p0aFhVcmp6eXdGeVEKLS0tIFIvRDlvZDdsbm1USEZUZ3FYMmla
eFN4VVdUMkVjcTVWNFdLM0xtbExLdncK6LYUufWzIcd2jFyEeZDypo0xkJQ4z91F
ULyGxJLLWl6/inYXtxHNdxIIPfwW+5yppBAbXaOgvABi1E7tf1JZcA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-13T18:29:55Z"
mac: ENC[AES256_GCM,data:djOmSpNrZoFgUK4JlueCUpZtvHldVEsH90ASO+strLJ7wd1MEFdQaYyNonvTaUUzJQkUncyX3cXdO9Aoj9B6CPSKAuSKE7LRScCCXn+OezwUB5d5m/jLy4KmRhtADO0QHap4+/3fXzOupsHyZpVMIjwUw4tJ9MZMT8iMtbaHv2A=,iv:x4RaxRelUOyyTWpTLFRik92TibE+2mFctz/OYHvBoZA=,tag:S9dIzTc7rVBSFXUISuEDAQ==,type:str]
pgp:
- created_at: "2024-03-21T18:15:00Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hF4D5fSX77p80GYSAQdAWetrf0jhs/b9qcQc4b21+PJUPdSjk372BjokfwJ2oXQw
4LaIaNB3LRmY4FF3UOqk28NwkwBw6n0AzYKC/k1G4ntaNBMI9eDtFJ1c1+KkxSl2
1GYBCQIQMCKcu2aBEMiIGOyG08vcRW2T23DUAfTQqQdRKD/SgSTqAZLSICVJ91xU
TBsdiPBKO2cRDfPc7DlVLbPNe/SUqVUX9N4GTGPUocXc1s6lvgx3NBP5cGoSNx+A
xCmXl373IDc=
=uSyc
-----END PGP MESSAGE-----
fp: 28D140BCA60B4FD1
unencrypted_suffix: _unencrypted
version: 3.8.1
@@ -0,0 +1,80 @@
{ config, pkgs, lib, materusArg, ... }:
{
options.waffentragerService.auth.authelia.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable authelia";
config =
let
cfg = config.waffentragerService.auth.authelia;
port = 9091;
in
lib.mkIf cfg.enable {
sops.secrets."authelia-storagekey" = { owner = "authelia"; };
sops.secrets."authelia-database" = { owner = "authelia"; };
sops.secrets."ldap-master" = { owner = "authelia"; };
users.users.authelia = {
group = "lldap";
isSystemUser = true;
};
services.authelia.instances.main = {
enable = true;
user = "authelia";
environmentVariables = {
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE = config.sops.secrets."ldap-master".path;
AUTHELIA_STORAGE_POSTGRES_PASSWORD_FILE = config.sops.secrets."authelia-database".path;
};
secrets = {
jwtSecretFile = config.sops.secrets.jwt.path;
storageEncryptionKeyFile = config.sops.secrets."authelia-storagekey".path;
};
settings = {
access_control = {
default_policy = "one_factor";
};
authentication_backend = {
ldap.url = "ldap://127.0.0.1:3890";
ldap.implementation = "custom";
ldap.base_dn = config.services.lldap.settings.ldap_base_dn;
ldap.user = "CN=master,ou=people,DC=podkos,DC=pl";
ldap.additional_users_dn = "OU=people";
ldap.users_filter = "(&({username_attribute}={input})(objectClass=person))";
ldap.additional_groups_dn = "OU=groups";
ldap.groups_filter = "(&(member={dn})(objectClass=groupOfNames))";
};
storage = {
postgres.host = "/var/run/postgresql";
postgres.port = "5432";
postgres.database = "authelia";
postgres.username = "authelia";
};
notifier = {
disable_startup_check = false;
filesystem.filename = "/tmp/test_notification.txt";
};
session = {
name = "materus-session";
domain = "materus.pl";
};
default_redirection_url = "https://materus.pl";
server.port = port;
};
};
services.nginx.virtualHosts."gatekeeper.materus.pl" = {
forceSSL = true;
http3 = true;
sslTrustedCertificate = "/var/lib/mnt_acme/materus.pl/chain.pem";
sslCertificateKey = "/var/lib/mnt_acme/materus.pl/key.pem";
sslCertificate = "/var/lib/mnt_acme/materus.pl/fullchain.pem";
locations."/" = {
proxyPass = "http://127.0.0.1:${builtins.toString port}";
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
'';
};
};
};
}
@@ -0,0 +1,13 @@
{ config, materusArg, lib, pkgs, ... }:
{
imports =
[
./lldap.nix
./authelia.nix
];
config =
{
waffentragerService.auth.lldap.enable = true;
waffentragerService.auth.authelia.enable = true;
};
}
@@ -0,0 +1,71 @@
{ config, pkgs, lib, materusArg, ... }:
{
options.waffentragerService.auth.lldap.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable lldap";
config =
let
cfg = config.waffentragerService.auth.lldap;
in
lib.mkIf cfg.enable {
waffentragerService.elements.enable = true;
waffentragerService.nginx.enable = true;
services.nginx.virtualHosts."mamba.podkos.pl" = {
forceSSL = true;
http3 = true;
sslTrustedCertificate = "/var/lib/mnt_acme/mamba.podkos.pl/chain.pem";
sslCertificateKey = "/var/lib/mnt_acme/mamba.podkos.pl/key.pem";
sslCertificate = "/var/lib/mnt_acme/mamba.podkos.pl/fullchain.pem";
locations."/" = {
proxyPass = "http://127.0.0.1:17170";
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
allow ${materusArg.ip-masks.wireguard.main};
allow 192.168.100.0/24;
deny all;
'';
};
};
systemd.services.lldap = {
requires = [ "elements-mount.service" ];
after = [ "elements-mount.service" ];
serviceConfig = {
DynamicUser = lib.mkForce false;
WorkingDirectory = lib.mkForce config.waffentragerService.elements.lldapDir;
};
};
users.groups.lldap = { };
users.users.lldap = {
group = "lldap";
isSystemUser = true;
};
sops.secrets.jwt = { owner = "lldap"; group = "lldap"; mode = "0440"; };
sops.secrets."lldap-database" = { owner = "lldap"; group = "lldap"; };
services.lldap.enable = true;
services.lldap.environmentFile = config.sops.templates."lldap.env".path;
sops.templates."lldap.env" = {
content = ''
LLDAP_JWT_SECRET_FILE="${config.sops.secrets.jwt.path}"
LLDAP_DATABASE_URL="postgres://lldap:${config.sops.placeholder."lldap-database"}@%2Fvar%2Frun%2Fpostgresql/lldap"
'';
owner = "lldap";
group = "lldap";
};
services.lldap.settings = {
ldap_base_dn = "dc=podkos,dc=pl";
ldap_host = "127.0.0.1";
http_url = "https://mamba.podkos.pl";
ldap_user_dn = "master";
ldap_user_email = "materus@podkos.pl";
ldap_port = 3890;
key_seed = materusArg.waffentrager.lldap.seed;
};
};
}
@@ -0,0 +1,30 @@
{ ... }:
{
imports =
[
./storage/elements.nix
./storage/mount-acme.nix
./storage/gitea.nix
./storage/nextcloud.nix
./storage/samba.nix
./storage/syncthing.nix
./multimedia/jellyfin.nix
./multimedia/scrobbling.nix
./monitoring.nix
./nginx.nix
./postgresql.nix
./auth
];
waffentragerService.elements.enable = true;
waffentragerService.postgresql.enable = true;
waffentragerService.mount-acme.enable = true;
waffentragerService.gitea.enable = true;
waffentragerService.nginx.enable = true;
waffentragerService.nextcloud.enable = true;
waffentragerService.samba.enable = true;
waffentragerService.jellyfin.enable = true;
waffentragerService.scrobbling.enable = true;
waffentragerService.syncthing.enable = true;
waffentragerService.monitoring.enable = true;
}
@@ -0,0 +1,57 @@
{ materusArg, config, lib, ... }:
{
options.waffentragerService.monitoring.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable monitoring";
config =
let
cfg = config.waffentragerService.monitoring;
in
lib.mkIf cfg.enable {
services.grafana = {
dataDir = "${config.waffentragerService.elements.path}/services/grafana";
enable = true;
settings = {
server = {
http_addr = "127.0.0.1";
http_port = 3232;
domain = "watchman.materus.pl";
serve_from_sub_path = true;
};
};
};
services.prometheus = {
enable = true;
port = 3233;
globalConfig.scrape_interval = "30s";
stateDir = "elements/services/prometheus";
scrapeConfigs = [
{
job_name = "node";
static_configs = [{
targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ];
}];
}
];
};
services.prometheus.exporters.node = {
enable = true;
port = 3234;
enabledCollectors = [ "systemd" ];
extraFlags = [ "--collector.ethtool" "--collector.softirqs" "--collector.tcpstat" "--collector.wifi" ];
};
services.nginx.virtualHosts."watchman.materus.pl" = {
addSSL = true;
sslTrustedCertificate = "/var/lib/mnt_acme/materus.pl/chain.pem";
sslCertificateKey = "/var/lib/mnt_acme/materus.pl/key.pem";
sslCertificate = "/var/lib/mnt_acme/materus.pl/fullchain.pem";
http2 = false;
http3 = true;
locations."/" = {
proxyPass = "http://${toString config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}";
proxyWebsockets = true;
recommendedProxySettings = true;
};
};
};
}
@@ -0,0 +1,150 @@
{ lib, config, materusArg, ... }:
{
options.waffentragerService.jellyfin.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable jellyfin";
config =
let
cfg = config.waffentragerService.jellyfin;
in
lib.mkIf cfg.enable {
services.jellyfin = rec {
enable = true;
openFirewall = true;
user = "materus";
group = "nextcloud";
dataDir = config.waffentragerService.elements.jellyfinDir;
cacheDir = "${dataDir}/cache";
};
/*
services.jellyseerr = {
enable = true;
openFirewall = true;
};*/
services.nginx = {
appendHttpConfig = ''
map $request_uri $h264Level { ~(h264-level=)(.+?)& $2; }
map $request_uri $h264Profile { ~(h264-profile=)(.+?)& $2; }
'';
proxyCachePath."jellyfin" = {
enable = true;
maxSize = "1g";
levels = "1:2";
keysZoneName = "jellyfin";
keysZoneSize = "100m";
inactive = "1d";
useTempPath = false;
};
virtualHosts = {
"noot.materus.pl" = {
extraConfig = ''
client_max_body_size 20M;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "0"; # Do NOT enable. This is obsolete/dangerous
add_header X-Content-Type-Options "nosniff";
add_header Permissions-Policy "accelerometer=(), ambient-light-sensor=(), battery=(), bluetooth=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), payment=(), publickey-credentials-get=(), serial=(), sync-xhr=(), usb=(), xr-spatial-tracking=()" always;
'';
sslTrustedCertificate = "/var/lib/mnt_acme/materus.pl/chain.pem";
sslCertificateKey = "/var/lib/mnt_acme/materus.pl/key.pem";
sslCertificate = "/var/lib/mnt_acme/materus.pl/fullchain.pem";
addSSL = true;
http2 = false;
http3 = true;
locations."~ /Items/(.*)/Images" = {
proxyPass = "http://127.0.0.1:8096";
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_cache jellyfin;
proxy_cache_revalidate on;
proxy_cache_lock on;
'';
};
locations."~ ^/web/htmlVideoPlayer-plugin.[0-9a-z]+.chunk.js$" = {
proxyPass = "http://127.0.0.1:8096";
extraConfig = ''
proxy_set_header Accept-Encoding "";
sub_filter_types *;
sub_filter 'return u=30' 'return u=600';
sub_filter 'return u=6' 'return u=60';
sub_filter 'maxBufferLength:u' 'maxBufferLength:u,maxBufferSize:180000000';
sub_filter_once on;
'';
};
locations."~* ^/Videos/(.*)/(?!live)" = {
proxyPass = "http://127.0.0.1:8096";
extraConfig = ''
# Set size of a slice (this amount will be always requested from the backend by nginx)
# Higher value means more latency, lower more overhead
# This size is independent of the size clients/browsers can request
slice 2m;
proxy_cache jellyfin;
proxy_cache_valid 200 206 301 302 30d;
proxy_ignore_headers Expires Cache-Control Set-Cookie X-Accel-Expires;
proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504;
proxy_connect_timeout 15s;
proxy_http_version 1.1;
proxy_set_header Connection "";
# Transmit slice range to the backend
proxy_set_header Range $slice_range;
# This saves bandwidth between the proxy and jellyfin, as a file is only downloaded one time instead of multiple times when multiple clients want to at the same time
# The first client will trigger the download, the other clients will have to wait until the slice is cached
# Esp. practical during SyncPlay
proxy_cache_lock on;
proxy_cache_lock_age 60s;
proxy_cache_key "jellyvideo$uri?MediaSourceId=$arg_MediaSourceId&VideoCodec=$arg_VideoCodec&AudioCodec=$arg_AudioCodec&AudioStreamIndex=$arg_AudioStreamIndex&VideoBitrate=$arg_VideoBitrate&AudioBitrate=$arg_AudioBitrate&SubtitleMethod=$arg_SubtitleMethod&TranscodingMaxAudioChannels=$arg_TranscodingMaxAudioChannels&RequireAvc=$arg_RequireAvc&SegmentContainer=$arg_SegmentContainer&MinSegments=$arg_MinSegments&BreakOnNonKeyFrames=$arg_BreakOnNonKeyFrames&h264-profile=$h264Profile&h264-level=$h264Level&slicerange=$slice_range";
'';
};
locations."/" = {
proxyPass = "http://127.0.0.1:8096";
extraConfig = ''
proxy_pass_request_headers on;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
'';
};
locations."/socket" = {
proxyPass = "http://127.0.0.1:8096";
extraConfig = ''
proxy_pass_request_headers on;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Protocol $scheme;
proxy_set_header X-Forwarded-Host $http_host;
'';
};
};
};
};
};
}
@@ -0,0 +1,240 @@
{ config, pkgs, lib, materusArg, ... }:
{
options.waffentragerService.scrobbling.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable scrobbling";
config =
let
cfg = config.waffentragerService.scrobbling;
in
#### MALOJA --------------------------------------------------------------------
lib.mkIf cfg.enable {
sops.templates."maloja.env".content = ''
MALOJA_DATA_DIRECTORY=/data
MALOJA_DIRECTORY_STATE=/data/state
MALOJA_DIRECTORY_CACHE=/data/cache
MALOJA_SKIP_SETUP=yes
MALOJA_FORCE_PASSWORD=${config.sops.placeholder.maloja}
MALOJA_SPOTIFY_API_ID=${config.sops.placeholder.spotify-client-id}
MALOJA_SPOTIFY_API_SECRET=${config.sops.placeholder.spotify-client-secret}
MALOJA_NAME=Melody
MALOJA_WEEK_OFFSET=1
PUID=${builtins.toString config.users.users.scrobbler.uid}
PGID=${builtins.toString config.users.groups.scrobbler.gid}
TC=Europe/Warsaw
TIMEZONE=Europe/Warsaw
'';
services.nginx.virtualHosts = {
"melody.materus.pl" = {
sslTrustedCertificate = "/var/lib/mnt_acme/materus.pl/chain.pem";
sslCertificateKey = "/var/lib/mnt_acme/materus.pl/key.pem";
sslCertificate = "/var/lib/mnt_acme/materus.pl/fullchain.pem";
addSSL = true;
http2 = false;
http3 = true;
locations."/" = {
proxyPass = "http://127.0.0.1:42010";
extraConfig = ''
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
'';
};
};
};
virtualisation.oci-containers.containers.maloja =
{
image = "krateng/maloja:latest";
ports = [
"42010:42010"
];
volumes = [
"${config.waffentragerService.elements.malojaDir}:/data"
];
environmentFiles = [
config.sops.templates."maloja.env".path
];
};
systemd.services."${config.virtualisation.oci-containers.backend}-maloja" =
let
malojaCfg = pkgs.writeText "settings.ini" ''[MALOJA]
directory_config = /data
lastfm_api_key = False
audiodb_api_key = False
spotify_api_id = False
spotify_api_secret = False
delimiters_feat = ["ft.","ft","feat.","feat","featuring","Ft.","Ft","Feat.","Feat","Featuring"]
delimiters_informal = ["vs.","vs","&","with"]
delimiters_formal = ["; ",";"]
metadata_providers = ["spotify","deezer","lastfm","audiodb","musicbrainz"]
'';
in
{
requires = [ "elements-mount.service" ];
after = [ "elements-mount.service" ];
preStart = ''cp --update=none ${malojaCfg} ${config.waffentragerService.elements.malojaDir}/settings.ini'';
};
#### MULTI SCROBBLER --------------------------------------------------------------------
users.groups.scrobbler = { gid = 3000; };
users.users.scrobbler = {
group = "scrobbler";
uid = 3000;
isSystemUser = true;
};
sops.templates."multi-scrobbler.env".content = ''
TC=Europe/Warsaw
CONFIG_DIR=/config
PUID=${builtins.toString config.users.users.scrobbler.uid}
PGID=${builtins.toString config.users.groups.scrobbler.gid}
'';
sops.templates."multi-scrobbler.json".owner = "scrobbler";
sops.templates."multi-scrobbler.json".group = "scrobbler";
sops.templates."multi-scrobbler.json".content = builtins.toJSON {
baseUrl = "https://scrobbler.materus.pl";
disableWeb = false;
debugMode = false;
sources = [
{
name = "materus-spotify";
enable = true;
clients = [ "maloja" ];
data = {
clientId = "${config.sops.placeholder.spotify-client-id}";
clientSecret = "${config.sops.placeholder.spotify-client-secret}";
redirectUri = "https://scrobbler.materus.pl/callback";
interval = 30;
};
type = "spotify";
}
{
name = "materus-jellyfin";
enable = true;
clients = [ "maloja" ];
data = {
users = [
"materus"
];
servers = [
"waffentrager"
];
};
options = {
logPayload = false;
logFilterFailure = "warn";
};
type = "jellyfin";
}
];
clients = [
{
name = "maloja";
enable = true;
data = {
url = "https://melody.materus.pl/";
apiKey = "${config.sops.placeholder.maloja-api}";
};
type = "maloja";
}
{
name = "materus-brainz";
enable = true;
configureAs = "client";
data = {
token = "${config.sops.placeholder.listenbrainz-api}";
username = "materus";
};
type = "listenbrainz";
}
{
name = "materus-lastfm";
enable = true;
configureAs = "client";
data = {
apiKey = "${config.sops.placeholder.lastfm-api}";
secret = "${config.sops.placeholder.lastfm-secret}";
redirectUri = "https://scrobbler.materus.pl/lastfm/callback";
};
type = "lastfm";
}
];
};
services.nginx.virtualHosts = {
"scrobbler.materus.pl" = {
sslTrustedCertificate = "/var/lib/mnt_acme/materus.pl/chain.pem";
sslCertificateKey = "/var/lib/mnt_acme/materus.pl/key.pem";
sslCertificate = "/var/lib/mnt_acme/materus.pl/fullchain.pem";
addSSL = true;
http2 = false;
http3 = true;
locations."/" = {
proxyPass = "http://127.0.0.1:42011";
extraConfig = ''
allow ${materusArg.ip-masks.wireguard.main};
allow 192.168.100.0/24;
deny all;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
'';
};
};
};
systemd.services."${config.virtualisation.oci-containers.backend}-multi-scrobbler" =
{
preStart = ''cp -f ${config.sops.templates."multi-scrobbler.json".path} ${config.waffentragerService.elements.malojaDir}/multi-scrobbler/config.json'';
requires = [ "elements-mount.service" ];
after = [ "elements-mount.service" ];
};
virtualisation.oci-containers.containers.multi-scrobbler = {
image = "foxxmd/multi-scrobbler:latest";
ports = [
"127.0.0.1:42011:9078"
];
volumes = [
"${config.waffentragerService.elements.malojaDir}/multi-scrobbler:/config"
];
environmentFiles = [
config.sops.templates."multi-scrobbler.env".path
];
};
};
}
@@ -0,0 +1,39 @@
{ materusArg, config, lib, pkgs, ... }:
{
options.waffentragerService.nginx.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable nginx";
config =
let
cfg = config.waffentragerService.nginx;
in
lib.mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
package = pkgs.tengine;
virtualHosts."default" = {
sslTrustedCertificate = "/var/lib/mnt_acme/materus.pl/chain.pem";
sslCertificateKey = "/var/lib/mnt_acme/materus.pl/key.pem";
sslCertificate = "/var/lib/mnt_acme/materus.pl/fullchain.pem";
forceSSL = true;
http2 = false;
default = true;
locations."/" = { extraConfig = ''deny all;''; };
};
};
systemd.services.nginx = {
requires = [ "var-lib-mnt_acme.mount" ];
after = [ "var-lib-mnt_acme.mount" ];
serviceConfig = {
restart = "always";
restartSec = 60;
};
};
};
}
@@ -0,0 +1,27 @@
{ materusArg, config, lib, pkgs, ... }:
{
options.waffentragerService.postgresql.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable postgresql";
options.waffentragerService.postgresql.version = lib.mkOption { default = "16"; };
config =
let
cfg = config.waffentragerService.postgresql;
in
lib.mkIf cfg.enable {
waffentragerService.elements.enable = true;
services.postgresql.enable = true;
services.postgresql.package = pkgs."postgresql_${cfg.version}";
services.postgresql.dataDir = "${config.waffentragerService.elements.postgresqlDir}/${cfg.version}";
services.postgresql.enableJIT = true;
services.postgresql.authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all 127.0.0.1/32 scram-sha-256
host all all ::1/128 scram-sha-256
'';
systemd.services.postgresql = {
requires = [ "elements-mount.service" ];
after = [ "elements-mount.service" ];
};
};
}
@@ -0,0 +1,65 @@
{ materusArg, config, lib, pkgs, ... }:
{
options.waffentragerService.elements.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable elements drive";
options.waffentragerService.elements.path = lib.mkOption { default = "/var/lib/elements"; };
options.waffentragerService.elements.uuid = lib.mkOption { default = "e32039c6-e98d-44b0-8e7d-120994bf7be1"; };
options.waffentragerService.elements.postgresqlDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/postgresql"; };
options.waffentragerService.elements.nextcloudDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/nextcloud"; };
options.waffentragerService.elements.lldapDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/lldap"; };
options.waffentragerService.elements.jellyfinDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/jellyfin"; };
options.waffentragerService.elements.malojaDir = lib.mkOption { default = "${config.waffentragerService.elements.path}/services/maloja"; };
config =
let
cfg = config.waffentragerService.elements;
in
lib.mkIf cfg.enable {
systemd.services.elements-mount = {
description = "Decrypt and mount elements drive";
wantedBy = [ "multi-user.target" ];
path = [ pkgs.cryptsetup pkgs.coreutils pkgs.util-linux ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = true;
script = ''
mkdir -p ${cfg.path}
cryptsetup luksOpen /dev/disk/by-uuid/${cfg.uuid} elements -d ${config.sops.secrets.elements.path}
mount /dev/mapper/elements ${cfg.path}
''
;
preStop = ''
umount ${cfg.path}
cryptsetup luksClose elements
'';
};
systemd.services.elements-dirmake = {
description = "Create dirs in elements drive";
path = [ pkgs.cryptsetup pkgs.coreutils pkgs.util-linux ];
serviceConfig.Type = "oneshot";
serviceConfig.RemainAfterExit = false;
script = lib.optionalString config.waffentragerService.postgresql.enable ''
mkdir -p ${cfg.postgresqlDir}/${config.waffentragerService.postgresql.version}
chown -R postgres:postgres ${cfg.postgresqlDir}
'' + lib.optionalString config.waffentragerService.nextcloud.enable ''
mkdir -p ${cfg.nextcloudDir}
chown -R nextcloud:nextcloud ${cfg.nextcloudDir}
'' + lib.optionalString config.waffentragerService.auth.lldap.enable ''
mkdir -p ${cfg.lldapDir}
chown -R lldap:lldap ${cfg.lldapDir}
'' + lib.optionalString config.waffentragerService.jellyfin.enable ''
mkdir -p ${cfg.jellyfinDir}
chown -R materus:nextcloud ${cfg.jellyfinDir}
'' + lib.optionalString config.waffentragerService.scrobbling.enable ''
mkdir -p ${cfg.malojaDir}/multi-scrobbler
chown -R scrobbler:scrobbler ${cfg.malojaDir}
''
;
};
};
}
@@ -0,0 +1,62 @@
{ materusArg, config, lib, ... }:
{
options.waffentragerService.gitea.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable gitea";
config =
let
cfg = config.waffentragerService.gitea;
in
lib.mkMerge
[
(lib.mkIf cfg.enable {
waffentragerService.postgresql.enable = true;
waffentragerService.elements.enable = true;
services.gitea.enable = true;
services.gitea.lfs.enable = true;
services.gitea.stateDir = "${config.waffentragerService.elements.path}/services/gitea";
services.gitea.settings.service.DISABLE_REGISTRATION = true;
services.gitea.settings.server.DOMAIN = "baka.materus.pl";
services.gitea.settings.server.ROOT_URL = lib.mkForce "https://baka.materus.pl/";
services.gitea.settings.server.PROTOCOL = "fcgi+unix";
services.gitea.settings.cors = {
ENABLED = true;
X_FRAME_OPTIONS = "ALLOW-FROM https://*.materus.pl/";
};
services.gitea.database.type = "postgres";
services.gitea.database.socket = "/var/run/postgresql/";
})
(lib.mkIf (cfg.enable && config.waffentragerService.nginx.enable) {
services.nginx.virtualHosts = {
"baka.materus.pl" = {
sslTrustedCertificate = "/var/lib/mnt_acme/materus.pl/chain.pem";
sslCertificateKey = "/var/lib/mnt_acme/materus.pl/key.pem";
sslCertificate = "/var/lib/mnt_acme/materus.pl/fullchain.pem";
addSSL = true;
http2 = false;
locations."/" = {
extraConfig = ''
client_max_body_size 2G;
include ${config.services.nginx.package}/conf/fastcgi.conf;
include ${config.services.nginx.package}/conf/fastcgi_params;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
fastcgi_pass unix:/var/run/gitea/gitea.sock;
'';
};
};
};
}
)
];
}
@@ -0,0 +1,20 @@
{ materusArg, config, lib, pkgs, ... }:
{
options.waffentragerService.mount-acme.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable mount-acme";
config =
let
cfg = config.waffentragerService.mount-acme;
in
lib.mkIf cfg.enable {
environment.systemPackages = with pkgs; [ sshfs ];
systemd.mounts = [{
description = "Mount remote acme dir from valkyrie";
what = "acme@valkyrie:/var/lib/acme";
where = "/var/lib/mnt_acme";
type = "fuse.sshfs";
options = "reconnect,gid=${builtins.toString config.ids.gids.nginx},_netdev,rw,nosuid,allow_other,default_permissions,follow_symlinks,idmap=user,compression=yes,identityfile=/materus/root/ssh_host_ed25519_key";
wantedBy = [ "multi-user.target" ];
}];
};
}
@@ -0,0 +1,102 @@
{ materusArg, config, lib, pkgs, ... }:
{
options.waffentragerService.nextcloud.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable nextcloud";
config =
let
cfg = config.waffentragerService.nextcloud;
in
lib.mkIf cfg.enable {
waffentragerService.elements.enable = true;
waffentragerService.postgresql.enable = true;
waffentragerService.nginx.enable = true;
environment.systemPackages = [ pkgs.samba pkgs.exiftool pkgs.ffmpeg-headless ];
sops.secrets.nextcloud-adminpass.owner = config.users.users.nextcloud.name;
sops.secrets.nextcloud-adminpass.group = config.users.users.nextcloud.group;
services.postgresql.ensureDatabases = [ "nextcloud" ];
services.postgresql.ensureUsers = [{
name = "nextcloud";
ensureDBOwnership = true;
}];
services.nextcloud = {
enable = true;
notify_push.enable = true;
package = pkgs.nextcloud31;
hostName = "waffentrager.materus.pl";
home = config.waffentragerService.elements.nextcloudDir;
config.adminuser = "nextcloud-master";
config.adminpassFile = config.sops.secrets.nextcloud-adminpass.path;
config.dbtype = "pgsql";
extraAppsEnable = true;
maxUploadSize = "8G";
https = true;
enableImagemagick = true;
configureRedis = true;
webfinger = true;
appstoreEnable = true;
database.createLocally = true;
nginx.recommendedHttpHeaders = true;
extraApps = with pkgs.nextcloud31Packages.apps; {
inherit notify_push previewgenerator;
};
settings = {
log_type = "file";
"profile.enabled" = true;
default_phone_region = "PL";
trusted_proxies = [ materusArg.ips.valkyrie materusArg.ips.wireguard.valkyrie materusArg.ips.wireguard.waffentrager ];
mail_smtpmode = "sendmail";
mail_sendmailmode = "pipe";
enable_previews = true;
preview_format = "webp";
enabledPreviewProviders = [
''OC\Preview\Movie''
''OC\Preview\PNG''
''OC\Preview\JPEG''
''OC\Preview\GIF''
''OC\Preview\BMP''
''OC\Preview\XBitmap''
''OC\Preview\MP3''
''OC\Preview\OGG''
''OC\Preview\OPUS''
''OC\Preview\MP4''
''OC\Preview\TXT''
''OC\Preview\MarkDown''
''OC\Preview\PDF''
''OC\Preview\WebP''
''OC\Preview\OpenDocument''
''OC\Preview\Krita''
''OC\Preview\AVIF''
];
"overwrite.cli.url" = "https://${config.services.nextcloud.hostName}";
};
phpOptions = {
"opcache.memory_consumption" = "512";
"opcache.interned_strings_buffer" = "64";
"opcache.max_accelerated_files"="50000";
"opcache.jit" = "1255";
"opcache.jit_buffer_size" = "128M";
"opcache.validate_timestamps" = "0";
"opcache.revalidate_freq" = "0";
"opcache.fast_shutdown" = "1";
"opcache.save_comments" = "1";
};
phpExtraExtensions = ex: [ ex.zip ex.zlib ex.tidy ex.smbclient ex.sodium ];
};
services.nginx.virtualHosts.${config.services.nextcloud.hostName} = {
forceSSL = true;
http3 = true;
sslTrustedCertificate = "/var/lib/mnt_acme/materus.pl/chain.pem";
sslCertificateKey = "/var/lib/mnt_acme/materus.pl/key.pem";
sslCertificate = "/var/lib/mnt_acme/materus.pl/fullchain.pem";
extraConfig = ''
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
dav_methods PUT DELETE MKCOL COPY MOVE;
dav_ext_methods PROPFIND OPTIONS;
create_full_put_path on;
dav_access user:rw group:rw all:r;
'';
};
};
}
@@ -0,0 +1,57 @@
{ lib, pkgs, materusArg, config, ... }:
{
options.waffentragerService.samba.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable samba";
config =
let
cfg = config.waffentragerService.samba;
in
lib.mkIf cfg.enable {
waffentragerService.elements.enable = true;
systemd.services.samba-nmbd = {
requires = [ "elements-mount.service" ];
after = [ "elements-mount.service" ];
};
systemd.services.samba-wsdd = {
requires = [ "elements-mount.service" ];
after = [ "elements-mount.service" ];
};
services.samba-wsdd.enable = true;
services.samba-wsdd.openFirewall = true;
services.samba = {
enable = true;
package = pkgs.sambaFull;
securityType = "user";
openFirewall = true;
settings =
{
global = {
"workgroup" = "WORKGROUP";
"server string" = "smbwaffentrager";
"netbios name" = "smbwaffentrager";
"security" = "user";
"hosts allow" = "${materusArg.wireguard.sambaIp} 192.168.100. 127.0.0.1 localhost";
"hosts deny" = "0.0.0.0/0";
"guest account" = "nobody";
"map to guest" = "bad user";
"mangled names" = "no";
"dos charset" = "CP850";
"unix charset" = "UTF-8";
"display charset" = "UTF-8";
"catia:mappings" = "0x22:0xa8,0x2a:0xa4,0x2f:0xf8,0x3a:0xf7,0x3c:0xab,0x3e:0xbb,0x3f:0xbf,0x5c:0xff,0x7c:0xa6";
};
materus = {
"path" = "${config.waffentragerService.elements.path}/storage/materus";
"browseable" = "yes";
"read only" = "no";
"guest ok" = "no";
"create mask" = "0770";
"directory mask" = "0770";
"force user" = "materus";
"force group" = "nextcloud";
};
};
};
};
}
@@ -0,0 +1,26 @@
{ lib, pkgs, materusArg, config, ... }:
{
options.waffentragerService.syncthing.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable syncthing";
config =
let
cfg = config.waffentragerService.syncthing;
in
lib.mkIf cfg.enable {
waffentragerService.elements.enable = true; networking.firewall.allowedTCPPorts = [ 22000 config.services.syncthing.relay.statusPort config.services.syncthing.relay.port];
networking.firewall.allowedUDPPorts = [ 22000 21027 ];
systemd.services.syncthing = {
requires = [ "elements-mount.service" ];
after = [ "elements-mount.service" ];
};
services = {
syncthing = {
enable = true;
user = "materus";
group = "nextcloud";
dataDir = "${config.waffentragerService.elements.path}/storage/materus";
configDir = "${config.waffentragerService.elements.path}/storage/materus/Inne/Config/Syncthing/waffentrager/";
};
};
};
}
+22 -3
View File
@@ -1,9 +1,28 @@
{ config, pkgs, lib, materusFlake, inputs, ... }: { config, pkgs, lib, materusCfg, ... }:
let
materusArg = {
pkgs = (import materusCfg.nixerus { inherit pkgs; }) //
(if pkgs.system == "x86_64-linux" then { i686Linux = import materusCfg.nixerus { pkgs = pkgs.pkgsi686Linux; }; } else { });
cfg = materusCfg;
unstable = import materusCfg.materusFlake.inputs.nixpkgs { system = materusCfg.arch; config = { allowUnfree = true; nvidia.acceptLicense = true; }; };
};
in
{ {
imports = [ imports = [
./nixpkgs.nix ./nixpkgs.nix
./packages ./packages
./private
]; ];
config._module.args.materusPkgs = (import inputs.configInputs.inputs.nixerus { inherit pkgs; }) // options.materus.materusArg = lib.mkOption { default = { }; };
(if pkgs.system == "x86_64-linux" then { i686Linux = import inputs.configInputs.inputs.nixerus { pkgs = pkgs.pkgsi686Linux; }; } else { }); config._module.args.materusArg = config.materus.materusArg // materusArg;
config.assertions = [
{
assertion = materusCfg.materusFlake.decrypted;
message = "Repository not decrypted, use crypt.sh to decrypt";
}
];
} }
+81 -4
View File
@@ -1,4 +1,4 @@
{ config, pkgs, inputs, lib,... }: { config, pkgs, lib, materusArg, materusCfg, ... }:
let let
mkBoolOpt = default: description: lib.mkOption { mkBoolOpt = default: description: lib.mkOption {
inherit default; inherit default;
@@ -12,11 +12,88 @@ in
{ {
options.materus.profile.nixpkgs.enable = mkBoolOpt false "Enable materus nixpkgs config"; options.materus.profile.nixpkgs.enable = mkBoolOpt false "Enable materus nixpkgs config";
options.materus.profile.nixpkgs.enableOverlays = mkBoolOpt (cfg.enable) "Enable materus overlays"; options.materus.profile.nixpkgs.enableOverlays = mkBoolOpt (cfg.enable) "Enable materus overlays";
options.materus.profile.nix.enableRegistry = mkBoolOpt (!materusCfg.isHm) "Enable materus nix registry";
config.nixpkgs.config = lib.mkIf cfg.enable{ config.nixpkgs.config = lib.mkIf cfg.enable {
allowUnfree = lib.mkDefault true; allowUnfree = lib.mkDefault true;
joypixels.acceptLicense = lib.mkDefault true; joypixels.acceptLicense = lib.mkDefault true;
firefox.enablePlasmaBrowserIntegration = true;
}; };
config.nixpkgs.overlays = lib.mkIf cfg.enableOverlays [inputs.configInputs.inputs.emacs-overlay.overlay]; config.nixpkgs.overlays = lib.mkIf cfg.enableOverlays [ materusArg.cfg.configInputs.emacs-overlay.overlay ];
config.nix.package = lib.mkDefault pkgs.nixVersions.latest;
config.nix.registry = lib.mkIf config.materus.profile.nix.enableRegistry {
nixpkgs-stable = {
from = { type = "indirect"; id = "nixpkgs-stable"; };
flake = materusCfg.materusFlake.inputs.nixpkgs-stable;
};
nixpkgs-unstable = {
from = { type = "indirect"; id = "nixpkgs-unstable"; };
flake = materusCfg.materusFlake.inputs.nixpkgs;
};
nixpkgs = {
from = { type = "indirect"; id = "nixpkgs"; };
flake = materusCfg.configInputs.nixpkgs;
};
emacs-overlay = {
from = { type = "indirect"; id = "emacs-overlay"; };
flake = materusCfg.configInputs.emacs-overlay;
};
flake-utils = {
from = { type = "indirect"; id = "flake-utils"; };
flake = materusCfg.configInputs.flake-utils;
};
nixos-hardware = {
from = { type = "indirect"; id = "nixos-hardware"; };
flake = materusCfg.configInputs.nixos-hardware;
};
nixerus = {
from = { type = "indirect"; id = "nixerus"; };
flake = materusCfg.configInputs.nixerus;
};
devshell = {
from = { type = "indirect"; id = "devshell"; };
flake = materusCfg.configInputs.devshell;
};
home-manager = {
from = { type = "indirect"; id = "home-manager"; };
flake = materusCfg.configInputs.home-manager;
};
sops-nix = {
from = { type = "indirect"; id = "sops-nix"; };
flake = materusCfg.configInputs.sops-nix;
};
base16 = {
from = { type = "indirect"; id = "base16"; };
flake = materusCfg.configInputs.base16;
};
git-agecrypt = {
from = { type = "indirect"; id = "git-agecrypt"; };
flake = materusCfg.configInputs.git-agecrypt;
};
plasma-manager = {
from = { type = "indirect"; id = "plasma-manager"; };
flake = materusCfg.configInputs.plasma-manager;
};
nur = {
from = { type = "indirect"; id = "nur"; };
flake = materusCfg.configInputs.nur;
};
nix-vscode-extensions = {
from = { type = "indirect"; id = "nix-vscode-extensions"; };
flake = materusCfg.configInputs.nix-vscode-extensions;
};
};
} }
@@ -1,49 +1,76 @@
{ config, pkgs, lib, inputs, materusFlake, materusPkgs, ... }:
with materusPkgs.lib;
{ {
imports = [ config,
./fonts.nix pkgs,
]; lib,
materusArg,
...
}:
with materusArg.pkgs.lib;
{
imports = [ ./fonts.nix ];
#Single Packages #Single Packages
options.materus.profile.packages.home-manager = mkPrivateVar inputs.configInputs.inputs.home-manager.packages.${pkgs.system}.home-manager; options.materus.profile.packages.home-manager =
options.materus.profile.packages.firefox = mkPrivateVar pkgs.firefox; mkPrivateVar
materusArg.cfg.configInputs.home-manager.packages.${pkgs.system}.home-manager;
options.materus.profile.packages.firefox = mkPrivateVar (
pkgs.firefox.override { nativeMessagingHosts = [ pkgs.plasma-browser-integration ]; }
);
#Package Lists #Package Lists
options.materus.profile.packages.list.nixRelated = mkPrivateVar (with pkgs; [ options.materus.profile.packages.list.nixRelated = mkPrivateVar (
nix-prefetch with pkgs;
nix-prefetch-scripts [
nix-prefetch-github nix-prefetch
nix-prefetch-docker nix-prefetch-scripts
nixfmt nix-prefetch-github
nix-top nix-prefetch-docker
nix-tree nixfmt-rfc-style
nix-diff nix-top
nix-ld nix-tree
rnix-hashes nix-diff
rnix-lsp nix-ld
nixpkgs-review nixpkgs-fmt
]); nixpkgs-review
]
);
options.materus.profile.packages.list.desktopApps = mkPrivateVar (with pkgs; [ options.materus.profile.packages.list.desktopApps = mkPrivateVar (
barrier with pkgs;
(discord.override { nss = nss_latest; withOpenASAR = true; withTTS = true;}) [
tdesktop (discord.override {
mpv nss = nss_latest;
ani-cli withOpenASAR = true;
(pkgs.obsidian) withTTS = true;
spotify })
thunderbird tdesktop
keepassxc syncplay
(aspellWithDicts (ds: with ds; [ en en-computers en-science pl ])) ani-cli
onlyoffice-bin nextcloud-client
]); spotify
thunderbird
keepassxc
(aspellWithDicts (
ds: with ds; [
en
en-computers
en-science
pl
]
))
onlyoffice-bin
qalculate-qt
]
);
options.materus.profile.packages.list.terminalApps = mkPrivateVar (with pkgs; [ options.materus.profile.packages.list.terminalApps = mkPrivateVar (
neofetch with pkgs;
ripgrep [
fd neofetch
]); ripgrep
fd
micro
]
);
} }
@@ -16,14 +16,18 @@ let
pkgs.noto-fonts-cjk-serif pkgs.noto-fonts-cjk-serif
pkgs.wqy_zenhei pkgs.wqy_zenhei
pkgs.corefonts pkgs.corefonts
pkgs.hack-font
pkgs.nerd-fonts.hack
] ++ defaultFonts; ] ++ defaultFonts;
moreFonts = [ moreFonts = [
pkgs.ubuntu_font_family pkgs.ubuntu_font_family
pkgs.monocraft pkgs.monocraft
pkgs.hack-font pkgs.nerd-fonts.droid-sans-mono
(pkgs.nerdfonts.override { fonts = [ "FiraCode" "DroidSansMono" "Meslo" "ProFont" ]; }) pkgs.nerd-fonts.meslo-lg
pkgs.nerd-fonts.profont
pkgs.nerd-fonts.fira-code
]; ];
in in
{ {
Binary file not shown.
+14 -10
View File
@@ -1,20 +1,24 @@
{ config, lib, pkgs, materusPkgs, ... }: { config, lib, pkgs, materusArg, ... }:
let let
cfg = config.materus.profile.browser; cfg = config.materus.profile.browser;
osConfig = (if (builtins.hasAttr "osConfig" config._module.args) then config._module.args.osConfig else null);
in in
{ {
options= let mkBoolOpt = materusPkgs.lib.mkBoolOpt; in{ options = let mkBoolOpt = materusArg.pkgs.lib.mkBoolOpt; in {
materus.profile.browser.firefox.enable = mkBoolOpt config.materus.profile.enableDesktop "Enable Firefox with materus cfg"; materus.profile.browser.firefox.enable = mkBoolOpt false "Enable Firefox with materus cfg";
materus.profile.browser.vivaldi.enable = mkBoolOpt config.materus.profile.enableDesktop "Enable Vivaldi with materus cfg"; materus.profile.browser.vivaldi.enable = mkBoolOpt false "Enable Vivaldi with materus cfg";
materus.profile.browser.brave.enable = mkBoolOpt false "Enable Brave with materus cfg"; materus.profile.browser.brave.enable = mkBoolOpt false "Enable Brave with materus cfg";
}; };
#TODO: Make some config #TODO: Make some config
config.home.packages = [ config = lib.mkMerge [{
(lib.mkIf cfg.firefox.enable config.materus.profile.packages.firefox) home.packages = [
(lib.mkIf cfg.vivaldi.enable pkgs.vivaldi) (lib.mkIf cfg.firefox.enable config.materus.profile.packages.firefox)
(lib.mkIf cfg.brave.enable pkgs.brave) (lib.mkIf cfg.vivaldi.enable pkgs.vivaldi)
(lib.mkIf cfg.brave.enable pkgs.brave)
] ++ [ (lib.mkIf (osConfig != null && osConfig.materus.profile.browser.enable) osConfig.materus.profile.browser.package)];
}
]; ];
+26 -12
View File
@@ -1,4 +1,4 @@
{ config, lib, pkgs, materusPkgs, ... }: { config, lib, pkgs, materusArg, ... }:
let let
packages = cfg.packages; packages = cfg.packages;
cfg = config.materus.profile; cfg = config.materus.profile;
@@ -7,24 +7,40 @@ in
imports = [ imports = [
./fonts.nix ./fonts.nix
./browser.nix ./browser.nix
./xdg.nix
./shell ./shell
./editor ./editor
./terminal
]; ];
options.materus.profile.enableDesktop = materusPkgs.lib.mkBoolOpt false "Enable settings for desktop"; options.materus.profile.enableDesktop = materusArg.pkgs.lib.mkBoolOpt false "Enable settings for desktop";
options.materus.profile.enableTerminal = materusPkgs.lib.mkBoolOpt true "Enable settings for terminal"; options.materus.profile.enableTerminal = materusArg.pkgs.lib.mkBoolOpt true "Enable settings for terminal";
options.materus.profile.enableTerminalExtra = materusPkgs.lib.mkBoolOpt false "Enable extra settings for terminal"; options.materus.profile.enableTerminalExtra = materusArg.pkgs.lib.mkBoolOpt false "Enable extra settings for terminal";
options.materus.profile.enableNixDevel = materusPkgs.lib.mkBoolOpt false "Enable settings for nix devel"; options.materus.profile.enableNixDevel = materusArg.pkgs.lib.mkBoolOpt false "Enable settings for nix devel";
config = config =
{ {
home.packages = (if cfg.enableDesktop then packages.list.desktopApps else []) ++ home.packages = (if cfg.enableDesktop then packages.list.desktopApps else [ ]) ++
(if cfg.enableNixDevel then packages.list.nixRelated else []) ++ (if cfg.enableNixDevel then packages.list.nixRelated else [ ]) ++
(if cfg.enableTerminal then packages.list.terminalApps else []); (if cfg.enableTerminal then packages.list.terminalApps else [ ]);
#Desktop #Desktop
programs.feh.enable = lib.mkDefault cfg.enableDesktop; programs.feh.enable = lib.mkDefault cfg.enableDesktop;
programs.mpv = lib.mkIf cfg.enableDesktop {
enable = true;
config = {
ytdl-format = "bestvideo+bestaudio";
slang="pl,pol,Polish,Polski,en,eng,English";
alang="ja,jp,jpn,Japanese,pl,pol,Polski,en,eng,English";
demuxer-max-bytes="500MiB";
demuxer-max-back-bytes="150MiB";
cache="yes";
cache-pause-wait="10";
cache-pause-initial="yes";
keep-open="yes";
};
};
#Terminal #Terminal
programs.git = { programs.git = {
@@ -50,8 +66,7 @@ in
enableZshIntegration = lib.mkDefault config.programs.zsh.enable; enableZshIntegration = lib.mkDefault config.programs.zsh.enable;
}; };
programs.tmux.enable = lib.mkDefault cfg.enableTerminal;
programs.tmux.clock24 = lib.mkDefault config.programs.tmux.enable;
programs.fzf = { programs.fzf = {
enable = lib.mkDefault cfg.enableTerminalExtra; enable = lib.mkDefault cfg.enableTerminalExtra;
@@ -60,8 +75,7 @@ in
enableZshIntegration = lib.mkDefault config.programs.zsh.enable; enableZshIntegration = lib.mkDefault config.programs.zsh.enable;
}; };
programs.exa.enable = lib.mkDefault cfg.enableTerminalExtra; programs.eza.enable = lib.mkDefault cfg.enableTerminalExtra;
programs.exa.enableAliases = lib.mkDefault config.programs.exa.enable;
programs.yt-dlp.enable = lib.mkDefault cfg.enableTerminalExtra; programs.yt-dlp.enable = lib.mkDefault cfg.enableTerminalExtra;
+150 -8
View File
@@ -1,16 +1,158 @@
{ config, lib, pkgs, materusPkgs, ... }: { config, lib, pkgs, materusArg, materusCfg, ... }:
let let
cfg = config.materus.profile.editor.code; cfg = config.materus.profile.editor.code;
in ext = let
{ market =
options.materus.profile.editor.code.enable = materusPkgs.lib.mkBoolOpt config.materus.profile.enableDesktop "Enable VSCodium with materus cfg"; (materusCfg.configInputs.nix-vscode-extensions.extensions."${materusCfg.arch}".forVSCodeVersion
options.materus.profile.editor.code.fhs.enable = materusPkgs.lib.mkBoolOpt false "Use fhs vscodium"; config.programs.vscode.package.version);
options.materus.profile.editor.code.fhs.packages = lib.mkOption { default = (ps: []);}; marketNv =
(materusCfg.configInputs.nix-vscode-extensions.extensions."${materusCfg.arch}");
in with market;
with pkgs; [
#Cpp
open-vsx.twxs.cmake
vscode-extensions.ms-vscode.cpptools
vscode-marketplace.ms-vscode.cmake-tools
vscode-marketplace.cs128.cs128-clang-tidy
#Python
#vscode-marketplace.ms-python.python
#vscode-marketplace.ms-python.vscode-pylance
#vscode-marketplace.ms-python.debugpy
# CSharp
open-vsx.muhammad-sammy.csharp
#Java
vscode-marketplace.redhat.java
vscode-marketplace.vscjava.vscode-java-debug
vscode-marketplace.vscjava.vscode-java-test
vscode-marketplace.vscjava.vscode-gradle
vscode-marketplace.vscjava.vscode-java-dependency
#JS
vscode-marketplace.angular.ng-template
#DLang
open-vsx.webfreak.code-d
#Nix
open-vsx.jnoortheen.nix-ide
#Web
open-vsx.ecmel.vscode-html-css
open-vsx.formulahendry.auto-close-tag
#Lua
open-vsx.sumneko.lua
#YAML, XML
open-vsx.redhat.vscode-yaml
open-vsx.redhat.vscode-xml
#Git
open-vsx.donjayamanne.githistory
#open-vsx.mhutchie.git-graph
open-vsx.eamodio.gitlens
#Other
#open-vsx.asciidoctor.asciidoctor-vscode
open-vsx.ms-azuretools.vscode-docker
open-vsx.webfreak.debug
open-vsx.mkhl.direnv
#vscode-marketplace.ms-vscode-remote.remote-wsl
#vscode-marketplace.ms-vscode-remote.remote-containers
open-vsx.esbenp.prettier-vscode
open-vsx.formulahendry.code-runner
open-vsx.leonardssh.vscord
open-vsx.ms-vscode.hexeditor
open-vsx.alefragnani.project-manager
vscode-marketplace.cantonios.project-templates
vscode-marketplace.betterthantomorrow.joyride
#Icons
open-vsx.pkief.material-icon-theme
open-vsx.pkief.material-product-icons
#Themes
open-vsx.dracula-theme.theme-dracula
open-vsx.ahmadawais.shades-of-purple
#Languages
marketNv.vscode-marketplace.ms-ceintl.vscode-language-pack-pl
];
set = {
"vscord.app.name" = lib.mkDefault "VSCodium";
"window.dialogStyle" = lib.mkDefault "custom";
"window.titleBarStyle" = lib.mkDefault "custom";
"editor.fontFamily" =
lib.mkDefault "'Hack Nerd Font', 'monospace', monospace";
"workbench.colorTheme" = lib.mkDefault "Shades of Purple";
"workbench.productIconTheme" = lib.mkDefault "material-product-icons";
"workbench.iconTheme" = lib.mkDefault "material-icon-theme";
"d.aggressiveUpdate" = lib.mkDefault false;
"d.servedPath" = lib.mkDefault "${pkgs.serve-d}/bin/serve-d";
"direnv.path.executable" = lib.mkDefault "${pkgs.direnv}/bin/direnv";
"nix.enableLanguageServer" = lib.mkDefault true;
"nix.serverPath" = lib.mkDefault "${pkgs.nixd}/bin/nixd";
"nix.formatterPath" = lib.mkDefault "${pkgs.nixfmt-rfc-style}/bin/nixfmt";
"nix.serverSettings" = {
"nixd" = { "formatting" = { "command" = lib.mkDefault [ "nixfmt" ]; }; };
};
"C_Cpp.clang_format_path" =
lib.mkDefault "${pkgs.clang-tools}/bin/clang-format";
"C_Cpp.clang_format_fallbackStyle" = lib.mkDefault "Microsoft";
"clang-tidy.executable" =
lib.mkDefault "${pkgs.clang-tools}/bin/clang-tidy";
"redhat.telemetry.enabled" = lib.mkDefault false;
"python.defaultInterpreterPath" =
lib.mkDefault "${pkgs.python3Full}/bin/python";
"[cpp]" = {
"editor.defaultFormatter" = lib.mkDefault "xaver.clang-format";
};
"[javascript]" = {
"editor.defaultFormatter" = lib.mkDefault "esbenp.prettier-vscode";
};
"typescript.tsserver.maxTsServerMemory" = 1024 * 8;
"typescript.tsserver.nodePath"= lib.mkDefault "${pkgs.nodejs}/bin/node";
"cmake.showOptionsMovedNotification" = false;
"cmake.pinnedCommands" = [
"workbench.action.tasks.configureTaskRunner"
"workbench.action.tasks.runTask"
];
};
in {
options.materus.profile.editor.code.enable =
materusArg.pkgs.lib.mkBoolOpt config.materus.profile.enableDesktop
"Enable VSCodium with materus cfg";
options.materus.profile.editor.code.fhs.enable =
materusArg.pkgs.lib.mkBoolOpt false "Use fhs vscodium";
options.materus.profile.editor.code.fhs.packages =
lib.mkOption { default = (ps: [ ]); };
options.materus.profile.editor.code.extensions =
lib.mkOption { default = [ ]; };
options.materus.profile.editor.code.settings =
lib.mkOption { default = { }; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
materus.profile.editor.code.extensions = ext;
materus.profile.editor.code.settings = set;
programs.vscode = { programs.vscode = {
enable = lib.mkDefault true; enable = lib.mkDefault true;
package = lib.mkDefault (if (cfg.fhs.enable) then (pkgs.vscodium.fhsWithPackages cfg.fhs.packages) else pkgs.vscodium); package = lib.mkDefault (if (cfg.fhs.enable) then
mutableExtensionsDir = lib.mkDefault true; (pkgs.vscodium.fhsWithPackages cfg.fhs.packages)
else
pkgs.vscodium);
mutableExtensionsDir =
lib.mkDefault config.materus.profile.editor.code.fhs.enable;
extensions = lib.mkDefault config.materus.profile.editor.code.extensions;
enableExtensionUpdateCheck =
lib.mkDefault config.materus.profile.editor.code.fhs.enable;
enableUpdateCheck = lib.mkDefault false;
userSettings = lib.mkDefault config.materus.profile.editor.code.settings;
}; };
materus.profile.fonts.enable = lib.mkDefault true; materus.profile.fonts.enable = lib.mkDefault true;
}; };
@@ -3,6 +3,6 @@
imports = [ imports = [
./code.nix ./code.nix
./neovim.nix ./neovim.nix
./emacs.nix ./emacs
]; ];
} }
@@ -1,25 +0,0 @@
{ config, lib, pkgs, materusPkgs, ... }:
let
cfg = config.materus.profile.editor.emacs;
in
{
options.materus.profile.editor.emacs.enable = materusPkgs.lib.mkBoolOpt false "Enable emacs with materus cfg";
config = lib.mkIf cfg.enable {
#TODO: Make config
/*home.activation.doomEmacs = lib.hm.dag.entryBetween [ "onFilesChange" ] [ "writeBoundry" ] ''
if [ ! -d ~/.emacs.d ] ;
then ${pkgs.git}/bin/git clone --depth 1 https://github.com/doomemacs/doomemacs ~/.emacs.d
fi
PATH="${config.programs.git.package}/bin:${config.programs.emacs.package}/bin:$PATH"
~/.emacs.d/bin/doom sync
'';
home.file.doomEmacs.source = "${materusArg.flakeData.extraFiles}/config/emacs/doom";
home.file.doomEmacs.target = "${config.xdg.configHome}/doom";*/
programs.emacs.enable = true;
programs.emacs.package = with pkgs; lib.mkDefault (if pkgs ? emacsUnstablePgtk then emacsUnstablePgtk else emacs-gtk);
};
}
@@ -0,0 +1,296 @@
{
config,
lib,
pkgs,
materusArg,
materusCfg,
...
}: let
emacs-pkg = materusCfg.configInputs.emacs-overlay.packages.x86_64-linux.emacs-git;
materus-nix = e:
e.trivialBuild {
pname = "materus-nix";
src = pkgs.writeText "materus-nix.el" ''
(when (file-exists-p "${config.programs.emacs.package}/opt/emacs/buildtime")
(setq emacs-build-time (decode-time (seconds-to-time (string-to-number (with-temp-buffer
(insert-file-contents "${config.programs.emacs.package}/opt/emacs/buildtime")
(buffer-string)))))))
(defvar lsp-java-configuration-runtimes nil)
(setq dap-lldb-debug-program '("${pkgs.llvmPackages.lldb}/bin/lldb-vscode"))
(setq lsp-java-configuration-runtimes '[(:name "JavaSE-1.8"
:path "${pkgs.jdk8}/lib/openjdk/")
(:name "JavaSE-17"
:path "${pkgs.jdk17}/lib/openjdk/")
(:name "JavaSE-21"
:path "${pkgs.jdk21}/lib/openjdk/"
:default t)])
(setq lsp-nix-nixd-nixos-options-expr (concat "(builtins.getFlake \"/etc/nixos\").nixosConfigurations." (system-name) ".options"))
(setenv "JAVA_HOME" "${pkgs.jdk21}/lib/openjdk")
(setenv "PATH" (concat "${emacsEnv}/bin:" (getenv "PATH")))
(setq exec-path (append '("${emacsEnv}/bin") exec-path))
(call-process-shell-command "${pkgs.xorg.xmodmap}/bin/xmodmap -e \"keycode 148 = Hyper_L\" -e \"remove Mod4 = Hyper_L\" -e \"add Mod3 = Hyper_L\" &" nil 0)
(call-process-shell-command "${pkgs.xorg.xmodmap}/bin/xmodmap -e \"keycode 66 = Hyper_L\" -e \"remove Mod4 = Hyper_L\" -e \"add Mod3 = Hyper_L\" &" nil 0)
(provide 'materus-nix)
'';
version = "1.0.0";
};
packages = epkgs:
with epkgs; [
treesit-grammars.with-all-grammars
use-package
elcord
dashboard
magit
git-timemachine
avy
vterm
direnv
projectile
clipetty
which-key
iedit
hideshowvis
perspective
treemacs
treemacs-perspective
treemacs-nerd-icons
treemacs-icons-dired
treemacs-magit
treemacs-projectile
tree-edit
nerd-icons
nerd-icons-completion
minions
rainbow-delimiters
rainbow-mode
cmake-mode
lsp-mode
lsp-java
lsp-jedi
lsp-haskell
lsp-pascal
lsp-pyright
lsp-ui
lsp-treemacs
dap-mode
flycheck
gradle-mode
groovy-mode
kotlin-mode
d-mode
lua-mode
multiple-cursors
org
org-contrib
org-ql
org-rainbow-tags
org-roam
org-roam-ui
org-review
org-present
org-modern
org-auto-tangle
ox-pandoc
visual-fill-column
csharp-mode
markdown-mode
json-mode
nix-mode
nixfmt
nix-ts-mode
no-littering
right-click-context
dracula-theme
doom-themes
doom-modeline
popper
undo-tree
bash-completion
eldoc-box
yasnippet
yasnippet-capf
async
request
markdown-ts-mode
llvm-ts-mode
treesit-fold
treesit-auto
tree-sitter-langs
eat
vlf
edit-indirect
zones
sudo-edit
toc-org
#empv
volatile-highlights
highlight
elfeed
elfeed-goodies
drag-stuff
dirvish
rg
shfmt
mermaid-mode
ob-mermaid
visual-replace
scroll-restore
highlight-indent-guides
diff-hl
transient
embark
embark-consult
ef-themes
pdf-tools
minimap
geiser-guile
fennel-mode
paredit
# Completions & Minibuffer
corfu
corfu-terminal
kind-icon
cape
orderless
vertico
marginalia
];
emacsEnv = pkgs.buildEnv {
name = "emacs-env";
paths = with pkgs; [
jdk21
luaformatter
pandoc
(luajit.withPackages (p: [
p.fennel
p.lua-lsp
]))
fennel-ls
fnlfmt
sbcl
silver-searcher
guile
plantuml
mermaid-cli
pyright
shfmt
ripgrep
cmake
gnumake
nixfmt-rfc-style
(python3.withPackages (python-pkgs: with python-pkgs; [
matplotlib
pandas
requests
]))
multimarkdown
git
emacs-lsp-booster
llvmPackages.clang-tools
llvmPackages.clang
llvmPackages.lldb
(hiPrio gcc)
gdb
materusArg.unstable.nixd
jdt-language-server
gradle
fpc
nodejs
omnisharp-roslyn
texlive.combined.scheme-full
];
};
cfg = config.materus.profile.editor.emacs;
in {
options.materus.profile.editor.emacs.enable =
materusArg.pkgs.lib.mkBoolOpt false "Enable emacs with materus cfg";
config = lib.mkIf cfg.enable {
home.activation.emacsSetup = lib.hm.dag.entryAfter ["linkGeneration"] '''';
#Emacsclient with COLORTERM env variable, without it display in "-nw" client is broken
xdg.desktopEntries.emacs = {
name = "Emacs";
genericName = "Edytor tekstu";
comment = "Edytuj tekst";
exec = ''env COLORTERM=truecolor emacsclient -a "" -r %F'';
icon = "emacs";
terminal = false;
type = "Application";
categories = [
"Development"
"TextEditor"
];
mimeType = [
"text/english"
"text/plain"
"text/x-makefile"
"text/x-c++hdr"
"text/x-c++src"
"text/x-chdr"
"text/x-csrc"
"text/x-java"
"text/x-moc"
"text/x-pascal"
"text/x-tcl"
"text/x-tex"
"application/x-shellscript"
"text/x-c"
"text/x-c++"
"x-scheme-handler/org-protocol"
];
actions.new-window = {
exec = ''env COLORTERM=truecolor emacsclient -a "" -c %F'';
name = "Nowe okno";
};
actions.no-daemon = {
exec = "env COLORTERM=truecolor emacs %F";
name = "Instancja samodzielna";
};
};
programs.emacs = {
enable = true;
extraPackages = epkgs: [(materus-nix epkgs) epkgs.vterm epkgs.treesit-grammars.with-all-grammars];
package = lib.mkDefault (
(emacs-pkg.override {
withSQLite3 = true;
withWebP = true;
withX = true;
#withXwidgets = true;
withGTK3 = true;
withAlsaLib = true;
#withGconf = true;
withImageMagick = true;
})
.overrideAttrs
(
f: p: {
#Remove .desktop files, will use my own. Add file with buildtime in case of using elpaca
postInstall =
p.postInstall
+ ''
rm -fr $out/share/applications/*
mkdir -p $out/opt/emacs
date +%s | tr -d '\n' > $out/opt/emacs/buildtime
'';
}
)
);
};
};
}
@@ -0,0 +1,22 @@
From 75e41ae5bd1c0879b323ed0ddc4bac29badb29ff Mon Sep 17 00:00:00 2001
From: fanshi1028 <jackychany321@gmail.com>
Date: Fri, 1 Nov 2024 14:41:26 +0000
Subject: [PATCH] fix lsp-org breaks with org 9.7 (#4300)
---
lsp-mode.el | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lsp-mode.el b/lsp-mode.el
index f5c700dbf3..a149d6d2c7 100644
--- a/lsp-mode.el
+++ b/lsp-mode.el
@@ -9668,7 +9668,7 @@ defaults to `progress-bar."
(save-excursion
(funcall goto-buffer)
(funcall f))))))
- ((&plist :begin :end :post-blank :language) (cl-second (org-element-context)))
+ ((begin end post-blank language) (--map (org-element-property it (org-element-context) nil t) '(:begin :end :post-blank :language)))
((&alist :tangle file-name) (cl-third (org-babel-get-src-block-info 'light)))
(file-name (if file-name

Some files were not shown because too many files have changed in this diff Show More