Marcus Godwin
240 lines
8.2 KiB
Nix
240 lines
8.2 KiB
Nix
({ config, lib, pkgs, modulesPath, ... }: {
|
|
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
|
|
|
|
# needed for stable restarts of pi-hole container
|
|
#boot.cleanTmpDir = true;
|
|
|
|
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
|
|
boot.initrd.kernelModules = [ ];
|
|
boot.kernelModules = [ ];
|
|
boot.extraModulePackages = [ ];
|
|
|
|
fileSystems."/" = { device = "/dev/disk/by-uuid/b22f705d-8d3d-4d6c-997d-226399f03e18"; fsType = "ext4"; };
|
|
fileSystems."/boot" = { device = "/dev/disk/by-uuid/BE49-6634"; fsType = "vfat"; };
|
|
swapDevices = [ { device = "/dev/disk/by-uuid/9b8aa223-f67b-4c1a-9161-a3daec3dfefc"; } ];
|
|
# Mounted data drives for use by glusterfs
|
|
fileSystems."/data/brick1" = { device = "/dev/disk/by-label/gfs_ssd1"; fsType = "xfs"; };
|
|
fileSystems."/data/brick2" = { device = "/dev/disk/by-label/gfs_hdd1"; fsType = "xfs"; };
|
|
fileSystems."/data/brick3" = { device = "/dev/disk/by-label/gfs_hdd2"; fsType = "xfs"; };
|
|
# Glusterfs shared storage
|
|
#fileSystems."/ghost_in_the_stream" = { device = "panam:/gv0"; fsType = "glusterfs"; };
|
|
networking.useDHCP = lib.mkDefault true;
|
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
|
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
|
# high-resolution display
|
|
hardware.video.hidpi.enable = lib.mkDefault true;
|
|
|
|
|
|
boot.loader.systemd-boot.enable = true;
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
|
|
|
networking.hostName = "panam"; # Define your hostname.
|
|
|
|
system.stateVersion = "22.11"; # Did you read the comment?
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
|
networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
|
|
time.timeZone = "America/New_York";
|
|
users.extraUsers.marcus = {
|
|
name = "marcus";
|
|
isNormalUser = true;
|
|
group = "users";
|
|
extraGroups = [ "wheel" "disk" "audio" "video" "networkmanager" "systemd-journal" "sway" "plugdev" "adbusers" "docker" ];
|
|
createHome = true;
|
|
home = "/home/marcus";
|
|
shell = "/run/current-system/sw/bin/bash";
|
|
};
|
|
users.extraUsers.nathan = {
|
|
name = "nathan";
|
|
isNormalUser = true;
|
|
group = "users";
|
|
extraGroups = [ "wheel" "disk" "audio" "video" "networkmanager" "systemd-journal" "sway" "plugdev" "adbusers" "docker" ];
|
|
createHome = true;
|
|
home = "/home/nathan";
|
|
shell = "/run/current-system/sw/bin/bash";
|
|
};
|
|
|
|
# Pi Hole + docker setup
|
|
virtualisation.oci-containers.backend = "docker";
|
|
virtualisation.docker.autoPrune.enable = true;
|
|
|
|
virtualisation.oci-containers.containers.pihole = {
|
|
#image = "pihole/pihole:2023.02.2";
|
|
image = "pihole/pihole:latest";
|
|
ports = [
|
|
"5353:53/upd"
|
|
"5353:53/tcp"
|
|
"9091:80/tcp"
|
|
];
|
|
volumes = [
|
|
"/var/lib/pihole/:/etc/pihole/"
|
|
"/var/lib/dnsmasq.d:/etc/dnsmasq.d"
|
|
];
|
|
environment = {
|
|
TZ = config.time.timeZone;
|
|
WEB_PORT = "80";
|
|
WEBPASSWORD = "critical";
|
|
PIHOLE_DNS_ = "172.17.0.1";
|
|
REV_SERVER = "true";
|
|
REV_SERVER_DOMAIN = "pihole.local";
|
|
REV_SERVER_TARGET = "192.168.1.1";
|
|
REV_SERVER_CIDR = "192.168.1.0/16";
|
|
DNSMASQ_LISTENING = "all";
|
|
};
|
|
extraOptions = [
|
|
"--add-host=host.docker.internal:host-gateway"
|
|
];
|
|
};
|
|
#systemd.services."docker-pihole".postStart = ''
|
|
#while ! docker ps | grep pihole; do
|
|
#sleep 10s
|
|
#echo "Waiting on containers"
|
|
#done
|
|
#sleep 30s
|
|
|
|
#docker exec pihole pihole -a adlist add "https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt"
|
|
#docker exec pihole pihole -a adlist add "https://v.firebog.net/hosts/AdguardDNS.txt"
|
|
#docker exec pihole pihole -a adlist add "https://v.firebog.net/hosts/Easylist.txt"
|
|
#docker exec pihole pihole -a adlist add "https://v.firebog.net/hosts/Easyprivacy.txt"
|
|
|
|
#docker exec pihole pihole -g
|
|
#'';
|
|
|
|
# Enable flatpak for installing/running steam link software
|
|
services.flatpak.enable = true;
|
|
|
|
# testing
|
|
services.jellyfin.enable = true;
|
|
services.pipewire = {
|
|
enable = true;
|
|
alsa.enable = true;
|
|
pulse.enable = true;
|
|
};
|
|
services.dbus.enable = true;
|
|
xdg.portal = {
|
|
enable = true;
|
|
wlr.enable = true;
|
|
extraPortals = [pkgs.xdg-desktop-portal-gtk ];
|
|
gtkUsePortal = true;
|
|
};
|
|
nixpkgs.overlays = [
|
|
];
|
|
|
|
programs.sway = {
|
|
enable = true;
|
|
wrapperFeatures.gtk = true;
|
|
extraPackages = with pkgs; [
|
|
swaylock # lockscreen
|
|
swayidle
|
|
xwayland # for legacy apps
|
|
#waybar # status bar
|
|
mako # notification daemon
|
|
kanshi # autorandr
|
|
bemenu # is this right?
|
|
i3status
|
|
ffmpeg_5-full
|
|
];
|
|
};
|
|
|
|
environment = {
|
|
etc = {
|
|
"sway/config".source = ./sway_config;
|
|
};
|
|
};
|
|
# For steam, and Vulkan in general
|
|
hardware.opengl.driSupport = true;
|
|
hardware.opengl.driSupport32Bit = true;
|
|
|
|
nixpkgs.config.packageOverrides = pkgs: {
|
|
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
|
|
};
|
|
hardware.opengl = {
|
|
enable = true;
|
|
extraPackages = with pkgs; [
|
|
intel-media-driver
|
|
vaapiIntel
|
|
vaapiVdpau
|
|
libvdpau-va-gl
|
|
intel-compute-runtime # OpenCL filter support (hardware tonemapping and subtitle burn-in)
|
|
];
|
|
};
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
tmux vim wget curl git w3m iftop iotop killall file unzip zip ripgrep imv killall gomuks htop
|
|
firefox-wayland chromium gnome.nautilus
|
|
vlc steam transmission-gtk mupdf
|
|
foot pavucontrol pywal
|
|
sway wayland glib dracula-theme gnome.adwaita-icon-theme wl-clipboard
|
|
(pkgs.writeTextFile {
|
|
name = "dbus-sway-environment";
|
|
destination = "/bin/dbus-sway-environment";
|
|
executable = true;
|
|
|
|
text = ''
|
|
dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway
|
|
systemctl --user stop pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr
|
|
systemctl --user start pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr
|
|
'';
|
|
})
|
|
# currently, there is some friction between sway and gtk:
|
|
# https://github.com/swaywm/sway/wiki/GTK-3-settings-on-Wayland
|
|
# the suggested way to set gtk settings is with gsettings
|
|
# for gsettings to work, we need to tell it where the schemas are
|
|
# using the XDG_DATA_DIR environment variable
|
|
# run at the end of sway config
|
|
(pkgs.writeTextFile {
|
|
name = "configure-gtk";
|
|
destination = "/bin/configure-gtk";
|
|
executable = true;
|
|
text = let
|
|
schema = pkgs.gsettings-desktop-schemas;
|
|
datadir = "${schema}/share/gsettings-schemas/${schema.name}";
|
|
in ''
|
|
export XDG_DATA_DIRS=${datadir}:$XDG_DATA_DIRS
|
|
gnome_schema=org.gnome.desktop.interface
|
|
gsettings set $gnome_schema gtk-theme 'Dracula'
|
|
'';
|
|
})
|
|
];
|
|
programs.waybar.enable = true;
|
|
|
|
# kanshi systemd service
|
|
systemd.user.services.kanshi = {
|
|
description = "kanshi daemon";
|
|
serviceConfig = {
|
|
Type = "simple";
|
|
ExecStart = "${pkgs.kanshi}/bin/kanshi -c kanshi_config_file";
|
|
};
|
|
};
|
|
|
|
services.openssh.enable = true;
|
|
services.tailscale.enable = true;
|
|
networking.firewall.enable = false;
|
|
|
|
#services.pihole = {
|
|
#enable = true;
|
|
#hostConfig = {
|
|
#user = "pihole";
|
|
#enableLingeringForUser = true;
|
|
#persistVolumes = true;
|
|
#dnsPort = 5335;
|
|
#webPort = 8080;
|
|
#};
|
|
#piholeConfig.ftl = {
|
|
#LOCAL_IPV4 = "192.168.4.200";
|
|
#};
|
|
#piholeConfig.web = {
|
|
#virtualHost = "pi.hole";
|
|
#password = "password";
|
|
#};
|
|
#};
|
|
|
|
#networking.firewall.interfaces.eth0 = {
|
|
#allowedTCPPorts = [ 5335 8080 ];
|
|
#allowedUDPPorts = [ 5335 ];
|
|
#};
|
|
})
|
|
|