coolneng/panacea
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: coolneng:master
Branches Tags
coolneng:master
..
compare: coolneng:81ab7ebad268ad02bae6b75b51e938dcff282983
Branches Tags
coolneng:master

1 Commits
master ... 81ab7ebad2

Author SHA1 Message Date
coolneng
81ab7ebad2 Bump dependencies 2021-09-07 10:05:48 +02:00
30 changed files with 460 additions and 1312 deletions
Expand all files Collapse all files

4
.git-crypt/.gitattributes vendored Normal file
View File

@@ -0,0 +1,4 @@
# Do not edit this file. To specify the files to encrypt, create your own
# .gitattributes file in the directory where your files are.
* !filter !diff
*.gpg binary

BIN
.git-crypt/keys/default/0/95AD2F7000D86DB48D999E8A9893DA236405AF57.gpg Normal file
View File

Binary file not shown.

4
.gitattributes vendored
View File

@@ -1,5 +1 @@
secrets/soundcloud_token filter=git-crypt diff=git-crypt secrets/soundcloud_token filter=git-crypt diff=git-crypt
secrets/bandcamp_token filter=git-crypt diff=git-crypt
assets/bitwig/activation.bwreg filter=lfs diff=lfs merge=lfs -text
assets/bitwig/bitwig-studio.deb filter=lfs diff=lfs merge=lfs -text
assets/bitwig/bitwig.jar filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored
View File

@@ -1 +0,0 @@
!*.jar

5
Makefile
View File

@@ -1,9 +1,8 @@
switch: switch:
nixos-rebuild switch --target-host root@localhost \ sudo nixos-rebuild switch --flake .
--build-host root@localhost --flake path://$(PWD)#panacea
update: update:
nix flake update --commit-lock-file nix flake update .
upgrade: upgrade:
make update && make switch make update && make switch

BIN
assets/bitwig/activation.bwreg LFS
View File

Binary file not shown.

BIN
assets/bitwig/bitwig-studio.deb LFS
View File

Binary file not shown.

BIN
assets/bitwig/bitwig.jar LFS
View File

Binary file not shown.

8
cachix/nix-community.nix Normal file
View File

@@ -0,0 +1,8 @@
{
nix = {
binaryCaches = [ "https://nix-community.cachix.org" ];
binaryCachePublicKeys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
};
}

149
configuration.nix
View File

@@ -1,60 +1,46 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
inputs,
...
}:
with pkgs;
{ {
# Kernel configuration # Kernel configuration
boot = { boot = {
blacklistedKernelModules = [ kernelPackages = pkgs.linuxPackages_zen;
"btusb" kernelParams =
"bluetooth" [ "zfs.zfs_arc_max=1073741824 zfs.zfs_arc_meta_limit_percent=90" ];
]; kernelModules = [ "i915" "acpi_call" "kvm-intel" ];
kernelParams = [ extraModulePackages = with config.boot.kernelPackages; [ acpi_call ];
"zfs.zfs_arc_max=8589934592" blacklistedKernelModules = [ "btusb" ];
"zfs.zfs_arc_min=1073741824"
];
supportedFilesystems = [ "zfs" ]; supportedFilesystems = [ "zfs" ];
zfs = { zfs = {
requestEncryptionCredentials = true; requestEncryptionCredentials = true;
package = zfs_unstable; enableUnstable = true;
}; };
}; };
# Device firmware updates # Intel CPU tweaks
hardware.cpu.intel.updateMicrocode =
lib.mkDefault config.hardware.enableRedistributableFirmware;
services.fwupd.enable = true; services.fwupd.enable = true;
# Secure boot using lanzaboote hardware.opengl.extraPackages = with pkgs; [
vaapiIntel
vaapiVdpau
libvdpau-va-gl
];
# Bootloader configuration
boot.loader = { boot.loader = {
efi.canTouchEfiVariables = true; efi.canTouchEfiVariables = true;
systemd-boot = { systemd-boot = {
enable = false; enable = true;
configurationLimit = 50; configurationLimit = 50;
editor = false; editor = false;
}; };
timeout = 3; timeout = 3;
}; };
boot.lanzaboote = {
enable = true;
pkiBundle = "/etc/secureboot";
};
# Run Nix garbage collector and enable flakes # Run Nix garbage collector and enable flakes
nix = { nix = {
settings = { autoOptimiseStore = true;
auto-optimise-store = true;
trusted-users = [
"root"
"coolneng"
];
lazy-trees = true;
eval-cores = 2;
};
gc = { gc = {
automatic = true; automatic = true;
options = "--delete-older-than 7d"; options = "--delete-older-than 7d";
@@ -66,13 +52,20 @@ with pkgs;
gc-keep-outputs = true gc-keep-outputs = true
experimental-features = nix-command flakes experimental-features = nix-command flakes
''; '';
package = pkgs.nixUnstable;
}; };
# Clean tmp directory on shutdown # Clean tmp directory on shutdown
boot.tmp.cleanOnBoot = true; boot.cleanTmpDir = true;
# Keep logs for a month # Rotate logs after 7 days
services.journald.extraConfig = "MaxRetentionSec=4week"; services.journald.extraConfig = "SystemMaxFiles=7";
# Allow propietary software and build packages with Pulseaudio support
nixpkgs.config = {
allowUnfree = true;
pulseaudio = true;
};
# Scrub zpool monthly # Scrub zpool monthly
services.zfs.autoScrub = { services.zfs.autoScrub = {
@@ -85,90 +78,24 @@ with pkgs;
services.chrony.enable = true; services.chrony.enable = true;
# NixOS version # NixOS version
system.stateVersion = "24.05"; system.stateVersion = "20.09";
# Create coolneng user # Create coolneng user
users.users.coolneng = { users.users.coolneng = {
isNormalUser = true; isNormalUser = true;
home = "/home/coolneng"; home = "/home/coolneng";
extraGroups = [ extraGroups = [ "wheel" "video" "audio" "libvirtd" "lp" ];
"wheel" shell = pkgs.fish;
"video"
"audio"
"lp"
];
shell = fish;
}; };
# Set shell for root user # Set shell for root user
users.users.root.shell = fish; users.users.root.shell = pkgs.fish;
# Specify secrets # Specify secrets
age = { age = {
secrets.wireguard = { secrets.wireguard.file = secrets/wireguard.age;
file = secrets/wireguard.age;
owner = "systemd-network";
group = "systemd-network";
};
secrets.syncthing.file = secrets/syncthing.age; secrets.syncthing.file = secrets/syncthing.age;
secrets.msmtp.file = secrets/msmtp.age; sshKeyPaths = [ "/etc/ssh/id_ed25519" ];
identityPaths = [ "/etc/ssh/id_ed25519" ];
};
# Use same version of nixpkgs for nix-shell
nix.nixPath =
let
path = toString ./.;
in
[
"nixpkgs=${inputs.nixpkgs}"
"nixos-config=${path}/configuration.nix"
];
# Auto-upgrade the system
system.autoUpgrade = {
enable = true;
dates = "22:30";
flake = "/home/coolneng/Projects/panacea";
flags = [
"--update-input"
"nixpkgs"
"--commit-lock-file"
];
};
# Add required dependencies to the auto-upgrade service
systemd.services.nixos-upgrade.path = [
coreutils
gnutar
xz.bin
gzip
gitMinimal
config.nix.package.out
config.programs.ssh.package
git-crypt
git-lfs
inputs.agenix.packages.${config.nixpkgs.localSystem.system}.default
];
# Configure git for auto-upgrade
programs.git = {
enable = true;
config = {
user.name = "coolneng";
user.email = "akasroua@gmail.com";
safe.directory = "/home/coolneng/Projects/panacea";
};
};
# Enable fish package completion
programs.fish.enable = true;
# Enable nix-index
programs.command-not-found.enable = false;
programs.nix-index = {
enable = true;
enableFishIntegration = true;
}; };
# Import other configuration modules # Import other configuration modules
@@ -183,8 +110,8 @@ with pkgs;
./modules/printing.nix ./modules/printing.nix
./modules/periodic.nix ./modules/periodic.nix
./modules/power.nix ./modules/power.nix
./modules/monitoring.nix ./modules/cachix.nix
./modules/latest-zfs-kernel.nix ./overlays/emacs.nix
]; ];
} }

471
flake.lock generated
View File

@@ -2,19 +2,16 @@
"nodes": { "nodes": {
"agenix": { "agenix": {
"inputs": { "inputs": {
"darwin": "darwin",
"home-manager": "home-manager",
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ]
"systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1762618334, "lastModified": 1627822587,
"narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=", "narHash": "sha256-AAFgsVe/ahLh1Ij2o98x6IMxz3Z+Tr97bFwa4nthB1w=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "fcdea223397448d35d9b31f798479227e80183f6", "rev": "e6752e7b8592502df42066f156165471e62d902d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -23,475 +20,41 @@
"type": "github" "type": "github"
} }
}, },
"crane": { "emacs-overlay": {
"locked": { "locked": {
"lastModified": 1765739568, "lastModified": 1630976301,
"narHash": "sha256-gQYx35Of4UDKUjAYvmxjUEh/DdszYeTtT6MDin4loGE=", "narHash": "sha256-SRDp+8b8ZZN3XTpExgXFipH/fGiKeuICgUT8SCekFyc=",
"owner": "ipetkov",
"repo": "crane",
"rev": "67d2baff0f9f677af35db61b32b5df6863bcc075",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"cyrus-sasl-xoauth2": {
"flake": false,
"locked": {
"lastModified": 1611713742,
"narHash": "sha256-IaH8tNUhM0lUOmFiG4G9cGzsuM9mTWfQrzoQ78MIgZ0=",
"owner": "robn",
"repo": "sasl2-oauth",
"rev": "4236b6fb904d836b85b55ba32128b843fd8c2362",
"type": "github"
},
"original": {
"owner": "robn",
"repo": "sasl2-oauth",
"type": "github"
}
},
"darwin": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1744478979,
"narHash": "sha256-dyN+teG9G82G+m+PX/aSAagkC+vUv0SgUw3XkPhQodQ=",
"owner": "lnl7",
"repo": "nix-darwin",
"rev": "43975d782b418ebf4969e9ccba82466728c2851b",
"type": "github"
},
"original": {
"owner": "lnl7",
"ref": "master",
"repo": "nix-darwin",
"type": "github"
}
},
"determinate": {
"inputs": {
"determinate-nixd-aarch64-darwin": "determinate-nixd-aarch64-darwin",
"determinate-nixd-aarch64-linux": "determinate-nixd-aarch64-linux",
"determinate-nixd-x86_64-linux": "determinate-nixd-x86_64-linux",
"nix": "nix",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1765254444,
"narHash": "sha256-kAO/ZeBnjaF+uqOP6qweXlRk2ylocLuv/9Dn8FsuPlU=",
"rev": "3ccc0297525e51ac3d7905509e0616c9c8350108",
"revCount": 316,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/DeterminateSystems/determinate/3.14.0/019b0160-c5de-7941-9c26-cb47bc17eec3/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/DeterminateSystems/determinate/%2A"
}
},
"determinate-nixd-aarch64-darwin": {
"flake": false,
"locked": {
"narHash": "sha256-6PWoqx52nvlWzlElTjcn7KAPKitfcKZYEFSsC3PoEoE=",
"type": "file",
"url": "https://install.determinate.systems/determinate-nixd/tag/v3.14.0/macOS"
},
"original": {
"type": "file",
"url": "https://install.determinate.systems/determinate-nixd/tag/v3.14.0/macOS"
}
},
"determinate-nixd-aarch64-linux": {
"flake": false,
"locked": {
"narHash": "sha256-b1e25BUPL7Qf0QVbYlfZ/+QiClrP/SHIjMPtA47aOLc=",
"type": "file",
"url": "https://install.determinate.systems/determinate-nixd/tag/v3.14.0/aarch64-linux"
},
"original": {
"type": "file",
"url": "https://install.determinate.systems/determinate-nixd/tag/v3.14.0/aarch64-linux"
}
},
"determinate-nixd-x86_64-linux": {
"flake": false,
"locked": {
"narHash": "sha256-8EI2f8IftPcRFlR6K4+cpIEAVf5UIeMCjHysEtVqDw0=",
"type": "file",
"url": "https://install.determinate.systems/determinate-nixd/tag/v3.14.0/x86_64-linux"
},
"original": {
"type": "file",
"url": "https://install.determinate.systems/determinate-nixd/tag/v3.14.0/x86_64-linux"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1761588595,
"narHash": "sha256-XKUZz9zewJNUj46b4AJdiRZJAvSZ0Dqj2BNfXvFlJC4=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "f387cd2afec9419c8ee37694406ca490c3f34ee5",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"determinate",
"nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1748821116,
"narHash": "sha256-F82+gS044J1APL0n4hH50GYdPRv/5JWm34oCJYmVKdE=",
"rev": "49f0870db23e8c1ca0b5259734a02cd9e1e371a1",
"revCount": 377,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/hercules-ci/flake-parts/0.1.377%2Brev-49f0870db23e8c1ca0b5259734a02cd9e1e371a1/01972f28-554a-73f8-91f4-d488cc502f08/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/hercules-ci/flake-parts/0.1"
}
},
"git-hooks-nix": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": [
"determinate",
"nix"
],
"nixpkgs": [
"determinate",
"nix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1747372754,
"narHash": "sha256-2Y53NGIX2vxfie1rOW0Qb86vjRZ7ngizoo+bnXU9D9k=",
"rev": "80479b6ec16fefd9c1db3ea13aeb038c60530f46",
"revCount": 1026,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/cachix/git-hooks.nix/0.1.1026%2Brev-80479b6ec16fefd9c1db3ea13aeb038c60530f46/0196d79a-1b35-7b8e-a021-c894fb62163d/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/cachix/git-hooks.nix/0.1.941"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"pre-commit",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
"agenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1745494811,
"narHash": "sha256-YZCh2o9Ua1n9uCvrvi5pRxtuVNml8X2a03qIFfRKpFs=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "emacs-overlay",
"rev": "abfad3d2958c9e6300a883bd443512c55dfeb1be", "rev": "ff588e63db43e6bb9d9f6e876ed94c976d031ac8",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "emacs-overlay",
"type": "github"
}
},
"lanzaboote": {
"inputs": {
"crane": "crane",
"nixpkgs": [
"nixpkgs"
],
"pre-commit": "pre-commit",
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1765887029,
"narHash": "sha256-s6LGO6kMlHRdnspV0LReSi47iaYaJ/Oveb4rM9fklPM=",
"owner": "nix-community",
"repo": "lanzaboote",
"rev": "5a8c9b5339588bb6ec388da5d0a6e701a46a82c4",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "lanzaboote",
"type": "github"
}
},
"local-bitwig": {
"flake": false,
"locked": {
"lastModified": 1765321606,
"narHash": "sha256-WteEWi5GPrGGfzLNTEmgQaH5/DAT/zeZofbBE6D+Po8=",
"path": "/home/coolneng/Projects/panacea/assets/bitwig",
"type": "path"
},
"original": {
"path": "/home/coolneng/Projects/panacea/assets/bitwig",
"type": "path"
}
},
"nix": {
"inputs": {
"flake-parts": "flake-parts",
"git-hooks-nix": "git-hooks-nix",
"nixpkgs": "nixpkgs",
"nixpkgs-23-11": "nixpkgs-23-11",
"nixpkgs-regression": "nixpkgs-regression"
},
"locked": {
"lastModified": 1765252170,
"narHash": "sha256-p98D44tYJMgB5Qet5S8cTQFdffk/GmoaGkpQtZ3hqJU=",
"rev": "1ddd28880651054346c34009d7bb9de36f1db2c1",
"revCount": 23362,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nix-src/3.14.0/019b0159-8907-7fab-a120-9d287c7e6d2e/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/DeterminateSystems/nix-src/%2A"
}
},
"nix-index-database": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1765267181,
"narHash": "sha256-d3NBA9zEtBu2JFMnTBqWj7Tmi7R5OikoU2ycrdhQEws=",
"owner": "Mic92",
"repo": "nix-index-database",
"rev": "82befcf7dc77c909b0f2a09f5da910ec95c5b78f",
"type": "github"
},
"original": {
"owner": "Mic92",
"repo": "nix-index-database",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1764440730,
"narHash": "sha256-ZlJTNLUKQRANlLDomuRWLBCH5792x+6XUJ4YdFRjtO4=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "9154f4569b6cdfd3c595851a6ba51bfaa472d9f3",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixos-hardware",
"type": "github" "type": "github"
} }
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1761597516, "lastModified": 1630850248,
"narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=", "narHash": "sha256-OzJi6Olf7mSVhGt3W7qOMVP5Qk1lH60zlHeCcITzfv0=",
"rev": "daf6dc47aa4b44791372d6139ab7b25269184d55",
"revCount": 811874,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.2505.811874%2Brev-daf6dc47aa4b44791372d6139ab7b25269184d55/019a3494-3498-707e-9086-1fb81badc7fe/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/NixOS/nixpkgs/0.2505"
}
},
"nixpkgs-23-11": {
"locked": {
"lastModified": 1717159533,
"narHash": "sha256-oamiKNfr2MS6yH64rUn99mIZjc45nGJlj9eGth/3Xuw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446", "rev": "23d5823337f4502dfa17e192d8c53a47cabcb6b4",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "id": "nixpkgs",
"repo": "nixpkgs",
"rev": "a62e6edd6d5e1fa0329b8653c801147986f8d446",
"type": "github"
}
},
"nixpkgs-regression": {
"locked": {
"lastModified": 1643052045,
"narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
},
"original": {
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1764611609,
"narHash": "sha256-yU9BNcP0oadUKupw0UKmO9BKDOVIg9NStdJosEbXf8U=",
"rev": "8c29968b3a942f2903f90797f9623737c215737c",
"revCount": 905078,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/DeterminateSystems/nixpkgs-weekly/0.1.905078%2Brev-8c29968b3a942f2903f90797f9623737c215737c/019add91-3add-7a0d-8a25-9569cbe01efe/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/DeterminateSystems/nixpkgs-weekly/0.1"
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1766309749,
"narHash": "sha256-3xY8CZ4rSnQ0NqGhMKAy5vgC+2IVK0NoVEzDoOh4DA4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a6531044f6d0bef691ea18d4d4ce44d0daa6e816",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable", "ref": "nixos-unstable",
"repo": "nixpkgs", "type": "indirect"
"type": "github"
}
},
"pre-commit": {
"inputs": {
"flake-compat": "flake-compat_2",
"gitignore": "gitignore",
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1765464257,
"narHash": "sha256-dixPWKiHzh80PtD0aLuxYNQ0xP+843dfXG/yM3OzaYQ=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "09e45f2598e1a8499c3594fe11ec2943f34fe509",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
} }
}, },
"root": { "root": {
"inputs": { "inputs": {
"agenix": "agenix", "agenix": "agenix",
"cyrus-sasl-xoauth2": "cyrus-sasl-xoauth2", "emacs-overlay": "emacs-overlay",
"determinate": "determinate", "nixpkgs": "nixpkgs"
"lanzaboote": "lanzaboote",
"local-bitwig": "local-bitwig",
"nix-index-database": "nix-index-database",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_3"
}
},
"rust-overlay": {
"inputs": {
"nixpkgs": [
"lanzaboote",
"nixpkgs"
]
},
"locked": {
"lastModified": 1765680428,
"narHash": "sha256-fyPmRof9SZeI14ChPk5rVPOm7ISiiGkwGCunkhM+eUg=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "eb3898d8ef143d4bf0f7f2229105fc51c7731b2f",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
} }
} }
}, },

75
flake.nix
View File

@@ -1,82 +1,31 @@
{ {
description = "System configuration for panacea"; description = "System configuration for panacea";
nixConfig = {
extra-substituters = "https://cachix.cachix.org https://nix-community.cachix.org https://install.determinate.systems";
extra-trusted-public-keys = ''
cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=
nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=
cache.flakehub.com-3:hJuILl5sVK4iKm86JzgdXW12Y2Hwd5G07qKtHTOcDCM=
'';
};
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable"; nixpkgs.url = "nixpkgs/nixos-unstable";
nixos-hardware.url = "github:NixOS/nixos-hardware"; agenix.url = "github:ryantm/agenix";
agenix = { agenix.inputs.nixpkgs.follows = "nixpkgs";
url = "github:ryantm/agenix"; emacs-overlay.url = "github:nix-community/emacs-overlay";
inputs.nixpkgs.follows = "nixpkgs";
};
cyrus-sasl-xoauth2 = {
url = "github:robn/sasl2-oauth";
flake = false;
};
nix-index-database = {
url = "github:Mic92/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";
};
lanzaboote = {
url = "github:nix-community/lanzaboote";
inputs.nixpkgs.follows = "nixpkgs";
};
determinate.url = "https://flakehub.com/f/DeterminateSystems/determinate/*";
local-bitwig = {
url = "path:/home/coolneng/Projects/panacea/assets/bitwig";
flake = false;
};
}; };
outputs = outputs = { self, nixpkgs, agenix, ... }@inputs:
{ self, nixpkgs, ... }@inputs:
let let
system = "x86_64-linux"; system = "x86_64-linux";
pkgs = import nixpkgs { pkgs = import pkgs {
inherit system; inherit system;
config.allowUnfree = true; config.allowUnfree = true;
overlays = [
(final: prev: {
emacs-vterm = (
(pkgs.emacsPackagesFor pkgs.emacs-pgtk).emacsWithPackages (
epkgs: with epkgs; [
vterm
mu4e
]
)
);
})
];
}; };
lib = nixpkgs.lib; lib = nixpkgs.lib;
in in
{ {
nixosConfigurations.panacea = lib.nixosSystem { nixosConfigurations.panacea = lib.nixosSystem {
inherit system; inherit system;
modules = [ modules = [ (import ./configuration.nix) agenix.nixosModules.age ];
(import ./configuration.nix) specialArgs = { inherit inputs; };
inputs.nixos-hardware.nixosModules.lenovo-thinkpad-e14-amd
inputs.agenix.nixosModules.age
inputs.nix-index-database.nixosModules.nix-index
inputs.lanzaboote.nixosModules.lanzaboote
inputs.determinate.nixosModules.default
];
specialArgs = {
inherit inputs;
inherit pkgs;
}; };
};
}; };
} }

135
modules/audio.nix
View File

@@ -1,26 +1,8 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
inputs,
...
}:
with pkgs; let soundcloud_token = builtins.readFile ../secrets/soundcloud_token;
let in {
# HACK Replace youtube-dl with yt-dlp in mopidy-youtube
mopidy-youtube-yt_dlp = mopidy-youtube.overrideAttrs (old: rec {
propagatedBuildInputs = old.propagatedBuildInputs ++ [
python3.pkgs.yt-dlp
python3.pkgs.ytmusicapi
];
});
soundcloud_token = builtins.readFile ../secrets/soundcloud_token;
bandcamp_token = builtins.readFile ../secrets/bandcamp_token;
in
{
# Configure pipewire as sound server # Configure pipewire as sound server
services.pipewire = { services.pipewire = {
enable = true; enable = true;
@@ -29,77 +11,74 @@ in
support32Bit = true; support32Bit = true;
}; };
pulse.enable = true; pulse.enable = true;
wireplumber.enable = true; jack.enable = true;
# Enable pipewire-pulse's audio via TCP config.pipewire-pulse."context.modules" = [
extraConfig.pipewire-pulse.tcp-server = { {
"pulse.properties" = { "args" = { };
"server.address" = [ "flags" = [ "ifexists" "nofail" ];
"unix:native" "name" = "libpipewire-module-rtkit";
"tcp:127.0.0.1:4713" }
]; { "name" = "libpipewire-module-protocol-native"; }
}; { "name" = "libpipewire-module-client-node"; }
}; { "name" = "libpipewire-module-adapter"; }
{ "name" = "libpipewire-module-metadata"; }
{
"args" = { "server.address" = [ "unix:native" "tcp:4713" ]; };
"name" = "libpipewire-module-protocol-pulse";
}
];
}; };
security.rtkit.enable = true; security.rtkit.enable = true;
# Set up Mopidy # Set up Mopidy
services.mopidy = { services.mopidy = {
enable = true; enable = true;
extensionPackages = [ extensionPackages = with pkgs; [
mopidy-mpd mopidy-mpd
mopidy-local
mopidy-youtube-yt_dlp
mopidy-bandcamp
mopidy-somafm
mopidy-soundcloud mopidy-soundcloud
mopidy-youtube
mopidy-somafm
mopidy-local
]; ];
settings = { configuration = ''
audio.output = "pulsesink server=127.0.0.1"; [audio]
mixer_volume =
output = pulsesink server=127.0.0.1
visualizer =
local = { [local]
media_dir = "/home/coolneng/Music"; media_dir = /home/coolneng/Music
directories = '' excluded_file_extensions =
Album Artists local:directory?type=artist&role=albumartist .directory
Albums local:directory?type=album .html
Artists local:directory?type=artist .jpeg
Genres local:directory?type=genre .jpg
''; .log
excluded_file_extensions = '' .nfo
.directory .png
.html .txt
.jpeg
.jpg
.log
.nfo
.png
.txt
'';
scan_timeout = 3000;
};
mpd.zeroconf = ""; [mpd]
zeroconf = ""
m3u = { [http]
playlists_dir = "/home/coolneng/.config/mpd/playlists"; enabled = false
base_dir = "/home/coolneng/Music";
};
youtube = { [soundcloud]
search_results = 50; enabled = true
youtube_dl_package = "yt_dlp"; auth_token = ${soundcloud_token}
musicapi_enabled = true; explore_songs = 100
};
somafm = { [m3u]
encoding = "aac"; playlists_dir = /home/coolneng/.config/mpd/playlists
quality = "highest"; base_dir = /home/coolneng/Music
};
soundcloud = { [youtube]
auth_token = soundcloud_token; search_results = 50
explore_songs = 100;
}; [somafm]
bandcamp.identity = bandcamp_token; encoding = aac
}; quality = highest
'';
}; };
} }

6
modules/cachix.nix
View File

@@ -5,9 +5,9 @@ let
folder = ../cachix; folder = ../cachix;
toImport = name: value: folder + ("/" + name); toImport = name: value: folder + ("/" + name);
filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key; filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key;
imports = lib.mapAttrsToList toImport (lib.filterAttrs filterCaches (builtins.readDir folder)); imports = lib.mapAttrsToList toImport
in (lib.filterAttrs filterCaches (builtins.readDir folder));
{ in {
inherit imports; inherit imports;
nix.binaryCaches = [ "https://cache.nixos.org/" ]; nix.binaryCaches = [ "https://cache.nixos.org/" ];
} }

115
modules/datasync.nix
View File

@@ -1,9 +1,4 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
{ {
# ZFS automatic snapshots # ZFS automatic snapshots
@@ -21,76 +16,62 @@
enable = true; enable = true;
user = "coolneng"; user = "coolneng";
dataDir = "/home/coolneng"; dataDir = "/home/coolneng";
settings = { key = config.age.secrets.syncthing.path;
devices.zion = { devices.zion = {
id = "FLI2RS7-GNI5PDM-SQRNF7P-YJIOXJ7-46FRPEI-NRLQGBC-HXRWG7O-RKOVLAF"; id = "FLI2RS7-GNI5PDM-SQRNF7P-YJIOXJ7-46FRPEI-NRLQGBC-HXRWG7O-RKOVLAF";
addresses = [ "tcp://192.168.128.2:22000" ]; addresses = [ "tcp://192.168.13.2:22000" ];
};
folders = {
Documents = {
id = "wusdj-bfjkr";
path = "/home/coolneng/Documents";
devices = [ "zion" ];
versioning = {
type = "simple";
params.keep = "5";
};
}; };
folders = {
Documents = {
id = "wusdj-bfjkr";
path = "/home/coolneng/Documents";
devices = [ "zion" ];
versioning = {
type = "simple";
params.keep = "5";
};
};
Notes = { Notes = {
id = "kafhz-bfmzm"; id = "kafhz-bfmzm";
path = "/home/coolneng/Notes"; path = "/home/coolneng/Notes";
devices = [ "zion" ]; devices = [ "zion" ];
versioning = { versioning = {
type = "simple"; type = "simple";
params.keep = "5"; params.keep = "5";
};
}; };
};
Music = { Music = {
id = "2aqt7-vpprc"; id = "2aqt7-vpprc";
path = "/home/coolneng/Music"; path = "/home/coolneng/Music";
devices = [ "zion" ]; devices = [ "zion" ];
}; };
Photos = { Photos = {
id = "mjibc-ustcg"; id = "mjibc-ustcg";
path = "/home/coolneng/Photos"; path = "/home/coolneng/Photos";
devices = [ "zion" ]; devices = [ "zion" ];
}; };
Projects = { Projects = {
id = "cjhmu-avy9v"; id = "cjhmu-avy9v";
path = "/home/coolneng/Projects"; path = "/home/coolneng/Projects";
devices = [ "zion" ]; devices = [ "zion" ];
}; };
Phone = { Phone = {
id = "m2007j20cg_vc7r-photos"; id = "m2007j20cg_288y-photos";
type = "receiveonly"; type = "receiveonly";
path = "/home/coolneng/Photos/Phone"; path = "/home/coolneng/Photos/Phone";
devices = [ "zion" ]; devices = [ "zion" ];
}; };
Phone-screenshots = { Files = {
id = "pp70r-pbr70"; id = "tsk52-u6rbk";
type = "receiveonly"; path = "/home/coolneng/Files";
path = "/home/coolneng/Photos/Phone-screenshots"; devices = [ "zion" ];
devices = [ "zion" ];
};
Files = {
id = "tsk52-u6rbk";
path = "/home/coolneng/Files";
devices = [ "zion" ];
};
Audio = {
id = "tarrs-5mxck";
path = "/home/coolneng/Audio";
devices = [ "zion" ];
};
}; };
}; };
}; };
} }

42
modules/development.nix
View File

@@ -1,36 +1,20 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
{ {
# Improve nix-shell and direnv integration # Improve nix-shell and direnv integration
environment.pathsToLink = [ "/share/nix-direnv" ]; services.lorri.enable = true;
programs.direnv.enable = true;
# Set up podman # Enable virtualisation
virtualisation = { virtualisation.libvirtd = {
containers.enable = true; enable = false;
containers.storage.settings.storage = { onBoot = "ignore";
driver = "zfs"; onShutdown = "shutdown";
graphroot = "/var/lib/containers/storage"; qemuPackage = pkgs.qemu_kvm;
runroot = "/run/containers/storage";
};
oci-containers.backend = "podman";
podman = {
enable = true;
dockerCompat = true;
extraPackages = with pkgs; [ zfs ];
};
}; };
# Run unpatched binaries with Nix # Set up podman
programs.nix-ld.enable = true; virtualisation.podman = {
enable = true;
# Embedded development with PlatformIO dockerCompat = true;
services.udev.packages = with pkgs; [ platformio ]; };
} }

92
modules/gui.nix
View File

@@ -1,81 +1,79 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
with pkgs;
{ {
# Display manager # Display manager
services.greetd = { services.xserver.enable = true;
enable = true; services.xserver.displayManager = {
settings = rec { defaultSession = "sway";
initial_session = { autoLogin = {
command = "${sway}/bin/sway"; enable = true;
user = "coolneng"; user = "coolneng";
}; };
default_session = initial_session; lightdm = {
enable = true;
greeter.enable = false;
}; };
}; };
# Window manager # Window manager
programs.sway = { programs.sway = {
enable = true; enable = true;
extraPackages = [ extraPackages = with pkgs; [
xwayland xwayland
swaylock swaylock
swayidle swayidle
swaybg swaybg
rofi rofi
waybar waybar
cliphist clipman
wl-clipboard wl-clipboard
grim grim
slurp slurp
swayimg imv
kanshi kanshi
kitty kitty
qt5.qtwayland qt5.qtwayland
glib
]; ];
extraSessionCommands = '' extraSessionCommands = ''
export MOZ_ENABLE_WAYLAND=1 export MOZ_ENABLE_WAYLAND=1
export MOZ_USE_XINPUT2=1 export MOZ_USE_XINPUT2=1
export GRIM_DEFAULT_DIR=/home/coolneng/Photos/Screenshots export GRIM_DEFAULT_DIR=/home/coolneng/Photos/Screenshots
export _JAVA_AWT_WM_NONREPARENTING=1 export _JAVA_AWT_WM_NONREPARENTING=1
export QT_QPA_PLATFORM=wayland
export QT_WAYLAND_DISABLE_WINDOWDECORATION=1
export SDL_VIDEODRIVER=wayland export SDL_VIDEODRIVER=wayland
export GTK_THEME=Adapta-Eta
export XDG_SESSION_TYPE=wayland export XDG_SESSION_TYPE=wayland
export XDG_CURRENT_DESKTOP=sway export XDG_CURRENT_DESKTOP=sway
export NVIM_LISTEN_ADDRESS=/tmp/nvimsocket
export GIT_CONFIG_NOSYSTEM=true
export SYSTEMD_LESS=FRSMK
export WLR_RENDERER=vulkan
''; '';
wrapperFeatures.gtk = true;
}; };
# Backlight # Backlight
programs.light.enable = true; programs.light.enable = true;
# Blue light filter # Blue light filter
location.provider = "geoclue2"; location = {
latitude = 35.89;
longitude = -5.32;
provider = "manual";
};
services.redshift = { services.redshift = {
package = pkgs.redshift-wlr;
enable = true; enable = true;
package = gammastep;
executable = "/bin/gammastep";
temperature = { temperature = {
day = 6500; day = 6500;
night = 5300; night = 5300;
}; };
}; };
# Bar
programs.waybar.enable = true;
# GPG agent # GPG agent
programs.gnupg.agent = { programs.gnupg.agent = {
enable = true; enable = true;
pinentryPackage = pinentry-gnome3; pinentryFlavor = "gnome3";
}; };
# Tmux # Tmux
@@ -88,16 +86,42 @@ with pkgs;
baseIndex = 1; baseIndex = 1;
}; };
# Automount external storage
systemd.mounts = [
# USB
{
what = "/dev/sdb1";
where = "/usb";
mountConfig = { TimeoutSec = "5"; };
}
# SD card
{
what = "/dev/mmcblk0p1";
where = "/sdcard";
mountConfig = { TimeoutSec = "5"; };
}
];
systemd.automounts = [
# USB
{
where = "/usb";
automountConfig = { TimeoutIdleSec = "5"; };
wantedBy = [ "default.target" ];
}
# SD card
{
where = "/sdcard";
automountConfig = { TimeoutIdleSec = "5"; };
wantedBy = [ "default.target" ];
}
];
# Integrate pass with the browser # Integrate pass with the browser
programs.browserpass.enable = true; programs.browserpass.enable = true;
programs.firefox.enable = true;
# Enable WebRTC screensharing # Enable WebRTC screensharing
xdg.portal = { xdg.portal = {
enable = true; enable = true;
wlr.enable = true; extraPortals = with pkgs; [ xdg-desktop-portal-wlr ];
}; };
# Allow dbus to communicate with storage devices
services.udisks2.enable = true;
} }

99
modules/hardware-configuration.nix
View File

@@ -1,76 +1,61 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ { config, lib, pkgs, modulesPath, ... }:
config,
lib,
pkgs,
modulesPath,
...
}:
{ {
imports = [ imports =
(modulesPath + "/installer/scan/not-detected.nix") [ (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ boot.initrd.availableKernelModules = [ "xhci_pci" "nvme" "rtsx_pci_sdmmc" ];
"nvme"
"xhci_pci"
"usbhid"
];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = { fileSystems."/" =
device = "syscea/stateful/root"; { device = "syscea/stateful/root";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/nix" = { fileSystems."/nix" =
device = "syscea/ephemeral/nix"; { device = "syscea/ephemeral/nix";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/ugent" = { fileSystems."/sdcard" =
device = "systemd-1"; { device = "systemd-1";
fsType = "autofs"; fsType = "autofs";
}; };
fileSystems."/home/coolneng" = { fileSystems."/usb" =
device = "syscea/stateful/home"; { device = "systemd-1";
fsType = "zfs"; fsType = "autofs";
}; };
fileSystems."/tmp" = { fileSystems."/home/coolneng" =
device = "syscea/ephemeral/tmp"; { device = "syscea/stateful/home";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/home/coolneng/Downloads" = { fileSystems."/tmp" =
device = "syscea/stateful/home/downloads"; { device = "syscea/ephemeral/tmp";
fsType = "zfs"; fsType = "zfs";
}; };
fileSystems."/boot" = { fileSystems."/home/coolneng/Downloads" =
device = "/dev/disk/by-uuid/C374-A2FD"; { device = "syscea/stateful/home/downloads";
fsType = "vfat"; fsType = "zfs";
}; };
swapDevices = [ fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/1231a42f-a71a-4c67-b4d8-7506c02a8328"; } { device = "/dev/disk/by-uuid/4851-6B40";
]; fsType = "vfat";
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking swapDevices =
# (the default) this is the recommended approach. When using systemd-networkd it's [ { device = "/dev/disk/by-uuid/c8e252ac-941f-4290-8212-42c1bc2bff69"; }
# still possible to use this option, but it's recommended to use it in conjunction ];
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp1s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wg0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlan0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

28
modules/latest-zfs-kernel.nix
View File

@@ -1,28 +0,0 @@
{
lib,
pkgs,
config,
...
}:
let
isUnstable = config.boot.zfs.package == pkgs.zfs_unstable;
zfsCompatibleKernelPackages = lib.filterAttrs (
name: kernelPackages:
(builtins.match "linux_[0-9]+_[0-9]+" name) != null
&& (builtins.tryEval kernelPackages).success
&& (
(!isUnstable && !kernelPackages.zfs.meta.broken)
|| (isUnstable && !kernelPackages.zfs_unstable.meta.broken)
)
) pkgs.linuxKernel.packages;
latestKernelPackage = lib.last (
lib.sort (a: b: (lib.versionOlder a.kernel.version b.kernel.version)) (
builtins.attrValues zfsCompatibleKernelPackages
)
);
in
{
# Note this might jump back and worth as kernel get added or removed.
boot.kernelPackages = lib.mkIf (lib.meta.availableOn pkgs.hostPlatform pkgs.zfs) latestKernelPackage;
}

63
modules/monitoring.nix
View File

@@ -1,63 +0,0 @@
{
config,
lib,
pkgs,
...
}:
with pkgs;
let
sender = "akasroua@disroot.org";
recipient = "akasroua+smart@disroot.org";
in
{
# Notify when a disk starts going haywire
services.smartd = {
enable = true;
defaults.monitored = "-H -f -t -C 197 -U 198 -d nvme";
autodetect = false;
devices = [ { device = "/dev/nvme0"; } ];
notifications.mail = {
enable = true;
sender = sender;
recipient = recipient;
mailer = "${msmtp}/bin/msmtp -t --read-envelope-from";
};
};
# Notify about zpool problems
services.zfs.zed = {
enableMail = false;
settings = {
ZED_EMAIL_ADDR = [ "root" ];
ZED_EMAIL_PROG = "${msmtp}/bin/msmtp";
ZED_EMAIL_OPTS = "-s '@SUBJECT@' @ADDRESS@";
};
};
# HACK Use an alias to use msmtp instead of the ZED mailer
environment.etc.aliases.text = ''
root: ${recipient}
'';
# Set up msmtp as notifier
programs.msmtp = {
enable = true;
defaults = {
auth = true;
aliases = "/etc/aliases";
port = 587;
tls = true;
};
accounts = {
default = {
host = "disroot.org";
user = "akasroua@disroot.org";
passwordeval = "${coreutils}/bin/cat ${config.age.secrets.msmtp.path}";
};
};
};
}

172
modules/networking.nix
View File

@@ -1,158 +1,60 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
let
wireguard_port = "1194";
in
{ {
# Set hostname, hostid and enable WiFi # Set hostname, hostid and enable WiFi
networking = { networking = {
hostName = "panacea"; hostName = "panacea";
hostId = "8feb0bb8"; hostId = "8feb0bb8";
wireless.iwd.enable = true; wireless.iwd.enable = true;
enableIPv6 = false;
}; };
# Enable systemd-networkd # Enable zeroconf
networking = { services.avahi = {
useDHCP = false;
interfaces = {
enp0s31f6.useDHCP = true;
wlan0.useDHCP = true;
};
useNetworkd = true;
dhcpcd.enable = false;
};
systemd.network.wait-online.enable = false;
# Enable mDNS
services.resolved = {
enable = true; enable = true;
llmnr = "false"; nssmdns = true;
extraConfig = ''
MulticastDNS=yes
'';
}; };
# Prioritize ethernet over WiFi # Wireguard setup
systemd.network.networks."40-enp0s31f6" = { networking.wg-quick.interfaces = {
dhcpV4Config.RouteMetric = 10; home = {
networkConfig.MulticastDNS = "yes"; address = [ "10.8.0.2/32" ];
}; privateKeyFile = config.age.secrets.wireguard.path;
systemd.network.networks."40-wlan0" = { dns = [ "10.8.0.1" ];
dhcpV4Config.RouteMetric = 20; peers = [
networkConfig.MulticastDNS = "yes"; # zion
}; {
publicKey = "GN8lqPBZYOulh6xD4GhkoEWI65HMMCpSxJSH5871YnU=";
# Static IP for home network allowedIPs = [ "0.0.0.0/0" ];
systemd.network.networks."24-home" = { endpoint = "coolneng.duckdns.org:1194";
name = "wlan0"; }
matchConfig = { ];
Name = "wlan0"; };
SSID = "anakinosi-5GHz"; coace = {
}; address = [ "10.9.0.2/32" ];
address = [ "192.168.129.3/23" ]; privateKeyFile = config.age.secrets.wireguard.path;
gateway = [ "192.168.128.1" ]; peers = [
dns = [ "192.168.128.2" ]; # unit
networkConfig.MulticastDNS = "yes"; {
}; publicKey = "SYfPEKJkO3HaCiQdV/iionsS6CEjLcLt9C0x0Ib3tEU=";
allowedIPs = [ "10.9.0.1/32" "10.0.1.0/24" "10.0.0.0/24" ];
systemd.network.networks."25-home" = { endpoint = "coace.duckdns.org:1194";
name = "wlan0"; }
matchConfig = {
Name = "wlan0";
SSID = "Aminkas-5Ghz";
};
address = [ "192.168.13.3/24" ];
gateway = [ "192.168.13.1" ];
dns = [ "1.1.1.1" ];
networkConfig.MulticastDNS = "yes";
};
# VPN setup
systemd.network.netdevs."wg0" = {
netdevConfig = {
Kind = "wireguard";
Name = "wg0";
};
wireguardConfig = {
ListenPort = wireguard_port;
PrivateKeyFile = config.age.secrets.wireguard.path;
FirewallMark = 34952;
};
wireguardPeers = [
{
PublicKey = "GN8lqPBZYOulh6xD4GhkoEWI65HMMCpSxJSH5871YnU=";
AllowedIPs = [
"0.0.0.0/0"
"::0"
];
Endpoint = "psydnd.org:1194";
}
];
};
systemd.network.networks."wg0" = {
matchConfig.Name = "wg0";
networkConfig = {
Address = [
"10.8.0.2/32"
"fd00::2/128"
]; ];
DNS = [
"10.8.0.1"
"fd00::2"
];
DNSDefaultRoute = true;
}; };
routingPolicyRules = [
{
FirewallMark = 34952;
InvertRule = true;
Table = 1000;
Priority = 10;
}
];
routes = [
{
Gateway = "10.8.0.1";
GatewayOnLink = true;
Table = 1000;
}
];
};
# Firewall configuration
networking.firewall = {
allowedTCPPorts = [
9090 # Calibre Wireless
];
allowedUDPPorts = [
54982 # Calibre Wireless
5353 # mDNS
];
# Allow wireguard traffic
extraCommands = ''
iptables -t mangle -I nixos-fw-rpfilter -p udp -m udp --sport ${wireguard_port} -j RETURN
iptables -t mangle -I nixos-fw-rpfilter -p udp -m udp --dport ${wireguard_port} -j RETURN
'';
extraStopCommands = ''
iptables -t mangle -D nixos-fw-rpfilter -p udp -m udp --sport ${wireguard_port} -j RETURN || true
iptables -t mangle -D nixos-fw-rpfilter -p udp -m udp --dport ${wireguard_port} -j RETURN || true
'';
}; };
# Enable localhost SSH # Enable localhost SSH
services.openssh = { services.openssh = {
enable = true; enable = true;
permitRootLogin = "yes";
passwordAuthentication = false;
openFirewall = false; openFirewall = false;
startWhenNeeded = true; startWhenNeeded = true;
settings = {
PermitRootLogin = "without-password";
PasswordAuthentication = false;
};
}; };
# Firewall configuration
networking.firewall.allowedTCPPorts = [
9090 # Calibre
];
} }

134
modules/periodic.nix
View File

@@ -1,128 +1,80 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
with pkgs; with pkgs;
let let
isync-oauth2 = (isync.override { withCyrusSaslXoauth2 = true; }); emacs-vterm = ((emacsPackagesNgGen emacsPgtkGcc).emacsWithPackages
(epkgs: [ epkgs.vterm ]));
in in {
{
# Upgrade Doom Emacs daily # Upgrade Doom Emacs daily
systemd.user.services.doom-upgrade = { systemd.user.services.doom-upgrade = {
description = "Upgrade Doom Emacs"; description = "Upgrade Doom Emacs";
path = [ path = [ bash emacs-vterm git coreutils ];
bash
emacs-vterm
git
coreutils
];
script = '' script = ''
/home/coolneng/.emacs.d/bin/doom -! upgrade ${pkgs.bash}/bin/bash -c "/home/coolneng/.emacs.d/bin/doom -y upgrade"
''; '';
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
startAt = "22:00:00"; startAt = "22:00:00";
after = [ "network-online.target" ]; };
# Clean up Doom Emacs monthly
systemd.user.services.doom-purge = {
description = "Purge Doom Emacs";
path = [ bash emacs-vterm git coreutils ];
script = ''
${pkgs.bash}/bin/bash -c "/home/coolneng/.emacs.d/bin/doom -y purge"
'';
serviceConfig.Type = "oneshot";
startAt = "*-*-13 20:00:00";
};
# Upgrade Neovim plugins weekly
systemd.user.services.vim-plug-upgrade = {
description = "Upgrade Vim-Plug";
path = [ git neovim ];
script = "${pkgs.neovim}/bin/nvim +PlugUpgrade +PlugUpdate +qa";
serviceConfig.Type = "oneshot";
startAt = "Wed 18:00:00";
}; };
# Push password-store changes to git daily # Push password-store changes to git daily
systemd.user.services.password-store-push = { systemd.user.services.password-store-push = {
description = "Push password-store changes to git"; description = "Push password-store changes to git";
path = [ path = [ pass-wayland git gitAndTools.pass-git-helper ];
pass-wayland
git
pass-git-helper
];
script = "${pkgs.pass-wayland}/bin/pass git push"; script = "${pkgs.pass-wayland}/bin/pass git push";
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
startAt = "18:00:00"; startAt = "18:00:00";
after = [ "network-online.target" ];
}; };
# Sync mail using IMAP IDLE # Sync mail using IDLE
systemd.user.services.goimapnotify = { systemd.user.services.goimapnotify-uni = {
description = "Sync mail using IMAP IDLE"; description = "Sync uni mail using IMAP IDLE";
wantedBy = [ "default.target" ]; wantedBy = [ "default.target" ];
path = [ path = [ goimapnotify pass-wayland isync notmuch ];
goimapnotify
pass-wayland
isync-oauth2
mu
procps
emacs-vterm
];
script = '' script = ''
${pkgs.goimapnotify}/bin/goimapnotify -conf /home/coolneng/.config/goimapnotify/goimapnotify.yaml ${pkgs.goimapnotify}/bin/goimapnotify -conf /home/coolneng/.config/goimapnotify/uni.conf
''; '';
serviceConfig = { serviceConfig = {
ExecStartPre = "/home/coolneng/.local/share/scripts/mail-sync";
Type = "simple"; Type = "simple";
Restart = "always"; Restart = "always";
RestartSec = 20; RestartSec = 20;
}; };
after = [ "network-online.target" ]; after = [ "network.target" ];
}; };
# Do a full mail sync periodically systemd.user.services.goimapnotify-gmail = {
systemd.user.services.periodic-mail-sync = { description = "Sync gmail mail using IMAP IDLE";
description = "Run a mail sync operation periodically";
wantedBy = [ "default.target" ]; wantedBy = [ "default.target" ];
path = [ path = [ goimapnotify pass-wayland isync notmuch ];
pass-wayland
isync-oauth2
mu
procps
emacs-vterm
python3
gnupg
nix
];
script = '' script = ''
/home/coolneng/.local/share/scripts/mail-sync -a ${pkgs.goimapnotify}/bin/goimapnotify -conf /home/coolneng/.config/goimapnotify/gmail.conf
''; '';
after = [ "network-online.target" ]; serviceConfig = {
startAt = "*-*-* *:00,30:00"; Type = "simple";
}; Restart = "always";
RestartSec = 20;
# HACK Change home partition permissions for mopidy };
systemd.services.chmod-home = { after = [ "network.target" ];
description = "Change home partition permissions for Mopidy";
wantedBy = [ "default.target" ];
script = "chmod 751 /home/coolneng";
serviceConfig.Type = "oneshot";
after = [ "home-coolneng.mount" ];
before = [
"mopidy.service"
"mopidy-scan.service"
];
};
# Push panacea changes to git daily
systemd.user.services.panacea-push = {
description = "Push panacea changes to git";
path = [
pass-wayland
git
pass-git-helper
];
script = "${pkgs.git}/bin/git -C /home/coolneng/Projects/panacea push";
serviceConfig.Type = "oneshot";
startAt = "18:00:00";
after = [ "network-online.target" ];
};
# Show notification when the battery is low
systemd.user.services.swaynag-battery = {
description = "Show notification when the battery is low";
path = [
swaynag-battery
sway
];
script = "${pkgs.swaynag-battery}/bin/swaynag-battery --threshold 10";
wantedBy = [ "sway-session.target" ];
}; };
} }

41
modules/power.nix
View File

@@ -1,13 +1,38 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
{ {
# Enable power-profiles-daemon # Enable the TLP daemon
services.power-profiles-daemon.enable = true; services.tlp = {
enable = true;
settings = {
# Use the new CPU frequency scaling governor
CPU_SCALING_GOVERNOR_ON_AC = "schedutil";
CPU_SCALING_GOVERNOR_ON_BAT = "schedutil";
# Adjust CPU frequencies accordingly to the power state
CPU_SCALING_MIN_FREQ_ON_AC = 800000;
CPU_SCALING_MAX_FREQ_ON_AC = 3000000;
CPU_SCALING_MIN_FREQ_ON_BAT = 800000;
CPU_SCALING_MAX_FREQ_ON_BAT = 2300000;
# Enable audio power saving for Intel HDA, AC97 devices (timeout in secs).
# A value of 0 disables, >=1 enables power saving (recommended: 1).
# Default: 0 (AC), 1 (BAT)
SOUND_POWER_SAVE_ON_AC = 0;
SOUND_POWER_SAVE_ON_BAT = 1;
# Runtime Power Management for PCI(e) bus devices: on=disable, auto=enable.
# Default: on (AC), auto (BAT)
RUNTIME_PM_ON_AC = "on";
RUNTIME_PM_ON_BAT = "auto";
# Battery feature drivers: 0=disable, 1=enable
# Default: 1 (all)
NATACPI_ENABLE = 1;
TPACPI_ENABLE = 1;
TPSMAPI_ENABLE = 1;
};
};
# Suspend when the battery is critical # Suspend when the battery is critical
services.udev.extraRules = '' services.udev.extraRules = ''

20
modules/printing.nix
View File

@@ -1,23 +1,21 @@
{ { config, lib, pkgs, ... }:
config,
lib,
pkgs,
...
}:
{ {
# Enable CUPS # Enable CUPS
services.printing = { services.printing = {
enable = true; enable = true;
drivers = with pkgs; [ drivers = with pkgs; [ brgenml1cupswrapper ];
brgenml1cupswrapper
hplip
];
}; };
# Enable SANE # Enable SANE
hardware.sane = { hardware.sane = {
enable = true; enable = true;
brscan4.enable = true; brscan4 = {
enable = true;
netDevices.home = {
model = "DCP-L2530DW";
ip = "192.168.13.4";
};
};
}; };
} }

81
modules/software.nix
View File

@@ -1,31 +1,13 @@
{ { config, lib, pkgs, inputs, ... }:
config,
lib,
pkgs,
inputs,
...
}:
with pkgs; with pkgs;
let let
custom-mpv = ( emacs-vterm = (
mpv-unwrapped.wrapper { (emacsPackagesNgGen emacsPgtkGcc).emacsWithPackages
mpv = mpv-unwrapped; (epkgs: [ epkgs.vterm ])
scripts = with mpvScripts; [
sponsorblock-minimal
mpv-cheatsheet
];
}
); );
patched-bitwig = bitwig-studio.overrideAttrs (old: rec {
src = "${inputs.local-bitwig}/bitwig-studio.deb";
postInstall = ''
cp -r ${inputs.local-bitwig}/bitwig.jar $out/libexec/bin/bitwig.jar
'';
});
in in
{ {
environment.systemPackages = [ environment.systemPackages = [
@@ -36,11 +18,11 @@ in
gnupg gnupg
pass-wayland pass-wayland
passff-host passff-host
pass-git-helper gitAndTools.pass-git-helper
inputs.agenix.packages.${config.nixpkgs.localSystem.system}.default inputs.agenix.defaultPackage.x86_64-linux
git-crypt git-crypt
git-lfs
# Browsers # Browsers
firefox
ungoogled-chromium ungoogled-chromium
# LaTeX # LaTeX
texlive.combined.scheme-full texlive.combined.scheme-full
@@ -49,8 +31,7 @@ in
# Text editors # Text editors
neovim neovim
emacs-vterm emacs-vterm
# Emacs dependencies ripgrep
(ripgrep.override { withPCRE2 = true; })
fd fd
clang clang
coreutils coreutils
@@ -61,57 +42,55 @@ in
# Development # Development
git git
direnv direnv
nix-direnv lorri
podman-compose
gnumake gnumake
pre-commit gitAndTools.pre-commit
emacs-lsp-booster
# Rice # Rice
adapta-gtk-theme adapta-gtk-theme
paper-icon-theme paper-icon-theme
# Audio # Audio
mopidy mopidy
ncmpcpp ncmpcpp
mpc mpc_cli
alsa-firmware
pulsemixer pulsemixer
easyeffects
patched-bitwig
# Productivity # Productivity
fff
zathura zathura
libreoffice-fresh libreoffice-fresh
simple-scan gnome3.simple-scan
bc bc
pdfgrep
# Mail stack # Mail stack
mu neomutt
(isync.override { withCyrusSaslXoauth2 = true; }) isync
notmuch
msmtp msmtp
w3m
urlscan
# Media # Media
gimp gimp
custom-mpv mpv
nodePackages.webtorrent-cli
deluge deluge
yt-dlp-light youtube-dl-light
ffmpeg
calibre calibre
beets lmms
# File management # File management
zip zip
unzip unzip
unar unar
# Overlays # Overlays
cachix cachix
# Budgeting
beancount
beancount-language-server
fava
# Programming tools # Programming tools
## Shell ## Shell
shellcheck shellcheck
shfmt shfmt
## Nix ## Nix
nixfmt-rfc-style nixfmt
## Python ## Python
ty nodePackages.pyright
ruff black
## C/C++ ## C/C++
clang-tools clang-tools
## Go ## Go
@@ -122,13 +101,13 @@ in
]; ];
# Fonts declaration # Fonts declaration
fonts.packages = with pkgs; [ fonts.fonts = with pkgs; [
google-fonts google-fonts
inconsolata-nerdfont
terminus_font_ttf terminus_font_ttf
iosevka-bin iosevka-bin
libertine libertine
nerd-fonts.inconsolata emacs-all-the-icons-fonts
nerd-fonts.symbols-only
]; ];
} }

3
overlays/emacs.nix Normal file
View File

@@ -0,0 +1,3 @@
{ config, lib, pkgs, inputs, ... }: {
nixpkgs.overlays = [ inputs.emacs-overlay.overlay ];
}

BIN
secrets/bandcamp_token
View File

Binary file not shown.

8
secrets/msmtp.age
View File

@@ -1,8 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 G5UUhw yZ6q0+opG1dPd+bziS6EK4Da2R1HI4SN5CNZTFR0NFI
xx6fet9CzAuWdwEzQrR7qc6DJZDPUM+Ug995OHJnO+w
-> -ENU/-grease sB@d>Z >aJ<En""
rUSbcqOSzKWJRomQ8uqM0L1wq1OeKtmbAXRtDhisJcSIg82+eIF2jwf8Id7tMEyk
KrTfLHN7Ts9b/duzBrM9FDqm6pE9DqxUp652Tyo9ENa/
--- 07ccdiEaTyEPofLC2xPqYeF3lkMMFiAM2g1MKqv2pwc
<20><>+4<>/ǃTR٠<52><D9A0><EFBFBD><EFBFBD>ym<79>*<18>p<EFBFBD><70>~<7E><> E<>g5v<35>ʽ<13>Pn'<27><>i<01><>><3E><><EFBFBD>^$R<>P<14><>zS<1E>!<<3C><><EFBFBD><EFBFBD>><3E><><1F>#<23><>Ϟ<><CF9E>h<EFBFBD><01><>

7
secrets/secrets.nix
View File

@@ -1,8 +1,7 @@
let let
coolneng = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC57m1j/G6iQyi2EpU3nj3+df5Z4PL/XbiOmDcqA7ODg"; coolneng =
in "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC57m1j/G6iQyi2EpU3nj3+df5Z4PL/XbiOmDcqA7ODg";
{ in {
"wireguard.age".publicKeys = [ coolneng ]; "wireguard.age".publicKeys = [ coolneng ];
"syncthing.age".publicKeys = [ coolneng ]; "syncthing.age".publicKeys = [ coolneng ];
"msmtp.age".publicKeys = [ coolneng ];
} }

BIN
secrets/soundcloud_token
View File

Binary file not shown.