({ config, lib, pkgs, modulesPath, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; # needed for stable restarts of pi-hole container #boot.cleanTmpDir = true; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; fileSystems."/" = { device = "/dev/disk/by-uuid/b22f705d-8d3d-4d6c-997d-226399f03e18"; fsType = "ext4"; }; fileSystems."/boot" = { device = "/dev/disk/by-uuid/BE49-6634"; fsType = "vfat"; }; swapDevices = [ { device = "/dev/disk/by-uuid/9b8aa223-f67b-4c1a-9161-a3daec3dfefc"; } ]; # Mounted data drives for use by glusterfs fileSystems."/data/brick1" = { device = "/dev/disk/by-label/gfs_ssd1"; fsType = "xfs"; }; fileSystems."/data/brick2" = { device = "/dev/disk/by-label/gfs_hdd1"; fsType = "xfs"; }; fileSystems."/data/brick3" = { device = "/dev/disk/by-label/gfs_hdd2"; fsType = "xfs"; }; # Glusterfs shared storage #fileSystems."/ghost_in_the_stream" = { device = "panam:/gv0"; fsType = "glusterfs"; }; networking.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; # high-resolution display hardware.video.hidpi.enable = lib.mkDefault true; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "panam"; # Define your hostname. system.stateVersion = "22.11"; # Did you read the comment? nixpkgs.config.allowUnfree = true; nix.settings.experimental-features = [ "nix-command" "flakes" ]; networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. time.timeZone = "America/New_York"; users.extraUsers.marcus = { name = "marcus"; isNormalUser = true; group = "users"; extraGroups = [ "wheel" "disk" "audio" "video" "networkmanager" "systemd-journal" "sway" "plugdev" "adbusers" "docker" ]; createHome = true; home = "/home/marcus"; shell = "/run/current-system/sw/bin/bash"; }; users.extraUsers.nathan = { name = "nathan"; isNormalUser = true; group = "users"; extraGroups = [ "wheel" "disk" "audio" "video" "networkmanager" "systemd-journal" "sway" "plugdev" "adbusers" "docker" ]; createHome = true; home = "/home/nathan"; shell = "/run/current-system/sw/bin/bash"; }; # Pi Hole + docker setup virtualisation.oci-containers.backend = "docker"; virtualisation.docker.autoPrune.enable = true; virtualisation.oci-containers.containers.pihole = { #image = "pihole/pihole:2023.02.2"; image = "pihole/pihole:latest"; ports = [ "5353:53/upd" "5353:53/tcp" "9091:80/tcp" ]; volumes = [ "/var/lib/pihole/:/etc/pihole/" "/var/lib/dnsmasq.d:/etc/dnsmasq.d" ]; environment = { TZ = config.time.timeZone; WEB_PORT = "80"; WEBPASSWORD = "critical"; PIHOLE_DNS_ = "172.17.0.1"; REV_SERVER = "true"; REV_SERVER_DOMAIN = "pihole.local"; REV_SERVER_TARGET = "192.168.1.1"; REV_SERVER_CIDR = "192.168.1.0/16"; DNSMASQ_LISTENING = "all"; }; extraOptions = [ "--add-host=host.docker.internal:host-gateway" ]; }; #systemd.services."docker-pihole".postStart = '' #while ! docker ps | grep pihole; do #sleep 10s #echo "Waiting on containers" #done #sleep 30s #docker exec pihole pihole -a adlist add "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt" #docker exec pihole pihole -a adlist add "https://v.firebog.net/hosts/AdguardDNS.txt" #docker exec pihole pihole -a adlist add "https://v.firebog.net/hosts/Easylist.txt" #docker exec pihole pihole -a adlist add "https://v.firebog.net/hosts/Easyprivacy.txt" #docker exec pihole pihole -g #''; # Enable flatpak for installing/running steam link software services.flatpak.enable = true; # testing services.jellyfin.enable = true; services.pipewire = { enable = true; alsa.enable = true; pulse.enable = true; }; services.dbus.enable = true; xdg.portal = { enable = true; wlr.enable = true; extraPortals = [pkgs.xdg-desktop-portal-gtk ]; gtkUsePortal = true; }; nixpkgs.overlays = [ ]; programs.sway = { enable = true; wrapperFeatures.gtk = true; extraPackages = with pkgs; [ swaylock # lockscreen swayidle xwayland # for legacy apps #waybar # status bar mako # notification daemon kanshi # autorandr bemenu # is this right? i3status ffmpeg_5-full ]; }; environment = { etc = { "sway/config".source = ./sway_config; }; }; # For steam, and Vulkan in general hardware.opengl.driSupport = true; hardware.opengl.driSupport32Bit = true; nixpkgs.config.packageOverrides = pkgs: { vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; }; hardware.opengl = { enable = true; extraPackages = with pkgs; [ intel-media-driver vaapiIntel vaapiVdpau libvdpau-va-gl intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in) ]; }; environment.systemPackages = with pkgs; [ tmux vim wget curl git w3m iftop iotop killall file unzip zip ripgrep imv killall gomuks htop firefox-wayland chromium gnome.nautilus vlc steam transmission-gtk mupdf foot pavucontrol pywal sway wayland glib dracula-theme gnome.adwaita-icon-theme wl-clipboard (pkgs.writeTextFile { name = "dbus-sway-environment"; destination = "/bin/dbus-sway-environment"; executable = true; text = '' dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway systemctl --user stop pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr systemctl --user start pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr ''; }) # currently, there is some friction between sway and gtk: # https://github.com/swaywm/sway/wiki/GTK-3-settings-on-Wayland # the suggested way to set gtk settings is with gsettings # for gsettings to work, we need to tell it where the schemas are # using the XDG_DATA_DIR environment variable # run at the end of sway config (pkgs.writeTextFile { name = "configure-gtk"; destination = "/bin/configure-gtk"; executable = true; text = let schema = pkgs.gsettings-desktop-schemas; datadir = "${schema}/share/gsettings-schemas/${schema.name}"; in '' export XDG_DATA_DIRS=${datadir}:$XDG_DATA_DIRS gnome_schema=org.gnome.desktop.interface gsettings set $gnome_schema gtk-theme 'Dracula' ''; }) ]; programs.waybar.enable = true; # kanshi systemd service systemd.user.services.kanshi = { description = "kanshi daemon"; serviceConfig = { Type = "simple"; ExecStart = "${pkgs.kanshi}/bin/kanshi -c kanshi_config_file"; }; }; services.openssh.enable = true; services.tailscale.enable = true; networking.firewall.enable = false; #services.pihole = { #enable = true; #hostConfig = { #user = "pihole"; #enableLingeringForUser = true; #persistVolumes = true; #dnsPort = 5335; #webPort = 8080; #}; #piholeConfig.ftl = { #LOCAL_IPV4 = "192.168.4.200"; #}; #piholeConfig.web = { #virtualHost = "pi.hole"; #password = "password"; #}; #}; #networking.firewall.interfaces.eth0 = { #allowedTCPPorts = [ 5335 8080 ]; #allowedUDPPorts = [ 5335 ]; #}; })