diff options
| author | Karel Kočí <cynerd@email.cz> | 2026-03-31 17:46:42 +0200 |
|---|---|---|
| committer | Karel Kočí <cynerd@email.cz> | 2026-03-31 17:46:42 +0200 |
| commit | d5ec7b775888827089a668aea58244b2ad4a1e70 (patch) | |
| tree | f83260efda4b3c478855484d1451a8858bc23b9c /nixos | |
| parent | 5f8f3edbf69f4735f302fc5a749dba2928ce6582 (diff) | |
| download | nixos-personal-master.tar.gz nixos-personal-master.tar.bz2 nixos-personal-master.zip | |
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/configurations/binky.nix | 4 | ||||
| -rw-r--r-- | nixos/configurations/dribbler.nix | 65 | ||||
| -rw-r--r-- | nixos/configurations/lipwig.nix | 7 | ||||
| -rw-r--r-- | nixos/configurations/ridcully.nix | 45 | ||||
| -rw-r--r-- | nixos/configurations/zd-mox.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/desktop.nix | 67 | ||||
| -rw-r--r-- | nixos/modules/develop.nix | 11 | ||||
| -rw-r--r-- | nixos/modules/gaming.nix | 6 | ||||
| -rw-r--r-- | nixos/modules/hosts.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/openwrtone.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/packages.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/router.nix | 11 | ||||
| -rw-r--r-- | nixos/modules/syncthing.nix | 4 | ||||
| -rw-r--r-- | nixos/modules/users.nix | 2 |
14 files changed, 152 insertions, 76 deletions
diff --git a/nixos/configurations/binky.nix b/nixos/configurations/binky.nix index dba1114..9e3866f 100644 --- a/nixos/configurations/binky.nix +++ b/nixos/configurations/binky.nix @@ -1,4 +1,4 @@ -{pkgs, ...}: { +{ system.stateVersion = "24.05"; nixpkgs.hostPlatform.system = "x86_64-linux"; deploy = { @@ -85,6 +85,4 @@ enable = true; dataDir = "/home/cynerd"; }; - - environment.systemPackages = [pkgs.heroic]; } diff --git a/nixos/configurations/dribbler.nix b/nixos/configurations/dribbler.nix index 306925c..038f455 100644 --- a/nixos/configurations/dribbler.nix +++ b/nixos/configurations/dribbler.nix @@ -14,31 +14,22 @@ boot = { initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage" "sd_mod"]; kernelModules = ["kvm-intel"]; + kernelParams = ["video=eDP-1:d"]; # Disable internal display for kodi to use HDMI }; hardware.cpu.intel.updateMicrocode = true; - boot.initrd.luks.devices = { - "encroot".device = "/dev/disk/by-uuid/b317feb5-d68d-4ec3-a24f-0307c116cac8"; + cynerd.autounlock = { + "encroot" = "/dev/disk/by-uuid/f791f524-0552-487b-9bf9-5c20ca78651b"; }; fileSystems = { "/" = { device = "/dev/mapper/encroot"; fsType = "btrfs"; - options = ["compress=lzo" "subvol=@"]; - }; - "/nix" = { - device = "/dev/mapper/encroot"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@nix"]; - }; - "/home" = { - device = "/dev/mapper/encroot"; - fsType = "btrfs"; - options = ["compress=lzo" "subvol=@home"]; + options = ["compress=lzo"]; }; "/boot" = { - device = "/dev/disk/by-uuid/8F7D-A154"; + device = "/dev/disk/by-uuid/7143-1EE7"; fsType = "vfat"; }; }; @@ -54,7 +45,7 @@ systemd.network = { networks = { "dhcp" = { - matchConfig.Name = "enp2s0f0"; + matchConfig.Name = "enp1s0"; networkConfig = { DHCP = "yes"; IPv6AcceptRA = "yes"; @@ -62,7 +53,7 @@ linkConfig.RequiredForOnline = "routable"; }; "dhcp-wlan" = { - matchConfig.Name = "wlp3s0"; + matchConfig.Name = "wlp2s0"; networkConfig = { DHCP = "yes"; IPv6AcceptRA = "yes"; @@ -75,12 +66,44 @@ }; # Kodi - nixpkgs.config.kodi.enableAdvancedLauncher = true; - users.extraUsers.kodi.isNormalUser = true; - services.cage = { - user = "kodi"; - program = "${pkgs.kodi-wayland}/bin/kodi-standalone"; + environment.systemPackages = with pkgs; [ + kodi-gbm + ]; + hardware = { + graphics = { + enable = true; + enable32Bit = true; + extraPackages = with pkgs; [ + intel-media-driver + libvdpau-va-gl + ]; + }; + bluetooth.enable = true; + }; + services.pipewire = { enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + security.rtkit.enable = true; + #nixpkgs.config.kodi.enableAdvancedLauncher = true; + users.extraUsers.kodi = { + isNormalUser = true; + extraGroups = ["audio" "video" "input"]; + }; + systemd.services.kodi = { + description = "Kodi standalone (GBM)"; + wantedBy = ["multi-user.target"]; + conflicts = ["getty@tty1.service"]; + serviceConfig = { + User = "kodi"; + TTYPath = "/dev/tty1"; + ExecStart = "${pkgs.kodi-gbm}/bin/kodi-standalone"; + Restart = "on-abort"; + StandardInput = "tty"; + StandardOutput = "journal"; + }; }; networking.firewall = { allowedTCPPorts = [8080]; diff --git a/nixos/configurations/lipwig.nix b/nixos/configurations/lipwig.nix index 11e60df..556ca5d 100644 --- a/nixos/configurations/lipwig.nix +++ b/nixos/configurations/lipwig.nix @@ -22,6 +22,7 @@ }; wireguard = true; borgjobs = { + # TODO backup influx postgresql.dumpCommand = pkgs.writeScript "postgreqsl-backup.sh" '' /run/wrappers/bin/sudo -u postgres /run/current-system/sw/bin/pg_dumpall ''; @@ -121,7 +122,7 @@ forceSSL = true; useACMEHost = "cynerd.cz"; locations."/".extraConfig = '' - uwsgi_pass "unix:///run/searx/searx.sock"; + uwsgi_pass "unix://${config.services.searx.uwsgiConfig.socket}"; include ${config.services.nginx.package}/conf/uwsgi_params; ''; }; @@ -275,8 +276,8 @@ license = "agpl3Plus"; }; passwords = pkgs.fetchNextcloudApp { - url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2025.12.1/passwords-lsr-81.tar.gz"; - hash = "sha256-mOqyVdQ6rRXrAjoCEz5B0/jx1aiM9TYcPJsuhHFR34w="; + url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2026.3.0/passwords.tar.gz"; + hash = "sha256-YHilpFaZHNCtqLRvTCDhyVoFWLC85Qkj1mMxp08YCho="; license = "agpl3Plus"; }; }; diff --git a/nixos/configurations/ridcully.nix b/nixos/configurations/ridcully.nix index 97a0456..9f3ed57 100644 --- a/nixos/configurations/ridcully.nix +++ b/nixos/configurations/ridcully.nix @@ -10,6 +10,9 @@ openvpn = { elektroline = true; }; + borgjobs = { + hetzner-s3.paths = "/back/hetzner-s3-sync"; + }; }; boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"]; @@ -77,8 +80,44 @@ nix.settings.max-jobs = 4; ############################################################################## - services.syncthing = { - enable = true; - dataDir = "/home/cynerd"; + services = { + syncthing = { + enable = true; + dataDir = "/home/cynerd"; + }; + + octoprint = { + enable = true; + openFirewall = true; + }; + + mjpg-streamer = { + enable = true; + inputPlugin = "input_uvc.so -d /dev/video2 -r 1920x1080 -f 30"; + outputPlugin = "output_http.so -p 5001 -w @www@"; + }; + }; + networking.firewall.allowedTCPPorts = [5001]; + + # Service to synchronize local copy of Hetzner S3 + systemd = { + services."hetzner-sync" = { + script = '' + /run/current-system/sw/bin/rclone --config /run/secrets/rclone-hetzner.conf \ + sync hetzner: /back/hetzner-s3-sync + ''; + serviceConfig = { + Type = "oneshot"; + User = "root"; + }; + }; + timers."hetzner-sync" = { + wantedBy = ["timers.target"]; + timerConfig.Unit = "hetzner-sync.service"; + timerConfig = { + OnCalendar = "daily"; + Persistent = false; + }; + }; }; } diff --git a/nixos/configurations/zd-mox.nix b/nixos/configurations/zd-mox.nix index 47319ed..6ce1b6b 100644 --- a/nixos/configurations/zd-mox.nix +++ b/nixos/configurations/zd-mox.nix @@ -22,6 +22,7 @@ in { "70:85:c2:4a:59:f2" = hosts.ridcully; "74:bf:c0:42:82:19" = hosts.printer; "f8:dc:7a:79:00:e6" = hosts.tc; + "34:94:54:33:6b:48" = hosts.vb; }; }; wireguard = true; diff --git a/nixos/modules/desktop.nix b/nixos/modules/desktop.nix index 3d01530..c39f9d2 100644 --- a/nixos/modules/desktop.nix +++ b/nixos/modules/desktop.nix @@ -47,6 +47,7 @@ in { waybar swaybackground myswaylock + brightnessctl alacritty nautilus @@ -67,6 +68,7 @@ in { resources isync + davmail msmtp notmuch dodo @@ -102,7 +104,7 @@ in { pulsemixer mpd mpc - ncmpcpp + #ncmpcpp feh shotwell id3lib @@ -147,7 +149,7 @@ in { inkscape blender tenacity - #kdePackages.kdenlive + kdePackages.kdenlive qrrs # GStreamer @@ -168,9 +170,10 @@ in { # CAD freecad - #kicad + kicad sweethome3d.application qelectrotech + super-slicer ] ++ (optionals cnf.laptop [ # Power management @@ -185,11 +188,9 @@ in { nativeMessagingHosts.packages = with pkgs; [browserpass]; }; - light.enable = mkIf cnf.laptop true; - nix-ld = { enable = true; - libraries = with pkgs; [xorg.libXpm]; + libraries = with pkgs; [libXpm]; }; usbkey = { @@ -204,6 +205,13 @@ in { enable = true; enableSSHSupport = true; enableBrowserSocket = true; + pinentryPackage = pkgs.writeShellScriptBin "pinentry-auto" '' + if [ -n "$WAYLAND_DISPLAY" ] || [ -n "$DISPLAY" ]; then + exec ${pkgs.pinentry-gnome3}/bin/pinentry-gnome3 "$@" + else + exec ${pkgs.pinentry-gnome3}/bin/pinentry-curses "$@" + fi + ''; }; kdeconnect.enable = true; @@ -274,7 +282,7 @@ in { drivers = with pkgs; [ gutenprint gutenprintBin - #cnijfilter2 + cnijfilter2 ]; }; saned.enable = true; @@ -303,27 +311,30 @@ in { allowedUDPPorts = [3702]; }; - fonts.packages = with pkgs; [ - arkpandora_ttf - corefonts - dejavu_fonts - fira-code - fira-code-symbols - fira-math - fira-mono - fira-sans - font-awesome - freefont_ttf - hack-font - liberation_ttf - libertine - nerd-fonts.hack - noto-fonts - noto-fonts-color-emoji - terminus_font_ttf - ubuntu-classic - unifont - ]; + fonts = { + enableDefaultPackages = true; + packages = with pkgs; [ + arkpandora_ttf + corefonts + dejavu_fonts + fira-code + fira-code-symbols + fira-math + fira-mono + fira-sans + font-awesome + freefont_ttf + hack-font + liberation_ttf + libertine + nerd-fonts.hack + noto-fonts + noto-fonts-color-emoji + terminus_font_ttf + ubuntu-classic + unifont + ]; + }; documentation = { enable = true; diff --git a/nixos/modules/develop.nix b/nixos/modules/develop.nix index bd84a87..587477f 100644 --- a/nixos/modules/develop.nix +++ b/nixos/modules/develop.nix @@ -44,7 +44,7 @@ in { cachix nurl nil - nixfmt-rfc-style + nixfmt alejandra statix deadnix @@ -169,6 +169,9 @@ in { # Images imagemagick + + # S3 + rclone ]; programs.wireshark = { enable = true; @@ -191,6 +194,8 @@ in { SUBSYSTEMS=="usb", ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0105", MODE:="0660", GROUP="develop", SYMLINK+="jlink_%n" SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2111", MODE:="0660", GROUP="develop", SYMLINK+="cmsip_dap_%n" SUBSYSTEMS=="usb", ATTRS{idVendor}=="1ab1", ATTRS{idProduct}=="0e11", MODE:="0660", GROUP="develop" + SUBSYSTEMS=="usb", ATTRS{idVendor}=="303a", ATTRS{idProduct}=="1001", MODE:="0660", GROUP="develop", TAG+="uaccess" + SUBSYSTEMS=="usb", ATTRS{idVendor}=="303a", ATTRS{idProduct}=="1002", MODE:="0660", GROUP="develop", TAG+="uaccess" ''; guix.enable = true; @@ -203,10 +208,6 @@ in { autoPrune.enable = true; storageDriver = "btrfs"; }; - #lxd = { - # enable = true; - # recommendedSysctlSettings = true; - #}; lxc.enable = true; libvirtd.enable = true; spiceUSBRedirection.enable = true; diff --git a/nixos/modules/gaming.nix b/nixos/modules/gaming.nix index 4f957ed..e939bf2 100644 --- a/nixos/modules/gaming.nix +++ b/nixos/modules/gaming.nix @@ -37,7 +37,7 @@ in { extraPkgs = pkgs: with pkgs; [ ncurses - xorg.libXpm + libxpm flac134 libopus ]; @@ -46,7 +46,7 @@ in { extraPkgs = pkgs: with pkgs; [ ncurses - xorg.libXpm + libxpm flac134 # For Nebuchadnezzar libopus SDL @@ -56,7 +56,7 @@ in { SDL_image SDL_mixer SDL_ttf - glew110 + glew_1_10 libdrm libidn tbb diff --git a/nixos/modules/hosts.nix b/nixos/modules/hosts.nix index b14ac62..6d901e0 100644 --- a/nixos/modules/hosts.nix +++ b/nixos/modules/hosts.nix @@ -36,7 +36,9 @@ in { "camera2" = "10.8.0.22"; # Local "ridcully" = "10.8.0.59"; + "dribbler" = "10.8.0.60"; "tc" = "10.8.0.99"; + "vb" = "10.8.0.98"; "printer" = "10.8.0.90"; # Portable "binky" = "10.8.0.63"; diff --git a/nixos/modules/openwrtone.nix b/nixos/modules/openwrtone.nix index 85ddbd2..40c1ed6 100644 --- a/nixos/modules/openwrtone.nix +++ b/nixos/modules/openwrtone.nix @@ -60,7 +60,6 @@ in { kernelParams = [ "fw_devlink=permissive" "clk_ignore_unused" - "pcie_aspm=off" ]; initrd = { diff --git a/nixos/modules/packages.nix b/nixos/modules/packages.nix index f6961af..e97229f 100644 --- a/nixos/modules/packages.nix +++ b/nixos/modules/packages.nix @@ -70,7 +70,7 @@ in { ] ++ optionals isx86_64 [ nmap - #ltrace + ltrace pv screen ] diff --git a/nixos/modules/router.nix b/nixos/modules/router.nix index 01110ae..1c8f4cc 100644 --- a/nixos/modules/router.nix +++ b/nixos/modules/router.nix @@ -178,12 +178,11 @@ in { services.resolved = { enable = true; - #dnssec = "true"; - fallbackDns = ["1.1.1.1" "8.8.8.8"]; - extraConfig = '' - DNSStubListenerExtra=${cnf.lanIP} - DNSStubListenerExtra=192.168.1.1 - ''; + settings.Resolve = { + FallbackDNS = ["1.1.1.1" "8.8.8.8"]; + DNSStubListenerExtra=[cnf.lanIP "192.168.1.1"]; + # TODO possibly enforce DNSSEC again + }; }; }; } diff --git a/nixos/modules/syncthing.nix b/nixos/modules/syncthing.nix index 1148da6..eab61c7 100644 --- a/nixos/modules/syncthing.nix +++ b/nixos/modules/syncthing.nix @@ -58,8 +58,8 @@ in { devices = allDevices; ignorePerms = false; }; - "${baseDir}/pictures" = { - label = "Pictures"; + "${baseDir}/images" = { + label = "Images"; id = "pictures"; devices = bigStorageDevices; ignorePerms = false; diff --git a/nixos/modules/users.nix b/nixos/modules/users.nix index 9c65f8b..24eedb5 100644 --- a/nixos/modules/users.nix +++ b/nixos/modules/users.nix @@ -85,6 +85,8 @@ in { enable = !isArm; defaultEditor = !isArm; withNodeJs = true; + withPython3 = true; + withRuby = true; }; }; |