diff --git a/flake.lock b/flake.lock index bd6d0b7..8d75e83 100644 --- a/flake.lock +++ b/flake.lock @@ -10,11 +10,11 @@ "yafas": "yafas" }, "locked": { - "lastModified": 1701982012, - "narHash": "sha256-SnSF/WWHlEgHN20kRxen445+rikGUpqsomyeFmJ/2tM=", + "lastModified": 1702060383, + "narHash": "sha256-XMMBRB3RoygT+lvQOlZHQI04VbhxpJkDQ3pa75aQiZg=", "owner": "chaotic-cx", "repo": "nyx", - "rev": "4e6d94c4035d1ce87916f1a10d7f993db019b826", + "rev": "bb23b9a821adf19ed91bc4651c5d8689cfee1707", "type": "github" }, "original": { @@ -334,11 +334,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1701802827, - "narHash": "sha256-wTn0lpV75Uv6tU6haEypNsmnJJPb0hpaMIy/4uf5AiQ=", + "lastModified": 1701952659, + "narHash": "sha256-TJv2srXt6fYPUjxgLAL0cy4nuf1OZD4KuA1TrCiQqg0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a804fc878d7ba1558b960b4c64b0903da426ac41", + "rev": "b4372c4924d9182034066c823df76d6eaf1f4ec4", "type": "github" }, "original": { @@ -350,11 +350,11 @@ }, "nur": { "locked": { - "lastModified": 1701989134, - "narHash": "sha256-bGyoaB3XTIfKVsG7u0NKhcC0G5pruAElbLsDRffnZJQ=", + "lastModified": 1702060431, + "narHash": "sha256-8/yGvqBUx/oR2rDhY8+iWZ1nErjpsNCe2O8PvzFaerM=", "owner": "nix-community", "repo": "NUR", - "rev": "6021d0574cac4d299f25c4e7f32cbc53b6e33571", + "rev": "d854884a8c7d2014ff44a27cfe9cac8dd78cc7ea", "type": "github" }, "original": { diff --git a/home-mods/desktop/default.nix b/home-mods/desktop/default.nix index ce2c92f..99d88b7 100644 --- a/home-mods/desktop/default.nix +++ b/home-mods/desktop/default.nix @@ -38,7 +38,6 @@ in libsForQt5.kdeconnect-kde libsForQt5.plasma-vault libsForQt5.plasma-browser-integration - natron neofetch nextcloud-client onlyoffice-bin diff --git a/home-mods/shell/default.nix b/home-mods/shell/default.nix index 0bf5476..853b6b5 100644 --- a/home-mods/shell/default.nix +++ b/home-mods/shell/default.nix @@ -51,8 +51,9 @@ in package = pkgs.unstable-pkgs.fish; interactiveShellInit = '' - any-nix-shell fish --info-right | source - direnv hook fish | source + any-nix-shell fish --info-right | source + direnv hook fish | source + cat /var/lib/rust-motd/motd ''; loginShellInit = '' direnv hook fish | source diff --git a/os-mods/common/default.nix b/os-mods/common/default.nix index 9b24693..69bbcd9 100644 --- a/os-mods/common/default.nix +++ b/os-mods/common/default.nix @@ -6,6 +6,7 @@ , ... }: { nixpkgs.hostPlatform = lib.mkDefault system; + nix = { gc = { automatic = true; @@ -57,10 +58,14 @@ }; environment.systemPackages = with pkgs; [ + curl + fish + figlet neovim # editor veracrypt - vim # fallback ed git + vim # fallback ed + wget ]; fileSystems."/etc/nixos" = { @@ -70,6 +75,50 @@ }; programs = { + rust-motd = { + enable = true; + enableMotdInSSHD = true; + settings = { + banner = { + color = "green"; + command = '' + ${pkgs.inetutils}/bin/hostname | ${pkgs.figlet}/bin/figlet -f slant + ''; + }; + + uptime = { + prefix = "Up"; + }; + + global = { + progress_full_character = "="; + progress_empty_character = "-"; + progress_prefix = "["; + progress_suffix = "]"; + }; + + filesystems = { + btrfsroot = "/media/@btrfsroot"; + sandisk = "/media/SanDisk"; + }; + + memory.swap_pos = "beside"; + last_login = builtins.listToAttrs (map + (user: { + name = user; + value = 2; + }) + (builtins.attrNames config.home-manager.users)); + }; + order = [ + "global" + "banner" + "uptime" + "memory" + "filesystems" + "last_login" + ]; + }; nix-ld.dev.enable = true; command-not-found.enable = false; nix-index-database.comma.enable = true; @@ -93,6 +142,13 @@ KbdInteractiveAuthentication = false; PubKeyAuthentication = true; }; + extraConfig = '' + AllowTcpForwarding yes + X11Forwarding no + AllowAgentForwarding no + AllowStreamLocalForwarding no + AuthenticationMethods publickey + ''; }; gvfs.enable = true; diff --git a/os-mods/desktop/audio.nix b/os-mods/desktop/audio.nix new file mode 100644 index 0000000..7291ccd --- /dev/null +++ b/os-mods/desktop/audio.nix @@ -0,0 +1,19 @@ +{ config +, lib +, pkgs +, ... +}: { + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + jack.enable = true; + + wireplumber.enable = true; + }; + + ## audio + sound.enable = true; + hardware.bluetooth.enable = true; +} diff --git a/os-mods/desktop/default.nix b/os-mods/desktop/default.nix index 4407ded..83251f5 100644 --- a/os-mods/desktop/default.nix +++ b/os-mods/desktop/default.nix @@ -5,25 +5,42 @@ }: { programs.dconf.enable = true; - # fonts + fonts = { + enableDefaultPackages = true; + fontDir.enable = true; + fontconfig = { + antialias = true; - fonts.fontDir.enable = true; - fonts.packages = with pkgs; [ - emacs-all-the-icons-fonts - corefonts - vistafonts - noto-fonts - noto-fonts-cjk - noto-fonts-emoji - liberation_ttf - fira - fira-code - fira-code-symbols - mplus-outline-fonts.githubRelease - dina-font - proggyfonts - (nerdfonts.override { fonts = [ "Iosevka" "IosevkaTerm" "FiraCode" "DroidSansMono" "NerdFontsSymbolsOnly" ]; }) - ]; + defaultFonts.serif = [ "Iosevka Nerd Font Propo" ]; + defaultFonts.sansSerif = [ "Iosevka Nerd Font Propo" ]; + defaultFonts.monospace = [ "Iosevka Nerd Font Mono" ]; + defaultFonts.emoji = [ "Noto Color Emoji" ]; + + hinting.enable = true; + hinting.style = "slight"; + + subpixel.rgba = lib.mkDefault "rgb"; + subpixel.lcdfilter = "default"; + }; + packages = with pkgs; [ + emacs-all-the-icons-fonts + corefonts + vistafonts + noto-fonts + noto-fonts-cjk + noto-fonts-emoji + liberation_ttf + fira + fira-code + fira-code-symbols + mplus-outline-fonts.githubRelease + dina-font + proggyfonts + (nerdfonts.override { + fonts = [ "Iosevka" "IosevkaTerm" "FiraCode" "DroidSansMono" "NerdFontsSymbolsOnly" ]; + }) + ]; + }; networking.firewall = { enable = true; @@ -60,44 +77,5 @@ # }; }; }; - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - }; - ######### - - ## printing - - printing = { - enable = true; - drivers = with pkgs; [ - gutenprint - gutenprintBin - hplipWithPlugin - brlaser - brgenml1cupswrapper - ]; - }; }; - - ## audio - sound.enable = true; - hardware.bluetooth.enable = true; - - environment.systemPackages = with pkgs; [ - cifs-utils - ]; - - programs.steam = { - enable = true; - remotePlay.openFirewall = true; - dedicatedServer.openFirewall = true; - }; - - chaotic.steam.extraCompatPackages = with pkgs; [ - proton-ge-custom - ]; } diff --git a/os-mods/desktop/gaming.nix b/os-mods/desktop/gaming.nix new file mode 100644 index 0000000..ac8594f --- /dev/null +++ b/os-mods/desktop/gaming.nix @@ -0,0 +1,15 @@ +{ config +, lib +, pkgs +, ... +}: { + programs.steam = { + enable = true; + remotePlay.openFirewall = true; + dedicatedServer.openFirewall = true; + }; + + chaotic.steam.extraCompatPackages = with pkgs; [ + proton-ge-custom + ]; +} diff --git a/os-mods/desktop/printing.nix b/os-mods/desktop/printing.nix new file mode 100644 index 0000000..2b51e0a --- /dev/null +++ b/os-mods/desktop/printing.nix @@ -0,0 +1,21 @@ +{ config +, lib +, pkgs +, ... +}: { + services = { + printing = { + enable = true; + drivers = with pkgs; [ + gutenprint + gutenprintBin + hplipWithPlugin + brlaser + brgenml1cupswrapper + ]; + }; + }; + environment.systemPackages = with pkgs; [ + cifs-utils + ]; +} diff --git a/os-mods/netdata/default.nix b/os-mods/netdata/default.nix new file mode 100644 index 0000000..4ba8595 --- /dev/null +++ b/os-mods/netdata/default.nix @@ -0,0 +1,53 @@ +{ config +, lib +, pkgs +, modulesPath +, system +, inputs +, ... +}: { + # TODO allow primary/node config option to listen/send metrics to central location + services.netdata = { + enable = true; + + config = { + global = { + # uncomment to reduce memory to 32 MB + #"page cache size" = 32; + + # update interval + "update every" = 15; + }; + db = { + "update every" = 5; + "storage tiers" = 3; + "dbengine multihost disk space MB" = 1024; + "dbengine tier 1 multihost disk space MB" = 1024; + "dbengine tier 2 multihost disk space MB" = 512; + "cleanup obsolete charts after secs" = 600; + }; + ml = { + # enable machine learning + "enabled" = "yes"; + }; + }; + + configDir = { + "stream.conf" = pkgs.writeText "stream.conf" '' + [8fcb63b3-8361-4339-a010-fc459c2132b0] + enabled = yes + default history = 36000 + default memory mode = dbengine + health enabled by default = auto + allow from = 192.* + ''; + }; + }; + + networking.firewall.allowedTCPPortRanges = [ + { + from = 19999; + to = 19999; + } # netdata + ]; +} diff --git a/os-mods/virt/default.nix b/os-mods/virt/default.nix index 225a1ad..03fdc30 100644 --- a/os-mods/virt/default.nix +++ b/os-mods/virt/default.nix @@ -15,7 +15,7 @@ enable = true; package = pkgs.unstable-os.docker; - storageDriver = "btrfs"; + storageDriver = lib.mkDefault "btrfs"; }; virtualisation.libvirtd = { diff --git a/systems/nixos-desk/default.nix b/systems/nixos-desk/default.nix index 5075d07..c972fca 100644 --- a/systems/nixos-desk/default.nix +++ b/systems/nixos-desk/default.nix @@ -12,52 +12,59 @@ ../../os-mods/cachix ../../os-mods/common ../../os-mods/desktop + ../../os-mods/desktop/audio.nix + ../../os-mods/desktop/gaming.nix + ../../os-mods/desktop/printing.nix + ../../os-mods/netdata ../../os-mods/network ../../os-mods/virt ../../os-mods/xmr ../../users ./disko.nix ]; - system.stateVersion = "23.05"; - nix.settings.system-features = [ - "benchmark" - "big-parallel" - "kvm" - "nixos-test" - "gccarch-x86-64-v3" - "gccarch-znver3" - ]; - boot = { - kernelPackages = pkgs.pkgsx86_64_v3.linuxPackages_cachyos; - loader = { - systemd-boot = { - enable = true; - configurationLimit = 32; + config = { + system.stateVersion = "23.05"; + + nix.settings.system-features = [ + "benchmark" + "big-parallel" + "kvm" + "nixos-test" + "gccarch-x86-64-v3" + "gccarch-znver3" + ]; + boot = { + kernelPackages = pkgs.pkgsx86_64_v3.linuxPackages_cachyos; + loader = { + systemd-boot = { + enable = true; + configurationLimit = 32; + }; + efi.canTouchEfiVariables = true; }; - efi.canTouchEfiVariables = true; + + initrd = { + availableKernelModules = [ "ahci" "nvme" "xhci_pci" "uas" "usbhid" "usb_storage" "sd_mod" ]; + kernelModules = [ ]; + systemd.enable = true; + }; + + kernelModules = [ "kvm-amd" ]; + extraModulePackages = [ ]; }; - initrd = { - availableKernelModules = [ "ahci" "nvme" "xhci_pci" "uas" "usbhid" "usb_storage" "sd_mod" ]; - kernelModules = [ ]; - systemd.enable = true; + services.btrfs.autoScrub.enable = true; + + networking = { + hostName = "nixos-desk"; + useDHCP = lib.mkDefault true; }; - kernelModules = [ "kvm-amd" ]; - extraModulePackages = [ ]; + hardware = { + cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; + }; + + zramSwap.enable = true; }; - - services.btrfs.autoScrub.enable = true; - - networking = { - hostName = "nixos-desk"; - useDHCP = lib.mkDefault true; - }; - - hardware = { - cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; - }; - - zramSwap.enable = true; } diff --git a/systems/nixos-karl-kvm-guest/default.nix b/systems/nixos-karl-kvm-guest/default.nix index 1198db7..0eb0d8a 100644 --- a/systems/nixos-karl-kvm-guest/default.nix +++ b/systems/nixos-karl-kvm-guest/default.nix @@ -8,6 +8,10 @@ (modulesPath + "/profiles/qemu-guest.nix") ../../os-mods/common ../../os-mods/cachix + ../../os-mods/desktop + ../../os-mods/desktop/audio.nix + ../../os-mods/desktop/printing.nix + ../../os-mods/netdata ../../os-mods/network ]; @@ -27,6 +31,12 @@ extraModulePackages = [ ]; }; + # List packages installed in system profile. To search, run: + # $ nix search wget + environment.systemPackages = with pkgs; [ + netmaker + ]; + fileSystems."/" = { device = "/dev/disk/by-uuid/8598929f-bf20-4f02-9f20-acf899eeee2c"; fsType = "ext4"; @@ -43,93 +53,19 @@ options = [ "bind" ]; }; - sound.enable = true; + security.polkit.extraConfig = '' + polkit.addRule(function(action, subject) { + if (action.id == "org.freedesktop.login1.suspend" || + action.id == "org.freedesktop.login1.suspend-multiple-sessions" || + action.id == "org.freedesktop.login1.hibernate" || + action.id == "org.freedesktop.login1.hibernate-multiple-sessions") + { + return polkit.Result.NO; + } + }); + ''; - security = { - rtkit.enable = true; - sudo.wheelNeedsPassword = false; - polkit.extraConfig = '' - polkit.addRule(function(action, subject) { - if (action.id == "org.freedesktop.login1.suspend" || - action.id == "org.freedesktop.login1.suspend-multiple-sessions" || - action.id == "org.freedesktop.login1.hibernate" || - action.id == "org.freedesktop.login1.hibernate-multiple-sessions") - { - return polkit.Result.NO; - } - }); - ''; - }; - - services = { - xserver = { - enable = true; - - displayManager = { - sddm.enable = true; - autoLogin = { - enable = true; - user = "reopen5194"; - }; - }; - desktopManager.plasma5.enable = true; - - # Configure keymap in X11 - layout = "us"; - xkbVariant = ""; - }; - - printing.enable = true; - - pipewire = { - enable = true; - alsa.enable = true; - alsa.support32Bit = true; - pulse.enable = true; - jack.enable = true; - - wireplumber.enable = true; - }; - # QemuGuest - qemuGuest.enable = true; - - netdata = { - enable = true; - - config = { - global = { - # uncomment to reduce memory to 32 MB - #"page cache size" = 32; - - # update interval - "update every" = 15; - }; - db = { - "update every" = 5; - "storage tiers" = 3; - "dbengine multihost disk space MB" = 1024; - "dbengine tier 1 multihost disk space MB" = 1024; - "dbengine tier 2 multihost disk space MB" = 512; - "cleanup obsolete charts after secs" = 600; - }; - ml = { - # enable machine learning - "enabled" = "yes"; - }; - }; - - configDir = { - "stream.conf" = pkgs.writeText "stream.conf" '' - [8fcb63b3-8361-4339-a010-fc459c2132b0] - enabled = yes - default history = 36000 - default memory mode = dbengine - health enabled by default = auto - allow from = 192.* - ''; - }; - }; - }; + services.qemuGuest.enable = true; # Define a user account. Don't forget to set a password with ‘passwd’. users.users.reopen5194 = { @@ -150,17 +86,6 @@ ]; }; - # List packages installed in system profile. To search, run: - # $ nix search wget - environment.systemPackages = with pkgs; [ - neovim - vim - curl - fish - netmaker - # wget - ]; - # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; @@ -168,6 +93,7 @@ # Virtualization virtualisation.docker = { enable = true; + package = pkgs.unstable-os.docker; # rootless = { # enable = true; # setSocketVariable = true; @@ -183,12 +109,5 @@ # "net.ipv4.ip_unprivileged_port_start" = 79; # }; - networking.firewall.allowedTCPPortRanges = [ - { - from = 19999; - to = 19999; - } # netdata - ]; - system.stateVersion = "23.05"; # Did you read the comment? } diff --git a/systems/nixos-pulse/default.nix b/systems/nixos-pulse/default.nix index f54b149..7f99488 100644 --- a/systems/nixos-pulse/default.nix +++ b/systems/nixos-pulse/default.nix @@ -12,13 +12,15 @@ ../../os-mods/cachix ../../os-mods/common ../../os-mods/desktop + ../../os-mods/desktop/audio.nix + ../../os-mods/desktop/gaming.nix + ../../os-mods/desktop/printing.nix ../../os-mods/network ../../os-mods/ryzenapu ../../os-mods/virt ../../users ./disko.nix ]; - system.stateVersion = "23.05"; nix.settings.system-features = [ "benchmark" @@ -159,4 +161,6 @@ }; zramSwap.enable = true; + + system.stateVersion = "23.05"; }