diff options
Diffstat (limited to 'nixos')
| -rw-r--r-- | nixos/configurations/binky.nix | 8 | ||||
| -rw-r--r-- | nixos/configurations/dribbler.nix | 112 | ||||
| -rw-r--r-- | nixos/configurations/lipwig.nix | 9 | ||||
| -rw-r--r-- | nixos/configurations/ridcully.nix | 45 | ||||
| -rw-r--r-- | nixos/configurations/spt-omnia.nix | 1 | ||||
| -rw-r--r-- | nixos/configurations/zd-mox.nix | 24 | ||||
| -rw-r--r-- | nixos/modules/desktop.nix | 67 | ||||
| -rw-r--r-- | nixos/modules/develop.nix | 11 | ||||
| -rw-r--r-- | nixos/modules/gaming.nix | 6 | ||||
| -rw-r--r-- | nixos/modules/hosts.nix | 6 | ||||
| -rw-r--r-- | nixos/modules/openwrtone.nix | 1 | ||||
| -rw-r--r-- | nixos/modules/packages.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/router.nix | 11 | ||||
| -rw-r--r-- | nixos/modules/syncthing.nix | 4 | ||||
| -rw-r--r-- | nixos/modules/users.nix | 2 | ||||
| -rw-r--r-- | nixos/modules/wifi-client.nix | 3 |
16 files changed, 243 insertions, 69 deletions
diff --git a/nixos/configurations/binky.nix b/nixos/configurations/binky.nix index 6d8e5c3..9e3866f 100644 --- a/nixos/configurations/binky.nix +++ b/nixos/configurations/binky.nix @@ -1,10 +1,4 @@ { - lib, - pkgs, - ... -}: let - inherit (lib) mkDefault; -in { system.stateVersion = "24.05"; nixpkgs.hostPlatform.system = "x86_64-linux"; deploy = { @@ -91,6 +85,4 @@ in { enable = true; dataDir = "/home/cynerd"; }; - - environment.systemPackages = [pkgs.heroic]; } diff --git a/nixos/configurations/dribbler.nix b/nixos/configurations/dribbler.nix new file mode 100644 index 0000000..038f455 --- /dev/null +++ b/nixos/configurations/dribbler.nix @@ -0,0 +1,112 @@ +{pkgs, ...}: { + system.stateVersion = "25.11"; + nixpkgs.hostPlatform.system = "x86_64-linux"; + deploy = { + enable = true; + default = false; + ssh.host = "dribbler"; + }; + + cynerd = { + wifiClient = true; + }; + + boot = { + initrd.availableKernelModules = ["nvme" "xhci_pci" "usb_storage" "sd_mod"]; + kernelModules = ["kvm-intel"]; + kernelParams = ["video=eDP-1:d"]; # Disable internal display for kodi to use HDMI + }; + + hardware.cpu.intel.updateMicrocode = true; + + cynerd.autounlock = { + "encroot" = "/dev/disk/by-uuid/f791f524-0552-487b-9bf9-5c20ca78651b"; + }; + fileSystems = { + "/" = { + device = "/dev/mapper/encroot"; + fsType = "btrfs"; + options = ["compress=lzo"]; + }; + "/boot" = { + device = "/dev/disk/by-uuid/7143-1EE7"; + fsType = "vfat"; + }; + }; + services.btrfs.autoScrub = { + enable = true; + fileSystems = ["/"]; + }; + + networking = { + useNetworkd = true; + useDHCP = false; + }; + systemd.network = { + networks = { + "dhcp" = { + matchConfig.Name = "enp1s0"; + networkConfig = { + DHCP = "yes"; + IPv6AcceptRA = "yes"; + }; + linkConfig.RequiredForOnline = "routable"; + }; + "dhcp-wlan" = { + matchConfig.Name = "wlp2s0"; + networkConfig = { + DHCP = "yes"; + IPv6AcceptRA = "yes"; + }; + routes = [{Metric = 1088;}]; + linkConfig.RequiredForOnline = "routable"; + }; + }; + wait-online.enable = false; + }; + + # Kodi + environment.systemPackages = with pkgs; [ + kodi-gbm + ]; + hardware = { + graphics = { + enable = true; + enable32Bit = true; + extraPackages = with pkgs; [ + intel-media-driver + libvdpau-va-gl + ]; + }; + bluetooth.enable = true; + }; + services.pipewire = { + enable = true; + alsa.enable = true; + alsa.support32Bit = true; + pulse.enable = true; + }; + security.rtkit.enable = true; + #nixpkgs.config.kodi.enableAdvancedLauncher = true; + users.extraUsers.kodi = { + isNormalUser = true; + extraGroups = ["audio" "video" "input"]; + }; + systemd.services.kodi = { + description = "Kodi standalone (GBM)"; + wantedBy = ["multi-user.target"]; + conflicts = ["getty@tty1.service"]; + serviceConfig = { + User = "kodi"; + TTYPath = "/dev/tty1"; + ExecStart = "${pkgs.kodi-gbm}/bin/kodi-standalone"; + Restart = "on-abort"; + StandardInput = "tty"; + StandardOutput = "journal"; + }; + }; + networking.firewall = { + allowedTCPPorts = [8080]; + allowedUDPPorts = [8080]; + }; +} diff --git a/nixos/configurations/lipwig.nix b/nixos/configurations/lipwig.nix index 0b213ec..556ca5d 100644 --- a/nixos/configurations/lipwig.nix +++ b/nixos/configurations/lipwig.nix @@ -22,6 +22,7 @@ }; wireguard = true; borgjobs = { + # TODO backup influx postgresql.dumpCommand = pkgs.writeScript "postgreqsl-backup.sh" '' /run/wrappers/bin/sudo -u postgres /run/current-system/sw/bin/pg_dumpall ''; @@ -121,7 +122,7 @@ forceSSL = true; useACMEHost = "cynerd.cz"; locations."/".extraConfig = '' - uwsgi_pass "unix:///run/searx/searx.sock"; + uwsgi_pass "unix://${config.services.searx.uwsgiConfig.socket}"; include ${config.services.nginx.package}/conf/uwsgi_params; ''; }; @@ -253,7 +254,7 @@ twofactor_webauthn ; # Additional modules can be fetched with: - # NEXTCLOUD_VERSIONS=31 nix run nixpkgs#nc4nix -- -apps "passwords,money,integration_github,integration_gitlab,fileslibreofficeedit" + # NEXTCLOUD_VERSIONS=32 nix run nixpkgs#nc4nix -- -apps "passwords,money,integration_github,integration_gitlab,fileslibreofficeedit" fileslibreofficeedit = pkgs.fetchNextcloudApp { url = "https://github.com/allotropia/nextcloud_files_libreoffice_edit/releases/download/v2.0.1/fileslibreofficeedit.tar.gz"; hash = "sha256-Xqx5snQWintYJG3Q1Crw22TkNw18DdADXkurMQqt3X8="; @@ -275,8 +276,8 @@ license = "agpl3Plus"; }; passwords = pkgs.fetchNextcloudApp { - url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2025.10.0/passwords-lsr-81.tar.gz"; - hash = "sha256-6QKbmm804BN5bANcdH1BbG2oy1nBgnLY5CLidPF44Uk="; + url = "https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2026.3.0/passwords.tar.gz"; + hash = "sha256-YHilpFaZHNCtqLRvTCDhyVoFWLC85Qkj1mMxp08YCho="; license = "agpl3Plus"; }; }; diff --git a/nixos/configurations/ridcully.nix b/nixos/configurations/ridcully.nix index 97a0456..9f3ed57 100644 --- a/nixos/configurations/ridcully.nix +++ b/nixos/configurations/ridcully.nix @@ -10,6 +10,9 @@ openvpn = { elektroline = true; }; + borgjobs = { + hetzner-s3.paths = "/back/hetzner-s3-sync"; + }; }; boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"]; @@ -77,8 +80,44 @@ nix.settings.max-jobs = 4; ############################################################################## - services.syncthing = { - enable = true; - dataDir = "/home/cynerd"; + services = { + syncthing = { + enable = true; + dataDir = "/home/cynerd"; + }; + + octoprint = { + enable = true; + openFirewall = true; + }; + + mjpg-streamer = { + enable = true; + inputPlugin = "input_uvc.so -d /dev/video2 -r 1920x1080 -f 30"; + outputPlugin = "output_http.so -p 5001 -w @www@"; + }; + }; + networking.firewall.allowedTCPPorts = [5001]; + + # Service to synchronize local copy of Hetzner S3 + systemd = { + services."hetzner-sync" = { + script = '' + /run/current-system/sw/bin/rclone --config /run/secrets/rclone-hetzner.conf \ + sync hetzner: /back/hetzner-s3-sync + ''; + serviceConfig = { + Type = "oneshot"; + User = "root"; + }; + }; + timers."hetzner-sync" = { + wantedBy = ["timers.target"]; + timerConfig.Unit = "hetzner-sync.service"; + timerConfig = { + OnCalendar = "daily"; + Persistent = false; + }; + }; }; } diff --git a/nixos/configurations/spt-omnia.nix b/nixos/configurations/spt-omnia.nix index c13956b..c2ef049 100644 --- a/nixos/configurations/spt-omnia.nix +++ b/nixos/configurations/spt-omnia.nix @@ -18,7 +18,6 @@ in { "7c:b0:c2:bb:9c:ca" = hosts.albert; "4c:d5:77:0d:85:d9" = hosts.binky; "b8:27:eb:57:a2:31" = hosts.mpd; - "74:bf:c0:42:82:19" = hosts.printer; }; }; wifiAP.spt = { diff --git a/nixos/configurations/zd-mox.nix b/nixos/configurations/zd-mox.nix index 3796af0..6ce1b6b 100644 --- a/nixos/configurations/zd-mox.nix +++ b/nixos/configurations/zd-mox.nix @@ -1,4 +1,8 @@ -{config, ...}: let +{ + config, + pkgs, + ... +}: let hosts = config.cynerd.hosts.zd; in { system.stateVersion = "25.05"; @@ -14,9 +18,11 @@ in { wan = "pppoe-wan"; lanIP = hosts.mox; staticLeases = { + "4c:d5:77:0d:85:d9" = hosts.binky; "70:85:c2:4a:59:f2" = hosts.ridcully; + "74:bf:c0:42:82:19" = hosts.printer; "f8:dc:7a:79:00:e6" = hosts.tc; - "4c:d5:77:0d:85:d9" = hosts.binky; + "34:94:54:33:6b:48" = hosts.vb; }; }; wireguard = true; @@ -110,9 +116,12 @@ in { # user and password added in secrets ''; }; - systemd.services."pppd-wan" = { - after = ["sys-subsystem-net-devices-end0.848.device"]; - partOf = ["systemd-networkd.service"]; + systemd.services = { + "pppd-wan" = { + requires = ["sys-subsystem-net-devices-end0.848.device"]; + partOf = ["systemd-networkd.service"]; + }; + "systemd-networkd".environment.SYSTEMD_LOG_LEVEL = "debug"; }; # TODO limit NSS clamping to just pppoe-wan networking.firewall.extraForwardRules = '' @@ -140,4 +149,9 @@ in { certs."zd.cynerd.cz" = {}; }; networking.firewall.allowedTCPPorts = [80 443]; + + environment.systemPackages = with pkgs; [ + nmap + tcpdump + ]; } diff --git a/nixos/modules/desktop.nix b/nixos/modules/desktop.nix index 3d8bfb4..c39f9d2 100644 --- a/nixos/modules/desktop.nix +++ b/nixos/modules/desktop.nix @@ -47,6 +47,7 @@ in { waybar swaybackground myswaylock + brightnessctl alacritty nautilus @@ -67,6 +68,7 @@ in { resources isync + davmail msmtp notmuch dodo @@ -102,7 +104,7 @@ in { pulsemixer mpd mpc - ncmpcpp + #ncmpcpp feh shotwell id3lib @@ -146,8 +148,9 @@ in { gimp inkscape blender - #tenacity - #kdePackages.kdenlive + tenacity + kdePackages.kdenlive + qrrs # GStreamer gst_all_1.gstreamer @@ -162,7 +165,6 @@ in { # Writing typst typstyle - typst-live tinymist vale @@ -171,6 +173,7 @@ in { kicad sweethome3d.application qelectrotech + super-slicer ] ++ (optionals cnf.laptop [ # Power management @@ -185,11 +188,9 @@ in { nativeMessagingHosts.packages = with pkgs; [browserpass]; }; - light.enable = mkIf cnf.laptop true; - nix-ld = { enable = true; - libraries = with pkgs; [xorg.libXpm]; + libraries = with pkgs; [libXpm]; }; usbkey = { @@ -204,6 +205,13 @@ in { enable = true; enableSSHSupport = true; enableBrowserSocket = true; + pinentryPackage = pkgs.writeShellScriptBin "pinentry-auto" '' + if [ -n "$WAYLAND_DISPLAY" ] || [ -n "$DISPLAY" ]; then + exec ${pkgs.pinentry-gnome3}/bin/pinentry-gnome3 "$@" + else + exec ${pkgs.pinentry-gnome3}/bin/pinentry-curses "$@" + fi + ''; }; kdeconnect.enable = true; @@ -303,27 +311,30 @@ in { allowedUDPPorts = [3702]; }; - fonts.packages = with pkgs; [ - arkpandora_ttf - corefonts - dejavu_fonts - fira-code - fira-code-symbols - fira-math - fira-mono - fira-sans - font-awesome - freefont_ttf - hack-font - liberation_ttf - libertine - nerd-fonts.hack - noto-fonts - noto-fonts-color-emoji - terminus_font_ttf - ubuntu-classic - unifont - ]; + fonts = { + enableDefaultPackages = true; + packages = with pkgs; [ + arkpandora_ttf + corefonts + dejavu_fonts + fira-code + fira-code-symbols + fira-math + fira-mono + fira-sans + font-awesome + freefont_ttf + hack-font + liberation_ttf + libertine + nerd-fonts.hack + noto-fonts + noto-fonts-color-emoji + terminus_font_ttf + ubuntu-classic + unifont + ]; + }; documentation = { enable = true; diff --git a/nixos/modules/develop.nix b/nixos/modules/develop.nix index bd84a87..587477f 100644 --- a/nixos/modules/develop.nix +++ b/nixos/modules/develop.nix @@ -44,7 +44,7 @@ in { cachix nurl nil - nixfmt-rfc-style + nixfmt alejandra statix deadnix @@ -169,6 +169,9 @@ in { # Images imagemagick + + # S3 + rclone ]; programs.wireshark = { enable = true; @@ -191,6 +194,8 @@ in { SUBSYSTEMS=="usb", ATTRS{idVendor}=="1366", ATTRS{idProduct}=="0105", MODE:="0660", GROUP="develop", SYMLINK+="jlink_%n" SUBSYSTEMS=="usb", ATTRS{idVendor}=="03eb", ATTRS{idProduct}=="2111", MODE:="0660", GROUP="develop", SYMLINK+="cmsip_dap_%n" SUBSYSTEMS=="usb", ATTRS{idVendor}=="1ab1", ATTRS{idProduct}=="0e11", MODE:="0660", GROUP="develop" + SUBSYSTEMS=="usb", ATTRS{idVendor}=="303a", ATTRS{idProduct}=="1001", MODE:="0660", GROUP="develop", TAG+="uaccess" + SUBSYSTEMS=="usb", ATTRS{idVendor}=="303a", ATTRS{idProduct}=="1002", MODE:="0660", GROUP="develop", TAG+="uaccess" ''; guix.enable = true; @@ -203,10 +208,6 @@ in { autoPrune.enable = true; storageDriver = "btrfs"; }; - #lxd = { - # enable = true; - # recommendedSysctlSettings = true; - #}; lxc.enable = true; libvirtd.enable = true; spiceUSBRedirection.enable = true; diff --git a/nixos/modules/gaming.nix b/nixos/modules/gaming.nix index 4f957ed..e939bf2 100644 --- a/nixos/modules/gaming.nix +++ b/nixos/modules/gaming.nix @@ -37,7 +37,7 @@ in { extraPkgs = pkgs: with pkgs; [ ncurses - xorg.libXpm + libxpm flac134 libopus ]; @@ -46,7 +46,7 @@ in { extraPkgs = pkgs: with pkgs; [ ncurses - xorg.libXpm + libxpm flac134 # For Nebuchadnezzar libopus SDL @@ -56,7 +56,7 @@ in { SDL_image SDL_mixer SDL_ttf - glew110 + glew_1_10 libdrm libidn tbb diff --git a/nixos/modules/hosts.nix b/nixos/modules/hosts.nix index bd5a5ab..6d901e0 100644 --- a/nixos/modules/hosts.nix +++ b/nixos/modules/hosts.nix @@ -32,9 +32,14 @@ in { # Network "mox" = "10.8.0.1"; "one0" = "10.8.0.2"; + "camera1" = "10.8.0.21"; + "camera2" = "10.8.0.22"; # Local "ridcully" = "10.8.0.59"; + "dribbler" = "10.8.0.60"; "tc" = "10.8.0.99"; + "vb" = "10.8.0.98"; + "printer" = "10.8.0.90"; # Portable "binky" = "10.8.0.63"; }; @@ -58,7 +63,6 @@ in { # Local "mpd" = "10.8.2.51"; "errol" = "10.8.2.60"; - "printer" = "10.8.2.90"; # Portable "albert" = "10.8.2.61"; "binky" = "10.8.2.63"; diff --git a/nixos/modules/openwrtone.nix b/nixos/modules/openwrtone.nix index 85ddbd2..40c1ed6 100644 --- a/nixos/modules/openwrtone.nix +++ b/nixos/modules/openwrtone.nix @@ -60,7 +60,6 @@ in { kernelParams = [ "fw_devlink=permissive" "clk_ignore_unused" - "pcie_aspm=off" ]; initrd = { diff --git a/nixos/modules/packages.nix b/nixos/modules/packages.nix index f6961af..e97229f 100644 --- a/nixos/modules/packages.nix +++ b/nixos/modules/packages.nix @@ -70,7 +70,7 @@ in { ] ++ optionals isx86_64 [ nmap - #ltrace + ltrace pv screen ] diff --git a/nixos/modules/router.nix b/nixos/modules/router.nix index 01110ae..1c8f4cc 100644 --- a/nixos/modules/router.nix +++ b/nixos/modules/router.nix @@ -178,12 +178,11 @@ in { services.resolved = { enable = true; - #dnssec = "true"; - fallbackDns = ["1.1.1.1" "8.8.8.8"]; - extraConfig = '' - DNSStubListenerExtra=${cnf.lanIP} - DNSStubListenerExtra=192.168.1.1 - ''; + settings.Resolve = { + FallbackDNS = ["1.1.1.1" "8.8.8.8"]; + DNSStubListenerExtra=[cnf.lanIP "192.168.1.1"]; + # TODO possibly enforce DNSSEC again + }; }; }; } diff --git a/nixos/modules/syncthing.nix b/nixos/modules/syncthing.nix index 1148da6..eab61c7 100644 --- a/nixos/modules/syncthing.nix +++ b/nixos/modules/syncthing.nix @@ -58,8 +58,8 @@ in { devices = allDevices; ignorePerms = false; }; - "${baseDir}/pictures" = { - label = "Pictures"; + "${baseDir}/images" = { + label = "Images"; id = "pictures"; devices = bigStorageDevices; ignorePerms = false; diff --git a/nixos/modules/users.nix b/nixos/modules/users.nix index 9c65f8b..24eedb5 100644 --- a/nixos/modules/users.nix +++ b/nixos/modules/users.nix @@ -85,6 +85,8 @@ in { enable = !isArm; defaultEditor = !isArm; withNodeJs = true; + withPython3 = true; + withRuby = true; }; }; diff --git a/nixos/modules/wifi-client.nix b/nixos/modules/wifi-client.nix index b82633d..07eb686 100644 --- a/nixos/modules/wifi-client.nix +++ b/nixos/modules/wifi-client.nix @@ -22,7 +22,8 @@ in { enable = true; networks = config.secrets.wifiNetworks; secretsFile = "/run/secrets/wifi.secrets"; - userControlled.enable = true; + userControlled = true; }; + users.users.cynerd.extraGroups = ["wpa_supplicant"]; }; } |