some adjustments
This commit is contained in:
Alexander Szczepanski
@ -7,7 +7,7 @@ let
|
||||
in
|
||||
{
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
[
|
||||
/etc/nixos/hardware-configuration.nix
|
||||
../configs/gui.nix
|
||||
../configs/docker.nix
|
||||
@ -72,8 +72,8 @@ in
|
||||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
console = {
|
||||
font = "latarcyrheb-sun32";
|
||||
keyMap = "us";
|
||||
font = "latarcyrheb-sun32";
|
||||
keyMap = "us";
|
||||
};
|
||||
|
||||
hardware = {
|
||||
@ -121,13 +121,13 @@ in
|
||||
printing.enable = true;
|
||||
xserver.videoDrivers = [ "amdgpu" ];
|
||||
xserver.deviceSection = ''
|
||||
Option "TearFree" "true"
|
||||
Option "TearFree" "true"
|
||||
'';
|
||||
hardware.xow.enable = true;
|
||||
borgbackup.jobs.home = rec {
|
||||
compression = "auto,zstd";
|
||||
encryption = {
|
||||
mode = "repokey-blake2" ;
|
||||
mode = "repokey-blake2";
|
||||
passphrase = secrets-desktop.borg-key;
|
||||
};
|
||||
extraCreateArgs = "--checkpoint-interval 600 --exclude-caches";
|
||||
|
||||
@ -60,7 +60,7 @@
|
||||
User = "alex";
|
||||
# ExecStart="/home/alex/snapraid-sync";
|
||||
};
|
||||
path = [pkgs.bash pkgs.snapraid pkgs.curl pkgs.smartmontools pkgs.hdparm];
|
||||
path = [ pkgs.bash pkgs.snapraid pkgs.curl pkgs.smartmontools pkgs.hdparm ];
|
||||
|
||||
script = ''
|
||||
/home/alex/snapraid-sync
|
||||
@ -69,7 +69,7 @@
|
||||
|
||||
timers.snapraid-sync = {
|
||||
#enable = true;
|
||||
wantedBy = ["timers.target"];
|
||||
wantedBy = [ "timers.target" ];
|
||||
timerConfig = {
|
||||
OnCalendar = "Mon-Sun, 23:00";
|
||||
# Unit = "snapraid-sync.service";
|
||||
@ -95,7 +95,7 @@
|
||||
enable = true;
|
||||
extraPackages = with pkgs; [
|
||||
#intel-media-driver # LIBVA_DRIVER_NAME=iHD
|
||||
vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
|
||||
vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
|
||||
vaapiVdpau
|
||||
libvdpau-va-gl
|
||||
];
|
||||
@ -145,19 +145,20 @@
|
||||
};
|
||||
};
|
||||
|
||||
security.sudo.extraRules = [ {
|
||||
security.sudo.extraRules = [{
|
||||
users = [ "alex" ];
|
||||
commands = [ {
|
||||
commands = [{
|
||||
command = "${pkgs.hdparm}/bin/hdparm";
|
||||
options = [ "SETENV" "NOPASSWD" ];
|
||||
} ];
|
||||
} {
|
||||
users = [ "alex" ];
|
||||
commands = [ {
|
||||
command = "${pkgs.snapraid}/bin/snapraid";
|
||||
options = [ "SETENV" "NOPASSWD" ];
|
||||
} ];
|
||||
}];
|
||||
}];
|
||||
}
|
||||
{
|
||||
users = [ "alex" ];
|
||||
commands = [{
|
||||
command = "${pkgs.snapraid}/bin/snapraid";
|
||||
options = [ "SETENV" "NOPASSWD" ];
|
||||
}];
|
||||
}];
|
||||
|
||||
networking.firewall.enable = false;
|
||||
|
||||
|
||||
@ -5,7 +5,7 @@ let
|
||||
in
|
||||
{
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
[
|
||||
/etc/nixos/hardware-configuration.nix
|
||||
../configs/gui.nix
|
||||
../configs/common.nix
|
||||
|
||||
@ -1,13 +1,13 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
imports =
|
||||
[
|
||||
# <nixos-hardware/common/cpu/intel>
|
||||
/etc/nixos/hardware-configuration.nix
|
||||
#../configs/docker.nix
|
||||
../configs/common.nix
|
||||
../configs/user.nix
|
||||
];
|
||||
[
|
||||
# <nixos-hardware/common/cpu/intel>
|
||||
/etc/nixos/hardware-configuration.nix
|
||||
#../configs/docker.nix
|
||||
../configs/common.nix
|
||||
../configs/user.nix
|
||||
];
|
||||
|
||||
# Boot
|
||||
boot.loader.grub.enable = false;
|
||||
@ -16,7 +16,7 @@
|
||||
|
||||
# Kernel configuration
|
||||
boot.kernelPackages = pkgs.linuxPackages_rpi4;
|
||||
boot.kernelParams = ["cma=64M" "console=tty0"];
|
||||
boot.kernelParams = [ "cma=64M" "console=tty0" ];
|
||||
|
||||
# Enable additional firmware (such as Wi-Fi drivers).
|
||||
hardware.enableRedistributableFirmware = true;
|
||||
@ -34,13 +34,15 @@
|
||||
# };
|
||||
# };
|
||||
|
||||
swapDevices = [ { device = "/swapfile"; size = 1024; } ];
|
||||
swapDevices = [{ device = "/swapfile"; size = 1024; }];
|
||||
|
||||
networking.hostName = "raspberrypi4";
|
||||
|
||||
# Packages
|
||||
environment.systemPackages = with pkgs; [
|
||||
nano git htop
|
||||
nano
|
||||
git
|
||||
htop
|
||||
];
|
||||
|
||||
# Miscellaneous
|
||||
|
||||
@ -11,6 +11,9 @@ let
|
||||
be = import ../configs/borg-exclude.nix;
|
||||
in
|
||||
{
|
||||
nixpkgs.config = {
|
||||
allowUnfree = true;
|
||||
};
|
||||
imports =
|
||||
[
|
||||
<nixos-hardware/lenovo/thinkpad/x1-extreme>
|
||||
@ -22,15 +25,16 @@ in
|
||||
../configs/user.nix
|
||||
../configs/user-gui.nix
|
||||
../configs/user-gui-applications.nix
|
||||
../configs/bspwm.nix
|
||||
<home-manager/nixos>
|
||||
];
|
||||
|
||||
# boot.initrd.luks.devices = {
|
||||
# root = {
|
||||
# preLVM = true;
|
||||
# device = "/dev/disk/by-uuid/b59e9746-b9b4-4de1-94f6-84a387b9d72e";
|
||||
# allowDiscards = true;
|
||||
# };
|
||||
# root = {
|
||||
# preLVM = true;
|
||||
# device = "/dev/disk/by-uuid/b59e9746-b9b4-4de1-94f6-84a387b9d72e";
|
||||
# allowDiscards = true;
|
||||
# };
|
||||
# };
|
||||
|
||||
fileSystems."/".options = [ "noatime" "discard" ];
|
||||
@ -45,7 +49,7 @@ in
|
||||
grub.gfxmodeEfi = "1024x768";
|
||||
};
|
||||
kernelPackages = pkgs.linuxPackages_5_14;
|
||||
boot.plymouth.enable = true;
|
||||
plymouth.enable = true;
|
||||
};
|
||||
|
||||
networking.hostName = "thinkpad"; # Define your hostname.
|
||||
@ -59,8 +63,8 @@ in
|
||||
# Select internationalisation properties.
|
||||
# i18n.defaultLocale = "en_US.UTF-8";
|
||||
console = {
|
||||
font = "latarcyrheb-sun32";
|
||||
keyMap = "us";
|
||||
font = "latarcyrheb-sun32";
|
||||
keyMap = "us";
|
||||
};
|
||||
|
||||
hardware.nvidia.prime = {
|
||||
@ -73,40 +77,40 @@ in
|
||||
nvidiaBusId = "PCI:1:0:0";
|
||||
};
|
||||
|
||||
# hardware.bumblebee = {
|
||||
# enable = true;
|
||||
# connectDisplay = true;
|
||||
# };
|
||||
# hardware.bumblebee = {
|
||||
# enable = true;
|
||||
# connectDisplay = true;
|
||||
# };
|
||||
|
||||
hardware.opengl = {
|
||||
enable = true;
|
||||
driSupport32Bit = true;
|
||||
extraPackages = with pkgs; [
|
||||
intel-media-driver # LIBVA_DRIVER_NAME=iHD
|
||||
vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
|
||||
vaapiIntel # LIBVA_DRIVER_NAME=i965 (older but works better for Firefox/Chromium)
|
||||
vaapiVdpau
|
||||
libvdpau-va-gl
|
||||
];
|
||||
};
|
||||
|
||||
nixpkgs.config.packageOverrides = pkgs: rec {
|
||||
# bumblebee = pkgs.bumblebee.override {
|
||||
# extraNvidiaDeviceOptions = ''
|
||||
# Option "ProbeAllGpus" "false"
|
||||
# Option "AllowEmptyInitialConfiguration"
|
||||
# EndSection#
|
||||
# bumblebee = pkgs.bumblebee.override {
|
||||
# extraNvidiaDeviceOptions = ''
|
||||
# Option "ProbeAllGpus" "false"
|
||||
# Option "AllowEmptyInitialConfiguration"
|
||||
# EndSection#
|
||||
|
||||
# Section "ServerLayout"
|
||||
# Identifier "Layout0"
|
||||
# Option "AutoAddDevices" "true" # Bumblebee defaults to false
|
||||
# Option "AutoAddGPU" "false"
|
||||
# EndSection
|
||||
# Section "ServerLayout"
|
||||
# Identifier "Layout0"
|
||||
# Option "AutoAddDevices" "true" # Bumblebee defaults to false
|
||||
# Option "AutoAddGPU" "false"
|
||||
# EndSection
|
||||
|
||||
# Section "Screen" # Add this section
|
||||
# Identifier "Screen0"
|
||||
# Device "DiscreteNvidia"
|
||||
# '';
|
||||
# };
|
||||
# Section "Screen" # Add this section
|
||||
# Identifier "Screen0"
|
||||
# Device "DiscreteNvidia"
|
||||
# '';
|
||||
# };
|
||||
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
|
||||
};
|
||||
|
||||
@ -120,7 +124,7 @@ in
|
||||
avoid-resampling = "yes";
|
||||
};
|
||||
};
|
||||
configFile = pkgs.runCommand "default.pa" {} ''
|
||||
configFile = pkgs.runCommand "default.pa" { } ''
|
||||
sed 's/module-udev-detect$/module-udev-detect tsched=0/' \
|
||||
${pkgs.pulseaudio}/etc/pulse/default.pa > $out
|
||||
'';
|
||||
@ -131,13 +135,13 @@ in
|
||||
thinkfan = {
|
||||
enable = true;
|
||||
levels = [
|
||||
[0 0 67]
|
||||
[1 65 75]
|
||||
[2 73 80]
|
||||
[3 78 85]
|
||||
[4 83 90]
|
||||
[6 88 95]
|
||||
[7 93 32767]
|
||||
[ 0 0 67 ]
|
||||
[ 1 65 75 ]
|
||||
[ 2 73 80 ]
|
||||
[ 3 78 85 ]
|
||||
[ 4 83 90 ]
|
||||
[ 6 88 95 ]
|
||||
[ 7 93 32767 ]
|
||||
];
|
||||
};
|
||||
xserver = {
|
||||
@ -158,13 +162,13 @@ in
|
||||
borgbackup.jobs.home = rec {
|
||||
compression = "auto,zstd";
|
||||
encryption = {
|
||||
mode = "repokey-blake2" ;
|
||||
mode = "repokey-blake2";
|
||||
passphrase = secrets-thinkpad.borg-key;
|
||||
};
|
||||
extraCreateArgs = "--list --stats --verbose --checkpoint-interval 600 --exclude-caches";
|
||||
environment.BORG_RSH = "ssh -i ~/.ssh/id_borg_rsa";
|
||||
paths = "/home/alex";
|
||||
repo = secrets-thinkpad.borg-thinkpad-key;
|
||||
repo = secrets-thinkpad.borg-repo;
|
||||
startAt = "daily";
|
||||
user = "alex";
|
||||
prune.keep = {
|
||||
|
||||
@ -4,7 +4,7 @@ let
|
||||
in
|
||||
{
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
[
|
||||
/etc/nixos/hardware-configuration.nix
|
||||
../configs/common.nix
|
||||
../configs/docker.nix
|
||||
@ -38,11 +38,12 @@ in
|
||||
publicKey = secrets.wireguard-desktop-public;
|
||||
presharedKey = secrets.wireguard-preshared;
|
||||
allowedIPs = [ "10.100.0.2/32" ];
|
||||
}{
|
||||
publicKey = secrets.wireguard-mini-public;
|
||||
presharedKey = secrets.wireguard-preshared;
|
||||
allowedIPs = [ "10.100.0.3/32" ];
|
||||
}];
|
||||
}
|
||||
{
|
||||
publicKey = secrets.wireguard-mini-public;
|
||||
presharedKey = secrets.wireguard-preshared;
|
||||
allowedIPs = [ "10.100.0.3/32" ];
|
||||
}];
|
||||
};
|
||||
};
|
||||
|
||||
@ -57,10 +58,6 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
# List packages installed in system profile. To search, run:
|
||||
environment.systemPackages = with pkgs; [
|
||||
];
|
||||
|
||||
programs.mtr.enable = true;
|
||||
|
||||
security.acme.email = "webmaster@szczepan.ski";
|
||||
@ -91,10 +88,10 @@ in
|
||||
'';
|
||||
};
|
||||
"/.well-known/carddav" = {
|
||||
return = "301 $scheme://$host/remote.php/dav";
|
||||
return = "301 $scheme://$host/remote.php/dav";
|
||||
};
|
||||
"/.well-known/caldav" = {
|
||||
return = "301 $scheme://$host/remote.php/dav";
|
||||
return = "301 $scheme://$host/remote.php/dav";
|
||||
};
|
||||
};
|
||||
};
|
||||
@ -114,17 +111,17 @@ in
|
||||
enable = true;
|
||||
|
||||
jails.DEFAULT =
|
||||
''
|
||||
bantime = 7d
|
||||
'';
|
||||
''
|
||||
bantime = 7d
|
||||
'';
|
||||
|
||||
jails.sshd =
|
||||
''
|
||||
filter = sshd
|
||||
maxretry = 4
|
||||
action = iptables[name=ssh, port=ssh, protocol=tcp]
|
||||
enabled = true
|
||||
'';
|
||||
''
|
||||
filter = sshd
|
||||
maxretry = 4
|
||||
action = iptables[name=ssh, port=ssh, protocol=tcp]
|
||||
enabled = true
|
||||
'';
|
||||
};
|
||||
|
||||
# Limit stack size to reduce memory usage
|
||||
|
||||
Reference in New Issue
Block a user