({ config, lib, pkgs, modulesPath, ... }: { imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; # needed for stable restarts of pi-hole container #boot.cleanTmpDir = true; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; fileSystems."/" = { device = "/dev/disk/by-uuid/b22f705d-8d3d-4d6c-997d-226399f03e18"; fsType = "ext4"; }; fileSystems."/boot" = { device = "/dev/disk/by-uuid/BE49-6634"; fsType = "vfat"; }; swapDevices = [ { device = "/dev/disk/by-uuid/9b8aa223-f67b-4c1a-9161-a3daec3dfefc"; } ]; # Mounted data drives for use by glusterfs #fileSystems."/data/brick1" = { device = "/dev/disk/by-label/gfs_ssd1"; fsType = "xfs"; }; fileSystems."/data/brick2" = { device = "/dev/disk/by-label/gfs_hdd1"; fsType = "xfs"; }; fileSystems."/data/brick3" = { device = "/dev/disk/by-label/gfs_hdd2"; fsType = "xfs"; }; # Glusterfs shared storage #fileSystems."/ghost_in_the_stream" = { device = "panam:/gv0"; fsType = "glusterfs"; }; networking.useDHCP = lib.mkDefault true; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; powerManagement.cpuFreqGovernor = lib.mkDefault "performance"; hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; # high-resolution display #hardware.video.hidpi.enable = lib.mkDefault true; boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; networking.hostName = "panam"; # Define your hostname. system.stateVersion = "22.11"; # Did you read the comment? nixpkgs.config.allowUnfree = true; nix.settings.experimental-features = [ "nix-command" "flakes" ]; networking.networkmanager.enable = true; # Easiest to use and most distros use this by default. time.timeZone = "America/New_York"; users.extraUsers.marcus = { name = "marcus"; isNormalUser = true; group = "users"; extraGroups = [ "wheel" "disk" "audio" "video" "networkmanager" "systemd-journal" "sway" "plugdev" "adbusers" "docker" ]; createHome = true; home = "/home/marcus"; shell = "/run/current-system/sw/bin/bash"; }; users.extraUsers.nathan = { name = "nathan"; isNormalUser = true; group = "users"; extraGroups = [ "wheel" "disk" "audio" "video" "networkmanager" "systemd-journal" "sway" "plugdev" "adbusers" "docker" ]; createHome = true; home = "/home/nathan"; shell = "/run/current-system/sw/bin/bash"; }; # Pi Hole + docker setup #virtualisation.oci-containers.backend = "docker"; #virtualisation.docker.autoPrune.enable = true; #virtualisation.oci-containers.containers.pihole = { #image = "pihole/pihole:2023.02.2"; # image = "pihole/pihole:latest"; # ports = [ # "5353:53/udp" # "5353:53/tcp" # "9091:80/tcp" # ]; # volumes = [ # "/var/lib/pihole/:/etc/pihole/" # "/var/lib/dnsmasq.d:/etc/dnsmasq.d" # ]; # environment = { # TZ = config.time.timeZone; # WEB_PORT = "80"; # WEBPASSWORD = "critical"; # PIHOLE_DNS_ = "9.9.9.9;2620:fe::fe"; # REV_SERVER = "true"; # REV_SERVER_DOMAIN = "pihole.local"; # REV_SERVER_TARGET = "192.168.4.1"; # REV_SERVER_CIDR = "192.168.4.0/16"; # DNSMASQ_LISTENING = "local"; # VIRTUAL_HOST = "pi.hole"; # }; # extraOptions = [ # "--add-host=host.docker.internal:host-gateway" # ]; #}; #systemd.services."docker-pihole".postStart = '' # while ! docker ps | grep pihole; do # sleep 10s # echo "Waiting on containers" # done # sleep 30s # docker exec pihole pihole -a adlist add "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt" # docker exec pihole pihole -a adlist add "https://v.firebog.net/hosts/AdguardDNS.txt" # docker exec pihole pihole -a adlist add "https://v.firebog.net/hosts/Easylist.txt" # docker exec pihole pihole -a adlist add "https://v.firebog.net/hosts/Easyprivacy.txt" # docker exec pihole pihole -g # ''; # Adguard Home services.adguardhome = { enable = true; mutableSettings = true; openFirewall = true; settings = { http = { address = "127.0.0.1:3000"; }; dns = { upstream_dns = [ "9.9.9.9#dns.quad9.net" "1.1.1.1" ]; }; filtering = { protection_enabled = true; filtering_enabled = true; parental_enabled = false; safe_search = { enabled = false; }; }; }; }; # Enable flatpak for installing/running steam link software services.flatpak.enable = true; # testing services.jellyfin.enable = true; services.tachikoma = { enable = true; user = "nathan"; config = '' id = "panam" database_prefix = "/home/nathan/tachikoma_db" adam_smasher_your_io_bandwidth = false reset_interval = 300 port = 8080 [shares.default] serve = [ "/data/brick1", "/data/brick2", "/data/brick3", "/home/videos" ] avoid = [ "/data/brick2/grey_share", "/data/brick2/staging", "/data/brick2/cache", "data/brick2/Angel Cop - Remastered", "/data/brick2/Gunbuster - The Complete OVA Series", "/data/brick2/Iria - Zeiram the Animation/", "/data/brick2/Record of Lodoss War- Chronicles of the Heroic Knight" ] download_dir = "/data/brick2/cache" mount_point = "/fuse_mount" # this is optional, remove if you don't want to FUSE max_delete = 30 [shares.a_darker_shade_of_grey] serve = [ "/data/brick2/grey_share" ] max_delete = 30 ''; }; programs.fuse.userAllowOther = true; security.rtkit.enable = true; services.pipewire = { enable = true; alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; }; services.dbus.enable = true; xdg.portal = { enable = true; wlr.enable = true; extraPortals = [ pkgs.xdg-desktop-portal-gtk pkgs.xdg-desktop-portal-kde ]; #gtkUsePortal = true; }; nixpkgs.overlays = [ ]; programs.sway = { enable = true; wrapperFeatures.gtk = true; extraPackages = with pkgs; [ swaylock # lockscreen swayidle xwayland # for legacy apps #waybar # status bar mako # notification daemon kanshi # autorandr bemenu # is this right? i3status ffmpeg_7-full ]; }; environment = { etc = { "sway/config".source = ./sway_config; }; }; # For steam, and Vulkan in general nixpkgs.config.packageOverrides = pkgs: { vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; }; hardware.graphics = { enable = true; enable32Bit = true; extraPackages = with pkgs; [ intel-media-driver intel-vaapi-driver # previously vaapiIntel vaapiVdpau libvdpau-va-gl intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in) vpl-gpu-rt # QSV on 11th gen or newer intel-media-sdk # QSV up to 11th gen ]; }; programs.bash.shellAliases = { steamlink = "flatpak run com.valvesoftware.SteamLink"; }; environment.systemPackages = with pkgs; [ tmux vim wget curl git w3m iftop iotop killall file unzip zip ripgrep imv killall htop firefox pkgs.nautilus vlc steam foot pavucontrol pywal sway wayland glib dracula-theme pkgs.adwaita-icon-theme wl-clipboard pkgs.jellyfin pkgs.jellyfin-web pkgs.jellyfin-ffmpeg (pkgs.writeTextFile { name = "dbus-sway-environment"; destination = "/bin/dbus-sway-environment"; executable = true; text = '' dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway systemctl --user stop pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr systemctl --user start pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr ''; }) # currently, there is some friction between sway and gtk: # https://github.com/swaywm/sway/wiki/GTK-3-settings-on-Wayland # the suggested way to set gtk settings is with gsettings # for gsettings to work, we need to tell it where the schemas are # using the XDG_DATA_DIR environment variable # run at the end of sway config (pkgs.writeTextFile { name = "configure-gtk"; destination = "/bin/configure-gtk"; executable = true; text = let schema = pkgs.gsettings-desktop-schemas; datadir = "${schema}/share/gsettings-schemas/${schema.name}"; in '' export XDG_DATA_DIRS=${datadir}:$XDG_DATA_DIRS gnome_schema=org.gnome.desktop.interface gsettings set $gnome_schema gtk-theme 'Dracula' ''; }) ]; programs.waybar.enable = true; # kanshi systemd service systemd.user.services.kanshi = { description = "kanshi daemon"; serviceConfig = { Type = "simple"; ExecStart = "${pkgs.kanshi}/bin/kanshi -c kanshi_config_file"; }; }; services.openssh.enable = true; services.tailscale.enable = true; networking.firewall.enable = false; })