emergency commit

This commit is contained in:
makefu 2024-12-22 14:24:48 +01:00
parent 562889dd80
commit 548a99ca50
66 changed files with 792 additions and 584 deletions

View file

@ -11,7 +11,7 @@ in
security.rtkit.enable = true;
environment.systemPackages = with pkgs; [
alsaUtils
alsa-utils
i2c-tools
ponymix
];

View file

@ -1,7 +1,7 @@
{ pkgs, ... }:
{
systemd.services.brockman.environment."BROCKMAN_LOG_LEVEL" = "DEBUG";
krebs.brockman = {
#systemd.services.brockman.environment."BROCKMAN_LOG_LEVEL" = "DEBUG";
services.brockman = {
enable = true;
config = {
channel = "#binaergewitter";

View file

@ -1,5 +1,6 @@
# <SENDUNGSNUMMER>
-1. in signal "Die letzte sendung ist 10 tage her, wann wollen wir senden?" in 10 Tagen planen
0. Sendung twittern und mastodieren (eine Woche + eine Stunde vorher) von Ingo/l33tname (wichtig)
1. `eine` Person anrufen (den Host):
- markus madmas@studio.link

View file

@ -37,7 +37,6 @@ in {
"guest ok" = "yes";
};
sound.enable = true;
# connect via https://wiki.nixos.org/wiki/Bluetooth#Using_Bluetooth_headsets_with_PulseAudio
hardware.bluetooth.enable = true;
environment.etc."bluetooth/audio.conf".text = ''

View file

@ -1,4 +1,4 @@
{
{pkgs, lib, config, ... }:{
# users are super important
users.users = {
root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
@ -52,8 +52,6 @@
defaults.email = "letsencrypt@syntax-fehler.de";
acceptTerms = true;
};
system.stateVersion = lib.mkDefault "23.05";
services.postgresql.package = pkgs.postgresql_14;
boot.kernel.sysctl."kernel.dmesg_restrict" = 0;
}

View file

@ -8,26 +8,11 @@ with lib;
./binary-cache/nixos.nix
./minimal.nix
./secrets/ssh_server.nix
./core.nix
# ./overlays/default.nix
# ./security/hotfix.nix
];
# users are super important
users.users = {
root.openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
makefu = {
uid = 9001;
group = "users";
home = "/home/makefu";
createHome = true;
isNormalUser = true;
useDefaultShell = true;
extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [ config.krebs.users.makefu.pubkey ];
};
};
# nix.settings.trusted-users = [ config.krebs.build.user.name ];
nix.settings.experimental-features = [ "flakes" "nix-command" ];
# boot.kernelPackages = lib.mkDefault pkgs.linuxPackages;
@ -36,46 +21,10 @@ with lib;
# dns.providers.lan = "hosts";
build.user = config.krebs.users.makefu;
};
environment.systemPackages = with pkgs; [
jq
git
gnumake
rxvt_unicode.terminfo
htop
nix-output-monitor
];
];
#programs.bash.completion.enable = true;
environment.shellAliases = {
# TODO: see .aliases
lsl = "ls -lAtr";
ip = "ip -c -br";
dmesg = "dmesg -L --reltime";
psg = "ps -ef | grep";
nmap = "nmap -oN $HOME/loot/scan-`date +\%s`.nmap -oX $HOME/loot/scan-`date +%s`.xml";
grep = "grep --color=auto";
};
nix.extraOptions = ''
auto-optimise-store = true
'';
#security.wrappers.sendmail = {
# source = "${pkgs.exim}/bin/sendmail";
# setuid = true;
#};
services.journald.extraConfig = ''
SystemMaxUse=1G
RuntimeMaxUse=128M
'';
environment.pathsToLink = [ "/share" ];
security.acme = {
defaults.email = "letsencrypt@syntax-fehler.de";
acceptTerms = true;
};
system.stateVersion = lib.mkDefault "23.05";
services.postgresql.package = pkgs.postgresql_14;
}

View file

@ -1,12 +1,14 @@
{
{ config, ... }:{
services.atuin = {
enable = true;
maxHistory = 900001;
maxHistoryLength = 900001;
database.createLocally = true;
# openRegistration = true;
};
services.postgresql.enable = true;
services.nginx.virtualHosts."atuin.euer.krebsco.de" = {
enableACME = true;
forceSSL = true;
locations."/".proxyPass = "http://localhost:${config.services.atuin.port}";
locations."/".proxyPass = "http://localhost:${toString config.services.atuin.port}";
};
}

View file

@ -59,7 +59,7 @@ in {
enable = true;
configureRedis = true;
package = pkgs.nextcloud29;
package = pkgs.nextcloud30;
hostName = "o.euer.krebsco.de";
# Use HTTPS for links
https = true;

View file

@ -1,9 +1,6 @@
https://www.ebay-kleinanzeigen.de/s-heimwerken/nein/muehlhausen/bohrmaschine/k0c84l9313r5+heimwerken.versand_s:nein
https://www.ebay-kleinanzeigen.de/s-stuttgart/zigbee/k0l9280
https://www.ebay-kleinanzeigen.de/s-70378/d%C3%B6rrautomat/k0l9334r5
https://www.ebay-kleinanzeigen.de/s-zu-verschenken/muehlhausen/c192l9313
https://www.ebay-kleinanzeigen.de/s-spielzeug/muehlhausen/brettspiel/k0c23l9313
https://www.ebay-kleinanzeigen.de/s-muehlhausen/dymo/k0l9313r5
https://www.ebay-kleinanzeigen.de/s-zu-verschenken/muehlhausen/lautsprecher/k0c192l9313r5
https://www.ebay-kleinanzeigen.de/s-muehlhausen/preis::40/winkelschleifer/k0l9313r5
https://www.ebay-kleinanzeigen.de/s-muehlhausen/preis::40/kontaktgrill/k0l9313r5
https://www.kleinanzeigen.de/s-stuttgart/zigbee/k0l9280
https://www.kleinanzeigen.de/s-70378/d%C3%B6rrautomat/k0l9334r5
https://www.kleinanzeigen.de/s-zu-verschenken/muehlhausen/c192l9313
https://www.kleinanzeigen.de/s-spielzeug/muehlhausen/brettspiel/k0c23l9313
https://www.kleinanzeigen.de/s-zu-verschenken/muehlhausen/lautsprecher/k0c192l9313r5
https://www.kleinanzeigen.de/s-stuttgart/kallax-schublade/k0l9280

View file

@ -298,7 +298,7 @@ noremap <leader>p "+gP<CR>
noremap XX "+x<CR>
" Enable mouse for vim
set mouse=a
set mouse=
" Buffer nav
noremap <leader>z :bp<CR>

View file

@ -12,7 +12,7 @@ set background=dark
set number
set relativenumber
set mouse=a
set mouse=
set ignorecase
set incsearch
set wildignore=*.o,*.obj,*.bak,*.exe,*.os

View file

@ -3,8 +3,17 @@ let
DOMAIN = "cgit.euer.krebsco.de";
HTTP_PORT = 3002;
in
{
{
services.nginx = {
virtualHosts."cgit.euer" = {
serverAliases = [
"cgit.gum.r"
"git.gum.r"
"cgit.makefu.r"
"git.makefu.r"
];
globalRedirect = "cgit.euer.krebsco.de";
};
virtualHosts.${DOMAIN} = {
forceSSL = true;
enableACME = true;
@ -32,6 +41,7 @@ in
ENABLED = true;
DEFAULT_ACTIONS_URL = "github";
};
log.LEVEL = "Warn";
# Sending emails is completely optional
# You can send a test email from the web UI at:
# Profile Picture > Site Administration > Configuration > Mailer Configuration
@ -44,4 +54,12 @@ in
};
#mailerPasswordFile = config.sops.secrets.forgejo-mailer-password.path;
};
sops.secrets.forgejo-admin-password.owner = "forgejo";
# systemd.services.forgejo.serviceConfig.ReadOnlyPaths = [ config.sops.secrets.forgejo-admin-password ];
systemd.services.forgejo.preStart = ''
admin="${lib.getExe config.services.forgejo.package} admin user"
$admin change-password --username makefu --password "$(tr -d '\n' < ${config.sops.secrets.forgejo-admin-password.path})" || true
# $admin create --admin --email "makefu@x.r" --username makefu --password "$(tr -d '\n' < ${config.sops.secrets.forgejo-admin-password.path})" || true
'';
}

View file

@ -38,7 +38,7 @@ in
# };
# displayManager.defaultSession = lib.mkDefault "none+awesome";
};
environment.systemPackages = [ pkgs.gnome.adwaita-icon-theme ];
environment.systemPackages = [ pkgs.adwaita-icon-theme ];
# lid switch is handled via button presses
# services.logind.lidSwitch = lib.mkDefault "ignore";
#makefu.awesome.enable = true;
@ -55,7 +55,7 @@ in
packages = with pkgs;[
pavucontrol
xlockmore
rxvt_unicode-with-plugins
rxvt-unicode-unwrapped
];
};

View file

@ -35,7 +35,7 @@ in {
{
general = {
disable_loading_bar = false;
grace = 10;
# grace = 10;
hide_cursor = true;
no_fade_in = false;
};
@ -70,16 +70,16 @@ in {
settings = {
general = {
ignore_dbus_inhibit = false;
before_sleep_cmd = "loginctl lock-session";
# before_sleep_cmd = "hyprlock";
after_sleep_cmd = "hyprctl dispatch dpms on";
# what to do when `loginctl lock-session` sends dbus lock event
lock_cmd = "pidof hyprlock || hyprlock";
lock_cmd = "hyprlock";
};
listener = [
{
timeout = 600;
on-timeout = "loginctl lock-session";
on-timeout = "hyprlock";
}
{
timeout = 630;
@ -159,10 +159,10 @@ in {
active_opacity = 1.0;
inactive_opacity = 1.0;
drop_shadow = false;
shadow_range = 4;
shadow_render_power = 3;
"col.shadow" = "rgba(1a1a1aee)";
#drop_shadow = false;
#shadow_range = 4;
#shadow_render_power = 3;
#"col.shadow" = "rgba(1a1a1aee)";
blur = {
enabled = true;
@ -220,7 +220,7 @@ in {
"$mainMod, R, exec, $menu"
"$mainMod, P, pseudo, # dwindle"
"$mainMod, J, togglesplit, # dwindle"
"$mainMod, L, exec, hyprlock"
"$mainMod, L, exec, loginctl lock-session"
# Move focus with mainMod + arrow keys
"$mainMod, left, movefocus, l"
@ -249,9 +249,8 @@ in {
"$mainMod SHIFT, 6, movetoworkspace, 6"
"$mainMod SHIFT, 7, movetoworkspace, 7"
"$mainMod SHIFT, 8, movetoworkspace, 8"
"$mainMod SHIFT, 8, movetoworkspace, 8"
"$mainMod SHIFT, 9, movetoworkspace, 9"
"$mainMod SHIFT, 10, movetoworkspace, 10"
"$mainMod SHIFT, 0, movetoworkspace, 10"
# screenshot
"$mainMod, Print, exec, grimblast --notify --cursor save area ~/shots/$(date +'%Y-%m-%d-At-%Ih%Mm%Ss').png"
",Print, exec, grimblast --notify --cursor copy area"
@ -261,7 +260,7 @@ in {
"$mainMod, mouse:273, resizewindow"
];
bindel= [
", XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@5%-"
", XF86AudioLowerVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%-"
", XF86AudioRaiseVolume, exec, wpctl set-volume @DEFAULT_AUDIO_SINK@ 5%+"
];
bindl= ", XF86AudioMute, exec, wpctl set-mute @DEFAULT_AUDIO_SINK@ toggle";

View file

@ -11,6 +11,10 @@ in {
name = "Terminus";
size = 12;
};
keybindings = {
"shift+insert" = "paste_from_clipboard";
"ctrl+c" = "copy_or_interrupt";
};
settings = {
update_check_interval = 0;
enable_audio_bell = false;

View file

@ -11,4 +11,6 @@ in {
settings.email = "makefu@x";
};
};
services.gnome.gnome-keyring.enable = true;
security.pam.services.hyprland.enableGnomeKeyring = true;
}

View file

@ -35,7 +35,7 @@
"hyprland/window"
],
"modules-right": [
"mpd",
// "mpd",
"idle_inhibitor",
"pulseaudio",
"network",
@ -45,12 +45,12 @@
"temperature",
"backlight",
"keyboard-state",
"hyprland/language",
// "hyprland/language",
"battery",
"battery#bat2",
// "battery#bat2",
"clock",
"tray",
"custom/power"
"tray"
// "custom/power"
],
"keyboard-state": {
"numlock": true,
@ -130,8 +130,9 @@
},
"backlight": {
// "device": "acpi_video1",
"format": "{percent}% {icon}",
"format-icons": ["", "", "", "", "", "", "", "", ""]
//"format": "{percent}% {icon}",
"format": "{percent}% ☼"
// "format-icons": ["", "", "", "", "", "", "", "", ""]
},
"battery": {
"states": {

View file

@ -5,7 +5,7 @@
hardware.pulseaudio.enable = lib.mkForce false;
environment.systemPackages = with pkgs; [
alsaUtils
alsa-utils
pulseaudio
ponymix
];

View file

@ -1,7 +1,15 @@
{ config, pkgs, ... }:
{
home-manager.users.${config.krebs.build.user.name}.xdg.desktopEntries.privatefox = {
name = "Privatefox";
exec = "${pkgs.firefox}/bin/firefox -P Privatefox";
home-manager.users.${config.krebs.build.user.name}.xdg.desktopEntries = {
privatefox = {
name = "Privatefox";
exec = "${pkgs.firefox}/bin/firefox -P Privatefox";
};
bambu-studio-large = {
name = "BambuStudioLarge";
exec = toString (pkgs.writers.writeDash "bambu-studio-large" ''
GDK_SCALE=2 XCURSOR_SIZE=32 exec ${pkgs.bambu-studio}/bin/bambu-studio
'');
};
};
}

View file

@ -10,7 +10,7 @@ in {
serviceConfig = {
SyslogIdentifier = "urxvtd";
ExecReload = "${pkgs.coreutils}/bin/echo NOP";
ExecStart = "${pkgs.rxvt_unicode-with-plugins}/bin/urxvtd";
ExecStart = "${pkgs.rxvt-unicode}/bin/urxvtd";
Restart = "always";
RestartSec = "2s";
StartLimitBurst = 0;

View file

@ -9,7 +9,7 @@ in
systemd.services.mausdownload = {
startAt = "6:15:00";
path = [ pkg ];
script = "mausdownload.sh /media/silent/music/kinder/hoerbucher";
script = "alldownload.sh /media/silent/music/kinder/podcasts";
serviceConfig= {
User = "makefu"; # TODO unprivileged user
};

View file

@ -10,7 +10,7 @@ in {
state = [ config ];
virtualisation.oci-containers.containers.signal-rest = {
image = image;
#ports = [ "127.0.0.1:${toString port}:${toString port}" ];
ports = [ "127.0.0.1:${toString port}:${toString port}" ];
extraOptions = [ "--network=host"];
volumes = [
"${config}:/home/.local/share/signal-cli"

View file

@ -1,4 +1,4 @@
{ config,lib, ... }:
{ pkgs,config,lib, ... }:
let
internal-ip = "192.168.111.11";
port = 4533;
@ -12,10 +12,13 @@ in
PlaylistsPath = "/media/silent/playlists";
Address = "0.0.0.0";
};
sops.secrets.navidrome-secrets.owner = "navidrome";
systemd.services.navidrome = {
serviceConfig = {
Restart = "always";
RestartSec = "15";
EnvironmentFile = config.sops.secrets.navidrome-secrets.path;
ExecStartPre = pkgs.writers.writeDash "lol" "echo LND_LASTFM_APIKEY $ND_LASTFM_APIKEY";
BindReadOnlyPaths =
[
# navidrome uses online services to download additional album metadata / covers
@ -32,6 +35,7 @@ in
];
};
unitConfig.RequiresMountsFor = [ "/media/silent" ];
};
state = [ "/var/lib/navidrome" ];

View file

@ -14,10 +14,8 @@
# Import | docker-compose exec photoprism photoprism import
# -------------------------------------------------------------------
let
port = "2347";
photodir = "/media/cryptX/photos";
statedir = "/media/cryptX/lib/photoprism/appsrv";
db-dir = "/media/cryptX/lib/photoprism/mysql";
port = 2347;
originalsPath = "/media/cryptX/photos";
internal-ip = "192.168.111.11";
in
{
@ -28,7 +26,7 @@ in
"fotos" "fotos.lan"
];
locations."/".proxyPass = "http://localhost:${port}";
locations."/".proxyPass = "http://localhost:${toString port}";
locations."/".proxyWebsockets = true;
extraConfig = ''
if ( $server_addr != "${internal-ip}" ) {
@ -36,111 +34,43 @@ in
}
'';
};
#systemd.services.photoprism-network = {
# enable = true;
# wantedBy = [ "multi-user.target" ];
# script = ''
# ${pkgs.docker}/bin/docker network create --driver bridge photoprism ||:
# '';
# after = [ "docker.service" ];
# before = [
# "docker-photoprism.service"
# "docker-mysql-photoprism.service"
# ];
#};
virtualisation.oci-containers.containers.photoprism = {
image = "photoprism/photoprism:preview";
#ports = ["${port}:${port}" ];
volumes = [
"${photodir}:/photoprism/originals"
"${statedir}:/photoprism/storage"
];
extraOptions = [
"--security-opt" "seccomp=unconfined"
"--security-opt" "apparmor=unconfined"
#"--network=photoprism"
"--network=host"
"--device=/dev/dri" # hardware encoding
];
environment = {
PHOTOPRISM_HTTP_PORT = port; # Built-in Web server port
PHOTOPRISM_HTTP_COMPRESSION = "gzip"; # Improves transfer speed and bandwidth utilization (none or gzip)
PHOTOPRISM_DEBUG = "false"; # Run in debug mode (shows additional log messages)
# PHOTOPRISM_PUBLIC = "true"; # No authentication required (disables password protection)
PHOTOPRISM_READONLY = "false"; # Don't modify originals directory (reduced functionality)
PHOTOPRISM_EXPERIMENTAL = "true"; # Enables experimental features
# PHOTOPRISM_DISABLE_WEBDAV = "false"; # Disables built-in WebDAV server
PHOTOPRISM_DISABLE_SETTINGS = "false"; # Disables Settings in Web UI
PHOTOPRISM_DISABLE_TENSORFLOW = "false"; # Disables using TensorFlow for image classification
PHOTOPRISM_DARKTABLE_PRESETS = "false"; # Enables Darktable presets and disables concurrent RAW conversion
PHOTOPRISM_DETECT_NSFW = "false"; # Flag photos as private that MAY be offensive (requires TensorFlow)
PHOTOPRISM_UPLOAD_NSFW = "true"; # Allow uploads that MAY be offensive
PHOTOPRISM_AUTH_MODE = "password";
#PHOTOPRISM_DATABASE_DRIVER = "postgres";
#PHOTOPRISM_DATABASE_SERVER = "postgres-prism:5432";
#PHOTOPRISM_DATABASE_NAME = "photoprism";
#PHOTOPRISM_DATABASE_USER = "photoprism";
#PHOTOPRISM_DATABASE_PASSWORD = "photoprism";
PHOTOPRISM_DATABASE_DRIVER= "mysql"; # Use MariaDB (or MySQL) instead of SQLite for improved performance
PHOTOPRISM_DATABASE_SERVER= "localhost:3306" ; # MariaDB database server (hostname:port)
PHOTOPRISM_DATABASE_NAME= "photoprism"; # MariaDB database schema name
PHOTOPRISM_SITE_URL = "http://localhost:2342/"; # Public PhotoPrism URL
systemd.services.photoprism.serviceConfig = {
SupplementaryGroups = [ "download" "video" "render" ];
PrivateDevices = lib.mkForce false;
};
state = [ "/var/lib/photoprism" ];
sops.secrets."omo-photoprism-pw" = {
group = "video";
mode = "0750";
};
services.photoprism = {
enable = true;
inherit port originalsPath;
passwordFile = config.sops.secrets."omo-photoprism-pw".path;
storagePath = "/var/lib/photoprism";
settings = {
PHOTOPRISM_SITE_TITLE = "PhotoPrism";
PHOTOPRISM_SITE_CAPTION = "FeMi Fotos";
PHOTOPRISM_SITE_DESCRIPTION = "Unsere Fotos";
PHOTOPRISM_SITE_AUTHOR = "FeMi";
PHOTOPRISM_SPONSOR = "true";
PHOTOPRISM_DEFAULT_LOCALE = "de";
PHOTOPRISM_READONLY = "false";
# Hardware encoding
PHOTOPRISM_FFMPEG_ENCODER = "intel";
PHOTOPRISM_INIT = "intel";
};
environmentFiles = [
config.sops.secrets."omo-photoprism-envfile".path
];
};
virtualisation.oci-containers.containers.mysql-photoprism = {
image = "mariadb:10.5";
extraOptions = [
"--security-opt" "seccomp=unconfined"
"--security-opt" "apparmor=unconfined"
#"--network=photoprism"
"--network=host"
];
#ports = [ "3306:3306" ]; # no need to expose the database
#cmd = [ "mysqld"
# "--transaction-isolation=READ-COMMITTED"
# "--character-set-server=utf8mb4"
# "--collation-server=utf8mb4_unicode_ci"
# "--max-connections=512"
# "--innodb-rollback-on-timeout=OFF"
# "--innodb-lock-wait-timeout=50"
#];
volumes= [ "${db-dir}:/var/lib/mysql" ];
environmentFiles = [
config.sops.secrets."omo-photoprism-envfile".path
];
environment = {
MYSQL_DATABASE= "photoprism";
PHOTOPRISM_DEBUG = "false";
PHOTOPRISM_EXPERIMENTAL = "true";
PHOTOPRISM_DISABLE_SETTINGS = "false";
PHOTOPRISM_DISABLE_TENSORFLOW = "false";
PHOTOPRISM_DARKTABLE_PRESETS = "false";
PHOTOPRISM_DETECT_NSFW = "false";
PHOTOPRISM_UPLOAD_NSFW = "true";
PHOTOPRISM_AUTH_MODE = "password";
PHOTOPRISM_ADMIN_USER = "admin";
PHOTOPRISM_SITE_URL = "http://192.168.111.11:2342/"; # Public PhotoPrism URL
};
};
#virtualisation.oci-containers.containers.postgres-prism = {
# image = "postgres:12-alpine";
# ports = [ "5432" ]; # no need to expose the database
# environment = {
# POSTGRES_DB = "photoprism";
# POSTGRES_USER = "photoprism";
# POSTGRES_PASSWORD = "photoprism";
# };
#};
}

View file

@ -4,7 +4,7 @@
extraGroups = [ "networkmanager" ];
packages = with pkgs;[
networkmanagerapplet
gnome3.gnome-keyring dconf
gnome-keyring dconf
];
};
networking.wireless.enable = lib.mkForce false;

View file

@ -1,6 +1,6 @@
{ pkgs, ... }:
{
services.upower.enable = true;
users.users.makefu.packages = [ pkgs.gnome3.gnome-power-manager ];
users.users.makefu.packages = [ pkgs.gnome-power-manager ];
}

View file

@ -1,6 +1,6 @@
{pkgs, ... }:
{
environment.systemPackages = with pkgs; [ kdeconnect ];
environment.systemPackages = with pkgs; [ plasma5Packages.kdeconnect-kde ];
networking.firewall.allowedUDPPortRanges = [ { from = 1714; to = 1764; } ];
networking.firewall.allowedTCPPortRanges = [ { from = 1714; to = 1764; } ];
}

View file

@ -13,7 +13,7 @@ in {
./gui/base.nix
# ./gui/look-up.nix
./fetchWallpaper.nix
./zsh-user.nix
./zsh
./tools/core.nix
./tools/core-gui.nix
./gui/automatic-diskmount.nix

View file

@ -1,7 +1,7 @@
{ lib, config, ... }:
{
# lassulus network
clan.networking.zerotier = {
clan.core.networking.zerotier = {
networkId = "ccc5da5295c853d4";
name = "nether";
};

View file

@ -17,11 +17,16 @@ in {
users.users."${mainUser}".extraGroups = [ "scanner" "lp" ];
services.udev.packages = [ pkgs.utsushi ];
# scanners are printers just in reverse anyway
services.saned.enable = true;
# network scan
services.avahi.enable = true;
services.avahi.nssmdns4 = true;
hardware.sane = {
enable = true;
extraBackends = [ ];
extraBackends = [ pkgs.epkowa pkgs.utsushi ];
extraConfig.xerox_mfp = ''
usb 0x04e8 0x3441
'';

View file

@ -21,15 +21,12 @@ in {
"valid users" = "download";
};
};
extraConfig = ''
# guest account = smbguest
# map to guest = bad user
# disable printing
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
'';
settings.global = {
"load printers" = "no";
"printing" = "bsd";
"printcap name" = "/dev/null";
"disable spoolss" = "yes";
};
};
networking.firewall.interfaces.retiolum.allowedTCPPorts = [ 445 ];
networking.firewall.interfaces.wiregrill.allowedTCPPorts = [ 445 ];

View file

@ -17,7 +17,7 @@ in {
"uid=${toString config.users.users.download.uid}"
"gid=${toString config.users.groups.download.gid}"
"vers=3"
#"vers=2.1"
"fsc"
"rsize=65536"
"wsize=130048"
"iocharset=utf8"

View file

@ -101,17 +101,17 @@ in {
# "guest ok" = "yes";
#};
};
extraConfig = ''
guest account = smbguest
map to guest = bad user
settings.global = {
"guest account" = "smbguest";
"map to guest" = "bad user";
# disable printing
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
workgroup = WORKGROUP
server string = ${config.networking.hostName}
netbios name = ${config.networking.hostName}
'';
"load printers" = "no";
"printing" = "bsd";
"printcap name" = "/dev/null";
"disable spoolss" = "yes";
"workgroup" = "WORKGROUP";
"server string" = config.networking.hostName;
"netbios name" = config.networking.hostName;
};
};
}

View file

@ -34,14 +34,14 @@
"guest ok" = "no";
};
};
extraConfig = ''
guest account = smbguest
map to guest = bad user
settings.global = {
"guest account" = "smbguest";
"map to guest" = "bad user";
# disable printing
load printers = no
printing = bsd
printcap name = /dev/null
disable spoolss = yes
'';
"load printers" = "no";
"printing" = "bsd";
"printcap name" = "/dev/null";
"disable spoolss" = "yes" ;
};
};
}

View file

@ -16,6 +16,7 @@ in {
devices = (mk_peers used_peers) // {
makefu-phone.id = "YP57S7C-4U7PTEV-7PNVREJ-574YUTC-XMZ6TH5-P7UL5IJ-VYGW7GV-Z6QYOQR";
makefu-ebook.id = "RRNPQ7N-BUGZUKX-EU7VSDJ-Z5BTW33-55DOSF4-RJXWV7W-BL7TUHT-TV7EJQN";
makefu-tablet-medion.id = "RRJGBJC-B4WHTRY-MGFWEZU-JLTQWM6-M5N3CWM-MDSVVYC-LP67NM2-B3ZK4AI";
gum.id = "463N4HM-LFU3ARM-M7YU6O5-7FAVRIZ-WUOX5FN-C6A3XLZ-UCDUXQ5-2MVXDA6";
x.id = "ETMOWBT-XOYB7LJ-J4OKD7U-WHBEAP5-MPAHKXM-O4GGRKM-WERF7R4-MRS7EAU"; # override config for x
omo.id = "Y5OTK3S-JOJLAUU-KTBXKUW-M7S5UEQ-MMQPUK2-7CXO5V6-NOUDLKP-PRGAFAK";

View file

@ -1,11 +1,12 @@
{ pkgs, ... }:
{
services.cachefilesd.enable = true;
systemd.services.download-sync = {
# startAt = "hourly";
startAt = "*:0/30"; # 30 minutes
path = [ pkgs.rsync ];
script = ''
rsync -a --omit-dir-times --no-perms --no-owner --progress --stats /media/cloud/download/. /media/crypt1/download/.
rsync -a --size-only --omit-dir-times --no-perms --no-owner --progress --stats /media/cloud/download/. /media/crypt1/download/.
'';
serviceConfig = {
User = "download";

View file

@ -1,5 +1,12 @@
{
services.syncthing.user = "download";
systemd.services.syncthing = {
environment.GOMEMLIMIT = "400MiB";
serviceConfig = {
MemoryHigh="750M";
MemoryMax="1G";
};
};
services.syncthing.settings.folders = {
manga = {
path = "/media/cloud/sync/manga/";
@ -11,10 +18,12 @@
id = "makefu-audiobooks";
devices = [ "omo" "makefu-phone" "x" ];
};
download = {
path = "/media/cloud/download/";
id = "makefu-download";
devices = [ "omo" ];
};
#download = {
# path = "/media/cloud/download/";
# id = "makefu-download";
# #config.fsWatcherEnabled = false;
# #config.rescanIntervalS = 300;
# devices = [ "omo" ];
#};
};
}

View file

@ -15,10 +15,15 @@
id = "makefu-audiobooks";
devices = [ "omo" "gum" "makefu-phone" "x" ];
};
download = {
path = "/media/crypt1/download";
id = "makefu-download";
devices = [ "gum" ];
sync-photos = {
path = "/media/cryptX/photos/photoframe";
id = "makefu-photoframe";
devices = [ "makefu-tablet-medion" ];
};
#download = {
# path = "/media/crypt1/download";
# id = "makefu-download";
# devices = [ "gum" ];
#};
};
}

View file

@ -1,5 +1,5 @@
{ pkgs, ... }: {
systemd.services.brockman.environment."BROCKMAN_LOG_LEVEL" = "DEBUG";
#systemd.services.brockman.environment."BROCKMAN_LOG_LEVEL" = "DEBUG";
services.rss-bridge = {
enable = true;
@ -7,7 +7,7 @@
virtualHost = "rss.makefu.r";
};
krebs.brockman = {
services.brockman = {
enable = true;
config = {
channel = "#systemdultras";

View file

@ -50,7 +50,7 @@ ${gnused}/bin/sed -i "''${1}d" ~/.ssh/known_hosts
parallel
proot
rxvt_unicode.terminfo
rxvt-unicode-unwrapped.terminfo
# TODO: missing stockholm overlay
# kpaste

View file

@ -31,6 +31,7 @@
hydra-check
# git-related
git-preview
jujutsu
tig
# (pkgs.callPackage ./init-host {})
# used more than once

View file

@ -15,6 +15,12 @@
# cura
bambu-studio
];
networking.firewall.allowedUDPPorts = [
1990 2021 # bambu-studio ssdp
];
networking.firewall.allowedTCPPorts = [
8883 6000 # bambu-studio lan mode
];
xdg.portal.enable = true;
#xdg.portal.extraPortals = [ pkgs.xdg-desktop-portal-gtk ];
}

View file

@ -4,7 +4,7 @@
users.users.makefu.packages = with pkgs; [
aria2
# mitmproxy
python3Packages.binwalk-full
binwalk
dnsmasq
iodine
mtr

View file

@ -22,8 +22,8 @@ in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) {
ip6 = "${pkgs.iptables}/bin/ip6tables";
in {
ips =
(optional (!isNull self.ip4) self.ip4.addr) ++
(optional (!isNull self.ip6) self.ip6.addr);
(optional (!isNull self.ip4) (self.ip4.addr + "/32")) ++
(optional (!isNull self.ip6) (self.ip6.addr + "/128"));
listenPort = self.wireguard.port;
privateKeyFile = config.sops.secrets."${config.clan.core.machineName}-wiregrill.key".path;
allowedIPsAsRoutes = true;

View file

@ -35,10 +35,10 @@ in mkIf (hasAttr "wiregrill" config.krebs.build.host.nets) {
services.dnsmasq = {
enable = true;
resolveLocalQueries = false;
extraConfig = /* dnsmasq */ ''
bind-interfaces
interface=retiolum,wiregrill
'';
settings = {
bind-interfaces = true;
interface = "retiolum,wiregrill";
};
servers = [ "1.1.1.1" ];
};

View file

@ -1,11 +1,13 @@
{
home-manager.users.makefu.programs.atuin = {
enable = true;
flags = [ "--disable-up-arrow" ];
daemon.enable = true;
settings = {
auto_sync = true;
sync_address = "https://atuin.euer.krebsco.de";
search_mode = "prefix";
# fuzzy,fulltext
search_mode = "fulltext";
# fuzzy,fulltext,prefix
update_check = false;
# filter_mode = "host";
filter_mode = "global";

View file

@ -5,7 +5,7 @@
, xorg
, gst_all_1
, krb5
, alsaLib
, alsa-lib
}:
# via https://raw.githubusercontent.com/simon-the-sourcerer-ab/chitubox/main/default.nix
stdenv.mkDerivation rec {
@ -21,7 +21,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ autoPatchelfHook ];
buildInputs = with xorg; [ stdenv.cc.cc.lib libglvnd libgcrypt zlib glib fontconfig freetype libdrm
libxkbcommon libpulseaudio alsaLib
libxkbcommon libpulseaudio alsa-lib
xcbutilwm xcbutilimage xcbutilrenderutil xcbutilkeysyms
gst_all_1.gst-plugins-base gst_all_1.gstreamer krb5
];

View file

@ -1,4 +1,4 @@
{stdenv, lib, alsaToolTarget,fetchurl, alsaLib, ncurses, fltk13, gtk3}:
{stdenv, lib, alsaToolTarget,fetchurl, alsa-lib, ncurses, fltk13, gtk3}:
stdenv.mkDerivation rec {
name = "alsa-${alsaToolTarget}-${version}";
@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
sha256 = "1lgvyb81md25s9ciswpdsbibmx9s030kvyylf0673w3kbamz1awl";
};
sourceRoot = "${alsaToolsName}/${alsaToolTarget}/";
buildInputs = [ alsaLib fltk13 gtk3 ncurses ];
buildInputs = [ alsa-lib fltk13 gtk3 ncurses ];
meta = {
homepage = http://www.alsa-project.org/;

View file

@ -41,7 +41,6 @@ in {
alsa-hdspconf = callPackage ./custom/alsa-tools { alsaToolTarget="hdspconf";};
alsa-hdspmixer = callPackage ./custom/alsa-tools { alsaToolTarget="hdspmixer";};
alsa-hdsploader = callPackage ./custom/alsa-tools { alsaToolTarget="hdsploader";};
brother_ql_web = (builtins.getFlake "github:makefu/brother_ql_web?rev=a3f8625f48111da8cd6f8e562c966cdca445b82d").packages.x86_64-linux.default;
qcma = prev.libsForQt5.callPackage ./custom/qcma { };
inherit (callPackage ./devpi {}) devpi-web ;
nodemcu-uploader = prev.pkgs.callPackage ./nodemcu-uploader {};

View file

@ -1,7 +1,7 @@
{ stdenv
, lib
, fetchurl
, alsaLib
, alsa-lib
, unzip
, openssl
, zlib
@ -24,7 +24,7 @@ stdenv.mkDerivation rec {
];
sourceRoot = ".";
buildInputs = [
alsaLib
alsa-lib
openssl
zlib
pulseaudio

File diff suppressed because it is too large Load diff

View file

@ -51,7 +51,7 @@
inventory4ce.inputs.nixpkgs.follows = "nixpkgs";
inventory4ce.inputs.poetry2nix.follows = "poetry2nix";
lanzaboote.url = "github:nix-community/lanzaboote/v0.3.0";
lanzaboote.url = "github:nix-community/lanzaboote";
lanzaboote.inputs.nixpkgs.follows = "nixpkgs";
lanzaboote.inputs.flake-parts.follows = "flake-parts";
#lanzaboote.inputs.pre-commit-hooks-nix.follows = "";

View file

@ -1,12 +1,12 @@
{ config, lib, pkgs, ... }:
let
primaryInterface = "eth0";
primaryInterface = "end0";
in {
imports = [
./hardware-config.nix
../../2configs
../../2configs/home-manager
../../2configs/home/3dprint
../../2configs/home/zigbee/cake.nix
#./hardware-config.nix
{ environment.systemPackages = with pkgs;[ rsync screen curl git tmux picocom mosh ];}
# ../../2configs/tools/core.nix
@ -14,7 +14,7 @@ in {
#../../2configs/support-nixos.nix
# ../../2configs/homeautomation/default.nix
# ../../2configs/homeautomation/google-muell.nix
../../2configs/hw/pseyecam.nix
#../../2configs/hw/pseyecam.nix
# configure your hw:
# ../../2configs/save-diskspace.nix

View file

@ -16,18 +16,18 @@ in {
# systemd.services.phpfpm-nextcloud.wantedBy = lib.mkForce [];
systemd.services.samba-smbd.wantedBy = lib.mkForce [];
}
{
users.users.lass = {
uid = 19002;
isNormalUser = true;
createHome = true;
useDefaultShell = true;
openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey
makefu.pubkey
];
};
}
#{
# users.users.lass = {
# uid = 19002;
# isNormalUser = true;
# createHome = true;
# useDefaultShell = true;
# openssh.authorizedKeys.keys = with config.krebs.users; [
# lass.pubkey
# makefu.pubkey
# ];
# };
#}
../../2configs
../../2configs/nur.nix
@ -49,10 +49,10 @@ in {
# ../../2configs/tools/sec.nix
# ../../2configs/tools/desktop.nix
../../2configs/zsh-user.nix
../../2configs/zsh
../../2configs/mosh.nix
# ../../2configs/disable_v6.nix
../../2configs/storj/forward-port.nix
# ../../2configs/storj/forward-port.nix
# ../../2configs/gui/xpra.nix
# networking
@ -92,17 +92,19 @@ in {
# ci
# ../../2configs/exim-retiolum.nix
../../2configs/git/cgit-retiolum.nix
# ../../2configs/git/cgit-retiolum.nix
../../2configs/git/forgejo.nix
### systemdUltras ###
../../2configs/systemdultras/ircbot.nix
###### Shack #####
# ../../2configs/shack/events-publisher
# ../../2configs/shack/gitlab-runner
../../2configs/remote-build/slave.nix
# ../../2configs/deployment/buildbot/master.nix
../../2configs/deployment/atuin.nix
# ../../2configs/remote-build/slave.nix
# ../../2configs/remote-build/aarch64-community.nix
../../2configs/taskd.nix
@ -130,7 +132,7 @@ in {
## network
# ../../2configs/vpn/openvpn-server.nix
# ../../2configs/vpn/vpnws/server.nix
../../2configs/binary-cache/server.nix
# ../../2configs/binary-cache/server.nix
{ makefu.backup.server.repo = "/var/backup/borg"; }
../../2configs/backup/server.nix
../../2configs/backup/state.nix
@ -149,11 +151,10 @@ in {
../../2configs/deployment/rss/rss.euer.krebsco.de.nix # postgres backend
../../2configs/deployment/rss/ratt.nix
../../2configs/deployment/ntfysh.nix
# ../../2configs/deployment/ntfysh.nix
../../2configs/deployment/nextcloud #postgres backend
../../2configs/deployment/nextcloud/screeenly.nix
# ../../2configs/deployment/nextcloud/screeenly.nix
../../2configs/deployment/buildbot/master.nix
# ../../2configs/deployment/buildbot/worker.nix
### Moving owncloud data dir to /media/cloud/nextcloud-data
{
@ -191,7 +192,7 @@ in {
#../../2configs/deployment/owncloud.nix
# ../../2configs/deployment/board.euer.krebsco.de.nix
#../../2configs/deployment/feed.euer.krebsco.de
../../2configs/deployment/boot-euer.nix
# ../../2configs/deployment/boot-euer.nix
../../2configs/deployment/gecloudpad
#../../2configs/deployment/docker/archiveteam-warrior.nix
../../2configs/deployment/mediengewitter.de.nix
@ -200,7 +201,7 @@ in {
../../2configs/deployment/wiki.euer.nix
../../2configs/shiori.nix
# ../../2configs/shiori.nix
#../../2configs/workadventure
../../2configs/bgt/download.binaergewitter.de.nix
@ -227,25 +228,11 @@ in {
# krebs infrastructure services
# ../../2configs/stats/server.nix
];
nixpkgs.config.permittedInsecurePackages = [ "olm-3.2.16" ];
# makefu.dl-dir = "/var/download";
makefu.dl-dir = "/media/cloud/download/finished";
###### stable
security.acme.certs."cgit.euer.krebsco.de" = {
email = "letsencrypt@syntax-fehler.de";
webroot = "/var/lib/acme/acme-challenge";
group = "nginx";
};
services.nginx.virtualHosts."cgit" = {
serverAliases = [ "cgit.euer.krebsco.de" ];
addSSL = true;
sslCertificate = "/var/lib/acme/cgit.euer.krebsco.de/fullchain.pem";
sslCertificateKey = "/var/lib/acme/cgit.euer.krebsco.de/key.pem";
locations."/.well-known/acme-challenge".extraConfig = ''
root /var/lib/acme/acme-challenge;
'';
};
krebs.build.host = config.krebs.hosts.gum;
@ -254,7 +241,7 @@ in {
firewall = {
allowedTCPPorts = [
80 443
28967 # storj
# 28967 # storj
];
allowPing = true;
logRefusedConnections = false;
@ -263,4 +250,5 @@ in {
};
users.users.makefu.extraGroups = [ "download" "nginx" ];
state = [ "/home/makefu/.weechat" ];
clan.networking.targetHost = "root@gum.i";
}

View file

@ -2,10 +2,14 @@
{
imports =
[ ./network.nix
[
./network.nix
(modulesPath + "/profiles/qemu-guest.nix")
];
./single-disk-ext4.nix
];
zramSwap.enable = true;
zramSwap.memoryPercent = 75;
# Disk
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ];
boot.uki.tries = 3;
@ -13,39 +17,7 @@
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "rpool/root";
fsType = "zfs";
};
fileSystems."/home" =
{ device = "rpool/home";
fsType = "zfs";
};
fileSystems."/nix" =
{ device = "rpool/nix";
fsType = "zfs";
};
fileSystems."/boot" =
{ device = "/dev/sda1";
fsType = "vfat";
};
swapDevices = [ ];
zramSwap.enable = true;
boot.loader.grub.device = "/dev/sda";
networking.hostId = "3150697b"; # required for zfs use
boot.tmp.useTmpfs = true;
boot.supportedFilesystems = [ "zfs" ];
boot.loader.grub.enable = true;
boot.loader.grub.copyKernels = true;
boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues
boot.kernelParams = [
"zfs.zfs_arc_max=1073741824"
"boot.shell_on_fail"
"panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
];

View file

@ -0,0 +1,53 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ ./network.nix
(modulesPath + "/profiles/qemu-guest.nix")
];
# Disk
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sd_mod" "sr_mod" ];
boot.uki.tries = 3;
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "rpool/root";
fsType = "zfs";
};
fileSystems."/home" =
{ device = "rpool/home";
fsType = "zfs";
};
fileSystems."/nix" =
{ device = "rpool/nix";
fsType = "zfs";
};
fileSystems."/boot" =
{ device = "/dev/sda1";
fsType = "vfat";
};
swapDevices = [ ];
# zramSwap.enable = true;
boot.loader.grub.device = "/dev/sda";
networking.hostId = "3150697b"; # required for zfs use
# boot.tmp.useTmpfs = true;
boot.supportedFilesystems = [ "zfs" ];
boot.loader.grub.enable = true;
boot.loader.grub.copyKernels = true;
boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues
boot.kernelParams = [
#"zfs.zfs_arc_max=1073741824" # 1gb
"zfs.zfs_arc_max=134217728" # 128mb
"boot.shell_on_fail"
"panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
];
}

View file

@ -1,25 +1,33 @@
{ disk ? "/dev/sda", ... }: {
boot.loader.efi.canTouchEfiVariables = true;
boot.loader.systemd-boot.enable = true;
{ ... }: {
#boot.loader.efi.canTouchEfiVariables = true;
#boot.loader.systemd-boot.enable = true;
#boot.loader.grub.device = "/dev/sda";
boot.loader.grub.enable = true;
boot.loader.grub.copyKernels = true;
boot.loader.grub.efiSupport = true;
boot.loader.grub.efiInstallAsRemovable = true;
disko.devices = {
disk = {
disk1 = {
device = disk;
main = {
type = "disk";
# device = disk;
device = "/dev/sda";
content = {
type = "table";
format = "gpt";
partitions ={
boot = {
type = "gpt";
partitions = {
boot = { # required for embedding grub
size = "1M";
type = "EF02";
priority = 1;
};
ESP = {
name = "ESP";
start = "1MiB";
#start = "1M";
type = "EF00";
end = "1G";
bootable = true;
priority = 2;
size = "1G";
# bootable = true;
content = {
type = "filesystem";
format = "vfat";
@ -27,24 +35,28 @@
mountOptions = [ "umask=0077" ];
};
};
swap = {
size = "4G";
#size = "100%";
#end = "-4G";
priority = 3;
content = {
type = "swap";
priority = 1; # lowest prio
};
};
root = {
name = "root";
start = "500MiB";
end = "-4G";
part-type = "primary";
priority = 4;
#start = "1G";
#end = "-4G";
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
swap = {
size = "4G";
content = {
type = "swap";
priority = 1; # lowest prio
};
};
};
};
};

View file

@ -1,11 +1,11 @@
{ pkgs, modulesPath, ... }: {
imports = [
(modulesPath + "/installer/cd-dvd/installation-cd-minimal.nix")
../../2configs
../../2configs/core.nix
];
# start sshd in any case
systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
isoImage.squashfsCompression = "gzip -Xcompression-level 1";
krebs.build.host.name = "liveiso";
}

View file

@ -1,7 +0,0 @@
{
imports = [
];
# New machine!
}

View file

@ -13,6 +13,12 @@ in {
../../2configs/default.nix
../../2configs/support-nixos.nix
../../2configs/nur.nix
{
systemd.coredump.extraConfig = ''
Storage=none
ProcessSizeMax=0
'';
}
{
services.xserver.enable = true;
services.xserver.displayManager.sddm.enable = true;
@ -34,7 +40,7 @@ in {
### systemdUltras ###
../../2configs/systemdultras/ircbot.nix
../../2configs/zsh-user.nix
../../2configs/zsh
../../2configs/home-manager
../../2configs/home-manager/cli.nix
../../2configs/editor/neovim
@ -49,7 +55,7 @@ in {
# ../../2configs/smart-monitor.nix
../../2configs/mail-client.nix
../../2configs/mosh.nix
../../2configs/nix-ld.nix
#../../2configs/nix-ld.nix
../../2configs/tools/core.nix
../../2configs/tools/dev.nix
../../2configs/tools/desktop.nix
@ -63,8 +69,10 @@ in {
../../2configs/share
../../2configs/share/omo.nix
../../2configs/share/gum-client.nix
../../2configs/share/hetzner-client.nix
#../../2configs/share/gum-client.nix
../../2configs/sync
../../2configs/sync/omo-download-sync.nix
../../2configs/sync/share/omo.nix
../../2configs/wireguard/wiregrill-client.nix
@ -123,7 +131,7 @@ in {
../../2configs/home/metube.nix
# ../../2configs/home/ham
../../2configs/home/ham/docker.nix
../../2configs/home/zigbee2mqtt
../../2configs/home/zigbee/omo.nix
../../2configs/home/streams.nix
../../2configs/home/esphome.nix
../../2configs/home/audio-dl.nix

View file

@ -1,17 +1,19 @@
{ pkgs, ... }:
let
vaapi = pkgs.vaapiIntel.override { enableHybridCodec = true; };
in
{
hardware.opengl = {
# 2024-08-18: https://wiki.nixos.org/wiki/Jellyfin
nixpkgs.config.packageOverrides = pkgs: {
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
};
hardware.graphics = { # hardware.opengl in 24.05
enable = true;
extraPackages = with pkgs; [
intel-media-driver # LIBVA_DRIVER_NAME=iHD
vaapi # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
intel-media-driver
intel-vaapi-driver # previously vaapiIntel
vaapiVdpau
libvdpau-va-gl
intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
vpl-gpu-rt # QSV on 11th gen or newer
intel-media-sdk # QSV up to 11th gen
];
};
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ vaapi ];
environment.systemPackages = [ pkgs.libva-utils ];
}

View file

@ -24,7 +24,7 @@
# Tools
../../2configs/tools/core.nix
../../2configs/zsh-user.nix
../../2configs/zsh
../../2configs/mosh.nix
# Networking
../../2configs/tinc/retiolum.nix

View file

@ -22,7 +22,7 @@
# ../../2configs/rad1o.nix
../../2configs/zsh-user.nix
../../2configs/zsh
../../2configs/home-manager
../../2configs/home-manager/desktop.nix
../../2configs/home-manager/cli.nix

View file

@ -14,7 +14,7 @@ in {
../../2configs/networking/zerotier.nix
../../2configs/home-manager
../../2configs/support-nixos.nix
../../2configs/zsh-user.nix
../../2configs/zsh
../../2configs/tools/core.nix
# ../../2configs/disable_v6.nix
../../2configs/tools/core-gui.nix

View file

@ -2,10 +2,14 @@
{
imports =
[
# ./x230
./x13
{
nixpkgs.config.permittedInsecurePackages = [
"jitsi-meet-1.0.8043"
];
}
# do not build in tmpfs
{ systemd.services.nix-daemon.environment.TMPDIR = "/var/tmp";}
@ -37,6 +41,7 @@
../../2configs/home-manager/taskwarrior.nix
../../2configs/main-laptop.nix
../../2configs/zsh/atuin.nix
../../2configs/kdeconnect.nix
../../2configs/extra-fonts.nix
../../2configs/editor/neovim
@ -264,6 +269,7 @@
"aarch64-linux"
];
# services.syncthing.user = lib.mkForce "makefu";
# services.syncthing.dataDir = lib.mkForce "/home/makefu/.config/syncthing/";
}

View file

@ -3,7 +3,7 @@
services.xserver.videoDrivers = [ "amdgpu" ];
#boot.initrd.kernelModules = [ "amdgpu" ];
#hardware.opengl.driSupport = true;
hardware.graphics.extraPackages = [ pkgs.amdvlk pkgs.rocm-opencl-icd pkgs.rocm-opencl-runtime ];
hardware.graphics.extraPackages = with pkgs; [ amdvlk rocmPackages.clr.icd rocmPackages.clr ];
# For 32 bit applications
hardware.graphics.enable32Bit = true;
hardware.graphics.extraPackages32 = with pkgs; [ driversi686Linux.amdvlk ];