├── .github └── workflows │ ├── nix-github-actions.yml │ └── nix-update-flake.yml ├── .gitignore ├── consts.nix ├── containers ├── gh-runner-grw.nix ├── gh-runner-hellas.nix ├── radarr.nix ├── sonarr.nix ├── unifi.nix └── work.nix ├── flake.lock ├── flake.nix ├── home ├── alacritty.nix ├── backgrounds │ ├── background.jpg │ ├── fish.jpg │ ├── home.jpg │ └── perfect-blue-site.jpg ├── btop.nix ├── common.nix ├── cursor.nix ├── darwin.nix ├── development.nix ├── firefox.nix ├── git.nix ├── gpg.nix ├── graphical.nix ├── headless.nix ├── hostid.nix ├── hyprland.nix ├── laptop.nix ├── linux.nix ├── starship.nix ├── sway.nix ├── thunderbird.nix ├── vim.nix ├── vim │ ├── default.nix │ ├── init.lua │ └── lua │ │ ├── base.lua │ │ ├── completion.lua │ │ ├── lsp.lua │ │ ├── statusline.lua │ │ ├── treesitter.lua │ │ └── utils.lua ├── vscode-server.nix ├── vscode.nix ├── waybar.nix ├── zed.nix └── zsh.nix ├── lib ├── deploy.nix └── hardware.nix ├── machines ├── aarch64 │ ├── air │ │ └── default.nix │ ├── nanopi-neo2 │ │ └── configuration.nix │ ├── rock5b │ │ ├── default.nix │ │ ├── faster-pd.patch │ │ ├── rk3588-pci.patch │ │ └── save-bar-space.patch │ └── rock64 │ │ └── configuration.nix ├── darwin-aarch64 │ ├── darwin-configuration.nix │ └── system.nix ├── darwin-x86 │ ├── darwin-configuration.nix │ └── system.nix ├── default.nix └── x86 │ ├── cloud │ └── default.nix │ ├── installer │ └── configuration.nix │ ├── jellyfin │ └── default.nix │ ├── nixhost │ └── default.nix │ ├── router │ └── default.nix │ ├── trex │ ├── default.nix │ └── patches │ │ ├── cppc-1.patch │ │ └── cppc.patch │ ├── workvm │ └── configuration.nix │ └── yoga │ └── default.nix ├── modules ├── alacritty.nix ├── baseline.nix ├── deploy.nix ├── home-manager.nix ├── i3 │ ├── default.nix │ ├── i3srs.toml │ └── i3status.conf ├── igmpproxy.nix ├── mouse-dpi.nix ├── nanopi-load.nix ├── optimism.nix ├── pipewire.nix ├── profiles │ ├── default.nix │ ├── desktop.nix │ └── server.nix ├── qbittorrent.nix ├── radeon-profile-daemon.nix ├── scroll-boost │ ├── default.nix │ └── libinput.patch ├── status-on-console.nix ├── sunxi-watchdog.nix ├── traffic-shaping.nix ├── udpxy.nix ├── user-settings.nix ├── vpp-router.nix ├── vpp.nix └── wireguard.nix ├── overlays ├── linux-lto.nix └── overlay.nix ├── packages ├── default.nix ├── patches │ └── displaylink.patch ├── public-ip-sync-google-clouddns │ └── default.nix ├── python-libraries │ ├── adafruit-gpio │ │ └── default.nix │ ├── adafruit-pureio │ │ └── default.nix │ ├── bluepy │ │ └── default.nix │ ├── btlewrap │ │ └── default.nix │ ├── default.nix │ ├── jax │ │ └── default.nix │ ├── jaxlib-bin │ │ └── default.nix │ ├── jaxlib │ │ └── default.nix │ ├── luma.core │ │ └── default.nix │ ├── luma.oled │ │ └── default.nix │ ├── miflora │ │ └── default.nix │ ├── numpyro │ │ └── default.nix │ ├── opi-gpio │ │ └── default.nix │ ├── pydeconz │ │ └── default.nix │ ├── python-periphery │ │ └── default.nix │ ├── rpi-gpio │ │ └── default.nix │ ├── smbus-cffi │ │ └── default.nix │ ├── smbus2 │ │ └── default.nix │ ├── spidev │ │ └── default.nix │ └── spotify_token │ │ └── default.nix ├── vendor-reset │ └── default.nix └── vpp │ └── default.nix ├── profiles ├── bridge-interfaces.nix ├── common.nix ├── container.nix ├── crypto │ ├── bitcoin.nix │ ├── default.nix │ ├── geth.nix │ └── monero.nix ├── development.nix ├── fastlan.nix ├── g_ether.nix ├── gpg-yubikey.nix ├── graphical.nix ├── headless.nix ├── hetzner-dev.nix ├── home.nix ├── intel-gfx.nix ├── jaeger.nix ├── logserver.nix ├── luks-yubi.nix ├── nas-mounts.nix ├── nas.nix ├── nbd-overlayfs.nix ├── nvidia.nix ├── radeon.nix ├── router.nix ├── thinkpad.nix ├── tvbox-gbm.nix ├── tvbox.nix ├── uefi-boot.nix ├── users.nix └── wireless.nix └── services ├── backup.nix ├── buildfarm-executor.nix ├── buildfarm-slave.nix ├── docker.nix ├── grafana.nix ├── home-assistant ├── default.nix ├── homekit.nix ├── lights.nix ├── mqtt.nix └── vacuum.nix ├── jellyfin.nix ├── nginx.nix ├── transmission.nix └── virt ├── add-acs-overrides.patch ├── host.nix ├── hugepages.nix ├── i915-vga-arbiter.patch ├── machines ├── ElCapitan.xml ├── ElCapitan_vnc.xml ├── GNOME.xml ├── Tails.xml ├── Vivid.xml └── Windows10.xml └── vfio.nix /.github/workflows/nix-github-actions.yml: -------------------------------------------------------------------------------- 1 | name: Nix Flake actions 2 | 3 | on: 4 | pull_request: 5 | push: 6 | branches: 7 | - master 8 | - main 9 | 10 | jobs: 11 | nix-matrix: 12 | runs-on: ubuntu-latest 13 | outputs: 14 | matrix: ${{ steps.set-matrix.outputs.matrix }} 15 | steps: 16 | - uses: actions/checkout@v4 17 | - uses: cachix/install-nix-action@v24 18 | - id: set-matrix 19 | name: Generate Nix Matrix 20 | run: | 21 | set -Eeu 22 | matrix="$(nix eval --json '.#githubActions.matrix')" 23 | echo "matrix=$matrix" >> "$GITHUB_OUTPUT" 24 | 25 | nix-build: 26 | needs: nix-matrix 27 | runs-on: self-hosted 28 | strategy: 29 | matrix: ${{fromJSON(needs.nix-matrix.outputs.matrix)}} 30 | steps: 31 | - uses: actions/checkout@v4 32 | - uses: cachix/install-nix-action@v24 33 | - run: nix build -L ".#${{ matrix.attr }}" 34 | -------------------------------------------------------------------------------- /.github/workflows/nix-update-flake.yml: -------------------------------------------------------------------------------- 1 | name: update-flake-lock 2 | on: 3 | workflow_dispatch: # allows manual triggering 4 | schedule: 5 | - cron: "0 0 * * 0" # runs weekly on Sunday at 00:00 6 | 7 | jobs: 8 | lockfile: 9 | runs-on: ubuntu-latest 10 | steps: 11 | - name: Checkout repository 12 | uses: actions/checkout@v4 13 | - name: Install Nix 14 | uses: DeterminateSystems/nix-installer-action@main 15 | - name: Update flake.lock 16 | uses: DeterminateSystems/update-flake-lock@main 17 | with: 18 | token: ${{ secrets.GH_TOKEN_FOR_UPDATES }} 19 | pr-title: "Update flake.lock" # Title of PR to be created4 20 | pr-labels: | # Labels to be set on the PR 21 | dependencies 22 | automated 23 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /configuration.nix 2 | /result 3 | /ssl 4 | *.DS_Store 5 | *.swp 6 | .nfs* 7 | *.pyc 8 | *.pyo 9 | .mypy_cache 10 | *.idea 11 | -------------------------------------------------------------------------------- /consts.nix: -------------------------------------------------------------------------------- 1 | { lib, ... }: 2 | 3 | { 4 | wireguard = 5 | let 6 | port = 51820; 7 | subnet = "192.168.33."; 8 | in 9 | rec { 10 | hosts = 11 | { 12 | cloud = { 13 | endPoint = "cloud.satanic.link"; 14 | pubKey = "6ndFmwbRoCQospT/7tiDW9vzGmPhnLwpLOBWG737V0M="; 15 | ipAddress = 1; 16 | }; 17 | yoga = { 18 | ipAddress = 2; 19 | pubKey = "mNoifcPcs9157BUNj0A5IkJVFJflffyaV2LbgcNjMWA="; 20 | }; 21 | router = { 22 | ipAddress = 3; 23 | endPoint = "satanic.link"; 24 | pubKey = "SYHzYVpBDi8annhVGqvroQJLacRLTcmdDgQq4JlSDCs="; 25 | }; 26 | }; 27 | 28 | makePeerConfig = excludedKey: lib.filter (x: x != null) (lib.attrsets.mapAttrsToList 29 | (k: v: 30 | if k == excludedKey then 31 | null 32 | else 33 | let 34 | basicConfig = { 35 | PublicKey = v.pubKey; 36 | AllowedIPs = [ "0.0.0.0/0" ]; 37 | PersistentKeepalive = 25; 38 | }; 39 | endpointConfig = if v ? endPoint then { Endpoint = "${v.endPoint}:${toString port}"; } else { }; 40 | in 41 | { 42 | wireguardPeerConfig = lib.attrsets.recursiveUpdate basicConfig endpointConfig; 43 | } 44 | ) 45 | hosts); 46 | 47 | getIpForHost = hostName: 48 | let 49 | hostEntry = hosts.${hostName} or null; 50 | in 51 | if hostEntry == null then 52 | null 53 | else 54 | "${subnet}${toString hostEntry.ipAddress}/24"; 55 | }; 56 | } 57 | -------------------------------------------------------------------------------- /containers/gh-runner-grw.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, boot, networking, containers, ... }: 2 | 3 | { 4 | 5 | users.users."gh-runner-grw" = { 6 | isSystemUser = true; 7 | group = "gh-runner-grw"; 8 | extraGroups = [ "docker" ]; 9 | }; 10 | users.groups."gh-runner-grw" = { }; 11 | 12 | nix.settings.trusted-users = [ "gh-runner-grw" ]; 13 | 14 | systemd.services."container@gh-runner-grw".unitConfig = { 15 | ConditionPathExists = "/run/gh-runner-georgewhewell-nixos-host.secret"; 16 | }; 17 | 18 | deployment.keys."gh-runner-georgewhewell-nixos-host.secret" = 19 | { 20 | keyCommand = [ "pass" "gh-runner/georgewhewell/nixos-host" ]; 21 | destDir = "/run"; 22 | uploadAt = "pre-activation"; 23 | permissions = "0777"; 24 | }; 25 | 26 | containers.gh-runner-grw = { 27 | autoStart = true; 28 | privateNetwork = true; 29 | hostBridge = "br0"; 30 | 31 | bindMounts = { 32 | "/run/gh-runner-georgewhewell-nixos-host.secret" = { 33 | hostPath = "/run/gh-runner-georgewhewell-nixos-host.secret"; 34 | isReadOnly = false; 35 | }; 36 | }; 37 | 38 | config = { 39 | imports = [ ../profiles/container.nix ]; 40 | 41 | users.users."gh-runner-grw" = { 42 | isSystemUser = true; 43 | group = "gh-runner-grw"; 44 | extraGroups = [ "docker" ]; 45 | }; 46 | users.groups."gh-runner-grw" = { }; 47 | 48 | services.github-runners."georgewhewell-nixos-host" = { 49 | enable = true; 50 | url = "https://github.com/georgewhewell/nixos-host"; 51 | tokenFile = "/run/gh-runner-georgewhewell-nixos-host.secret"; 52 | user = "gh-runner-grw"; 53 | group = "gh-runner-grw"; 54 | }; 55 | 56 | networking.hostName = "gh-runner-georgewhewell-nixos-host"; 57 | }; 58 | 59 | }; 60 | } 61 | -------------------------------------------------------------------------------- /containers/gh-runner-hellas.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | 4 | { 5 | 6 | users.users = { 7 | "gh-runner-hellas-a" = { 8 | isSystemUser = true; 9 | group = "gh-runner-hellas"; 10 | extraGroups = [ "docker" ]; 11 | }; 12 | "gh-runner-hellas-b" = { 13 | isSystemUser = true; 14 | group = "gh-runner-hellas"; 15 | extraGroups = [ "docker" ]; 16 | }; 17 | "gh-runner-hellas-c" = { 18 | isSystemUser = true; 19 | group = "gh-runner-hellas"; 20 | extraGroups = [ "docker" ]; 21 | }; 22 | }; 23 | users.groups."gh-runner-hellas" = { }; 24 | 25 | nix.settings.trusted-users = [ 26 | "gh-runner-hellas-a" 27 | "gh-runner-hellas-b" 28 | "gh-runner-hellas-c" 29 | ]; 30 | 31 | systemd.services."container@gh-runner-hellas".unitConfig = { 32 | ConditionPathExists = "/run/gh-runner-hellas-a.secret"; 33 | }; 34 | 35 | deployment.keys."gh-runner-hellas-a.secret" = 36 | { 37 | keyCommand = [ "pass" "gh-runner/hellas-ai-a" ]; 38 | destDir = "/run"; 39 | uploadAt = "pre-activation"; 40 | permissions = "0777"; 41 | }; 42 | 43 | deployment.keys."gh-runner-hellas-b.secret" = 44 | { 45 | keyCommand = [ "pass" "gh-runner/hellas-ai-b" ]; 46 | destDir = "/run"; 47 | uploadAt = "pre-activation"; 48 | permissions = "0777"; 49 | }; 50 | 51 | deployment.keys."gh-runner-hellas-c.secret" = 52 | { 53 | keyCommand = [ "pass" "gh-runner/hellas-ai-c" ]; 54 | destDir = "/run"; 55 | uploadAt = "pre-activation"; 56 | permissions = "0777"; 57 | }; 58 | 59 | containers.gh-runner-hellas = { 60 | autoStart = true; 61 | privateNetwork = true; 62 | hostBridge = "br0"; 63 | 64 | bindMounts = { 65 | "/run/gh-runner-hellas-a.secret".hostPath = "/run/gh-runner-hellas-a.secret"; 66 | "/run/gh-runner-hellas-b.secret".hostPath = "/run/gh-runner-hellas-b.secret"; 67 | "/run/gh-runner-hellas-c.secret".hostPath = "/run/gh-runner-hellas-c.secret"; 68 | }; 69 | 70 | config = 71 | let 72 | extraPackages = with pkgs; [ docker ]; 73 | in 74 | { 75 | imports = [ ../profiles/container.nix ]; 76 | 77 | virtualisation.docker.enable = true; 78 | 79 | users.users = { 80 | "gh-runner-hellas-a" = { 81 | isSystemUser = true; 82 | group = "gh-runner-hellas"; 83 | extraGroups = [ "docker" ]; 84 | }; 85 | "gh-runner-hellas-b" = { 86 | isSystemUser = true; 87 | group = "gh-runner-hellas"; 88 | extraGroups = [ "docker" ]; 89 | }; 90 | "gh-runner-hellas-c" = { 91 | isSystemUser = true; 92 | group = "gh-runner-hellas"; 93 | extraGroups = [ "docker" ]; 94 | }; 95 | }; 96 | users.groups."gh-runner-hellas" = { }; 97 | 98 | services.github-runners."hellas-a" = { 99 | enable = true; 100 | url = "https://github.com/hellas-ai"; 101 | tokenFile = "/run/gh-runner-hellas-a.secret"; 102 | user = "gh-runner-hellas-a"; 103 | inherit extraPackages; 104 | }; 105 | 106 | services.github-runners."hellas-b" = { 107 | enable = true; 108 | url = "https://github.com/hellas-ai"; 109 | tokenFile = "/run/gh-runner-hellas-b.secret"; 110 | user = "gh-runner-hellas-b"; 111 | inherit extraPackages; 112 | }; 113 | 114 | services.github-runners."hellas-c" = { 115 | enable = true; 116 | url = "https://github.com/hellas-ai"; 117 | tokenFile = "/run/gh-runner-hellas-c.secret"; 118 | user = "gh-runner-hellas-c"; 119 | inherit extraPackages; 120 | }; 121 | 122 | networking.hostName = "gh-runner-hellas"; 123 | }; 124 | }; 125 | } 126 | -------------------------------------------------------------------------------- /containers/radarr.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, boot, networking, containers, ... }: 2 | 3 | { 4 | systemd.services."container@radarr" = { 5 | bindsTo = [ "mnt-Home.mount" "mnt-Media.mount" ]; 6 | after = [ "mnt-Home.mount" "mnt-Media.mount" ]; 7 | }; 8 | 9 | containers.radarr = { 10 | autoStart = true; 11 | privateNetwork = true; 12 | hostBridge = "br0.lan"; 13 | 14 | bindMounts = { 15 | "/var/lib/radarr" = { 16 | hostPath = "/var/lib/radarr"; 17 | isReadOnly = false; 18 | }; 19 | "/mnt/Media" = { 20 | hostPath = "/mnt/Media"; 21 | isReadOnly = false; 22 | }; 23 | }; 24 | 25 | config = { 26 | imports = [ ../profiles/container.nix ]; 27 | 28 | networking.hostName = "radarr"; 29 | 30 | services.radarr = { 31 | enable = true; 32 | openFirewall = true; 33 | }; 34 | 35 | }; 36 | 37 | }; 38 | } 39 | -------------------------------------------------------------------------------- /containers/sonarr.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, boot, networking, containers, ... }: 2 | 3 | { 4 | systemd.services."container@sonarr" = { 5 | bindsTo = [ "mnt-Home.mount" "mnt-Media.mount" ]; 6 | after = [ "mnt-Home.mount" "mnt-Media.mount" ]; 7 | }; 8 | 9 | containers.sonarr = { 10 | autoStart = true; 11 | privateNetwork = true; 12 | hostBridge = "br0.lan"; 13 | 14 | bindMounts = { 15 | "/var/lib/sonarr" = { 16 | hostPath = "/var/lib/sonarr"; 17 | isReadOnly = false; 18 | }; 19 | "/mnt/Media" = { 20 | hostPath = "/mnt/Media"; 21 | isReadOnly = false; 22 | }; 23 | }; 24 | 25 | config = { 26 | imports = [ ../profiles/container.nix ]; 27 | 28 | networking.hostName = "sonarr"; 29 | services.sonarr = { 30 | enable = true; 31 | openFirewall = true; 32 | }; 33 | 34 | }; 35 | }; 36 | } 37 | -------------------------------------------------------------------------------- /containers/unifi.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, boot, networking, containers, ... }: 2 | 3 | { 4 | 5 | fileSystems."/var/lib/unifi" = 6 | { 7 | device = "nvpool/root/configs/unifi"; 8 | fsType = "zfs"; 9 | options = [ "nofail" ]; 10 | }; 11 | 12 | containers.unifi = { 13 | autoStart = true; 14 | privateNetwork = true; 15 | hostBridge = "br0.lan"; 16 | 17 | bindMounts = { 18 | "/var/lib/unifi" = { 19 | hostPath = "/var/lib/unifi"; 20 | isReadOnly = false; 21 | }; 22 | }; 23 | 24 | config = { 25 | imports = [ ../profiles/container.nix ]; 26 | 27 | networking.hostName = "unifi"; 28 | networking.firewall.allowedTCPPorts = [ 443 8443 ]; 29 | 30 | services.unifi = { 31 | enable = true; 32 | openFirewall = true; 33 | unifiPackage = pkgs.unifi8; 34 | mongodbPackage = pkgs.mongodb-5_0; 35 | }; 36 | }; 37 | }; 38 | } 39 | -------------------------------------------------------------------------------- /containers/work.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: 2 | 3 | { 4 | 5 | fileSystems."/var/lib/workvm" = 6 | { 7 | device = "zpool/root/workvm"; 8 | fsType = "zfs"; 9 | }; 10 | 11 | containers.workvm = { 12 | autoStart = true; 13 | privateNetwork = true; 14 | hostBridge = "br0"; 15 | 16 | bindMounts = { 17 | "/var/lib/workvm" = { 18 | hostPath = "/home/grw"; 19 | isReadOnly = false; 20 | }; 21 | }; 22 | 23 | config = { 24 | boot.isContainer = true; 25 | 26 | imports = [ 27 | ../profiles/common.nix 28 | ../profiles/home.nix 29 | ../profiles/development.nix 30 | ../profiles/graphical.nix 31 | ]; 32 | 33 | networking = { 34 | hostName = "workvm"; 35 | firewall.allowedTCPPorts = [ 5900 ]; 36 | enableIPv6 = false; 37 | interfaces.eth0 = { 38 | useDHCP = true; 39 | }; 40 | }; 41 | }; 42 | 43 | }; 44 | 45 | } 46 | -------------------------------------------------------------------------------- /home/alacritty.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: 2 | 3 | { 4 | 5 | programs.alacritty = { 6 | enable = true; 7 | settings = { 8 | 9 | window = { 10 | decorations = "none"; 11 | dynamic_padding = false; 12 | padding = { 13 | # columns = 0; 14 | # lines = 0; 15 | }; 16 | 17 | }; 18 | 19 | scrolling = { 20 | history = 10000; 21 | }; 22 | 23 | font = { 24 | size = if config.hostId == "yoga" then 14 else 12; 25 | }; 26 | 27 | mouse.bindings = [ 28 | { mouse = "Middle"; action = "PasteSelection"; } 29 | ]; 30 | 31 | 32 | # Colors (Hyper) 33 | colors = { 34 | # Default colors 35 | primary = { 36 | background = "0x000000"; 37 | foreground = "0xffffff"; 38 | }; 39 | cursor = { 40 | text = "0xF81CE5"; 41 | cursor = "0xffffff"; 42 | }; 43 | 44 | # Normal colors 45 | normal = { 46 | black = "0x000000"; 47 | red = "0xfe0100"; 48 | green = "0x33ff00"; 49 | yellow = "0xfeff00"; 50 | blue = "0x0066ff"; 51 | magenta = "0xcc00ff"; 52 | cyan = "0x00ffff"; 53 | white = "0xd0d0d0"; 54 | }; 55 | # Bright colors 56 | bright = { 57 | black = "0x808080"; 58 | red = "0xfe0100"; 59 | green = "0x33ff00"; 60 | yellow = "0xfeff00"; 61 | blue = "0x0066ff"; 62 | magenta = "0xcc00ff"; 63 | cyan = "0x00ffff"; 64 | white = "0xFFFFFF"; 65 | }; 66 | }; 67 | }; 68 | }; 69 | } 70 | -------------------------------------------------------------------------------- /home/backgrounds/background.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/georgewhewell/nixos-host/3e4303276b93af527a39c214f9984ed9196c758d/home/backgrounds/background.jpg -------------------------------------------------------------------------------- /home/backgrounds/fish.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/georgewhewell/nixos-host/3e4303276b93af527a39c214f9984ed9196c758d/home/backgrounds/fish.jpg -------------------------------------------------------------------------------- /home/backgrounds/home.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/georgewhewell/nixos-host/3e4303276b93af527a39c214f9984ed9196c758d/home/backgrounds/home.jpg -------------------------------------------------------------------------------- /home/backgrounds/perfect-blue-site.jpg: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/georgewhewell/nixos-host/3e4303276b93af527a39c214f9984ed9196c758d/home/backgrounds/perfect-blue-site.jpg -------------------------------------------------------------------------------- /home/common.nix: -------------------------------------------------------------------------------- 1 | { pkgs, config, ... }: 2 | 3 | { 4 | 5 | imports = [ 6 | ./btop.nix 7 | ./hostid.nix 8 | # ./vim/default.nix 9 | ./git.nix 10 | ./starship.nix 11 | ./zsh.nix 12 | ]; 13 | 14 | home.stateVersion = "22.05"; 15 | nixpkgs.config.allowUnfree = true; 16 | 17 | programs = { 18 | bat.enable = true; 19 | direnv = { 20 | enable = true; 21 | enableZshIntegration = true; 22 | }; 23 | fzf.enable = true; 24 | gpg.enable = true; 25 | ripgrep.enable = true; 26 | tmux.enable = true; 27 | }; 28 | 29 | home.packages = with pkgs; [ 30 | pv 31 | eza 32 | pwgen 33 | docker-compose 34 | btop 35 | # mosh 36 | mtr 37 | ]; 38 | 39 | manual.manpages.enable = false; 40 | 41 | programs.ssh = { 42 | enable = true; 43 | controlMaster = "auto"; 44 | controlPersist = "60m"; 45 | serverAliveInterval = 60; 46 | serverAliveCountMax = 5; 47 | hashKnownHosts = true; 48 | forwardAgent = true; 49 | matchBlocks = { 50 | "satanic.link" = { }; 51 | "rock5b.satanic.link" = { }; 52 | "trex.satanic.link" = { }; 53 | "nixhost.satanic.link" = { }; 54 | "*.runpod.io".extraOptions = { 55 | PubkeyAcceptedAlgorithms = "+ssh-rsa"; 56 | }; 57 | "*.satanic.link !localnetwork 192.168.23.0/24".extraOptions = { 58 | ProxyCommand = "${pkgs.bash}/bin/bash -c \"${pkgs.openssh}/bin/ssh -W $(echo %h | cut -d. -f1):%p grw@satanic.link\""; 59 | }; 60 | }; 61 | }; 62 | 63 | programs.htop = { 64 | enable = true; 65 | settings = { 66 | delay = 10; 67 | show_program_path = false; 68 | show_cpu_frequency = true; 69 | show_cpu_temperature = true; 70 | hide_kernel_threads = true; 71 | } // (with config.lib.htop; leftMeters [ 72 | (bar "AllCPUs2") 73 | (bar "Memory") 74 | (bar "Swap") 75 | ]) // (with config.lib.htop; rightMeters [ 76 | (text "Hostname") 77 | (text "Tasks") 78 | (text "LoadAverage") 79 | (text "Uptime") 80 | (text "Systemd") 81 | ]); 82 | }; 83 | 84 | programs.password-store = { 85 | enable = true; 86 | settings = { 87 | PASSWORD_STORE_DIR = "${config.xdg.dataHome}/password-store"; 88 | }; 89 | }; 90 | } 91 | -------------------------------------------------------------------------------- /home/cursor.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | { 4 | home.pointerCursor = { 5 | gtk. enable = true; 6 | package = pkgs.bibata-cursors; 7 | name = "Bibata-Modern-Classic"; 8 | size = 16; 9 | }; 10 | } 11 | -------------------------------------------------------------------------------- /home/darwin.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: 2 | 3 | { 4 | # replace crappy mac utils 5 | home.packages = with pkgs; [ 6 | gnused 7 | coreutils 8 | openvpn 9 | yt-dlp 10 | ]; 11 | 12 | # darwin-specific overlays 13 | nixpkgs.overlays = [ 14 | (self: super: { 15 | 16 | # some error building 17 | vim_configurable = super.vim_configurable.override { 18 | guiSupport = "no"; 19 | }; 20 | }) 21 | ]; 22 | 23 | } 24 | -------------------------------------------------------------------------------- /home/development.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | { 4 | 5 | programs.direnv = { 6 | enable = true; 7 | enableZshIntegration = true; 8 | }; 9 | 10 | home.packages = with pkgs; [ 11 | # for vscode-server.. 12 | openssl 13 | pkg-config 14 | 15 | # platforms 16 | gh 17 | doctl 18 | 19 | # go tooling 20 | go 21 | gopls 22 | 23 | # rust tooling 24 | rustup 25 | 26 | # saas crap 27 | runpodctl 28 | ] ++ lib.optionals (pkgs.system == "x86_64-linux") [ 29 | # evm tooling 30 | solc 31 | # foundry-bin 32 | ]; 33 | 34 | } 35 | -------------------------------------------------------------------------------- /home/firefox.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: 2 | 3 | { 4 | 5 | programs.firefox = { 6 | enable = true; 7 | package = pkgs.wrapFirefox pkgs.firefox-unwrapped { 8 | extraPolicies = { 9 | NewTabPage = false; 10 | DisableFormHistory = true; 11 | SearchSuggestEnabled = false; 12 | CaptivePortal = false; 13 | DisableFirefoxStudies = true; 14 | DisablePocket = true; 15 | DisableTelemetry = true; 16 | DisableFirefoxAccounts = false; 17 | NoDefaultBookmarks = true; 18 | OfferToSaveLogins = false; 19 | OfferToSaveLoginsDefault = false; 20 | PasswordManagerEnabled = false; 21 | FirefoxHome = { 22 | Search = true; 23 | Pocket = false; 24 | Snippets = false; 25 | TopSites = false; 26 | Highlights = false; 27 | }; 28 | UserMessaging = { 29 | ExtensionRecommendations = false; 30 | SkipOnboarding = true; 31 | }; 32 | Preferences = { 33 | "browser.contentblocking.category" = { Status = "locked"; Value = "strict"; }; 34 | "browser.zoom.siteSpecific" = { Status = "locked"; Value = false; }; 35 | "extensions.formautofill.available" = { Status = "locked"; Value = "off"; }; 36 | "media.setsinkid.enabled" = { Status = "locked"; Value = true; }; 37 | "network.IDN_show_punycode" = { Status = "locked"; Value = true; }; 38 | "ui.key.menuAccessKeyFocuses" = { Status = "locked"; Value = false; }; 39 | }; 40 | }; 41 | }; 42 | 43 | profiles = { 44 | grw = { 45 | id = 0; 46 | name = "grw"; 47 | # extensions = with pkgs.nur.repos.rycee.firefox-addons; [ 48 | # ublock-origin 49 | # privacy-badger 50 | # https-everywhere 51 | # bitwarden 52 | # clearurls 53 | # decentraleyes 54 | # duckduckgo-privacy-essentials 55 | # floccus 56 | # ghostery 57 | # privacy-redirect 58 | # languagetool 59 | # disconnect 60 | # react-devtools 61 | # ]; 62 | search = { 63 | force = true; 64 | default = "DuckDuckGo"; 65 | engines = { 66 | "Nix Packages" = { 67 | urls = [{ 68 | template = "https://search.nixos.org/packages"; 69 | params = [ 70 | { name = "type"; value = "packages"; } 71 | { name = "query"; value = "{searchTerms}"; } 72 | ]; 73 | }]; 74 | icon = "${pkgs.nixos-icons}/share/icons/hicolor/scalable/apps/nix-snowflake.svg"; 75 | definedAliases = [ "@np" ]; 76 | }; 77 | "NixOS Wiki" = { 78 | urls = [{ template = "https://nixos.wiki/index.php?search={searchTerms}"; }]; 79 | iconUpdateURL = "https://nixos.wiki/favicon.png"; 80 | updateInterval = 24 * 60 * 60 * 1000; 81 | definedAliases = [ "@nw" ]; 82 | }; 83 | "Wikipedia (en)".metaData.alias = "@wiki"; 84 | "Google".metaData.hidden = true; 85 | "Amazon.com".metaData.hidden = true; 86 | "Bing".metaData.hidden = true; 87 | "eBay".metaData.hidden = true; 88 | }; 89 | }; 90 | settings = { 91 | "general.smoothScroll" = true; 92 | }; 93 | extraConfig = '' 94 | user_pref("toolkit.legacyUserProfileCustomizations.stylesheets", true); 95 | user_pref("full-screen-api.ignore-widgets", true); 96 | user_pref("media.ffmpeg.vaapi.enabled", true); 97 | user_pref("media.rdd-vpx.enabled", true); 98 | ''; 99 | }; 100 | }; 101 | }; 102 | 103 | } 104 | 105 | 106 | -------------------------------------------------------------------------------- /home/git.nix: -------------------------------------------------------------------------------- 1 | { pkgs, ... }: 2 | 3 | { 4 | 5 | programs.git = { 6 | enable = true; 7 | package = pkgs.gitAndTools.gitFull; 8 | 9 | userName = "georgewhewell"; 10 | userEmail = "georgerw@gmail.com"; 11 | 12 | ignores = [ ".vscode/settings.json" ]; 13 | 14 | signing = { 15 | key = "2BA7BB19"; 16 | signByDefault = true; 17 | }; 18 | 19 | extraConfig = { 20 | core = { whitespace = "trailing-space,space-before-tab"; }; 21 | pull = { rebase = true; autostash = true; }; 22 | diff = { algorithm = "patience"; }; 23 | push = { autoSetupRemote = true; }; 24 | }; 25 | }; 26 | 27 | } 28 | -------------------------------------------------------------------------------- /home/gpg.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: 2 | 3 | { 4 | services.gpg-agent = { 5 | enable = true; 6 | enableSshSupport = true; 7 | enableExtraSocket = true; 8 | sshKeys = [ "EEB6A2D42BF04599AFEF0E9C104AB9B2E16AE31D" ]; 9 | pinentryPackage = pkgs.pinentry-gnome3; 10 | }; 11 | 12 | programs.ssh = 13 | { 14 | extraConfig = '' 15 | Host *.satanic.link 16 | RemoteForward /run/user/1000/gnupg/S.gpg-agent /run/user/1000/gnupg/S.gpg-agent.extra 17 | RemoteForward /run/user/1000/gnupg/S.gpg-agent.ssh /run/user/1000/gnupg/S.gpg-agent.ssh 18 | ''; 19 | }; 20 | 21 | services.keybase.enable = true; 22 | services.kbfs.enable = true; 23 | 24 | home.packages = [ pkgs.pinentry-curses ]; 25 | 26 | } 27 | -------------------------------------------------------------------------------- /home/graphical.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, lib, inputs, ... }: 2 | 3 | { 4 | 5 | imports = [ 6 | ./alacritty.nix 7 | ./cursor.nix 8 | ./sway.nix 9 | ./firefox.nix 10 | ./thunderbird.nix 11 | ./hyprland.nix 12 | ./vscode.nix 13 | ./zed.nix 14 | ]; 15 | 16 | xdg.mimeApps.defaultApplications = { 17 | "application/x-extension-htm" = "firefox.desktop"; 18 | "application/x-extension-html" = "firefox.desktop"; 19 | "application/x-extension-shtml" = "firefox.desktop"; 20 | "application/x-extension-xht" = "firefox.desktop"; 21 | "application/x-extension-xhtml" = "firefox.desktop"; 22 | "application/xhtml+xml" = "firefox.desktop"; 23 | "text/html" = "firefox.desktop"; 24 | "x-scheme-handler/chrome" = "firefox.desktop"; 25 | "x-scheme-handler/http" = "firefox.desktop"; 26 | "x-scheme-handler/https" = "firefox.desktop"; 27 | }; 28 | 29 | home.packages = with pkgs; [ 30 | wl-clipboard 31 | wdisplays 32 | wlr-randr 33 | xdg-utils 34 | kitty 35 | gimp 36 | 37 | vlc 38 | tdesktop 39 | element-desktop 40 | monero-gui 41 | calibre 42 | xournal 43 | yt-dlp 44 | # inputs.zed 45 | ] ++ lib.optionals (pkgs.system == "x86_64-linux") [ 46 | spotify 47 | signal-desktop 48 | tor-browser-bundle-bin 49 | discord 50 | zoom-us 51 | slack 52 | cool-retro-term 53 | openshot-qt 54 | ]; 55 | 56 | # gtk = { 57 | # enable = true; 58 | # theme = { 59 | # package = pkgs.flat-remix-gtk; 60 | # name = "Flat-Remix-GTK-Grey-Darkest"; 61 | # }; 62 | 63 | # iconTheme = { 64 | # package = pkgs.gnome.adwaita-icon-theme; 65 | # name = "Adwaita"; 66 | # }; 67 | 68 | # font = { 69 | # name = "Sans"; 70 | # size = 11; 71 | # }; 72 | # }; 73 | 74 | } 75 | -------------------------------------------------------------------------------- /home/headless.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | { 4 | programs.gpg = { 5 | enable = true; 6 | settings = { 7 | use-agent = true; 8 | }; 9 | }; 10 | 11 | services.gpg-agent = { 12 | enable = true; 13 | enableSshSupport = true; 14 | enableExtraSocket = true; 15 | sshKeys = [ "EEB6A2D42BF04599AFEF0E9C104AB9B2E16AE31D" ]; 16 | pinentryPackage = pkgs.pinentry-curses; 17 | }; 18 | } 19 | -------------------------------------------------------------------------------- /home/hostid.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | let 3 | cfg = config.hostId; 4 | in 5 | { 6 | options = { 7 | hostId = lib.mkOption { 8 | default = null; 9 | description = '' 10 | Host identifier 11 | ''; 12 | }; 13 | }; 14 | } 15 | -------------------------------------------------------------------------------- /home/hyprland.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, inputs, ... }: 2 | 3 | { 4 | 5 | home.packages = with pkgs; [ 6 | kitty 7 | alacritty 8 | grimblast 9 | rofi 10 | ]; 11 | 12 | wayland.windowManager.hyprland = { 13 | enable = true; 14 | # package = pkgs.hyprland.override ({ 15 | # wlroots = null; 16 | # }); 17 | plugins = [ 18 | # hyprland-plugins.packages.${pkgs.system}.hyprbars 19 | ]; 20 | 21 | settings = { 22 | # monitor = ",highrr,auto,1"; 23 | monitor = "DVI-I-1,3840x2160@60.00Hz,auto,1"; 24 | "$mod" = "ALT"; 25 | bind = 26 | [ 27 | "mod SHIFT, Q, exec, exit" 28 | "$mod, F, exec, firefox" 29 | "$mod, T, exec, alacritty" 30 | "$mod, D, exec, rofi -show combi" 31 | "$mod, Enter, exec, alacritty" 32 | ", Print, exec, grimblast copy area" 33 | ] 34 | ++ ( 35 | # workspaces 36 | # binds $mod + [shift +] {1..10} to [move to] workspace {1..10} 37 | builtins.concatLists (builtins.genList 38 | ( 39 | x: 40 | let 41 | ws = 42 | let 43 | c = (x + 1) / 10; 44 | in 45 | builtins.toString (x + 1 - (c * 10)); 46 | in 47 | [ 48 | "$mod, ${ws}, workspace, ${toString (x + 1)}" 49 | "$mod SHIFT, ${ws}, movetoworkspace, ${toString (x + 1)}" 50 | ] 51 | ) 52 | 10) 53 | ); 54 | }; 55 | 56 | }; 57 | } 58 | -------------------------------------------------------------------------------- /home/laptop.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, lib, ... }: { 2 | 3 | home.packages = with pkgs; [ 4 | wdisplays 5 | ]; 6 | 7 | # services.gammastep = { 8 | # enable = true; 9 | # provider = "geoclue2"; 10 | # tray = true; 11 | # settings.general = { 12 | # brightness-day = 1.0; 13 | # brightness-night = 0.4; 14 | # }; 15 | # }; 16 | 17 | systemd.user.services = { 18 | geoclue-agent = { 19 | Unit = { 20 | Before = [ "gammastep.service" ]; 21 | Description = "Geoclue agent"; 22 | }; 23 | Service = { 24 | Type = "exec"; 25 | ExecStart = "${pkgs.geoclue2.override { withDemoAgent = true;}}/libexec/geoclue-2.0/demos/agent"; 26 | Restart = "on-failure"; 27 | PrivateTmp = true; 28 | }; 29 | Install.WantedBy = [ "default.target" ]; 30 | }; 31 | }; 32 | 33 | 34 | } 35 | -------------------------------------------------------------------------------- /home/linux.nix: -------------------------------------------------------------------------------- 1 | { pkgs, lib, config, ... }: 2 | 3 | { 4 | xdg.enable = true; 5 | 6 | services.lorri.enable = true; 7 | 8 | systemd.user.services.lorri.Service = { 9 | ProtectHome = lib.mkForce "false"; 10 | ProtectSystem = lib.mkForce "full"; 11 | }; 12 | 13 | home.packages = with pkgs; [ 14 | ccid 15 | yubikey-manager 16 | opensc 17 | pcsctools 18 | bridge-utils 19 | ghostty.terminfo 20 | ]; 21 | 22 | services.keybase = { 23 | enable = true; 24 | }; 25 | 26 | } 27 | -------------------------------------------------------------------------------- /home/starship.nix: -------------------------------------------------------------------------------- 1 | { lib, ... }: { 2 | programs.starship = { 3 | enable = true; 4 | enableBashIntegration = false; 5 | enableFishIntegration = false; 6 | settings = { 7 | add_newline = false; 8 | format = lib.concatStrings [ 9 | "$username" 10 | "$hostname" 11 | "$directory" 12 | "$git_branch" 13 | "$git_commit" 14 | "$git_state" 15 | "$git_status" 16 | "$package" 17 | "$haskell" 18 | "$python" 19 | "$rust" 20 | "$nix_shell" 21 | "$line_break" 22 | "$jobs" 23 | "$character" 24 | ]; 25 | nix_shell.symbol = "❄️ "; 26 | }; 27 | }; 28 | } -------------------------------------------------------------------------------- /home/thunderbird.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: 2 | 3 | { 4 | programs.thunderbird = { 5 | enable = true; 6 | profiles.default = { 7 | isDefault = true; 8 | }; 9 | }; 10 | } 11 | -------------------------------------------------------------------------------- /home/vim.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | { 4 | 5 | home.sessionVariables = { 6 | EDITOR = "vim"; 7 | }; 8 | 9 | home.packages = with pkgs; [ 10 | fzf 11 | fd 12 | ]; 13 | 14 | programs.vim = { 15 | enable = true; 16 | plugins = with pkgs.vimPlugins; [ 17 | vim-airline 18 | editorconfig-vim 19 | vim-nix 20 | rust-vim 21 | fzf-vim 22 | gitgutter 23 | ale 24 | 25 | vim-test 26 | denite 27 | denite-extra 28 | ]; 29 | settings = { ignorecase = true; }; 30 | extraConfig = '' 31 | set mouse=a 32 | set laststatus=2 33 | set noshowmode 34 | set number 35 | 36 | nmap t :TestNearest 37 | nmap t :TestFile 38 | nmap t :TestSuite 39 | nmap t :TestLast 40 | nmap t :TestVisit 41 | 42 | nnoremap :Files 43 | 44 | let g:rustfmt_autosave = 1 45 | let g:racer_cmd = "/run/current-system/sw/bin/racer" 46 | ''; 47 | 48 | }; 49 | 50 | } 51 | -------------------------------------------------------------------------------- /home/vim/default.nix: -------------------------------------------------------------------------------- 1 | { lib, pkgs, ... }: { 2 | 3 | home = { 4 | sessionVariables = rec { 5 | EDITOR = "nvim"; 6 | VISUAL = EDITOR; 7 | }; 8 | shellAliases = { vi = "nvim"; vim = "nvim"; }; 9 | packages = with pkgs; [ 10 | nixpkgs-fmt 11 | statix 12 | 13 | # Lua 14 | stylua 15 | (luajit.withPackages (p: with p; [ luacheck ])) 16 | sumneko-lua-language-server 17 | 18 | # Shell 19 | shellcheck 20 | shfmt 21 | 22 | # GitHub Actions 23 | act 24 | actionlint 25 | python3Packages.pyflakes 26 | shellcheck 27 | 28 | # Misc 29 | jq 30 | pre-commit 31 | rage 32 | ]; 33 | }; 34 | 35 | programs = { 36 | git.extraConfig.core.editor = "nvim"; 37 | 38 | neovim = { 39 | enable = true; 40 | 41 | plugins = with pkgs.vimPlugins; [ 42 | # ui 43 | bufferline-nvim 44 | feline-nvim 45 | gitsigns-nvim 46 | indent-blankline-nvim 47 | lsp-colors-nvim 48 | lsp_signature-nvim 49 | neovim-ayu 50 | numb-nvim 51 | nvim-lightbulb 52 | nvim-navic 53 | nvim-treesitter-context 54 | nvim-web-devicons 55 | stabilize-nvim 56 | todo-comments-nvim 57 | trouble-nvim 58 | true-zen-nvim 59 | 60 | # tooling 61 | nvim-bufdel 62 | rust-tools-nvim 63 | vim-suda 64 | tabular 65 | telescope-frecency-nvim 66 | telescope-nvim 67 | vim-better-whitespace 68 | vim-commentary 69 | vim-fugitive 70 | vim-gist 71 | vim-rhubarb 72 | vim-sleuth 73 | vim-surround 74 | vim-tmux-navigator 75 | vim-visual-multi 76 | 77 | # completion 78 | cmp-buffer 79 | cmp-cmdline 80 | cmp-latex-symbols 81 | cmp-nvim-lsp 82 | cmp-nvim-lua 83 | cmp-path 84 | cmp-treesitter 85 | cmp_luasnip 86 | crates-nvim 87 | null-ls-nvim 88 | lspkind-nvim 89 | luasnip 90 | nvim-autopairs 91 | nvim-cmp 92 | nvim-lspconfig 93 | snippets-nvim 94 | 95 | # syntax 96 | editorconfig-vim 97 | lalrpop-vim 98 | vim-nix 99 | vim-polyglot 100 | ] 101 | ++ lib.optional (lib.elem pkgs.hostPlatform.system pkgs.tabnine.meta.platforms) cmp-tabnine 102 | ; 103 | }; 104 | }; 105 | 106 | # xdg.configFile."nvim/lua".source = ./lua; 107 | # xdg.configFile."nvim/init.lua".source = ./init.lua; 108 | } 109 | -------------------------------------------------------------------------------- /home/vim/lua/completion.lua: -------------------------------------------------------------------------------- 1 | -- Set completeopt to have a better completion experience 2 | vim.o.completeopt = "menuone,noselect" 3 | 4 | local has_words_before = function() 5 | local line, col = unpack(vim.api.nvim_win_get_cursor(0)) 6 | return col ~= 0 and vim.api.nvim_buf_get_lines(0, line - 1, line, true)[1]:sub(col, col):match("%s") == nil 7 | end 8 | 9 | -- luasnip setup 10 | local luasnip = require("luasnip") 11 | 12 | -- nvim-cmp setup 13 | local cmp = require("cmp") 14 | cmp.setup({ 15 | snippet = { 16 | expand = function(args) 17 | require("luasnip").lsp_expand(args.body) 18 | end, 19 | }, 20 | mapping = { 21 | [""] = cmp.mapping.select_prev_item(), 22 | [""] = cmp.mapping.select_next_item(), 23 | [""] = cmp.mapping.scroll_docs(-4), 24 | [""] = cmp.mapping.scroll_docs(4), 25 | [""] = cmp.mapping.complete(), 26 | [""] = cmp.mapping.close(), 27 | [""] = cmp.mapping.close(), 28 | [""] = cmp.mapping.confirm({ 29 | behavior = cmp.ConfirmBehavior.Replace, 30 | select = true, 31 | }), 32 | [""] = cmp.mapping(function(fallback) 33 | if cmp.visible() then 34 | cmp.select_next_item() 35 | elseif luasnip.expand_or_jumpable() then 36 | luasnip.expand_or_jump() 37 | elseif has_words_before() then 38 | cmp.complete() 39 | else 40 | fallback() 41 | end 42 | end, { "i", "s" }), 43 | 44 | [""] = cmp.mapping(function(fallback) 45 | if cmp.visible() then 46 | cmp.select_prev_item() 47 | elseif luasnip.jumpable(-1) then 48 | luasnip.jump(-1) 49 | else 50 | fallback() 51 | end 52 | end, { "i", "s" }), 53 | }, 54 | formatting = { 55 | format = function(entry, vim_item) 56 | vim_item.kind = require("lspkind").presets.default[vim_item.kind] .. " " .. vim_item.kind 57 | vim_item.menu = ({ 58 | buffer = "[Buffer]", 59 | cmp_tabnine = "[TN]", 60 | luasnip = "[Snip]", 61 | nvim_lsp = "[LSP]", 62 | nvim_lua = "[Lua]", 63 | path = "[Path]", 64 | })[entry.source.name] 65 | return vim_item 66 | end, 67 | }, 68 | sources = { 69 | { name = "nvim_lsp" }, 70 | { name = "luasnip" }, 71 | { name = "cmp_tabnine" }, 72 | { name = "treesitter" }, 73 | { name = "nvim_lua" }, 74 | { name = "buffer" }, 75 | { name = "path" }, 76 | { name = "latex_symbols" }, 77 | }, 78 | }) 79 | 80 | cmp.setup.cmdline(":", { 81 | sources = { 82 | { name = "cmdline" }, 83 | }, 84 | }) 85 | 86 | cmp.setup.cmdline("/", { 87 | sources = { 88 | { name = "buffer" }, 89 | }, 90 | }) 91 | 92 | vim.api.nvim_create_autocmd("BufRead", { 93 | group = vim.api.nvim_create_augroup("CmpSourceCargo", { clear = true }), 94 | pattern = "Cargo.toml", 95 | callback = function() 96 | cmp.setup.buffer({ sources = { { name = "crates" } } }) 97 | end, 98 | }) 99 | -------------------------------------------------------------------------------- /home/vim/lua/lsp.lua: -------------------------------------------------------------------------------- 1 | local nvim_lsp = require("lspconfig") 2 | local navic = require("nvim-navic") 3 | local lsp_signature = require("lsp_signature") 4 | 5 | local flags = { debounce_text_changes = 150 } 6 | 7 | local capabilities = {} 8 | -- snippet support 9 | capabilities = vim.tbl_extend("keep", capabilities, require("cmp_nvim_lsp").default_capabilities()) 10 | 11 | -- support crates and LSP 12 | vim.api.nvim_set_keymap( 13 | "n", 14 | "K", 15 | [[lua require("utils").show_documentation()]], 16 | { noremap = true, silent = true } 17 | ) 18 | 19 | -- bindings 20 | local on_attach = function(client, bufnr) 21 | vim.api.nvim_buf_set_option(bufnr, "omnifunc", "v:lua.vim.lsp.omnifunc") 22 | 23 | local map = vim.api.nvim_buf_set_keymap 24 | local opts = { noremap = true, silent = true } 25 | map(bufnr, "n", "gD", "lua vim.lsp.buf.declaration()", opts) 26 | map(bufnr, "n", "gd", "lua vim.lsp.buf.definition()", opts) 27 | map(bufnr, "n", "gi", "lua vim.lsp.buf.implementation()", opts) 28 | map(bufnr, "n", "", "lua vim.lsp.buf.signature_help()", opts) 29 | map(bufnr, "n", "wa", "lua vim.lsp.buf.add_workspace_folder()", opts) 30 | map(bufnr, "n", "wr", "lua vim.lsp.buf.remove_workspace_folder()", opts) 31 | map(bufnr, "n", "wl", "lua print(vim.inspect(vim.lsp.buf.list_workspace_folders()))", opts) 32 | map(bufnr, "n", "D", "lua vim.lsp.buf.type_definition()", opts) 33 | map(bufnr, "n", "rn", "lua vim.lsp.buf.rename()", opts) 34 | map(bufnr, "n", "gr", "lua vim.lsp.buf.references()", opts) 35 | map(bufnr, "n", "ca", "lua vim.lsp.buf.code_action()", opts) 36 | map(bufnr, "n", "e", "lua vim.lsp.diagnostic.show_line_diagnostics()", opts) 37 | map(bufnr, "n", "[d", "lua vim.lsp.diagnostic.goto_prev()", opts) 38 | map(bufnr, "n", "]d", "lua vim.lsp.diagnostic.goto_next()", opts) 39 | map(bufnr, "n", "q", "lua vim.lsp.diagnostic.set_loclist()", opts) 40 | 41 | lsp_signature.on_attach({}, bufnr) 42 | navic.attach(client, bufnr) 43 | end 44 | 45 | -- Enable the following language servers 46 | local servers = { "clangd", "pyright", "texlab", "tsserver", "rnix", "metals", "ltex" } 47 | for _, lsp in ipairs(servers) do 48 | nvim_lsp[lsp].setup({ on_attach = on_attach, capabilities = capabilities, flags = flags }) 49 | end 50 | 51 | nvim_lsp["sumneko_lua"].setup({ 52 | on_attach = on_attach, 53 | capabilities = capabilities, 54 | flags = flags, 55 | cmd = { "lua-language-server" }, 56 | settings = { 57 | Lua = { 58 | runtime = { 59 | -- Tell the language server which version of Lua you're using (most likely LuaJIT in the case of Neovim) 60 | version = "LuaJIT", 61 | -- Setup your lua path 62 | -- path = runtime_path, 63 | }, 64 | diagnostics = { 65 | -- Get the language server to recognize the `vim` global 66 | globals = { "vim" }, 67 | }, 68 | workspace = { 69 | -- Make the server aware of Neovim runtime files 70 | library = vim.api.nvim_get_runtime_file("", true), 71 | }, 72 | -- Do not send telemetry data containing a randomized but unique identifier 73 | telemetry = { 74 | enable = false, 75 | }, 76 | }, 77 | }, 78 | }) 79 | 80 | -- Map :Format to vim.lsp.buf.formatting() 81 | vim.cmd([[ command! Format execute "lua vim.lsp.buf.format({ async = true })" ]]) 82 | 83 | vim.cmd([[autocmd CursorHold,CursorHoldI * lua require'nvim-lightbulb'.update_lightbulb()]]) 84 | 85 | vim.cmd([[autocmd BufWritePre lua vim.lsp.buf.formatting_sync()]]) 86 | 87 | return { on_attach = on_attach, capabilities = capabilities, flags = flags } 88 | -------------------------------------------------------------------------------- /home/vim/lua/treesitter.lua: -------------------------------------------------------------------------------- 1 | -- Treesitter configuration 2 | -- Parsers must be installed manually via :TSInstall 3 | require("nvim-treesitter.configs").setup({ 4 | highlight = { 5 | enable = true, -- false will disable the whole extension 6 | }, 7 | incremental_selection = { 8 | enable = true, 9 | keymaps = { 10 | init_selection = "gnn", 11 | node_incremental = "grn", 12 | scope_incremental = "grc", 13 | node_decremental = "grm", 14 | }, 15 | }, 16 | indent = { 17 | enable = true, 18 | }, 19 | textobjects = { 20 | select = { 21 | enable = true, 22 | lookahead = true, -- Automatically jump forward to textobj, similar to targets.vim 23 | keymaps = { 24 | -- You can use the capture groups defined in textobjects.scm 25 | ["af"] = "@function.outer", 26 | ["if"] = "@function.inner", 27 | ["ac"] = "@class.outer", 28 | ["ic"] = "@class.inner", 29 | }, 30 | }, 31 | move = { 32 | enable = true, 33 | set_jumps = true, -- whether to set jumps in the jumplist 34 | goto_next_start = { 35 | ["]m"] = "@function.outer", 36 | ["]]"] = "@class.outer", 37 | }, 38 | goto_next_end = { 39 | ["]M"] = "@function.outer", 40 | ["]["] = "@class.outer", 41 | }, 42 | goto_previous_start = { 43 | ["[m"] = "@function.outer", 44 | ["[["] = "@class.outer", 45 | }, 46 | goto_previous_end = { 47 | ["[M"] = "@function.outer", 48 | ["[]"] = "@class.outer", 49 | }, 50 | }, 51 | }, 52 | }) 53 | 54 | require("treesitter-context").setup() 55 | -------------------------------------------------------------------------------- /home/vim/lua/utils.lua: -------------------------------------------------------------------------------- 1 | -- Setup Environment ------------------------------------------------------------------------------- 2 | local vim = vim 3 | 4 | -- Clear environment 5 | local _ENV = {} -- luacheck: ignore 6 | 7 | -- Init module 8 | local M = {} 9 | 10 | function M.map(mode, lhs, rhs, opts) 11 | local options = { noremap = true } 12 | if opts then 13 | options = vim.tbl_extend("force", options, opts) 14 | end 15 | vim.api.nvim_set_keymap(mode, lhs, rhs, options) 16 | end 17 | 18 | function M.show_documentation() 19 | local filetype = vim.bo.filetype 20 | if vim.tbl_contains({ "vim", "help" }, filetype) then 21 | vim.cmd("h " .. vim.fn.expand("")) 22 | elseif vim.tbl_contains({ "man" }, filetype) then 23 | vim.cmd("Man " .. vim.fn.expand("")) 24 | elseif vim.fn.expand("%:t") == "Cargo.toml" then 25 | require("crates").show_popup() 26 | else 27 | vim.lsp.buf.hover() 28 | end 29 | end 30 | 31 | return M 32 | -------------------------------------------------------------------------------- /home/vscode-server.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, lib, inputs, ... }: { 2 | 3 | imports = [ 4 | ./vscode.nix 5 | ./development.nix 6 | inputs.vscode-server.homeModules.default 7 | ]; 8 | 9 | services.vscode-server = { 10 | enable = true; 11 | }; 12 | } 13 | -------------------------------------------------------------------------------- /home/vscode.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, lib, ... }: { 2 | 3 | imports = [ ./development.nix ]; 4 | 5 | home.packages = with pkgs; [ 6 | nixpkgs-fmt 7 | ]; 8 | 9 | programs.vscode = { 10 | enable = true; 11 | mutableExtensionsDir = false; 12 | userSettings = { 13 | "update.mode" = "none"; 14 | "extensions.autoUpdate" = false; 15 | "explorer.confirmDelete" = false; 16 | "workbench.colorTheme" = "Pitch Black"; 17 | "editor.formatOnSave" = true; 18 | "editor.formatOnType" = true; 19 | "editor.inlineSuggest.enabled" = true; 20 | "editor.codeActionsOnSave" = { 21 | "source.fixAll" = "explicit"; 22 | "source.organizeImports" = "explicit"; 23 | }; 24 | "[rust]" = { 25 | "editor.defaultFormatter" = "rust-lang.rust-analyzer"; 26 | "editor.formatOnSave" = true; 27 | }; 28 | "[python]" = { 29 | "editor.defaultFormatter" = "charliermarsh.ruff"; 30 | }; 31 | "remote.SSH.enableX11Forwarding" = false; 32 | "ruff.nativeServer" = true; 33 | }; 34 | extensions = with pkgs.vscode-extensions; [ 35 | jnoortheen.nix-ide 36 | hashicorp.terraform 37 | viktorqvarfordt.vscode-pitch-black-theme 38 | github.copilot 39 | rust-lang.rust-analyzer 40 | ms-vscode-remote.remote-ssh 41 | ms-python.python 42 | charliermarsh.ruff 43 | mkhl.direnv 44 | zxh404.vscode-proto3 45 | humao.rest-client 46 | continue.continue 47 | ]; 48 | }; 49 | 50 | } 51 | -------------------------------------------------------------------------------- /home/waybar.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, lib, ... }: 2 | 3 | { 4 | programs.waybar = { 5 | enable = true; 6 | systemd.enable = true; 7 | style = '' 8 | ${builtins.readFile "${pkgs.waybar}/etc/xdg/waybar/style.css"} 9 | 10 | window#waybar { 11 | background: transparent; 12 | border-bottom: none; 13 | } 14 | 15 | * { 16 | ${if config.hostId == "yoga" then '' 17 | font-size: 18px; 18 | '' else '' 19 | 20 | ''} 21 | } 22 | ''; 23 | settings = [{ 24 | height = 30; 25 | layer = "top"; 26 | position = "bottom"; 27 | tray = { spacing = 10; }; 28 | modules-center = [ "sway/window" ]; 29 | modules-left = [ "sway/workspaces" "sway/mode" ]; 30 | modules-right = [ 31 | "pulseaudio" 32 | "network" 33 | "cpu" 34 | "memory" 35 | "temperature" 36 | ] ++ (if config.hostId == "yoga" then [ "battery" ] else [ ]) 37 | ++ [ 38 | "clock" 39 | "tray" 40 | ]; 41 | battery = { 42 | format = "{capacity}% {icon}"; 43 | format-alt = "{time} {icon}"; 44 | format-charging = "{capacity}% "; 45 | format-icons = [ "" "" "" "" "" ]; 46 | format-plugged = "{capacity}% "; 47 | states = { 48 | critical = 15; 49 | warning = 30; 50 | }; 51 | }; 52 | clock = { 53 | format-alt = "{:%Y-%m-%d}"; 54 | tooltip-format = "{:%Y-%m-%d | %H:%M}"; 55 | }; 56 | cpu = { 57 | format = "{usage}% "; 58 | tooltip = false; 59 | }; 60 | memory = { format = "{}% "; }; 61 | network = { 62 | interval = 1; 63 | format-alt = "{ifname}: {ipaddr}/{cidr}"; 64 | format-disconnected = "Disconnected ⚠"; 65 | format-ethernet = "{ifname}: {ipaddr}/{cidr}  up: {bandwidthUpBits} down: {bandwidthDownBits}"; 66 | format-linked = "{ifname} (No IP) "; 67 | format-wifi = "{essid} ({signalStrength}%) "; 68 | }; 69 | pulseaudio = { 70 | format = "{volume}% {icon} {format_source}"; 71 | format-bluetooth = "{volume}% {icon} {format_source}"; 72 | format-bluetooth-muted = " {icon} {format_source}"; 73 | format-icons = { 74 | car = ""; 75 | default = [ "" "" "" ]; 76 | handsfree = ""; 77 | headphones = ""; 78 | headset = ""; 79 | phone = ""; 80 | portable = ""; 81 | }; 82 | format-muted = " {format_source}"; 83 | format-source = "{volume}% "; 84 | format-source-muted = ""; 85 | on-click = "pavucontrol"; 86 | }; 87 | "sway/mode" = { format = ''{}''; }; 88 | temperature = { 89 | critical-threshold = 80; 90 | format = "{temperatureC}°C {icon}"; 91 | format-icons = [ "" "" "" ]; 92 | }; 93 | }]; 94 | }; 95 | } 96 | -------------------------------------------------------------------------------- /home/zed.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | { 4 | programs.zed-editor = 5 | let 6 | bins = with pkgs; [ 7 | nixd 8 | nixfmt-rfc-style 9 | prettierd 10 | nodejs 11 | nodePackages.prettier 12 | vscode-langservers-extracted 13 | ]; 14 | libraries = with pkgs; [ 15 | stdenv.cc.cc 16 | zlib 17 | openssl 18 | ]; 19 | in 20 | { 21 | enable = true; 22 | # package = with pkgs; writeShellScriptBin "zed" '' 23 | # export PATH=${lib.makeBinPath bins}:$PATH 24 | # export LD_LIBRARY_PATH=${lib.makeLibraryPath libraries} 25 | # export NIX_LD_LIBRARY_PATH=${lib.makeLibraryPath libraries} 26 | # export NIX_LD=${stdenv.cc.bintools.dynamicLinker} 27 | # exec ${zed-editor}/bin/zed "$@" 28 | # ''; 29 | userSettings = { 30 | features = { 31 | copilot = true; 32 | inline_completion_provider = "copilot"; 33 | }; 34 | assistant = { 35 | version = "2"; 36 | default_model = { 37 | provider = "anthropic"; 38 | model = "claude-3-5-sonnet-latest"; 39 | }; 40 | }; 41 | lsp = { 42 | rust-analyzer = { 43 | binary = { path_lookup = true; }; 44 | }; 45 | }; 46 | telemetry = { 47 | metrics = false; 48 | }; 49 | vim_mode = false; 50 | ui_font_size = 16; 51 | buffer_font_size = 16; 52 | theme = { 53 | mode = "system"; 54 | light = "Andromeda"; 55 | dark = "One Dark"; 56 | }; 57 | ssh_connections = [ 58 | { 59 | host = "trex.satanic.link"; 60 | } 61 | ]; 62 | }; 63 | userKeymaps = [ 64 | { bindings = { up = "menu::SelectPrev"; }; } 65 | { 66 | context = "Editor"; 67 | bindings = { escape = "editor::Cancel"; }; 68 | } 69 | ]; 70 | }; 71 | 72 | } 73 | -------------------------------------------------------------------------------- /home/zsh.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | { 4 | 5 | programs.zsh = { 6 | enable = true; 7 | # autosuggestion.enable = true; 8 | # enableCompletion = true; 9 | # syntaxHighlighting.enable = true; 10 | enableVteIntegration = true; 11 | autocd = true; 12 | dotDir = ".config/zsh"; 13 | history = { 14 | expireDuplicatesFirst = true; 15 | extended = true; 16 | ignoreDups = true; 17 | # path = "${config.xdg.dataHome}/zsh/history"; 18 | save = 10000; 19 | share = true; 20 | }; 21 | envExtra = '' 22 | export LESSHISTFILE="${config.xdg.dataHome}/less_history" 23 | export CARGO_HOME="${config.xdg.cacheHome}/cargo" 24 | ''; 25 | 26 | initExtra = '' 27 | # make nix-shell use zsh 28 | ${pkgs.any-nix-shell}/bin/any-nix-shell zsh | source /dev/stdin 29 | ''; 30 | 31 | shellAliases = { 32 | cat = "bat"; 33 | ll = "eza -la"; 34 | pyclean = "find . | grep -E '(__pycache__|\.pyc|\.pyo$)' | xargs rm -rf"; 35 | pc = "pycharm-community . > /dev/null 2>&1 &"; 36 | }; 37 | 38 | plugins = [ 39 | { 40 | # https://github.com/softmoth/zsh-vim-mode 41 | name = "zsh-vim-mode"; 42 | file = "zsh-vim-mode.plugin.zsh"; 43 | src = pkgs.fetchFromGitHub { 44 | owner = "softmoth"; 45 | repo = "zsh-vim-mode"; 46 | rev = "abef0c0c03506009b56bb94260f846163c4f287a"; 47 | sha256 = "0cnjazclz1kyi13m078ca2v6l8pg4y8jjrry6mkvszd383dx1wib"; 48 | }; 49 | } 50 | { 51 | # https://github.com/hlissner/zsh-autopair 52 | name = "zsh-autopair"; 53 | file = "zsh-autopair.plugin.zsh"; 54 | src = pkgs.fetchFromGitHub { 55 | owner = "hlissner"; 56 | repo = "zsh-autopair"; 57 | rev = "34a8bca0c18fcf3ab1561caef9790abffc1d3d49"; 58 | sha256 = "1h0vm2dgrmb8i2pvsgis3lshc5b0ad846836m62y8h3rdb3zmpy1"; 59 | }; 60 | } 61 | { 62 | # https://github.com/zsh-users/zsh-history-substring-search 63 | name = "zsh-history-substring-search"; 64 | file = "zsh-history-substring-search.plugin.zsh"; 65 | src = pkgs.fetchFromGitHub { 66 | owner = "zsh-users"; 67 | repo = "zsh-history-substring-search"; 68 | rev = "0f80b8eb3368b46e5e573c1d91ae69eb095db3fb"; 69 | sha256 = "0y8va5kc2ram38hbk2cibkk64ffrabfv1sh4xm7pjspsba9n5p1y"; 70 | }; 71 | } 72 | ]; 73 | }; 74 | 75 | } 76 | -------------------------------------------------------------------------------- /lib/deploy.nix: -------------------------------------------------------------------------------- 1 | { self 2 | , hosts 3 | , modules ? [ ] 4 | }: 5 | 6 | let 7 | inherit (self.inputs) nixpkgs; 8 | inherit (self) nixosConfigurations; 9 | 10 | helpers = system: 11 | let 12 | inherit (nixpkgs.lib) concatMapStrings; 13 | inherit (nixpkgs.legacyPackages.${system}) pkgs; 14 | 15 | sshKnownHostsTxt = pkgs.writeText "known_hosts" (concatMapStrings 16 | (hostName: 17 | let m = nixosConfigurations.${hostName}.config.sconfig; 18 | in concatMapStrings (key: "${m.deployment.tarerigonost} ${key}\n") m.sshPublicKeys 19 | ) 20 | (builtins.attrNames nixosConfigurations) 21 | ); 22 | 23 | hostSshConfigs = concatMapStrings 24 | (hostName: '' 25 | Host ${hostName} 26 | HostName ${nixosConfigurations.${hostName}.config.sconfig.deployment.tarerigonost} 27 | '') 28 | (builtins.attrNames nixosConfigurations); 29 | 30 | sshConfig = pkgs.writeText "ssh_config" '' 31 | StrictHostKeyChecking yes 32 | GlobalKnownHostsFile ${sshKnownHostsTxt} 33 | ${hostSshConfigs} 34 | Host * 35 | User root 36 | ''; 37 | 38 | jump = pkgs.writeShellScript "jump" '' 39 | set -eu 40 | echo ${self} 41 | ip="$(nix eval --raw ".#nixosConfigurations.\"$1\".config.sconfig.deployment.tarerigonost")" 42 | NIX_SSHOPTS="-F${sshConfig}" nix copy --to ssh://root@$ip ${self} 43 | exec ssh -oForwardAgent=yes -F"${sshConfig}" "root@$ip" -t "cd ${self}; nix develop" 44 | ''; 45 | 46 | livecd-deploy = pkgs.writeShellScript "livecd-deploy" '' 47 | set -eux 48 | config=".#nixosConfigurations.\"$1\".config" 49 | ip="$(nix eval --raw "$config.sconfig.deployment.tarerigonost")" 50 | ssh-copy-id root@$ip 51 | sys="$(nix eval --raw "$config.system.build.toplevel")" 52 | nix build "$config.system.build.toplevel" --out-link "$(mktemp -d)/result" 53 | nix copy --to ssh://root@$ip?remote-store=local?root=/mnt "$sys" 54 | ssh root@$ip nix-env --store /mnt -p /mnt/nix/var/nix/profiles/system --set "$sys" 55 | ssh root@$ip mkdir /mnt/etc 56 | ssh root@$ip touch /mnt/etc/NIXOS 57 | ssh root@$ip ln -sfn /proc/mounts /mnt/etc/mtab 58 | ssh root@$ip NIXOS_INSTALL_BOOTLOADER=1 nixos-enter \ 59 | --root /mnt -- /run/current-system/bin/switch-to-configuration boot 60 | ''; 61 | 62 | check-updates = pkgs.writeShellScript "check-updates" '' 63 | set -eu 64 | export SSH_CONFIG_FILE=${sshConfig} 65 | c="${pkgs.colmena}/bin/colmena" 66 | j="$($c eval -E '{nodes,...}: builtins.mapAttrs (n: v: v.config.system.build.toplevel) nodes')" 67 | $c exec -- '[ "$(echo '"'$j'"' | jq -r .\"$(hostname)\")" = "$(readlink /run/current-system)" ]' 68 | ''; 69 | 70 | check-reboots = pkgs.writeShellScript "check-reboots" '' 71 | set -eu 72 | export SSH_CONFIG_FILE=${sshConfig} 73 | c="${pkgs.colmena}/bin/colmena" 74 | $c exec -- '[ "$(readlink /run/booted-system/kernel)" = "$(readlink /run/current-system/kernel)" ]' 75 | ''; 76 | 77 | in 78 | { inherit check-updates check-reboots jump livecd-deploy pkgs sshConfig; }; 79 | 80 | in 81 | { 82 | devShell = system: with helpers system; 83 | pkgs.mkShell { 84 | buildInputs = [ pkgs.colmena ]; 85 | shellHook = '' 86 | export SSH_CONFIG_FILE=${sshConfig} 87 | alias ssh='ssh -F${sshConfig}' 88 | alias jump=${jump} 89 | alias check-updates=${check-updates} 90 | alias check-reboots=${check-reboots} 91 | alias livecd-deploy=${livecd-deploy} 92 | alias c=colmena 93 | ''; 94 | }; 95 | 96 | 97 | colmena = 98 | { meta.nixpkgs = nixpkgs.legacyPackages."x86_64-linux"; } // 99 | builtins.mapAttrs 100 | (name: value: { 101 | imports = value.modules ++ [ 102 | ({ config, ... }: { inherit (config.sconfig) deployment; }) 103 | ]; 104 | }) 105 | (hosts); 106 | } 107 | -------------------------------------------------------------------------------- /lib/hardware.nix: -------------------------------------------------------------------------------- 1 | modulesPath: { 2 | physical = { lib, ... }: lib.mkMerge 3 | [ 4 | (import "${modulesPath}/installer/scan/not-detected.nix" { inherit lib; }) 5 | ]; 6 | 7 | qemu = { lib, ... }: lib.mkMerge 8 | [ 9 | (import "${modulesPath}/profiles/qemu-guest.nix" { }) 10 | { services.qemuGuest.enable = true; } 11 | ]; 12 | 13 | vmware = { lib, ... }: lib.mkMerge 14 | [ 15 | { virtualisation.vmware.guest.enable = true; } 16 | { boot.initrd.availableKernelModules = [ "mptspi" ]; } 17 | ]; 18 | } 19 | -------------------------------------------------------------------------------- /machines/aarch64/air/default.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, lib, inputs, ... }: 2 | 3 | { 4 | imports = 5 | [ 6 | ../../../profiles/common.nix 7 | ../../../profiles/graphical.nix 8 | ../../../services/buildfarm-slave.nix 9 | inputs.apple-silicon.nixosModules.default 10 | ]; 11 | 12 | 13 | fileSystems."/" = 14 | { 15 | device = "/dev/disk/by-uuid/12e505b1-6ba5-46e6-b1cb-ae0d42044231"; 16 | fsType = "ext4"; 17 | }; 18 | 19 | fileSystems."/boot" = 20 | { 21 | device = "/dev/disk/by-uuid/2A39-1614"; 22 | fsType = "vfat"; 23 | }; 24 | 25 | services.prometheus.exporters = { 26 | node = { 27 | enable = true; 28 | openFirewall = true; 29 | }; 30 | }; 31 | 32 | networking.useDHCP = lib.mkDefault true; 33 | 34 | nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux"; 35 | powerManagement.cpuFreqGovernor = lib.mkDefault "ondemand"; 36 | # high-resolution display 37 | # hardware.video.hidpi.enable = lib.mkDefault true; 38 | 39 | # Use the systemd-boot EFI boot loader. 40 | boot.loader.systemd-boot.enable = true; 41 | boot.loader.efi.canTouchEfiVariables = false; 42 | 43 | hardware = { 44 | asahi = { 45 | extractPeripheralFirmware = false; 46 | useExperimentalGPUDriver = true; 47 | experimentalGPUInstallMode = "overlay"; 48 | withRust = true; 49 | }; 50 | opengl = { 51 | enable = true; 52 | driSupport32Bit = lib.mkForce false; 53 | }; 54 | }; 55 | 56 | services.hardware.bolt.enable = true; 57 | 58 | sconfig = { 59 | profile = "server"; 60 | home-manager.enable = true; 61 | home-manager.enableGraphical = false; 62 | }; 63 | 64 | services.usbmuxd = { 65 | enable = true; 66 | }; 67 | 68 | networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. 69 | networking.hostName = "air"; 70 | 71 | zramSwap = { 72 | enable = true; 73 | priority = 10; 74 | algorithm = "lz4"; 75 | swapDevices = 4; 76 | memoryPercent = 30; 77 | memoryMax = 1024 * 1024 * 1024; 78 | }; 79 | 80 | services.openssh.enable = true; 81 | system.stateVersion = "23.05"; # Did you read the comment? 82 | 83 | } 84 | 85 | -------------------------------------------------------------------------------- /machines/aarch64/nanopi-neo2/configuration.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, lib, ... }: 2 | 3 | { 4 | networking.hostName = "nanopi-neo2"; 5 | 6 | imports = [ 7 | ../common.nix 8 | ]; 9 | 10 | boot.kernelPackages = lib.mkForce pkgs.linuxPackages_latest; 11 | 12 | system.build.dtbName = "sun50i-h5-nanopi-neo2.dtb"; 13 | system.build.ubootDefconfig = "sun50i-h5-ddr3-spl_defconfig"; 14 | 15 | environment.systemPackages = [ 16 | pkgs.sysinfo 17 | ]; 18 | 19 | networking.firewall.allowedTCPPorts = [ 8000 3030 ]; 20 | hardware.deviceTree = { 21 | enable = true; 22 | base = pkgs.runCommandNoCC "mydtb" 23 | { } '' 24 | mkdir -p $out/allwinner 25 | cp ${config.boot.kernelPackages.kernel}/dtbs/allwinner/${config.system.build.dtbName} $out/allwinner 26 | ''; 27 | overlays = [ 28 | "${pkgs.dt-overlays}/sunxi-h5-i2c.dts.dtbo" 29 | ]; 30 | }; 31 | } 32 | -------------------------------------------------------------------------------- /machines/aarch64/rock5b/faster-pd.patch: -------------------------------------------------------------------------------- 1 | From a78042c6314ff69c7c8508c97db61cbd88c3b7e4 Mon Sep 17 00:00:00 2001 2 | From: amazingfate 3 | Date: Mon, 22 May 2023 14:57:46 +0800 4 | Subject: [PATCH 1/2] usb: typec: tcpm: add devicetree property 5 | faster-pd-negotiation to make pd negotiation faster 6 | 7 | --- 8 | drivers/usb/typec/tcpm/tcpm.c | 9 ++++++--- 9 | 1 file changed, 6 insertions(+), 3 deletions(-) 10 | 11 | diff --git a/drivers/usb/typec/tcpm/tcpm.c b/drivers/usb/typec/tcpm/tcpm.c 12 | index a088c6e91e371..f524c4c7290fa 100644 13 | --- a/drivers/usb/typec/tcpm/tcpm.c 14 | +++ b/drivers/usb/typec/tcpm/tcpm.c 15 | @@ -486,6 +486,7 @@ struct tcpm_port { 16 | int logbuffer_tail; 17 | u8 *logbuffer[LOG_BUFFER_ENTRIES]; 18 | #endif 19 | + bool faster_pd_negotiation; 20 | }; 21 | 22 | struct pd_rx_event { 23 | @@ -4159,7 +4160,7 @@ static void run_state_machine(struct tcpm_port *port) 24 | break; 25 | case SNK_ATTACH_WAIT: 26 | port->debouncing = true; 27 | - timer_val_msecs = PD_T_CC_DEBOUNCE; 28 | + timer_val_msecs = port->faster_pd_negotiation ? 100 : PD_T_CC_DEBOUNCE; 29 | trace_android_vh_typec_tcpm_get_timer(tcpm_states[SNK_ATTACH_WAIT], 30 | CC_DEBOUNCE, &timer_val_msecs); 31 | if ((port->cc1 == TYPEC_CC_OPEN && 32 | @@ -4319,7 +4320,7 @@ static void run_state_machine(struct tcpm_port *port) 33 | if (port->vbus_never_low) { 34 | port->vbus_never_low = false; 35 | tcpm_set_state(port, SNK_SOFT_RESET, 36 | - timer_val_msecs); 37 | + port->faster_pd_negotiation ? 100 : timer_val_msecs); 38 | } else { 39 | tcpm_set_state(port, hard_reset_state(port), 40 | timer_val_msecs); 41 | @@ -4877,7 +4878,7 @@ static void run_state_machine(struct tcpm_port *port) 42 | PD_T_ERROR_RECOVERY); 43 | break; 44 | case PORT_RESET_WAIT_OFF: 45 | - timer_val_msecs = PD_T_PS_SOURCE_OFF; 46 | + timer_val_msecs = port->faster_pd_negotiation ? 100 : PD_T_PS_SOURCE_OFF; 47 | trace_android_vh_typec_tcpm_get_timer(tcpm_states[PORT_RESET_WAIT_OFF], 48 | SOURCE_OFF, &timer_val_msecs); 49 | tcpm_set_state(port, 50 | @@ -6131,6 +6132,8 @@ static int tcpm_fw_get_caps(struct tcpm_port *port, 51 | 52 | port->self_powered = fwnode_property_read_bool(fwnode, "self-powered"); 53 | 54 | + port->faster_pd_negotiation = fwnode_property_read_bool(fwnode, "faster-pd-negotiation"); 55 | + 56 | /* FRS can only be supported byb DRP ports */ 57 | if (port->port_type == TYPEC_PORT_DRP) { 58 | ret = fwnode_property_read_u32(fwnode, "new-source-frs-typec-current", 59 | 60 | From 0b90454937c6af60143a87cd5d519862b3df40bf Mon Sep 17 00:00:00 2001 61 | From: amazingfate 62 | Date: Mon, 22 May 2023 14:58:09 +0800 63 | Subject: [PATCH 2/2] arm64: dts: rock 5b: add property faster-pd-negotiation 64 | to make pd negotiation faster 65 | 66 | --- 67 | arch/arm64/boot/dts/rockchip/rk3588-rock-5b.dts | 1 + 68 | 1 file changed, 1 insertion(+) 69 | 70 | diff --git a/arch/arm64/boot/dts/rockchip/rk3588-rock-5b.dts b/arch/arm64/boot/dts/rockchip/rk3588-rock-5b.dts 71 | index ef599a7caa35d..89f000e541d96 100644 72 | --- a/arch/arm64/boot/dts/rockchip/rk3588-rock-5b.dts 73 | +++ b/arch/arm64/boot/dts/rockchip/rk3588-rock-5b.dts 74 | @@ -886,6 +886,7 @@ 75 | compatible = "usb-c-connector"; 76 | label = "USB-C"; 77 | data-role = "dual"; 78 | + faster-pd-negotiation; 79 | power-role = "sink"; 80 | try-power-role = "sink"; 81 | op-sink-microwatt = <1000000>; 82 | -------------------------------------------------------------------------------- /machines/aarch64/rock5b/rk3588-pci.patch: -------------------------------------------------------------------------------- 1 | From bc770eb7761359f28208ea676dc9669bf076532c Mon Sep 17 00:00:00 2001 2 | From: =?UTF-8?q?Mario=20B=C4=83l=C4=83nic=C4=83?= 3 | 4 | Date: Mon, 1 Apr 2024 17:21:51 +0300 5 | Subject: [PATCH] Update rk3588.dtsi 6 | 7 | --- 8 | arch/arm64/boot/dts/rockchip/rk3588.dtsi | 7 +++---- 9 | 1 file changed, 3 insertions(+), 4 deletions(-) 10 | 11 | diff --git a/arch/arm64/boot/dts/rockchip/rk3588.dtsi b/arch/arm64/boot/dts/rockchip/rk3588.dtsi 12 | index 5519c1430cb7a9..dc914b50814d59 100644 13 | --- a/arch/arm64/boot/dts/rockchip/rk3588.dtsi 14 | +++ b/arch/arm64/boot/dts/rockchip/rk3588.dtsi 15 | @@ -116,12 +116,11 @@ 16 | phys = <&pcie30phy>; 17 | phy-names = "pcie-phy"; 18 | power-domains = <&power RK3588_PD_PCIE>; 19 | - ranges = <0x01000000 0x0 0xf0100000 0x0 0xf0100000 0x0 0x00100000>, 20 | - <0x02000000 0x0 0xf0200000 0x0 0xf0200000 0x0 0x00e00000>, 21 | - <0x03000000 0x0 0x40000000 0x9 0x00000000 0x0 0x40000000>; 22 | + ranges = <0x02000000 0x0 0xf0000000 0x0 0xf0000000 0x0 0x01000000>, 23 | + <0x03000000 0x0 0x40000000 0x9 0x00000000 0x0 0x3ff00000>; 24 | reg = <0xa 0x40000000 0x0 0x00400000>, 25 | <0x0 0xfe150000 0x0 0x00010000>, 26 | - <0x0 0xf0000000 0x0 0x00100000>; 27 | + <0x9 0x3ff00000 0x0 0x00100000>; 28 | reg-names = "dbi", "apb", "config"; 29 | resets = <&cru SRST_PCIE0_POWER_UP>, <&cru SRST_P_PCIE0>; 30 | reset-names = "pwr", "pipe"; 31 | -------------------------------------------------------------------------------- /machines/aarch64/rock5b/save-bar-space.patch: -------------------------------------------------------------------------------- 1 | From 65b504779d8b3e4a5040cefa3a5b2c28adbaf94a Mon Sep 17 00:00:00 2001 2 | From: =?UTF-8?q?Mario=20B=C4=83l=C4=83nic=C4=83?= 3 | 4 | Date: Mon, 1 Apr 2024 17:04:58 +0300 5 | Subject: [PATCH] PCI: dw-rockchip: Disable BAR 0 and 1 of the root port 6 | 7 | --- 8 | drivers/pci/controller/dwc/pcie-dw-rockchip.c | 5 +++++ 9 | 1 file changed, 5 insertions(+) 10 | 11 | diff --git a/drivers/pci/controller/dwc/pcie-dw-rockchip.c b/drivers/pci/controller/dwc/pcie-dw-rockchip.c 12 | index d6842141d384d9..475c980772a43b 100644 13 | --- a/drivers/pci/controller/dwc/pcie-dw-rockchip.c 14 | +++ b/drivers/pci/controller/dwc/pcie-dw-rockchip.c 15 | @@ -47,6 +47,7 @@ 16 | #define PCIE_CLIENT_LTSSM_STATUS 0x300 17 | #define PCIE_LTSSM_ENABLE_ENHANCE BIT(4) 18 | #define PCIE_LTSSM_STATUS_MASK GENMASK(5, 0) 19 | +#define PCIE_TYPE0_HDR_DBI2_OFFSET 0x100000 20 | 21 | struct rockchip_pcie { 22 | struct dw_pcie pci; 23 | @@ -211,6 +212,10 @@ static int rockchip_pcie_host_init(struct dw_pcie_rp *pp) 24 | rockchip_pcie_writel_apb(rockchip, PCIE_CLIENT_RC_MODE, 25 | PCIE_CLIENT_GENERAL_CONTROL); 26 | 27 | + /* Disable BAR 0 and 1 of root port to avoid wasting space */ 28 | + dw_pcie_writel_dbi(pci, PCIE_TYPE0_HDR_DBI2_OFFSET + PCI_BASE_ADDRESS_0, 0); 29 | + dw_pcie_writel_dbi(pci, PCIE_TYPE0_HDR_DBI2_OFFSET + PCI_BASE_ADDRESS_1, 0); 30 | + 31 | return 0; 32 | } -------------------------------------------------------------------------------- /machines/aarch64/rock64/configuration.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, lib, ... }: 2 | 3 | { 4 | networking.hostName = "rock64"; 5 | 6 | boot.kernelParams = [ 7 | "earlycon=uart8250,mmio32,0xff130000" 8 | "coherent_pool=1M" 9 | ]; 10 | 11 | services.mingetty.serialSpeed = [ 1500000 ]; 12 | 13 | # Ideally this would be run before the interface is brought up, but 14 | # that doesn't seem to be supported by the driver. 15 | networking.localCommands = '' 16 | ${pkgs.ethtool}/bin/ethtool -K eth0 rx off tx off 17 | ''; 18 | 19 | imports = [ 20 | ../common.nix 21 | ]; 22 | 23 | } 24 | -------------------------------------------------------------------------------- /machines/darwin-aarch64/darwin-configuration.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, inputs, ... }: 2 | 3 | { 4 | imports = [ 5 | ./system.nix 6 | ../../services/buildfarm-executor.nix 7 | ]; 8 | 9 | nixpkgs.config.allowUnfree = true; 10 | 11 | users.users."grw" = { 12 | shell = pkgs.zsh; 13 | home = "/Users/grw"; 14 | }; 15 | 16 | home-manager.users.grw = { ... }: { 17 | imports = [ 18 | ../../home/common.nix 19 | ../../home/development.nix 20 | ../../home/darwin.nix 21 | ../../home/vscode.nix 22 | ../../home/zed.nix 23 | ]; 24 | }; 25 | 26 | services.postgresql = { 27 | enable = true; 28 | package = pkgs.postgresql_16; 29 | }; 30 | 31 | launchd.user.agents.postgresql.serviceConfig = { 32 | StandardErrorPath = "/tmp/postgres.error.log"; 33 | StandardOutPath = "/tmp/postgres.log"; 34 | }; 35 | 36 | # Used for backwards compatibility, please read the changelog before changing. 37 | system.stateVersion = 3; 38 | services.nix-daemon.enable = true; 39 | 40 | programs.zsh.enable = true; 41 | 42 | nix = { 43 | nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; # Enables use of `nix-shell -p ...` etc 44 | registry.nixpkgs.flake = inputs.nixpkgs; # Make `nix shell` etc use pinned nixpkgs 45 | extraOptions = '' 46 | system = aarch64-darwin 47 | experimental-features = nix-command flakes 48 | extra-platforms = aarch64-darwin x86_64-darwin 49 | ''; 50 | 51 | optimise.automatic = true; 52 | 53 | settings = { 54 | max-jobs = 4; 55 | build-cores = 0; 56 | trusted-users = [ "grw" ]; 57 | }; 58 | }; 59 | } 60 | -------------------------------------------------------------------------------- /machines/darwin-aarch64/system.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | { 4 | system.defaults.NSGlobalDomain = { 5 | InitialKeyRepeat = 15; 6 | KeyRepeat = 2; 7 | AppleShowAllExtensions = true; 8 | NSNavPanelExpandedStateForSaveMode = true; 9 | "com.apple.trackpad.enableSecondaryClick" = true; 10 | "com.apple.trackpad.trackpadCornerClickBehavior" = 1; 11 | }; 12 | 13 | system.defaults.dock = { 14 | autohide = true; 15 | orientation = "right"; 16 | showhidden = true; 17 | mru-spaces = false; 18 | }; 19 | 20 | system.defaults.finder = { 21 | AppleShowAllExtensions = true; 22 | QuitMenuItem = true; 23 | FXEnableExtensionChangeWarning = false; 24 | }; 25 | 26 | system.defaults.trackpad = { 27 | Clicking = true; 28 | TrackpadThreeFingerDrag = true; 29 | TrackpadRightClick = true; 30 | }; 31 | 32 | system.keyboard = { 33 | enableKeyMapping = true; 34 | remapCapsLockToEscape = true; 35 | }; 36 | 37 | system.defaults.LaunchServices.LSQuarantine = false; 38 | } 39 | -------------------------------------------------------------------------------- /machines/darwin-x86/darwin-configuration.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: 2 | let 3 | myPkgs = import ./pkgs { inherit pkgs; }; 4 | in 5 | { 6 | imports = [ 7 | 8 | ./system.nix 9 | ]; 10 | 11 | users.users."georgewhewell" = { 12 | shell = pkgs.zsh; 13 | }; 14 | 15 | home-manager.users."georgewhewell" = { ... }: { 16 | imports = [ 17 | ../../home/common.nix 18 | ../../home/darwin.nix 19 | ]; 20 | }; 21 | 22 | # Used for backwards compatibility, please read the changelog before changing. 23 | system.stateVersion = 3; 24 | services.nix-daemon.enable = true; 25 | 26 | nix.nixPath = 27 | [ 28 | "darwin-config=$HOME/.nixpkgs/darwin-configuration.nix" 29 | "darwin=$HOME/.nix-defexpr/channels/darwin" 30 | "$HOME/.nix-defexpr/channels" 31 | ]; 32 | 33 | programs.zsh.enable = true; 34 | 35 | environment.shellAliases = rec { 36 | ll = "eza --long --header --git --git-ignore --sort=created"; 37 | gsp = "git stash && git pull"; 38 | gspp = "${gsp} && git stash pop"; 39 | slugify = "iconv -t ascii//TRANSLIT | sed -E 's/[~\^]+//g' | sed -E 's/[^a-zA-Z0-9]+/-/g' | sed -E 's/^-+\|-+$//g' | tr A-Z a-z"; 40 | }; 41 | 42 | nix = { 43 | maxJobs = 4; 44 | buildCores = 0; 45 | }; 46 | 47 | } 48 | -------------------------------------------------------------------------------- /machines/darwin-x86/system.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | { 4 | system.defaults.NSGlobalDomain = { 5 | InitialKeyRepeat = 15; 6 | KeyRepeat = 2; 7 | AppleShowAllExtensions = true; 8 | NSNavPanelExpandedStateForSaveMode = true; 9 | "com.apple.trackpad.enableSecondaryClick" = true; 10 | "com.apple.trackpad.trackpadCornerClickBehavior" = 1; 11 | }; 12 | 13 | system.defaults.dock = { 14 | autohide = true; 15 | orientation = "right"; 16 | showhidden = true; 17 | mru-spaces = false; 18 | }; 19 | 20 | system.defaults.finder = { 21 | AppleShowAllExtensions = true; 22 | QuitMenuItem = true; 23 | FXEnableExtensionChangeWarning = false; 24 | }; 25 | 26 | system.defaults.trackpad = { 27 | Clicking = true; 28 | TrackpadThreeFingerDrag = true; 29 | TrackpadRightClick = true; 30 | }; 31 | 32 | system.keyboard = { 33 | enableKeyMapping = true; 34 | remapCapsLockToEscape = true; 35 | }; 36 | 37 | system.defaults.LaunchServices.LSQuarantine = false; 38 | } 39 | -------------------------------------------------------------------------------- /machines/default.nix: -------------------------------------------------------------------------------- 1 | colmena: pkgs: hardware: nixosModule: inputs: consts: 2 | 3 | with hardware; 4 | 5 | let 6 | inherit (inputs.nixpkgs) lib; 7 | sys = system: mods: 8 | lib.nixosSystem { 9 | inherit system; 10 | modules = [{ _module.args = inputs; } nixosModule] ++ mods; 11 | extraModules = [ colmena.nixosModules.deploymentOptions ]; 12 | specialArgs = { inherit inputs; inherit consts; }; 13 | }; 14 | in 15 | { 16 | nixhost = sys "x86_64-linux" [ physical ./x86/nixhost ]; 17 | router = sys "x86_64-linux" [ physical ./x86/router ]; 18 | trex = sys "x86_64-linux" [ physical ./x86/trex ]; 19 | cloud = sys "x86_64-linux" [ physical ./x86/cloud ]; 20 | } 21 | -------------------------------------------------------------------------------- /machines/x86/cloud/default.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, lib, modulesPath, consts, ... }: 2 | 3 | { 4 | 5 | imports = 6 | [ 7 | ../../../profiles/common.nix 8 | ../../../profiles/headless.nix 9 | (modulesPath + "/profiles/qemu-guest.nix") 10 | ]; 11 | 12 | sconfig = { 13 | profile = "server"; 14 | home-manager = { 15 | enable = true; 16 | enableGraphical = false; 17 | }; 18 | wireguard = { 19 | enable = true; 20 | }; 21 | }; 22 | 23 | deployment.targetHost = "78.47.88.127"; 24 | deployment.targetUser = "grw"; 25 | 26 | systemd.network = { 27 | enable = true; 28 | wait-online.anyInterface = true; 29 | networks = { 30 | "10-wan" = { 31 | matchConfig.Name = "enp1s0"; 32 | networkConfig.DHCP = "ipv4"; 33 | }; 34 | }; 35 | }; 36 | 37 | networking = { 38 | hostName = "cloud"; 39 | useNetworkd = true; 40 | nftables.enable = true; 41 | 42 | firewall = { 43 | checkReversePath = "loose"; 44 | 45 | logRefusedConnections = false; 46 | logRefusedPackets = false; 47 | logReversePathDrops = true; 48 | trustedInterfaces = [ "wg0" ]; 49 | 50 | interfaces.enp1s0 = { 51 | allowedTCPPorts = [ 52 | 22 # ssh 53 | ]; 54 | allowedUDPPorts = [ 55 | 51820 # wireguard 56 | ]; 57 | }; 58 | }; 59 | }; 60 | 61 | services.iperf3 = { 62 | enable = true; 63 | openFirewall = true; 64 | }; 65 | 66 | boot.loader.grub.device = "/dev/sda"; 67 | boot.loader.systemd-boot.enable = false; 68 | boot.kernelPackages = pkgs.linuxPackages_latest; 69 | 70 | fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; 71 | 72 | # systemd.services.public-ip-sync-google-clouddns = 73 | # let 74 | # gcloud-json = pkgs.writeText "credentials.json" pkgs.secrets.domain-owner-terraformer; 75 | # in 76 | # { 77 | # environment = { 78 | # CLOUDSDK_CORE_PROJECT = "domain-owner"; 79 | # CLOUDSDK_COMPUTE_ZONE = "eu-west-1"; 80 | # GCLOUD_SERVICE_ACCOUNT_KEY_FILE = gcloud-json; 81 | # GCLOUD_DNS_ZONE_ID = "satanic-link"; 82 | # }; 83 | # script = '' 84 | # ${pkgs.public-ip-sync-google-clouddns}/bin/public-ip-sync-google-clouddns.sh -name "cloud.satanic.link." 85 | # ''; 86 | # wantedBy = [ "multi-user.target" ]; 87 | # serviceConfig = { 88 | # Type = "oneshot"; 89 | # Restart = "no"; 90 | # }; 91 | # }; 92 | 93 | # systemd.timers.public-ip-sync-google-clouddns = { 94 | # partOf = [ "public-ip-sync-google-clouddns.service" ]; 95 | # wantedBy = [ "multi-user.target" ]; 96 | # timerConfig = { 97 | # OnBootSec = "2min"; 98 | # OnUnitActiveSec = "3600"; 99 | # }; 100 | # }; 101 | 102 | programs.mosh.enable = true; 103 | 104 | environment.systemPackages = with pkgs; [ 105 | tmux 106 | htop 107 | weechat 108 | wireguard-tools 109 | ]; 110 | 111 | services.tor = { 112 | enable = true; 113 | openFirewall = true; 114 | client = { 115 | enable = true; 116 | socksListenAddress = { 117 | IsolateDestAddr = true; 118 | addr = "192.168.33.1"; 119 | port = 9090; 120 | }; 121 | }; 122 | }; 123 | } 124 | -------------------------------------------------------------------------------- /machines/x86/installer/configuration.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | { 4 | imports = [ 5 | 6 | 7 | ../../../profiles/common.nix 8 | ../../../profiles/thinkpad.nix 9 | ]; 10 | 11 | boot.initrd.supportedFilesystems = [ 12 | "zfs" 13 | "nfs" 14 | "f2fs" 15 | "bcachefs" 16 | ]; 17 | 18 | environment.systemPackages = with pkgs; [ 19 | nfsUtils 20 | 21 | cryptsetup 22 | openssl 23 | parted 24 | pbkdf2Sha512 25 | yubikey-personalization 26 | ]; 27 | 28 | hardware.enableAllFirmware = true; 29 | networking.wireless.enable = false; 30 | 31 | networking = { 32 | hostName = "nixos-installer"; 33 | networkmanager = { 34 | enable = true; 35 | wifi = { 36 | backend = "iwd"; 37 | }; 38 | }; 39 | }; 40 | 41 | hardware.bluetooth.enable = true; 42 | services.usbmuxd.enable = true; 43 | services.fwupd.enable = true; 44 | 45 | documentation.enable = lib.mkDefault false; 46 | systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ]; 47 | 48 | } 49 | -------------------------------------------------------------------------------- /machines/x86/jellyfin/default.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, lib, inputs, ... }: 2 | 3 | { 4 | /* 5 | router: cwwk 8845hs board 6 | */ 7 | sconfig = { 8 | profile = "server"; 9 | home-manager = { 10 | enable = true; 11 | enableVscodeServer = false; 12 | }; 13 | wireguard = { 14 | enable = false; 15 | }; 16 | }; 17 | 18 | system.stateVersion = "24.11"; 19 | 20 | deployment.targetHost = "192.168.23.14"; 21 | deployment.targetUser = "grw"; 22 | 23 | imports = [ 24 | ../../../profiles/common.nix 25 | ../../../profiles/home.nix 26 | ../../../profiles/headless.nix 27 | ../../../profiles/uefi-boot.nix 28 | ../../../profiles/nas-mounts.nix 29 | ../../../profiles/intel-gfx.nix 30 | ../../../services/jellyfin.nix 31 | ]; 32 | 33 | services.iperf3 = { 34 | enable = true; 35 | openFirewall = true; 36 | }; 37 | 38 | boot = { 39 | kernelPackages = pkgs.linuxPackages_latest; 40 | initrd.kernelModules = [ 41 | "bcachefs" 42 | "ixgbe" 43 | "r8169" 44 | "nfsv4" 45 | ]; 46 | }; 47 | 48 | fileSystems."/" = 49 | { 50 | device = "UUID=8b8990d8-15a7-4308-a51c-4e5b7a6898e1"; 51 | fsType = "bcachefs"; 52 | }; 53 | 54 | fileSystems."/boot" = 55 | { 56 | device = "/dev/disk/by-uuid/2A3E-BFEC"; 57 | fsType = "vfat"; 58 | options = [ "fmask=0022" "dmask=0022" ]; 59 | }; 60 | 61 | networking = { 62 | hostName = "jellyfin"; 63 | hostId = lib.mkForce "deadbeef"; 64 | enableIPv6 = true; 65 | useNetworkd = true; 66 | useDHCP = false; 67 | }; 68 | 69 | systemd.network = { 70 | enable = true; 71 | wait-online.anyInterface = true; 72 | networks = { 73 | "10-10g" = { 74 | matchConfig.Driver = "ixgbe"; 75 | networkConfig = { 76 | DHCP = "yes"; 77 | IPv6AcceptRA = true; 78 | IPv6PrivacyExtensions = true; 79 | IgnoreCarrierLoss = true; 80 | }; 81 | dhcpV4Config = { 82 | RouteMetric = 1; 83 | UseDNS = true; 84 | UseDomains = false; 85 | SendRelease = true; 86 | }; 87 | linkConfig.RequiredForOnline = "routable"; 88 | }; 89 | "10-gbit" = { 90 | matchConfig.Driver = "r8169"; 91 | networkConfig = { 92 | DHCP = "yes"; 93 | IPv6AcceptRA = true; 94 | DNSOverTLS = true; 95 | DNSSEC = true; 96 | IPv6PrivacyExtensions = true; 97 | IgnoreCarrierLoss = true; 98 | }; 99 | dhcpV4Config = { 100 | RouteMetric = 99; 101 | UseDNS = true; 102 | UseDomains = false; 103 | SendRelease = true; 104 | }; 105 | linkConfig.RequiredForOnline = "no"; 106 | }; 107 | }; 108 | }; 109 | } 110 | -------------------------------------------------------------------------------- /machines/x86/router/default.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, lib, inputs, ... }: 2 | 3 | { 4 | /* 5 | router: cwwk 8845hs board 6 | */ 7 | sconfig = { 8 | profile = "server"; 9 | home-manager = { 10 | enable = true; 11 | enableVscodeServer = false; 12 | }; 13 | wireguard = { 14 | enable = false; 15 | }; 16 | }; 17 | 18 | deployment.targetHost = "192.168.23.1"; 19 | deployment.targetUser = "grw"; 20 | system.stateVersion = "24.11"; 21 | 22 | imports = with inputs.nixos-hardware.nixosModules; [ 23 | common-cpu-amd 24 | common-cpu-amd-pstate 25 | common-cpu-amd-raphael-igpu 26 | common-cpu-amd-zenpower 27 | common-gpu-amd 28 | ../../../containers/unifi.nix 29 | ../../../profiles/common.nix 30 | ../../../profiles/home.nix 31 | ../../../profiles/headless.nix 32 | ../../../profiles/uefi-boot.nix 33 | ../../../profiles/nas-mounts.nix 34 | ../../../profiles/router.nix 35 | ../../../profiles/radeon.nix 36 | ../../../services/nginx.nix 37 | ../../../services/jellyfin.nix 38 | ]; 39 | 40 | services = { 41 | iperf3 = { 42 | enable = true; 43 | openFirewall = true; 44 | }; 45 | hardware.bolt.enable = true; 46 | }; 47 | 48 | boot.kernelPackages = pkgs.linuxPackages_latest; 49 | 50 | boot.kernelParams = [ 51 | "amd_pstate=active" 52 | "pci=realloc=off" 53 | ]; 54 | 55 | boot.initrd.kernelModules = [ 56 | "nf_tables" 57 | "nft_compat" 58 | "igc" 59 | "mlx5_core" 60 | ]; 61 | 62 | fileSystems."/" = 63 | { 64 | device = "zpool/root/nixos-router"; 65 | fsType = "zfs"; 66 | }; 67 | 68 | fileSystems."/boot" = 69 | { 70 | device = "/dev/disk/by-uuid/5826-D605"; 71 | fsType = "vfat"; 72 | options = [ "fmask=0022" "dmask=0022" ]; 73 | }; 74 | 75 | networking = { 76 | hostName = "router"; 77 | hostId = lib.mkForce "deadbeef"; 78 | enableIPv6 = true; 79 | }; 80 | } 81 | -------------------------------------------------------------------------------- /machines/x86/trex/patches/cppc-1.patch: -------------------------------------------------------------------------------- 1 | diff --git a/arch/x86/include/asm/cpufeatures.h b/arch/x86/include/asm/cpufeatures.h 2 | index 3c7434329661..6c128d463a14 100644 3 | --- a/arch/x86/include/asm/cpufeatures.h 4 | +++ b/arch/x86/include/asm/cpufeatures.h 5 | @@ -470,6 +470,7 @@ 6 | #define X86_FEATURE_BHI_CTRL (21*32+ 2) /* "" BHI_DIS_S HW control available */ 7 | #define X86_FEATURE_CLEAR_BHB_HW (21*32+ 3) /* "" BHI_DIS_S HW control enabled */ 8 | #define X86_FEATURE_CLEAR_BHB_LOOP_ON_VMEXIT (21*32+ 4) /* "" Clear branch history at vmexit using SW loop */ 9 | +#define X86_FEATURE_FAST_CPPC (21*32 + 5) /* "" AMD Fast CPPC */ 10 | 11 | /* 12 | * BUG word(s) 13 | diff --git a/arch/x86/kernel/cpu/scattered.c b/arch/x86/kernel/cpu/scattered.c 14 | index af5aa2c754c2..c84c30188fdf 100644 15 | --- a/arch/x86/kernel/cpu/scattered.c 16 | +++ b/arch/x86/kernel/cpu/scattered.c 17 | @@ -45,6 +45,7 @@ static const struct cpuid_bit cpuid_bits[] = { 18 | { X86_FEATURE_HW_PSTATE, CPUID_EDX, 7, 0x80000007, 0 }, 19 | { X86_FEATURE_CPB, CPUID_EDX, 9, 0x80000007, 0 }, 20 | { X86_FEATURE_PROC_FEEDBACK, CPUID_EDX, 11, 0x80000007, 0 }, 21 | + { X86_FEATURE_FAST_CPPC, CPUID_EDX, 15, 0x80000007, 0 }, 22 | { X86_FEATURE_MBA, CPUID_EBX, 6, 0x80000008, 0 }, 23 | { X86_FEATURE_SMBA, CPUID_EBX, 2, 0x80000020, 0 }, 24 | { X86_FEATURE_BMEC, CPUID_EBX, 3, 0x80000020, 0 }, 25 | -- 26 | -------------------------------------------------------------------------------- /machines/x86/trex/patches/cppc.patch: -------------------------------------------------------------------------------- 1 | diff --git a/drivers/cpufreq/amd-pstate.c b/drivers/cpufreq/amd-pstate.c 2 | index 6a342b0c0140..aa157c2b8ba2 100644 3 | --- a/drivers/cpufreq/amd-pstate.c 4 | +++ b/drivers/cpufreq/amd-pstate.c 5 | @@ -50,6 +50,7 @@ 6 | 7 | #define AMD_PSTATE_TRANSITION_LATENCY 20000 8 | #define AMD_PSTATE_TRANSITION_DELAY 1000 9 | +#define AMD_PSTATE_FAST_CPPC_TRANSITION_DELAY 600 10 | #define CPPC_HIGHEST_PERF_PERFORMANCE 196 11 | #define CPPC_HIGHEST_PERF_DEFAULT 166 12 | 13 | @@ -817,8 +818,12 @@ static u32 amd_pstate_get_transition_delay_us(unsigned int cpu) 14 | u32 transition_delay_ns; 15 | 16 | transition_delay_ns = cppc_get_transition_latency(cpu); 17 | - if (transition_delay_ns == CPUFREQ_ETERNAL) 18 | - return AMD_PSTATE_TRANSITION_DELAY; 19 | + if (transition_delay_ns == CPUFREQ_ETERNAL) { 20 | + if (cpu_feature_enabled(X86_FEATURE_FAST_CPPC)) 21 | + return AMD_PSTATE_FAST_CPPC_TRANSITION_DELAY; 22 | + else 23 | + return AMD_PSTATE_TRANSITION_DELAY; 24 | + } 25 | 26 | return transition_delay_ns / NSEC_PER_USEC; 27 | } 28 | -- 29 | -------------------------------------------------------------------------------- /machines/x86/workvm/configuration.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, lib, ... }: 2 | 3 | { 4 | 5 | imports = [ 6 | ../../../profiles/common.nix 7 | ../../../profiles/development.nix 8 | ../../../profiles/uefi-boot.nix 9 | ../../../profiles/graphical.nix 10 | ../../../profiles/g_ether.nix 11 | ]; 12 | 13 | fileSystems."/boot" = 14 | { 15 | device = "/dev/disk/by-label/EFI"; 16 | fsType = "vfat"; 17 | }; 18 | 19 | fileSystems."/" = 20 | { 21 | device = "zpool/root/nixos"; 22 | fsType = "zfs"; 23 | }; 24 | 25 | networking = { 26 | hostName = "nixos"; 27 | hostId = "deadbeef"; 28 | useDHCP = true; 29 | enableIPv6 = false; 30 | firewall = { 31 | enable = true; 32 | allowPing = false; 33 | }; 34 | }; 35 | 36 | time.timeZone = "Europe/London"; 37 | 38 | environment.systemPackages = with pkgs; [ 39 | libreoffice 40 | ]; 41 | 42 | virtualisation.virtualbox.guest.enable = true; 43 | 44 | } 45 | -------------------------------------------------------------------------------- /machines/x86/yoga/default.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, lib, ... }: 2 | 3 | { 4 | 5 | imports = [ 6 | ../../../profiles/common.nix 7 | ../../../profiles/development.nix 8 | ../../../profiles/home.nix 9 | ../../../profiles/graphical.nix 10 | ../../../profiles/intel-gfx.nix 11 | ../../../profiles/uefi-boot.nix 12 | ../../../profiles/thinkpad.nix 13 | ../../../services/buildfarm-executor.nix 14 | ../../../services/docker.nix 15 | ]; 16 | 17 | sconfig = { 18 | profile = "desktop"; 19 | home-manager = { 20 | enable = true; 21 | enableGraphical = true; 22 | }; 23 | wireguard = { 24 | enable = true; 25 | }; 26 | }; 27 | 28 | deployment.allowLocalDeployment = true; 29 | 30 | boot = { 31 | #kernelPackages = pkgs.linuxPackages_latest_lto_skylake; 32 | loader.timeout = 1; 33 | 34 | blacklistedKernelModules = [ 35 | "mei" 36 | "mei_me" 37 | "mei_wdt" 38 | "acer_wmi" 39 | "applesmc" 40 | "intel_backlight" 41 | ]; 42 | 43 | kernelParams = [ 44 | "video=eDP-1:d" 45 | ]; 46 | 47 | initrd = { 48 | # Required to open the EFI partition and Yubikey 49 | kernelModules = [ "vfat" "nls_cp437" "nls_iso8859-1" "usbhid" ]; 50 | 51 | luks = { 52 | # Support for Yubikey PBA 53 | yubikeySupport = true; 54 | 55 | devices."encrypted" = { 56 | device = "/dev/nvme0n1p3"; # Be sure to update this to the correct volume 57 | 58 | yubikey = { 59 | slot = 2; 60 | twoFactor = true; # Set to false for 1FA 61 | gracePeriod = 30; # Time in seconds to wait for Yubikey to be inserted 62 | keyLength = 64; # Set to $KEY_LENGTH/8 63 | saltLength = 16; # Set to $SALT_LENGTH 64 | 65 | storage = { 66 | device = "/dev/nvme0n1p1"; # Be sure to update this to the correct volume 67 | fsType = "vfat"; 68 | path = "/crypt-storage/default"; 69 | }; 70 | }; 71 | }; 72 | }; 73 | }; 74 | }; 75 | 76 | fileSystems."/" = 77 | { 78 | device = "/dev/mapper/encrypted"; 79 | fsType = "ext4"; 80 | }; 81 | 82 | 83 | fileSystems."/boot" = 84 | { 85 | device = "/dev/nvme0n1p1"; 86 | fsType = "vfat"; 87 | options = [ "umask=007" ]; 88 | }; 89 | 90 | services.undervolt = { 91 | enable = true; 92 | tempAc = 97; 93 | tempBat = 75; 94 | coreOffset = -100; 95 | gpuOffset = -30; 96 | #uncoreOffset = -50; 97 | #analogioOffset = -50; 98 | }; 99 | 100 | systemd.network = { 101 | enable = true; 102 | networks = { 103 | "10-wlan" = { 104 | matchConfig.Name = "wlp4s0"; 105 | networkConfig.DHCP = "ipv4"; 106 | }; 107 | }; 108 | }; 109 | 110 | networking = { 111 | hostName = "yoga"; 112 | nftables.enable = true; 113 | useNetworkd = true; 114 | firewall = { 115 | interfaces.wg0 = { 116 | allowedTCPPorts = [ 22 9090 9100 ]; 117 | }; 118 | }; 119 | wireless.iwd = { 120 | enable = true; 121 | settings = { 122 | IPv6 = { 123 | Enabled = true; 124 | }; 125 | Settings = { 126 | AutoConnect = true; 127 | }; 128 | }; 129 | }; 130 | }; 131 | } 132 | -------------------------------------------------------------------------------- /modules/alacritty.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | # alacritty.yml is needed in both /sw/etc/ and /etc/, or 4 | # it won't work correctly in some environments (at least plasma+wayland) 5 | # That's why it's in systemPackages AND environment.etc. 6 | # (November 2021) 7 | 8 | let 9 | cfg = config.sconfig.alacritty; 10 | 11 | configText = builtins.toJSON 12 | { 13 | env.TERM = "xterm-256color"; 14 | font.size = 12; 15 | colors = { 16 | primary.background = "0x1e1e1e"; 17 | primary.foreground = "0xdddddd"; 18 | # Tango Dark 19 | normal.black = "0x2e3436"; 20 | normal.red = "0xcc0000"; 21 | normal.green = "0x4e9a06"; 22 | normal.yellow = "0xc4a000"; 23 | normal.blue = "0x3465a4"; 24 | normal.magenta = "0x75507b"; 25 | normal.cyan = "0x06989a"; 26 | normal.white = "0xd3d7cf"; 27 | bright.black = "0x555753"; 28 | bright.red = "0xef2929"; 29 | bright.green = "0x8ae234"; 30 | bright.yellow = "0xfce94f"; 31 | bright.blue = "0x729fcf"; 32 | bright.magenta = "0xad7fa8"; 33 | bright.cyan = "0x34e2e2"; 34 | bright.white = "0xeeeeec"; 35 | }; 36 | key_bindings = [ 37 | { action = "ScrollHalfPageDown"; mods = "Shift"; key = "PageDown"; } 38 | { action = "ScrollHalfPageUp"; mods = "Shift"; key = "PageUp"; } 39 | { action = "SpawnNewInstance"; mods = "Control|Shift"; key = "N"; } 40 | { action = "SpawnNewInstance"; mods = "Control|Shift"; key = "T"; } 41 | ]; 42 | }; 43 | 44 | in 45 | { 46 | options.sconfig.alacritty.enable = lib.mkEnableOption "Enable Alacritty"; 47 | 48 | config = lib.mkIf cfg.enable { 49 | 50 | environment.etc."xdg/alacritty.yml".text = configText; 51 | 52 | environment.systemPackages = [ 53 | pkgs.alacritty 54 | (pkgs.writeTextFile { 55 | name = "alacritty.yml"; 56 | destination = "/etc/xdg/alacritty.yml"; 57 | text = configText; 58 | }) 59 | ]; 60 | 61 | programs.bash.interactiveShellInit = '' 62 | function _set_title() { 63 | printf "\033]0;%s@%s:%s\007" "''${USER}" "''${HOSTNAME%%.*}" "''${PWD/#$HOME/\~}" 64 | } 65 | [ -z "$VTE_VERSION" ] && PROMPT_COMMAND="_set_title; $PROMPT_COMMAND" 66 | ''; 67 | }; 68 | } 69 | -------------------------------------------------------------------------------- /modules/baseline.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | { 4 | boot = { 5 | kernelParams = [ "amdgpu.gpu_recovery=1" "panic=30" "ixgbe.allow_unsupported_sfp=1,1" ]; 6 | }; 7 | 8 | nixpkgs.config.allowUnfree = true; 9 | environment.variables.NIXPKGS_ALLOW_UNFREE = "1"; 10 | 11 | security.sudo.extraConfig = "Defaults lecture=never"; 12 | 13 | systemd.tmpfiles.rules = [ "e /nix/var/log - - - 30d" ]; 14 | 15 | networking.hostId = builtins.substring 0 8 (builtins.hashString "md5" config.networking.hostName); 16 | 17 | nix = { 18 | daemonCPUSchedPolicy = "idle"; 19 | extraOptions = '' 20 | experimental-features = nix-command flakes 21 | ''; 22 | }; 23 | 24 | services = { 25 | earlyoom.enable = true; 26 | }; 27 | } 28 | -------------------------------------------------------------------------------- /modules/deploy.nix: -------------------------------------------------------------------------------- 1 | { lib, ... }: 2 | with lib.types; 3 | { 4 | options.sconfig = { 5 | 6 | sshPublicKeys = lib.mkOption { 7 | type = listOf str; 8 | default = [ ]; 9 | }; 10 | 11 | deployment = lib.mkOption { 12 | type = attrs; 13 | default = { }; 14 | }; 15 | 16 | }; 17 | } 18 | -------------------------------------------------------------------------------- /modules/home-manager.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, inputs, ... }: 2 | 3 | let 4 | cfg = config.sconfig.home-manager; 5 | in 6 | { 7 | options.sconfig.home-manager = { 8 | enable = lib.mkEnableOption "Enable Home Manager"; 9 | enableGraphical = lib.mkEnableOption "Enable graphical HM"; 10 | enableLaptop = lib.mkEnableOption "Enable laptop"; 11 | enableVscodeServer = lib.mkEnableOption "Enable vscode"; 12 | enableDevelopment = lib.mkEnableOption "Enable dev tools"; 13 | }; 14 | 15 | config = lib.mkIf cfg.enable 16 | { 17 | environment.systemPackages = [ pkgs.home-manager ]; 18 | 19 | home-manager.extraSpecialArgs = { inherit inputs; }; 20 | home-manager.useGlobalPkgs = true; 21 | home-manager.useUserPackages = true; 22 | home-manager.users.grw = { ... }: { 23 | hostId = config.networking.hostName; 24 | imports = [ 25 | ../home/common.nix 26 | ../home/linux.nix 27 | ] ++ (if cfg.enableGraphical then [ 28 | ../home/graphical.nix 29 | ../home/gpg.nix 30 | ../home/zed.nix 31 | ] else [ ../home/headless.nix ]) ++ lib.optionals cfg.enableLaptop [ 32 | ../home/laptop.nix 33 | ] ++ lib.optionals cfg.enableVscodeServer [ 34 | ../home/vscode-server.nix 35 | ] ++ lib.optionals cfg.enableDevelopment [ 36 | ../home/development.nix 37 | ]; 38 | }; 39 | }; 40 | } 41 | -------------------------------------------------------------------------------- /modules/i3/default.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, lib, ... }: 2 | let 3 | cfg = config.sconfig.i3; 4 | in 5 | { 6 | options.sconfig.i3 = { 7 | enable = lib.mkEnableOption "Enable the i3 Window Manager"; 8 | extraConfig = lib.mkOption { 9 | type = lib.types.lines; 10 | default = ""; 11 | }; 12 | }; 13 | 14 | config = lib.mkIf cfg.enable { 15 | services.xserver.windowManager.i3 = { 16 | enable = true; 17 | extraSessionCommands = '' 18 | echo 'Xft.dpi: 96' | xrdb -merge 19 | echo 'Xcursor.size: 24' | xrdb -merge 20 | xsetroot -solid '#333333' 21 | ''; 22 | configFile = pkgs.runCommand "i3config" { } '' 23 | ( 24 | cat '${pkgs.i3}/etc/i3/config' | 25 | sed 's/Mod1/Mod4/' | 26 | sed 's/^exec i3-config-wizard/#&/' | 27 | sed 's/^font.*/font pango:DejaVuSans, FontAwesome5Free 12/' | 28 | sed 's,status_command i3status,status_command i3status-rs ${./i3srs.toml} \n tray_output primary,' | 29 | sed 's/i3-sensible-terminal/alacritty/' | 30 | sed 's/10%/2%/' 31 | cat '${pkgs.writeText "i3extra" cfg.extraConfig}' 32 | )| 33 | tee "$out" 34 | ''; 35 | }; 36 | 37 | hardware.pulseaudio.enable = true; 38 | 39 | environment.etc."xdg/gtk-3.0/settings.ini".text = '' 40 | [Settings] 41 | gtk-theme-name=Yaru-dark 42 | gtk-icon-theme-name=Numix 43 | ''; 44 | 45 | sconfig.i3.extraConfig = '' 46 | default_border normal 4 47 | default_floating_border normal 4 48 | bindsym Mod4+Escape kill 49 | hide_edge_borders both 50 | bindsym XF86MonBrightnessUp exec brightnessctl -n500 -e s -- +10% 51 | bindsym XF86MonBrightnessDown exec brightnessctl -n500 -e s -- -10% 52 | ''; 53 | 54 | services.gvfs.enable = true; 55 | networking.networkmanager.enable = true; 56 | 57 | fonts.packages = with pkgs; [ 58 | font-awesome 59 | powerline-fonts 60 | ]; 61 | 62 | services.xserver = { 63 | enable = true; 64 | libinput.enable = true; 65 | libinput.touchpad.naturalScrolling = true; 66 | displayManager.sddm.enable = true; 67 | }; 68 | 69 | environment.systemPackages = with pkgs; [ 70 | unstable.i3status-rust # 21.11 version supports zfs ARC 71 | brightnessctl 72 | numix-icon-theme 73 | yaru-theme 74 | gnome3.networkmanagerapplet 75 | gnome3.file-roller 76 | gnome3.adwaita-icon-theme 77 | mate.mate-terminal 78 | xfce.thunar 79 | xfce.thunar-archive-plugin 80 | caffeine-ng 81 | 82 | (runCommand "default_cursor" { } '' 83 | mkdir -p $out/share/icons/default 84 | ln -sf /run/current-system/sw/share/icons/Yaru/cursor.theme $out/share/icons/default/index.theme 85 | '') 86 | 87 | (runCommand "x-terminal-emulator" { } '' 88 | mkdir -p $out/bin 89 | ln -s ${alacritty}/bin/alacritty $out/bin/x-terminal-emulator 90 | '') 91 | ]; 92 | }; 93 | } 94 | -------------------------------------------------------------------------------- /modules/i3/i3srs.toml: -------------------------------------------------------------------------------- 1 | theme = "native" 2 | icons = "awesome5" 3 | 4 | [[block]] 5 | block = "disk_space" 6 | path = "/nix/store" 7 | alias = "/nix/store" 8 | info_type = "available" 9 | unit = "GB" 10 | interval = 20 11 | warning = 20.0 12 | alert = 10.0 13 | 14 | [[block]] 15 | block = "memory" 16 | display_type = "memory" 17 | format_mem = "{mem_used_percents}" 18 | format_swap = "{swap_used_percents}" 19 | 20 | [[block]] 21 | block = "cpu" 22 | interval = 5 23 | 24 | [[block]] 25 | block = "sound" 26 | device_kind = "source" 27 | 28 | [[block]] 29 | block = "sound" 30 | device_kind = "sink" 31 | 32 | [[block]] 33 | block = "time" 34 | interval = 5 35 | format = "%a %m/%d %R" 36 | -------------------------------------------------------------------------------- /modules/i3/i3status.conf: -------------------------------------------------------------------------------- 1 | general { 2 | colors = true 3 | interval = 5 4 | } 5 | 6 | order += "battery all" 7 | order += "volume master" 8 | order += "tztime local" 9 | 10 | volume master { 11 | format = "[♪ %volume]" 12 | } 13 | 14 | battery all { 15 | format = "[%status %percentage %remaining]" 16 | format_down = "" 17 | } 18 | 19 | tztime local { 20 | format = "[%m/%d] [%H:%M:%S]" 21 | } 22 | -------------------------------------------------------------------------------- /modules/igmpproxy.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, lib, ... }: 2 | 3 | with lib; 4 | let 5 | cfg = config.services.igmpproxy; 6 | in 7 | { 8 | 9 | options = { 10 | services.igmpproxy = { 11 | enable = mkEnableOption (lib.mdDoc "start igmpproxy daemon"); 12 | config = lib.mkOption { 13 | type = lib.types.lines; 14 | default = ''''; 15 | }; 16 | }; 17 | }; 18 | 19 | config = mkIf cfg.enable { 20 | systemd.services.igmpproxy = 21 | let cfgFile = pkgs.writeText "igmpproxy.conf" cfg.config; 22 | in { 23 | description = "igmpproxy"; 24 | wantedBy = [ "multi-user.target" ]; 25 | after = [ "br0.lan-netdev.service" ]; 26 | serviceConfig = { 27 | ExecStart = "${pkgs.igmpproxy}/bin/igmpproxy ${cfgFile} -n -v"; 28 | }; 29 | }; 30 | }; 31 | 32 | } 33 | -------------------------------------------------------------------------------- /modules/mouse-dpi.nix: -------------------------------------------------------------------------------- 1 | { lib, ... }: 2 | 3 | let 4 | setting = "600@1000"; 5 | devices = [ 6 | "SteelSeries SteelSeries Aerox 3 Wireless" 7 | "Logitech G Pro Gaming Mouse" 8 | "Logitech G305" 9 | "Logitech USB Receiver" 10 | "Glorious Model O" 11 | "Logitech, Inc. USB Receiver" 12 | ]; 13 | in 14 | { 15 | services.udev.extraHwdb = lib.concatMapStrings 16 | (n: "\nmouse:usb:*:name:${n}:*\n MOUSE_DPI=${setting}\n") 17 | (devices); 18 | } 19 | -------------------------------------------------------------------------------- /modules/nanopi-load.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | { 4 | imports = [ ../profiles/nbd-overlayfs.nix ]; 5 | options = { }; 6 | 7 | config = { 8 | 9 | system.build.usb = { 10 | loader = 11 | let 12 | netboot-binaries = pkgs.symlinkJoin { 13 | name = "netboot"; 14 | paths = with config.system.build; [ 15 | initialRamdisk 16 | kernel 17 | pkgs.boot-scripts.nanopi-m3.uboot 18 | 19 | ]; 20 | postBuild = '' 21 | ${pkgs.buildPackages.ubootTools}/bin/mkimage -A arm64 -O linux -T ramdisk -C none -d $out/initrd $out/uInitrd 22 | ${pkgs.buildPackages.ubootTools}/bin/mkimage -A arm64 -T kernel -C none -d $out/Image $out/uImage 23 | ${pkgs.buildPackages.boot-scripts.nanopi-m3.nanopi-load}/bin/nanopi-load -b USB -o $out/u-boot-nsih.bin $out/u-boot.bin 0x00000000 24 | ''; 25 | }; 26 | storeRoot = pkgs.closureInfo { rootPaths = [ config.system.build.toplevel ]; }; 27 | rootfsImage = pkgs.callPackage ({ 28 | storePaths = [ config.system.build.toplevel pkgs.stdenv ]; 29 | compressImage = false; 30 | volumeLabel = "NIXOS_SD"; 31 | }); 32 | bootEnv = pkgs.writeText "bootenv.txt" '' 33 | #=uEnv 34 | bootargs=init=${config.system.build.toplevel}/init rootImage=${rootfsImage} storeRoot=${storeRoot} ${toString config.boot.kernelParams} 35 | udown_kernel=udown 0x41000000 36 | udown_initrd=udown 0x45000000 37 | udown_dtb=udown 0x4c000000 38 | initrd_high=0xffffffff 39 | bootcmd2=echo "Starting downloads"; \ 40 | run udown_kernel; \ 41 | run udown_initrd; \ 42 | run udown_dtb; \ 43 | echo "Booting kernel.." \ 44 | booti 0x41000000 0x45000000 0x4c000000 45 | ''; 46 | nanopi-load-native = pkgs.buildPackages.boot-scripts.nanopi-m3.nanopi-load; 47 | in 48 | pkgs.writeScriptBin "boot.sh" '' 49 | echo "uploading bl1" 50 | ${nanopi-load-native}/bin/nanopi-load -f -x \ 51 | ${pkgs.boot-scripts.nanopi-m3.bl1-usb} 52 | 53 | sleep 1 54 | echo "uploading uboot" 55 | ${nanopi-load-native}/bin/nanopi-load -f \ 56 | ${netboot-binaries}/u-boot.bin 0x43bffe00 57 | 58 | sleep 2 59 | echo "uploading environment" 60 | ${nanopi-load-native}/bin/nanopi-load \ 61 | ${bootEnv} 0 62 | 63 | sleep 1 64 | echo "uploading kernl" 65 | ${nanopi-load-native}/bin/nanopi-load \ 66 | ${netboot-binaries}/Image 0 67 | 68 | sleep 1 69 | echo "uploading initrd" 70 | ${nanopi-load-native}/bin/nanopi-load \ 71 | ${netboot-binaries}/uInitrd 0 72 | 73 | sleep 1 74 | echo "uploading dtb" 75 | ${nanopi-load-native}/bin/nanopi-load \ 76 | ${netboot-binaries}/dtbs/nexell/nanopim3.dtb 0 77 | ''; 78 | }; 79 | 80 | }; 81 | 82 | } 83 | -------------------------------------------------------------------------------- /modules/optimism.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | let 3 | cfg = config.sconfig.optimism; 4 | in 5 | { 6 | 7 | options.sconfig.optimism = { 8 | enable = lib.mkEnableOption "Optimism node"; 9 | dataDir = lib.mkOption { 10 | type = lib.types.str; 11 | default = "/var/lib/optimism"; 12 | description = '' 13 | data root 14 | ''; 15 | }; 16 | }; 17 | 18 | config = lib.mkIf cfg.enable { 19 | 20 | # users.optimism = { }; 21 | 22 | systemd.services.optimism-create-dirs = { 23 | description = "create optimism data dirs"; 24 | wantedBy = [ "multi-user.target" ]; 25 | 26 | serviceConfig = { 27 | ExecStart = "${pkgs.bash}/bin/bash -c 'mkdir -p /var/lib/optimism/{db,geth}'"; 28 | # User = cfg.user; 29 | # Group = cfg.group; 30 | }; 31 | }; 32 | 33 | virtualisation.oci-containers.containers = { 34 | optimism-dtl = { 35 | image = "ethereumoptimism/data-transport-layer"; 36 | environment = { 37 | DATA_TRANSPORT_LAYER__ADDRESS_MANAGER = "0xdE1FCfB0851916CA5101820A69b13a4E276bd81F"; 38 | DATA_TRANSPORT_LAYER__SYNC_FROM_L1 = "true"; 39 | DATA_TRANSPORT_LAYER__SYNC_FROM_L2 = "false"; 40 | DATA_TRANSPORT_LAYER__L1_START_HEIGHT = "13596466"; 41 | DATA_TRANSPORT_LAYER__CONFIRMATIONS = "12"; 42 | DATA_TRANSPORT_LAYER__DANGEROUSLY_CATCH_ALL_ERRORS = "true"; 43 | DATA_TRANSPORT_LAYER__DB_PATH = "/db"; 44 | DATA_TRANSPORT_LAYER__DEFAULT_BACKEND = "l1"; 45 | DATA_TRANSPORT_LAYER__L1_GAS_PRICE_BACKEND = "l1"; 46 | DATA_TRANSPORT_LAYER__L1_RPC_ENDPOINT = "https://eth-mainnet.satanic.link"; 47 | DATA_TRANSPORT_LAYER__ENABLE_METRICS = "true"; 48 | DATA_TRANSPORT_LAYER__ETH_NETWORK_NAME = "mainnet"; 49 | DATA_TRANSPORT_LAYER__L2_CHAIN_ID = "10"; 50 | DATA_TRANSPORT_LAYER__LOGS_PER_POLLING_INTERVAL = "2000"; 51 | DATA_TRANSPORT_LAYER__NODE_ENV = "production"; 52 | DATA_TRANSPORT_LAYER__POLLING_INTERVAL = "500"; 53 | DATA_TRANSPORT_LAYER__SENTRY_TRACE_RATE = "0.05"; 54 | DATA_TRANSPORT_LAYER__SERVER_HOSTNAME = "0.0.0.0"; 55 | DATA_TRANSPORT_LAYER__SERVER_PORT = "7878"; 56 | DATA_TRANSPORT_LAYER__TRANSACTIONS_PER_POLLING_INTERVAL = "1000"; 57 | }; 58 | ports = [ "7878:7878" ]; 59 | volumes = [ 60 | "${cfg.dataDir}/dtl:/db" 61 | ]; 62 | }; 63 | optimism-l2geth = { 64 | image = "ethereumoptimism/l2geth"; 65 | environment = { 66 | USING_OVM = "true"; 67 | SEQUENCER_CLIENT_HTTP = "https://mainnet.optimism.io"; 68 | BLOCK_SIGNER_ADDRESS = "0x00000398232E2064F896018496b4b44b3D62751F"; 69 | BLOCK_SIGNER_PRIVATE_KEY = ""; 70 | BLOCK_SIGNER_PRIVATE_KEY_PASSWORD = "pwd"; 71 | ETH1_CTC_DEPLOYMENT_HEIGHT = "13596466"; 72 | ETH1_SYNC_SERVICE_ENABLE = "true"; 73 | L2GETH_GENESIS_URL = "https://storage.googleapis.com/optimism/mainnet/genesis-berlin.json"; 74 | L2GETH_GENESIS_HASH = "0x106b0a3247ca54714381b1109e82cc6b7e32fd79ae56fbcc2e7b1541122f84ea"; 75 | L2GETH_BERLIN_ACTIVATION_HEIGHT = "3950000"; 76 | ROLLUP_BACKEND = "l1"; 77 | ROLLUP_CLIENT_HTTP = "http://optimism-dtl:7878"; 78 | ROLLUP_DISABLE_TRANSFERS = "false"; 79 | ROLLUP_ENABLE_L2_GAS_POLLING = "false"; 80 | ROLLUP_GAS_PRICE_ORACLE_OWNER_ADDRESS = "0x648E3e8101BFaB7bf5997Bd007Fb473786019159"; 81 | ROLLUP_MAX_CALLDATA_SIZE = "40000"; 82 | ROLLUP_POLL_INTERVAL_FLAG = "1s"; 83 | ROLLUP_SYNC_SERVICE_ENABLE = "true"; 84 | ROLLUP_TIMESTAMP_REFRESH = "5m"; 85 | ROLLUP_VERIFIER_ENABLE = "true"; 86 | }; 87 | ports = [ "9991:8545" "9992:8546" ]; 88 | volumes = [ 89 | "${cfg.dataDir}/geth:/geth" 90 | ]; 91 | }; 92 | }; 93 | }; 94 | } 95 | -------------------------------------------------------------------------------- /modules/pipewire.nix: -------------------------------------------------------------------------------- 1 | { config, lib, ... }: 2 | let 3 | cfg = config.sconfig.pipewire; 4 | in 5 | { 6 | options.sconfig.pipewire = lib.mkEnableOption "Enable Pipewire"; 7 | 8 | config = lib.mkIf cfg { 9 | hardware.pulseaudio.enable = false; 10 | services.pipewire = { 11 | enable = true; 12 | pulse.enable = true; 13 | alsa.enable = true; 14 | alsa.support32Bit = true; 15 | }; 16 | }; 17 | } 18 | -------------------------------------------------------------------------------- /modules/profiles/default.nix: -------------------------------------------------------------------------------- 1 | { lib, ... }: 2 | with lib; 3 | { 4 | options.sconfig.profile = mkOption { 5 | type = types.enum [ "server" "desktop" ]; 6 | }; 7 | imports = [ ./server.nix ./desktop.nix ]; 8 | } 9 | -------------------------------------------------------------------------------- /modules/profiles/desktop.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, lib, ... }: 2 | with lib; 3 | { 4 | config = mkIf (config.sconfig.profile == "desktop") { 5 | 6 | sconfig = { 7 | # security-tools = true; 8 | }; 9 | 10 | environment.variables.MOZ_ENABLE_WAYLAND = "1"; 11 | environment.variables.MOZ_USE_XINPUT2 = "1"; 12 | 13 | boot = rec { 14 | kernel.sysctl = { "vm.swappiness" = 1; }; 15 | }; 16 | 17 | # Disable suspend and hibernation 18 | services.logind.extraConfig = '' 19 | HandleSuspendKey=ignore 20 | HandleLidSwitch=ignore 21 | HandleLidSwitchExternalPower=ignore 22 | HandleLidSwitchDocked=ignore 23 | HandleHibernateKey=ignore 24 | HandlePowerKey=ignore 25 | ''; 26 | 27 | # Disable automatic powering off 28 | systemd.services.systemd-logind.environment.LOGIND_AUTO_SUSPEND = "no"; 29 | 30 | # Disable systemd's suspend, hibernate and hybrid-sleep units 31 | systemd.services = { 32 | "systemd-suspend.service".enable = false; 33 | "systemd-hibernate.service".enable = false; 34 | "systemd-hybrid-sleep.service".enable = false; 35 | }; 36 | /* 37 | services = { 38 | fstrim.enable = true; 39 | fwupd.enable = true; 40 | hardware.bolt.enable = true; 41 | thermald.enable = false; 42 | }; 43 | */ 44 | # sconfig.user-settings = '' 45 | # ln -sf /etc/vscode-settings.json ~/.config/VSCodium/User/settings.json 46 | # ln -sf /etc/vscode-keybindings.json ~/.config/VSCodium/User/keybindings.json 47 | # ''; 48 | 49 | # environment.etc."vscode-settings.json".text = builtins.toJSON { 50 | # "editor.renderFinalNewline" = false; 51 | # "editor.scrollBeyondLastLine" = false; 52 | # "extensions.autoCheckUpdates" = false; 53 | # "extensions.autoUpdate" = false; 54 | # "files.insertFinalNewline" = true; 55 | # "files.trimFinalNewlines" = true; 56 | # "files.watcherExclude"."**/result/**" = true; 57 | # "git.confirmSync" = false; 58 | # "python.formatting.autopep8Args" = [ "--max-line-length=999" ]; 59 | # "python.showStartPage" = false; 60 | # "security.workspace.trust.banner" = "never"; 61 | # "security.workspace.trust.startupPrompt" = "never"; 62 | # "security.workspace.trust.untrustedFiles" = "newWindow"; 63 | # "terminal.external.linuxExec" = "x-terminal-emulator"; 64 | # "terminal.integrated.fontFamily" = "DejaVuSansMono Nerd Font"; 65 | # "terminal.integrated.fontSize" = 16; 66 | # "terminal.integrated.showExitAlert" = false; 67 | # "trailing-spaces.highlightCurrentLine" = false; 68 | # "update.mode" = "none"; 69 | # "update.showReleaseNotes" = false; 70 | # "window.menuBarVisibility" = "hidden"; 71 | # "workbench.startupEditor" = "none"; 72 | # "terminal.integrated.profiles.linux"."bash" = { 73 | # "path" = "bash"; 74 | # "args" = [ "-c" "unset SHLVL; bash" ]; 75 | # }; 76 | # }; 77 | 78 | # environment.etc."vscode-keybindings.json".text = builtins.toJSON [ 79 | # { key = "ctrl+w"; command = "-workbench.action.terminal.killEditor"; } 80 | # { key = "ctrl+e"; command = "-workbench.action.quickOpen"; } 81 | # { key = "ctrl+e"; command = "workbench.action.quickOpen"; when = "!terminalFocus"; } 82 | # ]; 83 | 84 | # virtualisation.docker = { enable = true; enableOnBoot = false; }; 85 | 86 | # boot.kernelPackages = pkgs.linuxPackages_5_15; 87 | 88 | # boot.binfmt.emulatedSystems = [ "aarch64-linux" ]; 89 | 90 | # boot.loader.timeout = 91 | # if config.boot.loader.systemd-boot.enable 92 | # then null else lib.mkOverride 9999 99; 93 | # }; 94 | }; 95 | } 96 | 97 | -------------------------------------------------------------------------------- /modules/profiles/server.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, lib, ... }: 2 | with lib; 3 | { 4 | config = mkIf (config.sconfig.profile == "server") { 5 | # services.logind.lidSwitch = "ignore"; 6 | services.openssh.enable = true; 7 | documentation.nixos.enable = false; 8 | nix.gc = { 9 | automatic = true; 10 | options = "--delete-older-than 30d"; 11 | randomizedDelaySec = "55min"; 12 | }; 13 | }; 14 | } 15 | -------------------------------------------------------------------------------- /modules/qbittorrent.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | with lib; 4 | 5 | let 6 | cfg = config.services.qbittorrent; 7 | UID = 888; 8 | GID = 888; 9 | in 10 | { 11 | options.services.qbittorrent = { 12 | enable = mkEnableOption (lib.mdDoc "qBittorrent headless"); 13 | 14 | dataDir = mkOption { 15 | type = types.path; 16 | default = "/var/lib/qbittorrent"; 17 | description = lib.mdDoc '' 18 | The directory where qBittorrent stores its data files. 19 | ''; 20 | }; 21 | 22 | user = mkOption { 23 | type = types.str; 24 | default = "qbittorrent"; 25 | description = lib.mdDoc '' 26 | User account under which qBittorrent runs. 27 | ''; 28 | }; 29 | 30 | group = mkOption { 31 | type = types.str; 32 | default = "qbittorrent"; 33 | description = lib.mdDoc '' 34 | Group under which qBittorrent runs. 35 | ''; 36 | }; 37 | 38 | port = mkOption { 39 | type = types.port; 40 | default = 8080; 41 | description = lib.mdDoc '' 42 | qBittorrent web UI port. 43 | ''; 44 | }; 45 | 46 | openFirewall = mkOption { 47 | type = types.bool; 48 | default = false; 49 | description = lib.mdDoc '' 50 | Open services.qBittorrent.port to the outside network. 51 | ''; 52 | }; 53 | 54 | package = mkOption { 55 | type = types.package; 56 | default = pkgs.qbittorrent-nox; 57 | defaultText = literalExpression "pkgs.qbittorrent-nox"; 58 | description = lib.mdDoc '' 59 | The qbittorrent package to use. 60 | ''; 61 | }; 62 | }; 63 | 64 | config = mkIf cfg.enable { 65 | networking.firewall = mkIf cfg.openFirewall { 66 | allowedTCPPorts = [ cfg.port ]; 67 | }; 68 | 69 | systemd.services.qbittorrent = { 70 | # based on the plex.nix service module and 71 | # https://github.com/qbittorrent/qBittorrent/blob/master/dist/unix/systemd/qbittorrent-nox%40.service.in 72 | description = "qBittorrent-nox service"; 73 | documentation = [ "man:qbittorrent-nox(1)" ]; 74 | after = [ "network.target" ]; 75 | wantedBy = [ "multi-user.target" ]; 76 | 77 | serviceConfig = { 78 | Type = "simple"; 79 | User = cfg.user; 80 | Group = cfg.group; 81 | 82 | # Run the pre-start script with full permissions (the "!" prefix) so it 83 | # can create the data directory if necessary. 84 | ExecStartPre = 85 | let 86 | preStartScript = pkgs.writeScript "qbittorrent-run-prestart" '' 87 | #!${pkgs.bash}/bin/bash 88 | 89 | # Create data directory if it doesn't exist 90 | if ! test -d "$QBT_PROFILE"; then 91 | echo "Creating initial qBittorrent data directory in: $QBT_PROFILE" 92 | install -d -m 0755 -o "${cfg.user}" -g "${cfg.group}" "$QBT_PROFILE" 93 | fi 94 | ''; 95 | in 96 | "!${preStartScript}"; 97 | 98 | #ExecStart = "${pkgs.qbittorrent-nox}/bin/qbittorrent-nox"; 99 | ExecStart = "${cfg.package}/bin/qbittorrent-nox"; 100 | # To prevent "Quit & shutdown daemon" from working; we want systemd to 101 | # manage it! 102 | #Restart = "on-success"; 103 | #UMask = "0002"; 104 | #LimitNOFILE = cfg.openFilesLimit; 105 | }; 106 | 107 | environment = { 108 | QBT_PROFILE = cfg.dataDir; 109 | QBT_WEBUI_PORT = toString cfg.port; 110 | }; 111 | }; 112 | 113 | users.users = mkIf (cfg.user == "qbittorrent") { 114 | qbittorrent = { 115 | group = cfg.group; 116 | uid = UID; 117 | }; 118 | }; 119 | 120 | users.groups = mkIf (cfg.group == "qbittorrent") { 121 | qbittorrent = { gid = GID; }; 122 | }; 123 | }; 124 | } 125 | -------------------------------------------------------------------------------- /modules/radeon-profile-daemon.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | with lib; 4 | 5 | let 6 | cfg = config.services.radeon-profile-daemon; 7 | in 8 | { 9 | 10 | options.services.radeon-profile-daemon = { 11 | 12 | enable = mkEnableOption { 13 | type = types.bool; 14 | default = false; 15 | description = '' 16 | radeon-profile-daemon 17 | ''; 18 | }; 19 | 20 | }; 21 | 22 | config = mkIf cfg.enable { 23 | 24 | systemd.services.radeon-profile-daemon = { 25 | description = "radeon-profile-daemon"; 26 | wantedBy = [ "multi-user.target" ]; 27 | serviceConfig = { 28 | ExecStart = "${pkgs.radeon-profile-daemon}/bin/radeon-profile-daemon"; 29 | PrivateTmp = "yes"; 30 | PrivateDevices = "yes"; 31 | }; 32 | }; 33 | 34 | }; 35 | 36 | } 37 | -------------------------------------------------------------------------------- /modules/scroll-boost/default.nix: -------------------------------------------------------------------------------- 1 | { config, lib, ... }: 2 | let 3 | cfg = config.sconfig.scroll-boost; 4 | in 5 | { 6 | options.sconfig.scroll-boost = lib.mkEnableOption "Patch xf86-libinput scroll speed"; 7 | 8 | config = lib.mkIf cfg { 9 | nixpkgs.overlays = [ 10 | (self: super: { 11 | xorg = super.xorg.overrideScope' (selfB: superB: { 12 | inherit (super.xorg) xlibsWrapper; 13 | xf86inputlibinput = superB.xf86inputlibinput.overrideAttrs (attr: { 14 | patches = [ ./libinput.patch ]; 15 | }); 16 | }); 17 | }) 18 | ]; 19 | }; 20 | } 21 | -------------------------------------------------------------------------------- /modules/scroll-boost/libinput.patch: -------------------------------------------------------------------------------- 1 | diff --git a/src/xf86libinput.c b/src/xf86libinput.c 2 | index 620af6d..d1bf974 100644 3 | --- a/src/xf86libinput.c 4 | +++ b/src/xf86libinput.c 5 | @@ -1618,6 +1618,7 @@ calculate_axis_value(struct xf86libinput *driver_data, 6 | source = libinput_event_pointer_get_axis_source(event); 7 | if (source == LIBINPUT_POINTER_AXIS_SOURCE_WHEEL) { 8 | value = get_wheel_scroll_value(driver_data, event, axis); 9 | + value *= 2; 10 | } else { 11 | value = libinput_event_pointer_get_axis_value(event, axis); 12 | } 13 | -------------------------------------------------------------------------------- /modules/status-on-console.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, lib, ... }: 2 | let 3 | cfg = config.sconfig.status-on-console; 4 | 5 | ncfg = pkgs.writeText "neofetch.conf" '' 6 | print_info() { 7 | info title 8 | info underline 9 | 10 | info "OS" distro 11 | info "Host" model 12 | info "Kernel" kernel 13 | info "Uptime" uptime 14 | info "CPU" cpu 15 | info "Memory" memory 16 | info "Disk" disk 17 | info "Local IP" local_ip 18 | 19 | info cols 20 | } 21 | ''; 22 | 23 | nscript = pkgs.writeShellScript "neofetch-wrapped" '' 24 | export PATH="$PATH:/run/current-system/sw/bin" 25 | ( 26 | ${pkgs.neofetch}/bin/neofetch --config "${ncfg}" 27 | echo '\l' 28 | ) >/run/issue 29 | ''; 30 | 31 | in 32 | { 33 | options.sconfig.status-on-console = lib.mkEnableOption "Display Neofetch on system console"; 34 | 35 | config = lib.mkIf cfg { 36 | environment.etc.issue.source = pkgs.lib.mkForce "/run/issue"; 37 | systemd.services."getty@".serviceConfig.ExecStartPre = "-${nscript}"; 38 | }; 39 | } 40 | -------------------------------------------------------------------------------- /modules/sunxi-watchdog.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | with lib; 4 | 5 | let 6 | cfg = config.sunxi-watchdog; 7 | in 8 | 9 | { 10 | 11 | options = { 12 | 13 | sunxi-watchdog = { 14 | enable = mkOption { 15 | type = types.bool; 16 | default = false; 17 | description = '' 18 | Enable sunxi hardware watchdog 19 | ''; 20 | }; 21 | 22 | module = { 23 | type = types.str; 24 | default = "watchdog"; 25 | 26 | }; 27 | 28 | grace = mkOption { 29 | type = types.int; 30 | default = 10; 31 | description = '' 32 | Watchdog lease time 33 | ''; 34 | }; 35 | }; 36 | }; 37 | 38 | config = lib.mkIf cfg.enable rec { 39 | 40 | boot.kernelParams = [ "sunxi_wdt.nowayout=1" ]; 41 | boot.initrd.preLVMCommands = '' 42 | echo 1 > /dev/watchdog 43 | ''; 44 | 45 | systemd.services.watchdog = { 46 | description = "watchdog keepalive"; 47 | serviceConfig = { 48 | Type = "oneshot"; 49 | Restart = "no"; 50 | ExecStart = "/bin/sh -c 'echo 1 > /dev/watchdog'"; 51 | }; 52 | }; 53 | 54 | systemd.timers.watchdog = { 55 | description = "watchdog keepalive"; 56 | partOf = [ "watchdog.service" ]; 57 | wantedBy = [ "sysinit.target" ]; 58 | timerConfig = { 59 | OnUnitActiveSec = "10"; 60 | }; 61 | }; 62 | }; 63 | 64 | meta = { }; 65 | } 66 | -------------------------------------------------------------------------------- /modules/traffic-shaping.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | with lib; 4 | let 5 | script = pkgs.fetchurl { 6 | url = "https://gist.githubusercontent.com/eqhmcow/939373/raw/2608f60eaf777f0abb6729f986782a1fdab7f56a/hfsc-shape.sh"; 7 | sha256 = "10qmggzly7sc7qdjnn1281q5rhfwgshm2xv4mp96lnmsyi2pd9sp"; 8 | name = "hfsc-shape.sh"; 9 | }; 10 | cfg = config.networking.trafficShaping; 11 | in 12 | { 13 | options.networking.trafficShaping = { 14 | 15 | enable = mkOption { 16 | type = types.bool; 17 | default = false; 18 | description = '' 19 | Enables traffic shaping 20 | ''; 21 | }; 22 | 23 | wanInterface = mkOption { 24 | type = types.str; 25 | default = null; 26 | description = '' 27 | WAN 28 | ''; 29 | }; 30 | 31 | lanInterface = mkOption { 32 | type = types.str; 33 | default = null; 34 | description = '' 35 | LAN 36 | ''; 37 | }; 38 | 39 | lanNetwork = mkOption { 40 | type = types.str; 41 | default = null; 42 | description = '' 43 | LAN Network 44 | ''; 45 | }; 46 | 47 | maxDown = mkOption { 48 | type = types.str; 49 | default = null; 50 | }; 51 | 52 | maxUp = mkOption { 53 | type = types.str; 54 | default = null; 55 | }; 56 | 57 | }; 58 | 59 | config = mkIf cfg.enable { 60 | environment.systemPackages = with pkgs; [ bc ]; 61 | boot.kernelModules = [ "msr" ]; 62 | systemd.services.traffic-shaping = 63 | let 64 | customScript = 65 | pkgs.runCommand "hfsc-shape-custom.sh" 66 | { } '' 67 | substitute ${script} $out \ 68 | --replace "/bin/bash" "${pkgs.bash}/bin/bash" \ 69 | --replace "TC=/sbin/tc" "TC=${pkgs.iproute2}/bin/tc" \ 70 | --replace "WAN_INTERFACE=eth1" "WAN_INTERFACE=${cfg.wanInterface}" \ 71 | --replace "LAN_INTERFACE=eth0" "LAN_INTERFACE=${cfg.lanInterface}" \ 72 | --replace "LAN_NETWORK=192.168.1.0/24" "LAN_NETWORK=${cfg.lanNetwork}" \ 73 | --replace "MAX_DOWNRATE=6144kbit" "MAX_DOWNRATE=${cfg.maxDown}" \ 74 | --replace "MAX_UPRATE=384kbit" "MAX_UPRATE=${cfg.maxUp}" 75 | ''; in 76 | { 77 | wantedBy = [ "networking.service" ]; 78 | serviceConfig.Type = "oneshot"; 79 | script = "${pkgs.bash}/bin/bash ${customScript}"; 80 | }; 81 | }; 82 | meta = { }; 83 | } 84 | -------------------------------------------------------------------------------- /modules/udpxy.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | let 3 | cfg = config.services.udpxy; 4 | in 5 | { 6 | 7 | options.services.udpxy = { 8 | enable = lib.mkEnableOption "udpxy"; 9 | port = lib.mkOption { 10 | type = lib.types.int; 11 | default = 4022; 12 | description = "UDPXY port"; 13 | }; 14 | openFirewall = lib.mkOption { 15 | type = lib.types.bool; 16 | default = false; 17 | description = "Open ports in firewall"; 18 | }; 19 | }; 20 | 21 | config = lib.mkIf cfg.enable { 22 | 23 | networking.firewall.allowedTCPPorts = lib.mkIf cfg.openFirewall [ cfg.port ]; 24 | networking.firewall.allowedUDPPorts = lib.mkIf cfg.openFirewall [ 5000 ]; 25 | 26 | systemd.services.udpxy = { 27 | description = "udpxy"; 28 | wantedBy = [ "multi-user.target" ]; 29 | serviceConfig = { 30 | ExecStart = "${pkgs.udpxy}/bin/udpxy -p ${toString cfg.port} -T -n -20"; 31 | Restart = "always"; 32 | RestartSec = "5"; 33 | }; 34 | }; 35 | 36 | }; 37 | } 38 | -------------------------------------------------------------------------------- /modules/user-settings.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, lib, ... }: 2 | let 3 | cfg = config.sconfig.user-settings; 4 | in 5 | { 6 | options.sconfig.user-settings = lib.mkOption { 7 | type = lib.types.nullOr lib.types.lines; 8 | default = null; 9 | }; 10 | 11 | config = lib.mkIf (cfg != null) { 12 | environment.systemPackages = [ 13 | (pkgs.writeShellScriptBin "my-settings" cfg) 14 | ]; 15 | }; 16 | } 17 | -------------------------------------------------------------------------------- /modules/wireguard.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, lib, consts, ... }: 2 | 3 | 4 | let 5 | cfg = config.sconfig.wireguard; 6 | in 7 | 8 | { 9 | 10 | options.sconfig.wireguard = { 11 | enable = lib.mkEnableOption "Wireguard Mesh"; 12 | }; 13 | 14 | config = lib.mkIf cfg.enable { 15 | 16 | # allow systemd-networkd to access keys dir 17 | users.users."systemd-network".extraGroups = [ "keys" ]; 18 | 19 | deployment.keys = let hostName = config.networking.hostName; in { 20 | "wg-${hostName}.secret" = 21 | { 22 | keyCommand = [ "pass" "wg-${hostName}" ]; 23 | user = "systemd-network"; 24 | group = "systemd-network"; 25 | destDir = "/run/keys"; 26 | uploadAt = "pre-activation"; 27 | }; 28 | }; 29 | 30 | systemd.network = { 31 | enable = true; 32 | netdevs = { 33 | "15-wg0" = { 34 | netdevConfig = { 35 | Kind = "wireguard"; 36 | Name = "wg0"; 37 | MTUBytes = "1300"; 38 | }; 39 | # See also man systemd.netdev (also contains info on the permissions of the key files) 40 | wireguardConfig = { 41 | # Don't use a file from the Nix store as these are world readable. Must be readable by the systemd.network user 42 | PrivateKeyFile = "/run/keys/wg-${config.networking.hostName}.secret"; 43 | ListenPort = 51820; 44 | FirewallMark = 34952; 45 | }; 46 | wireguardPeers = (consts.wireguard.makePeerConfig config.networking.hostName); 47 | }; 48 | }; 49 | networks."15-wg0" = { 50 | matchConfig.Name = "wg0"; 51 | address = [ 52 | (consts.wireguard.getIpForHost config.networking.hostName) 53 | ]; 54 | DHCP = "no"; 55 | dns = [ "8.8.8.8" ]; 56 | # ntp = [ "fc00::123" ]; 57 | # gateway = [ 58 | # # "fc00::1" 59 | # "192.168.33.1" 60 | # ]; 61 | networkConfig = { 62 | IPMasquerade = "ipv4"; 63 | IPv6AcceptRA = false; 64 | }; 65 | linkConfig.RequiredForOnline = "no"; 66 | }; 67 | }; 68 | }; 69 | 70 | } 71 | -------------------------------------------------------------------------------- /overlays/overlay.nix: -------------------------------------------------------------------------------- 1 | self: super: 2 | 3 | { 4 | 5 | 6 | # Append local packages 7 | } // (import ../packages { pkgs = super; }) 8 | -------------------------------------------------------------------------------- /packages/default.nix: -------------------------------------------------------------------------------- 1 | pkgs: 2 | 3 | with pkgs; 4 | 5 | { 6 | public-ip-sync-google-clouddns = callPackage ./public-ip-sync-google-clouddns { }; 7 | my-vpp = callPackage ./vpp { }; 8 | } 9 | -------------------------------------------------------------------------------- /packages/public-ip-sync-google-clouddns/default.nix: -------------------------------------------------------------------------------- 1 | { stdenv 2 | , lib 3 | , fetchFromGitHub 4 | , makeWrapper 5 | , dnsutils 6 | , google-cloud-sdk 7 | , curl 8 | }: 9 | 10 | stdenv.mkDerivation rec { 11 | pname = "public-ip-sync-google-clouddns"; 12 | version = "master"; 13 | 14 | src = fetchFromGitHub 15 | { 16 | owner = "headcr4sh"; 17 | repo = "public-ip-sync-google-clouddns"; 18 | rev = "master"; 19 | sha256 = "sha256-knxZJClQi1bCIbyokF0o8gmoiCEwWNkAbo3bzUjwv/A="; 20 | }; 21 | 22 | installPhase = '' 23 | mkdir -p $out/bin 24 | cp public-ip-sync-google-clouddns.sh $out/bin 25 | wrapProgram "$out/bin/public-ip-sync-google-clouddns.sh" \ 26 | --prefix PATH : "${dnsutils}/bin" \ 27 | --prefix PATH : "${google-cloud-sdk}/bin" \ 28 | --prefix PATH : "${curl}/bin" 29 | ''; 30 | 31 | buildInputs = [ makeWrapper ]; 32 | 33 | } 34 | -------------------------------------------------------------------------------- /packages/python-libraries/adafruit-gpio/default.nix: -------------------------------------------------------------------------------- 1 | { stdenv 2 | , lib 3 | , buildPythonPackage 4 | , fetchPypi 5 | , python 6 | , adafruit-pureio 7 | , spidev 8 | }: 9 | 10 | buildPythonPackage rec { 11 | pname = "Adafruit_GPIO"; 12 | version = "1.0.3"; 13 | 14 | src = fetchPypi { 15 | inherit pname version; 16 | sha256 = "1l6wlba5d5qhq40l3m8gdnscsp3gqcp8y7mwyfl1rib6r295ninn"; 17 | }; 18 | 19 | propagatedBuildInputs = [ adafruit-pureio spidev ]; 20 | 21 | doCheck = false; 22 | 23 | } 24 | -------------------------------------------------------------------------------- /packages/python-libraries/adafruit-pureio/default.nix: -------------------------------------------------------------------------------- 1 | { stdenv 2 | , lib 3 | , buildPythonPackage 4 | , fetchPypi 5 | , python 6 | , setuptools_scm 7 | }: 8 | 9 | buildPythonPackage rec { 10 | pname = "Adafruit_PureIO"; 11 | version = "1.1.0"; 12 | 13 | src = fetchPypi { 14 | inherit pname version; 15 | sha256 = "0igx7k33jcbh6vcxh52m4dbk3ibswhj883rz1ldrsgyvrsi88cvz"; 16 | }; 17 | 18 | buildInputs = [ setuptools_scm ]; 19 | } 20 | -------------------------------------------------------------------------------- /packages/python-libraries/bluepy/default.nix: -------------------------------------------------------------------------------- 1 | { stdenv 2 | , buildPackages 3 | , buildPythonPackage 4 | , fetchPypi 5 | , pkg-config 6 | , glib 7 | }: 8 | 9 | buildPythonPackage rec { 10 | pname = "bluepy"; 11 | version = "1.3.0"; 12 | 13 | src = fetchPypi { 14 | inherit pname version; 15 | sha256 = "1v0wjy1rz0rbwghr1z3xhdm06lqn9iig6vr5j2wmymh3w6pysw9a"; 16 | }; 17 | 18 | preConfigure = '' 19 | substituteInPlace bluepy/Makefile \ 20 | --replace "pkg-config" "$PKG_CONFIG" 21 | ''; 22 | 23 | buildInputs = [ glib ]; 24 | depsBuildBuild = [ buildPackages.stdenv.cc buildPackages.pkg-config ]; 25 | 26 | # tests try to access hardware 27 | checkPhase = '' 28 | $out/bin/blescan --help > /dev/null 29 | $out/bin/sensortag --help > /dev/null 30 | $out/bin/thingy52 --help > /dev/null 31 | ''; 32 | 33 | pythonImportsCheck = [ "bluepy" ]; 34 | 35 | meta = with stdenv.lib; { 36 | description = "Python interface to Bluetooth LE on Linux"; 37 | homepage = "https://github.com/IanHarvey/bluepy"; 38 | maintainers = with maintainers; [ georgewhewell ]; 39 | license = licenses.gpl2; 40 | }; 41 | 42 | } 43 | -------------------------------------------------------------------------------- /packages/python-libraries/btlewrap/default.nix: -------------------------------------------------------------------------------- 1 | { stdenv 2 | , lib 3 | , buildPythonPackage 4 | , fetchPypi 5 | , python 6 | , pytest 7 | , bluepy 8 | , typing 9 | }: 10 | 11 | buildPythonPackage rec { 12 | pname = "btlewrap"; 13 | version = "0.0.9"; 14 | 15 | src = fetchPypi { 16 | inherit pname version; 17 | sha256 = "0d1qcq25wbk4gjsvhjanp6qssfbgjglj4v2cnldp8p0as05g47i1"; 18 | }; 19 | 20 | postPatch = '' 21 | sed -i '/install_requires/d' setup.py 22 | ''; 23 | 24 | checkInputs = [ pytest ]; 25 | propagatedBuildInputs = [ bluepy ]; 26 | 27 | doCheck = false; 28 | 29 | } 30 | -------------------------------------------------------------------------------- /packages/python-libraries/default.nix: -------------------------------------------------------------------------------- 1 | { callPackage }: 2 | 3 | rec { 4 | 5 | adafruit-gpio = callPackage ./adafruit-gpio { }; 6 | adafruit-pureio = callPackage ./adafruit-pureio { }; 7 | rpi-gpio = callPackage ./rpi-gpio { }; 8 | opi-gpio = callPackage ./opi-gpio { }; 9 | smbus-cffi = callPackage ./smbus-cffi { }; 10 | smbus2 = callPackage ./smbus2 { }; 11 | spidev = callPackage ./spidev { }; 12 | luma-core = callPackage ./luma.core { inherit smbus2 spidev rpi-gpio opi-gpio; }; 13 | luma-oled = callPackage ./luma.oled { inherit luma-core; }; 14 | python-periphery = callPackage ./python-periphery { }; 15 | btlewrap = callPackage ./btlewrap { }; 16 | miflora = callPackage ./miflora { inherit btlewrap; }; 17 | 18 | pydeconz = callPackage ./pydeconz { }; 19 | spotify_token = callPackage ./spotify_token { }; 20 | 21 | 22 | numpyro = callPackage ./numpyro { }; 23 | jax = callPackage ./jax { }; 24 | jaxlib = callPackage ./jaxlib { }; 25 | jaxlib-bin = callPackage ./jaxlib-bin { }; 26 | 27 | } 28 | -------------------------------------------------------------------------------- /packages/python-libraries/jax/default.nix: -------------------------------------------------------------------------------- 1 | { lib 2 | , buildPythonPackage 3 | , fetchPypi 4 | 5 | , absl-py 6 | , jaxlib 7 | , opt-einsum 8 | }: 9 | 10 | buildPythonPackage rec { 11 | pname = "jax"; 12 | version = "0.2.12"; 13 | 14 | src = fetchPypi { 15 | inherit pname version; 16 | sha256 = "76e653cc09166d4073cdf85afb18d33b662c0e7c344d49bdb52b5837fa01a4ad"; 17 | }; 18 | 19 | propagatedBuildInputs = [ 20 | absl-py 21 | jaxlib 22 | opt-einsum 23 | ]; 24 | 25 | meta = { 26 | description = "Differentiate, compile, and transform Numpy code"; 27 | homepage = "https://github.com/google/jax"; 28 | license = lib.licenses.asl20; 29 | }; 30 | } 31 | -------------------------------------------------------------------------------- /packages/python-libraries/jaxlib-bin/default.nix: -------------------------------------------------------------------------------- 1 | { 2 | buildPythonPackage 3 | ,tensorflowWithCuda 4 | ,numpy 5 | ,scipy 6 | ,fetchurl 7 | ,wheel 8 | }: 9 | 10 | buildPythonPackage { 11 | pname = "jaxlib"; 12 | version = "?"; 13 | 14 | src = fetchurl { 15 | /* inherit pname version; */ 16 | url = "https://files.pythonhosted.org/packages/b4/4a/3c1a1dc6dd01d45f53fb9afd59a909e1c744bfc7d359309efad12451c7a1/jaxlib-0.1.65-cp38-none-manylinux2010_x86_64.whl"; 17 | sha256 = "19hmkrrcpz4h2rcyqidan9im5qv9kr9j8h12sv5dif65ndwaq0hb"; 18 | }; 19 | 20 | nativeBuildInputs = [ wheel ]; 21 | 22 | propagatedBuildInputs = [ 23 | /* tensorflowWithCuda 24 | numpy 25 | scipy */ 26 | ]; 27 | 28 | preConfigure = '' 29 | unset SOURCE_DATE_EPOCH 30 | # Make sure that dist and the wheel file are writable. 31 | chmod u+rwx -R ./dist 32 | pushd dist 33 | # Unpack the wheel file. 34 | wheel unpack --dest unpacked ./*.whl 35 | 36 | # Pack the wheel file back up. 37 | wheel pack ./unpacked/tensorflow* 38 | popd 39 | ''; 40 | 41 | } 42 | -------------------------------------------------------------------------------- /packages/python-libraries/jaxlib/default.nix: -------------------------------------------------------------------------------- 1 | { lib 2 | 3 | , buildBazelPackage 4 | , bazel 5 | 6 | , buildPythonPackage 7 | , fetchFromGitHub 8 | , python 9 | 10 | , cudatoolkit 11 | 12 | , cython 13 | , tensorflowWithCuda 14 | , numpy 15 | , scipy 16 | , six 17 | }: 18 | 19 | let 20 | 21 | pname = "jaxlib"; 22 | version = "0.1.65"; 23 | 24 | meta = { 25 | description = "XLA library for JAX"; 26 | homepage = "https://github.com/google/jax"; 27 | license = lib.licenses.asl20; 28 | }; 29 | 30 | bazel-build = buildBazelPackage { 31 | name = "bazel-build-${pname}-${version}"; 32 | 33 | bazel = bazel; 34 | 35 | src = fetchFromGitHub { 36 | owner = "google"; 37 | repo = "jax"; 38 | rev = "${pname}-v${version}"; 39 | sha256 = "19f0nljns30lmnwmdc9f0320hcgfkx09hynjwlkrpz4gbynkrnx4"; 40 | }; 41 | 42 | nativeBuildInputs = [ 43 | cython 44 | cudatoolkit 45 | ]; 46 | 47 | propagatedBuildInputs = [ 48 | numpy 49 | scipy 50 | six 51 | tensorflowWithCuda 52 | ]; 53 | 54 | buildBazelPackage = [ "--disable-cuda" ]; 55 | 56 | bazelTarget = "//jaxlib"; 57 | 58 | buildAttrs = { 59 | outputs = [ "out" ]; 60 | }; 61 | 62 | fetchAttrs = { 63 | sha256 = "19j57w6kc0vkfcdwr0qggy3qgrgq82kfa2jrwvvcnij4bl3wj40l"; 64 | }; 65 | 66 | inherit meta; 67 | }; 68 | 69 | 70 | 71 | python-package = buildPythonPackage rec { 72 | inherit pname version; 73 | format = "other"; 74 | 75 | src = bazel-build; 76 | 77 | inherit meta; 78 | }; 79 | 80 | in python-package 81 | -------------------------------------------------------------------------------- /packages/python-libraries/luma.core/default.nix: -------------------------------------------------------------------------------- 1 | { stdenv 2 | , lib 3 | , buildPythonPackage 4 | , fetchPypi 5 | , python 6 | , smbus2 7 | , spidev 8 | , pillow 9 | , pyftdi 10 | , rpi-gpio 11 | , opi-gpio 12 | }: 13 | 14 | buildPythonPackage rec { 15 | pname = "luma.core"; 16 | version = "1.14.0"; 17 | 18 | src = fetchPypi { 19 | inherit pname version; 20 | sha256 = "05a25qzcssprmray11hyihiiasjxjm3n7dzilnwsnyf210gr008m"; 21 | }; 22 | 23 | propagatedBuildInputs = [ pillow pyftdi rpi-gpio smbus2 spidev opi-gpio ]; 24 | 25 | doCheck = false; 26 | 27 | } 28 | -------------------------------------------------------------------------------- /packages/python-libraries/luma.oled/default.nix: -------------------------------------------------------------------------------- 1 | { stdenv 2 | , lib 3 | , buildPythonPackage 4 | , fetchPypi 5 | , python 6 | , luma-core 7 | }: 8 | 9 | buildPythonPackage rec { 10 | pname = "luma.oled"; 11 | version = "3.4.0"; 12 | 13 | src = fetchPypi { 14 | inherit pname version; 15 | sha256 = "0llmi0iji462qwdw0ff4kxlxa00zm9wasm4c3ajmdw72wwsvb8if"; 16 | }; 17 | 18 | propagatedBuildInputs = [ luma-core ]; 19 | 20 | doCheck = false; 21 | 22 | } 23 | -------------------------------------------------------------------------------- /packages/python-libraries/miflora/default.nix: -------------------------------------------------------------------------------- 1 | { stdenv 2 | , lib 3 | , buildPythonPackage 4 | , fetchFromGitHub 5 | , fetchPypi 6 | , python 7 | , pytest 8 | , btlewrap 9 | }: 10 | 11 | buildPythonPackage rec { 12 | pname = "miflora"; 13 | version = "0.4"; 14 | 15 | /* 16 | src = fetchFromGitHub { 17 | owner = "hechi"; 18 | repo = "miflora"; 19 | rev = "bumpversion-0.7"; 20 | sha256 = "0gq6lmgkgixy6n9lcynqpb1imb7b3whnrl9iimv4v8c5cz7vrvay"; 21 | }; 22 | */ 23 | src = fetchFromGitHub { 24 | owner = "open-homeautomation"; 25 | repo = "miflora"; 26 | rev = "master"; 27 | sha256 = "1kdjmmh04xyp9x65iqp4xs31nnlhi4bjqr394q1qzg1vvq2brxhg"; 28 | }; 29 | propagatedBuildInputs = [ btlewrap ]; 30 | 31 | postPatch = '' 32 | sed -i '/install_requires/d' setup.py 33 | rm -rf test 34 | ''; 35 | 36 | checkInputs = [ pytest ]; 37 | doCheck = false; 38 | 39 | } 40 | -------------------------------------------------------------------------------- /packages/python-libraries/numpyro/default.nix: -------------------------------------------------------------------------------- 1 | { stdenv 2 | , lib 3 | , buildPythonPackage 4 | , fetchPypi 5 | , python 6 | }: 7 | 8 | buildPythonPackage rec { 9 | pname = "numpyro"; 10 | version = "0.6.0"; 11 | 12 | src = fetchPypi { 13 | inherit pname version; 14 | sha256 = "18r4byd78sv2k5r6rnrxnbw5j6kmiqpsvz64s5ky8lwlvs27dllp"; 15 | }; 16 | 17 | 18 | } 19 | -------------------------------------------------------------------------------- /packages/python-libraries/opi-gpio/default.nix: -------------------------------------------------------------------------------- 1 | { stdenv 2 | , lib 3 | , buildPythonPackage 4 | , fetchPypi 5 | , python 6 | }: 7 | 8 | buildPythonPackage rec { 9 | pname = "OPi.GPIO"; 10 | version = "0.4.0"; 11 | 12 | src = fetchPypi { 13 | inherit pname version; 14 | sha256 = "0f79qksacfn9hg4bps8l00ly0k55ipfqfyq444dz5dyysg3rvq5a"; 15 | }; 16 | 17 | propagatedBuildInputs = [ ]; 18 | 19 | doCheck = false; 20 | 21 | } 22 | -------------------------------------------------------------------------------- /packages/python-libraries/pydeconz/default.nix: -------------------------------------------------------------------------------- 1 | { stdenv 2 | , buildPythonPackage 3 | , fetchPypi 4 | , aiohttp 5 | }: 6 | 7 | buildPythonPackage rec { 8 | pname = "pydeconz"; 9 | version = "54"; 10 | 11 | src = fetchPypi { 12 | inherit pname version; 13 | sha256 = "0fnq6ak99r9d6j1dmin2wx9cis5xkjp23jvgr1crzjiibk0b441h"; 14 | }; 15 | 16 | propagatedBuildInputs = [ aiohttp ]; 17 | doCheck = false; 18 | 19 | } 20 | -------------------------------------------------------------------------------- /packages/python-libraries/python-periphery/default.nix: -------------------------------------------------------------------------------- 1 | { stdenv 2 | , lib 3 | , buildPythonPackage 4 | , fetchPypi 5 | , python 6 | }: 7 | 8 | buildPythonPackage rec { 9 | pname = "python-periphery"; 10 | version = "2.0.1"; 11 | 12 | src = fetchPypi { 13 | inherit pname version; 14 | sha256 = "1v0qpv0i2kqhjvl6wvvvy29hazjdcym7nn14qzv4r5zq1zsdb92x"; 15 | }; 16 | 17 | 18 | } 19 | -------------------------------------------------------------------------------- /packages/python-libraries/rpi-gpio/default.nix: -------------------------------------------------------------------------------- 1 | { stdenv 2 | , lib 3 | , buildPythonPackage 4 | , fetchPypi 5 | , python 6 | }: 7 | 8 | buildPythonPackage rec { 9 | pname = "RPi.GPIO"; 10 | version = "0.7.0"; 11 | 12 | src = fetchPypi { 13 | inherit pname version; 14 | sha256 = "0gvxp0nfm2ph89f2j2zjv9vl10m0hy0w2rpn617pcrjl41nbq93l"; 15 | }; 16 | 17 | propagatedBuildInputs = [ ]; 18 | 19 | doCheck = false; 20 | 21 | } 22 | -------------------------------------------------------------------------------- /packages/python-libraries/smbus-cffi/default.nix: -------------------------------------------------------------------------------- 1 | { stdenv 2 | , lib 3 | , buildPythonPackage 4 | , fetchPypi 5 | , python 6 | , libffi 7 | , cffi 8 | }: 9 | 10 | buildPythonPackage rec { 11 | pname = "smbus-cffi"; 12 | version = "0.5.1"; 13 | 14 | src = fetchPypi { 15 | inherit pname version; 16 | sha256 = "1s5xsvd6i1z44dz5kz924vqzh6ybnn8323gncdl5h0gwmfm9ahgv"; 17 | }; 18 | 19 | buildInputs = [ libffi ]; 20 | propagatedBuildInputs = [ cffi ]; 21 | 22 | } 23 | -------------------------------------------------------------------------------- /packages/python-libraries/smbus2/default.nix: -------------------------------------------------------------------------------- 1 | { stdenv 2 | , lib 3 | , buildPythonPackage 4 | , fetchPypi 5 | , python 6 | }: 7 | 8 | buildPythonPackage rec { 9 | pname = "smbus2"; 10 | version = "0.3.0"; 11 | 12 | src = fetchPypi { 13 | inherit pname version; 14 | sha256 = "1d1848i0mqm042dl42wcj72f2hhrhi8jgv5k6vl1y2sdpvp6c3i1"; 15 | }; 16 | 17 | 18 | } 19 | -------------------------------------------------------------------------------- /packages/python-libraries/spidev/default.nix: -------------------------------------------------------------------------------- 1 | { stdenv 2 | , lib 3 | , buildPythonPackage 4 | , fetchPypi 5 | , python 6 | }: 7 | 8 | buildPythonPackage rec { 9 | pname = "spidev"; 10 | version = "3.4"; 11 | 12 | src = fetchPypi { 13 | inherit pname version; 14 | sha256 = "104y2w76nlhinxxyg5z10skah4rki5c7ac3zj0y2759xawpya523"; 15 | }; 16 | 17 | } 18 | -------------------------------------------------------------------------------- /packages/python-libraries/spotify_token/default.nix: -------------------------------------------------------------------------------- 1 | { stdenv 2 | , lib 3 | , buildPythonPackage 4 | , fetchPypi 5 | , python 6 | , requests 7 | , beautifulsoup4 8 | , lxml 9 | }: 10 | 11 | buildPythonPackage rec { 12 | pname = "spotify_token"; 13 | version = "1.0.0"; 14 | 15 | src = fetchPypi { 16 | inherit pname version; 17 | sha256 = "1ckcyawws45nqihk1z8m0fr8r3414fxz609ln75xqkdcvsf50a4n"; 18 | }; 19 | 20 | postPatch = '' 21 | echo "" > requirements.txt 22 | ''; 23 | 24 | propagatedBuildInputs = [ requests beautifulsoup4 lxml ]; 25 | 26 | doCheck = false; 27 | 28 | } 29 | -------------------------------------------------------------------------------- /packages/vendor-reset/default.nix: -------------------------------------------------------------------------------- 1 | { stdenv, sources, kernel }: 2 | 3 | stdenv.mkDerivation { 4 | name = "vendor-reset"; 5 | 6 | src = sources.vendor-reset; 7 | 8 | makeFlags = [ 9 | "KDIR=${kernel.dev}/lib/modules/${kernel.modDirVersion}/build" 10 | "INSTALL_MOD_PATH=${placeholder "out"}" 11 | ]; 12 | 13 | meta = { 14 | platforms = stdenv.lib.platforms.linux; 15 | }; 16 | } 17 | -------------------------------------------------------------------------------- /packages/vpp/default.nix: -------------------------------------------------------------------------------- 1 | { lib 2 | , stdenv 3 | , fetchFromGitHub 4 | , cmake 5 | , openssl 6 | , python3 7 | , subunit 8 | , dpdk 9 | , mbedtls_2 10 | , rdma-core 11 | , libnl 12 | , libmnl 13 | , libpcap 14 | , check 15 | , fetchpatch 16 | , jansson 17 | , zstd 18 | , elfutils 19 | }: 20 | 21 | stdenv.mkDerivation rec { 22 | pname = "vpp"; 23 | version = "24.02"; 24 | 25 | src = fetchFromGitHub { 26 | owner = "FDio"; 27 | repo = "vpp"; 28 | rev = "v${version}"; 29 | hash = "sha256-Cfm0Xzsx2UgUvIIeq5wBN6tA9ynCUa5bslEQk8wbd6E="; 30 | }; 31 | 32 | patches = [ 33 | # Important fix part of 24.02 for the Linux Control Plane. 34 | # (fetchpatch { 35 | # name = "fix-looping-netlink-messages.patch"; 36 | # url = "https://gerrit.fd.io/r/changes/vpp~39622/revisions/9/patch?download"; 37 | # decode = "base64 -d"; 38 | # stripLen = 1; 39 | # hash = "sha256-0ZDKJgXrmTzlVSSapdEoP27znKuWUrnjTXZZ4JrximA="; 40 | # }) 41 | # Does not apply cleanly. 42 | # (fetchpatch { 43 | # name = "fix-optional-labels-for-prometheus.patch"; 44 | # url = "https://gerrit.fd.io/r/changes/vpp~40199/revisions/4/patch?download"; 45 | # decode = "base64 -d"; 46 | # stripLen = 1; 47 | # hash = "sha256-exuR4DucNtER2t1ecsjuNxzmhfZkhx6ABeeXmf/qQ4U="; 48 | # }) 49 | ]; 50 | 51 | postPatch = '' 52 | patchShebangs scripts/ 53 | substituteInPlace CMakeLists.txt \ 54 | --replace "plugins tools/vppapigen tools/g2 tools/perftool cmake pkg" "plugins tools/vppapigen tools/g2 tools/perftool cmake" 55 | ''; 56 | 57 | preConfigure = '' 58 | echo "${version}-nixos" > scripts/.version 59 | scripts/version 60 | ''; 61 | 62 | postConfigure = '' 63 | patchShebangs ../tools/ 64 | patchShebangs ../vpp-api/ 65 | ''; 66 | 67 | sourceRoot = "source/src"; 68 | 69 | cmakeFlags = [ "-DVPP_PLATFORM=default" ]; 70 | 71 | # A bunch of GCC13 warnings I suppose. 72 | env.NIX_CFLAGS_COMPILE = "-Wno-array-bounds -Wno-error"; 73 | 74 | nativeBuildInputs = [ 75 | cmake 76 | ]; 77 | 78 | buildInputs = [ 79 | openssl 80 | subunit 81 | dpdk 82 | rdma-core 83 | mbedtls_2 84 | check 85 | libnl 86 | libmnl 87 | libpcap 88 | (python3.withPackages (ps: [ ps.ply ])) 89 | jansson 90 | zstd 91 | elfutils 92 | ]; 93 | 94 | meta = with lib; { 95 | description = ""; 96 | homepage = "https://github.com/FDio/vpp"; 97 | license = licenses.asl20; 98 | maintainers = with maintainers; [ raitobezarius ]; 99 | mainProgram = "vpp"; 100 | platforms = platforms.all; 101 | }; 102 | } 103 | -------------------------------------------------------------------------------- /profiles/bridge-interfaces.nix: -------------------------------------------------------------------------------- 1 | { 2 | boot.kernel.sysctl = { 3 | "net.ipv4.ip_forward" = true; 4 | "net.ipv6.conf.all.forwarding" = true; 5 | "net.ipv4.conf.all.proxy_arp" = true; 6 | }; 7 | } 8 | -------------------------------------------------------------------------------- /profiles/common.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, lib, inputs, ... }: 2 | 3 | { 4 | 5 | imports = [ 6 | ./users.nix 7 | ]; 8 | 9 | boot.kernelParams = [ 10 | "pcie=pcie_bus_perf" 11 | ]; 12 | 13 | networking.hosts = { 14 | "127.0.0.1" = [ "localhost" ]; 15 | "192.168.23.1" = [ "router" ]; 16 | "192.168.23.5" = [ "nixhost" ]; 17 | "192.168.23.8" = [ "trex" ]; 18 | "192.168.23.9" = [ "mikrotik-100g" ]; 19 | "192.168.23.11" = [ "rock-5b" ]; 20 | # "192.168.23.14" = [ "jellyfin" ]; 21 | }; 22 | 23 | nixpkgs.config.permittedInsecurePackages = [ 24 | "aspnetcore-runtime-6.0.36" 25 | "aspnetcore-runtime-wrapped-6.0.36" 26 | "dotnet-sdk-6.0.428" 27 | "dotnet-sdk-wrapped-6.0.428" 28 | ]; 29 | 30 | services.dbus.packages = [ pkgs.gcr ]; 31 | 32 | environment.systemPackages = with pkgs; [ 33 | ethtool 34 | iotop 35 | rsync 36 | ncdu 37 | ]; 38 | 39 | hardware.enableAllFirmware = true; 40 | 41 | services.irqbalance.enable = lib.mkDefault true; 42 | services.fwupd.enable = true; 43 | 44 | nix.optimise.automatic = true; 45 | nix.extraOptions = '' 46 | experimental-features = nix-command flakes 47 | ''; 48 | 49 | location = { 50 | latitude = 51.5; 51 | longitude = 0.0; 52 | }; 53 | 54 | environment.pathsToLink = [ "/share/zsh" ]; 55 | 56 | programs.zsh = { 57 | enable = true; 58 | # enableGlobalCompInit = false; 59 | }; 60 | 61 | services.openssh = { 62 | enable = true; 63 | extraConfig = '' 64 | StreamLocalBindUnlink yes 65 | ''; 66 | }; 67 | 68 | programs.ssh.extraConfig = '' 69 | Host *.lan 70 | # todo.. 71 | StrictHostKeyChecking no 72 | 73 | Match host *.satanic.link !localnetwork 192.168.23.0/24 74 | controlmaster auto 75 | controlpath /tmp/ssh-%r@%h:%p 76 | ProxyCommand ${pkgs.bash}/bin/bash -c "${pkgs.openssh}/bin/ssh -W $(echo %h | cut -d. -f1):%p grw@satanic.link" 77 | ''; 78 | 79 | console = { 80 | font = "Lat2-Terminus16"; 81 | keyMap = "uk"; 82 | }; 83 | 84 | i18n.defaultLocale = "en_GB.UTF-8"; 85 | 86 | security.pam.loginLimits = [{ 87 | domain = "*"; 88 | type = "soft"; 89 | item = "nofile"; 90 | value = "262144"; 91 | }]; 92 | 93 | systemd.services.nix-daemon.serviceConfig.LimitNOFILE = lib.mkForce 262144; 94 | 95 | nixpkgs.config = { 96 | allowUnfree = true; 97 | allowBroken = true; 98 | }; 99 | 100 | nix = { 101 | settings = { 102 | trusted-users = [ "grw" ]; 103 | substituters = [ 104 | "https://cuda-maintainers.cachix.org" 105 | ]; 106 | trusted-public-keys = [ 107 | "cuda-maintainers.cachix.org-1:0dq3bujKpuEPMCX6U4WylrUDZ9JyUG0VpVZa7CNfq5E=" 108 | ]; 109 | download-buffer-size = 1024 * 1024 * 1024; 110 | }; 111 | gc = { 112 | automatic = true; 113 | dates = pkgs.lib.mkDefault "weekly"; 114 | }; 115 | }; 116 | 117 | } 118 | -------------------------------------------------------------------------------- /profiles/container.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | { 4 | imports = [ ./common.nix ]; 5 | 6 | boot.isContainer = true; 7 | time.timeZone = "Europe/London"; 8 | 9 | services.fwupd.enable = lib.mkForce false; 10 | 11 | i18n.supportedLocales = [ (config.i18n.defaultLocale + "/UTF-8") ]; 12 | 13 | services = { 14 | irqbalance.enable = lib.mkForce false; 15 | }; 16 | 17 | networking = { 18 | interfaces.eth0 = { 19 | useDHCP = true; 20 | }; 21 | useHostResolvConf = false; 22 | nameservers = [ "192.168.23.1" ]; 23 | }; 24 | } 25 | -------------------------------------------------------------------------------- /profiles/crypto/bitcoin.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, lib, inputs, ... }: 2 | 3 | { 4 | imports = [ inputs.nix-bitcoin.nixosModules.default ]; 5 | 6 | # bitcoind 7 | fileSystems."/var/lib/bitcoind" = 8 | { 9 | device = "nvpool/root/bitcoind"; 10 | fsType = "zfs"; 11 | options = [ "nofail" "sync=disabled" ]; 12 | }; 13 | 14 | systemd.services.bitcoind.unitConfig.RequiresMountsFor = [ config.services.bitcoind.dataDir ]; 15 | 16 | # chown bitcoind data dir 17 | nix-bitcoin = { 18 | generateSecrets = true; 19 | secretsDir = "/var/lib/bitcoind"; 20 | }; 21 | 22 | services.bitcoind = { 23 | enable = true; 24 | dataDir = "/var/lib/bitcoind"; 25 | dataDirReadableByGroup = true; 26 | disablewallet = true; 27 | rpc = { 28 | users = lib.mkForce { }; 29 | # address = lanAddr; 30 | }; 31 | }; 32 | } 33 | -------------------------------------------------------------------------------- /profiles/crypto/default.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | { 4 | 5 | imports = [ 6 | ./bitcoin.nix 7 | ./geth.nix 8 | ./monero.nix 9 | ]; 10 | } 11 | -------------------------------------------------------------------------------- /profiles/crypto/geth.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, inputs, ... }: 2 | 3 | { 4 | 5 | # ethereum 6 | fileSystems."/var/lib/lighthouse" = 7 | { 8 | device = "nvpool/root/ethereum/lighthouse-geth-mainnet"; 9 | fsType = "zfs"; 10 | options = [ "nofail" "sync=disabled" ]; 11 | }; 12 | 13 | fileSystems."/var/lib/private/goethereum" = 14 | { 15 | device = "nvpool/root/ethereum/geth-mainnet"; 16 | fsType = "zfs"; 17 | options = [ "nofail" "sync=disabled" ]; 18 | }; 19 | 20 | deployment.keys = { 21 | "LIGHTHOUSE_JWT" = { 22 | keyCommand = [ "pass" "erigon-gpg" ]; 23 | destDir = "/run/keys"; 24 | uploadAt = "pre-activation"; 25 | }; 26 | "LIGHTHOUSE_JWT_GETH" = { 27 | keyCommand = [ "pass" "erigon-gpg" ]; 28 | destDir = "/var/lib/goethereum/mainnet"; 29 | uploadAt = "pre-activation"; 30 | permissions = "0444"; 31 | }; 32 | }; 33 | 34 | # use lighthouse from nix-ethereum 35 | nixpkgs.overlays = [ 36 | (self: _: { 37 | geth = inputs.ethereum.packages.${pkgs.system}.geth; 38 | lighthouse = inputs.ethereum.packages.${pkgs.system}.lighthouse; 39 | }) 40 | ]; 41 | 42 | services.lighthouse = { 43 | beacon = { 44 | enable = true; 45 | dataDir = "/var/lib/lighthouse"; 46 | address = "192.168.23.5"; 47 | execution = { 48 | address = "127.0.0.1"; 49 | port = 8551; 50 | jwtPath = "/run/keys/LIGHTHOUSE_JWT"; 51 | }; 52 | metrics = { 53 | enable = true; 54 | port = 5054; 55 | }; 56 | }; 57 | extraArgs = '' 58 | --checkpoint-sync-url=https://mainnet.checkpoint.sigp.io \ 59 | --disable-deposit-contract-sync 60 | ''; 61 | }; 62 | 63 | systemd.services.lighthouse-beacon.unitConfig = { 64 | RequiresMountsFor = [ config.services.lighthouse.beacon.dataDir ]; 65 | ConditionPathExists = config.services.lighthouse.beacon.execution.jwtPath; 66 | }; 67 | 68 | services.geth = 69 | let 70 | apis = [ "net" "eth" "txpool" "debug" ]; 71 | mainnet = { 72 | metrics = 6060; 73 | p2p = 30030; 74 | http = 8545; 75 | ws = 8546; 76 | }; 77 | in 78 | { 79 | mainnet = with mainnet; { 80 | enable = true; 81 | package = inputs.ethereum.packages.${pkgs.system}.geth; 82 | maxpeers = 128; 83 | syncmode = "snap"; 84 | gcmode = "archive"; 85 | metrics = { 86 | enable = true; 87 | address = "0.0.0.0"; 88 | port = metrics; 89 | }; 90 | port = p2p; 91 | http = { 92 | enable = true; 93 | port = http; 94 | address = "0.0.0.0"; # firewalled 95 | inherit apis; 96 | }; 97 | websocket = { 98 | enable = true; 99 | port = ws; 100 | address = "0.0.0.0"; # firewalled 101 | inherit apis; 102 | }; 103 | authrpc = { 104 | enable = true; 105 | address = "localhost"; 106 | port = 8551; 107 | jwtsecret = "/var/lib/goethereum/mainnet/LIGHTHOUSE_JWT_GETH"; 108 | }; 109 | extraArgs = [ 110 | "--cache=16000" 111 | "--http.vhosts=eth-mainnet.satanic.link,eth-mainnet-ws.satanic.link,localhost,127.0.0.1" 112 | ]; 113 | }; 114 | }; 115 | 116 | systemd.services.geth-mainnet.unitConfig = { 117 | RequiresMountsFor = [ "/var/lib/private/goethereum" ]; 118 | ConditionPathExists = config.services.geth.mainnet.authrpc.jwtsecret; 119 | }; 120 | 121 | } 122 | -------------------------------------------------------------------------------- /profiles/crypto/monero.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: 2 | { 3 | 4 | # monero 5 | fileSystems."/var/lib/monero" = 6 | { 7 | device = "nvpool/root/monero"; 8 | fsType = "zfs"; 9 | options = [ "nofail" "sync=disabled" ]; 10 | }; 11 | 12 | services.monero = { 13 | enable = true; 14 | dataDir = "/var/lib/monero"; 15 | rpc = { 16 | address = "192.168.23.5"; 17 | }; 18 | extraConfig = '' 19 | confirm-external-bind=1 20 | ''; 21 | }; 22 | 23 | systemd.services.monero.unitConfig.RequiresMountsFor = [ config.services.monero.dataDir ]; 24 | 25 | } 26 | -------------------------------------------------------------------------------- /profiles/development.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, inputs, ... }: 2 | 3 | { 4 | boot.kernel.sysctl."fs.inotify.max_user_watches" = "1048576"; 5 | programs.nix-ld.enable = true; 6 | 7 | environment.systemPackages = with pkgs; [ 8 | fswatch 9 | screen 10 | wget 11 | rsync 12 | 13 | xz 14 | unzip 15 | #unrar 16 | file 17 | 18 | iperf 19 | vnstat 20 | iotop 21 | nethogs 22 | ncdu 23 | dstat 24 | arp-scan 25 | libpcap 26 | 27 | lshw 28 | usbutils 29 | pciutils 30 | wirelesstools 31 | psmisc 32 | psutils 33 | pwgen 34 | jq 35 | 36 | niv 37 | nixpkgs-fmt 38 | nix-prefetch-git 39 | nixos-option 40 | screen 41 | ]; 42 | 43 | nix = { 44 | nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; # Enables use of `nix-shell -p ...` etc 45 | registry.nixpkgs.flake = inputs.nixpkgs; # Make `nix shell` etc use pinned nixpkgs 46 | }; 47 | 48 | services.udev.packages = [ pkgs.platformio ]; 49 | 50 | services.postgresql = { 51 | package = pkgs.postgresql_14; 52 | enable = true; 53 | enableTCPIP = true; 54 | # extraPlugins = with pkgs.postgresqlPackages; [ 55 | # timescaledb 56 | # ]; 57 | }; 58 | 59 | services.redis = { 60 | servers.default = { 61 | enable = true; 62 | }; 63 | }; 64 | 65 | virtualisation.docker = { 66 | enable = true; 67 | autoPrune = { 68 | enable = true; 69 | flags = [ "--all" ]; 70 | }; 71 | }; 72 | 73 | } 74 | -------------------------------------------------------------------------------- /profiles/fastlan.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, lib, ... }: 2 | 3 | { 4 | boot.kernel.sysctl = { 5 | 6 | "net.core.rmem_max" = 268435456; 7 | "net.core.wmem_max" = 268435456; 8 | 9 | "net.ipv4.conf.default.rp_filter" = 0; 10 | "net.ipv4.conf.all.rp_filter" = 0; 11 | 12 | "net.ipv4.conf.all.force_igmp_version" = 2; 13 | "net.ipv4.conf.default.force_igmp_version" = 2; 14 | 15 | "net.ipv4.neigh.default.gc_thresh3" = 4096; 16 | "net.ipv4.neigh.default.gc_thresh2" = 2048; 17 | "net.ipv4.neigh.default.gc_thresh1" = 1024; 18 | 19 | "net.ipv4.igmp_max_memberships" = 1024; 20 | }; 21 | 22 | services.avahi = { 23 | enable = true; 24 | reflector = true; 25 | }; 26 | } 27 | -------------------------------------------------------------------------------- /profiles/g_ether.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | let 3 | bridgeName = "br0"; 4 | in 5 | { 6 | 7 | fileSystems."/export/store" = { 8 | device = "/nix/store"; 9 | options = [ "bind" "ro" ]; 10 | }; 11 | 12 | services.nfs.server = { 13 | enable = true; 14 | exports = '' 15 | /export 192.168.23.0/24(rw,fsid=0,no_subtree_check) 16 | /export/store 192.168.23.0/24(ro,no_root_squash,nohide,all_squash,anonuid=1000,anongid=1000,insecure,no_subtree_check) 17 | ''; 18 | }; 19 | 20 | networking.firewall.allowedTCPPorts = [ 21 | 111 # nfs? 22 | 2049 # nfs 23 | 4000 24 | 4001 25 | 4002 26 | 4003 27 | 138 # smb 28 | 445 # smb 29 | 548 # netatalk 30 | 10809 # nbd 31 | 32 | # nfs 33 | 20048 34 | 40531 35 | 46675 36 | ]; 37 | 38 | networking.firewall.allowedUDPPorts = [ 39 | 111 # nfs? 40 | 2049 # nfs 41 | 138 # smb 42 | 445 # smb 43 | 44 | # nfs 45 | 20048 46 | 37914 47 | 42074 48 | ]; 49 | /*# Create an empty bridge 50 | networking.bridges.${bridgeName} = { 51 | interfaces = []; 52 | }; 53 | 54 | networking.interfaces.${bridgeName} = { 55 | ipAddress = "10.0.10.1/24"; 56 | };*/ 57 | 58 | # Auto-chmod pre-boot devices and trigger bridge job for new interfaces 59 | services.udev.extraRules = '' 60 | SUBSYSTEM=="usb", ATTRS{idVendor}=="13d3", ATTRS{idProduct}=="3404", ATTR{authorized}="0" 61 | 62 | # Rename and chown to users 63 | SUBSYSTEM=="usb", ATTRS{idVendor}=="04e8", ATTRS{idProduct}=="1234", GROUP="users", MODE="0660", SYMLINK+="usb-loader-m3" 64 | SUBSYSTEM=="usb", ATTRS{idVendor}=="1f3a", ATTRS{idProduct}=="efe8", GROUP="users", MODE="0660", SYMLINK+="sunxi-fel" 65 | SUBSYSTEM=="usb", ATTRS{idVendor}=="2207", ATTRS{idProduct}=="330c", GROUP="users", MODE="0660", SYMLINK+="rockchip-rk3399" 66 | 67 | SUBSYSTEM=="usb", ATTRS{idVendor}=="0e8d", ATTRS{idProduct}=="2000", ENV{ID_MM_DEVICE_IGNORE}="1", GROUP="users", MODE="0660", SYMLINK+="mtk-preloader" 68 | 69 | SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="0483", GROUP="users", MODE="0660", SYMLINK+="stm32" 70 | SUBSYSTEM=="usb", ATTRS{idVendor}=="0483", ATTRS{idProduct}=="df11", GROUP="users", MODE="0660", SYMLINK+="stm32-dfu" 71 | 72 | # VIA Labs, Inc. USB3.0 Hub 73 | SUBSYSTEM=="usb", ATTRS{idVendor}=="2109", ATTRS{idProduct}=="2811", GROUP="users", MODE="0660", SYMLINK+="smart-hub" 74 | 75 | # platform usb 76 | SUBSYSTEM=="net" KERNEL=="enp*u[0-9]", DRIVERS=="rndis_host", RUN+="${pkgs.systemd}/bin/systemctl --no-block start bridge-rndis@%k.service" 77 | SUBSYSTEM=="net" KERNEL=="enp*u[0-9]", DRIVERS=="cdc_eem", RUN+="${pkgs.systemd}/bin/systemctl --no-block start bridge-rndis@%k.service" 78 | 79 | ''; 80 | 81 | # Add new interface to bridge 82 | systemd.services."bridge-rndis@" = { 83 | bindsTo = [ "sys-subsystem-net-devices-%i.device" ]; 84 | serviceConfig = { 85 | Type = "simple"; 86 | ExecStartPre = "${pkgs.bridge-utils}/bin/brctl setfd ${bridgeName} 0"; 87 | ExecStart = "${pkgs.stdenv.shell} -c '${pkgs.bridge-utils}/bin/brctl addif ${bridgeName} %I && ${pkgs.iproute2}/bin/ip addr add 0.0.0.0 dev %I'"; 88 | ExecStartPost = "${pkgs.stdenv.shell} -c '${pkgs.inetutils}/bin/ifconfig %I up'"; 89 | }; 90 | }; 91 | 92 | networking.firewall.allowedTCPPortRanges = [{ from = 50000; to = 51000; }]; 93 | 94 | } 95 | -------------------------------------------------------------------------------- /profiles/gpg-yubikey.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | { 4 | services.udev.extraRules = '' 5 | # Copyright (C) 2013-2015 Yubico AB 6 | # 7 | # This program is free software; you can redistribute it and/or modify it 8 | # under the terms of the GNU Lesser General Public License as published by 9 | # the Free Software Foundation; either version 2.1, or (at your option) 10 | # any later version. 11 | # 12 | # This program is distributed in the hope that it will be useful, but 13 | # WITHOUT ANY WARRANTY; without even the implied warranty of 14 | # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser 15 | # General Public License for more details. 16 | # 17 | # You should have received a copy of the GNU Lesser General Public License 18 | # along with this program; if not, see . 19 | 20 | # this udev file should be used with udev 188 and newer 21 | ACTION!="add|change", GOTO="u2f_end" 22 | 23 | # Yubico YubiKey 24 | KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1050", ATTRS{idProduct}=="0113|0114|0115|0116|0120|0200|0402|0403|0406|0407|0410", TAG+="uaccess" 25 | 26 | # Happlink (formerly Plug-Up) Security KEY 27 | KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2581", ATTRS{idProduct}=="f1d0", TAG+="uaccess" 28 | 29 | # Neowave Keydo and Keydo AES 30 | KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1e0d", ATTRS{idProduct}=="f1d0|f1ae", TAG+="uaccess" 31 | 32 | # HyperSecu HyperFIDO 33 | KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e|2ccf", ATTRS{idProduct}=="0880", TAG+="uaccess" 34 | 35 | # Feitian ePass FIDO 36 | KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="096e", ATTRS{idProduct}=="0850|0852|0853|0854|0856|0858|085a|085b", TAG+="uaccess" 37 | 38 | # JaCarta U2F 39 | KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="24dc", ATTRS{idProduct}=="0101", TAG+="uaccess" 40 | 41 | # U2F Zero 42 | KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="10c4", ATTRS{idProduct}=="8acf", TAG+="uaccess" 43 | 44 | # VASCO SeccureClick 45 | KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1a44", ATTRS{idProduct}=="00bb", TAG+="uaccess" 46 | 47 | # Bluink Key 48 | KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="2abe", ATTRS{idProduct}=="1002", TAG+="uaccess" 49 | 50 | # Thetis Key 51 | KERNEL=="hidraw*", SUBSYSTEM=="hidraw", ATTRS{idVendor}=="1ea8", ATTRS{idProduct}=="f025", TAG+="uaccess" 52 | 53 | LABEL="u2f_end" 54 | ''; 55 | } 56 | -------------------------------------------------------------------------------- /profiles/headless.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | { 4 | 5 | services.xserver.enable = false; 6 | 7 | } 8 | -------------------------------------------------------------------------------- /profiles/hetzner-dev.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, lib, ... }: { 2 | 3 | #boot.kernelPackages = pkgs.linuxPackages_latest_lto_zen3; 4 | boot.kernelPackages = pkgs.linuxPackages_latest; 5 | 6 | services.postgresql = { 7 | enable = true; 8 | enableTCPIP = true; 9 | authentication = '' 10 | local all all peer 11 | host all all 192.168.23.0/24 trust # trust all from vpn 12 | ''; 13 | ensureDatabases = [ "uniswap" "cryptoball" ]; 14 | ensureUsers = [ 15 | { 16 | name = "uniswap"; 17 | ensurePermissions = { 18 | "DATABASE uniswap" = "ALL PRIVILEGES"; 19 | "DATABASE cryptoball" = "ALL PRIVILEGES"; 20 | }; 21 | } 22 | { 23 | name = "grw"; 24 | ensurePermissions = { 25 | "DATABASE postgres" = "ALL PRIVILEGES"; 26 | "DATABASE uniswap" = "ALL PRIVILEGES"; 27 | "DATABASE cryptoball" = "ALL PRIVILEGES"; 28 | }; 29 | } 30 | { 31 | name = "sf"; 32 | ensurePermissions = { 33 | "DATABASE postgres" = "ALL PRIVILEGES"; 34 | "DATABASE uniswap" = "ALL PRIVILEGES"; 35 | "ALL TABLES IN SCHEMA public" = "ALL"; 36 | }; 37 | } 38 | { 39 | name = "jupyter"; 40 | ensurePermissions = { 41 | "DATABASE uniswap" = "ALL PRIVILEGES"; 42 | "ALL TABLES IN SCHEMA public" = "ALL"; 43 | }; 44 | } 45 | ]; 46 | }; 47 | 48 | systemd.services.postgresql.postStart = pkgs.lib.mkAfter '' 49 | $PSQL -tAc 'ALTER USER grw CREATEDB;' 50 | $PSQL -tAc 'ALTER USER sf CREATEDB;' 51 | $PSQL uniswap -tAc 'GRANT ALL ON ALL TABLES IN SCHEMA public TO "uniswap"' 52 | $PSQL uniswap -tAc 'GRANT ALL ON ALL SEQUENCES IN SCHEMA public TO "uniswap"' 53 | $PSQL uniswap -tAc 'GRANT ALL ON ALL TABLES IN SCHEMA public TO "sf"' 54 | $PSQL uniswap -tAc 'GRANT ALL ON ALL SEQUENCES IN SCHEMA public TO "sf"' 55 | $PSQL uniswap -tAc 'GRANT ALL ON ALL TABLES IN SCHEMA public TO "jupyter"' 56 | $PSQL uniswap -tAc 'GRANT ALL ON ALL SEQUENCES IN SCHEMA public TO "jupyter"' 57 | $PSQL uniswap -tAc 'GRANT ALL ON ALL TABLES IN SCHEMA public TO "grw"' 58 | $PSQL uniswap -tAc 'GRANT ALL ON ALL SEQUENCES IN SCHEMA public TO "grw"' 59 | 60 | $PSQL uniswap -tAc 'GRANT ALL ON ALL TABLES IN SCHEMA cryptoball TO "sf"' 61 | $PSQL uniswap -tAc 'GRANT ALL ON ALL SEQUENCES IN SCHEMA cryptoball TO "sf"' 62 | ''; 63 | 64 | virtualisation.docker.enable = true; 65 | 66 | nix.settings.trusted-users = [ "grw" "sf" ]; 67 | users.extraUsers.sf = { 68 | isNormalUser = true; 69 | extraGroups = [ 70 | "docker" 71 | ]; 72 | openssh.authorizedKeys.keys = [ 73 | # sf key 74 | "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDsEs4RIxouNDuknNbiCyGet2xQ/v74eqUmtYILlsDc3XToJqo3S/0bjiwSFUViyns1jecn943tjVEKmsMA0aKjp2KM4lu1fwBD6z3c81H+oPFCmOyFCAierxjNsgSmr9VbZechVF8a5Tk24/kvbkbNysS5k+PpabepJxvE0Zx1Idp95Yw/8jLhYqzIU28MasYdSmGCBXyEJG4LRQmfR0GAsOOsmGTWQ8MT7WIkK0UatOVOG2TKdRvfuHKlKp/ioyByk0DYFeAKbJKI1hdl3Kn2ESArC2duOznrdvIPRgC32U9F9jOWDrl47kgkwJ9Eog3j3VG5vSLdxmLVi9lYs9HTro16K8z+9E85fG30aIYCtd5JgsWUBBI1M6sqNgCfHSECFJeVv/R+fdVWNmxMzb7PbL8GHIJwHuH1LT2LSoU+VycF4DkqNO6MzRuoeQfXmCdfRW+HjWVZQCs0D4YYQCvB6HfTuErRHrBYnvHDS39HWuuYvPDga3X+QlfZYFYUyCW7zZGf0soquSmo0BN2cQOW0Zj3Kq5+CrIisWQhJGwkN+mTkqF5u692ZSyAgo1Ae7npCc0ATf/42ZQrmgCw+BLIDNMwX/X5FN5gxugRNolgcLIgP8dDjesqmQIBka8R2IJx/lSNCuMjP+JNahDVsNW/9o9Mw+wL2UnSv3axQAkN1Q== sf@chaminade" 75 | ]; 76 | }; 77 | 78 | } 79 | -------------------------------------------------------------------------------- /profiles/home.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, lib, ... }: 2 | 3 | { 4 | # Config for machines on home network 5 | time.timeZone = "Europe/Zurich"; 6 | 7 | nix.settings = { 8 | binary-caches = [ 9 | https://cache.nixos.org 10 | ]; 11 | trusted-public-keys = [ 12 | "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" 13 | ]; 14 | }; 15 | 16 | # Collect metrics for prometheus 17 | services.prometheus.exporters = { 18 | node = { 19 | enable = true; 20 | openFirewall = false; 21 | enabledCollectors = [ "systemd" ]; 22 | }; 23 | }; 24 | 25 | services.cadvisor = { 26 | enable = true; 27 | listenAddress = "0.0.0.0"; 28 | port = 58080; 29 | }; 30 | 31 | networking.firewall.allowedTCPPorts = [ 58080 ]; 32 | networking.nameservers = [ "192.168.23.1" ]; 33 | services.udev.extraRules = '' 34 | ACTION=="add", SUBSYSTEM=="powercap", MODE="0666" 35 | ''; 36 | 37 | } 38 | -------------------------------------------------------------------------------- /profiles/intel-gfx.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: 2 | 3 | 4 | { 5 | 6 | boot = { 7 | extraModprobeConfig = '' 8 | options kvm_intel nested=1 9 | options i915 enable_psr=1 enable_fbc=1 enable_gvt=1 enable_guc=3 enable_fbc=1 fastboot=1 perf_stream_paranoid=0 10 | ''; 11 | kernelModules = [ "kvm_intel" ]; 12 | kernelParams = [ "intel_iommu=on" ]; 13 | initrd.kernelModules = [ "i915" ]; 14 | }; 15 | 16 | environment.systemPackages = with pkgs; [ 17 | libva 18 | clinfo 19 | intel-gpu-tools 20 | sycl-info 21 | ]; 22 | 23 | nixpkgs.config.packageOverrides = pkgs: { 24 | vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; 25 | }; 26 | 27 | hardware.graphics = { 28 | enable = true; 29 | extraPackages = with pkgs; [ 30 | libva 31 | intel-media-driver 32 | intel-vaapi-driver # previously vaapiIntel 33 | vaapiVdpau 34 | libvdpau-va-gl 35 | intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in) 36 | vpl-gpu-rt # QSV on 11th gen or newer 37 | intel-media-sdk # QSV up to 11th gen 38 | ]; 39 | }; 40 | } 41 | -------------------------------------------------------------------------------- /profiles/jaeger.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | { 4 | systemd.services.jaeger-all-in-one = { 5 | enable = true; 6 | description = "bar"; 7 | unitConfig = { 8 | Type = "simple"; 9 | }; 10 | serviceConfig = { 11 | ExecStart = '' 12 | ${pkgs.docker}/bin/docker run \ 13 | --rm \ 14 | --name jaeger \ 15 | -e COLLECTOR_ZIPKIN_HOST_PORT=:9411 \ 16 | --net host \ 17 | jaegertracing/all-in-one:latest 18 | ''; 19 | }; 20 | wantedBy = [ "multi-user.target" ]; 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /profiles/luks-yubi.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: 2 | 3 | { 4 | # Ref: https://github.com/sgillespie/nixos-yubikey-luks 5 | # Howto: 6 | # - nix-shell https://github.com/sgillespie/nixos-yubikey-luks/archive/master.tar.gz 7 | # read -s LUKS_KEY 8 | # echo -n "$LUKS_KEY" | hextorb | sudo cryptsetup open /dev/nvme0n1p3 encrypted --key-file=- 9 | # sudo mount /dev/mapper/vg0-nixos /mnt 10 | # sudo mount /dev/nvme0n1p1 /mnt/boot/ 11 | # sudo nixos-enter 12 | 13 | # mkdir -p /boot/crypt-storage 14 | # read -s SALT 15 | # ITERATIONS=1000000 16 | # echo -ne "$SALT\n$ITERATIONS" > /boot/crypt-storage/default 17 | 18 | # ln -s -f /etc/nixos/machines/x86/yoga/configuration.nix /etc/nixos/configuration.nix 19 | # nixos-install --root / -I home-manager=https://github.com/rycee/home-manager/archive/master.tar.gz --no-root-password 20 | 21 | boot.loader = { 22 | efi = { 23 | canTouchEfiVariables = true; 24 | efiSysMountPoint = "/boot"; 25 | }; 26 | grub = { 27 | efiSupport = true; 28 | device = "nodev"; 29 | }; 30 | }; 31 | 32 | boot.kernelParams = [ "boot.shell_on_fail" ]; 33 | boot.initrd = { 34 | kernelModules = [ 35 | "dm_crypt" 36 | "trusted" 37 | "encrypted_keys" 38 | "r8152" 39 | "nvme" 40 | "vfat" 41 | "nls_cp437" 42 | "nls_iso8859-1" 43 | "usbhid" 44 | "cbc" 45 | "aesni_intel" 46 | "r8169" 47 | ]; 48 | luks = { 49 | yubikeySupport = true; 50 | cryptoModules = [ "aes" "xts" "sha256" "sha512" "cbc" ]; 51 | devices."encrypted" = { 52 | device = "/dev/nvme0n1p3"; 53 | 54 | yubikey = { 55 | slot = 2; 56 | twoFactor = true; 57 | gracePeriod = 30; 58 | keyLength = 64; 59 | saltLength = 16; 60 | 61 | storage = { 62 | device = "/dev/disk/by-label/EFI"; 63 | fsType = "vfat"; 64 | path = "/crypt-storage/default"; 65 | }; 66 | }; 67 | }; 68 | }; 69 | }; 70 | } 71 | -------------------------------------------------------------------------------- /profiles/nas-mounts.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: 2 | 3 | let 4 | options = [ "nofail" "rsize=32768" "wsize=32768" "nconnect=4" ]; 5 | in 6 | { 7 | services.rpcbind.enable = true; 8 | 9 | fileSystems."/mnt/Home" = 10 | { 11 | device = "192.168.23.5:/export/home"; 12 | fsType = "nfs"; 13 | inherit options; 14 | }; 15 | 16 | fileSystems."/mnt/Media" = 17 | { 18 | device = "192.168.23.5:/export/media"; 19 | fsType = "nfs"; 20 | inherit options; 21 | }; 22 | 23 | } 24 | -------------------------------------------------------------------------------- /profiles/nbd-overlayfs.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: { } 2 | 3 | # { 4 | 5 | # boot.loader.grub.enable = false; 6 | 7 | # fileSystems."/" = { 8 | # fsType = "tmpfs"; 9 | # options = [ "mode=0755" ]; 10 | # neededForBoot = true; 11 | # }; 12 | 13 | # fileSystems."/nix/.ro-store" = 14 | # { 15 | # device = "192.168.23.130:/store"; 16 | # fsType = "nfs4"; 17 | # options = [ "ro" "rsize=32768" "wsize=32768" "noacl" "nolock" ]; 18 | # neededForBoot = true; 19 | # }; 20 | 21 | # fileSystems."/nix/.rw-store" = 22 | # { 23 | # device = "/dev/nbd0"; 24 | # fsType = "ext2"; 25 | # neededForBoot = true; 26 | # }; 27 | 28 | # fileSystems."/nix/store" = 29 | # { 30 | # device = "overlay"; 31 | # fsType = "overlay"; 32 | # options = [ 33 | # "rw" "relatime" 34 | # "default_permissions" 35 | # "lowerdir=/nix/.rw-store/lower" 36 | # "workdir=/nix/.rw-store/work" 37 | # "upperdir=/nix/.rw-store/upper" 38 | # ]; 39 | # noCheck = true; 40 | # neededForBoot = true; 41 | # }; 42 | 43 | # fileSystems."/tmp" = { 44 | # device = "/nix/.rw-store/tmp"; 45 | # options = [ "bind" ]; 46 | # noCheck = true; 47 | # }; 48 | 49 | # boot.initrd.availableKernelModules = [ "nfsv4" "overlay" "nbd" ]; 50 | 51 | # usb-gadget = { 52 | # enable = true; 53 | # initrdDHCP = true; 54 | # }; 55 | 56 | # boot.initrd.nbd = { 57 | # enable = true; 58 | # devices = { 59 | # nbd0 = { hostname = "192.168.23.130"; port = "10809"; }; 60 | # }; 61 | # postCommands = '' 62 | # echo "Preparing RW store" 63 | # mkfs.ext2 /dev/nbd0 64 | # mkdir /scratch 65 | # mount /dev/nbd0 /scratch 66 | # mkdir -p 0755 /scratch/lower /scratch/upper /scratch/work /scratch/tmp 67 | # echo "Created mountpoints" 68 | # sync 69 | # umount /scratch 70 | # ''; 71 | # }; 72 | 73 | # } 74 | -------------------------------------------------------------------------------- /profiles/nvidia.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | { 4 | 5 | nixpkgs.config.cudaSupport = true; 6 | 7 | hardware.nvidia = { 8 | # Modesetting is required. 9 | modesetting.enable = true; 10 | 11 | # Nvidia power management. Experimental, and can cause sleep/suspend to fail. 12 | # Enable this if you have graphical corruption issues or application crashes after waking 13 | # up from sleep. This fixes it by saving the entire VRAM memory to /tmp/ instead 14 | # of just the bare essentials. 15 | powerManagement.enable = false; 16 | 17 | # Fine-grained power management. Turns off GPU when not in use. 18 | # Experimental and only works on modern Nvidia GPUs (Turing or newer). 19 | powerManagement.finegrained = false; 20 | 21 | # Use the NVidia open source kernel module (not to be confused with the 22 | # independent third-party "nouveau" open source driver). 23 | # Support is limited to the Turing and later architectures. Full list of 24 | # supported GPUs is at: 25 | # https://github.com/NVIDIA/open-gpu-kernel-modules#compatible-gpus 26 | # Only available from driver 515.43.04+ 27 | # Currently alpha-quality/buggy, so false is currently the recommended setting. 28 | open = false; 29 | 30 | # Enable the Nvidia settings menu, 31 | # accessible via `nvidia-settings`. 32 | nvidiaSettings = true; 33 | 34 | # Optionally, you may need to select the appropriate driver version for your specific GPU. 35 | package = config.boot.kernelPackages.nvidiaPackages.production; 36 | }; 37 | } 38 | -------------------------------------------------------------------------------- /profiles/radeon.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | { 4 | 5 | boot.kernelParams = [ 6 | "amdgpu.ppfeaturemask=0xffffffff" 7 | ]; 8 | 9 | hardware.amdgpu = { 10 | initrd.enable = true; 11 | opencl.enable = true; 12 | # crashes gpu?!?! 13 | # amdvlk.enable = true; 14 | }; 15 | 16 | hardware.graphics = { 17 | enable = true; 18 | enable32Bit = true; 19 | }; 20 | 21 | systemd.tmpfiles.rules = [ 22 | "L+ /opt/rocm/hip - - - - ${pkgs.rocmPackages.clr}" 23 | ]; 24 | 25 | environment.systemPackages = with pkgs; [ 26 | clinfo 27 | radeontop 28 | rocmPackages.rocm-smi 29 | rocmPackages.rocminfo 30 | ]; 31 | } 32 | -------------------------------------------------------------------------------- /profiles/thinkpad.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | { 4 | 5 | boot.initrd.kernelModules = [ "thinkpad-acpi" "acpi-call" ]; 6 | boot.kernelParams = [ 7 | "msr.allow_writes=on" 8 | "cpuidle.governor=teo" 9 | "thinkpad_acpi.fan_control=1" 10 | ]; 11 | 12 | /* 13 | boot.kernelPatches = [{ 14 | name = "enable-teo"; 15 | patch = null; 16 | extraConfig = '' 17 | CPU_IDLE_GOV_TEO y 18 | ''; 19 | }]; 20 | */ 21 | 22 | boot.extraModulePackages = [ 23 | config.boot.kernelPackages.acpi_call 24 | config.boot.kernelPackages.tp_smapi 25 | ]; 26 | 27 | environment.systemPackages = with pkgs; [ 28 | modemmanager 29 | msr-tools 30 | networkmanagerapplet 31 | powertop 32 | libqmi 33 | ]; 34 | 35 | services.geoclue2.enable = true; 36 | services.localtimed.enable = true; 37 | 38 | hardware.bluetooth = { 39 | enable = true; 40 | powerOnBoot = true; 41 | }; 42 | 43 | hardware.trackpoint = { 44 | enable = true; 45 | emulateWheel = true; 46 | speed = 250; 47 | sensitivity = 100; 48 | }; 49 | 50 | services.tlp = { 51 | enable = true; 52 | settings = { 53 | CPU_SCALING_GOVERNOR_ON_AC = "ondemand"; 54 | CPU_SCALING_GOVERNOR_ON_BAT = "powersave"; 55 | 56 | START_CHARGE_THRESH_BAT0 = 80; 57 | STOP_CHARGE_THRESH_BAT0 = 85; 58 | 59 | USB_BLACKLIST_PHONE = 1; 60 | }; 61 | }; 62 | 63 | services.xserver.libinput = { 64 | enable = true; 65 | touchpad = { 66 | accelSpeed = "0.1"; 67 | naturalScrolling = true; 68 | }; 69 | }; 70 | 71 | # need networkmanager for wwan 72 | # networking.networkmanager = { 73 | # enable = true; 74 | # #enableFccUnlock = true; 75 | # #wifi = { 76 | # # backend = "iwd"; 77 | # # powersave = true; 78 | # #}; 79 | # unmanaged = [ 80 | # "docker0" 81 | # "rndis0" 82 | # ]; 83 | # }; 84 | 85 | # systemd.services.modem-manager.enable = true; 86 | # systemd.services.ModemManager = { 87 | # wantedBy = [ "multi-user.target" ]; 88 | # }; 89 | 90 | services.logind = { 91 | lidSwitch = "ignore"; 92 | lidSwitchExternalPower = "lock"; 93 | lidSwitchDocked = "lock"; 94 | # extraConfig = '' 95 | # # transition from suspend to hibernate after 1h 96 | # HibernateDelaySec=3600 97 | # ''; 98 | }; 99 | 100 | nix.settings.binary-caches = lib.mkForce [ "https://cache.nixos.org" ]; 101 | services.upower.enable = true; 102 | 103 | } 104 | -------------------------------------------------------------------------------- /profiles/tvbox-gbm.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, lib, ... }: 2 | 3 | let 4 | kodiWithAddons = { lib, kodiPackages, makeWrapper, buildEnv, kodi, addons, callPackage }: 5 | let 6 | 7 | # linux distros are supposed to provide pillow and pycryptodome 8 | requiredPythonPath = with kodi.pythonPackages; makePythonPath ([ pillow pycryptodome ]); 9 | 10 | # each kodi addon can potentially export a python module which should be included in PYTHONPATH 11 | # see any addon which supplies `passthru.pythonPath` and the corresponding entry in the addons `addon.xml` 12 | # eg. `` -> pythonPath = "lib"; 13 | additionalPythonPath = 14 | let 15 | addonsWithPythonPath = lib.filter (addon: addon ? pythonPath) addons; 16 | in 17 | lib.concatMapStringsSep ":" (addon: "${addon}${kodiPackages.addonDir}/${addon.namespace}/${addon.pythonPath}") addonsWithPythonPath; 18 | in 19 | 20 | buildEnv { 21 | name = "${kodi.name}-env"; 22 | 23 | paths = [ kodi ] ++ addons; 24 | pathsToLink = [ "/share" ]; 25 | 26 | nativeBuildInputs = [ makeWrapper ]; 27 | 28 | postBuild = '' 29 | mkdir $out/bin 30 | for exe in kodi{,-standalone} 31 | do 32 | makeWrapper ${kodi}/bin/$exe $out/bin/$exe \ 33 | --prefix PYTHONPATH : ${requiredPythonPath}:${additionalPythonPath} \ 34 | --prefix KODI_HOME : $out/share/kodi \ 35 | --prefix LD_LIBRARY_PATH ":" "${lib.makeLibraryPath 36 | (lib.concatMap 37 | (plugin: plugin.extraRuntimeDependencies or []) addons)}" 38 | done 39 | ''; 40 | }; 41 | in 42 | { 43 | 44 | sound.enable = true; 45 | 46 | # dont need this- interferes with kodi 47 | systemd.services."getty@tty1".enable = false; 48 | systemd.services."autovt@tty1".enable = false; 49 | 50 | security.polkit.enable = true; 51 | services.upower.enable = true; 52 | 53 | boot.plymouth.enable = false; 54 | 55 | users.extraUsers.kodi = { 56 | isNormalUser = true; 57 | uid = 1002; 58 | extraGroups = [ "audio" "video" "input" ]; 59 | }; 60 | 61 | systemd.services.kodi-gbm = 62 | let 63 | kodi = kodiWithAddons { 64 | inherit (pkgs) lib makeWrapper buildEnv callPackage kodiPackages; 65 | kodi = pkgs.kodi-rock5b; 66 | addons = with pkgs.kodiPackages; [ 67 | youtube 68 | jellyfin 69 | pvr-iptvsimple 70 | ]; 71 | }; 72 | in 73 | { 74 | wants = [ "network-online.target" "polkit.service" ]; 75 | conflicts = [ "getty@tty1.service" ]; 76 | wantedBy = [ "multi-user.target" ]; 77 | environment = { 78 | PAN_MESA_DEBUG = "gofaster"; 79 | }; 80 | serviceConfig = { 81 | ExecStart = "${kodi}/bin/kodi --standalone"; 82 | StandardInput = "tty"; 83 | StandardOutput = "tty"; 84 | TTYPath = "/dev/tty1"; 85 | PAMName = "login"; 86 | User = "kodi"; 87 | }; 88 | }; 89 | 90 | services.avahi.enable = true; 91 | 92 | networking.firewall.allowedTCPPorts = [ 8080 ]; 93 | 94 | environment.systemPackages = with pkgs; [ 95 | libva1 96 | libva-utils 97 | glxinfo 98 | kmscube 99 | strace 100 | ]; 101 | 102 | } 103 | -------------------------------------------------------------------------------- /profiles/tvbox.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, lib, ... }: 2 | 3 | { 4 | 5 | users.users.grw.extraGroups = [ "input" "pulse" ]; 6 | 7 | sound.enable = true; 8 | 9 | # dont need this- interferes with kodi 10 | systemd.services."getty@tty1".enable = false; 11 | systemd.services."autovt@tty1".enable = false; 12 | 13 | security.polkit.enable = true; 14 | services.upower.enable = true; 15 | 16 | boot.plymouth.enable = false; 17 | 18 | nixpkgs.config.kodi = { 19 | enablePVRHTS = true; 20 | }; 21 | 22 | services.xserver = { 23 | enable = true; 24 | videoDriver = "modesetting"; 25 | desktopManager.kodi.enable = true; 26 | displayManager.sddm = { 27 | enable = true; 28 | autoLogin.enable = true; 29 | autoLogin.user = "grw"; 30 | }; 31 | }; 32 | 33 | systemd.services.kodi = { 34 | wants = [ "network-online.target" "polkit.service" ]; 35 | conflicts = [ "getty@tty1.service" ]; 36 | wantedBy = [ "multi-user.target" ]; 37 | serviceConfig = { 38 | ExecStart = "${pkgs.kodi}/bin/kodi --standalone"; 39 | StandardInput = "tty"; 40 | StandardOutput = "tty"; 41 | TTYPath = "/dev/tty1"; 42 | PAMName = "login"; 43 | User = "grw"; 44 | }; 45 | }; 46 | 47 | networking.firewall.allowedTCPPorts = [ 8080 ]; 48 | 49 | hardware.opengl = { 50 | enable = true; 51 | extraPackages = with pkgs; [ libva libva-v4l2-request ]; 52 | }; 53 | 54 | environment.systemPackages = with pkgs; [ 55 | libva-utils 56 | v4l-utils 57 | kodi-gbm 58 | ]; 59 | 60 | } 61 | -------------------------------------------------------------------------------- /profiles/uefi-boot.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: 2 | 3 | { 4 | 5 | boot = { 6 | tmp.useTmpfs = true; 7 | kernelPackages = pkgs.lib.mkDefault pkgs.linuxPackages_latest; 8 | zfs = { 9 | package = pkgs.zfs_unstable; 10 | }; 11 | kernelParams = [ 12 | "msr.allow_writes=on" 13 | "mitigations=off" 14 | "panic=30" 15 | ]; 16 | 17 | loader = { 18 | efi.canTouchEfiVariables = true; 19 | systemd-boot = { 20 | enable = true; 21 | configurationLimit = 10; 22 | }; 23 | }; 24 | 25 | supportedFilesystems = [ "vfat" "f2fs" ]; 26 | initrd = { 27 | supportedFilesystems = [ 28 | "f2fs" 29 | "nfs" 30 | ]; 31 | 32 | availableKernelModules = [ 33 | "xhci_pci" 34 | "ehci_pci" 35 | "ahci" 36 | "nvme" 37 | "usb_storage" 38 | "usbhid" 39 | "sd_mod" 40 | "sdhci_acpi" 41 | "r8169" 42 | "tpm" 43 | "mii" 44 | "tpm_tis" 45 | ]; 46 | }; 47 | }; 48 | 49 | } 50 | -------------------------------------------------------------------------------- /profiles/users.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | let 4 | mac-pubkey = '' 5 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDLP7HdNP1K1zgEOiJvAJ/7UjnjbIZ77kfM0IP/M726Vw67AcpVZf7XIfwaz4/I4NeeXKHcAE1sZodbb9efZ6oOFHec0UmfDprmQYqcrTqLNSqdxfyeEV8VdxEM8N4Kp9+7zc38NeCd66B67FDPs/YzEOgWNtyR4UrJpCH60j1cSndeqPF90hDjHMmYVcUn1Pq+R6cRxppcCjOQiOPT7jST48s6pqyJm0x31GAt/bH4WERT5Wzah34tZLlNp3AEGjfZ/8CDLSEkvkkMdjyjQZJ0QJEdYH6u1VD2TOwtBuAHZCmW0yIkj+3m/1kU2AFdsz6r29Ix6azBnThMMTubYCsk6HoH+MBd7A/7tuUs4rphGTfPnMMI9IwhPkhJiWaWPJlrYW6JO/szu1LdWRORtuCyXFIFJJaOAKwkS5uaxGBdx4NXZLNtLMX+0qIkfQWBcwhkKb43TQ2+/bqEQme9U80ILGHMsYb/K8IVSbsgP0tnQPFoVv3HTyLCloIwtoL8Bf8= grw@MacBook-Air.lan''; 6 | gpg-pubkey = '' 7 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC33L+epirAZn22pRF0i/+618qWprG121KVZqPjLkpMRhsGrF1zmUnvTYEaJfg6ZD9Ndrnw5XfGw9iazkxs55JFnm+qzv9DIWjIVMTH9QLDEscz7bY0df5wKOtInByLAQ0g7KoZIZugMjywU5+N42PztUQ7fdt90tYZm4hvg7ZrjjbQBHAn3dwAsqmyQ3BtSiqfoudRABEwZx1pRqZrIE1Ms6xOHT4WN1cPCL0ROG1BWY148dj05nhJl9wGgqgFGkJoxb4bdfDsPqtcveGIFKQo5bb66OOsulSJdDA5MberYrrN8sD/yWcuwi/arRqwFAAU6MRMsM+7g5AAauNXoZVJnX0ltf2cyajUjCrLLcVSvebzH1m1ZvVqeqjUagXnc6wWpOv8NmVJMcfoboYWJ1dRfGaoUAX/T9joFr87fWkOvd/cuxRhUcy5IbL/o1ykhAfmaSUlFmdOkms8WEOwkJ+5tmRwkfSTWYwFMQcqJgf/PepatWYW/ruUTFwRDVLRx6+EdH1EiVpYCd+F2OgSUsaH7kvafciVZbwFwpg51BQ9uCTxavsGZK8TrIK1Mq0ByhOUM8Slk4QNNcIaCXivJpxd5VY2Ak44VgVze0mrxTfYffnDfAFNTmDe7W5E+X36TwqxJXpAiam3vbq8BmpQtSfUyGhWY/0acvfrdCuK9V/JCQ== cardno:000608755089 8 | ''; 9 | air-grw = '' 10 | ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC87LO0rf0HxGpcFViyLH9hJiIHT6ptZgZ7W9d6PfBe8ADVMinvheiZgYHEOv/sQzEIP/3n6qCaLzcQ0vHzTnN+4VIET4APT+3g0yQizWB31qfTGl8qAVneJZVbudKEGTBeHZbfiahpJV1K+YXLg5+ig9ayT1QckBwvk1SW1HUc/tFriYO7Gbl9w2NxNOVMvujhGhUgRPeoY0xpgYdWz4AFS3D+WtzbnHGI7DPBPyxBZajm6zFrEhJBoZe/2NCBFkPckPs4X+su1fFoAab9IX/jI7EVpnVOA8gPVE8WlwvZXZqz8jn9pBwv/V+xGTCWLJgs1GLnrHS4aAgpAZVXIgGl3YXcUVO2VCFUTAM3msHSShLtbocqMDqqTIXLiIsfJQ0lSYr1+MBJ4QSbvxIVRk0/ZgCvlPrLEG7dDJaquJovfVNvQCk46Dr5aTP03EohYNOAstlmzoMyEfxE9ZF+kWWntjELnMNIT/TPdkMHJf7U91rITFy58xaxbL2DNMVmo88= grw@air 11 | ''; 12 | mbp-grw = '' 13 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ3UfDQwI0oA+04pmx2d+ekX1wSlTb1jwLDOasLsNesv grw@Georges-MBP 14 | ''; 15 | air-root = '' 16 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEamv7mi9CO/GJWMisaHoEPwBBoMCB5lXWHq0fgzUVAb root@Georges-Air-5.lan.satanic.link 17 | ''; 18 | trex-root = '' 19 | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEtPi2T/lOR9s64SVS4ETOmJgj//nKJxuGD8A+PZxcLb root@trex 20 | ''; 21 | in 22 | { 23 | 24 | users.extraUsers.grw = { 25 | shell = pkgs.zsh; 26 | extraGroups = [ 27 | "wheel" 28 | "libvirtd" 29 | "docker" 30 | "transmission" 31 | "audio" 32 | "video" 33 | "dialout" 34 | "plugdev" 35 | "wireshark" 36 | "lp" 37 | "scanner" 38 | "networkmanager" 39 | "vboxsf" 40 | "sway" 41 | "go-ethereum" 42 | "ipfs" 43 | ]; 44 | isNormalUser = true; 45 | openssh.authorizedKeys.keys = [ 46 | gpg-pubkey 47 | mac-pubkey 48 | air-grw 49 | mbp-grw 50 | trex-root 51 | air-root 52 | ]; 53 | }; 54 | 55 | users.users.root.openssh.authorizedKeys.keys = users.users.grw.openssh.authorizedKeys.keys; 56 | 57 | security.sudo = { 58 | enable = true; 59 | wheelNeedsPassword = false; 60 | }; 61 | 62 | } 63 | -------------------------------------------------------------------------------- /profiles/wireless.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | { 4 | 5 | hardware.enableAllFirmware = true; 6 | 7 | networking.wireless = { 8 | enable = lib.mkDefault true; 9 | networks = { 10 | VM4588425 = { 11 | psk = "Jd6qrtjwnqrj"; 12 | }; 13 | }; 14 | }; 15 | 16 | systemd.services.wpa_supplicant.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ]; 17 | systemd.services.wpa_supplicant = { 18 | startLimitIntervalSec = 5; 19 | startLimitBurst = 1; 20 | 21 | serviceConfig = { 22 | Restart = "on-failure"; 23 | RestartSec = "1"; 24 | }; 25 | }; 26 | 27 | } 28 | -------------------------------------------------------------------------------- /services/backup.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | { 4 | systemd.services.spindown_hdd = 5 | { 6 | description = "spin down usb hdd"; 7 | serviceConfig = { 8 | ExecStart = "${pkgs.sdparm}/bin/sdparm --command=stop --readonly /dev/disk/by-id/usb-Seagate_Expansion_Desk_NA4K8NA4-0:0"; 9 | Type = "oneshot"; 10 | }; 11 | startAt = "*:18"; 12 | }; 13 | } 14 | -------------------------------------------------------------------------------- /services/buildfarm-executor.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | { 4 | nix = { 5 | distributedBuilds = true; 6 | extraOptions = '' 7 | builders-use-substitutes = true 8 | ''; 9 | # settings = { 10 | # extra-substituters = [ "ssh-ng://grw@trex.satanic.link" ]; 11 | # trusted-substituters = [ "ssh-ng://grw@trex.satanic.link" ]; 12 | # }; 13 | buildMachines = [ 14 | { 15 | hostName = "rock-5b.satanic.link"; 16 | sshUser = "root"; 17 | speedFactor = 2; 18 | maxJobs = 2; 19 | supportedFeatures = [ "kvm" "nixos-test" "big-parallel" ]; 20 | systems = [ "aarch64-linux" ]; 21 | } 22 | ] ++ lib.optionals (config.networking.hostName != "trex") [ 23 | { 24 | hostName = "trex.satanic.link"; 25 | sshUser = "grw"; 26 | protocol = "ssh-ng"; 27 | maxJobs = 4; 28 | speedFactor = 128; 29 | supportedFeatures = [ "kvm" "nixos-test" "big-parallel" ]; 30 | systems = [ 31 | "x86_64-linux" 32 | "i686-linux" 33 | ]; 34 | } 35 | ]; 36 | }; 37 | } 38 | -------------------------------------------------------------------------------- /services/buildfarm-slave.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | { 4 | nix.settings.trusted-users = [ "grw" ]; 5 | 6 | users.extraUsers.root.openssh.authorizedKeys.keys = 7 | config.users.users.grw.openssh.authorizedKeys.keys; 8 | } 9 | -------------------------------------------------------------------------------- /services/docker.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | { 4 | virtualisation.docker = { 5 | enable = true; 6 | autoPrune = { 7 | enable = true; 8 | flags = [ "--all" ]; 9 | }; 10 | }; 11 | } 12 | -------------------------------------------------------------------------------- /services/grafana.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | { 4 | services.grafana = { 5 | enable = true; 6 | addr = "192.168.23.5"; 7 | port = 3005; 8 | rootUrl = "https://grafana.satanic.link"; 9 | settings = { 10 | security = { 11 | admin_password = "/var/lib/grafana/grafana-password.secret"; 12 | }; 13 | }; 14 | auth.anonymous.enable = true; 15 | }; 16 | 17 | systemd.services.grafana.after = [ "grafana-password.secret.service" ]; 18 | 19 | deployment.keys = 20 | { 21 | "grafana-password.secret" = { 22 | keyCommand = [ "pass" "grafana.satanic.link" ]; 23 | user = "grafana"; 24 | group = "grafana"; 25 | destDir = "/var/lib/grafana"; 26 | uploadAt = "pre-activation"; 27 | }; 28 | }; 29 | } 30 | -------------------------------------------------------------------------------- /services/home-assistant/default.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: 2 | 3 | { 4 | 5 | imports = [ 6 | ./lights.nix 7 | ./mqtt.nix 8 | ./vacuum.nix 9 | ./homekit.nix 10 | ]; 11 | 12 | users.extraUsers."hass".extraGroups = [ "dialout" ]; 13 | 14 | hardware.bluetooth = { 15 | enable = true; 16 | powerOnBoot = true; 17 | }; 18 | 19 | services.home-assistant = 20 | let 21 | package = pkgs.home-assistant.override { 22 | extraPackages = ps: with ps; 23 | [ 24 | defusedxml 25 | python-miio 26 | netdisco 27 | aiounifi 28 | aiohomekit 29 | async-upnp-client 30 | pyatv 31 | paho-mqtt 32 | withings-api 33 | withings-sync 34 | aiowithings 35 | python-otbr-api 36 | pyipp 37 | pysnmp 38 | qingping-ble 39 | xiaomi-ble 40 | pyxiaomigateway 41 | # brother 42 | ]; 43 | }; 44 | in 45 | { 46 | enable = true; 47 | openFirewall = true; 48 | package = package.overrideAttrs (o: { 49 | doInstallCheck = false; 50 | }); 51 | # lovelaceConfig = { 52 | # resources = [ 53 | # { url = "local/valetudo-map-card.js"; 54 | # type = "module"; } 55 | # ]; 56 | # }; 57 | 58 | config = { 59 | homeassistant = { 60 | name = "Home"; 61 | country = "CH"; 62 | # latitude = pkgs.secrets.home-lat; 63 | # longitude = pkgs.secrets.home-lng; 64 | elevation = "20"; 65 | unit_system = "metric"; 66 | time_zone = "Europe/Zurich"; 67 | internal_url = "https://home.satanic.link"; 68 | external_url = "https://home.satanic.link"; 69 | allowlist_external_dirs = [ 70 | "/mnt/Home/Timelapse" 71 | ]; 72 | }; 73 | http = { 74 | server_host = "0.0.0.0"; 75 | server_port = 8123; 76 | use_x_forwarded_for = true; 77 | trusted_proxies = [ "127.0.0.1" "192.168.23.1" ]; 78 | }; 79 | mobile_app = { }; 80 | frontend = { }; 81 | history = { }; 82 | config = { }; 83 | zha = { 84 | zigpy_config.ota.ikea_provider = true; 85 | }; 86 | system_health = { }; 87 | }; 88 | }; 89 | 90 | } 91 | 92 | 93 | -------------------------------------------------------------------------------- /services/home-assistant/homekit.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: 2 | 3 | { 4 | services.avahi = { 5 | enable = true; 6 | reflector = true; 7 | }; 8 | 9 | networking.firewall.allowedUDPPorts = [ 5353 ]; 10 | networking.firewall.allowedTCPPorts = [ 21063 ]; 11 | 12 | services.home-assistant.config.zeroconf = { }; 13 | services.home-assistant.config.homekit = { 14 | filter = { 15 | include_domains = [ "light" ]; 16 | }; 17 | }; 18 | 19 | services.home-assistant.config.logger = { 20 | default = "info"; 21 | }; 22 | } 23 | -------------------------------------------------------------------------------- /services/home-assistant/mqtt.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: 2 | 3 | { 4 | 5 | services.mosquitto = { 6 | enable = true; 7 | listeners = [{ 8 | address = "0.0.0.0"; 9 | users = { 10 | "rw" = { 11 | acl = [ "readwrite #" ]; 12 | password = "i503Myc3b6wOYKM8fDwypUstI"; 13 | }; 14 | }; 15 | }]; 16 | }; 17 | 18 | } 19 | -------------------------------------------------------------------------------- /services/home-assistant/vacuum.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, ... }: 2 | 3 | { 4 | 5 | systemd.tmpfiles.rules = 6 | let 7 | valetudo-map-card = pkgs.fetchurl { 8 | url = "https://raw.githubusercontent.com/Hypfer/lovelace-valetudo-map-card/master/dist/valetudo-map-card.js"; 9 | sha256 = "sha256-cpt2NSDz+XKgTBFCAyauAIIN7JpTh74/qaY/gnssKls="; 10 | }; 11 | in 12 | [ 13 | "d /var/lib/hass/www 0755 hass hass" 14 | "L /var/lib/hass/www/valetudo-map-card.js - - - - ${valetudo-map-card}" 15 | ]; 16 | 17 | services.home-assistant.config = { 18 | 19 | automation = [ 20 | /* Start vacuum when george is away */ 21 | { 22 | alias = "Start ROBOROCK"; 23 | trigger = { 24 | platform = "time"; 25 | at = "12:00:00"; 26 | /* entity_id = "person.george"; 27 | from = "home"; 28 | to = "not_home"; 29 | for = "00:05:00"; */ 30 | }; 31 | condition = [ ]; 32 | action = { 33 | service = "vacuum.start"; 34 | data = { }; 35 | entity_id = "vacuum.valetudo_roborock"; 36 | }; 37 | mode = "single"; 38 | } 39 | ]; 40 | }; 41 | } 42 | -------------------------------------------------------------------------------- /services/jellyfin.nix: -------------------------------------------------------------------------------- 1 | { config, pkgs, lib, ... }: 2 | 3 | { 4 | 5 | services.jellyfin = { 6 | enable = true; 7 | openFirewall = false; 8 | }; 9 | 10 | systemd.services."jellyfin" = { 11 | bindsTo = [ "mnt-Media.mount" "var-cache-jellyfin.mount" ]; 12 | after = [ "mnt-Media.mount" "var-cache-jellyfin.mount" ]; 13 | }; 14 | 15 | users.users.jellyfin.extraGroups = [ "video" "render" ]; 16 | 17 | environment.systemPackages = with pkgs; [ ffmpeg libva1 libva-utils ]; 18 | 19 | fileSystems."/var/cache/jellyfin" = { 20 | device = "none"; 21 | fsType = "tmpfs"; 22 | options = [ 23 | "nofail" 24 | "defaults" 25 | "size=16G" 26 | "mode=755" 27 | ]; 28 | }; 29 | 30 | } 31 | -------------------------------------------------------------------------------- /services/nginx.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | { 4 | 5 | networking.firewall.allowedTCPPorts = [ 80 443 ]; 6 | 7 | security.acme = { 8 | acceptTerms = true; 9 | defaults.email = "georgerw@gmail.com"; 10 | }; 11 | 12 | services.nginx = { 13 | enable = true; 14 | statusPage = true; 15 | recommendedTlsSettings = true; 16 | recommendedGzipSettings = true; 17 | recommendedOptimisation = true; 18 | recommendedProxySettings = true; 19 | }; 20 | 21 | services.nginx.virtualHosts."static.satanic.link" = { 22 | forceSSL = true; 23 | enableACME = true; 24 | locations."/" = { 25 | root = "/var/www/static"; 26 | }; 27 | }; 28 | 29 | # services.nginx.virtualHosts."gateway.satanic.link" = { 30 | # forceSSL = true; 31 | # enableACME = true; 32 | # locations."/" = { 33 | # proxyPass = "http://192.168.23.5:5080"; 34 | # proxyWebsockets = true; 35 | # }; 36 | # }; 37 | 38 | services.nginx.virtualHosts."grafana.satanic.link" = { 39 | forceSSL = true; 40 | enableACME = true; 41 | locations."/" = { 42 | proxyPass = "http://192.168.23.5:3005"; 43 | proxyWebsockets = true; 44 | # extraConfig = '' 45 | # proxy_set_header Host grafana.satanic.link; 46 | # ''; 47 | }; 48 | }; 49 | 50 | services.nginx.virtualHosts."home.satanic.link" = { 51 | forceSSL = true; 52 | enableACME = true; 53 | extraConfig = '' 54 | proxy_buffering off; 55 | ''; 56 | locations."/" = { 57 | proxyPass = "http://192.168.23.5:8123"; 58 | proxyWebsockets = true; 59 | }; 60 | }; 61 | 62 | 63 | services.nginx.virtualHosts."radarr.satanic.link" = { 64 | forceSSL = true; 65 | enableACME = true; 66 | locations."/" = { 67 | extraConfig = '' 68 | proxy_buffering off; 69 | ''; 70 | proxyPass = "http://192.168.23.16:7878"; 71 | proxyWebsockets = true; 72 | }; 73 | }; 74 | 75 | services.nginx.virtualHosts."sonarr.satanic.link" = { 76 | forceSSL = true; 77 | enableACME = true; 78 | locations."/" = { 79 | extraConfig = '' 80 | proxy_buffering off; 81 | ''; 82 | proxyPass = "http://192.168.23.15:8989"; 83 | proxyWebsockets = true; 84 | }; 85 | }; 86 | 87 | services.prometheus.exporters = { 88 | nginx = { 89 | enable = true; 90 | openFirewall = false; 91 | }; 92 | }; 93 | 94 | users.users.nginx = { 95 | extraGroups = [ "acme" ]; 96 | }; 97 | 98 | services.nginx.virtualHosts."jellyfin.satanic.link" = { 99 | forceSSL = true; 100 | enableACME = true; 101 | locations."/" = { 102 | proxyPass = "http://127.0.0.1:8096"; 103 | proxyWebsockets = true; 104 | }; 105 | }; 106 | } 107 | -------------------------------------------------------------------------------- /services/transmission.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | let 3 | incompleteDir = "/mnt/downloads"; 4 | in 5 | { 6 | fileSystems.${incompleteDir} = 7 | { 8 | device = "nvpool/root/incomplete"; 9 | fsType = "zfs"; 10 | options = [ "nofail" ]; 11 | }; 12 | 13 | services.transmission = { 14 | enable = true; 15 | openFirewall = true; 16 | settings = { 17 | download-dir = "/mnt/Media/downloads"; 18 | download-queue-size = 8; 19 | incomplete-dir = incompleteDir; 20 | incomplete-dir-enabled = true; 21 | rpc-whitelist-enabled = false; 22 | rpc-whitelist = "127.0.0.1,192.168.0.*,192.168.23.*,192.168.24.*"; 23 | rpc-host-whitelist = "nixhost.lan"; 24 | rpc-bind-address = "0.0.0.0"; 25 | cache-size-mb = 1024; 26 | scrape-paused-torrents-enabled = false; 27 | seed-queue-enabled = true; 28 | seed-queue-size = 10000; 29 | speed-limit-up-enabled = false; 30 | umask = 2; 31 | }; 32 | }; 33 | 34 | networking.firewall.allowedTCPPorts = [ 51413 ]; 35 | networking.firewall.allowedUDPPorts = [ 51413 ]; 36 | } 37 | -------------------------------------------------------------------------------- /services/virt/host.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | { 4 | # Turn on virt 5 | virtualisation.libvirtd = { 6 | enable = true; 7 | onBoot = "start"; 8 | allowedBridges = [ "br0" ]; 9 | qemu = { 10 | ovmf.enable = true; 11 | swtpm.enable = true; 12 | verbatimConfig = '' 13 | namespaces = [] 14 | 15 | # Whether libvirt should dynamically change file ownership 16 | dynamic_ownership = 0 17 | ''; 18 | }; 19 | }; 20 | 21 | programs.virt-manager.enable = true; 22 | 23 | # /* 24 | environment.systemPackages = with pkgs; [ 25 | # virt-manager 26 | # virt-viewer 27 | spice-gtk # fix usb redirect 28 | mstflint # mlx firmware 29 | pciutils 30 | ]; 31 | # */ 32 | boot.kernelParams = [ 33 | # Use IOMMU 34 | # "intel_iommu=on" 35 | 36 | # Needed by OS X 37 | "kvm.ignore_msrs=1" 38 | "vfio_iommu_type1.allow_unsafe_interrupts=1" 39 | ]; 40 | 41 | environment.etc."qemu-ifup" = rec { 42 | target = "qemu-ifup"; 43 | text = '' 44 | #!${pkgs.stdenv.shell} 45 | echo "Executing ${target}" 46 | echo "Bringing up $1 for bridged mode..." 47 | ${pkgs.iproute2}/bin/ip link set $1 up promisc on 48 | echo "Adding $1 to br0.lan..." 49 | ${pkgs.bridge-utils}/bin/brctl addif br0.lan $1 50 | sleep 2 51 | ''; 52 | mode = "0744"; 53 | uid = config.ids.uids.root; 54 | }; 55 | 56 | boot.kernelModules = [ 57 | "vfio" 58 | "vfio_pci" 59 | # "vfio_iommu_type1" 60 | ]; 61 | } 62 | -------------------------------------------------------------------------------- /services/virt/hugepages.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | { 4 | boot.kernelParams = [ 5 | "hugepagesz=1GB" 6 | "default_hugepagesz=1G" 7 | "hugepages=16" 8 | "transparent_hugepages=never" 9 | ]; 10 | 11 | systemd.mounts = [ 12 | # disable mounting hugepages by systemd, 13 | # it doesn't know about 1G pagesize 14 | { 15 | where = "/dev/hugepages"; 16 | enable = false; 17 | } 18 | { 19 | where = "/dev/hugepages/hugepages-1048576kB"; 20 | enable = true; 21 | what = "hugetlbfs"; 22 | type = "hugetlbfs"; 23 | options = "pagesize=1G"; 24 | requiredBy = [ "basic.target" ]; 25 | } 26 | ]; 27 | 28 | environment.etc."tmpfiles.d/thp.conf".text = '' 29 | w /sys/kernel/mm/transparent_hugepage/enabled - - - - never 30 | ''; 31 | 32 | boot.kernel.sysctl = { 33 | "vm.nr_hugepages" = lib.mkForce 16; 34 | }; 35 | } 36 | -------------------------------------------------------------------------------- /services/virt/machines/Tails.xml: -------------------------------------------------------------------------------- 1 | 2 | Tails 3 | 057ae68b-8a83-4f2d-cd4a-db3888724f91 4 | 2048576 5 | 2048576 6 | 7 | hvm 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | destroy 29 | restart 30 | restart 31 | 32 | 33 | 34 | 35 | 36 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 |
53 | 54 | 55 |
56 | 57 | 58 |
59 | 60 | 61 | 62 |
63 | 64 | 65 | 66 |
67 | 68 | 69 | 70 |
71 | 72 | 73 | 74 | 75 | 76 |
77 | 78 | 79 | 80 | 81 | 82 | 83 | 84 | 85 | 86 | 87 | 88 | 89 | 90 | 91 | -------------------------------------------------------------------------------- /services/virt/machines/Vivid.xml: -------------------------------------------------------------------------------- 1 | 2 | vivid 3 | 69564dcd-5432-43f0-b3bd-391854ea9aeb 4 | 4194304 5 | 4194304 6 | 7 | 8 | 9 | 2 10 | 11 | hvm 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | destroy 29 | restart 30 | restart 31 | 32 | 33 | 34 | 35 | 36 | /usr/bin/qemu-kvm-nvidia-vga 37 | 38 | 39 | 40 | 41 |
42 | 43 | 44 | 45 | 46 | 47 | 48 |
49 | 50 | 51 |
52 | 53 | 54 | 55 |
56 | 57 | 58 | 59 |
60 | 61 | 62 | 63 |
64 | 65 | 66 | 67 | 68 | 69 | 70 |
71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | -------------------------------------------------------------------------------- /services/virt/vfio.nix: -------------------------------------------------------------------------------- 1 | { config, lib, pkgs, ... }: 2 | 3 | { 4 | /* 5 | NVIDIA 980 Ti / Intel z170 Skylake 6 | 7 | lsgroups.sh: 8 | 9 | VFIO? ### Group 0 ### 10 | 00:00.0 Host bridge [0600]: Intel Corporation Sky Lake Host Bridge/DRAM Registers [8086:191f] (rev 07) 11 | ### Group 1 ### 12 | 00:01.0 PCI bridge [0604]: Intel Corporation Sky Lake PCIe Controller (x16) [8086:1901] (rev 07) 13 | Y 01:00.0 VGA compatible controller [0300]: NVIDIA Corporation GM200 [GeForce GTX 980 Ti] [10de:17c8] (rev a1) 14 | Y 01:00.1 Audio device [0403]: NVIDIA Corporation Device [10de:0fb0] (rev a1) 15 | ### Group 2 ### 16 | ? 00:02.0 VGA compatible controller [0300]: Intel Corporation Sky Lake Integrated Graphics [8086:1912] (rev 06) 17 | ### Group 3 ### 18 | ? 00:14.0 USB controller [0c03]: Intel Corporation Sunrise Point-H USB 3.0 xHCI Controller [8086:a12f] (rev 31) 19 | 00:14.2 Signal processing controller [1180]: Intel Corporation Sunrise Point-H Thermal subsystem [8086:a131] (rev 31) 20 | ### Group 4 ### 21 | 00:16.0 Communication controller [0780]: Intel Corporation Sunrise Point-H CSME HECI #1 [8086:a13a] (rev 31) 22 | ### Group 5 ### 23 | ? 00:17.0 SATA controller [0106]: Intel Corporation Device [8086:a102] (rev 31) 24 | ### Group 6 ### 25 | 00:1c.0 PCI bridge [0604]: Intel Corporation Sunrise Point-H PCI Express Root Port #1 [8086:a110] (rev f1) 26 | 00:1c.4 PCI bridge [0604]: Intel Corporation Sunrise Point-H PCI Express Root Port #5 [8086:a114] (rev f1) 27 | 00:1c.6 PCI bridge [0604]: Intel Corporation Sunrise Point-H PCI Express Root Port #7 [8086:a116] (rev f1) 28 | Y 03:00.0 USB controller [0c03]: ASMedia Technology Inc. ASM1142 USB 3.1 Host Controller [1b21:1242] 29 | Y 04:00.0 Network controller [0280]: Broadcom Corporation BCM4352 802.11ac Wireless Network Adapter [14e4:43b1] (rev 03) 30 | ### Group 7 ### 31 | 00:1d.0 PCI bridge [0604]: Intel Corporation Sunrise Point-H PCI Express Root Port #9 [8086:a118] (rev f1) 32 | Y 05:00.0 Non-Volatile memory controller [0108]: Samsung Electronics Co Ltd Device [144d:a802] (rev 01) 33 | ### Group 8 ### 34 | 00:1f.0 ISA bridge [0601]: Intel Corporation Sunrise Point-H LPC Controller [8086:a145] (rev 31) 35 | 00:1f.2 Memory controller [0580]: Intel Corporation Sunrise Point-H PMC [8086:a121] (rev 31) 36 | Y 00:1f.3 Audio device [0403]: Intel Corporation Sunrise Point-H HD Audio [8086:a170] (rev 31) 37 | 00:1f.4 SMBus [0c05]: Intel Corporation Sunrise Point-H SMBus [8086:a123] (rev 31) 38 | ? 00:1f.6 Ethernet controller [0200]: Intel Corporation Ethernet Connection (2) I219-V [8086:15b8] (rev 31) 39 | */ 40 | environment.systemPackages = [ pkgs.scream ]; 41 | 42 | boot.blacklistedKernelModules = [ 43 | "nouveau" 44 | # "nvidia" 45 | "b43" 46 | # "amdgpu" 47 | ]; 48 | 49 | boot.kernelParams = [ 50 | # amdgpu passthrough 51 | "vfio-pci.ids=1002:731f,1002:ab38" 52 | "pcie_acs_override=downstream,multifunction" 53 | "video=efifb:off" 54 | ]; 55 | 56 | boot.kernelPatches = [ 57 | { name = "acs-overrides"; patch = ./add-acs-overrides.patch; } 58 | { name = "i915-vga-arbiter"; patch = ./i915-vga-arbiter.patch; } 59 | ]; 60 | 61 | boot.extraModulePackages = [ 62 | config.boot.kernelPackages.vendor-reset 63 | ]; 64 | 65 | networking.firewall.allowedUDPPorts = [ 1567 4010 ]; 66 | 67 | systemd.services.scream-receiver = { 68 | wantedBy = [ "libvirtd.service" ]; 69 | serviceConfig = { 70 | ExecStart = "${pkgs.scream}/bin/scream"; 71 | User = "grw"; 72 | Group = "audio"; 73 | }; 74 | }; 75 | 76 | boot.kernelPackages = lib.mkForce pkgs.linuxPackages_5_18; 77 | boot.kernelModules = [ 78 | "vendor_reset" 79 | ]; 80 | } 81 | --------------------------------------------------------------------------------