AtaraxiaDev/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

upgrade system

Browse Source
This commit is contained in:
Dmitriy Kholkin 2023-10-13 19:51:59 +03:00
parent 9f0892d904
commit de5d8f08b8
12 changed files with 48 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
machines/AMD-Workstation/boot.nix
View File

@ -3,7 +3,7 @@ let
zfs_arc_max = toString (6 * 1024 * 1024 * 1024); zfs_arc_max = toString (6 * 1024 * 1024 * 1024);
in { in {
boot = { boot = {
zfs.enableUnstable = true; zfs.enableUnstable = false; # For now, unstable zfs will downgrade kernel
kernelPackages = pkgs.linuxPackages_lqx; kernelPackages = pkgs.linuxPackages_lqx;
initrd = { initrd = {

2
machines/Dell-Laptop/boot.nix
View File

@ -3,7 +3,7 @@ let
zfs_arc_max = toString (2 * 1024 * 1024 * 1024); zfs_arc_max = toString (2 * 1024 * 1024 * 1024);
in { in {
boot = { boot = {
zfs.enableUnstable = true; zfs.enableUnstable = false; # For now, unstable zfs will downgrade kernel
kernelPackages = pkgs.linuxPackages_lqx; kernelPackages = pkgs.linuxPackages_lqx;
initrd = { initrd = {

4
modules/applications.nix
View File

@ -14,11 +14,11 @@ with config.deviceSpecific;
}; };
startupApplications = mkOption { startupApplications = mkOption {
type = listOf path; type = listOf str;
description = "Applications to run on startup"; description = "Applications to run on startup";
}; };
}; };
config = rec { config = {
defaultApplications = {}; defaultApplications = {};
}; };
} }

8
profiles/applications/games/steam.nix
View File

@ -3,10 +3,10 @@
programs.steam.extraCompatPackages = [ programs.steam.extraCompatPackages = [
pkgs.proton-ge pkgs.proton-ge
]; ];
programs.gamescope.enable = true;
programs.gamescope.capSysNice = false;
startupApplications = [ startupApplications = [ "steam" ];
"${pkgs.steam}/bin/steam"
];
systemd.user.services.x11-ownership = { systemd.user.services.x11-ownership = {
script = '' script = ''
@ -23,6 +23,6 @@
# Games configs # Games configs
".config/WarThunder" ".config/WarThunder"
".local/share/BeamNG.drive" ".local/share/BeamNG.drive"
".local/share/Colossal Order/Cities_Skylines" ".local/share/Colossal\\ Order/Cities_Skylines"
]; ];
} }

11
profiles/hardware.nix
View File

@ -4,28 +4,23 @@ with config.deviceSpecific; {
hardware.cpu.${devInfo.cpu.vendor}.updateMicrocode = true; hardware.cpu.${devInfo.cpu.vendor}.updateMicrocode = true;
hardware.enableRedistributableFirmware = true; hardware.enableRedistributableFirmware = true;
nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
hardware.opengl = { hardware.opengl = {
enable = true; enable = true;
driSupport = true; driSupport = true;
driSupport32Bit = true; driSupport32Bit = true;
extraPackages = if devInfo.gpu.vendor == "intel" then [ extraPackages = if devInfo.gpu.vendor == "intel" then [
pkgs.intel-media-driver pkgs.intel-media-driver
pkgs.intel-vaapi-driver
pkgs.libvdpau-va-gl
] else if devInfo.gpu.vendor == "amd" then [ ] else if devInfo.gpu.vendor == "amd" then [
# pkgs.amdvlk
pkgs.rocm-opencl-icd pkgs.rocm-opencl-icd
pkgs.rocm-opencl-runtime pkgs.rocm-opencl-runtime
] else [ ]; ] else [ ];
extraPackages32 = lib.mkIf (devInfo.gpu.vendor == "amd") [
# pkgs.driversi686Linux.amdvlk
];
}; };
environment.sessionVariables = if (devInfo.gpu.vendor == "intel") then { environment.sessionVariables = if (devInfo.gpu.vendor == "intel") then {
GST_VAAPI_ALL_DRIVERS = "1"; GST_VAAPI_ALL_DRIVERS = "1";
LIBVA_DRIVER_NAME = "iHD"; LIBVA_DRIVER_NAME = "iHD";
VDPAU_DRIVER = "va_gl";
} else if (devInfo.gpu.vendor == "amd") then { } else if (devInfo.gpu.vendor == "amd") then {
AMD_VULKAN_ICD = "RADV"; AMD_VULKAN_ICD = "RADV";
} else {}; } else {};

7
profiles/nix/default.nix
View File

@ -1,6 +1,5 @@
{ config, lib, pkgs, inputs, ... }: { config, lib, pkgs, inputs, ... }: {
with config.deviceSpecific; { nix = {
nix = rec {
nixPath = lib.mkForce [ "self=/etc/self/compat" "nixpkgs=/etc/nixpkgs" ]; nixPath = lib.mkForce [ "self=/etc/self/compat" "nixpkgs=/etc/nixpkgs" ];
registry.self.flake = inputs.self; registry.self.flake = inputs.self;
@ -31,6 +30,7 @@ with config.deviceSpecific; {
"https://cache.ataraxiadev.com/ataraxiadev" "https://cache.ataraxiadev.com/ataraxiadev"
"https://numtide.cachix.org" "https://numtide.cachix.org"
"https://devenv.cachix.org" "https://devenv.cachix.org"
"https://ezkea.cachix.org"
]; ];
trusted-public-keys = [ trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=" "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
@ -41,6 +41,7 @@ with config.deviceSpecific; {
"ataraxiadev:/V5bNjSzHVGx6r2XA2fjkgUYgqoz9VnrAHq45+2FJAs=" "ataraxiadev:/V5bNjSzHVGx6r2XA2fjkgUYgqoz9VnrAHq45+2FJAs="
"numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE=" "numtide.cachix.org-1:2ps1kLBUWjxIneOy1Ik6cQjb41X0iXVXeHigGmycPPE="
"devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw=" "devenv.cachix.org-1:w1cLUi8dv3hnoSPGAuibQv+f9TZLr6cv/Hm9XgU50cw="
"ezkea.cachix.org-1:ioBmUbJTZIKsHmWWXPe1FSFbeVe+afhfgqgTSNd34eI="
]; ];
trusted-users = [ "root" config.mainuser "deploy" "@wheel" ]; trusted-users = [ "root" config.mainuser "deploy" "@wheel" ];
use-xdg-base-directories = true; use-xdg-base-directories = true;

21
profiles/overlay.nix
View File

@ -36,18 +36,16 @@ with lib; {
xray = master.xray; xray = master.xray;
youtube-to-mpv = prev.callPackage ./packages/youtube-to-mpv.nix { term = config.defaultApplications.term.cmd; }; youtube-to-mpv = prev.callPackage ./packages/youtube-to-mpv.nix { term = config.defaultApplications.term.cmd; };
yt-dlp = master.yt-dlp; yt-dlp = master.yt-dlp;
steam = master.steam.override { steam = prev.steam.override {
extraPkgs = pkgs: with pkgs; [ mono libkrb5 keyutils ]; extraPkgs = pkgs: with pkgs; [ mono libkrb5 keyutils ];
}; };
spotifywm = prev.spotifywm.override { spotify = pkgs.spotify-spotx; };
intel-vaapi-driver = pkgs.intel-vaapi-driver.override { enableHybridCodec = true; };
neatvnc = prev.neatvnc.overrideAttrs (oa: { neatvnc = prev.neatvnc.overrideAttrs (oa: {
patches = [ ../patches/neatvnc.patch ] ++ oa.patches or [ ]; patches = [ ../patches/neatvnc.patch ] ++ oa.patches or [ ];
}); });
nix = inputs.nix.packages.${system}.default.overrideAttrs (oa: {
doInstallCheck = false;
patches = [ ./nix/doas.patch ] ++ oa.patches or [ ];
});
nix-direnv = inputs.nix-direnv.packages.${system}.default.override { nix = final.nix; }; nix-direnv = inputs.nix-direnv.packages.${system}.default.override { nix = final.nix; };
pass-secret-service = prev.pass-secret-service.overrideAttrs (_: { pass-secret-service = prev.pass-secret-service.overrideAttrs (_: {
@ -76,20 +74,7 @@ with lib; {
yandex-taxi-py = prev.writers.writePython3 "yandex-taxi.py" { yandex-taxi-py = prev.writers.writePython3 "yandex-taxi.py" {
libraries = with prev.python3Packages; [ requests ]; libraries = with prev.python3Packages; [ requests ];
} ./packages/yandex-taxi-py.nix; } ./packages/yandex-taxi-py.nix;
# can't build with nix 2.17
nixos-option = stable.nixos-option;
nil = stable.nil;
} }
) )
]; ];
nixpkgs.config = {
allowUnfree = true;
android_sdk.accept_license = true;
# vscode-server requires nodejs_16
# permittedInsecurePackages = [
# "nodejs-16.20.1"
# ];
};
} }

9
profiles/servers/authentik.nix
View File

@ -3,14 +3,15 @@ let
backend = config.virtualisation.oci-containers.backend; backend = config.virtualisation.oci-containers.backend;
data-dir = "/srv/authentik"; data-dir = "/srv/authentik";
pod-name = "authentik-pod"; pod-name = "authentik-pod";
pod-dns = "127.0.0.1";
open-ports = [ open-ports = [
# authentik # authentik
"9000:9000/tcp" "9443:9443/tcp" "127.0.0.1:9000:9000/tcp" "127.0.0.1:9443:9443/tcp"
# ldap # ldap
"389:3389/tcp" "636:6636/tcp" "127.0.0.1:389:3389/tcp" "127.0.0.1:636:6636/tcp"
]; ];
owner = "1000"; owner = "1000";
authentik-version = "2023.5.4"; authentik-version = "2023.8.3";
in { in {
secrets.authentik-env.services = [ "${backend}-authentik-server.service" ]; secrets.authentik-env.services = [ "${backend}-authentik-server.service" ];
secrets.authentik-ldap.services = [ "${backend}-authentik-ldap.service" ]; secrets.authentik-ldap.services = [ "${backend}-authentik-ldap.service" ];
@ -93,7 +94,7 @@ in {
systemd.services."podman-create-${pod-name}" = let systemd.services."podman-create-${pod-name}" = let
portsMapping = lib.concatMapStrings (port: " -p " + port) open-ports; portsMapping = lib.concatMapStrings (port: " -p " + port) open-ports;
start = pkgs.writeShellScript "create-pod" '' start = pkgs.writeShellScript "create-pod" ''
podman pod exists ${pod-name} || podman pod create -n ${pod-name} ${portsMapping} podman pod exists ${pod-name} || podman pod create -n ${pod-name} ${portsMapping} --dns ${pod-dns}
''; '';
stop = "podman pod rm -i -f ${pod-name}"; stop = "podman pod rm -i -f ${pod-name}";
in rec { in rec {

29
profiles/servers/nginx.nix
View File

@ -66,7 +66,7 @@ in {
"joplin.ataraxiadev.com" "joplin.ataraxiadev.com"
"api.ataraxiadev.com" "api.ataraxiadev.com"
"fsync.ataraxiadev.com" "fsync.ataraxiadev.com"
# "auth.ataraxiadev.com" "auth.ataraxiadev.com"
"sonarr.ataraxiadev.com" "sonarr.ataraxiadev.com"
"radarr.ataraxiadev.com" "radarr.ataraxiadev.com"
"file.ataraxiadev.com" "file.ataraxiadev.com"
@ -79,6 +79,7 @@ in {
"cache.ataraxiadev.com" "cache.ataraxiadev.com"
"docs.ataraxiadev.com" "docs.ataraxiadev.com"
"cal.ataraxiadev.com" "cal.ataraxiadev.com"
"wg.ataraxiadev.com"
"wiki.ataraxiadev.com" "wiki.ataraxiadev.com"
"matrix.ataraxiadev.com" "matrix.ataraxiadev.com"
@ -98,9 +99,11 @@ in {
services.nginx = { services.nginx = {
enable = true; enable = true;
group = "acme"; group = "acme";
recommendedOptimisation = true; recommendedBrotliSettings = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
recommendedZstdSettings = true;
clientMaxBodySize = "250m"; clientMaxBodySize = "250m";
commonHttpConfig = '' commonHttpConfig = ''
proxy_hide_header X-Frame-Options; proxy_hide_header X-Frame-Options;
@ -344,14 +347,20 @@ in {
extraConfig = proxySettings; extraConfig = proxySettings;
}; };
} // default; } // default;
# "auth.ataraxiadev.com" = { "auth.ataraxiadev.com" = {
# locations."/" = { locations."/" = {
# proxyPass = "http://127.0.0.1:9000"; proxyPass = "http://127.0.0.1:9000";
# proxyWebsockets = true; proxyWebsockets = true;
# extraConfig = proxySettings; extraConfig = proxySettings;
# }; };
# } // default; } // default;
"ldap.ataraxiadev.com" = default; "ldap.ataraxiadev.com" = default;
"wg.ataraxiadev.com" = {
locations."/" = {
proxyPass = "http://127.0.0.1:${toString config.services.headscale.port}";
proxyWebsockets = true;
};
} // default;
"api.ataraxiadev.com" = { "api.ataraxiadev.com" = {
locations."~ (\\.py|\\.sh)$" = with config.services; { locations."~ (\\.py|\\.sh)$" = with config.services; {
alias = "/srv/http/api.ataraxiadev.com"; alias = "/srv/http/api.ataraxiadev.com";
@ -377,7 +386,7 @@ in {
proxyPass = "http://127.0.0.1:8190"; proxyPass = "http://127.0.0.1:8190";
extraConfig = proxySettings; extraConfig = proxySettings;
}; };
}; } // default;
}; };
}; };

8
profiles/workspace/hyprland/default.nix
View File

@ -74,21 +74,17 @@ in with config.deviceSpecific; with lib; {
col.active_border=0xAA${thm.base08-hex} col.active_border=0xAA${thm.base08-hex}
col.inactive_border=0xAA${thm.base0A-hex} col.inactive_border=0xAA${thm.base0A-hex}
# layout=dwindle # Available: dwindle, master, default is dwindle # layout=dwindle # Available: dwindle, master, default is dwindle
# no_cursor_warps=true
sensitivity=1 sensitivity=1
col.group_border=0xCC${thm.base0A-hex} col.nogroup_border=0xCC${thm.base0A-hex}
col.group_border_active=0xAA${thm.base08-hex} col.nogroup_border_active=0xAA${thm.base08-hex}
} }
decoration { decoration {
# rounding=8
rounding=0 rounding=0
multisample_edges=true
active_opacity=0.92 active_opacity=0.92
inactive_opacity=0.75 inactive_opacity=0.75
fullscreen_opacity=1.0 fullscreen_opacity=1.0
drop_shadow=true drop_shadow=true
shadow_range=12 shadow_range=12
# shadow_render_power=int # (1 - 4), in what power to render the falloff (more power, the faster the falloff)
shadow_ignore_window=true shadow_ignore_window=true
col.shadow=0xAA${thm.base08-hex} col.shadow=0xAA${thm.base08-hex}
shadow_offset=0 0 shadow_offset=0 0

4
profiles/workspace/misc.nix
View File

@ -19,7 +19,6 @@ with config.deviceSpecific; {
home-manager.users.${config.mainuser} = { home-manager.users.${config.mainuser} = {
news.display = "silent"; news.display = "silent";
systemd.user.startServices = true; systemd.user.startServices = true;
nixpkgs.config.allowUnfree = true;
services.udiskie.enable = !isServer; services.udiskie.enable = !isServer;
services.gammastep = { services.gammastep = {
enable = !isServer; enable = !isServer;
@ -31,6 +30,9 @@ with config.deviceSpecific; {
systemd.user.services.gammastep = { systemd.user.services.gammastep = {
Install.WantedBy = lib.mkForce []; Install.WantedBy = lib.mkForce [];
}; };
xdg.configFile."nixpkgs/config.nix".text = ''
{ allowUnfree = true; android_sdk.accept_license = true; }
'';
}; };
systemd.services.systemd-timesyncd.wantedBy = [ "multi-user.target" ]; systemd.services.systemd-timesyncd.wantedBy = [ "multi-user.target" ];

1
profiles/workspace/zsh/default.nix
View File

@ -82,6 +82,7 @@
"latree" = "${pkgs.eza}/bin/eza -lahgFT@ --git"; "latree" = "${pkgs.eza}/bin/eza -lahgFT@ --git";
# "gif2webm" = "(){ ${pkgs.ffmpeg.bin}/bin/ffmpeg -i $1 -c:v libvpx-vp9 -crf 20 -b:v 0 $1.webm ;}"; # "gif2webm" = "(){ ${pkgs.ffmpeg.bin}/bin/ffmpeg -i $1 -c:v libvpx-vp9 -crf 20 -b:v 0 $1.webm ;}";
"t" = "${pkgs.translate-shell}/bin/trans"; "t" = "${pkgs.translate-shell}/bin/trans";
"steam-gamescope" = "gamescope -b --steam -- steam -pipewire-dmabuf";
}; };
initExtra = '' initExtra = ''
setopt HIST_IGNORE_SPACE setopt HIST_IGNORE_SPACE